pfring v0.6: implements ips mode #1291
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 5 commits
January 9, 2015 08:54
This patch adds new variables to pfring configuration: copy-mode copy-iface flush-packet If copy-mode is set to ips, the packet with action DROP are not copied to the destination interface. If copy-mode is set to tap, all packets are copied to the destination interface. If flush-packet is set to no, you will decrease your CPU usage but at the cost of sending packets in trains and thus at larger latency.
This patch adds a peering of pfring interfaces. This is make using the PfringPeer structure, like AF_PACKET.
This patch send the packets to the peered interface. It also test if the packet action is drop
If HAVE_RWLOCK is not defined, in pfring library
pthread_rw_lock_t is defined as the following:
This causes some warnings:
threads.c: In function ‘ThreadMacrosTest03RWLocks’:
threads.c:92:5: warning: passing argument 1 of ‘pthread_rwlock_trywrlock’ from incompatible pointer type [enabled by default]
r |= (SCRWLockTryWRLock(&rwl_write) == EBUSY)? 0 : 1;
^
In file included from threads.h:93:0,
from suricata-common.h:316,
from threads.c:27:
/usr/include/pthread.h:927:12: note: expected ‘union pthread_rwlock_t *’ but argument is of type ‘union pthread_mutex_t *’
extern int pthread_rwlock_trywrlock (pthread_rwlock_t *__rwlock)
^
threads.c: In function ‘ThreadMacrosTest04RWLocks’:
threads.c:108:5: warning: passing argument 1 of ‘pthread_rwlock_trywrlock’ from incompatible pointer type [enabled by default]
r |= (SCRWLockTryWRLock(&rwl_read) == EBUSY)? 0 : 1;
^
In file included from threads.h:93:0,
from suricata-common.h:316,
from threads.c:27:
/usr/include/pthread.h:927:12: note: expected ‘union pthread_rwlock_t *’ but argument is of type ‘union pthread_mutex_t *’
extern int pthread_rwlock_trywrlock (pthread_rwlock_t *__rwlock)
^
threads.c: In function ‘ThreadMacrosTest05RWLocks’:
threads.c:124:5: warning: passing argument 1 of ‘pthread_rwlock_tryrdlock’ from incompatible pointer type [enabled by default]
r |= (SCRWLockTryRDLock(&rwl_read) == EBUSY)? 0 : 1;
^
In file included from threads.h:93:0,
from suricata-common.h:316,
from threads.c:27:
/usr/include/pthread.h:912:12: note: expected ‘union pthread_rwlock_t *’ but argument is of type ‘union pthread_mutex_t *’
extern int pthread_rwlock_tryrdlock (pthread_rwlock_t *__rwlock)
^
This patch fixes temporarily this issue
|
A small question: should LRO/GRO be turned off? For instance, AF_PACKET can't handle offloading - transfer size exceeds 65k and an error occurs. |
|
@gozzy it's better to turn off LRO/GRO. |
|
It seems that it is critical to load the pf_ring module with: Without that traffic didn't forward for me. |
|
Regarding that last comment, can that be checked at Suricata startup? |
|
In my testing I haven't been able to get this to work at any reasonable speed. Also latency was huge. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR permits to use suricata and PF_RING in ips mode,
it addresses comments in the previous PR.
Last PR: #1288