aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

list runmodes. Allow specification of runmode id from cof file. Also allow for command line override

Browse Source
remotes/origin/master-1.1.x
Anoop Saldanha 15 years ago committed by Victor Julien
parent 05686e70a5
commit 229f7281ea
20 changed files with 465 additions and 53 deletions
Show Stats Download Patch File Download Diff File

17
src/runmode-erf-dag.c
Unescape Escape View File

@ -37,6 +37,23 @@
#include "util-cpu.h"
#include "util-affinity.h"
static int default_mode;
int RunModeErfDagGetDefaultMode(void)
{
return default_mode;
}
void RunModeErfDagRegister(void)
{
default_mode = RunModeRegisterNewRunMode(RUNMODE_DAG,
"erf_dag_auto",
"multi threaded Erf dag mode",
RunModeErfDagAuto);
return;
}
/**
*
* \brief Sets up support for reading from a DAG card.

2
src/runmode-erf-dag.h
Unescape Escape View File

@ -24,5 +24,7 @@
#define __RUNMODE_ERF_DAG_H__
int RunModeErfDagAuto(DetectEngineCtx *);
void RunModeErfDagRegister(void);
int RunModeErfDagGetDefaultMode(void);
#endif /* __RUNMODE_ERF_DAG_H__ */

17
src/runmode-erf-file.c
Unescape Escape View File

@ -37,6 +37,23 @@
#include "util-cpu.h"
#include "util-affinity.h"
static int default_mode;
int RunModeErfFileGetDefaultMode(void)
{
return default_mode;
}
void RunModeErfFileRegister(void)
{
default_mode = RunModeRegisterNewRunMode(RUNMODE_ERF_FILE,
"erf_file_auto",
"multi threaded Erf File mode",
RunModeErfFileAuto);
return;
}
int RunModeErfFileAuto(DetectEngineCtx *de_ctx)
{
SCEnter();

2
src/runmode-erf-file.h
Unescape Escape View File

@ -24,5 +24,7 @@
#define __RUNMODE_ERF_FILE_H__
int RunModeErfFileAuto(DetectEngineCtx *);
void RunModeErfFileRegister(void);
int RunModeErfFileGetDefaultMode(void);
#endif /* __RUNMODE_ERF_FILE_H__ */

17
src/runmode-ipfw.c
Unescape Escape View File

@ -37,6 +37,23 @@
#include "util-cpu.h"
#include "util-affinity.h"
static int default_mode;
int RunModeIpsIPFWGetDefaultMode(void)
{
return default_mode;
}
void RunModeIpsIPFWRegister(void)
{
default_mode = RunModeRegisterNewRunMode(RUNMODE_IPFW,
"pfring_ipfw_auto",
"multi threaded IPFW IPS mode",
RunModeIpsIPFWAuto);
return;
}
/**
* \brief RunModeIpsIPFWAuto set up the following thread packet handlers:
* - Receive thread (from IPFW)

2
src/runmode-ipfw.h
Unescape Escape View File

@ -24,5 +24,7 @@
#define __RUNMODE_IPFW_H__
int RunModeIpsIPFWAuto(DetectEngineCtx *);
void RunModeIpsIPFWRegister(void);
int RunModeIpsIPFWGetDefaultMode(void);
#endif /* __RUNMODE_IPFW_H__ */

17
src/runmode-nfq.c
Unescape Escape View File

@ -37,6 +37,23 @@
#include "util-cpu.h"
#include "util-affinity.h"
static int default_mode;
int RunModeIpsNFQGetDefaultMode(void)
{
return default_mode;
}
void RunModeIpsNFQRegister(void)
{
default_mode = RunModeRegisterNewRunMode(RUNMODE_NFQ,
"nfq_auto",
"multi threaded NFQ IPS mode",
RunModeIpsNFQAuto);
return;
}
/**
* \brief RunModeIpsNFQAuto set up the following thread packet handlers:
* - Receive thread (from NFQ)

2
src/runmode-nfq.h
Unescape Escape View File

@ -24,5 +24,7 @@
#define __RUNMODE_NFQ_H__
int RunModeIpsNFQAuto(DetectEngineCtx *);
void RunModeIpsNFQRegister(void);
int RunModeIpsNFQGetDefaultMode(void);
#endif /* __RUNMODE_NFQ_H__ */

29
src/runmode-pcap-file.c
Unescape Escape View File

@ -37,6 +37,35 @@
#include "util-cpu.h"
#include "util-affinity.h"
static int default_mode;
int RunModeFilePcapGetDefaultMode(void)
{
return default_mode;
}
void RunModeFilePcapRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE,
"pcap_file_single",
"Single threaded pcap file mode",
RunModeFilePcap2);
default_mode = RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE,
"pcap_file_auto",
"multi threaded pcap file mode",
RunModeFilePcapAuto);
RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE,
"pcap_file_autofp",
"multi threaded pcap file mode. Packets from "
"each flow are assigned to a single detect thread, "
"unlike \"pcap_file_auto\" where packets from "
"the same flow can be processed by any detect "
"thread",
RunModeFilePcapAutoFp);
return;
}
/**
* \brief Single thread version of the Pcap file processing.
*/

2
src/runmode-pcap-file.h
Unescape Escape View File

@ -26,5 +26,7 @@
int RunModeFilePcap2(DetectEngineCtx *);
int RunModeFilePcapAuto(DetectEngineCtx *);
int RunModeFilePcapAutoFp(DetectEngineCtx *de_ctx);
void RunModeFilePcapRegister(void);
int RunModeFilePcapGetDefaultMode(void);
#endif /* __RUNMODE_PCAP_FILE_H__ */

16
src/runmode-pcap.c
Unescape Escape View File

@ -37,6 +37,22 @@
#include "util-cpu.h"
#include "util-affinity.h"
static int default_mode;
int RunModeIdsGetDefaultMode(void)
{
return default_mode;
}
void RunModeIdsPcapRegister(void)
{
default_mode = RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV,
"pcap_dev_auto",
"Multi threaded pcap live mode",
RunModeIdsPcapAuto);
return;
}
/**
* \brief RunModeIdsPcapAuto set up the following thread packet handlers:

2
src/runmode-pcap.h
Unescape Escape View File

@ -24,5 +24,7 @@
#define __RUNMODE_PCAP_H__
int RunModeIdsPcapAuto(DetectEngineCtx *);
void RunModeIdsPcapRegister(void);
int RunModeIdsGetDefaultMode(void);
#endif /* __RUNMODE_PCAP_H__ */

47
src/runmode-pfring.c
Unescape Escape View File

@ -20,6 +20,7 @@
#include "conf.h"
#include "runmodes.h"
#include "runmode-pfring.h"
#include "source-pfring.h"
#include "log-httplog.h"
#include "output.h"
#include "cuda-packet-batcher.h"
@ -37,8 +38,41 @@
#include "util-cpu.h"
#include "util-affinity.h"
/* We include only if pfring is enabled */
static int default_mode_auto;
static int default_mode_autofp;
int RunModeIdsPfringGetDefaultMode(void)
{
#ifdef HAVE_PFRING
if (PfringConfGetThreads() == 1) {
return default_mode_auto;
} else {
return default_mode_autofp;
}
#else
return -2;
#endif
}
void RunModeIdsPfringRegister(void)
{
default_mode_auto =
RunModeRegisterNewRunMode(RUNMODE_PFRING,
"pfring_auto",
"multi threaded pfring mode",
RunModeIdsPfringAuto);
default_mode_autofp =
RunModeRegisterNewRunMode(RUNMODE_PFRING,
"pfring_autofp",
"multi threaded pfring mode. Packets from "
"each flow are assigned to a single detect "
"thread, unlike \"pfring_auto\" where packets "
"from the same flow can be processed by any "
"detect thread",
RunModeIdsPfringAutoFp);
return;
}
/**
* \brief RunModeIdsPfringAuto set up the following thread packet handlers:
@ -61,6 +95,8 @@
int RunModeIdsPfringAuto(DetectEngineCtx *de_ctx)
{
SCEnter();
/* We include only if pfring is enabled */
#ifdef HAVE_PFRING
char tname[12];
uint16_t cpu = 0;
@ -266,12 +302,17 @@ int RunModeIdsPfringAuto(DetectEngineCtx *de_ctx)
exit(EXIT_FAILURE);
}
#endif /* HAVE_PFRING */
return 0;
}
int RunModeIdsPfringAutoFp(DetectEngineCtx *de_ctx)
{
SCEnter();
/* We include only if pfring is enabled */
#ifdef HAVE_PFRING
char tname[12];
char qname[12];
uint16_t cpu = 0;
@ -412,7 +453,7 @@ int RunModeIdsPfringAutoFp(DetectEngineCtx *de_ctx)
cpu++;
}
#endif /* HAVE_PFRING */
return 0;
}
#endif /* HAVE_PFRING */

7
src/runmode-pfring.h
Unescape Escape View File

@ -25,12 +25,9 @@
#include "suricata-common.h"
/* We include only if pfring is enabled */
#ifdef HAVE_PFRING
int RunModeIdsPfringAuto(DetectEngineCtx *);
int RunModeIdsPfringAutoFp(DetectEngineCtx *de_ctx);
#endif /* #ifdef HAVE_PFRING */
void RunModeIdsPfringRegister(void);
int RunModeIdsPfringGetDefaultMode(void);
#endif /* __RUNMODE_PFRING_H__ */

228
src/runmodes.c
Unescape Escape View File

@ -23,6 +23,7 @@
*/
#include "suricata-common.h"
#include "detect.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "tm-threads.h"
@ -34,6 +35,7 @@
#include "conf.h"
#include "queue.h"
#include "runmodes.h"
#include "util-unittest.h"
#include "alert-fastlog.h"
#include "alert-prelude.h"
@ -50,6 +52,20 @@
#include "source-pfring.h"
/**
* \brief Holds description for a runmode.
*/
typedef struct RunMode_ {
/* unique custom id generated for this runmode */
int custom_id;
/* the runmode type */
int runmode;
const char *name;
const char *description;
/* runmode function */
int (*RunModeFunc)(DetectEngineCtx *);
} RunMode;
/**
* A list of output modules that will be active for the run mode.
*/
@ -62,6 +78,218 @@ typedef struct RunModeOutput_ {
TAILQ_HEAD(, RunModeOutput_) RunModeOutputs =
TAILQ_HEAD_INITIALIZER(RunModeOutputs);
/* unique key used to generate runmode custom ids */
static int runmode_id = 0;
RunMode *runmodes = NULL;
/**
* \internal
* \brief Check if a runmode custom id is valid.
*
* \param runmode_custom_id The id to be validated.
*
* \retval 1 If true.
* \retval 0 Otherwise.
*/
int RunModeCustomIdValid(int runmode_custom_id)
{
if (runmode_custom_id < 0 || runmode_custom_id >= runmode_id) {
return 0;
}
return 1;
}
/**
* \brief Register all runmodes in the engine.
*/
void RunModeRegisterRunModes(void)
{
RunModeIdsPcapRegister();
RunModeFilePcapRegister();
RunModeIdsPfringRegister();
RunModeIpsNFQRegister();
RunModeIpsIPFWRegister();
RunModeErfFileRegister();
RunModeErfDagRegister();
UtRunModeRegister();
return;
}
/**
* \internal
* \brief Translate a runmode mode to a printale string.
*
* \param runmode Runmode to be converted into a printable string.
*
* \retval string Printable string.
*/
static const char *RunModeTranslateModeToName(int runmode)
{
switch (runmode) {
case RUNMODE_PCAP_DEV:
return "PCAP_DEV";
break;
case RUNMODE_PCAP_FILE:
return "PCAP_FILE";
break;
case RUNMODE_PFRING:
#ifdef HAVE_PFRING
return "PFRING";
#else
return "PFRING(DISABLED)";
#endif
break;
case RUNMODE_NFQ:
return "NFQ";
break;
case RUNMODE_IPFW:
return "IPFW";
break;
case RUNMODE_ERF_FILE:
return "ERF_FILE";
break;
case RUNMODE_DAG:
return "ERF_DAG";
break;
case RUNMODE_UNITTEST:
return "UNITTEST";
break;
default:
SCLogError(SC_ERR_UNKNOWN_RUN_MODE, "Unknown runtime mode. Aborting");
exit(EXIT_FAILURE);
}
}
/**
* \brief Lists all registered runmodes.
*/
void RunModeListRunmodes(void)
{
printf("------------------------------------------------------------------"
"-----------------------\n");
printf("--------------------------------------Runmodes--------------------"
"-----------------------\n");
printf("------------------------------------------------------------------"
"-----------------------\n");
printf("| %-2s | %-17s | %-17s | %-10s \n",
"Id", " Mode", " Name-", "Descripition");
printf("|-----------------------------------------------------------------"
"-----------------------\n");
int i;
for (i = 0; i < runmode_id; i++) {
printf("| %-2d | %-17s | %-17s | %-27s \n",
i,
RunModeTranslateModeToName(runmodes[i].runmode),
runmodes[i].name,
runmodes[i].description);
}
printf("|-----------------------------------------------------------------"
"-----------------------\n");
return;
}
/**
* \brief Dispatcher function for runmodes. Calls the required runmode function
* based on runmode + runmode_custom_id.
*
* \param runmode The runmode type.
* \param runmode_customd_id The runmode custom id.
* \param de_ctx Detection Engine Context.
*/
void RunModeDispatch(int runmode, int runmode_custom_id, DetectEngineCtx *de_ctx)
{
if (runmode_custom_id != -1 &&
(runmode_custom_id < 0 || runmode_custom_id >= runmode_id)) {
SCLogError(SC_ERR_RUNMODE, "You have supplied wrong runmode type - "
"%d", runmode_custom_id);
exit(EXIT_FAILURE);
}
if (runmode_custom_id != -1) {
if (runmode != runmodes[runmode_custom_id].runmode) {
SCLogError(SC_ERR_RUNMODE, "The runmode custom id's(%d) "
"runmode - \"%s\" doesn't match the runmode type - \"%s\" "
"being used. Please use runmode id whose RunMode "
"mode matches the mode you are running the "
"engine in.",
runmode_custom_id,
RunModeTranslateModeToName(runmodes[runmode_custom_id].runmode),
RunModeTranslateModeToName(runmode));
exit(EXIT_FAILURE);
}
runmodes[runmode_custom_id].RunModeFunc(de_ctx);
return;
}
switch (runmode) {
case RUNMODE_PCAP_DEV:
runmode_custom_id = RunModeIdsGetDefaultMode();
break;
case RUNMODE_PCAP_FILE:
runmode_custom_id = RunModeFilePcapGetDefaultMode();
break;
#ifdef HAVE_PFRING
case RUNMODE_PFRING:
runmode_custom_id = RunModeIdsPfringGetDefaultMode();
break;
#endif
case RUNMODE_NFQ:
runmode_custom_id = RunModeIpsNFQGetDefaultMode();
break;
case RUNMODE_IPFW:
runmode_custom_id = RunModeIpsIPFWGetDefaultMode();
break;
case RUNMODE_ERF_FILE:
runmode_custom_id = RunModeErfFileGetDefaultMode();
break;
case RUNMODE_DAG:
runmode_custom_id = RunModeErfDagGetDefaultMode();
break;
default:
SCLogError(SC_ERR_UNKNOWN_RUN_MODE, "Unknown runtime mode. Aborting");
exit(EXIT_FAILURE);
}
if (runmode_custom_id < 0 && runmode_custom_id >= runmode_id) {
SCLogError(SC_ERR_RUNMODE, "Wrong default custom id - %d, returned by "
"runmode - %d", runmode_custom_id, runmode);
}
runmodes[runmode_custom_id].RunModeFunc(de_ctx);
return;
}
/**
* \brief Registers a new runmode.
*
* \param runmode Runmode type.
* \param name Simple name. Need not be unique, although suggested.
* \param description Description for this runmode.
* \param RunModeFunc The function to be run for this runmode.
*/
int RunModeRegisterNewRunMode(uint8_t runmode, const char *name,
const char *description,
int (*RunModeFunc)(DetectEngineCtx *))
{
runmodes = SCRealloc(runmodes, (runmode_id + 1) * sizeof(RunMode));
if (runmodes == NULL) {
exit(EXIT_FAILURE);
}
runmodes[runmode_id].custom_id = runmode_id;
runmodes[runmode_id].runmode = runmode;
runmodes[runmode_id].name = SCStrdup(name);
runmodes[runmode_id].description = SCStrdup(description);
runmodes[runmode_id].RunModeFunc = RunModeFunc;
runmode_id++;
return runmode_id - 1;
}
/**
* Cleanup the run mode.
*/

11
src/runmodes.h
Unescape Escape View File

@ -31,11 +31,19 @@ enum {
RUNMODE_PFRING,
RUNMODE_NFQ,
RUNMODE_IPFW,
RUNMODE_UNITTEST,
RUNMODE_ERF_FILE,
RUNMODE_DAG,
RUNMODE_UNITTEST,
RUNMODE_MAX,
};
int RunModeCustomIdValid(int);
void RunModeListRunmodes(void);
void RunModeDispatch(int, int, DetectEngineCtx *);
void RunModeRegisterRunModes(void);
int RunModeRegisterNewRunMode(uint8_t, const char *,
const char *,
int (*RunModeFunc)(DetectEngineCtx *));
void RunModeInitialize(void);
void RunModeInitializeOutputs(void);
void SetupOutputs(ThreadVars *);
@ -53,4 +61,3 @@ int threading_set_cpu_affinity;
extern float threading_detect_ratio;
#endif /* __RUNMODES_H__ */

84
src/suricata.c
Unescape Escape View File

@ -351,6 +351,10 @@ void usage(const char *progname)
#ifdef __SC_CUDA_SUPPORT__
printf("\t--list-cuda-cards : list cuda supported cards\n");
#endif
printf("\t--list-runmodes : list supported runmodes\n");
printf("\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
"\t supplied should be the id for the runmode obtained by running\n"
"\t --list-runmodes\n");
printf("\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
"\t Please have a look at the conf parameter engine-analysis on what reports\n"
"\t can be printed\n");
@ -492,6 +496,8 @@ int main(int argc, char **argv)
int dump_config = 0;
int list_unittests = 0;
int list_cuda_cards = 0;
int list_runmodes = 0;
int runmode_custom_id = -1;
int daemon = 0;
char *user_name = NULL;
char *group_name = NULL;
@ -511,6 +517,8 @@ int main(int argc, char **argv)
/* initialize the logging subsys */
SCLogInitLogModule(NULL);
RunModeRegisterRunModes();
/* By default use IDS mode, but if nfq or ipfw
* are specified, IPS mode will overwrite this */
SET_ENGINE_MODE_IDS(engine_mode);
@ -560,6 +568,8 @@ int main(int argc, char **argv)
{"unittest-filter", required_argument, 0, 'U'},
{"list-unittests", 0, &list_unittests, 1},
{"list-cuda-cards", 0, &list_cuda_cards, 1},
{"list-runmodes", 0, &list_runmodes, 1},
{"runmode", required_argument, NULL, 0},
{"engine-analysis", 0, &engine_analysis, 1},
#ifdef OS_WIN32
{"service-install", 0, 0, 0},
@ -645,6 +655,17 @@ int main(int argc, char **argv)
"--enable-cuda to configure when building.\n");
exit(EXIT_FAILURE);
#endif /* UNITTESTS */
} else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
RunModeListRunmodes();
exit(EXIT_SUCCESS);
} else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
runmode_custom_id = atoi(optarg);
if (!RunModeCustomIdValid(runmode_custom_id)) {
fprintf(stderr, "ERROR: Invalid runmode id - \"%d\" supplied. "
"Please pass valid runmode id from "
"--list-runmodes.\n", runmode_custom_id);
exit(EXIT_FAILURE);
}
} else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
// do nothing for now
}
@ -920,6 +941,24 @@ int main(int argc, char **argv)
exit(EXIT_SUCCESS);
}
/* If runmode isn't supplied in the command line, retrieve it from the conf
* file. If supplied in command line, the command line version overrides
* conf file */
if (runmode_custom_id == -1) {
intmax_t val;
if (ConfGetInt("runmode", &val) != 1) {
runmode_custom_id = -1;
} else {
runmode_custom_id = val;
if (!RunModeCustomIdValid(runmode_custom_id)) {
fprintf(stderr, "ERROR: Invalid runmode id - \"%d\" supplied "
"in conf file. Please pass valid runmode id from "
"--list-runmodes.\n", runmode_custom_id);
exit(EXIT_FAILURE);
}
}
}
/* Check for the existance of the default logging directory which we pick
* from suricata.yaml. If not found, shut the engine down */
if (ConfGet("default-log-dir", &log_dir) != 1)
@ -1289,56 +1328,15 @@ int main(int argc, char **argv)
/* run the selected runmode */
if (run_mode == RUNMODE_PCAP_DEV) {
//RunModeIdsPcap3(de_ctx, pcap_dev);
//RunModeIdsPcap2(de_ctx, pcap_dev);
//RunModeIdsPcap(de_ctx, pcap_dev);
PcapTranslateIPToDevice(pcap_dev, sizeof(pcap_dev));
if (ConfSet("runmode_pcap.single_pcap_dev", pcap_dev, 0) != 1) {
fprintf(stderr, "ERROR: Failed to set runmode_pcap.single_pcap_dev\n");
exit(EXIT_FAILURE);
}
RunModeIdsPcapAuto(de_ctx);
}
else if (run_mode == RUNMODE_PCAP_FILE) {
//RunModeFilePcap(de_ctx, pcap_file);
//RunModeFilePcap2(de_ctx, pcap_file);
RunModeFilePcapAuto(de_ctx);
//RunModeFilePcapAutoFp(de_ctx, pcap_file);
//RunModeFilePcapAuto2(de_ctx, pcap_file);
}
#ifdef HAVE_PFRING
else if (run_mode == RUNMODE_PFRING) {
PfringLoadConfig();
//RunModeIdsPfring3(de_ctx, pfring_dev);
//RunModeIdsPfring2(de_ctx, pfring_dev);
//RunModeIdsPfring(de_ctx, pfring_dev);
//RunModeIdsPfring4(de_ctx, pfring_dev);
if (PfringConfGetThreads() == 1) {
RunModeIdsPfringAuto(de_ctx);
} else {
RunModeIdsPfringAutoFp(de_ctx);
}
}
#endif /* HAVE_PFRING */
else if (run_mode == RUNMODE_NFQ) {
//RunModeIpsNFQ(de_ctx, nfq_id);
RunModeIpsNFQAuto(de_ctx);
}
else if (run_mode == RUNMODE_IPFW) {
//RunModeIpsIPFW(de_ctx);
RunModeIpsIPFWAuto(de_ctx);
}
else if (run_mode == RUNMODE_ERF_FILE) {
RunModeErfFileAuto(de_ctx);
}
else if (run_mode == RUNMODE_DAG) {
RunModeErfDagAuto(de_ctx);
}
else {
SCLogError(SC_ERR_UNKNOWN_RUN_MODE, "Unknown runtime mode. Aborting");
exit(EXIT_FAILURE);
}
RunModeDispatch(run_mode, runmode_custom_id, de_ctx);
#ifdef __SC_CUDA_SUPPORT__
if (PatternMatchDefaultMatcher() == MPM_B2G_CUDA) {
/* start the dispatcher thread for this module */

11
src/util-unittest.c
Unescape Escape View File

@ -25,6 +25,7 @@
*/
#include "suricata-common.h"
#include "runmodes.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "util-time.h"
@ -247,6 +248,16 @@ void UtCleanup(void) {
ut_list = NULL;
}
void UtRunModeRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_UNITTEST,
"unittest",
"Unittest mode",
NULL);
return;
}
#ifdef UNITTESTS
/** \brief True test

1
src/util-unittest.h
Unescape Escape View File

@ -44,6 +44,7 @@ void UtInitialize(void);
void UtCleanup(void);
int UtRunSelftest (char *regex_arg);
void UtListTests(char *regex_arg);
void UtRunModeRegister(void);
#endif /* __UTIL_UNITTEST_H__ */

4
suricata.yaml
Unescape Escape View File

@ -15,6 +15,10 @@
# pattern matcher scans many packets in parallel.
#max-pending-packets: 50
# Runmode custom id the engine should run in. Please check --list-runmodes
# to get the runmode ids that can be used here.
#runmode: 0
# Preallocated size for packet. Default is 1514 which is the classical
# size for pcap on ethernet. You should adjust this value to the highest
# packet size (MTU + hardware header) on your system.

Write Preview
Loading…
Cancel
Save