aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

factorize pcap live device function

Browse Source 
They are not specific to pcap and could thus be used in other module.
remotes/origin/master-1.1.x
Eric Leblond 14 years ago committed by Victor Julien
parent c45d898572
commit 871b21892a
7 changed files with 136 additions and 83 deletions
Show Stats Download Patch File Download Diff File

1
src/Makefile.am
Unescape Escape View File

@ -206,6 +206,7 @@ util-memcmp.c util-memcmp.h \
util-proto-name.c util-proto-name.h \ util-proto-name.c util-proto-name.h \
util-syslog.c util-syslog.h \ util-syslog.c util-syslog.h \
util-vector.h \ util-vector.h \
util-device.c util-device.h \
tm-modules.c tm-modules.h \ tm-modules.c tm-modules.h \
tm-queues.c tm-queues.h \ tm-queues.c tm-queues.h \
tm-queuehandlers.c tm-queuehandlers.h \ tm-queuehandlers.c tm-queuehandlers.h \

6
src/runmode-af-packet.c
Unescape Escape View File

@ -37,6 +37,7 @@
#include "util-time.h" #include "util-time.h"
#include "util-cpu.h" #include "util-cpu.h"
#include "util-affinity.h" #include "util-affinity.h"
#include "util-device.h"
static const char *default_mode = NULL; static const char *default_mode = NULL;
@ -88,7 +89,8 @@ int RunModeIdsAFPAuto(DetectEngineCtx *de_ctx)
/* Available cpus */ /* Available cpus */
uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); uint16_t ncpus = UtilCpuGetNumProcessorsOnline();
/* TODO must not use PCAP function */ /* TODO must not use PCAP function */
int npcap = PcapLiveGetDeviceCount(); /** \todo fix parasiting of pcap mode */
int npcap = LiveGetDeviceCount();
if (npcap == 1) { if (npcap == 1) {
char *pcap_dev = NULL; char *pcap_dev = NULL;
@ -128,7 +130,7 @@ int RunModeIdsAFPAuto(DetectEngineCtx *de_ctx)
SCLogInfo("Using %d pcap device(s).", npcap); SCLogInfo("Using %d pcap device(s).", npcap);
for (thread = 0; thread < npcap; thread++) { for (thread = 0; thread < npcap; thread++) {
char *pcap_dev = PcapLiveGetDevice(thread); char *pcap_dev = LiveGetDevice(thread);
if (pcap_dev == NULL) { if (pcap_dev == NULL) {
printf("Failed to lookup pcap dev %d\n", thread); printf("Failed to lookup pcap dev %d\n", thread);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);

5
src/runmode-pcap.c
Unescape Escape View File

@ -37,6 +37,7 @@
#include "util-time.h" #include "util-time.h"
#include "util-cpu.h" #include "util-cpu.h"
#include "util-affinity.h" #include "util-affinity.h"
#include "util-device.h"
static const char *default_mode = NULL; static const char *default_mode = NULL;
@ -87,7 +88,7 @@ int RunModeIdsPcapAuto(DetectEngineCtx *de_ctx)
/* Available cpus */ /* Available cpus */
uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); uint16_t ncpus = UtilCpuGetNumProcessorsOnline();
int npcap = PcapLiveGetDeviceCount(); int npcap = LiveGetDeviceCount();
if (npcap == 1) { if (npcap == 1) {
char *pcap_dev = NULL; char *pcap_dev = NULL;
@ -127,7 +128,7 @@ int RunModeIdsPcapAuto(DetectEngineCtx *de_ctx)
SCLogInfo("Using %d pcap device(s).", npcap); SCLogInfo("Using %d pcap device(s).", npcap);
for (thread = 0; thread < npcap; thread++) { for (thread = 0; thread < npcap; thread++) {
char *pcap_dev = PcapLiveGetDevice(thread); char *pcap_dev = LiveGetDevice(thread);
if (pcap_dev == NULL) { if (pcap_dev == NULL) {
printf("Failed to lookup pcap dev %d\n", thread); printf("Failed to lookup pcap dev %d\n", thread);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);

71
src/source-pcap.c
Unescape Escape View File

@ -42,6 +42,7 @@
#include "util-debug.h" #include "util-debug.h"
#include "util-error.h" #include "util-error.h"
#include "util-privs.h" #include "util-privs.h"
#include "util-device.h"
#include "tmqh-packetpool.h" #include "tmqh-packetpool.h"
extern uint8_t suricata_ctl_flags; extern uint8_t suricata_ctl_flags;
@ -50,16 +51,6 @@ extern int max_pending_packets;
/** control how many packet libpcap may read in one go */ /** control how many packet libpcap may read in one go */
static int pcap_max_read_packets = 0; static int pcap_max_read_packets = 0;
/** storage for pcap device names */
typedef struct PcapDevice_ {
char *dev; /**< the device (e.g. "eth0") */
TAILQ_ENTRY(PcapDevice_) next;
} PcapDevice;
/** private device list */
static TAILQ_HEAD(, PcapDevice_) pcap_devices =
TAILQ_HEAD_INITIALIZER(pcap_devices);
/** max packets < 65536 */ /** max packets < 65536 */
#define PCAP_FILE_MAX_PKTS 256 #define PCAP_FILE_MAX_PKTS 256
#define PCAP_IFACE_NAME_LENGTH 48 #define PCAP_IFACE_NAME_LENGTH 48
@ -655,66 +646,6 @@ TmEcode DecodePcapThreadInit(ThreadVars *tv, void *initdata, void **data)
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);
} }
/**
* \brief Add a pcap device for monitoring
*
* \param dev string with the device name
*
* \retval 0 on success.
* \retval -1 on failure.
*/
int PcapLiveRegisterDevice(char *dev)
{
PcapDevice *pd = SCMalloc(sizeof(PcapDevice));
if (pd == NULL) {
return -1;
}
pd->dev = SCStrdup(dev);
TAILQ_INSERT_TAIL(&pcap_devices, pd, next);
SCLogDebug("Pcap device \"%s\" registered.", dev);
return 0;
}
/**
* \brief Get the number of registered devices
*
* \retval cnt the number of registered devices
*/
int PcapLiveGetDeviceCount(void) {
int i = 0;
PcapDevice *pd;
TAILQ_FOREACH(pd, &pcap_devices, next) {
i++;
}
return i;
}
/**
* \brief Get a pointer to the device at idx
*
* \param number idx of the device in our list
*
* \retval ptr pointer to the string containing the device
* \retval NULL on error
*/
char *PcapLiveGetDevice(int number) {
int i = 0;
PcapDevice *pd;
TAILQ_FOREACH(pd, &pcap_devices, next) {
if (i == number) {
return pd->dev;
}
i++;
}
return NULL;
}
void PcapTranslateIPToDevice(char *pcap_dev, size_t len) void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
{ {
char errbuf[PCAP_ERRBUF_SIZE]; char errbuf[PCAP_ERRBUF_SIZE];

17
src/suricata.c
Unescape Escape View File

@ -46,6 +46,7 @@
#include "util-action.h" #include "util-action.h"
#include "util-pidfile.h" #include "util-pidfile.h"
#include "util-ioctl.h" #include "util-ioctl.h"
#include "util-device.h"
#include "detect-parse.h" #include "detect-parse.h"
#include "detect-engine.h" #include "detect-engine.h"
@ -843,7 +844,7 @@ int main(int argc, char **argv)
case 'i': case 'i':
if (run_mode == RUNMODE_UNKNOWN) { if (run_mode == RUNMODE_UNKNOWN) {
run_mode = RUNMODE_PCAP_DEV; run_mode = RUNMODE_PCAP_DEV;
PcapLiveRegisterDevice(optarg); LiveRegisterDevice(optarg);
} else if (run_mode == RUNMODE_PCAP_DEV) { } else if (run_mode == RUNMODE_PCAP_DEV) {
#ifdef OS_WIN32 #ifdef OS_WIN32
SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev " SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev "
@ -852,7 +853,7 @@ int main(int argc, char **argv)
#else #else
SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using " SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using "
"multiple pcap devices to get packets is experimental."); "multiple pcap devices to get packets is experimental.");
PcapLiveRegisterDevice(optarg); LiveRegisterDevice(optarg);
#endif #endif
} else { } else {
SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode " SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
@ -864,10 +865,10 @@ int main(int argc, char **argv)
strlcpy(pcap_dev, optarg, ((strlen(optarg) < sizeof(pcap_dev)) ? (strlen(optarg)+1) : (sizeof(pcap_dev)))); strlcpy(pcap_dev, optarg, ((strlen(optarg) < sizeof(pcap_dev)) ? (strlen(optarg)+1) : (sizeof(pcap_dev))));
break; break;
case 'a': case 'a':
/* TODO fix parasiting of pcap mode */ /** \todo TODO fix parasiting of pcap mode */
if (run_mode == RUNMODE_UNKNOWN) { if (run_mode == RUNMODE_UNKNOWN) {
run_mode = RUNMODE_AFP_DEV; run_mode = RUNMODE_AFP_DEV;
PcapLiveRegisterDevice(optarg); LiveRegisterDevice(optarg);
} else if (run_mode == RUNMODE_AFP_DEV) { } else if (run_mode == RUNMODE_AFP_DEV) {
#ifdef OS_WIN32 #ifdef OS_WIN32
SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev " SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev "
@ -876,7 +877,7 @@ int main(int argc, char **argv)
#else #else
SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using " SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using "
"multiple pcap devices to get packets is experimental."); "multiple pcap devices to get packets is experimental.");
PcapLiveRegisterDevice(optarg); LiveRegisterDevice(optarg);
#endif #endif
} else { } else {
SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode " SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
@ -1415,10 +1416,8 @@ int main(int argc, char **argv)
PfringLoadConfig(); PfringLoadConfig();
#endif /* HAVE_PFRING */ #endif /* HAVE_PFRING */
} else if (run_mode == RUNMODE_AFP_DEV) { } else if (run_mode == RUNMODE_AFP_DEV) {
/* TODO fix parasiting */ if (ConfSet("af-packet.interface", pcap_dev, 0) != 1) {
PcapTranslateIPToDevice(pcap_dev, sizeof(pcap_dev)); fprintf(stderr, "ERROR: Failed to set af-packet.interface\n");
if (ConfSet("pcap.single_pcap_dev", pcap_dev, 0) != 1) {
fprintf(stderr, "ERROR: Failed to set pcap.single_pcap_dev\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} }

85
src/util-device.c
Unescape Escape View File

@ -0,0 +1,85 @@
/* Copyright (C) 2011 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
#include "suricata-common.h"
#include "conf.h"
#include "util-device.h"
/** private device list */
static TAILQ_HEAD(, LiveDevice_) live_devices =
TAILQ_HEAD_INITIALIZER(live_devices);
/**
* \brief Add a pcap device for monitoring
*
* \param dev string with the device name
*
* \retval 0 on success.
* \retval -1 on failure.
*/
int LiveRegisterDevice(char *dev)
{
LiveDevice *pd = SCMalloc(sizeof(LiveDevice));
if (pd == NULL) {
return -1;
}
pd->dev = SCStrdup(dev);
TAILQ_INSERT_TAIL(&live_devices, pd, next);
SCLogDebug("Pcap device \"%s\" registered.", dev);
return 0;
}
/**
* \brief Get the number of registered devices
*
* \retval cnt the number of registered devices
*/
int LiveGetDeviceCount(void) {
int i = 0;
LiveDevice *pd;
TAILQ_FOREACH(pd, &live_devices, next) {
i++;
}
return i;
}
/**
* \brief Get a pointer to the device at idx
*
* \param number idx of the device in our list
*
* \retval ptr pointer to the string containing the device
* \retval NULL on error
*/
char *LiveGetDevice(int number) {
int i = 0;
LiveDevice *pd;
TAILQ_FOREACH(pd, &live_devices, next) {
if (i == number) {
return pd->dev;
}
i++;
}
return NULL;
}

34
src/util-device.h
Unescape Escape View File

@ -0,0 +1,34 @@
/* Copyright (C) 2011 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
#ifndef _UTIL_DEVICE_H
#define _UTIL_DEVICE_H 1
#include "queue.h"
/** storage for live device names */
typedef struct LiveDevice_ {
char *dev; /**< the device (e.g. "eth0") */
TAILQ_ENTRY(LiveDevice_) next;
} LiveDevice;
int LiveRegisterDevice(char *dev);
int LiveGetDeviceCount(void);
char *LiveGetDevice(int number);
#endif /* _UTIL_DEVICE_H */
Write Preview
Loading…
Cancel
Save