napatech: add as plugin

Issue: 7165

configure.ac

@@ -1901,6 +1901,12 @@
         fi
     fi
 
+    if test "x$enable_napatech" = "xyes"; then
+        AM_CONDITIONAL([BUILD_NAPATECH], [true])
+    else
+        AM_CONDITIONAL([BUILD_NAPATECH], [false])
+    fi
+
   # libmaxminddb
     AC_ARG_ENABLE(geoip,
             AS_HELP_STRING([--enable-geoip],[Enable GeoIP2 support]),
@@ -2513,6 +2519,7 @@ AC_CONFIG_FILES(examples/plugins/ci-capture/Makefile)
 AC_CONFIG_FILES(examples/lib/simple/Makefile examples/lib/simple/Makefile.example)
 AC_CONFIG_FILES(plugins/Makefile)
 AC_CONFIG_FILES(plugins/pfring/Makefile)
+AC_CONFIG_FILES(plugins/napatech/Makefile)
 
 AC_OUTPUT
 

plugins/Makefile.am

@@ -3,3 +3,7 @@ SUBDIRS =
 if BUILD_PFRING
 SUBDIRS += pfring
 endif
+
+if BUILD_NAPATECH
+SUBDIRS += napatech
+endif

plugins/napatech/Makefile.am

@@ -0,0 +1,13 @@
+pkglib_LTLIBRARIES = napatech.la
+
+napatech_la_SOURCES = runmode-napatech.c source-napatech.c util-napatech.c plugin.c
+napatech_la_LDFLAGS = -module -avoid-version -shared
+napatech_la_LIBADD = -lntapi
+
+noinst_HEADERS = \
+	runmode-napatech.h \
+	source-napatech.h \
+	util-napatech.h
+
+install-exec-hook:
+	cd $(DESTDIR)$(pkglibdir) && $(RM) $(pkglib_LTLIBRARIES)

plugins/napatech/README.md

@@ -0,0 +1,34 @@
+# Napatech Plugin Capture Plugin
+
+## Building
+
+To build this plugin, configure Suricata with the `--enable-napatech` and
+optionally the `--with-napatech-includes` and
+`--with-napatech-libraries` command line options.
+
+## Running
+```
+/usr/local/suricata/bin/suricata \
+    --set plugins.0=/usr/local/lib/suricata/napatech.so \
+    --capture-plugin=napatech
+```
+
+### --set plugins.0=/usr/local/lib/suricata/napatech.so
+
+This command line option tells Suricata about this plugin. This could also
+be done in `suricata.yaml` with the following section:
+```
+plugins:
+  - /usr/local/lib/suricata/napatech.so
+```
+
+### --capture-plugin=napatech
+
+This is the option that tells Suricata to use a plugin for capture, much like
+`--pcap` tells Suricata to use libpcap or `--af-packet` tells Suricata to use
+AF_PACKET. Here we are telling it to look for a loaded plugin of the name
+`napatech` to provide the capture method.
+
+There is another command line option `--capture-plugin-args` to pass arbitrary
+data on the command line to a capture plugin, but this plugin does not yet handle
+data provided through this command line parameter.

plugins/napatech/plugin.c

@@ -0,0 +1,56 @@
+/* Copyright (C) 2020-2024 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+#include "suricata-common.h"
+#include "suricata-plugin.h"
+
+#include "decode.h"
+#include "source-napatech.h"
+#include "runmode-napatech.h"
+#include "util-device.h"
+
+void InitCapturePlugin(const char *args, int plugin_slot, int receive_slot, int decode_slot)
+{
+    LiveBuildDeviceList("plugin");
+    RunModeNapatechRegister(plugin_slot);
+    TmModuleReceiveNapatechRegister(receive_slot);
+    TmModuleDecodeNapatechRegister(decode_slot);
+}
+
+void SCPluginInit(void)
+{
+    SCCapturePlugin *plugin = SCCalloc(1, sizeof(SCCapturePlugin));
+    if (plugin == NULL) {
+        FatalError("Failed to allocate memory for capture plugin");
+    }
+    plugin->name = "napatech";
+    plugin->Init = InitCapturePlugin;
+    plugin->GetDefaultMode = RunModeNapatechGetDefaultMode;
+    SCPluginRegisterCapture(plugin);
+}
+
+const SCPlugin PluginRegistration = {
+    .name = "napatech",
+    .author = "Open Information Security Foundation",
+    .license = "GPLv2",
+    .Init = SCPluginInit,
+};
+
+const SCPlugin *SCPluginRegister()
+{
+    return &PluginRegistration;
+}

plugins/napatech/runmode-napatech.c

@@ -0,0 +1,259 @@
+/* Copyright (C) 2012-2017 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ *  \author nPulse Technologies, LLC.
+ *  \author Matt Keeler <mk@npulsetech.com>
+ */
+
+#include "suricata-common.h"
+#include "suricata-plugin.h"
+
+#include "tm-threads.h"
+
+#include "runmode-napatech.h"
+#include "source-napatech.h" // need NapatechStreamDevConf structure
+#include "util-napatech.h"
+
+#include "conf.h"
+#include "runmodes.h"
+#include "util-debug.h"
+#include "util-time.h"
+#include "util-cpu.h"
+#include "util-byte.h"
+#include "util-affinity.h"
+#include "util-runmodes.h"
+#include "util-device.h"
+
+static const char *default_mode = "workers";
+
+#define NT_RUNMODE_WORKERS 1
+
+#define MAX_STREAMS 256
+static uint16_t num_configured_streams = 0;
+static uint16_t first_stream = 0xffff;
+static uint16_t last_stream = 0xffff;
+static int auto_config = 0;
+static int use_hw_bypass = 0;
+
+uint16_t NapatechGetNumConfiguredStreams(void)
+{
+    return num_configured_streams;
+}
+
+uint16_t NapatechGetNumFirstStream(void)
+{
+    return first_stream;
+}
+
+uint16_t NapatechGetNumLastStream(void)
+{
+    return last_stream;
+}
+
+bool NapatechIsAutoConfigEnabled(void)
+{
+    return (auto_config != 0);
+}
+
+bool NapatechUseHWBypass(void)
+{
+    return (use_hw_bypass != 0);
+}
+
+const char *RunModeNapatechGetDefaultMode(void)
+{
+    return default_mode;
+}
+
+void RunModeNapatechRegister(int slot)
+{
+    RunModeRegisterNewRunMode(slot, "workers",
+            "Workers Napatech mode, each thread does all"
+            " tasks from acquisition to logging",
+            RunModeNapatechWorkers, NULL);
+    return;
+}
+
+static int NapatechRegisterDeviceStreams(void)
+{
+    /* Display the configuration mode */
+    int use_all_streams;
+
+    if (ConfGetBool("napatech.use-all-streams", &use_all_streams) == 0) {
+        SCLogInfo("Could not find napatech.use-all-streams in config file.  Defaulting to \"no\".");
+        use_all_streams = 0;
+    }
+
+    if (ConfGetBool("napatech.auto-config", &auto_config) == 0) {
+        SCLogInfo("napatech.auto-config not found in config file.  Defaulting to disabled.");
+    }
+
+    if (ConfGetBool("napatech.hardware-bypass", &use_hw_bypass) == 0) {
+        SCLogInfo("napatech.hardware-bypass not found in config file.  Defaulting to disabled.");
+    }
+
+    /* use_all_streams uses existing streams created prior to starting Suricata.  auto_config
+     * automatically creates streams.  Therefore, these two options are mutually exclusive.
+     */
+    if (use_all_streams && auto_config) {
+        FatalError("napatech.auto-config cannot be used in configuration file at the same time as "
+                   "napatech.use-all-streams.");
+    }
+
+    /* to use hardware_bypass we need to configure the streams to be consistent.
+     * with the rest of the configuration.  Therefore auto_config is not a valid
+     * option.
+     */
+    if (use_hw_bypass && auto_config == 0) {
+        FatalError("napatech auto-config must be enabled when using napatech.use_hw_bypass.");
+    }
+
+    /* Get the stream ID's either from the conf or by querying Napatech */
+    NapatechStreamConfig stream_config[MAX_STREAMS];
+
+    uint16_t stream_cnt = NapatechGetStreamConfig(stream_config);
+    num_configured_streams = stream_cnt;
+    SCLogDebug("Configuring %d Napatech Streams...", stream_cnt);
+
+    for (uint16_t inst = 0; inst < stream_cnt; ++inst) {
+        char *plive_dev_buf = SCCalloc(1, 9);
+        if (unlikely(plive_dev_buf == NULL)) {
+            FatalError("Failed to allocate memory for NAPATECH stream counter.");
+        }
+        snprintf(plive_dev_buf, 9, "nt%d", stream_config[inst].stream_id);
+
+        if (auto_config) {
+            if (stream_config[inst].is_active) {
+                SCLogError("Registering Napatech device: %s - active stream found.", plive_dev_buf);
+                SCLogError(
+                        "run /opt/napatech3/bin/ntpl -e \"delete=all\" to delete existing stream");
+                FatalError("or disable auto-config in the conf file before running.");
+            }
+        } else {
+            SCLogInfo("Registering Napatech device: %s - active stream%sfound.", plive_dev_buf,
+                    stream_config[inst].is_active ? " " : " NOT ");
+        }
+        LiveRegisterDevice(plive_dev_buf);
+
+        if (first_stream == 0xffff) {
+            first_stream = stream_config[inst].stream_id;
+        }
+        last_stream = stream_config[inst].stream_id;
+    }
+
+    /* Napatech stats come from a separate thread.  This will suppress
+     * the counters when suricata exits.
+     */
+    LiveDeviceHasNoStats();
+    return 0;
+}
+
+static void *NapatechConfigParser(const char *device)
+{
+    /* Expect device to be of the form nt%d where %d is the stream id to use */
+    int dev_len = strlen(device);
+    if (dev_len < 3 || dev_len > 5) {
+        SCLogError("Could not parse config for device: %s - invalid length", device);
+        return NULL;
+    }
+
+    struct NapatechStreamDevConf *conf = SCCalloc(1, sizeof(struct NapatechStreamDevConf));
+    if (unlikely(conf == NULL)) {
+        SCLogError("Failed to allocate memory for NAPATECH device name.");
+        return NULL;
+    }
+
+    /* device+2 is a pointer to the beginning of the stream id after the constant nt portion */
+    if (StringParseUint16(&conf->stream_id, 10, 0, device + 2) < 0) {
+        SCLogError("Invalid value for stream_id: %s", device + 2);
+        SCFree(conf);
+        return NULL;
+    }
+
+    return (void *)conf;
+}
+
+static int NapatechGetThreadsCount(void *conf __attribute__((unused)))
+{
+    /* No matter which live device it is there is no reason to ever use more than 1 thread
+       2 or more thread would cause packet duplication */
+    return 1;
+}
+
+static int NapatechInit(int runmode)
+{
+    int status;
+
+    TimeModeSetLive();
+
+    /* Initialize the API and check version compatibility */
+    if ((status = NT_Init(NTAPI_VERSION)) != NT_SUCCESS) {
+        NAPATECH_ERROR(status);
+        exit(EXIT_FAILURE);
+    }
+
+    status = NapatechRegisterDeviceStreams();
+    if (status < 0 || num_configured_streams <= 0) {
+        FatalError("Unable to find existing Napatech Streams");
+    }
+
+    struct NapatechStreamDevConf *conf = SCCalloc(1, sizeof(struct NapatechStreamDevConf));
+    if (unlikely(conf == NULL)) {
+        FatalError("Failed to allocate memory for NAPATECH device.");
+    }
+
+    if (use_hw_bypass) {
+#ifdef NAPATECH_ENABLE_BYPASS
+        if (NapatechVerifyBypassSupport()) {
+            SCLogInfo("Napatech Hardware Bypass is supported and enabled.");
+        } else {
+            FatalError("Napatech Hardware Bypass requested in conf but is not supported by the "
+                       "hardware.");
+        }
+#else
+        FatalError(
+                "Napatech Hardware Bypass requested in conf but is not enabled by the software.");
+#endif
+    } else {
+        SCLogInfo("Hardware Bypass is disabled in the conf file.");
+    }
+
+    /* Start a thread to process the statistics */
+    NapatechStartStats();
+
+    switch (runmode) {
+        case NT_RUNMODE_WORKERS:
+            status = RunModeSetLiveCaptureWorkers(NapatechConfigParser, NapatechGetThreadsCount,
+                    "NapatechStream", "NapatechDecode", thread_name_workers, NULL);
+            break;
+        default:
+            status = -1;
+    }
+
+    if (status != 0) {
+        FatalError("Runmode start failed");
+    }
+    return 0;
+}
+
+int RunModeNapatechWorkers(void)
+{
+    return NapatechInit(NT_RUNMODE_WORKERS);
+}

plugins/napatech/runmode-napatech.h

@@ -0,0 +1,40 @@
+/* Copyright (C) 2012-2017 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ *  \file
+ *
+ *  \autor nPulse Technologies, LLC.
+ *  \author Matt Keeler <mk@npulsetech.com>
+ */
+
+#ifndef SURICATA_RUNMODE_NAPATECH_H
+#define SURICATA_RUNMODE_NAPATECH_H
+
+#include <nt.h>
+
+int RunModeNapatechWorkers(void);
+void RunModeNapatechRegister(int slot);
+const char *RunModeNapatechGetDefaultMode(void);
+
+uint16_t NapatechGetNumConfiguredStreams(void);
+uint16_t NapatechGetNumFirstStream(void);
+uint16_t NapatechGetNumLastStream(void);
+bool NapatechIsAutoConfigEnabled(void);
+bool NapatechUseHWBypass(void);
+
+#endif /* SURICATA_RUNMODE_NAPATECH_H */

plugins/napatech/source-napatech.h

@@ -0,0 +1,41 @@
+/* Copyright (C) 2012-2017 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author nPulse Technologies, LLC.
+ * \author Matt Keeler <mk@npulsetech.com>
+ */
+#ifndef SURICATA_SOURCE_NAPATECH_H
+#define SURICATA_SOURCE_NAPATECH_H
+
+void TmModuleReceiveNapatechRegister(int slot);
+void TmModuleDecodeNapatechRegister(int slot);
+
+TmEcode NapatechStreamThreadDeinit(ThreadVars *tv, void *data);
+
+#include <nt.h>
+
+struct NapatechStreamDevConf {
+    uint16_t stream_id;
+};
+
+int NapatechSetPortmap(int port, int peer);
+int NapatechGetAdapter(uint8_t port);
+
+#endif /* SURICATA_SOURCE_NAPATECH_H */

plugins/napatech/util-napatech.h

@@ -0,0 +1,115 @@
+/* Copyright (C) 2017 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+/**
+ * \file
+ *
+ * \author Phil Young <py@napatech.com>
+ *
+ */
+#ifndef SURICATA_UTIL_NAPATECH_H
+#define SURICATA_UTIL_NAPATECH_H
+
+#include <nt.h>
+
+typedef struct NapatechPacketVars_ {
+    uint64_t stream_id;
+    NtNetBuf_t nt_packet_buf;
+    NtNetStreamRx_t rx_stream;
+    NtFlowStream_t flow_stream;
+    ThreadVars *tv;
+#ifdef NAPATECH_ENABLE_BYPASS
+    NtDyn3Descr_t *dyn3;
+    int bypass;
+#endif
+} NapatechPacketVars;
+
+typedef struct NapatechStreamConfig_ {
+    uint8_t stream_id;
+    bool is_active;
+    bool initialized;
+} NapatechStreamConfig;
+
+typedef struct NapatechCurrentStats_ {
+    uint64_t current_packets;
+    uint64_t current_bytes;
+    uint64_t current_drop_packets;
+    uint64_t current_drop_bytes;
+} NapatechCurrentStats;
+
+#define MAX_HOSTBUFFERS 8
+#define MAX_STREAMS     256
+#define MAX_PORTS       80
+#define MAX_ADAPTERS    8
+#define HB_HIGHWATER    2048 // 1982
+
+extern void NapatechStartStats(void);
+
+#define NAPATECH_ERROR(status)                                                                     \
+    {                                                                                              \
+        char errorBuffer[1024];                                                                    \
+        NT_ExplainError((status), errorBuffer, sizeof(errorBuffer) - 1);                           \
+        SCLogError("Napatech Error: %s", errorBuffer);                                             \
+    }
+
+#define NAPATECH_NTPL_ERROR(ntpl_cmd, ntpl_info, status)                                           \
+    {                                                                                              \
+        char errorBuffer[1024];                                                                    \
+        NT_ExplainError(status, errorBuffer, sizeof(errorBuffer) - 1);                             \
+        SCLogError("     NTPL failed: %s", errorBuffer);                                           \
+        SCLogError("         cmd: %s", ntpl_cmd);                                                  \
+        if (strncmp(ntpl_info.u.errorData.errBuffer[0], "", 256) != 0)                             \
+            SCLogError("         %s", ntpl_info.u.errorData.errBuffer[0]);                         \
+        if (strncmp(ntpl_info.u.errorData.errBuffer[1], "", 256) != 0)                             \
+            SCLogError("         %s", ntpl_info.u.errorData.errBuffer[1]);                         \
+        if (strncmp(ntpl_info.u.errorData.errBuffer[2], "", 256) != 0)                             \
+            SCLogError("         %s", ntpl_info.u.errorData.errBuffer[2]);                         \
+    }
+
+// #define ENABLE_NT_DEBUG
+#ifdef ENABLE_NT_DEBUG
+void NapatechPrintIP(uint32_t address);
+
+#define NAPATECH_DEBUG(...) printf(__VA_ARGS__)
+#define NAPATECH_PRINTIP(a) NapatechPrintIP(uint32_t address)
+#else
+#define NAPATECH_DEBUG(...)
+#define NAPATECH_PRINTIP(a)
+#endif
+
+NapatechCurrentStats NapatechGetCurrentStats(uint16_t id);
+int NapatechGetStreamConfig(NapatechStreamConfig stream_config[]);
+bool NapatechSetupNuma(uint32_t stream, uint32_t numa);
+uint32_t NapatechSetupTraffic(uint32_t first_stream, uint32_t last_stream);
+uint32_t NapatechDeleteFilters(void);
+
+#ifdef NAPATECH_ENABLE_BYPASS
+
+/* */
+#define NAPATECH_KEYTYPE_IPV4      3
+#define NAPATECH_KEYTYPE_IPV4_SPAN 4
+#define NAPATECH_KEYTYPE_IPV6      5
+#define NAPATECH_KEYTYPE_IPV6_SPAN 6
+#define NAPATECH_FLOWTYPE_DROP     7
+#define NAPATECH_FLOWTYPE_PASS     8
+
+int NapatechVerifyBypassSupport(void);
+int NapatechGetNumAdapters(void);
+
+int NapatechIsBypassSupported(void);
+
+#endif /* NAPATECH_ENABLE_BYPASS */
+#endif /* SURICATA_UTIL_NAPATECH_H */