/**
* \brief RunModeIdsAFPAuto set up the following thread packet handlers:
* - Receive thread (from live iface)
* - Decode thread
* - Stream thread
* - Detect: If we have only 1 cpu, it will setup one Detect thread
* If we have more than one, it will setup num_cpus - 1
* starting from the second cpu available.
* - Respond/Reject thread
* - Outputs thread
* By default the threads will use the first cpu available
* except the Detection threads if we have more than one cpu.
*
* \param de_ctx Pointer to the Detection Engine.
*
* \retval 0 If all goes well. (If any problem is detected the engine will
* exit()).
*/
int RunModeIdsAFPAuto(DetectEngineCtx *de_ctx)
{
SCEnter();
#ifdef HAVE_AF_PACKET
int ret;
char *live_dev = NULL;
RunModeInitialize();
TimeModeSetLive();
(void)ConfGet("af-packet.live-interface", &live_dev);
ret = RunModeSetLiveCaptureAuto(de_ctx,
ParseAFPConfig,
AFPConfigGeThreadsCount,
"ReceiveAFP",
"DecodeAFP", "RecvAFP",
live_dev);
if (ret != 0) {
SCLogError(SC_ERR_RUNMODE, "Unable to start runmode");
exit(EXIT_FAILURE);
}
SCLogInfo("RunModeIdsAFPAuto initialised");
#endif
SCReturnInt(0);
}
/**
* \brief RunModeIdsPfringAuto set up the following thread packet handlers:
* - Receive thread (from pfring)
* - Decode thread
* - Stream thread
* - Detect: If we have only 1 cpu, it will setup one Detect thread
* If we have more than one, it will setup num_cpus - 1
* starting from the second cpu available.
* - Respond/Reject thread
* - Outputs thread
* By default the threads will use the first cpu available
* except the Detection threads if we have more than one cpu.
*
* \param de_ctx Pointer to the Detection Engine.
*
* \retval 0 If all goes well. (If any problem is detected the engine will
* exit()).
*/
int RunModeIdsPfringAuto(DetectEngineCtx *de_ctx)
{
SCEnter();
/* We include only if pfring is enabled */
#ifdef HAVE_PFRING
int ret;
char *live_dev = NULL;
ConfigIfaceParserFunc tparser;
RunModeInitialize();
TimeModeSetLive();
ret = GetDevAndParser(&live_dev, &tparser);
if (ret != 0) {
SCLogError(SC_ERR_MISSING_CONFIG_PARAM,
"Unable to get parser and interface params");
exit(EXIT_FAILURE);
}
ret = RunModeSetLiveCaptureAuto(de_ctx, tparser, PfringConfigGeThreadsCount,
"ReceivePfring", "DecodePfring",
"RxPFR", live_dev);
if (ret != 0) {
SCLogError(SC_ERR_RUNMODE, "Runmode start failed");
exit(EXIT_FAILURE);
}
#endif /* HAVE_PFRING */
return 0;
}
/**
* \brief RunModeIdsPcapAuto set up the following thread packet handlers:
* - Receive thread (from iface pcap)
* - Decode thread
* - Stream thread
* - Detect: If we have only 1 cpu, it will setup one Detect thread
* If we have more than one, it will setup num_cpus - 1
* starting from the second cpu available.
* - Respond/Reject thread
* - Outputs thread
* By default the threads will use the first cpu available
* except the Detection threads if we have more than one cpu.
*
* \param de_ctx Pointer to the Detection Engine.
*
* \retval 0 If all goes well. (If any problem is detected the engine will
* exit()).
*/
int RunModeIdsPcapAuto(DetectEngineCtx *de_ctx)
{
/* tname = Detect + cpuid, this is 11bytes length as max */
char *live_dev = NULL;
int ret;
SCEnter();
RunModeInitialize();
TimeModeSetLive();
(void) ConfGet("pcap.single-pcap-dev", &live_dev);
ret = RunModeSetLiveCaptureAuto(de_ctx,
ParsePcapConfig,
PcapConfigGeThreadsCount,
"ReceivePcap",
"DecodePcap", "RecvPcap",
live_dev);
if (ret != 0) {
SCLogError(SC_ERR_RUNMODE, "Runmode start failed");
exit(EXIT_FAILURE);
}
SCLogInfo("RunModeIdsPcapAuto initialised");
SCReturnInt(0);
}
/**
* \brief RunModeIdsAFPAuto set up the following thread packet handlers:
* - Receive thread (from live iface)
* - Decode thread
* - Stream thread
* - Detect: If we have only 1 cpu, it will setup one Detect thread
* If we have more than one, it will setup num_cpus - 1
* starting from the second cpu available.
* - Respond/Reject thread
* - Outputs thread
* By default the threads will use the first cpu available
* except the Detection threads if we have more than one cpu.
*
* \param de_ctx Pointer to the Detection Engine.
*
* \retval 0 If all goes well. (If any problem is detected the engine will
* exit()).
*/
int RunModeIdsAFPAuto(DetectEngineCtx *de_ctx)
{
SCEnter();
#ifdef HAVE_AF_PACKET
int ret;
char *live_dev = NULL;
RunModeInitialize();
TimeModeSetLive();
(void)ConfGet("af-packet.live-interface", &live_dev);
if (AFPPeersListInit() != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "Unable to init peers list.");
exit(EXIT_FAILURE);
}
ret = RunModeSetLiveCaptureAuto(de_ctx,
ParseAFPConfig,
AFPConfigGeThreadsCount,
"ReceiveAFP",
"DecodeAFP", "RecvAFP",
live_dev);
if (ret != 0) {
SCLogError(SC_ERR_RUNMODE, "Unable to start runmode");
exit(EXIT_FAILURE);
}
/* In IPS mode each threads must have a peer */
if (AFPPeersListCheck() != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "Some IPS capture threads did not peer.");
exit(EXIT_FAILURE);
}
SCLogInfo("RunModeIdsAFPAuto initialised");
#endif
SCReturnInt(0);
}
