From c8090d4ff0b9ec8b110c2a349a962b7ff1d444b5 Mon Sep 17 00:00:00 2001 From: doug Date: Mon, 30 May 2016 20:04:01 -0400 Subject: [PATCH] handle failed pcap_agent more gracefully in second request --- capme/.inc/callback.php | 3 ++ debian/changelog | 6 +++ ...ap_agent-more-gracefully-in-second-request | 37 +++++++++++++++++++ debian/patches/series | 1 + 4 files changed, 47 insertions(+) create mode 100644 debian/patches/handle-failed-pcap_agent-more-gracefully-in-second-request diff --git a/capme/.inc/callback.php b/capme/.inc/callback.php index 91b8a4b..b39e57d 100644 --- a/capme/.inc/callback.php +++ b/capme/.inc/callback.php @@ -336,6 +336,9 @@ function cliscript($cmd, $pwd) { if (preg_match("/^ERROR: Connection failed$/", $line)) { invalidCallback("ERROR: Connection to sguild failed!"); } + if (preg_match("/^DEBUG: $/", $line)) { + invalidCallback("ERROR: No data was returned. Check pcap_agent service."); + } // To handle large pcaps more gracefully, we only render the first $maxtranscriptbytes. $transcriptbytes += strlen($line); if ($transcriptbytes <= $maxtranscriptbytes) { diff --git a/debian/changelog b/debian/changelog index 93f8a7b..38c3d31 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +securityonion-capme (20121213-0ubuntu0securityonion55) trusty; urgency=medium + + * handle failed pcap_agent more gracefully in second request + + -- Doug Burks Mon, 30 May 2016 20:03:09 -0400 + securityonion-capme (20121213-0ubuntu0securityonion54) trusty; urgency=medium * handle failed pcap_agent more gracefully diff --git a/debian/patches/handle-failed-pcap_agent-more-gracefully-in-second-request b/debian/patches/handle-failed-pcap_agent-more-gracefully-in-second-request new file mode 100644 index 0000000..260bcc0 --- /dev/null +++ b/debian/patches/handle-failed-pcap_agent-more-gracefully-in-second-request @@ -0,0 +1,37 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-capme (20121213-0ubuntu0securityonion55) trusty; urgency=medium + . + * handle failed pcap_agent more gracefully in second request +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: http://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- securityonion-capme-20121213.orig/capme/.inc/callback.php ++++ securityonion-capme-20121213/capme/.inc/callback.php +@@ -336,6 +336,9 @@ if ($err == 1) { + if (preg_match("/^ERROR: Connection failed$/", $line)) { + invalidCallback("ERROR: Connection to sguild failed!"); + } ++ if (preg_match("/^DEBUG: $/", $line)) { ++ invalidCallback("ERROR: No data was returned. Check pcap_agent service."); ++ } + // To handle large pcaps more gracefully, we only render the first $maxtranscriptbytes. + $transcriptbytes += strlen($line); + if ($transcriptbytes <= $maxtranscriptbytes) { diff --git a/debian/patches/series b/debian/patches/series index 34664b6..b8f30ec 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -42,3 +42,4 @@ include-filename-parameter-for-pivoting-from-Squert more-informative-error-message-when-failing-on-non-tcp-traffic add-check-for-active-pcap_agent-to-functions.php handle-failed-pcap_agent-more-gracefully +handle-failed-pcap_agent-more-gracefully-in-second-request