Exemplo n.º 1
0
void reader_snf_start() {
    pcapFileHeader.linktype = DLT_EN10MB;
    pcapFileHeader.snaplen = MOLOCH_SNAPLEN;
    pcap_t *dpcap = pcap_open_dead(pcapFileHeader.linktype, pcapFileHeader.snaplen);
    int t;
    for (t = 0; t < MOLOCH_FILTER_MAX; t++) {
        if (config.bpfsNum[t]) {
            int i;
            if (bpf_programs[t]) {
                for (i = 0; i < config.bpfsNum[t]; i++) {
                    pcap_freecode(&bpf_programs[t][i]);
                }
            } else {
                bpf_programs[t] = malloc(config.bpfsNum[t]*sizeof(struct bpf_program));
            }
            for (i = 0; i < config.bpfsNum[t]; i++) {
                if (pcap_compile(dpcap, &bpf_programs[t][i], config.bpfs[t][i], 1, PCAP_NETMASK_UNKNOWN) == -1) {
                    LOG("ERROR - Couldn't compile filter: '%s' with %s", config.bpfs[t][i], pcap_geterr(dpcap));
                    exit(1);
                }
            }
            moloch_reader_should_filter = reader_snf_should_filter;
        }
    }

    int i, r;
    for (i = 0; i < MAX_INTERFACES && config.interface[i]; i++) {
        for (r = 0; r < snfNumRings; r++) {
            char name[100];
            snprintf(name, sizeof(name), "moloch-snf%d-%d", i, r);
            g_thread_new(name, &reader_snf_thread, rings[i][r]);
        }
        snf_start(handles[i]);
    }
}
Exemplo n.º 2
0
static inline
struct timeval
snf_timestamp_to_timeval(const int64_t ts_nanosec)
{
	struct timeval tv;
	int32_t rem;
	if (ts_nanosec == 0)
		return (struct timeval) { 0, 0 };
	tv.tv_sec = ts_nanosec / _NSEC_PER_SEC;
	tv.tv_usec = (ts_nanosec % _NSEC_PER_SEC) / 1000;
	return tv;
}

static int
snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
{
	struct pcap_pkthdr hdr;
	int i, flags, err, caplen, n;
	struct snf_recv_req req;

	if (!p || cnt == 0)
		return -1;

	n = 0;
	while (n < cnt || cnt < 0) {
		/*
		 * Has "pcap_breakloop()" been called?
		 */
		if (p->break_loop) {
			if (n == 0) {
				p->break_loop = 0;
				return (-2);
			} else {
				return (n);
			}
		}

		err = snf_ring_recv(p->md.snf_ring, p->md.snf_timeout, &req);

		if (err) {
			if (err == EBUSY || err == EAGAIN)
				return (0);
			if (err == EINTR)
				continue;
			if (err != 0) {
				snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_read: %s",
				 	 pcap_strerror(err));
				return -1;
			}
		}

		caplen = req.length;
		if (caplen > p->snapshot)
			caplen = p->snapshot;

		if ((p->fcode.bf_insns == NULL) ||
		     bpf_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) {
			hdr.ts = snf_timestamp_to_timeval(req.timestamp);
			hdr.caplen = caplen;
			hdr.len = req.length;
			callback(user, &hdr, req.pkt_addr);
		}
		n++;
	}
	return (n);
}

static int
snf_setfilter(pcap_t *p, struct bpf_program *fp)
{
	if (!p)
		return -1;
	if (!fp) {
		strncpy(p->errbuf, "setfilter: No filter specified",
			sizeof(p->errbuf));
		return -1;
	}

	/* Make our private copy of the filter */

	if (install_bpf_program(p, fp) < 0)
		return -1;

	p->md.use_bpf = 0;

	return (0);
}

static int
snf_inject(pcap_t *p, const void *buf _U_, size_t size _U_)
{
	strlcpy(p->errbuf, "Sending packets isn't supported with snf",
	    PCAP_ERRBUF_SIZE);
	return (-1);
}

static int
snf_activate(pcap_t* p)
{
	char *device = p->opt.source;
	const char *nr = NULL;
	int err;
	int flags = 0;

	if (device == NULL) {
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "device is NULL: %s", pcap_strerror(errno));
		return -1;
	}

	/* In Libpcap, we set pshared by default if NUM_RINGS is set to > 1.
	 * Since libpcap isn't thread-safe */
	if ((nr = getenv("SNF_NUM_RINGS")) && *nr && atoi(nr) > 1)
		flags |= SNF_F_PSHARED;
	else
		nr = NULL;

	err = snf_open(p->md.snf_boardnum,
			0, /* let SNF API parse SNF_NUM_RINGS, if set */
			NULL, /* default RSS, or use SNF_RSS_FLAGS env */
			0, /* default to SNF_DATARING_SIZE from env */
			flags, /* may want pshared */
			&p->md.snf_handle);
	if (err != 0) {
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "snf_open failed: %s", pcap_strerror(err));
		return -1;
	}

	err = snf_ring_open(p->md.snf_handle, &p->md.snf_ring);
	if (err != 0) {
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "snf_ring_open failed: %s", pcap_strerror(err));
		return -1;
	}

	if (p->md.timeout <= 0)
		p->md.snf_timeout = -1;
	else
		p->md.snf_timeout = p->md.timeout;

	err = snf_start(p->md.snf_handle);
	if (err != 0) {
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "snf_start failed: %s", pcap_strerror(err));
		return -1;
	}

	/*
	 * "select()" and "poll()" don't work on snf descriptors.
	 */
	p->selectable_fd = -1;
	p->linktype = DLT_EN10MB;
	p->read_op = snf_read;
	p->inject_op = snf_inject;
	p->setfilter_op = snf_setfilter;
	p->setdirection_op = NULL; /* Not implemented.*/
	p->set_datalink_op = snf_set_datalink;
	p->getnonblock_op = snf_getnonblock;
	p->setnonblock_op = snf_setnonblock;
	p->stats_op = snf_pcap_stats;
	p->cleanup_op = snf_platform_cleanup;
	p->md.stat.ps_recv = 0;
	p->md.stat.ps_drop = 0;
	p->md.stat.ps_ifdrop = 0;
	return 0;
}
Exemplo n.º 3
0
static inline
struct timeval
snf_timestamp_to_timeval(const int64_t ts_nanosec, const int tstamp_precision)
{
	struct timeval tv;
	long tv_nsec;

	if (ts_nanosec == 0)
		return (struct timeval) { 0, 0 };

	tv.tv_sec = ts_nanosec / _NSEC_PER_SEC;
	tv_nsec = (ts_nanosec % _NSEC_PER_SEC);

	/* libpcap expects tv_usec to be nanos if using nanosecond precision. */
	if (tstamp_precision == PCAP_TSTAMP_PRECISION_NANO)
		tv.tv_usec = tv_nsec;
	else
		tv.tv_usec = tv_nsec / 1000;

	return tv;
}

static int
snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
{
	struct pcap_snf *ps = p->priv;
	struct pcap_pkthdr hdr;
	int i, flags, err, caplen, n;
	struct snf_recv_req req;
	int nonblock, timeout;

	if (!p)
		return -1;

	n = 0;
	timeout = ps->snf_timeout;
	while (n < cnt || PACKET_COUNT_IS_UNLIMITED(cnt)) {
		/*
		 * Has "pcap_breakloop()" been called?
		 */
		if (p->break_loop) {
			if (n == 0) {
				p->break_loop = 0;
				return (-2);
			} else {
				return (n);
			}
		}

		err = snf_ring_recv(ps->snf_ring, timeout, &req);

		if (err) {
			if (err == EBUSY || err == EAGAIN) {
				return (n);
			}
			else if (err == EINTR) {
				timeout = 0;
				continue;
			}
			else {
				pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_read: %s",
				 	 pcap_strerror(err));
				return -1;
			}
		}

		caplen = req.length;
		if (caplen > p->snapshot)
			caplen = p->snapshot;

		if ((p->fcode.bf_insns == NULL) ||
		     bpf_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) {
			hdr.ts = snf_timestamp_to_timeval(req.timestamp, p->opt.tstamp_precision);
			hdr.caplen = caplen;
			hdr.len = req.length;
			callback(user, &hdr, req.pkt_addr);
		}
		n++;

		/* After one successful packet is received, we won't block
		* again for that timeout. */
		if (timeout != 0)
			timeout = 0;
	}
	return (n);
}

static int
snf_setfilter(pcap_t *p, struct bpf_program *fp)
{
	if (!p)
		return -1;
	if (!fp) {
		strncpy(p->errbuf, "setfilter: No filter specified",
			sizeof(p->errbuf));
		return -1;
	}

	/* Make our private copy of the filter */

	if (install_bpf_program(p, fp) < 0)
		return -1;

	return (0);
}

static int
snf_inject(pcap_t *p, const void *buf _U_, size_t size _U_)
{
#ifdef SNF_HAVE_INJECT_API
	struct pcap_snf *ps = p->priv;
        int rc;
        if (ps->snf_inj == NULL) {
                rc = snf_inject_open(ps->snf_boardnum, 0, &ps->snf_inj);
                if (rc) {
                        pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
                                "snf_inject_open: %s", pcap_strerror(rc));
                        return (-1);
                }
        }

        rc = snf_inject_send(ps->snf_inj, -1, 0, buf, size);
        if (!rc) {
                return (size);
        }
        else {
                pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_inject_send: %s",
                         pcap_strerror(rc));
                return (-1);
        }
#else
	strlcpy(p->errbuf, "Sending packets isn't supported with this snf version",
	    PCAP_ERRBUF_SIZE);
	return (-1);
#endif
}

static int
snf_activate(pcap_t* p)
{
	struct pcap_snf *ps = p->priv;
	char *device = p->opt.source;
	const char *nr = NULL;
	int err;
	int flags = -1, ring_id = -1;

	if (device == NULL) {
		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "device is NULL: %s", pcap_strerror(errno));
		return -1;
	}

	/* In Libpcap, we set pshared by default if NUM_RINGS is set to > 1.
	 * Since libpcap isn't thread-safe */
	if ((nr = getenv("SNF_FLAGS")) && *nr)
		flags = strtol(nr, NULL, 0);
	else if ((nr = getenv("SNF_NUM_RINGS")) && *nr && atoi(nr) > 1)
		flags = SNF_F_PSHARED;
	else
		nr = NULL;

	err = snf_open(ps->snf_boardnum,
			0, /* let SNF API parse SNF_NUM_RINGS, if set */
			NULL, /* default RSS, or use SNF_RSS_FLAGS env */
			0, /* default to SNF_DATARING_SIZE from env */
			flags, /* may want pshared */
			&ps->snf_handle);
	if (err != 0) {
		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "snf_open failed: %s", pcap_strerror(err));
		return -1;
	}

	if ((nr = getenv("SNF_PCAP_RING_ID")) && *nr) {
		ring_id = (int) strtol(nr, NULL, 0);
	}
	err = snf_ring_open_id(ps->snf_handle, ring_id, &ps->snf_ring);
	if (err != 0) {
		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "snf_ring_open_id(ring=%d) failed: %s",
			 ring_id, pcap_strerror(err));
		return -1;
	}

	if (p->opt.timeout <= 0)
		ps->snf_timeout = -1;
	else
		ps->snf_timeout = p->opt.timeout;

	err = snf_start(ps->snf_handle);
	if (err != 0) {
		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "snf_start failed: %s", pcap_strerror(err));
		return -1;
	}

	/*
	 * "select()" and "poll()" don't work on snf descriptors.
	 */
	p->selectable_fd = -1;
	p->linktype = DLT_EN10MB;
	p->read_op = snf_read;
	p->inject_op = snf_inject;
	p->setfilter_op = snf_setfilter;
	p->setdirection_op = NULL; /* Not implemented.*/
	p->set_datalink_op = snf_set_datalink;
	p->getnonblock_op = snf_getnonblock;
	p->setnonblock_op = snf_setnonblock;
	p->stats_op = snf_pcap_stats;
	p->cleanup_op = snf_platform_cleanup;
#ifdef SNF_HAVE_INJECT_API
        ps->snf_inj = NULL;
#endif
	return 0;
}

#define MAX_DESC_LENGTH 128
int
snf_findalldevs(pcap_if_t **devlistp, char *errbuf)
{
	pcap_if_t *devlist = NULL,*curdev,*prevdev;
	pcap_addr_t *curaddr;
	struct snf_ifaddrs *ifaddrs, *ifa;
	char desc[MAX_DESC_LENGTH];
	int ret;

	if (snf_init(SNF_VERSION_API))
		return (-1);

	if (snf_getifaddrs(&ifaddrs) || ifaddrs == NULL)
	{
		(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
			"snf_getifaddrs: %s", pcap_strerror(errno));
		return (-1);
	}
	ifa = ifaddrs;
	while (ifa)
	{
		/*
		 * Allocate a new entry
		 */
		curdev = (pcap_if_t *)malloc(sizeof(pcap_if_t));
		if (curdev == NULL) {
		(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
			"snf_findalldevs malloc: %s", pcap_strerror(errno));
			return (-1);
		}
		if (devlist == NULL) /* save first entry */
			devlist = curdev;
		else
			prevdev->next = curdev;
		/*
		 * Fill in the entry.
		 */
		curdev->next = NULL;
		curdev->name = strdup(ifa->snf_ifa_name);
		if (curdev->name == NULL) {
			(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
			    "snf_findalldevs strdup: %s", pcap_strerror(errno));
			free(curdev);
			return (-1);
		}
		(void)pcap_snprintf(desc,MAX_DESC_LENGTH,"Myricom snf%d",
				ifa->snf_ifa_portnum);
		curdev->description = strdup(desc);
		if (curdev->description == NULL) {
			(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
			"snf_findalldevs strdup1: %s", pcap_strerror(errno));
			free(curdev->name);
			free(curdev);
			return (-1);
		}
		curdev->addresses = NULL;
		curdev->flags = 0;

		curaddr = (pcap_addr_t *)malloc(sizeof(pcap_addr_t));
		if (curaddr == NULL) {
			(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
			     "snf_findalldevs malloc1: %s", pcap_strerror(errno));
			free(curdev->description);
			free(curdev->name);
			free(curdev);
			return (-1);
		}
		curdev->addresses = curaddr;
		curaddr->next = NULL;
		curaddr->addr = (struct sockaddr*)malloc(sizeof(struct sockaddr_storage));
		if (curaddr->addr == NULL) {
			(void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
			    "malloc2: %s", pcap_strerror(errno));
			free(curdev->description);
			free(curdev->name);
			free(curaddr);
			free(curdev);
			return (-1);
		}
		curaddr->addr->sa_family = AF_INET;
		curaddr->netmask = NULL;
		curaddr->broadaddr = NULL;
		curaddr->dstaddr = NULL;
		curaddr->next = NULL;

		prevdev = curdev;
		ifa = ifa->snf_ifa_next;
	}
	snf_freeifaddrs(ifaddrs);
	*devlistp = devlist;

	/*
	 * There are no platform-specific devices since each device
	 * exists as a regular Ethernet device.
	 */
	return 0;
}
Exemplo n.º 4
0
static inline
struct timeval
snf_timestamp_to_timeval(const int64_t ts_nanosec)
{
	struct timeval tv;
	int32_t rem;
	if (ts_nanosec == 0)
		return (struct timeval) { 0, 0 };
	tv.tv_sec = ts_nanosec / _NSEC_PER_SEC;
	tv.tv_usec = (ts_nanosec % _NSEC_PER_SEC) / 1000;
	return tv;
}

static int
snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
{
	struct pcap_snf *ps = p->priv;
	struct pcap_pkthdr hdr;
	int i, flags, err, caplen, n;
	struct snf_recv_req req;

	if (!p || cnt == 0)
		return -1;

	n = 0;
	while (n < cnt || PACKET_COUNT_IS_UNLIMITED(cnt)) {
		/*
		 * Has "pcap_breakloop()" been called?
		 */
		if (p->break_loop) {
			if (n == 0) {
				p->break_loop = 0;
				return (-2);
			} else {
				return (n);
			}
		}

		err = snf_ring_recv(ps->snf_ring, ps->snf_timeout, &req);

		if (err) {
			if (err == EBUSY || err == EAGAIN)
				return (0);
			if (err == EINTR)
				continue;
			if (err != 0) {
				snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_read: %s",
				 	 pcap_strerror(err));
				return -1;
			}
		}

		caplen = req.length;
		if (caplen > p->snapshot)
			caplen = p->snapshot;

		if ((p->fcode.bf_insns == NULL) ||
		     bpf_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) {
			hdr.ts = snf_timestamp_to_timeval(req.timestamp);
			hdr.caplen = caplen;
			hdr.len = req.length;
			callback(user, &hdr, req.pkt_addr);
		}
		n++;
	}
	return (n);
}

static int
snf_setfilter(pcap_t *p, struct bpf_program *fp)
{
	if (!p)
		return -1;
	if (!fp) {
		strncpy(p->errbuf, "setfilter: No filter specified",
			sizeof(p->errbuf));
		return -1;
	}

	/* Make our private copy of the filter */

	if (install_bpf_program(p, fp) < 0)
		return -1;

	return (0);
}

static int
snf_inject(pcap_t *p, const void *buf _U_, size_t size _U_)
{
	strlcpy(p->errbuf, "Sending packets isn't supported with snf",
	    PCAP_ERRBUF_SIZE);
	return (-1);
}

static int
snf_activate(pcap_t* p)
{
	struct pcap_snf *ps = p->priv;
	char *device = p->opt.source;
	const char *nr = NULL;
	int err;
	int flags = 0;

	if (device == NULL) {
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "device is NULL: %s", pcap_strerror(errno));
		return -1;
	}

	/* In Libpcap, we set pshared by default if NUM_RINGS is set to > 1.
	 * Since libpcap isn't thread-safe */
	if ((nr = getenv("SNF_NUM_RINGS")) && *nr && atoi(nr) > 1)
		flags |= SNF_F_PSHARED;
	else
		nr = NULL;

	err = snf_open(ps->snf_boardnum,
			0, /* let SNF API parse SNF_NUM_RINGS, if set */
			NULL, /* default RSS, or use SNF_RSS_FLAGS env */
			0, /* default to SNF_DATARING_SIZE from env */
			flags, /* may want pshared */
			&ps->snf_handle);
	if (err != 0) {
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "snf_open failed: %s", pcap_strerror(err));
		return -1;
	}

	err = snf_ring_open(ps->snf_handle, &ps->snf_ring);
	if (err != 0) {
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "snf_ring_open failed: %s", pcap_strerror(err));
		return -1;
	}

	if (p->opt.timeout <= 0)
		ps->snf_timeout = -1;
	else
		ps->snf_timeout = p->opt.timeout;

	err = snf_start(ps->snf_handle);
	if (err != 0) {
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
			 "snf_start failed: %s", pcap_strerror(err));
		return -1;
	}

	/*
	 * "select()" and "poll()" don't work on snf descriptors.
	 */
	p->selectable_fd = -1;
	p->linktype = DLT_EN10MB;
	p->read_op = snf_read;
	p->inject_op = snf_inject;
	p->setfilter_op = snf_setfilter;
	p->setdirection_op = NULL; /* Not implemented.*/
	p->set_datalink_op = snf_set_datalink;
	p->getnonblock_op = snf_getnonblock;
	p->setnonblock_op = snf_setnonblock;
	p->stats_op = snf_pcap_stats;
	p->cleanup_op = snf_platform_cleanup;
	return 0;
}

int
snf_findalldevs(pcap_if_t **devlistp, char *errbuf)
{
	/*
	 * There are no platform-specific devices since each device
	 * exists as a regular Ethernet device.
	 */
	return 0;
}

pcap_t *
snf_create(const char *device, char *ebuf, int *is_ours)
{
	pcap_t *p;
	int boardnum = -1;
	struct snf_ifaddrs *ifaddrs, *ifa;
	size_t devlen;
	struct pcap_snf *ps;

	if (snf_init(SNF_VERSION_API)) {
		/* Can't initialize the API, so no SNF devices */
		*is_ours = 0;
		return NULL;
	}

	/*
	 * Match a given interface name to our list of interface names, from
	 * which we can obtain the intended board number
	 */
	if (snf_getifaddrs(&ifaddrs) || ifaddrs == NULL) {
		/* Can't get SNF addresses */
		*is_ours = 0;
		return NULL;
	}
	devlen = strlen(device) + 1;
	ifa = ifaddrs;
	while (ifa) {
		if (!strncmp(device, ifa->snf_ifa_name, devlen)) {
			boardnum = ifa->snf_ifa_boardnum;
			break;
		}
		ifa = ifa->snf_ifa_next;
	}
	snf_freeifaddrs(ifaddrs);

	if (ifa == NULL) {
		/*
		 * If we can't find the device by name, support the name "snfX"
		 * and "snf10gX" where X is the board number.
		 */
		if (sscanf(device, "snf10g%d", &boardnum) != 1 &&
		    sscanf(device, "snf%d", &boardnum) != 1) {
			/* Nope, not a supported name */
			*is_ours = 0;
			return NULL;
		    }
	}

	/* OK, it's probably ours. */
	*is_ours = 1;

	p = pcap_create_common(device, ebuf, sizeof (struct pcap_snf));
	if (p == NULL)
		return NULL;
	ps = p->priv;

	p->activate_op = snf_activate;
	ps->snf_boardnum = boardnum;
	return p;
}