#!/bin/bash

top_level=/opt/pcap/

#Need locking to avoid 2 copies running at once.
pid_file="$HOME/example-manage-pcaps.pid"

if [ -f "$pid_file" ]; then
	ps -p $(cat "$pid_file") >/dev/null 2>&1
	if [ $? -eq 0 ]; then
		echo "$0: process already running"
		exit 1
	fi
fi

#Whether there's no pid_file at all or one exists but the process id stored in it is no longer running, we create one for this process.
echo $$ >"$pid_file"
if [ $? -ne 0 ]; then
	echo "Could not create PID file for $0"
	exit 1
fi



mkdir -p "$top_level/{0_raw,1_gz,2_no_ack_bz2,results}"


#======== Analyze and Compress all raw pcap files that haven't been written to in an hour
migrate_0=`find "$top_level/0_raw/" -type f -iname '*.pcap' -size +0c -mtime +1h`
for one_pcap in $migrate_0 ; do
	pcap_name=`basename "$one_pcap"`
	ionice -c 3 nice -n 19 passer -r "$one_pcap" -l "$top_level/results/$pcap_name.csv"
	mv "$one_pcap" "$top_level/1_gz/"
	ionice -c 3 nice -n 19 gzip -1 "$top_level/1_gz/$pcap_name"
done



#======== Remove all ack packets after 1 week and recompress with bzip2
migrate_1=`find "$top_level/1_gz/" -type f -iname '*.pcap.gz' -size +0c -mtime +7`
for one_pcap in $migrate_1 ; do
	pcap_name=`basename "$one_pcap .gz"`
	ionice -c 3 nice -n 19 zcat "$one_pcap" \
	 | ionice -c 3 nice -n 19 tcpdump -r - -w - '(tcp[13] & 0x17 != 0x10) or not tcp' \
	 | ionice -c 3 nice -n 19 bzip2 -9 \
	 >"$top_level/2_no_ack_bz2/$pcap_name.bz2" \
	 && ionice -c 3 nice -n 19 rm -f "$one_pcap"
done



#======== Delete pcap files after 1 year
migrate_2=`find "$top_level/2_no_ack_bz2/" -type f -iname '*.pcap.bz2' -size +0c -mtime +365`
for one_pcap in $migrate_2 ; do
	if [ -f "$one_pcap" -a -s "$one_pcap" ]; then
		ionice -c 3 nice -n 19 rm -f "$one_pcap"
	fi
done




#Done with processing, so we remove the pid file so the next copy can start.
rm "$pid_file"