#include "suricata-common.h"#include "suricata.h"#include "tm-threads.h"#include "util-privs.h"#include "util-datalink.h"#include "util-device-private.h"#include "tmqh-packetpool.h"#include "source-erf-dag.h"#include <dagapi.h>
Go to the source code of this file.
Data Structures | |
| struct | ErfDagThreadVars_ |
Macros | |
| #define | MINDATA 32768 |
| #define | MAXWAIT 20000 |
| #define | POLL_INTERVAL 1000; |
| #define | BYTES_PER_LOOP (4 * 1024 * 1024) /* 4 MB */ |
Typedefs | |
| typedef struct ErfDagThreadVars_ | ErfDagThreadVars |
Functions | |
| TmEcode | ReceiveErfDagLoop (ThreadVars *tv, void *data, void *slot) |
| Receives packets from a DAG interface. More... | |
| TmEcode | ReceiveErfDagThreadInit (ThreadVars *tv, const void *initdata, void **data) |
| Initialize the ERF receiver thread, generate a single ErfDagThreadVar structure for each thread, this will contain a DAG file descriptor which is read when the thread executes. More... | |
| void | ReceiveErfDagThreadExitStats (ThreadVars *tv, void *data) |
| Print some stats to the log at program exit. More... | |
| TmEcode | ReceiveErfDagThreadDeinit (ThreadVars *tv, void *data) |
| Deinitializes the DAG card. More... | |
| TmEcode | DecodeErfDagThreadInit (ThreadVars *, const void *, void **) |
| TmEcode | DecodeErfDagThreadDeinit (ThreadVars *tv, void *data) |
| TmEcode | DecodeErfDag (ThreadVars *tv, Packet *p, void *data) |
| This function passes off to link type decoders. More... | |
| void | ReceiveErfDagCloseStream (int dagfd, int stream) |
| void | TmModuleReceiveErfDagRegister (void) |
| Register the ERF file receiver (reader) module. More... | |
| void | TmModuleDecodeErfDagRegister (void) |
| Register the ERF file decoder module. More... | |
Variables | |
| uint32_t | max_pending_packets |
Detailed Description
Support for reading ERF records from a DAG card.
Only ethernet supported at this time.
Definition in file source-erf-dag.c.
Macro Definition Documentation
◆ BYTES_PER_LOOP
| #define BYTES_PER_LOOP (4 * 1024 * 1024) /* 4 MB */ |
Definition at line 91 of file source-erf-dag.c.
◆ MAXWAIT
| #define MAXWAIT 20000 |
Definition at line 85 of file source-erf-dag.c.
◆ MINDATA
| #define MINDATA 32768 |
Definition at line 82 of file source-erf-dag.c.
◆ POLL_INTERVAL
| #define POLL_INTERVAL 1000; |
Definition at line 88 of file source-erf-dag.c.
Typedef Documentation
◆ ErfDagThreadVars
| typedef struct ErfDagThreadVars_ ErfDagThreadVars |
Function Documentation
◆ DecodeErfDag()
| TmEcode DecodeErfDag | ( | ThreadVars * | tv, |
| Packet * | p, | ||
| void * | data | ||
| ) |
This function passes off to link type decoders.
Decode ErfDag DecodeErfDag decodes packets from DAG and passes them off to the proper link type decoder.
- Parameters
-
t pointer to ThreadVars p pointer to the current packet data pointer that gets cast into PcapThreadVars for ptv
Definition at line 588 of file source-erf-dag.c.
References BUG_ON, Packet_::datalink, DecodeEthernet(), DecodeUpdatePacketCounters(), dtv, GET_PKT_DATA, GET_PKT_LEN, LINKTYPE_ETHERNET, PacketDecodeFinalize(), PKT_IS_PSEUDOPKT, SCEnter, SCLogError, SCReturnInt, TM_ECODE_OK, and tv.
Referenced by TmModuleDecodeErfDagRegister().
◆ DecodeErfDagThreadDeinit()
| TmEcode DecodeErfDagThreadDeinit | ( | ThreadVars * | tv, |
| void * | data | ||
| ) |
Definition at line 632 of file source-erf-dag.c.
References DecodeThreadVarsFree(), SCReturnInt, TM_ECODE_OK, and tv.
Referenced by TmModuleDecodeErfDagRegister().
◆ DecodeErfDagThreadInit()
| TmEcode DecodeErfDagThreadInit | ( | ThreadVars * | tv, |
| const void * | initdata, | ||
| void ** | data | ||
| ) |
Definition at line 614 of file source-erf-dag.c.
References DecodeRegisterPerfCounters(), DecodeThreadVarsAlloc(), dtv, SCEnter, SCReturnInt, TM_ECODE_FAILED, TM_ECODE_OK, and tv.
Referenced by TmModuleDecodeErfDagRegister().
◆ ReceiveErfDagCloseStream()
| void ReceiveErfDagCloseStream | ( | int | dagfd, |
| int | stream | ||
| ) |
Definition at line 568 of file source-erf-dag.c.
Referenced by ReceiveErfDagThreadDeinit().
◆ ReceiveErfDagLoop()
| TmEcode ReceiveErfDagLoop | ( | ThreadVars * | tv, |
| void * | data, | ||
| void * | slot | ||
| ) |
Receives packets from a DAG interface.
- Parameters
-
tv pointer to ThreadVars data pointer to ErfDagThreadVars slot slot containing task information
- Return values
-
TM_ECODE_OK on success TM_ECODE_FAILED on failure
Definition at line 311 of file source-erf-dag.c.
References dtv, SCEnter, SCReturnInt, TmSlot_::slot_next, suricata_ctl_flags, SURICATA_STOP, THV_RUNNING, TM_ECODE_OK, TmThreadsSetFlag(), and tv.
Referenced by TmModuleReceiveErfDagRegister().
◆ ReceiveErfDagThreadDeinit()
| TmEcode ReceiveErfDagThreadDeinit | ( | ThreadVars * | tv, |
| void * | data | ||
| ) |
Deinitializes the DAG card.
- Parameters
-
tv pointer to ThreadVars data pointer that gets cast into PcapThreadVars for ptv
Definition at line 556 of file source-erf-dag.c.
References ErfDagThreadVars_::dagfd, ErfDagThreadVars_::dagstream, ReceiveErfDagCloseStream(), SCEnter, SCReturnInt, and TM_ECODE_OK.
◆ ReceiveErfDagThreadExitStats()
| void ReceiveErfDagThreadExitStats | ( | ThreadVars * | tv, |
| void * | data | ||
| ) |
Print some stats to the log at program exit.
- Parameters
-
tv Pointer to ThreadVars. data Pointer to data, ErfFileThreadVars.
Definition at line 533 of file source-erf-dag.c.
References ErfDagThreadVars_::bytes, ErfDagThreadVars_::dagstream, ErfDagThreadVars_::drops, ErfDagThreadVars_::livedev, ErfDagThreadVars_::packets, SC_ATOMIC_SET, SCLogInfo, StatsGetLocalCounterValue(), and tv.
Referenced by TmModuleReceiveErfDagRegister().
◆ ReceiveErfDagThreadInit()
| TmEcode ReceiveErfDagThreadInit | ( | ThreadVars * | tv, |
| const void * | initdata, | ||
| void ** | data | ||
| ) |
Initialize the ERF receiver thread, generate a single ErfDagThreadVar structure for each thread, this will contain a DAG file descriptor which is read when the thread executes.
- Parameters
-
tv Thread variable to ThreadVars initdata Initial data to the interface passed from the user, this is processed by the user.
We assume that we have only a single name for the DAG interface.
- Parameters
-
data data pointer gets populated with
Definition at line 178 of file source-erf-dag.c.
References ErfDagThreadVars_::dagfd, ErfDagThreadVars_::dagname, ErfDagThreadVars_::dagstream, DatalinkSetGlobalType(), ErfDagThreadVars_::drops, FatalError, LINKTYPE_ETHERNET, ErfDagThreadVars_::livedev, LiveGetDevice(), MAXWAIT, MINDATA, ErfDagThreadVars_::packets, ErfDagThreadVars_::poll, POLL_INTERVAL, SCCalloc, SCEnter, SCFree, SCLogError, SCLogInfo, SCReturnInt, StatsRegisterCounter(), TM_ECODE_FAILED, TM_ECODE_OK, tv, ErfDagThreadVars_::tv, and unlikely.
Referenced by TmModuleReceiveErfDagRegister().
◆ TmModuleDecodeErfDagRegister()
| void TmModuleDecodeErfDagRegister | ( | void | ) |
Register the ERF file decoder module.
Definition at line 151 of file source-erf-dag.c.
References TmModule_::cap_flags, DecodeErfDag(), DecodeErfDagThreadDeinit(), DecodeErfDagThreadInit(), TmModule_::flags, TmModule_::Func, TmModule_::name, TmModule_::ThreadDeinit, TmModule_::ThreadExitPrintStats, TmModule_::ThreadInit, TM_FLAG_DECODE_TM, TMM_DECODEERFDAG, and tmm_modules.
Referenced by RegisterAllModules().
◆ TmModuleReceiveErfDagRegister()
| void TmModuleReceiveErfDagRegister | ( | void | ) |
Register the ERF file receiver (reader) module.
Definition at line 133 of file source-erf-dag.c.
References TmModule_::cap_flags, TmModule_::flags, TmModule_::Func, TmModule_::name, TmModule_::PktAcqBreakLoop, TmModule_::PktAcqLoop, ReceiveErfDagLoop(), ReceiveErfDagThreadExitStats(), ReceiveErfDagThreadInit(), TmModule_::ThreadDeinit, TmModule_::ThreadExitPrintStats, TmModule_::ThreadInit, TM_FLAG_RECEIVE_TM, tmm_modules, and TMM_RECEIVEERFDAG.
Referenced by RegisterAllModules().
