void reader_snf_start() {
pcapFileHeader.linktype = DLT_EN10MB;
pcapFileHeader.snaplen = MOLOCH_SNAPLEN;
pcap_t *dpcap = pcap_open_dead(pcapFileHeader.linktype, pcapFileHeader.snaplen);
int t;
for (t = 0; t < MOLOCH_FILTER_MAX; t++) {
if (config.bpfsNum[t]) {
int i;
if (bpf_programs[t]) {
for (i = 0; i < config.bpfsNum[t]; i++) {
pcap_freecode(&bpf_programs[t][i]);
}
} else {
bpf_programs[t] = malloc(config.bpfsNum[t]*sizeof(struct bpf_program));
}
for (i = 0; i < config.bpfsNum[t]; i++) {
if (pcap_compile(dpcap, &bpf_programs[t][i], config.bpfs[t][i], 1, PCAP_NETMASK_UNKNOWN) == -1) {
LOG("ERROR - Couldn't compile filter: '%s' with %s", config.bpfs[t][i], pcap_geterr(dpcap));
exit(1);
}
}
moloch_reader_should_filter = reader_snf_should_filter;
}
}
int i, r;
for (i = 0; i < MAX_INTERFACES && config.interface[i]; i++) {
for (r = 0; r < snfNumRings; r++) {
char name[100];
snprintf(name, sizeof(name), "moloch-snf%d-%d", i, r);
g_thread_new(name, &reader_snf_thread, rings[i][r]);
}
snf_start(handles[i]);
}
}
static inline
struct timeval
snf_timestamp_to_timeval(const int64_t ts_nanosec)
{
struct timeval tv;
int32_t rem;
if (ts_nanosec == 0)
return (struct timeval) { 0, 0 };
tv.tv_sec = ts_nanosec / _NSEC_PER_SEC;
tv.tv_usec = (ts_nanosec % _NSEC_PER_SEC) / 1000;
return tv;
}
static int
snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
{
struct pcap_pkthdr hdr;
int i, flags, err, caplen, n;
struct snf_recv_req req;
if (!p || cnt == 0)
return -1;
n = 0;
while (n < cnt || cnt < 0) {
/*
* Has "pcap_breakloop()" been called?
*/
if (p->break_loop) {
if (n == 0) {
p->break_loop = 0;
return (-2);
} else {
return (n);
}
}
err = snf_ring_recv(p->md.snf_ring, p->md.snf_timeout, &req);
if (err) {
if (err == EBUSY || err == EAGAIN)
return (0);
if (err == EINTR)
continue;
if (err != 0) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_read: %s",
pcap_strerror(err));
return -1;
}
}
caplen = req.length;
if (caplen > p->snapshot)
caplen = p->snapshot;
if ((p->fcode.bf_insns == NULL) ||
bpf_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) {
hdr.ts = snf_timestamp_to_timeval(req.timestamp);
hdr.caplen = caplen;
hdr.len = req.length;
callback(user, &hdr, req.pkt_addr);
}
n++;
}
return (n);
}
static int
snf_setfilter(pcap_t *p, struct bpf_program *fp)
{
if (!p)
return -1;
if (!fp) {
strncpy(p->errbuf, "setfilter: No filter specified",
sizeof(p->errbuf));
return -1;
}
/* Make our private copy of the filter */
if (install_bpf_program(p, fp) < 0)
return -1;
p->md.use_bpf = 0;
return (0);
}
static int
snf_inject(pcap_t *p, const void *buf _U_, size_t size _U_)
{
strlcpy(p->errbuf, "Sending packets isn't supported with snf",
PCAP_ERRBUF_SIZE);
return (-1);
}
static int
snf_activate(pcap_t* p)
{
char *device = p->opt.source;
const char *nr = NULL;
int err;
int flags = 0;
if (device == NULL) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"device is NULL: %s", pcap_strerror(errno));
return -1;
}
/* In Libpcap, we set pshared by default if NUM_RINGS is set to > 1.
* Since libpcap isn't thread-safe */
if ((nr = getenv("SNF_NUM_RINGS")) && *nr && atoi(nr) > 1)
flags |= SNF_F_PSHARED;
else
nr = NULL;
err = snf_open(p->md.snf_boardnum,
0, /* let SNF API parse SNF_NUM_RINGS, if set */
NULL, /* default RSS, or use SNF_RSS_FLAGS env */
0, /* default to SNF_DATARING_SIZE from env */
flags, /* may want pshared */
&p->md.snf_handle);
if (err != 0) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"snf_open failed: %s", pcap_strerror(err));
return -1;
}
err = snf_ring_open(p->md.snf_handle, &p->md.snf_ring);
if (err != 0) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"snf_ring_open failed: %s", pcap_strerror(err));
return -1;
}
if (p->md.timeout <= 0)
p->md.snf_timeout = -1;
else
p->md.snf_timeout = p->md.timeout;
err = snf_start(p->md.snf_handle);
if (err != 0) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"snf_start failed: %s", pcap_strerror(err));
return -1;
}
/*
* "select()" and "poll()" don't work on snf descriptors.
*/
p->selectable_fd = -1;
p->linktype = DLT_EN10MB;
p->read_op = snf_read;
p->inject_op = snf_inject;
p->setfilter_op = snf_setfilter;
p->setdirection_op = NULL; /* Not implemented.*/
p->set_datalink_op = snf_set_datalink;
p->getnonblock_op = snf_getnonblock;
p->setnonblock_op = snf_setnonblock;
p->stats_op = snf_pcap_stats;
p->cleanup_op = snf_platform_cleanup;
p->md.stat.ps_recv = 0;
p->md.stat.ps_drop = 0;
p->md.stat.ps_ifdrop = 0;
return 0;
}
static inline
struct timeval
snf_timestamp_to_timeval(const int64_t ts_nanosec, const int tstamp_precision)
{
struct timeval tv;
long tv_nsec;
if (ts_nanosec == 0)
return (struct timeval) { 0, 0 };
tv.tv_sec = ts_nanosec / _NSEC_PER_SEC;
tv_nsec = (ts_nanosec % _NSEC_PER_SEC);
/* libpcap expects tv_usec to be nanos if using nanosecond precision. */
if (tstamp_precision == PCAP_TSTAMP_PRECISION_NANO)
tv.tv_usec = tv_nsec;
else
tv.tv_usec = tv_nsec / 1000;
return tv;
}
static int
snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
{
struct pcap_snf *ps = p->priv;
struct pcap_pkthdr hdr;
int i, flags, err, caplen, n;
struct snf_recv_req req;
int nonblock, timeout;
if (!p)
return -1;
n = 0;
timeout = ps->snf_timeout;
while (n < cnt || PACKET_COUNT_IS_UNLIMITED(cnt)) {
/*
* Has "pcap_breakloop()" been called?
*/
if (p->break_loop) {
if (n == 0) {
p->break_loop = 0;
return (-2);
} else {
return (n);
}
}
err = snf_ring_recv(ps->snf_ring, timeout, &req);
if (err) {
if (err == EBUSY || err == EAGAIN) {
return (n);
}
else if (err == EINTR) {
timeout = 0;
continue;
}
else {
pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_read: %s",
pcap_strerror(err));
return -1;
}
}
caplen = req.length;
if (caplen > p->snapshot)
caplen = p->snapshot;
if ((p->fcode.bf_insns == NULL) ||
bpf_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) {
hdr.ts = snf_timestamp_to_timeval(req.timestamp, p->opt.tstamp_precision);
hdr.caplen = caplen;
hdr.len = req.length;
callback(user, &hdr, req.pkt_addr);
}
n++;
/* After one successful packet is received, we won't block
* again for that timeout. */
if (timeout != 0)
timeout = 0;
}
return (n);
}
static int
snf_setfilter(pcap_t *p, struct bpf_program *fp)
{
if (!p)
return -1;
if (!fp) {
strncpy(p->errbuf, "setfilter: No filter specified",
sizeof(p->errbuf));
return -1;
}
/* Make our private copy of the filter */
if (install_bpf_program(p, fp) < 0)
return -1;
return (0);
}
static int
snf_inject(pcap_t *p, const void *buf _U_, size_t size _U_)
{
#ifdef SNF_HAVE_INJECT_API
struct pcap_snf *ps = p->priv;
int rc;
if (ps->snf_inj == NULL) {
rc = snf_inject_open(ps->snf_boardnum, 0, &ps->snf_inj);
if (rc) {
pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"snf_inject_open: %s", pcap_strerror(rc));
return (-1);
}
}
rc = snf_inject_send(ps->snf_inj, -1, 0, buf, size);
if (!rc) {
return (size);
}
else {
pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_inject_send: %s",
pcap_strerror(rc));
return (-1);
}
#else
strlcpy(p->errbuf, "Sending packets isn't supported with this snf version",
PCAP_ERRBUF_SIZE);
return (-1);
#endif
}
static int
snf_activate(pcap_t* p)
{
struct pcap_snf *ps = p->priv;
char *device = p->opt.source;
const char *nr = NULL;
int err;
int flags = -1, ring_id = -1;
if (device == NULL) {
pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"device is NULL: %s", pcap_strerror(errno));
return -1;
}
/* In Libpcap, we set pshared by default if NUM_RINGS is set to > 1.
* Since libpcap isn't thread-safe */
if ((nr = getenv("SNF_FLAGS")) && *nr)
flags = strtol(nr, NULL, 0);
else if ((nr = getenv("SNF_NUM_RINGS")) && *nr && atoi(nr) > 1)
flags = SNF_F_PSHARED;
else
nr = NULL;
err = snf_open(ps->snf_boardnum,
0, /* let SNF API parse SNF_NUM_RINGS, if set */
NULL, /* default RSS, or use SNF_RSS_FLAGS env */
0, /* default to SNF_DATARING_SIZE from env */
flags, /* may want pshared */
&ps->snf_handle);
if (err != 0) {
pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"snf_open failed: %s", pcap_strerror(err));
return -1;
}
if ((nr = getenv("SNF_PCAP_RING_ID")) && *nr) {
ring_id = (int) strtol(nr, NULL, 0);
}
err = snf_ring_open_id(ps->snf_handle, ring_id, &ps->snf_ring);
if (err != 0) {
pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"snf_ring_open_id(ring=%d) failed: %s",
ring_id, pcap_strerror(err));
return -1;
}
if (p->opt.timeout <= 0)
ps->snf_timeout = -1;
else
ps->snf_timeout = p->opt.timeout;
err = snf_start(ps->snf_handle);
if (err != 0) {
pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"snf_start failed: %s", pcap_strerror(err));
return -1;
}
/*
* "select()" and "poll()" don't work on snf descriptors.
*/
p->selectable_fd = -1;
p->linktype = DLT_EN10MB;
p->read_op = snf_read;
p->inject_op = snf_inject;
p->setfilter_op = snf_setfilter;
p->setdirection_op = NULL; /* Not implemented.*/
p->set_datalink_op = snf_set_datalink;
p->getnonblock_op = snf_getnonblock;
p->setnonblock_op = snf_setnonblock;
p->stats_op = snf_pcap_stats;
p->cleanup_op = snf_platform_cleanup;
#ifdef SNF_HAVE_INJECT_API
ps->snf_inj = NULL;
#endif
return 0;
}
#define MAX_DESC_LENGTH 128
int
snf_findalldevs(pcap_if_t **devlistp, char *errbuf)
{
pcap_if_t *devlist = NULL,*curdev,*prevdev;
pcap_addr_t *curaddr;
struct snf_ifaddrs *ifaddrs, *ifa;
char desc[MAX_DESC_LENGTH];
int ret;
if (snf_init(SNF_VERSION_API))
return (-1);
if (snf_getifaddrs(&ifaddrs) || ifaddrs == NULL)
{
(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
"snf_getifaddrs: %s", pcap_strerror(errno));
return (-1);
}
ifa = ifaddrs;
while (ifa)
{
/*
* Allocate a new entry
*/
curdev = (pcap_if_t *)malloc(sizeof(pcap_if_t));
if (curdev == NULL) {
(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
"snf_findalldevs malloc: %s", pcap_strerror(errno));
return (-1);
}
if (devlist == NULL) /* save first entry */
devlist = curdev;
else
prevdev->next = curdev;
/*
* Fill in the entry.
*/
curdev->next = NULL;
curdev->name = strdup(ifa->snf_ifa_name);
if (curdev->name == NULL) {
(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
"snf_findalldevs strdup: %s", pcap_strerror(errno));
free(curdev);
return (-1);
}
(void)pcap_snprintf(desc,MAX_DESC_LENGTH,"Myricom snf%d",
ifa->snf_ifa_portnum);
curdev->description = strdup(desc);
if (curdev->description == NULL) {
(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
"snf_findalldevs strdup1: %s", pcap_strerror(errno));
free(curdev->name);
free(curdev);
return (-1);
}
curdev->addresses = NULL;
curdev->flags = 0;
curaddr = (pcap_addr_t *)malloc(sizeof(pcap_addr_t));
if (curaddr == NULL) {
(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
"snf_findalldevs malloc1: %s", pcap_strerror(errno));
free(curdev->description);
free(curdev->name);
free(curdev);
return (-1);
}
curdev->addresses = curaddr;
curaddr->next = NULL;
curaddr->addr = (struct sockaddr*)malloc(sizeof(struct sockaddr_storage));
if (curaddr->addr == NULL) {
(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
"malloc2: %s", pcap_strerror(errno));
free(curdev->description);
free(curdev->name);
free(curaddr);
free(curdev);
return (-1);
}
curaddr->addr->sa_family = AF_INET;
curaddr->netmask = NULL;
curaddr->broadaddr = NULL;
curaddr->dstaddr = NULL;
curaddr->next = NULL;
prevdev = curdev;
ifa = ifa->snf_ifa_next;
}
snf_freeifaddrs(ifaddrs);
*devlistp = devlist;
/*
* There are no platform-specific devices since each device
* exists as a regular Ethernet device.
*/
return 0;
}
static inline
struct timeval
snf_timestamp_to_timeval(const int64_t ts_nanosec)
{
struct timeval tv;
int32_t rem;
if (ts_nanosec == 0)
return (struct timeval) { 0, 0 };
tv.tv_sec = ts_nanosec / _NSEC_PER_SEC;
tv.tv_usec = (ts_nanosec % _NSEC_PER_SEC) / 1000;
return tv;
}
static int
snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
{
struct pcap_snf *ps = p->priv;
struct pcap_pkthdr hdr;
int i, flags, err, caplen, n;
struct snf_recv_req req;
if (!p || cnt == 0)
return -1;
n = 0;
while (n < cnt || PACKET_COUNT_IS_UNLIMITED(cnt)) {
/*
* Has "pcap_breakloop()" been called?
*/
if (p->break_loop) {
if (n == 0) {
p->break_loop = 0;
return (-2);
} else {
return (n);
}
}
err = snf_ring_recv(ps->snf_ring, ps->snf_timeout, &req);
if (err) {
if (err == EBUSY || err == EAGAIN)
return (0);
if (err == EINTR)
continue;
if (err != 0) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_read: %s",
pcap_strerror(err));
return -1;
}
}
caplen = req.length;
if (caplen > p->snapshot)
caplen = p->snapshot;
if ((p->fcode.bf_insns == NULL) ||
bpf_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) {
hdr.ts = snf_timestamp_to_timeval(req.timestamp);
hdr.caplen = caplen;
hdr.len = req.length;
callback(user, &hdr, req.pkt_addr);
}
n++;
}
return (n);
}
static int
snf_setfilter(pcap_t *p, struct bpf_program *fp)
{
if (!p)
return -1;
if (!fp) {
strncpy(p->errbuf, "setfilter: No filter specified",
sizeof(p->errbuf));
return -1;
}
/* Make our private copy of the filter */
if (install_bpf_program(p, fp) < 0)
return -1;
return (0);
}
static int
snf_inject(pcap_t *p, const void *buf _U_, size_t size _U_)
{
strlcpy(p->errbuf, "Sending packets isn't supported with snf",
PCAP_ERRBUF_SIZE);
return (-1);
}
static int
snf_activate(pcap_t* p)
{
struct pcap_snf *ps = p->priv;
char *device = p->opt.source;
const char *nr = NULL;
int err;
int flags = 0;
if (device == NULL) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"device is NULL: %s", pcap_strerror(errno));
return -1;
}
/* In Libpcap, we set pshared by default if NUM_RINGS is set to > 1.
* Since libpcap isn't thread-safe */
if ((nr = getenv("SNF_NUM_RINGS")) && *nr && atoi(nr) > 1)
flags |= SNF_F_PSHARED;
else
nr = NULL;
err = snf_open(ps->snf_boardnum,
0, /* let SNF API parse SNF_NUM_RINGS, if set */
NULL, /* default RSS, or use SNF_RSS_FLAGS env */
0, /* default to SNF_DATARING_SIZE from env */
flags, /* may want pshared */
&ps->snf_handle);
if (err != 0) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"snf_open failed: %s", pcap_strerror(err));
return -1;
}
err = snf_ring_open(ps->snf_handle, &ps->snf_ring);
if (err != 0) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"snf_ring_open failed: %s", pcap_strerror(err));
return -1;
}
if (p->opt.timeout <= 0)
ps->snf_timeout = -1;
else
ps->snf_timeout = p->opt.timeout;
err = snf_start(ps->snf_handle);
if (err != 0) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"snf_start failed: %s", pcap_strerror(err));
return -1;
}
/*
* "select()" and "poll()" don't work on snf descriptors.
*/
p->selectable_fd = -1;
p->linktype = DLT_EN10MB;
p->read_op = snf_read;
p->inject_op = snf_inject;
p->setfilter_op = snf_setfilter;
p->setdirection_op = NULL; /* Not implemented.*/
p->set_datalink_op = snf_set_datalink;
p->getnonblock_op = snf_getnonblock;
p->setnonblock_op = snf_setnonblock;
p->stats_op = snf_pcap_stats;
p->cleanup_op = snf_platform_cleanup;
return 0;
}
int
snf_findalldevs(pcap_if_t **devlistp, char *errbuf)
{
/*
* There are no platform-specific devices since each device
* exists as a regular Ethernet device.
*/
return 0;
}
pcap_t *
snf_create(const char *device, char *ebuf, int *is_ours)
{
pcap_t *p;
int boardnum = -1;
struct snf_ifaddrs *ifaddrs, *ifa;
size_t devlen;
struct pcap_snf *ps;
if (snf_init(SNF_VERSION_API)) {
/* Can't initialize the API, so no SNF devices */
*is_ours = 0;
return NULL;
}
/*
* Match a given interface name to our list of interface names, from
* which we can obtain the intended board number
*/
if (snf_getifaddrs(&ifaddrs) || ifaddrs == NULL) {
/* Can't get SNF addresses */
*is_ours = 0;
return NULL;
}
devlen = strlen(device) + 1;
ifa = ifaddrs;
while (ifa) {
if (!strncmp(device, ifa->snf_ifa_name, devlen)) {
boardnum = ifa->snf_ifa_boardnum;
break;
}
ifa = ifa->snf_ifa_next;
}
snf_freeifaddrs(ifaddrs);
if (ifa == NULL) {
/*
* If we can't find the device by name, support the name "snfX"
* and "snf10gX" where X is the board number.
*/
if (sscanf(device, "snf10g%d", &boardnum) != 1 &&
sscanf(device, "snf%d", &boardnum) != 1) {
/* Nope, not a supported name */
*is_ours = 0;
return NULL;
}
}
/* OK, it's probably ours. */
*is_ours = 1;
p = pcap_create_common(device, ebuf, sizeof (struct pcap_snf));
if (p == NULL)
return NULL;
ps = p->priv;
p->activate_op = snf_activate;
ps->snf_boardnum = boardnum;
return p;
}
