Modules | |
| AFP peers list | |
| AF_PACKET has an IPS mode were interface are peered: packet from on interface are sent the peered interface and the other way. The AFPPeer list is maintaining the list of peers. Each AFPPeer is storing the needed information to be able to send packet on the interface. A element of the list must not be destroyed during the run of Suricata as it is used by Packet and other threads. | |
Files | |
| file | runmode-af-packet.c |
| file | source-af-packet.c |
| file | util-ebpf.c |
Data Structures | |
| struct | bpf_program |
| union | thdr |
| struct | AFPThreadVars_ |
| Structure to hold thread specific variables. More... | |
Macros | |
| #define | PCAP_DONT_INCLUDE_PCAP_BPF_H 1 |
| #define | SC_PCAP_DONT_INCLUDE_PCAP_H 1 |
| #define | AFP_IFACE_NAME_LENGTH 48 |
| #define | AFP_STATE_DOWN 0 |
| #define | AFP_STATE_UP 1 |
| #define | AFP_RECONNECT_TIMEOUT 500000 |
| #define | AFP_DOWN_COUNTER_INTERVAL 40 |
| #define | POLL_TIMEOUT 100 |
| #define | TP_STATUS_KERNEL 0 |
| #define | TP_STATUS_USER BIT_U32(0) |
| #define | TP_STATUS_COPY BIT_U32(1) |
| #define | TP_STATUS_LOSING BIT_U32(2) |
| #define | TP_STATUS_CSUMNOTREADY BIT_U32(3) |
| #define | TP_STATUS_VLAN_VALID BIT_U32(4) |
| #define | TP_STATUS_BLK_TMO BIT_U32(5) |
| #define | TP_STATUS_VLAN_TPID_VALID BIT_U32(6) |
| #define | TP_STATUS_CSUM_VALID BIT_U32(7) |
| #define | TP_STATUS_TS_SOFTWARE BIT_U32(29) |
| #define | TP_STATUS_TS_SYS_HARDWARE BIT_U32(30) /* kernel comment says: "deprecated, never set" */ |
| #define | TP_STATUS_TS_RAW_HARDWARE BIT_U32(31) |
| #define | TP_STATUS_USER_BUSY |
| #define | FRAME_BUSY(tp_status) (((uint32_t)(tp_status) & (uint32_t)TP_STATUS_USER_BUSY) == (uint32_t)TP_STATUS_USER_BUSY) |
| #define | MAX_MAPS 32 |
Typedefs | |
| typedef struct AFPThreadVars_ | AFPThreadVars |
| Structure to hold thread specific variables. More... | |
Enumerations | |
| enum | { AFP_READ_OK, AFP_READ_FAILURE, AFP_SURI_FAILURE, AFP_KERNEL_DROP } |
| enum | { AFP_FATAL_ERROR = 1, AFP_RECOVERABLE_ERROR } |
Functions | |
| void | TmModuleReceiveAFPRegister (void) |
| Registration Function for RecieveAFP. More... | |
| void | TmModuleDecodeAFPRegister (void) |
| Registration Function for DecodeAFP. More... | |
| int | AFPGetLinkType (const char *ifname) |
| int | AFPIsFanoutSupported (uint16_t cluster_id) |
| test if we can use FANOUT. Older kernels like those in CentOS6 have HAVE_PACKET_FANOUT defined but fail to work More... | |
Variables | |
| uint16_t | max_pending_packets |
Detailed Description
Macro Definition Documentation
◆ AFP_DOWN_COUNTER_INTERVAL
| #define AFP_DOWN_COUNTER_INTERVAL 40 |
Definition at line 173 of file source-af-packet.c.
◆ AFP_IFACE_NAME_LENGTH
| #define AFP_IFACE_NAME_LENGTH 48 |
Definition at line 167 of file source-af-packet.c.
◆ AFP_RECONNECT_TIMEOUT
| #define AFP_RECONNECT_TIMEOUT 500000 |
Definition at line 172 of file source-af-packet.c.
◆ AFP_STATE_DOWN
| #define AFP_STATE_DOWN 0 |
Definition at line 169 of file source-af-packet.c.
◆ AFP_STATE_UP
| #define AFP_STATE_UP 1 |
Definition at line 170 of file source-af-packet.c.
◆ FRAME_BUSY
| #define FRAME_BUSY | ( | tp_status | ) | (((uint32_t)(tp_status) & (uint32_t)TP_STATUS_USER_BUSY) == (uint32_t)TP_STATUS_USER_BUSY) |
Definition at line 232 of file source-af-packet.c.
◆ MAX_MAPS
| #define MAX_MAPS 32 |
Definition at line 261 of file source-af-packet.c.
◆ PCAP_DONT_INCLUDE_PCAP_BPF_H
| #define PCAP_DONT_INCLUDE_PCAP_BPF_H 1 |
Definition at line 34 of file source-af-packet.c.
◆ POLL_TIMEOUT
| #define POLL_TIMEOUT 100 |
Definition at line 175 of file source-af-packet.c.
◆ SC_PCAP_DONT_INCLUDE_PCAP_H
| #define SC_PCAP_DONT_INCLUDE_PCAP_H 1 |
Definition at line 35 of file source-af-packet.c.
◆ TP_STATUS_BLK_TMO
| #define TP_STATUS_BLK_TMO BIT_U32(5) |
Definition at line 197 of file source-af-packet.c.
◆ TP_STATUS_COPY
| #define TP_STATUS_COPY BIT_U32(1) |
Definition at line 185 of file source-af-packet.c.
◆ TP_STATUS_CSUM_VALID
| #define TP_STATUS_CSUM_VALID BIT_U32(7) |
Definition at line 203 of file source-af-packet.c.
◆ TP_STATUS_CSUMNOTREADY
| #define TP_STATUS_CSUMNOTREADY BIT_U32(3) |
Definition at line 191 of file source-af-packet.c.
◆ TP_STATUS_KERNEL
| #define TP_STATUS_KERNEL 0 |
Definition at line 179 of file source-af-packet.c.
◆ TP_STATUS_LOSING
| #define TP_STATUS_LOSING BIT_U32(2) |
Definition at line 188 of file source-af-packet.c.
◆ TP_STATUS_TS_RAW_HARDWARE
| #define TP_STATUS_TS_RAW_HARDWARE BIT_U32(31) |
Definition at line 213 of file source-af-packet.c.
◆ TP_STATUS_TS_SOFTWARE
| #define TP_STATUS_TS_SOFTWARE BIT_U32(29) |
Definition at line 207 of file source-af-packet.c.
◆ TP_STATUS_TS_SYS_HARDWARE
| #define TP_STATUS_TS_SYS_HARDWARE BIT_U32(30) /* kernel comment says: "deprecated, never set" */ |
Definition at line 210 of file source-af-packet.c.
◆ TP_STATUS_USER
| #define TP_STATUS_USER BIT_U32(0) |
Definition at line 182 of file source-af-packet.c.
◆ TP_STATUS_USER_BUSY
| #define TP_STATUS_USER_BUSY |
Definition at line 228 of file source-af-packet.c.
◆ TP_STATUS_VLAN_TPID_VALID
| #define TP_STATUS_VLAN_TPID_VALID BIT_U32(6) |
Definition at line 200 of file source-af-packet.c.
◆ TP_STATUS_VLAN_VALID
| #define TP_STATUS_VLAN_VALID BIT_U32(4) |
Definition at line 194 of file source-af-packet.c.
Typedef Documentation
◆ AFPThreadVars
| typedef struct AFPThreadVars_ AFPThreadVars |
Structure to hold thread specific variables.
Enumeration Type Documentation
◆ anonymous enum
| anonymous enum |
| Enumerator | |
|---|---|
| AFP_READ_OK | |
| AFP_READ_FAILURE | |
| AFP_SURI_FAILURE | Error during treatment by other functions of Suricata |
| AFP_KERNEL_DROP | |
Definition at line 234 of file source-af-packet.c.
◆ anonymous enum
| anonymous enum |
| Enumerator | |
|---|---|
| AFP_FATAL_ERROR | |
| AFP_RECOVERABLE_ERROR | |
Definition at line 242 of file source-af-packet.c.
Function Documentation
◆ AFPGetLinkType()
| int AFPGetLinkType | ( | const char * | ifname | ) |
Definition at line 1532 of file source-af-packet.c.
References LINKTYPE_RAW, and SCLogError.
◆ AFPIsFanoutSupported()
| int AFPIsFanoutSupported | ( | uint16_t | cluster_id | ) |
test if we can use FANOUT. Older kernels like those in CentOS6 have HAVE_PACKET_FANOUT defined but fail to work
Definition at line 1811 of file source-af-packet.c.
References PACKET_FANOUT, PACKET_FANOUT_FLAG_DEFRAG, PACKET_FANOUT_HASH, and SCLogError.
◆ TmModuleDecodeAFPRegister()
| void TmModuleDecodeAFPRegister | ( | void | ) |
Registration Function for DecodeAFP.
- Todo:
- Unit tests are needed for this module.
Definition at line 602 of file source-af-packet.c.
References TmModule_::name, TmModule_::ThreadInit, TMM_DECODEAFP, and tmm_modules.
Referenced by RegisterAllModules().
◆ TmModuleReceiveAFPRegister()
| void TmModuleReceiveAFPRegister | ( | void | ) |
Registration Function for RecieveAFP.
- Todo:
- Unit tests are needed for this module.
Definition at line 384 of file source-af-packet.c.
References TmModule_::name, TmModule_::ThreadInit, tmm_modules, and TMM_RECEIVEAFP.
Referenced by RegisterAllModules().
Variable Documentation
◆ max_pending_packets
| uint16_t max_pending_packets |
Maximum packets to simultaneously process.
Definition at line 186 of file suricata.c.
