diff --git a/src/runmodes.c b/src/runmodes.c index 8a3d06d1a2..88e2c0b58f 100644 --- a/src/runmodes.c +++ b/src/runmodes.c @@ -604,7 +604,7 @@ int RunModeIdsPcap3(DetectEngineCtx *de_ctx, char *iface) { return 0; } -int RunModeIpsNFQ(DetectEngineCtx *de_ctx) { +int RunModeIpsNFQ(DetectEngineCtx *de_ctx, char *nfq_id) { TimeModeSetLive(); /* create the threads */ @@ -618,7 +618,7 @@ int RunModeIpsNFQ(DetectEngineCtx *de_ctx) { printf("ERROR: TmModuleGetByName failed for ReceiveNFQ\n"); exit(EXIT_FAILURE); } - Tm1SlotSetFunc(tv_receivenfq,tm_module,NULL); + Tm1SlotSetFunc(tv_receivenfq,tm_module,nfq_id); if (TmThreadSpawn(tv_receivenfq) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); @@ -703,7 +703,7 @@ int RunModeIpsNFQ(DetectEngineCtx *de_ctx) { printf("ERROR: TmModuleGetByName VerdictNFQ failed\n"); exit(EXIT_FAILURE); } - Tm1SlotSetFunc(tv_verdict,tm_module,NULL); + Tm1SlotSetFunc(tv_verdict,tm_module,nfq_id); if (TmThreadSpawn(tv_verdict) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); diff --git a/src/runmodes.h b/src/runmodes.h index d289dc33b6..a8b4e99a1c 100644 --- a/src/runmodes.h +++ b/src/runmodes.h @@ -7,7 +7,7 @@ int RunModeIdsPcap(DetectEngineCtx *, char *); int RunModeIdsPcap2(DetectEngineCtx *, char *); int RunModeIdsPcap3(DetectEngineCtx *, char *); -int RunModeIpsNFQ(DetectEngineCtx *); +int RunModeIpsNFQ(DetectEngineCtx *, char *); int RunModeFilePcap(DetectEngineCtx *, char *); int RunModeFilePcap2(DetectEngineCtx *, char *); diff --git a/src/source-nfq.c b/src/source-nfq.c index 19bf994822..4b5b46689d 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -21,6 +21,7 @@ #include "util-debug.h" #include "util-error.h" +#include "util-byte.h" #ifndef NFQ /** Handle the case where no NFQ support is compiled in. @@ -296,7 +297,17 @@ TmEcode ReceiveNFQThreadInit(ThreadVars *tv, void *initdata, void **data) { * as we will need it in our callback function */ ntv->tv = tv; - int r = NFQInitThread(ntv,receive_queue_num, NFQ_DFT_QUEUE_LEN); + /* Extract the queue number from the specified command line argument */ + uint16_t queue_num = 0; + if ((ByteExtractStringUint16(&queue_num, 10, strlen((char *)initdata), + (char *)initdata)) < 0) + { + SCLogError(SC_INVALID_ARGUMENT, "specified queue number %s is not " + "valid", (char *)initdata); + exit(EXIT_FAILURE); + } + + int r = NFQInitThread(ntv, queue_num, NFQ_DFT_QUEUE_LEN); if (r < 0) { SCLogError(SC_NFQ_THREAD_INIT, "nfq thread failed to initialize"); diff --git a/src/suricata.c b/src/suricata.c index f821f04515..597f824362 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -317,7 +317,7 @@ int main(int argc, char **argv) char *pcap_dev = NULL; char *pfring_dev = NULL; char *sig_file = NULL; - int nfq_id = 0; + char *nfq_id = NULL; char *conf_filename = NULL; #ifdef UNITTESTS char *regex_arg = NULL; @@ -437,10 +437,17 @@ int main(int argc, char **argv) usage(argv[0]); exit(EXIT_SUCCESS); } - nfq_id = atoi(optarg); /* strtol? */ + nfq_id = optarg; break; case 'd': - run_mode = MODE_IPFW; + if (run_mode == MODE_UNKNOWN) { + run_mode = MODE_IPFW; + } else { + SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode " + "has been specified"); + usage(argv[0]); + exit(EXIT_SUCCESS); + } if (ConfSet("ipfw-divert-port", optarg, 0) != 1) { fprintf(stderr, "ERROR: Failed to set ipfw_divert_port\n"); exit(EXIT_FAILURE); @@ -720,7 +727,7 @@ int main(int argc, char **argv) RunModeIdsPfring4(de_ctx, pfring_dev); } else if (run_mode == MODE_NFQ) { - RunModeIpsNFQ(de_ctx); + RunModeIpsNFQ(de_ctx, nfq_id); } else if (run_mode == MODE_IPFW) { RunModeIpsIPFW(de_ctx);