void reader_snf_start() { pcapFileHeader.linktype = DLT_EN10MB; pcapFileHeader.snaplen = MOLOCH_SNAPLEN; pcap_t *dpcap = pcap_open_dead(pcapFileHeader.linktype, pcapFileHeader.snaplen); int t; for (t = 0; t < MOLOCH_FILTER_MAX; t++) { if (config.bpfsNum[t]) { int i; if (bpf_programs[t]) { for (i = 0; i < config.bpfsNum[t]; i++) { pcap_freecode(&bpf_programs[t][i]); } } else { bpf_programs[t] = malloc(config.bpfsNum[t]*sizeof(struct bpf_program)); } for (i = 0; i < config.bpfsNum[t]; i++) { if (pcap_compile(dpcap, &bpf_programs[t][i], config.bpfs[t][i], 1, PCAP_NETMASK_UNKNOWN) == -1) { LOG("ERROR - Couldn't compile filter: '%s' with %s", config.bpfs[t][i], pcap_geterr(dpcap)); exit(1); } } moloch_reader_should_filter = reader_snf_should_filter; } } int i, r; for (i = 0; i < MAX_INTERFACES && config.interface[i]; i++) { for (r = 0; r < snfNumRings; r++) { char name[100]; snprintf(name, sizeof(name), "moloch-snf%d-%d", i, r); g_thread_new(name, &reader_snf_thread, rings[i][r]); } snf_start(handles[i]); } }
static inline struct timeval snf_timestamp_to_timeval(const int64_t ts_nanosec) { struct timeval tv; int32_t rem; if (ts_nanosec == 0) return (struct timeval) { 0, 0 }; tv.tv_sec = ts_nanosec / _NSEC_PER_SEC; tv.tv_usec = (ts_nanosec % _NSEC_PER_SEC) / 1000; return tv; } static int snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { struct pcap_pkthdr hdr; int i, flags, err, caplen, n; struct snf_recv_req req; if (!p || cnt == 0) return -1; n = 0; while (n < cnt || cnt < 0) { /* * Has "pcap_breakloop()" been called? */ if (p->break_loop) { if (n == 0) { p->break_loop = 0; return (-2); } else { return (n); } } err = snf_ring_recv(p->md.snf_ring, p->md.snf_timeout, &req); if (err) { if (err == EBUSY || err == EAGAIN) return (0); if (err == EINTR) continue; if (err != 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_read: %s", pcap_strerror(err)); return -1; } } caplen = req.length; if (caplen > p->snapshot) caplen = p->snapshot; if ((p->fcode.bf_insns == NULL) || bpf_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) { hdr.ts = snf_timestamp_to_timeval(req.timestamp); hdr.caplen = caplen; hdr.len = req.length; callback(user, &hdr, req.pkt_addr); } n++; } return (n); } static int snf_setfilter(pcap_t *p, struct bpf_program *fp) { if (!p) return -1; if (!fp) { strncpy(p->errbuf, "setfilter: No filter specified", sizeof(p->errbuf)); return -1; } /* Make our private copy of the filter */ if (install_bpf_program(p, fp) < 0) return -1; p->md.use_bpf = 0; return (0); } static int snf_inject(pcap_t *p, const void *buf _U_, size_t size _U_) { strlcpy(p->errbuf, "Sending packets isn't supported with snf", PCAP_ERRBUF_SIZE); return (-1); } static int snf_activate(pcap_t* p) { char *device = p->opt.source; const char *nr = NULL; int err; int flags = 0; if (device == NULL) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "device is NULL: %s", pcap_strerror(errno)); return -1; } /* In Libpcap, we set pshared by default if NUM_RINGS is set to > 1. * Since libpcap isn't thread-safe */ if ((nr = getenv("SNF_NUM_RINGS")) && *nr && atoi(nr) > 1) flags |= SNF_F_PSHARED; else nr = NULL; err = snf_open(p->md.snf_boardnum, 0, /* let SNF API parse SNF_NUM_RINGS, if set */ NULL, /* default RSS, or use SNF_RSS_FLAGS env */ 0, /* default to SNF_DATARING_SIZE from env */ flags, /* may want pshared */ &p->md.snf_handle); if (err != 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_open failed: %s", pcap_strerror(err)); return -1; } err = snf_ring_open(p->md.snf_handle, &p->md.snf_ring); if (err != 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_ring_open failed: %s", pcap_strerror(err)); return -1; } if (p->md.timeout <= 0) p->md.snf_timeout = -1; else p->md.snf_timeout = p->md.timeout; err = snf_start(p->md.snf_handle); if (err != 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_start failed: %s", pcap_strerror(err)); return -1; } /* * "select()" and "poll()" don't work on snf descriptors. */ p->selectable_fd = -1; p->linktype = DLT_EN10MB; p->read_op = snf_read; p->inject_op = snf_inject; p->setfilter_op = snf_setfilter; p->setdirection_op = NULL; /* Not implemented.*/ p->set_datalink_op = snf_set_datalink; p->getnonblock_op = snf_getnonblock; p->setnonblock_op = snf_setnonblock; p->stats_op = snf_pcap_stats; p->cleanup_op = snf_platform_cleanup; p->md.stat.ps_recv = 0; p->md.stat.ps_drop = 0; p->md.stat.ps_ifdrop = 0; return 0; }
static inline struct timeval snf_timestamp_to_timeval(const int64_t ts_nanosec, const int tstamp_precision) { struct timeval tv; long tv_nsec; if (ts_nanosec == 0) return (struct timeval) { 0, 0 }; tv.tv_sec = ts_nanosec / _NSEC_PER_SEC; tv_nsec = (ts_nanosec % _NSEC_PER_SEC); /* libpcap expects tv_usec to be nanos if using nanosecond precision. */ if (tstamp_precision == PCAP_TSTAMP_PRECISION_NANO) tv.tv_usec = tv_nsec; else tv.tv_usec = tv_nsec / 1000; return tv; } static int snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { struct pcap_snf *ps = p->priv; struct pcap_pkthdr hdr; int i, flags, err, caplen, n; struct snf_recv_req req; int nonblock, timeout; if (!p) return -1; n = 0; timeout = ps->snf_timeout; while (n < cnt || PACKET_COUNT_IS_UNLIMITED(cnt)) { /* * Has "pcap_breakloop()" been called? */ if (p->break_loop) { if (n == 0) { p->break_loop = 0; return (-2); } else { return (n); } } err = snf_ring_recv(ps->snf_ring, timeout, &req); if (err) { if (err == EBUSY || err == EAGAIN) { return (n); } else if (err == EINTR) { timeout = 0; continue; } else { pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_read: %s", pcap_strerror(err)); return -1; } } caplen = req.length; if (caplen > p->snapshot) caplen = p->snapshot; if ((p->fcode.bf_insns == NULL) || bpf_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) { hdr.ts = snf_timestamp_to_timeval(req.timestamp, p->opt.tstamp_precision); hdr.caplen = caplen; hdr.len = req.length; callback(user, &hdr, req.pkt_addr); } n++; /* After one successful packet is received, we won't block * again for that timeout. */ if (timeout != 0) timeout = 0; } return (n); } static int snf_setfilter(pcap_t *p, struct bpf_program *fp) { if (!p) return -1; if (!fp) { strncpy(p->errbuf, "setfilter: No filter specified", sizeof(p->errbuf)); return -1; } /* Make our private copy of the filter */ if (install_bpf_program(p, fp) < 0) return -1; return (0); } static int snf_inject(pcap_t *p, const void *buf _U_, size_t size _U_) { #ifdef SNF_HAVE_INJECT_API struct pcap_snf *ps = p->priv; int rc; if (ps->snf_inj == NULL) { rc = snf_inject_open(ps->snf_boardnum, 0, &ps->snf_inj); if (rc) { pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_inject_open: %s", pcap_strerror(rc)); return (-1); } } rc = snf_inject_send(ps->snf_inj, -1, 0, buf, size); if (!rc) { return (size); } else { pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_inject_send: %s", pcap_strerror(rc)); return (-1); } #else strlcpy(p->errbuf, "Sending packets isn't supported with this snf version", PCAP_ERRBUF_SIZE); return (-1); #endif } static int snf_activate(pcap_t* p) { struct pcap_snf *ps = p->priv; char *device = p->opt.source; const char *nr = NULL; int err; int flags = -1, ring_id = -1; if (device == NULL) { pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "device is NULL: %s", pcap_strerror(errno)); return -1; } /* In Libpcap, we set pshared by default if NUM_RINGS is set to > 1. * Since libpcap isn't thread-safe */ if ((nr = getenv("SNF_FLAGS")) && *nr) flags = strtol(nr, NULL, 0); else if ((nr = getenv("SNF_NUM_RINGS")) && *nr && atoi(nr) > 1) flags = SNF_F_PSHARED; else nr = NULL; err = snf_open(ps->snf_boardnum, 0, /* let SNF API parse SNF_NUM_RINGS, if set */ NULL, /* default RSS, or use SNF_RSS_FLAGS env */ 0, /* default to SNF_DATARING_SIZE from env */ flags, /* may want pshared */ &ps->snf_handle); if (err != 0) { pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_open failed: %s", pcap_strerror(err)); return -1; } if ((nr = getenv("SNF_PCAP_RING_ID")) && *nr) { ring_id = (int) strtol(nr, NULL, 0); } err = snf_ring_open_id(ps->snf_handle, ring_id, &ps->snf_ring); if (err != 0) { pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_ring_open_id(ring=%d) failed: %s", ring_id, pcap_strerror(err)); return -1; } if (p->opt.timeout <= 0) ps->snf_timeout = -1; else ps->snf_timeout = p->opt.timeout; err = snf_start(ps->snf_handle); if (err != 0) { pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_start failed: %s", pcap_strerror(err)); return -1; } /* * "select()" and "poll()" don't work on snf descriptors. */ p->selectable_fd = -1; p->linktype = DLT_EN10MB; p->read_op = snf_read; p->inject_op = snf_inject; p->setfilter_op = snf_setfilter; p->setdirection_op = NULL; /* Not implemented.*/ p->set_datalink_op = snf_set_datalink; p->getnonblock_op = snf_getnonblock; p->setnonblock_op = snf_setnonblock; p->stats_op = snf_pcap_stats; p->cleanup_op = snf_platform_cleanup; #ifdef SNF_HAVE_INJECT_API ps->snf_inj = NULL; #endif return 0; } #define MAX_DESC_LENGTH 128 int snf_findalldevs(pcap_if_t **devlistp, char *errbuf) { pcap_if_t *devlist = NULL,*curdev,*prevdev; pcap_addr_t *curaddr; struct snf_ifaddrs *ifaddrs, *ifa; char desc[MAX_DESC_LENGTH]; int ret; if (snf_init(SNF_VERSION_API)) return (-1); if (snf_getifaddrs(&ifaddrs) || ifaddrs == NULL) { (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "snf_getifaddrs: %s", pcap_strerror(errno)); return (-1); } ifa = ifaddrs; while (ifa) { /* * Allocate a new entry */ curdev = (pcap_if_t *)malloc(sizeof(pcap_if_t)); if (curdev == NULL) { (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "snf_findalldevs malloc: %s", pcap_strerror(errno)); return (-1); } if (devlist == NULL) /* save first entry */ devlist = curdev; else prevdev->next = curdev; /* * Fill in the entry. */ curdev->next = NULL; curdev->name = strdup(ifa->snf_ifa_name); if (curdev->name == NULL) { (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "snf_findalldevs strdup: %s", pcap_strerror(errno)); free(curdev); return (-1); } (void)pcap_snprintf(desc,MAX_DESC_LENGTH,"Myricom snf%d", ifa->snf_ifa_portnum); curdev->description = strdup(desc); if (curdev->description == NULL) { (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "snf_findalldevs strdup1: %s", pcap_strerror(errno)); free(curdev->name); free(curdev); return (-1); } curdev->addresses = NULL; curdev->flags = 0; curaddr = (pcap_addr_t *)malloc(sizeof(pcap_addr_t)); if (curaddr == NULL) { (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "snf_findalldevs malloc1: %s", pcap_strerror(errno)); free(curdev->description); free(curdev->name); free(curdev); return (-1); } curdev->addresses = curaddr; curaddr->next = NULL; curaddr->addr = (struct sockaddr*)malloc(sizeof(struct sockaddr_storage)); if (curaddr->addr == NULL) { (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc2: %s", pcap_strerror(errno)); free(curdev->description); free(curdev->name); free(curaddr); free(curdev); return (-1); } curaddr->addr->sa_family = AF_INET; curaddr->netmask = NULL; curaddr->broadaddr = NULL; curaddr->dstaddr = NULL; curaddr->next = NULL; prevdev = curdev; ifa = ifa->snf_ifa_next; } snf_freeifaddrs(ifaddrs); *devlistp = devlist; /* * There are no platform-specific devices since each device * exists as a regular Ethernet device. */ return 0; }
static inline struct timeval snf_timestamp_to_timeval(const int64_t ts_nanosec) { struct timeval tv; int32_t rem; if (ts_nanosec == 0) return (struct timeval) { 0, 0 }; tv.tv_sec = ts_nanosec / _NSEC_PER_SEC; tv.tv_usec = (ts_nanosec % _NSEC_PER_SEC) / 1000; return tv; } static int snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { struct pcap_snf *ps = p->priv; struct pcap_pkthdr hdr; int i, flags, err, caplen, n; struct snf_recv_req req; if (!p || cnt == 0) return -1; n = 0; while (n < cnt || PACKET_COUNT_IS_UNLIMITED(cnt)) { /* * Has "pcap_breakloop()" been called? */ if (p->break_loop) { if (n == 0) { p->break_loop = 0; return (-2); } else { return (n); } } err = snf_ring_recv(ps->snf_ring, ps->snf_timeout, &req); if (err) { if (err == EBUSY || err == EAGAIN) return (0); if (err == EINTR) continue; if (err != 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_read: %s", pcap_strerror(err)); return -1; } } caplen = req.length; if (caplen > p->snapshot) caplen = p->snapshot; if ((p->fcode.bf_insns == NULL) || bpf_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) { hdr.ts = snf_timestamp_to_timeval(req.timestamp); hdr.caplen = caplen; hdr.len = req.length; callback(user, &hdr, req.pkt_addr); } n++; } return (n); } static int snf_setfilter(pcap_t *p, struct bpf_program *fp) { if (!p) return -1; if (!fp) { strncpy(p->errbuf, "setfilter: No filter specified", sizeof(p->errbuf)); return -1; } /* Make our private copy of the filter */ if (install_bpf_program(p, fp) < 0) return -1; return (0); } static int snf_inject(pcap_t *p, const void *buf _U_, size_t size _U_) { strlcpy(p->errbuf, "Sending packets isn't supported with snf", PCAP_ERRBUF_SIZE); return (-1); } static int snf_activate(pcap_t* p) { struct pcap_snf *ps = p->priv; char *device = p->opt.source; const char *nr = NULL; int err; int flags = 0; if (device == NULL) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "device is NULL: %s", pcap_strerror(errno)); return -1; } /* In Libpcap, we set pshared by default if NUM_RINGS is set to > 1. * Since libpcap isn't thread-safe */ if ((nr = getenv("SNF_NUM_RINGS")) && *nr && atoi(nr) > 1) flags |= SNF_F_PSHARED; else nr = NULL; err = snf_open(ps->snf_boardnum, 0, /* let SNF API parse SNF_NUM_RINGS, if set */ NULL, /* default RSS, or use SNF_RSS_FLAGS env */ 0, /* default to SNF_DATARING_SIZE from env */ flags, /* may want pshared */ &ps->snf_handle); if (err != 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_open failed: %s", pcap_strerror(err)); return -1; } err = snf_ring_open(ps->snf_handle, &ps->snf_ring); if (err != 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_ring_open failed: %s", pcap_strerror(err)); return -1; } if (p->opt.timeout <= 0) ps->snf_timeout = -1; else ps->snf_timeout = p->opt.timeout; err = snf_start(ps->snf_handle); if (err != 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_start failed: %s", pcap_strerror(err)); return -1; } /* * "select()" and "poll()" don't work on snf descriptors. */ p->selectable_fd = -1; p->linktype = DLT_EN10MB; p->read_op = snf_read; p->inject_op = snf_inject; p->setfilter_op = snf_setfilter; p->setdirection_op = NULL; /* Not implemented.*/ p->set_datalink_op = snf_set_datalink; p->getnonblock_op = snf_getnonblock; p->setnonblock_op = snf_setnonblock; p->stats_op = snf_pcap_stats; p->cleanup_op = snf_platform_cleanup; return 0; } int snf_findalldevs(pcap_if_t **devlistp, char *errbuf) { /* * There are no platform-specific devices since each device * exists as a regular Ethernet device. */ return 0; } pcap_t * snf_create(const char *device, char *ebuf, int *is_ours) { pcap_t *p; int boardnum = -1; struct snf_ifaddrs *ifaddrs, *ifa; size_t devlen; struct pcap_snf *ps; if (snf_init(SNF_VERSION_API)) { /* Can't initialize the API, so no SNF devices */ *is_ours = 0; return NULL; } /* * Match a given interface name to our list of interface names, from * which we can obtain the intended board number */ if (snf_getifaddrs(&ifaddrs) || ifaddrs == NULL) { /* Can't get SNF addresses */ *is_ours = 0; return NULL; } devlen = strlen(device) + 1; ifa = ifaddrs; while (ifa) { if (!strncmp(device, ifa->snf_ifa_name, devlen)) { boardnum = ifa->snf_ifa_boardnum; break; } ifa = ifa->snf_ifa_next; } snf_freeifaddrs(ifaddrs); if (ifa == NULL) { /* * If we can't find the device by name, support the name "snfX" * and "snf10gX" where X is the board number. */ if (sscanf(device, "snf10g%d", &boardnum) != 1 && sscanf(device, "snf%d", &boardnum) != 1) { /* Nope, not a supported name */ *is_ours = 0; return NULL; } } /* OK, it's probably ours. */ *is_ours = 1; p = pcap_create_common(device, ebuf, sizeof (struct pcap_snf)); if (p == NULL) return NULL; ps = p->priv; p->activate_op = snf_activate; ps->snf_boardnum = boardnum; return p; }