From 374762d202daebde9c6cea5892e1a18b1261eae3 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Thu, 20 Mar 2025 16:35:49 -0600 Subject: [PATCH] af-packet: remove use-mmap option This option is obsolete and was not used in 7.0 as tpacket-v1 support was removed (see ticket #4796). --- doc/userguide/capture-hardware/ebpf-xdp.rst | 5 ----- doc/userguide/performance/high-performance-config.rst | 3 --- doc/userguide/performance/tuning-considerations.rst | 1 - doc/userguide/quickstart.rst | 1 - doc/userguide/setting-up-ipsinline-for-linux.rst | 6 ------ src/runmode-af-packet.c | 7 ------- suricata.yaml.in | 5 +---- 7 files changed, 1 insertion(+), 27 deletions(-) diff --git a/doc/userguide/capture-hardware/ebpf-xdp.rst b/doc/userguide/capture-hardware/ebpf-xdp.rst index d9e3b2eeb0..297bfee89a 100644 --- a/doc/userguide/capture-hardware/ebpf-xdp.rst +++ b/doc/userguide/capture-hardware/ebpf-xdp.rst @@ -188,7 +188,6 @@ Then setup the `ebpf-filter-file` variable in af-packet section in ``suricata.ya # eBPF file containing a 'filter' function that will be inserted into the # kernel and used as load balancing function ebpf-filter-file: /usr/libexec/suricata/ebpf/vlan_filter.bpf - use-mmap: yes ring-size: 200000 You can then run Suricata normally :: @@ -209,7 +208,6 @@ update af-packet configuration in ``suricata.yaml`` to set bypass to `yes` :: # kernel and used as packet filter function ebpf-filter-file: /usr/libexec/suricata/ebpf/bypass_filter.bpf bypass: yes - use-mmap: yes ring-size: 200000 Constraints on eBPF code to have a bypass compliant code are stronger than for regular filters. The @@ -246,7 +244,6 @@ and point the ``ebpf-lb-file`` variable to the ``lb.bpf`` file :: # eBPF file containing a 'loadbalancer' function that will be inserted into the # kernel and used as load balancing function ebpf-lb-file: /usr/libexec/suricata/ebpf/lb.bpf - use-mmap: yes ring-size: 200000 Setup XDP bypass @@ -281,7 +278,6 @@ also use the ``/usr/libexec/suricata/ebpf/xdp_filter.bpf`` (in our example TCP o # if the ebpf filter implements a bypass function, you can set 'bypass' to # yes and benefit from these feature bypass: yes - use-mmap: yes ring-size: 200000 # Uncomment the following if you are using hardware XDP with # a card like Netronome (default value is yes) @@ -384,7 +380,6 @@ A sample configuration for pure XDP load balancing could look like :: xdp-mode: driver xdp-filter-file: /usr/libexec/suricata/ebpf/xdp_lb.bpf xdp-cpu-redirect: ["1-17"] # or ["all"] to load balance on all CPUs - use-mmap: yes ring-size: 200000 It is possible to use `xdp_monitor` to have information about the behavior of CPU redirect. This diff --git a/doc/userguide/performance/high-performance-config.rst b/doc/userguide/performance/high-performance-config.rst index 7d54f7b6d0..0cbe290320 100644 --- a/doc/userguide/performance/high-performance-config.rst +++ b/doc/userguide/performance/high-performance-config.rst @@ -225,7 +225,6 @@ In the af-packet section of suricata.yaml config : cluster-id: 99 cluster-type: cluster_qm defrag: no - use-mmap: yes mmap-locked: yes tpacket-v3: yes ring-size: 100000 @@ -236,7 +235,6 @@ In the af-packet section of suricata.yaml config : cluster-id: 99 cluster-type: cluster_qm defrag: no - use-mmap: yes mmap-locked: yes tpacket-v3: yes ring-size: 100000 @@ -347,7 +345,6 @@ In the af-packet section of suricata.yaml config: cluster-id: 99 cluster-type: cluster_flow defrag: no - use-mmap: yes mmap-locked: yes tpacket-v3: yes ring-size: 100000 diff --git a/doc/userguide/performance/tuning-considerations.rst b/doc/userguide/performance/tuning-considerations.rst index b184f6c7e0..5f4fd6ddc3 100644 --- a/doc/userguide/performance/tuning-considerations.rst +++ b/doc/userguide/performance/tuning-considerations.rst @@ -77,7 +77,6 @@ sure af-packet v3 is used it can specifically be enforced it in the .... .... .... - use-mmap: yes tpacket-v3: yes ring-size diff --git a/doc/userguide/quickstart.rst b/doc/userguide/quickstart.rst index d2bdda0fe8..4f4b5d541a 100644 --- a/doc/userguide/quickstart.rst +++ b/doc/userguide/quickstart.rst @@ -67,7 +67,6 @@ Capture settings:: cluster-id: 99 cluster-type: cluster_flow defrag: yes - use-mmap: yes tpacket-v3: yes This configuration uses the most recent recommended settings for the IDS diff --git a/doc/userguide/setting-up-ipsinline-for-linux.rst b/doc/userguide/setting-up-ipsinline-for-linux.rst index fd4fcb6b2b..2e5f0f2baf 100644 --- a/doc/userguide/setting-up-ipsinline-for-linux.rst +++ b/doc/userguide/setting-up-ipsinline-for-linux.rst @@ -203,7 +203,6 @@ between interface ``eth0`` and ``eth1``: :: copy-mode: ips copy-iface: eth1 buffer-size: 64535 - use-mmap: yes - interface: eth1 threads: 1 cluster-id: 97 @@ -212,7 +211,6 @@ between interface ``eth0`` and ``eth1``: :: copy-mode: ips copy-iface: eth0 buffer-size: 64535 - use-mmap: yes This is a basic af-packet configuration using two interfaces. Interface ``eth0`` will copy all received packets to ``eth1`` because of the `copy-*` @@ -228,8 +226,6 @@ The configuration on ``eth1`` is symmetric :: There are some important points to consider when setting up this mode: -- The implementation of this mode is dependent of the zero copy mode of - AF_PACKET. Thus you need to set `use-mmap` to `yes` on both interface. - MTU on both interfaces have to be equal: the copy from one interface to the other is direct and packets bigger then the MTU will be dropped by kernel. - Set different values of `cluster-id` on both interfaces to avoid conflict. @@ -264,7 +260,6 @@ and eBPF load balancing looks like the following: :: copy-mode: ips copy-iface: eth1 buffer-size: 64535 - use-mmap: yes - interface: eth1 threads: 16 cluster-id: 97 @@ -274,7 +269,6 @@ and eBPF load balancing looks like the following: :: copy-mode: ips copy-iface: eth0 buffer-size: 64535 - use-mmap: yes The eBPF file ``/usr/libexec/suricata/ebpf/lb.bpf`` may not be present on disk. See :ref:`ebpf-xdp` for more information. diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c index 71bb7e21ce..14d910a3e9 100644 --- a/src/runmode-af-packet.c +++ b/src/runmode-af-packet.c @@ -278,13 +278,6 @@ static void *ParseAFPConfig(const char *iface) } } - if (ConfGetChildValueBoolWithDefault(if_root, if_default, "use-mmap", &boolval) == 1) { - if (!boolval) { - SCLogWarning( - "%s: \"use-mmap\" option is obsolete: mmap is always enabled", aconf->iface); - } - } - (void)ConfGetChildValueBoolWithDefault(if_root, if_default, "mmap-locked", &boolval); if (boolval) { SCLogConfig("%s: enabling locked memory for mmap", aconf->iface); diff --git a/suricata.yaml.in b/suricata.yaml.in index a30a57aaec..6182bd595d 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -663,12 +663,10 @@ af-packet: # In some fragmentation cases, the hash can not be computed. If "defrag" is set # to yes, the kernel will do the needed defragmentation before sending the packets. defrag: yes - # To use the ring feature of AF_PACKET, set 'use-mmap' to yes - #use-mmap: yes # Lock memory map to avoid it being swapped. Be careful that over # subscribing could lock your system #mmap-locked: yes - # Use tpacket_v3 capture mode, only active if use-mmap is true + # Use tpacket_v3 capture mode. # Don't use it in IPS or TAP mode as it causes severe latency #tpacket-v3: yes # Ring size will be computed with respect to "max-pending-packets" and number @@ -722,7 +720,6 @@ af-packet: # in the list above. - interface: default #threads: auto - #use-mmap: no #tpacket-v3: yes # Linux high speed af-xdp capture support