From 5e05fedc90d8547f193e9ac2b45b8ccb227078b1 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sun, 31 Oct 2021 21:47:21 +0100 Subject: [PATCH] af-packet: hide all ebpf/bypass logic behind guards Leave no runtime checks for bypass/ebpf/xdp if not compiled in. --- src/source-af-packet.c | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/src/source-af-packet.c b/src/source-af-packet.c index de7c8bfaeb..b72b5b00df 100644 --- a/src/source-af-packet.c +++ b/src/source-af-packet.c @@ -248,8 +248,10 @@ union thdr { void *raw; }; +#ifdef HAVE_PACKET_EBPF static int AFPBypassCallback(Packet *p); static int AFPXDPBypassCallback(Packet *p); +#endif #define MAX_MAPS 32 /** @@ -315,8 +317,6 @@ typedef struct AFPThreadVars_ int buffer_size; /* Filter */ const char *bpf_filter; - int ebpf_lb_fd; - int ebpf_filter_fd; int promisc; @@ -342,9 +342,10 @@ typedef struct AFPThreadVars_ unsigned int ring_buflen; uint8_t *ring_buf; - uint8_t xdp_mode; - #ifdef HAVE_PACKET_EBPF + uint8_t xdp_mode; + int ebpf_lb_fd; + int ebpf_filter_fd; struct ebpf_timeout_config ebpf_t_config; #endif @@ -673,22 +674,20 @@ static int AFPRead(AFPThreadVars *ptv) SCReturnInt(AFP_SURI_FAILURE); } PKT_SET_SRC(p, PKT_SRC_WIRE); +#ifdef HAVE_PACKET_EBPF if (ptv->flags & AFP_BYPASS) { p->BypassPacketsFlow = AFPBypassCallback; -#ifdef HAVE_PACKET_EBPF p->afp_v.v4_map_fd = ptv->v4_map_fd; p->afp_v.v6_map_fd = ptv->v6_map_fd; p->afp_v.nr_cpus = ptv->ebpf_t_config.cpus_count; -#endif } if (ptv->flags & AFP_XDPBYPASS) { p->BypassPacketsFlow = AFPXDPBypassCallback; -#ifdef HAVE_PACKET_EBPF p->afp_v.v4_map_fd = ptv->v4_map_fd; p->afp_v.v6_map_fd = ptv->v6_map_fd; p->afp_v.nr_cpus = ptv->ebpf_t_config.cpus_count; -#endif } +#endif /* get timestamp of packet via ioctl */ if (ioctl(ptv->socket, SIOCGSTAMP, &p->ts) == -1) { @@ -902,22 +901,20 @@ static inline int AFPSuriFailure(AFPThreadVars *ptv, union thdr h) static inline void AFPReadApplyBypass(const AFPThreadVars *ptv, Packet *p) { +#ifdef HAVE_PACKET_EBPF if (ptv->flags & AFP_BYPASS) { p->BypassPacketsFlow = AFPBypassCallback; -#ifdef HAVE_PACKET_EBPF p->afp_v.v4_map_fd = ptv->v4_map_fd; p->afp_v.v6_map_fd = ptv->v6_map_fd; p->afp_v.nr_cpus = ptv->ebpf_t_config.cpus_count; -#endif } if (ptv->flags & AFP_XDPBYPASS) { p->BypassPacketsFlow = AFPXDPBypassCallback; -#ifdef HAVE_PACKET_EBPF p->afp_v.v4_map_fd = ptv->v4_map_fd; p->afp_v.v6_map_fd = ptv->v6_map_fd; p->afp_v.nr_cpus = ptv->ebpf_t_config.cpus_count; -#endif } +#endif } /** \internal @@ -2395,8 +2392,6 @@ static int AFPSetFlowStorage(Packet *p, int map_fd, void *key0, void* key1, return 1; } -#endif - /** * Bypass function for AF_PACKET capture in eBPF mode * @@ -2413,7 +2408,6 @@ static int AFPSetFlowStorage(Packet *p, int map_fd, void *key0, void* key1, */ static int AFPBypassCallback(Packet *p) { -#ifdef HAVE_PACKET_EBPF SCLogDebug("Calling af_packet callback function"); /* Only bypass TCP and UDP */ if (!(PKT_IS_TCP(p) || PKT_IS_UDP(p))) { @@ -2549,7 +2543,6 @@ static int AFPBypassCallback(Packet *p) EBPFUpdateFlow(p->flow, p, NULL); return AFPSetFlowStorage(p, p->afp_v.v6_map_fd, keys[0], keys[1], AF_INET6); } -#endif return 0; } @@ -2566,7 +2559,6 @@ static int AFPBypassCallback(Packet *p) */ static int AFPXDPBypassCallback(Packet *p) { -#ifdef HAVE_PACKET_XDP SCLogDebug("Calling af_packet callback function"); /* Only bypass TCP and UDP */ if (!(PKT_IS_TCP(p) || PKT_IS_UDP(p))) { @@ -2698,14 +2690,14 @@ static int AFPXDPBypassCallback(Packet *p) } return AFPSetFlowStorage(p, p->afp_v.v6_map_fd, keys[0], keys[1], AF_INET6); } -#endif return 0; } - bool g_flowv4_ok = true; bool g_flowv6_ok = true; +#endif /* HAVE_PACKET_EBPF */ + /** * \brief Init function for ReceiveAFP. * @@ -2770,10 +2762,10 @@ TmEcode ReceiveAFPThreadInit(ThreadVars *tv, const void *initdata, void **data) if (afpconfig->bpf_filter) { ptv->bpf_filter = afpconfig->bpf_filter; } +#ifdef HAVE_PACKET_EBPF ptv->ebpf_lb_fd = afpconfig->ebpf_lb_fd; ptv->ebpf_filter_fd = afpconfig->ebpf_filter_fd; ptv->xdp_mode = afpconfig->xdp_mode; -#ifdef HAVE_PACKET_EBPF ptv->ebpf_t_config.cpus_count = UtilCpuGetNumProcessorsConfigured(); if (ptv->flags & (AFP_BYPASS|AFP_XDPBYPASS)) {