aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Runmodes: remove 'auto' runmodes

Browse Source 
Remove 'auto' runmodes from all capture methods. It wasn't reliable
enough, as it didn't enforce inspection order of packets.
pull/1237/head
Victor Julien 11 years ago
parent 81c42f4916
commit 7025aabe75
8 changed files with 2 additions and 865 deletions
Show Stats Download Patch File Download Diff File

62
src/runmode-af-packet.c
Unescape Escape View File

@ -66,9 +66,6 @@ const char *RunModeAFPGetDefaultMode(void)
void RunModeIdsAFPRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "auto",
"Multi threaded af-packet mode",
RunModeIdsAFPAuto);
RunModeRegisterNewRunMode(RUNMODE_AFP_DEV, "single",
"Single threaded af-packet mode",
RunModeIdsAFPSingle);
@ -411,65 +408,6 @@ int AFPRunModeIsIPS()
return has_ips;
}
/**
* \brief RunModeIdsAFPAuto set up the following thread packet handlers:
* - Receive thread (from live iface)
* - Decode thread
* - Stream thread
* - Detect: If we have only 1 cpu, it will setup one Detect thread
* If we have more than one, it will setup num_cpus - 1
* starting from the second cpu available.
* - Respond/Reject thread
* - Outputs thread
* By default the threads will use the first cpu available
* except the Detection threads if we have more than one cpu.
*
* \param de_ctx Pointer to the Detection Engine.
*
* \retval 0 If all goes well. (If any problem is detected the engine will
* exit()).
*/
int RunModeIdsAFPAuto(DetectEngineCtx *de_ctx)
{
SCEnter();
#ifdef HAVE_AF_PACKET
int ret;
char *live_dev = NULL;
RunModeInitialize();
TimeModeSetLive();
(void)ConfGet("af-packet.live-interface", &live_dev);
if (AFPPeersListInit() != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "Unable to init peers list.");
exit(EXIT_FAILURE);
}
ret = RunModeSetLiveCaptureAuto(de_ctx,
ParseAFPConfig,
AFPConfigGeThreadsCount,
"ReceiveAFP",
"DecodeAFP", "RecvAFP",
live_dev);
if (ret != 0) {
SCLogError(SC_ERR_RUNMODE, "Unable to start runmode");
exit(EXIT_FAILURE);
}
/* In IPS mode each threads must have a peer */
if (AFPPeersListCheck() != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "Some IPS capture threads did not peer.");
exit(EXIT_FAILURE);
}
SCLogInfo("RunModeIdsAFPAuto initialised");
#endif
SCReturnInt(0);
}
int RunModeIdsAFPAutoFp(DetectEngineCtx *de_ctx)
{
SCEnter();

25
src/runmode-ipfw.c
Unescape Escape View File

@ -58,9 +58,6 @@ const char *RunModeIpsIPFWGetDefaultMode(void)
void RunModeIpsIPFWRegister(void)
{
default_mode = "autofp";
RunModeRegisterNewRunMode(RUNMODE_IPFW, "auto",
"Multi threaded IPFW IPS mode",
RunModeIpsIPFWAuto);
RunModeRegisterNewRunMode(RUNMODE_IPFW, "autofp",
"Multi threaded IPFW IPS mode with respect to flow",
@ -73,28 +70,6 @@ void RunModeIpsIPFWRegister(void)
return;
}
int RunModeIpsIPFWAuto(DetectEngineCtx *de_ctx)
{
SCEnter();
int ret = 0;
#ifdef IPFW
RunModeInitialize();
TimeModeSetLive();
LiveDeviceHasNoStats();
ret = RunModeSetIPSAuto(de_ctx,
IPFWGetThread,
"ReceiveIPFW",
"VerdictIPFW",
"DecodeIPFW");
#endif /* IPFW */
return ret;
}
int RunModeIpsIPFWAutoFp(DetectEngineCtx *de_ctx)
{
SCEnter();

18
src/runmode-napatech.c
Unescape Escape View File

@ -45,9 +45,8 @@
// need NapatechStreamDevConf structure
#include "source-napatech.h"
#define NT_RUNMODE_AUTO 1
#define NT_RUNMODE_AUTOFP 2
#define NT_RUNMODE_WORKERS 4
#define NT_RUNMODE_AUTOFP 1
#define NT_RUNMODE_WORKERS 2
static const char *default_mode = NULL;
#ifdef HAVE_NAPATECH
@ -63,9 +62,6 @@ void RunModeNapatechRegister(void)
{
#ifdef HAVE_NAPATECH
default_mode = "autofp";
RunModeRegisterNewRunMode(RUNMODE_NAPATECH, "auto",
"Multi threaded Napatech mode",
RunModeNapatechAuto);
RunModeRegisterNewRunMode(RUNMODE_NAPATECH, "autofp",
"Multi threaded Napatech mode. Packets from "
"each flow are assigned to a single detect "
@ -211,11 +207,6 @@ int NapatechInit(DetectEngineCtx *de_ctx, int runmode)
}
switch(runmode) {
case NT_RUNMODE_AUTO:
ret = RunModeSetLiveCaptureAuto(de_ctx, NapatechConfigParser, NapatechGetThreadsCount,
"NapatechStream", "NapatechDecode",
"RxNT", NULL);
break;
case NT_RUNMODE_AUTOFP:
ret = RunModeSetLiveCaptureAutoFp(de_ctx, NapatechConfigParser, NapatechGetThreadsCount,
"NapatechStream", "NapatechDecode",
@ -237,11 +228,6 @@ int NapatechInit(DetectEngineCtx *de_ctx, int runmode)
return 0;
}
int RunModeNapatechAuto(DetectEngineCtx *de_ctx)
{
return NapatechInit(de_ctx, NT_RUNMODE_AUTO);
}
int RunModeNapatechAutoFp(DetectEngineCtx *de_ctx)
{
return NapatechInit(de_ctx, NT_RUNMODE_AUTOFP);

45
src/runmode-nfq.c
Unescape Escape View File

@ -56,10 +56,6 @@ const char *RunModeIpsNFQGetDefaultMode(void)
void RunModeIpsNFQRegister(void)
{
default_mode = "autofp";
RunModeRegisterNewRunMode(RUNMODE_NFQ, "auto",
"Multi threaded NFQ IPS mode",
RunModeIpsNFQAuto);
RunModeRegisterNewRunMode(RUNMODE_NFQ, "autofp",
"Multi threaded NFQ IPS mode with respect to flow",
RunModeIpsNFQAutoFp);
@ -70,47 +66,6 @@ void RunModeIpsNFQRegister(void)
return;
}
/**
* \brief RunModeIpsNFQAuto set up the following thread packet handlers:
* - Receive thread (from NFQ)
* - Decode thread
* - Stream thread
* - Detect: If we have only 1 cpu, it will setup one Detect thread
* If we have more than one, it will setup num_cpus - 1
* starting from the second cpu available.
* - Veredict thread (NFQ)
* - Respond/Reject thread
* - Outputs thread
* By default the threads will use the first cpu available
* except the Detection threads if we have more than one cpu.
*
* \param de_ctx Pointer to the Detection Engine.
*
* \retval 0 If all goes well. (If any problem is detected the engine will
* exit()).
*/
int RunModeIpsNFQAuto(DetectEngineCtx *de_ctx)
{
SCEnter();
int ret = 0;
#ifdef NFQ
RunModeInitialize();
TimeModeSetLive();
LiveDeviceHasNoStats();
ret = RunModeSetIPSAuto(de_ctx,
NFQGetThread,
"ReceiveNFQ",
"VerdictNFQ",
"DecodeNFQ");
#endif /* NFQ */
return ret;
}
int RunModeIpsNFQAutoFp(DetectEngineCtx *de_ctx)
{
SCEnter();

164
src/runmode-pcap-file.c
Unescape Escape View File

@ -49,9 +49,6 @@ void RunModeFilePcapRegister(void)
RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "single",
"Single threaded pcap file mode",
RunModeFilePcapSingle);
RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "auto",
"Multi threaded pcap file mode",
RunModeFilePcapAuto);
default_mode = "autofp";
RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "autofp",
"Multi threaded pcap file mode. Packets from "
@ -130,167 +127,6 @@ int RunModeFilePcapSingle(DetectEngineCtx *de_ctx)
return 0;
}
/*
* \brief RunModeFilePcapAuto set up the following thread packet handlers:
* - Receive thread (from pcap file)
* - Decode thread
* - Stream thread
* - Detect: If we have only 1 cpu, it will setup one Detect thread
* If we have more than one, it will setup num_cpus - 1
* starting from the second cpu available.
* - Outputs thread
* By default the threads will use the first cpu available
* except the Detection threads if we have more than one cpu.
*
* \param de_ctx Pointer to the Detection Engine.
*
* \retval 0 If all goes well. (If any problem is detected the engine will
* exit()).
*/
int RunModeFilePcapAuto(DetectEngineCtx *de_ctx)
{
SCEnter();
char tname[TM_THREAD_NAME_MAX];
uint16_t cpu = 0;
TmModule *tm_module;
RunModeInitialize();
if (de_ctx == NULL) {
SCLogError(SC_ERR_RUNMODE, "can't mix runmode 'auto' and disabled detect");
return -1;
}
/* Available cpus */
uint16_t ncpus = UtilCpuGetNumProcessorsOnline();
char *file = NULL;
if (ConfGet("pcap-file.file", &file) == 0) {
SCLogError(SC_ERR_RUNMODE, "Failed retrieving pcap-file from Conf");
exit(EXIT_FAILURE);
}
SCLogDebug("file %s", file);
TimeModeSetOffline();
/* create the threads */
ThreadVars *tv_receivepcap =
TmThreadCreatePacketHandler("ReceivePcapFile",
"packetpool", "packetpool",
"detect-queue1", "simple",
"pktacqloop");
if (tv_receivepcap == NULL) {
SCLogError(SC_ERR_FATAL, "threading setup failed");
exit(EXIT_FAILURE);
}
tm_module = TmModuleGetByName("ReceivePcapFile");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName failed for ReceivePcap");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_receivepcap, tm_module, file);
tm_module = TmModuleGetByName("DecodePcapFile");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName DecodePcap failed");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_receivepcap, tm_module, NULL);
tm_module = TmModuleGetByName("StreamTcp");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName StreamTcp failed");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_receivepcap, tm_module, (void *)de_ctx);
TmThreadSetCPU(tv_receivepcap, RECEIVE_CPU_SET);
if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
/* start with cpu 1 so that if we're creating an odd number of detect
* threads we're not creating the most on CPU0. */
if (ncpus > 0)
cpu = 1;
/* always create at least one thread */
int thread_max = TmThreadGetNbThreads(DETECT_CPU_SET);
if (thread_max == 0)
thread_max = ncpus * threading_detect_ratio;
if (thread_max < 1)
thread_max = 1;
int thread;
for (thread = 0; thread < thread_max; thread++) {
snprintf(tname, sizeof(tname), "Detect%"PRIu16, thread+1);
char *thread_name = SCStrdup(tname);
if (unlikely(thread_name == NULL)) {
SCLogError(SC_ERR_RUNMODE, "failed to strdup thread name");
exit(EXIT_FAILURE);
}
SCLogDebug("Assigning %s affinity to cpu %u", thread_name, cpu);
ThreadVars *tv_detect_ncpu =
TmThreadCreatePacketHandler(thread_name,
"detect-queue1", "simple",
"alert-queue1", "simple",
"1slot");
if (tv_detect_ncpu == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadsCreate failed");
exit(EXIT_FAILURE);
}
tm_module = TmModuleGetByName("Detect");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName Detect failed");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_detect_ncpu, tm_module, (void *)de_ctx);
char *thread_group_name = SCStrdup("Detect");
if (unlikely(thread_group_name == NULL)) {
SCLogError(SC_ERR_RUNMODE, "error allocating memory");
exit(EXIT_FAILURE);
}
tv_detect_ncpu->thread_group_name = thread_group_name;
TmThreadSetCPU(tv_detect_ncpu, DETECT_CPU_SET);
if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
if ((cpu + 1) == ncpus)
cpu = 0;
else
cpu++;
}
ThreadVars *tv_outputs =
TmThreadCreatePacketHandler("Outputs",
"alert-queue1", "simple",
"packetpool", "packetpool",
"varslot");
if (tv_outputs == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadCreatePacketHandler for Outputs failed");
exit(EXIT_FAILURE);
}
SetupOutputs(tv_outputs);
TmThreadSetCPU(tv_outputs, OUTPUT_CPU_SET);
if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
return 0;
}
/**
* \brief RunModeFilePcapAutoFp set up the following thread packet handlers:
* - Receive thread (from pcap file)

51
src/runmode-pcap.c
Unescape Escape View File

@ -53,9 +53,6 @@ void RunModeIdsPcapRegister(void)
RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "single",
"Single threaded pcap live mode",
RunModeIdsPcapSingle);
RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "auto",
"Multi threaded pcap live mode",
RunModeIdsPcapAuto);
default_mode = "autofp";
RunModeRegisterNewRunMode(RUNMODE_PCAP_DEV, "autofp",
"Multi threaded pcap live mode. Packets from "
@ -265,54 +262,6 @@ int RunModeIdsPcapSingle(DetectEngineCtx *de_ctx)
SCReturnInt(0);
}
/**
* \brief RunModeIdsPcapAuto set up the following thread packet handlers:
* - Receive thread (from iface pcap)
* - Decode thread
* - Stream thread
* - Detect: If we have only 1 cpu, it will setup one Detect thread
* If we have more than one, it will setup num_cpus - 1
* starting from the second cpu available.
* - Respond/Reject thread
* - Outputs thread
* By default the threads will use the first cpu available
* except the Detection threads if we have more than one cpu.
*
* \param de_ctx Pointer to the Detection Engine.
*
* \retval 0 If all goes well. (If any problem is detected the engine will
* exit()).
*/
int RunModeIdsPcapAuto(DetectEngineCtx *de_ctx)
{
/* tname = Detect + cpuid, this is 11bytes length as max */
char *live_dev = NULL;
int ret;
SCEnter();
RunModeInitialize();
TimeModeSetLive();
(void) ConfGet("pcap.single-pcap-dev", &live_dev);
ret = RunModeSetLiveCaptureAuto(de_ctx,
ParsePcapConfig,
PcapConfigGeThreadsCount,
"ReceivePcap",
"DecodePcap", "RecvPcap",
live_dev);
if (ret != 0) {
SCLogError(SC_ERR_RUNMODE, "Runmode start failed");
exit(EXIT_FAILURE);
}
SCLogInfo("RunModeIdsPcapAuto initialised");
SCReturnInt(0);
}
/**
* \brief RunModIdsPcapAutoFp set up the following thread packet handlers:
* - Receive thread (from pcap device)

52
src/runmode-pfring.c
Unescape Escape View File

@ -54,9 +54,6 @@ const char *RunModeIdsPfringGetDefaultMode(void)
void RunModeIdsPfringRegister(void)
{
RunModeRegisterNewRunMode(RUNMODE_PFRING, "auto",
"Multi threaded pfring mode",
RunModeIdsPfringAuto);
default_mode_autofp = "autofp";
RunModeRegisterNewRunMode(RUNMODE_PFRING, "autofp",
"Multi threaded pfring mode. Packets from "
@ -421,55 +418,6 @@ static int GetDevAndParser(char **live_dev, ConfigIfaceParserFunc *parser)
}
#endif
/**
* \brief RunModeIdsPfringAuto set up the following thread packet handlers:
* - Receive thread (from pfring)
* - Decode thread
* - Stream thread
* - Detect: If we have only 1 cpu, it will setup one Detect thread
* If we have more than one, it will setup num_cpus - 1
* starting from the second cpu available.
* - Respond/Reject thread
* - Outputs thread
* By default the threads will use the first cpu available
* except the Detection threads if we have more than one cpu.
*
* \param de_ctx Pointer to the Detection Engine.
*
* \retval 0 If all goes well. (If any problem is detected the engine will
* exit()).
*/
int RunModeIdsPfringAuto(DetectEngineCtx *de_ctx)
{
SCEnter();
/* We include only if pfring is enabled */
#ifdef HAVE_PFRING
int ret;
char *live_dev = NULL;
ConfigIfaceParserFunc tparser;
RunModeInitialize();
TimeModeSetLive();
ret = GetDevAndParser(&live_dev, &tparser);
if (ret != 0) {
SCLogError(SC_ERR_MISSING_CONFIG_PARAM,
"Unable to get parser and interface params");
exit(EXIT_FAILURE);
}
ret = RunModeSetLiveCaptureAuto(de_ctx, tparser, PfringConfigGeThreadsCount,
"ReceivePfring", "DecodePfring",
"RxPFR", live_dev);
if (ret != 0) {
SCLogError(SC_ERR_RUNMODE, "Runmode start failed");
exit(EXIT_FAILURE);
}
#endif /* HAVE_PFRING */
return 0;
}
int RunModeIdsPfringAutoFp(DetectEngineCtx *de_ctx)
{
SCEnter();

450
src/util-runmodes.c
Unescape Escape View File

@ -47,250 +47,6 @@
#include "util-runmodes.h"
int RunModeSetLiveCaptureAuto(DetectEngineCtx *de_ctx,
ConfigIfaceParserFunc ConfigParser,
ConfigIfaceThreadsCountFunc ModThreadsCount,
char *recv_mod_name,
char *decode_mod_name, char *thread_name,
const char *live_dev)
{
/* Available cpus */
uint16_t ncpus = UtilCpuGetNumProcessorsOnline();
int nlive = LiveGetDeviceCount();
TmModule *tm_module;
char tname[TM_THREAD_NAME_MAX];
int thread;
if (de_ctx == NULL) {
SCLogError(SC_ERR_RUNMODE, "can't use runmode 'auto' when detection is disabled");
return -1;
}
if ((nlive <= 1) && (live_dev != NULL)) {
void *aconf;
SCLogDebug("live_dev %s", live_dev);
aconf = ConfigParser(live_dev);
if (aconf == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Single dev: Failed to allocate config");
exit(EXIT_FAILURE);
}
if (ModThreadsCount(aconf) > 1) {
SCLogWarning(SC_ERR_UNIMPLEMENTED, "'Auto' running mode does not honor 'threads'"
" variable (set on '%s'). Please use another mode as"
" 'autofp' or 'worker'",
live_dev);
}
/* create the threads */
ThreadVars *tv_receive =
TmThreadCreatePacketHandler(recv_mod_name,
"packetpool", "packetpool",
"pickup-queue", "simple",
"pktacqloop");
if (tv_receive == NULL) {
SCLogError(SC_ERR_THREAD_CREATE, "TmThreadsCreate failed");
exit(EXIT_FAILURE);
}
tm_module = TmModuleGetByName(recv_mod_name);
if (tm_module == NULL) {
SCLogError(SC_ERR_INVALID_VALUE, "TmModuleGetByName failed for %s", recv_mod_name);
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_receive, tm_module, aconf);
TmThreadSetCPU(tv_receive, RECEIVE_CPU_SET);
if (TmThreadSpawn(tv_receive) != TM_ECODE_OK) {
SCLogError(SC_ERR_THREAD_SPAWN, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
} else {
SCLogInfo("Using %d live device(s).", nlive);
for (thread = 0; thread < nlive; thread++) {
char *live_dev = LiveGetDeviceName(thread);
char *tnamec = NULL;
void *aconf;
if (live_dev == NULL) {
SCLogError(SC_ERR_INVALID_VALUE, "Multidev: Failed to lookup live dev %d", thread);
exit(EXIT_FAILURE);
}
SCLogDebug("live_dev %s", live_dev);
aconf = ConfigParser(live_dev);
if (aconf == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate config for %s (%d)",
live_dev, thread);
exit(EXIT_FAILURE);
}
if (ModThreadsCount(aconf) > 1) {
SCLogWarning(SC_ERR_UNIMPLEMENTED, "'Auto' running mode does not honor 'threads'"
" variable (set on '%s'). Please use another mode as"
" 'autofp' or 'worker'",
live_dev);
}
snprintf(tname, sizeof(tname),"%s-%s", thread_name, live_dev);
tnamec = SCStrdup(tname);
if (unlikely(tnamec == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC, "Can't allocate thread name");
exit(EXIT_FAILURE);
}
/* create the threads */
ThreadVars *tv_receive =
TmThreadCreatePacketHandler(tnamec,
"packetpool", "packetpool",
"pickup-queue", "simple",
"pktacqloop");
if (tv_receive == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadsCreate failed");
exit(EXIT_FAILURE);
}
tm_module = TmModuleGetByName(recv_mod_name);
if (tm_module == NULL) {
SCLogError(SC_ERR_INVALID_VALUE, "TmModuleGetByName failed for %s", recv_mod_name);
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_receive, tm_module, (void *)aconf);
TmThreadSetCPU(tv_receive, RECEIVE_CPU_SET);
if (TmThreadSpawn(tv_receive) != TM_ECODE_OK) {
SCLogError(SC_ERR_INVALID_VALUE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
}
}
ThreadVars *tv_decode1 =
TmThreadCreatePacketHandler("Decode & Stream",
"pickup-queue", "simple",
"stream-queue1", "simple",
"varslot");
if (tv_decode1 == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadsCreate failed for Decode1");
exit(EXIT_FAILURE);
}
tm_module = TmModuleGetByName(decode_mod_name);
if (tm_module == NULL) {
SCLogError(SC_ERR_INVALID_VALUE, "TmModuleGetByName %s failed", decode_mod_name);
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_decode1, tm_module, NULL);
tm_module = TmModuleGetByName("StreamTcp");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName StreamTcp failed");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_decode1, tm_module, NULL);
TmThreadSetCPU(tv_decode1, DECODE_CPU_SET);
if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
/* always create at least one thread */
int thread_max = TmThreadGetNbThreads(DETECT_CPU_SET);
if (thread_max == 0)
thread_max = ncpus * threading_detect_ratio;
if (thread_max < 1)
thread_max = 1;
for (thread = 0; thread < thread_max; thread++) {
snprintf(tname, sizeof(tname),"Detect%"PRIu16, thread+1);
char *thread_name = SCStrdup(tname);
if (unlikely(thread_name == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC, "Can't allocate thread name");
exit(EXIT_FAILURE);
}
ThreadVars *tv_detect_ncpu =
TmThreadCreatePacketHandler(thread_name,
"stream-queue1", "simple",
"verdict-queue", "simple",
"1slot");
if (tv_detect_ncpu == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadsCreate failed");
exit(EXIT_FAILURE);
}
tm_module = TmModuleGetByName("Detect");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName Detect failed");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppendDelayed(tv_detect_ncpu, tm_module,
(void *)de_ctx, de_ctx->delayed_detect);
TmThreadSetCPU(tv_detect_ncpu, DETECT_CPU_SET);
char *thread_group_name = SCStrdup("Detect");
if (unlikely(thread_group_name == NULL)) {
SCLogError(SC_ERR_RUNMODE, "Error allocating memory");
exit(EXIT_FAILURE);
}
tv_detect_ncpu->thread_group_name = thread_group_name;
if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) {
SCLogError(SC_ERR_THREAD_SPAWN, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
}
ThreadVars *tv_rreject =
TmThreadCreatePacketHandler("RespondReject",
"verdict-queue", "simple",
"alert-queue", "simple",
"1slot");
if (tv_rreject == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadsCreate failed");
exit(EXIT_FAILURE);
}
tm_module = TmModuleGetByName("RespondReject");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName for RespondReject failed");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_rreject, tm_module, NULL);
TmThreadSetCPU(tv_rreject, REJECT_CPU_SET);
if (TmThreadSpawn(tv_rreject) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
ThreadVars *tv_outputs =
TmThreadCreatePacketHandler("Outputs",
"alert-queue", "simple",
"packetpool", "packetpool",
"varslot");
if (tv_outputs == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadCreatePacketHandler for Outputs failed");
exit(EXIT_FAILURE);
}
SetupOutputs(tv_outputs);
TmThreadSetCPU(tv_outputs, OUTPUT_CPU_SET);
if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
return 0;
}
/** \brief create a queue string for autofp to pass to
* the flow queue handler.
*
@ -709,212 +465,6 @@ int RunModeSetLiveCaptureSingle(DetectEngineCtx *de_ctx,
}
int RunModeSetIPSAuto(DetectEngineCtx *de_ctx,
ConfigIPSParserFunc ConfigParser,
char *recv_mod_name,
char *verdict_mod_name,
char *decode_mod_name)
{
SCEnter();
char tname[TM_THREAD_NAME_MAX];
TmModule *tm_module ;
char *cur_queue = NULL;
/* Available cpus */
uint16_t ncpus = UtilCpuGetNumProcessorsOnline();
int nqueue = LiveGetDeviceCount();
if (de_ctx == NULL) {
SCLogError(SC_ERR_RUNMODE, "can't use runmode 'auto' when detection is disabled");
return -1;
}
for (int i = 0; i < nqueue; i++) {
/* create the threads */
cur_queue = LiveGetDeviceName(i);
if (cur_queue == NULL) {
SCLogError(SC_ERR_RUNMODE, "invalid queue number");
exit(EXIT_FAILURE);
}
memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Recv-Q%s", cur_queue);
char *thread_name = SCStrdup(tname);
if (unlikely(thread_name == NULL)) {
SCLogError(SC_ERR_RUNMODE, "failed to create thread name");
exit(EXIT_FAILURE);
}
ThreadVars *tv_receivenfq =
TmThreadCreatePacketHandler(thread_name,
"packetpool", "packetpool",
"pickup-queue", "simple",
"1slot_noinout");
if (tv_receivenfq == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadsCreate failed");
exit(EXIT_FAILURE);
}
tm_module = TmModuleGetByName(recv_mod_name);
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName failed for %s", recv_mod_name);
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_receivenfq, tm_module, (void *) ConfigParser(i));
TmThreadSetCPU(tv_receivenfq, RECEIVE_CPU_SET);
if (TmThreadSpawn(tv_receivenfq) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
}
/* decode and stream */
ThreadVars *tv_decode =
TmThreadCreatePacketHandler("Decode1",
"pickup-queue", "simple",
"decode-queue", "simple",
"varslot");
if (tv_decode == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadsCreate failed for Decode1");
exit(EXIT_FAILURE);
}
tm_module = TmModuleGetByName(decode_mod_name);
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName %s failed", decode_mod_name);
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_decode,tm_module,NULL);
tm_module = TmModuleGetByName("StreamTcp");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName StreamTcp failed");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_decode, tm_module, NULL);
TmThreadSetCPU(tv_decode, DECODE_CPU_SET);
if (TmThreadSpawn(tv_decode) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
/* always create at least one thread */
int thread_max = TmThreadGetNbThreads(DETECT_CPU_SET);
if (thread_max == 0)
thread_max = ncpus * threading_detect_ratio;
if (thread_max < 1)
thread_max = 1;
int thread;
for (thread = 0; thread < thread_max; thread++) {
memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Detect%"PRIu16, thread+1);
char *thread_name = SCStrdup(tname);
if (unlikely(thread_name == NULL)) {
SCLogError(SC_ERR_RUNMODE, "thread name creation failed");
exit(EXIT_FAILURE);
}
SCLogDebug("Assigning %s affinity", thread_name);
ThreadVars *tv_detect_ncpu =
TmThreadCreatePacketHandler(thread_name,
"decode-queue", "simple",
"verdict-queue", "simple",
"1slot");
if (tv_detect_ncpu == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadsCreate failed");
exit(EXIT_FAILURE);
}
tm_module = TmModuleGetByName("Detect");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName Detect failed");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppendDelayed(tv_detect_ncpu, tm_module,
(void *)de_ctx, de_ctx->delayed_detect);
TmThreadSetCPU(tv_detect_ncpu, DETECT_CPU_SET);
char *thread_group_name = SCStrdup("Detect");
if (unlikely(thread_group_name == NULL)) {
SCLogError(SC_ERR_RUNMODE, "error allocating memory");
exit(EXIT_FAILURE);
}
tv_detect_ncpu->thread_group_name = thread_group_name;
if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
}
/* create the threads */
for (int i = 0; i < nqueue; i++) {
memset(tname, 0, sizeof(tname));
snprintf(tname, sizeof(tname), "Verdict%"PRIu16, i);
char *thread_name = SCStrdup(tname);
if (unlikely(thread_name == NULL)) {
SCLogError(SC_ERR_RUNMODE, "thread name creation failed");
exit(EXIT_FAILURE);
}
ThreadVars *tv_verdict =
TmThreadCreatePacketHandler(thread_name,
"verdict-queue", "simple",
"alert-queue", "simple",
"varslot");
if (tv_verdict == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadsCreate failed");
exit(EXIT_FAILURE);
}
tm_module = TmModuleGetByName(verdict_mod_name);
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName %s failed", verdict_mod_name);
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_verdict, tm_module, (void *)ConfigParser(i));
tm_module = TmModuleGetByName("RespondReject");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName for RespondReject failed");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv_verdict, tm_module, NULL);
TmThreadSetCPU(tv_verdict, VERDICT_CPU_SET);
if (TmThreadSpawn(tv_verdict) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
};
ThreadVars *tv_outputs =
TmThreadCreatePacketHandler("Outputs",
"alert-queue", "simple",
"packetpool", "packetpool",
"varslot");
if (tv_outputs == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmThreadCreatePacketHandler for Outputs failed");
exit(EXIT_FAILURE);
}
TmThreadSetCPU(tv_outputs, OUTPUT_CPU_SET);
SetupOutputs(tv_outputs);
if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
return 0;
}
/**
* \param de_ctx detection engine, can be NULL
*/

Write Preview
Loading…
Cancel
Save