Napatech bypass v1.09

configure.ac

@@ -1915,11 +1915,15 @@
         fi
     fi
 
-  # Napatech - Using the 3GD API
+    # Napatech - Using the 3GD API
     AC_ARG_ENABLE(napatech,
                 AS_HELP_STRING([--enable-napatech],[Enabled Napatech Devices]),
                 [ enable_napatech=$enableval ],
                 [ enable_napatech=no])
+    AC_ARG_ENABLE(napatech_bypass,
+                AS_HELP_STRING([--disable-napatech-bypass],[Disable Bypass feature on Napatech cards]),
+                [ napatech_bypass=$enableval ],
+                [ napatech_bypass=yes])
     AC_ARG_WITH(napatech_includes,
                 [  --with-napatech-includes=DIR   napatech include directory],
                 [with_napatech_includes="$withval"],[with_napatech_includes="/opt/napatech3/include"])
@@ -1957,6 +1961,17 @@
         fi
 
         AC_DEFINE([HAVE_NAPATECH],[1],(Napatech capture card support))
+        if test "$napatech_bypass" = "yes"; then        
+            AC_CHECK_LIB(ntapi, NT_FlowOpenAttrInit,NTFLOW="yes",NTFLOW="no")
+            if test "$NTFLOW" = "yes"; then
+                echo "   Napatech Flow Processing is Enabled (--disable-napatech-bypass if not needed)"
+                AC_DEFINE([NAPATECH_ENABLE_BYPASS],[1],(Napatech flowdirector support))
+            else
+                echo "Napatech Flow Processing is not available"
+            fi
+        else 
+            echo "Napatech Flow Processing is Disabled."
+        fi      
     fi
 
   # liblua
@@ -2493,7 +2508,7 @@ fi
 if test "${enable_ebpf}" = "yes" || test "${enable_unittests}" = "yes"; then
   AC_DEFINE([CAPTURE_OFFLOAD_MANAGER], [1],[Building flow bypass manager code])
 fi
-if test "${enable_ebpf}" = "yes" || test "${enable_nfqueue}" = "yes" || test "${enable_pfring}" = "yes" || test "${enable_unittests}" = "yes"; then
+if test "${enable_ebpf}" = "yes" || test "${enable_nfqueue}" = "yes" || test "${enable_pfring}" = "yes" || test "${enable_napatech}" = "yes"  || test "${enable_unittests}" = "yes"; then
   AC_DEFINE([CAPTURE_OFFLOAD], [1],[Building flow capture bypass code])
 fi
 

src/runmode-napatech.c

@@ -40,13 +40,16 @@
 #define NT_RUNMODE_AUTOFP  1
 #define NT_RUNMODE_WORKERS 2
 
+static const char *default_mode = "workers";
+
 #ifdef HAVE_NAPATECH
 
 #define MAX_STREAMS 256
 static uint16_t num_configured_streams = 0;
 static uint16_t first_stream = 0xffff;
 static uint16_t last_stream = 0xffff;
 static int auto_config = 0;
+static int use_hw_bypass = 0;
 
 uint16_t NapatechGetNumConfiguredStreams(void)
 {
@@ -68,11 +71,16 @@ bool NapatechIsAutoConfigEnabled(void)
     return (auto_config != 0);
 }
 
+bool NapatechUseHWBypass(void)
+{
+    return (use_hw_bypass != 0);
+}
+
 #endif
 
 const char *RunModeNapatechGetDefaultMode(void)
 {
-    return "workers";
+    return default_mode;
 }
 
 void RunModeNapatechRegister(void)
@@ -103,8 +111,25 @@ static int NapatechRegisterDeviceStreams(void)
         SCLogInfo("napatech.auto-config not found in config file.  Defaulting to disabled.");
     }
 
+    if (ConfGetBool("napatech.hardware-bypass", &use_hw_bypass) == 0) {
+        SCLogInfo("napatech.hardware-bypass not found in config file.  Defaulting to disabled.");
+    }
+
+    /* use_all_streams uses existing streams created prior to starting Suricata.  auto_config
+     * automatically creates streams.  Therefore, these two options are mutually exclusive.
+     */
     if (use_all_streams && auto_config) {
-        SCLogError(SC_ERR_RUNMODE, "auto-config cannot be used with use-all-streams.");
+        SCLogError(SC_ERR_RUNMODE, "napatech.auto-config cannot be used in configuration file at the same time as napatech.use-all-streams.");
+        exit(EXIT_FAILURE);
+    }
+
+    /* to use hardware_bypass we need to configure the streams to be consistent.
+     * with the rest of the configuration.  Therefore auto_config is not a valid
+     * option.
+     */
+    if (use_hw_bypass && auto_config == 0) {
+        SCLogError(SC_ERR_RUNMODE, "napatech auto-config must be enabled when using napatech.use_hw_bypass.");
+        exit(EXIT_FAILURE);
     }
 
     /* Get the stream ID's either from the conf or by querying Napatech */
@@ -129,7 +154,9 @@ static int NapatechRegisterDeviceStreams(void)
                         "Registering Napatech device: %s - active stream found.",
                         plive_dev_buf);
                 SCLogError(SC_ERR_NAPATECH_STREAMS_REGISTER_FAILED,
-                        "Delete the stream or disable auto-config before running.");
+                        "run /opt/napatech3/bin/ntpl -e \"delete=all\" to delete existing stream");
+                SCLogError(SC_ERR_NAPATECH_STREAMS_REGISTER_FAILED,
+                        "or disable auto-config in the conf file before running.");
                 exit(EXIT_FAILURE);
             }
         } else {
@@ -218,6 +245,24 @@ static int NapatechInit(int runmode)
         SCLogInfo("Host Buffer Allowance: %d", (int) conf->hba);
     }
 
+    if (use_hw_bypass) {
+#ifdef NAPATECH_ENABLE_BYPASS
+        if (NapatechInitFlowStreams()) {
+            SCLogInfo("Napatech Hardware Bypass is supported and enabled.");
+        } else {
+            SCLogError(SC_ERR_NAPATECH_PARSE_CONFIG,
+                    "Napatech Hardware Bypass requested in conf but is not supported by the hardware.");
+            exit(EXIT_FAILURE);
+        }
+#else
+        SCLogError(SC_ERR_NAPATECH_PARSE_CONFIG,
+                "Napatech Hardware Bypass requested in conf but is not enabled by the software.");
+        exit(EXIT_FAILURE);
+#endif
+    } else {
+        SCLogInfo("Hardware Bypass is disabled in the conf file.");
+    }
+
     /* Start a thread to process the statistics */
     NapatechStartStats();
 

src/runmode-napatech.h

@@ -29,9 +29,7 @@
 #ifdef HAVE_NAPATECH
 #include "util-napatech.h"
 #include <nt.h>
-
-
-#endif
+#endif /* HAVE_NAPATECH */
 
 int RunModeNapatechAutoFp(void);
 int RunModeNapatechWorkers(void);
@@ -41,9 +39,8 @@ const char *RunModeNapatechGetDefaultMode(void);
 uint16_t NapatechGetNumConfiguredStreams(void);
 uint16_t NapatechGetNumFirstStream(void);
 uint16_t NapatechGetNumLastStream(void);
-
 bool NapatechIsAutoConfigEnabled(void);
-
+bool NapatechUseHWBypass(void);
 
 
 #endif /* __RUNMODE_NAPATECH_H__ */