Skip to content

Commit 2c06423

Browse files
committed
fix pfring
1 parent 7c600e3 commit 2c06423

6 files changed

Lines changed: 299 additions & 0 deletions

File tree

Lines changed: 90 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,90 @@
1+
#
2+
# Copyright (C) 2017 Banglang Huang
3+
#
4+
# This is free software, licensed under the GNU General Public License v2.
5+
# See /LICENSE for more information.
6+
#
7+
8+
include $(TOPDIR)/rules.mk
9+
include $(INCLUDE_DIR)/kernel.mk
10+
11+
PKG_NAME:=libpfring
12+
PKG_VERSION:=8.4.0
13+
PKG_RELEASE:=2
14+
15+
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
16+
PKG_SOURCE_URL:=https://codeload.github.com/ntop/PF_RING/tar.gz/$(PKG_VERSION)?
17+
PKG_HASH:=2756a45ab250da11850160beb62aa879075aedfb49bf8f323b404f02b0c36670
18+
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/PF_RING-$(PKG_VERSION)
19+
20+
PKG_MAINTAINER:=Banglang Huang <banglang.huang@foxmail.com>
21+
22+
PKG_FIXUP:=patch-libtool
23+
PKG_INSTALL:=1
24+
PKG_BUILD_PARALLEL:=1
25+
26+
include $(INCLUDE_DIR)/package.mk
27+
28+
CONFIGURE_PATH:=userland
29+
MAKE_PATH:=userland/lib
30+
31+
define Package/libpfring
32+
SECTION:=libs
33+
CATEGORY:=Libraries
34+
TITLE:=Library for PR_RING (package process framework)
35+
URL:=https://github.com/ntop/pf_ring
36+
DEPENDS:=+kmod-pf-ring +libpcap +libpthread
37+
LICENSE:=LGPL-2.1-or-later
38+
LICENSE_FILES:=LICENSE
39+
endef
40+
41+
define Package/libpfring/description
42+
PF_RING is a high speed packet capture library that turns a commodity PC into an efficient and cheap
43+
network measurement box suitable for both packet and active traffic analysis and manipulation.
44+
Moreover, PF_RING opens totally new markets as it enables the creation of efficient application such as
45+
traffic balancers or packet filters in a matter of lines of codes.
46+
endef
47+
48+
define KernelPackage/pf-ring
49+
SUBMENU:=Network Support
50+
TITLE:=PF_RING Kernel driver
51+
FILES:=$(PKG_BUILD_DIR)/kernel/pf_ring.ko
52+
AUTOLOAD:=$(call AutoLoad,90,pf_ring,1)
53+
LICENSE:=GPL-2.0-or-later
54+
endef
55+
56+
define KernelPackage/pf-ring/description
57+
Kernel module for libpf-ring package
58+
endef
59+
60+
CONFIGURE_VARS += \
61+
MACHINE="$(ARCH)" \
62+
ac_cv_lib_nl_3_nl_socket_alloc=no
63+
64+
define Build/Compile
65+
$(MAKE) -C "$(LINUX_DIR)" \
66+
KERNEL_DIR="$(LINUX_DIR)" \
67+
ARCH="$(LINUX_KARCH)" \
68+
CROSS_COMPILE="$(TARGET_CROSS)" \
69+
M="$(PKG_BUILD_DIR)/kernel" \
70+
EXTRA_CFLAGS="$(EXTRA_CFLAGS) -I$(PKG_BUILD_DIR)/kernel" \
71+
modules
72+
$(call Build/Compile/Default)
73+
endef
74+
75+
define Build/InstallDev
76+
$(INSTALL_DIR) $(1)/usr/include/
77+
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
78+
79+
$(INSTALL_DIR) $(1)/usr/lib
80+
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpfring.so* $(1)/usr/lib/
81+
endef
82+
83+
define Package/libpfring/install
84+
$(INSTALL_DIR) $(1)/usr/lib/
85+
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpfring.so* $(1)/usr/lib/
86+
$(LN) libpfring.so $(1)/usr/lib/libpfring.so.1
87+
endef
88+
89+
$(eval $(call BuildPackage,libpfring))
90+
$(eval $(call KernelPackage,pf-ring))
Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
--- a/userland/configure
2+
+++ b/userland/configure
3+
@@ -3868,12 +3868,6 @@ $as_echo "no" >&6; }
4+
if test "$IS_FREEBSD" != "1" && test "$cross_compiling" != "yes" ; then
5+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if r/w locks are supported" >&5
6+
$as_echo_n "checking if r/w locks are supported... " >&6; }
7+
- if test "$cross_compiling" = yes; then :
8+
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
9+
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
10+
-as_fn_error $? "cannot run test program while cross compiling
11+
-See \`config.log' for more details" "$LINENO" 5; }
12+
-else
13+
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14+
/* end confdefs.h. */
15+
16+
@@ -3886,7 +3880,7 @@ else
17+
18+
19+
_ACEOF
20+
-if ac_fn_c_try_run "$LINENO"; then :
21+
+if ac_fn_c_try_compile "$LINENO"; then :
22+
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
23+
$as_echo "yes" >&6; }
24+
cat >>confdefs.h <<_ACEOF
25+
@@ -3900,7 +3894,6 @@ $as_echo "no" >&6; }
26+
fi
27+
rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
28+
conftest.$ac_objext conftest.beam conftest.$ac_ext
29+
-fi
30+
31+
fi
32+
Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
From 405caa1424358032574230ec5479e64834869298 Mon Sep 17 00:00:00 2001
2+
From: Alfredo Cardigliano <cardigliano@ntop.org>
3+
Date: Thu, 13 Apr 2023 13:03:28 +0200
4+
Subject: [PATCH] Implement probabilistic sampling
5+
6+
---
7+
kernel/linux/pf_ring.h | 4 +++-
8+
kernel/pf_ring.c | 34 ++++++++++++++++++++++++----------
9+
2 files changed, 27 insertions(+), 11 deletions(-)
10+
11+
--- a/kernel/linux/pf_ring.h
12+
+++ b/kernel/linux/pf_ring.h
13+
@@ -1310,7 +1310,9 @@ struct pf_ring_socket {
14+
u_char *ring_slots; /* Points to ring_memory+sizeof(FlowSlotInfo) */
15+
16+
/* Packet Sampling */
17+
- u_int32_t pktToSample, sample_rate;
18+
+ u_int32_t sample_rate;
19+
+ u_int32_t pkts_to_sample;
20+
+ u_int32_t sample_rnd_shift;
21+
22+
/* Virtual Filtering Device */
23+
virtual_filtering_device_element *v_filtering_dev;
24+
--- a/kernel/pf_ring.c
25+
+++ b/kernel/pf_ring.c
26+
@@ -3695,6 +3695,26 @@ int bpf_filter_skb(struct sk_buff *skb,
27+
28+
/* ********************************** */
29+
30+
+int sample_packet(struct pf_ring_socket *pfr) {
31+
+ if(pfr->pkts_to_sample <= 1) {
32+
+ u_int32_t rnd = 0;
33+
+
34+
+ get_random_bytes(&rnd, sizeof(u_int32_t));
35+
+ rnd = rnd % pfr->sample_rate;
36+
+
37+
+ pfr->pkts_to_sample = pfr->sample_rate - pfr->sample_rnd_shift + rnd;
38+
+
39+
+ pfr->sample_rnd_shift = rnd;
40+
+
41+
+ return 1; /* Pass packet */
42+
+ } else {
43+
+ pfr->pkts_to_sample--;
44+
+ return 0; /* Discard packet */
45+
+ }
46+
+}
47+
+
48+
+/* ********************************** */
49+
+
50+
u_int32_t default_rehash_rss_func(struct sk_buff *skb, struct pfring_pkthdr *hdr)
51+
{
52+
return hash_pkt_header(hdr, 0);
53+
@@ -3805,12 +3825,9 @@ static int add_skb_to_ring(struct sk_buf
54+
if(pfr->sample_rate > 1) {
55+
spin_lock_bh(&pfr->ring_index_lock);
56+
57+
- if(pfr->pktToSample <= 1) {
58+
- pfr->pktToSample = pfr->sample_rate;
59+
- } else {
60+
+ if(!sample_packet(pfr)) {
61+
+ /* Discard packet */
62+
pfr->slots_info->tot_pkts++;
63+
- pfr->pktToSample--;
64+
-
65+
spin_unlock_bh(&pfr->ring_index_lock);
66+
atomic_dec(&pfr->num_ring_users);
67+
return(-1);
68+
@@ -4161,11 +4178,8 @@ int pf_ring_skb_ring_handler(struct sk_b
69+
70+
if(pfr->sample_rate > 1) {
71+
spin_lock_bh(&pfr->ring_index_lock);
72+
- if(pfr->pktToSample <= 1) {
73+
- pfr->pktToSample = pfr->sample_rate;
74+
- } else {
75+
+ if (!sample_packet(pfr)) {
76+
pfr->slots_info->tot_pkts++;
77+
- pfr->pktToSample--;
78+
rc = 0;
79+
}
80+
spin_unlock_bh(&pfr->ring_index_lock);
81+
@@ -7957,7 +7971,7 @@ static int ring_getsockopt(struct socket
82+
if(copy_to_user(optval, lowest_if_mac, ETH_ALEN))
83+
return(-EFAULT);
84+
} else {
85+
- char *dev_addr = pfr->ring_dev->dev->dev_addr;
86+
+ const char *dev_addr = pfr->ring_dev->dev->dev_addr;
87+
88+
if (dev_addr == NULL) /* e.g. 'any' device */
89+
dev_addr = empty_mac;
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
--- a/kernel/pf_ring.c
2+
+++ b/kernel/pf_ring.c
3+
@@ -3902,7 +3902,7 @@ static int hash_pkt_cluster(ring_cluster
4+
break;
5+
}
6+
/* else, fall through, because it's like 2-tuple for non-TCP packets */
7+
-
8+
+ fallthrough;
9+
case cluster_per_flow_2_tuple:
10+
case cluster_per_inner_flow_2_tuple:
11+
flags |= mask_2_tuple;
Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
From fae2437c2af80d3ea64f5bc9678a5b697772295b Mon Sep 17 00:00:00 2001
2+
From: Christian Marangi <ansuelsmth@gmail.com>
3+
Date: Mon, 18 Mar 2024 10:03:43 +0100
4+
Subject: [PATCH] kernel: pf_ring: better define sa_data size
5+
6+
pfring_mod_bind() needs to specify the interface
7+
name using struct sockaddr that is defined as
8+
9+
struct sockaddr { ushort sa_family; char sa_data[14]; };
10+
11+
so the total interface name length is 13 chars (plus \0 trailer).
12+
13+
Since sa_data size is arbitrary, define a more precise size for
14+
PF_RING socket use.
15+
16+
This fix some compilation error with fortify string and makes the array
17+
handling more deterministic.
18+
19+
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
20+
---
21+
kernel/pf_ring.c | 22 ++++++++++++++++++----
22+
1 file changed, 18 insertions(+), 4 deletions(-)
23+
24+
--- a/kernel/pf_ring.c
25+
+++ b/kernel/pf_ring.c
26+
@@ -155,6 +155,18 @@
27+
#endif
28+
#endif
29+
30+
+/*
31+
+ pfring_mod_bind() needs to specify the interface
32+
+ name using struct sockaddr that is defined as
33+
+
34+
+ struct sockaddr { ushort sa_family; char sa_data[14]; };
35+
+
36+
+ so the total interface name length is 13 chars (plus \0 trailer).
37+
+ Since sa_data size is arbitrary, define a more precise size for
38+
+ PF_RING socket use.
39+
+*/
40+
+#define RING_SA_DATA_LEN 14
41+
+
42+
/* ************************************************* */
43+
44+
#if(LINUX_VERSION_CODE >= KERNEL_VERSION(5,6,0))
45+
@@ -1029,7 +1041,7 @@ pf_ring_device *pf_ring_device_name_look
46+
so the total interface name length is 13 chars (plus \0 trailer).
47+
The check below is to trap this case.
48+
*/
49+
- || ((l >= 13) && (strncmp(dev_ptr->device_name, name, 13) == 0)))
50+
+ || ((l >= RING_SA_DATA_LEN - 1) && (strncmp(dev_ptr->device_name, name, RING_SA_DATA_LEN - 1) == 0)))
51+
&& device_net_eq(dev_ptr, net))
52+
return dev_ptr;
53+
}
54+
@@ -5571,15 +5583,15 @@ static int ring_bind(struct socket *sock
55+
* Check legality
56+
*/
57+
if (addr_len == sizeof(struct sockaddr)) {
58+
- char name[sizeof(sa->sa_data)+1];
59+
+ char name[RING_SA_DATA_LEN];
60+
61+
if (sa->sa_family != PF_RING)
62+
return(-EINVAL);
63+
64+
- memcpy(name, sa->sa_data, sizeof(sa->sa_data));
65+
+ memcpy(name, sa->sa_data, RING_SA_DATA_LEN - 1);
66+
67+
/* Add trailing zero if missing */
68+
- name[sizeof(name)-1] = '\0';
69+
+ name[RING_SA_DATA_LEN-1] = '\0';
70+
71+
debug_printk(2, "searching device %s\n", name);
72+

openwrt-23.05/steps/04-prepare_package.sh

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,11 @@ cp -R ../stangri_repo/luci-app-pbr feeds/luci/applications/
2828
rm -rf feeds/packages/net/adguardhome
2929
cp -R $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/package/adguardhome feeds/packages/net/
3030

31+
# replace libpfring that fails compiling
32+
rm -rf feeds/packages/libs/libpfring
33+
cp -R $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/package/libpfring feeds/packages/libs/
34+
35+
3136
./scripts/feeds update -i && ./scripts/feeds install -a
3237

3338
# Time stamp with $Build_Date=$(date +%Y.%m.%d)

0 commit comments

Comments
 (0)