From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 16 Oct 2020 15:43:29 +0000 (-0600)
Subject: af-packet: use configured cluster-id when checking for fanout
X-Git-Tag: suricata-5.0.9~102
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42045b989fd8f2c3c35d9d8e04d74b7cb0d0fac3;p=thirdparty%2Fsuricata.git

af-packet: use configured cluster-id when checking for fanout

When testing for fanout support a cluster-id of 1 was always being
used instead of the configured cluster-id. This limited fanout
support to only one Suricata instance.

Instead of hardcoding an ID of 1, use the configured cluster-id.

Also make cluster_id a uint16_t instead of an int in AFPThreadVars.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3419

(cherry picked from commit df0ed6fda47fc80a397710316ae78cc3967e29bb)
---

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 0cd3234fc8..d702c4430e 100644
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -324,7 +324,7 @@ typedef struct AFPThreadVars_
 
     int down_count;
 
-    int cluster_id;
+    uint16_t cluster_id;
     int cluster_type;
 
     int threads;
@@ -2047,7 +2047,7 @@ mmap_err:
 /** \brief test if we can use FANOUT. Older kernels like those in
  *         CentOS6 have HAVE_PACKET_FANOUT defined but fail to work
  */
-int AFPIsFanoutSupported(int cluster_id)
+int AFPIsFanoutSupported(uint16_t cluster_id)
 {
 #ifdef HAVE_PACKET_FANOUT
     int fd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
@@ -2055,8 +2055,7 @@ int AFPIsFanoutSupported(int cluster_id)
         return 0;
 
     uint32_t mode = PACKET_FANOUT_HASH | PACKET_FANOUT_FLAG_DEFRAG;
-    uint16_t id = 1;
-    uint32_t option = (mode << 16) | (id & 0xffff);
+    uint32_t option = (mode << 16) | cluster_id;
     int r = setsockopt(fd, SOL_PACKET, PACKET_FANOUT,(void *)&option, sizeof(option));
     close(fd);
 
diff --git a/src/source-af-packet.h b/src/source-af-packet.h
index 0468e4b2ff..0496031bd5 100644
--- a/src/source-af-packet.h
+++ b/src/source-af-packet.h
@@ -186,7 +186,6 @@ TmEcode AFPPeersListCheck(void);
 void AFPPeersListClean(void);
 int AFPGetLinkType(const char *ifname);
 
-int AFPIsFanoutSupported(int cluster_id);
-
+int AFPIsFanoutSupported(uint16_t cluster_id);
 
 #endif /* __SOURCE_AFP_H__ */