---------- Forwarded message ----------
From: Sibir Chakraborty <[email protected]>
Date: Mon, Oct 15, 2012 at 12:56 PM
Subject: Re: [netsniff-ng] Re: About BPF inline filter and 10G speeds
To: Daniel Borkmann <[email protected]>
This is my synchronized traffic replay progress this far:
"-s -S1GB -m" flags are implicitly declared. Added 2 extra cmd_line
inputs. -L <loops> and -D <directory> instead of -f <file>
1) I take user config like this:
[Filters]
eth0#tcp
eth1#udp
2) I keep a map: user_flt_struct : bpf_filter and Interface_ID.
3) Now, I open TX_RINGs for all the NICs for which filters are defined.
4) The filter is text form is converted to bpf_syntax which
netsniff-ng understands (using: bpf_dump_tofile(char *text) modified
from libpcap's bpf_dump).
5) Next, this is the algorithm:
int send_to_all_matched=true; //This flag is used to indicate
condition when multiple cards meet the filter criterion.
bool not_used=true;
if(not_used==true)
buffer = Read next frame into 1st NIC's ring,
run,
6)
For each NIC,
result=bpf_run(bpf_prog,buffer)
hdr = tx_ring.frames[it].iov_base;
/* Kernel assumes: data = ph.raw + po->tp_hdrlen -
* sizeof(struct sockaddr_ll); */
out = ((uint8_t *) hdr) + TPACKET_HDRLEN -
sizeof(struct sockaddr_ll);
hdr->tp_h.tp_snaplen = buffer.len;
hdr->tp_h.tp_len = buffer.len;
fmemcpy(out, buffer, buffer.len);
if (result==true) && (send_to_all_matched!=true);
not_used=false;
else not_used=true;
Regards,
Sibir
--
