pfring.h brings a different version of likely/unlikely that gives
warnings. So make sure we include our own before.
Make sure pfring.h isn't included globally due to apparent redefinition
of pthread_rwlock_t.
This patch adds support for hw bypass by enabling flow offload in the network
card (when supported) and implementing the BypassPacketsFlow callback.
Hw bypass support is disabled by default, and can be enabled by setting
"bypass: yes" in the pfring interface configuration section in suricata.yaml.
Set flags by default:
-Wmissing-prototypes
-Wmissing-declarations
-Wstrict-prototypes
-Wwrite-strings
-Wcast-align
-Wbad-function-cast
-Wformat-security
-Wno-format-nonliteral
-Wmissing-format-attribute
-funsigned-char
Fix minor compiler warnings for these new flags on gcc and clang.
For af-packet, pf-ring, netmap, and pcap use a generic
lookup function to find the configuration node for an
interface.
The new lookup function does not depend on the ordering
of the items inside the device configuration.
Update FlowManager/Recycler to use global name.
Also add # into thread number.
Update af-packet to use global threadnames.
Update pcap to use global threadnames.
Update pfring to use global threadnames.
Update erf-dag to use global threadnames.
Update nflog to use global threadnames.
Update netmap to use global threadnames.
Update napatech to use global threadnames.
Suricata creates a pfring cluster with a default ID = 1 when not explicitly configured,
unless the device has prefix 'dna' or 'zc'. Since pf_ring also supports other cards
implementing kernel-bypass (cluster not supported), this is preventing those cards from
running on top of this module. This patch stops suricata on 'pfring_set_cluster' failure
only when error code != PF_RING_ERROR_NOT_SUPPORTED or cluster ID has not been explicitly
configured.
When handling error case on SCMallog, SCCalloc or SCStrdup
we are in an unlikely case. This patch adds the unlikely()
expression to indicate this to gcc.
This patch has been obtained via coccinelle. The transformation
is the following:
@istested@
identifier x;
statement S1;
identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)";
@@
x = func(...)
... when != x
- if (x == NULL) S1
+ if (unlikely(x == NULL)) S1
clang was issuing some warnings related to unused return in function.
This patch adds some needed error treatment and ignore the rest of the
warnings by adding a cast to void.
This patch modifies the RunModeSetLiveCaptureAuto() prototype to
be able to detect that a 'threads' variable (telling how much
threads must listen to one socket in IDS mode) has been used
in the configuration file. It then print a warning message
if this is the case.
When no interface was specified on command line, the workers and
single mode where not able to start due to the fact there was no
registered interfaces.
Previous commits have considerabily empowered the "single" mode which
could contain multiple threads. This behaviour was not a target for
this runmode and the following patch remedies to the situation by
introducing the "workers" mode where each thread do all the tasks
from acquisition to logging. This runmode is currently implemented
for af-packet and pf-ring.
A devide configuration can be used by multiple threads. It is thus
necessary to wait that all threads stop using the configuration before
freeing it. This patch introduces an atomic counter and a free function
which has to be called by each thread when it will not use anymore
the structure. If the configuration is not used anymore, it is freed
by the free function.
This patch convert pfring to pktacqloop and use the new factorisation
function. This also fixes commmand line parsing of pfring which is now
able to work like af-packet:
- 'suricata -c s.yaml --pfring' start suricata with all interfaces in
conf
- 'suricata -c s.yaml --pfring=eth2' start suricata on eth2
Victor Julien
Alfredo Cardigliano
Jason Ish
maxtors
Zachary Rasmor
Giuseppe Longo
Mats Klepsland
Eric Leblond
Anoop Saldanha
deltay
Anoop Saldanha
Gerardo Iglesias Galvan