From 115c3499d27efeb4c8110d0dcfa5ac3452e68477 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Thu, 8 Dec 2011 11:33:44 +0100 Subject: [PATCH] nfq: factorize auto mode --- src/runmode-nfq.c | 193 ++-------------------------------------------- src/source-nfq.c | 6 +- 2 files changed, 12 insertions(+), 187 deletions(-) diff --git a/src/runmode-nfq.c b/src/runmode-nfq.c index e484341c56..3c494fc096 100644 --- a/src/runmode-nfq.c +++ b/src/runmode-nfq.c @@ -34,6 +34,7 @@ #include "util-time.h" #include "util-cpu.h" #include "util-affinity.h" +#include "util-runmodes.h" static const char *default_mode; @@ -74,196 +75,18 @@ void RunModeIpsNFQRegister(void) int RunModeIpsNFQAuto(DetectEngineCtx *de_ctx) { SCEnter(); + int ret = 0; #ifdef NFQ - char tname[16]; - TmModule *tm_module ; - int cur_queue = 0; - - /* Available cpus */ - uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); - int nqueue = NFQGetQueueCount(); RunModeInitialize(); TimeModeSetLive(); - for (int i = 0; i < nqueue; i++) { - /* create the threads */ - cur_queue = NFQGetQueueNum(i); - if (cur_queue == -1) { - printf("ERROR: Invalid thread number\n"); - exit(EXIT_FAILURE); - } - memset(tname, 0, sizeof(tname)); - snprintf(tname, sizeof(tname), "RecvNFQ-Q%"PRIu16, cur_queue); - if (tname == NULL) { - printf("ERROR: Unable to build thread name\n"); - exit(EXIT_FAILURE); - } - - char *thread_name = SCStrdup(tname); - ThreadVars *tv_receivenfq = - TmThreadCreatePacketHandler(thread_name, - "packetpool", "packetpool", - "pickup-queue", "simple", - "1slot_noinout"); - if (tv_receivenfq == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); - exit(EXIT_FAILURE); - } - tm_module = TmModuleGetByName("ReceiveNFQ"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed for ReceiveNFQ\n"); - exit(EXIT_FAILURE); - } - TmSlotSetFuncAppend(tv_receivenfq, tm_module, (void *) NFQGetThread(i)); - - TmThreadSetCPU(tv_receivenfq, RECEIVE_CPU_SET); - - if (TmThreadSpawn(tv_receivenfq) != TM_ECODE_OK) { - printf("ERROR: TmThreadSpawn failed\n"); - exit(EXIT_FAILURE); - } - } - - /* decode and stream */ - ThreadVars *tv_decode = - TmThreadCreatePacketHandler("Decode1", - "pickup-queue", "simple", - "decode-queue", "simple", - "varslot"); - if (tv_decode == NULL) { - printf("ERROR: TmThreadsCreate failed for Decode1\n"); - exit(EXIT_FAILURE); - } - - tm_module = TmModuleGetByName("DecodeNFQ"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName DecodeNFQ failed\n"); - exit(EXIT_FAILURE); - } - TmSlotSetFuncAppend(tv_decode,tm_module,NULL); - - tm_module = TmModuleGetByName("StreamTcp"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName StreamTcp failed\n"); - exit(EXIT_FAILURE); - } - TmSlotSetFuncAppend(tv_decode, tm_module, NULL); - - TmThreadSetCPU(tv_decode, DECODE_CPU_SET); - - if (TmThreadSpawn(tv_decode) != TM_ECODE_OK) { - printf("ERROR: TmThreadSpawn failed\n"); - exit(EXIT_FAILURE); - } - - /* always create at least one thread */ - int thread_max = TmThreadGetNbThreads(DETECT_CPU_SET); - if (thread_max == 0) - thread_max = ncpus * threading_detect_ratio; - if (thread_max < 1) - thread_max = 1; - - int thread; - for (thread = 0; thread < thread_max; thread++) { - memset(tname, 0, sizeof(tname)); - snprintf(tname, sizeof(tname), "Detect%"PRIu16, thread+1); - - char *thread_name = SCStrdup(tname); - SCLogDebug("Assigning %s affinity", thread_name); - - ThreadVars *tv_detect_ncpu = - TmThreadCreatePacketHandler(thread_name, - "decode-queue", "simple", - "verdict-queue", "simple", - "1slot"); - if (tv_detect_ncpu == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); - exit(EXIT_FAILURE); - } - tm_module = TmModuleGetByName("Detect"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName Detect failed\n"); - exit(EXIT_FAILURE); - } - TmSlotSetFuncAppend(tv_detect_ncpu, tm_module, (void *)de_ctx); - - TmThreadSetCPU(tv_detect_ncpu, DETECT_CPU_SET); - - char *thread_group_name = SCStrdup("Detect"); - if (thread_group_name == NULL) { - printf("Error allocating memory\n"); - exit(EXIT_FAILURE); - } - tv_detect_ncpu->thread_group_name = thread_group_name; - - if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) { - printf("ERROR: TmThreadSpawn failed\n"); - exit(EXIT_FAILURE); - } - } - - /* create the threads */ - for (int i = 0; i < nqueue; i++) { - memset(tname, 0, sizeof(tname)); - snprintf(tname, sizeof(tname), "VerdictNFQ%"PRIu16, i); - if (tname == NULL) { - printf("ERROR: Unable to build thread name\n"); - exit(EXIT_FAILURE); - } - - char *thread_name = SCStrdup(tname); - ThreadVars *tv_verdict = - TmThreadCreatePacketHandler(thread_name, - "verdict-queue", "simple", - "alert-queue", "simple", - "varslot"); - if (tv_verdict == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); - exit(EXIT_FAILURE); - } - tm_module = TmModuleGetByName("VerdictNFQ"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName VerdictNFQ failed\n"); - exit(EXIT_FAILURE); - } - TmSlotSetFuncAppend(tv_verdict, tm_module, (void *)NFQGetThread(i)); - - tm_module = TmModuleGetByName("RespondReject"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for RespondReject failed\n"); - exit(EXIT_FAILURE); - } - TmSlotSetFuncAppend(tv_verdict, tm_module, NULL); - - TmThreadSetCPU(tv_verdict, VERDICT_CPU_SET); - - if (TmThreadSpawn(tv_verdict) != TM_ECODE_OK) { - printf("ERROR: TmThreadSpawn failed\n"); - exit(EXIT_FAILURE); - } - }; - - ThreadVars *tv_outputs = - TmThreadCreatePacketHandler("Outputs", - "alert-queue", "simple", - "packetpool", "packetpool", - "varslot"); - - if (tv_outputs == NULL) { - printf("ERROR: TmThreadCreatePacketHandler for Outputs failed\n"); - exit(EXIT_FAILURE); - } - - TmThreadSetCPU(tv_outputs, OUTPUT_CPU_SET); - - SetupOutputs(tv_outputs); - if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { - printf("ERROR: TmThreadSpawn failed\n"); - exit(EXIT_FAILURE); - } - + ret = RunModeSetIPSAuto(de_ctx, + NFQGetThread, + "ReceiveNFQ", + "VerdictNFQ", + "DecodeNFQ"); #endif /* NFQ */ - return 0; + return ret; } diff --git a/src/source-nfq.c b/src/source-nfq.c index 743998d505..0549507ae9 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -49,6 +49,7 @@ #include "util-error.h" #include "util-byte.h" #include "util-privs.h" +#include "util-device.h" #ifndef NFQ /** Handle the case where no NFQ support is compiled in. @@ -589,6 +590,7 @@ int NFQRegisterQueue(char *queue) nq->queue_num = queue_num; receive_queue_num++; SCMutexUnlock(&nfq_init_lock); + LiveRegisterDevice(queue); SCLogDebug("Queue \"%s\" registered.", queue); return 0; @@ -612,7 +614,7 @@ int NFQGetQueueCount(void) { * \retval NULL on error */ void *NFQGetQueue(int number) { - if (number > receive_queue_num) + if (number >= receive_queue_num) return NULL; return (void *)&nfq_q[number]; @@ -642,7 +644,7 @@ int NFQGetQueueNum(int number) { * \retval NULL on error */ void *NFQGetThread(int number) { - if (number > receive_queue_num) + if (number >= receive_queue_num) return NULL; return (void *)&nfq_t[number];