Skip to content

Commit

Permalink
bpf: postpone BPF check for IPS runmode
Browse files Browse the repository at this point in the history 
Ticket: OISF#5958
  • Loading branch information
@lukashino
Lukas Sismis authored and lukashino committed Mar 30, 2023
1 parent 2b02abf commit 06f3acf
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 47 deletions.
25 changes: 12 additions & 13 deletions src/runmode-af-packet.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,14 +157,6 @@ static void *ParseAFPConfig(const char *iface)
aconf->ebpf_t_config.cpus_count = UtilCpuGetNumProcessorsConfigured();
#endif

if (ConfGet("bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
aconf->bpf_filter = bpf_filter;
SCLogConfig("Going to use command-line provided bpf filter '%s'",
aconf->bpf_filter);
}
}

/* Find initial node */
af_packet_node = ConfGetNode("af-packet");
if (af_packet_node == NULL) {
Expand Down Expand Up @@ -372,11 +364,18 @@ static void *ParseAFPConfig(const char *iface)

/*load af_packet bpf filter*/
/* command line value has precedence */
if (ConfGet("bpf-filter", &bpf_filter) != 1) {
if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
aconf->bpf_filter = bpf_filter;
SCLogConfig("Going to use bpf filter %s", aconf->bpf_filter);
if (ConfGet("bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
aconf->bpf_filter = bpf_filter;
SCLogConfig("Going to use command-line provided bpf filter '%s'", aconf->bpf_filter);
}
} else { // reading from the file
if (aconf->bpf_filter == NULL) {
if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
aconf->bpf_filter = bpf_filter;
SCLogConfig("Going to use file provided bpf filter '%s'", aconf->bpf_filter);
}
}
}
}
Expand Down
27 changes: 13 additions & 14 deletions src/runmode-netmap.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,15 +142,6 @@ static int ParseNetmapSettings(NetmapIfaceSettings *ns, const char *iface,
ns->real = true;
}

const char *bpf_filter = NULL;
if (ConfGet("bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
ns->bpf_filter = bpf_filter;
SCLogInfo("Going to use command-line provided bpf filter '%s'",
ns->bpf_filter);
}
}

if (if_root == NULL && if_default == NULL) {
SCLogInfo("Unable to find netmap config for "
"interface \"%s\" or \"default\", using default values",
Expand Down Expand Up @@ -183,11 +174,19 @@ static int ParseNetmapSettings(NetmapIfaceSettings *ns, const char *iface,

/* load netmap bpf filter */
/* command line value has precedence */
if (ns->bpf_filter == NULL) {
if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
ns->bpf_filter = bpf_filter;
SCLogInfo("Going to use bpf filter %s", ns->bpf_filter);
const char *bpf_filter = NULL;
if (ConfGet("bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
ns->bpf_filter = bpf_filter;
SCLogInfo("Going to use command-line provided bpf filter '%s'", ns->bpf_filter);
}
} else { // reading from the file
if (ns->bpf_filter == NULL) {
if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
ns->bpf_filter = bpf_filter;
SCLogInfo("Going to use file provided bpf filter %s", ns->bpf_filter);
}
}
}
}
Expand Down
29 changes: 16 additions & 13 deletions src/runmode-pfring.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -319,28 +319,31 @@ static void *ParsePfringConfig(const char *iface)
if (strlen(bpf_filter) > 0) {
pfconf->bpf_filter = SCStrdup(bpf_filter);
if (unlikely(pfconf->bpf_filter == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC,
"Can't allocate BPF filter string");
SCLogError(SC_ERR_MEM_ALLOC, "Can't allocate BPF filter string");
} else {
SCLogDebug("Going to use command-line provided bpf filter %s",
pfconf->bpf_filter);
SCLogConfig("Going to use command-line provided bpf filter %s", pfconf->bpf_filter);
}
}
} else {
if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
pfconf->bpf_filter = SCStrdup(bpf_filter);
if (unlikely(pfconf->bpf_filter == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC,
"Can't allocate BPF filter string");
} else {
SCLogDebug("Going to use bpf filter %s",
pfconf->bpf_filter);
if (pfconf->bpf_filter == NULL) {
if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
pfconf->bpf_filter = SCStrdup(bpf_filter);
if (unlikely(pfconf->bpf_filter == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC, "Can't allocate BPF filter string");
} else {
SCLogConfig("Going to use file provided bpf filter %s", pfconf->bpf_filter);
}
}
}
}
}

if (pfconf->bpf_filter != NULL && EngineModeIsIPS()) {
FatalError(SC_ERR_NOT_SUPPORTED,
"BPF filter not available in IPS mode. Use firewall filtering if possible.");
}

if (ConfGet("pfring.cluster-type", &tmpctype) == 1) {
SCLogDebug("Going to use command-line provided cluster-type");
getctype = 1;
Expand Down
7 changes: 0 additions & 7 deletions src/suricata.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -471,13 +471,6 @@ static int SetBpfString(int argc, char *argv[])
if (bpf_len == 0)
return TM_ECODE_OK;

if (EngineModeIsIPS()) {
SCLogError(SC_ERR_NOT_SUPPORTED,
"BPF filter not available in IPS mode."
" Use firewall filtering if possible.");
return TM_ECODE_FAILED;
}

bpf_filter = SCMalloc(bpf_len);
if (unlikely(bpf_filter == NULL))
return TM_ECODE_OK;
Expand Down

0 comments on commit 06f3acf

Please sign in to comment.