From c52203667aa74d4588e653ffedd33f1d1ae82d8c Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sun, 30 Nov 2025 08:20:31 +0100 Subject: [PATCH] af-packet: add disable-hwtimestamp option HW timestamping is not always reliable, so add an option to disable it. Bug: #1954. (cherry picked from commit 18a6a079da9d52e1c5b75706eb38b5d99c7b446b) --- src/runmode-af-packet.c | 15 ++++++++++++++- src/source-af-packet.c | 13 ++++++++----- src/source-af-packet.h | 2 +- suricata.yaml.in | 3 +++ 4 files changed, 26 insertions(+), 7 deletions(-) diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c index 5d0d3727aa..5e24294cfb 100644 --- a/src/runmode-af-packet.c +++ b/src/runmode-af-packet.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2011-2020 Open Information Security Foundation +/* Copyright (C) 2011-2025 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -671,6 +671,19 @@ static void *ParseAFPConfig(const char *iface) aconf->promisc = 0; } + (void)ConfGetChildValueBoolWithDefault(if_root, if_default, "disable-hwtimestamp", &boolval); + if (boolval) { +#ifdef HAVE_HW_TIMESTAMPING + SCLogConfig("%s: disabling hardware timestamping", aconf->iface); +#endif + aconf->flags |= AFP_DISABLE_HWTIMESTAMP; + } +#ifdef HAVE_HW_TIMESTAMPING + if ((aconf->flags & AFP_DISABLE_HWTIMESTAMP) == 0) { + SCLogConfig("%s: enabling hardware timestamping", aconf->iface); + } +#endif + if (ConfGetChildValueWithDefault(if_root, if_default, "checksum-checks", &tmpctype) == 1) { if (strcmp(tmpctype, "auto") == 0) { aconf->checksum_mode = CHECKSUM_VALIDATION_AUTO; diff --git a/src/source-af-packet.c b/src/source-af-packet.c index 3d07676f31..3e9bf45355 100644 --- a/src/source-af-packet.c +++ b/src/source-af-packet.c @@ -1761,11 +1761,14 @@ static int AFPSetupRing(AFPThreadVars *ptv, char *devname) } #ifdef HAVE_HW_TIMESTAMPING - int req = SOF_TIMESTAMPING_RAW_HARDWARE; - if (setsockopt(ptv->socket, SOL_PACKET, PACKET_TIMESTAMP, (void *) &req, - sizeof(req)) < 0) { - SCLogWarning("%s: failed to activate hardware timestamping on packet socket: %s", devname, - strerror(errno)); + if ((ptv->flags & AFP_DISABLE_HWTIMESTAMP) == 0) { + int req = SOF_TIMESTAMPING_RAW_HARDWARE; + if (setsockopt(ptv->socket, SOL_PACKET, PACKET_TIMESTAMP, (void *)&req, sizeof(req)) < 0) { + SCLogWarning("%s: failed to activate hardware timestamping on packet socket: %s", + devname, strerror(errno)); + } + } else { + SCLogConfig("%s: hardware timestamping disabled", devname); } #endif diff --git a/src/source-af-packet.h b/src/source-af-packet.h index 022caaa0a3..9a1ec981bc 100644 --- a/src/source-af-packet.h +++ b/src/source-af-packet.h @@ -56,7 +56,7 @@ struct ebpf_timeout_config { /* value for flags */ #define AFP_NEED_PEER (1 << 0) -// (1<<1) vacant +#define AFP_DISABLE_HWTIMESTAMP (1 << 1) #define AFP_SOCK_PROTECT (1<<2) #define AFP_EMERGENCY_MODE (1<<3) #define AFP_TPACKET_V3 (1<<4) diff --git a/suricata.yaml.in b/suricata.yaml.in index caa3b99014..7640f2b62f 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -701,6 +701,9 @@ af-packet: #copy-iface: eth1 # For eBPF and XDP setup including bypass, filter and load balancing, please # see doc/userguide/capture-hardware/ebpf-xdp.rst for more info. + # Disable HW timestamp support. HW timestamps can be unreliable, see + # https://redmine.openinfosecfoundation.org/issues/7585 + #disable-hwtimestamp: true # Put default values here. These will be used for an interface that is not # in the list above.