Skip to content

Commit

Permalink
When scanpcapdir is being used, voipmonitor will by default read any …
Browse files Browse the repository at this point in the history
…new file that is created in that directory as soon as the file is closed. This is the normal setting if your packet capture software is tcpdump. If you are using a different packet capture software, you may need to change this setting to "rename" if that software writes to a temporary file, closes it, and then renames it to something else after the file is closed. Default setting is "newfile" (Rob Gagnon)
  • Loading branch information
Martin Vit committed Dec 4, 2013
1 parent 2a1233b commit 41ec650
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 2 deletions.
9 changes: 9 additions & 0 deletions config/voipmonitor.conf
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,15 @@ interface = eth0
# nice -n -20 tcpdump -B500000 -i eth2 udp -G 5 -w /dev/shm/voipmonitor 2>/dev/null 1>/dev/null &
#scanpcapdir = /dev/shm/voipmonitor

# When scanpcapdir is being used, voipmonitor will by default read any new file
# that is created in that directory as soon as the file is closed. This is
# the normal setting if your packet capture software is tcpdump. If you are
# using a different packet capture software, you may need to change this
# setting to "rename" if that software writes to a temporary file, closes it,
# and then renames it to something else after the file is closed.
#
# Default setting is "newfile"
#scanpcapmethod = newfile

# in case the SIP(media) server is behind public IP (1.1.1.1) NATed to private IP (10.0.0.3) to sniff all traffic correctly you can
# specify alias for this case. You can specify more netaliases duplicating rows.
Expand Down
12 changes: 10 additions & 2 deletions voipmonitor.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -356,6 +356,7 @@ char user_filter[2048] = "";
char ifname[1024]; // Specifies the name of the network device to use for
// the network lookup, for example, eth0
char opt_scanpcapdir[2048] = ""; // Specifies the name of the network device to use for
uint32_t opt_scanpcapmethod = IN_CLOSE_WRITE; // Specifies how to watch for new files in opt_scanpcapdir
int opt_promisc = 1; // put interface to promisc mode?
char pcapcommand[4092] = "";
char filtercommand[4092] = "";
Expand Down Expand Up @@ -1328,6 +1329,9 @@ int load_config(char *fname) {
if((value = ini.GetValue("general", "scanpcapdir", NULL))) {
strncpy(opt_scanpcapdir, value, sizeof(opt_scanpcapdir));
}
if((value = ini.GetValue("general", "scanpcapmethod", NULL))) {
opt_scanpcapmethod = (value[0] == 'r') ? IN_MOVED_TO : IN_CLOSE_WRITE;
}
if((value = ini.GetValue("general", "promisc", NULL))) {
opt_promisc = yesno(value);
}
Expand Down Expand Up @@ -1947,6 +1951,7 @@ int main(int argc, char *argv[]) {
{"id-sensor", 1, 0, 's'},
{"ipaccount", 0, 0, 'x'},
{"pcapscan-dir", 1, 0, '0'},
{"pcapscan-method", 1, 0, 900},
{"keycheck", 1, 0, 'Z'},
{"keycheck", 1, 0, 'Z'},
{"pcapfilter", 1, 0, 'f'},
Expand Down Expand Up @@ -2033,6 +2038,9 @@ int main(int argc, char *argv[]) {
case '0':
strncpy(opt_scanpcapdir, optarg, sizeof(opt_scanpcapdir));
break;
case 900: // pcapscan-method
opt_scanpcapmethod = (optarg[0] == 'r') ? IN_MOVED_TO : IN_CLOSE_WRITE;
break;
case 'a':
strncpy(pcapcommand, optarg, sizeof(pcapcommand));
break;
Expand Down Expand Up @@ -2715,13 +2723,13 @@ int main(int argc, char *argv[]) {
fd = inotify_init();
/*checking for error*/
if(fd < 0) perror( "inotify_init" );
wd = inotify_add_watch(fd, opt_scanpcapdir, IN_CLOSE_WRITE);
wd = inotify_add_watch(fd, opt_scanpcapdir, opt_scanpcapmethod);
while(1 and terminating == 0) {
i = 0;
len = read(fd, buff, 1024);
while(i < len) {
event = (struct inotify_event *) &buff[i];
if (event->mask & IN_CLOSE_WRITE) { // this will prevent opening files which is still open for writes
if (event->mask & opt_scanpcapmethod) { // this will prevent opening files which is still open for writes
snprintf(filename, sizeof(filename), "%s/%s", opt_scanpcapdir, event->name);
int close = 1;
//printf("File [%s]\n", filename);
Expand Down

0 comments on commit 41ec650

Please sign in to comment.