af-packet: Add option to disable promiscuous mode

This patch adds an option to suricata.yaml to be able to disable the switch of the interface into promiscuous mode.
13 years ago · df7dbe36b6
parent fbca1a4e6b
commit df7dbe36b6
4 changed files with 31 additions and 12 deletions
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@ -96,6 +96,7 @@ AFPIfaceConfig *ParseAFPConfig(char *iface)
    char *tmpclusterid;
    char *tmpctype;
    intmax_t value;
+    int dispromisc;

    if (aconf == NULL) {
        return NULL;
@ -105,6 +106,7 @@ AFPIfaceConfig *ParseAFPConfig(char *iface)
    aconf->buffer_size = 0;
    aconf->cluster_id = 1;
    aconf->cluster_type = PACKET_FANOUT_HASH;
+    aconf->promisc = 1;

    /* Find initial node */
    af_packet_node = ConfGetNode("af-packet");
@ -172,6 +174,13 @@ AFPIfaceConfig *ParseAFPConfig(char *iface)
        aconf->buffer_size = 0;
    }

+    ConfGetChildValueBool(if_root, "disable-promisc", (int *)&dispromisc);
+    if (dispromisc) {
+        SCLogInfo("Disabling promiscuous mode on iface %s",
+                aconf->iface);
+        aconf->promisc = 0;
+    }
+
    return aconf;
 }

--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@ -153,6 +153,7 @@ typedef struct AFPThreadVars_

    /* socket buffer size */
    int buffer_size;
+    int promisc;

    int cluster_id;
    int cluster_type;
@ -647,18 +648,20 @@ static int AFPCreateSocket(AFPThreadVars *ptv, char *devname, int verbose)
        close(ptv->socket);
        return -1;
    }
-    /* Force promiscuous mode */
-    memset(&sock_params, 0, sizeof(sock_params));
-    sock_params.mr_type = PACKET_MR_PROMISC;
-    sock_params.mr_ifindex = bind_address.sll_ifindex;
-    r = setsockopt(ptv->socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP,(void *)&sock_params, sizeof(sock_params));
-    if (r < 0) {
-        SCLogError(SC_ERR_AFP_CREATE,
-                   "Couldn't switch iface %s to promiscuous, error %s",
-                   devname,
-                   strerror(errno));
-        close(ptv->socket);
-        return -1;
+    if (ptv->promisc != 0) {
+        /* Force promiscuous mode */
+        memset(&sock_params, 0, sizeof(sock_params));
+        sock_params.mr_type = PACKET_MR_PROMISC;
+        sock_params.mr_ifindex = bind_address.sll_ifindex;
+        r = setsockopt(ptv->socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP,(void *)&sock_params, sizeof(sock_params));
+        if (r < 0) {
+            SCLogError(SC_ERR_AFP_CREATE,
+                    "Couldn't switch iface %s to promiscuous, error %s",
+                    devname,
+                    strerror(errno));
+            close(ptv->socket);
+            return -1;
+        }
    }
    /* set socket recv buffer size */
    if (ptv->buffer_size != 0) {
@ -739,6 +742,8 @@ TmEcode ReceiveAFPThreadInit(ThreadVars *tv, void *initdata, void **data) {

    ptv->buffer_size = afpconfig->buffer_size;

+    ptv->promisc = afpconfig->promisc;
+
    ptv->threads = 1;
 #ifdef HAVE_PACKET_FANOUT
    ptv->cluster_type = PACKET_FANOUT_LB;
--- a/src/source-af-packet.h
+++ b/src/source-af-packet.h
@ -49,6 +49,8 @@ typedef struct AFPIfaceConfig_
    /* cluster param */
    int cluster_id;
    int cluster_type;
+    /* promisc mode */
+    int promisc;
 } AFPIfaceConfig;

 void TmModuleReceiveAFPRegister (void);
--- a/suricata.yaml
+++ b/suricata.yaml
@ -177,12 +177,15 @@ af-packet:
    defrag: yes
    # recv buffer size, increase value could improve performance
    # buffer-size: 32768
+    # Set to yes to disable promiscuous mode
+    # disable-promisc: no
  - interface: eth1
    threads: 1
    cluster-id: 98
    cluster-type: cluster_round_robin
    defrag: yes
    # buffer-size: 32768
+    # disable-promisc: no

 defrag:
  max-frags: 65535