suricata
source-af-packet.h
Go to the documentation of this file.
1 /* Copyright (C) 2011,2012 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Eric Leblond <eric@regit.org>
22  */
23 
24 #ifndef __SOURCE_AFP_H__
25 #define __SOURCE_AFP_H__
26 
27 #ifndef HAVE_PACKET_FANOUT /* not defined if linux/if_packet.h trying to force */
28 #define HAVE_PACKET_FANOUT 1
29 
30 #define PACKET_FANOUT 18
31 
32 #define PACKET_FANOUT_HASH 0
33 #define PACKET_FANOUT_LB 1
34 #define PACKET_FANOUT_CPU 2
35 #define PACKET_FANOUT_ROLLOVER 3
36 #define PACKET_FANOUT_RND 4
37 #define PACKET_FANOUT_QM 5
38 
39 #define PACKET_FANOUT_FLAG_ROLLOVER 0x1000
40 #define PACKET_FANOUT_FLAG_DEFRAG 0x8000
41 #else /* HAVE_PACKET_FANOUT */
42 #include <linux/if_packet.h>
43 #endif /* HAVE_PACKET_FANOUT */
44 #include "queue.h"
45 
46 /* value for flags */
47 #define AFP_RING_MODE (1<<0)
48 #define AFP_ZERO_COPY (1<<1)
49 #define AFP_SOCK_PROTECT (1<<2)
50 #define AFP_EMERGENCY_MODE (1<<3)
51 #define AFP_TPACKET_V3 (1<<4)
52 #define AFP_VLAN_DISABLED (1<<5)
53 #define AFP_MMAP_LOCKED (1<<6)
54 #define AFP_BYPASS (1<<7)
55 #define AFP_XDPBYPASS (1<<8)
56 
57 #define AFP_COPY_MODE_NONE 0
58 #define AFP_COPY_MODE_TAP 1
59 #define AFP_COPY_MODE_IPS 2
60 
61 #define AFP_FILE_MAX_PKTS 256
62 #define AFP_IFACE_NAME_LENGTH 48
63 
64 /* In kernel the allocated block size is allocated using the formula
65  * page_size << order. So default value is using the same formula with
66  * an order of 3 which guarantee we have some room in the block compared
67  * to standard frame size */
68 #define AFP_BLOCK_SIZE_DEFAULT_ORDER 3
69 
70 typedef struct AFPIfaceConfig_
71 {
73  /* number of threads */
74  int threads;
75  /* socket buffer size */
77  /* ring size in number of packets */
78  int ring_size;
79  /* block size for tpacket_v3 in */
81  /* block timeout for tpacket_v3 in milliseconds */
83  /* cluster param */
86  /* promisc mode */
87  int promisc;
88  /* misc use flags including ring mode */
89  unsigned int flags;
90  int copy_mode;
92  const char *bpf_filter;
93  const char *ebpf_lb_file;
95  const char *ebpf_filter_file;
97  const char *xdp_filter_file;
99  uint8_t xdp_mode;
100  const char *out_iface;
101  SC_ATOMIC_DECLARE(unsigned int, ref);
102  void (*DerefFunc)(void *);
104 
105 /**
106  * \ingroup afppeers
107  * @{
108  */
109 
110 typedef struct AFPPeer_ {
111  SC_ATOMIC_DECLARE(int, socket);
112  SC_ATOMIC_DECLARE(int, sock_usage);
113  SC_ATOMIC_DECLARE(int, if_idx);
114  int flags;
116  int turn; /**< Field used to store initialisation order. */
117  SC_ATOMIC_DECLARE(uint8_t, state);
118  struct AFPPeer_ *peer;
121 } AFPPeer;
122 
123 /**
124  * \brief per packet AF_PACKET vars
125  *
126  * This structure is used y the release data system and is cleaned
127  * up by the AFPV_CLEANUP macro below.
128  */
129 typedef struct AFPPacketVars_
130 {
131  void *relptr;
132  AFPPeer *peer; /**< Sending peer for IPS/TAP mode */
133  /** Pointer to ::AFPPeer used for capture. Field is used to be able
134  * to do reference counting.
135  */
137  uint8_t copy_mode;
140 } AFPPacketVars;
141 
142 #define AFPV_CLEANUP(afpv) do { \
143  (afpv)->relptr = NULL; \
144  (afpv)->copy_mode = 0; \
145  (afpv)->peer = NULL; \
146  (afpv)->mpeer = NULL; \
147  (afpv)->v4_map_fd = -1; \
148  (afpv)->v6_map_fd = -1; \
149 } while(0)
150 
151 /**
152  * @}
153  */
154 
155 void TmModuleReceiveAFPRegister (void);
156 void TmModuleDecodeAFPRegister (void);
157 
160 void AFPPeersListClean(void);
161 int AFPGetLinkType(const char *ifname);
162 
163 int AFPIsFanoutSupported(void);
164 
165 #endif /* __SOURCE_AFP_H__ */
char iface[AFP_IFACE_NAME_LENGTH]
TmEcode AFPPeersListInit(void)
Init the global list of AFPPeer.
#define SCMutex
SCMutex sock_protect
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
struct HtpBodyChunk_ * next
TmEcode AFPPeersListCheck(void)
Check that all AFPPeer got a peer.
int AFPGetLinkType(const char *ifname)
void AFPPeersListClean(void)
Clean the global peers list.
struct AFPIfaceConfig_ AFPIfaceConfig
const char * ebpf_filter_file
int AFPIsFanoutSupported(void)
test if we can use FANOUT. Older kernels like those in CentOS6 have HAVE_PACKET_FANOUT defined but fa...
unsigned int flags
const char * out_iface
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
void(* DerefFunc)(void *)
#define TAILQ_ENTRY(type)
Definition: queue.h:330
const char * ebpf_lb_file
struct AFPPeer_ * peer
SC_ATOMIC_DECLARE(unsigned int, ref)
#define AFP_IFACE_NAME_LENGTH
ChecksumValidationMode
Definition: decode.h:40
struct AFPPacketVars_ AFPPacketVars
per packet AF_PACKET vars
const char * xdp_filter_file
ChecksumValidationMode checksum_mode
per packet AF_PACKET vars
const char * bpf_filter