suricata
runmode-pcap-file.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 #include "tm-threads.h"
20 #include "conf.h"
21 #include "runmodes.h"
22 #include "runmode-pcap-file.h"
23 #include "output.h"
24 
25 #include "detect-engine.h"
26 #include "source-pcap-file.h"
27 
28 #include "util-debug.h"
29 #include "util-time.h"
30 #include "util-cpu.h"
31 #include "util-affinity.h"
32 
33 #include "util-runmodes.h"
34 
35 const char *RunModeFilePcapGetDefaultMode(void)
36 {
37  return "autofp";
38 }
39 
40 void RunModeFilePcapRegister(void)
41 {
42  RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "single",
43  "Single threaded pcap file mode",
44  RunModeFilePcapSingle);
45  RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "autofp",
46  "Multi threaded pcap file mode. Packets from "
47  "each flow are assigned to a single detect thread, "
48  "unlike \"pcap-file-auto\" where packets from "
49  "the same flow can be processed by any detect "
50  "thread",
51  RunModeFilePcapAutoFp);
52 
53  return;
54 }
55 
56 /**
57  * \brief Single thread version of the Pcap file processing.
58  */
59 int RunModeFilePcapSingle(void)
60 {
61  const char *file = NULL;
62  char tname[TM_THREAD_NAME_MAX];
63 
64  if (ConfGet("pcap-file.file", &file) == 0) {
65  SCLogError(SC_ERR_RUNMODE, "Failed retrieving pcap-file from Conf");
66  exit(EXIT_FAILURE);
67  }
68 
69  RunModeInitialize();
70  TimeModeSetOffline();
71 
72  PcapFileGlobalInit();
73 
74  snprintf(tname, sizeof(tname), "%s#01", thread_name_single);
75 
76  /* create the threads */
77  ThreadVars *tv = TmThreadCreatePacketHandler(tname,
78  "packetpool", "packetpool",
79  "packetpool", "packetpool",
80  "pktacqloop");
81  if (tv == NULL) {
82  SCLogError(SC_ERR_RUNMODE, "threading setup failed");
83  exit(EXIT_FAILURE);
84  }
85 
86  TmModule *tm_module = TmModuleGetByName("ReceivePcapFile");
87  if (tm_module == NULL) {
88  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName failed for ReceivePcap");
89  exit(EXIT_FAILURE);
90  }
91  TmSlotSetFuncAppend(tv, tm_module, file);
92 
93  tm_module = TmModuleGetByName("DecodePcapFile");
94  if (tm_module == NULL) {
95  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName DecodePcap failed");
96  exit(EXIT_FAILURE);
97  }
98  TmSlotSetFuncAppend(tv, tm_module, NULL);
99 
100  tm_module = TmModuleGetByName("FlowWorker");
101  if (tm_module == NULL) {
102  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName for FlowWorker failed");
103  exit(EXIT_FAILURE);
104  }
105  TmSlotSetFuncAppend(tv, tm_module, NULL);
106 
107  TmThreadSetCPU(tv, WORKER_CPU_SET);
108 
109 #ifndef AFLFUZZ_PCAP_RUNMODE
110  if (TmThreadSpawn(tv) != TM_ECODE_OK) {
111  SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
112  exit(EXIT_FAILURE);
113  }
114 #else
115  /* in afl mode we don't spawn a new thread, but run the pipeline
116  * in the main thread */
117  tv->tm_func(tv);
118  int afl_runmode_exit_immediately = 0;
119  (void)ConfGetBool("afl.exit_after_pcap", &afl_runmode_exit_immediately);
120  if (afl_runmode_exit_immediately) {
121  SCLogNotice("exit because of afl-runmode-exit-after-pcap commandline option");
122  exit(EXIT_SUCCESS);
123  }
124 #endif
125 
126  return 0;
127 }
128 
129 /**
130  * \brief RunModeFilePcapAutoFp set up the following thread packet handlers:
131  * - Receive thread (from pcap file)
132  * - Decode thread
133  * - Stream thread
134  * - Detect: If we have only 1 cpu, it will setup one Detect thread
135  * If we have more than one, it will setup num_cpus - 1
136  * starting from the second cpu available.
137  * - Outputs thread
138  * By default the threads will use the first cpu available
139  * except the Detection threads if we have more than one cpu.
140  *
141  * \retval 0 If all goes well. (If any problem is detected the engine will
142  * exit()).
143  */
144 int RunModeFilePcapAutoFp(void)
145 {
146  SCEnter();
147  char tname[TM_THREAD_NAME_MAX];
148  char qname[TM_QUEUE_NAME_MAX];
149  uint16_t cpu = 0;
150  char *queues = NULL;
151  uint16_t thread;
152 
153  RunModeInitialize();
154 
155  const char *file = NULL;
156  if (ConfGet("pcap-file.file", &file) == 0) {
157  SCLogError(SC_ERR_RUNMODE, "Failed retrieving pcap-file from Conf");
158  exit(EXIT_FAILURE);
159  }
160  SCLogDebug("file %s", file);
161 
162  TimeModeSetOffline();
163 
164  PcapFileGlobalInit();
165 
166  /* Available cpus */
167  uint16_t ncpus = UtilCpuGetNumProcessorsOnline();
168 
169  /* start with cpu 1 so that if we're creating an odd number of detect
170  * threads we're not creating the most on CPU0. */
171  if (ncpus > 0)
172  cpu = 1;
173 
174  /* always create at least one thread */
175  int thread_max = TmThreadGetNbThreads(WORKER_CPU_SET);
176  if (thread_max == 0)
177  thread_max = ncpus * threading_detect_ratio;
178  if (thread_max < 1)
179  thread_max = 1;
180  if (thread_max > 1024)
181  thread_max = 1024;
182 
183  queues = RunmodeAutoFpCreatePickupQueuesString(thread_max);
184  if (queues == NULL) {
185  SCLogError(SC_ERR_RUNMODE, "RunmodeAutoFpCreatePickupQueuesString failed");
186  exit(EXIT_FAILURE);
187  }
188 
189  snprintf(tname, sizeof(tname), "%s#01", thread_name_autofp);
190 
191  /* create the threads */
192  ThreadVars *tv_receivepcap =
193  TmThreadCreatePacketHandler(tname,
194  "packetpool", "packetpool",
195  queues, "flow",
196  "pktacqloop");
197  SCFree(queues);
198 
199  if (tv_receivepcap == NULL) {
200  SCLogError(SC_ERR_FATAL, "threading setup failed");
201  exit(EXIT_FAILURE);
202  }
203  TmModule *tm_module = TmModuleGetByName("ReceivePcapFile");
204  if (tm_module == NULL) {
205  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName failed for ReceivePcap");
206  exit(EXIT_FAILURE);
207  }
208  TmSlotSetFuncAppend(tv_receivepcap, tm_module, file);
209 
210  tm_module = TmModuleGetByName("DecodePcapFile");
211  if (tm_module == NULL) {
212  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName DecodePcap failed");
213  exit(EXIT_FAILURE);
214  }
215  TmSlotSetFuncAppend(tv_receivepcap, tm_module, NULL);
216 
217  TmThreadSetCPU(tv_receivepcap, RECEIVE_CPU_SET);
218 
219  if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) {
220  SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
221  exit(EXIT_FAILURE);
222  }
223 
224  for (thread = 0; thread < (uint16_t)thread_max; thread++) {
225  snprintf(tname, sizeof(tname), "%s#%02u", thread_name_workers, thread+1);
226  snprintf(qname, sizeof(qname), "pickup%u", thread+1);
227 
228  SCLogDebug("tname %s, qname %s", tname, qname);
229  SCLogDebug("Assigning %s affinity to cpu %u", tname, cpu);
230 
231  ThreadVars *tv_detect_ncpu =
232  TmThreadCreatePacketHandler(tname,
233  qname, "flow",
234  "packetpool", "packetpool",
235  "varslot");
236  if (tv_detect_ncpu == NULL) {
237  SCLogError(SC_ERR_RUNMODE, "TmThreadsCreate failed");
238  exit(EXIT_FAILURE);
239  }
240 
241  tm_module = TmModuleGetByName("FlowWorker");
242  if (tm_module == NULL) {
243  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName for FlowWorker failed");
244  exit(EXIT_FAILURE);
245  }
246  TmSlotSetFuncAppend(tv_detect_ncpu, tm_module, NULL);
247 
248  TmThreadSetGroupName(tv_detect_ncpu, "Detect");
249 
250  TmThreadSetCPU(tv_detect_ncpu, WORKER_CPU_SET);
251 
252  if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) {
253  SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
254  exit(EXIT_FAILURE);
255  }
256 
257  if ((cpu + 1) == ncpus)
258  cpu = 0;
259  else
260  cpu++;
261  }
262 
263  return 0;
264 }
TmSlotSetFuncAppend
void TmSlotSetFuncAppend(ThreadVars *tv, TmModule *tm, const void *data)
Appends a new entry to the slots.
Definition: tm-threads.c:832
RunModeFilePcapAutoFp
int RunModeFilePcapAutoFp(void)
RunModeFilePcapAutoFp set up the following thread packet handlers:
Definition: runmode-pcap-file.c:144
TmThreadSetCPU
TmEcode TmThreadSetCPU(ThreadVars *tv, uint8_t type)
Definition: tm-threads.c:1029
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:335
threading_detect_ratio
float threading_detect_ratio
Definition: runmodes.c:895
TmThreadGetNbThreads
int TmThreadGetNbThreads(uint8_t type)
Definition: tm-threads.c:1045
RunModeInitialize
void RunModeInitialize(void)
Definition: runmodes.c:900
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as an boolen.
Definition: conf.c:517
thread_name_single
const char * thread_name_single
Definition: runmodes.c:62
TmThreadCreatePacketHandler
ThreadVars * TmThreadCreatePacketHandler(const char *name, const char *inq_name, const char *inqh_name, const char *outq_name, const char *outqh_name, const char *slots)
Creates and returns a TV instance for a Packet Processing Thread. This function doesn&#39;t support custo...
Definition: tm-threads.c:1241
TmThreadSetGroupName
void TmThreadSetGroupName(ThreadVars *tv, const char *name)
Definition: tm-threads.c:1832
TimeModeSetOffline
void TimeModeSetOffline(void)
Definition: util-time.c:96
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:331
RunModeFilePcapSingle
int RunModeFilePcapSingle(void)
Single thread version of the Pcap file processing.
Definition: runmode-pcap-file.c:59
RunModeFilePcapGetDefaultMode
const char * RunModeFilePcapGetDefaultMode(void)
Definition: runmode-pcap-file.c:35
RunModeFilePcapRegister
void RunModeFilePcapRegister(void)
Definition: runmode-pcap-file.c:40
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
RunmodeAutoFpCreatePickupQueuesString
char * RunmodeAutoFpCreatePickupQueuesString(int n)
create a queue string for autofp to pass to the flow queue handler.
Definition: util-runmodes.c:59
SCEnter
#define SCEnter(...)
Definition: util-debug.h:337
TM_QUEUE_NAME_MAX
#define TM_QUEUE_NAME_MAX
Definition: tm-threads.h:47
SCFree
#define SCFree(a)
Definition: util-mem.h:322
ThreadVars_::tm_func
void *(* tm_func)(void *)
Definition: threadvars.h:83
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:269
thread_name_autofp
const char * thread_name_autofp
Definition: runmodes.c:61
TmModule_
Definition: tm-modules.h:43
TM_THREAD_NAME_MAX
#define TM_THREAD_NAME_MAX
Definition: tm-threads.h:48
RunModeRegisterNewRunMode
void RunModeRegisterNewRunMode(enum RunModes runmode, const char *name, const char *description, int(*RunModeFunc)(void))
Registers a new runmode.
Definition: runmodes.c:419
TmModuleGetByName
TmModule * TmModuleGetByName(const char *name)
get a tm module ptr by name
Definition: tm-modules.c:51
PcapFileGlobalInit
void PcapFileGlobalInit()
Definition: source-pcap-file.c:139
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
UtilCpuGetNumProcessorsOnline
uint16_t UtilCpuGetNumProcessorsOnline(void)
Get the number of cpus online in the system.
Definition: util-cpu.c:99
TmThreadSpawn
TmEcode TmThreadSpawn(ThreadVars *tv)
Spawns a thread associated with the ThreadVars instance tv.
Definition: tm-threads.c:1875
thread_name_workers
const char * thread_name_workers
Definition: runmodes.c:63