From: Jason Ish Date: Wed, 5 Apr 2017 04:44:21 +0000 (-0600) Subject: logging: only do non-blocking writes if live X-Git-Tag: suricata-4.0.0-beta1~219 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8436a892f95efbe1b01e81d657a52d2210a4f955;p=thirdparty%2Fsuricata.git logging: only do non-blocking writes if live If running against a pcap there is no reason to drop events, a blocking socket is fine here. So only do non-blocking writes when running off a live device. --- diff --git a/src/suricata.c b/src/suricata.c index fbe0305531..6cd05f2c8a 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -197,6 +197,9 @@ volatile uint8_t suricata_ctl_flags = 0; /** Run mode selected */ int run_mode = RUNMODE_UNKNOWN; +/** Is this an offline run mode. */ +int run_mode_offline = 0; + /** Engine mode: inline (ENGINE_MODE_IPS) or just * detection mode (ENGINE_MODE_IDS by default) */ static enum EngineMode g_engine_mode = ENGINE_MODE_IDS; @@ -2342,8 +2345,9 @@ static int FinalizeRunMode(SCInstance *suri, char **argv) default: break; } - /* Set the global run mode */ + /* Set the global run mode and offline flag. */ run_mode = suri->run_mode; + run_mode_offline = suri->offline; if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) { return TM_ECODE_FAILED; diff --git a/src/suricata.h b/src/suricata.h index 912f33b5d6..aaee9fe535 100644 --- a/src/suricata.h +++ b/src/suricata.h @@ -194,6 +194,7 @@ int RunmodeGetCurrent(void); int IsRuleReloadSet(int quiet); extern int run_mode; +extern int run_mode_offline; void PreRunInit(const int runmode); void PreRunPostPrivsDropInit(const int runmode); diff --git a/src/util-logopenfile.c b/src/util-logopenfile.c index 2413f5aae7..376a77af29 100644 --- a/src/util-logopenfile.c +++ b/src/util-logopenfile.c @@ -138,7 +138,7 @@ tryagain: errno = 0; if (ctx->fp != NULL) { int fd = fileno(ctx->fp); - ssize_t size = send(fd, buffer, buffer_len, MSG_DONTWAIT); + ssize_t size = send(fd, buffer, buffer_len, ctx->send_flags); if (size > -1) { ret = 0; } else { @@ -505,6 +505,12 @@ SCConfLogOpenGeneric(ConfNode *conf, return -1; } + /* If a socket and running live, do non-blocking writes. */ + if (log_ctx->is_sock && run_mode_offline == 0) { + SCLogInfo("Setting logging socket of non-blocking in live mode."); + log_ctx->send_flags |= MSG_DONTWAIT; + } + SCLogInfo("%s output device (%s) initialized: %s", conf->name, filetype, filename); diff --git a/src/util-logopenfile.h b/src/util-logopenfile.h index 5e5d3a001f..857f8b821c 100644 --- a/src/util-logopenfile.h +++ b/src/util-logopenfile.h @@ -122,6 +122,9 @@ typedef struct LogFileCtx_ { /* flag to avoid multiple threads printing the same stats */ uint8_t flags; + /* flags to set when sending over a socket */ + uint8_t send_flags; + /* Flag if file is a regular file or not. Only regular files * allow for rotataion. */ uint8_t is_regular;