af-packet: warn about BPF filter consequence in IPS mode

This patch add a message to warn user about the impact of using a
BPF filter in IPS mode.

diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 144ceb64c3d8e766c994d6b44d10a4000813ffeb..302e4a7125ebf766280dcb4e2b1086f6f7b7d708 100644 (file)
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -1545,8 +1545,14 @@ TmEcode ReceiveAFPThreadInit(ThreadVars *tv, void *initdata, void **data) {
     if (ptv->copy_mode != AFP_COPY_MODE_NONE) {
         strlcpy(ptv->out_iface, afpconfig->out_iface, AFP_IFACE_NAME_LENGTH);
         ptv->out_iface[AFP_IFACE_NAME_LENGTH - 1]= '\0';
+        /* Warn about BPF filter consequence */
+        if (ptv->bpf_filter) {
+            SCLogWarning(SC_WARN_UNCOMMON, "Enabling a BPF filter in IPS mode result"
+                      " in dropping all non matching packets.");
+        }
     }
 
+
     if (AFPPeersListAdd(ptv) == TM_ECODE_FAILED) {
         SCFree(ptv);
         afpconfig->DerefFunc(afpconfig);

diff --git a/src/util-error.c b/src/util-error.c
index db91a3b2fbad55b0a77af3d6335a5bdbdd3e33ce..8590d322a821fba697a82320a893159b8ae2600a 100644 (file)
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -246,6 +246,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_NO_REPUTATION);
         CASE_CODE (SC_ERR_NOT_SUPPORTED);
         CASE_CODE (SC_ERR_LIVE_RULE_SWAP);
+        CASE_CODE (SC_WARN_UNCOMMON);
         default:
             return "UNKNOWN_ERROR";
     }

diff --git a/src/util-error.h b/src/util-error.h
index 932871094b0fba116cbdee950bb1d552bd7e007d..f04152137b2267ceb4ffb2aa4517877a47ce87c3 100644 (file)
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -259,6 +259,7 @@ typedef enum {
     SC_ERR_NO_GEOIP_SUPPORT,
     SC_ERR_GEOIP_ERROR,
     SC_ERR_LIVE_RULE_SWAP,
+    SC_WARN_UNCOMMON,
 } SCError;
 
 const char *SCErrorToString(SCError);