suricata
runmode-af-packet.c File Reference
AF_PACKET running mode
#include "suricata-common.h"
#include "config.h"
#include "tm-threads.h"
#include "conf.h"
#include "runmodes.h"
#include "runmode-af-packet.h"
#include "output.h"
#include "log-httplog.h"
#include "detect-engine-mpm.h"
#include "alert-fastlog.h"
#include "alert-prelude.h"
#include "alert-unified2-alert.h"
#include "alert-debuglog.h"
#include "flow-bypass.h"
#include "util-debug.h"
#include "util-time.h"
#include "util-cpu.h"
#include "util-affinity.h"
#include "util-device.h"
#include "util-runmodes.h"
#include "util-ioctl.h"
#include "util-ebpf.h"
#include "source-af-packet.h"
Include dependency graph for runmode-af-packet.c:

Go to the source code of this file.

int max_pending_packets
 
const char * RunModeAFPGetDefaultMode (void)
 
void RunModeIdsAFPRegister (void)
 
int AFPRunModeIsIPS ()
 
int RunModeIdsAFPAutoFp (void)
 
int RunModeIdsAFPSingle (void)
 Single thread version of the AF_PACKET processing. More...
 
int RunModeIdsAFPWorkers (void)
 Workers version of the AF_PACKET processing. More...
 

Detailed Description

Author
Eric Leblond eric@.nosp@m.regi.nosp@m.t.org

AF_PACKET socket runmode

Definition in file runmode-af-packet.c.

Function Documentation

int AFPRunModeIsIPS ( void  )

Definition at line 655 of file runmode-af-packet.c.

References ConfFindDeviceConfig(), ConfGetChildValueWithDefault(), ConfGetNode(), ConfNodeLookupKeyValue(), LiveGetDeviceCount(), LiveGetDeviceName(), SC_ERR_INVALID_ARGUMENT, SC_ERR_INVALID_VALUE, SCLogError, and SCLogInfo.

Referenced by PostRunDeinit().

Here is the call graph for this function:

Here is the caller graph for this function:

const char* RunModeAFPGetDefaultMode ( void  )

Definition at line 65 of file runmode-af-packet.c.

Referenced by RunModeDispatch().

Here is the caller graph for this function:

int RunModeIdsAFPAutoFp ( void  )

Definition at line 736 of file runmode-af-packet.c.

References AFPPeersListCheck(), AFPPeersListInit(), ConfGet(), RunModeInitialize(), RunModeSetLiveCaptureAutoFp(), SC_ERR_RUNMODE, SCEnter, SCLogDebug, SCLogError, SCReturnInt, thread_name_autofp, TimeModeSetLive(), and TM_ECODE_OK.

Referenced by RunModeIdsAFPRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

void RunModeIdsAFPRegister ( void  )

Definition at line 70 of file runmode-af-packet.c.

References AFP_BLOCK_SIZE_DEFAULT_ORDER, AFP_BYPASS, AFP_COPY_MODE_IPS, AFP_COPY_MODE_NONE, AFP_COPY_MODE_TAP, AFP_EMERGENCY_MODE, AFP_MMAP_LOCKED, AFP_RING_MODE, AFP_SOCK_PROTECT, AFP_TPACKET_V3, AFP_XDPBYPASS, AFP_ZERO_COPY, AFPGetLinkType(), AFPIsFanoutSupported(), AFPIfaceConfig_::block_size, AFPIfaceConfig_::block_timeout, AFPIfaceConfig_::bpf_filter, AFPIfaceConfig_::buffer_size, BypassedFlowManagerRegisterCheckFunc(), BypassedFlowManagerRegisterUpdateFunc(), AFPIfaceConfig_::checksum_mode, CHECKSUM_VALIDATION_AUTO, CHECKSUM_VALIDATION_DISABLE, CHECKSUM_VALIDATION_ENABLE, CHECKSUM_VALIDATION_KERNEL, AFPIfaceConfig_::cluster_id, AFPIfaceConfig_::cluster_type, ConfFindDeviceConfig(), ConfGet(), ConfGetChildValueBoolWithDefault(), ConfGetChildValueIntWithDefault(), ConfGetChildValueWithDefault(), ConfGetChildWithDefault(), ConfGetNode(), ConfValIsFalse(), ConfValIsTrue(), AFPIfaceConfig_::copy_mode, AFPIfaceConfig_::DerefFunc, DisableIfaceOffloading(), AFPIfaceConfig_::ebpf_filter_fd, AFPIfaceConfig_::ebpf_filter_file, AFPIfaceConfig_::ebpf_lb_fd, AFPIfaceConfig_::ebpf_lb_file, AFPIfaceConfig_::flags, GetIfaceOffloading(), GetIfaceRSSQueuesNum(), AFPIfaceConfig_::iface, LINKTYPE_ETHERNET, LiveGetDevice(), LiveGetOffload(), max_pending_packets, AFPIfaceConfig_::out_iface, PACKET_FANOUT_CPU, PACKET_FANOUT_FLAG_DEFRAG, PACKET_FANOUT_FLAG_ROLLOVER, PACKET_FANOUT_HASH, PACKET_FANOUT_LB, PACKET_FANOUT_QM, PACKET_FANOUT_RND, PACKET_FANOUT_ROLLOVER, AFPIfaceConfig_::promisc, AFPIfaceConfig_::ring_size, RUNMODE_AFP_DEV, RunModeEnablesBypassManager(), RunmodeGetActive(), RunModeIdsAFPAutoFp(), RunModeIdsAFPSingle(), RunModeIdsAFPWorkers(), RunModeRegisterNewRunMode(), SC_ATOMIC_ADD, SC_ATOMIC_INIT, SC_ATOMIC_RESET, SC_ATOMIC_SUB, SC_ERR_AFP_CREATE, SC_ERR_INVALID_ARGUMENT, SC_ERR_INVALID_CLUSTER_TYPE, SC_ERR_INVALID_VALUE, SC_ERR_RUNMODE, SC_ERR_UNIMPLEMENTED, SCCalloc, SCFree, SCLogDebug, SCLogError, SCLogInfo, SCLogNotice, SCLogPerf, SCLogWarning, strlcpy(), AFPIfaceConfig_::threads, unlikely, UtilCpuGetNumProcessorsOnline(), AFPIfaceConfig_::xdp_filter_fd, AFPIfaceConfig_::xdp_filter_file, and AFPIfaceConfig_::xdp_mode.

Referenced by RunModeRegisterRunModes().

Here is the call graph for this function:

Here is the caller graph for this function:

int RunModeIdsAFPSingle ( void  )

Single thread version of the AF_PACKET processing.

Definition at line 783 of file runmode-af-packet.c.

References AFPPeersListCheck(), AFPPeersListInit(), ConfGet(), RunModeInitialize(), RunModeSetLiveCaptureSingle(), SC_ERR_RUNMODE, SCEnter, SCLogDebug, SCLogError, SCReturnInt, thread_name_single, TimeModeSetLive(), and TM_ECODE_OK.

Referenced by RunModeIdsAFPRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

int RunModeIdsAFPWorkers ( void  )

Workers version of the AF_PACKET processing.

Start N threads with each thread doing all the work.

Definition at line 828 of file runmode-af-packet.c.

References AFPPeersListCheck(), AFPPeersListInit(), ConfGet(), RunModeInitialize(), RunModeSetLiveCaptureWorkers(), SC_ERR_RUNMODE, SCEnter, SCLogDebug, SCLogError, SCReturnInt, thread_name_workers, TimeModeSetLive(), and TM_ECODE_OK.

Referenced by RunModeIdsAFPRegister().

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

int max_pending_packets

Maximum packets to simultaneously process.

Definition at line 213 of file suricata.c.

Referenced by PacketPoolInit(), PacketPoolPostRunmodes(), RunModeIdsAFPRegister(), and RunUnittests().