netsniff-ng may be HUP'ed incorrectly if pre-existing PCAP files exist #34
Comments
mmguero
added
bug
|
Fixed with commit e9ccbfc |
mmguero
added a commit
that referenced
this issue
Jul 11, 2019
* Build DEB package for python3.7 rather than just make altinstall * Updated build ISO process to create a package for python3.7 rather than just make altinstall * working on making malcolm iso buster-based * bump version to 1.3.1 * genericize gitignore * enable net.ipv4.ip_forward for docker * issue #34: don't HUP netsniff-ng based on PCAP files that predate the netsniff-ng process being examined * remove development package required for pip before finishing docker build
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
pcap-capture/scripts/netsniff-roll.shscript which is executed in the context of thepcap-capturecontainer is responsible for making sure that netsniff-ng is HUP'ed if the PCAP file it is writing to exceeds the value for thePCAP_ROTATE_MINUTESenvironment variable (thePCAP_ROTATE_MEGABYTESvalue is actually handled by netsniff-ng itself with the-Fargument).However, there is a bug in
netsniff-roll.sh: if previous pcap files matching the file naming schema exist in the pcap upload directory, they will be detected and cause netsniff-ng to continuously roll.I need to fix
netsniff-roll.shto only HUP netsniff-ng based on pcap files that have were created after the netsniff-ng process we are examining.The text was updated successfully, but these errors were encountered: