From: Eric Leblond Date: Sun, 3 Mar 2019 19:42:06 +0000 (+0100) Subject: af-packet: bypass with init function X-Git-Tag: suricata-5.0.0-rc1~364 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=880c42f11ca9b408a19bebb78de01b9712a836ed;p=thirdparty%2Fsuricata.git af-packet: bypass with init function --- diff --git a/src/flow-bypass.c b/src/flow-bypass.c index f0ee40e911..3debd48225 100644 --- a/src/flow-bypass.c +++ b/src/flow-bypass.c @@ -40,6 +40,7 @@ typedef struct BypassedFlowManagerThreadData_ { typedef struct BypassedCheckFuncItem_ { BypassedCheckFunc Func; + BypassedCheckFuncInit FuncInit; void *data; } BypassedCheckFuncItem; @@ -58,11 +59,22 @@ static TmEcode BypassedFlowManager(ThreadVars *th_v, void *thread_data) { #ifdef HAVE_PACKET_EBPF int tcount = 0; + int i; BypassedFlowManagerThreadData *ftd = thread_data; + struct timespec curtime = {0, 0}; + + if (clock_gettime(CLOCK_MONOTONIC, &curtime) != 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Can't get time: %s (%d)", + strerror(errno), errno); + } + for (i = 0; i < g_bypassed_func_max_index; i++) { + if (BypassedFuncList[i].FuncInit) { + BypassedFuncList[i].FuncInit(&curtime, BypassedFuncList[i].data); + } + } + while (1) { - int i; SCLogDebug("Dumping the table"); - struct timespec curtime; if (clock_gettime(CLOCK_MONOTONIC, &curtime) != 0) { SCLogWarning(SC_ERR_INVALID_VALUE, "Can't get time: %s (%d)", strerror(errno), errno); @@ -152,6 +164,7 @@ void BypassedFlowManagerThreadSpawn() } int BypassedFlowManagerRegisterCheckFunc(BypassedCheckFunc CheckFunc, + BypassedCheckFuncInit CheckFuncInit, void *data) { if (!CheckFunc) { @@ -159,6 +172,7 @@ int BypassedFlowManagerRegisterCheckFunc(BypassedCheckFunc CheckFunc, } if (g_bypassed_func_max_index < BYPASSFUNCMAX) { BypassedFuncList[g_bypassed_func_max_index].Func = CheckFunc; + BypassedFuncList[g_bypassed_func_max_index].FuncInit = CheckFuncInit; BypassedFuncList[g_bypassed_func_max_index].data = data; g_bypassed_func_max_index++; } else { diff --git a/src/flow-bypass.h b/src/flow-bypass.h index bef2d77e84..c41a95edb7 100644 --- a/src/flow-bypass.h +++ b/src/flow-bypass.h @@ -32,6 +32,7 @@ struct flows_stats { typedef int (*BypassedCheckFunc)(struct flows_stats *bypassstats, struct timespec *curtime, void *data); +typedef int (*BypassedCheckFuncInit)(struct timespec *curtime, void *data); typedef int (*BypassedUpdateFunc)(Flow *f, Packet *p, void *data); void FlowAddToBypassed(Flow *f); @@ -39,7 +40,8 @@ void FlowAddToBypassed(Flow *f); void BypassedFlowManagerThreadSpawn(void); void TmModuleBypassedFlowManagerRegister(void); -int BypassedFlowManagerRegisterCheckFunc(BypassedCheckFunc CheckFunc, void *data); +int BypassedFlowManagerRegisterCheckFunc(BypassedCheckFunc CheckFunc, + BypassedCheckFuncInit CheckFuncInit, void *data); int BypassedFlowManagerRegisterUpdateFunc(BypassedUpdateFunc UpdateFunc, void *data); void BypassedFlowUpdate(Flow *f, Packet *p); diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c index 8367928167..8c1cc9c5da 100644 --- a/src/runmode-af-packet.c +++ b/src/runmode-af-packet.c @@ -438,7 +438,9 @@ static void *ParseAFPConfig(const char *iface) aconf->iface); aconf->flags |= AFP_BYPASS; RunModeEnablesBypassManager(); - BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout, (void *) &(aconf->ebpf_t_config)); + BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout, + NULL, + (void *) &(aconf->ebpf_t_config)); BypassedFlowManagerRegisterUpdateFunc(EBPFUpdateFlow, NULL); #else SCLogError(SC_ERR_UNIMPLEMENTED, "Bypass set but eBPF support is not built-in"); @@ -477,7 +479,10 @@ static void *ParseAFPConfig(const char *iface) aconf->iface); aconf->flags |= AFP_XDPBYPASS; RunModeEnablesBypassManager(); - BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout, (void *) &(aconf->ebpf_t_config)); + /* TODO move that to get it conditional on pinned maps */ + BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout, + EBPFCheckBypassedFlowCreate, + (void *) &(aconf->ebpf_t_config)); BypassedFlowManagerRegisterUpdateFunc(EBPFUpdateFlow, NULL); } #else diff --git a/src/util-ebpf.c b/src/util-ebpf.c index ab9a2a5e16..11653c8946 100644 --- a/src/util-ebpf.c +++ b/src/util-ebpf.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2018 Open Information Security Foundation +/* Copyright (C) 2018-2019 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -661,6 +661,18 @@ static int EBPFForEachFlowV6Table(LiveDevice *dev, const char *name, return found; } + +int EBPFCheckBypassedFlowCreate(struct timespec *curtime, void *data) +{ + /* loop on v4 table */ + /* create flow key*/ + /* look for flow in hash, create entry if not found */ + + /* loop on v6*/ + + return 0; +} + /** * Flow timeout checking function * diff --git a/src/util-ebpf.h b/src/util-ebpf.h index 53ca562ac9..c66c1d9e2e 100644 --- a/src/util-ebpf.h +++ b/src/util-ebpf.h @@ -74,6 +74,7 @@ int EBPFSetupXDP(const char *iface, int fd, uint8_t flags); int EBPFCheckBypassedFlowTimeout(struct flows_stats *bypassstats, struct timespec *curtime, void *data); +int EBPFCheckBypassedFlowCreate(struct timespec *curtime, void *data); void EBPFRegisterExtension(void);