From 4ae27756b0dc9af7a21f9df1e77fa7c68ae202bc Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Mon, 21 Jan 2013 09:40:10 +0100
Subject: [PATCH] af-packet: add support for 'default' interface

This patch adds support for 'default' interface which is used to get
parameter values when per-interface is not defined.
---
 src/runmode-af-packet.c | 40 +++++++++++++++++++++++++---------------
 suricata.yaml.in        |  4 ++++
 2 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c
index 2db4cf9270..281b093267 100644
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@@ -111,6 +111,7 @@ void *ParseAFPConfig(const char *iface)
 {
     char *threadsstr = NULL;
     ConfNode *if_root;
+    ConfNode *if_default = NULL;
     ConfNode *af_packet_node;
     AFPIfaceConfig *aconf = SCMalloc(sizeof(*aconf));
     char *tmpclusterid;
@@ -160,14 +161,23 @@ void *ParseAFPConfig(const char *iface)
     }
 
     if_root = ConfNodeLookupKeyValue(af_packet_node, "interface", iface);
-    if (if_root == NULL) {
+
+    if_default = ConfNodeLookupKeyValue(af_packet_node, "interface", "default");
+
+    if (if_root == NULL && if_default == NULL) {
         SCLogInfo("Unable to find af-packet config for "
-                  "interface %s, using default value",
+                  "interface \"%s\" or \"default\", using default value",
                   iface);
         return aconf;
     }
 
-    if (ConfGetChildValue(if_root, "threads", &threadsstr) != 1) {
+    /* If there is no setting for current interface use default one as main iface */
+    if (if_root == NULL) {
+        if_root = if_default;
+        if_default = NULL;
+    }
+
+    if (ConfGetChildValueWithDefault(if_root, if_default, "threads", &threadsstr) != 1) {
         aconf->threads = 1;
     } else {
         if (threadsstr != NULL) {
@@ -178,19 +188,19 @@ void *ParseAFPConfig(const char *iface)
         aconf->threads = 1;
     }
 
-    if (ConfGetChildValue(if_root, "copy-iface", &out_iface) == 1) {
+    if (ConfGetChildValueWithDefault(if_root, if_default, "copy-iface", &out_iface) == 1) {
         if (strlen(out_iface) > 0) {
             aconf->out_iface = out_iface;
         }
     }
 
-    (void)ConfGetChildValueBool(if_root, "use-mmap", (int *)&boolval);
+    (void)ConfGetChildValueBoolWithDefault(if_root, if_default, "use-mmap", (int *)&boolval);
     if (boolval) {
         SCLogInfo("Enabling mmaped capture on iface %s",
                 aconf->iface);
         aconf->flags |= AFP_RING_MODE;
     }
-    (void)ConfGetChildValueBool(if_root, "use-emergency-flush", (int *)&boolval);
+    (void)ConfGetChildValueBoolWithDefault(if_root, if_default, "use-emergency-flush", (int *)&boolval);
     if (boolval) {
         SCLogInfo("Enabling ring emergency flush on iface %s",
                 aconf->iface);
@@ -199,7 +209,7 @@ void *ParseAFPConfig(const char *iface)
 
 
     aconf->copy_mode = AFP_COPY_MODE_NONE;
-    if (ConfGetChildValue(if_root, "copy-mode", &copymodestr) == 1) {
+    if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) {
         if (aconf->out_iface == NULL) {
             SCLogInfo("Copy mode activated but no destination"
                       " iface. Disabling feature");
@@ -226,14 +236,14 @@ void *ParseAFPConfig(const char *iface)
     SC_ATOMIC_RESET(aconf->ref);
     (void) SC_ATOMIC_ADD(aconf->ref, aconf->threads);
 
-    if (ConfGetChildValue(if_root, "cluster-id", &tmpclusterid) != 1) {
+    if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-id", &tmpclusterid) != 1) {
         SCLogError(SC_ERR_INVALID_ARGUMENT,"Could not get cluster-id from config");
     } else {
         aconf->cluster_id = (uint16_t)atoi(tmpclusterid);
         SCLogDebug("Going to use cluster-id %" PRId32, aconf->cluster_id);
     }
 
-    if (ConfGetChildValue(if_root, "cluster-type", &tmpctype) != 1) {
+    if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-type", &tmpctype) != 1) {
         SCLogError(SC_ERR_GET_CLUSTER_TYPE_FAILED,"Could not get cluster-type from config");
     } else if (strcmp(tmpctype, "cluster_round_robin") == 0) {
         SCLogInfo("Using round-robin cluster mode for AF_PACKET (iface %s)",
@@ -245,7 +255,7 @@ void *ParseAFPConfig(const char *iface)
         uint16_t defrag = 0;
         SCLogInfo("Using flow cluster mode for AF_PACKET (iface %s)",
                 aconf->iface);
-        ConfGetChildValueBool(if_root, "defrag", (int *)&defrag);
+        ConfGetChildValueBoolWithDefault(if_root, if_default, "defrag", (int *)&defrag);
         if (defrag) {
             SCLogInfo("Using defrag kernel functionality for AF_PACKET (iface %s)",
                     aconf->iface);
@@ -265,7 +275,7 @@ void *ParseAFPConfig(const char *iface)
     /*load af_packet bpf filter*/
     /* command line value has precedence */
     if (ConfGet("bpf-filter", &bpf_filter) != 1) {
-        if (ConfGetChildValue(if_root, "bpf-filter", &bpf_filter) == 1) {
+        if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
             if (strlen(bpf_filter) > 0) {
                 aconf->bpf_filter = bpf_filter;
                 SCLogInfo("Going to use bpf filter %s", aconf->bpf_filter);
@@ -273,12 +283,12 @@ void *ParseAFPConfig(const char *iface)
         }
     }
 
-    if ((ConfGetChildValueInt(if_root, "buffer-size", &value)) == 1) {
+    if ((ConfGetChildValueIntWithDefault(if_root, if_default, "buffer-size", &value)) == 1) {
         aconf->buffer_size = value;
     } else {
         aconf->buffer_size = 0;
     }
-    if ((ConfGetChildValueInt(if_root, "ring-size", &value)) == 1) {
+    if ((ConfGetChildValueIntWithDefault(if_root, if_default, "ring-size", &value)) == 1) {
         aconf->ring_size = value;
         if (value * aconf->threads < max_pending_packets) {
             aconf->ring_size = max_pending_packets / aconf->threads + 1;
@@ -294,14 +304,14 @@ void *ParseAFPConfig(const char *iface)
         aconf->ring_size = max_pending_packets * 2 / aconf->threads;
     }
 
-    (void)ConfGetChildValueBool(if_root, "disable-promisc", (int *)&boolval);
+    (void)ConfGetChildValueBoolWithDefault(if_root, if_default, "disable-promisc", (int *)&boolval);
     if (boolval) {
         SCLogInfo("Disabling promiscuous mode on iface %s",
                 aconf->iface);
         aconf->promisc = 0;
     }
 
-    if (ConfGetChildValue(if_root, "checksum-checks", &tmpctype) == 1) {
+    if (ConfGetChildValueWithDefault(if_root, if_default, "checksum-checks", &tmpctype) == 1) {
         if (strcmp(tmpctype, "auto") == 0) {
             aconf->checksum_mode = CHECKSUM_VALIDATION_AUTO;
         } else if (strcmp(tmpctype, "yes") == 0) {
diff --git a/suricata.yaml.in b/suricata.yaml.in
index e84950f86e..0526765461 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -289,6 +289,10 @@ af-packet:
     defrag: yes
     # buffer-size: 32768
     # disable-promisc: no
+  # Put default values here
+  - interface: default
+    #threads: 2
+    #use-mmap: yes
 
 # You can specify a threshold config file by setting "threshold-file"
 # to the path of the threshold config file: