packetpool: allow larger max-pending-packets

Original limit was due to a specific data structure.

diff --git a/plugins/pfring/source-pfring.c b/plugins/pfring/source-pfring.c
index 7ac9b24817e1ecdd2e6c7c8a133d6d57f03dc0f9..aece8153d0bbb6e3feb5180e842292b3c261afbe 100644 (file)
--- a/plugins/pfring/source-pfring.c
+++ b/plugins/pfring/source-pfring.c
@@ -59,7 +59,7 @@ TmEcode DecodePfringThreadInit(ThreadVars *, const void *, void **);
 TmEcode DecodePfring(ThreadVars *, Packet *, void *);
 TmEcode DecodePfringThreadDeinit(ThreadVars *tv, void *data);
 
-extern uint16_t max_pending_packets;
+extern uint32_t max_pending_packets;
 
 #include <pfring.h>
 

diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c
index c7f61fb00c584954b58a9dee262c9f618349a7cc..20501d749565dae2736e8f08771b5c039ee3cd1b 100644 (file)
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@@ -59,7 +59,7 @@
 #include "source-af-packet.h"
 #include "util-bpf.h"
 
-extern uint16_t max_pending_packets;
+extern uint32_t max_pending_packets;
 
 const char *RunModeAFPGetDefaultMode(void)
 {
@@ -685,7 +685,7 @@ finalize:
     (void) SC_ATOMIC_ADD(aconf->ref, aconf->threads);
 
     if (aconf->ring_size != 0) {
-        if (aconf->ring_size * aconf->threads < max_pending_packets) {
+        if (aconf->ring_size * aconf->threads < (int)max_pending_packets) {
             aconf->ring_size = max_pending_packets / aconf->threads + 1;
             SCLogWarning("%s: inefficient setup: ring-size < max_pending_packets. "
                          "Resetting to decent value %d.",

diff --git a/src/runmode-netmap.c b/src/runmode-netmap.c
index 0728cf662525d25a091dcf8408ef9e56f80982e8..b1771b16c28693adb0048ffb1b37521436f0c025 100644 (file)
--- a/src/runmode-netmap.c
+++ b/src/runmode-netmap.c
@@ -50,7 +50,7 @@
 #include "suricata.h"
 #include "util-bpf.h"
 
-extern uint16_t max_pending_packets;
+extern uint32_t max_pending_packets;
 
 const char *RunModeNetmapGetDefaultMode(void)
 {

diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c
index ec5951340bcace3a1e1f91a90062672575d0b27e..148d5bf5aa5c1fb37953c4f84163092d3fff66ee 100644 (file)
--- a/src/runmode-unittests.c
+++ b/src/runmode-unittests.c
@@ -269,7 +269,7 @@ void RunUnittests(int list_unittests, const char *regex_arg)
         UtListTests(regex_arg);
     } else {
         /* global packet pool */
-        extern uint16_t max_pending_packets;
+        extern uint32_t max_pending_packets;
         max_pending_packets = 128;
         PacketPoolInit();
 

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index f4614bf9f4b930d44a401f543d803641df68a324..e71a4f5f9f088645288222d95a91f98256eb3f97 100644 (file)
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -118,7 +118,7 @@ struct bpf_program {
 
 #endif /* HAVE_AF_PACKET */
 
-extern uint16_t max_pending_packets;
+extern uint32_t max_pending_packets;
 
 #ifndef HAVE_AF_PACKET
 

diff --git a/src/source-erf-dag.c b/src/source-erf-dag.c
index ebac89e2d8b9b8dc71e1aa8696029d6fca6d7a28..f5e4239554b7015851a075c9ee68d915c4a9cfdf 100644 (file)
--- a/src/source-erf-dag.c
+++ b/src/source-erf-dag.c
@@ -89,7 +89,7 @@ NoErfDagSupportExit(ThreadVars *tv, const void *initdata, void **data)
 /* Number of bytes per loop to process before fetching more data. */
 #define BYTES_PER_LOOP (4 * 1024 * 1024) /* 4 MB */
 
-extern uint16_t max_pending_packets;
+extern uint32_t max_pending_packets;
 
 typedef struct ErfDagThreadVars_ {
     ThreadVars *tv;

diff --git a/src/source-ipfw.c b/src/source-ipfw.c
index db9609d4630c5ddf0eb56417fd639dfdf3f2166d..cf1c9472a98586e378e6d74b9b16c028cb5986b3 100644 (file)
--- a/src/source-ipfw.c
+++ b/src/source-ipfw.c
@@ -98,7 +98,7 @@ TmEcode NoIPFWSupportExit(ThreadVars *tv, const void *initdata, void **data)
 
 #define IPFW_SOCKET_POLL_MSEC 300
 
-extern uint16_t max_pending_packets;
+extern uint32_t max_pending_packets;
 
 /**
  * \brief Structure to hold thread specific variables.

diff --git a/src/source-napatech.c b/src/source-napatech.c
index 69eaec21114a2be1cde8b46c11992472226d4bc4..2edbc3c9c51f61577381798d569cbb92e3c3e4be 100644 (file)
--- a/src/source-napatech.c
+++ b/src/source-napatech.c
@@ -81,7 +81,7 @@ TmEcode NoNapatechSupportExit(ThreadVars *tv, const void *initdata, void **data)
 #include <numa.h>
 #include <nt.h>
 
-extern uint16_t max_pending_packets;
+extern uint32_t max_pending_packets;
 
 typedef struct NapatechThreadVars_
 {

diff --git a/src/source-nfq.c b/src/source-nfq.c
index 4e85336e42d6c4ae2316c70f608203c703faa812..6a5f9d2074a2ebdd9a2f9a3015c1c35ea9ed8230 100644 (file)
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -97,7 +97,7 @@ static TmEcode NoNFQSupportExit(ThreadVars *tv, const void *initdata, void **dat
 
 #else /* we do have NFQ support */
 
-extern uint16_t max_pending_packets;
+extern uint32_t max_pending_packets;
 
 #define MAX_ALREADY_TREATED 5
 #define NFQ_VERDICT_RETRY_COUNT 3

diff --git a/src/source-pcap-file-helper.c b/src/source-pcap-file-helper.c
index 4984a44bff763f9669787e17b44342e8d466dcdd..6434ae2acc6aaac42ec3c13c0383e6fd008e3321 100644 (file)
--- a/src/source-pcap-file-helper.c
+++ b/src/source-pcap-file-helper.c
@@ -31,7 +31,7 @@
 #include "source-pcap-file.h"
 #include "util-exception-policy.h"
 
-extern uint16_t max_pending_packets;
+extern uint32_t max_pending_packets;
 extern PcapFileGlobalVars pcap_g;
 
 static void PcapFileCallbackLoop(char *user, struct pcap_pkthdr *h, u_char *pkt);

diff --git a/src/source-pcap-file.c b/src/source-pcap-file.c
index 647904a8bdec4b5969b48260d167b1870027c85f..e16970f3f1ee46ebce7bf0ca58e00c004ef99e92 100644 (file)
--- a/src/source-pcap-file.c
+++ b/src/source-pcap-file.c
@@ -33,7 +33,7 @@
 #include "suricata.h"
 #include "conf.h"
 
-extern uint16_t max_pending_packets;
+extern uint32_t max_pending_packets;
 PcapFileGlobalVars pcap_g;
 
 /**

diff --git a/src/suricata.c b/src/suricata.c
index a20b5f39cbcbfeafeca6ffdbb60b49da484c16a9..a10ba74c63888990174a30d2ebee79e3e31a0ecf 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -178,7 +178,7 @@ static enum EngineMode g_engine_mode = ENGINE_MODE_UNKNOWN;
 uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY;
 
 /** Maximum packets to simultaneously process. */
-uint16_t max_pending_packets;
+uint32_t max_pending_packets;
 
 /** global indicating if detection is enabled */
 int g_detect_disabled = 0;
@@ -2421,16 +2421,16 @@ static int ConfigGetCaptureValue(SCInstance *suri)
     intmax_t tmp_max_pending_packets;
     if (ConfGetInt("max-pending-packets", &tmp_max_pending_packets) != 1)
         tmp_max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
-    if (tmp_max_pending_packets < 1 || tmp_max_pending_packets >= UINT16_MAX) {
-        SCLogError("Maximum max-pending-packets setting is 65534 and must be greater than 0. "
+    if (tmp_max_pending_packets < 1 || tmp_max_pending_packets > 2147483648) {
+        SCLogError("Maximum max-pending-packets setting is 2147483648 and must be greater than 0. "
                    "Please check %s for errors",
                 suri->conf_filename);
         return TM_ECODE_FAILED;
     } else {
-        max_pending_packets = (uint16_t)tmp_max_pending_packets;
+        max_pending_packets = (uint32_t)tmp_max_pending_packets;
     }
 
-    SCLogDebug("Max pending packets set to %" PRIu16, max_pending_packets);
+    SCLogDebug("Max pending packets set to %" PRIu32, max_pending_packets);
 
     /* Pull the default packet size from the config, if not found fall
      * back on a sane default. */

diff --git a/src/tests/fuzz/fuzz_decodepcapfile.c b/src/tests/fuzz/fuzz_decodepcapfile.c
index 2b616dd6906e3f6b90cb70927fd1f1ecd5436bba..20fbeb8c4d6f2f06c1decd72766f98c6373f1708 100644 (file)
--- a/src/tests/fuzz/fuzz_decodepcapfile.c
+++ b/src/tests/fuzz/fuzz_decodepcapfile.c
@@ -78,7 +78,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         tmm_modules[TMM_DECODEPCAPFILE].ThreadInit(tv, NULL, (void **) &dtv);
         (void)SC_ATOMIC_SET(tv->tm_slots->slot_next->slot_data, dtv);
 
-        extern uint16_t max_pending_packets;
+        extern uint32_t max_pending_packets;
         max_pending_packets = 128;
         PacketPoolInit();
         SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);

diff --git a/src/tests/fuzz/fuzz_predefpcap_aware.c b/src/tests/fuzz/fuzz_predefpcap_aware.c
index 6bcfa70755b327afb83fe182b393a0c35b510b1a..e04d6aef3ecfe42bf2095c47cc8f05d40f248652 100644 (file)
--- a/src/tests/fuzz/fuzz_predefpcap_aware.c
+++ b/src/tests/fuzz/fuzz_predefpcap_aware.c
@@ -97,7 +97,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         tmm_modules[TMM_FLOWWORKER].ThreadInit(&tv, NULL, &fwd);
         StatsSetupPrivate(&tv);
 
-        extern uint16_t max_pending_packets;
+        extern uint32_t max_pending_packets;
         max_pending_packets = 128;
         PacketPoolInit();
         if (DetectEngineReload(&surifuzz) < 0) {

diff --git a/src/tests/fuzz/fuzz_sigpcap.c b/src/tests/fuzz/fuzz_sigpcap.c
index 63367fd2763e4e7a363779c678b955fd22348942..06e26ccc94ad17e4e8780c0deb26b0a7be8c3982 100644 (file)
--- a/src/tests/fuzz/fuzz_sigpcap.c
+++ b/src/tests/fuzz/fuzz_sigpcap.c
@@ -90,7 +90,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         tmm_modules[TMM_FLOWWORKER].ThreadInit(&tv, NULL, &fwd);
         StatsSetupPrivate(&tv);
 
-        extern uint16_t max_pending_packets;
+        extern uint32_t max_pending_packets;
         max_pending_packets = 128;
         PacketPoolInit();
         SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);

diff --git a/src/tests/fuzz/fuzz_sigpcap_aware.c b/src/tests/fuzz/fuzz_sigpcap_aware.c
index 75efd5c651f98495afa8701fd3c6311976baa4a6..3c564f25f7edfdefadfc8d0a39a2a0243b869d58 100644 (file)
--- a/src/tests/fuzz/fuzz_sigpcap_aware.c
+++ b/src/tests/fuzz/fuzz_sigpcap_aware.c
@@ -115,7 +115,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         tmm_modules[TMM_FLOWWORKER].ThreadInit(&tv, NULL, &fwd);
         StatsSetupPrivate(&tv);
 
-        extern uint16_t max_pending_packets;
+        extern uint32_t max_pending_packets;
         max_pending_packets = 128;
         PacketPoolInit();
         SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);

diff --git a/src/tmqh-packetpool.c b/src/tmqh-packetpool.c
index 2b0515cca2f718d15f6685ab99289eb729af2b7e..39ea3eff6cd70bc876abecf105e2bc0213fe6f64 100644 (file)
--- a/src/tmqh-packetpool.c
+++ b/src/tmqh-packetpool.c
@@ -35,7 +35,7 @@
 #include "util-validate.h"
 #include "action-globals.h"
 
-extern uint16_t max_pending_packets;
+extern uint32_t max_pending_packets;
 
 /* Number of freed packet to save for one pool before freeing them. */
 #define MAX_PENDING_RETURN_PACKETS 32
@@ -259,8 +259,7 @@ void PacketPoolInit(void)
     /* pre allocate packets */
     SCLogDebug("preallocating packets... packet size %" PRIuMAX "",
                (uintmax_t)SIZE_OF_PACKET);
-    int i = 0;
-    for (i = 0; i < max_pending_packets; i++) {
+    for (uint32_t i = 0; i < max_pending_packets; i++) {
         Packet *p = PacketGetFromAlloc();
         if (unlikely(p == NULL)) {
             FatalError("Fatal error encountered while allocating a packet. Exiting...");
@@ -459,8 +458,8 @@ void TmqhReleasePacketsToPacketPool(PacketQueue *pq)
  */
 void PacketPoolPostRunmodes(void)
 {
-    extern uint16_t max_pending_packets;
-    uint16_t pending_packets = max_pending_packets;
+    extern uint32_t max_pending_packets;
+    uint32_t pending_packets = max_pending_packets;
     if (pending_packets < RESERVED_PACKETS) {
         FatalError("'max-pending-packets' setting "
                    "must be at least %d",