aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bypass: introduce CAPTURE_OFFLOAD

Browse Source 
This define is used to remove reference to capture bypass in case
no capture method implementing this is active.

This patch also introduces CAPTURE_OFFLOAD_MANAGER that is defined
if we need the flow bypass manager code.
pull/4122/head
Eric Leblond 6 years ago committed by Victor Julien
parent 094d28d40e
commit 53a62953e9
9 changed files with 42 additions and 5 deletions
Show Stats Download Patch File Download Diff File

7
configure.ac
Unescape Escape View File

@ -2457,6 +2457,13 @@ fi
fi fi
fi fi
if test "${enable_ebpf}" = "yes" || test "${enable_unittests}" = "yes"; then
AC_DEFINE([CAPTURE_OFFLOAD_MANAGER], [1],[Building flow bypass manager code])
fi
if test "${enable_ebpf}" = "yes" || test "${enable_nfqueue}" = "yes" || test "${enable_pfring}" = "yes" || test "${enable_unittests}" = "yes"; then
AC_DEFINE([CAPTURE_OFFLOAD], [1],[Building flow capture bypass code])
fi
AC_SUBST(CFLAGS) AC_SUBST(CFLAGS)
AC_SUBST(LDFLAGS) AC_SUBST(LDFLAGS)
AC_SUBST(CPPFLAGS) AC_SUBST(CPPFLAGS)

9
src/decode.c
Unescape Escape View File

@ -400,6 +400,7 @@ void PacketDefragPktSetupParent(Packet *parent)
void PacketBypassCallback(Packet *p) void PacketBypassCallback(Packet *p)
{ {
#ifdef CAPTURE_OFFLOAD
/* Don't try to bypass if flow is already out or /* Don't try to bypass if flow is already out or
* if we have failed to do it once */ * if we have failed to do it once */
if (p->flow) { if (p->flow) {
@ -424,6 +425,14 @@ void PacketBypassCallback(Packet *p)
FlowUpdateState(p->flow, FLOW_STATE_LOCAL_BYPASSED); FlowUpdateState(p->flow, FLOW_STATE_LOCAL_BYPASSED);
} }
} }
#else /* CAPTURE_OFFLOAD */
if (p->flow) {
int state = SC_ATOMIC_GET(p->flow->flow_state);
if (state == FLOW_STATE_LOCAL_BYPASSED)
return;
FlowUpdateState(p->flow, FLOW_STATE_LOCAL_BYPASSED);
}
#endif
} }
/** \brief switch direction of a packet */ /** \brief switch direction of a packet */

8
src/flow-bypass.c
Unescape Escape View File

@ -28,7 +28,7 @@
#include "flow-private.h" #include "flow-private.h"
#include "util-ebpf.h" #include "util-ebpf.h"
#ifndef OS_WIN32 #ifdef CAPTURE_OFFLOAD_MANAGER
#define FLOW_BYPASS_DELAY 10 #define FLOW_BYPASS_DELAY 10
@ -175,7 +175,7 @@ int BypassedFlowManagerRegisterUpdateFunc(BypassedUpdateFunc UpdateFunc,
/** \brief spawn the flow bypass manager thread */ /** \brief spawn the flow bypass manager thread */
void BypassedFlowManagerThreadSpawn() void BypassedFlowManagerThreadSpawn()
{ {
#ifndef OS_WIN32 #ifdef CAPTURE_OFFLOAD_MANAGER
#ifdef AFLFUZZ_DISABLE_MGTTHREADS #ifdef AFLFUZZ_DISABLE_MGTTHREADS
return; return;
#endif #endif
@ -198,7 +198,7 @@ void BypassedFlowManagerThreadSpawn()
void BypassedFlowUpdate(Flow *f, Packet *p) void BypassedFlowUpdate(Flow *f, Packet *p)
{ {
#ifndef OS_WIN32 #ifdef CAPTURE_OFFLOAD_MANAGER
for (int i = 0; i < g_bypassed_update_max_index; i++) { for (int i = 0; i < g_bypassed_update_max_index; i++) {
if (updatefunclist[i].Func(f, p, updatefunclist[i].data)) { if (updatefunclist[i].Func(f, p, updatefunclist[i].data)) {
return; return;
@ -209,7 +209,7 @@ void BypassedFlowUpdate(Flow *f, Packet *p)
void TmModuleBypassedFlowManagerRegister (void) void TmModuleBypassedFlowManagerRegister (void)
{ {
#ifndef OS_WIN32 #ifdef CAPTURE_OFFLOAD_MANAGER
tmm_modules[TMM_BYPASSEDFLOWMANAGER].name = "BypassedFlowManager"; tmm_modules[TMM_BYPASSEDFLOWMANAGER].name = "BypassedFlowManager";
tmm_modules[TMM_BYPASSEDFLOWMANAGER].ThreadInit = BypassedFlowManagerThreadInit; tmm_modules[TMM_BYPASSEDFLOWMANAGER].ThreadInit = BypassedFlowManagerThreadInit;
tmm_modules[TMM_BYPASSEDFLOWMANAGER].ThreadDeinit = BypassedFlowManagerThreadDeinit; tmm_modules[TMM_BYPASSEDFLOWMANAGER].ThreadDeinit = BypassedFlowManagerThreadDeinit;

2
src/flow-hash.c
Unescape Escape View File

@ -930,8 +930,10 @@ static Flow *FlowGetUsedFlow(ThreadVars *tv, DecodeThreadVars *dtv)
f->flow_end_flags |= FLOW_END_FLAG_STATE_ESTABLISHED; f->flow_end_flags |= FLOW_END_FLAG_STATE_ESTABLISHED;
else if (state == FLOW_STATE_CLOSED) else if (state == FLOW_STATE_CLOSED)
f->flow_end_flags |= FLOW_END_FLAG_STATE_CLOSED; f->flow_end_flags |= FLOW_END_FLAG_STATE_CLOSED;
#ifdef CAPTURE_OFFLOAD
else if (state == FLOW_STATE_CAPTURE_BYPASSED) else if (state == FLOW_STATE_CAPTURE_BYPASSED)
f->flow_end_flags |= FLOW_END_FLAG_STATE_BYPASSED; f->flow_end_flags |= FLOW_END_FLAG_STATE_BYPASSED;
#endif
else if (state == FLOW_STATE_LOCAL_BYPASSED) else if (state == FLOW_STATE_LOCAL_BYPASSED)
f->flow_end_flags |= FLOW_END_FLAG_STATE_BYPASSED; f->flow_end_flags |= FLOW_END_FLAG_STATE_BYPASSED;

10
src/flow-manager.c
Unescape Escape View File

@ -222,9 +222,11 @@ static inline uint32_t FlowGetFlowTimeout(const Flow *f, enum FlowState state)
case FLOW_STATE_CLOSED: case FLOW_STATE_CLOSED:
timeout = flow_timeouts[f->protomap].closed_timeout; timeout = flow_timeouts[f->protomap].closed_timeout;
break; break;
#ifdef CAPTURE_OFFLOAD
case FLOW_STATE_CAPTURE_BYPASSED: case FLOW_STATE_CAPTURE_BYPASSED:
timeout = FLOW_BYPASSED_TIMEOUT; timeout = FLOW_BYPASSED_TIMEOUT;
break; break;
#endif
case FLOW_STATE_LOCAL_BYPASSED: case FLOW_STATE_LOCAL_BYPASSED:
timeout = flow_timeouts[f->protomap].bypassed_timeout; timeout = flow_timeouts[f->protomap].bypassed_timeout;
break; break;
@ -262,6 +264,7 @@ static int FlowManagerFlowTimeout(Flow *f, enum FlowState state, struct timeval
static inline int FlowBypassedTimeout(Flow *f, struct timeval *ts, static inline int FlowBypassedTimeout(Flow *f, struct timeval *ts,
FlowTimeoutCounters *counters) FlowTimeoutCounters *counters)
{ {
#ifdef CAPTURE_OFFLOAD
if (SC_ATOMIC_GET(f->flow_state) != FLOW_STATE_CAPTURE_BYPASSED) { if (SC_ATOMIC_GET(f->flow_state) != FLOW_STATE_CAPTURE_BYPASSED) {
return 1; return 1;
} }
@ -300,6 +303,7 @@ static inline int FlowBypassedTimeout(Flow *f, struct timeval *ts,
return 1; return 1;
} }
} }
#endif /* CAPTURE_OFFLOAD */
return 1; return 1;
} }
@ -329,7 +333,9 @@ static inline int FlowManagerFlowTimedOut(Flow *f, struct timeval *ts,
int server = 0, client = 0; int server = 0, client = 0;
if (!(f->flags & FLOW_TIMEOUT_REASSEMBLY_DONE) && if (!(f->flags & FLOW_TIMEOUT_REASSEMBLY_DONE) &&
#ifdef CAPTURE_OFFLOAD
SC_ATOMIC_GET(f->flow_state) != FLOW_STATE_CAPTURE_BYPASSED && SC_ATOMIC_GET(f->flow_state) != FLOW_STATE_CAPTURE_BYPASSED &&
#endif
SC_ATOMIC_GET(f->flow_state) != FLOW_STATE_LOCAL_BYPASSED && SC_ATOMIC_GET(f->flow_state) != FLOW_STATE_LOCAL_BYPASSED &&
FlowForceReassemblyNeedReassembly(f, &server, &client) == 1) { FlowForceReassemblyNeedReassembly(f, &server, &client) == 1) {
FlowForceReassemblyForFlow(f, server, client); FlowForceReassemblyForFlow(f, server, client);
@ -417,8 +423,10 @@ static uint32_t FlowManagerHashRowTimeout(Flow *f, struct timeval *ts,
f->flow_end_flags |= FLOW_END_FLAG_STATE_CLOSED; f->flow_end_flags |= FLOW_END_FLAG_STATE_CLOSED;
else if (state == FLOW_STATE_LOCAL_BYPASSED) else if (state == FLOW_STATE_LOCAL_BYPASSED)
f->flow_end_flags |= FLOW_END_FLAG_STATE_BYPASSED; f->flow_end_flags |= FLOW_END_FLAG_STATE_BYPASSED;
#ifdef CAPTURE_OFFLOAD
else if (state == FLOW_STATE_CAPTURE_BYPASSED) else if (state == FLOW_STATE_CAPTURE_BYPASSED)
f->flow_end_flags |= FLOW_END_FLAG_STATE_BYPASSED; f->flow_end_flags |= FLOW_END_FLAG_STATE_BYPASSED;
#endif
if (emergency) if (emergency)
f->flow_end_flags |= FLOW_END_FLAG_EMERGENCY; f->flow_end_flags |= FLOW_END_FLAG_EMERGENCY;
@ -443,7 +451,9 @@ static uint32_t FlowManagerHashRowTimeout(Flow *f, struct timeval *ts,
counters->clo++; counters->clo++;
break; break;
case FLOW_STATE_LOCAL_BYPASSED: case FLOW_STATE_LOCAL_BYPASSED:
#ifdef CAPTURE_OFFLOAD
case FLOW_STATE_CAPTURE_BYPASSED: case FLOW_STATE_CAPTURE_BYPASSED:
#endif
counters->byp++; counters->byp++;
break; break;
} }

2
src/flow-worker.c
Unescape Escape View File

@ -78,10 +78,12 @@ static inline TmEcode FlowUpdate(ThreadVars *tv, FlowWorkerThreadData *fw, Packe
int state = SC_ATOMIC_GET(p->flow->flow_state); int state = SC_ATOMIC_GET(p->flow->flow_state);
switch (state) { switch (state) {
#ifdef CAPTURE_OFFLOAD
case FLOW_STATE_CAPTURE_BYPASSED: case FLOW_STATE_CAPTURE_BYPASSED:
StatsAddUI64(tv, fw->both_bypass_pkts, 1); StatsAddUI64(tv, fw->both_bypass_pkts, 1);
StatsAddUI64(tv, fw->both_bypass_bytes, GET_PKT_LEN(p)); StatsAddUI64(tv, fw->both_bypass_bytes, GET_PKT_LEN(p));
return TM_ECODE_DONE; return TM_ECODE_DONE;
#endif
case FLOW_STATE_LOCAL_BYPASSED: case FLOW_STATE_LOCAL_BYPASSED:
StatsAddUI64(tv, fw->local_bypass_pkts, 1); StatsAddUI64(tv, fw->local_bypass_pkts, 1);
StatsAddUI64(tv, fw->local_bypass_bytes, GET_PKT_LEN(p)); StatsAddUI64(tv, fw->local_bypass_bytes, GET_PKT_LEN(p));

5
src/flow.c
Unescape Escape View File

@ -399,11 +399,14 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p)
{ {
SCLogDebug("packet %"PRIu64" -- flow %p", p->pcap_cnt, f); SCLogDebug("packet %"PRIu64" -- flow %p", p->pcap_cnt, f);
#ifdef CAPTURE_OFFLOAD
int state = SC_ATOMIC_GET(f->flow_state); int state = SC_ATOMIC_GET(f->flow_state);
if (state != FLOW_STATE_CAPTURE_BYPASSED) { if (state != FLOW_STATE_CAPTURE_BYPASSED) {
#endif
/* update the last seen timestamp of this flow */ /* update the last seen timestamp of this flow */
COPY_TIMESTAMP(&p->ts, &f->lastts); COPY_TIMESTAMP(&p->ts, &f->lastts);
#ifdef CAPTURE_OFFLOAD
} else { } else {
/* still seeing packet, we downgrade to local bypass */ /* still seeing packet, we downgrade to local bypass */
if (p->ts.tv_sec - f->lastts.tv_sec > FLOW_BYPASSED_TIMEOUT / 2) { if (p->ts.tv_sec - f->lastts.tv_sec > FLOW_BYPASSED_TIMEOUT / 2) {
@ -418,7 +421,7 @@ void FlowHandlePacketUpdate(Flow *f, Packet *p)
} }
} }
} }
#endif
/* update flags and counters */ /* update flags and counters */
if (FlowGetPacketDirection(f, p) == TOSERVER) { if (FlowGetPacketDirection(f, p) == TOSERVER) {
f->todstpktcnt++; f->todstpktcnt++;

2
src/flow.h
Unescape Escape View File

@ -468,7 +468,9 @@ enum FlowState {
FLOW_STATE_ESTABLISHED, FLOW_STATE_ESTABLISHED,
FLOW_STATE_CLOSED, FLOW_STATE_CLOSED,
FLOW_STATE_LOCAL_BYPASSED, FLOW_STATE_LOCAL_BYPASSED,
#ifdef CAPTURE_OFFLOAD
FLOW_STATE_CAPTURE_BYPASSED, FLOW_STATE_CAPTURE_BYPASSED,
#endif
}; };
typedef struct FlowProtoTimeout_ { typedef struct FlowProtoTimeout_ {

2
src/output-json-flow.c
Unescape Escape View File

@ -274,10 +274,12 @@ static void JsonFlowLogJSON(JsonFlowLogThread *aft, json_t *js, Flow *f)
json_object_set_new(hjs, "bypass", json_object_set_new(hjs, "bypass",
json_string("local")); json_string("local"));
break; break;
#ifdef CAPTURE_OFFLOAD
case FLOW_STATE_CAPTURE_BYPASSED: case FLOW_STATE_CAPTURE_BYPASSED:
json_object_set_new(hjs, "bypass", json_object_set_new(hjs, "bypass",
json_string("capture")); json_string("capture"));
break; break;
#endif
default: default:
SCLogError(SC_ERR_INVALID_VALUE, SCLogError(SC_ERR_INVALID_VALUE,
"Invalid flow state: %d, contact developers", "Invalid flow state: %d, contact developers",

Write Preview
Loading…
Cancel
Save