suricata
runmode-pcap-file.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 #include "tm-threads.h"
20 #include "conf.h"
21 #include "runmodes.h"
22 #include "runmode-pcap-file.h"
23 #include "output.h"
24 
25 #include "detect-engine.h"
26 #include "source-pcap-file.h"
27 
28 #include "util-debug.h"
29 #include "util-time.h"
30 #include "util-cpu.h"
31 #include "util-affinity.h"
32 
33 #include "util-runmodes.h"
34 
35 const char *RunModeFilePcapGetDefaultMode(void)
36 {
37  return "autofp";
38 }
39 
40 void RunModeFilePcapRegister(void)
41 {
42  RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "single",
43  "Single threaded pcap file mode",
44  RunModeFilePcapSingle);
45  RunModeRegisterNewRunMode(RUNMODE_PCAP_FILE, "autofp",
46  "Multi threaded pcap file mode. Packets from "
47  "each flow are assigned to a single detect thread, "
48  "unlike \"pcap-file-auto\" where packets from "
49  "the same flow can be processed by any detect "
50  "thread",
51  RunModeFilePcapAutoFp);
52 
53  return;
54 }
55 
56 /**
57  * \brief Single thread version of the Pcap file processing.
58  */
59 int RunModeFilePcapSingle(void)
60 {
61  const char *file = NULL;
62  char tname[TM_THREAD_NAME_MAX];
63 
64  if (ConfGet("pcap-file.file", &file) == 0) {
65  SCLogError(SC_ERR_RUNMODE, "Failed retrieving pcap-file from Conf");
66  exit(EXIT_FAILURE);
67  }
68 
69  RunModeInitialize();
70  TimeModeSetOffline();
71 
72  PcapFileGlobalInit();
73 
74  snprintf(tname, sizeof(tname), "%s#01", thread_name_single);
75 
76  /* create the threads */
77  ThreadVars *tv = TmThreadCreatePacketHandler(tname,
78  "packetpool", "packetpool",
79  "packetpool", "packetpool",
80  "pktacqloop");
81  if (tv == NULL) {
82  SCLogError(SC_ERR_RUNMODE, "threading setup failed");
83  exit(EXIT_FAILURE);
84  }
85 
86  TmModule *tm_module = TmModuleGetByName("ReceivePcapFile");
87  if (tm_module == NULL) {
88  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName failed for ReceivePcap");
89  exit(EXIT_FAILURE);
90  }
91  TmSlotSetFuncAppend(tv, tm_module, file);
92 
93  tm_module = TmModuleGetByName("DecodePcapFile");
94  if (tm_module == NULL) {
95  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName DecodePcap failed");
96  exit(EXIT_FAILURE);
97  }
98  TmSlotSetFuncAppend(tv, tm_module, NULL);
99 
100  tm_module = TmModuleGetByName("FlowWorker");
101  if (tm_module == NULL) {
102  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName for FlowWorker failed");
103  exit(EXIT_FAILURE);
104  }
105  TmSlotSetFuncAppend(tv, tm_module, NULL);
106 
107  TmThreadSetCPU(tv, WORKER_CPU_SET);
108 
109  if (TmThreadSpawn(tv) != TM_ECODE_OK) {
110  SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
111  exit(EXIT_FAILURE);
112  }
113  return 0;
114 }
115 
116 /**
117  * \brief RunModeFilePcapAutoFp set up the following thread packet handlers:
118  * - Receive thread (from pcap file)
119  * - Decode thread
120  * - Stream thread
121  * - Detect: If we have only 1 cpu, it will setup one Detect thread
122  * If we have more than one, it will setup num_cpus - 1
123  * starting from the second cpu available.
124  * - Outputs thread
125  * By default the threads will use the first cpu available
126  * except the Detection threads if we have more than one cpu.
127  *
128  * \retval 0 If all goes well. (If any problem is detected the engine will
129  * exit()).
130  */
131 int RunModeFilePcapAutoFp(void)
132 {
133  SCEnter();
134  char tname[TM_THREAD_NAME_MAX];
135  char qname[TM_QUEUE_NAME_MAX];
136  uint16_t cpu = 0;
137  char *queues = NULL;
138  uint16_t thread;
139 
140  RunModeInitialize();
141 
142  const char *file = NULL;
143  if (ConfGet("pcap-file.file", &file) == 0) {
144  SCLogError(SC_ERR_RUNMODE, "Failed retrieving pcap-file from Conf");
145  exit(EXIT_FAILURE);
146  }
147  SCLogDebug("file %s", file);
148 
149  TimeModeSetOffline();
150 
151  PcapFileGlobalInit();
152 
153  /* Available cpus */
154  uint16_t ncpus = UtilCpuGetNumProcessorsOnline();
155 
156  /* start with cpu 1 so that if we're creating an odd number of detect
157  * threads we're not creating the most on CPU0. */
158  if (ncpus > 0)
159  cpu = 1;
160 
161  /* always create at least one thread */
162  int thread_max = TmThreadGetNbThreads(WORKER_CPU_SET);
163  if (thread_max == 0)
164  thread_max = ncpus * threading_detect_ratio;
165  if (thread_max < 1)
166  thread_max = 1;
167  if (thread_max > 1024)
168  thread_max = 1024;
169 
170  queues = RunmodeAutoFpCreatePickupQueuesString(thread_max);
171  if (queues == NULL) {
172  SCLogError(SC_ERR_RUNMODE, "RunmodeAutoFpCreatePickupQueuesString failed");
173  exit(EXIT_FAILURE);
174  }
175 
176  snprintf(tname, sizeof(tname), "%s#01", thread_name_autofp);
177 
178  /* create the threads */
179  ThreadVars *tv_receivepcap =
180  TmThreadCreatePacketHandler(tname,
181  "packetpool", "packetpool",
182  queues, "flow",
183  "pktacqloop");
184  SCFree(queues);
185 
186  if (tv_receivepcap == NULL) {
187  SCLogError(SC_ERR_FATAL, "threading setup failed");
188  exit(EXIT_FAILURE);
189  }
190  TmModule *tm_module = TmModuleGetByName("ReceivePcapFile");
191  if (tm_module == NULL) {
192  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName failed for ReceivePcap");
193  exit(EXIT_FAILURE);
194  }
195  TmSlotSetFuncAppend(tv_receivepcap, tm_module, file);
196 
197  tm_module = TmModuleGetByName("DecodePcapFile");
198  if (tm_module == NULL) {
199  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName DecodePcap failed");
200  exit(EXIT_FAILURE);
201  }
202  TmSlotSetFuncAppend(tv_receivepcap, tm_module, NULL);
203 
204  TmThreadSetCPU(tv_receivepcap, RECEIVE_CPU_SET);
205 
206  if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) {
207  SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
208  exit(EXIT_FAILURE);
209  }
210 
211  for (thread = 0; thread < (uint16_t)thread_max; thread++) {
212  snprintf(tname, sizeof(tname), "%s#%02u", thread_name_workers, thread+1);
213  snprintf(qname, sizeof(qname), "pickup%u", thread+1);
214 
215  SCLogDebug("tname %s, qname %s", tname, qname);
216  SCLogDebug("Assigning %s affinity to cpu %u", tname, cpu);
217 
218  ThreadVars *tv_detect_ncpu =
219  TmThreadCreatePacketHandler(tname,
220  qname, "flow",
221  "packetpool", "packetpool",
222  "varslot");
223  if (tv_detect_ncpu == NULL) {
224  SCLogError(SC_ERR_RUNMODE, "TmThreadsCreate failed");
225  exit(EXIT_FAILURE);
226  }
227 
228  tm_module = TmModuleGetByName("FlowWorker");
229  if (tm_module == NULL) {
230  SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName for FlowWorker failed");
231  exit(EXIT_FAILURE);
232  }
233  TmSlotSetFuncAppend(tv_detect_ncpu, tm_module, NULL);
234 
235  TmThreadSetGroupName(tv_detect_ncpu, "Detect");
236 
237  TmThreadSetCPU(tv_detect_ncpu, WORKER_CPU_SET);
238 
239  if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) {
240  SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
241  exit(EXIT_FAILURE);
242  }
243 
244  if ((cpu + 1) == ncpus)
245  cpu = 0;
246  else
247  cpu++;
248  }
249 
250  return 0;
251 }
thread_name_workers
const char * thread_name_workers
Definition: runmodes.c:63
tm-threads.h
TmThreadSpawn
TmEcode TmThreadSpawn(ThreadVars *tv)
Spawns a thread associated with the ThreadVars instance tv.
Definition: tm-threads.c:1630
detect-engine.h
source-pcap-file.h
TmThreadCreatePacketHandler
ThreadVars * TmThreadCreatePacketHandler(const char *name, const char *inq_name, const char *inqh_name, const char *outq_name, const char *outqh_name, const char *slots)
Creates and returns a TV instance for a Packet Processing Thread. This function doesn't support custo...
Definition: tm-threads.c:1041
SCFree
#define SCFree(a)
Definition: util-mem.h:322
TmThreadSetGroupName
void TmThreadSetGroupName(ThreadVars *tv, const char *name)
Definition: tm-threads.c:1587
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:335
RunModeInitialize
void RunModeInitialize(void)
Definition: runmodes.c:907
RunModeFilePcapGetDefaultMode
const char * RunModeFilePcapGetDefaultMode(void)
Definition: runmode-pcap-file.c:35
util-runmodes.h
thread_name_autofp
const char * thread_name_autofp
Definition: runmodes.c:61
SC_ERR_RUNMODE
@ SC_ERR_RUNMODE
Definition: util-error.h:219
thread_name_single
const char * thread_name_single
Definition: runmodes.c:62
TM_THREAD_NAME_MAX
#define TM_THREAD_NAME_MAX
Definition: tm-threads.h:48
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:78
TmModuleGetByName
TmModule * TmModuleGetByName(const char *name)
get a tm module ptr by name
Definition: tm-modules.c:53
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:331
util-debug.h
RunmodeAutoFpCreatePickupQueuesString
char * RunmodeAutoFpCreatePickupQueuesString(int n)
create a queue string for autofp to pass to the flow queue handler.
Definition: util-runmodes.c:58
util-cpu.h
SCEnter
#define SCEnter(...)
Definition: util-debug.h:337
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
util-affinity.h
util-time.h
TM_QUEUE_NAME_MAX
#define TM_QUEUE_NAME_MAX
Definition: tm-threads.h:47
conf.h
runmode-pcap-file.h
runmodes.h
TmModule_
Definition: tm-modules.h:43
TmSlotSetFuncAppend
void TmSlotSetFuncAppend(ThreadVars *tv, TmModule *tm, const void *data)
Appends a new entry to the slots.
Definition: tm-threads.c:623
TimeModeSetOffline
void TimeModeSetOffline(void)
Definition: util-time.c:103
suricata-common.h
TmThreadSetCPU
TmEcode TmThreadSetCPU(ThreadVars *tv, uint8_t type)
Definition: tm-threads.c:820
RunModeRegisterNewRunMode
void RunModeRegisterNewRunMode(enum RunModes runmode, const char *name, const char *description, int(*RunModeFunc)(void))
Registers a new runmode.
Definition: runmodes.c:419
PcapFileGlobalInit
void PcapFileGlobalInit()
Definition: source-pcap-file.c:138
TmThreadGetNbThreads
int TmThreadGetNbThreads(uint8_t type)
Definition: tm-threads.c:836
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
RunModeFilePcapSingle
int RunModeFilePcapSingle(void)
Single thread version of the Pcap file processing.
Definition: runmode-pcap-file.c:59
RunModeFilePcapRegister
void RunModeFilePcapRegister(void)
Definition: runmode-pcap-file.c:40
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
RECEIVE_CPU_SET
@ RECEIVE_CPU_SET
Definition: util-affinity.h:51
UtilCpuGetNumProcessorsOnline
uint16_t UtilCpuGetNumProcessorsOnline(void)
Get the number of cpus online in the system.
Definition: util-cpu.c:99
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
threading_detect_ratio
float threading_detect_ratio
Definition: runmodes.c:902
output.h
RunModeFilePcapAutoFp
int RunModeFilePcapAutoFp(void)
RunModeFilePcapAutoFp set up the following thread packet handlers:
Definition: runmode-pcap-file.c:131
WORKER_CPU_SET
@ WORKER_CPU_SET
Definition: util-affinity.h:52