Removing pcap options for AF_PACKET support.

Turns out that's not working. Addresses BIT-1363.

CHANGES

@@ -1,4 +1,29 @@
 
+2.4-184 | 2015-10-23 14:33:11 -0700
+
+  * Removing pcap options for AF_PACKET support. Addresses BIT-1363.
+    (Robin Sommer)
+
+  * Correct a typo in controller.bro documentation. (Daniel Thayer)
+
+  * Extend SSL DPD signature to allow alert before server_hello.
+    (Johanna Amann)
+
+  * Make join_string_vec work with vectors containing empty elements.
+    (Johanna Amann)
+
+  * Fix support for HTTP CONNECT when server adds headers to response.
+    (Eric Karasuda).
+
+  * Load static CA list for validation tests too. (Johanna Amann)
+
+  * Remove cluster certificate validation script. (Johanna Amann)
+
+  * Fix a bug in diff-remove-x509-names canonifier. (Daniel Thayer)
+
+  * Fix test canonifiers in scripts/policy/protocols/ssl. (Daniel
+    Thayer)
+
 2.4-169 | 2015-10-01 17:21:21 -0700
 
   * Fixed parsing of V_ASN1_GENERALIZEDTIME timestamps in x509

CMakeLists.txt

@@ -155,7 +155,6 @@ include(TestBigEndian)
 test_big_endian(WORDS_BIGENDIAN)
 include(CheckSymbolExists)
 check_symbol_exists(htonll arpa/inet.h HAVE_BYTEORDER_64)
-check_symbol_exists(PACKET_FANOUT linux/if_packet.h HAVE_PACKET_FANOUT)
 
 include(OSSpecific)
 include(CheckTypes)

NEWS

@@ -20,10 +20,6 @@ New Dependencies
 
 - The pcap buffer size can set through the new option Pcap::bufsize.
 
-- Bro can now leverage packet fanout mode on Linux through the new
-  options Pcap::packet_fanout_enable, Pcap::packet_fanout_id, and
-  Pcap::packet_fanout_defrag.
-
 
 New Functionality
 -----------------

VERSION

@@ -1 +1 @@
-2.4-169
+2.4-184

bro-config.h.in

@@ -213,9 +213,6 @@
 /* Common IPv6 extension structure */
 #cmakedefine HAVE_IP6_EXT
 
-/* Linux packet fanout */
-#cmakedefine HAVE_PACKET_FANOUT
-
 /* String with host architecture (e.g., "linux-x86_64") */
 #define HOST_ARCHITECTURE "@HOST_ARCHITECTURE@"
 

scripts/base/init-bare.bro

@@ -3707,19 +3707,8 @@ export {
 	const snaplen = 8192 &redef;
 
 	## Number of Mbytes to provide as buffer space when capturing from live
-	## interfaces. 
+	## interfaces.
 	const bufsize = 128 &redef;
-
-	## Toggle whether to do packet fanout (Linux-only).
-	const packet_fanout_enable = F &redef;
-
-	## If packet fanout is enabled, the id to sue for it. This should be shared amongst
-	## worker processes processing the same socket.
-	const packet_fanout_id = 0 &redef;
-
-	## If packet fanout is enabled, whether packets are to be defragmented before
-	## fanout is applied.
-	const packet_fanout_defrag = T &redef;
 } # end export
 
 module GLOBAL;

src/iosource/pcap/Source.cc

@@ -13,10 +13,6 @@
 #include <pcap-int.h>
 #endif
 
-#ifdef HAVE_PACKET_FANOUT
-#include <linux/if_packet.h>
-#endif
-
 using namespace iosource::pcap;
 
 PcapSource::~PcapSource()
@@ -156,24 +152,6 @@ void PcapSource::OpenLive()
 		// Was closed, couldn't get header size.
 		return;
 
-#ifdef HAVE_PACKET_FANOUT
-	// Turn on cluster mode for the device.
-	if ( BifConst::Pcap::packet_fanout_enable )
-		{
-		uint32_t packet_fanout_arg = (PACKET_FANOUT_HASH << 16)
-			| (BifConst::Pcap::packet_fanout_id & 0xffff);
-
-		if ( BifConst::Pcap::packet_fanout_defrag )
-			packet_fanout_arg |= (PACKET_FANOUT_FLAG_DEFRAG << 16);
-
-		if ( setsockopt(props.selectable_fd, SOL_PACKET, PACKET_FANOUT, &packet_fanout_arg, sizeof(packet_fanout_arg)) == -1 )
-			{
-			Error(fmt("packet fanout: %s", strerror(errno)));
-			return;
-			}
-		}
-#endif
-
 	props.is_live = true;
 
 	Opened(props);

src/iosource/pcap/const.bif

@@ -2,8 +2,3 @@
 
 const Pcap::snaplen: count;
 const Pcap::bufsize: count;
-
-const Pcap::packet_fanout_enable: bool;
-const Pcap::packet_fanout_id: count;
-const Pcap::packet_fanout_defrag: bool;
-