From b7e78d33b105105273a6275ae48e914b4de9021f Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Tue, 26 Mar 2013 16:32:36 +0100 Subject: [PATCH] af-packet: warn about BPF filter consequence in IPS mode This patch add a message to warn user about the impact of using a BPF filter in IPS mode. --- src/source-af-packet.c | 6 ++++++ src/util-error.c | 1 + src/util-error.h | 1 + 3 files changed, 8 insertions(+) diff --git a/src/source-af-packet.c b/src/source-af-packet.c index 144ceb64c3..302e4a7125 100644 --- a/src/source-af-packet.c +++ b/src/source-af-packet.c @@ -1545,8 +1545,14 @@ TmEcode ReceiveAFPThreadInit(ThreadVars *tv, void *initdata, void **data) { if (ptv->copy_mode != AFP_COPY_MODE_NONE) { strlcpy(ptv->out_iface, afpconfig->out_iface, AFP_IFACE_NAME_LENGTH); ptv->out_iface[AFP_IFACE_NAME_LENGTH - 1]= '\0'; + /* Warn about BPF filter consequence */ + if (ptv->bpf_filter) { + SCLogWarning(SC_WARN_UNCOMMON, "Enabling a BPF filter in IPS mode result" + " in dropping all non matching packets."); + } } + if (AFPPeersListAdd(ptv) == TM_ECODE_FAILED) { SCFree(ptv); afpconfig->DerefFunc(afpconfig); diff --git a/src/util-error.c b/src/util-error.c index db91a3b2fb..8590d322a8 100644 --- a/src/util-error.c +++ b/src/util-error.c @@ -246,6 +246,7 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_ERR_NO_REPUTATION); CASE_CODE (SC_ERR_NOT_SUPPORTED); CASE_CODE (SC_ERR_LIVE_RULE_SWAP); + CASE_CODE (SC_WARN_UNCOMMON); default: return "UNKNOWN_ERROR"; } diff --git a/src/util-error.h b/src/util-error.h index 932871094b..f04152137b 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -259,6 +259,7 @@ typedef enum { SC_ERR_NO_GEOIP_SUPPORT, SC_ERR_GEOIP_ERROR, SC_ERR_LIVE_RULE_SWAP, + SC_WARN_UNCOMMON, } SCError; const char *SCErrorToString(SCError); -- 2.47.3