src/runmode-nflog.c

   1 /* Copyright (C) 2014 Open Information Security Foundation
   2  *
   3  * You can copy, redistribute or modify this Program under the terms of
   4  * the GNU General Public License version 2 as published by the Free
   5  * Software Foundation.
   6  *
   7  * This program is distributed in the hope that it will be useful,
   8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  10  * GNU General Public License for more details.
  11  *
  12  * You should have received a copy of the GNU General Public License
  13  * version 2 along with this program; if not, write to the Free Software
  14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  15  * 02110-1301, USA.
  16  */
  17
  18 /**
  19  * \file
  20  *
  21  * \author Giuseppe Longo <giuseppelng@gmail.com>
  22  */
  23 #include "suricata-common.h"
  24 #include "tm-threads.h"
  25 #include "conf.h"
  26 #include "runmodes.h"
  27 #include "runmode-nflog.h"
  28
  29 #include "util-debug.h"
  30 #include "util-device.h"
  31 #include "util-runmodes.h"
  32 #include "util-misc.h"
  33
  34 #include "source-nflog.h"
  35
  36 const char *RunModeIdsNflogGetDefaultMode(void)
  37 {
  38     return "autofp";
  39 }
  40
  41 void RunModeIdsNflogRegister(void)
  42 {
  43     RunModeRegisterNewRunMode(RUNMODE_NFLOG, "autofp",
  44                               "Multi threaded nflog mode",
  45                               RunModeIdsNflogAutoFp);
  46     RunModeRegisterNewRunMode(RUNMODE_NFLOG, "single",
  47                               "Single threaded nflog mode",
  48                               RunModeIdsNflogSingle);
  49     RunModeRegisterNewRunMode(RUNMODE_NFLOG, "workers",
  50                               "Workers nflog mode",
  51                               RunModeIdsNflogWorkers);
  52     return;
  53 }
  54
  55 #ifdef HAVE_NFLOG
  56 static void NflogDerefConfig(void *data)
  57 {
  58     NflogGroupConfig *nflogconf = (NflogGroupConfig *)data;
  59     SCFree(nflogconf);
  60 }
  61
  62 static void *ParseNflogConfig(const char *group)
  63 {
  64     ConfNode *group_root;
  65     ConfNode *group_default = NULL;
  66     ConfNode *nflog_node;
  67     NflogGroupConfig *nflogconf = SCMalloc(sizeof(*nflogconf));
  68     intmax_t bufsize;
  69     intmax_t bufsize_max;
  70     intmax_t qthreshold;
  71     intmax_t qtimeout;
  72     int boolval;
  73
  74     if (unlikely(nflogconf == NULL))
  75         return NULL;
  76
  77     if (group == NULL) {
  78         SCFree(nflogconf);
  79         return NULL;
  80     }
  81
  82     nflogconf->DerefFunc = NflogDerefConfig;
  83     nflog_node = ConfGetNode("nflog");
  84
  85     if (nflog_node == NULL) {
  86         SCLogInfo("Unable to find nflog config using default value");
  87         return nflogconf;
  88     }
  89
  90     group_root = ConfNodeLookupKeyValue(nflog_node, "group", group);
  91
  92     group_default = ConfNodeLookupKeyValue(nflog_node, "group", "default");
  93
  94     if (group_root == NULL && group_default == NULL) {
  95         SCLogInfo("Unable to find nflog config for "
  96                   "group \"%s\" or \"default\", using default value",
  97                   group);
  98         return nflogconf;
  99     }
 100
 101     nflogconf->nful_overrun_warned = 0;
 102     strlcpy(nflogconf->numgroup, group, sizeof(nflogconf->numgroup));
 103
 104     if (ParseSizeStringU16(group, &nflogconf->group) < 0) {
 105         FatalError(SC_ERR_FATAL, "NFLOG's group number invalid.");
 106     }
 107
 108     boolval = ConfGetChildValueIntWithDefault(group_root, group_default,
 109                                               "buffer-size", &bufsize);
 110
 111     if (boolval)
 112         nflogconf->nlbufsiz = bufsize;
 113     else {
 114         SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid buffer-size value");
 115         SCFree(nflogconf);
 116         return NULL;
 117     }
 118
 119     boolval = ConfGetChildValueIntWithDefault(group_root, group_default,
 120                                               "max-size", &bufsize_max);
 121
 122     if (boolval)
 123         nflogconf->nlbufsiz_max = bufsize_max;
 124     else {
 125         SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid max-size value");
 126         SCFree(nflogconf);
 127         return NULL;
 128     }
 129
 130     if (nflogconf->nlbufsiz > nflogconf->nlbufsiz_max) {
 131         SCLogWarning(SC_ERR_INVALID_ARGUMENT, "buffer-size value larger "
 132                 "than max-size value, adjusting buffer-size");
 133         nflogconf->nlbufsiz = nflogconf->nlbufsiz_max;
 134     }
 135
 136     boolval = ConfGetChildValueIntWithDefault(group_root, group_default,
 137                                               "qthreshold", &qthreshold);
 138
 139     if (boolval)
 140         nflogconf->qthreshold = qthreshold;
 141     else {
 142         SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid qthreshold value");
 143         SCFree(nflogconf);
 144         return NULL;
 145     }
 146
 147     boolval = ConfGetChildValueIntWithDefault(group_root, group_default,
 148                                               "qtimeout", &qtimeout);
 149
 150     if (boolval)
 151         nflogconf->qtimeout = qtimeout;
 152     else {
 153         SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid qtimeout value");
 154         SCFree(nflogconf);
 155         return NULL;
 156     }
 157
 158     return nflogconf;
 159 }
 160
 161 static int NflogConfigGeThreadsCount(void *conf)
 162 {
 163     /* for each nflog group there is no reason to use more than 1 thread */
 164     return 1;
 165 }
 166 #endif
 167
 168 int RunModeIdsNflogAutoFp(void)
 169 {
 170     SCEnter();
 171
 172 #ifdef HAVE_NFLOG
 173     int ret = 0;
 174     char *live_dev = NULL;
 175
 176     RunModeInitialize();
 177     TimeModeSetLive();
 178
 179     ret = RunModeSetLiveCaptureAutoFp(ParseNflogConfig,
 180                                       NflogConfigGeThreadsCount,
 181                                       "ReceiveNFLOG",
 182                                       "DecodeNFLOG",
 183                                       thread_name_autofp,
 184                                       live_dev);
 185     if (ret != 0) {
 186         FatalError(SC_ERR_FATAL, "Unable to start runmode");
 187     }
 188
 189     SCLogInfo("RunModeIdsNflogAutoFp initialised");
 190 #endif /* HAVE_NFLOG */
 191
 192     SCReturnInt(0);
 193 }
 194
 195 int RunModeIdsNflogSingle(void)
 196 {
 197     SCEnter();
 198
 199 #ifdef HAVE_NFLOG
 200     int ret = 0;
 201     char *live_dev = NULL;
 202
 203     RunModeInitialize();
 204     TimeModeSetLive();
 205
 206     ret = RunModeSetLiveCaptureSingle(ParseNflogConfig,
 207                                       NflogConfigGeThreadsCount,
 208                                       "ReceiveNFLOG",
 209                                       "DecodeNFLOG",
 210                                       thread_name_single,
 211                                       live_dev);
 212     if (ret != 0) {
 213         FatalError(SC_ERR_FATAL, "Unable to start runmode");
 214     }
 215
 216     SCLogInfo("RunModeIdsNflogSingle initialised");
 217 #endif /* HAVE_NFLOG */
 218
 219     SCReturnInt(0);
 220 }
 221
 222 int RunModeIdsNflogWorkers(void)
 223 {
 224     SCEnter();
 225
 226 #ifdef HAVE_NFLOG
 227     int ret = 0;
 228     char *live_dev = NULL;
 229
 230     RunModeInitialize();
 231     TimeModeSetLive();
 232
 233     ret = RunModeSetLiveCaptureWorkers(ParseNflogConfig,
 234                                        NflogConfigGeThreadsCount,
 235                                        "ReceiveNFLOG",
 236                                        "DecodeNFLOG",
 237                                        thread_name_workers,
 238                                        live_dev);
 239     if (ret != 0) {
 240         FatalError(SC_ERR_FATAL, "Unable to start runmode");
 241     }
 242
 243     SCLogInfo("RunModeIdsNflogWorkers initialised");
 244 #endif /* HAVE_NFLOG */
 245
 246     SCReturnInt(0);
 247 }