aconf->promisc = 1;
aconf->checksum_mode = CHECKSUM_VALIDATION_KERNEL;
aconf->DerefFunc = AFPDerefConfig;
- aconf->flags = AFP_RING_MODE|AFP_TPACKET_V3;
+ aconf->flags = AFP_RING_MODE;
aconf->bpf_filter = NULL;
aconf->out_iface = NULL;
aconf->copy_mode = AFP_COPY_MODE_NONE;
}
if (ConfGetChildValueBoolWithDefault(if_root, if_default, "use-mmap", (int *)&boolval) == 1) {
- if (boolval) {
- aconf->flags |= AFP_RING_MODE;
- } else {
+ if (!boolval) {
SCLogConfig("Disabling mmaped capture on iface %s",
aconf->iface);
- aconf->flags &= ~AFP_RING_MODE;
+ aconf->flags &= ~(AFP_RING_MODE|AFP_TPACKET_V3);
}
- } else {
- aconf->flags |= AFP_RING_MODE;
}
if (aconf->flags & AFP_RING_MODE) {
aconf->iface);
aconf->flags |= AFP_MMAP_LOCKED;
}
- (void)ConfGetChildValueBoolWithDefault(if_root, if_default,
- "tpacket-v3", (int *)&boolval);
- if (boolval) {
- if (strcasecmp(RunmodeGetActive(), "workers") == 0) {
+
+ if (ConfGetChildValueBoolWithDefault(if_root, if_default,
+ "tpacket-v3", (int *)&boolval) == 1)
+ {
+ if (boolval) {
+ if (strcasecmp(RunmodeGetActive(), "workers") == 0) {
#ifdef HAVE_TPACKET_V3
- SCLogConfig("Enabling tpacket v3 capture on iface %s",
- aconf->iface);
- aconf->flags |= AFP_TPACKET_V3;
+ SCLogConfig("Enabling tpacket v3 capture on iface %s",
+ aconf->iface);
+ aconf->flags |= AFP_TPACKET_V3;
#else
- SCLogNotice("System too old for tpacket v3 switching to v2");
- aconf->flags &= ~AFP_TPACKET_V3;
+ SCLogNotice("System too old for tpacket v3 switching to v2");
+ aconf->flags &= ~AFP_TPACKET_V3;
#endif
+ } else {
+ SCLogWarning(SC_ERR_RUNMODE,
+ "tpacket v3 is only implemented for 'workers' runmode."
+ " Switching to tpacket v2.");
+ aconf->flags &= ~AFP_TPACKET_V3;
+ }
} else {
- SCLogError(SC_ERR_RUNMODE,
- "tpacket v3 is only implemented for 'workers' runmode."
- " Switching to tpacket v2.");
aconf->flags &= ~AFP_TPACKET_V3;
}
}
+
(void)ConfGetChildValueBoolWithDefault(if_root, if_default,
"use-emergency-flush", (int *)&boolval);
if (boolval) {
# Lock memory map to avoid it goes to swap. Be careful that over suscribing could lock
# your system
#mmap-locked: yes
- # Use tpacket_v3, capture mode, only active if user-mmap is true
- tpacket-v3: yes
+ # Use experimental tpacket_v3 capture mode, only active if use-mmap is true
+ #tpacket-v3: yes
# Ring size will be computed with respect to max_pending_packets and number
# of threads. You can set manually the ring size in number of packets by setting
# the following value. If you are using flow cluster-type and have really network
#threads: auto
#use-mmap: no
#rollover: yes
- tpacket-v3: yes
+ #tpacket-v3: yes
# Cross platform libpcap capture support
pcap:
projects / thirdparty / suricata.git / commitdiff
