├── .gitignore ├── CMakeLists.txt ├── COPYING ├── COPYING.GPL ├── Makefile ├── README.md ├── VERSION ├── bro-pkg.meta ├── cmake ├── FindKernelHeaders.cmake └── FindLibBPF.cmake ├── configure ├── configure.plugin ├── scripts ├── __load__.bro └── init.bro ├── src ├── AF_XDP.cc ├── AF_XDP.h ├── Plugin.cc ├── Plugin.h ├── XDP_BPF.cc ├── XDP_BPF.h ├── XDP_Ring.h ├── af_xdp.bif └── bpf │ ├── bpf.c │ └── bpf_helpers.h └── tests ├── Makefile ├── Scripts └── get-bro-env ├── af_xdp └── show-plugin.bro └── btest.cfg /.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.0) 2 | 3 | project(BroPluginaf_xdp) 4 | 5 | include(BroPlugin) 6 | 7 | find_package(KernelHeaders REQUIRED) 8 | find_package(LibBPF REQUIRED) 9 | 10 | find_program(CLANG_COMPILER clang) 11 | find_program(LLVM_COMPILER llc) 12 | 13 | add_custom_command(OUTPUT af_xdp_bpf.ll COMMAND ${CLANG_COMPILER} -I${KERNELHEADERS_ROOT_DIR} -emit-llvm -c "${CMAKE_CURRENT_SOURCE_DIR}/src/bpf/bpf.c" -o af_xdp_bpf.ll) 14 | add_custom_command(OUTPUT af_xdp_bpf.o COMMAND ${LLVM_COMPILER} -march=bpf -filetype=obj -o af_xdp_bpf.o af_xdp_bpf.ll DEPENDS af_xdp_bpf.ll) 15 | add_custom_target(af_xdp_bpf ALL DEPENDS af_xdp_bpf.o) 16 | 17 | bro_plugin_begin(irtimmer af_xdp) 18 | bro_plugin_cc(src/Plugin.cc) 19 | bro_plugin_cc(src/AF_XDP.cc) 20 | bro_plugin_cc(src/XDP_BPF.cc) 21 | bro_plugin_bif(src/af_xdp.bif) 22 | bro_plugin_dist_files(README.md CHANGES COPYING COPYING.GPL VERSION af_xdp_bpf.o) 23 | bro_plugin_link_library(${LIBBPF_LIBRARY} elf) 24 | list(APPEND _plugin_deps af_xdp_bpf) 25 | bro_plugin_end() 26 | 27 | include_directories(${KERNELHEADERS_ROOT_DIR}) 28 | 29 | file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/VERSION" VERSION LIMIT_COUNT 1) 30 | 31 | if ("${PROJECT_SOURCE_DIR}" STREQUAL "${CMAKE_SOURCE_DIR}") 32 | # Allows building rpm/deb packages via "make package" in build dir. 33 | include(ConfigurePackaging) 34 | ConfigurePackaging(${VERSION}) 35 | endif () 36 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | Copyright (c) 2018 by Iwan Timmer 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are met: 5 | 6 | (1) Redistributions of source code must retain the above copyright 7 | notice, this list of conditions and the following disclaimer. 8 | 9 | (2) Redistributions in binary form must reproduce the above copyright 10 | notice, this list of conditions and the following disclaimer in 11 | the documentation and/or other materials provided with the 12 | distribution. 13 | 14 | (3) Neither the name of the copyright holder, nor the names of contributors 15 | may be used to endorse or promote products derived from this software 16 | without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 22 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 | POSSIBILITY OF SUCH DAMAGE. 29 | -------------------------------------------------------------------------------- /COPYING.GPL: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc. 5 | 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Library General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License 307 | along with this program; if not, write to the Free Software 308 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 309 | 310 | 311 | Also add information on how to contact you by electronic and paper mail. 312 | 313 | If the program is interactive, make it output a short notice like this 314 | when it starts in an interactive mode: 315 | 316 | Gnomovision version 69, Copyright (C) year name of author 317 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 318 | This is free software, and you are welcome to redistribute it 319 | under certain conditions; type `show c' for details. 320 | 321 | The hypothetical commands `show w' and `show c' should show the appropriate 322 | parts of the General Public License. Of course, the commands you use may 323 | be called something other than `show w' and `show c'; they could even be 324 | mouse-clicks or menu items--whatever suits your program. 325 | 326 | You should also get your employer (if you work as a programmer) or your 327 | school, if any, to sign a "copyright disclaimer" for the program, if 328 | necessary. Here is a sample; alter the names: 329 | 330 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 331 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 332 | 333 | , 1 April 1989 334 | Ty Coon, President of Vice 335 | 336 | This General Public License does not permit incorporating your program into 337 | proprietary programs. If your program is a subroutine library, you may 338 | consider it more useful to permit linking proprietary applications with the 339 | library. If this is what you want to do, use the GNU Library General 340 | Public License instead of this License. 341 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Convenience Makefile providing a few common top-level targets. 3 | # 4 | 5 | cmake_build_dir=build 6 | arch=`uname -s | tr A-Z a-z`-`uname -m` 7 | 8 | all: build-it 9 | 10 | build-it: 11 | @test -e $(cmake_build_dir)/config.status || ./configure 12 | -@test -e $(cmake_build_dir)/CMakeCache.txt && \ 13 | test $(cmake_build_dir)/CMakeCache.txt -ot `cat $(cmake_build_dir)/CMakeCache.txt | grep BRO_DIST | cut -d '=' -f 2`/build/CMakeCache.txt && \ 14 | echo Updating stale CMake cache && \ 15 | touch $(cmake_build_dir)/CMakeCache.txt 16 | 17 | ( cd $(cmake_build_dir) && make ) 18 | 19 | install: 20 | ( cd $(cmake_build_dir) && make install ) 21 | 22 | clean: 23 | ( cd $(cmake_build_dir) && make clean ) 24 | 25 | distclean: 26 | rm -rf $(cmake_build_dir) 27 | 28 | test: 29 | make -C tests 30 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # irtimmer::AF_XDP 2 | 3 | This plugin provides native AF_XDP support for Bro. 4 | 5 | ## Requirements 6 | 7 | - Linux kernel 4.18+ 8 | - Linux kernel source files 9 | - LLVM and CLang to compile eBPF 10 | - Bro source files 11 | - libbpf (included in the linux kernel source tree) 12 | 13 | ## Quick start 14 | 15 | Compile the plugin. 16 | 17 | `` 18 | ./configure --bro-dist=BRO_SOURCE_PATH --with-kernel=KERNEL_SOURCE_PATH --with-bpf=LIBBPF_PATH --with-clang=CLANG_COMPILER_PATH --with-llc=LLVM_COMPILER_PATH 19 | make 20 | `` 21 | 22 | After installation of the plugin it can be used by using `af_xdp` as prefix for the interface name. 23 | 24 | ``` 25 | bro -i af_xdp::eth0 26 | ``` 27 | 28 | ## Copyright 29 | 30 | Copyright (c) 2018 by Iwan Timmer 31 | Distributed under the BSD-3 Clause license, except for the eBPF kernel parts which are licensed under the GPL-2.0. 32 | For more information about the licenses, see COPYING and COPYING.GPL. 33 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | 0.1 2 | -------------------------------------------------------------------------------- /bro-pkg.meta: -------------------------------------------------------------------------------- 1 | [package] 2 | description = This plugin provides native AF_XDP support for Bro. 3 | tags = bro plugin, packet source, af_xdp 4 | plugin_dir = build/itimmer_af_xdp.tgz 5 | build_command = ./configure --bro-dist=%(bro_dist)s && make 6 | test_command = cd tests && btest -d 7 | depends = 8 | bro-pkg >=1.2 9 | bro >=2.5.0 10 | -------------------------------------------------------------------------------- /cmake/FindKernelHeaders.cmake: -------------------------------------------------------------------------------- 1 | # - Try to find kernel includes. 2 | # 3 | # Based on FindKernelHeaders.cmake by David Sansome (me@davidsansome.com) 4 | # 5 | # Variables used by this module, they can change the default behaviour and need 6 | # to be set before calling find_package: 7 | # 8 | # KERNELHEADERS_ROOT_DIR Set this variable to the root directory of the 9 | # kernel sources if the module has problems finding 10 | # the proper path. 11 | # 12 | # KERNELHEADERS_LATEST Set this option ON to use the latest kernel 13 | # headers available on the system. 14 | # 15 | # Variables defined by this module: 16 | # 17 | # KERNELHEADERS_FOUND System has kernel headers. 18 | 19 | # Define latest-headers-switch as cache variable 20 | set(KERNELHEADERS_LATEST OFF CACHE BOOL "use latest kernel headers") 21 | 22 | # Search paths: 23 | set(KERNEL_PATHS 24 | /usr/src/linux-headers- 25 | /usr/src/kernels/ 26 | ) 27 | 28 | if ( NOT KERNELHEADERS_LATEST ) 29 | # Find the kernel release 30 | execute_process( 31 | COMMAND uname -r 32 | OUTPUT_VARIABLE KERNEL_RELEASE 33 | OUTPUT_STRIP_TRAILING_WHITESPACE 34 | ) 35 | 36 | foreach ( KERNEL_PATH ${KERNEL_PATHS} ) 37 | list(APPEND KERNEL_RELEASE_PATHS "${KERNEL_PATH}${KERNEL_RELEASE}") 38 | endforeach (KERNEL_PATH) 39 | 40 | find_path(KERNELHEADERS_ROOT_DIR 41 | NAMES include/linux/user.h 42 | PATHS ${KERNEL_RELEASE_PATHS} 43 | ) 44 | else () 45 | # Use latest header version 46 | foreach ( KERNEL_PATH ${KERNEL_PATHS} ) 47 | # Search for any installed headers 48 | file(GLOB KERNELS_AVAILABLE "${KERNEL_PATH}*") 49 | 50 | if ( KERNELS_AVAILABLE ) 51 | # Get the newest kernel 52 | list(SORT KERNELS_AVAILABLE) 53 | list(REVERSE KERNELS_AVAILABLE) 54 | list(GET KERNELS_AVAILABLE 0 KERNEL_LATEST_PATH) 55 | 56 | find_path(KERNELHEADERS_ROOT_DIR 57 | NAMES include/linux/user.h 58 | PATHS ${KERNEL_LATEST_PATH} 59 | ) 60 | 61 | if ( KERNELHEADERS_ROOT_DIR ) 62 | break () 63 | endif () 64 | endif () 65 | endforeach ( KERNEL_PATH ) 66 | endif () 67 | 68 | include(FindPackageHandleStandardArgs) 69 | find_package_handle_standard_args(KernelHeaders DEFAULT_MSG 70 | KERNELHEADERS_ROOT_DIR 71 | ) 72 | 73 | mark_as_advanced( 74 | KERNELHEADERS_ROOT_DIR 75 | ) 76 | -------------------------------------------------------------------------------- /cmake/FindLibBPF.cmake: -------------------------------------------------------------------------------- 1 | # - Try to find LibBPF headers and libraries. 2 | # 3 | # Usage of this module as follows: 4 | # 5 | # find_package(LibBPF) 6 | # 7 | # Variables used by this module, they can change the default behaviour and need 8 | # to be set before calling find_package: 9 | # 10 | # LIBBPF_ROOT_DIR Set this variable to the root installation of 11 | # LibBPF if the module has problems finding 12 | # the proper installation path. 13 | # 14 | # Variables defined by this module: 15 | # 16 | # LIBBPF_FOUND System has LibBPF libs/headers 17 | # LIBBPF_LIBRARIES The LibBPF libraries 18 | # LIBBPF_INCLUDE_DIR The location of LibBPF headers 19 | 20 | find_path(LIBBPF_ROOT_DIR 21 | NAMES include/bpf/libbpf.h 22 | ) 23 | 24 | find_path(LIBBPF_INCLUDE_DIR 25 | NAMES bpf/libbpf.h 26 | HINTS ${LIBBPF_ROOT_DIR}/include 27 | ) 28 | 29 | find_library(LIBBPF_LIBRARY 30 | NAMES bpf 31 | PATHS ${LIBBPF_ROOT_DIR}/lib ${LIBBPF_ROOT_DIR}/lib64 32 | ) 33 | 34 | include(FindPackageHandleStandardArgs) 35 | find_package_handle_standard_args( 36 | LibBPF 37 | DEFAULT_MSG 38 | LIBBPF_LIBRARY 39 | LIBBPF_INCLUDE_DIR 40 | ) 41 | 42 | mark_as_advanced( 43 | LIBBPF_ROOT_DIR 44 | LIBBPF_INCLUDE_DIR 45 | LIBBPF_LIBRARY 46 | ) 47 | -------------------------------------------------------------------------------- /configure: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Wrapper for viewing/setting options that the plugin's CMake 4 | # scripts will recognize. 5 | # 6 | # Don't edit this. Edit configure.plugin to add plugin-specific options. 7 | # 8 | 9 | set -e 10 | command="$0 $*" 11 | 12 | if [ -e `dirname $0`/configure.plugin ]; then 13 | # Include custom additions. 14 | . `dirname $0`/configure.plugin 15 | fi 16 | 17 | # Check for `cmake` command. 18 | type cmake > /dev/null 2>&1 || { 19 | echo "\ 20 | This package requires CMake, please install it first, then you may 21 | use this configure script to access CMake equivalent functionality.\ 22 | " >&2; 23 | exit 1; 24 | } 25 | 26 | usage() { 27 | 28 | cat 1>&2 </dev/null 2>&1; then 42 | plugin_usage 1>&2 43 | fi 44 | 45 | echo 46 | 47 | exit 1 48 | } 49 | 50 | # Function to append a CMake cache entry definition to the 51 | # CMakeCacheEntries variable 52 | # $1 is the cache entry variable name 53 | # $2 is the cache entry variable type 54 | # $3 is the cache entry variable value 55 | append_cache_entry () { 56 | CMakeCacheEntries="$CMakeCacheEntries -D $1:$2=$3" 57 | } 58 | 59 | # set defaults 60 | builddir=build 61 | brodist="" 62 | installroot="default" 63 | CMakeCacheEntries="" 64 | 65 | while [ $# -ne 0 ]; do 66 | case "$1" in 67 | -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; 68 | *) optarg= ;; 69 | esac 70 | 71 | case "$1" in 72 | --help|-h) 73 | usage 74 | ;; 75 | 76 | --bro-dist=*) 77 | brodist=`cd $optarg && pwd` 78 | ;; 79 | 80 | --install-root=*) 81 | installroot=$optarg 82 | ;; 83 | 84 | --with-binpac=*) 85 | append_cache_entry BinPAC_ROOT_DIR PATH $optarg 86 | binpac_root=$optarg 87 | ;; 88 | 89 | --with-broker=*) 90 | append_cache_entry BROKER_ROOT_DIR PATH $optarg 91 | broker_root=$optarg 92 | ;; 93 | 94 | --with-caf=*) 95 | append_cache_entry CAF_ROOT_DIR PATH $optarg 96 | caf_root=$optarg 97 | ;; 98 | 99 | --with-bifcl=*) 100 | append_cache_entry BifCl_EXE PATH $optarg 101 | ;; 102 | 103 | --enable-debug) 104 | append_cache_entry BRO_PLUGIN_ENABLE_DEBUG BOOL true 105 | ;; 106 | 107 | *) 108 | if type plugin_option >/dev/null 2>&1; then 109 | plugin_option $1 && shift && continue; 110 | fi 111 | 112 | echo "Invalid option '$1'. Try $0 --help to see available options." 113 | exit 1 114 | ;; 115 | esac 116 | shift 117 | done 118 | 119 | if [ -z "$brodist" ]; then 120 | if type bro-config >/dev/null 2>&1; then 121 | if bro-config --cmake_dir >/dev/null 2>&1; then 122 | # Have a newer version of bro-config that has needed flags 123 | append_cache_entry BRO_CONFIG_PREFIX PATH `bro-config --prefix` 124 | append_cache_entry BRO_CONFIG_INCLUDE_DIR PATH `bro-config --include_dir` 125 | append_cache_entry BRO_CONFIG_PLUGIN_DIR PATH `bro-config --plugin_dir` 126 | append_cache_entry BRO_CONFIG_CMAKE_DIR PATH `bro-config --cmake_dir` 127 | append_cache_entry CMAKE_MODULE_PATH PATH `bro-config --cmake_dir` 128 | 129 | if [ -z "$binpac_root" ]; then 130 | append_cache_entry BinPAC_ROOT_DIR PATH `bro-config --binpac_root` 131 | fi 132 | 133 | if [ -z "$broker_root" ]; then 134 | append_cache_entry BROKER_ROOT_DIR PATH `bro-config --broker_root` 135 | fi 136 | 137 | if [ -z "$caf_root" ]; then 138 | append_cache_entry CAF_ROOT_DIR PATH `bro-config --caf_root` 139 | fi 140 | else 141 | brodist=`bro-config --bro_dist 2> /dev/null` 142 | 143 | if [ ! -e "$brodist/bro-path-dev.in" ]; then 144 | echo "$brodist does not appear to be a valid Bro source tree." 145 | exit 1 146 | fi 147 | 148 | append_cache_entry BRO_DIST PATH $brodist 149 | append_cache_entry CMAKE_MODULE_PATH PATH $brodist/cmake 150 | fi 151 | else 152 | echo "Either 'bro-config' must be in PATH or '--bro-dist=' used" 153 | exit 1 154 | fi 155 | else 156 | if [ ! -e "$brodist/bro-path-dev.in" ]; then 157 | echo "$brodist does not appear to be a valid Bro source tree." 158 | exit 1 159 | fi 160 | 161 | append_cache_entry BRO_DIST PATH $brodist 162 | append_cache_entry CMAKE_MODULE_PATH PATH $brodist/cmake 163 | fi 164 | 165 | if [ "$installroot" != "default" ]; then 166 | mkdir -p $installroot 167 | append_cache_entry BRO_PLUGIN_INSTALL_ROOT PATH $installroot 168 | fi 169 | 170 | echo "Build Directory : $builddir" 171 | echo "Bro Source Directory : $brodist" 172 | 173 | mkdir -p $builddir 174 | cd $builddir 175 | 176 | cmake $CMakeCacheEntries .. 177 | 178 | echo "# This is the command used to configure this build" > config.status 179 | echo $command >> config.status 180 | chmod u+x config.status 181 | -------------------------------------------------------------------------------- /configure.plugin: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | 4 | plugin_usage() { 5 | cat < 11 | 12 | #ifndef SOL_XDP 13 | #define SOL_XDP 283 14 | #endif 15 | 16 | #ifndef AF_XDP 17 | #define AF_XDP 44 18 | #endif 19 | 20 | #ifndef PF_XDP 21 | #define PF_XDP AF_XDP 22 | #endif 23 | 24 | #define DEFAULT_COMPLETION_RING_SIZE 32 25 | #define DEFAULT_FILL_RING_SIZE 1024 26 | #define DEFAULT_RX_RING_SIZE 1024 27 | #define NUM_FRAMES 2048 28 | #define FRAME_SIZE 2048 29 | 30 | using namespace iosource::pktsrc; 31 | 32 | AF_XDPSource::~AF_XDPSource() { 33 | Close(); 34 | } 35 | 36 | AF_XDPSource::AF_XDPSource(const std::string& path, bool is_live) { 37 | if (!is_live) 38 | Error("AF_XDP source does not support offline input"); 39 | 40 | props.path = path; 41 | props.is_live = is_live; 42 | } 43 | 44 | void AF_XDPSource::Open() { 45 | struct xdp_mmap_offsets offsets; 46 | socklen_t opt_length; 47 | int xsks_map; 48 | int r; 49 | 50 | int completion_ring_size = DEFAULT_COMPLETION_RING_SIZE; 51 | int fill_ring_size = DEFAULT_FILL_RING_SIZE; 52 | int rx_ring_size = DEFAULT_RX_RING_SIZE; 53 | 54 | ifindex = if_nametoindex(props.path.c_str()); 55 | if (ifindex == 0) { 56 | Error(errno ? strerror(errno) : "unable to find interface"); 57 | return; 58 | } 59 | 60 | if ((fd = socket(AF_XDP, SOCK_RAW, 0)) < 0) { 61 | Error(errno ? strerror(errno) : "unable to create socket"); 62 | return; 63 | } 64 | 65 | umem.headroom = 0; 66 | umem.chunk_size = FRAME_SIZE; 67 | umem.len = NUM_FRAMES * umem.chunk_size; 68 | posix_memalign((void**) &umem.addr, getpagesize(), umem.len); 69 | 70 | if (setsockopt(fd, SOL_XDP, XDP_UMEM_REG, &umem, sizeof(umem)) < 0) { 71 | Error(errno ? strerror(errno) : "unable to set UMEM"); 72 | close(fd); 73 | return; 74 | } 75 | 76 | if (setsockopt(fd, SOL_XDP, XDP_UMEM_FILL_RING, &fill_ring_size, sizeof(fill_ring_size)) < 0) { 77 | Error(errno ? strerror(errno) : "unable to set UMEM fill ring size"); 78 | close(fd); 79 | return; 80 | } 81 | 82 | if (setsockopt(fd, SOL_XDP, XDP_UMEM_COMPLETION_RING, &completion_ring_size, sizeof(completion_ring_size)) < 0) { 83 | Error(errno ? strerror(errno) : "unable to set UMEM completion ring size"); 84 | close(fd); 85 | return; 86 | } 87 | 88 | if (setsockopt(fd, SOL_XDP, XDP_RX_RING, &rx_ring_size, sizeof(rx_ring_size)) < 0) { 89 | Error(errno ? strerror(errno) : "unable to set XDP RX ring size"); 90 | close(fd); 91 | return; 92 | } 93 | 94 | opt_length = sizeof(offsets); 95 | if (getsockopt(fd, SOL_XDP, XDP_MMAP_OFFSETS, &offsets, &opt_length) < 0) { 96 | Error(errno ? strerror(errno) : "unable to get ring offsets"); 97 | close(fd); 98 | return; 99 | } 100 | 101 | if (!fill.Init(fd, XDP_UMEM_PGOFF_FILL_RING, offsets.fr, fill_ring_size)) { 102 | Error(errno ? strerror(errno) : "unable to map UMEM fill ring"); 103 | close(fd); 104 | return; 105 | } 106 | 107 | if (!rx.Init(fd, XDP_PGOFF_RX_RING, offsets.rx, rx_ring_size)) { 108 | Error(errno ? strerror(errno) : "unable to map XDP RX fill ring"); 109 | close(fd); 110 | return; 111 | } 112 | 113 | for (int i = 0; i < NUM_FRAMES * FRAME_SIZE; i += FRAME_SIZE) 114 | fill.Enqueue(i); 115 | 116 | props.netmask = NETMASK_UNKNOWN; 117 | props.selectable_fd = fd; 118 | props.is_live = true; 119 | props.link_type = DLT_EN10MB; 120 | 121 | struct sockaddr_xdp sa = { 122 | .sxdp_family = PF_XDP, 123 | .sxdp_ifindex = ifindex, 124 | }; 125 | 126 | if (bind(fd, (struct sockaddr*) &sa, sizeof(sa)) < 0) { 127 | Error(errno ? strerror(errno) : "unable to bind to interface"); 128 | close(fd); 129 | return; 130 | } 131 | 132 | 133 | if (bpf.Load("kern.o", ifindex) < 0) { 134 | Error(errno ? strerror(errno) : "unable to load eBPF program"); 135 | close(fd); 136 | return; 137 | } 138 | 139 | xsks_map = bpf.FindMap("xsks_map"); 140 | if (xsks_map < 0) { 141 | Error(errno ? strerror(errno) : "unable to find eBPF map"); 142 | close(fd); 143 | return; 144 | } 145 | 146 | int key = 0; 147 | if (bpf.UpdateMap(xsks_map, &key, &fd, 0) < 0) { 148 | Error(errno ? strerror(errno) : "unable to update eBPF map"); 149 | close(fd); 150 | bpf.Unload(ifindex); 151 | return; 152 | } 153 | 154 | stats = { }; 155 | 156 | Opened(props); 157 | } 158 | 159 | void AF_XDPSource::Close() { 160 | if (fd) { 161 | close(fd); 162 | fd = 0; 163 | } 164 | 165 | bpf.Unload(ifindex); 166 | 167 | Closed(); 168 | } 169 | 170 | bool AF_XDPSource::ExtractNextPacket(Packet* pkt) { 171 | if (!fd) 172 | return false; 173 | 174 | current = rx.Next(); 175 | if (!current) 176 | return false; 177 | 178 | struct timeval ts; 179 | gettimeofday(&ts, NULL); 180 | pkt->Init(props.link_type, &ts, current->len, current->len, &((const u_char*) umem.addr)[current->addr]); 181 | 182 | stats.received++; 183 | stats.bytes_received += current->len; 184 | 185 | return true; 186 | } 187 | 188 | void AF_XDPSource::DoneWithPacket() { 189 | fill.Enqueue(current->addr); 190 | } 191 | 192 | bool AF_XDPSource::PrecompileFilter(int index, const std::string& filter) { 193 | return true; 194 | } 195 | 196 | bool AF_XDPSource::SetFilter(int index) { 197 | return true; 198 | } 199 | 200 | void AF_XDPSource::Statistics(Stats* s) { 201 | struct xdp_statistics xdp_stats; 202 | 203 | socklen_t opt_length = sizeof(xdp_stats); 204 | 205 | if (getsockopt(fd, SOL_XDP, XDP_STATISTICS, &xdp_stats, &opt_length) < 0) { 206 | Error(errno ? strerror(errno) : "unable to retrieve statistics"); 207 | return; 208 | } 209 | 210 | stats.dropped = xdp_stats.rx_dropped; 211 | stats.link = stats.received + stats.dropped; 212 | 213 | *s = stats; 214 | } 215 | 216 | iosource::PktSrc* AF_XDPSource::InstantiateAF_XDP(const std::string& path, bool is_live) { 217 | return new AF_XDPSource(path, is_live); 218 | } 219 | -------------------------------------------------------------------------------- /src/AF_XDP.h: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2018 by Iwan Timmer 3 | * 4 | * SPDX-License-Identifier: BSD-3-Clause 5 | */ 6 | 7 | #ifndef IOSOURCE_PKTSRC_AF_XDP_SOURCE_H 8 | #define IOSOURCE_PKTSRC_AF_XDP_SOURCE_H 9 | 10 | extern "C" { 11 | #include 12 | #include 13 | #include 14 | } 15 | 16 | #include "iosource/PktSrc.h" 17 | 18 | #include "XDP_Ring.h" 19 | #include "XDP_BPF.h" 20 | 21 | namespace iosource { 22 | namespace pktsrc { 23 | 24 | class AF_XDPSource : public iosource::PktSrc { 25 | public: 26 | AF_XDPSource(const std::string& path, bool is_live); 27 | 28 | virtual ~AF_XDPSource(); 29 | 30 | static PktSrc* InstantiateAF_XDP(const std::string& path, bool is_live); 31 | 32 | protected: 33 | virtual void Open(); 34 | virtual void Close(); 35 | virtual bool ExtractNextPacket(Packet* pkt); 36 | virtual void DoneWithPacket(); 37 | virtual bool PrecompileFilter(int index, const std::string& filter); 38 | virtual bool SetFilter(int index); 39 | virtual void Statistics(Stats* stats); 40 | 41 | private: 42 | Properties props; 43 | Stats stats; 44 | 45 | unsigned short ifindex; 46 | 47 | int fd; 48 | struct xdp_umem_reg umem; 49 | struct xdp_desc* current; 50 | 51 | XDP_BPF bpf; 52 | 53 | XDP_Ring<__u64> fill; 54 | XDP_Ring rx; 55 | }; 56 | 57 | } 58 | } 59 | 60 | #endif 61 | -------------------------------------------------------------------------------- /src/Plugin.cc: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2018 by Iwan Timmer 3 | * 4 | * SPDX-License-Identifier: BSD-3-Clause 5 | */ 6 | 7 | #include "Plugin.h" 8 | #include "AF_XDP.h" 9 | 10 | namespace plugin { namespace irtimmer_AF_XDP { Plugin plugin; } } 11 | 12 | using namespace plugin::irtimmer_AF_XDP; 13 | 14 | plugin::Configuration Plugin::Configure() { 15 | AddComponent(new ::iosource::PktSrcComponent("AF_XDPReader", "af_xdp", ::iosource::PktSrcComponent::LIVE, ::iosource::pktsrc::AF_XDPSource::InstantiateAF_XDP)); 16 | 17 | plugin::Configuration config; 18 | config.name = "irtimmer::AF_XDP"; 19 | config.description = "Packet acquisition via AF_XDP"; 20 | config.version.major = 0; 21 | config.version.minor = 1; 22 | return config; 23 | } 24 | -------------------------------------------------------------------------------- /src/Plugin.h: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2018 by Iwan Timmer 3 | * 4 | * SPDX-License-Identifier: BSD-3-Clause 5 | */ 6 | 7 | #ifndef BRO_PLUGIN_ITIMMER_AF_XDP 8 | #define BRO_PLUGIN_ITIMMER_AF_XDP 9 | 10 | #include 11 | 12 | namespace plugin { 13 | namespace irtimmer_AF_XDP { 14 | 15 | class Plugin : public ::plugin::Plugin { 16 | protected: 17 | // Overridden from plugin::Plugin. 18 | plugin::Configuration Configure() override; 19 | }; 20 | 21 | extern Plugin plugin; 22 | 23 | } 24 | } 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /src/XDP_BPF.cc: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2018 by Iwan Timmer 3 | * 4 | * SPDX-License-Identifier: BSD-3-Clause 5 | */ 6 | 7 | #include "XDP_BPF.h" 8 | 9 | #include 10 | 11 | extern "C" { 12 | #include 13 | 14 | #include 15 | #include 16 | } 17 | 18 | int XDP_BPF::Load(const char* file, unsigned short ifindex) { 19 | int r; 20 | struct bpf_prog_load_attr prog_load_attr = { 21 | .file = file, 22 | .prog_type = BPF_PROG_TYPE_XDP 23 | }; 24 | 25 | r = bpf_prog_load_xattr(&prog_load_attr, &object, &fd); 26 | if (r < 0) 27 | return r; 28 | 29 | r = bpf_set_link_xdp_fd(ifindex, fd, XDP_FLAGS_SKB_MODE); 30 | if (r < 0) 31 | return r; 32 | 33 | return 0; 34 | } 35 | 36 | int XDP_BPF::Unload(unsigned short ifindex) { 37 | printf("Disable eBPF\n"); 38 | if (fd) { 39 | fd = 0; 40 | return bpf_set_link_xdp_fd(ifindex, -1, XDP_FLAGS_SKB_MODE); 41 | } 42 | return 0; 43 | } 44 | 45 | int XDP_BPF::FindMap(const char* key) { 46 | struct bpf_map *map = bpf_object__find_map_by_name(object, key); 47 | return bpf_map__fd(map); 48 | } 49 | 50 | int XDP_BPF::UpdateMap(int map, void *key, void *value, __u64 flags) { 51 | return bpf_map_update_elem(map, key, value, flags); 52 | } 53 | -------------------------------------------------------------------------------- /src/XDP_BPF.h: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2018 by Iwan Timmer 3 | * 4 | * SPDX-License-Identifier: BSD-3-Clause 5 | */ 6 | 7 | #ifndef XDP_BPF_H 8 | #define XDP_BPF_H 9 | 10 | extern "C" { 11 | #include 12 | } 13 | 14 | class XDP_BPF { 15 | public: 16 | int Load(const char* file, unsigned short ifindex); 17 | int Unload(unsigned short ifindex); 18 | int FindMap(const char* key); 19 | int UpdateMap(int map, void *key, void *value, __u64 flags); 20 | 21 | protected: 22 | int fd; 23 | unsigned short ifindex; 24 | 25 | struct bpf_object *object; 26 | 27 | }; 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /src/XDP_Ring.h: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2018 by Iwan Timmer 3 | * 4 | * SPDX-License-Identifier: BSD-3-Clause 5 | */ 6 | 7 | #ifndef XDP_RING_H 8 | #define XDP_RING_H 9 | 10 | extern "C" { 11 | #include 12 | #include 13 | #include 14 | } 15 | 16 | #define barrier() __asm__ __volatile__("": : :"memory") 17 | 18 | template 19 | class XDP_Ring { 20 | public: 21 | bool Init(int fd, off_t off, xdp_ring_offset offsets, size_t s) { 22 | map = mmap(NULL, offsets.desc + s * sizeof(T), PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE, fd, off); 23 | if (map == MAP_FAILED) 24 | return false; 25 | 26 | size = s; 27 | ring = (T*) ((uintptr_t) map + offsets.desc); 28 | consumer = (__u64*) ((uintptr_t) map + offsets.consumer); 29 | producer = (__u64*) ((uintptr_t) map + offsets.producer); 30 | 31 | return true; 32 | } 33 | 34 | T* Peek() { 35 | if (*producer - *consumer == 0) 36 | return NULL; 37 | 38 | barrier(); 39 | 40 | return &ring[*consumer & (size - 1)]; 41 | } 42 | 43 | T* Next() { 44 | T* entry = Peek(); 45 | 46 | if (entry) 47 | (*consumer)++; 48 | 49 | return entry; 50 | } 51 | 52 | int Enqueue(T entry) { 53 | if ((size - (*producer - *consumer)) == 0) 54 | return -1; 55 | 56 | ring[*producer & (size - 1)] = entry; 57 | 58 | barrier(); 59 | 60 | (*producer)++; 61 | return 0; 62 | } 63 | 64 | private: 65 | void* map; 66 | 67 | size_t size; 68 | 69 | __u64* producer; 70 | __u64* consumer; 71 | T* ring; 72 | }; 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /src/af_xdp.bif: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /src/bpf/bpf.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-2.0 2 | 3 | #include 4 | 5 | #include "bpf_helpers.h" 6 | 7 | struct bpf_map_def SEC("maps") xsks_map = { 8 | .type = BPF_MAP_TYPE_XSKMAP, 9 | .key_size = sizeof(int), 10 | .value_size = sizeof(int), 11 | .max_entries = 1, 12 | }; 13 | 14 | SEC("xdp_sock") 15 | int xdp_sock_prog(struct xdp_md *ctx) 16 | { 17 | return bpf_redirect_map(&xsks_map, 0, 0); 18 | } 19 | 20 | char _license[] SEC("license") = "GPL"; 21 | -------------------------------------------------------------------------------- /src/bpf/bpf_helpers.h: -------------------------------------------------------------------------------- 1 | /* SPDX-License-Identifier: GPL-2.0 */ 2 | #ifndef __BPF_HELPERS_H 3 | #define __BPF_HELPERS_H 4 | 5 | /* helper macro to place programs, maps, license in 6 | * different sections in elf_bpf file. Section names 7 | * are interpreted by elf_bpf loader 8 | */ 9 | #define SEC(NAME) __attribute__((section(NAME), used)) 10 | 11 | /* helper functions called from eBPF programs written in C */ 12 | static void *(*bpf_map_lookup_elem)(void *map, void *key) = 13 | (void *) BPF_FUNC_map_lookup_elem; 14 | static int (*bpf_map_update_elem)(void *map, void *key, void *value, 15 | unsigned long long flags) = 16 | (void *) BPF_FUNC_map_update_elem; 17 | static int (*bpf_map_delete_elem)(void *map, void *key) = 18 | (void *) BPF_FUNC_map_delete_elem; 19 | static int (*bpf_probe_read)(void *dst, int size, void *unsafe_ptr) = 20 | (void *) BPF_FUNC_probe_read; 21 | static unsigned long long (*bpf_ktime_get_ns)(void) = 22 | (void *) BPF_FUNC_ktime_get_ns; 23 | static int (*bpf_trace_printk)(const char *fmt, int fmt_size, ...) = 24 | (void *) BPF_FUNC_trace_printk; 25 | static void (*bpf_tail_call)(void *ctx, void *map, int index) = 26 | (void *) BPF_FUNC_tail_call; 27 | static unsigned long long (*bpf_get_smp_processor_id)(void) = 28 | (void *) BPF_FUNC_get_smp_processor_id; 29 | static unsigned long long (*bpf_get_current_pid_tgid)(void) = 30 | (void *) BPF_FUNC_get_current_pid_tgid; 31 | static unsigned long long (*bpf_get_current_uid_gid)(void) = 32 | (void *) BPF_FUNC_get_current_uid_gid; 33 | static int (*bpf_get_current_comm)(void *buf, int buf_size) = 34 | (void *) BPF_FUNC_get_current_comm; 35 | static unsigned long long (*bpf_perf_event_read)(void *map, 36 | unsigned long long flags) = 37 | (void *) BPF_FUNC_perf_event_read; 38 | static int (*bpf_clone_redirect)(void *ctx, int ifindex, int flags) = 39 | (void *) BPF_FUNC_clone_redirect; 40 | static int (*bpf_redirect)(int ifindex, int flags) = 41 | (void *) BPF_FUNC_redirect; 42 | static int (*bpf_redirect_map)(void *map, int key, int flags) = 43 | (void *) BPF_FUNC_redirect_map; 44 | static int (*bpf_perf_event_output)(void *ctx, void *map, 45 | unsigned long long flags, void *data, 46 | int size) = 47 | (void *) BPF_FUNC_perf_event_output; 48 | static int (*bpf_get_stackid)(void *ctx, void *map, int flags) = 49 | (void *) BPF_FUNC_get_stackid; 50 | static int (*bpf_probe_write_user)(void *dst, void *src, int size) = 51 | (void *) BPF_FUNC_probe_write_user; 52 | static int (*bpf_current_task_under_cgroup)(void *map, int index) = 53 | (void *) BPF_FUNC_current_task_under_cgroup; 54 | static int (*bpf_skb_get_tunnel_key)(void *ctx, void *key, int size, int flags) = 55 | (void *) BPF_FUNC_skb_get_tunnel_key; 56 | static int (*bpf_skb_set_tunnel_key)(void *ctx, void *key, int size, int flags) = 57 | (void *) BPF_FUNC_skb_set_tunnel_key; 58 | static int (*bpf_skb_get_tunnel_opt)(void *ctx, void *md, int size) = 59 | (void *) BPF_FUNC_skb_get_tunnel_opt; 60 | static int (*bpf_skb_set_tunnel_opt)(void *ctx, void *md, int size) = 61 | (void *) BPF_FUNC_skb_set_tunnel_opt; 62 | static unsigned long long (*bpf_get_prandom_u32)(void) = 63 | (void *) BPF_FUNC_get_prandom_u32; 64 | static int (*bpf_xdp_adjust_head)(void *ctx, int offset) = 65 | (void *) BPF_FUNC_xdp_adjust_head; 66 | static int (*bpf_xdp_adjust_meta)(void *ctx, int offset) = 67 | (void *) BPF_FUNC_xdp_adjust_meta; 68 | static int (*bpf_setsockopt)(void *ctx, int level, int optname, void *optval, 69 | int optlen) = 70 | (void *) BPF_FUNC_setsockopt; 71 | static int (*bpf_getsockopt)(void *ctx, int level, int optname, void *optval, 72 | int optlen) = 73 | (void *) BPF_FUNC_getsockopt; 74 | static int (*bpf_sock_ops_cb_flags_set)(void *ctx, int flags) = 75 | (void *) BPF_FUNC_sock_ops_cb_flags_set; 76 | static int (*bpf_sk_redirect_map)(void *ctx, void *map, int key, int flags) = 77 | (void *) BPF_FUNC_sk_redirect_map; 78 | static int (*bpf_sk_redirect_hash)(void *ctx, void *map, void *key, int flags) = 79 | (void *) BPF_FUNC_sk_redirect_hash; 80 | static int (*bpf_sock_map_update)(void *map, void *key, void *value, 81 | unsigned long long flags) = 82 | (void *) BPF_FUNC_sock_map_update; 83 | static int (*bpf_sock_hash_update)(void *map, void *key, void *value, 84 | unsigned long long flags) = 85 | (void *) BPF_FUNC_sock_hash_update; 86 | static int (*bpf_perf_event_read_value)(void *map, unsigned long long flags, 87 | void *buf, unsigned int buf_size) = 88 | (void *) BPF_FUNC_perf_event_read_value; 89 | static int (*bpf_perf_prog_read_value)(void *ctx, void *buf, 90 | unsigned int buf_size) = 91 | (void *) BPF_FUNC_perf_prog_read_value; 92 | static int (*bpf_override_return)(void *ctx, unsigned long rc) = 93 | (void *) BPF_FUNC_override_return; 94 | static int (*bpf_msg_redirect_map)(void *ctx, void *map, int key, int flags) = 95 | (void *) BPF_FUNC_msg_redirect_map; 96 | static int (*bpf_msg_redirect_hash)(void *ctx, 97 | void *map, void *key, int flags) = 98 | (void *) BPF_FUNC_msg_redirect_hash; 99 | static int (*bpf_msg_apply_bytes)(void *ctx, int len) = 100 | (void *) BPF_FUNC_msg_apply_bytes; 101 | static int (*bpf_msg_cork_bytes)(void *ctx, int len) = 102 | (void *) BPF_FUNC_msg_cork_bytes; 103 | static int (*bpf_msg_pull_data)(void *ctx, int start, int end, int flags) = 104 | (void *) BPF_FUNC_msg_pull_data; 105 | static int (*bpf_bind)(void *ctx, void *addr, int addr_len) = 106 | (void *) BPF_FUNC_bind; 107 | static int (*bpf_xdp_adjust_tail)(void *ctx, int offset) = 108 | (void *) BPF_FUNC_xdp_adjust_tail; 109 | static int (*bpf_skb_get_xfrm_state)(void *ctx, int index, void *state, 110 | int size, int flags) = 111 | (void *) BPF_FUNC_skb_get_xfrm_state; 112 | static int (*bpf_get_stack)(void *ctx, void *buf, int size, int flags) = 113 | (void *) BPF_FUNC_get_stack; 114 | static int (*bpf_fib_lookup)(void *ctx, struct bpf_fib_lookup *params, 115 | int plen, __u32 flags) = 116 | (void *) BPF_FUNC_fib_lookup; 117 | static int (*bpf_lwt_push_encap)(void *ctx, unsigned int type, void *hdr, 118 | unsigned int len) = 119 | (void *) BPF_FUNC_lwt_push_encap; 120 | static int (*bpf_lwt_seg6_store_bytes)(void *ctx, unsigned int offset, 121 | void *from, unsigned int len) = 122 | (void *) BPF_FUNC_lwt_seg6_store_bytes; 123 | static int (*bpf_lwt_seg6_action)(void *ctx, unsigned int action, void *param, 124 | unsigned int param_len) = 125 | (void *) BPF_FUNC_lwt_seg6_action; 126 | static int (*bpf_lwt_seg6_adjust_srh)(void *ctx, unsigned int offset, 127 | unsigned int len) = 128 | (void *) BPF_FUNC_lwt_seg6_adjust_srh; 129 | static int (*bpf_rc_repeat)(void *ctx) = 130 | (void *) BPF_FUNC_rc_repeat; 131 | static int (*bpf_rc_keydown)(void *ctx, unsigned int protocol, 132 | unsigned long long scancode, unsigned int toggle) = 133 | (void *) BPF_FUNC_rc_keydown; 134 | static unsigned long long (*bpf_get_current_cgroup_id)(void) = 135 | (void *) BPF_FUNC_get_current_cgroup_id; 136 | 137 | /* llvm builtin functions that eBPF C program may use to 138 | * emit BPF_LD_ABS and BPF_LD_IND instructions 139 | */ 140 | struct sk_buff; 141 | unsigned long long load_byte(void *skb, 142 | unsigned long long off) asm("llvm.bpf.load.byte"); 143 | unsigned long long load_half(void *skb, 144 | unsigned long long off) asm("llvm.bpf.load.half"); 145 | unsigned long long load_word(void *skb, 146 | unsigned long long off) asm("llvm.bpf.load.word"); 147 | 148 | /* a helper structure used by eBPF C program 149 | * to describe map attributes to elf_bpf loader 150 | */ 151 | struct bpf_map_def { 152 | unsigned int type; 153 | unsigned int key_size; 154 | unsigned int value_size; 155 | unsigned int max_entries; 156 | unsigned int map_flags; 157 | unsigned int inner_map_idx; 158 | unsigned int numa_node; 159 | }; 160 | 161 | #define BPF_ANNOTATE_KV_PAIR(name, type_key, type_val) \ 162 | struct ____btf_map_##name { \ 163 | type_key key; \ 164 | type_val value; \ 165 | }; \ 166 | struct ____btf_map_##name \ 167 | __attribute__ ((section(".maps." #name), used)) \ 168 | ____btf_map_##name = { } 169 | 170 | static int (*bpf_skb_load_bytes)(void *ctx, int off, void *to, int len) = 171 | (void *) BPF_FUNC_skb_load_bytes; 172 | static int (*bpf_skb_store_bytes)(void *ctx, int off, void *from, int len, int flags) = 173 | (void *) BPF_FUNC_skb_store_bytes; 174 | static int (*bpf_l3_csum_replace)(void *ctx, int off, int from, int to, int flags) = 175 | (void *) BPF_FUNC_l3_csum_replace; 176 | static int (*bpf_l4_csum_replace)(void *ctx, int off, int from, int to, int flags) = 177 | (void *) BPF_FUNC_l4_csum_replace; 178 | static int (*bpf_csum_diff)(void *from, int from_size, void *to, int to_size, int seed) = 179 | (void *) BPF_FUNC_csum_diff; 180 | static int (*bpf_skb_under_cgroup)(void *ctx, void *map, int index) = 181 | (void *) BPF_FUNC_skb_under_cgroup; 182 | static int (*bpf_skb_change_head)(void *, int len, int flags) = 183 | (void *) BPF_FUNC_skb_change_head; 184 | static int (*bpf_skb_pull_data)(void *, int len) = 185 | (void *) BPF_FUNC_skb_pull_data; 186 | 187 | /* Scan the ARCH passed in from ARCH env variable (see Makefile) */ 188 | #if defined(__TARGET_ARCH_x86) 189 | #define bpf_target_x86 190 | #define bpf_target_defined 191 | #elif defined(__TARGET_ARCH_s930x) 192 | #define bpf_target_s930x 193 | #define bpf_target_defined 194 | #elif defined(__TARGET_ARCH_arm64) 195 | #define bpf_target_arm64 196 | #define bpf_target_defined 197 | #elif defined(__TARGET_ARCH_mips) 198 | #define bpf_target_mips 199 | #define bpf_target_defined 200 | #elif defined(__TARGET_ARCH_powerpc) 201 | #define bpf_target_powerpc 202 | #define bpf_target_defined 203 | #elif defined(__TARGET_ARCH_sparc) 204 | #define bpf_target_sparc 205 | #define bpf_target_defined 206 | #else 207 | #undef bpf_target_defined 208 | #endif 209 | 210 | /* Fall back to what the compiler says */ 211 | #ifndef bpf_target_defined 212 | #if defined(__x86_64__) 213 | #define bpf_target_x86 214 | #elif defined(__s390x__) 215 | #define bpf_target_s930x 216 | #elif defined(__aarch64__) 217 | #define bpf_target_arm64 218 | #elif defined(__mips__) 219 | #define bpf_target_mips 220 | #elif defined(__powerpc__) 221 | #define bpf_target_powerpc 222 | #elif defined(__sparc__) 223 | #define bpf_target_sparc 224 | #endif 225 | #endif 226 | 227 | #if defined(bpf_target_x86) 228 | 229 | #define PT_REGS_PARM1(x) ((x)->di) 230 | #define PT_REGS_PARM2(x) ((x)->si) 231 | #define PT_REGS_PARM3(x) ((x)->dx) 232 | #define PT_REGS_PARM4(x) ((x)->cx) 233 | #define PT_REGS_PARM5(x) ((x)->r8) 234 | #define PT_REGS_RET(x) ((x)->sp) 235 | #define PT_REGS_FP(x) ((x)->bp) 236 | #define PT_REGS_RC(x) ((x)->ax) 237 | #define PT_REGS_SP(x) ((x)->sp) 238 | #define PT_REGS_IP(x) ((x)->ip) 239 | 240 | #elif defined(bpf_target_s390x) 241 | 242 | #define PT_REGS_PARM1(x) ((x)->gprs[2]) 243 | #define PT_REGS_PARM2(x) ((x)->gprs[3]) 244 | #define PT_REGS_PARM3(x) ((x)->gprs[4]) 245 | #define PT_REGS_PARM4(x) ((x)->gprs[5]) 246 | #define PT_REGS_PARM5(x) ((x)->gprs[6]) 247 | #define PT_REGS_RET(x) ((x)->gprs[14]) 248 | #define PT_REGS_FP(x) ((x)->gprs[11]) /* Works only with CONFIG_FRAME_POINTER */ 249 | #define PT_REGS_RC(x) ((x)->gprs[2]) 250 | #define PT_REGS_SP(x) ((x)->gprs[15]) 251 | #define PT_REGS_IP(x) ((x)->psw.addr) 252 | 253 | #elif defined(bpf_target_arm64) 254 | 255 | #define PT_REGS_PARM1(x) ((x)->regs[0]) 256 | #define PT_REGS_PARM2(x) ((x)->regs[1]) 257 | #define PT_REGS_PARM3(x) ((x)->regs[2]) 258 | #define PT_REGS_PARM4(x) ((x)->regs[3]) 259 | #define PT_REGS_PARM5(x) ((x)->regs[4]) 260 | #define PT_REGS_RET(x) ((x)->regs[30]) 261 | #define PT_REGS_FP(x) ((x)->regs[29]) /* Works only with CONFIG_FRAME_POINTER */ 262 | #define PT_REGS_RC(x) ((x)->regs[0]) 263 | #define PT_REGS_SP(x) ((x)->sp) 264 | #define PT_REGS_IP(x) ((x)->pc) 265 | 266 | #elif defined(bpf_target_mips) 267 | 268 | #define PT_REGS_PARM1(x) ((x)->regs[4]) 269 | #define PT_REGS_PARM2(x) ((x)->regs[5]) 270 | #define PT_REGS_PARM3(x) ((x)->regs[6]) 271 | #define PT_REGS_PARM4(x) ((x)->regs[7]) 272 | #define PT_REGS_PARM5(x) ((x)->regs[8]) 273 | #define PT_REGS_RET(x) ((x)->regs[31]) 274 | #define PT_REGS_FP(x) ((x)->regs[30]) /* Works only with CONFIG_FRAME_POINTER */ 275 | #define PT_REGS_RC(x) ((x)->regs[1]) 276 | #define PT_REGS_SP(x) ((x)->regs[29]) 277 | #define PT_REGS_IP(x) ((x)->cp0_epc) 278 | 279 | #elif defined(bpf_target_powerpc) 280 | 281 | #define PT_REGS_PARM1(x) ((x)->gpr[3]) 282 | #define PT_REGS_PARM2(x) ((x)->gpr[4]) 283 | #define PT_REGS_PARM3(x) ((x)->gpr[5]) 284 | #define PT_REGS_PARM4(x) ((x)->gpr[6]) 285 | #define PT_REGS_PARM5(x) ((x)->gpr[7]) 286 | #define PT_REGS_RC(x) ((x)->gpr[3]) 287 | #define PT_REGS_SP(x) ((x)->sp) 288 | #define PT_REGS_IP(x) ((x)->nip) 289 | 290 | #elif defined(bpf_target_sparc) 291 | 292 | #define PT_REGS_PARM1(x) ((x)->u_regs[UREG_I0]) 293 | #define PT_REGS_PARM2(x) ((x)->u_regs[UREG_I1]) 294 | #define PT_REGS_PARM3(x) ((x)->u_regs[UREG_I2]) 295 | #define PT_REGS_PARM4(x) ((x)->u_regs[UREG_I3]) 296 | #define PT_REGS_PARM5(x) ((x)->u_regs[UREG_I4]) 297 | #define PT_REGS_RET(x) ((x)->u_regs[UREG_I7]) 298 | #define PT_REGS_RC(x) ((x)->u_regs[UREG_I0]) 299 | #define PT_REGS_SP(x) ((x)->u_regs[UREG_FP]) 300 | 301 | /* Should this also be a bpf_target check for the sparc case? */ 302 | #if defined(__arch64__) 303 | #define PT_REGS_IP(x) ((x)->tpc) 304 | #else 305 | #define PT_REGS_IP(x) ((x)->pc) 306 | #endif 307 | 308 | #endif 309 | 310 | #ifdef bpf_target_powerpc 311 | #define BPF_KPROBE_READ_RET_IP(ip, ctx) ({ (ip) = (ctx)->link; }) 312 | #define BPF_KRETPROBE_READ_RET_IP BPF_KPROBE_READ_RET_IP 313 | #elif bpf_target_sparc 314 | #define BPF_KPROBE_READ_RET_IP(ip, ctx) ({ (ip) = PT_REGS_RET(ctx); }) 315 | #define BPF_KRETPROBE_READ_RET_IP BPF_KPROBE_READ_RET_IP 316 | #else 317 | #define BPF_KPROBE_READ_RET_IP(ip, ctx) ({ \ 318 | bpf_probe_read(&(ip), sizeof(ip), (void *)PT_REGS_RET(ctx)); }) 319 | #define BPF_KRETPROBE_READ_RET_IP(ip, ctx) ({ \ 320 | bpf_probe_read(&(ip), sizeof(ip), \ 321 | (void *)(PT_REGS_FP(ctx) + sizeof(ip))); }) 322 | #endif 323 | 324 | #endif 325 | -------------------------------------------------------------------------------- /tests/Makefile: -------------------------------------------------------------------------------- 1 | 2 | test: 3 | @btest 4 | -------------------------------------------------------------------------------- /tests/Scripts/get-bro-env: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # BTest helper for getting values for Bro-related environment variables. 4 | 5 | base=`dirname $0` 6 | bro=`cat ${base}/../../build/CMakeCache.txt | grep BRO_DIST | cut -d = -f 2` 7 | 8 | if [ "$1" = "brobase" ]; then 9 | echo ${bro} 10 | elif [ "$1" = "bropath" ]; then 11 | ${bro}/build/bro-path-dev 12 | elif [ "$1" = "bro_plugin_path" ]; then 13 | ( cd ${base}/../.. && pwd ) 14 | elif [ "$1" = "bro_seed_file" ]; then 15 | echo ${bro}/testing/btest/random.seed 16 | elif [ "$1" = "path" ]; then 17 | echo ${bro}/build/src:${bro}/aux/btest:${base}/:${bro}/aux/bro-cut:$PATH 18 | else 19 | echo "usage: `basename $0` " >&2 20 | exit 1 21 | fi 22 | -------------------------------------------------------------------------------- /tests/af_xdp/show-plugin.bro: -------------------------------------------------------------------------------- 1 | # @TEST-EXEC: bro -NN irtimmer::AF_XDP |sed -e 's/version.*)/version)/g' >output 2 | # @TEST-EXEC: btest-diff output 3 | -------------------------------------------------------------------------------- /tests/btest.cfg: -------------------------------------------------------------------------------- 1 | [btest] 2 | TestDirs = af_xdp 3 | TmpDir = %(testbase)s/.tmp 4 | BaselineDir = %(testbase)s/Baseline 5 | IgnoreDirs = .svn CVS .tmp 6 | IgnoreFiles = *.tmp *.swp #* *.trace .DS_Store 7 | 8 | [environment] 9 | BROBASE=`%(testbase)s/Scripts/get-bro-env brobase` 10 | BROPATH=`%(testbase)s/Scripts/get-bro-env bropath` 11 | BRO_PLUGIN_PATH=`%(testbase)s/Scripts/get-bro-env bro_plugin_path` 12 | BRO_SEED_FILE=`%(testbase)s/Scripts/get-bro-env bro_seed_file` 13 | PATH=`%(testbase)s/Scripts/get-bro-env path` 14 | TZ=UTC 15 | LC_ALL=C 16 | TRACES=%(testbase)s/Traces 17 | TMPDIR=%(testbase)s/.tmp 18 | BRO_TRACES=`%(testbase)s/Scripts/get-bro-env brobase`/testing/btest/Traces 19 | TEST_DIFF_CANONIFIER=`%(testbase)s/Scripts/get-bro-env brobase`/testing/scripts/diff-canonifier 20 | --------------------------------------------------------------------------------