<div dir="ltr">Ok, we gave up on Suricata 3 coding. We appreciate your recommendation</div><div class="gmail_extra"><br><div class="gmail_quote">2018-06-16 21:00 GMT+09:00  <span dir="ltr"><<a href="mailto:oisf-devel-request@lists.openinfosecfoundation.org" target="_blank">oisf-devel-request@lists.openinfosecfoundation.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send Oisf-devel mailing list submissions to<br>
        <a href="mailto:oisf-devel@lists.openinfosecfoundation.org">oisf-devel@lists.<wbr>openinfosecfoundation.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
        <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank" rel="noreferrer">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-devel</a><br>
or, via email, send a message with subject or body 'help' to<br>
        <a href="mailto:oisf-devel-request@lists.openinfosecfoundation.org">oisf-devel-request@lists.<wbr>openinfosecfoundation.org</a><br>
<br>
You can reach the person managing the list at<br>
        <a href="mailto:oisf-devel-owner@lists.openinfosecfoundation.org">oisf-devel-owner@lists.<wbr>openinfosecfoundation.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Oisf-devel digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
   1. Re: Pcap file open issue with Suricata 3 (Andreas Herz)<br>
<br>
<br>
------------------------------<wbr>------------------------------<wbr>----------<br>
<br>
Message: 1<br>
Date: Fri, 15 Jun 2018 22:30:48 +0200<br>
From: Andreas Herz <<a href="mailto:andi@geekosphere.org">andi@geekosphere.org</a>><br>
To: <a href="mailto:oisf-devel@lists.openinfosecfoundation.org">oisf-devel@lists.<wbr>openinfosecfoundation.org</a><br>
Subject: Re: [Oisf-devel] Pcap file open issue with Suricata 3<br>
Message-ID: <<a href="mailto:20180615203048.GL3167@ns333105.ip-37-187-125.eu">20180615203048.GL3167@<wbr>ns333105.ip-37-187-125.eu</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
On 12/06/18 at 14:32, Hwang In Chan wrote:<br>
> Hello!<br>
> <br>
> I am working on Suricata 3 source code to add an additional feature to it.<br>
> <br>
> I know Suricata 3 reads a pcap file in the command line.<br>
> <br>
> We added another function to extract eml files when it reads Pcap in the<br>
> command line.<br>
> <br>
> <a href="https://github.com/CPP-CProgramming/Suricata/blob/." target="_blank" rel="noreferrer">https://github.com/CPP-<wbr>CProgramming/Suricata/blob/.</a>..<br>
> <<a href="https://github.com/CPP-CProgramming/Suricata/blob/master/src/app-layer-smtp.c#L1613-L1619" target="_blank" rel="noreferrer">https://github.com/CPP-<wbr>CProgramming/Suricata/blob/<wbr>master/src/app-layer-smtp.c#<wbr>L1613-L1619</a>><br>
> <br>
> <a href="https://github.com/CPP-CProgramming/Suricata/blob/." target="_blank" rel="noreferrer">https://github.com/CPP-<wbr>CProgramming/Suricata/blob/.</a>..<br>
> <<a href="https://github.com/CPP-CProgramming/Suricata/blob/master/src/util-file.c#L780" target="_blank" rel="noreferrer">https://github.com/CPP-<wbr>CProgramming/Suricata/blob/<wbr>master/src/util-file.c#L780</a>><br>
> <br>
> However, it shows a abnormal behavior when it reads a Pcap file.<br>
> <br>
> <a href="https://drive.google.com/file/d/1TpQnZJyTgCilKPV4H." target="_blank" rel="noreferrer">https://drive.google.com/file/<wbr>d/1TpQnZJyTgCilKPV4H.</a>..<br>
> <<a href="https://drive.google.com/file/d/1TpQnZJyTgCilKPV4H4l-Z43P2EUPW6Kg/view?usp=drive_web" target="_blank" rel="noreferrer">https://drive.google.com/<wbr>file/d/1TpQnZJyTgCilKPV4H4l-<wbr>Z43P2EUPW6Kg/view?usp=drive_<wbr>web</a>><br>
> <br>
> If it reads 200 eml files out of pcap file, it only writes 191 files.<br>
> <br>
> It does not read and write all the files out of Pcap, but misses some files.<br>
> <br>
> We believe that this issue disappeared in Suricata 4.<br>
<br>
Can you try to reproduce it with most recent versions of suricata?<br>
<br>
-- <br>
Andreas Herz<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
______________________________<wbr>_________________<br>
Oisf-devel mailing list<br>
<a href="mailto:Oisf-devel@lists.openinfosecfoundation.org">Oisf-devel@lists.<wbr>openinfosecfoundation.org</a><br>
<a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank" rel="noreferrer">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-devel</a><br>
<br>
------------------------------<br>
<br>
End of Oisf-devel Digest, Vol 102, Issue 4<br>
******************************<wbr>************<br>
</blockquote></div><br></div>