suricata
Modules | Files | Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
AF_PACKET running mode
Collaboration diagram for AF_PACKET running mode:

Modules

 AFP peers list
 

Files

file  runmode-af-packet.c
 
file  source-af-packet.c
 
file  util-ebpf.c
 

Data Structures

union  thdr
 
struct  AFPThreadVars_
 Structure to hold thread specific variables. More...
 

Macros

#define SC_PCAP_DONT_INCLUDE_PCAP_H   1
 
#define AFP_IFACE_NAME_LENGTH   48
 
#define AFP_STATE_DOWN   0
 
#define AFP_STATE_UP   1
 
#define AFP_RECONNECT_TIMEOUT   500000
 
#define AFP_DOWN_COUNTER_INTERVAL   40
 
#define POLL_TIMEOUT   100
 
#define TP_STATUS_KERNEL   0
 
#define TP_STATUS_USER   BIT_U32(0)
 
#define TP_STATUS_COPY   BIT_U32(1)
 
#define TP_STATUS_LOSING   BIT_U32(2)
 
#define TP_STATUS_CSUMNOTREADY   BIT_U32(3)
 
#define TP_STATUS_VLAN_VALID   BIT_U32(4)
 
#define TP_STATUS_BLK_TMO   BIT_U32(5)
 
#define TP_STATUS_VLAN_TPID_VALID   BIT_U32(6)
 
#define TP_STATUS_CSUM_VALID   BIT_U32(7)
 
#define TP_STATUS_TS_SOFTWARE   BIT_U32(29)
 
#define TP_STATUS_TS_SYS_HARDWARE   BIT_U32(30) /* kernel comment says: "deprecated, never set" */
 
#define TP_STATUS_TS_RAW_HARDWARE   BIT_U32(31)
 
#define TP_STATUS_USER_BUSY
 
#define FRAME_BUSY(tp_status)    (((uint32_t)(tp_status) & (uint32_t)TP_STATUS_USER_BUSY) == (uint32_t)TP_STATUS_USER_BUSY)
 

Typedefs

typedef struct AFPThreadVars_ AFPThreadVars
 Structure to hold thread specific variables.
 

Enumerations

enum  { AFP_READ_OK , AFP_READ_FAILURE , AFP_SURI_FAILURE , AFP_KERNEL_DROP }
 
enum  { AFP_FATAL_ERROR = 1 , AFP_RECOVERABLE_ERROR }
 

Functions

void TmModuleReceiveAFPRegister (void)
 Registration Function for RecieveAFP.
 
void TmModuleDecodeAFPRegister (void)
 Registration Function for DecodeAFP.
 
int AFPGetLinkType (const char *ifname)
 
int AFPIsFanoutSupported (uint16_t cluster_id)
 test if we can use FANOUT. Older kernels like those in CentOS6 have HAVE_PACKET_FANOUT defined but fail to work
 

Variables

uint32_t max_pending_packets
 

Detailed Description

Macro Definition Documentation

◆ AFP_DOWN_COUNTER_INTERVAL

#define AFP_DOWN_COUNTER_INTERVAL   40

Definition at line 172 of file source-af-packet.c.

◆ AFP_IFACE_NAME_LENGTH

#define AFP_IFACE_NAME_LENGTH   48

Definition at line 166 of file source-af-packet.c.

◆ AFP_RECONNECT_TIMEOUT

#define AFP_RECONNECT_TIMEOUT   500000

Definition at line 171 of file source-af-packet.c.

◆ AFP_STATE_DOWN

#define AFP_STATE_DOWN   0

Definition at line 168 of file source-af-packet.c.

◆ AFP_STATE_UP

#define AFP_STATE_UP   1

Definition at line 169 of file source-af-packet.c.

◆ FRAME_BUSY

#define FRAME_BUSY (   tp_status)     (((uint32_t)(tp_status) & (uint32_t)TP_STATUS_USER_BUSY) == (uint32_t)TP_STATUS_USER_BUSY)

Definition at line 231 of file source-af-packet.c.

◆ POLL_TIMEOUT

#define POLL_TIMEOUT   100

Definition at line 174 of file source-af-packet.c.

◆ SC_PCAP_DONT_INCLUDE_PCAP_H

#define SC_PCAP_DONT_INCLUDE_PCAP_H   1

Definition at line 33 of file source-af-packet.c.

◆ TP_STATUS_BLK_TMO

#define TP_STATUS_BLK_TMO   BIT_U32(5)

Definition at line 196 of file source-af-packet.c.

◆ TP_STATUS_COPY

#define TP_STATUS_COPY   BIT_U32(1)

Definition at line 184 of file source-af-packet.c.

◆ TP_STATUS_CSUM_VALID

#define TP_STATUS_CSUM_VALID   BIT_U32(7)

Definition at line 202 of file source-af-packet.c.

◆ TP_STATUS_CSUMNOTREADY

#define TP_STATUS_CSUMNOTREADY   BIT_U32(3)

Definition at line 190 of file source-af-packet.c.

◆ TP_STATUS_KERNEL

#define TP_STATUS_KERNEL   0

Definition at line 178 of file source-af-packet.c.

◆ TP_STATUS_LOSING

#define TP_STATUS_LOSING   BIT_U32(2)

Definition at line 187 of file source-af-packet.c.

◆ TP_STATUS_TS_RAW_HARDWARE

#define TP_STATUS_TS_RAW_HARDWARE   BIT_U32(31)

Definition at line 212 of file source-af-packet.c.

◆ TP_STATUS_TS_SOFTWARE

#define TP_STATUS_TS_SOFTWARE   BIT_U32(29)

Definition at line 206 of file source-af-packet.c.

◆ TP_STATUS_TS_SYS_HARDWARE

#define TP_STATUS_TS_SYS_HARDWARE   BIT_U32(30) /* kernel comment says: "deprecated, never set" */

Definition at line 209 of file source-af-packet.c.

◆ TP_STATUS_USER

#define TP_STATUS_USER   BIT_U32(0)

Definition at line 181 of file source-af-packet.c.

◆ TP_STATUS_USER_BUSY

#define TP_STATUS_USER_BUSY
Value:
(uint32_t)((uint32_t)TP_STATUS_TS_SOFTWARE | (uint32_t)TP_STATUS_TS_SYS_HARDWARE | \
(uint32_t)TP_STATUS_TS_RAW_HARDWARE)
TP_STATUS_TS_SYS_HARDWARE
#define TP_STATUS_TS_SYS_HARDWARE
Definition source-af-packet.c:209
TP_STATUS_TS_SOFTWARE
#define TP_STATUS_TS_SOFTWARE
Definition source-af-packet.c:206
TP_STATUS_TS_RAW_HARDWARE
#define TP_STATUS_TS_RAW_HARDWARE
Definition source-af-packet.c:212

Definition at line 227 of file source-af-packet.c.

◆ TP_STATUS_VLAN_TPID_VALID

#define TP_STATUS_VLAN_TPID_VALID   BIT_U32(6)

Definition at line 199 of file source-af-packet.c.

◆ TP_STATUS_VLAN_VALID

#define TP_STATUS_VLAN_VALID   BIT_U32(4)

Definition at line 193 of file source-af-packet.c.

Typedef Documentation

◆ AFPThreadVars

typedef struct AFPThreadVars_ AFPThreadVars

Structure to hold thread specific variables.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum
Enumerator
AFP_READ_OK 
AFP_READ_FAILURE 
AFP_SURI_FAILURE 

Error during treatment by other functions of Suricata

AFP_KERNEL_DROP 

Definition at line 234 of file source-af-packet.c.

◆ anonymous enum

anonymous enum
Enumerator
AFP_FATAL_ERROR 
AFP_RECOVERABLE_ERROR 

Definition at line 242 of file source-af-packet.c.

Function Documentation

◆ AFPGetLinkType()

int AFPGetLinkType ( const char *  ifname)

Definition at line 1523 of file source-af-packet.c.

References DatalinkSetGlobalType(), LINKTYPE_RAW, and SCLogError.

Here is the call graph for this function:

◆ AFPIsFanoutSupported()

int AFPIsFanoutSupported ( uint16_t  cluster_id)

test if we can use FANOUT. Older kernels like those in CentOS6 have HAVE_PACKET_FANOUT defined but fail to work

Definition at line 1877 of file source-af-packet.c.

References PACKET_FANOUT, PACKET_FANOUT_FLAG_DEFRAG, PACKET_FANOUT_HASH, and SCLogError.

◆ TmModuleDecodeAFPRegister()

void TmModuleDecodeAFPRegister ( void  )

Registration Function for DecodeAFP.

Todo:
Unit tests are needed for this module.

Definition at line 599 of file source-af-packet.c.

References TmModule_::cap_flags, TmModule_::flags, TmModule_::Func, TmModule_::name, TmModule_::ThreadDeinit, TmModule_::ThreadExitPrintStats, TmModule_::ThreadInit, TM_FLAG_DECODE_TM, TMM_DECODEAFP, and tmm_modules.

Referenced by RegisterAllModules().

Here is the caller graph for this function:

◆ TmModuleReceiveAFPRegister()

void TmModuleReceiveAFPRegister ( void  )

Registration Function for RecieveAFP.

Todo:
Unit tests are needed for this module.

Definition at line 381 of file source-af-packet.c.

References TmModule_::cap_flags, TmModule_::flags, TmModule_::Func, TmModule_::name, TmModule_::PktAcqBreakLoop, TmModule_::PktAcqLoop, SC_CAP_NET_RAW, TmModule_::ThreadDeinit, TmModule_::ThreadExitPrintStats, TmModule_::ThreadInit, TM_FLAG_RECEIVE_TM, tmm_modules, and TMM_RECEIVEAFP.

Referenced by RegisterAllModules().

Here is the caller graph for this function:

Variable Documentation

◆ max_pending_packets

uint32_t max_pending_packets
extern

Maximum packets to simultaneously process.

Definition at line 183 of file suricata.c.