Actions
Bug #3986
opensuricata -r not working for sshfs-mounted folder but working for sshfs-mounted file
Affected Versions:
Effort:
Difficulty:
Label:
Description
OS: CentOS Linux 8 (Core)
Suricata version: 5.0.3 RELEASE
To replicate the bug:
Mount sshfs folder
$ sudo su
# cat /etc/fuse.conf
user_allow_other
# sshfs -o allow_other p@192.168.1.10:/ /mnt/test/
p@192.168.1.10's password: password
# ls -l /mnt/test/home/p/pcaps
total 8376
-rw-r--r--. 1 snuser snuser 8573977 Sep 25 16:27 test.pcap
suricata -r sshfs_mounted_folder not working
# suricata -v -c /etc/suricata/suricata.yaml -l /var/log/suricata/ -r /mnt/test/home/p/pcaps/
...
25/9/2020 -- 17:46:57 - <Notice> - all 5 packet processing threads, 4 management threads initialized, engine started.
25/9/2020 -- 17:46:57 - <Info> - Starting directory run for /mnt/test/home/p/pcaps/
25/9/2020 -- 17:46:57 - <Info> - Processing pcaps directory /mnt/test/home/p/pcaps/, files must be newer than 0 and older than 18446744073709550616
25/9/2020 -- 17:46:57 - <Info> - Directory run mode complete
25/9/2020 -- 17:46:57 - <Notice> - Signal Received. Stopping engine.
25/9/2020 -- 17:46:57 - <Info> - time elapsed 0.040s
25/9/2020 -- 17:46:57 - <Notice> - Pcap-file module read 0 files, 0 packets, 0 bytes
...
suricata -r sshfs_mounted_file working
# suricata -v -c /etc/suricata/suricata.yaml -l /var/log/suricata/ -r /mnt/test/home/p/pcaps/test.pcap
...
25/9/2020 -- 17:47:43 - <Notice> - all 5 packet processing threads, 4 management threads initialized, engine started.
25/9/2020 -- 17:47:43 - <Info> - Starting file run for /mnt/test/home/p/pcaps/test.pcap
25/9/2020 -- 17:47:43 - <Info> - pcap file /mnt/test/home/p/pcaps/test.pcap end of file reached (pcap err code 0)
25/9/2020 -- 17:47:43 - <Notice> - Signal Received. Stopping engine.
25/9/2020 -- 17:47:43 - <Info> - time elapsed 0.408s
25/9/2020 -- 17:47:43 - <Notice> - Pcap-file module read 1 files, 10464 packets, 8406529 bytes
...
Actions