suricata
Modules | Files | Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
AF_PACKET running mode
Collaboration diagram for AF_PACKET running mode:

Modules

 AFP peers list
 AF_PACKET has an IPS mode were interface are peered: packet from on interface are sent the peered interface and the other way. The AFPPeer list is maintaining the list of peers. Each AFPPeer is storing the needed information to be able to send packet on the interface. A element of the list must not be destroyed during the run of Suricata as it is used by Packet and other threads.
 

Files

file  runmode-af-packet.c
 
file  source-af-packet.c
 
file  util-ebpf.c
 

Data Structures

union  thdr
 
struct  AFPThreadVars_
 Structure to hold thread specific variables. More...
 

Macros

#define SC_PCAP_DONT_INCLUDE_PCAP_H   1
 
#define AFP_IFACE_NAME_LENGTH   48
 
#define AFP_STATE_DOWN   0
 
#define AFP_STATE_UP   1
 
#define AFP_RECONNECT_TIMEOUT   500000
 
#define AFP_DOWN_COUNTER_INTERVAL   40
 
#define POLL_TIMEOUT   100
 
#define TP_STATUS_KERNEL   0
 
#define TP_STATUS_USER   BIT_U32(0)
 
#define TP_STATUS_COPY   BIT_U32(1)
 
#define TP_STATUS_LOSING   BIT_U32(2)
 
#define TP_STATUS_CSUMNOTREADY   BIT_U32(3)
 
#define TP_STATUS_VLAN_VALID   BIT_U32(4)
 
#define TP_STATUS_BLK_TMO   BIT_U32(5)
 
#define TP_STATUS_VLAN_TPID_VALID   BIT_U32(6)
 
#define TP_STATUS_CSUM_VALID   BIT_U32(7)
 
#define TP_STATUS_TS_SOFTWARE   BIT_U32(29)
 
#define TP_STATUS_TS_SYS_HARDWARE   BIT_U32(30) /* kernel comment says: "deprecated, never set" */
 
#define TP_STATUS_TS_RAW_HARDWARE   BIT_U32(31)
 
#define TP_STATUS_USER_BUSY
 
#define FRAME_BUSY(tp_status)   (((uint32_t)(tp_status) & (uint32_t)TP_STATUS_USER_BUSY) == (uint32_t)TP_STATUS_USER_BUSY)
 

Typedefs

typedef struct AFPThreadVars_ AFPThreadVars
 Structure to hold thread specific variables. More...
 

Enumerations

enum  { AFP_READ_OK, AFP_READ_FAILURE, AFP_SURI_FAILURE, AFP_KERNEL_DROP }
 
enum  { AFP_FATAL_ERROR = 1, AFP_RECOVERABLE_ERROR }
 

Functions

void TmModuleReceiveAFPRegister (void)
 Registration Function for RecieveAFP. More...
 
void TmModuleDecodeAFPRegister (void)
 Registration Function for DecodeAFP. More...
 
int AFPGetLinkType (const char *ifname)
 
int AFPIsFanoutSupported (uint16_t cluster_id)
 test if we can use FANOUT. Older kernels like those in CentOS6 have HAVE_PACKET_FANOUT defined but fail to work More...
 

Variables

uint32_t max_pending_packets
 

Detailed Description

Macro Definition Documentation

◆ AFP_DOWN_COUNTER_INTERVAL

#define AFP_DOWN_COUNTER_INTERVAL   40

Definition at line 173 of file source-af-packet.c.

◆ AFP_IFACE_NAME_LENGTH

#define AFP_IFACE_NAME_LENGTH   48

Definition at line 167 of file source-af-packet.c.

◆ AFP_RECONNECT_TIMEOUT

#define AFP_RECONNECT_TIMEOUT   500000

Definition at line 172 of file source-af-packet.c.

◆ AFP_STATE_DOWN

#define AFP_STATE_DOWN   0

Definition at line 169 of file source-af-packet.c.

◆ AFP_STATE_UP

#define AFP_STATE_UP   1

Definition at line 170 of file source-af-packet.c.

◆ FRAME_BUSY

#define FRAME_BUSY (   tp_status)    (((uint32_t)(tp_status) & (uint32_t)TP_STATUS_USER_BUSY) == (uint32_t)TP_STATUS_USER_BUSY)

Definition at line 232 of file source-af-packet.c.

◆ POLL_TIMEOUT

#define POLL_TIMEOUT   100

Definition at line 175 of file source-af-packet.c.

◆ SC_PCAP_DONT_INCLUDE_PCAP_H

#define SC_PCAP_DONT_INCLUDE_PCAP_H   1

Definition at line 34 of file source-af-packet.c.

◆ TP_STATUS_BLK_TMO

#define TP_STATUS_BLK_TMO   BIT_U32(5)

Definition at line 197 of file source-af-packet.c.

◆ TP_STATUS_COPY

#define TP_STATUS_COPY   BIT_U32(1)

Definition at line 185 of file source-af-packet.c.

◆ TP_STATUS_CSUM_VALID

#define TP_STATUS_CSUM_VALID   BIT_U32(7)

Definition at line 203 of file source-af-packet.c.

◆ TP_STATUS_CSUMNOTREADY

#define TP_STATUS_CSUMNOTREADY   BIT_U32(3)

Definition at line 191 of file source-af-packet.c.

◆ TP_STATUS_KERNEL

#define TP_STATUS_KERNEL   0

Definition at line 179 of file source-af-packet.c.

◆ TP_STATUS_LOSING

#define TP_STATUS_LOSING   BIT_U32(2)

Definition at line 188 of file source-af-packet.c.

◆ TP_STATUS_TS_RAW_HARDWARE

#define TP_STATUS_TS_RAW_HARDWARE   BIT_U32(31)

Definition at line 213 of file source-af-packet.c.

◆ TP_STATUS_TS_SOFTWARE

#define TP_STATUS_TS_SOFTWARE   BIT_U32(29)

Definition at line 207 of file source-af-packet.c.

◆ TP_STATUS_TS_SYS_HARDWARE

#define TP_STATUS_TS_SYS_HARDWARE   BIT_U32(30) /* kernel comment says: "deprecated, never set" */

Definition at line 210 of file source-af-packet.c.

◆ TP_STATUS_USER

#define TP_STATUS_USER   BIT_U32(0)

Definition at line 182 of file source-af-packet.c.

◆ TP_STATUS_USER_BUSY

#define TP_STATUS_USER_BUSY
Value:
(uint32_t)((uint32_t)TP_STATUS_TS_SOFTWARE | (uint32_t)TP_STATUS_TS_SYS_HARDWARE | \
(uint32_t)TP_STATUS_TS_RAW_HARDWARE)

Definition at line 228 of file source-af-packet.c.

◆ TP_STATUS_VLAN_TPID_VALID

#define TP_STATUS_VLAN_TPID_VALID   BIT_U32(6)

Definition at line 200 of file source-af-packet.c.

◆ TP_STATUS_VLAN_VALID

#define TP_STATUS_VLAN_VALID   BIT_U32(4)

Definition at line 194 of file source-af-packet.c.

Typedef Documentation

◆ AFPThreadVars

typedef struct AFPThreadVars_ AFPThreadVars

Structure to hold thread specific variables.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
AFP_READ_OK 
AFP_READ_FAILURE 
AFP_SURI_FAILURE 

Error during treatment by other functions of Suricata

AFP_KERNEL_DROP 

Definition at line 234 of file source-af-packet.c.

◆ anonymous enum

anonymous enum
Enumerator
AFP_FATAL_ERROR 
AFP_RECOVERABLE_ERROR 

Definition at line 242 of file source-af-packet.c.

Function Documentation

◆ AFPGetLinkType()

int AFPGetLinkType ( const char *  ifname)

Definition at line 1532 of file source-af-packet.c.

References LINKTYPE_RAW, and SCLogError.

◆ AFPIsFanoutSupported()

int AFPIsFanoutSupported ( uint16_t  cluster_id)

test if we can use FANOUT. Older kernels like those in CentOS6 have HAVE_PACKET_FANOUT defined but fail to work

Definition at line 1811 of file source-af-packet.c.

References PACKET_FANOUT, PACKET_FANOUT_FLAG_DEFRAG, PACKET_FANOUT_HASH, and SCLogError.

◆ TmModuleDecodeAFPRegister()

void TmModuleDecodeAFPRegister ( void  )

Registration Function for DecodeAFP.

Todo:
Unit tests are needed for this module.

Definition at line 601 of file source-af-packet.c.

References TmModule_::name, TmModule_::ThreadInit, TMM_DECODEAFP, and tmm_modules.

Referenced by RegisterAllModules().

Here is the caller graph for this function:

◆ TmModuleReceiveAFPRegister()

void TmModuleReceiveAFPRegister ( void  )

Registration Function for RecieveAFP.

Todo:
Unit tests are needed for this module.

Definition at line 383 of file source-af-packet.c.

References TmModule_::name, TmModule_::ThreadInit, tmm_modules, and TMM_RECEIVEAFP.

Referenced by RegisterAllModules().

Here is the caller graph for this function:

Variable Documentation

◆ max_pending_packets

uint32_t max_pending_packets

Maximum packets to simultaneously process.

Definition at line 180 of file suricata.c.

TP_STATUS_TS_SYS_HARDWARE
#define TP_STATUS_TS_SYS_HARDWARE
Definition: source-af-packet.c:209
TP_STATUS_TS_SOFTWARE
#define TP_STATUS_TS_SOFTWARE
Definition: source-af-packet.c:206
TP_STATUS_TS_RAW_HARDWARE
#define TP_STATUS_TS_RAW_HARDWARE
Definition: source-af-packet.c:212