aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

af-packet: cleaning and hole hunting

Browse Source 
Reorder fields in AFPThreadVars and suppress some that were not
used elsewhere than in the initialization.
pull/2091/head
Eric Leblond 10 years ago committed by Victor Julien
parent bae1b03cf5
commit 9500d12c9f
2 changed files with 48 additions and 42 deletions
Show Stats Download Patch File Download Diff File

87
src/source-af-packet.c
Unescape Escape View File

@ -188,64 +188,68 @@ union thdr {
*/
typedef struct AFPThreadVars_
{
/* thread specific socket */
int socket;
/* handle state */
unsigned char afp_state;
/* data link type for the thread */
int datalink;
int cooked;
/* counters */
uint64_t pkts;
uint64_t bytes;
uint64_t errs;
ThreadVars *tv;
TmSlot *slot;
LiveDevice *livedev;
/* data link type for the thread */
int datalink;
int flags;
unsigned int frame_offset;
ChecksumValidationMode checksum_mode;
uint16_t capture_kernel_packets;
uint16_t capture_kernel_drops;
/* handle state */
uint8_t afp_state;
uint8_t copy_mode;
struct iovec *rd;
char *frame_buf;
/* IPS peer */
AFPPeer *mpeer;
/* no mmap mode */
uint8_t *data; /** Per function and thread data */
int datalen; /** Length of per function and thread data */
int cooked;
int vlan_disabled;
char iface[AFP_IFACE_NAME_LENGTH];
LiveDevice *livedev;
int down_count;
/*
* Init related members
*/
/* thread specific socket */
int socket;
/* Filter */
char *bpf_filter;
/* socket buffer size */
int buffer_size;
int ring_size;
int promisc;
ChecksumValidationMode checksum_mode;
/* IPS stuff */
char out_iface[AFP_IFACE_NAME_LENGTH];
AFPPeer *mpeer;
int down_count;
int flags;
uint16_t capture_kernel_packets;
uint16_t capture_kernel_drops;
char iface[AFP_IFACE_NAME_LENGTH];
/* IPS output iface */
char out_iface[AFP_IFACE_NAME_LENGTH];
int cluster_id;
int cluster_type;
int threads;
int copy_mode;
struct tpacket_req req;
struct tpacket_req3 req3;
unsigned int tp_hdrlen;
unsigned int ring_buflen;
char *ring_buf;
char *frame_buf;
struct iovec *rd;
unsigned int frame_offset;
int ring_size;
} AFPThreadVars;
@ -813,7 +817,7 @@ int AFPReadFromRing(AFPThreadVars *ptv)
}
/* get vlan id from header */
if ((!ptv->vlan_disabled) &&
if ((!(ptv->flags & AFP_VLAN_DISABLED)) &&
(h.h2->tp_status & TP_STATUS_VLAN_VALID || h.h2->tp_vlan_tci)) {
p->vlan_id[0] = h.h2->tp_vlan_tci & 0x0fff;
p->vlan_idx = 1;
@ -1583,6 +1587,8 @@ static int AFPCreateSocket(AFPThreadVars *ptv, char *devname, int verbose)
int order;
unsigned int i;
int if_idx;
unsigned int ring_buflen;
uint8_t * ring_buf;
/* open socket */
ptv->socket = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
@ -1719,7 +1725,6 @@ static int AFPCreateSocket(AFPThreadVars *ptv, char *devname, int verbose)
SCLogError(SC_ERR_AFP_CREATE, "Error when retrieving packet header len");
goto socket_err;
}
ptv->tp_hdrlen = val;
if (ptv->flags & AFP_TPACKET_V3) {
val = TPACKET_V3;
@ -1778,13 +1783,13 @@ static int AFPCreateSocket(AFPThreadVars *ptv, char *devname, int verbose)
/* Allocate the Ring */
if (ptv->flags & AFP_TPACKET_V3) {
ptv->ring_buflen = ptv->req3.tp_block_nr * ptv->req3.tp_block_size;
ring_buflen = ptv->req3.tp_block_nr * ptv->req3.tp_block_size;
} else {
ptv->ring_buflen = ptv->req.tp_block_nr * ptv->req.tp_block_size;
ring_buflen = ptv->req.tp_block_nr * ptv->req.tp_block_size;
}
ptv->ring_buf = mmap(0, ptv->ring_buflen, PROT_READ|PROT_WRITE,
ring_buf = mmap(0, ring_buflen, PROT_READ|PROT_WRITE,
MAP_SHARED, ptv->socket, 0);
if (ptv->ring_buf == MAP_FAILED) {
if (ring_buf == MAP_FAILED) {
SCLogError(SC_ERR_MEM_ALLOC, "Unable to mmap");
goto socket_err;
}
@ -1795,7 +1800,7 @@ static int AFPCreateSocket(AFPThreadVars *ptv, char *devname, int verbose)
goto mmap_err;
}
for (i = 0; i < ptv->req3.tp_block_nr; ++i) {
ptv->rd[i].iov_base = ptv->ring_buf + (i * ptv->req3.tp_block_size);
ptv->rd[i].iov_base = ring_buf + (i * ptv->req3.tp_block_size);
ptv->rd[i].iov_len = ptv->req3.tp_block_size;
}
} else {
@ -1809,7 +1814,7 @@ static int AFPCreateSocket(AFPThreadVars *ptv, char *devname, int verbose)
/* fill the header ring with proper frame ptr*/
ptv->frame_offset = 0;
for (i = 0; i < ptv->req.tp_block_nr; ++i) {
void *base = &ptv->ring_buf[i * ptv->req.tp_block_size];
void *base = &ring_buf[i * ptv->req.tp_block_size];
unsigned int j;
for (j = 0; j < ptv->req.tp_block_size / ptv->req.tp_frame_size; ++j, ++ptv->frame_offset) {
(((union thdr **)ptv->frame_buf)[ptv->frame_offset]) = base;
@ -2008,14 +2013,14 @@ TmEcode ReceiveAFPThreadInit(ThreadVars *tv, void *initdata, void **data)
* the capture phase */
int vlanbool = 0;
if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
ptv->vlan_disabled = 1;
ptv->flags |= AFP_VLAN_DISABLED;
}
/* If kernel is older than 3.0, VLAN is not stripped so we don't
* get the info from packet extended header but we will use a standard
* parsing of packet data (See Linux commit bcc6d47903612c3861201cc3a866fb604f26b8b2) */
if (! SCKernelVersionIsAtLeast(3, 0)) {
ptv->vlan_disabled = 1;
ptv->flags |= AFP_VLAN_DISABLED;
}
SCReturnInt(TM_ECODE_OK);

3
src/source-af-packet.h
Unescape Escape View File

@ -49,6 +49,7 @@
#define AFP_SOCK_PROTECT (1<<2)
#define AFP_EMERGENCY_MODE (1<<3)
#define AFP_TPACKET_V3 (1<<4)
#define AFP_VLAN_DISABLED (1<<5)
#define AFP_COPY_MODE_NONE 0
#define AFP_COPY_MODE_TAP 1
@ -108,12 +109,12 @@ typedef struct AFPPeer_ {
typedef struct AFPPacketVars_
{
void *relptr;
int copy_mode;
AFPPeer *peer; /**< Sending peer for IPS/TAP mode */
/** Pointer to ::AFPPeer used for capture. Field is used to be able
* to do reference counting.
*/
AFPPeer *mpeer;
uint8_t copy_mode;
} AFPPacketVars;
#define AFPV_CLEANUP(afpv) do { \

Write Preview
Loading…
Cancel
Save