Allow Bro to run in fanout mode.

This commit is contained in:
Kris Nielander 2015-08-09 22:41:28 +02:00
parent f5429ee794
commit d8c9b7255e
9 changed files with 88 additions and 5 deletions

View file

@ -3,6 +3,27 @@
#ifndef IOSOURCE_IOSOURCE_H
#define IOSOURCE_IOSOURCE_H
#ifdef HAVE_PACKET_FANOUT
#include <linux/if_packet.h>
#ifndef PACKET_FANOUT
#define PACKET_FANOUT 18
#define PACKET_FANOUT_HASH 0
#define PACKET_FANOUT_LB 1
#define PACKET_FANOUT_CPU 2
#define PACKET_FANOUT_FLAG_DEFRAG 0x8000
#ifndef PACKET_FANOUT_ROLLOVER
#define PACKET_FANOUT_ROLLOVER 3
#endif
#ifndef PACKET_FANOUT_FLAG_ROLLOVER
#define PACKET_FANOUT_FLAG_ROLLOVER 0x1000
#endif
#define PACKET_FANOUT_FLAG_NONE -1
#endif /* PACKET_FANOUT */
#endif /* HAVE_PACKET_FANOUT */
extern "C" {
#include <pcap.h>
}

View file

@ -73,7 +73,7 @@ int PktSrc::SnapLen() const
int PktSrc::BufSize() const
{
return bufsize; // That's a global too. Change?
return bufsize; // That's a global. Change?
}
bool PktSrc::IsLive() const

View file

@ -84,13 +84,12 @@ void PcapSource::OpenLive()
props.netmask = PktSrc::NETMASK_UNKNOWN;
#endif
// We use the smallest time-out possible to return almost immediately if
// ### We use the smallest time-out possible to return almost immediately if
// no packets are available. (We can't use set_nonblocking() as it's
// broken on FreeBSD: even when select() indicates that we can read
// something, we may get nothing if the store buffer hasn't filled up
// yet.)
pd = pcap_create(props.path.c_str(), errbuf);
if ( ! pd )
{
safe_snprintf(errbuf, sizeof(errbuf),
@ -160,6 +159,19 @@ void PcapSource::OpenLive()
// Was closed, couldn't get header size.
return;
#ifdef HAVE_PACKET_FANOUT
/* Turn on cluster mode for the device. */
if ( fanout_enable )
{
uint32_t fanout_arg = (fanout_method << 16) | (fanout_id & 0xffff);
if (setsockopt(props.selectable_fd, SOL_PACKET, PACKET_FANOUT, &fanout_arg, sizeof(fanout_arg)) == -1)
{
Error(fmt("%s: setsockopt: %s", __FUNCTION__, strerror(errno)));
return;
}
}
#endif
props.is_live = true;
Opened(props);

View file

@ -5,6 +5,13 @@
#include "../PktSrc.h"
#ifdef HAVE_PACKET_FANOUT
extern bool fanout_enable;
extern int fanout_id;
extern int fanout_method;
extern int fanout_flag;
#endif
namespace iosource {
namespace pcap {