::
- cpu-affinity:
- - management-cpu-set:
+ threading:
+ set-cpu-affinity: yes
+ cpu-affinity:
+ management-cpu-set:
cpu: [ 0 ] # include only these cpus in affinity settings
- - receive-cpu-set:
+ receive-cpu-set:
cpu: [ 0 ] # include only these cpus in affinity settings
- - worker-cpu-set:
+ worker-cpu-set:
cpu: [ "all" ]
mode: "exclusive"
# Use explicitly 3 threads and don't compute number by using
medium: [ "1-2" ]
high: [ 3 ]
default: "medium"
- - verdict-cpu-set:
+ verdict-cpu-set:
cpu: [ 0 ]
prio:
default: "high"
ports: $TEREDO_PORTS # syntax: '[3544, 1234]'
Using this default configuration, Teredo detection will run on UDP port
-3544. If the `ports` parameter is missing, or set to `any`, all ports will be
+1. If the `ports` parameter is missing, or set to `any`, all ports will be
inspected for possible presence of Teredo.
Recursion Level
# Suricata is multi-threaded. Here the threading can be influenced.
threading:
cpu-affinity:
- - management-cpu-set:
- cpu: [ "1-10" ] # include only these CPUs in affinity settings
- - receive-cpu-set:
- cpu: [ "0-10" ] # include only these CPUs in affinity settings
- - worker-cpu-set:
- cpu: [ "18-35", "54-71" ]
- mode: "exclusive"
- prio:
- low: [ 0 ]
- medium: [ "1" ]
- high: [ "18-35","54-71" ]
- default: "high"
+ management-cpu-set:
+ cpu: [ "1-10" ] # include only these CPUs in affinity settings
+ receive-cpu-set:
+ cpu: [ "0-10" ] # include only these CPUs in affinity settings
+ worker-cpu-set:
+ cpu: [ "18-35", "54-71" ]
+ mode: "exclusive"
+ prio:
+ low: [ 0 ]
+ medium: [ "1" ]
+ high: [ "18-35","54-71" ]
+ default: "high"
In the af-packet section of suricata.yaml config :
threading:
set-cpu-affinity: yes
cpu-affinity:
- - management-cpu-set:
- cpu: [ "120-127" ] # include only these cpus in affinity settings
- - receive-cpu-set:
- cpu: [ 0 ] # include only these cpus in affinity settings
- - worker-cpu-set:
- cpu: [ "8-55" ]
- mode: "exclusive"
- prio:
- high: [ "8-55" ]
- default: "high"
+ management-cpu-set:
+ cpu: [ "120-127" ] # include only these cpus in affinity settings
+ receive-cpu-set:
+ cpu: [ 0 ] # include only these cpus in affinity settings
+ worker-cpu-set:
+ cpu: [ "8-55" ]
+ mode: "exclusive"
+ prio:
+ high: [ "8-55" ]
+ default: "high"
In the af-packet section of suricata.yaml config:
- Spaces are accepted in HTTP1 URIs instead of in the protocol version. That is:
`GET /a b HTTP/1.1` gets now URI as `/a b` and protocol as `HTTP/1.1` when
it used to be URI as `/a` and protocol as `b HTTP/1.1`
+- The configuration structure of ``threading.cpu-affinity`` has been changed
+ from a list format to a dictionary format. Additionally, member properties of
+ `*-cpu-set` nodes have been moved one level up.
+ The support for list items such as `- worker-cpu-set`, `- management-cpu-set`,
+ etc. is still supported.
+ To convert to the new configuration format follow the example below or
+ the description in :ref:`suricata-yaml-threading`.
+
+ .. code-block:: diff
+
+ threading:
+ cpu-affinity:
+ - - worker-cpu-set:
+ - cpu: [0, 1]
+ + worker-cpu-set:
+ + cpu: [0, 1]
Removals
~~~~~~~~
*/
#include "suricata-common.h"
+#include "suricata.h"
#define _THREAD_AFFINITY
#include "util-affinity.h"
#include "conf.h"
return cpu;
}
+
+/**
+ * \brief Check if CPU affinity configuration node follows format used in Suricata 7 and below
+ * \retval true if CPU affinity uses Suricata <=7.0, false if it uses the new format (Suricata
+ * >=8.0)
+ */
+static bool AffinityConfigIsLegacy(void)
+{
+ static bool is_using_legacy_affinity_format = false;
+ if (thread_affinity_init_done == 0) {
+ // reset the flag
+ is_using_legacy_affinity_format = false;
+ } else {
+ return is_using_legacy_affinity_format;
+ }
+
+ SCConfNode *root = SCConfGetNode("threading.cpu-affinity");
+ if (root == NULL) {
+ return is_using_legacy_affinity_format;
+ }
+
+ SCConfNode *affinity;
+ TAILQ_FOREACH (affinity, &root->head, next) {
+ // If a child does not contain "-cpu-set", then the conf is legacy
+ // Names in the legacy format (list of *-cpu-sets) contain
+ // list item IDs - "0" : "management-cpu-set", "1" : "worker-cpu-set"
+ if (strstr(affinity->name, "-cpu-set") == NULL) {
+ is_using_legacy_affinity_format = true;
+ return is_using_legacy_affinity_format;
+ }
+ }
+
+ return is_using_legacy_affinity_format;
+}
#endif /* OS_WIN32 and __OpenBSD__ */
/**
#if !defined __CYGWIN__ && !defined OS_WIN32 && !defined __OpenBSD__ && !defined sun
if (thread_affinity_init_done == 0) {
AffinitySetupInit();
+ AffinityConfigIsLegacy();
thread_affinity_init_done = 1;
}
SCConfNode *affinity;
TAILQ_FOREACH(affinity, &root->head, next) {
- const char *setname = GetAffinitySetName(affinity->name);
+ char *v = AffinityConfigIsLegacy() ? affinity->val : affinity->name;
+ const char *setname = GetAffinitySetName(v);
if (setname == NULL) {
continue;
}
SCLogConfig("Found CPU affinity definition for \"%s\"", setname);
- SetupCpuSets(taf, affinity, setname);
- if (SetupAffinityPriority(taf, affinity, setname) < 0) {
+ SCConfNode *aff_query_node = AffinityConfigIsLegacy() ? affinity->head.tqh_first : affinity;
+ SetupCpuSets(taf, aff_query_node, setname);
+ if (SetupAffinityPriority(taf, aff_query_node, setname) < 0) {
SCLogError("Failed to setup priority for CPU affinity type: %s", setname);
continue;
}
- if (SetupAffinityMode(taf, affinity) < 0) {
+ if (SetupAffinityMode(taf, aff_query_node) < 0) {
SCLogError("Failed to setup mode for CPU affinity type: %s", setname);
continue;
}
- if (SetupAffinityThreads(taf, affinity) < 0) {
+ if (SetupAffinityThreads(taf, aff_query_node) < 0) {
SCLogError("Failed to setup threads for CPU affinity type: %s", setname);
continue;
}
projects / thirdparty / suricata.git / commitdiff
