-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2012 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
#include "util-device.h"
#include "util-runmodes.h"
#include "util-atomic.h"
+#include "util-misc.h"
static const char *default_mode = NULL;
return default_mode;
}
+int RunModeIdsPcapWorkers(DetectEngineCtx *de_ctx);
+
void RunModeIdsPcapRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "single",
"the same flow can be processed by any detect "
"thread",
RunModeIdsPcapAutoFp);
+ RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "workers",
+ "Workers pcap live mode, each thread does all"
+ " tasks from acquisition to logging",
+ RunModeIdsPcapWorkers);
return;
}
void *ParsePcapConfig(const char *iface)
{
+ char *threadsstr = NULL;
ConfNode *if_root;
ConfNode *pcap_node;
PcapIfaceConfig *aconf = SCMalloc(sizeof(*aconf));
return aconf;
}
+ if (ConfGetChildValue(if_root, "threads", &threadsstr) != 1) {
+ aconf->threads = 1;
+ } else {
+ if (threadsstr != NULL) {
+ aconf->threads = (uint8_t)atoi(threadsstr);
+ }
+ }
+ if (aconf->threads == 0) {
+ aconf->threads = 1;
+ }
if (aconf->buffer_size == 0) {
- if ((ConfGetChildValueInt(if_root, "buffer-size", &value)) == 1) {
- aconf->buffer_size = value;
- SCLogInfo("Pcap will use %d buffer size (config file provided "
- "value)", (int)value);
+ const char *s_limit = ConfNodeLookupChildValue(if_root, "buffer-size");
+ if (s_limit != NULL) {
+ uint64_t bsize = 0;
+
+ if (ParseSizeStringU64(s_limit, &bsize) < 0) {
+ SCLogError(SC_ERR_INVALID_ARGUMENT,
+ "Failed to parse pcap buffer size: %s",
+ s_limit);
+ } else {
+ /* the string 2gb returns 2147483648 which is 1 to high
+ * for a int. */
+ if (bsize == (uint64_t)((uint64_t)INT_MAX + (uint64_t)1))
+ bsize = (uint64_t)INT_MAX;
+
+ if (bsize > INT_MAX) {
+ SCLogError(SC_ERR_INVALID_ARGUMENT,
+ "Failed to set pcap buffer size: 2gb max. %"PRIu64" > %d", bsize, INT_MAX);
+ } else {
+ aconf->buffer_size = (int)bsize;
+ }
+ }
}
}
int PcapConfigGeThreadsCount(void *conf)
{
- return 1;
+ PcapIfaceConfig *pfp = (PcapIfaceConfig *)conf;
+ return pfp->threads;
}
/**
SCReturnInt(0);
}
+
+/**
+ * \brief Workers version of the PCAP LIVE processing.
+ *
+ * Start N threads with each thread doing all the work.
+ *
+ */
+int RunModeIdsPcapWorkers(DetectEngineCtx *de_ctx)
+{
+ int ret;
+ char *live_dev = NULL;
+ SCEnter();
+
+ RunModeInitialize();
+ TimeModeSetLive();
+
+ ConfGet("pcap.single-pcap-dev", &live_dev);
+
+ ret = RunModeSetLiveCaptureWorkers(de_ctx,
+ ParsePcapConfig,
+ PcapConfigGeThreadsCount,
+ "ReceivePcap",
+ "DecodePcap", "RxPcap",
+ live_dev);
+ if (ret != 0) {
+ SCLogError(SC_ERR_RUNMODE, "Unable to start runmode");
+ exit(EXIT_FAILURE);
+ }
+
+ SCLogInfo("RunModeIdsPcapWorkers initialised");
+
+ SCReturnInt(0);
+}
projects / thirdparty / suricata.git / commitdiff
