Author: arekm Date: Tue Jul 21 03:41:34 2009 GMT Module: packages Tag: HEAD ---- Log message: - update to latest version
---- Files affected: packages/kernel: kernel-PF_RING.patch (1.2 -> 1.3) ---- Diffs: ================================================================ Index: packages/kernel/kernel-PF_RING.patch diff -u packages/kernel/kernel-PF_RING.patch:1.2 packages/kernel/kernel-PF_RING.patch:1.3 --- packages/kernel/kernel-PF_RING.patch:1.2 Tue Mar 31 14:02:41 2009 +++ packages/kernel/kernel-PF_RING.patch Tue Jul 21 05:41:26 2009 @@ -1,12 +1,13 @@ -diff --unified --recursive --new-file linux-2.6.21.4/include/linux/ring.h linux-2.6.21.4-1-686-smp-ring3/include/linux/ring.h ---- linux-2.6.21.4/include/linux/ring.h 1970-01-01 00:00:00.000000000 +0000 -+++ linux-2.6.21.4-1-686-smp-ring3/include/linux/ring.h 2007-06-10 16:43:04.346421348 +0000 -@@ -0,0 +1,240 @@ +diff --unified --recursive --new-file linux-2.6.30/include/linux/ring.h linux-2.6.30-1-686-smp-PF_RING/include/linux/ring.h +--- linux-2.6.30/include/linux/ring.h 1970-01-01 01:00:00.000000000 +0100 ++++ linux-2.6.30-1-686-smp-PF_RING/include/linux/ring.h 2009-07-21 04:40:31.308485480 +0200 +@@ -0,0 +1,590 @@ +/* + * Definitions for packet ring + * -+ * 2004-07 Luca Deri <[email protected]> ++ * 2004-09 Luca Deri <[email protected]> + */ ++ +#ifndef __RING_H +#define __RING_H + @@ -19,179 +20,239 @@ +#endif + +#define RING_MAGIC -+#define RING_MAGIC_VALUE 0x88 -+#define RING_FLOWSLOT_VERSION 6 -+#define RING_VERSION "3.4.1" -+ -+#define SO_ADD_TO_CLUSTER 99 -+#define SO_REMOVE_FROM_CLUSTER 100 -+#define SO_SET_REFLECTOR 101 -+#define SO_SET_BLOOM 102 -+#define SO_SET_STRING 103 -+#define SO_TOGGLE_BLOOM_STATE 104 -+#define SO_RESET_BLOOM_FILTERS 105 -+ -+#define BITMASK_SET(n, p) (((char*)p->bits_memory)[n/8] |= (1<<(n % 8))) -+#define BITMASK_CLR(n, p) (((char*)p->bits_memory)[n/8] &= ~(1<<(n % 8))) -+#define BITMASK_ISSET(n, p) (((char*)p->bits_memory)[n/8] & (1<<(n % 8))) ++#define RING_MAGIC_VALUE 0x88 ++#define RING_FLOWSLOT_VERSION 9 + -+/* *********************************** */ ++#define DEFAULT_BUCKET_LEN 128 ++#define MAX_NUM_DEVICES 256 + -+/* -+ Aho-Corasick code taken from Snort -+ under GPL license -+*/ -+/* -+ * DEFINES and Typedef's -+ */ -+#define MAX_ALPHABET_SIZE 256 ++/* Versioning */ ++#define RING_VERSION "3.9.5" ++#define RING_VERSION_NUM 0x030904 + -+/* -+ FAIL STATE for 1,2,or 4 bytes for state transitions ++/* Set */ ++#define SO_ADD_TO_CLUSTER 99 ++#define SO_REMOVE_FROM_CLUSTER 100 ++#define SO_SET_REFLECTOR 101 ++#define SO_SET_STRING 102 ++#define SO_ADD_FILTERING_RULE 103 ++#define SO_REMOVE_FILTERING_RULE 104 ++#define SO_TOGGLE_FILTER_POLICY 105 ++#define SO_SET_SAMPLING_RATE 106 ++#define SO_ACTIVATE_RING 107 ++#define SO_RING_BUCKET_LEN 108 ++#define SO_SET_CHANNEL_ID 109 ++#define SO_PURGE_IDLE_HASH_RULES 110 /* inactivity (sec) */ ++#define SO_SET_APPL_NAME 111 + -+ Uncomment this define to use 32 bit state values -+ #define AC32 -+*/ ++/* Get */ ++#define SO_GET_RING_VERSION 120 ++#define SO_GET_FILTERING_RULE_STATS 121 ++#define SO_GET_HASH_FILTERING_RULE_STATS 122 ++#define SO_GET_MAPPED_DNA_DEVICE 123 + -+typedef unsigned short acstate_t; -+#define ACSM_FAIL_STATE2 0xffff ++/* Map */ ++#define SO_MAP_DNA_DEVICE 130 ++ ++/* **************** regexp.h ******************* */ + +/* ++http://www.opensource.apple.com/darwinsource/10.3/expect-1/expect/expect.h , ++which contains a version of this library, says: ++ ++ * ++ * NSUBEXP must be at least 10, and no greater than 117 or the parser ++ * will not work properly. + * -+ */ -+typedef -+struct _acsm_pattern2 -+{ -+ struct _acsm_pattern2 *next; + -+ unsigned char *patrn; -+ unsigned char *casepatrn; -+ int n; -+ int nocase; -+ int offset; -+ int depth; -+ void * id; -+ int iid; ++However, it looks rather like this library is limited to 10. If you think ++otherwise, let us know. ++*/ + -+} ACSM_PATTERN2; ++#define NSUBEXP 10 ++typedef struct regexp { ++ char *startp[NSUBEXP]; ++ char *endp[NSUBEXP]; ++ char regstart; /* Internal use only. */ ++ char reganch; /* Internal use only. */ ++ char *regmust; /* Internal use only. */ ++ int regmlen; /* Internal use only. */ ++ char program[1]; /* Unwarranted chumminess with compiler. */ ++} regexp; ++ ++regexp * regcomp(char *exp, int *patternsize); ++int regexec(regexp *prog, char *string); ++void regsub(regexp *prog, char *source, char *dest); ++void regerror(char *s); + +/* -+ * transition nodes - either 8 or 12 bytes ++ * The first byte of the regexp internal "program" is actually this magic ++ * number; the start node begins in the second byte. + */ -+typedef -+struct trans_node_s { -+ -+ acstate_t key; /* The character that got us here - sized to keep structure aligned on 4 bytes */ -+ /* to better the caching opportunities. A value that crosses the cache line */ -+ /* forces an expensive reconstruction, typing this as acstate_t stops that. */ -+ acstate_t next_state; /* */ -+ struct trans_node_s * next; /* next transition for this state */ -+ -+} trans_node_t; ++#define MAGIC 0234 + ++/* *********************************** */ + -+/* -+ * User specified final storage type for the state transitions -+ */ -+enum { -+ ACF_FULL, -+ ACF_SPARSE, -+ ACF_BANDED, -+ ACF_SPARSEBANDS, ++struct pkt_aggregation_info { ++ u_int32_t num_pkts, num_bytes; ++ struct timeval first_seen, last_seen; +}; + +/* -+ * User specified machine types -+ * -+ * TRIE : Keyword trie -+ * NFA : -+ * DFA : -+ */ -+enum { -+ FSA_TRIE, -+ FSA_NFA, -+ FSA_DFA, ++ Note that as offsets *can* be negative, ++ please do not change them to unsigned ++*/ ++struct pkt_offset { ++ int16_t eth_offset; /* This offset *must* be added to all offsets below */ ++ int16_t vlan_offset; ++ int16_t l3_offset; ++ int16_t l4_offset; ++ int16_t payload_offset; +}; + -+/* -+ * Aho-Corasick State Machine Struct - one per group of pattterns -+ */ -+typedef struct { -+ int acsmMaxStates; -+ int acsmNumStates; -+ -+ ACSM_PATTERN2 * acsmPatterns; -+ acstate_t * acsmFailState; -+ ACSM_PATTERN2 ** acsmMatchList; -+ -+ /* list of transitions in each state, this is used to build the nfa & dfa */ -+ /* after construction we convert to sparse or full format matrix and free */ -+ /* the transition lists */ -+ trans_node_t ** acsmTransTable; -+ -+ acstate_t ** acsmNextState; -+ int acsmFormat; -+ int acsmSparseMaxRowNodes; -+ int acsmSparseMaxZcnt; -+ -+ int acsmNumTrans; -+ int acsmAlphabetSize; -+ int acsmFSA; -+ -+} ACSM_STRUCT2; ++struct pkt_parsing_info { ++ /* Core fields (also used by NetFlow) */ ++ u_int16_t eth_type; /* Ethernet type */ ++ u_int16_t vlan_id; /* VLAN Id or NO_VLAN */ ++ u_int8_t l3_proto, ipv4_tos; /* Layer 3 protocol/TOS */ ++ u_int32_t ipv4_src, ipv4_dst; /* IPv4 src/dst IP addresses */ ++ u_int16_t l4_src_port, l4_dst_port; /* Layer 4 src/dst ports */ ++ u_int8_t tcp_flags; /* TCP flags (0 if not available) */ + -+/* *********************************** */ ++ u_int16_t last_matched_plugin_id; /* If > 0 identifies a plugin to that matched the packet */ ++ union { ++ struct pkt_offset offset; /* Offsets of L3/L4/payload elements */ ++ struct pkt_aggregation_info aggregation; /* Future or plugin use */ ++ } pkt_detail; ++}; + -+#ifndef HAVE_PCAP -+struct pcap_pkthdr { ++struct pfring_pkthdr { + struct timeval ts; /* time stamp */ + u_int32_t caplen; /* length of portion present */ + u_int32_t len; /* length this packet (off wire) */ -+ /* packet parsing info */ -+ u_int16_t eth_type; /* Ethernet type */ -+ u_int16_t vlan_id; /* VLAN Id or -1 for no vlan */ -+ u_int8_t l3_proto; /* Layer 3 protocol */ -+ u_int16_t l3_offset, l4_offset, payload_offset; /* Offsets of L3/L4/payload elements */ -+ u_int32_t ipv4_src, ipv4_dst; /* IPv4 src/dst IP addresses */ -+ u_int16_t l4_src_port, l4_dst_port; /* Layer 4 src/dst ports */ ++ struct pkt_parsing_info parsed_pkt; /* packet parsing info */ ++ u_int16_t parsed_header_len; /* Extra parsing data before packet */ +}; -+#endif + +/* *********************************** */ + -+typedef struct _counter_list { -+ u_int32_t bit_id; -+ u_int32_t bit_counter; -+ struct _counter_list *next; -+} bitmask_counter_list; ++#define MAX_PLUGIN_ID 64 ++#define MAX_PLUGIN_FIELDS 32 ++ ++/* ************************************************* */ ++ ++typedef struct { ++ u_int8_t proto; /* Use 0 for 'any' protocol */ ++ u_int16_t vlan_id; /* Use '0' for any vlan */ ++ u_int32_t host_low, host_high; /* User '0' for any host. This is applied to both source ++ and destination. */ ++ u_int16_t port_low, port_high; /* All ports between port_low...port_high ++ 0 means 'any' port. This is applied to both source ++ and destination. This means that ++ (proto, sip, sport, dip, dport) matches the rule if ++ one in "sip & sport", "sip & dport" "dip & sport" ++ match. */ ++} filtering_rule_core_fields; ++ ++/* ************************************************* */ ++ ++#define FILTER_PLUGIN_DATA_LEN 256 ++ ++typedef struct { ++ char payload_pattern[32]; /* If strlen(payload_pattern) > 0, the packet payload ++ must match the specified pattern */ ++ u_int16_t filter_plugin_id; /* If > 0 identifies a plugin to which the datastructure ++ below will be passed for matching */ ++ char filter_plugin_data[FILTER_PLUGIN_DATA_LEN]; ++ /* Opaque datastructure that is interpreted by the ++ specified plugin and that specifies a filtering ++ criteria to be checked for match. Usually this data ++ is re-casted to a more meaningful datastructure ++ */ ++} filtering_rule_extended_fields; ++ ++/* ************************************************* */ ++ ++typedef struct { ++ /* Plugin Action */ ++ u_int16_t plugin_id; /* ('0'=no plugin) id of the plugin associated with this rule */ ++} filtering_rule_plugin_action; ++ ++typedef enum { ++ forward_packet_and_stop_rule_evaluation = 0, ++ dont_forward_packet_and_stop_rule_evaluation, ++ execute_action_and_continue_rule_evaluation, ++ forward_packet_add_rule_and_stop_rule_evaluation ++} rule_action_behaviour; ++ ++typedef enum { ++ forward_packet = 100, ++ dont_forward_packet, ++ use_rule_forward_policy ++} packet_action_behaviour; + +typedef struct { -+ u_int32_t num_bits, order, num_pages; -+ unsigned long bits_memory; -+ bitmask_counter_list *clashes; -+} bitmask_selector; ++ u_int16_t rule_id; /* Rules are processed in order from lowest to higest id */ ++ rule_action_behaviour rule_action; /* What to do in case of match */ ++ u_int8_t balance_id, balance_pool; /* If balance_pool > 0, then pass the packet above only if the ++ (hash(proto, sip, sport, dip, dport) % balance_pool) ++ = balance_id */ ++ filtering_rule_core_fields core_fields; ++ filtering_rule_extended_fields extended_fields; ++ filtering_rule_plugin_action plugin_action; ++ unsigned long jiffies_last_match; /* Jiffies of the last rule match (updated by pf_ring) */ ++} filtering_rule; + +/* *********************************** */ + -+enum cluster_type { -+ cluster_per_flow = 0, -+ cluster_round_robin -+}; ++/* Hash size used for precise packet matching */ ++#define DEFAULT_RING_HASH_SIZE 4096 ++ ++/* ++ * The hashtable contains only perfect matches: no ++ * wildacards or so are accepted. ++*/ ++typedef struct { ++ u_int16_t vlan_id; ++ u_int8_t proto; ++ u_int32_t host_peer_a, host_peer_b; ++ u_int16_t port_peer_a, port_peer_b; ++ ++ rule_action_behaviour rule_action; /* What to do in case of match */ ++ filtering_rule_plugin_action plugin_action; ++ unsigned long jiffies_last_match; /* Jiffies of the last rule match (updated by pf_ring) */ ++} hash_filtering_rule; ++ ++/* ************************************************* */ ++ ++typedef struct _filtering_hash_bucket { ++ hash_filtering_rule rule; ++ void *plugin_data_ptr; /* ptr to a *continuous* memory area ++ allocated by the plugin */ ++ u_int16_t plugin_data_ptr_len; ++ struct _filtering_hash_bucket *next; ++} filtering_hash_bucket; + +/* *********************************** */ + -+#define RING_MIN_SLOT_SIZE (60+sizeof(struct pcap_pkthdr)) -+#define RING_MAX_SLOT_SIZE (1514+sizeof(struct pcap_pkthdr)) ++#define RING_MIN_SLOT_SIZE (60+sizeof(struct pfring_pkthdr)) ++#define RING_MAX_SLOT_SIZE (1514+sizeof(struct pfring_pkthdr)) ++ ++#ifndef min ++#define min(a,b) ((a < b) ? a : b) ++#endif + +/* *********************************** */ ++/* False sharing reference: http://en.wikipedia.org/wiki/False_sharing */ + +typedef struct flowSlotInfo { + u_int16_t version, sample_rate; + u_int32_t tot_slots, slot_len, data_len, tot_mem; -+ -+ u_int64_t tot_pkts, tot_lost; -+ u_int64_t tot_insert, tot_read; -+ u_int32_t insert_idx, remove_idx; ++ u_int64_t tot_pkts, tot_lost, tot_insert, tot_read; ++ u_int32_t insert_idx; ++ u_int8_t padding[72]; /* Used to avoid false sharing */ ++ u_int32_t remove_idx; ++ u_int32_t padding2[31]; /* Used to avoid false sharing */ +} FlowSlotInfo; + +/* *********************************** */ @@ -206,7 +267,7 @@ + +/* *********************************** */ + -+#ifdef __KERNEL__ ++#ifdef __KERNEL__ + +FlowSlotInfo* getRingPtr(void); +int allocateRing(char *deviceName, u_int numSlots, @@ -216,58 +277,325 @@ + +/* ************************* */ + -+typedef int (*handle_ring_skb)(struct sk_buff *skb, -+ u_char recv_packet, u_char real_skb); ++#endif /* __KERNEL__ */ ++ ++/* *********************************** */ ++ ++#define PF_RING 27 /* Packet Ring */ ++#define SOCK_RING PF_RING ++ ++/* ioctl() */ ++#define SIORINGPOLL 0x8888 ++ ++/* ************************************************* */ ++ ++typedef int (*dna_wait_packet)(void *adapter, int mode); ++ ++typedef enum { ++ add_device_mapping = 0, remove_device_mapping ++} dna_device_operation; ++ ++typedef enum { ++ intel_e1000 = 0, intel_igb, intel_ixgbe ++} dna_device_model; ++ ++typedef struct { ++ unsigned long packet_memory; /* Invalid in userland */ ++ u_int packet_memory_num_slots; ++ u_int packet_memory_slot_len; ++ u_int packet_memory_tot_len; ++ void *descr_packet_memory; /* Invalid in userland */ ++ u_int descr_packet_memory_num_slots; ++ u_int descr_packet_memory_slot_len; ++ u_int descr_packet_memory_tot_len; ++ u_int channel_id; ++ char *phys_card_memory; /* Invalid in userland */ ++ u_int phys_card_memory_len; ++ struct net_device *netdev; /* Invalid in userland */ ++ dna_device_model device_model; ++#ifdef __KERNEL__ ++ wait_queue_head_t *packet_waitqueue; ++#else ++ void *packet_waitqueue; ++#endif ++ u_int8_t *interrupt_received, in_use; ++ void *adapter_ptr; ++ dna_wait_packet wait_packet_function_ptr; ++} dna_device; ++ ++typedef struct { ++ dna_device_operation operation; ++ char device_name[8]; ++ int32_t channel_id; ++} dna_device_mapping; ++ ++/* ************************************************* */ ++ ++#ifdef __KERNEL__ ++ ++enum cluster_type { ++ cluster_per_flow = 0, ++ cluster_round_robin ++}; ++ ++#define CLUSTER_LEN 8 ++ ++/* ++ * A ring cluster is used group together rings used by various applications ++ * so that they look, from the PF_RING point of view, as a single ring. ++ * This means that developers can use clusters for sharing packets across ++ * applications using various policies as specified in the hashing_mode ++ * parameter. ++ */ ++struct ring_cluster { ++ u_short cluster_id; /* 0 = no cluster */ ++ u_short num_cluster_elements; ++ enum cluster_type hashing_mode; ++ u_short hashing_id; ++ struct sock *sk[CLUSTER_LEN]; ++}; ++ ++/* ++ * Linked-list of ring clusters. ++ */ ++typedef struct { ++ struct ring_cluster cluster; ++ struct list_head list; ++} ring_cluster_element; ++ ++typedef struct { ++ dna_device dev; ++ struct list_head list; ++} dna_device_list; ++ ++/* ************************************************* */ ++ ++/* ++ * Linked-list of ring sockets. ++ */ ++struct ring_element { ++ struct list_head list; ++ struct sock *sk; ++}; ++ ++/* ************************************************* */ ++ ++struct ring_opt *pfr; /* Forward */ ++ ++typedef int (*do_handle_filtering_hash_bucket)(struct ring_opt *pfr, ++ filtering_hash_bucket* rule, ++ u_char add_rule); ++ ++/* ************************************************* */ ++ ++#define RING_ANY_CHANNEL -1 ++ ++/* ++ * Ring options ++ */ ++struct ring_opt { ++ u_int8_t ring_active; ++ struct net_device *ring_netdev; ++ u_short ring_pid; ++ u_int32_t ring_id; ++ char *appl_name; /* String that identifies the application bound to the socket */ ++ ++ /* Direct NIC Access */ ++ u_int8_t mmap_count; ++ dna_device *dna_device; ++ ++ /* Cluster */ ++ u_short cluster_id; /* 0 = no cluster */ ++ ++ /* Channel */ ++ int32_t channel_id; /* -1 = any channel */ ++ ++ /* Reflector */ ++ struct net_device *reflector_dev; /* Reflector device */ ++ ++ /* Packet buffers */ ++ unsigned long order; ++ ++ /* Ring Slots */ ++ void * ring_memory; ++ u_int32_t bucket_len; ++ FlowSlotInfo *slots_info; /* Points to ring_memory */ ++ char *ring_slots; /* Points to ring_memory+sizeof(FlowSlotInfo) */ ++ ++ /* Packet Sampling */ ++ u_int32_t pktToSample, sample_rate; ++ ++ /* BPF Filter */ ++ struct sk_filter *bpfFilter; ++ ++ /* Filtering Rules */ ++ filtering_hash_bucket **filtering_hash; ++ u_int16_t num_filtering_rules; ++ u_int8_t rules_default_accept_policy; /* 1=default policy is accept, drop otherwise */ ++ struct list_head rules; ++ ++ /* Locks */ ++ atomic_t num_ring_users; ++ wait_queue_head_t ring_slots_waitqueue; ++ rwlock_t ring_index_lock, ring_rules_lock; ++ ++ /* Indexes (Internal) */ ++ u_int insert_page_id, insert_slot_id; ++ ++ /* Function pointer */ ++ do_handle_filtering_hash_bucket handle_hash_rule; ++}; ++ ++/* **************************************** */ ++ ++/* ++ * Linked-list of device rings ++ */ ++typedef struct { ++ struct ring_opt *the_ring; ++ struct list_head list; ++} device_ring_list_element; ++ ++/* **************************************** */ ++ ++typedef struct { ++ filtering_rule rule; ++ regexp *pattern; ++ struct list_head list; ++ ++ /* Plugin action */ ++ void *plugin_data_ptr; /* ptr to a *continuous* memory area allocated by the plugin */ <<Diff was trimmed, longer than 597 lines>> ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-PF_RING.patch?r1=1.2&r2=1.3&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
