af-packet: don't default to defrag when inline

Don't default to defrag true when inline. It can still be enabled by
setting defrag to true however it is not recommended.

Ticket: #7617

diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c
index ec02b6d02f9e31006217ba86760af075e0f2af19..3315aac173f745898b31aa2010f018af6c20aa04 100644 (file)
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@@ -344,39 +344,38 @@ static void *ParseAFPConfig(const char *iface)
     }
 
     if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-type", &tmpctype) != 1) {
-        /* Default to our safest choice: flow hashing + defrag
-         * enabled, unless defrag has been disabled by the user. */
-        uint16_t defrag = PACKET_FANOUT_FLAG_DEFRAG;
-        int conf_val = 0;
-        SCLogConfig("%s: using flow cluster mode for AF_PACKET", aconf->iface);
-        if (ConfGetChildValueBoolWithDefault(if_root, if_default, "defrag", &conf_val)) {
-            if (!conf_val) {
-                SCLogConfig(
-                        "%s: disabling defrag kernel functionality for AF_PACKET", aconf->iface);
-                defrag = 0;
-            }
-        }
-        aconf->cluster_type = PACKET_FANOUT_HASH | defrag;
-        cluster_type = PACKET_FANOUT_HASH;
-    } else if (strcmp(tmpctype, "cluster_round_robin") == 0) {
+        SCLogConfig("%s: using default cluster-type of \"cluster_flow\"", aconf->iface);
+        tmpctype = "cluster_flow";
+    }
+
+    if (strcmp(tmpctype, "cluster_rollover") == 0) {
+        SCLogWarning(
+                "%s: cluster_rollover deprecated; using \"cluster_flow\" instead. See ticket #6128",
+                aconf->iface);
+        tmpctype = "cluster_flow";
+    }
+
+    if (strcmp(tmpctype, "cluster_round_robin") == 0) {
         SCLogConfig("%s: using round-robin cluster mode for AF_PACKET", aconf->iface);
         aconf->cluster_type = PACKET_FANOUT_LB;
         cluster_type = PACKET_FANOUT_LB;
-    } else if (strcmp(tmpctype, "cluster_flow") == 0 || strcmp(tmpctype, "cluster_rollover") == 0) {
-        if (strcmp(tmpctype, "cluster_rollover") == 0) {
-            SCLogWarning("%s: cluster_rollover deprecated; using \"cluster_flow\" instead. See "
-                         "ticket #6128",
-                    aconf->iface);
-        }
-        /* In hash mode, we also ask for defragmentation needed to
-         * compute the hash */
+    } else if (strcmp(tmpctype, "cluster_flow") == 0) {
+        /* Check for defrag. If not set by the user enable it when not
+         * inline. */
         uint16_t defrag = 0;
         int conf_val = 0;
         SCLogConfig("%s: using flow cluster mode for AF_PACKET", aconf->iface);
-        ConfGetChildValueBoolWithDefault(if_root, if_default, "defrag", &conf_val);
-        if (conf_val) {
-            SCLogConfig("%s: using defrag kernel functionality for AF_PACKET", aconf->iface);
-            defrag = PACKET_FANOUT_FLAG_DEFRAG;
+        if (ConfGetChildValueBoolWithDefault(if_root, if_default, "defrag", &conf_val)) {
+            if (conf_val) {
+                SCLogConfig("%s: using defrag kernel functionality for AF_PACKET", aconf->iface);
+                defrag = PACKET_FANOUT_FLAG_DEFRAG;
+            }
+        } else {
+            /* "defrag" not provided in config, default to true if not inline. */
+            if (aconf->copy_mode == 0) {
+                SCLogConfig("%s: enabling defrag for AF_PACKET cluster_flow", aconf->iface);
+                defrag = PACKET_FANOUT_FLAG_DEFRAG;
+            }
         }
         aconf->cluster_type = PACKET_FANOUT_HASH | defrag;
         cluster_type = PACKET_FANOUT_HASH;