#include "suricata-common.h"#include "suricata.h"#include "conf.h"#include "decode.h"#include "packet-queue.h"#include "threads.h"#include "threadvars.h"#include "tm-queuehandlers.h"#include "tm-threads.h"#include "source-pfring.h"#include "util-debug.h"#include "util-checksum.h"#include "util-privs.h"#include "util-datalink.h"#include "util-device.h"#include "util-host-info.h"#include "runmodes.h"#include "util-profiling.h"#include <pfring.h>
Go to the source code of this file.
Data Structures | |
| struct | PfringThreadVars_ |
| Structure to hold thread specific variables. More... | |
Macros | |
| #define | LIBPFRING_PROMISC 1 |
| #define | LIBPFRING_REENTRANT 0 |
| #define | LIBPFRING_WAIT_FOR_INCOMING 1 |
| #define | PFRING_FLAGS_ZERO_COPY (1 << 0) |
| #define | PFRING_FLAGS_BYPASS (1 << 1) |
Functions | |
| TmEcode | ReceivePfringLoop (ThreadVars *tv, void *data, void *slot) |
| Receives packets from an interface via libpfring. More... | |
| TmEcode | PfringBreakLoop (ThreadVars *tv, void *data) |
| Stop function for ReceivePfringLoop. More... | |
| TmEcode | ReceivePfringThreadInit (ThreadVars *tv, const void *initdata, void **data) |
| Init function for ReceivePfring. More... | |
| void | ReceivePfringThreadExitStats (ThreadVars *tv, void *data) |
| This function prints stats to the screen at exit. More... | |
| TmEcode | ReceivePfringThreadDeinit (ThreadVars *tv, void *data) |
| DeInit function closes pd at exit. More... | |
| TmEcode | DecodePfringThreadInit (ThreadVars *tv, const void *initdata, void **data) |
| This an Init function for DecodePfring. More... | |
| TmEcode | DecodePfring (ThreadVars *tv, Packet *p, void *data) |
| This function passes off to link type decoders. More... | |
| TmEcode | DecodePfringThreadDeinit (ThreadVars *tv, void *data) |
| void | TmModuleReceivePfringRegister (void) |
| Registration Function for ReceivePfring. More... | |
| void | TmModuleDecodePfringRegister (void) |
| Registration Function for DecodePfring. More... | |
Variables | |
| uint16_t | max_pending_packets |
Detailed Description
PF_RING packet acquisition support
- Todo:
remove requirement for setting cluster so old 3.x versions are supported
implement DNA support
Allow ring options such as snaplen etc, to be user configurable.
Definition in file source-pfring.c.
Macro Definition Documentation
◆ LIBPFRING_PROMISC
| #define LIBPFRING_PROMISC 1 |
Definition at line 113 of file source-pfring.c.
◆ LIBPFRING_REENTRANT
| #define LIBPFRING_REENTRANT 0 |
Definition at line 114 of file source-pfring.c.
◆ LIBPFRING_WAIT_FOR_INCOMING
| #define LIBPFRING_WAIT_FOR_INCOMING 1 |
Definition at line 115 of file source-pfring.c.
◆ PFRING_FLAGS_BYPASS
| #define PFRING_FLAGS_BYPASS (1 << 1) |
Definition at line 119 of file source-pfring.c.
◆ PFRING_FLAGS_ZERO_COPY
| #define PFRING_FLAGS_ZERO_COPY (1 << 0) |
Definition at line 118 of file source-pfring.c.
Function Documentation
◆ DecodePfring()
| TmEcode DecodePfring | ( | ThreadVars * | tv, |
| Packet * | p, | ||
| void * | data | ||
| ) |
This function passes off to link type decoders.
DecodePfring decodes raw packets from PF_RING. Inside of libpcap version of PF_RING all packets are marked as a link type of ethernet so that is what we do here.
- Parameters
-
tv pointer to ThreadVars p pointer to the current packet data pointer that gets cast into PfringThreadVars for ptv
- Todo:
- Verify that PF_RING only deals with ethernet traffic
- Warning
- This function bypasses the pkt buf and len macro's
- Return values
-
TM_ECODE_OK is always returned
Definition at line 724 of file source-pfring.c.
References BUG_ON, DecodeThreadVars_::counter_vlan, DecodeEthernet(), DecodeUpdatePacketCounters(), dtv, GET_PKT_DATA, GET_PKT_LEN, PacketDecodeFinalize(), PKT_IS_PSEUDOPKT, StatsIncr(), TM_ECODE_OK, tv, and Packet_::vlan_idx.
Referenced by TmModuleDecodePfringRegister().
◆ DecodePfringThreadDeinit()
| TmEcode DecodePfringThreadDeinit | ( | ThreadVars * | tv, |
| void * | data | ||
| ) |
Definition at line 769 of file source-pfring.c.
References DecodeThreadVarsFree(), SCReturnInt, TM_ECODE_OK, and tv.
Referenced by TmModuleDecodePfringRegister().
◆ DecodePfringThreadInit()
| TmEcode DecodePfringThreadInit | ( | ThreadVars * | tv, |
| const void * | initdata, | ||
| void ** | data | ||
| ) |
This an Init function for DecodePfring.
- Parameters
-
tv pointer to ThreadVars initdata pointer to initialization data. data pointer that gets cast into PfringThreadVars for ptv
- Return values
-
TM_ECODE_OK is returned on success TM_ECODE_FAILED is returned on error
Definition at line 754 of file source-pfring.c.
References DecodeRegisterPerfCounters(), DecodeThreadVarsAlloc(), dtv, SCReturnInt, TM_ECODE_FAILED, TM_ECODE_OK, and tv.
Referenced by TmModuleDecodePfringRegister().
◆ PfringBreakLoop()
| TmEcode PfringBreakLoop | ( | ThreadVars * | tv, |
| void * | data | ||
| ) |
Stop function for ReceivePfringLoop.
This function forces ReceivePfringLoop to stop the execution, exiting the packet capture loop.
- Parameters
-
tv pointer to ThreadVars data pointer that gets cast into PfringThreadVars for ptv
- Return values
-
TM_ECODE_OK on success TM_ECODE_FAILED on failure
Definition at line 462 of file source-pfring.c.
References PfringThreadVars_::pd, TM_ECODE_FAILED, and TM_ECODE_OK.
Referenced by TmModuleReceivePfringRegister().
◆ ReceivePfringLoop()
| TmEcode ReceivePfringLoop | ( | ThreadVars * | tv, |
| void * | data, | ||
| void * | slot | ||
| ) |
Receives packets from an interface via libpfring.
This function receives packets from an interface and passes the packet on to the pfring callback function.
- Parameters
-
tv pointer to ThreadVars data pointer that gets cast into PfringThreadVars for ptv slot slot containing task information
- Return values
-
TM_ECODE_OK on success TM_ECODE_FAILED on failure
Definition at line 344 of file source-pfring.c.
References Packet_::BypassPacketsFlow, PfringThreadVars_::flags, GET_PKT_DIRECT_DATA, GET_PKT_DIRECT_MAX_SIZE, LIBPFRING_WAIT_FOR_INCOMING, likely, PACKET_PROFILING_RESTART, PacketGetFromQueueOrAlloc(), PacketPoolWait(), PacketSetData(), PfringThreadVars_::pd, PFRING_FLAGS_BYPASS, PFRING_FLAGS_ZERO_COPY, PKT_SET_SRC, PKT_SRC_WIRE, SCEnter, SCLogError, SCReturnInt, SCTIME_INITIALIZER, PfringThreadVars_::slot, TmSlot_::slot_next, suricata_ctl_flags, SURICATA_STOP, THV_RUNNING, TM_ECODE_FAILED, TM_ECODE_OK, TmThreadsSetFlag(), and tv.
Referenced by TmModuleReceivePfringRegister().
◆ ReceivePfringThreadDeinit()
| TmEcode ReceivePfringThreadDeinit | ( | ThreadVars * | tv, |
| void * | data | ||
| ) |
DeInit function closes pd at exit.
- Parameters
-
tv pointer to ThreadVars data pointer that gets cast into PfringThreadVars for ptvi
- Return values
-
TM_ECODE_OK is always returned
Definition at line 691 of file source-pfring.c.
References PfringThreadVars_::bpf_filter, PfringThreadVars_::interface, PfringThreadVars_::pd, SCFree, and TM_ECODE_OK.
Referenced by TmModuleReceivePfringRegister().
◆ ReceivePfringThreadExitStats()
| void ReceivePfringThreadExitStats | ( | ThreadVars * | tv, |
| void * | data | ||
| ) |
This function prints stats to the screen at exit.
- Parameters
-
tv pointer to ThreadVars data pointer that gets cast into PfringThreadVars for ptv
Definition at line 666 of file source-pfring.c.
Referenced by TmModuleReceivePfringRegister().
◆ ReceivePfringThreadInit()
| TmEcode ReceivePfringThreadInit | ( | ThreadVars * | tv, |
| const void * | initdata, | ||
| void ** | data | ||
| ) |
Init function for ReceivePfring.
This is a setup function for receiving packets via libpfring.
- Parameters
-
tv pointer to ThreadVars initdata pointer to the interface passed from the user data pointer gets populated with PfringThreadVars
- Todo:
add a config option for setting cluster id
Create a general pfring setup function.
- Return values
-
TM_ECODE_OK on success TM_ECODE_FAILED on error
Definition at line 490 of file source-pfring.c.
References version.
Referenced by TmModuleReceivePfringRegister().
◆ TmModuleDecodePfringRegister()
| void TmModuleDecodePfringRegister | ( | void | ) |
Registration Function for DecodePfring.
- Todo:
- Unit tests are needed for this module.
Definition at line 179 of file source-pfring.c.
References DecodePfring(), DecodePfringThreadDeinit(), DecodePfringThreadInit(), TmModule_::flags, TmModule_::Func, TmModule_::name, TmModule_::ThreadDeinit, TmModule_::ThreadExitPrintStats, TmModule_::ThreadInit, TM_FLAG_DECODE_TM, TMM_DECODEPFRING, and tmm_modules.
Referenced by RegisterAllModules().
◆ TmModuleReceivePfringRegister()
| void TmModuleReceivePfringRegister | ( | void | ) |
Registration Function for ReceivePfring.
- Todo:
- Unit tests are needed for this module.
Definition at line 163 of file source-pfring.c.
References TmModule_::flags, TmModule_::Func, TmModule_::name, PfringBreakLoop(), TmModule_::PktAcqBreakLoop, TmModule_::PktAcqLoop, ReceivePfringLoop(), ReceivePfringThreadDeinit(), ReceivePfringThreadExitStats(), ReceivePfringThreadInit(), TmModule_::ThreadDeinit, TmModule_::ThreadExitPrintStats, TmModule_::ThreadInit, TM_FLAG_RECEIVE_TM, tmm_modules, and TMM_RECEIVEPFRING.
Referenced by RegisterAllModules().
