From: Jason Ish Date: Wed, 10 Jul 2024 21:25:30 +0000 (-0600) Subject: pf-ring: bring back command line arguments X-Git-Tag: suricata-8.0.0-beta1~1019 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b318e78b3af595590f90ed6233568240c6b1d95d;p=thirdparty%2Fsuricata.git pf-ring: bring back command line arguments Bring back the pf-ring command line arguments, but instead of initializing the pfring runmode, initialize the capture plugin runmode with a plugin named "pfring". Ticket: #7162 --- diff --git a/src/suricata.c b/src/suricata.c index d8e981b9e3..13b48fe917 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -647,6 +647,12 @@ static void PrintUsage(const char *progname) #ifdef HAVE_NETMAP printf("\t--netmap[=] : run in netmap mode, no value select interfaces from suricata.yaml\n"); #endif +#ifdef HAVE_PFRING + printf("\t--pfring[=] : run in pfring mode, use interfaces from suricata.yaml\n"); + printf("\t--pfring-int : run in pfring mode, use interface \n"); + printf("\t--pfring-cluster-id : pfring cluster id \n"); + printf("\t--pfring-cluster-type : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n"); +#endif /* HAVE_PFRING */ printf("\t--simulate-ips : force engine into IPS mode. Useful for QA\n"); #ifdef HAVE_LIBCAP_NG printf("\t--user : run suricata as this user after init\n"); @@ -704,6 +710,9 @@ static void PrintBuildInfo(void) #ifdef HAVE_PCAP_SET_BUFF strlcat(features, "PCAP_SET_BUFF ", sizeof(features)); #endif +#ifdef HAVE_PFRING + strlcat(features, "PF_RING ", sizeof(features)); +#endif #ifdef HAVE_AF_PACKET strlcat(features, "AF_PACKET ", sizeof(features)); #endif @@ -981,6 +990,16 @@ static TmEcode ParseInterfacesList(const int runmode, char *pcap_dev) SCReturnInt(TM_ECODE_FAILED); } } + } else if (runmode == RUNMODE_PLUGIN) { + if (strcmp(suricata.capture_plugin_name, "pfring") == 0) { + /* Special handling for pfring. */ + if (strlen(pcap_dev)) { + if (ConfSetFinal("pfring.live-interface", pcap_dev) != 1) { + SCLogError("Failed to set pfring.live-interface"); + SCReturnInt(TM_ECODE_FAILED); + } + } + } #ifdef HAVE_DPDK } else if (runmode == RUNMODE_DPDK) { char iface_selector[] = "dpdk.interfaces"; @@ -1317,6 +1336,10 @@ TmEcode SCParseCommandLine(int argc, char **argv) struct option long_opts[] = { {"dump-config", 0, &dump_config, 1}, {"dump-features", 0, &dump_features, 1}, + {"pfring", optional_argument, 0, 0}, + {"pfring-int", required_argument, 0, 0}, + {"pfring-cluster-id", required_argument, 0, 0}, + {"pfring-cluster-type", required_argument, 0, 0}, #ifdef HAVE_DPDK {"dpdk", 0, 0, 0}, #endif @@ -1399,10 +1422,54 @@ TmEcode SCParseCommandLine(int argc, char **argv) while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) { switch (opt) { case 0: - if (strcmp((long_opts[option_index]).name, "capture-plugin") == 0) { + if (strcmp((long_opts[option_index]).name , "pfring") == 0 || + strcmp((long_opts[option_index]).name , "pfring-int") == 0) { +#ifdef HAVE_PFRING + /* TODO: Which plugin? */ + suri->run_mode = RUNMODE_PLUGIN; + suri->capture_plugin_name = "pfring"; + if (optarg != NULL) { + memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev)); + strlcpy(suri->pcap_dev, optarg, + ((strlen(optarg) < sizeof(suri->pcap_dev)) ? + (strlen(optarg) + 1) : sizeof(suri->pcap_dev))); + LiveRegisterDeviceName(optarg); + } +#else + SCLogError("PF_RING not enabled. Make sure " + "to pass --enable-pfring to configure when building."); + return TM_ECODE_FAILED; +#endif /* HAVE_PFRING */ + } + else if(strcmp((long_opts[option_index]).name , "pfring-cluster-id") == 0){ +#ifdef HAVE_PFRING + if (ConfSetFinal("pfring.cluster-id", optarg) != 1) { + SCLogError("failed to set pfring.cluster-id"); + return TM_ECODE_FAILED; + } +#else + SCLogError("PF_RING not enabled. Make sure " + "to pass --enable-pfring to configure when building."); + return TM_ECODE_FAILED; +#endif /* HAVE_PFRING */ + } + else if(strcmp((long_opts[option_index]).name , "pfring-cluster-type") == 0){ +#ifdef HAVE_PFRING + if (ConfSetFinal("pfring.cluster-type", optarg) != 1) { + SCLogError("failed to set pfring.cluster-type"); + return TM_ECODE_FAILED; + } +#else + SCLogError("PF_RING not enabled. Make sure " + "to pass --enable-pfring to configure when building."); + return TM_ECODE_FAILED; +#endif /* HAVE_PFRING */ + } + else if (strcmp((long_opts[option_index]).name , "capture-plugin") == 0){ suri->run_mode = RUNMODE_PLUGIN; suri->capture_plugin_name = optarg; - } else if (strcmp((long_opts[option_index]).name, "capture-plugin-args") == 0) { + } + else if (strcmp((long_opts[option_index]).name , "capture-plugin-args") == 0){ suri->capture_plugin_args = optarg; } else if (strcmp((long_opts[option_index]).name, "dpdk") == 0) { if (ParseCommandLineDpdk(suri, optarg) != TM_ECODE_OK) { @@ -2391,6 +2458,7 @@ static int ConfigGetCaptureValue(SCInstance *suri) * interface really is igb0 */ strip_trailing_plus = 1; /* fall through */ + case RUNMODE_PLUGIN: case RUNMODE_PCAP_DEV: case RUNMODE_AFP_DEV: case RUNMODE_AFXDP_DEV: