Actions
Bug #3990
opensuricata -r not working for symbolic link linking to pcap in different folder but working for symbolic link linking to pcap within same folder
Affected Versions:
Effort:
Difficulty:
Label:
Description
OS: CentOS Linux 8 (Core)
Suricata version: 5.0.3 RELEASE
To replicate the bug:
Create symbolic links linking pcap in different folder and within same folder
$ sudo su
# mkdir links
# ln -s pcaps/test.pcap links/test.pcap
# ln -s pcaps/test.pcap pcaps/link.pcap
suricata -r not working for symbolic link linking to pcap in different folder
# ls -l links/test.pcap
lrwxrwxrwx. 1 root root 15 Oct 1 10:18 links/test.pcap -> pcaps/test.pcap
# suricata -v -c /etc/suricata/suricata.yaml -l /var/log/suricata/ -r links/test.pcap
1/10/2020 -- 10:34:17 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - ERROR: Pcap file does not exist
suricata -r working for symbolic link linking to pcap within same folder
# ls -l pcaps/link.pcap
lrwxrwxrwx. 1 root root 9 Oct 1 10:37 pcaps/link.pcap -> test.pcap
# suricata -v -c /etc/suricata/suricata.yaml -l /var/log/suricata/ -r pcaps/link.pcap
...
1/10/2020 -- 10:57:51 - <Notice> - all 5 packet processing threads, 4 management threads initialized, engine started.
1/10/2020 -- 10:57:51 - <Info> - Starting file run for pcaps/link.pcap
1/10/2020 -- 10:57:51 - <Info> - pcap file pcaps/link.pcap end of file reached (pcap err code 0)
1/10/2020 -- 10:57:51 - <Notice> - Signal Received. Stopping engine.
1/10/2020 -- 10:57:51 - <Info> - time elapsed 0.384s
1/10/2020 -- 10:57:51 - <Notice> - Pcap-file module read 1 files, 10464 packets, 8406529 bytes
...
Updated by Philippe Antoine 5 months ago
- Assignee set to Community Ticket
- Target version set to TBD
Actions