DAQ_Mode DAQ_GetMode (const SnortConfig* sc)
{
if ( sc->daq_mode )
{
int i;
for ( i = 0; i < MAX_DAQ_MODE; i++ )
{
if ( !strcasecmp(daq_mode_string((DAQ_Mode)i), sc->daq_mode) )
{
if ( ScAdapterInlineMode() && (i != DAQ_MODE_INLINE) )
FatalError("DAQ '%s' mode incompatible with -Q!\n", sc->daq_mode);
return (DAQ_Mode)i;
}
}
FatalError("Bad DAQ mode '%s'!\n", sc->daq_mode);
}
if ( ScAdapterInlineMode() )
return DAQ_MODE_INLINE;
if ( ScReadMode() )
return DAQ_MODE_READ_FILE;
return DAQ_MODE_PASSIVE;
}
int DAQ_New (const SnortConfig* sc, const char* intf)
{
DAQ_Config_t cfg;
if ( !daq_mod )
FatalError("DAQ_Init not called!\n");
if ( intf )
interface_spec = SnortStrdup(intf);
intf = DAQ_GetInterfaceSpec();
memset(&cfg, 0, sizeof(cfg));
cfg.name = (char*)intf;
cfg.snaplen = snap;
cfg.timeout = PKT_TIMEOUT;
cfg.mode = daq_mode;
cfg.extra = NULL;
cfg.flags = 0;
DAQ_LoadVars(&cfg, sc);
if ( !ScReadMode() )
{
if ( !(sc->run_flags & RUN_FLAG__NO_PROMISCUOUS) )
cfg.flags |= DAQ_CFG_PROMISC;
}
DAQ_Config(&cfg);
if ( !DAQ_ValidateInstance() )
FatalError("DAQ configuration incompatible with intended operation.\n");
if ( DAQ_UnprivilegedStart() )
daq_dlt = daq_get_datalink_type(daq_mod, daq_hand);
if ( intf && *intf )
{
LogMessage("Acquiring network traffic from \"%s\".\n",
strcmp(intf, "-") == 0 ? "stdin" : intf);
}
DAQ_SetFilter(sc->bpf_filter);
daq_config_clear_values(&cfg);
return 0;
}
int Active_Init (SnortConfig* sc)
{
s_attempts = sc->respond_attempts;
if ( s_attempts > MAX_ATTEMPTS ) s_attempts = MAX_ATTEMPTS;
if ( s_enabled && !s_attempts ) s_attempts = 1;
if ( s_enabled && (!DAQ_CanInject() || sc->respond_device) )
{
if ( ScReadMode() || Active_Open(sc->respond_device) )
{
LogMessage("WARNING: active responses disabled since DAQ "
"can't inject packets.\n");
#ifndef REG_TEST
s_attempts = s_enabled = 0;
#endif
}
if (NULL != sc->eth_dst)
Encode_SetDstMAC(sc->eth_dst);
}
return 0;
}
/*
** NAME
** GetPktDropStats
**
** DESCRIPTION
** Gets the packet drop statisitics from OS.
** NOTE: Currently only pcap-based sniffing is supported. Should
** add native OS calls.
**
** FORMAL INPUT
** SFBASE * - ptr to struct
** SFBASE_STATS * - ptr to struct to fill in with perf stats
**
** FORMAL OUTPUT
** int - 0 is successful
*/
int GetPktDropStats(SFBASE *sfBase, SFBASE_STATS *sfBaseStats)
{
#ifndef PCAP_CLOSE
/* Network Interfaces. Right now we only check the first interface */
if ((pcap_handle == NULL)
#ifdef WIN32
|| (ScReadMode())
#endif
)
{
if (sfBase->iReset == 1)
{
sfBaseStats->pkt_stats.pkts_recv = sfBase->total_wire_packets;
}
else
{
sfBaseStats->pkt_stats.pkts_recv += sfBase->total_wire_packets;
}
sfBaseStats->pkt_stats.pkts_drop = 0;
sfBaseStats->pkt_drop_percent = 0.0;
return 0;
}
if (UpdatePcapPktStats() == -1)
#else
if (UpdatePcapPktStats(0) == -1)
#endif
{
if (perfmon_config->base_reset)
{
sfBaseStats->pkt_stats.pkts_recv = sfBase->total_wire_packets;
}
else
{
sfBaseStats->pkt_stats.pkts_recv += sfBase->total_wire_packets;
}
sfBaseStats->pkt_stats.pkts_drop = 0;
sfBaseStats->pkt_drop_percent = 0.0;
}
else
{
uint64_t recv, drop;
recv = GetPcapPktStatsRecv();
drop = GetPcapPktStatsDrop();
if (perfmon_config->base_reset)
{
sfBaseStats->pkt_stats.pkts_recv = recv - sfBase->pkt_stats.pkts_recv;
sfBaseStats->pkt_stats.pkts_drop = drop - sfBase->pkt_stats.pkts_drop;
}
else
{
sfBaseStats->pkt_stats.pkts_recv = recv;
sfBaseStats->pkt_stats.pkts_drop = drop;
}
sfBaseStats->pkt_drop_percent =
((double)sfBaseStats->pkt_stats.pkts_drop /
(double)sfBaseStats->pkt_stats.pkts_recv) * 100;
/*
** Reset sfBase stats for next go round.
*/
sfBase->pkt_stats.pkts_recv = recv;
sfBase->pkt_stats.pkts_drop = drop;
}
return 0;
}
