packages: kernel/kernel-PF_RING.patch - update to latest version
arekm
arekm at pld-linux.org
Tue Jul 21 05:41:35 CEST 2009
Author: arekm Date: Tue Jul 21 03:41:34 2009 GMT
Module: packages Tag: HEAD
---- Log message:
- update to latest version
---- Files affected:
packages/kernel:
kernel-PF_RING.patch (1.2 -> 1.3)
---- Diffs:
================================================================
Index: packages/kernel/kernel-PF_RING.patch
diff -u packages/kernel/kernel-PF_RING.patch:1.2 packages/kernel/kernel-PF_RING.patch:1.3
--- packages/kernel/kernel-PF_RING.patch:1.2 Tue Mar 31 14:02:41 2009
+++ packages/kernel/kernel-PF_RING.patch Tue Jul 21 05:41:26 2009
@@ -1,12 +1,13 @@
-diff --unified --recursive --new-file linux-2.6.21.4/include/linux/ring.h linux-2.6.21.4-1-686-smp-ring3/include/linux/ring.h
---- linux-2.6.21.4/include/linux/ring.h 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.21.4-1-686-smp-ring3/include/linux/ring.h 2007-06-10 16:43:04.346421348 +0000
-@@ -0,0 +1,240 @@
+diff --unified --recursive --new-file linux-2.6.30/include/linux/ring.h linux-2.6.30-1-686-smp-PF_RING/include/linux/ring.h
+--- linux-2.6.30/include/linux/ring.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.30-1-686-smp-PF_RING/include/linux/ring.h 2009-07-21 04:40:31.308485480 +0200
+@@ -0,0 +1,590 @@
+/*
+ * Definitions for packet ring
+ *
-+ * 2004-07 Luca Deri <deri at ntop.org>
++ * 2004-09 Luca Deri <deri at ntop.org>
+ */
++
+#ifndef __RING_H
+#define __RING_H
+
@@ -19,179 +20,239 @@
+#endif
+
+#define RING_MAGIC
-+#define RING_MAGIC_VALUE 0x88
-+#define RING_FLOWSLOT_VERSION 6
-+#define RING_VERSION "3.4.1"
-+
-+#define SO_ADD_TO_CLUSTER 99
-+#define SO_REMOVE_FROM_CLUSTER 100
-+#define SO_SET_REFLECTOR 101
-+#define SO_SET_BLOOM 102
-+#define SO_SET_STRING 103
-+#define SO_TOGGLE_BLOOM_STATE 104
-+#define SO_RESET_BLOOM_FILTERS 105
-+
-+#define BITMASK_SET(n, p) (((char*)p->bits_memory)[n/8] |= (1<<(n % 8)))
-+#define BITMASK_CLR(n, p) (((char*)p->bits_memory)[n/8] &= ~(1<<(n % 8)))
-+#define BITMASK_ISSET(n, p) (((char*)p->bits_memory)[n/8] & (1<<(n % 8)))
++#define RING_MAGIC_VALUE 0x88
++#define RING_FLOWSLOT_VERSION 9
+
-+/* *********************************** */
++#define DEFAULT_BUCKET_LEN 128
++#define MAX_NUM_DEVICES 256
+
-+/*
-+ Aho-Corasick code taken from Snort
-+ under GPL license
-+*/
-+/*
-+ * DEFINES and Typedef's
-+ */
-+#define MAX_ALPHABET_SIZE 256
++/* Versioning */
++#define RING_VERSION "3.9.5"
++#define RING_VERSION_NUM 0x030904
+
-+/*
-+ FAIL STATE for 1,2,or 4 bytes for state transitions
++/* Set */
++#define SO_ADD_TO_CLUSTER 99
++#define SO_REMOVE_FROM_CLUSTER 100
++#define SO_SET_REFLECTOR 101
++#define SO_SET_STRING 102
++#define SO_ADD_FILTERING_RULE 103
++#define SO_REMOVE_FILTERING_RULE 104
++#define SO_TOGGLE_FILTER_POLICY 105
++#define SO_SET_SAMPLING_RATE 106
++#define SO_ACTIVATE_RING 107
++#define SO_RING_BUCKET_LEN 108
++#define SO_SET_CHANNEL_ID 109
++#define SO_PURGE_IDLE_HASH_RULES 110 /* inactivity (sec) */
++#define SO_SET_APPL_NAME 111
+
-+ Uncomment this define to use 32 bit state values
-+ #define AC32
-+*/
++/* Get */
++#define SO_GET_RING_VERSION 120
++#define SO_GET_FILTERING_RULE_STATS 121
++#define SO_GET_HASH_FILTERING_RULE_STATS 122
++#define SO_GET_MAPPED_DNA_DEVICE 123
+
-+typedef unsigned short acstate_t;
-+#define ACSM_FAIL_STATE2 0xffff
++/* Map */
++#define SO_MAP_DNA_DEVICE 130
++
++/* **************** regexp.h ******************* */
+
+/*
++http://www.opensource.apple.com/darwinsource/10.3/expect-1/expect/expect.h ,
++which contains a version of this library, says:
++
++ *
++ * NSUBEXP must be at least 10, and no greater than 117 or the parser
++ * will not work properly.
+ *
-+ */
-+typedef
-+struct _acsm_pattern2
-+{
-+ struct _acsm_pattern2 *next;
+
-+ unsigned char *patrn;
-+ unsigned char *casepatrn;
-+ int n;
-+ int nocase;
-+ int offset;
-+ int depth;
-+ void * id;
-+ int iid;
++However, it looks rather like this library is limited to 10. If you think
++otherwise, let us know.
++*/
+
-+} ACSM_PATTERN2;
++#define NSUBEXP 10
++typedef struct regexp {
++ char *startp[NSUBEXP];
++ char *endp[NSUBEXP];
++ char regstart; /* Internal use only. */
++ char reganch; /* Internal use only. */
++ char *regmust; /* Internal use only. */
++ int regmlen; /* Internal use only. */
++ char program[1]; /* Unwarranted chumminess with compiler. */
++} regexp;
++
++regexp * regcomp(char *exp, int *patternsize);
++int regexec(regexp *prog, char *string);
++void regsub(regexp *prog, char *source, char *dest);
++void regerror(char *s);
+
+/*
-+ * transition nodes - either 8 or 12 bytes
++ * The first byte of the regexp internal "program" is actually this magic
++ * number; the start node begins in the second byte.
+ */
-+typedef
-+struct trans_node_s {
-+
-+ acstate_t key; /* The character that got us here - sized to keep structure aligned on 4 bytes */
-+ /* to better the caching opportunities. A value that crosses the cache line */
-+ /* forces an expensive reconstruction, typing this as acstate_t stops that. */
-+ acstate_t next_state; /* */
-+ struct trans_node_s * next; /* next transition for this state */
-+
-+} trans_node_t;
++#define MAGIC 0234
+
++/* *********************************** */
+
-+/*
-+ * User specified final storage type for the state transitions
-+ */
-+enum {
-+ ACF_FULL,
-+ ACF_SPARSE,
-+ ACF_BANDED,
-+ ACF_SPARSEBANDS,
++struct pkt_aggregation_info {
++ u_int32_t num_pkts, num_bytes;
++ struct timeval first_seen, last_seen;
+};
+
+/*
-+ * User specified machine types
-+ *
-+ * TRIE : Keyword trie
-+ * NFA :
-+ * DFA :
-+ */
-+enum {
-+ FSA_TRIE,
-+ FSA_NFA,
-+ FSA_DFA,
++ Note that as offsets *can* be negative,
++ please do not change them to unsigned
++*/
++struct pkt_offset {
++ int16_t eth_offset; /* This offset *must* be added to all offsets below */
++ int16_t vlan_offset;
++ int16_t l3_offset;
++ int16_t l4_offset;
++ int16_t payload_offset;
+};
+
-+/*
-+ * Aho-Corasick State Machine Struct - one per group of pattterns
-+ */
-+typedef struct {
-+ int acsmMaxStates;
-+ int acsmNumStates;
-+
-+ ACSM_PATTERN2 * acsmPatterns;
-+ acstate_t * acsmFailState;
-+ ACSM_PATTERN2 ** acsmMatchList;
-+
-+ /* list of transitions in each state, this is used to build the nfa & dfa */
-+ /* after construction we convert to sparse or full format matrix and free */
-+ /* the transition lists */
-+ trans_node_t ** acsmTransTable;
-+
-+ acstate_t ** acsmNextState;
-+ int acsmFormat;
-+ int acsmSparseMaxRowNodes;
-+ int acsmSparseMaxZcnt;
-+
-+ int acsmNumTrans;
-+ int acsmAlphabetSize;
-+ int acsmFSA;
-+
-+} ACSM_STRUCT2;
++struct pkt_parsing_info {
++ /* Core fields (also used by NetFlow) */
++ u_int16_t eth_type; /* Ethernet type */
++ u_int16_t vlan_id; /* VLAN Id or NO_VLAN */
++ u_int8_t l3_proto, ipv4_tos; /* Layer 3 protocol/TOS */
++ u_int32_t ipv4_src, ipv4_dst; /* IPv4 src/dst IP addresses */
++ u_int16_t l4_src_port, l4_dst_port; /* Layer 4 src/dst ports */
++ u_int8_t tcp_flags; /* TCP flags (0 if not available) */
+
-+/* *********************************** */
++ u_int16_t last_matched_plugin_id; /* If > 0 identifies a plugin to that matched the packet */
++ union {
++ struct pkt_offset offset; /* Offsets of L3/L4/payload elements */
++ struct pkt_aggregation_info aggregation; /* Future or plugin use */
++ } pkt_detail;
++};
+
-+#ifndef HAVE_PCAP
-+struct pcap_pkthdr {
++struct pfring_pkthdr {
+ struct timeval ts; /* time stamp */
+ u_int32_t caplen; /* length of portion present */
+ u_int32_t len; /* length this packet (off wire) */
-+ /* packet parsing info */
-+ u_int16_t eth_type; /* Ethernet type */
-+ u_int16_t vlan_id; /* VLAN Id or -1 for no vlan */
-+ u_int8_t l3_proto; /* Layer 3 protocol */
-+ u_int16_t l3_offset, l4_offset, payload_offset; /* Offsets of L3/L4/payload elements */
-+ u_int32_t ipv4_src, ipv4_dst; /* IPv4 src/dst IP addresses */
-+ u_int16_t l4_src_port, l4_dst_port; /* Layer 4 src/dst ports */
++ struct pkt_parsing_info parsed_pkt; /* packet parsing info */
++ u_int16_t parsed_header_len; /* Extra parsing data before packet */
+};
-+#endif
+
+/* *********************************** */
+
-+typedef struct _counter_list {
-+ u_int32_t bit_id;
-+ u_int32_t bit_counter;
-+ struct _counter_list *next;
-+} bitmask_counter_list;
++#define MAX_PLUGIN_ID 64
++#define MAX_PLUGIN_FIELDS 32
++
++/* ************************************************* */
++
++typedef struct {
++ u_int8_t proto; /* Use 0 for 'any' protocol */
++ u_int16_t vlan_id; /* Use '0' for any vlan */
++ u_int32_t host_low, host_high; /* User '0' for any host. This is applied to both source
++ and destination. */
++ u_int16_t port_low, port_high; /* All ports between port_low...port_high
++ 0 means 'any' port. This is applied to both source
++ and destination. This means that
++ (proto, sip, sport, dip, dport) matches the rule if
++ one in "sip & sport", "sip & dport" "dip & sport"
++ match. */
++} filtering_rule_core_fields;
++
++/* ************************************************* */
++
++#define FILTER_PLUGIN_DATA_LEN 256
++
++typedef struct {
++ char payload_pattern[32]; /* If strlen(payload_pattern) > 0, the packet payload
++ must match the specified pattern */
++ u_int16_t filter_plugin_id; /* If > 0 identifies a plugin to which the datastructure
++ below will be passed for matching */
++ char filter_plugin_data[FILTER_PLUGIN_DATA_LEN];
++ /* Opaque datastructure that is interpreted by the
++ specified plugin and that specifies a filtering
++ criteria to be checked for match. Usually this data
++ is re-casted to a more meaningful datastructure
++ */
++} filtering_rule_extended_fields;
++
++/* ************************************************* */
++
++typedef struct {
++ /* Plugin Action */
++ u_int16_t plugin_id; /* ('0'=no plugin) id of the plugin associated with this rule */
++} filtering_rule_plugin_action;
++
++typedef enum {
++ forward_packet_and_stop_rule_evaluation = 0,
++ dont_forward_packet_and_stop_rule_evaluation,
++ execute_action_and_continue_rule_evaluation,
++ forward_packet_add_rule_and_stop_rule_evaluation
++} rule_action_behaviour;
++
++typedef enum {
++ forward_packet = 100,
++ dont_forward_packet,
++ use_rule_forward_policy
++} packet_action_behaviour;
+
+typedef struct {
-+ u_int32_t num_bits, order, num_pages;
-+ unsigned long bits_memory;
-+ bitmask_counter_list *clashes;
-+} bitmask_selector;
++ u_int16_t rule_id; /* Rules are processed in order from lowest to higest id */
++ rule_action_behaviour rule_action; /* What to do in case of match */
++ u_int8_t balance_id, balance_pool; /* If balance_pool > 0, then pass the packet above only if the
++ (hash(proto, sip, sport, dip, dport) % balance_pool)
++ = balance_id */
++ filtering_rule_core_fields core_fields;
++ filtering_rule_extended_fields extended_fields;
++ filtering_rule_plugin_action plugin_action;
++ unsigned long jiffies_last_match; /* Jiffies of the last rule match (updated by pf_ring) */
++} filtering_rule;
+
+/* *********************************** */
+
-+enum cluster_type {
-+ cluster_per_flow = 0,
-+ cluster_round_robin
-+};
++/* Hash size used for precise packet matching */
++#define DEFAULT_RING_HASH_SIZE 4096
++
++/*
++ * The hashtable contains only perfect matches: no
++ * wildacards or so are accepted.
++*/
++typedef struct {
++ u_int16_t vlan_id;
++ u_int8_t proto;
++ u_int32_t host_peer_a, host_peer_b;
++ u_int16_t port_peer_a, port_peer_b;
++
++ rule_action_behaviour rule_action; /* What to do in case of match */
++ filtering_rule_plugin_action plugin_action;
++ unsigned long jiffies_last_match; /* Jiffies of the last rule match (updated by pf_ring) */
++} hash_filtering_rule;
++
++/* ************************************************* */
++
++typedef struct _filtering_hash_bucket {
++ hash_filtering_rule rule;
++ void *plugin_data_ptr; /* ptr to a *continuous* memory area
++ allocated by the plugin */
++ u_int16_t plugin_data_ptr_len;
++ struct _filtering_hash_bucket *next;
++} filtering_hash_bucket;
+
+/* *********************************** */
+
-+#define RING_MIN_SLOT_SIZE (60+sizeof(struct pcap_pkthdr))
-+#define RING_MAX_SLOT_SIZE (1514+sizeof(struct pcap_pkthdr))
++#define RING_MIN_SLOT_SIZE (60+sizeof(struct pfring_pkthdr))
++#define RING_MAX_SLOT_SIZE (1514+sizeof(struct pfring_pkthdr))
++
++#ifndef min
++#define min(a,b) ((a < b) ? a : b)
++#endif
+
+/* *********************************** */
++/* False sharing reference: http://en.wikipedia.org/wiki/False_sharing */
+
+typedef struct flowSlotInfo {
+ u_int16_t version, sample_rate;
+ u_int32_t tot_slots, slot_len, data_len, tot_mem;
-+
-+ u_int64_t tot_pkts, tot_lost;
-+ u_int64_t tot_insert, tot_read;
-+ u_int32_t insert_idx, remove_idx;
++ u_int64_t tot_pkts, tot_lost, tot_insert, tot_read;
++ u_int32_t insert_idx;
++ u_int8_t padding[72]; /* Used to avoid false sharing */
++ u_int32_t remove_idx;
++ u_int32_t padding2[31]; /* Used to avoid false sharing */
+} FlowSlotInfo;
+
+/* *********************************** */
@@ -206,7 +267,7 @@
+
+/* *********************************** */
+
-+#ifdef __KERNEL__
++#ifdef __KERNEL__
+
+FlowSlotInfo* getRingPtr(void);
+int allocateRing(char *deviceName, u_int numSlots,
@@ -216,58 +277,325 @@
+
+/* ************************* */
+
-+typedef int (*handle_ring_skb)(struct sk_buff *skb,
-+ u_char recv_packet, u_char real_skb);
++#endif /* __KERNEL__ */
++
++/* *********************************** */
++
++#define PF_RING 27 /* Packet Ring */
++#define SOCK_RING PF_RING
++
++/* ioctl() */
++#define SIORINGPOLL 0x8888
++
++/* ************************************************* */
++
++typedef int (*dna_wait_packet)(void *adapter, int mode);
++
++typedef enum {
++ add_device_mapping = 0, remove_device_mapping
++} dna_device_operation;
++
++typedef enum {
++ intel_e1000 = 0, intel_igb, intel_ixgbe
++} dna_device_model;
++
++typedef struct {
++ unsigned long packet_memory; /* Invalid in userland */
++ u_int packet_memory_num_slots;
++ u_int packet_memory_slot_len;
++ u_int packet_memory_tot_len;
++ void *descr_packet_memory; /* Invalid in userland */
++ u_int descr_packet_memory_num_slots;
++ u_int descr_packet_memory_slot_len;
++ u_int descr_packet_memory_tot_len;
++ u_int channel_id;
++ char *phys_card_memory; /* Invalid in userland */
++ u_int phys_card_memory_len;
++ struct net_device *netdev; /* Invalid in userland */
++ dna_device_model device_model;
++#ifdef __KERNEL__
++ wait_queue_head_t *packet_waitqueue;
++#else
++ void *packet_waitqueue;
++#endif
++ u_int8_t *interrupt_received, in_use;
++ void *adapter_ptr;
++ dna_wait_packet wait_packet_function_ptr;
++} dna_device;
++
++typedef struct {
++ dna_device_operation operation;
++ char device_name[8];
++ int32_t channel_id;
++} dna_device_mapping;
++
++/* ************************************************* */
++
++#ifdef __KERNEL__
++
++enum cluster_type {
++ cluster_per_flow = 0,
++ cluster_round_robin
++};
++
++#define CLUSTER_LEN 8
++
++/*
++ * A ring cluster is used group together rings used by various applications
++ * so that they look, from the PF_RING point of view, as a single ring.
++ * This means that developers can use clusters for sharing packets across
++ * applications using various policies as specified in the hashing_mode
++ * parameter.
++ */
++struct ring_cluster {
++ u_short cluster_id; /* 0 = no cluster */
++ u_short num_cluster_elements;
++ enum cluster_type hashing_mode;
++ u_short hashing_id;
++ struct sock *sk[CLUSTER_LEN];
++};
++
++/*
++ * Linked-list of ring clusters.
++ */
++typedef struct {
++ struct ring_cluster cluster;
++ struct list_head list;
++} ring_cluster_element;
++
++typedef struct {
++ dna_device dev;
++ struct list_head list;
++} dna_device_list;
++
++/* ************************************************* */
++
++/*
++ * Linked-list of ring sockets.
++ */
++struct ring_element {
++ struct list_head list;
++ struct sock *sk;
++};
++
++/* ************************************************* */
++
++struct ring_opt *pfr; /* Forward */
++
++typedef int (*do_handle_filtering_hash_bucket)(struct ring_opt *pfr,
++ filtering_hash_bucket* rule,
++ u_char add_rule);
++
++/* ************************************************* */
++
++#define RING_ANY_CHANNEL -1
++
++/*
++ * Ring options
++ */
++struct ring_opt {
++ u_int8_t ring_active;
++ struct net_device *ring_netdev;
++ u_short ring_pid;
++ u_int32_t ring_id;
++ char *appl_name; /* String that identifies the application bound to the socket */
++
++ /* Direct NIC Access */
++ u_int8_t mmap_count;
++ dna_device *dna_device;
++
++ /* Cluster */
++ u_short cluster_id; /* 0 = no cluster */
++
++ /* Channel */
++ int32_t channel_id; /* -1 = any channel */
++
++ /* Reflector */
++ struct net_device *reflector_dev; /* Reflector device */
++
++ /* Packet buffers */
++ unsigned long order;
++
++ /* Ring Slots */
++ void * ring_memory;
++ u_int32_t bucket_len;
++ FlowSlotInfo *slots_info; /* Points to ring_memory */
++ char *ring_slots; /* Points to ring_memory+sizeof(FlowSlotInfo) */
++
++ /* Packet Sampling */
++ u_int32_t pktToSample, sample_rate;
++
++ /* BPF Filter */
++ struct sk_filter *bpfFilter;
++
++ /* Filtering Rules */
++ filtering_hash_bucket **filtering_hash;
++ u_int16_t num_filtering_rules;
++ u_int8_t rules_default_accept_policy; /* 1=default policy is accept, drop otherwise */
++ struct list_head rules;
++
++ /* Locks */
++ atomic_t num_ring_users;
++ wait_queue_head_t ring_slots_waitqueue;
++ rwlock_t ring_index_lock, ring_rules_lock;
++
++ /* Indexes (Internal) */
++ u_int insert_page_id, insert_slot_id;
++
++ /* Function pointer */
++ do_handle_filtering_hash_bucket handle_hash_rule;
++};
++
++/* **************************************** */
++
++/*
++ * Linked-list of device rings
++ */
++typedef struct {
++ struct ring_opt *the_ring;
++ struct list_head list;
++} device_ring_list_element;
++
++/* **************************************** */
++
++typedef struct {
++ filtering_rule rule;
++ regexp *pattern;
++ struct list_head list;
++
++ /* Plugin action */
++ void *plugin_data_ptr; /* ptr to a *continuous* memory area allocated by the plugin */
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-PF_RING.patch?r1=1.2&r2=1.3&f=u
More information about the pld-cvs-commit
mailing list