*/
#include "suricata-common.h"
+#include "suricata.h"
#include "tm-threads.h"
#include "conf.h"
#include "runmodes.h"
return "workers";
}
+static int AFPRunModeIsIPS(void)
+{
+ int nlive = LiveGetDeviceCount();
+ int ldev;
+ ConfNode *if_root;
+ ConfNode *if_default = NULL;
+ ConfNode *af_packet_node;
+ int has_ips = 0;
+ int has_ids = 0;
+
+ /* Find initial node */
+ af_packet_node = ConfGetNode("af-packet");
+ if (af_packet_node == NULL) {
+ return 0;
+ }
+
+ if_default = ConfNodeLookupKeyValue(af_packet_node, "interface", "default");
+
+ for (ldev = 0; ldev < nlive; ldev++) {
+ const char *live_dev = LiveGetDeviceName(ldev);
+ if (live_dev == NULL) {
+ SCLogError("Problem with config file");
+ return 0;
+ }
+ const char *copymodestr = NULL;
+ if_root = ConfFindDeviceConfig(af_packet_node, live_dev);
+
+ if (if_root == NULL) {
+ if (if_default == NULL) {
+ SCLogError("Problem with config file");
+ return 0;
+ }
+ if_root = if_default;
+ }
+
+ if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) {
+ if (strcmp(copymodestr, "ips") == 0) {
+ has_ips = 1;
+ } else {
+ has_ids = 1;
+ }
+ } else {
+ has_ids = 1;
+ }
+ }
+
+ if (has_ids && has_ips) {
+ SCLogWarning("AF_PACKET using both IPS and TAP/IDS mode, this will not "
+ "be allowed in Suricata 8 due to undefined behavior. See ticket #5588.");
+ for (ldev = 0; ldev < nlive; ldev++) {
+ const char *live_dev = LiveGetDeviceName(ldev);
+ if (live_dev == NULL) {
+ SCLogError("Problem with config file");
+ return 0;
+ }
+ if_root = ConfNodeLookupKeyValue(af_packet_node, "interface", live_dev);
+ const char *copymodestr = NULL;
+
+ if (if_root == NULL) {
+ if (if_default == NULL) {
+ SCLogError("Problem with config file");
+ return 0;
+ }
+ if_root = if_default;
+ }
+
+ if (!((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) ==
+ 1) &&
+ (strcmp(copymodestr, "ips") == 0))) {
+ SCLogError("AF_PACKET IPS mode used and interface '%s' is in IDS or TAP mode. "
+ "Sniffing '%s' but expect bad result as stream-inline is activated.",
+ live_dev, live_dev);
+ }
+ }
+ }
+
+ return has_ips;
+}
+
+static void AFPRunModeEnableIPS(void)
+{
+ if (AFPRunModeIsIPS()) {
+ SCLogInfo("Setting IPS mode");
+ EngineModeSetIPS();
+ }
+}
+
void RunModeIdsAFPRegister(void)
{
- RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "single",
- "Single threaded af-packet mode",
- RunModeIdsAFPSingle);
+ RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "single", "Single threaded af-packet mode",
+ RunModeIdsAFPSingle, AFPRunModeEnableIPS);
RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "workers",
- "Workers af-packet mode, each thread does all"
- " tasks from acquisition to logging",
- RunModeIdsAFPWorkers);
+ "Workers af-packet mode, each thread does all"
+ " tasks from acquisition to logging",
+ RunModeIdsAFPWorkers, AFPRunModeEnableIPS);
RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "autofp",
- "Multi socket AF_PACKET mode. Packets from "
- "each flow are assigned to a single detect "
- "thread.",
- RunModeIdsAFPAutoFp);
+ "Multi socket AF_PACKET mode. Packets from "
+ "each flow are assigned to a single detect "
+ "thread.",
+ RunModeIdsAFPAutoFp, AFPRunModeEnableIPS);
return;
}
return afp->threads;
}
-int AFPRunModeIsIPS(void)
-{
- int nlive = LiveGetDeviceCount();
- int ldev;
- ConfNode *if_root;
- ConfNode *if_default = NULL;
- ConfNode *af_packet_node;
- int has_ips = 0;
- int has_ids = 0;
-
- /* Find initial node */
- af_packet_node = ConfGetNode("af-packet");
- if (af_packet_node == NULL) {
- return 0;
- }
-
- if_default = ConfNodeLookupKeyValue(af_packet_node, "interface", "default");
-
- for (ldev = 0; ldev < nlive; ldev++) {
- const char *live_dev = LiveGetDeviceName(ldev);
- if (live_dev == NULL) {
- SCLogError("Problem with config file");
- return 0;
- }
- const char *copymodestr = NULL;
- if_root = ConfFindDeviceConfig(af_packet_node, live_dev);
-
- if (if_root == NULL) {
- if (if_default == NULL) {
- SCLogError("Problem with config file");
- return 0;
- }
- if_root = if_default;
- }
-
- if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) {
- if (strcmp(copymodestr, "ips") == 0) {
- has_ips = 1;
- } else {
- has_ids = 1;
- }
- } else {
- has_ids = 1;
- }
- }
-
- if (has_ids && has_ips) {
- SCLogWarning("AF_PACKET using both IPS and TAP/IDS mode, this will not "
- "be allowed in Suricata 8 due to undefined behavior. See ticket #5588.");
- for (ldev = 0; ldev < nlive; ldev++) {
- const char *live_dev = LiveGetDeviceName(ldev);
- if (live_dev == NULL) {
- SCLogError("Problem with config file");
- return 0;
- }
- if_root = ConfNodeLookupKeyValue(af_packet_node, "interface", live_dev);
- const char *copymodestr = NULL;
-
- if (if_root == NULL) {
- if (if_default == NULL) {
- SCLogError("Problem with config file");
- return 0;
- }
- if_root = if_default;
- }
-
- if (! ((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) &&
- (strcmp(copymodestr, "ips") == 0))) {
- SCLogError("AF_PACKET IPS mode used and interface '%s' is in IDS or TAP mode. "
- "Sniffing '%s' but expect bad result as stream-inline is activated.",
- live_dev, live_dev);
- }
- }
- }
-
- return has_ips;
-}
-
-#endif
-
+#endif /* HAVE_AF_PACKET */
int RunModeIdsAFPAutoFp(void)
{
FatalError("Unable to init peers list.");
}
- ret = RunModeSetLiveCaptureAutoFp(ParseAFPConfig,
- AFPConfigGeThreadsCount,
- "ReceiveAFP",
- "DecodeAFP", thread_name_autofp,
- live_dev);
+ ret = RunModeSetLiveCaptureAutoFp(ParseAFPConfig, AFPConfigGeThreadsCount, "ReceiveAFP",
+ "DecodeAFP", thread_name_autofp, live_dev);
if (ret != 0) {
FatalError("Unable to start runmode");
}
FatalError("Unable to init peers list.");
}
- ret = RunModeSetLiveCaptureWorkers(ParseAFPConfig,
- AFPConfigGeThreadsCount,
- "ReceiveAFP",
- "DecodeAFP", thread_name_workers,
- live_dev);
+ ret = RunModeSetLiveCaptureWorkers(ParseAFPConfig, AFPConfigGeThreadsCount, "ReceiveAFP",
+ "DecodeAFP", thread_name_workers, live_dev);
if (ret != 0) {
FatalError("Unable to start runmode");
}
int RunModeIdsAFPWorkers(void);
void RunModeIdsAFPRegister(void);
const char *RunModeAFPGetDefaultMode(void);
-int AFPRunModeIsIPS(void);
#endif /* __RUNMODE_AF_PACKET_H__ */
void RunModeIdsAFXDPRegister(void)
{
- RunModeRegisterNewRunMode(
- RUNMODE_AFXDP_DEV, "single", "Single threaded af-xdp mode", RunModeIdsAFXDPSingle);
+ RunModeRegisterNewRunMode(RUNMODE_AFXDP_DEV, "single", "Single threaded af-xdp mode",
+ RunModeIdsAFXDPSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_AFXDP_DEV, "workers",
"Workers af-xdp mode, each thread does all"
" tasks from acquisition to logging",
- RunModeIdsAFXDPWorkers);
+ RunModeIdsAFXDPWorkers, NULL);
return;
}
RunModeRegisterNewRunMode(RUNMODE_DPDK, "workers",
"Workers DPDK mode, each thread does all"
" tasks from acquisition to logging",
- RunModeIdsDpdkWorkers);
+ RunModeIdsDpdkWorkers, NULL);
}
/**
void RunModeErfDagRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_DAG, "autofp",
- "Multi threaded DAG mode. Packets from "
- "each flow are assigned to a single detect "
- "thread, unlike \"dag_auto\" where packets "
- "from the same flow can be processed by any "
- "detect thread",
- RunModeIdsErfDagAutoFp);
+ "Multi threaded DAG mode. Packets from "
+ "each flow are assigned to a single detect "
+ "thread, unlike \"dag_auto\" where packets "
+ "from the same flow can be processed by any "
+ "detect thread",
+ RunModeIdsErfDagAutoFp, NULL);
- RunModeRegisterNewRunMode(RUNMODE_DAG, "single",
- "Singled threaded DAG mode",
- RunModeIdsErfDagSingle);
+ RunModeRegisterNewRunMode(
+ RUNMODE_DAG, "single", "Singled threaded DAG mode", RunModeIdsErfDagSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_DAG, "workers",
- "Workers DAG mode, each thread does all "
- " tasks from acquisition to logging",
- RunModeIdsErfDagWorkers);
+ "Workers DAG mode, each thread does all "
+ " tasks from acquisition to logging",
+ RunModeIdsErfDagWorkers, NULL);
return;
}
TimeModeSetLive();
- ret = RunModeSetLiveCaptureAutoFp(ParseDagConfig,
- DagConfigGetThreadCount,
- "ReceiveErfDag",
- "DecodeErfDag",
- thread_name_autofp,
- NULL);
+ ret = RunModeSetLiveCaptureAutoFp(ParseDagConfig, DagConfigGetThreadCount, "ReceiveErfDag",
+ "DecodeErfDag", thread_name_autofp, NULL);
if (ret != 0) {
FatalError("DAG autofp runmode failed to start");
}
TimeModeSetLive();
- ret = RunModeSetLiveCaptureWorkers(ParseDagConfig,
- DagConfigGetThreadCount,
- "ReceiveErfDag",
- "DecodeErfDag",
- thread_name_workers,
- NULL);
+ ret = RunModeSetLiveCaptureWorkers(ParseDagConfig, DagConfigGetThreadCount, "ReceiveErfDag",
+ "DecodeErfDag", thread_name_workers, NULL);
if (ret != 0) {
FatalError("DAG workers runmode failed to start");
}
void RunModeErfFileRegister(void)
{
- RunModeRegisterNewRunMode(RUNMODE_ERF_FILE, "single",
- "Single threaded ERF file mode",
- RunModeErfFileSingle);
+ RunModeRegisterNewRunMode(RUNMODE_ERF_FILE, "single", "Single threaded ERF file mode",
+ RunModeErfFileSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_ERF_FILE, "autofp",
- "Multi threaded ERF file mode. Packets from "
- "each flow are assigned to a single detect thread",
- RunModeErfFileAutoFp);
+ "Multi threaded ERF file mode. Packets from "
+ "each flow are assigned to a single detect thread",
+ RunModeErfFileAutoFp, NULL);
return;
}
void RunModeIpsIPFWRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_IPFW, "autofp",
- "Multi threaded IPFW IPS mode with respect to flow",
- RunModeIpsIPFWAutoFp);
+ "Multi threaded IPFW IPS mode with respect to flow", RunModeIpsIPFWAutoFp, NULL);
RunModeRegisterNewRunMode(RUNMODE_IPFW, "workers",
- "Multi queue IPFW IPS mode with one thread per queue",
- RunModeIpsIPFWWorker);
+ "Multi queue IPFW IPS mode with one thread per queue", RunModeIpsIPFWWorker, NULL);
return;
}
RunModeRegisterNewRunMode(RUNMODE_NAPATECH, "workers",
"Workers Napatech mode, each thread does all"
" tasks from acquisition to logging",
- RunModeNapatechWorkers);
+ RunModeNapatechWorkers, NULL);
return;
#endif
}
switch (runmode) {
case NT_RUNMODE_WORKERS:
- status = RunModeSetLiveCaptureWorkers(NapatechConfigParser,
- NapatechGetThreadsCount,
- "NapatechStream", "NapatechDecode",
- thread_name_workers, NULL);
+ status = RunModeSetLiveCaptureWorkers(NapatechConfigParser, NapatechGetThreadsCount,
+ "NapatechStream", "NapatechDecode", thread_name_workers, NULL);
break;
default:
status = -1;
#include "source-netmap.h"
#include "util-conf.h"
+#include "suricata.h"
extern int max_pending_packets;
return "workers";
}
+static int NetmapRunModeIsIPS(void)
+{
+ int nlive = LiveGetDeviceCount();
+ int ldev;
+ ConfNode *if_root;
+ ConfNode *if_default = NULL;
+ ConfNode *netmap_node;
+ int has_ips = 0;
+ int has_ids = 0;
+
+ /* Find initial node */
+ netmap_node = ConfGetNode("netmap");
+ if (netmap_node == NULL) {
+ return 0;
+ }
+
+ if_default = ConfNodeLookupKeyValue(netmap_node, "interface", "default");
+
+ for (ldev = 0; ldev < nlive; ldev++) {
+ const char *live_dev = LiveGetDeviceName(ldev);
+ if (live_dev == NULL) {
+ SCLogError("Problem with config file");
+ return 0;
+ }
+ const char *copymodestr = NULL;
+ if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev);
+
+ if (if_root == NULL) {
+ if (if_default == NULL) {
+ SCLogError("Problem with config file");
+ return 0;
+ }
+ if_root = if_default;
+ }
+
+ if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) {
+ if (strcmp(copymodestr, "ips") == 0) {
+ has_ips = 1;
+ } else {
+ has_ids = 1;
+ }
+ } else {
+ has_ids = 1;
+ }
+ }
+
+ if (has_ids && has_ips) {
+ SCLogWarning("Netmap using both IPS and TAP/IDS mode, this will not be "
+ "allowed in Suricata 8 due to undefined behavior. See ticket #5588.");
+ for (ldev = 0; ldev < nlive; ldev++) {
+ const char *live_dev = LiveGetDeviceName(ldev);
+ if (live_dev == NULL) {
+ SCLogError("Problem with config file");
+ return 0;
+ }
+ if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev);
+ const char *copymodestr = NULL;
+
+ if (if_root == NULL) {
+ if (if_default == NULL) {
+ SCLogError("Problem with config file");
+ return 0;
+ }
+ if_root = if_default;
+ }
+
+ if (!((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) ==
+ 1) &&
+ (strcmp(copymodestr, "ips") == 0))) {
+ SCLogError("Netmap IPS mode used and interface '%s' is in IDS or TAP mode. "
+ "Sniffing '%s' but expect bad result as stream-inline is activated.",
+ live_dev, live_dev);
+ }
+ }
+ }
+
+ return has_ips;
+}
+
+static void NetmapRunModeEnableIPS(void)
+{
+ if (NetmapRunModeIsIPS()) {
+ SCLogInfo("Netmap: Setting IPS mode");
+ EngineModeSetIPS();
+ }
+}
+
void RunModeIdsNetmapRegister(void)
{
- RunModeRegisterNewRunMode(RUNMODE_NETMAP, "single",
- "Single threaded netmap mode",
- RunModeIdsNetmapSingle);
+ RunModeRegisterNewRunMode(RUNMODE_NETMAP, "single", "Single threaded netmap mode",
+ RunModeIdsNetmapSingle, NetmapRunModeEnableIPS);
RunModeRegisterNewRunMode(RUNMODE_NETMAP, "workers",
"Workers netmap mode, each thread does all"
" tasks from acquisition to logging",
- RunModeIdsNetmapWorkers);
+ RunModeIdsNetmapWorkers, NetmapRunModeEnableIPS);
RunModeRegisterNewRunMode(RUNMODE_NETMAP, "autofp",
"Multi-threaded netmap mode. Packets from "
"each flow are assigned to a single detect "
"thread.",
- RunModeIdsNetmapAutoFp);
+ RunModeIdsNetmapAutoFp, NetmapRunModeEnableIPS);
return;
}
return aconf->in.threads;
}
-int NetmapRunModeIsIPS(void)
-{
- int nlive = LiveGetDeviceCount();
- int ldev;
- ConfNode *if_root;
- ConfNode *if_default = NULL;
- ConfNode *netmap_node;
- int has_ips = 0;
- int has_ids = 0;
-
- /* Find initial node */
- netmap_node = ConfGetNode("netmap");
- if (netmap_node == NULL) {
- return 0;
- }
-
- if_default = ConfNodeLookupKeyValue(netmap_node, "interface", "default");
-
- for (ldev = 0; ldev < nlive; ldev++) {
- const char *live_dev = LiveGetDeviceName(ldev);
- if (live_dev == NULL) {
- SCLogError("Problem with config file");
- return 0;
- }
- const char *copymodestr = NULL;
- if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev);
-
- if (if_root == NULL) {
- if (if_default == NULL) {
- SCLogError("Problem with config file");
- return 0;
- }
- if_root = if_default;
- }
-
- if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) {
- if (strcmp(copymodestr, "ips") == 0) {
- has_ips = 1;
- } else {
- has_ids = 1;
- }
- } else {
- has_ids = 1;
- }
- }
-
- if (has_ids && has_ips) {
- SCLogWarning("Netmap using both IPS and TAP/IDS mode, this will not be allowed in Suricata "
- "8 due to undefined behavior. See ticket #5588.");
- for (ldev = 0; ldev < nlive; ldev++) {
- const char *live_dev = LiveGetDeviceName(ldev);
- if (live_dev == NULL) {
- SCLogError("Problem with config file");
- return 0;
- }
- if_root = ConfNodeLookupKeyValue(netmap_node, "interface", live_dev);
- const char *copymodestr = NULL;
-
- if (if_root == NULL) {
- if (if_default == NULL) {
- SCLogError("Problem with config file");
- return 0;
- }
- if_root = if_default;
- }
-
- if (! ((ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) &&
- (strcmp(copymodestr, "ips") == 0))) {
- SCLogError("Netmap IPS mode used and interface '%s' is in IDS or TAP mode. "
- "Sniffing '%s' but expect bad result as stream-inline is activated.",
- live_dev, live_dev);
- }
- }
- }
-
- return has_ips;
-}
-
typedef enum { NETMAP_AUTOFP, NETMAP_WORKERS, NETMAP_SINGLE } NetmapRunMode_t;
static int NetmapRunModeInit(NetmapRunMode_t runmode)
int RunModeIdsNetmapWorkers(void);
void RunModeIdsNetmapRegister(void);
const char *RunModeNetmapGetDefaultMode(void);
-int NetmapRunModeIsIPS(void);
#endif /* __RUNMODE_NETMAP_H__ */
void RunModeIdsNflogRegister(void)
{
RunModeRegisterNewRunMode(
- RUNMODE_NFLOG, "autofp", "Multi threaded nflog mode", RunModeIdsNflogAutoFp);
+ RUNMODE_NFLOG, "autofp", "Multi threaded nflog mode", RunModeIdsNflogAutoFp, NULL);
RunModeRegisterNewRunMode(
- RUNMODE_NFLOG, "single", "Single threaded nflog mode", RunModeIdsNflogSingle);
+ RUNMODE_NFLOG, "single", "Single threaded nflog mode", RunModeIdsNflogSingle, NULL);
RunModeRegisterNewRunMode(
- RUNMODE_NFLOG, "workers", "Workers nflog mode", RunModeIdsNflogWorkers);
+ RUNMODE_NFLOG, "workers", "Workers nflog mode", RunModeIdsNflogWorkers, NULL);
return;
}
void RunModeIpsNFQRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_NFQ, "autofp",
- "Multi threaded NFQ IPS mode with respect to flow",
- RunModeIpsNFQAutoFp);
+ "Multi threaded NFQ IPS mode with respect to flow", RunModeIpsNFQAutoFp, NULL);
RunModeRegisterNewRunMode(RUNMODE_NFQ, "workers",
- "Multi queue NFQ IPS mode with one thread per queue",
- RunModeIpsNFQWorker);
+ "Multi queue NFQ IPS mode with one thread per queue", RunModeIpsNFQWorker, NULL);
return;
}
void RunModeFilePcapRegister(void)
{
- RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "single",
- "Single threaded pcap file mode",
- RunModeFilePcapSingle);
+ RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "single", "Single threaded pcap file mode",
+ RunModeFilePcapSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "autofp",
- "Multi threaded pcap file mode. Packets from "
- "each flow are assigned to a single detect thread, "
- "unlike \"pcap-file-auto\" where packets from "
- "the same flow can be processed by any detect "
- "thread",
- RunModeFilePcapAutoFp);
+ "Multi threaded pcap file mode. Packets from "
+ "each flow are assigned to a single detect thread, "
+ "unlike \"pcap-file-auto\" where packets from "
+ "the same flow can be processed by any detect "
+ "thread",
+ RunModeFilePcapAutoFp, NULL);
return;
}
void RunModeIdsPcapRegister(void)
{
- RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "single",
- "Single threaded pcap live mode",
- RunModeIdsPcapSingle);
+ RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "single", "Single threaded pcap live mode",
+ RunModeIdsPcapSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "autofp",
- "Multi threaded pcap live mode. Packets from "
- "each flow are assigned to a single detect thread, "
- "unlike \"pcap_live_auto\" where packets from "
- "the same flow can be processed by any detect "
- "thread",
- RunModeIdsPcapAutoFp);
+ "Multi threaded pcap live mode. Packets from "
+ "each flow are assigned to a single detect thread, "
+ "unlike \"pcap_live_auto\" where packets from "
+ "the same flow can be processed by any detect "
+ "thread",
+ RunModeIdsPcapAutoFp, NULL);
RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "workers",
- "Workers pcap live mode, each thread does all"
- " tasks from acquisition to logging",
- RunModeIdsPcapWorkers);
+ "Workers pcap live mode, each thread does all"
+ " tasks from acquisition to logging",
+ RunModeIdsPcapWorkers, NULL);
return;
}
(void) ConfGet("pcap.single-pcap-dev", &live_dev);
- ret = RunModeSetLiveCaptureAutoFp(ParsePcapConfig,
- PcapConfigGeThreadsCount,
- "ReceivePcap",
- "DecodePcap", thread_name_autofp,
- live_dev);
+ ret = RunModeSetLiveCaptureAutoFp(ParsePcapConfig, PcapConfigGeThreadsCount, "ReceivePcap",
+ "DecodePcap", thread_name_autofp, live_dev);
if (ret != 0) {
FatalError("Runmode start failed");
}
(void) ConfGet("pcap.single-pcap-dev", &live_dev);
- ret = RunModeSetLiveCaptureWorkers(ParsePcapConfig,
- PcapConfigGeThreadsCount,
- "ReceivePcap",
- "DecodePcap", thread_name_workers,
- live_dev);
+ ret = RunModeSetLiveCaptureWorkers(ParsePcapConfig, PcapConfigGeThreadsCount, "ReceivePcap",
+ "DecodePcap", thread_name_workers, live_dev);
if (ret != 0) {
FatalError("Unable to start runmode");
}
void RunModeIdsPfringRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_PFRING, "autofp",
- "Multi threaded pfring mode. Packets from "
- "each flow are assigned to a single detect "
- "thread, unlike \"pfring_auto\" where packets "
- "from the same flow can be processed by any "
- "detect thread",
- RunModeIdsPfringAutoFp);
- RunModeRegisterNewRunMode(RUNMODE_PFRING, "single",
- "Single threaded pfring mode",
- RunModeIdsPfringSingle);
+ "Multi threaded pfring mode. Packets from "
+ "each flow are assigned to a single detect "
+ "thread, unlike \"pfring_auto\" where packets "
+ "from the same flow can be processed by any "
+ "detect thread",
+ RunModeIdsPfringAutoFp, NULL);
+ RunModeRegisterNewRunMode(
+ RUNMODE_PFRING, "single", "Single threaded pfring mode", RunModeIdsPfringSingle, NULL);
RunModeRegisterNewRunMode(RUNMODE_PFRING, "workers",
- "Workers pfring mode, each thread does all"
- " tasks from acquisition to logging",
- RunModeIdsPfringWorkers);
+ "Workers pfring mode, each thread does all"
+ " tasks from acquisition to logging",
+ RunModeIdsPfringWorkers, NULL);
return;
}
FatalError("Unable to get parser and interface params");
}
- ret = RunModeSetLiveCaptureAutoFp(tparser,
- PfringConfigGetThreadsCount,
- "ReceivePfring",
- "DecodePfring", thread_name_autofp,
- live_dev);
+ ret = RunModeSetLiveCaptureAutoFp(tparser, PfringConfigGetThreadsCount, "ReceivePfring",
+ "DecodePfring", thread_name_autofp, live_dev);
if (ret != 0) {
FatalError("Runmode start failed");
}
FatalError("Unable to get parser and interface params");
}
- ret = RunModeSetLiveCaptureWorkers(tparser,
- PfringConfigGetThreadsCount,
- "ReceivePfring",
- "DecodePfring", thread_name_workers,
- live_dev);
+ ret = RunModeSetLiveCaptureWorkers(tparser, PfringConfigGetThreadsCount, "ReceivePfring",
+ "DecodePfring", thread_name_workers, live_dev);
if (ret != 0) {
FatalError("Runmode start failed");
}
{
#ifdef BUILD_UNIX_SOCKET
/* a bit of a hack, but register twice to --list-runmodes shows both */
- RunModeRegisterNewRunMode(RUNMODE_UNIX_SOCKET, "single",
- "Unix socket mode",
- RunModeUnixSocketMaster);
- RunModeRegisterNewRunMode(RUNMODE_UNIX_SOCKET, "autofp",
- "Unix socket mode",
- RunModeUnixSocketMaster);
+ RunModeRegisterNewRunMode(
+ RUNMODE_UNIX_SOCKET, "single", "Unix socket mode", RunModeUnixSocketMaster, NULL);
+ RunModeRegisterNewRunMode(
+ RUNMODE_UNIX_SOCKET, "autofp", "Unix socket mode", RunModeUnixSocketMaster, NULL);
#endif
}
void RunModeIpsWinDivertRegister(void)
{
- RunModeRegisterNewRunMode(
- RUNMODE_WINDIVERT, "autofp",
- "Multi-threaded WinDivert IPS mode load-balanced by flow",
- RunModeIpsWinDivertAutoFp);
+ RunModeRegisterNewRunMode(RUNMODE_WINDIVERT, "autofp",
+ "Multi-threaded WinDivert IPS mode load-balanced by flow", RunModeIpsWinDivertAutoFp,
+ NULL);
}
int RunModeIpsWinDivertAutoFp(void)
const char *description;
/* runmode function */
int (*RunModeFunc)(void);
+ void (*RunModeIsIPSEnabled)(void);
} RunMode;
typedef struct RunModes_ {
return;
}
-/**
- */
-void RunModeDispatch(int runmode, const char *custom_mode,
- const char *capture_plugin_name, const char *capture_plugin_args)
+static const char *RunModeGetConfOrDefault(int capture_mode, const char *capture_plugin_name)
{
- char *local_custom_mode = NULL;
-
- if (custom_mode == NULL) {
- const char *val = NULL;
- if (ConfGet("runmode", &val) != 1) {
- custom_mode = NULL;
- } else {
- custom_mode = val;
- }
+ const char *custom_mode = NULL;
+ const char *val = NULL;
+ if (ConfGet("runmode", &val) != 1) {
+ custom_mode = NULL;
+ } else {
+ custom_mode = val;
}
- if (custom_mode == NULL || strcmp(custom_mode, "auto") == 0) {
- switch (runmode) {
+ if ((custom_mode == NULL) || (strcmp(custom_mode, "auto") == 0)) {
+ switch (capture_mode) {
case RUNMODE_PCAP_DEV:
custom_mode = RunModeIdsGetDefaultMode();
break;
break;
#endif
default:
- FatalError("Unknown runtime mode. Aborting");
+ return NULL;
}
} else { /* if (custom_mode == NULL) */
/* Add compability with old 'worker' name */
if (!strcmp("worker", custom_mode)) {
+ char *local_custom_mode = NULL;
SCLogWarning("'worker' mode have been renamed "
"to 'workers', please modify your setup.");
local_custom_mode = SCStrdup("workers");
}
}
+ return custom_mode;
+}
+
+void RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
+{
+ if (runmode == NULL) {
+ runmode = RunModeGetConfOrDefault(capture_mode, capture_plugin_name);
+ if (runmode == NULL) // non-standard runmode
+ return;
+ }
+
+ RunMode *mode = RunModeGetCustomMode(capture_mode, runmode);
+ if (mode == NULL) {
+ return;
+ }
+
+ if (mode->RunModeIsIPSEnabled != NULL) {
+ mode->RunModeIsIPSEnabled();
+ }
+}
+
+/**
+ */
+void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name,
+ const char *capture_plugin_args)
+{
+ char *local_custom_mode = NULL;
+
+ if (custom_mode == NULL) {
+ custom_mode = RunModeGetConfOrDefault(runmode, capture_plugin_name);
+ if (custom_mode == NULL)
+ FatalError("Unknown runtime mode. Aborting");
+ }
+
RunMode *mode = RunModeGetCustomMode(runmode, custom_mode);
if (mode == NULL) {
SCLogError("The custom type \"%s\" doesn't exist "
* \param description Description for this runmode.
* \param RunModeFunc The function to be run for this runmode.
*/
-void RunModeRegisterNewRunMode(enum RunModes runmode,
- const char *name,
- const char *description,
- int (*RunModeFunc)(void))
+void RunModeRegisterNewRunMode(enum RunModes runmode, const char *name, const char *description,
+ int (*RunModeFunc)(void), void (*RunModeIsIPSEnabled)(void))
{
if (RunModeGetCustomMode(runmode, name) != NULL) {
FatalError("runmode '%s' has already "
FatalError("Failed to allocate string");
}
mode->RunModeFunc = RunModeFunc;
+ mode->RunModeIsIPSEnabled = RunModeIsIPSEnabled;
return;
}
const char *RunModeGetMainMode(void);
void RunModeListRunmodes(void);
+void RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name);
void RunModeDispatch(int, const char *, const char *capture_plugin_name, const char *capture_plugin_args);
void RunModeRegisterRunModes(void);
-void RunModeRegisterNewRunMode(enum RunModes, const char *, const char *,
- int (*RunModeFunc)(void));
+void RunModeRegisterNewRunMode(enum RunModes, const char *, const char *, int (*RunModeFunc)(void),
+ void (*RunModeIsIPSEnabled)(void));
void RunModeInitialize(void);
void RunModeInitializeOutputs(void);
void RunModeShutDown(void);
case RUNMODE_AFP_DEV:
case RUNMODE_AFXDP_DEV:
case RUNMODE_PFRING:
- nlive = LiveGetDeviceNameCount();
+ nlive = LiveGetDeviceCount();
for (lthread = 0; lthread < nlive; lthread++) {
- const char *live_dev = LiveGetDeviceNameName(lthread);
+ const char *live_dev = LiveGetDeviceName(lthread);
char dev[128]; /* need to be able to support GUID names on Windows */
(void)strlcpy(dev, live_dev, sizeof(dev));
}
}
-static int PostDeviceFinalizedSetup(SCInstance *suri)
-{
- SCEnter();
-
-#ifdef HAVE_AF_PACKET
- if (suri->run_mode == RUNMODE_AFP_DEV) {
- if (AFPRunModeIsIPS()) {
- SCLogInfo("AF_PACKET: Setting IPS mode");
- EngineModeSetIPS();
- }
- }
-#endif
-#ifdef HAVE_NETMAP
- if (suri->run_mode == RUNMODE_NETMAP) {
- if (NetmapRunModeIsIPS()) {
- SCLogInfo("Netmap: Setting IPS mode");
- EngineModeSetIPS();
- }
- }
-#endif
-
- SCReturnInt(TM_ECODE_OK);
-}
-
static void PostConfLoadedSetupHostMode(void)
{
const char *hostmode = NULL;
LiveDeviceFinalize();
- /* set engine mode if L2 IPS */
- if (PostDeviceFinalizedSetup(suri) != TM_ECODE_OK) {
- exit(EXIT_FAILURE);
- }
+ RunModeEngineIsIPS(
+ suricata.run_mode, suricata.runmode_custom_mode, suricata.capture_plugin_name);
/* hostmode depends on engine mode being set */
PostConfLoadedSetupHostMode();
/**
*/
int RunModeSetLiveCaptureAutoFp(ConfigIfaceParserFunc ConfigParser,
- ConfigIfaceThreadsCountFunc ModThreadsCount,
- const char *recv_mod_name,
- const char *decode_mod_name,
- const char *thread_name,
- const char *live_dev)
+ ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name,
+ const char *decode_mod_name, const char *thread_name, const char *live_dev)
{
char tname[TM_THREAD_NAME_MAX];
char qname[TM_QUEUE_NAME_MAX];
}
int RunModeSetLiveCaptureWorkers(ConfigIfaceParserFunc ConfigParser,
- ConfigIfaceThreadsCountFunc ModThreadsCount,
- const char *recv_mod_name,
- const char *decode_mod_name, const char *thread_name,
- const char *live_dev)
+ ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name,
+ const char *decode_mod_name, const char *thread_name, const char *live_dev)
{
int nlive = LiveGetDeviceCount();
void *aconf;
const char *live_dev);
int RunModeSetLiveCaptureAutoFp(ConfigIfaceParserFunc configparser,
- ConfigIfaceThreadsCountFunc ModThreadsCount,
- const char *recv_mod_name,
- const char *decode_mod_name, const char *thread_name,
- const char *live_dev);
+ ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name,
+ const char *decode_mod_name, const char *thread_name, const char *live_dev);
int RunModeSetLiveCaptureSingle(ConfigIfaceParserFunc configparser,
ConfigIfaceThreadsCountFunc ModThreadsCount,
const char *live_dev);
int RunModeSetLiveCaptureWorkers(ConfigIfaceParserFunc configparser,
- ConfigIfaceThreadsCountFunc ModThreadsCount,
- const char *recv_mod_name,
- const char *decode_mod_name, const char *thread_name,
- const char *live_dev);
+ ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name,
+ const char *decode_mod_name, const char *thread_name, const char *live_dev);
int RunModeSetIPSAutoFp(ConfigIPSParserFunc ConfigParser,
const char *recv_mod_name,
void UtRunModeRegister(void)
{
- RunModeRegisterNewRunMode(RUNMODE_UNITTEST,
- "unittest",
- "Unittest mode",
- NULL);
+ RunModeRegisterNewRunMode(RUNMODE_UNITTEST, "unittest", "Unittest mode", NULL, NULL);
return;
}
projects / thirdparty / suricata.git / commitdiff
