From 8d2979e93535ae62f8f1660c48f3dd54cd128517 Mon Sep 17 00:00:00 2001 From: Jan Grashoefer Date: Mon, 26 Sep 2022 12:17:47 +0200 Subject: [PATCH] af_packet: Cleanup checksum offloading support. --- src/iosource/af_packet/README | 4 +++- src/iosource/af_packet/scripts/init.zeek | 17 +++-------------- src/iosource/af_packet/src/AF_Packet.cc | 4 +--- src/iosource/af_packet/src/af_packet.bif | 10 ++++++++-- 4 files changed, 15 insertions(+), 20 deletions(-) diff --git a/src/iosource/af_packet/README b/src/iosource/af_packet/README index 506f5485c7..2de9cc9d35 100644 --- a/src/iosource/af_packet/README +++ b/src/iosource/af_packet/README @@ -25,13 +25,15 @@ If everything built and installed correctly, you should see this:: Zeek::AF_Packet - Packet acquisition via AF_Packet (dynamic, version 3.2.0) [Packet Source] AF_PacketReader (interface prefix "af_packet"; supports live input) [Type] AF_Packet::FanoutMode + [Type] AF_Packet::ChecksumMode [Constant] AF_Packet::buffer_size [Constant] AF_Packet::enable_hw_timestamping - [Constant] AF_Packet::enable_fanout [Constant] AF_Packet::enable_defrag + [Constant] AF_Packet::enable_fanout [Constant] AF_Packet::fanout_mode [Constant] AF_Packet::fanout_id [Constant] AF_Packet::link_type + [Constant] AF_Packet::checksum_validation_mode ## Upgrade from Bro to Zeek diff --git a/src/iosource/af_packet/scripts/init.zeek b/src/iosource/af_packet/scripts/init.zeek index 9de7322bb4..41f8d0a206 100644 --- a/src/iosource/af_packet/scripts/init.zeek +++ b/src/iosource/af_packet/scripts/init.zeek @@ -5,17 +5,6 @@ module AF_Packet; export { - # The various modes of checksum offloading. OFF means we will set the - # checksum variables to true, trusting that they are correct no matter - # what the kernel or zeek thinks. ON means we will ignore the kernel - # checksums and let Zeek check them. KERNEL means we will trust the - # kernel checksums and let Zeek skip checking them. - type Checksum_Mode : enum { - OFF, - ON, - KERNEL - }; - ## Size of the ring-buffer. const buffer_size = 128 * 1024 * 1024 &redef; ## Toggle whether to use hardware timestamps. @@ -24,12 +13,12 @@ export { const enable_fanout = T &redef; ## Toggle defragmentation of IP packets using PACKET_FANOUT_FLAG_DEFRAG. const enable_defrag = F &redef; - ## Fanout Mode. + ## Fanout mode. const fanout_mode = FANOUT_HASH &redef; ## Fanout ID. const fanout_id = 23 &redef; ## Link type (default Ethernet). const link_type = 1 &redef; - ## Checksum offloading option. - const checksum_offloading_mode: Checksum_Mode = KERNEL &redef; + ## Checksum validation mode. + const checksum_validation_mode: ChecksumMode = CHECKSUM_ON &redef; } diff --git a/src/iosource/af_packet/src/AF_Packet.cc b/src/iosource/af_packet/src/AF_Packet.cc index 5f987efa6b..cfce30af95 100644 --- a/src/iosource/af_packet/src/AF_Packet.cc +++ b/src/iosource/af_packet/src/AF_Packet.cc @@ -21,7 +21,7 @@ AF_PacketSource::AF_PacketSource(const std::string& path, bool is_live) props.path = path; props.is_live = is_live; - checksum_mode = zeek::BifConst::AF_Packet::checksum_offloading_mode->AsEnum(); + checksum_mode = zeek::BifConst::AF_Packet::checksum_validation_mode->AsEnum(); } void AF_PacketSource::Open() @@ -280,8 +280,6 @@ bool AF_PacketSource::ExtractNextPacket(zeek::Packet* pkt) break; } } -#else - fprintf(stderr, "bad version?\n"); #endif if ( current_hdr.len == 0 || current_hdr.caplen == 0 ) diff --git a/src/iosource/af_packet/src/af_packet.bif b/src/iosource/af_packet/src/af_packet.bif index 9a309b5986..32e737b16b 100644 --- a/src/iosource/af_packet/src/af_packet.bif +++ b/src/iosource/af_packet/src/af_packet.bif @@ -3,6 +3,7 @@ module AF_Packet; +## Available fanout modes. enum FanoutMode %{ FANOUT_HASH, # PACKET_FANOUT_HASH FANOUT_CPU, # PACKET_FANOUT_CPU @@ -11,17 +12,22 @@ enum FanoutMode %{ FANOUT_EBPF, # PACKET_FANOUT_EBPF %} +## Available checksum validation modes. enum ChecksumMode %{ + ## Ignore checksums, i.e. always assume they are correct. CHECKSUM_OFF, + ## Let Zeek compute and verify checksums. CHECKSUM_ON, + ## Let the kernel handle checksum offloading. + ## Note: Semantics may depend on the kernel and driver version. CHECKSUM_KERNEL, %} const buffer_size: count; const enable_hw_timestamping: bool; -const enable_fanout: bool; const enable_defrag: bool; +const enable_fanout: bool; const fanout_mode: FanoutMode; const fanout_id: count; const link_type: count; -const checksum_offloading_mode: ChecksumMode; \ No newline at end of file +const checksum_validation_mode: ChecksumMode;