From 871b21892a4764057aace5d343c1e06be3c919ab Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Tue, 9 Aug 2011 14:27:28 +0200 Subject: [PATCH] factorize pcap live device function They are not specific to pcap and could thus be used in other module. --- src/Makefile.am | 1 + src/runmode-af-packet.c | 6 ++- src/runmode-pcap.c | 5 ++- src/source-pcap.c | 71 +--------------------------------- src/suricata.c | 17 ++++----- src/util-device.c | 85 +++++++++++++++++++++++++++++++++++++++++ src/util-device.h | 34 +++++++++++++++++ 7 files changed, 136 insertions(+), 83 deletions(-) create mode 100644 src/util-device.c create mode 100644 src/util-device.h diff --git a/src/Makefile.am b/src/Makefile.am index aa8bcf528e..141c37c315 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -206,6 +206,7 @@ util-memcmp.c util-memcmp.h \ util-proto-name.c util-proto-name.h \ util-syslog.c util-syslog.h \ util-vector.h \ +util-device.c util-device.h \ tm-modules.c tm-modules.h \ tm-queues.c tm-queues.h \ tm-queuehandlers.c tm-queuehandlers.h \ diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c index e65bd4ce8e..763d89d436 100644 --- a/src/runmode-af-packet.c +++ b/src/runmode-af-packet.c @@ -37,6 +37,7 @@ #include "util-time.h" #include "util-cpu.h" #include "util-affinity.h" +#include "util-device.h" static const char *default_mode = NULL; @@ -88,7 +89,8 @@ int RunModeIdsAFPAuto(DetectEngineCtx *de_ctx) /* Available cpus */ uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); /* TODO must not use PCAP function */ - int npcap = PcapLiveGetDeviceCount(); + /** \todo fix parasiting of pcap mode */ + int npcap = LiveGetDeviceCount(); if (npcap == 1) { char *pcap_dev = NULL; @@ -128,7 +130,7 @@ int RunModeIdsAFPAuto(DetectEngineCtx *de_ctx) SCLogInfo("Using %d pcap device(s).", npcap); for (thread = 0; thread < npcap; thread++) { - char *pcap_dev = PcapLiveGetDevice(thread); + char *pcap_dev = LiveGetDevice(thread); if (pcap_dev == NULL) { printf("Failed to lookup pcap dev %d\n", thread); exit(EXIT_FAILURE); diff --git a/src/runmode-pcap.c b/src/runmode-pcap.c index f6265364ed..e322ae3c7d 100644 --- a/src/runmode-pcap.c +++ b/src/runmode-pcap.c @@ -37,6 +37,7 @@ #include "util-time.h" #include "util-cpu.h" #include "util-affinity.h" +#include "util-device.h" static const char *default_mode = NULL; @@ -87,7 +88,7 @@ int RunModeIdsPcapAuto(DetectEngineCtx *de_ctx) /* Available cpus */ uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); - int npcap = PcapLiveGetDeviceCount(); + int npcap = LiveGetDeviceCount(); if (npcap == 1) { char *pcap_dev = NULL; @@ -127,7 +128,7 @@ int RunModeIdsPcapAuto(DetectEngineCtx *de_ctx) SCLogInfo("Using %d pcap device(s).", npcap); for (thread = 0; thread < npcap; thread++) { - char *pcap_dev = PcapLiveGetDevice(thread); + char *pcap_dev = LiveGetDevice(thread); if (pcap_dev == NULL) { printf("Failed to lookup pcap dev %d\n", thread); exit(EXIT_FAILURE); diff --git a/src/source-pcap.c b/src/source-pcap.c index 8a116e6a41..38328be73c 100644 --- a/src/source-pcap.c +++ b/src/source-pcap.c @@ -42,6 +42,7 @@ #include "util-debug.h" #include "util-error.h" #include "util-privs.h" +#include "util-device.h" #include "tmqh-packetpool.h" extern uint8_t suricata_ctl_flags; @@ -50,16 +51,6 @@ extern int max_pending_packets; /** control how many packet libpcap may read in one go */ static int pcap_max_read_packets = 0; -/** storage for pcap device names */ -typedef struct PcapDevice_ { - char *dev; /**< the device (e.g. "eth0") */ - TAILQ_ENTRY(PcapDevice_) next; -} PcapDevice; - -/** private device list */ -static TAILQ_HEAD(, PcapDevice_) pcap_devices = - TAILQ_HEAD_INITIALIZER(pcap_devices); - /** max packets < 65536 */ #define PCAP_FILE_MAX_PKTS 256 #define PCAP_IFACE_NAME_LENGTH 48 @@ -655,66 +646,6 @@ TmEcode DecodePcapThreadInit(ThreadVars *tv, void *initdata, void **data) SCReturnInt(TM_ECODE_OK); } -/** - * \brief Add a pcap device for monitoring - * - * \param dev string with the device name - * - * \retval 0 on success. - * \retval -1 on failure. - */ -int PcapLiveRegisterDevice(char *dev) -{ - PcapDevice *pd = SCMalloc(sizeof(PcapDevice)); - if (pd == NULL) { - return -1; - } - - pd->dev = SCStrdup(dev); - TAILQ_INSERT_TAIL(&pcap_devices, pd, next); - - SCLogDebug("Pcap device \"%s\" registered.", dev); - return 0; -} - -/** - * \brief Get the number of registered devices - * - * \retval cnt the number of registered devices - */ -int PcapLiveGetDeviceCount(void) { - int i = 0; - PcapDevice *pd; - - TAILQ_FOREACH(pd, &pcap_devices, next) { - i++; - } - - return i; -} - -/** - * \brief Get a pointer to the device at idx - * - * \param number idx of the device in our list - * - * \retval ptr pointer to the string containing the device - * \retval NULL on error - */ -char *PcapLiveGetDevice(int number) { - int i = 0; - PcapDevice *pd; - - TAILQ_FOREACH(pd, &pcap_devices, next) { - if (i == number) { - return pd->dev; - } - - i++; - } - return NULL; -} - void PcapTranslateIPToDevice(char *pcap_dev, size_t len) { char errbuf[PCAP_ERRBUF_SIZE]; diff --git a/src/suricata.c b/src/suricata.c index 9d2cab17fe..e8211c3fb0 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -46,6 +46,7 @@ #include "util-action.h" #include "util-pidfile.h" #include "util-ioctl.h" +#include "util-device.h" #include "detect-parse.h" #include "detect-engine.h" @@ -843,7 +844,7 @@ int main(int argc, char **argv) case 'i': if (run_mode == RUNMODE_UNKNOWN) { run_mode = RUNMODE_PCAP_DEV; - PcapLiveRegisterDevice(optarg); + LiveRegisterDevice(optarg); } else if (run_mode == RUNMODE_PCAP_DEV) { #ifdef OS_WIN32 SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev " @@ -852,7 +853,7 @@ int main(int argc, char **argv) #else SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using " "multiple pcap devices to get packets is experimental."); - PcapLiveRegisterDevice(optarg); + LiveRegisterDevice(optarg); #endif } else { SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode " @@ -864,10 +865,10 @@ int main(int argc, char **argv) strlcpy(pcap_dev, optarg, ((strlen(optarg) < sizeof(pcap_dev)) ? (strlen(optarg)+1) : (sizeof(pcap_dev)))); break; case 'a': - /* TODO fix parasiting of pcap mode */ + /** \todo TODO fix parasiting of pcap mode */ if (run_mode == RUNMODE_UNKNOWN) { run_mode = RUNMODE_AFP_DEV; - PcapLiveRegisterDevice(optarg); + LiveRegisterDevice(optarg); } else if (run_mode == RUNMODE_AFP_DEV) { #ifdef OS_WIN32 SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev " @@ -876,7 +877,7 @@ int main(int argc, char **argv) #else SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using " "multiple pcap devices to get packets is experimental."); - PcapLiveRegisterDevice(optarg); + LiveRegisterDevice(optarg); #endif } else { SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode " @@ -1415,10 +1416,8 @@ int main(int argc, char **argv) PfringLoadConfig(); #endif /* HAVE_PFRING */ } else if (run_mode == RUNMODE_AFP_DEV) { - /* TODO fix parasiting */ - PcapTranslateIPToDevice(pcap_dev, sizeof(pcap_dev)); - if (ConfSet("pcap.single_pcap_dev", pcap_dev, 0) != 1) { - fprintf(stderr, "ERROR: Failed to set pcap.single_pcap_dev\n"); + if (ConfSet("af-packet.interface", pcap_dev, 0) != 1) { + fprintf(stderr, "ERROR: Failed to set af-packet.interface\n"); exit(EXIT_FAILURE); } } diff --git a/src/util-device.c b/src/util-device.c new file mode 100644 index 0000000000..0c3ccf6311 --- /dev/null +++ b/src/util-device.c @@ -0,0 +1,85 @@ +/* Copyright (C) 2011 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +#include "suricata-common.h" +#include "conf.h" +#include "util-device.h" + +/** private device list */ +static TAILQ_HEAD(, LiveDevice_) live_devices = + TAILQ_HEAD_INITIALIZER(live_devices); + + +/** + * \brief Add a pcap device for monitoring + * + * \param dev string with the device name + * + * \retval 0 on success. + * \retval -1 on failure. + */ +int LiveRegisterDevice(char *dev) +{ + LiveDevice *pd = SCMalloc(sizeof(LiveDevice)); + if (pd == NULL) { + return -1; + } + + pd->dev = SCStrdup(dev); + TAILQ_INSERT_TAIL(&live_devices, pd, next); + + SCLogDebug("Pcap device \"%s\" registered.", dev); + return 0; +} + +/** + * \brief Get the number of registered devices + * + * \retval cnt the number of registered devices + */ +int LiveGetDeviceCount(void) { + int i = 0; + LiveDevice *pd; + + TAILQ_FOREACH(pd, &live_devices, next) { + i++; + } + + return i; +} + +/** + * \brief Get a pointer to the device at idx + * + * \param number idx of the device in our list + * + * \retval ptr pointer to the string containing the device + * \retval NULL on error + */ +char *LiveGetDevice(int number) { + int i = 0; + LiveDevice *pd; + + TAILQ_FOREACH(pd, &live_devices, next) { + if (i == number) { + return pd->dev; + } + + i++; + } + return NULL; +} diff --git a/src/util-device.h b/src/util-device.h new file mode 100644 index 0000000000..4e1a3f6e31 --- /dev/null +++ b/src/util-device.h @@ -0,0 +1,34 @@ +/* Copyright (C) 2011 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +#ifndef _UTIL_DEVICE_H +#define _UTIL_DEVICE_H 1 + +#include "queue.h" + +/** storage for live device names */ +typedef struct LiveDevice_ { + char *dev; /**< the device (e.g. "eth0") */ + TAILQ_ENTRY(LiveDevice_) next; +} LiveDevice; + + +int LiveRegisterDevice(char *dev); +int LiveGetDeviceCount(void); +char *LiveGetDevice(int number); + +#endif /* _UTIL_DEVICE_H */