af-packet: bypass with init function

6 years ago · 880c42f11c
parent f93573ac5e
commit 880c42f11c
5 changed files with 40 additions and 6 deletions
--- a/src/flow-bypass.c
+++ b/src/flow-bypass.c
@ -40,6 +40,7 @@ typedef struct BypassedFlowManagerThreadData_ {

 typedef struct BypassedCheckFuncItem_ {
    BypassedCheckFunc Func;
+    BypassedCheckFuncInit FuncInit;
    void *data;
 } BypassedCheckFuncItem;

@ -58,11 +59,22 @@ static TmEcode BypassedFlowManager(ThreadVars *th_v, void *thread_data)
 {
 #ifdef HAVE_PACKET_EBPF
    int tcount = 0;
+    int i;
    BypassedFlowManagerThreadData *ftd = thread_data;
+    struct timespec curtime = {0, 0};
+
+    if (clock_gettime(CLOCK_MONOTONIC, &curtime) != 0) {
+        SCLogWarning(SC_ERR_INVALID_VALUE, "Can't get time: %s (%d)",
+                strerror(errno), errno);
+    }
+    for (i = 0; i < g_bypassed_func_max_index; i++) {
+        if (BypassedFuncList[i].FuncInit) {
+            BypassedFuncList[i].FuncInit(&curtime, BypassedFuncList[i].data);
+        }
+    }
+
    while (1) {
-        int i;
        SCLogDebug("Dumping the table");
-        struct timespec curtime;
        if (clock_gettime(CLOCK_MONOTONIC, &curtime) != 0) {
            SCLogWarning(SC_ERR_INVALID_VALUE, "Can't get time: %s (%d)",
                         strerror(errno), errno);
@ -152,6 +164,7 @@ void BypassedFlowManagerThreadSpawn()
 }

 int BypassedFlowManagerRegisterCheckFunc(BypassedCheckFunc CheckFunc,
+                                         BypassedCheckFuncInit CheckFuncInit,
                                         void *data)
 {
    if (!CheckFunc) {
@ -159,6 +172,7 @@ int BypassedFlowManagerRegisterCheckFunc(BypassedCheckFunc CheckFunc,
    }
    if (g_bypassed_func_max_index < BYPASSFUNCMAX) {
        BypassedFuncList[g_bypassed_func_max_index].Func = CheckFunc;
+        BypassedFuncList[g_bypassed_func_max_index].FuncInit = CheckFuncInit;
        BypassedFuncList[g_bypassed_func_max_index].data = data;
        g_bypassed_func_max_index++;
    } else {
--- a/src/flow-bypass.h
+++ b/src/flow-bypass.h
@ -32,6 +32,7 @@ struct flows_stats {

 typedef int (*BypassedCheckFunc)(struct flows_stats *bypassstats,
                                 struct timespec *curtime, void *data);
+typedef int (*BypassedCheckFuncInit)(struct timespec *curtime, void *data);
 typedef int (*BypassedUpdateFunc)(Flow *f, Packet *p, void *data);

 void FlowAddToBypassed(Flow *f);
@ -39,7 +40,8 @@ void FlowAddToBypassed(Flow *f);
 void BypassedFlowManagerThreadSpawn(void);
 void TmModuleBypassedFlowManagerRegister(void);

-int BypassedFlowManagerRegisterCheckFunc(BypassedCheckFunc CheckFunc, void *data);
+int BypassedFlowManagerRegisterCheckFunc(BypassedCheckFunc CheckFunc,
+                                         BypassedCheckFuncInit CheckFuncInit, void *data);
 int BypassedFlowManagerRegisterUpdateFunc(BypassedUpdateFunc UpdateFunc, void *data);

 void BypassedFlowUpdate(Flow *f, Packet *p);
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@ -438,7 +438,9 @@ static void *ParseAFPConfig(const char *iface)
                    aconf->iface);
            aconf->flags |= AFP_BYPASS;
            RunModeEnablesBypassManager();
-            BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout, (void *) &(aconf->ebpf_t_config));
+            BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout,
+                                                 NULL,
+                                                 (void *) &(aconf->ebpf_t_config));
            BypassedFlowManagerRegisterUpdateFunc(EBPFUpdateFlow, NULL);
 #else
            SCLogError(SC_ERR_UNIMPLEMENTED, "Bypass set but eBPF support is not built-in");
@ -477,7 +479,10 @@ static void *ParseAFPConfig(const char *iface)
                    aconf->iface);
            aconf->flags |= AFP_XDPBYPASS;
            RunModeEnablesBypassManager();
-            BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout, (void *) &(aconf->ebpf_t_config));
+            /* TODO move that to get it conditional on pinned maps */
+            BypassedFlowManagerRegisterCheckFunc(EBPFCheckBypassedFlowTimeout,
+                                                 EBPFCheckBypassedFlowCreate,
+                                                 (void *) &(aconf->ebpf_t_config));
            BypassedFlowManagerRegisterUpdateFunc(EBPFUpdateFlow, NULL);
        }
 #else
--- a/src/util-ebpf.c
+++ b/src/util-ebpf.c
@ -1,4 +1,4 @@
-/* Copyright (C) 2018 Open Information Security Foundation
+/* Copyright (C) 2018-2019 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
@ -661,6 +661,18 @@ static int EBPFForEachFlowV6Table(LiveDevice *dev, const char *name,
    return found;
 }

+
+int EBPFCheckBypassedFlowCreate(struct timespec *curtime, void *data)
+{
+    /* loop on v4 table */
+    /* create flow key*/
+    /* look for flow in hash, create entry if not found */
+
+    /* loop on v6*/
+
+    return 0;
+}
+
 /**
 * Flow timeout checking function
 *
--- a/src/util-ebpf.h
+++ b/src/util-ebpf.h
@ -74,6 +74,7 @@ int EBPFSetupXDP(const char *iface, int fd, uint8_t flags);
 int EBPFCheckBypassedFlowTimeout(struct flows_stats *bypassstats,
                                        struct timespec *curtime,
                                        void *data);
+int EBPFCheckBypassedFlowCreate(struct timespec *curtime, void *data);

 void EBPFRegisterExtension(void);