/** * \brief RunModeIdsAFPAuto set up the following thread packet handlers: * - Receive thread (from live iface) * - Decode thread * - Stream thread * - Detect: If we have only 1 cpu, it will setup one Detect thread * If we have more than one, it will setup num_cpus - 1 * starting from the second cpu available. * - Respond/Reject thread * - Outputs thread * By default the threads will use the first cpu available * except the Detection threads if we have more than one cpu. * * \param de_ctx Pointer to the Detection Engine. * * \retval 0 If all goes well. (If any problem is detected the engine will * exit()). */ int RunModeIdsAFPAuto(DetectEngineCtx *de_ctx) { SCEnter(); #ifdef HAVE_AF_PACKET int ret; char *live_dev = NULL; RunModeInitialize(); TimeModeSetLive(); (void)ConfGet("af-packet.live-interface", &live_dev); ret = RunModeSetLiveCaptureAuto(de_ctx, ParseAFPConfig, AFPConfigGeThreadsCount, "ReceiveAFP", "DecodeAFP", "RecvAFP", live_dev); if (ret != 0) { SCLogError(SC_ERR_RUNMODE, "Unable to start runmode"); exit(EXIT_FAILURE); } SCLogInfo("RunModeIdsAFPAuto initialised"); #endif SCReturnInt(0); }
/** * \brief RunModeIdsPfringAuto set up the following thread packet handlers: * - Receive thread (from pfring) * - Decode thread * - Stream thread * - Detect: If we have only 1 cpu, it will setup one Detect thread * If we have more than one, it will setup num_cpus - 1 * starting from the second cpu available. * - Respond/Reject thread * - Outputs thread * By default the threads will use the first cpu available * except the Detection threads if we have more than one cpu. * * \param de_ctx Pointer to the Detection Engine. * * \retval 0 If all goes well. (If any problem is detected the engine will * exit()). */ int RunModeIdsPfringAuto(DetectEngineCtx *de_ctx) { SCEnter(); /* We include only if pfring is enabled */ #ifdef HAVE_PFRING int ret; char *live_dev = NULL; ConfigIfaceParserFunc tparser; RunModeInitialize(); TimeModeSetLive(); ret = GetDevAndParser(&live_dev, &tparser); if (ret != 0) { SCLogError(SC_ERR_MISSING_CONFIG_PARAM, "Unable to get parser and interface params"); exit(EXIT_FAILURE); } ret = RunModeSetLiveCaptureAuto(de_ctx, tparser, PfringConfigGeThreadsCount, "ReceivePfring", "DecodePfring", "RxPFR", live_dev); if (ret != 0) { SCLogError(SC_ERR_RUNMODE, "Runmode start failed"); exit(EXIT_FAILURE); } #endif /* HAVE_PFRING */ return 0; }
/** * \brief RunModeIdsPcapAuto set up the following thread packet handlers: * - Receive thread (from iface pcap) * - Decode thread * - Stream thread * - Detect: If we have only 1 cpu, it will setup one Detect thread * If we have more than one, it will setup num_cpus - 1 * starting from the second cpu available. * - Respond/Reject thread * - Outputs thread * By default the threads will use the first cpu available * except the Detection threads if we have more than one cpu. * * \param de_ctx Pointer to the Detection Engine. * * \retval 0 If all goes well. (If any problem is detected the engine will * exit()). */ int RunModeIdsPcapAuto(DetectEngineCtx *de_ctx) { /* tname = Detect + cpuid, this is 11bytes length as max */ char *live_dev = NULL; int ret; SCEnter(); RunModeInitialize(); TimeModeSetLive(); (void) ConfGet("pcap.single-pcap-dev", &live_dev); ret = RunModeSetLiveCaptureAuto(de_ctx, ParsePcapConfig, PcapConfigGeThreadsCount, "ReceivePcap", "DecodePcap", "RecvPcap", live_dev); if (ret != 0) { SCLogError(SC_ERR_RUNMODE, "Runmode start failed"); exit(EXIT_FAILURE); } SCLogInfo("RunModeIdsPcapAuto initialised"); SCReturnInt(0); }
/** * \brief RunModeIdsAFPAuto set up the following thread packet handlers: * - Receive thread (from live iface) * - Decode thread * - Stream thread * - Detect: If we have only 1 cpu, it will setup one Detect thread * If we have more than one, it will setup num_cpus - 1 * starting from the second cpu available. * - Respond/Reject thread * - Outputs thread * By default the threads will use the first cpu available * except the Detection threads if we have more than one cpu. * * \param de_ctx Pointer to the Detection Engine. * * \retval 0 If all goes well. (If any problem is detected the engine will * exit()). */ int RunModeIdsAFPAuto(DetectEngineCtx *de_ctx) { SCEnter(); #ifdef HAVE_AF_PACKET int ret; char *live_dev = NULL; RunModeInitialize(); TimeModeSetLive(); (void)ConfGet("af-packet.live-interface", &live_dev); if (AFPPeersListInit() != TM_ECODE_OK) { SCLogError(SC_ERR_RUNMODE, "Unable to init peers list."); exit(EXIT_FAILURE); } ret = RunModeSetLiveCaptureAuto(de_ctx, ParseAFPConfig, AFPConfigGeThreadsCount, "ReceiveAFP", "DecodeAFP", "RecvAFP", live_dev); if (ret != 0) { SCLogError(SC_ERR_RUNMODE, "Unable to start runmode"); exit(EXIT_FAILURE); } /* In IPS mode each threads must have a peer */ if (AFPPeersListCheck() != TM_ECODE_OK) { SCLogError(SC_ERR_RUNMODE, "Some IPS capture threads did not peer."); exit(EXIT_FAILURE); } SCLogInfo("RunModeIdsAFPAuto initialised"); #endif SCReturnInt(0); }