af-packet: warn about BPF filter consequence in IPS mode

This patch add a message to warn user about the impact of using a BPF filter in IPS mode.
12 years ago · b7e78d33b1
parent dfbb31df8a
commit b7e78d33b1
3 changed files with 8 additions and 0 deletions
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@ -1545,8 +1545,14 @@ TmEcode ReceiveAFPThreadInit(ThreadVars *tv, void *initdata, void **data) {
    if (ptv->copy_mode != AFP_COPY_MODE_NONE) {
        strlcpy(ptv->out_iface, afpconfig->out_iface, AFP_IFACE_NAME_LENGTH);
        ptv->out_iface[AFP_IFACE_NAME_LENGTH - 1]= '\0';
        /* Warn about BPF filter consequence */
        if (ptv->bpf_filter) {
            SCLogWarning(SC_WARN_UNCOMMON, "Enabling a BPF filter in IPS mode result"
                      " in dropping all non matching packets.");
        }
    }
    if (AFPPeersListAdd(ptv) == TM_ECODE_FAILED) {
        SCFree(ptv);
        afpconfig->DerefFunc(afpconfig);
--- a/src/util-error.c
+++ b/src/util-error.c
@ -246,6 +246,7 @@ const char * SCErrorToString(SCError err)
        CASE_CODE (SC_ERR_NO_REPUTATION);
        CASE_CODE (SC_ERR_NOT_SUPPORTED);
        CASE_CODE (SC_ERR_LIVE_RULE_SWAP);
        CASE_CODE (SC_WARN_UNCOMMON);
        default:
            return "UNKNOWN_ERROR";
    }
--- a/src/util-error.h
+++ b/src/util-error.h
@ -259,6 +259,7 @@ typedef enum {
    SC_ERR_NO_GEOIP_SUPPORT,
    SC_ERR_GEOIP_ERROR,
    SC_ERR_LIVE_RULE_SWAP,
    SC_WARN_UNCOMMON,
 } SCError;
 const char *SCErrorToString(SCError);