suricata
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
source-af-packet.c File Reference
AF_PACKET running mode
#include "suricata-common.h"
#include "suricata.h"
#include "packet.h"
#include "decode.h"
#include "packet-queue.h"
#include "threads.h"
#include "threadvars.h"
#include "tm-queuehandlers.h"
#include "tm-modules.h"
#include "tm-threads.h"
#include "tm-threads-common.h"
#include "conf.h"
#include "util-cpu.h"
#include "util-datalink.h"
#include "util-debug.h"
#include "util-device.h"
#include "util-ebpf.h"
#include "util-error.h"
#include "util-privs.h"
#include "util-optimize.h"
#include "util-checksum.h"
#include "util-ioctl.h"
#include "util-host-info.h"
#include "tmqh-packetpool.h"
#include "source-af-packet.h"
#include "runmodes.h"
#include "flow-storage.h"
#include "util-validate.h"
#include "action-globals.h"
#include "util-bpf.h"
Include dependency graph for source-af-packet.c:

Go to the source code of this file.

Data Structures

struct  bpf_program
 
union  thdr
 
struct  AFPThreadVars_
 Structure to hold thread specific variables. More...
 
union  AFPThreadVars_::AFPRing
 
union  AFPThreadVars_::AFPTpacketReq
 
struct  AFPPeersList_
 

Macros

#define PCAP_DONT_INCLUDE_PCAP_BPF_H   1
 
#define SC_PCAP_DONT_INCLUDE_PCAP_H   1
 
#define AFP_IFACE_NAME_LENGTH   48
 
#define AFP_STATE_DOWN   0
 
#define AFP_STATE_UP   1
 
#define AFP_RECONNECT_TIMEOUT   500000
 
#define AFP_DOWN_COUNTER_INTERVAL   40
 
#define POLL_TIMEOUT   100
 
#define TP_STATUS_KERNEL   0
 
#define TP_STATUS_USER   BIT_U32(0)
 
#define TP_STATUS_COPY   BIT_U32(1)
 
#define TP_STATUS_LOSING   BIT_U32(2)
 
#define TP_STATUS_CSUMNOTREADY   BIT_U32(3)
 
#define TP_STATUS_VLAN_VALID   BIT_U32(4)
 
#define TP_STATUS_BLK_TMO   BIT_U32(5)
 
#define TP_STATUS_VLAN_TPID_VALID   BIT_U32(6)
 
#define TP_STATUS_CSUM_VALID   BIT_U32(7)
 
#define TP_STATUS_TS_SOFTWARE   BIT_U32(29)
 
#define TP_STATUS_TS_SYS_HARDWARE   BIT_U32(30) /* kernel comment says: "deprecated, never set" */
 
#define TP_STATUS_TS_RAW_HARDWARE   BIT_U32(31)
 
#define TP_STATUS_USER_BUSY
 
#define FRAME_BUSY(tp_status)   (((uint32_t)(tp_status) & (uint32_t)TP_STATUS_USER_BUSY) == (uint32_t)TP_STATUS_USER_BUSY)
 
#define MAX_MAPS   32
 
#define AFP_PEERS_MAX_TRY   4
 
#define AFP_PEERS_WAIT   20000
 

Typedefs

typedef struct AFPThreadVars_ AFPThreadVars
 Structure to hold thread specific variables. More...
 
typedef struct AFPPeersList_ AFPPeersList
 

Enumerations

enum  { AFP_READ_OK, AFP_READ_FAILURE, AFP_SURI_FAILURE, AFP_KERNEL_DROP }
 
enum  { AFP_FATAL_ERROR = 1, AFP_RECOVERABLE_ERROR }
 

Functions

void TmModuleReceiveAFPRegister (void)
 Registration Function for RecieveAFP. More...
 
TmEcode AFPPeersListInit (void)
 Init the global list of AFPPeer. More...
 
TmEcode AFPPeersListCheck (void)
 Check that all AFPPeer got a peer. More...
 
void AFPPeersListClean (void)
 Clean the global peers list. More...
 
void TmModuleDecodeAFPRegister (void)
 Registration Function for DecodeAFP. More...
 
int AFPGetLinkType (const char *ifname)
 
int AFPIsFanoutSupported (uint16_t cluster_id)
 test if we can use FANOUT. Older kernels like those in CentOS6 have HAVE_PACKET_FANOUT defined but fail to work More...
 

Variables

uint16_t max_pending_packets
 
AFPPeersList peerslist
 

Detailed Description

Author
Eric Leblond eric@.nosp@m.regi.nosp@m.t.org

AF_PACKET socket acquisition support

Definition in file source-af-packet.c.

Macro Definition Documentation

◆ AFP_PEERS_MAX_TRY

#define AFP_PEERS_MAX_TRY   4

◆ AFP_PEERS_WAIT

#define AFP_PEERS_WAIT   20000