From: Eric Leblond Date: Fri, 8 Apr 2016 13:29:18 +0000 (+0200) Subject: af-packet: configurable tpacket_v3 block timeout X-Git-Tag: suricata-3.1RC1~103 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=234aefdff9c87623ac2f1a7f60436c79ac03561b;p=thirdparty%2Fsuricata.git af-packet: configurable tpacket_v3 block timeout Block timeout defines the maximum filling duration of a block. --- diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c index 347373d3f2..0c457ee7ba 100644 --- a/src/runmode-af-packet.c +++ b/src/runmode-af-packet.c @@ -370,6 +370,11 @@ void *ParseAFPConfig(const char *iface) } } + if ((ConfGetChildValueIntWithDefault(if_root, if_default, "block-timeout", &value)) == 1) { + aconf->block_timeout = value; + } else { + aconf->block_timeout = 10; + } if ((ConfGetChildValueIntWithDefault(if_root, if_default, "block-timeout", &value)) == 1) { aconf->block_timeout = value; } else { diff --git a/src/source-af-packet.c b/src/source-af-packet.c index 3fdeb4f000..3f447b0815 100644 --- a/src/source-af-packet.c +++ b/src/source-af-packet.c @@ -232,6 +232,7 @@ typedef struct AFPThreadVars_ int ring_size; int block_size; + int block_timeout; /* socket buffer size */ int buffer_size; /* Filter */ @@ -1582,7 +1583,7 @@ static int AFPComputeRingParamsV3(AFPThreadVars *ptv) ptv->req3.tp_block_nr = ptv->ring_size / frames_per_block + 1; /* exact division */ ptv->req3.tp_frame_nr = ptv->req3.tp_block_nr * frames_per_block; - ptv->req3.tp_retire_blk_tov = 10; /* 10 ms timeout on block */ + ptv->req3.tp_retire_blk_tov = ptv->block_timeout; ptv->req3.tp_feature_req_word = TP_FT_REQ_FILL_RXHASH; SCLogInfo("AF_PACKET V3 RX Ring params: block_size=%d block_nr=%d frame_size=%d frame_nr=%d (mem: %d)", ptv->req3.tp_block_size, ptv->req3.tp_block_nr, diff --git a/src/source-af-packet.h b/src/source-af-packet.h index 6560701ae4..7b3214c4df 100644 --- a/src/source-af-packet.h +++ b/src/source-af-packet.h @@ -58,6 +58,10 @@ #define AFP_FILE_MAX_PKTS 256 #define AFP_IFACE_NAME_LENGTH 48 +/* In kernel the allocated block size is allocated using the formula + * page_size << order. So default value is using the same formula with + * an order of 3 which guarantee we have some room in the block compared + * to standard frame size */ #define AFP_BLOCK_SIZE_DEFAULT_ORDER 3 typedef struct AFPIfaceConfig_ @@ -69,8 +73,10 @@ typedef struct AFPIfaceConfig_ int buffer_size; /* ring size in number of packets */ int ring_size; - /* block size for tpacket_v3 */ + /* block size for tpacket_v3 in */ int block_size; + /* block timeout for tpacket_v3 in milliseconds */ + int block_timeout; /* cluster param */ int cluster_id; int cluster_type; diff --git a/suricata.yaml.in b/suricata.yaml.in index 5c0dd8b4a0..ea533081f4 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -482,6 +482,9 @@ af-packet: # a decent number of packets. Size is in bytes so please consider your MTU. It should be # a power of 2 and it must be multiple of page size (usually 4096). #block-size: 32768 + # tpacket_v3 block timeout: an open block is passed to userspace if it is not + # filled after block-timeout milliseconds. + #block-timeout: 10 # On busy system, this could help to set it to yes to recover from a packet drop # phase. This will result in some packets (at max a ring flush) being non treated. #use-emergency-flush: yes