Hi Eric, > Hello, > > I did start to work on AF_XDP support for Suricata. API was really easy > to use via libbpf. > > From Suricata point of view, the current system with default > configuration is lacking an important information. I don't have access > to the timestamp of the packet. I'm in particular interested by the > hardware timestamp as it would allow to do reordering in some capture > cases. There's no timestamp available to my knowledge > > Is there a way to get the information via AF_XDP. I've seen the > discussion on hardware hints but there was no code example I was able > to find. This is an awful hack i did when i needed similar information [1] Essentially i am copying a software 'timestamp' (in my case rdtsc() since i needed to measure packet timings from AF_XDP -> userspace), into the meta_data of XDP. The way i did it is obviously wrong since it has to be added per driver. > > BR, > -- > Eric Leblond <eric@xxxxxxxxx> > [1] https://github.com/xdp-project/xdp-project/blob/master/areas/arm64/xdp_for_tsn.org Cheers /Ilias
|