From 6002f63a37abaed62b0aa641179597112642c045 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Sun, 17 Aug 2025 21:39:49 -0700 Subject: [PATCH] af_packet: Remove submodule, adapt CMake/code for Zeek build --- .gitmodules | 3 -- CMakeLists.txt | 13 +----- auxil/zeek-af_packet-plugin | 1 - scripts/base/init-bare.zeek | 25 +++++++++++ src/iosource/CMakeLists.txt | 1 + src/iosource/af_packet/{src => }/AF_Packet.cc | 42 +++++-------------- src/iosource/af_packet/{src => }/AF_Packet.h | 7 ++-- src/iosource/af_packet/CMakeLists.txt | 28 ++----------- src/iosource/af_packet/Plugin.cc | 27 ++++++++++++ src/iosource/af_packet/{src => }/RX_Ring.cc | 27 ++++++------ src/iosource/af_packet/{src => }/RX_Ring.h | 7 +++- src/iosource/af_packet/af_packet.bif | 16 +++++++ src/iosource/af_packet/scripts/__load__.zeek | 5 --- .../af_packet/scripts/af_packet/__load__.zeek | 1 - src/iosource/af_packet/scripts/init.zeek | 28 ------------- src/iosource/af_packet/src/Plugin.cc | 27 ------------ src/iosource/af_packet/src/Plugin.h | 17 -------- src/iosource/af_packet/src/af_packet.bif | 35 ---------------- src/types.bif | 22 ++++++++++ 19 files changed, 128 insertions(+), 204 deletions(-) delete mode 160000 auxil/zeek-af_packet-plugin rename src/iosource/af_packet/{src => }/AF_Packet.cc (88%) rename src/iosource/af_packet/{src => }/AF_Packet.h (94%) create mode 100644 src/iosource/af_packet/Plugin.cc rename src/iosource/af_packet/{src => }/RX_Ring.cc (80%) rename src/iosource/af_packet/{src => }/RX_Ring.h (85%) create mode 100644 src/iosource/af_packet/af_packet.bif delete mode 100644 src/iosource/af_packet/scripts/__load__.zeek delete mode 100644 src/iosource/af_packet/scripts/af_packet/__load__.zeek delete mode 100644 src/iosource/af_packet/scripts/init.zeek delete mode 100644 src/iosource/af_packet/src/Plugin.cc delete mode 100644 src/iosource/af_packet/src/Plugin.h delete mode 100644 src/iosource/af_packet/src/af_packet.bif diff --git a/.gitmodules b/.gitmodules index dbf4e2590f..a6008cdc49 100644 --- a/.gitmodules +++ b/.gitmodules @@ -49,9 +49,6 @@ [submodule "auxil/spicy"] path = auxil/spicy url = https://github.com/zeek/spicy -[submodule "auxil/zeek-af_packet-plugin"] - path = auxil/zeek-af_packet-plugin - url = https://github.com/zeek/zeek-af_packet-plugin.git [submodule "auxil/libunistd"] path = auxil/libunistd url = https://github.com/zeek/libunistd diff --git a/CMakeLists.txt b/CMakeLists.txt index a4dc95c1df..497c7d188b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1189,18 +1189,6 @@ endif () # Tell the plugin code that we're building as part of the main tree. set(ZEEK_PLUGIN_INTERNAL_BUILD true CACHE INTERNAL "" FORCE) -set(ZEEK_HAVE_AF_PACKET no) -if (${CMAKE_SYSTEM_NAME} MATCHES Linux) - if (NOT DISABLE_AF_PACKET) - if (NOT AF_PACKET_PLUGIN_PATH) - set(AF_PACKET_PLUGIN_PATH ${CMAKE_SOURCE_DIR}/auxil/zeek-af_packet-plugin) - endif () - - list(APPEND ZEEK_INCLUDE_PLUGINS ${AF_PACKET_PLUGIN_PATH}) - set(ZEEK_HAVE_AF_PACKET yes) - endif () -endif () - set(ZEEK_HAVE_JAVASCRIPT no) if (NOT DISABLE_JAVASCRIPT) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${PROJECT_SOURCE_DIR}/auxil/zeekjs/cmake) @@ -1220,6 +1208,7 @@ if (NOT DISABLE_JAVASCRIPT) endif () endif () +set(ZEEK_HAVE_AF_PACKET no CACHE INTERNAL "Zeek has AF_PACKET support") set(ZEEK_HAVE_JAVASCRIPT ${ZEEK_HAVE_JAVASCRIPT} CACHE INTERNAL "Zeek has JavaScript support") set(DEFAULT_ZEEKPATH_PATHS diff --git a/auxil/zeek-af_packet-plugin b/auxil/zeek-af_packet-plugin deleted file mode 160000 index b89a6f6412..0000000000 --- a/auxil/zeek-af_packet-plugin +++ /dev/null @@ -1 +0,0 @@ -Subproject commit b89a6f64123f778090d1dd6ec48e6b8e8906ea11 diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index c77c96f472..82217a20d8 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -5691,6 +5691,31 @@ export { }; } +module AF_Packet; + +export { + ## Size of the ring-buffer. + const buffer_size = 128 * 1024 * 1024 &redef; + ## Size of an individual block. Needs to be a multiple of page size. + const block_size = 4096 * 8 &redef; + ## Retire timeout for a single block. + const block_timeout = 10msec &redef; + ## Toggle whether to use hardware timestamps. + const enable_hw_timestamping = F &redef; + ## Toggle whether to use PACKET_FANOUT. + const enable_fanout = T &redef; + ## Toggle defragmentation of IP packets using PACKET_FANOUT_FLAG_DEFRAG. + const enable_defrag = F &redef; + ## Fanout mode. + const fanout_mode = FANOUT_HASH &redef; + ## Fanout ID. + const fanout_id = 23 &redef; + ## Link type (default Ethernet). + const link_type = 1 &redef; + ## Checksum validation mode. + const checksum_validation_mode: ChecksumMode = CHECKSUM_ON &redef; +} + module DCE_RPC; export { diff --git a/src/iosource/CMakeLists.txt b/src/iosource/CMakeLists.txt index aef7ca8752..6e320c9c75 100644 --- a/src/iosource/CMakeLists.txt +++ b/src/iosource/CMakeLists.txt @@ -13,3 +13,4 @@ zeek_add_subdir_library( PktSrc.cc) add_subdirectory(pcap) +add_subdirectory(af_packet) diff --git a/src/iosource/af_packet/src/AF_Packet.cc b/src/iosource/af_packet/AF_Packet.cc similarity index 88% rename from src/iosource/af_packet/src/AF_Packet.cc rename to src/iosource/af_packet/AF_Packet.cc index ba8fcddd47..0a53dee8ce 100644 --- a/src/iosource/af_packet/src/AF_Packet.cc +++ b/src/iosource/af_packet/AF_Packet.cc @@ -1,25 +1,15 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "zeek/zeek-config.h" +#include "zeek/iosource/af_packet/AF_Packet.h" -// Starting with Zeek 6.0, zeek-config.h does not provide the -// ZEEK_VERSION_NUMBER macro anymore when compiling a included -// plugin. Use the new zeek/zeek-version.h header if it exists. -#if __has_include("zeek/zeek-version.h") -#include "zeek/zeek-version.h" -#endif +#include "zeek/iosource/af_packet/RX_Ring.h" +#include "zeek/iosource/af_packet/af_packet.bif.h" -#include "AF_Packet.h" -#include "RX_Ring.h" -#include "af_packet.bif.h" - -// CentOS 7 if_packet.h does not yet have this define, provide it -// explicitly if missing. #ifndef TP_STATUS_CSUM_VALID #define TP_STATUS_CSUM_VALID (1 << 7) #endif -using namespace zeek::iosource::pktsrc; +using namespace zeek::iosource::af_packet; AF_PacketSource::~AF_PacketSource() { Close(); } @@ -165,15 +155,10 @@ bool AF_PacketSource::EnablePromiscMode(const AF_PacketSource::InterfaceInfo& in bool AF_PacketSource::ConfigureFanoutGroup(bool enabled, bool defrag) { if ( enabled ) { - uint32_t fanout_arg, fanout_id; - int ret; + uint32_t fanout_id = zeek::BifConst::AF_Packet::fanout_id; + uint32_t fanout_arg = ((fanout_id & 0xffff) | (GetFanoutMode(defrag) << 16)); - fanout_id = zeek::BifConst::AF_Packet::fanout_id; - fanout_arg = ((fanout_id & 0xffff) | (GetFanoutMode(defrag) << 16)); - - ret = setsockopt(socket_fd, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg)); - - if ( ret < 0 ) + if ( setsockopt(socket_fd, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg)) < 0 ) return false; } return true; @@ -183,7 +168,6 @@ bool AF_PacketSource::ConfigureHWTimestamping(bool enabled) { if ( enabled ) { struct ifreq ifr; struct hwtstamp_config hwts_cfg; - int ret, opt; memset(&hwts_cfg, 0, sizeof(hwts_cfg)); hwts_cfg.tx_type = HWTSTAMP_TX_OFF; @@ -192,13 +176,11 @@ bool AF_PacketSource::ConfigureHWTimestamping(bool enabled) { snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", props.path.c_str()); ifr.ifr_data = &hwts_cfg; - ret = ioctl(socket_fd, SIOCSHWTSTAMP, &ifr); - if ( ret < 0 ) + if ( ioctl(socket_fd, SIOCSHWTSTAMP, &ifr) < 0 ) return false; - opt = SOF_TIMESTAMPING_RAW_HARDWARE | SOF_TIMESTAMPING_RX_HARDWARE; - ret = setsockopt(socket_fd, SOL_PACKET, PACKET_TIMESTAMP, &opt, sizeof(opt)); - if ( ret < 0 ) + int opt = SOF_TIMESTAMPING_RAW_HARDWARE | SOF_TIMESTAMPING_RX_HARDWARE; + if ( setsockopt(socket_fd, SOL_PACKET, PACKET_TIMESTAMP, &opt, sizeof(opt)) < 0 ) return false; } return true; @@ -244,7 +226,7 @@ bool AF_PacketSource::ExtractNextPacket(zeek::Packet* pkt) { if ( ! socket_fd ) return false; - struct tpacket3_hdr* packet = 0; + struct tpacket3_hdr* packet = nullptr; const u_char* data; while ( true ) { if ( ! rx_ring->GetNextPacket(&packet) ) @@ -267,7 +249,6 @@ bool AF_PacketSource::ExtractNextPacket(zeek::Packet* pkt) { if ( packet->tp_status & TP_STATUS_VLAN_VALID ) pkt->vlan = packet->hv1.tp_vlan_tci & 0x0fff; -#if ZEEK_VERSION_NUMBER >= 50100 switch ( checksum_mode ) { case BifEnum::AF_Packet::CHECKSUM_OFF: { // If set to off, just accept whatever checksum in the packet is correct and @@ -292,7 +273,6 @@ bool AF_PacketSource::ExtractNextPacket(zeek::Packet* pkt) { break; } } -#endif if ( current_hdr.len == 0 || current_hdr.caplen == 0 ) { Weird("empty_af_packet_header", pkt); diff --git a/src/iosource/af_packet/src/AF_Packet.h b/src/iosource/af_packet/AF_Packet.h similarity index 94% rename from src/iosource/af_packet/src/AF_Packet.h rename to src/iosource/af_packet/AF_Packet.h index fe6ecb15f7..37fd10a252 100644 --- a/src/iosource/af_packet/src/AF_Packet.h +++ b/src/iosource/af_packet/AF_Packet.h @@ -17,10 +17,9 @@ extern "C" { } #include "zeek/iosource/PktSrc.h" +#include "zeek/iosource/af_packet/RX_Ring.h" -#include "RX_Ring.h" - -namespace af_packet::iosource::pktsrc { +namespace zeek::iosource::af_packet { class AF_PacketSource : public zeek::iosource::PktSrc { public: @@ -80,4 +79,4 @@ private: uint32_t GetFanoutMode(bool defrag); }; -} // namespace zeek::iosource::pktsrc +} // namespace zeek::iosource::af_packet diff --git a/src/iosource/af_packet/CMakeLists.txt b/src/iosource/af_packet/CMakeLists.txt index 3cb19806f6..da9de5498d 100644 --- a/src/iosource/af_packet/CMakeLists.txt +++ b/src/iosource/af_packet/CMakeLists.txt @@ -1,27 +1,5 @@ -cmake_minimum_required(VERSION 3.15 FATAL_ERROR) +if (${CMAKE_SYSTEM_NAME} MATCHES Linux) + set(ZEEK_HAVE_AF_PACKET yes CACHE INTERNAL "") -project(ZeekPluginAF_Packet) - -include(ZeekPlugin) -include(CheckSymbolExists) - -zeek_plugin_begin(Zeek AF_Packet) -zeek_plugin_cc(src/Plugin.cc) -zeek_plugin_cc(src/AF_Packet.cc) -zeek_plugin_cc(src/RX_Ring.cc) -zeek_plugin_bif(src/af_packet.bif) -zeek_plugin_dist_files(zeekctl/af_packet.py README COPYING VERSION) -zeek_plugin_end() - -check_symbol_exists(TP_STATUS_CSUM_VALID linux/if_packet.h HAVE_TP_STATUS_CSUM_VALID) -if (NOT HAVE_TP_STATUS_CSUM_VALID) - message(STATUS "Checksum offloading to the kernel might not be fully supported.") -endif () - -file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/VERSION" VERSION LIMIT_COUNT 1) - -if ("${PROJECT_SOURCE_DIR}" STREQUAL "${CMAKE_SOURCE_DIR}") - # Allows building rpm/deb packages via "make package" in build dir. - include(ConfigurePackaging) - ConfigurePackaging(${VERSION}) + zeek_add_plugin(Zeek AF_Packet SOURCES Plugin.cc AF_Packet.cc RX_Ring.cc BIFS af_packet.bif) endif () diff --git a/src/iosource/af_packet/Plugin.cc b/src/iosource/af_packet/Plugin.cc new file mode 100644 index 0000000000..3c5ad7fe16 --- /dev/null +++ b/src/iosource/af_packet/Plugin.cc @@ -0,0 +1,27 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#include "zeek/plugin/Plugin.h" + +#include "zeek/iosource/Component.h" +#include "zeek/iosource/af_packet/AF_Packet.h" + +namespace zeek::plugin::Zeek_AF_Packet { + +class Plugin : public plugin::Plugin { + plugin::Configuration Configure() override { + AddComponent( + new ::zeek::iosource::PktSrcComponent("AF_PacketReader", "af_packet", + ::zeek::iosource::PktSrcComponent::LIVE, + ::zeek::iosource::af_packet::AF_PacketSource::InstantiateAF_Packet)); + + zeek::plugin::Configuration config; + config.name = "Zeek::AF_Packet"; + config.description = "Packet acquisition via AF_Packet"; + config.version.major = 4; + config.version.minor = 0; + config.version.patch = 0; + return config; + } +} plugin; + +} // namespace zeek::plugin::Zeek_AF_Packet diff --git a/src/iosource/af_packet/src/RX_Ring.cc b/src/iosource/af_packet/RX_Ring.cc similarity index 80% rename from src/iosource/af_packet/src/RX_Ring.cc rename to src/iosource/af_packet/RX_Ring.cc index 99c38912b3..2a1c1e10af 100644 --- a/src/iosource/af_packet/src/RX_Ring.cc +++ b/src/iosource/af_packet/RX_Ring.cc @@ -1,6 +1,6 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "RX_Ring.h" +#include "zeek/iosource/af_packet/RX_Ring.h" #include #include @@ -12,34 +12,33 @@ extern "C" { #include // sysconf } -RX_Ring::RX_Ring(int sock, size_t bufsize, size_t blocksize, int blocktimeout_msec) { - int ret, ver = TPACKET_VERSION; +using namespace zeek::iosource::af_packet; +RX_Ring::RX_Ring(int sock, size_t bufsize, size_t blocksize, int blocktimeout_msec) { if ( sock < 0 ) throw RX_RingException("invalid socket"); // Configure socket - ret = setsockopt(sock, SOL_PACKET, PACKET_VERSION, &ver, sizeof(ver)); - if ( ret ) + int ver = TPACKET_VERSION; + if ( setsockopt(sock, SOL_PACKET, PACKET_VERSION, &ver, sizeof(ver)) != 0 ) throw RX_RingException("unable to set TPacket version"); InitLayout(bufsize, blocksize, blocktimeout_msec); - ret = setsockopt(sock, SOL_PACKET, PACKET_RX_RING, (uint8_t*)&layout, sizeof(layout)); - if ( ret ) + if ( setsockopt(sock, SOL_PACKET, PACKET_RX_RING, (uint8_t*)&layout, sizeof(layout)) != 0 ) throw RX_RingException("unable to set ring layout"); // Map memory - size = layout.tp_block_size * layout.tp_block_nr; - ring = (uint8_t*)mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, sock, 0); + size = static_cast(layout.tp_block_size) * layout.tp_block_nr; + ring = (uint8_t*)mmap(nullptr, size, PROT_READ | PROT_WRITE, MAP_SHARED, sock, 0); if ( ring == MAP_FAILED ) throw RX_RingException("unable to map ring memory"); block_num = packet_num = 0; - packet = NULL; + packet = nullptr; // Init block mapping blocks = new tpacket_block_desc*[layout.tp_block_nr]; - for ( unsigned int i = 0; i < layout.tp_block_nr; i++ ) + for ( size_t i = 0; i < layout.tp_block_nr; i++ ) blocks[i] = (struct tpacket_block_desc*)(ring + i * layout.tp_block_size); } @@ -49,7 +48,7 @@ RX_Ring::~RX_Ring() { delete[] blocks; munmap(ring, size); - blocks = 0; + blocks = nullptr; size = 0; } @@ -59,7 +58,7 @@ bool RX_Ring::GetNextPacket(tpacket3_hdr** hdr) { if ( (block_hdr->block_status & TP_STATUS_USER) == 0 ) return false; - if ( packet == NULL ) { + if ( packet == nullptr ) { // New block packet_num = block_hdr->num_pkts; if ( packet_num == 0 ) { @@ -96,5 +95,5 @@ void RX_Ring::NextBlock() { block_hdr->block_status = TP_STATUS_KERNEL; block_num = (block_num + 1) % layout.tp_block_nr; - packet = NULL; + packet = nullptr; } diff --git a/src/iosource/af_packet/src/RX_Ring.h b/src/iosource/af_packet/RX_Ring.h similarity index 85% rename from src/iosource/af_packet/src/RX_Ring.h rename to src/iosource/af_packet/RX_Ring.h index c11e7140ef..6056ec5d40 100644 --- a/src/iosource/af_packet/src/RX_Ring.h +++ b/src/iosource/af_packet/RX_Ring.h @@ -5,14 +5,17 @@ extern "C" { #include // AF_PACKET, etc. } + #include #include -#include #define TPACKET_VERSION TPACKET_V3 +namespace zeek::iosource::af_packet { + class RX_RingException : public std::runtime_error { public: + RX_RingException(const char* what_arg) : std::runtime_error(what_arg) {} RX_RingException(const std::string& what_arg) : std::runtime_error(what_arg) {} }; @@ -42,3 +45,5 @@ private: uint8_t* ring; size_t size; }; + +} // namespace zeek::iosource::af_packet diff --git a/src/iosource/af_packet/af_packet.bif b/src/iosource/af_packet/af_packet.bif new file mode 100644 index 0000000000..5daee0c4c0 --- /dev/null +++ b/src/iosource/af_packet/af_packet.bif @@ -0,0 +1,16 @@ +# See the file "COPYING" in the main distribution directory for copyright. + +# Options for the AF_Packet packet source. + +module AF_Packet; + +const buffer_size: count; +const block_size: count; +const block_timeout: interval; +const enable_hw_timestamping: bool; +const enable_defrag: bool; +const enable_fanout: bool; +const fanout_mode: FanoutMode; +const fanout_id: count; +const link_type: count; +const checksum_validation_mode: ChecksumMode; diff --git a/src/iosource/af_packet/scripts/__load__.zeek b/src/iosource/af_packet/scripts/__load__.zeek deleted file mode 100644 index 588cabc7c4..0000000000 --- a/src/iosource/af_packet/scripts/__load__.zeek +++ /dev/null @@ -1,5 +0,0 @@ -# -# This is loaded unconditionally at Zeek startup. -# - -@load ./init.zeek diff --git a/src/iosource/af_packet/scripts/af_packet/__load__.zeek b/src/iosource/af_packet/scripts/af_packet/__load__.zeek deleted file mode 100644 index 80a869bdc3..0000000000 --- a/src/iosource/af_packet/scripts/af_packet/__load__.zeek +++ /dev/null @@ -1 +0,0 @@ -# This package currently doesn't have any generic script functionality. diff --git a/src/iosource/af_packet/scripts/init.zeek b/src/iosource/af_packet/scripts/init.zeek deleted file mode 100644 index c8d4f8a560..0000000000 --- a/src/iosource/af_packet/scripts/init.zeek +++ /dev/null @@ -1,28 +0,0 @@ -##! Packet source using AF_Packet. -##! -##! Note: This module is in testing and is not yet considered stable! - -module AF_Packet; - -export { - ## Size of the ring-buffer. - const buffer_size = 128 * 1024 * 1024 &redef; - ## Size of an individual block. Needs to be a multiple of page size. - const block_size = 4096 * 8 &redef; - ## Retire timeout for a single block. - const block_timeout = 10msec &redef; - ## Toggle whether to use hardware timestamps. - const enable_hw_timestamping = F &redef; - ## Toggle whether to use PACKET_FANOUT. - const enable_fanout = T &redef; - ## Toggle defragmentation of IP packets using PACKET_FANOUT_FLAG_DEFRAG. - const enable_defrag = F &redef; - ## Fanout mode. - const fanout_mode = FANOUT_HASH &redef; - ## Fanout ID. - const fanout_id = 23 &redef; - ## Link type (default Ethernet). - const link_type = 1 &redef; - ## Checksum validation mode. - const checksum_validation_mode: ChecksumMode = CHECKSUM_ON &redef; -} diff --git a/src/iosource/af_packet/src/Plugin.cc b/src/iosource/af_packet/src/Plugin.cc deleted file mode 100644 index ca8aa96ac3..0000000000 --- a/src/iosource/af_packet/src/Plugin.cc +++ /dev/null @@ -1,27 +0,0 @@ -// See the file "COPYING" in the main distribution directory for copyright. - -#include "Plugin.h" - -#include "zeek/iosource/Component.h" - -#include "AF_Packet.h" - -namespace plugin::Zeek_AF_Packet { -Plugin plugin; -} - -using namespace af_packet::plugin::Zeek_AF_Packet; - -zeek::plugin::Configuration Plugin::Configure() { - AddComponent( - new ::zeek::iosource::PktSrcComponent("AF_PacketReader", "af_packet", ::zeek::iosource::PktSrcComponent::LIVE, - ::zeek::iosource::pktsrc::AF_PacketSource::InstantiateAF_Packet)); - - zeek::plugin::Configuration config; - config.name = "Zeek::AF_Packet"; - config.description = "Packet acquisition via AF_Packet"; - config.version.major = 4; - config.version.minor = 0; - config.version.patch = 0; - return config; -} diff --git a/src/iosource/af_packet/src/Plugin.h b/src/iosource/af_packet/src/Plugin.h deleted file mode 100644 index ad2961a379..0000000000 --- a/src/iosource/af_packet/src/Plugin.h +++ /dev/null @@ -1,17 +0,0 @@ -// See the file "COPYING" in the main distribution directory for copyright. - -#pragma once - -#include - -namespace af_packet::plugin::Zeek_AF_Packet { - -class Plugin : public zeek::plugin::Plugin { -protected: - // Overridden from zeek::plugin::Plugin. - zeek::plugin::Configuration Configure() override; -}; - -extern Plugin plugin; - -} // namespace plugin::Zeek_AF_Packet diff --git a/src/iosource/af_packet/src/af_packet.bif b/src/iosource/af_packet/src/af_packet.bif deleted file mode 100644 index d3f81febce..0000000000 --- a/src/iosource/af_packet/src/af_packet.bif +++ /dev/null @@ -1,35 +0,0 @@ - -# Options for the AF_Packet packet source. - -module AF_Packet; - -## Available fanout modes. -enum FanoutMode %{ - FANOUT_HASH, # PACKET_FANOUT_HASH - FANOUT_CPU, # PACKET_FANOUT_CPU - FANOUT_QM, # PACKET_FANOUT_QM - FANOUT_CBPF, # PACKET_FANOUT_CBPF - FANOUT_EBPF, # PACKET_FANOUT_EBPF -%} - -## Available checksum validation modes. -enum ChecksumMode %{ - ## Ignore checksums, i.e. always assume they are correct. - CHECKSUM_OFF, - ## Let Zeek compute and verify checksums. - CHECKSUM_ON, - ## Let the kernel handle checksum offloading. - ## Note: Semantics may depend on the kernel and driver version. - CHECKSUM_KERNEL, -%} - -const buffer_size: count; -const block_size: count; -const block_timeout: interval; -const enable_hw_timestamping: bool; -const enable_defrag: bool; -const enable_fanout: bool; -const fanout_mode: FanoutMode; -const fanout_id: count; -const link_type: count; -const checksum_validation_mode: ChecksumMode; diff --git a/src/types.bif b/src/types.bif index 9797e3e08c..9c3fa82686 100644 --- a/src/types.bif +++ b/src/types.bif @@ -247,4 +247,26 @@ enum Level %{ ERROR = 2, %} +module AF_Packet; + +## Available fanout modes. +enum FanoutMode %{ + FANOUT_HASH, # PACKET_FANOUT_HASH + FANOUT_CPU, # PACKET_FANOUT_CPU + FANOUT_QM, # PACKET_FANOUT_QM + FANOUT_CBPF, # PACKET_FANOUT_CBPF + FANOUT_EBPF, # PACKET_FANOUT_EBPF +%} + +## Available checksum validation modes. +enum ChecksumMode %{ + ## Ignore checksums, i.e. always assume they are correct. + CHECKSUM_OFF, + ## Let Zeek compute and verify checksums. + CHECKSUM_ON, + ## Let the kernel handle checksum offloading. + ## Note: Semantics may depend on the kernel and driver version. + CHECKSUM_KERNEL, +%} + module GLOBAL;