Feature #334 ยป 0001-Add-pfring-bpf-filter-require-pfring-5.1-v4.patch
| configure.in | ||
|---|---|---|
|
AC_MSG_RESULT(no)
|
||
|
fi
|
||
|
AC_MSG_CHECKING([if pfring_set_bpf_filter is available])
|
||
|
AC_TRY_COMPILE([
|
||
|
#include <pfring.h>
|
||
|
],
|
||
|
[
|
||
|
pfring *pd;
|
||
|
pd = pfring_open("eth1", 1, 1515, 1);
|
||
|
pfring_set_bpf_filter(pd, "tcp");
|
||
|
],
|
||
|
[ pfring_set_bpf_filter_available=yes ], [:])
|
||
|
if test "$pfring_set_bpf_filter_available" = "yes"; then
|
||
|
AC_DEFINE([HAVE_PFRING_SET_BPF_FILTER],[1],[PF_RING pfring_set_bpf_filter is available])
|
||
|
AC_MSG_RESULT(yes)
|
||
|
else
|
||
|
AC_MSG_RESULT(no)
|
||
|
fi
|
||
|
STORE_CFLAGS="${CFLAGS}"
|
||
|
CFLAGS="${CFLAGS} -Werror"
|
||
|
AC_MSG_CHECKING([if pfring_recv expects u_char**])
|
||
| src/runmode-pfring.c | ||
|---|---|---|
|
char * default_ctype = SCStrdup("cluster_round_robin");
|
||
|
int getctype = 0;
|
||
|
#endif
|
||
|
#ifdef HAVE_PFRING_SET_BPF_FILTER
|
||
|
char *bpf_filter = NULL;
|
||
|
#endif /* HAVE_PFRING_SET_BPF_FILTER */
|
||
|
if (iface == NULL) {
|
||
|
return NULL;
|
||
| ... | ... | |
|
SCLogDebug("Going to use cluster-id %" PRId32, pfconf->cluster_id);
|
||
|
}
|
||
|
}
|
||
|
#ifdef HAVE_PFRING_SET_BPF_FILTER
|
||
|
/*load pfring bpf filter*/
|
||
|
/* command line value has precedence */
|
||
|
if (ConfGet("bpf-filter", &bpf_filter) == 1) {
|
||
|
pfconf->bpf_filter = SCStrdup(bpf_filter);
|
||
|
SCLogDebug("Going to use command-line provided bpf filter %s",
|
||
|
pfconf->bpf_filter);
|
||
|
} else {
|
||
|
if (ConfGetChildValue(if_root, "bpf-filter", &bpf_filter) == 1) {
|
||
|
pfconf->bpf_filter = SCStrdup(bpf_filter);
|
||
|
SCLogDebug("Going to use bpf filter %s", pfconf->bpf_filter);
|
||
|
}
|
||
|
}
|
||
|
#endif /* HAVE_PFRING_SET_BPF_FILTER */
|
||
|
#ifdef HAVE_PFRING_CLUSTER_TYPE
|
||
|
if (ConfGet("pfring.cluster-type", &tmpctype) == 1) {
|
||
| src/source-pfring.c | ||
|---|---|---|
|
#endif /* HAVE_PFRING_CLUSTER_TYPE */
|
||
|
uint8_t cluster_id;
|
||
|
char *interface;
|
||
|
#ifdef HAVE_PFRING_SET_BPF_FILTER
|
||
|
char *bpf_filter;
|
||
|
#endif /* HAVE_PFRING_SET_BPF_FILTER */
|
||
|
} PfringThreadVars;
|
||
|
/**
|
||
| ... | ... | |
|
version & 0x000000FF, ptv->interface);
|
||
|
}
|
||
|
#ifdef HAVE_PFRING_SET_BPF_FILTER
|
||
|
if (pfconf->bpf_filter) {
|
||
|
ptv->bpf_filter = SCStrdup(pfconf->bpf_filter);
|
||
|
rc= pfring_set_bpf_filter(ptv->pd, ptv->bpf_filter);
|
||
|
if (rc < 0) {
|
||
|
SCLogInfo("Set PF_RING bpf filter \"%s\" failed.", ptv->bpf_filter);
|
||
|
}
|
||
|
}
|
||
|
#endif /* HAVE_PFRING_SET_BPF_FILTER */
|
||
|
/* It seems that as of 4.7.1 this is required */
|
||
|
#ifdef HAVE_PFRING_ENABLE
|
||
|
rc = pfring_enable_ring(ptv->pd);
|
||
| src/source-pfring.h | ||
|---|---|---|
|
char iface[PFRING_IFACE_NAME_LENGTH];
|
||
|
/* number of threads */
|
||
|
int threads;
|
||
|
#ifdef HAVE_PFRING_SET_BPF_FILTER
|
||
|
char *bpf_filter;
|
||
|
#endif /* HAVE_PFRING_SET_BPF_FILTER */
|
||
|
SC_ATOMIC_DECLARE(unsigned int, ref);
|
||
|
void (*DerefFunc)(void *);
|
||
|
} PfringIfaceConfig;
|
||
| suricata.yaml | ||
|---|---|---|
|
# Default PF_RING cluster type. PF_RING can load balance per flow or per hash.
|
||
|
# This is only supported in versions of PF_RING > 4.1.1.
|
||
|
cluster-type: cluster_round_robin
|
||
|
# bpf filter for this interface
|
||
|
#bpf-filter: tcp
|
||
|
# Second interface
|
||
|
#- interface: eth1
|
||
|
# threads: 3
|
||