]> git.ipfire.org Git - people/ms/suricata.git/blame - src/runmode-af-packet.c
projects / people / ms / suricata.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
af-packet: put ring setup in a separate function
[people/ms/suricata.git] / src / runmode-af-packet.c
CommitLineData
c78e112e 1/* Copyright (C) 2011,2012 Open Information Security Foundation
c45d8985
EL		 2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
a6457262
EL		 18/**
19 * \ingroup afppacket
20 *
21 * @{
22 */
23
e80b30c0
EL		 24/**
25 * \file
26 *
27 * \author Eric Leblond <eric@regit.org>
28 *
29 * AF_PACKET socket runmode
30 *
31 */
32
33
c45d8985 34#include "suricata-common.h"
e80b30c0 35#include "config.h"
c45d8985
EL		 36#include "tm-threads.h"
37#include "conf.h"
38#include "runmodes.h"
39#include "runmode-af-packet.h"
40#include "log-httplog.h"
41#include "output.h"
c45d8985
EL		 42#include "detect-engine-mpm.h"
43
44#include "alert-fastlog.h"
45#include "alert-prelude.h"
c45d8985
EL		 46#include "alert-unified2-alert.h"
47#include "alert-debuglog.h"
48
49#include "util-debug.h"
50#include "util-time.h"
51#include "util-cpu.h"
52#include "util-affinity.h"
871b2189 53#include "util-device.h"
75c875b1 54#include "util-runmodes.h"
56373e5b 55#include "util-ioctl.h"
c45d8985 56
e80b30c0
EL		 57#include "source-af-packet.h"
58
8879df80
EL		 59extern int max_pending_packets;
60
c174c9d7 61static const char *default_mode_workers = NULL;
c45d8985
EL		 62
63const char *RunModeAFPGetDefaultMode(void)
64{
c174c9d7 65 return default_mode_workers;
c45d8985
EL		 66}
67
68void RunModeIdsAFPRegister(void)
69{
e80b30c0
EL		 70 RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "single",
71 "Single threaded af-packet mode",
72 RunModeIdsAFPSingle);
beaa909e
EL		 73 RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "workers",
74 "Workers af-packet mode, each thread does all"
75 " tasks from acquisition to logging",
76 RunModeIdsAFPWorkers);
c174c9d7 77 default_mode_workers = "workers";
e80b30c0
EL		 78 RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "autofp",
79 "Multi socket AF_PACKET mode. Packets from "
80 "each flow are assigned to a single detect "
81 "thread.",
82 RunModeIdsAFPAutoFp);
c45d8985
EL		 83 return;
84}
85
994bc15c
EL		 86
87#ifdef HAVE_AF_PACKET
88
45d5c3ca
EL		 89void AFPDerefConfig(void *conf)
90{
91 AFPIfaceConfig *pfp = (AFPIfaceConfig *)conf;
92 /* Pcap config is used only once but cost of this low. */
93 if (SC_ATOMIC_SUB(pfp->ref, 1) == 0) {
94 SCFree(pfp);
95 }
96}
97
f89a4219
VJ		 98/* if cluster id is not set, assign it automagically, uniq value per
99 * interface. */
100static int cluster_id_auto = 1;
101
fbca1a4e
EL		 102/**
103 * \brief extract information from config file
104 *
105 * The returned structure will be freed by the thread init function.
106 * This is thus necessary to or copy the structure before giving it
107 * to thread or to reparse the file for each thread (and thus have
108 * new structure.
109 *
110 * \return a AFPIfaceConfig corresponding to the interface name
111 */
75c875b1 112void *ParseAFPConfig(const char *iface)
fbca1a4e
EL		 113{
114 char *threadsstr = NULL;
115 ConfNode *if_root;
4ae27756 116 ConfNode *if_default = NULL;
fbca1a4e
EL		 117 ConfNode *af_packet_node;
118 AFPIfaceConfig *aconf = SCMalloc(sizeof(*aconf));
119 char *tmpclusterid;
120 char *tmpctype;
662dccd8 121 char *copymodestr;
fbca1a4e 122 intmax_t value;
67f791e8 123 int boolval;
f2a6fb8a 124 char *bpf_filter = NULL;
662dccd8 125 char *out_iface = NULL;
fbca1a4e 126
e176be6f 127 if (unlikely(aconf == NULL)) {
75c875b1
EL		 128 return NULL;
129 }
130
11bdf483
VJ		 131 if (iface == NULL) {
132 SCFree(aconf);
fbca1a4e
EL		 133 return NULL;
134 }
11bdf483 135
fbca1a4e
EL		 136 strlcpy(aconf->iface, iface, sizeof(aconf->iface));
137 aconf->threads = 1;
45d5c3ca 138 SC_ATOMIC_INIT(aconf->ref);
0227a87f 139 (void) SC_ATOMIC_ADD(aconf->ref, 1);
fbca1a4e
EL		 140 aconf->buffer_size = 0;
141 aconf->cluster_id = 1;
142 aconf->cluster_type = PACKET_FANOUT_HASH;
df7dbe36 143 aconf->promisc = 1;
6062e00c 144 aconf->checksum_mode = CHECKSUM_VALIDATION_KERNEL;
45d5c3ca 145 aconf->DerefFunc = AFPDerefConfig;
49b7b00f 146 aconf->flags = 0;
f2a6fb8a 147 aconf->bpf_filter = NULL;
662dccd8 148 aconf->out_iface = NULL;
c8b3f441 149 aconf->copy_mode = AFP_COPY_MODE_NONE;
f2a6fb8a
EL		 150
151 if (ConfGet("bpf-filter", &bpf_filter) == 1) {
152 if (strlen(bpf_filter) > 0) {
153 aconf->bpf_filter = bpf_filter;
154 SCLogInfo("Going to use command-line provided bpf filter '%s'",
155 aconf->bpf_filter);
156 }
157 }
fbca1a4e
EL		 158
159 /* Find initial node */
160 af_packet_node = ConfGetNode("af-packet");
161 if (af_packet_node == NULL) {
162 SCLogInfo("Unable to find af-packet config using default value");
163 return aconf;
164 }
165
aa8e747e 166 if_root = ConfFindDeviceConfig(af_packet_node, iface);
4ae27756 167
aa8e747e 168 if_default = ConfFindDeviceConfig(af_packet_node, "default");
4ae27756
EL		 169
170 if (if_root == NULL && if_default == NULL) {
fbca1a4e 171 SCLogInfo("Unable to find af-packet config for "
4ae27756 172 "interface \"%s\" or \"default\", using default value",
fbca1a4e
EL		 173 iface);
174 return aconf;
175 }
176
4ae27756
EL		 177 /* If there is no setting for current interface use default one as main iface */
178 if (if_root == NULL) {
179 if_root = if_default;
180 if_default = NULL;
181 }
182
183 if (ConfGetChildValueWithDefault(if_root, if_default, "threads", &threadsstr) != 1) {
c174c9d7 184 aconf->threads = 0;
fbca1a4e
EL		 185 } else {
186 if (threadsstr != NULL) {
c174c9d7
VJ		 187 if (strcmp(threadsstr, "auto") == 0) {
188 aconf->threads = 0;
189 } else {
190 aconf->threads = (uint8_t)atoi(threadsstr);
191 }
fbca1a4e
EL		 192 }
193 }
194 if (aconf->threads == 0) {
56373e5b 195 int rss_queues;
c174c9d7 196 aconf->threads = (int)UtilCpuGetNumProcessorsOnline();
56373e5b
EL		 197 /* Get the number of RSS queues and take the min */
198 rss_queues = GetIfaceRSSQueuesNum(iface);
199 if (rss_queues > 0) {
200 if (rss_queues < aconf->threads) {
201 aconf->threads = rss_queues;
f89a4219 202 SCLogInfo("More cores than RSS queues, using %d threads for interface %s",
56373e5b
EL		 203 aconf->threads, iface);
204 }
205 }
c174c9d7
VJ		 206 if (aconf->threads)
207 SCLogInfo("Using %d AF_PACKET threads for interface %s", aconf->threads, iface);
208 }
209 if (aconf->threads <= 0) {
fbca1a4e
EL		 210 aconf->threads = 1;
211 }
45d5c3ca 212
4ae27756 213 if (ConfGetChildValueWithDefault(if_root, if_default, "copy-iface", &out_iface) == 1) {
662dccd8
EL		 214 if (strlen(out_iface) > 0) {
215 aconf->out_iface = out_iface;
216 }
217 }
218
4ae27756 219 (void)ConfGetChildValueBoolWithDefault(if_root, if_default, "use-mmap", (int *)&boolval);
662dccd8
EL		 220 if (boolval) {
221 SCLogInfo("Enabling mmaped capture on iface %s",
222 aconf->iface);
223 aconf->flags |= AFP_RING_MODE;
224 }
bae1b03c
EL		 225 (void)ConfGetChildValueBoolWithDefault(if_root, if_default, "tpacket-v3", (int *)&boolval);
226 if (boolval) {
227 if (strcasecmp(RunmodeGetActive(), "workers") == 0) {
228 SCLogInfo("Enabling tpacket v3 capture on iface %s",
229 aconf->iface);
230 aconf->flags |= AFP_TPACKET_V3|AFP_RING_MODE;
231 } else {
232 SCLogError(SC_ERR_RUNMODE,
233 "tpacket v3 is only implemented for 'workers' running mode."
234 " Switching to tpacket v2.");
235 }
236 }
4ae27756 237 (void)ConfGetChildValueBoolWithDefault(if_root, if_default, "use-emergency-flush", (int *)&boolval);
27b5136b
EL		 238 if (boolval) {
239 SCLogInfo("Enabling ring emergency flush on iface %s",
240 aconf->iface);
241 aconf->flags |= AFP_EMERGENCY_MODE;
242 }
243
662dccd8
EL		 244
245 aconf->copy_mode = AFP_COPY_MODE_NONE;
4ae27756 246 if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) {
662dccd8
EL		 247 if (aconf->out_iface == NULL) {
248 SCLogInfo("Copy mode activated but no destination"
249 " iface. Disabling feature");
250 } else if (!(aconf->flags & AFP_RING_MODE)) {
251 SCLogInfo("Copy mode activated but use-mmap "
252 "set to no. Disabling feature");
253 } else if (strlen(copymodestr) <= 0) {
254 aconf->out_iface = NULL;
255 } else if (strcmp(copymodestr, "ips") == 0) {
256 SCLogInfo("AF_PACKET IPS mode activated %s->%s",
257 iface,
258 aconf->out_iface);
259 aconf->copy_mode = AFP_COPY_MODE_IPS;
260 } else if (strcmp(copymodestr, "tap") == 0) {
261 SCLogInfo("AF_PACKET TAP mode activated %s->%s",
262 iface,
263 aconf->out_iface);
264 aconf->copy_mode = AFP_COPY_MODE_TAP;
265 } else {
266 SCLogInfo("Invalid mode (not in tap, ips)");
267 }
268 }
269
45d5c3ca 270 SC_ATOMIC_RESET(aconf->ref);
0227a87f 271 (void) SC_ATOMIC_ADD(aconf->ref, aconf->threads);
45d5c3ca 272
4ae27756 273 if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-id", &tmpclusterid) != 1) {
f89a4219 274 aconf->cluster_id = (uint16_t)(cluster_id_auto++);
fbca1a4e
EL		 275 } else {
276 aconf->cluster_id = (uint16_t)atoi(tmpclusterid);
277 SCLogDebug("Going to use cluster-id %" PRId32, aconf->cluster_id);
278 }
279
4ae27756 280 if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-type", &tmpctype) != 1) {
f89a4219
VJ		 281 /* default to our safest choice: flow hashing + defrag enabled */
282 aconf->cluster_type = PACKET_FANOUT_HASH | PACKET_FANOUT_FLAG_DEFRAG;
fbca1a4e
EL		 283 } else if (strcmp(tmpctype, "cluster_round_robin") == 0) {
284 SCLogInfo("Using round-robin cluster mode for AF_PACKET (iface %s)",
285 aconf->iface);
286 aconf->cluster_type = PACKET_FANOUT_LB;
287 } else if (strcmp(tmpctype, "cluster_flow") == 0) {
288 /* In hash mode, we also ask for defragmentation needed to
289 * compute the hash */
290 uint16_t defrag = 0;
4c6595f4 291 int conf_val = 0;
fbca1a4e
EL		 292 SCLogInfo("Using flow cluster mode for AF_PACKET (iface %s)",
293 aconf->iface);
4c6595f4
EL		 294 ConfGetChildValueBoolWithDefault(if_root, if_default, "defrag", &conf_val);
295 if (conf_val) {
0df4c583 296 SCLogInfo("Using defrag kernel functionality for AF_PACKET (iface %s)",
fbca1a4e
EL		 297 aconf->iface);
298 defrag = PACKET_FANOUT_FLAG_DEFRAG;
299 }
300 aconf->cluster_type = PACKET_FANOUT_HASH | defrag;
301 } else if (strcmp(tmpctype, "cluster_cpu") == 0) {
302 SCLogInfo("Using cpu cluster mode for AF_PACKET (iface %s)",
303 aconf->iface);
304 aconf->cluster_type = PACKET_FANOUT_CPU;
dc306f3b
EL		 305 } else if (strcmp(tmpctype, "cluster_qm") == 0) {
306 SCLogInfo("Using queue based cluster mode for AF_PACKET (iface %s)",
307 aconf->iface);
308 aconf->cluster_type = PACKET_FANOUT_QM;
309 } else if (strcmp(tmpctype, "cluster_random") == 0) {
310 SCLogInfo("Using random based cluster mode for AF_PACKET (iface %s)",
311 aconf->iface);
312 aconf->cluster_type = PACKET_FANOUT_RND;
313 } else if (strcmp(tmpctype, "cluster_rollover") == 0) {
314 SCLogInfo("Using rollover based cluster mode for AF_PACKET (iface %s)",
315 aconf->iface);
316 aconf->cluster_type = PACKET_FANOUT_ROLLOVER;
317
fbca1a4e
EL		 318 } else {
319 SCLogError(SC_ERR_INVALID_CLUSTER_TYPE,"invalid cluster-type %s",tmpctype);
11bdf483 320 SCFree(aconf);
fbca1a4e
EL		 321 return NULL;
322 }
323
8fde842f
EL		 324 int conf_val = 0;
325 ConfGetChildValueBoolWithDefault(if_root, if_default, "rollover", &conf_val);
326 if (conf_val) {
327 SCLogInfo("Using rollover kernel functionality for AF_PACKET (iface %s)",
328 aconf->iface);
329 aconf->cluster_type |= PACKET_FANOUT_FLAG_ROLLOVER;
330 }
331
f2a6fb8a
EL		 332 /*load af_packet bpf filter*/
333 /* command line value has precedence */
334 if (ConfGet("bpf-filter", &bpf_filter) != 1) {
4ae27756 335 if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
f2a6fb8a
EL		 336 if (strlen(bpf_filter) > 0) {
337 aconf->bpf_filter = bpf_filter;
338 SCLogInfo("Going to use bpf filter %s", aconf->bpf_filter);
339 }
340 }
341 }
342
4ae27756 343 if ((ConfGetChildValueIntWithDefault(if_root, if_default, "buffer-size", &value)) == 1) {
fbca1a4e
EL		 344 aconf->buffer_size = value;
345 } else {
346 aconf->buffer_size = 0;
347 }
4ae27756 348 if ((ConfGetChildValueIntWithDefault(if_root, if_default, "ring-size", &value)) == 1) {
8879df80
EL		 349 aconf->ring_size = value;
350 if (value * aconf->threads < max_pending_packets) {
351 aconf->ring_size = max_pending_packets / aconf->threads + 1;
352 SCLogWarning(SC_ERR_AFP_CREATE, "Inefficient setup: ring-size < max_pending_packets. "
353 "Resetting to decent value %d.", aconf->ring_size);
354 /* We want at least that max_pending_packets packets can be handled by the
355 * interface. This is generous if we have multiple interfaces listening. */
356 }
357 } else {
358 /* We want that max_pending_packets packets can be handled by suricata
359 * for this interface. To take burst into account we multiply the obtained
360 * size by 2. */
361 aconf->ring_size = max_pending_packets * 2 / aconf->threads;
362 }
fbca1a4e 363
4ae27756 364 (void)ConfGetChildValueBoolWithDefault(if_root, if_default, "disable-promisc", (int *)&boolval);
67f791e8 365 if (boolval) {
df7dbe36
EL		 366 SCLogInfo("Disabling promiscuous mode on iface %s",
367 aconf->iface);
368 aconf->promisc = 0;
369 }
67f791e8 370
4ae27756 371 if (ConfGetChildValueWithDefault(if_root, if_default, "checksum-checks", &tmpctype) == 1) {
6062e00c 372 if (strcmp(tmpctype, "auto") == 0) {
6062e00c 373 aconf->checksum_mode = CHECKSUM_VALIDATION_AUTO;
d18e2f6e 374 } else if (ConfValIsTrue(tmpctype)) {
6062e00c 375 aconf->checksum_mode = CHECKSUM_VALIDATION_ENABLE;
d18e2f6e 376 } else if (ConfValIsFalse(tmpctype)) {
6062e00c
EL		 377 aconf->checksum_mode = CHECKSUM_VALIDATION_DISABLE;
378 } else if (strcmp(tmpctype, "kernel") == 0) {
379 aconf->checksum_mode = CHECKSUM_VALIDATION_KERNEL;
380 } else {
381 SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid value for checksum-checks for %s", aconf->iface);
382 }
383 }
df7dbe36 384
b7bf299e
EL		 385
386 int ltype = AFPGetLinkType(iface);
387 switch (ltype) {
388 case LINKTYPE_ETHERNET:
389 if (GetIfaceOffloading(iface) == 1) {
390 SCLogWarning(SC_ERR_AFP_CREATE,
391 "Using AF_PACKET with GRO or LRO activated can lead to capture problems");
392 }
393 case -1:
394 default:
395 break;
e951afb9
VJ		 396 }
397
bed18678
VJ		 398 char *active_runmode = RunmodeGetActive();
399 if (active_runmode && !strcmp("workers", active_runmode)) {
400 aconf->flags |= AFP_ZERO_COPY;
401 SCLogInfo("%s: enabling zero copy mode", iface);
402 } else {
403 /* If we are using copy mode we need a lock */
404 aconf->flags |= AFP_SOCK_PROTECT;
405 }
406
407 /* If we are in RING mode, then we can use ZERO copy
408 * by using the data release mechanism */
409 if (aconf->flags & AFP_RING_MODE) {
410 aconf->flags |= AFP_ZERO_COPY;
411 SCLogInfo("%s: enabling zero copy mode by using data release call", iface);
412 }
413
fbca1a4e
EL		 414 return aconf;
415}
416
75c875b1
EL		 417int AFPConfigGeThreadsCount(void *conf)
418{
419 AFPIfaceConfig *afp = (AFPIfaceConfig *)conf;
420 return afp->threads;
421}
fbca1a4e 422
1e36053e
EL		 423int AFPRunModeIsIPS()
424{
425 int nlive = LiveGetDeviceCount();
426 int ldev;
427 ConfNode *if_root;
428 ConfNode *if_default = NULL;
429 ConfNode *af_packet_node;
430 int has_ips = 0;
431 int has_ids = 0;
432
433 /* Find initial node */
434 af_packet_node = ConfGetNode("af-packet");
435 if (af_packet_node == NULL) {
436 return 0;
437 }
438
439 if_default = ConfNodeLookupKeyValue(af_packet_node, "interface", "default");
440
441 for (ldev = 0; ldev < nlive; ldev++) {
442 char *live_dev = LiveGetDeviceName(ldev);
7cdc5706
VJ		 443 if (live_dev == NULL) {
444 SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file");
445 return 0;
446 }
1e36053e 447 char *copymodestr = NULL;
aa8e747e 448 if_root = ConfFindDeviceConfig(af_packet_node, live_dev);
1e36053e
EL		 449
450 if (if_root == NULL) {
451 if (if_default == NULL) {
452 SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file");
453 return 0;
454 }
455 if_root = if_default;
456 }
457
458 if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) {
459 if (strcmp(copymodestr, "ips") == 0) {
460 has_ips = 1;
461 } else {
462 has_ids = 1;
463 }
464 } else {
465 has_ids = 1;
466 }
467 }
468
469 if (has_ids && has_ips) {
470 SCLogInfo("AF_PACKET mode using IPS and IDS mode");
471 for (ldev = 0; ldev < nlive; ldev++) {
472 char *live_dev = LiveGetDeviceName(ldev);
7cdc5706
VJ		 473 if (live_dev == NULL) {
474 SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file");
475 return 0;
476 }
1e36053e
EL		 477 if_root = ConfNodeLookupKeyValue(af_packet_node, "interface", live_dev);
478 char *copymodestr = NULL;
479
480 if (if_root == NULL) {
481 if (if_default == NULL) {
482 SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file");
483 return 0;
484 }
485 if_root = if_default;
486 }
487
488 if (! ((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) &&
489 (strcmp(copymodestr, "ips") == 0))) {
490 SCLogError(SC_ERR_INVALID_ARGUMENT,
491 "AF_PACKET IPS mode used and interface '%s' is in IDS or TAP mode. "
492 "Sniffing '%s' but expect bad result as stream-inline is activated.",
493 live_dev, live_dev);
494 }
495 }
496 }
497
498 return has_ips;
499}
500
994bc15c
EL		 501#endif
502
503
38b349af 504int RunModeIdsAFPAutoFp(void)
e80b30c0
EL		 505{
506 SCEnter();
507
508/* We include only if AF_PACKET is enabled */
509#ifdef HAVE_AF_PACKET
75c875b1 510 int ret;
e80b30c0 511 char *live_dev = NULL;
e80b30c0 512
fbca1a4e
EL		 513 RunModeInitialize();
514
515 TimeModeSetLive();
516
2179ac25 517 (void)ConfGet("af-packet.live-interface", &live_dev);
fbca1a4e 518
75c875b1 519 SCLogDebug("live_dev %s", live_dev);
e80b30c0 520
662dccd8
EL		 521 if (AFPPeersListInit() != TM_ECODE_OK) {
522 SCLogError(SC_ERR_RUNMODE, "Unable to init peers list.");
523 exit(EXIT_FAILURE);
524 }
525
38b349af 526 ret = RunModeSetLiveCaptureAutoFp(ParseAFPConfig,
75c875b1
EL		 527 AFPConfigGeThreadsCount,
528 "ReceiveAFP",
41c768ce 529 "DecodeAFP", thread_name_autofp,
75c875b1
EL		 530 live_dev);
531 if (ret != 0) {
625a1e07 532 SCLogError(SC_ERR_RUNMODE, "Unable to start runmode");
75c875b1 533 exit(EXIT_FAILURE);
e80b30c0
EL		 534 }
535
662dccd8
EL		 536 /* In IPS mode each threads must have a peer */
537 if (AFPPeersListCheck() != TM_ECODE_OK) {
538 SCLogError(SC_ERR_RUNMODE, "Some IPS capture threads did not peer.");
539 exit(EXIT_FAILURE);
540 }
e80b30c0 541
86a3f064 542 SCLogDebug("RunModeIdsAFPAutoFp initialised");
e80b30c0
EL		 543#endif /* HAVE_AF_PACKET */
544
545 SCReturnInt(0);
546}
547
548/**
549 * \brief Single thread version of the AF_PACKET processing.
550 */
38b349af 551int RunModeIdsAFPSingle(void)
e80b30c0 552{
38b349af 553 SCEnter();
1aab2470
EL		 554#ifdef HAVE_AF_PACKET
555 int ret;
556 char *live_dev = NULL;
e80b30c0
EL		 557
558 RunModeInitialize();
559 TimeModeSetLive();
560
2179ac25 561 (void)ConfGet("af-packet.live-interface", &live_dev);
e80b30c0 562
662dccd8
EL		 563 if (AFPPeersListInit() != TM_ECODE_OK) {
564 SCLogError(SC_ERR_RUNMODE, "Unable to init peers list.");
565 exit(EXIT_FAILURE);
566 }
567
38b349af 568 ret = RunModeSetLiveCaptureSingle(ParseAFPConfig,
77869a2d
EL		 569 AFPConfigGeThreadsCount,
570 "ReceiveAFP",
41c768ce 571 "DecodeAFP", thread_name_single,
1aab2470
EL		 572 live_dev);
573 if (ret != 0) {
625a1e07 574 SCLogError(SC_ERR_RUNMODE, "Unable to start runmode");
e80b30c0
EL		 575 exit(EXIT_FAILURE);
576 }
e80b30c0 577
662dccd8
EL		 578 /* In IPS mode each threads must have a peer */
579 if (AFPPeersListCheck() != TM_ECODE_OK) {
580 SCLogError(SC_ERR_RUNMODE, "Some IPS capture threads did not peer.");
581 exit(EXIT_FAILURE);
582 }
583
86a3f064 584 SCLogDebug("RunModeIdsAFPSingle initialised");
e80b30c0
EL		 585
586#endif /* HAVE_AF_PACKET */
587 SCReturnInt(0);
c45d8985 588}
beaa909e
EL		 589
590/**
591 * \brief Workers version of the AF_PACKET processing.
592 *
593 * Start N threads with each thread doing all the work.
594 *
595 */
38b349af 596int RunModeIdsAFPWorkers(void)
beaa909e 597{
38b349af 598 SCEnter();
beaa909e
EL		 599#ifdef HAVE_AF_PACKET
600 int ret;
601 char *live_dev = NULL;
beaa909e
EL		 602
603 RunModeInitialize();
604 TimeModeSetLive();
605
2179ac25 606 (void)ConfGet("af-packet.live-interface", &live_dev);
beaa909e 607
662dccd8
EL		 608 if (AFPPeersListInit() != TM_ECODE_OK) {
609 SCLogError(SC_ERR_RUNMODE, "Unable to init peers list.");
610 exit(EXIT_FAILURE);
611 }
612
38b349af 613 ret = RunModeSetLiveCaptureWorkers(ParseAFPConfig,
beaa909e
EL		 614 AFPConfigGeThreadsCount,
615 "ReceiveAFP",
41c768ce 616 "DecodeAFP", thread_name_workers,
beaa909e
EL		 617 live_dev);
618 if (ret != 0) {
625a1e07 619 SCLogError(SC_ERR_RUNMODE, "Unable to start runmode");
beaa909e
EL		 620 exit(EXIT_FAILURE);
621 }
622
662dccd8
EL		 623 /* In IPS mode each threads must have a peer */
624 if (AFPPeersListCheck() != TM_ECODE_OK) {
625 SCLogError(SC_ERR_RUNMODE, "Some IPS capture threads did not peer.");
626 exit(EXIT_FAILURE);
627 }
628
86a3f064 629 SCLogDebug("RunModeIdsAFPWorkers initialised");
beaa909e
EL		 630
631#endif /* HAVE_AF_PACKET */
632 SCReturnInt(0);
633}
a6457262
EL		 634
635/**
636 * @}
637 */
Michael's tree of suricata