]> git.ipfire.org Git - people/ms/suricata.git/blob - src/source-af-packet.h
projects / people / ms / suricata.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
af-packet: only ref mpeer if needed in tpacket v2
[people/ms/suricata.git] / src / source-af-packet.h
1 /* Copyright (C) 2011,2012 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18 /**
19 * \file
20 *
21 * \author Eric Leblond <eric@regit.org>
22 */
23
24 #ifndef __SOURCE_AFP_H__
25 #define __SOURCE_AFP_H__
26
27 #ifndef HAVE_PACKET_FANOUT /* not defined if linux/if_packet.h trying to force */
28 #define HAVE_PACKET_FANOUT 1
29
30 #define PACKET_FANOUT 18
31
32 #define PACKET_FANOUT_HASH 0
33 #define PACKET_FANOUT_LB 1
34 #define PACKET_FANOUT_CPU 2
35 #define PACKET_FANOUT_ROLLOVER 3
36 #define PACKET_FANOUT_RND 4
37 #define PACKET_FANOUT_QM 5
38
39 #define PACKET_FANOUT_FLAG_ROLLOVER 0x1000
40 #define PACKET_FANOUT_FLAG_DEFRAG 0x8000
41 #else /* HAVE_PACKET_FANOUT */
42 #include <linux/if_packet.h>
43 #endif /* HAVE_PACKET_FANOUT */
44 #include "queue.h"
45
46 #ifdef HAVE_PACKET_EBPF
47 #define AFP_MODE_XDP_BYPASS 1
48 #define AFP_MODE_EBPF_BYPASS 2
49 struct ebpf_timeout_config {
50 const char *pinned_maps_name;
51 uint16_t cpus_count;
52 uint8_t mode;
53 uint8_t flags;
54 };
55 #endif
56
57 /* value for flags */
58 #define AFP_NEED_PEER (1 << 0)
59 // (1<<1) vacant
60 #define AFP_SOCK_PROTECT (1<<2)
61 #define AFP_EMERGENCY_MODE (1<<3)
62 #define AFP_TPACKET_V3 (1<<4)
63 #define AFP_VLAN_IN_HEADER (1<<5)
64 #define AFP_MMAP_LOCKED (1<<6)
65 #define AFP_BYPASS (1<<7)
66 #define AFP_XDPBYPASS (1<<8)
67
68 #define AFP_COPY_MODE_NONE 0
69 #define AFP_COPY_MODE_TAP 1
70 #define AFP_COPY_MODE_IPS 2
71
72 #define AFP_IFACE_NAME_LENGTH 48
73
74 /* In kernel the allocated block size is allocated using the formula
75 * page_size << order. So default value is using the same formula with
76 * an order of 3 which guarantee we have some room in the block compared
77 * to standard frame size */
78 #define AFP_BLOCK_SIZE_DEFAULT_ORDER 3
79
80 typedef struct AFPIfaceConfig_
81 {
82 char iface[AFP_IFACE_NAME_LENGTH];
83 /* number of threads */
84 int threads;
85 /* socket buffer size */
86 int buffer_size;
87 /* ring size in number of packets */
88 int ring_size;
89 /* block size for tpacket_v3 in */
90 int block_size;
91 /* block timeout for tpacket_v3 in milliseconds */
92 int block_timeout;
93 /* cluster param */
94 uint16_t cluster_id;
95 int cluster_type;
96 /* promisc mode */
97 int promisc;
98 /* misc use flags including ring mode */
99 unsigned int flags;
100 int copy_mode;
101 ChecksumValidationMode checksum_mode;
102 const char *bpf_filter;
103 const char *ebpf_lb_file;
104 int ebpf_lb_fd;
105 const char *ebpf_filter_file;
106 int ebpf_filter_fd;
107 const char *xdp_filter_file;
108 int xdp_filter_fd;
109 uint8_t xdp_mode;
110 const char *out_iface;
111 #ifdef HAVE_PACKET_EBPF
112 struct ebpf_timeout_config ebpf_t_config;
113 #endif
114 SC_ATOMIC_DECLARE(unsigned int, ref);
115 void (*DerefFunc)(void *);
116 } AFPIfaceConfig;
117
118 /**
119 * \ingroup afppeers
120 * @{
121 */
122
123 typedef struct AFPPeer_ {
124 SC_ATOMIC_DECLARE(int, socket);
125 SC_ATOMIC_DECLARE(int, sock_usage);
126 SC_ATOMIC_DECLARE(int, if_idx);
127 SC_ATOMIC_DECLARE(uint64_t, send_errors);
128 int flags;
129 SCMutex sock_protect;
130 int turn; /**< Field used to store initialisation order. */
131 SC_ATOMIC_DECLARE(uint8_t, state);
132 struct AFPPeer_ *peer;
133 TAILQ_ENTRY(AFPPeer_) next;
134 char iface[AFP_IFACE_NAME_LENGTH];
135 } AFPPeer;
136
137 /**
138 * \brief per packet AF_PACKET vars
139 *
140 * This structure is used y the release data system and is cleaned
141 * up by the AFPV_CLEANUP macro below.
142 */
143 typedef struct AFPPacketVars_
144 {
145 void *relptr;
146 AFPPeer *peer; /**< Sending peer for IPS/TAP mode */
147 /** Pointer to ::AFPPeer used for capture. Field is used to be able
148 * to do reference counting.
149 */
150 AFPPeer *mpeer;
151 uint8_t copy_mode;
152 uint16_t vlan_tci;
153 #ifdef HAVE_PACKET_EBPF
154 int v4_map_fd;
155 int v6_map_fd;
156 unsigned int nr_cpus;
157 #endif
158 } AFPPacketVars;
159
160 #ifdef HAVE_PACKET_EBPF
161 #define AFPV_CLEANUP(afpv) \
162 do { \
163 (afpv)->relptr = NULL; \
164 (afpv)->copy_mode = 0; \
165 (afpv)->vlan_tci = 0; \
166 (afpv)->peer = NULL; \
167 (afpv)->mpeer = NULL; \
168 (afpv)->v4_map_fd = -1; \
169 (afpv)->v6_map_fd = -1; \
170 } while (0)
171 #else
172 #define AFPV_CLEANUP(afpv) \
173 do { \
174 (afpv)->relptr = NULL; \
175 (afpv)->copy_mode = 0; \
176 (afpv)->vlan_tci = 0; \
177 (afpv)->peer = NULL; \
178 (afpv)->mpeer = NULL; \
179 } while (0)
180 #endif
181
182 /**
183 * @}
184 */
185
186 void TmModuleReceiveAFPRegister (void);
187 void TmModuleDecodeAFPRegister (void);
188
189 TmEcode AFPPeersListInit(void);
190 TmEcode AFPPeersListCheck(void);
191 void AFPPeersListClean(void);
192 int AFPGetLinkType(const char *ifname);
193
194 int AFPIsFanoutSupported(uint16_t cluster_id);
195
196 #endif /* __SOURCE_AFP_H__ */
Michael's tree of suricata