From: Victor Julien Date: Sun, 7 Jul 2024 17:43:37 +0000 (+0200) Subject: packetpool: allow larger max-pending-packets X-Git-Tag: suricata-8.0.0-beta1~948 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96a0ffadde9bc1967d2cc9bfbeebe921c882e9b0;p=thirdparty%2Fsuricata.git packetpool: allow larger max-pending-packets Original limit was due to a specific data structure. --- diff --git a/plugins/pfring/source-pfring.c b/plugins/pfring/source-pfring.c index 7ac9b24817..aece8153d0 100644 --- a/plugins/pfring/source-pfring.c +++ b/plugins/pfring/source-pfring.c @@ -59,7 +59,7 @@ TmEcode DecodePfringThreadInit(ThreadVars *, const void *, void **); TmEcode DecodePfring(ThreadVars *, Packet *, void *); TmEcode DecodePfringThreadDeinit(ThreadVars *tv, void *data); -extern uint16_t max_pending_packets; +extern uint32_t max_pending_packets; #include diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c index c7f61fb00c..20501d7495 100644 --- a/src/runmode-af-packet.c +++ b/src/runmode-af-packet.c @@ -59,7 +59,7 @@ #include "source-af-packet.h" #include "util-bpf.h" -extern uint16_t max_pending_packets; +extern uint32_t max_pending_packets; const char *RunModeAFPGetDefaultMode(void) { @@ -685,7 +685,7 @@ finalize: (void) SC_ATOMIC_ADD(aconf->ref, aconf->threads); if (aconf->ring_size != 0) { - if (aconf->ring_size * aconf->threads < max_pending_packets) { + if (aconf->ring_size * aconf->threads < (int)max_pending_packets) { aconf->ring_size = max_pending_packets / aconf->threads + 1; SCLogWarning("%s: inefficient setup: ring-size < max_pending_packets. " "Resetting to decent value %d.", diff --git a/src/runmode-netmap.c b/src/runmode-netmap.c index 0728cf6625..b1771b16c2 100644 --- a/src/runmode-netmap.c +++ b/src/runmode-netmap.c @@ -50,7 +50,7 @@ #include "suricata.h" #include "util-bpf.h" -extern uint16_t max_pending_packets; +extern uint32_t max_pending_packets; const char *RunModeNetmapGetDefaultMode(void) { diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c index ec5951340b..148d5bf5aa 100644 --- a/src/runmode-unittests.c +++ b/src/runmode-unittests.c @@ -269,7 +269,7 @@ void RunUnittests(int list_unittests, const char *regex_arg) UtListTests(regex_arg); } else { /* global packet pool */ - extern uint16_t max_pending_packets; + extern uint32_t max_pending_packets; max_pending_packets = 128; PacketPoolInit(); diff --git a/src/source-af-packet.c b/src/source-af-packet.c index f4614bf9f4..e71a4f5f9f 100644 --- a/src/source-af-packet.c +++ b/src/source-af-packet.c @@ -118,7 +118,7 @@ struct bpf_program { #endif /* HAVE_AF_PACKET */ -extern uint16_t max_pending_packets; +extern uint32_t max_pending_packets; #ifndef HAVE_AF_PACKET diff --git a/src/source-erf-dag.c b/src/source-erf-dag.c index ebac89e2d8..f5e4239554 100644 --- a/src/source-erf-dag.c +++ b/src/source-erf-dag.c @@ -89,7 +89,7 @@ NoErfDagSupportExit(ThreadVars *tv, const void *initdata, void **data) /* Number of bytes per loop to process before fetching more data. */ #define BYTES_PER_LOOP (4 * 1024 * 1024) /* 4 MB */ -extern uint16_t max_pending_packets; +extern uint32_t max_pending_packets; typedef struct ErfDagThreadVars_ { ThreadVars *tv; diff --git a/src/source-ipfw.c b/src/source-ipfw.c index db9609d463..cf1c9472a9 100644 --- a/src/source-ipfw.c +++ b/src/source-ipfw.c @@ -98,7 +98,7 @@ TmEcode NoIPFWSupportExit(ThreadVars *tv, const void *initdata, void **data) #define IPFW_SOCKET_POLL_MSEC 300 -extern uint16_t max_pending_packets; +extern uint32_t max_pending_packets; /** * \brief Structure to hold thread specific variables. diff --git a/src/source-napatech.c b/src/source-napatech.c index 69eaec2111..2edbc3c9c5 100644 --- a/src/source-napatech.c +++ b/src/source-napatech.c @@ -81,7 +81,7 @@ TmEcode NoNapatechSupportExit(ThreadVars *tv, const void *initdata, void **data) #include #include -extern uint16_t max_pending_packets; +extern uint32_t max_pending_packets; typedef struct NapatechThreadVars_ { diff --git a/src/source-nfq.c b/src/source-nfq.c index 4e85336e42..6a5f9d2074 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -97,7 +97,7 @@ static TmEcode NoNFQSupportExit(ThreadVars *tv, const void *initdata, void **dat #else /* we do have NFQ support */ -extern uint16_t max_pending_packets; +extern uint32_t max_pending_packets; #define MAX_ALREADY_TREATED 5 #define NFQ_VERDICT_RETRY_COUNT 3 diff --git a/src/source-pcap-file-helper.c b/src/source-pcap-file-helper.c index 4984a44bff..6434ae2acc 100644 --- a/src/source-pcap-file-helper.c +++ b/src/source-pcap-file-helper.c @@ -31,7 +31,7 @@ #include "source-pcap-file.h" #include "util-exception-policy.h" -extern uint16_t max_pending_packets; +extern uint32_t max_pending_packets; extern PcapFileGlobalVars pcap_g; static void PcapFileCallbackLoop(char *user, struct pcap_pkthdr *h, u_char *pkt); diff --git a/src/source-pcap-file.c b/src/source-pcap-file.c index 647904a8bd..e16970f3f1 100644 --- a/src/source-pcap-file.c +++ b/src/source-pcap-file.c @@ -33,7 +33,7 @@ #include "suricata.h" #include "conf.h" -extern uint16_t max_pending_packets; +extern uint32_t max_pending_packets; PcapFileGlobalVars pcap_g; /** diff --git a/src/suricata.c b/src/suricata.c index a20b5f39cb..a10ba74c63 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -178,7 +178,7 @@ static enum EngineMode g_engine_mode = ENGINE_MODE_UNKNOWN; uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY; /** Maximum packets to simultaneously process. */ -uint16_t max_pending_packets; +uint32_t max_pending_packets; /** global indicating if detection is enabled */ int g_detect_disabled = 0; @@ -2421,16 +2421,16 @@ static int ConfigGetCaptureValue(SCInstance *suri) intmax_t tmp_max_pending_packets; if (ConfGetInt("max-pending-packets", &tmp_max_pending_packets) != 1) tmp_max_pending_packets = DEFAULT_MAX_PENDING_PACKETS; - if (tmp_max_pending_packets < 1 || tmp_max_pending_packets >= UINT16_MAX) { - SCLogError("Maximum max-pending-packets setting is 65534 and must be greater than 0. " + if (tmp_max_pending_packets < 1 || tmp_max_pending_packets > 2147483648) { + SCLogError("Maximum max-pending-packets setting is 2147483648 and must be greater than 0. " "Please check %s for errors", suri->conf_filename); return TM_ECODE_FAILED; } else { - max_pending_packets = (uint16_t)tmp_max_pending_packets; + max_pending_packets = (uint32_t)tmp_max_pending_packets; } - SCLogDebug("Max pending packets set to %" PRIu16, max_pending_packets); + SCLogDebug("Max pending packets set to %" PRIu32, max_pending_packets); /* Pull the default packet size from the config, if not found fall * back on a sane default. */ diff --git a/src/tests/fuzz/fuzz_decodepcapfile.c b/src/tests/fuzz/fuzz_decodepcapfile.c index 2b616dd690..20fbeb8c4d 100644 --- a/src/tests/fuzz/fuzz_decodepcapfile.c +++ b/src/tests/fuzz/fuzz_decodepcapfile.c @@ -78,7 +78,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) tmm_modules[TMM_DECODEPCAPFILE].ThreadInit(tv, NULL, (void **) &dtv); (void)SC_ATOMIC_SET(tv->tm_slots->slot_next->slot_data, dtv); - extern uint16_t max_pending_packets; + extern uint32_t max_pending_packets; max_pending_packets = 128; PacketPoolInit(); SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME); diff --git a/src/tests/fuzz/fuzz_predefpcap_aware.c b/src/tests/fuzz/fuzz_predefpcap_aware.c index 6bcfa70755..e04d6aef3e 100644 --- a/src/tests/fuzz/fuzz_predefpcap_aware.c +++ b/src/tests/fuzz/fuzz_predefpcap_aware.c @@ -97,7 +97,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) tmm_modules[TMM_FLOWWORKER].ThreadInit(&tv, NULL, &fwd); StatsSetupPrivate(&tv); - extern uint16_t max_pending_packets; + extern uint32_t max_pending_packets; max_pending_packets = 128; PacketPoolInit(); if (DetectEngineReload(&surifuzz) < 0) { diff --git a/src/tests/fuzz/fuzz_sigpcap.c b/src/tests/fuzz/fuzz_sigpcap.c index 63367fd276..06e26ccc94 100644 --- a/src/tests/fuzz/fuzz_sigpcap.c +++ b/src/tests/fuzz/fuzz_sigpcap.c @@ -90,7 +90,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) tmm_modules[TMM_FLOWWORKER].ThreadInit(&tv, NULL, &fwd); StatsSetupPrivate(&tv); - extern uint16_t max_pending_packets; + extern uint32_t max_pending_packets; max_pending_packets = 128; PacketPoolInit(); SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME); diff --git a/src/tests/fuzz/fuzz_sigpcap_aware.c b/src/tests/fuzz/fuzz_sigpcap_aware.c index 75efd5c651..3c564f25f7 100644 --- a/src/tests/fuzz/fuzz_sigpcap_aware.c +++ b/src/tests/fuzz/fuzz_sigpcap_aware.c @@ -115,7 +115,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) tmm_modules[TMM_FLOWWORKER].ThreadInit(&tv, NULL, &fwd); StatsSetupPrivate(&tv); - extern uint16_t max_pending_packets; + extern uint32_t max_pending_packets; max_pending_packets = 128; PacketPoolInit(); SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME); diff --git a/src/tmqh-packetpool.c b/src/tmqh-packetpool.c index 2b0515cca2..39ea3eff6c 100644 --- a/src/tmqh-packetpool.c +++ b/src/tmqh-packetpool.c @@ -35,7 +35,7 @@ #include "util-validate.h" #include "action-globals.h" -extern uint16_t max_pending_packets; +extern uint32_t max_pending_packets; /* Number of freed packet to save for one pool before freeing them. */ #define MAX_PENDING_RETURN_PACKETS 32 @@ -259,8 +259,7 @@ void PacketPoolInit(void) /* pre allocate packets */ SCLogDebug("preallocating packets... packet size %" PRIuMAX "", (uintmax_t)SIZE_OF_PACKET); - int i = 0; - for (i = 0; i < max_pending_packets; i++) { + for (uint32_t i = 0; i < max_pending_packets; i++) { Packet *p = PacketGetFromAlloc(); if (unlikely(p == NULL)) { FatalError("Fatal error encountered while allocating a packet. Exiting..."); @@ -459,8 +458,8 @@ void TmqhReleasePacketsToPacketPool(PacketQueue *pq) */ void PacketPoolPostRunmodes(void) { - extern uint16_t max_pending_packets; - uint16_t pending_packets = max_pending_packets; + extern uint32_t max_pending_packets; + uint32_t pending_packets = max_pending_packets; if (pending_packets < RESERVED_PACKETS) { FatalError("'max-pending-packets' setting " "must be at least %d",