diff --git a/src/Makefile.am b/src/Makefile.am index 737b6a6a71..4ca8dc7bdb 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -532,6 +532,7 @@ noinst_HEADERS = \ util-dpdk-i40e.h \ util-dpdk-ice.h \ util-dpdk-ixgbe.h \ + util-dpdk-bonding.h \ util-ebpf.h \ util-enum.h \ util-error.h \ @@ -1127,6 +1128,7 @@ libsuricata_c_a_SOURCES = \ util-dpdk-i40e.c \ util-dpdk-ice.c \ util-dpdk-ixgbe.c \ + util-dpdk-bonding.c \ util-ebpf.c \ util-enum.c \ util-error.c \ diff --git a/src/runmode-dpdk.c b/src/runmode-dpdk.c index 395839bf88..82e6aee57f 100644 --- a/src/runmode-dpdk.c +++ b/src/runmode-dpdk.c @@ -44,6 +44,7 @@ #include "util-dpdk-i40e.h" #include "util-dpdk-ice.h" #include "util-dpdk-ixgbe.h" +#include "util-dpdk-bonding.h" #include "util-time.h" #include "util-conf.h" #include "suricata.h" @@ -1043,7 +1044,12 @@ static void DeviceInitPortConf(const DPDKIfaceConfig *iconf, .rss_hf = iconf->rss_hf, }; - DeviceSetPMDSpecificRSS(&port_conf->rx_adv_conf.rss_conf, dev_info->driver_name); + const char *dev_driver = dev_info->driver_name; + if (strcmp(dev_info->driver_name, "net_bonding") == 0) { + dev_driver = BondingDeviceDriverGet(iconf->port_id); + } + + DeviceSetPMDSpecificRSS(&port_conf->rx_adv_conf.rss_conf, dev_driver); uint64_t rss_hf_tmp = port_conf->rx_adv_conf.rss_conf.rss_hf & dev_info->flow_type_rss_offloads; @@ -1244,6 +1250,45 @@ static int DeviceConfigureIPS(DPDKIfaceConfig *iconf) SCReturnInt(0); } +/** + * Function verifies changes in e.g. device info after configuration has + * happened. Sometimes (e.g. DPDK Bond PMD with Intel NICs i40e/ixgbe) change + * device info only after the device configuration. + * @param iconf + * @param dev_info + * @return 0 on success, -EAGAIN when reconfiguration is needed, <0 on failure + */ +static int32_t DeviceVerifyPostConfigure( + const DPDKIfaceConfig *iconf, const struct rte_eth_dev_info *dev_info) +{ + struct rte_eth_dev_info post_conf_dev_info = { 0 }; + int32_t ret = rte_eth_dev_info_get(iconf->port_id, &post_conf_dev_info); + if (ret < 0) { + SCLogError("%s: getting device info failed (err: %s)", iconf->iface, rte_strerror(-ret)); + SCReturnInt(ret); + } + + if (dev_info->flow_type_rss_offloads != post_conf_dev_info.flow_type_rss_offloads || + dev_info->rx_offload_capa != post_conf_dev_info.rx_offload_capa || + dev_info->tx_offload_capa != post_conf_dev_info.tx_offload_capa || + dev_info->max_rx_queues != post_conf_dev_info.max_rx_queues || + dev_info->max_tx_queues != post_conf_dev_info.max_tx_queues || + dev_info->max_mtu != post_conf_dev_info.max_mtu) { + SCLogWarning("Device information severely changed after configuration, reconfiguring"); + return -EAGAIN; + } + + if (strcmp(dev_info->driver_name, "net_bonding") == 0) { + ret = BondingAllDevicesSameDriver(iconf->port_id); + if (ret < 0) { + SCLogError("%s: bond port uses port with different DPDK drivers", iconf->iface); + SCReturnInt(ret); + } + } + + return 0; +} + static int DeviceConfigure(DPDKIfaceConfig *iconf) { SCEnter(); @@ -1302,6 +1347,10 @@ static int DeviceConfigure(DPDKIfaceConfig *iconf) SCReturnInt(retval); } + retval = DeviceVerifyPostConfigure(iconf, &dev_info); + if (retval < 0) + return retval; + retval = rte_eth_dev_adjust_nb_rx_tx_desc( iconf->port_id, &iconf->nb_rx_desc, &iconf->nb_tx_desc); if (retval != 0) { @@ -1392,7 +1441,13 @@ static void *ParseDpdkConfigAndConfigureDevice(const char *iface) FatalError("DPDK configuration could not be parsed"); } - if (DeviceConfigure(iconf) != 0) { + retval = DeviceConfigure(iconf); + if (retval == -EAGAIN) { + // for e.g. bonding PMD it needs to be reconfigured + retval = DeviceConfigure(iconf); + } + + if (retval < 0) { // handles both configure attempts iconf->DerefFunc(iconf); retval = rte_eal_cleanup(); if (retval != 0) diff --git a/src/source-dpdk.c b/src/source-dpdk.c index 18bfe7bb69..cc9dcd6f6e 100644 --- a/src/source-dpdk.c +++ b/src/source-dpdk.c @@ -87,6 +87,7 @@ TmEcode NoDPDKSupportExit(ThreadVars *tv, const void *initdata, void **data) #include "util-dpdk.h" #include "util-dpdk-i40e.h" +#include "util-dpdk-bonding.h" #include #define BURST_SIZE 32 @@ -194,6 +195,10 @@ static uint64_t DPDKGetSeconds(void) static void DevicePostStartPMDSpecificActions(DPDKThreadVars *ptv, const char *driver_name) { + if (strcmp(driver_name, "net_bonding") == 0) { + driver_name = BondingDeviceDriverGet(ptv->port_id); + } + // The PMD Driver i40e has a special way to set the RSS, it can be set via rte_flow rules // and only after the start of the port if (strcmp(driver_name, "net_i40e") == 0) @@ -202,6 +207,10 @@ static void DevicePostStartPMDSpecificActions(DPDKThreadVars *ptv, const char *d static void DevicePreStopPMDSpecificActions(DPDKThreadVars *ptv, const char *driver_name) { + if (strcmp(driver_name, "net_bonding") == 0) { + driver_name = BondingDeviceDriverGet(ptv->port_id); + } + if (strcmp(driver_name, "net_i40e") == 0) { #if RTE_VERSION > RTE_VERSION_NUM(20, 0, 0, 0) // Flush the RSS rules that have been inserted in the post start section diff --git a/src/util-dpdk-bonding.c b/src/util-dpdk-bonding.c new file mode 100644 index 0000000000..2dda0927a7 --- /dev/null +++ b/src/util-dpdk-bonding.c @@ -0,0 +1,120 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Lukas Sismis + */ + +#ifndef UTIL_DPDK_BONDING_C +#define UTIL_DPDK_BONDING_C + +#include "suricata-common.h" +#include "util-dpdk-bonding.h" + +#ifdef HAVE_DPDK + +#include "util-dpdk.h" +#include "util-debug.h" + +/** + * Determines if the port is Bond or not by evaluating device driver name + * @param pid port ID + * @return 0 - the device si Bond PMD, 1 - regular device, <0 error + */ +int32_t BondingIsBond(uint16_t pid) +{ + struct rte_eth_dev_info di; + int32_t ret = rte_eth_dev_info_get(pid, &di); + if (ret < 0) { + SCLogError("%s: unable to get device info (err: %s)", DPDKGetPortNameByPortID(pid), + rte_strerror(-ret)); + return ret; + } + + return strcmp(di.driver_name, "net_bonding") == 0 ? 0 : 1; +} + +uint16_t BondingMemberDevicesGet( + uint16_t bond_pid, uint16_t bonded_devs[], uint16_t bonded_devs_length) +{ +#ifdef HAVE_DPDK_BOND + int32_t len = rte_eth_bond_slaves_get(bond_pid, bonded_devs, bonded_devs_length); + if (len == 0) + FatalError("%s: no bonded devices found", DPDKGetPortNameByPortID(bond_pid)); + else if (len < 0) + FatalError("%s: unable to get bonded devices (err: %s)", DPDKGetPortNameByPortID(bond_pid), + rte_strerror(-len)); + + return len; +#else + FatalError( + "%s: bond port not supported in DPDK installation", DPDKGetPortNameByPortID(bond_pid)); +#endif +} + +int32_t BondingAllDevicesSameDriver(uint16_t bond_pid) +{ + uint16_t bonded_devs[RTE_MAX_ETHPORTS] = { 0 }; + uint16_t len = BondingMemberDevicesGet(bond_pid, bonded_devs, RTE_MAX_ETHPORTS); + + const char *driver_name = NULL, *first_driver_name = NULL; + struct rte_eth_dev_info di = { 0 }; + + for (uint16_t i = 0; i < len; i++) { + int32_t ret = rte_eth_dev_info_get(bonded_devs[i], &di); + if (ret < 0) + FatalError("%s: unable to get device info (err: %s)", + DPDKGetPortNameByPortID(bonded_devs[i]), rte_strerror(-ret)); + + if (i == 0) { + first_driver_name = di.driver_name; + } else { + driver_name = di.driver_name; + if (strncmp(first_driver_name, driver_name, + MIN(strlen(first_driver_name), strlen(driver_name))) != 0) { + return -EINVAL; // inconsistent drivers + } + } + } + + return 0; +} + +/** + * Translates to the driver that is actually used by the bonded ports + * \param bond_pid + * \return driver name, FatalError otherwise + */ +const char *BondingDeviceDriverGet(uint16_t bond_pid) +{ + uint16_t bonded_devs[RTE_MAX_ETHPORTS] = { 0 }; + BondingMemberDevicesGet(bond_pid, bonded_devs, RTE_MAX_ETHPORTS); + + struct rte_eth_dev_info di = { 0 }; + int32_t ret = rte_eth_dev_info_get(bonded_devs[0], &di); + if (ret < 0) + FatalError("%s: unable to get device info (err: %s)", + DPDKGetPortNameByPortID(bonded_devs[0]), rte_strerror(-ret)); + + return di.driver_name; +} + +#endif /* HAVE_DPDK */ + +#endif /* UTIL_DPDK_BONDING_C */ diff --git a/src/util-dpdk-bonding.h b/src/util-dpdk-bonding.h new file mode 100644 index 0000000000..f7fad5e648 --- /dev/null +++ b/src/util-dpdk-bonding.h @@ -0,0 +1,39 @@ +/* Copyright (C) 2023 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Lukas Sismis + */ + +#ifndef UTIL_DPDK_BONDING_H +#define UTIL_DPDK_BONDING_H + +#include "suricata-common.h" + +#ifdef HAVE_DPDK + +int32_t BondingIsBond(uint16_t pid); +uint16_t BondingMemberDevicesGet( + uint16_t bond_pid, uint16_t bonded_devs[], uint16_t bonded_devs_length); +int32_t BondingAllDevicesSameDriver(uint16_t bond_pid); +const char *BondingDeviceDriverGet(uint16_t bond_pid); + +#endif /* HAVE_DPDK */ + +#endif /* UTIL_DPDK_BONDING_H */ diff --git a/src/util-dpdk-i40e.c b/src/util-dpdk-i40e.c index 9122577a7e..2484b45c79 100644 --- a/src/util-dpdk-i40e.c +++ b/src/util-dpdk-i40e.c @@ -33,6 +33,7 @@ #include "util-dpdk-i40e.h" #include "util-dpdk.h" #include "util-debug.h" +#include "util-dpdk-bonding.h" #ifdef HAVE_DPDK @@ -110,7 +111,7 @@ static int i40eDeviceSetSymHash(int port_id, const char *port_name, int enable) return 0; } -static int i40eDeviceSetRSSWithFilter(int port_id, const char *port_name) +static int i40eDeviceApplyRSSFilter(int port_id, const char *port_name) { int retval = 0; @@ -142,6 +143,27 @@ static int i40eDeviceSetRSSWithFilter(int port_id, const char *port_name) return retval; } +static int32_t i40eDeviceSetRSSWithFilter(int port_id, const char *port_name) +{ + int32_t ret = BondingIsBond(port_id); + if (ret < 0) + return -ret; + + if (ret == 1) { // regular device + i40eDeviceApplyRSSFilter(port_id, port_name); + } else if (ret == 0) { // the device is Bond PMD + uint16_t bonded_devs[RTE_MAX_ETHPORTS]; + ret = BondingMemberDevicesGet(port_id, bonded_devs, RTE_MAX_ETHPORTS); + for (int i = 0; i < ret; i++) { + i40eDeviceApplyRSSFilter(bonded_devs[i], port_name); + } + } else { + FatalError("Unknown return value from BondingIsBond()"); + } + + return 0; +} + #else static int i40eDeviceSetRSSFlowQueues( diff --git a/src/util-dpdk.h b/src/util-dpdk.h index b0810640db..f6a54a8323 100644 --- a/src/util-dpdk.h +++ b/src/util-dpdk.h @@ -28,6 +28,9 @@ #include #include +#ifdef HAVE_DPDK_BOND +#include +#endif #include #include #include