logging: only do non-blocking writes if live

If running against a pcap there is no reason to drop events,
a blocking socket is fine here. So only do non-blocking writes
when running off a live device.

diff --git a/src/suricata.c b/src/suricata.c
index fbe0305531c2283b19d726bc1caf17f2e627d026..6cd05f2c8a7005ee72ac0bcfce1266993f6e5782 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -197,6 +197,9 @@ volatile uint8_t suricata_ctl_flags = 0;
 /** Run mode selected */
 int run_mode = RUNMODE_UNKNOWN;
 
+/** Is this an offline run mode. */
+int run_mode_offline = 0;
+
 /** Engine mode: inline (ENGINE_MODE_IPS) or just
   * detection mode (ENGINE_MODE_IDS by default) */
 static enum EngineMode g_engine_mode = ENGINE_MODE_IDS;
@@ -2342,8 +2345,9 @@ static int FinalizeRunMode(SCInstance *suri, char **argv)
         default:
             break;
     }
-    /* Set the global run mode */
+    /* Set the global run mode and offline flag. */
     run_mode = suri->run_mode;
+    run_mode_offline = suri->offline;
 
     if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) {
         return TM_ECODE_FAILED;

diff --git a/src/suricata.h b/src/suricata.h
index 912f33b5d64807a9bccb773ddafbf3394f513eea..aaee9fe535e2d1f4b24b4aad18229b726787068a 100644 (file)
--- a/src/suricata.h
+++ b/src/suricata.h
@@ -194,6 +194,7 @@ int RunmodeGetCurrent(void);
 int IsRuleReloadSet(int quiet);
 
 extern int run_mode;
+extern int run_mode_offline;
 
 void PreRunInit(const int runmode);
 void PreRunPostPrivsDropInit(const int runmode);

diff --git a/src/util-logopenfile.c b/src/util-logopenfile.c
index 2413f5aae70de501b1c1d16d1eaa5e35b260f5e4..376a77af29eb74d968fe7da86aff25abda09c2fe 100644 (file)
--- a/src/util-logopenfile.c
+++ b/src/util-logopenfile.c
@@ -138,7 +138,7 @@ tryagain:
     errno = 0;
     if (ctx->fp != NULL) {
         int fd = fileno(ctx->fp);
-        ssize_t size = send(fd, buffer, buffer_len, MSG_DONTWAIT);
+        ssize_t size = send(fd, buffer, buffer_len, ctx->send_flags);
         if (size > -1) {
             ret = 0;
         } else {
@@ -505,6 +505,12 @@ SCConfLogOpenGeneric(ConfNode *conf,
         return -1;
     }
 
+    /* If a socket and running live, do non-blocking writes. */
+    if (log_ctx->is_sock && run_mode_offline == 0) {
+        SCLogInfo("Setting logging socket of non-blocking in live mode.");
+        log_ctx->send_flags |= MSG_DONTWAIT;
+    }
+
     SCLogInfo("%s output device (%s) initialized: %s", conf->name, filetype,
               filename);
 

diff --git a/src/util-logopenfile.h b/src/util-logopenfile.h
index 5e5d3a001f09ba5d3f46fe33cbcec9752ab47e0b..857f8b821c700eb18d6f65df08fedc57af92155a 100644 (file)
--- a/src/util-logopenfile.h
+++ b/src/util-logopenfile.h
@@ -122,6 +122,9 @@ typedef struct LogFileCtx_ {
     /* flag to avoid multiple threads printing the same stats */
     uint8_t flags;
 
+    /* flags to set when sending over a socket */
+    uint8_t send_flags;
+
     /* Flag if file is a regular file or not.  Only regular files
      * allow for rotataion. */
     uint8_t is_regular;