diff options
| author | Tobias Klauser <tklauser@distanz.ch> | 2015-04-27 10:50:14 +0200 | 
|---|---|---|
| committer | Tobias Klauser <tklauser@distanz.ch> | 2015-04-27 10:50:14 +0200 | 
| commit | 46289df6bc8f573bc01be4fb4aa93343ecc6d50a (patch) | |
| tree | b355d320240b020b76392bc3d029c3f5be5a66fc | |
| parent | f67e23ce04eeb7d6fc8aae9542879cfe0d6aedf9 (diff) | |
netsniff-ng: Rotate pcap files prematurely on SIGHUP
Allow to send SIGHUP to a running netsniff-ng process, causing it to
prematurely rotate the output PCAP when the output device (-o/--out) is
a directory. The rotating interval (time/file size) will be reset.
Suggested by dcode in #140
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
| -rw-r--r-- | netsniff-ng.8 | 14 | ||||
| -rw-r--r-- | netsniff-ng.c | 34 | 
2 files changed, 33 insertions, 15 deletions
| diff --git a/netsniff-ng.8 b/netsniff-ng.8 index 82c0f78..31c4907 100644 --- a/netsniff-ng.8 +++ b/netsniff-ng.8 @@ -77,12 +77,14 @@ a folder, a trafgen(8) configuration file or stdout (\[lq]-\[rq]). In the case o  file that should not have the default pcap type (0xa1b2c3d4), the additional  option \[lq]\-T\[rq] must be provided. If a directory is given, then, instead of a  single pcap file, multiple pcap files are generated with rotation based on -maximum file size or a given interval (\[lq]\-F\[rq] option). A trafgen configuration -file can currently only be specified if the input device is a pcap file. To -specify a  pcap file as the output device, the file name must have -\[lq].pcap\[rq] as its extension. If stdout is given as a device, then a trafgen -configuration will be written to stdout if the input device is a pcap file, or a -pcap file if the input device is a networking device. +maximum file size or a given interval (\[lq]\-F\[rq] option). Optionally, +sending the SIGHUP signal to the netsniff-ng process causes a premature rotation +of the file. A trafgen configuration file can currently only be specified if the +input device is a pcap file. To specify a  pcap file as the output device, the +file name must have \[lq].pcap\[rq] as its extension. If stdout is given as a +device, then a trafgen configuration will be written to stdout if the input +device is a pcap file, or a pcap file if the input device is a networking +device.  .PP  .SS -C <id>, --fanout-group <id>  If multiple netsniff-ng instances are being started that all have the same packet diff --git a/netsniff-ng.c b/netsniff-ng.c index ee9dc38..2b9732e 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -66,7 +66,7 @@ struct ctx {  	uint32_t fanout_group, fanout_type;  }; -static volatile sig_atomic_t sigint = 0; +static volatile sig_atomic_t sigint = 0, sighup = 0;  static volatile bool next_dump = false;  static const char *short_options = "d:i:o:rf:MNJt:S:k:n:b:HQmcsqXlvhF:RGAP:Vu:g:T:DBUC:K:L:"; @@ -134,7 +134,10 @@ static void signal_handler(int number)  	case SIGQUIT:  	case SIGTERM:  		sigint = 1; +		break;  	case SIGHUP: +		sighup = 1; +		break;  	default:  		break;  	} @@ -739,6 +742,18 @@ static int next_multi_pcap_file(struct ctx *ctx, int fd)  	return fd;  } +static void reset_interval(struct ctx *ctx) +{ +	if (ctx->dump_mode == DUMP_INTERVAL_TIME) { +		interval = ctx->dump_interval; + +		set_itimer_interval_value(&itimer, interval, 0); +		setitimer(ITIMER_REAL, &itimer, NULL); +	} else { +		interval = 0; +	} +} +  static int begin_multi_pcap_file(struct ctx *ctx)  {  	int fd, ret; @@ -765,14 +780,7 @@ static int begin_multi_pcap_file(struct ctx *ctx)  			panic("Error prepare writing pcap!\n");  	} -	if (ctx->dump_mode == DUMP_INTERVAL_TIME) { -		interval = ctx->dump_interval; - -		set_itimer_interval_value(&itimer, interval, 0); -		setitimer(ITIMER_REAL, &itimer, NULL); -	} else { -		interval = 0; -	} +	reset_interval(ctx);  	return fd;  } @@ -852,6 +860,14 @@ static void update_pcap_next_dump(struct ctx *ctx, unsigned long snaplen, int *f  		}  	} +	if (sighup) { +		if (ctx->verbose) +			printf("SIGHUP received, prematurely rotating pcap\n"); +		sighup = 0; +		next_dump = true; +		reset_interval(ctx); +	} +  	if (next_dump) {  		*fd = next_multi_pcap_file(ctx, *fd);  		next_dump = false; | 
