suricata
runmode-pcap-file.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2010 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18#include "suricata-common.h"
19#include "tm-threads.h"
20#include "conf.h"
21#include "runmodes.h"
22#include "runmode-pcap-file.h"
23#include "output.h"
24
25#include "detect-engine.h"
26#include "source-pcap-file.h"
27
28#include "util-debug.h"
29#include "util-time.h"
30#include "util-cpu.h"
31#include "util-affinity.h"
32
33#include "util-runmodes.h"
34
35const char *RunModeFilePcapGetDefaultMode(void)
36{
37 return "autofp";
38}
39
40void RunModeFilePcapRegister(void)
41{
42 RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "single", "Single threaded pcap file mode",
43 RunModeFilePcapSingle, NULL);
44 RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "autofp",
45 "Multi-threaded pcap file mode. Packets from each flow are assigned to a consistent "
46 "detection thread",
47 RunModeFilePcapAutoFp, NULL);
48}
49
50/**
51 * \brief Single thread version of the Pcap file processing.
52 */
53int RunModeFilePcapSingle(void)
54{
55 const char *file = NULL;
56 char tname[TM_THREAD_NAME_MAX];
57
58 if (SCConfGet("pcap-file.file", &file) == 0) {
59 FatalError("Failed retrieving pcap-file from Conf");
60 }
61
62 TimeModeSetOffline();
63
64 PcapFileGlobalInit();
65
66 snprintf(tname, sizeof(tname), "%s#01", thread_name_single);
67
68 /* create the threads */
69 ThreadVars *tv = TmThreadCreatePacketHandler(tname,
70 "packetpool", "packetpool",
71 "packetpool", "packetpool",
72 "pktacqloop");
73 if (tv == NULL) {
74 FatalError("threading setup failed");
75 }
76
77 TmModule *tm_module = TmModuleGetByName("ReceivePcapFile");
78 if (tm_module == NULL) {
79 FatalError("TmModuleGetByName failed for ReceivePcap");
80 }
81 TmSlotSetFuncAppend(tv, tm_module, file);
82
83 tm_module = TmModuleGetByName("DecodePcapFile");
84 if (tm_module == NULL) {
85 FatalError("TmModuleGetByName DecodePcap failed");
86 }
87 TmSlotSetFuncAppend(tv, tm_module, NULL);
88
89 tm_module = TmModuleGetByName("FlowWorker");
90 if (tm_module == NULL) {
91 FatalError("TmModuleGetByName for FlowWorker failed");
92 }
93 TmSlotSetFuncAppend(tv, tm_module, NULL);
94
95 TmThreadSetCPU(tv, WORKER_CPU_SET);
96
97 if (TmThreadSpawn(tv) != TM_ECODE_OK) {
98 FatalError("TmThreadSpawn failed");
99 }
100 return 0;
101}
102
103/**
104 * \brief RunModeFilePcapAutoFp set up the following thread packet handlers:
105 * - Receive thread (from pcap file)
106 * - Decode thread
107 * - Stream thread
108 * - Detect: If we have only 1 cpu, it will setup one Detect thread
109 * If we have more than one, it will setup num_cpus - 1
110 * starting from the second cpu available.
111 * - Outputs thread
112 * By default the threads will use the first cpu available
113 * except the Detection threads if we have more than one cpu.
114 *
115 * \retval 0 If all goes well. (If any problem is detected the engine will
116 * exit()).
117 */
118int RunModeFilePcapAutoFp(void)
119{
120 SCEnter();
121 char tname[TM_THREAD_NAME_MAX];
122 char qname[TM_QUEUE_NAME_MAX];
123 uint16_t cpu = 0;
124 char *queues = NULL;
125 uint16_t thread;
126
127 const char *file = NULL;
128 if (SCConfGet("pcap-file.file", &file) == 0) {
129 FatalError("Failed retrieving pcap-file from Conf");
130 }
131 SCLogDebug("file %s", file);
132
133 TimeModeSetOffline();
134
135 PcapFileGlobalInit();
136
137 /* Available cpus */
138 uint16_t ncpus = UtilCpuGetNumProcessorsOnline();
139
140 /* start with cpu 1 so that if we're creating an odd number of detect
141 * threads we're not creating the most on CPU0. */
142 if (ncpus > 0)
143 cpu = 1;
144
145 /* always create at least one thread */
146 int thread_max = TmThreadGetNbThreads(WORKER_CPU_SET);
147 if (thread_max == 0)
148 thread_max = ncpus * threading_detect_ratio;
149 if (thread_max < 1)
150 thread_max = 1;
151 if (thread_max > 1024)
152 thread_max = 1024;
153
154 queues = RunmodeAutoFpCreatePickupQueuesString(thread_max);
155 if (queues == NULL) {
156 FatalError("RunmodeAutoFpCreatePickupQueuesString failed");
157 }
158
159 snprintf(tname, sizeof(tname), "%s#01", thread_name_autofp);
160
161 /* create the threads */
162 ThreadVars *tv_receivepcap =
163 TmThreadCreatePacketHandler(tname,
164 "packetpool", "packetpool",
165 queues, "flow",
166 "pktacqloop");
167 SCFree(queues);
168
169 if (tv_receivepcap == NULL) {
170 FatalError("threading setup failed");
171 }
172 TmModule *tm_module = TmModuleGetByName("ReceivePcapFile");
173 if (tm_module == NULL) {
174 FatalError("TmModuleGetByName failed for ReceivePcap");
175 }
176 TmSlotSetFuncAppend(tv_receivepcap, tm_module, file);
177
178 tm_module = TmModuleGetByName("DecodePcapFile");
179 if (tm_module == NULL) {
180 FatalError("TmModuleGetByName DecodePcap failed");
181 }
182 TmSlotSetFuncAppend(tv_receivepcap, tm_module, NULL);
183
184 TmThreadSetCPU(tv_receivepcap, RECEIVE_CPU_SET);
185
186 if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) {
187 FatalError("TmThreadSpawn failed");
188 }
189
190 for (thread = 0; thread < (uint16_t)thread_max; thread++) {
191 snprintf(tname, sizeof(tname), "%s#%02d", thread_name_workers, thread + 1);
192 snprintf(qname, sizeof(qname), "pickup%d", thread + 1);
193
194 SCLogDebug("tname %s, qname %s", tname, qname);
195 SCLogDebug("Assigning %s affinity to cpu %u", tname, cpu);
196
197 ThreadVars *tv_detect_ncpu =
198 TmThreadCreatePacketHandler(tname,
199 qname, "flow",
200 "packetpool", "packetpool",
201 "varslot");
202 if (tv_detect_ncpu == NULL) {
203 FatalError("TmThreadsCreate failed");
204 }
205
206 tm_module = TmModuleGetByName("FlowWorker");
207 if (tm_module == NULL) {
208 FatalError("TmModuleGetByName for FlowWorker failed");
209 }
210 TmSlotSetFuncAppend(tv_detect_ncpu, tm_module, NULL);
211
212 TmThreadSetGroupName(tv_detect_ncpu, "Detect");
213
214 TmThreadSetCPU(tv_detect_ncpu, WORKER_CPU_SET);
215
216 if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) {
217 FatalError("TmThreadSpawn failed");
218 }
219
220 if ((cpu + 1) == ncpus)
221 cpu = 0;
222 else
223 cpu++;
224 }
225
226 return 0;
227}
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition conf.c:350
tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32
RunModeFilePcapSingle
int RunModeFilePcapSingle(void)
Single thread version of the Pcap file processing.
Definition runmode-pcap-file.c:53
RunModeFilePcapGetDefaultMode
const char * RunModeFilePcapGetDefaultMode(void)
Definition runmode-pcap-file.c:35
RunModeFilePcapAutoFp
int RunModeFilePcapAutoFp(void)
RunModeFilePcapAutoFp set up the following thread packet handlers:
Definition runmode-pcap-file.c:118
RunModeFilePcapRegister
void RunModeFilePcapRegister(void)
Definition runmode-pcap-file.c:40
thread_name_single
const char * thread_name_single
Definition runmodes.c:67
threading_detect_ratio
float threading_detect_ratio
Definition runmodes.c:949
RunModeRegisterNewRunMode
void RunModeRegisterNewRunMode(enum SCRunModes runmode, const char *name, const char *description, int(*RunModeFunc)(void), int(*RunModeIsIPSEnabled)(void))
Registers a new runmode.
Definition runmodes.c:486
thread_name_autofp
const char * thread_name_autofp
Definition runmodes.c:66
thread_name_workers
const char * thread_name_workers
Definition runmodes.c:68
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition runmodes.h:30
PcapFileGlobalInit
void PcapFileGlobalInit(void)
Definition source-pcap-file.c:146
ThreadVars_
Per thread variable structure.
Definition threadvars.h:58
TmModule_
Definition tm-modules.h:47
TmModuleGetByName
TmModule * TmModuleGetByName(const char *name)
get a tm module ptr by name
Definition tm-modules.c:46
TM_ECODE_OK
@ TM_ECODE_OK
Definition tm-threads-common.h:81
TmSlotSetFuncAppend
void TmSlotSetFuncAppend(ThreadVars *tv, TmModule *tm, const void *data)
Appends a new entry to the slots.
Definition tm-threads.c:658
TmThreadGetNbThreads
int TmThreadGetNbThreads(uint8_t type)
Definition tm-threads.c:847
TmThreadSetGroupName
void TmThreadSetGroupName(ThreadVars *tv, const char *name)
Definition tm-threads.c:1681
TmThreadCreatePacketHandler
ThreadVars * TmThreadCreatePacketHandler(const char *name, const char *inq_name, const char *inqh_name, const char *outq_name, const char *outqh_name, const char *slots)
Creates and returns a TV instance for a Packet Processing Thread. This function doesn't support custo...
Definition tm-threads.c:1068
TmThreadSetCPU
TmEcode TmThreadSetCPU(ThreadVars *tv, uint8_t type)
Definition tm-threads.c:831
TmThreadSpawn
TmEcode TmThreadSpawn(ThreadVars *tv)
Spawns a thread associated with the ThreadVars instance tv.
Definition tm-threads.c:1724
TM_QUEUE_NAME_MAX
#define TM_QUEUE_NAME_MAX
Definition tm-threads.h:48
TM_THREAD_NAME_MAX
#define TM_THREAD_NAME_MAX
Definition tm-threads.h:49
RECEIVE_CPU_SET
@ RECEIVE_CPU_SET
Definition util-affinity.h:57
WORKER_CPU_SET
@ WORKER_CPU_SET
Definition util-affinity.h:58
UtilCpuGetNumProcessorsOnline
uint16_t UtilCpuGetNumProcessorsOnline(void)
Get the number of cpus online in the system.
Definition util-cpu.c:108
SCEnter
#define SCEnter(...)
Definition util-debug.h:277
FatalError
#define FatalError(...)
Definition util-debug.h:510
SCLogDebug
#define SCLogDebug(...)
Definition util-debug.h:275
SCFree
#define SCFree(p)
Definition util-mem.h:61
RunmodeAutoFpCreatePickupQueuesString
char * RunmodeAutoFpCreatePickupQueuesString(int n)
create a queue string for autofp to pass to the flow queue handler.
Definition util-runmodes.c:56
TimeModeSetOffline
void TimeModeSetOffline(void)
Definition util-time.c:105