pcap: add 'promisc' YAML configuration variable

author Eric Leblond <eric@regit.org>

Fri, 15 Feb 2013 11:15:07 +0000 (12:15 +0100)

committer Victor Julien <victor@inliniac.net>

Thu, 21 Feb 2013 10:05:36 +0000 (11:05 +0100)
author Eric Leblond <eric@regit.org>
Fri, 15 Feb 2013 11:15:07 +0000 (12:15 +0100)
committer Victor Julien <victor@inliniac.net>
Thu, 21 Feb 2013 10:05:36 +0000 (11:05 +0100)
diff --git a/src/runmode-pcap.c b/src/runmode-pcap.c

index 1e56bdacca88508148a75e26367fedf3f36976f1..634d4e0e4e2e6bf7b3d43da1b8d99b09917b99d6 100644 (file)
--- a/src/runmode-pcap.c
+++ b/src/runmode-pcap.c
@@ -93,6 +93,7 @@ void *ParsePcapConfig(const char *iface)
      char *tmpbpf;
      char *tmpctype;
      intmax_t value;
+    int promisc = 0;
  
      if (unlikely(aconf == NULL)) {
          return NULL;
@@ -209,6 +210,13 @@ void *ParsePcapConfig(const char *iface)
          }
      }
  
+    aconf->promisc = LIBPCAP_PROMISC;
+    if (ConfGetChildValueBoolWithDefault(if_root, if_default, "promisc", &promisc) != 1) {
+        SCLogDebug("could not get promisc or none specified");
+    } else {
+        aconf->promisc = promisc;
+    }
+
      return aconf;
  }
  
diff --git a/src/source-pcap.c b/src/source-pcap.c

index cb9dd03a37344616c4e59f0d8c5600c9c1af3e4b..2567b2c5d020ba6495f4efc51c996a2f2b5f68e5 100644 (file)
--- a/src/source-pcap.c
+++ b/src/source-pcap.c
@@ -415,7 +415,8 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
          }
      }
  
-    int pcap_set_promisc_r = pcap_set_promisc(ptv->pcap_handle,LIBPCAP_PROMISC);
+    /* set Promisc, and Timeout. Must be called before pcap_activate */
+    int pcap_set_promisc_r = pcap_set_promisc(ptv->pcap_handle, pcapconfig->promisc);
      //printf("ReceivePcapThreadInit: pcap_set_promisc(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_promisc_r);
      if (pcap_set_promisc_r != 0) {
          SCLogError(SC_ERR_PCAP_SET_PROMISC, "Couldn't set promisc mode, error %s", pcap_geterr(ptv->pcap_handle));
diff --git a/src/source-pcap.h b/src/source-pcap.h

index 34e4cf31132b40f8bedf6a9ff16b5f464e26fca4..e3c3dbdb29cb07e2b8112f3e60da5cf8e81debf3 100644 (file)
--- a/src/source-pcap.h
+++ b/src/source-pcap.h
@@ -53,6 +53,8 @@ typedef struct PcapIfaceConfig_
      int threads;
      /* socket buffer size */
      int buffer_size;
+    /* promiscuous value */
+    int promisc;
      /* BPF filter */
      char *bpf_filter;
      ChecksumValidationMode checksum_mode;
diff --git a/suricata.yaml.in b/suricata.yaml.in

index c352d6305cb8473eb5fee0b6bce2bd67a28ac1ff..08e283a183976550c05ee15e9feceecd0b2963c1 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -709,6 +709,8 @@ pcap:
      # rings. In this case, set up the threads variable to N to start N threads
      # listening on the same interface.
      #threads: 16
+    # set to no to disable promiscuous mode:
+    #promisc: no
    # Put default values here
    - interface: default
      #checksum-checks: auto
author	Eric Leblond <eric@regit.org>
	Fri, 15 Feb 2013 11:15:07 +0000 (12:15 +0100)
committer	Victor Julien <victor@inliniac.net>
	Thu, 21 Feb 2013 10:05:36 +0000 (11:05 +0100)
src/runmode-pcap.c		patch \| blob \| blame \| history
src/source-pcap.c		patch \| blob \| blame \| history
src/source-pcap.h		patch \| blob \| blame \| history
suricata.yaml.in		patch \| blob \| blame \| history