aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

runmodes: change function prototype of runmode init functions

Browse Source 
Commit contains prototype changes of RunModeSetLiveCaptureAutoFp and
RunModeSetLiveCaptureWorkers functions to move the IPS enable logic
out of suricata.c file.
pull/8430/head
Lukas Sismis 3 years ago committed by Victor Julien
parent ee4f75e4b4
commit bed16ba44c
23 changed files with 338 additions and 371 deletions
Show Stats Download Patch File Download Diff File

202
src/runmode-af-packet.c
Unescape Escape View File

@ -31,6 +31,7 @@
*/
#include "suricata-common.h"
#include "suricata.h"
#include "tm-threads.h"
#include "conf.h"
#include "runmodes.h"
@ -64,20 +65,106 @@ const char *RunModeAFPGetDefaultMode(void)
return "workers";
}
static int AFPRunModeIsIPS(void)
{
int nlive = LiveGetDeviceCount();
int ldev;
ConfNode *if_root;
ConfNode *if_default = NULL;
ConfNode *af_packet_node;
int has_ips = 0;
int has_ids = 0;
/* Find initial node */
af_packet_node = ConfGetNode("af-packet");
if (af_packet_node == NULL) {
return 0;
}
if_default = ConfNodeLookupKeyValue(af_packet_node, "interface", "default");
for (ldev = 0; ldev < nlive; ldev++) {
const char *live_dev = LiveGetDeviceName(ldev);
if (live_dev == NULL) {
SCLogError("Problem with config file");
return 0;
}
const char *copymodestr = NULL;
if_root = ConfFindDeviceConfig(af_packet_node, live_dev);
if (if_root == NULL) {
if (if_default == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = if_default;
}
if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) {
if (strcmp(copymodestr, "ips") == 0) {
has_ips = 1;
} else {
has_ids = 1;
}
} else {
has_ids = 1;
}
}
if (has_ids && has_ips) {
SCLogWarning("AF_PACKET using both IPS and TAP/IDS mode, this will not "
"be allowed in Suricata 8 due to undefined behavior. See ticket #5588.");
for (ldev = 0; ldev < nlive; ldev++) {
const char *live_dev = LiveGetDeviceName(ldev);
if (live_dev == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = ConfNodeLookupKeyValue(af_packet_node, "interface", live_dev);
const char *copymodestr = NULL;
if (if_root == NULL) {
if (if_default == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = if_default;
}
if (!((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) ==
1) &&
(strcmp(copymodestr, "ips") == 0))) {
SCLogError("AF_PACKET IPS mode used and interface '%s' is in IDS or TAP mode. "
"Sniffing '%s' but expect bad result as stream-inline is activated.",
live_dev, live_dev);
}
}
}
return has_ips;
}
static void AFPRunModeEnableIPS(void)
{
if (AFPRunModeIsIPS()) {
SCLogInfo("Setting IPS mode");
EngineModeSetIPS();
}
}
void RunModeIdsAFPRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "single",
"Single threaded af-packet mode",
RunModeIdsAFPSingle);
RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "single", "Single threaded af-packet mode",
RunModeIdsAFPSingle, AFPRunModeEnableIPS);
RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "workers",
"Workers af-packet mode, each thread does all"
" tasks from acquisition to logging",
RunModeIdsAFPWorkers);
"Workers af-packet mode, each thread does all"
" tasks from acquisition to logging",
RunModeIdsAFPWorkers, AFPRunModeEnableIPS);
RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "autofp",
"Multi socket AF_PACKET mode. Packets from "
"each flow are assigned to a single detect "
"thread.",
RunModeIdsAFPAutoFp);
"Multi socket AF_PACKET mode. Packets from "
"each flow are assigned to a single detect "
"thread.",
RunModeIdsAFPAutoFp, AFPRunModeEnableIPS);
return;
}
@ -676,86 +763,7 @@ static int AFPConfigGeThreadsCount(void *conf)
return afp->threads;
}
int AFPRunModeIsIPS(void)
{
int nlive = LiveGetDeviceCount();
int ldev;
ConfNode *if_root;
ConfNode *if_default = NULL;
ConfNode *af_packet_node;
int has_ips = 0;
int has_ids = 0;
/* Find initial node */
af_packet_node = ConfGetNode("af-packet");
if (af_packet_node == NULL) {
return 0;
}
if_default = ConfNodeLookupKeyValue(af_packet_node, "interface", "default");
for (ldev = 0; ldev < nlive; ldev++) {
const char *live_dev = LiveGetDeviceName(ldev);
if (live_dev == NULL) {
SCLogError("Problem with config file");
return 0;
}
const char *copymodestr = NULL;
if_root = ConfFindDeviceConfig(af_packet_node, live_dev);
if (if_root == NULL) {
if (if_default == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = if_default;
}
if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) {
if (strcmp(copymodestr, "ips") == 0) {
has_ips = 1;
} else {
has_ids = 1;
}
} else {
has_ids = 1;
}
}
if (has_ids && has_ips) {
SCLogWarning("AF_PACKET using both IPS and TAP/IDS mode, this will not "
"be allowed in Suricata 8 due to undefined behavior. See ticket #5588.");
for (ldev = 0; ldev < nlive; ldev++) {
const char *live_dev = LiveGetDeviceName(ldev);
if (live_dev == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = ConfNodeLookupKeyValue(af_packet_node, "interface", live_dev);
const char *copymodestr = NULL;
if (if_root == NULL) {
if (if_default == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = if_default;
}
if (! ((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) &&
(strcmp(copymodestr, "ips") == 0))) {
SCLogError("AF_PACKET IPS mode used and interface '%s' is in IDS or TAP mode. "
"Sniffing '%s' but expect bad result as stream-inline is activated.",
live_dev, live_dev);
}
}
}
return has_ips;
}
#endif
#endif /* HAVE_AF_PACKET */
int RunModeIdsAFPAutoFp(void)
{
@ -778,11 +786,8 @@ int RunModeIdsAFPAutoFp(void)
FatalError("Unable to init peers list.");
}
ret = RunModeSetLiveCaptureAutoFp(ParseAFPConfig,
AFPConfigGeThreadsCount,
"ReceiveAFP",
"DecodeAFP", thread_name_autofp,
live_dev);
ret = RunModeSetLiveCaptureAutoFp(ParseAFPConfig, AFPConfigGeThreadsCount, "ReceiveAFP",
"DecodeAFP", thread_name_autofp, live_dev);
if (ret != 0) {
FatalError("Unable to start runmode");
}
@ -859,11 +864,8 @@ int RunModeIdsAFPWorkers(void)
FatalError("Unable to init peers list.");
}
ret = RunModeSetLiveCaptureWorkers(ParseAFPConfig,
AFPConfigGeThreadsCount,
"ReceiveAFP",
"DecodeAFP", thread_name_workers,
live_dev);
ret = RunModeSetLiveCaptureWorkers(ParseAFPConfig, AFPConfigGeThreadsCount, "ReceiveAFP",
"DecodeAFP", thread_name_workers, live_dev);
if (ret != 0) {
FatalError("Unable to start runmode");
}

1
src/runmode-af-packet.h
Unescape Escape View File

@ -28,6 +28,5 @@ int RunModeIdsAFPAutoFp(void);
int RunModeIdsAFPWorkers(void);
void RunModeIdsAFPRegister(void);
const char *RunModeAFPGetDefaultMode(void);
int AFPRunModeIsIPS(void);
#endif /* __RUNMODE_AF_PACKET_H__ */

6
src/runmode-af-xdp.c
Unescape Escape View File

@ -71,12 +71,12 @@ const char *RunModeAFXDPGetDefaultMode(void)
void RunModeIdsAFXDPRegister(void)
{
RunModeRegisterNewRunMode(
RUNMODE_AFXDP_DEV, "single", "Single threaded af-xdp mode", RunModeIdsAFXDPSingle);
RunModeRegisterNewRunMode(RUNMODE_AFXDP_DEV, "single", "Single threaded af-xdp mode",
RunModeIdsAFXDPSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_AFXDP_DEV, "workers",
"Workers af-xdp mode, each thread does all"
" tasks from acquisition to logging",
RunModeIdsAFXDPWorkers);
RunModeIdsAFXDPWorkers, NULL);
return;
}

2
src/runmode-dpdk.c
Unescape Escape View File

@ -1372,7 +1372,7 @@ void RunModeDpdkRegister(void)
RunModeRegisterNewRunMode(RUNMODE_DPDK, "workers",
"Workers DPDK mode, each thread does all"
" tasks from acquisition to logging",
RunModeIdsDpdkWorkers);
RunModeIdsDpdkWorkers, NULL);
}
/**

39
src/runmode-erf-dag.c
Unescape Escape View File

@ -48,21 +48,20 @@ const char *RunModeErfDagGetDefaultMode(void)
void RunModeErfDagRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_DAG, "autofp",
"Multi threaded DAG mode. Packets from "
"each flow are assigned to a single detect "
"thread, unlike \"dag_auto\" where packets "
"from the same flow can be processed by any "
"detect thread",
RunModeIdsErfDagAutoFp);
"Multi threaded DAG mode. Packets from "
"each flow are assigned to a single detect "
"thread, unlike \"dag_auto\" where packets "
"from the same flow can be processed by any "
"detect thread",
RunModeIdsErfDagAutoFp, NULL);
RunModeRegisterNewRunMode(RUNMODE_DAG, "single",
"Singled threaded DAG mode",
RunModeIdsErfDagSingle);
RunModeRegisterNewRunMode(
RUNMODE_DAG, "single", "Singled threaded DAG mode", RunModeIdsErfDagSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_DAG, "workers",
"Workers DAG mode, each thread does all "
" tasks from acquisition to logging",
RunModeIdsErfDagWorkers);
"Workers DAG mode, each thread does all "
" tasks from acquisition to logging",
RunModeIdsErfDagWorkers, NULL);
return;
}
@ -102,12 +101,8 @@ int RunModeIdsErfDagAutoFp(void)
TimeModeSetLive();
ret = RunModeSetLiveCaptureAutoFp(ParseDagConfig,
DagConfigGetThreadCount,
"ReceiveErfDag",
"DecodeErfDag",
thread_name_autofp,
NULL);
ret = RunModeSetLiveCaptureAutoFp(ParseDagConfig, DagConfigGetThreadCount, "ReceiveErfDag",
"DecodeErfDag", thread_name_autofp, NULL);
if (ret != 0) {
FatalError("DAG autofp runmode failed to start");
}
@ -127,12 +122,8 @@ int RunModeIdsErfDagWorkers(void)
TimeModeSetLive();
ret = RunModeSetLiveCaptureWorkers(ParseDagConfig,
DagConfigGetThreadCount,
"ReceiveErfDag",
"DecodeErfDag",
thread_name_workers,
NULL);
ret = RunModeSetLiveCaptureWorkers(ParseDagConfig, DagConfigGetThreadCount, "ReceiveErfDag",
"DecodeErfDag", thread_name_workers, NULL);
if (ret != 0) {
FatalError("DAG workers runmode failed to start");
}

11
src/runmode-erf-file.c
Unescape Escape View File

@ -38,14 +38,13 @@ const char *RunModeErfFileGetDefaultMode(void)
void RunModeErfFileRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_ERF_FILE, "single",
"Single threaded ERF file mode",
RunModeErfFileSingle);
RunModeRegisterNewRunMode(RUNMODE_ERF_FILE, "single", "Single threaded ERF file mode",
RunModeErfFileSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_ERF_FILE, "autofp",
"Multi threaded ERF file mode. Packets from "
"each flow are assigned to a single detect thread",
RunModeErfFileAutoFp);
"Multi threaded ERF file mode. Packets from "
"each flow are assigned to a single detect thread",
RunModeErfFileAutoFp, NULL);
return;
}

6
src/runmode-ipfw.c
Unescape Escape View File

@ -49,12 +49,10 @@ const char *RunModeIpsIPFWGetDefaultMode(void)
void RunModeIpsIPFWRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_IPFW, "autofp",
"Multi threaded IPFW IPS mode with respect to flow",
RunModeIpsIPFWAutoFp);
"Multi threaded IPFW IPS mode with respect to flow", RunModeIpsIPFWAutoFp, NULL);
RunModeRegisterNewRunMode(RUNMODE_IPFW, "workers",
"Multi queue IPFW IPS mode with one thread per queue",
RunModeIpsIPFWWorker);
"Multi queue IPFW IPS mode with one thread per queue", RunModeIpsIPFWWorker, NULL);
return;
}

8
src/runmode-napatech.c
Unescape Escape View File

@ -90,7 +90,7 @@ void RunModeNapatechRegister(void)
RunModeRegisterNewRunMode(RUNMODE_NAPATECH, "workers",
"Workers Napatech mode, each thread does all"
" tasks from acquisition to logging",
RunModeNapatechWorkers);
RunModeNapatechWorkers, NULL);
return;
#endif
}
@ -261,10 +261,8 @@ static int NapatechInit(int runmode)
switch (runmode) {
case NT_RUNMODE_WORKERS:
status = RunModeSetLiveCaptureWorkers(NapatechConfigParser,
NapatechGetThreadsCount,
"NapatechStream", "NapatechDecode",
thread_name_workers, NULL);
status = RunModeSetLiveCaptureWorkers(NapatechConfigParser, NapatechGetThreadsCount,
"NapatechStream", "NapatechDecode", thread_name_workers, NULL);
break;
default:
status = -1;

175
src/runmode-netmap.c
Unescape Escape View File

@ -47,6 +47,7 @@
#include "source-netmap.h"
#include "util-conf.h"
#include "suricata.h"
extern int max_pending_packets;
@ -55,20 +56,106 @@ const char *RunModeNetmapGetDefaultMode(void)
return "workers";
}
static int NetmapRunModeIsIPS(void)
{
int nlive = LiveGetDeviceCount();
int ldev;
ConfNode *if_root;
ConfNode *if_default = NULL;
ConfNode *netmap_node;
int has_ips = 0;
int has_ids = 0;
/* Find initial node */
netmap_node = ConfGetNode("netmap");
if (netmap_node == NULL) {
return 0;
}
if_default = ConfNodeLookupKeyValue(netmap_node, "interface", "default");
for (ldev = 0; ldev < nlive; ldev++) {
const char *live_dev = LiveGetDeviceName(ldev);
if (live_dev == NULL) {
SCLogError("Problem with config file");
return 0;
}
const char *copymodestr = NULL;
if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev);
if (if_root == NULL) {
if (if_default == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = if_default;
}
if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) {
if (strcmp(copymodestr, "ips") == 0) {
has_ips = 1;
} else {
has_ids = 1;
}
} else {
has_ids = 1;
}
}
if (has_ids && has_ips) {
SCLogWarning("Netmap using both IPS and TAP/IDS mode, this will not be "
"allowed in Suricata 8 due to undefined behavior. See ticket #5588.");
for (ldev = 0; ldev < nlive; ldev++) {
const char *live_dev = LiveGetDeviceName(ldev);
if (live_dev == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev);
const char *copymodestr = NULL;
if (if_root == NULL) {
if (if_default == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = if_default;
}
if (!((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) ==
1) &&
(strcmp(copymodestr, "ips") == 0))) {
SCLogError("Netmap IPS mode used and interface '%s' is in IDS or TAP mode. "
"Sniffing '%s' but expect bad result as stream-inline is activated.",
live_dev, live_dev);
}
}
}
return has_ips;
}
static void NetmapRunModeEnableIPS(void)
{
if (NetmapRunModeIsIPS()) {
SCLogInfo("Netmap: Setting IPS mode");
EngineModeSetIPS();
}
}
void RunModeIdsNetmapRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_NETMAP, "single",
"Single threaded netmap mode",
RunModeIdsNetmapSingle);
RunModeRegisterNewRunMode(RUNMODE_NETMAP, "single", "Single threaded netmap mode",
RunModeIdsNetmapSingle, NetmapRunModeEnableIPS);
RunModeRegisterNewRunMode(RUNMODE_NETMAP, "workers",
"Workers netmap mode, each thread does all"
" tasks from acquisition to logging",
RunModeIdsNetmapWorkers);
RunModeIdsNetmapWorkers, NetmapRunModeEnableIPS);
RunModeRegisterNewRunMode(RUNMODE_NETMAP, "autofp",
"Multi-threaded netmap mode. Packets from "
"each flow are assigned to a single detect "
"thread.",
RunModeIdsNetmapAutoFp);
RunModeIdsNetmapAutoFp, NetmapRunModeEnableIPS);
return;
}
@ -320,84 +407,6 @@ static int NetmapConfigGeThreadsCount(void *conf)
return aconf->in.threads;
}
int NetmapRunModeIsIPS(void)
{
int nlive = LiveGetDeviceCount();
int ldev;
ConfNode *if_root;
ConfNode *if_default = NULL;
ConfNode *netmap_node;
int has_ips = 0;
int has_ids = 0;
/* Find initial node */
netmap_node = ConfGetNode("netmap");
if (netmap_node == NULL) {
return 0;
}
if_default = ConfNodeLookupKeyValue(netmap_node, "interface", "default");
for (ldev = 0; ldev < nlive; ldev++) {
const char *live_dev = LiveGetDeviceName(ldev);
if (live_dev == NULL) {
SCLogError("Problem with config file");
return 0;
}
const char *copymodestr = NULL;
if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev);
if (if_root == NULL) {
if (if_default == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = if_default;
}
if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) {
if (strcmp(copymodestr, "ips") == 0) {
has_ips = 1;
} else {
has_ids = 1;
}
} else {
has_ids = 1;
}
}
if (has_ids && has_ips) {
SCLogWarning("Netmap using both IPS and TAP/IDS mode, this will not be allowed in Suricata "
"8 due to undefined behavior. See ticket #5588.");
for (ldev = 0; ldev < nlive; ldev++) {
const char *live_dev = LiveGetDeviceName(ldev);
if (live_dev == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev);
const char *copymodestr = NULL;
if (if_root == NULL) {
if (if_default == NULL) {
SCLogError("Problem with config file");
return 0;
}
if_root = if_default;
}
if (! ((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) &&
(strcmp(copymodestr, "ips") == 0))) {
SCLogError("Netmap IPS mode used and interface '%s' is in IDS or TAP mode. "
"Sniffing '%s' but expect bad result as stream-inline is activated.",
live_dev, live_dev);
}
}
}
return has_ips;
}
typedef enum { NETMAP_AUTOFP, NETMAP_WORKERS, NETMAP_SINGLE } NetmapRunMode_t;
static int NetmapRunModeInit(NetmapRunMode_t runmode)

1
src/runmode-netmap.h
Unescape Escape View File

@ -28,6 +28,5 @@ int RunModeIdsNetmapAutoFp(void);
int RunModeIdsNetmapWorkers(void);
void RunModeIdsNetmapRegister(void);
const char *RunModeNetmapGetDefaultMode(void);
int NetmapRunModeIsIPS(void);
#endif /* __RUNMODE_NETMAP_H__ */

6
src/runmode-nflog.c
Unescape Escape View File

@ -216,10 +216,10 @@ const char *RunModeIdsNflogGetDefaultMode(void)
void RunModeIdsNflogRegister(void)
{
RunModeRegisterNewRunMode(
RUNMODE_NFLOG, "autofp", "Multi threaded nflog mode", RunModeIdsNflogAutoFp);
RUNMODE_NFLOG, "autofp", "Multi threaded nflog mode", RunModeIdsNflogAutoFp, NULL);
RunModeRegisterNewRunMode(
RUNMODE_NFLOG, "single", "Single threaded nflog mode", RunModeIdsNflogSingle);
RUNMODE_NFLOG, "single", "Single threaded nflog mode", RunModeIdsNflogSingle, NULL);
RunModeRegisterNewRunMode(
RUNMODE_NFLOG, "workers", "Workers nflog mode", RunModeIdsNflogWorkers);
RUNMODE_NFLOG, "workers", "Workers nflog mode", RunModeIdsNflogWorkers, NULL);
return;
}

6
src/runmode-nfq.c
Unescape Escape View File

@ -47,12 +47,10 @@ const char *RunModeIpsNFQGetDefaultMode(void)
void RunModeIpsNFQRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_NFQ, "autofp",
"Multi threaded NFQ IPS mode with respect to flow",
RunModeIpsNFQAutoFp);
"Multi threaded NFQ IPS mode with respect to flow", RunModeIpsNFQAutoFp, NULL);
RunModeRegisterNewRunMode(RUNMODE_NFQ, "workers",
"Multi queue NFQ IPS mode with one thread per queue",
RunModeIpsNFQWorker);
"Multi queue NFQ IPS mode with one thread per queue", RunModeIpsNFQWorker, NULL);
return;
}

17
src/runmode-pcap-file.c
Unescape Escape View File

@ -39,16 +39,15 @@ const char *RunModeFilePcapGetDefaultMode(void)
void RunModeFilePcapRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "single",
"Single threaded pcap file mode",
RunModeFilePcapSingle);
RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "single", "Single threaded pcap file mode",
RunModeFilePcapSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "autofp",
"Multi threaded pcap file mode. Packets from "
"each flow are assigned to a single detect thread, "
"unlike \"pcap-file-auto\" where packets from "
"the same flow can be processed by any detect "
"thread",
RunModeFilePcapAutoFp);
"Multi threaded pcap file mode. Packets from "
"each flow are assigned to a single detect thread, "
"unlike \"pcap-file-auto\" where packets from "
"the same flow can be processed by any detect "
"thread",
RunModeFilePcapAutoFp, NULL);
return;
}

37
src/runmode-pcap.c
Unescape Escape View File

@ -38,20 +38,19 @@ int RunModeIdsPcapWorkers(void);
void RunModeIdsPcapRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "single",
"Single threaded pcap live mode",
RunModeIdsPcapSingle);
RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "single", "Single threaded pcap live mode",
RunModeIdsPcapSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "autofp",
"Multi threaded pcap live mode. Packets from "
"each flow are assigned to a single detect thread, "
"unlike \"pcap_live_auto\" where packets from "
"the same flow can be processed by any detect "
"thread",
RunModeIdsPcapAutoFp);
"Multi threaded pcap live mode. Packets from "
"each flow are assigned to a single detect thread, "
"unlike \"pcap_live_auto\" where packets from "
"the same flow can be processed by any detect "
"thread",
RunModeIdsPcapAutoFp, NULL);
RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "workers",
"Workers pcap live mode, each thread does all"
" tasks from acquisition to logging",
RunModeIdsPcapWorkers);
"Workers pcap live mode, each thread does all"
" tasks from acquisition to logging",
RunModeIdsPcapWorkers, NULL);
return;
}
@ -281,11 +280,8 @@ int RunModeIdsPcapAutoFp(void)
(void) ConfGet("pcap.single-pcap-dev", &live_dev);
ret = RunModeSetLiveCaptureAutoFp(ParsePcapConfig,
PcapConfigGeThreadsCount,
"ReceivePcap",
"DecodePcap", thread_name_autofp,
live_dev);
ret = RunModeSetLiveCaptureAutoFp(ParsePcapConfig, PcapConfigGeThreadsCount, "ReceivePcap",
"DecodePcap", thread_name_autofp, live_dev);
if (ret != 0) {
FatalError("Runmode start failed");
}
@ -312,11 +308,8 @@ int RunModeIdsPcapWorkers(void)
(void) ConfGet("pcap.single-pcap-dev", &live_dev);
ret = RunModeSetLiveCaptureWorkers(ParsePcapConfig,
PcapConfigGeThreadsCount,
"ReceivePcap",
"DecodePcap", thread_name_workers,
live_dev);
ret = RunModeSetLiveCaptureWorkers(ParsePcapConfig, PcapConfigGeThreadsCount, "ReceivePcap",
"DecodePcap", thread_name_workers, live_dev);
if (ret != 0) {
FatalError("Unable to start runmode");
}

37
src/runmode-pfring.c
Unescape Escape View File

@ -50,19 +50,18 @@ const char *RunModeIdsPfringGetDefaultMode(void)
void RunModeIdsPfringRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_PFRING, "autofp",
"Multi threaded pfring mode. Packets from "
"each flow are assigned to a single detect "
"thread, unlike \"pfring_auto\" where packets "
"from the same flow can be processed by any "
"detect thread",
RunModeIdsPfringAutoFp);
RunModeRegisterNewRunMode(RUNMODE_PFRING, "single",
"Single threaded pfring mode",
RunModeIdsPfringSingle);
"Multi threaded pfring mode. Packets from "
"each flow are assigned to a single detect "
"thread, unlike \"pfring_auto\" where packets "
"from the same flow can be processed by any "
"detect thread",
RunModeIdsPfringAutoFp, NULL);
RunModeRegisterNewRunMode(
RUNMODE_PFRING, "single", "Single threaded pfring mode", RunModeIdsPfringSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_PFRING, "workers",
"Workers pfring mode, each thread does all"
" tasks from acquisition to logging",
RunModeIdsPfringWorkers);
"Workers pfring mode, each thread does all"
" tasks from acquisition to logging",
RunModeIdsPfringWorkers, NULL);
return;
}
@ -473,11 +472,8 @@ int RunModeIdsPfringAutoFp(void)
FatalError("Unable to get parser and interface params");
}
ret = RunModeSetLiveCaptureAutoFp(tparser,
PfringConfigGetThreadsCount,
"ReceivePfring",
"DecodePfring", thread_name_autofp,
live_dev);
ret = RunModeSetLiveCaptureAutoFp(tparser, PfringConfigGetThreadsCount, "ReceivePfring",
"DecodePfring", thread_name_autofp, live_dev);
if (ret != 0) {
FatalError("Runmode start failed");
}
@ -541,11 +537,8 @@ int RunModeIdsPfringWorkers(void)
FatalError("Unable to get parser and interface params");
}
ret = RunModeSetLiveCaptureWorkers(tparser,
PfringConfigGetThreadsCount,
"ReceivePfring",
"DecodePfring", thread_name_workers,
live_dev);
ret = RunModeSetLiveCaptureWorkers(tparser, PfringConfigGetThreadsCount, "ReceivePfring",
"DecodePfring", thread_name_workers, live_dev);
if (ret != 0) {
FatalError("Runmode start failed");
}

10
src/runmode-unix-socket.c
Unescape Escape View File

@ -603,12 +603,10 @@ void RunModeUnixSocketRegister(void)
{
#ifdef BUILD_UNIX_SOCKET
/* a bit of a hack, but register twice to --list-runmodes shows both */
RunModeRegisterNewRunMode(RUNMODE_UNIX_SOCKET, "single",
"Unix socket mode",
RunModeUnixSocketMaster);
RunModeRegisterNewRunMode(RUNMODE_UNIX_SOCKET, "autofp",
"Unix socket mode",
RunModeUnixSocketMaster);
RunModeRegisterNewRunMode(
RUNMODE_UNIX_SOCKET, "single", "Unix socket mode", RunModeUnixSocketMaster, NULL);
RunModeRegisterNewRunMode(
RUNMODE_UNIX_SOCKET, "autofp", "Unix socket mode", RunModeUnixSocketMaster, NULL);
#endif
}

7
src/runmode-windivert.c
Unescape Escape View File

@ -44,10 +44,9 @@ const char *RunModeIpsWinDivertGetDefaultMode(void)
void RunModeIpsWinDivertRegister(void)
{
RunModeRegisterNewRunMode(
RUNMODE_WINDIVERT, "autofp",
"Multi-threaded WinDivert IPS mode load-balanced by flow",
RunModeIpsWinDivertAutoFp);
RunModeRegisterNewRunMode(RUNMODE_WINDIVERT, "autofp",
"Multi-threaded WinDivert IPS mode load-balanced by flow", RunModeIpsWinDivertAutoFp,
NULL);
}
int RunModeIpsWinDivertAutoFp(void)

69
src/runmodes.c
Unescape Escape View File

@ -98,6 +98,7 @@ typedef struct RunMode_ {
const char *description;
/* runmode function */
int (*RunModeFunc)(void);
void (*RunModeIsIPSEnabled)(void);
} RunMode;
typedef struct RunModes_ {
@ -304,24 +305,18 @@ void RunModeListRunmodes(void)
return;
}
/**
*/
void RunModeDispatch(int runmode, const char *custom_mode,
const char *capture_plugin_name, const char *capture_plugin_args)
static const char *RunModeGetConfOrDefault(int capture_mode, const char *capture_plugin_name)
{
char *local_custom_mode = NULL;
if (custom_mode == NULL) {
const char *val = NULL;
if (ConfGet("runmode", &val) != 1) {
custom_mode = NULL;
} else {
custom_mode = val;
}
const char *custom_mode = NULL;
const char *val = NULL;
if (ConfGet("runmode", &val) != 1) {
custom_mode = NULL;
} else {
custom_mode = val;
}
if (custom_mode == NULL || strcmp(custom_mode, "auto") == 0) {
switch (runmode) {
if ((custom_mode == NULL) || (strcmp(custom_mode, "auto") == 0)) {
switch (capture_mode) {
case RUNMODE_PCAP_DEV:
custom_mode = RunModeIdsGetDefaultMode();
break;
@ -384,11 +379,12 @@ void RunModeDispatch(int runmode, const char *custom_mode,
break;
#endif
default:
FatalError("Unknown runtime mode. Aborting");
return NULL;
}
} else { /* if (custom_mode == NULL) */
/* Add compability with old 'worker' name */
if (!strcmp("worker", custom_mode)) {
char *local_custom_mode = NULL;
SCLogWarning("'worker' mode have been renamed "
"to 'workers', please modify your setup.");
local_custom_mode = SCStrdup("workers");
@ -399,6 +395,40 @@ void RunModeDispatch(int runmode, const char *custom_mode,
}
}
return custom_mode;
}
void RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
{
if (runmode == NULL) {
runmode = RunModeGetConfOrDefault(capture_mode, capture_plugin_name);
if (runmode == NULL) // non-standard runmode
return;
}
RunMode *mode = RunModeGetCustomMode(capture_mode, runmode);
if (mode == NULL) {
return;
}
if (mode->RunModeIsIPSEnabled != NULL) {
mode->RunModeIsIPSEnabled();
}
}
/**
*/
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name,
const char *capture_plugin_args)
{
char *local_custom_mode = NULL;
if (custom_mode == NULL) {
custom_mode = RunModeGetConfOrDefault(runmode, capture_plugin_name);
if (custom_mode == NULL)
FatalError("Unknown runtime mode. Aborting");
}
RunMode *mode = RunModeGetCustomMode(runmode, custom_mode);
if (mode == NULL) {
SCLogError("The custom type \"%s\" doesn't exist "
@ -463,10 +493,8 @@ int RunModeNeedsBypassManager(void)
* \param description Description for this runmode.
* \param RunModeFunc The function to be run for this runmode.
*/
void RunModeRegisterNewRunMode(enum RunModes runmode,
const char *name,
const char *description,
int (*RunModeFunc)(void))
void RunModeRegisterNewRunMode(enum RunModes runmode, const char *name, const char *description,
int (*RunModeFunc)(void), void (*RunModeIsIPSEnabled)(void))
{
if (RunModeGetCustomMode(runmode, name) != NULL) {
FatalError("runmode '%s' has already "
@ -497,6 +525,7 @@ void RunModeRegisterNewRunMode(enum RunModes runmode,
FatalError("Failed to allocate string");
}
mode->RunModeFunc = RunModeFunc;
mode->RunModeIsIPSEnabled = RunModeIsIPSEnabled;
return;
}

5
src/runmodes.h
Unescape Escape View File

@ -80,10 +80,11 @@ char *RunmodeGetActive(void);
const char *RunModeGetMainMode(void);
void RunModeListRunmodes(void);
void RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name);
void RunModeDispatch(int, const char *, const char *capture_plugin_name, const char *capture_plugin_args);
void RunModeRegisterRunModes(void);
void RunModeRegisterNewRunMode(enum RunModes, const char *, const char *,
int (*RunModeFunc)(void));
void RunModeRegisterNewRunMode(enum RunModes, const char *, const char *, int (*RunModeFunc)(void),
void (*RunModeIsIPSEnabled)(void));
void RunModeInitialize(void);
void RunModeInitializeOutputs(void);
void RunModeShutDown(void);

34
src/suricata.c
Unescape Escape View File

@ -2429,9 +2429,9 @@ static int ConfigGetCaptureValue(SCInstance *suri)
case RUNMODE_AFP_DEV:
case RUNMODE_AFXDP_DEV:
case RUNMODE_PFRING:
nlive = LiveGetDeviceNameCount();
nlive = LiveGetDeviceCount();
for (lthread = 0; lthread < nlive; lthread++) {
const char *live_dev = LiveGetDeviceNameName(lthread);
const char *live_dev = LiveGetDeviceName(lthread);
char dev[128]; /* need to be able to support GUID names on Windows */
(void)strlcpy(dev, live_dev, sizeof(dev));
@ -2529,30 +2529,6 @@ void PostConfLoadedDetectSetup(SCInstance *suri)
}
}
static int PostDeviceFinalizedSetup(SCInstance *suri)
{
SCEnter();
#ifdef HAVE_AF_PACKET
if (suri->run_mode == RUNMODE_AFP_DEV) {
if (AFPRunModeIsIPS()) {
SCLogInfo("AF_PACKET: Setting IPS mode");
EngineModeSetIPS();
}
}
#endif
#ifdef HAVE_NETMAP
if (suri->run_mode == RUNMODE_NETMAP) {
if (NetmapRunModeIsIPS()) {
SCLogInfo("Netmap: Setting IPS mode");
EngineModeSetIPS();
}
}
#endif
SCReturnInt(TM_ECODE_OK);
}
static void PostConfLoadedSetupHostMode(void)
{
const char *hostmode = NULL;
@ -2771,10 +2747,8 @@ int PostConfLoadedSetup(SCInstance *suri)
LiveDeviceFinalize();
/* set engine mode if L2 IPS */
if (PostDeviceFinalizedSetup(suri) != TM_ECODE_OK) {
exit(EXIT_FAILURE);
}
RunModeEngineIsIPS(
suricata.run_mode, suricata.runmode_custom_mode, suricata.capture_plugin_name);
/* hostmode depends on engine mode being set */
PostConfLoadedSetupHostMode();

13
src/util-runmodes.c
Unescape Escape View File

@ -84,11 +84,8 @@ char *RunmodeAutoFpCreatePickupQueuesString(int n)
/**
*/
int RunModeSetLiveCaptureAutoFp(ConfigIfaceParserFunc ConfigParser,
ConfigIfaceThreadsCountFunc ModThreadsCount,
const char *recv_mod_name,
const char *decode_mod_name,
const char *thread_name,
const char *live_dev)
ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name,
const char *decode_mod_name, const char *thread_name, const char *live_dev)
{
char tname[TM_THREAD_NAME_MAX];
char qname[TM_QUEUE_NAME_MAX];
@ -323,10 +320,8 @@ static int RunModeSetLiveCaptureWorkersForDevice(ConfigIfaceThreadsCountFunc Mod
}
int RunModeSetLiveCaptureWorkers(ConfigIfaceParserFunc ConfigParser,
ConfigIfaceThreadsCountFunc ModThreadsCount,
const char *recv_mod_name,
const char *decode_mod_name, const char *thread_name,
const char *live_dev)
ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name,
const char *decode_mod_name, const char *thread_name, const char *live_dev)
{
int nlive = LiveGetDeviceCount();
void *aconf;

12
src/util-runmodes.h
Unescape Escape View File

@ -34,10 +34,8 @@ int RunModeSetLiveCaptureAuto(ConfigIfaceParserFunc configparser,
const char *live_dev);
int RunModeSetLiveCaptureAutoFp(ConfigIfaceParserFunc configparser,
ConfigIfaceThreadsCountFunc ModThreadsCount,
const char *recv_mod_name,
const char *decode_mod_name, const char *thread_name,
const char *live_dev);
ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name,
const char *decode_mod_name, const char *thread_name, const char *live_dev);
int RunModeSetLiveCaptureSingle(ConfigIfaceParserFunc configparser,
ConfigIfaceThreadsCountFunc ModThreadsCount,
@ -46,10 +44,8 @@ int RunModeSetLiveCaptureSingle(ConfigIfaceParserFunc configparser,
const char *live_dev);
int RunModeSetLiveCaptureWorkers(ConfigIfaceParserFunc configparser,
ConfigIfaceThreadsCountFunc ModThreadsCount,
const char *recv_mod_name,
const char *decode_mod_name, const char *thread_name,
const char *live_dev);
ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name,
const char *decode_mod_name, const char *thread_name, const char *live_dev);
int RunModeSetIPSAutoFp(ConfigIPSParserFunc ConfigParser,
const char *recv_mod_name,

5
src/util-unittest.c
Unescape Escape View File

@ -282,10 +282,7 @@ void UtCleanup(void)
void UtRunModeRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_UNITTEST,
"unittest",
"Unittest mode",
NULL);
RunModeRegisterNewRunMode(RUNMODE_UNITTEST, "unittest", "Unittest mode", NULL, NULL);
return;
}

Write Preview
Loading…
Cancel
Save