Support for PF_RING versions where packet passed as a reference and version 4.7.1 where pfring_enable_ring now seems to be required.

15 years ago · 1099093e0f
parent a0b4068041
commit 1099093e0f
3 changed files with 104 additions and 26 deletions
--- a/configure.in
+++ b/configure.in
@ -636,14 +636,54 @@ esac
        fi
    fi

-    AC_TRY_COMPILE([ #include <pfring.h> ],
-    [ pfring *pd; pd = pfring_open("eth1", 1,  1515, 1); pfring_set_cluster(pd, 99, cluster_round_robin); ],
-    [ pfring_cluster_type_available=yes ], [:]
-    )
+    LIBPFRING_ENABLE_RING=""
+    AC_CHECK_LIB(pfring, pfring_enable_ring,, LIBPFRING_ENABLE_RING="no")
+    if test "$LIBPFRING_ENABLE_RING" != "no"; then
+        AC_DEFINE([HAVE_PFRING_ENABLE],[1],[PF_RING pfring_enable_ring is available])
+    fi
+
+    AC_MSG_CHECKING([if pfring_set_cluster is available])
+    AC_TRY_COMPILE([
+                #include <pfring.h>
+            ],
+            [
+                pfring *pd;
+                pd = pfring_open("eth1", 1,  1515, 1);
+                pfring_set_cluster(pd, 99, cluster_round_robin);
+            ],
+            [ pfring_cluster_type_available=yes ], [:])
+
    if test "$pfring_cluster_type_available" = "yes"; then
-     CFLAGS="${CFLAGS} -DHAVE_PFRING_CLUSTER_TYPE"
+        AC_DEFINE([HAVE_PFRING_CLUSTER_TYPE],[1],[PF_RING pfring_set_cluster is available])
+        AC_MSG_RESULT(yes)
+    else
+        AC_MSG_RESULT(no)
    fi

+    STORE_CFLAGS="${CFLAGS}"
+    CFLAGS="${CFLAGS} -Werror"
+    AC_MSG_CHECKING([if pfring_recv expects u_char**])
+    AC_TRY_COMPILE([
+                #include <pfring.h>
+            ],
+            [
+                u_char *buffer;
+                struct pfring_pkthdr hdr;
+                pfring *pd; memset(&hdr, 0, sizeof(hdr));
+                pd = pfring_open("eth1", 1,  1515, 1);
+                pfring_recv(pd, &buffer, 0, &hdr, 1);
+            ],
+            [ pfring_recv_uchar_buff=yes ], [:])
+
+    CFLAGS="${STORE_CFLAGS}"
+
+
+    if test "$pfring_recv_uchar_buff" = "yes"; then
+        AC_DEFINE([HAVE_PFRING_RECV_UCHAR],[1],[PF_RING pfring_recv buffer is u_char**])
+        AC_MSG_RESULT(yes)
+    else
+        AC_MSG_RESULT(no)
+    fi

 # libpcap
    AC_ARG_WITH(libpcap_includes,
--- a/doc/INSTALL.PF_RING
+++ b/doc/INSTALL.PF_RING
@ -39,30 +39,56 @@ dkms install -m pf_ring -v 4
 #if you issue the following command you can see that pf_ring should now be installed as DKMS module
 dkms status

-#Now lets go through the steps to build a PF_RING aware driver.
-mkdir /usr/src/e1000e-pf_ring-1.0.15
-cp -Rf /usr/src/PF_RING_CURRENT_SVN/drivers/intel/e1000e/old/e1000e-1.0.15/src/* /usr/src/e1000e-pf_ring-1.0.15/
+#Now lets go through the steps to build a e1000e PF_RING aware driver.
+mkdir /usr/src/e1000e-pf_ring-1.3.10a
+cd /usr/src/PF_RING_CURRENT_SVN/drivers/intel/e1000e/e1000e-1.3.10a/src/

 #We copy this over so that DKMS can find it for driver rebuilds
-cp -f /usr/src/PF_RING_CURRENT_SVN/kernel/linux/pf_ring.h /usr/src/e1000e-pf_ring-1.0.15/
-cd /usr/src/e1000e-pf_ring-1.0.15/
+cp -Rf /usr/src/PF_RING_CURRENT_SVN/drivers/intel/e1000e/e1000e-1.3.10a/src/* /usr/src/e1000e-pf_ring-1.3.10a/
+cp -f /usr/src/PF_RING_CURRENT_SVN/kernel/linux/pf_ring.h /usr/src/e1000e-pf_ring-1.3.10a/

 #Fix the path to pf_ring.h
-sed -i -e 's/\.\.\/\.\.\/\.\.\/\.\.\/kernel\/linux\/pf\_ring\.h/pf\_ring\.h/' netdev.c
+cd /usr/src/e1000e-pf_ring-1.3.10a/
+sed -i -e 's/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/kernel\/linux\/pf\_ring\.h/pf\_ring\.h/' netdev.c

 #Create a file called dkms.conf and place the following into the file.
 nano dkms.conf

 PACKAGE_NAME="e1000e-pf_ring"
-PACKAGE_VERSION="1.0.15"
+PACKAGE_VERSION="1.3.10a"
 BUILT_MODULE_NAME[0]="e1000e"
 DEST_MODULE_LOCATION[0]="/kernel/drivers/net/e1000e/"
 AUTOINSTALL="yes"

 #Build and install the module we don't build a deb as currently this appears to be broken in Ubuntu-10.04
-dkms add -m e1000e-pf_ring -v 1.0.15
-dkms build -m e1000e-pf_ring -v 1.0.15
-dkms install -m e1000e-pf_ring -v 1.0.15
+dkms add -m e1000e-pf_ring -v 1.3.10a
+dkms build -m e1000e-pf_ring -v 1.3.10a
+dkms install -m e1000e-pf_ring -v 1.3.10a
+
+#Now lets go through the steps to build a e1000 PF_RING aware driver.
+mkdir /usr/src/e1000-pf_ring-8.0.30
+cd /usr/src/PF_RING_CURRENT_SVN/drivers/intel/e1000/e1000-8.0.30/src/
+
+#We copy this over so that DKMS can find it for driver rebuilds
+cp -Rf /usr/src/PF_RING_CURRENT_SVN/drivers/intel/e1000/e1000-8.0.30/src/* /usr/src/e1000-pf_ring-8.0.30
+cp -f /usr/src/PF_RING_CURRENT_SVN/kernel/linux/pf_ring.h /usr/src/e1000-pf_ring-8.0.30
+
+#Fix the path to pf_ring.h
+cd /usr/src/e1000-pf_ring-8.0.30
+sed -i -e 's/\.\.\/\.\.\/\.\.\/\.\.\/\.\.\/kernel\/linux\/pf\_ring\.h/pf\_ring\.h/' e1000_main.c
+
+#Create a file called dkms.conf and place the following into the file.
+nano dkms.conf
+
+PACKAGE_NAME="e1000-pf_ring"
+PACKAGE_VERSION="8.0.30"
+BUILT_MODULE_NAME[0]="e1000"
+DEST_MODULE_LOCATION[0]="/kernel/drivers/net/e1000/"
+AUTOINSTALL="yes"
+
+dkms add -m e1000-pf_ring -v 8.0.30
+dkms build -m e1000-pf_ring -v 8.0.30
+dkms install -m e1000-pf_ring -v 8.0.30

 #Make the dir structure to hold are PF_RING enabled userland Apps.
 mkdir -p /opt/PF_RING/{bin,lib,include/linux,sbin}
@ -76,21 +102,15 @@ cp -f pfring_e1000e_dna.h /opt/PF_RING/include
 make &&  make install

 #Build and install the PF_RING enabled libpcap
-cd /usr/src/PF_RING_CURRENT_SVN/userland/libpcap-1.0.0-ring
+#PF_RING enabled libpcap
+cd /usr/src/PF_RING_CURRENT_SVN/userland/libpcap-1.1.1-ring
 ./configure
 sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/' Makefile
 sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/' Makefile.in
 ./configure --prefix=/opt/PF_RING && make && make install

 #Build and install tcpdump using the PF_RING enabled version of libpcap
-cd /usr/src/PF_RING_CURRENT_SVN/userland/tcpdump-4.0.0
-./configure
-sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/' Makefile
-sed -i -e 's/\.\.\/lib\/libpfring\.a/\/opt\/PF_RING\/lib\/libpfring\.a/' Makefile.in
-sed -i -e 's/-I \.\.\/libpcap-1\.0\.0-ring/-I \/opt\/PF_RING\/include/' Makefile
-sed -i -e 's/-I \.\.\/libpcap-1\.0\.0-ring/-I \/opt\/PF_RING\/include/' Makefile.in
-sed -i -e 's/-L \.\.\/libpcap-1\.0\.0-ring\/-L /\/opt\/PF_RING\/lib\//' Makefile
-sed -i -e 's/-L \.\.\/libpcap-1\.0\.0-ring\/-L /\/opt\/PF_RING\/lib\//' Makefile.in
+cd /usr/src/PF_RING_CURRENT_SVN/userland/tcpdump-4.1.1
 ./configure LD_RUN_PATH="/opt/PF_RING/lib:/usr/lib:/usr/local/lib" --prefix=/opt/PF_RING/ --enable-ipv6 && make && make install

 #Pull down the latest version of suricata from the git repo and build with PF_RING support.
@ -121,5 +141,6 @@ echo "options pf_ring transparent_mode=0 num_slots=32768 enable_tx_capture=0" >
 modinfo pf_ring && cat /proc/net/pf_ring/info

 #If you need to uninstall PF_RING or rollback your PF_RING aware drivers to their previous state you can do so with the following commands.
-dkms remove -m e1000e-pf_ring -v 1.0.15 --all
+dkms remove -m e1000e-pf_ring -v 1.3.10a --all
+dkms remove -m e1000 -v 8.0.30 --all
 dkms remove -m pf_ring -v 4 --all
--- a/src/source-pfring.c
+++ b/src/source-pfring.c
@ -219,11 +219,18 @@ TmEcode ReceivePfring(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
    }

    /* Depending on what compile time options are used for pfring we either return 0 or -1 on error and always 1 for success */
-
+#ifdef HAVE_PFRING_RECV_UCHAR
+    int r = pfring_recv(ptv->pd, (u_char**)&GET_PKT_DIRECT_DATA(p),
+                        (u_int)GET_PKT_DIRECT_MAX_SIZE(p),
+                        &hdr,
+                        LIBPFRING_WAIT_FOR_INCOMING);
+#else
    int r = pfring_recv(ptv->pd, (char *)GET_PKT_DIRECT_DATA(p),
                        (u_int)GET_PKT_DIRECT_MAX_SIZE(p),
                        &hdr,
                        LIBPFRING_WAIT_FOR_INCOMING);
+#endif /* HAVE_PFRING_RECV_UCHAR */
+
    if (r == 1) {
        //printf("RecievePfring src %" PRIu32 " sport %" PRIu32 " dst %" PRIu32 " dstport %" PRIu32 "\n",
        //        hdr.parsed_pkt.ipv4_src,hdr.parsed_pkt.l4_src_port, hdr.parsed_pkt.ipv4_dst,hdr.parsed_pkt.l4_dst_port);
@ -308,6 +315,16 @@ TmEcode ReceivePfringThreadInit(ThreadVars *tv, void *initdata, void **data) {
        return TM_ECODE_FAILED;
    }

+/* It seems that as of 4.7.1 this is required */
+#ifdef HAVE_PFRING_ENABLE
+    rc = pfring_enable_ring(ptv->pd);
+
+    if (rc != 0) {
+        SCLogError(SC_ERR_PF_RING_OPEN, "pfring_enable failed returned %d ", rc);
+        return TM_ECODE_FAILED;
+    }
+#endif /* HAVE_PFRING_ENABLE */
+
    SCLogInfo("(%s) Using PF_RING v.%d.%d.%d, interface %s, cluster-id %d",
            tv->name, (version & 0xFFFF0000) >> 16, (version & 0x0000FF00) >> 8,
            version & 0x000000FF, ptv->interface, ptv->cluster_id);