From cb30b7185f6af0299f2ceab6072aa9030f6f3a5c Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Fri, 23 Jun 2023 09:00:33 -0400
Subject: [PATCH 1/4] detect/stat: Display 0 instead of nan

This commit updates the summary message when Suricata terminates.
Without this commit, "nan" was displayed if there were no drops/packets
---
 src/util-device.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/util-device.c b/src/util-device.c
index 74a51c9f1069..cc38bbd76fe3 100644
--- a/src/util-device.c
+++ b/src/util-device.c
@@ -321,7 +321,9 @@ int LiveDeviceListClean(void)
             SCLogNotice("%s: packets: %" PRIu64 ", drops: %" PRIu64
                         " (%.2f%%), invalid chksum: %" PRIu64,
                     pd->dev, SC_ATOMIC_GET(pd->pkts), SC_ATOMIC_GET(pd->drop),
-                    100 * ((double)SC_ATOMIC_GET(pd->drop)) / (double)SC_ATOMIC_GET(pd->pkts),
+                    SC_ATOMIC_GET(pd->pkts) > 0 ? 100 * ((double)SC_ATOMIC_GET(pd->drop)) /
+                                                          (double)SC_ATOMIC_GET(pd->pkts)
+                                                : 0,
                     SC_ATOMIC_GET(pd->invalid_checksums));
         }
 

From 29621c7f0d9e160fefa984ca1787f62f3288c509 Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Fri, 23 Jun 2023 09:22:50 -0400
Subject: [PATCH 2/4] doc/afpacket: Document rollover deprecation

---
 doc/userguide/upgrade.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst
index ccf583f1a51f..badaaf7343f9 100644
--- a/doc/userguide/upgrade.rst
+++ b/doc/userguide/upgrade.rst
@@ -74,6 +74,8 @@ Deprecations
 - Multiple "include" fields in the configuration file will now issue a
   warning and in Suricata 8.0 will not be supported. See
   :ref:`includes` for documentation on including multiple files.
+- For AF-Packet, the `cluster_rollover` setting is no longer supported. If this is used, a warning
+  message will be printed and `cluster_flow` will be used instead.
 
 Other changes
 ~~~~~~~~~~~~~

From ac8f91f44f53bcec59539ebdf0680a8386a96bc4 Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Fri, 23 Jun 2023 09:36:11 -0400
Subject: [PATCH 3/4] config: Document cluster_rollover deprecation

Issue: 6128

cluster_rollover is no longer permitted; using it will generate a
warning message and it'll be replaced with cluster_flow
---
 doc/userguide/upgrade.rst | 4 ++--
 suricata.yaml.in          | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst
index badaaf7343f9..d96c836d972a 100644
--- a/doc/userguide/upgrade.rst
+++ b/doc/userguide/upgrade.rst
@@ -74,8 +74,8 @@ Deprecations
 - Multiple "include" fields in the configuration file will now issue a
   warning and in Suricata 8.0 will not be supported. See
   :ref:`includes` for documentation on including multiple files.
-- For AF-Packet, the `cluster_rollover` setting is no longer supported. If this is used, a warning
-  message will be printed and `cluster_flow` will be used instead.
+- For AF-Packet, the `cluster_rollover` setting is no longer supported. Configuration settings using ``cluster_rollover``
+  will cause a warning message and act as though `cluster_flow`` was specified. Please update your configuration settings.
 
 Other changes
 ~~~~~~~~~~~~~
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 9f409b80a979..af7ad5344b72 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -621,6 +621,7 @@ af-packet:
     #  more info.
     # Recommended modes are cluster_flow on most boxes and cluster_cpu or cluster_qm on system
     # with capture card using RSS (requires cpu affinity tuning and system IRQ tuning)
+    # cluster_rollover has been deprecated; if used, it'll be replaced with cluster_flow.
     cluster-type: cluster_flow
     # In some fragmentation cases, the hash can not be computed. If "defrag" is set
     # to yes, the kernel will do the needed defragmentation before sending the packets.

From b05375f22ece29bbd6150c7d117a1b6dcca749bd Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Fri, 23 Jun 2023 09:37:22 -0400
Subject: [PATCH 4/4] config/af-packet: Warn/replace rollover usage

Issue: 6128

No longer permit rollover/cluster_rollover to be used. Usage will
generate a warning message and cluster_flow will be used instead.
---
 src/runmode-af-packet.c | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c
index 4c777b90e907..b45b0dad7ec9 100644
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@@ -375,7 +375,12 @@ static void *ParseAFPConfig(const char *iface)
         SCLogConfig("%s: using round-robin cluster mode for AF_PACKET", aconf->iface);
         aconf->cluster_type = PACKET_FANOUT_LB;
         cluster_type = PACKET_FANOUT_LB;
-    } else if (strcmp(tmpctype, "cluster_flow") == 0) {
+    } else if (strcmp(tmpctype, "cluster_flow") == 0 || strcmp(tmpctype, "cluster_rollover") == 0) {
+        if (strcmp(tmpctype, "cluster_rollover") == 0) {
+            SCLogWarning("%s: cluster_rollover deprecated; using \"cluster_flow\" instead. See "
+                         "ticket #6128",
+                    aconf->iface);
+        }
         /* In hash mode, we also ask for defragmentation needed to
          * compute the hash */
         uint16_t defrag = 0;
@@ -400,13 +405,6 @@ static void *ParseAFPConfig(const char *iface)
         SCLogConfig("%s: using random based cluster mode for AF_PACKET", aconf->iface);
         aconf->cluster_type = PACKET_FANOUT_RND;
         cluster_type = PACKET_FANOUT_RND;
-    } else if (strcmp(tmpctype, "cluster_rollover") == 0) {
-        SCLogConfig("%s: using rollover based cluster mode for AF_PACKET", aconf->iface);
-        SCLogWarning("%s: rollover mode is causing severe flow "
-                     "tracking issues, use it at your own risk.",
-                iface);
-        aconf->cluster_type = PACKET_FANOUT_ROLLOVER;
-        cluster_type = PACKET_FANOUT_ROLLOVER;
 #ifdef HAVE_PACKET_EBPF
     } else if (strcmp(tmpctype, "cluster_ebpf") == 0) {
         SCLogInfo("%s: using ebpf based cluster mode for AF_PACKET", aconf->iface);
@@ -420,10 +418,11 @@ static void *ParseAFPConfig(const char *iface)
     int conf_val = 0;
     ConfGetChildValueBoolWithDefault(if_root, if_default, "rollover", &conf_val);
     if (conf_val) {
-        SCLogConfig("%s: Using rollover kernel functionality for AF_PACKET", aconf->iface);
-        aconf->cluster_type |= PACKET_FANOUT_FLAG_ROLLOVER;
-        SCLogWarning("%s: rollover option is causing severe flow "
-                     "tracking issues, use it at your own risk.",
+        SCLogConfig("%s: Rollover requested for AF_PACKET but ignored -- see ticket #6128.",
+                aconf->iface);
+        SCLogWarning("%s: rollover option has been deprecated and will be ignored as it can cause "
+                     "severe flow "
+                     "tracking issues; see ticket #6128.",
                 iface);
     }