]> git.ipfire.org Git - people/ms/suricata.git/blame - src/runmode-af-packet.c
projects / people / ms / suricata.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
yaml: make eve log in yaml depend on libjansson
[people/ms/suricata.git] / src / runmode-af-packet.c
CommitLineData
c78e112e 1/* Copyright (C) 2011,2012 Open Information Security Foundation
c45d8985
EL		 2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
a6457262
EL		 18/**
19 * \ingroup afppacket
20 *
21 * @{
22 */
23
e80b30c0
EL		 24/**
25 * \file
26 *
27 * \author Eric Leblond <eric@regit.org>
28 *
29 * AF_PACKET socket runmode
30 *
31 */
32
33
c45d8985 34#include "suricata-common.h"
e80b30c0 35#include "config.h"
c45d8985
EL		 36#include "tm-threads.h"
37#include "conf.h"
38#include "runmodes.h"
39#include "runmode-af-packet.h"
40#include "log-httplog.h"
41#include "output.h"
c45d8985
EL		 42#include "detect-engine-mpm.h"
43
44#include "alert-fastlog.h"
45#include "alert-prelude.h"
c45d8985
EL		 46#include "alert-unified2-alert.h"
47#include "alert-debuglog.h"
48
49#include "util-debug.h"
50#include "util-time.h"
51#include "util-cpu.h"
52#include "util-affinity.h"
871b2189 53#include "util-device.h"
75c875b1 54#include "util-runmodes.h"
56373e5b 55#include "util-ioctl.h"
c45d8985 56
e80b30c0
EL		 57#include "source-af-packet.h"
58
8879df80
EL		 59extern int max_pending_packets;
60
c174c9d7 61static const char *default_mode_workers = NULL;
c45d8985
EL		 62
63const char *RunModeAFPGetDefaultMode(void)
64{
c174c9d7 65 return default_mode_workers;
c45d8985
EL		 66}
67
68void RunModeIdsAFPRegister(void)
69{
e80b30c0
EL		 70 RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "single",
71 "Single threaded af-packet mode",
72 RunModeIdsAFPSingle);
beaa909e
EL		 73 RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "workers",
74 "Workers af-packet mode, each thread does all"
75 " tasks from acquisition to logging",
76 RunModeIdsAFPWorkers);
c174c9d7 77 default_mode_workers = "workers";
e80b30c0
EL		 78 RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "autofp",
79 "Multi socket AF_PACKET mode. Packets from "
80 "each flow are assigned to a single detect "
81 "thread.",
82 RunModeIdsAFPAutoFp);
c45d8985
EL		 83 return;
84}
85
994bc15c
EL		 86
87#ifdef HAVE_AF_PACKET
88
45d5c3ca
EL		 89void AFPDerefConfig(void *conf)
90{
91 AFPIfaceConfig *pfp = (AFPIfaceConfig *)conf;
92 /* Pcap config is used only once but cost of this low. */
93 if (SC_ATOMIC_SUB(pfp->ref, 1) == 0) {
94 SCFree(pfp);
95 }
96}
97
f89a4219
VJ		 98/* if cluster id is not set, assign it automagically, uniq value per
99 * interface. */
100static int cluster_id_auto = 1;
101
fbca1a4e
EL		 102/**
103 * \brief extract information from config file
104 *
105 * The returned structure will be freed by the thread init function.
106 * This is thus necessary to or copy the structure before giving it
107 * to thread or to reparse the file for each thread (and thus have
108 * new structure.
109 *
110 * \return a AFPIfaceConfig corresponding to the interface name
111 */
75c875b1 112void *ParseAFPConfig(const char *iface)
fbca1a4e
EL		 113{
114 char *threadsstr = NULL;
115 ConfNode *if_root;
4ae27756 116 ConfNode *if_default = NULL;
fbca1a4e
EL		 117 ConfNode *af_packet_node;
118 AFPIfaceConfig *aconf = SCMalloc(sizeof(*aconf));
119 char *tmpclusterid;
120 char *tmpctype;
662dccd8 121 char *copymodestr;
fbca1a4e 122 intmax_t value;
67f791e8 123 int boolval;
f2a6fb8a 124 char *bpf_filter = NULL;
662dccd8 125 char *out_iface = NULL;
fbca1a4e 126
e176be6f 127 if (unlikely(aconf == NULL)) {
75c875b1
EL		 128 return NULL;
129 }
130
11bdf483
VJ		 131 if (iface == NULL) {
132 SCFree(aconf);
fbca1a4e
EL		 133 return NULL;
134 }
11bdf483 135
fbca1a4e
EL		 136 strlcpy(aconf->iface, iface, sizeof(aconf->iface));
137 aconf->threads = 1;
45d5c3ca 138 SC_ATOMIC_INIT(aconf->ref);
0227a87f 139 (void) SC_ATOMIC_ADD(aconf->ref, 1);
fbca1a4e
EL		 140 aconf->buffer_size = 0;
141 aconf->cluster_id = 1;
142 aconf->cluster_type = PACKET_FANOUT_HASH;
df7dbe36 143 aconf->promisc = 1;
6062e00c 144 aconf->checksum_mode = CHECKSUM_VALIDATION_KERNEL;
45d5c3ca 145 aconf->DerefFunc = AFPDerefConfig;
49b7b00f 146 aconf->flags = 0;
f2a6fb8a 147 aconf->bpf_filter = NULL;
662dccd8 148 aconf->out_iface = NULL;
c8b3f441 149 aconf->copy_mode = AFP_COPY_MODE_NONE;
f2a6fb8a
EL		 150
151 if (ConfGet("bpf-filter", &bpf_filter) == 1) {
152 if (strlen(bpf_filter) > 0) {
153 aconf->bpf_filter = bpf_filter;
154 SCLogInfo("Going to use command-line provided bpf filter '%s'",
155 aconf->bpf_filter);
156 }
157 }
fbca1a4e
EL		 158
159 /* Find initial node */
160 af_packet_node = ConfGetNode("af-packet");
161 if (af_packet_node == NULL) {
162 SCLogInfo("Unable to find af-packet config using default value");
163 return aconf;
164 }
165
aa8e747e 166 if_root = ConfFindDeviceConfig(af_packet_node, iface);
4ae27756 167
aa8e747e 168 if_default = ConfFindDeviceConfig(af_packet_node, "default");
4ae27756
EL		 169
170 if (if_root == NULL && if_default == NULL) {
fbca1a4e 171 SCLogInfo("Unable to find af-packet config for "
4ae27756 172 "interface \"%s\" or \"default\", using default value",
fbca1a4e
EL		 173 iface);
174 return aconf;
175 }
176
4ae27756
EL		 177 /* If there is no setting for current interface use default one as main iface */
178 if (if_root == NULL) {
179 if_root = if_default;
180 if_default = NULL;
181 }
182
183 if (ConfGetChildValueWithDefault(if_root, if_default, "threads", &threadsstr) != 1) {
c174c9d7 184 aconf->threads = 0;
fbca1a4e
EL		 185 } else {
186 if (threadsstr != NULL) {
c174c9d7
VJ		 187 if (strcmp(threadsstr, "auto") == 0) {
188 aconf->threads = 0;
189 } else {
190 aconf->threads = (uint8_t)atoi(threadsstr);
191 }
fbca1a4e
EL		 192 }
193 }
194 if (aconf->threads == 0) {
56373e5b 195 int rss_queues;
c174c9d7 196 aconf->threads = (int)UtilCpuGetNumProcessorsOnline();
56373e5b
EL		 197 /* Get the number of RSS queues and take the min */
198 rss_queues = GetIfaceRSSQueuesNum(iface);
199 if (rss_queues > 0) {
200 if (rss_queues < aconf->threads) {
201 aconf->threads = rss_queues;
f89a4219 202 SCLogInfo("More cores than RSS queues, using %d threads for interface %s",
56373e5b
EL		 203 aconf->threads, iface);
204 }
205 }
c174c9d7
VJ		 206 if (aconf->threads)
207 SCLogInfo("Using %d AF_PACKET threads for interface %s", aconf->threads, iface);
208 }
209 if (aconf->threads <= 0) {
fbca1a4e
EL		 210 aconf->threads = 1;
211 }
45d5c3ca 212
4ae27756 213 if (ConfGetChildValueWithDefault(if_root, if_default, "copy-iface", &out_iface) == 1) {
662dccd8
EL		 214 if (strlen(out_iface) > 0) {
215 aconf->out_iface = out_iface;
216 }
217 }
218
876b356b
EL		 219 if (ConfGetChildValueBoolWithDefault(if_root, if_default, "use-mmap", (int *)&boolval) == 1) {
220 if (boolval) {
221 aconf->flags |= AFP_RING_MODE;
222 } else {
223 SCLogInfo("Disabling mmaped capture on iface %s",
224 aconf->iface);
225 }
226 } else {
662dccd8
EL		 227 aconf->flags |= AFP_RING_MODE;
228 }
876b356b 229
8035d834
EL		 230 if (aconf->flags & AFP_RING_MODE) {
231 (void)ConfGetChildValueBoolWithDefault(if_root, if_default,
232 "mmap-locked", (int *)&boolval);
233 if (boolval) {
234 SCLogInfo("Enabling locked memory for mmap on iface %s",
bae1b03c 235 aconf->iface);
8035d834
EL		 236 aconf->flags |= AFP_MMAP_LOCKED;
237 }
238 (void)ConfGetChildValueBoolWithDefault(if_root, if_default,
239 "tpacket-v3", (int *)&boolval);
240 if (boolval) {
241 if (strcasecmp(RunmodeGetActive(), "workers") == 0) {
242#ifdef HAVE_TPACKET_V3
243 SCLogInfo("Enabling tpacket v3 capture on iface %s",
244 aconf->iface);
245 aconf->flags |= AFP_TPACKET_V3|AFP_RING_MODE;
c2d0d938 246#else
8035d834
EL		 247 SCLogNotice("System too old for tpacket v3 switching to v2");
248 aconf->flags |= AFP_RING_MODE;
c2d0d938 249#endif
8035d834
EL		 250 } else {
251 SCLogError(SC_ERR_RUNMODE,
252 "tpacket v3 is only implemented for 'workers' running mode."
253 " Switching to tpacket v2.");
254 aconf->flags |= AFP_RING_MODE;
255 }
256 }
257 (void)ConfGetChildValueBoolWithDefault(if_root, if_default,
258 "use-emergency-flush", (int *)&boolval);
259 if (boolval) {
260 SCLogInfo("Enabling ring emergency flush on iface %s",
261 aconf->iface);
262 aconf->flags |= AFP_EMERGENCY_MODE;
bae1b03c 263 }
27b5136b
EL		 264 }
265
662dccd8
EL		 266
267 aconf->copy_mode = AFP_COPY_MODE_NONE;
4ae27756 268 if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) {
662dccd8
EL		 269 if (aconf->out_iface == NULL) {
270 SCLogInfo("Copy mode activated but no destination"
271 " iface. Disabling feature");
272 } else if (!(aconf->flags & AFP_RING_MODE)) {
273 SCLogInfo("Copy mode activated but use-mmap "
274 "set to no. Disabling feature");
275 } else if (strlen(copymodestr) <= 0) {
276 aconf->out_iface = NULL;
277 } else if (strcmp(copymodestr, "ips") == 0) {
278 SCLogInfo("AF_PACKET IPS mode activated %s->%s",
279 iface,
280 aconf->out_iface);
281 aconf->copy_mode = AFP_COPY_MODE_IPS;
282 } else if (strcmp(copymodestr, "tap") == 0) {
283 SCLogInfo("AF_PACKET TAP mode activated %s->%s",
284 iface,
285 aconf->out_iface);
286 aconf->copy_mode = AFP_COPY_MODE_TAP;
287 } else {
288 SCLogInfo("Invalid mode (not in tap, ips)");
289 }
290 }
291
45d5c3ca 292 SC_ATOMIC_RESET(aconf->ref);
0227a87f 293 (void) SC_ATOMIC_ADD(aconf->ref, aconf->threads);
45d5c3ca 294
4ae27756 295 if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-id", &tmpclusterid) != 1) {
f89a4219 296 aconf->cluster_id = (uint16_t)(cluster_id_auto++);
fbca1a4e
EL		 297 } else {
298 aconf->cluster_id = (uint16_t)atoi(tmpclusterid);
299 SCLogDebug("Going to use cluster-id %" PRId32, aconf->cluster_id);
300 }
301
4ae27756 302 if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-type", &tmpctype) != 1) {
f89a4219
VJ		 303 /* default to our safest choice: flow hashing + defrag enabled */
304 aconf->cluster_type = PACKET_FANOUT_HASH | PACKET_FANOUT_FLAG_DEFRAG;
fbca1a4e
EL		 305 } else if (strcmp(tmpctype, "cluster_round_robin") == 0) {
306 SCLogInfo("Using round-robin cluster mode for AF_PACKET (iface %s)",
307 aconf->iface);
308 aconf->cluster_type = PACKET_FANOUT_LB;
309 } else if (strcmp(tmpctype, "cluster_flow") == 0) {
310 /* In hash mode, we also ask for defragmentation needed to
311 * compute the hash */
312 uint16_t defrag = 0;
4c6595f4 313 int conf_val = 0;
fbca1a4e
EL		 314 SCLogInfo("Using flow cluster mode for AF_PACKET (iface %s)",
315 aconf->iface);
4c6595f4
EL		 316 ConfGetChildValueBoolWithDefault(if_root, if_default, "defrag", &conf_val);
317 if (conf_val) {
0df4c583 318 SCLogInfo("Using defrag kernel functionality for AF_PACKET (iface %s)",
fbca1a4e
EL		 319 aconf->iface);
320 defrag = PACKET_FANOUT_FLAG_DEFRAG;
321 }
322 aconf->cluster_type = PACKET_FANOUT_HASH | defrag;
323 } else if (strcmp(tmpctype, "cluster_cpu") == 0) {
324 SCLogInfo("Using cpu cluster mode for AF_PACKET (iface %s)",
325 aconf->iface);
326 aconf->cluster_type = PACKET_FANOUT_CPU;
dc306f3b
EL		 327 } else if (strcmp(tmpctype, "cluster_qm") == 0) {
328 SCLogInfo("Using queue based cluster mode for AF_PACKET (iface %s)",
329 aconf->iface);
330 aconf->cluster_type = PACKET_FANOUT_QM;
331 } else if (strcmp(tmpctype, "cluster_random") == 0) {
332 SCLogInfo("Using random based cluster mode for AF_PACKET (iface %s)",
333 aconf->iface);
334 aconf->cluster_type = PACKET_FANOUT_RND;
335 } else if (strcmp(tmpctype, "cluster_rollover") == 0) {
336 SCLogInfo("Using rollover based cluster mode for AF_PACKET (iface %s)",
337 aconf->iface);
338 aconf->cluster_type = PACKET_FANOUT_ROLLOVER;
339
fbca1a4e
EL		 340 } else {
341 SCLogError(SC_ERR_INVALID_CLUSTER_TYPE,"invalid cluster-type %s",tmpctype);
11bdf483 342 SCFree(aconf);
fbca1a4e
EL		 343 return NULL;
344 }
345
8fde842f
EL		 346 int conf_val = 0;
347 ConfGetChildValueBoolWithDefault(if_root, if_default, "rollover", &conf_val);
348 if (conf_val) {
349 SCLogInfo("Using rollover kernel functionality for AF_PACKET (iface %s)",
350 aconf->iface);
351 aconf->cluster_type |= PACKET_FANOUT_FLAG_ROLLOVER;
352 }
353
f2a6fb8a
EL		 354 /*load af_packet bpf filter*/
355 /* command line value has precedence */
356 if (ConfGet("bpf-filter", &bpf_filter) != 1) {
4ae27756 357 if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
f2a6fb8a
EL		 358 if (strlen(bpf_filter) > 0) {
359 aconf->bpf_filter = bpf_filter;
360 SCLogInfo("Going to use bpf filter %s", aconf->bpf_filter);
361 }
362 }
363 }
364
4ae27756 365 if ((ConfGetChildValueIntWithDefault(if_root, if_default, "buffer-size", &value)) == 1) {
fbca1a4e
EL		 366 aconf->buffer_size = value;
367 } else {
368 aconf->buffer_size = 0;
369 }
4ae27756 370 if ((ConfGetChildValueIntWithDefault(if_root, if_default, "ring-size", &value)) == 1) {
8879df80
EL		 371 aconf->ring_size = value;
372 if (value * aconf->threads < max_pending_packets) {
373 aconf->ring_size = max_pending_packets / aconf->threads + 1;
374 SCLogWarning(SC_ERR_AFP_CREATE, "Inefficient setup: ring-size < max_pending_packets. "
375 "Resetting to decent value %d.", aconf->ring_size);
376 /* We want at least that max_pending_packets packets can be handled by the
377 * interface. This is generous if we have multiple interfaces listening. */
378 }
379 } else {
380 /* We want that max_pending_packets packets can be handled by suricata
381 * for this interface. To take burst into account we multiply the obtained
382 * size by 2. */
383 aconf->ring_size = max_pending_packets * 2 / aconf->threads;
384 }
fbca1a4e 385
fa902abe
EL		 386 aconf->block_size = getpagesize() << AFP_BLOCK_SIZE_DEFAULT_ORDER;
387 if ((ConfGetChildValueIntWithDefault(if_root, if_default, "block-size", &value)) == 1) {
388 if (value % getpagesize()) {
389 SCLogError(SC_ERR_INVALID_VALUE, "Block-size must be a multiple of pagesize.");
390 } else {
391 aconf->block_size = value;
392 }
393 }
394
395 if ((ConfGetChildValueIntWithDefault(if_root, if_default, "block-timeout", &value)) == 1) {
234aefdf
EL		 396 aconf->block_timeout = value;
397 } else {
398 aconf->block_timeout = 10;
399 }
400 if ((ConfGetChildValueIntWithDefault(if_root, if_default, "block-timeout", &value)) == 1) {
fa902abe
EL		 401 aconf->block_timeout = value;
402 } else {
403 aconf->block_timeout = 10;
404 }
405
4ae27756 406 (void)ConfGetChildValueBoolWithDefault(if_root, if_default, "disable-promisc", (int *)&boolval);
67f791e8 407 if (boolval) {
df7dbe36
EL		 408 SCLogInfo("Disabling promiscuous mode on iface %s",
409 aconf->iface);
410 aconf->promisc = 0;
411 }
67f791e8 412
4ae27756 413 if (ConfGetChildValueWithDefault(if_root, if_default, "checksum-checks", &tmpctype) == 1) {
6062e00c 414 if (strcmp(tmpctype, "auto") == 0) {
6062e00c 415 aconf->checksum_mode = CHECKSUM_VALIDATION_AUTO;
d18e2f6e 416 } else if (ConfValIsTrue(tmpctype)) {
6062e00c 417 aconf->checksum_mode = CHECKSUM_VALIDATION_ENABLE;
d18e2f6e 418 } else if (ConfValIsFalse(tmpctype)) {
6062e00c
EL		 419 aconf->checksum_mode = CHECKSUM_VALIDATION_DISABLE;
420 } else if (strcmp(tmpctype, "kernel") == 0) {
421 aconf->checksum_mode = CHECKSUM_VALIDATION_KERNEL;
422 } else {
423 SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid value for checksum-checks for %s", aconf->iface);
424 }
425 }
df7dbe36 426
b7bf299e
EL		 427
428 int ltype = AFPGetLinkType(iface);
429 switch (ltype) {
430 case LINKTYPE_ETHERNET:
431 if (GetIfaceOffloading(iface) == 1) {
432 SCLogWarning(SC_ERR_AFP_CREATE,
433 "Using AF_PACKET with GRO or LRO activated can lead to capture problems");
434 }
435 case -1:
436 default:
437 break;
e951afb9
VJ		 438 }
439
bed18678
VJ		 440 char *active_runmode = RunmodeGetActive();
441 if (active_runmode && !strcmp("workers", active_runmode)) {
442 aconf->flags |= AFP_ZERO_COPY;
443 SCLogInfo("%s: enabling zero copy mode", iface);
444 } else {
445 /* If we are using copy mode we need a lock */
446 aconf->flags |= AFP_SOCK_PROTECT;
447 }
448
449 /* If we are in RING mode, then we can use ZERO copy
450 * by using the data release mechanism */
451 if (aconf->flags & AFP_RING_MODE) {
452 aconf->flags |= AFP_ZERO_COPY;
453 SCLogInfo("%s: enabling zero copy mode by using data release call", iface);
454 }
455
fbca1a4e
EL		 456 return aconf;
457}
458
75c875b1
EL		 459int AFPConfigGeThreadsCount(void *conf)
460{
461 AFPIfaceConfig *afp = (AFPIfaceConfig *)conf;
462 return afp->threads;
463}
fbca1a4e 464
1e36053e
EL		 465int AFPRunModeIsIPS()
466{
467 int nlive = LiveGetDeviceCount();
468 int ldev;
469 ConfNode *if_root;
470 ConfNode *if_default = NULL;
471 ConfNode *af_packet_node;
472 int has_ips = 0;
473 int has_ids = 0;
474
475 /* Find initial node */
476 af_packet_node = ConfGetNode("af-packet");
477 if (af_packet_node == NULL) {
478 return 0;
479 }
480
481 if_default = ConfNodeLookupKeyValue(af_packet_node, "interface", "default");
482
483 for (ldev = 0; ldev < nlive; ldev++) {
484 char *live_dev = LiveGetDeviceName(ldev);
7cdc5706
VJ		 485 if (live_dev == NULL) {
486 SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file");
487 return 0;
488 }
1e36053e 489 char *copymodestr = NULL;
aa8e747e 490 if_root = ConfFindDeviceConfig(af_packet_node, live_dev);
1e36053e
EL		 491
492 if (if_root == NULL) {
493 if (if_default == NULL) {
494 SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file");
495 return 0;
496 }
497 if_root = if_default;
498 }
499
500 if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) {
501 if (strcmp(copymodestr, "ips") == 0) {
502 has_ips = 1;
503 } else {
504 has_ids = 1;
505 }
506 } else {
507 has_ids = 1;
508 }
509 }
510
511 if (has_ids && has_ips) {
512 SCLogInfo("AF_PACKET mode using IPS and IDS mode");
513 for (ldev = 0; ldev < nlive; ldev++) {
514 char *live_dev = LiveGetDeviceName(ldev);
7cdc5706
VJ		 515 if (live_dev == NULL) {
516 SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file");
517 return 0;
518 }
1e36053e
EL		 519 if_root = ConfNodeLookupKeyValue(af_packet_node, "interface", live_dev);
520 char *copymodestr = NULL;
521
522 if (if_root == NULL) {
523 if (if_default == NULL) {
524 SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file");
525 return 0;
526 }
527 if_root = if_default;
528 }
529
530 if (! ((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) &&
531 (strcmp(copymodestr, "ips") == 0))) {
532 SCLogError(SC_ERR_INVALID_ARGUMENT,
533 "AF_PACKET IPS mode used and interface '%s' is in IDS or TAP mode. "
534 "Sniffing '%s' but expect bad result as stream-inline is activated.",
535 live_dev, live_dev);
536 }
537 }
538 }
539
540 return has_ips;
541}
542
994bc15c
EL		 543#endif
544
545
38b349af 546int RunModeIdsAFPAutoFp(void)
e80b30c0
EL		 547{
548 SCEnter();
549
550/* We include only if AF_PACKET is enabled */
551#ifdef HAVE_AF_PACKET
75c875b1 552 int ret;
e80b30c0 553 char *live_dev = NULL;
e80b30c0 554
fbca1a4e
EL		 555 RunModeInitialize();
556
557 TimeModeSetLive();
558
2179ac25 559 (void)ConfGet("af-packet.live-interface", &live_dev);
fbca1a4e 560
75c875b1 561 SCLogDebug("live_dev %s", live_dev);
e80b30c0 562
662dccd8
EL		 563 if (AFPPeersListInit() != TM_ECODE_OK) {
564 SCLogError(SC_ERR_RUNMODE, "Unable to init peers list.");
565 exit(EXIT_FAILURE);
566 }
567
38b349af 568 ret = RunModeSetLiveCaptureAutoFp(ParseAFPConfig,
75c875b1
EL		 569 AFPConfigGeThreadsCount,
570 "ReceiveAFP",
41c768ce 571 "DecodeAFP", thread_name_autofp,
75c875b1
EL		 572 live_dev);
573 if (ret != 0) {
625a1e07 574 SCLogError(SC_ERR_RUNMODE, "Unable to start runmode");
75c875b1 575 exit(EXIT_FAILURE);
e80b30c0
EL		 576 }
577
662dccd8
EL		 578 /* In IPS mode each threads must have a peer */
579 if (AFPPeersListCheck() != TM_ECODE_OK) {
580 SCLogError(SC_ERR_RUNMODE, "Some IPS capture threads did not peer.");
581 exit(EXIT_FAILURE);
582 }
e80b30c0 583
86a3f064 584 SCLogDebug("RunModeIdsAFPAutoFp initialised");
e80b30c0
EL		 585#endif /* HAVE_AF_PACKET */
586
587 SCReturnInt(0);
588}
589
590/**
591 * \brief Single thread version of the AF_PACKET processing.
592 */
38b349af 593int RunModeIdsAFPSingle(void)
e80b30c0 594{
38b349af 595 SCEnter();
1aab2470
EL		 596#ifdef HAVE_AF_PACKET
597 int ret;
598 char *live_dev = NULL;
e80b30c0
EL		 599
600 RunModeInitialize();
601 TimeModeSetLive();
602
2179ac25 603 (void)ConfGet("af-packet.live-interface", &live_dev);
e80b30c0 604
662dccd8
EL		 605 if (AFPPeersListInit() != TM_ECODE_OK) {
606 SCLogError(SC_ERR_RUNMODE, "Unable to init peers list.");
607 exit(EXIT_FAILURE);
608 }
609
38b349af 610 ret = RunModeSetLiveCaptureSingle(ParseAFPConfig,
77869a2d
EL		 611 AFPConfigGeThreadsCount,
612 "ReceiveAFP",
41c768ce 613 "DecodeAFP", thread_name_single,
1aab2470
EL		 614 live_dev);
615 if (ret != 0) {
625a1e07 616 SCLogError(SC_ERR_RUNMODE, "Unable to start runmode");
e80b30c0
EL		 617 exit(EXIT_FAILURE);
618 }
e80b30c0 619
662dccd8
EL		 620 /* In IPS mode each threads must have a peer */
621 if (AFPPeersListCheck() != TM_ECODE_OK) {
622 SCLogError(SC_ERR_RUNMODE, "Some IPS capture threads did not peer.");
623 exit(EXIT_FAILURE);
624 }
625
86a3f064 626 SCLogDebug("RunModeIdsAFPSingle initialised");
e80b30c0
EL		 627
628#endif /* HAVE_AF_PACKET */
629 SCReturnInt(0);
c45d8985 630}
beaa909e
EL		 631
632/**
633 * \brief Workers version of the AF_PACKET processing.
634 *
635 * Start N threads with each thread doing all the work.
636 *
637 */
38b349af 638int RunModeIdsAFPWorkers(void)
beaa909e 639{
38b349af 640 SCEnter();
beaa909e
EL		 641#ifdef HAVE_AF_PACKET
642 int ret;
643 char *live_dev = NULL;
beaa909e
EL		 644
645 RunModeInitialize();
646 TimeModeSetLive();
647
2179ac25 648 (void)ConfGet("af-packet.live-interface", &live_dev);
beaa909e 649
662dccd8
EL		 650 if (AFPPeersListInit() != TM_ECODE_OK) {
651 SCLogError(SC_ERR_RUNMODE, "Unable to init peers list.");
652 exit(EXIT_FAILURE);
653 }
654
38b349af 655 ret = RunModeSetLiveCaptureWorkers(ParseAFPConfig,
beaa909e
EL		 656 AFPConfigGeThreadsCount,
657 "ReceiveAFP",
41c768ce 658 "DecodeAFP", thread_name_workers,
beaa909e
EL		 659 live_dev);
660 if (ret != 0) {
625a1e07 661 SCLogError(SC_ERR_RUNMODE, "Unable to start runmode");
beaa909e
EL		 662 exit(EXIT_FAILURE);
663 }
664
662dccd8
EL		 665 /* In IPS mode each threads must have a peer */
666 if (AFPPeersListCheck() != TM_ECODE_OK) {
667 SCLogError(SC_ERR_RUNMODE, "Some IPS capture threads did not peer.");
668 exit(EXIT_FAILURE);
669 }
670
86a3f064 671 SCLogDebug("RunModeIdsAFPWorkers initialised");
beaa909e
EL		 672
673#endif /* HAVE_AF_PACKET */
674 SCReturnInt(0);
675}
a6457262
EL		 676
677/**
678 * @}
679 */
Michael's tree of suricata