From bed16ba44c8c2e0385cb57be509c19d612af5d02 Mon Sep 17 00:00:00 2001 From: Lukas Sismis Date: Wed, 19 Oct 2022 23:17:49 +0200 Subject: [PATCH] runmodes: change function prototype of runmode init functions Commit contains prototype changes of RunModeSetLiveCaptureAutoFp and RunModeSetLiveCaptureWorkers functions to move the IPS enable logic out of suricata.c file. --- src/runmode-af-packet.c | 202 +++++++++++++++++++------------------- src/runmode-af-packet.h | 1 - src/runmode-af-xdp.c | 6 +- src/runmode-dpdk.c | 2 +- src/runmode-erf-dag.c | 39 +++----- src/runmode-erf-file.c | 11 +-- src/runmode-ipfw.c | 6 +- src/runmode-napatech.c | 8 +- src/runmode-netmap.c | 175 +++++++++++++++++---------------- src/runmode-netmap.h | 1 - src/runmode-nflog.c | 6 +- src/runmode-nfq.c | 6 +- src/runmode-pcap-file.c | 17 ++-- src/runmode-pcap.c | 37 +++---- src/runmode-pfring.c | 37 +++---- src/runmode-unix-socket.c | 10 +- src/runmode-windivert.c | 7 +- src/runmodes.c | 69 +++++++++---- src/runmodes.h | 5 +- src/suricata.c | 34 +------ src/util-runmodes.c | 13 +-- src/util-runmodes.h | 12 +-- src/util-unittest.c | 5 +- 23 files changed, 338 insertions(+), 371 deletions(-) diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c index 1d22e5e9fc..184729a318 100644 --- a/src/runmode-af-packet.c +++ b/src/runmode-af-packet.c @@ -31,6 +31,7 @@ */ #include "suricata-common.h" +#include "suricata.h" #include "tm-threads.h" #include "conf.h" #include "runmodes.h" @@ -64,20 +65,106 @@ const char *RunModeAFPGetDefaultMode(void) return "workers"; } +static int AFPRunModeIsIPS(void) +{ + int nlive = LiveGetDeviceCount(); + int ldev; + ConfNode *if_root; + ConfNode *if_default = NULL; + ConfNode *af_packet_node; + int has_ips = 0; + int has_ids = 0; + + /* Find initial node */ + af_packet_node = ConfGetNode("af-packet"); + if (af_packet_node == NULL) { + return 0; + } + + if_default = ConfNodeLookupKeyValue(af_packet_node, "interface", "default"); + + for (ldev = 0; ldev < nlive; ldev++) { + const char *live_dev = LiveGetDeviceName(ldev); + if (live_dev == NULL) { + SCLogError("Problem with config file"); + return 0; + } + const char *copymodestr = NULL; + if_root = ConfFindDeviceConfig(af_packet_node, live_dev); + + if (if_root == NULL) { + if (if_default == NULL) { + SCLogError("Problem with config file"); + return 0; + } + if_root = if_default; + } + + if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) { + if (strcmp(copymodestr, "ips") == 0) { + has_ips = 1; + } else { + has_ids = 1; + } + } else { + has_ids = 1; + } + } + + if (has_ids && has_ips) { + SCLogWarning("AF_PACKET using both IPS and TAP/IDS mode, this will not " + "be allowed in Suricata 8 due to undefined behavior. See ticket #5588."); + for (ldev = 0; ldev < nlive; ldev++) { + const char *live_dev = LiveGetDeviceName(ldev); + if (live_dev == NULL) { + SCLogError("Problem with config file"); + return 0; + } + if_root = ConfNodeLookupKeyValue(af_packet_node, "interface", live_dev); + const char *copymodestr = NULL; + + if (if_root == NULL) { + if (if_default == NULL) { + SCLogError("Problem with config file"); + return 0; + } + if_root = if_default; + } + + if (!((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == + 1) && + (strcmp(copymodestr, "ips") == 0))) { + SCLogError("AF_PACKET IPS mode used and interface '%s' is in IDS or TAP mode. " + "Sniffing '%s' but expect bad result as stream-inline is activated.", + live_dev, live_dev); + } + } + } + + return has_ips; +} + +static void AFPRunModeEnableIPS(void) +{ + if (AFPRunModeIsIPS()) { + SCLogInfo("Setting IPS mode"); + EngineModeSetIPS(); + } +} + void RunModeIdsAFPRegister(void) { - RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "single", - "Single threaded af-packet mode", - RunModeIdsAFPSingle); + RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "single", "Single threaded af-packet mode", + RunModeIdsAFPSingle, AFPRunModeEnableIPS); RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "workers", - "Workers af-packet mode, each thread does all" - " tasks from acquisition to logging", - RunModeIdsAFPWorkers); + "Workers af-packet mode, each thread does all" + " tasks from acquisition to logging", + RunModeIdsAFPWorkers, AFPRunModeEnableIPS); RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "autofp", - "Multi socket AF_PACKET mode. Packets from " - "each flow are assigned to a single detect " - "thread.", - RunModeIdsAFPAutoFp); + "Multi socket AF_PACKET mode. Packets from " + "each flow are assigned to a single detect " + "thread.", + RunModeIdsAFPAutoFp, AFPRunModeEnableIPS); return; } @@ -676,86 +763,7 @@ static int AFPConfigGeThreadsCount(void *conf) return afp->threads; } -int AFPRunModeIsIPS(void) -{ - int nlive = LiveGetDeviceCount(); - int ldev; - ConfNode *if_root; - ConfNode *if_default = NULL; - ConfNode *af_packet_node; - int has_ips = 0; - int has_ids = 0; - - /* Find initial node */ - af_packet_node = ConfGetNode("af-packet"); - if (af_packet_node == NULL) { - return 0; - } - - if_default = ConfNodeLookupKeyValue(af_packet_node, "interface", "default"); - - for (ldev = 0; ldev < nlive; ldev++) { - const char *live_dev = LiveGetDeviceName(ldev); - if (live_dev == NULL) { - SCLogError("Problem with config file"); - return 0; - } - const char *copymodestr = NULL; - if_root = ConfFindDeviceConfig(af_packet_node, live_dev); - - if (if_root == NULL) { - if (if_default == NULL) { - SCLogError("Problem with config file"); - return 0; - } - if_root = if_default; - } - - if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) { - if (strcmp(copymodestr, "ips") == 0) { - has_ips = 1; - } else { - has_ids = 1; - } - } else { - has_ids = 1; - } - } - - if (has_ids && has_ips) { - SCLogWarning("AF_PACKET using both IPS and TAP/IDS mode, this will not " - "be allowed in Suricata 8 due to undefined behavior. See ticket #5588."); - for (ldev = 0; ldev < nlive; ldev++) { - const char *live_dev = LiveGetDeviceName(ldev); - if (live_dev == NULL) { - SCLogError("Problem with config file"); - return 0; - } - if_root = ConfNodeLookupKeyValue(af_packet_node, "interface", live_dev); - const char *copymodestr = NULL; - - if (if_root == NULL) { - if (if_default == NULL) { - SCLogError("Problem with config file"); - return 0; - } - if_root = if_default; - } - - if (! ((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) && - (strcmp(copymodestr, "ips") == 0))) { - SCLogError("AF_PACKET IPS mode used and interface '%s' is in IDS or TAP mode. " - "Sniffing '%s' but expect bad result as stream-inline is activated.", - live_dev, live_dev); - } - } - } - - return has_ips; -} - -#endif - +#endif /* HAVE_AF_PACKET */ int RunModeIdsAFPAutoFp(void) { @@ -778,11 +786,8 @@ int RunModeIdsAFPAutoFp(void) FatalError("Unable to init peers list."); } - ret = RunModeSetLiveCaptureAutoFp(ParseAFPConfig, - AFPConfigGeThreadsCount, - "ReceiveAFP", - "DecodeAFP", thread_name_autofp, - live_dev); + ret = RunModeSetLiveCaptureAutoFp(ParseAFPConfig, AFPConfigGeThreadsCount, "ReceiveAFP", + "DecodeAFP", thread_name_autofp, live_dev); if (ret != 0) { FatalError("Unable to start runmode"); } @@ -859,11 +864,8 @@ int RunModeIdsAFPWorkers(void) FatalError("Unable to init peers list."); } - ret = RunModeSetLiveCaptureWorkers(ParseAFPConfig, - AFPConfigGeThreadsCount, - "ReceiveAFP", - "DecodeAFP", thread_name_workers, - live_dev); + ret = RunModeSetLiveCaptureWorkers(ParseAFPConfig, AFPConfigGeThreadsCount, "ReceiveAFP", + "DecodeAFP", thread_name_workers, live_dev); if (ret != 0) { FatalError("Unable to start runmode"); } diff --git a/src/runmode-af-packet.h b/src/runmode-af-packet.h index ab190a9ecd..ccaa2c6ae8 100644 --- a/src/runmode-af-packet.h +++ b/src/runmode-af-packet.h @@ -28,6 +28,5 @@ int RunModeIdsAFPAutoFp(void); int RunModeIdsAFPWorkers(void); void RunModeIdsAFPRegister(void); const char *RunModeAFPGetDefaultMode(void); -int AFPRunModeIsIPS(void); #endif /* __RUNMODE_AF_PACKET_H__ */ diff --git a/src/runmode-af-xdp.c b/src/runmode-af-xdp.c index 299a0e0855..61d038f97c 100644 --- a/src/runmode-af-xdp.c +++ b/src/runmode-af-xdp.c @@ -71,12 +71,12 @@ const char *RunModeAFXDPGetDefaultMode(void) void RunModeIdsAFXDPRegister(void) { - RunModeRegisterNewRunMode( - RUNMODE_AFXDP_DEV, "single", "Single threaded af-xdp mode", RunModeIdsAFXDPSingle); + RunModeRegisterNewRunMode(RUNMODE_AFXDP_DEV, "single", "Single threaded af-xdp mode", + RunModeIdsAFXDPSingle, NULL); RunModeRegisterNewRunMode(RUNMODE_AFXDP_DEV, "workers", "Workers af-xdp mode, each thread does all" " tasks from acquisition to logging", - RunModeIdsAFXDPWorkers); + RunModeIdsAFXDPWorkers, NULL); return; } diff --git a/src/runmode-dpdk.c b/src/runmode-dpdk.c index 9f3a02dba7..1d0a1839e1 100644 --- a/src/runmode-dpdk.c +++ b/src/runmode-dpdk.c @@ -1372,7 +1372,7 @@ void RunModeDpdkRegister(void) RunModeRegisterNewRunMode(RUNMODE_DPDK, "workers", "Workers DPDK mode, each thread does all" " tasks from acquisition to logging", - RunModeIdsDpdkWorkers); + RunModeIdsDpdkWorkers, NULL); } /** diff --git a/src/runmode-erf-dag.c b/src/runmode-erf-dag.c index b4d7e34532..f2fafbb3c3 100644 --- a/src/runmode-erf-dag.c +++ b/src/runmode-erf-dag.c @@ -48,21 +48,20 @@ const char *RunModeErfDagGetDefaultMode(void) void RunModeErfDagRegister(void) { RunModeRegisterNewRunMode(RUNMODE_DAG, "autofp", - "Multi threaded DAG mode. Packets from " - "each flow are assigned to a single detect " - "thread, unlike \"dag_auto\" where packets " - "from the same flow can be processed by any " - "detect thread", - RunModeIdsErfDagAutoFp); + "Multi threaded DAG mode. Packets from " + "each flow are assigned to a single detect " + "thread, unlike \"dag_auto\" where packets " + "from the same flow can be processed by any " + "detect thread", + RunModeIdsErfDagAutoFp, NULL); - RunModeRegisterNewRunMode(RUNMODE_DAG, "single", - "Singled threaded DAG mode", - RunModeIdsErfDagSingle); + RunModeRegisterNewRunMode( + RUNMODE_DAG, "single", "Singled threaded DAG mode", RunModeIdsErfDagSingle, NULL); RunModeRegisterNewRunMode(RUNMODE_DAG, "workers", - "Workers DAG mode, each thread does all " - " tasks from acquisition to logging", - RunModeIdsErfDagWorkers); + "Workers DAG mode, each thread does all " + " tasks from acquisition to logging", + RunModeIdsErfDagWorkers, NULL); return; } @@ -102,12 +101,8 @@ int RunModeIdsErfDagAutoFp(void) TimeModeSetLive(); - ret = RunModeSetLiveCaptureAutoFp(ParseDagConfig, - DagConfigGetThreadCount, - "ReceiveErfDag", - "DecodeErfDag", - thread_name_autofp, - NULL); + ret = RunModeSetLiveCaptureAutoFp(ParseDagConfig, DagConfigGetThreadCount, "ReceiveErfDag", + "DecodeErfDag", thread_name_autofp, NULL); if (ret != 0) { FatalError("DAG autofp runmode failed to start"); } @@ -127,12 +122,8 @@ int RunModeIdsErfDagWorkers(void) TimeModeSetLive(); - ret = RunModeSetLiveCaptureWorkers(ParseDagConfig, - DagConfigGetThreadCount, - "ReceiveErfDag", - "DecodeErfDag", - thread_name_workers, - NULL); + ret = RunModeSetLiveCaptureWorkers(ParseDagConfig, DagConfigGetThreadCount, "ReceiveErfDag", + "DecodeErfDag", thread_name_workers, NULL); if (ret != 0) { FatalError("DAG workers runmode failed to start"); } diff --git a/src/runmode-erf-file.c b/src/runmode-erf-file.c index 9b0a1e743c..ac7386871a 100644 --- a/src/runmode-erf-file.c +++ b/src/runmode-erf-file.c @@ -38,14 +38,13 @@ const char *RunModeErfFileGetDefaultMode(void) void RunModeErfFileRegister(void) { - RunModeRegisterNewRunMode(RUNMODE_ERF_FILE, "single", - "Single threaded ERF file mode", - RunModeErfFileSingle); + RunModeRegisterNewRunMode(RUNMODE_ERF_FILE, "single", "Single threaded ERF file mode", + RunModeErfFileSingle, NULL); RunModeRegisterNewRunMode(RUNMODE_ERF_FILE, "autofp", - "Multi threaded ERF file mode. Packets from " - "each flow are assigned to a single detect thread", - RunModeErfFileAutoFp); + "Multi threaded ERF file mode. Packets from " + "each flow are assigned to a single detect thread", + RunModeErfFileAutoFp, NULL); return; } diff --git a/src/runmode-ipfw.c b/src/runmode-ipfw.c index 88a9187c11..1aae3e13b4 100644 --- a/src/runmode-ipfw.c +++ b/src/runmode-ipfw.c @@ -49,12 +49,10 @@ const char *RunModeIpsIPFWGetDefaultMode(void) void RunModeIpsIPFWRegister(void) { RunModeRegisterNewRunMode(RUNMODE_IPFW, "autofp", - "Multi threaded IPFW IPS mode with respect to flow", - RunModeIpsIPFWAutoFp); + "Multi threaded IPFW IPS mode with respect to flow", RunModeIpsIPFWAutoFp, NULL); RunModeRegisterNewRunMode(RUNMODE_IPFW, "workers", - "Multi queue IPFW IPS mode with one thread per queue", - RunModeIpsIPFWWorker); + "Multi queue IPFW IPS mode with one thread per queue", RunModeIpsIPFWWorker, NULL); return; } diff --git a/src/runmode-napatech.c b/src/runmode-napatech.c index 82cbc59358..6b83c02763 100644 --- a/src/runmode-napatech.c +++ b/src/runmode-napatech.c @@ -90,7 +90,7 @@ void RunModeNapatechRegister(void) RunModeRegisterNewRunMode(RUNMODE_NAPATECH, "workers", "Workers Napatech mode, each thread does all" " tasks from acquisition to logging", - RunModeNapatechWorkers); + RunModeNapatechWorkers, NULL); return; #endif } @@ -261,10 +261,8 @@ static int NapatechInit(int runmode) switch (runmode) { case NT_RUNMODE_WORKERS: - status = RunModeSetLiveCaptureWorkers(NapatechConfigParser, - NapatechGetThreadsCount, - "NapatechStream", "NapatechDecode", - thread_name_workers, NULL); + status = RunModeSetLiveCaptureWorkers(NapatechConfigParser, NapatechGetThreadsCount, + "NapatechStream", "NapatechDecode", thread_name_workers, NULL); break; default: status = -1; diff --git a/src/runmode-netmap.c b/src/runmode-netmap.c index 2a6ba13ac8..dd38735e5f 100644 --- a/src/runmode-netmap.c +++ b/src/runmode-netmap.c @@ -47,6 +47,7 @@ #include "source-netmap.h" #include "util-conf.h" +#include "suricata.h" extern int max_pending_packets; @@ -55,20 +56,106 @@ const char *RunModeNetmapGetDefaultMode(void) return "workers"; } +static int NetmapRunModeIsIPS(void) +{ + int nlive = LiveGetDeviceCount(); + int ldev; + ConfNode *if_root; + ConfNode *if_default = NULL; + ConfNode *netmap_node; + int has_ips = 0; + int has_ids = 0; + + /* Find initial node */ + netmap_node = ConfGetNode("netmap"); + if (netmap_node == NULL) { + return 0; + } + + if_default = ConfNodeLookupKeyValue(netmap_node, "interface", "default"); + + for (ldev = 0; ldev < nlive; ldev++) { + const char *live_dev = LiveGetDeviceName(ldev); + if (live_dev == NULL) { + SCLogError("Problem with config file"); + return 0; + } + const char *copymodestr = NULL; + if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev); + + if (if_root == NULL) { + if (if_default == NULL) { + SCLogError("Problem with config file"); + return 0; + } + if_root = if_default; + } + + if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) { + if (strcmp(copymodestr, "ips") == 0) { + has_ips = 1; + } else { + has_ids = 1; + } + } else { + has_ids = 1; + } + } + + if (has_ids && has_ips) { + SCLogWarning("Netmap using both IPS and TAP/IDS mode, this will not be " + "allowed in Suricata 8 due to undefined behavior. See ticket #5588."); + for (ldev = 0; ldev < nlive; ldev++) { + const char *live_dev = LiveGetDeviceName(ldev); + if (live_dev == NULL) { + SCLogError("Problem with config file"); + return 0; + } + if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev); + const char *copymodestr = NULL; + + if (if_root == NULL) { + if (if_default == NULL) { + SCLogError("Problem with config file"); + return 0; + } + if_root = if_default; + } + + if (!((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == + 1) && + (strcmp(copymodestr, "ips") == 0))) { + SCLogError("Netmap IPS mode used and interface '%s' is in IDS or TAP mode. " + "Sniffing '%s' but expect bad result as stream-inline is activated.", + live_dev, live_dev); + } + } + } + + return has_ips; +} + +static void NetmapRunModeEnableIPS(void) +{ + if (NetmapRunModeIsIPS()) { + SCLogInfo("Netmap: Setting IPS mode"); + EngineModeSetIPS(); + } +} + void RunModeIdsNetmapRegister(void) { - RunModeRegisterNewRunMode(RUNMODE_NETMAP, "single", - "Single threaded netmap mode", - RunModeIdsNetmapSingle); + RunModeRegisterNewRunMode(RUNMODE_NETMAP, "single", "Single threaded netmap mode", + RunModeIdsNetmapSingle, NetmapRunModeEnableIPS); RunModeRegisterNewRunMode(RUNMODE_NETMAP, "workers", "Workers netmap mode, each thread does all" " tasks from acquisition to logging", - RunModeIdsNetmapWorkers); + RunModeIdsNetmapWorkers, NetmapRunModeEnableIPS); RunModeRegisterNewRunMode(RUNMODE_NETMAP, "autofp", "Multi-threaded netmap mode. Packets from " "each flow are assigned to a single detect " "thread.", - RunModeIdsNetmapAutoFp); + RunModeIdsNetmapAutoFp, NetmapRunModeEnableIPS); return; } @@ -320,84 +407,6 @@ static int NetmapConfigGeThreadsCount(void *conf) return aconf->in.threads; } -int NetmapRunModeIsIPS(void) -{ - int nlive = LiveGetDeviceCount(); - int ldev; - ConfNode *if_root; - ConfNode *if_default = NULL; - ConfNode *netmap_node; - int has_ips = 0; - int has_ids = 0; - - /* Find initial node */ - netmap_node = ConfGetNode("netmap"); - if (netmap_node == NULL) { - return 0; - } - - if_default = ConfNodeLookupKeyValue(netmap_node, "interface", "default"); - - for (ldev = 0; ldev < nlive; ldev++) { - const char *live_dev = LiveGetDeviceName(ldev); - if (live_dev == NULL) { - SCLogError("Problem with config file"); - return 0; - } - const char *copymodestr = NULL; - if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev); - - if (if_root == NULL) { - if (if_default == NULL) { - SCLogError("Problem with config file"); - return 0; - } - if_root = if_default; - } - - if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) { - if (strcmp(copymodestr, "ips") == 0) { - has_ips = 1; - } else { - has_ids = 1; - } - } else { - has_ids = 1; - } - } - - if (has_ids && has_ips) { - SCLogWarning("Netmap using both IPS and TAP/IDS mode, this will not be allowed in Suricata " - "8 due to undefined behavior. See ticket #5588."); - for (ldev = 0; ldev < nlive; ldev++) { - const char *live_dev = LiveGetDeviceName(ldev); - if (live_dev == NULL) { - SCLogError("Problem with config file"); - return 0; - } - if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev); - const char *copymodestr = NULL; - - if (if_root == NULL) { - if (if_default == NULL) { - SCLogError("Problem with config file"); - return 0; - } - if_root = if_default; - } - - if (! ((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) && - (strcmp(copymodestr, "ips") == 0))) { - SCLogError("Netmap IPS mode used and interface '%s' is in IDS or TAP mode. " - "Sniffing '%s' but expect bad result as stream-inline is activated.", - live_dev, live_dev); - } - } - } - - return has_ips; -} - typedef enum { NETMAP_AUTOFP, NETMAP_WORKERS, NETMAP_SINGLE } NetmapRunMode_t; static int NetmapRunModeInit(NetmapRunMode_t runmode) diff --git a/src/runmode-netmap.h b/src/runmode-netmap.h index f7efb2d2c4..6ba9445b08 100644 --- a/src/runmode-netmap.h +++ b/src/runmode-netmap.h @@ -28,6 +28,5 @@ int RunModeIdsNetmapAutoFp(void); int RunModeIdsNetmapWorkers(void); void RunModeIdsNetmapRegister(void); const char *RunModeNetmapGetDefaultMode(void); -int NetmapRunModeIsIPS(void); #endif /* __RUNMODE_NETMAP_H__ */ diff --git a/src/runmode-nflog.c b/src/runmode-nflog.c index ddb36409bd..f744eae590 100644 --- a/src/runmode-nflog.c +++ b/src/runmode-nflog.c @@ -216,10 +216,10 @@ const char *RunModeIdsNflogGetDefaultMode(void) void RunModeIdsNflogRegister(void) { RunModeRegisterNewRunMode( - RUNMODE_NFLOG, "autofp", "Multi threaded nflog mode", RunModeIdsNflogAutoFp); + RUNMODE_NFLOG, "autofp", "Multi threaded nflog mode", RunModeIdsNflogAutoFp, NULL); RunModeRegisterNewRunMode( - RUNMODE_NFLOG, "single", "Single threaded nflog mode", RunModeIdsNflogSingle); + RUNMODE_NFLOG, "single", "Single threaded nflog mode", RunModeIdsNflogSingle, NULL); RunModeRegisterNewRunMode( - RUNMODE_NFLOG, "workers", "Workers nflog mode", RunModeIdsNflogWorkers); + RUNMODE_NFLOG, "workers", "Workers nflog mode", RunModeIdsNflogWorkers, NULL); return; } diff --git a/src/runmode-nfq.c b/src/runmode-nfq.c index f1c6b19410..f20e05a3cc 100644 --- a/src/runmode-nfq.c +++ b/src/runmode-nfq.c @@ -47,12 +47,10 @@ const char *RunModeIpsNFQGetDefaultMode(void) void RunModeIpsNFQRegister(void) { RunModeRegisterNewRunMode(RUNMODE_NFQ, "autofp", - "Multi threaded NFQ IPS mode with respect to flow", - RunModeIpsNFQAutoFp); + "Multi threaded NFQ IPS mode with respect to flow", RunModeIpsNFQAutoFp, NULL); RunModeRegisterNewRunMode(RUNMODE_NFQ, "workers", - "Multi queue NFQ IPS mode with one thread per queue", - RunModeIpsNFQWorker); + "Multi queue NFQ IPS mode with one thread per queue", RunModeIpsNFQWorker, NULL); return; } diff --git a/src/runmode-pcap-file.c b/src/runmode-pcap-file.c index a45b510d5e..660c530411 100644 --- a/src/runmode-pcap-file.c +++ b/src/runmode-pcap-file.c @@ -39,16 +39,15 @@ const char *RunModeFilePcapGetDefaultMode(void) void RunModeFilePcapRegister(void) { - RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "single", - "Single threaded pcap file mode", - RunModeFilePcapSingle); + RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "single", "Single threaded pcap file mode", + RunModeFilePcapSingle, NULL); RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "autofp", - "Multi threaded pcap file mode. Packets from " - "each flow are assigned to a single detect thread, " - "unlike \"pcap-file-auto\" where packets from " - "the same flow can be processed by any detect " - "thread", - RunModeFilePcapAutoFp); + "Multi threaded pcap file mode. Packets from " + "each flow are assigned to a single detect thread, " + "unlike \"pcap-file-auto\" where packets from " + "the same flow can be processed by any detect " + "thread", + RunModeFilePcapAutoFp, NULL); return; } diff --git a/src/runmode-pcap.c b/src/runmode-pcap.c index 54e79efc32..46755d3ba3 100644 --- a/src/runmode-pcap.c +++ b/src/runmode-pcap.c @@ -38,20 +38,19 @@ int RunModeIdsPcapWorkers(void); void RunModeIdsPcapRegister(void) { - RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "single", - "Single threaded pcap live mode", - RunModeIdsPcapSingle); + RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "single", "Single threaded pcap live mode", + RunModeIdsPcapSingle, NULL); RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "autofp", - "Multi threaded pcap live mode. Packets from " - "each flow are assigned to a single detect thread, " - "unlike \"pcap_live_auto\" where packets from " - "the same flow can be processed by any detect " - "thread", - RunModeIdsPcapAutoFp); + "Multi threaded pcap live mode. Packets from " + "each flow are assigned to a single detect thread, " + "unlike \"pcap_live_auto\" where packets from " + "the same flow can be processed by any detect " + "thread", + RunModeIdsPcapAutoFp, NULL); RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "workers", - "Workers pcap live mode, each thread does all" - " tasks from acquisition to logging", - RunModeIdsPcapWorkers); + "Workers pcap live mode, each thread does all" + " tasks from acquisition to logging", + RunModeIdsPcapWorkers, NULL); return; } @@ -281,11 +280,8 @@ int RunModeIdsPcapAutoFp(void) (void) ConfGet("pcap.single-pcap-dev", &live_dev); - ret = RunModeSetLiveCaptureAutoFp(ParsePcapConfig, - PcapConfigGeThreadsCount, - "ReceivePcap", - "DecodePcap", thread_name_autofp, - live_dev); + ret = RunModeSetLiveCaptureAutoFp(ParsePcapConfig, PcapConfigGeThreadsCount, "ReceivePcap", + "DecodePcap", thread_name_autofp, live_dev); if (ret != 0) { FatalError("Runmode start failed"); } @@ -312,11 +308,8 @@ int RunModeIdsPcapWorkers(void) (void) ConfGet("pcap.single-pcap-dev", &live_dev); - ret = RunModeSetLiveCaptureWorkers(ParsePcapConfig, - PcapConfigGeThreadsCount, - "ReceivePcap", - "DecodePcap", thread_name_workers, - live_dev); + ret = RunModeSetLiveCaptureWorkers(ParsePcapConfig, PcapConfigGeThreadsCount, "ReceivePcap", + "DecodePcap", thread_name_workers, live_dev); if (ret != 0) { FatalError("Unable to start runmode"); } diff --git a/src/runmode-pfring.c b/src/runmode-pfring.c index e385fef1db..4cadeb5492 100644 --- a/src/runmode-pfring.c +++ b/src/runmode-pfring.c @@ -50,19 +50,18 @@ const char *RunModeIdsPfringGetDefaultMode(void) void RunModeIdsPfringRegister(void) { RunModeRegisterNewRunMode(RUNMODE_PFRING, "autofp", - "Multi threaded pfring mode. Packets from " - "each flow are assigned to a single detect " - "thread, unlike \"pfring_auto\" where packets " - "from the same flow can be processed by any " - "detect thread", - RunModeIdsPfringAutoFp); - RunModeRegisterNewRunMode(RUNMODE_PFRING, "single", - "Single threaded pfring mode", - RunModeIdsPfringSingle); + "Multi threaded pfring mode. Packets from " + "each flow are assigned to a single detect " + "thread, unlike \"pfring_auto\" where packets " + "from the same flow can be processed by any " + "detect thread", + RunModeIdsPfringAutoFp, NULL); + RunModeRegisterNewRunMode( + RUNMODE_PFRING, "single", "Single threaded pfring mode", RunModeIdsPfringSingle, NULL); RunModeRegisterNewRunMode(RUNMODE_PFRING, "workers", - "Workers pfring mode, each thread does all" - " tasks from acquisition to logging", - RunModeIdsPfringWorkers); + "Workers pfring mode, each thread does all" + " tasks from acquisition to logging", + RunModeIdsPfringWorkers, NULL); return; } @@ -473,11 +472,8 @@ int RunModeIdsPfringAutoFp(void) FatalError("Unable to get parser and interface params"); } - ret = RunModeSetLiveCaptureAutoFp(tparser, - PfringConfigGetThreadsCount, - "ReceivePfring", - "DecodePfring", thread_name_autofp, - live_dev); + ret = RunModeSetLiveCaptureAutoFp(tparser, PfringConfigGetThreadsCount, "ReceivePfring", + "DecodePfring", thread_name_autofp, live_dev); if (ret != 0) { FatalError("Runmode start failed"); } @@ -541,11 +537,8 @@ int RunModeIdsPfringWorkers(void) FatalError("Unable to get parser and interface params"); } - ret = RunModeSetLiveCaptureWorkers(tparser, - PfringConfigGetThreadsCount, - "ReceivePfring", - "DecodePfring", thread_name_workers, - live_dev); + ret = RunModeSetLiveCaptureWorkers(tparser, PfringConfigGetThreadsCount, "ReceivePfring", + "DecodePfring", thread_name_workers, live_dev); if (ret != 0) { FatalError("Runmode start failed"); } diff --git a/src/runmode-unix-socket.c b/src/runmode-unix-socket.c index 2504de3e1d..9b3fc9482c 100644 --- a/src/runmode-unix-socket.c +++ b/src/runmode-unix-socket.c @@ -603,12 +603,10 @@ void RunModeUnixSocketRegister(void) { #ifdef BUILD_UNIX_SOCKET /* a bit of a hack, but register twice to --list-runmodes shows both */ - RunModeRegisterNewRunMode(RUNMODE_UNIX_SOCKET, "single", - "Unix socket mode", - RunModeUnixSocketMaster); - RunModeRegisterNewRunMode(RUNMODE_UNIX_SOCKET, "autofp", - "Unix socket mode", - RunModeUnixSocketMaster); + RunModeRegisterNewRunMode( + RUNMODE_UNIX_SOCKET, "single", "Unix socket mode", RunModeUnixSocketMaster, NULL); + RunModeRegisterNewRunMode( + RUNMODE_UNIX_SOCKET, "autofp", "Unix socket mode", RunModeUnixSocketMaster, NULL); #endif } diff --git a/src/runmode-windivert.c b/src/runmode-windivert.c index 6b96da0c11..7c2ccfe46a 100644 --- a/src/runmode-windivert.c +++ b/src/runmode-windivert.c @@ -44,10 +44,9 @@ const char *RunModeIpsWinDivertGetDefaultMode(void) void RunModeIpsWinDivertRegister(void) { - RunModeRegisterNewRunMode( - RUNMODE_WINDIVERT, "autofp", - "Multi-threaded WinDivert IPS mode load-balanced by flow", - RunModeIpsWinDivertAutoFp); + RunModeRegisterNewRunMode(RUNMODE_WINDIVERT, "autofp", + "Multi-threaded WinDivert IPS mode load-balanced by flow", RunModeIpsWinDivertAutoFp, + NULL); } int RunModeIpsWinDivertAutoFp(void) diff --git a/src/runmodes.c b/src/runmodes.c index 09b9855e38..36617fff00 100644 --- a/src/runmodes.c +++ b/src/runmodes.c @@ -98,6 +98,7 @@ typedef struct RunMode_ { const char *description; /* runmode function */ int (*RunModeFunc)(void); + void (*RunModeIsIPSEnabled)(void); } RunMode; typedef struct RunModes_ { @@ -304,24 +305,18 @@ void RunModeListRunmodes(void) return; } -/** - */ -void RunModeDispatch(int runmode, const char *custom_mode, - const char *capture_plugin_name, const char *capture_plugin_args) +static const char *RunModeGetConfOrDefault(int capture_mode, const char *capture_plugin_name) { - char *local_custom_mode = NULL; - - if (custom_mode == NULL) { - const char *val = NULL; - if (ConfGet("runmode", &val) != 1) { - custom_mode = NULL; - } else { - custom_mode = val; - } + const char *custom_mode = NULL; + const char *val = NULL; + if (ConfGet("runmode", &val) != 1) { + custom_mode = NULL; + } else { + custom_mode = val; } - if (custom_mode == NULL || strcmp(custom_mode, "auto") == 0) { - switch (runmode) { + if ((custom_mode == NULL) || (strcmp(custom_mode, "auto") == 0)) { + switch (capture_mode) { case RUNMODE_PCAP_DEV: custom_mode = RunModeIdsGetDefaultMode(); break; @@ -384,11 +379,12 @@ void RunModeDispatch(int runmode, const char *custom_mode, break; #endif default: - FatalError("Unknown runtime mode. Aborting"); + return NULL; } } else { /* if (custom_mode == NULL) */ /* Add compability with old 'worker' name */ if (!strcmp("worker", custom_mode)) { + char *local_custom_mode = NULL; SCLogWarning("'worker' mode have been renamed " "to 'workers', please modify your setup."); local_custom_mode = SCStrdup("workers"); @@ -399,6 +395,40 @@ void RunModeDispatch(int runmode, const char *custom_mode, } } + return custom_mode; +} + +void RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name) +{ + if (runmode == NULL) { + runmode = RunModeGetConfOrDefault(capture_mode, capture_plugin_name); + if (runmode == NULL) // non-standard runmode + return; + } + + RunMode *mode = RunModeGetCustomMode(capture_mode, runmode); + if (mode == NULL) { + return; + } + + if (mode->RunModeIsIPSEnabled != NULL) { + mode->RunModeIsIPSEnabled(); + } +} + +/** + */ +void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, + const char *capture_plugin_args) +{ + char *local_custom_mode = NULL; + + if (custom_mode == NULL) { + custom_mode = RunModeGetConfOrDefault(runmode, capture_plugin_name); + if (custom_mode == NULL) + FatalError("Unknown runtime mode. Aborting"); + } + RunMode *mode = RunModeGetCustomMode(runmode, custom_mode); if (mode == NULL) { SCLogError("The custom type \"%s\" doesn't exist " @@ -463,10 +493,8 @@ int RunModeNeedsBypassManager(void) * \param description Description for this runmode. * \param RunModeFunc The function to be run for this runmode. */ -void RunModeRegisterNewRunMode(enum RunModes runmode, - const char *name, - const char *description, - int (*RunModeFunc)(void)) +void RunModeRegisterNewRunMode(enum RunModes runmode, const char *name, const char *description, + int (*RunModeFunc)(void), void (*RunModeIsIPSEnabled)(void)) { if (RunModeGetCustomMode(runmode, name) != NULL) { FatalError("runmode '%s' has already " @@ -497,6 +525,7 @@ void RunModeRegisterNewRunMode(enum RunModes runmode, FatalError("Failed to allocate string"); } mode->RunModeFunc = RunModeFunc; + mode->RunModeIsIPSEnabled = RunModeIsIPSEnabled; return; } diff --git a/src/runmodes.h b/src/runmodes.h index 74f4e332b3..afa3f8d8f0 100644 --- a/src/runmodes.h +++ b/src/runmodes.h @@ -80,10 +80,11 @@ char *RunmodeGetActive(void); const char *RunModeGetMainMode(void); void RunModeListRunmodes(void); +void RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name); void RunModeDispatch(int, const char *, const char *capture_plugin_name, const char *capture_plugin_args); void RunModeRegisterRunModes(void); -void RunModeRegisterNewRunMode(enum RunModes, const char *, const char *, - int (*RunModeFunc)(void)); +void RunModeRegisterNewRunMode(enum RunModes, const char *, const char *, int (*RunModeFunc)(void), + void (*RunModeIsIPSEnabled)(void)); void RunModeInitialize(void); void RunModeInitializeOutputs(void); void RunModeShutDown(void); diff --git a/src/suricata.c b/src/suricata.c index ba7e8e5f2e..934817365f 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -2429,9 +2429,9 @@ static int ConfigGetCaptureValue(SCInstance *suri) case RUNMODE_AFP_DEV: case RUNMODE_AFXDP_DEV: case RUNMODE_PFRING: - nlive = LiveGetDeviceNameCount(); + nlive = LiveGetDeviceCount(); for (lthread = 0; lthread < nlive; lthread++) { - const char *live_dev = LiveGetDeviceNameName(lthread); + const char *live_dev = LiveGetDeviceName(lthread); char dev[128]; /* need to be able to support GUID names on Windows */ (void)strlcpy(dev, live_dev, sizeof(dev)); @@ -2529,30 +2529,6 @@ void PostConfLoadedDetectSetup(SCInstance *suri) } } -static int PostDeviceFinalizedSetup(SCInstance *suri) -{ - SCEnter(); - -#ifdef HAVE_AF_PACKET - if (suri->run_mode == RUNMODE_AFP_DEV) { - if (AFPRunModeIsIPS()) { - SCLogInfo("AF_PACKET: Setting IPS mode"); - EngineModeSetIPS(); - } - } -#endif -#ifdef HAVE_NETMAP - if (suri->run_mode == RUNMODE_NETMAP) { - if (NetmapRunModeIsIPS()) { - SCLogInfo("Netmap: Setting IPS mode"); - EngineModeSetIPS(); - } - } -#endif - - SCReturnInt(TM_ECODE_OK); -} - static void PostConfLoadedSetupHostMode(void) { const char *hostmode = NULL; @@ -2771,10 +2747,8 @@ int PostConfLoadedSetup(SCInstance *suri) LiveDeviceFinalize(); - /* set engine mode if L2 IPS */ - if (PostDeviceFinalizedSetup(suri) != TM_ECODE_OK) { - exit(EXIT_FAILURE); - } + RunModeEngineIsIPS( + suricata.run_mode, suricata.runmode_custom_mode, suricata.capture_plugin_name); /* hostmode depends on engine mode being set */ PostConfLoadedSetupHostMode(); diff --git a/src/util-runmodes.c b/src/util-runmodes.c index b1cc292408..ccd1ce3aa9 100644 --- a/src/util-runmodes.c +++ b/src/util-runmodes.c @@ -84,11 +84,8 @@ char *RunmodeAutoFpCreatePickupQueuesString(int n) /** */ int RunModeSetLiveCaptureAutoFp(ConfigIfaceParserFunc ConfigParser, - ConfigIfaceThreadsCountFunc ModThreadsCount, - const char *recv_mod_name, - const char *decode_mod_name, - const char *thread_name, - const char *live_dev) + ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name, + const char *decode_mod_name, const char *thread_name, const char *live_dev) { char tname[TM_THREAD_NAME_MAX]; char qname[TM_QUEUE_NAME_MAX]; @@ -323,10 +320,8 @@ static int RunModeSetLiveCaptureWorkersForDevice(ConfigIfaceThreadsCountFunc Mod } int RunModeSetLiveCaptureWorkers(ConfigIfaceParserFunc ConfigParser, - ConfigIfaceThreadsCountFunc ModThreadsCount, - const char *recv_mod_name, - const char *decode_mod_name, const char *thread_name, - const char *live_dev) + ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name, + const char *decode_mod_name, const char *thread_name, const char *live_dev) { int nlive = LiveGetDeviceCount(); void *aconf; diff --git a/src/util-runmodes.h b/src/util-runmodes.h index c41d214e84..419f9f9511 100644 --- a/src/util-runmodes.h +++ b/src/util-runmodes.h @@ -34,10 +34,8 @@ int RunModeSetLiveCaptureAuto(ConfigIfaceParserFunc configparser, const char *live_dev); int RunModeSetLiveCaptureAutoFp(ConfigIfaceParserFunc configparser, - ConfigIfaceThreadsCountFunc ModThreadsCount, - const char *recv_mod_name, - const char *decode_mod_name, const char *thread_name, - const char *live_dev); + ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name, + const char *decode_mod_name, const char *thread_name, const char *live_dev); int RunModeSetLiveCaptureSingle(ConfigIfaceParserFunc configparser, ConfigIfaceThreadsCountFunc ModThreadsCount, @@ -46,10 +44,8 @@ int RunModeSetLiveCaptureSingle(ConfigIfaceParserFunc configparser, const char *live_dev); int RunModeSetLiveCaptureWorkers(ConfigIfaceParserFunc configparser, - ConfigIfaceThreadsCountFunc ModThreadsCount, - const char *recv_mod_name, - const char *decode_mod_name, const char *thread_name, - const char *live_dev); + ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name, + const char *decode_mod_name, const char *thread_name, const char *live_dev); int RunModeSetIPSAutoFp(ConfigIPSParserFunc ConfigParser, const char *recv_mod_name, diff --git a/src/util-unittest.c b/src/util-unittest.c index 547988c2e5..d4ef5dc99c 100644 --- a/src/util-unittest.c +++ b/src/util-unittest.c @@ -282,10 +282,7 @@ void UtCleanup(void) void UtRunModeRegister(void) { - RunModeRegisterNewRunMode(RUNMODE_UNITTEST, - "unittest", - "Unittest mode", - NULL); + RunModeRegisterNewRunMode(RUNMODE_UNITTEST, "unittest", "Unittest mode", NULL, NULL); return; }