Deprecated PF_RING filters compeltely

src/CMakeLists.txt

@@ -302,9 +302,6 @@ if (ENABLE_PF_RING_SUPPORT)
     target_link_libraries(pfring_plugin ${PFRING_LIBRARIES})
     target_link_libraries(pfring_plugin numa)
     target_link_libraries(pfring_plugin ${CMAKE_THREAD_LIBS_INIT})
-
-    # Add action for hardware filetring
-    add_library(pfring_hardware_filter_action STATIC actions/pfring_hardware_filter_action.cpp)
 endif()
 
 if (ENABLE_GOBGP_SUPPORT)
@@ -613,7 +610,6 @@ target_link_libraries(fastnetmon unified_parser)
 
 if (ENABLE_PF_RING_SUPPORT)
     target_link_libraries(fastnetmon pfring_plugin)
-    target_link_libraries(fastnetmon pfring_hardware_filter_action)
 endif()
 
 target_link_libraries(fastnetmon ${OPENSSL_LIBRARY_PATH})

src/actions/pfring_hardware_filter_action.cpp

@@ -1,60 +0,0 @@
-#include "pfring.h"
-
-#include <string.h>
-#include <string>
-#include <vector>
-
-#include "../fastnetmon_actions.h"
-
-// Got it from global namespace
-extern pfring* pf_ring_descr;
-
-void pfring_hardware_filter_action_block(std::string client_ip_as_string) {
-    /* 6 - tcp, 17 - udp, 0 - other (non tcp and non udp) */
-    std::vector<int> banned_protocols;
-    banned_protocols.push_back(17);
-    banned_protocols.push_back(6);
-    banned_protocols.push_back(0);
-
-    int rule_number = 10;
-
-    // Iterate over incoming and outgoing direction
-    for (int rule_direction = 0; rule_direction < 2; rule_direction++) {
-        for (std::vector<int>::iterator banned_protocol = banned_protocols.begin();
-             banned_protocol != banned_protocols.end(); ++banned_protocol) {
-
-            /* On 82599 NIC we can ban traffic using hardware filtering rules */
-
-            // Difference between fie tuple and perfect filters:
-            // http://www.ntop.org/products/pf_ring/hardware-packet-filtering/
-
-            hw_filtering_rule rule;
-            intel_82599_five_tuple_filter_hw_rule* ft_rule;
-
-            ft_rule = &rule.rule_family.five_tuple_rule;
-
-            memset(&rule, 0, sizeof(rule));
-            rule.rule_family_type = intel_82599_five_tuple_rule;
-            rule.rule_id = rule_number++;
-            ft_rule->queue_id = -1; // drop traffic
-            ft_rule->proto = *banned_protocol;
-
-            std::string hw_filter_rule_direction = "";
-            if (rule_direction == 0) {
-                hw_filter_rule_direction = "outgoing";
-                ft_rule->s_addr = ntohl(inet_addr(client_ip_as_string.c_str()));
-            } else {
-                hw_filter_rule_direction = "incoming";
-                ft_rule->d_addr = ntohl(inet_addr(client_ip_as_string.c_str()));
-            }
-
-            if (pfring_add_hw_rule(pf_ring_descr, &rule) != 0) {
-                logger << log4cpp::Priority::ERROR
-                       << "Can't add hardware filtering rule for protocol: " << *banned_protocol
-                       << " in direction: " << hw_filter_rule_direction;
-            }
-
-            rule_number++;
-        }
-    }
-}

src/actions/pfring_hardware_filter_action.h

@@ -1,8 +0,0 @@
-#ifndef PFRING_HARDWARE_FILTER_ACTION_H
-#define PFRING_HARDWARE_FILTER_ACTION_H
-
-#include <string>
-
-void pfring_hardware_filter_action_block(std::string client_ip_as_string);
-
-#endif

src/fastnetmon.conf

@@ -205,10 +205,6 @@ mongodb_host = localhost
 mongodb_port = 27017
 mongodb_database_name = fastnetmon
 
-# If you are using PF_RING non ZC version you could block traffic on host with hardware filters
-# Please be aware! We can not remove blocks with this action plugin
-pfring_hardware_filters_enabled = off
-
 # announce blocked IPs with BGP protocol with ExaBGP
 exabgp = off
 exabgp_command_pipe = /var/run/exabgp.cmd

src/fastnetmon.cpp

@@ -147,8 +147,6 @@ FastnetmonPlatformConfigurtion fastnetmon_platform_configuration;
 // Send or not any details about attack for ban script call over stdin
 bool notify_script_pass_details = true;
 
-bool pfring_hardware_filters_enabled = false;
-
 bool notify_script_enabled = true;
 
 // We could collect attack dumps in pcap format
@@ -869,10 +867,6 @@ bool load_configuration_file() {
         }
     }
 
-    if (configuration_map.count("pfring_hardware_filters_enabled") != 0) {
-        pfring_hardware_filters_enabled = configuration_map["pfring_hardware_filters_enabled"] == "on";
-    }
-
     if (configuration_map.count("netflow") != 0) {
         if (configuration_map["netflow"] == "on") {
             enable_netflow_collection = true;

src/fastnetmon_logic.cpp

@@ -28,10 +28,6 @@
 #include "afpacket_plugin/afpacket_collector.h"
 #endif
 
-#ifdef PF_RING
-#include "actions/pfring_hardware_filter_action.h"
-#endif
-
 #ifdef ENABLE_GOBGP
 #include "actions/gobgp_action.h"
 #endif
@@ -116,7 +112,6 @@ extern bool mongodb_enabled;
 extern std::string mongodb_database_name;
 #endif
 
-extern bool pfring_hardware_filters_enabled;
 extern bool notify_script_pass_details;
 extern unsigned int number_of_packets_for_pcap_attack_dump;
 extern patricia_tree_t *lookup_tree_ipv4, *whitelist_tree_ipv4;
@@ -1868,15 +1863,6 @@ void call_ban_handlers(uint32_t client_ip, attack_details& current_attack, std::
         print_attack_details_to_file(full_attack_description, client_ip_as_string, current_attack);
     }
 
-    if (pfring_hardware_filters_enabled) {
-#ifdef PF_RING
-        logger << log4cpp::Priority::INFO << "We will block traffic to/from this IP with hardware filters";
-        pfring_hardware_filter_action_block(client_ip_as_string);
-#else
-        logger << log4cpp::Priority::ERROR << "You haven't compiled PF_RING hardware filters support";
-#endif
-    }
-
     if (notify_script_enabled) {
         std::string script_call_params = fastnetmon_platform_configuration.notify_script_path + " " + client_ip_as_string + " " +
                                          data_direction_as_string + " " + pps_as_string + " " + "ban";