From 6f1b40dd4b5fd2377815fe3a9c233c960aeb7391 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Thu, 8 Dec 2011 14:16:40 +0100 Subject: [PATCH] ipfw: don't use socket lock in 'worker' mode This patch is the IPFW version of NFQ latest patch. --- src/source-ipfw.c | 37 ++++++++++++++++++++++++++++++++----- src/source-ipfw.h | 1 + 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/src/source-ipfw.c b/src/source-ipfw.c index 0feb2d1240..869b3d6ee1 100644 --- a/src/source-ipfw.c +++ b/src/source-ipfw.c @@ -186,6 +186,34 @@ void TmModuleDecodeIPFWRegister (void) { tmm_modules[TMM_DECODEIPFW].RegisterTests = NULL; } +static inline void IPFWMutexInit(IPFWQueueVars *nq) +{ + char *active_runmode = RunmodeGetActive(); + + if (active_runmode && !strcmp("worker", active_runmode)) { + nq->use_mutex = 0; + SCLogInfo("IPFW running in 'worker' runmode, will not use mutex."); + } else { + nq->use_mutex = 1; + } + if (nq->use_mutex) + SCMutexInit(&nq->socket_lock, NULL); +} + +static inline void IPFWMutexLock(IPFWQueueVars *nq) +{ + if (nq->use_mutex) + SCMutexLock(&nq->socket_lock); +} + +static inline void IPFWMutexUnlock(IPFWQueueVars *nq) +{ + if (nq->use_mutex) + SCMutexUnlock(&nq->socket_lock); +} + + + /** * \brief Recieves packets from an interface via ipfw divert socket. * \todo Unit tests are needed for this module. @@ -233,7 +261,6 @@ TmEcode ReceiveIPFW(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pack } /* end while */ if ((pktlen = recvfrom(nq->fd, pkt, sizeof(pkt), 0,(struct sockaddr *)&nq->ipfw_sin, &nq->ipfw_sinlen)) == -1) { - /* We received an error on socket read */ if (errno == EINTR || errno == EWOULDBLOCK) { /* Nothing for us to process */ @@ -404,7 +431,7 @@ TmEcode ReceiveIPFWThreadInit(ThreadVars *tv, void *initdata, void **data) SCEnter(); - SCMutexInit(&nq->socket_lock, NULL); + IPFWMutexInit(nq); /* We need a divert socket to play with */ if ((nq->fd = socket(PF_INET, SOCK_RAW, IPPROTO_DIVERT)) == -1) { SCLogError(SC_ERR_IPFW_SOCK,"Can't create divert socket: %s", strerror(errno)); @@ -602,14 +629,14 @@ TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p) } } - SCMutexLock(&nq->socket_lock); + IPFWMutexLock(nq); if (sendto(nq->fd, GET_PKT_DATA(p), GET_PKT_LEN(p), 0,(struct sockaddr *)&nq->ipfw_sin, nq->ipfw_sinlen) == -1) { SCLogWarning(SC_WARN_IPFW_XMIT,"Write to ipfw divert socket failed: %s",strerror(errno)); - SCMutexUnlock(&nq->socket_lock); + IPFWMutexUnlock(&nq->socket_lock); SCReturnInt(TM_ECODE_FAILED); } - SCMutexUnlock(&nq->socket_lock); + IPFWMutexUnlock(nq); SCLogDebug("Sent Packet back into IPFW Len: %d",GET_PKT_LEN(p)); diff --git a/src/source-ipfw.h b/src/source-ipfw.h index 2abcb2cf61..ccfa6cc6d0 100644 --- a/src/source-ipfw.h +++ b/src/source-ipfw.h @@ -39,6 +39,7 @@ typedef struct IPFWQueueVars_ { int fd; SCMutex socket_lock; + uint8_t use_mutex; /* this one should be not changing after init */ uint16_t port_num; /* position into the ipfw queue var array */