From f35eae2e7e4bb60b6c83b1786256f55e5a149ac6 Mon Sep 17 00:00:00 2001 From: Assaf Morami Date: Tue, 8 May 2018 15:46:18 +0300 Subject: [PATCH] Fix dump_packet & dump_current_packet ignores file_name This fixes an issue where `dump_packet` and `dump_current_packet` ignores the `file_name` parameter if `addl_pkt_dumper` is already pointing to some file (doesn't matter which file...) http://mailman.icsi.berkeley.edu/pipermail/bro/2018-May/013184.html --- src/bro.bif | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/bro.bif b/src/bro.bif index fdcad0735d..31b74cf8d1 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -29,6 +29,7 @@ using namespace std; TableType* var_sizes; static iosource::PktDumper* addl_pkt_dumper = 0; +static StringVal* open_file_dumper; bro_int_t parse_int(const char*& fmt) { @@ -3288,10 +3289,19 @@ function dump_current_packet%(file_name: string%) : bool return new Val(0, TYPE_BOOL); if ( ! addl_pkt_dumper ) + { addl_pkt_dumper = iosource_mgr->OpenPktDumper(file_name->CheckString(), true); + { + else if ( addl_pkt_dumper && open_file_dumper != file_name) + { + addl_pkt_dumper->Close(); + addl_pkt_dumper = iosource_mgr->OpenPktDumper(file_name->CheckString(), true); + } + // else if (addl_pkt_dumper && open_file_dumper == file_name) do nothing if ( addl_pkt_dumper ) { + open_file_dumper = file_name; addl_pkt_dumper->Dump(pkt); } @@ -3363,10 +3373,20 @@ function get_current_packet_header%(%) : raw_pkt_hdr function dump_packet%(pkt: pcap_packet, file_name: string%) : bool %{ if ( ! addl_pkt_dumper ) + { addl_pkt_dumper = iosource_mgr->OpenPktDumper(file_name->CheckString(), true); + { + else if ( addl_pkt_dumper && open_file_dumper != file_name) + { + addl_pkt_dumper->Close(); + addl_pkt_dumper = iosource_mgr->OpenPktDumper(file_name->CheckString(), true); + } + // else if (addl_pkt_dumper && open_file_dumper == file_name) do nothing if ( addl_pkt_dumper ) { + open_file_dumper = file_name; + pkt_timeval ts; uint32 caplen, len, link_type; u_char *data;