Napatech support

CMakeLists.txt

@@ -82,6 +82,16 @@ include_directories(BEFORE
 
 # Optional Dependencies
 
+set(HAVE_NAPATECH_3GD false)
+find_package(NAPATECH)
+if (NAPATECH_FOUND)
+    set(HAVE_NAPATECH_3GD true)
+    set(CMAKE_REQUIRED_INCLUDES ${NAPATECH_INCLUDE})
+    set(CMAKE_REQUIRED_LIBRARIES ${NAPATECH_LIBRARY})
+    include_directories(BEFORE ${NAPATECH_INCLUDE})
+    list(APPEND OPTLIBS ${NAPATECH_LIBRARY})
+endif ()
+
 set(USE_GEOIP false)
 find_package(LibGeoIP)
 if (LIBGEOIP_FOUND)

NAPATECH.txt

@@ -0,0 +1,94 @@
+This contains support for Napatech adaptors using the Napatech 3GD drivers.
+
+To build Bro with Napatech adaptor support enabled do the following:
+
+./configure --with-napatech=/opt/napatech3/
+make
+make install
+
+You may replace /opt/napatech3/ with the location where you've installed the
+Napatech drivers.
+
+Other configuration options may be added to the configure line as well.
+
+Bro uses the Napatech NTPL to configure traffic balancing of packets across
+Napatech streams as follows.
+
+Currently Bro only support Unix style timestamps and the NT Packet Descriptor,
+the other types (Ext7, Ext8, etc..) have not been tested and results will be
+unpredictable at best.
+
+Create a file similar to bro.ntpl below to set the adaptor's load balancing
+options similar to the following.
+
+brobox:~$ cat bro.ntpl
+HashMode[Priority = 0; Layer4Type = UDP, TCP, SCTP] = Hash5TupleSorted
+HashMode[Priority = 1; Layer3Type = IPV4] = Hash2TupleSorted
+Assign[StreamId=(0..3)] = All
+
+Prior to invoking Bro, install the NTPL configuration as follows.
+
+brobox:~$ /opt/napatech3/bin/ntpl -f bro.ntpl
+
+Modify your node.cfg file to match the load balancing performed by the Napatech
+adaptor as directed by the NTPL configuration show above.
+
+The following example node.cfg file attaches the four Napatech streams created
+above to four bro workers.
+
+You'll need to modify the example 10.1.1.10 IP address used below for your own
+environment.
+
+# Example BroControl node configuration.
+#
+# This example has a standalone node ready to go except for possibly changing
+# the sniffing interface.
+
+# This is a complete standalone configuration.  Most likely you will
+# only need to change the interface.
+#[bro]
+#type=standalone
+#host=localhost
+#interface=nt0
+
+## Below is an example clustered configuration. If you use this,
+## remove the [bro] node above.
+
+[manager]
+type=manager
+host=10.1.1.10
+#
+[proxy-1]
+type=proxy
+host=10.1.1.10
+#
+[worker-1]
+type=worker
+host=10.1.1.10
+interface=nt0
+#
+[worker-2]
+type=worker
+host=10.1.1.10
+interface=nt1
+#
+[worker-3]
+type=worker
+host=10.1.1.10
+interface=nt2
+#
+[worker-4]
+type=worker
+host=10.1.1.10
+interface=nt3
+
+Interfaces nt0, nt1, nt2 and nt3 correspond to the four Napatech streams
+created by the Napatech NTPL.
+
+The configuration above can be a managed with broctl as follows:
+
+broctl install
+broctl start
+
+You may modify bro.ntpl and node.cfg for alternative load balancing options
+for fewer or more workers.

config.h.in

@@ -41,6 +41,9 @@
 /* line editing & history powers */
 #cmakedefine HAVE_READLINE
 
+/* Define if you have napatech drivers installed */
+#cmakedefine HAVE_NAPATECH_3GD
+
 /* Define if you have the `sigaction' function, but not `sigset'. */
 #cmakedefine HAVE_SIGACTION
 

configure

@@ -66,6 +66,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
     --with-dataseries=PATH path to DataSeries and Lintel libraries
     --with-xml2=PATH       path to libxml2 installation (for DataSeries)
     --with-curl=PATH       path to libcurl install root (for ElasticSearch)
+    --with-napaetch=PATH   path to napatech installation
 
   Packaging Options (for developers):
     --binary-package       toggle special logic for binary packaging
@@ -257,6 +258,9 @@ while [ $# -ne 0 ]; do
         --with-curl=*)
             append_cache_entry LibCURL_ROOT_DIR PATH $optarg
             ;;
+        --with-napatech=*)
+            append_cache_entry NAPATECH_ROOT_DIR PATH $optarg
+	          ;;
         --binary-package)
             append_cache_entry BINARY_PACKAGING_MODE BOOL true
             ;;

src/IOSource.cc

@@ -26,6 +26,27 @@ void IOSourceRegistry::RemoveAll()
 
 IOSource* IOSourceRegistry::FindSoonest(double* ts)
 	{
+
+	IOSource* soonest_src = 0;
+	double soonest_ts = 1e20;
+	double soonest_local_network_time = 1e20;
+#ifdef HAVE_NAPATECH_3GD
+	if (napatech_iosrc)
+		{
+		double local_network_time = 0;
+		double ts1 = napatech_iosrc->NextTimestamp(&local_network_time);
+		if ( ts1 > 0 && ts1 < soonest_ts )
+			{
+			soonest_ts = ts1;
+			soonest_src = napatech_iosrc;
+			soonest_local_network_time =
+				local_network_time ?
+				local_network_time : ts1;
+			*ts = soonest_local_network_time;
+			return soonest_src;
+			}
+		}
+#endif
 	// Remove sources which have gone dry. For simplicity, we only
 	// remove at most one each time.
 	for ( SourceList::iterator i = sources.begin();
@@ -45,15 +66,18 @@ IOSource* IOSourceRegistry::FindSoonest(double* ts)
 
 	++call_count;
 
-	IOSource* soonest_src = 0;
-	double soonest_ts = 1e20;
-	double soonest_local_network_time = 1e20;
 	bool all_idle = true;
 
 	// Find soonest source of those which tell us they have something to
 	// process.
 	for ( SourceList::iterator i = sources.begin(); i != sources.end(); ++i )
 		{
+#ifdef HAVE_NAPATECH_3GD
+		if ( (*i)->src == napatech_iosrc )
+			{
+			continue;
+			}
+#endif
 		if ( ! (*i)->src->IsIdle() )
 			{
 			all_idle = false;
@@ -89,6 +113,12 @@ IOSource* IOSourceRegistry::FindSoonest(double* ts)
 		{
 		Source* src = (*i);
 
+#ifdef HAVE_NAPATECH_3GD
+		if ( src->src == napatech_iosrc )
+			{
+			continue;
+			}
+#endif
 		if ( ! src->src->IsIdle() )
 			// No need to select on sources which we know to
 			// be ready.
@@ -139,6 +169,12 @@ IOSource* IOSourceRegistry::FindSoonest(double* ts)
 		      i != sources.end(); ++i )
 			{
 			Source* src = (*i);
+#ifdef HAVE_NAPATECH_3GD
+			if ( src->src == napatech_iosrc )
+				{
+				continue;
+				}
+#endif
 
 			if ( ! src->src->IsIdle() )
 				continue;
@@ -166,11 +202,21 @@ IOSource* IOSourceRegistry::FindSoonest(double* ts)
 	return soonest_src;
 	}
 
+#ifdef HAVE_NAPATECH_3GD
+void IOSourceRegistry::RegisterNapatech(IOSource* src)
+	{
+		napatech_iosrc = src;
+		Source* s = new Source;
+		s->src = src;
+		return sources.push_back(s);
+	}
+#endif
+
 void IOSourceRegistry::Register(IOSource* src, bool dont_count)
 	{
-	Source* s = new Source;
-	s->src = src;
 	if ( dont_count )
 		++dont_counts;
+	Source* s = new Source;
+	s->src = src;
 	return sources.push_back(s);
 	}

src/IOSource.h

@@ -55,7 +55,11 @@ class IOSource {
 
 class IOSourceRegistry {
 public:
+#ifdef HAVE_NAPATECH_3GD
+	IOSourceRegistry()	{ napatech_iosrc=0; call_count = 0; dont_counts = 0; }
+#else
 	IOSourceRegistry()	{ call_count = 0; dont_counts = 0; }
+#endif
 	~IOSourceRegistry();
 
 	// If dont_count is true, this source does not contribute to the
@@ -64,6 +68,9 @@ class IOSourceRegistry {
 	// processing will shut down.
 	void Register(IOSource* src, bool dont_count = false);
 
+#ifdef HAVE_NAPATECH_3GD
+	void RegisterNapatech(IOSource* src);
+#endif
 	// This may block for some time.
 	IOSource* FindSoonest(double* ts);
 
@@ -96,6 +103,9 @@ class IOSourceRegistry {
 
 	typedef list<Source*> SourceList;
 	SourceList sources;
+#ifdef HAVE_NAPATECH_3GD
+	IOSource* napatech_iosrc;
+#endif
 };
 
 extern IOSourceRegistry io_sources;

src/Net.cc

@@ -218,7 +218,12 @@ void net_init(name_list& interfaces, name_list& readfiles,
 			else
 				{
 				pkt_srcs.append(ps);
-				io_sources.Register(ps);
+#ifdef HAVE_NAPATECH_3GD
+				if (ps->IsNapatech())
+					io_sources.RegisterNapatech(ps);
+				else
+#endif
+					io_sources.Register(ps);
 				}
 
 			if ( secondary_filter )