netsniff-ng: Rotate pcap files prematurely on SIGHUP

Allow to send SIGHUP to a running netsniff-ng process, causing it to
prematurely rotate the output PCAP when the output device (-o/--out) is
a directory. The rotating interval (time/file size) will be reset.

Suggested by dcode in #140

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

2 files changed, 33 insertions, 15 deletions

diff --git a/netsniff-ng.8 b/netsniff-ng.8
index 82c0f78..31c4907 100644
--- a/netsniff-ng.8
+++ b/netsniff-ng.8
@@ -77,12 +77,14 @@ a folder, a trafgen(8) configuration file or stdout (\[lq]-\[rq]). In the case o
 file that should not have the default pcap type (0xa1b2c3d4), the additional
 option \[lq]\-T\[rq] must be provided. If a directory is given, then, instead of a
 single pcap file, multiple pcap files are generated with rotation based on
-maximum file size or a given interval (\[lq]\-F\[rq] option). A trafgen configuration
-file can currently only be specified if the input device is a pcap file. To
-specify a  pcap file as the output device, the file name must have
-\[lq].pcap\[rq] as its extension. If stdout is given as a device, then a trafgen
-configuration will be written to stdout if the input device is a pcap file, or a
-pcap file if the input device is a networking device.
+maximum file size or a given interval (\[lq]\-F\[rq] option). Optionally,
+sending the SIGHUP signal to the netsniff-ng process causes a premature rotation
+of the file. A trafgen configuration file can currently only be specified if the
+input device is a pcap file. To specify a  pcap file as the output device, the
+file name must have \[lq].pcap\[rq] as its extension. If stdout is given as a
+device, then a trafgen configuration will be written to stdout if the input
+device is a pcap file, or a pcap file if the input device is a networking
+device.
 .PP
 .SS -C <id>, --fanout-group <id>
 If multiple netsniff-ng instances are being started that all have the same packet
diff --git a/netsniff-ng.c b/netsniff-ng.c
index ee9dc38..2b9732e 100644
--- a/netsniff-ng.c
+++ b/netsniff-ng.c
@@ -66,7 +66,7 @@ struct ctx {
 	uint32_t fanout_group, fanout_type;
 };
 
-static volatile sig_atomic_t sigint = 0;
+static volatile sig_atomic_t sigint = 0, sighup = 0;
 static volatile bool next_dump = false;
 
 static const char *short_options = "d:i:o:rf:MNJt:S:k:n:b:HQmcsqXlvhF:RGAP:Vu:g:T:DBUC:K:L:";
@@ -134,7 +134,10 @@ static void signal_handler(int number)
 	case SIGQUIT:
 	case SIGTERM:
 		sigint = 1;
+		break;
 	case SIGHUP:
+		sighup = 1;
+		break;
 	default:
 		break;
 	}
@@ -739,6 +742,18 @@ static int next_multi_pcap_file(struct ctx *ctx, int fd)
 	return fd;
 }
 
+static void reset_interval(struct ctx *ctx)
+{
+	if (ctx->dump_mode == DUMP_INTERVAL_TIME) {
+		interval = ctx->dump_interval;
+
+		set_itimer_interval_value(&itimer, interval, 0);
+		setitimer(ITIMER_REAL, &itimer, NULL);
+	} else {
+		interval = 0;
+	}
+}
+
 static int begin_multi_pcap_file(struct ctx *ctx)
 {
 	int fd, ret;
@@ -765,14 +780,7 @@ static int begin_multi_pcap_file(struct ctx *ctx)
 			panic("Error prepare writing pcap!\n");
 	}
 
-	if (ctx->dump_mode == DUMP_INTERVAL_TIME) {
-		interval = ctx->dump_interval;
-
-		set_itimer_interval_value(&itimer, interval, 0);
-		setitimer(ITIMER_REAL, &itimer, NULL);
-	} else {
-		interval = 0;
-	}
+	reset_interval(ctx);
 
 	return fd;
 }
@@ -852,6 +860,14 @@ static void update_pcap_next_dump(struct ctx *ctx, unsigned long snaplen, int *f
 		}
 	}
 
+	if (sighup) {
+		if (ctx->verbose)
+			printf("SIGHUP received, prematurely rotating pcap\n");
+		sighup = 0;
+		next_dump = true;
+		reset_interval(ctx);
+	}
+
 	if (next_dump) {
 		*fd = next_multi_pcap_file(ctx, *fd);
 		next_dump = false;