aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,695 Commits
7 Branches
155 Tags
198 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7da805ffd9'
${ noResults }
Commit Graph

8695 Commits (7da805ffd9a9202c67d53ef6a06c3215436495e9)
 

Author SHA1 Message Date
Eric Leblond 7da805ffd9 doc: improve eBPF and XDP doc 
Remove reference to `buggy` clang as a workaround has been found in
libbpf.

Proof read and add information on the structure of eBPF code.
 7 years ago
Eric Leblond 6f69c65c48 util-ebpf: rename local variable 7 years ago
Eric Leblond 194751654f af-packet: count only CPUs once 7 years ago
Eric Leblond 8030e3f66b doc: update documentation 
This patch adds info on kernel requirement for XDP and rework a few
things.
 7 years ago
Eric Leblond 1526046072 ebpf: allow modified build of xdp_filter 
Using BUILD_CPUMAP constant will allow user to use XDP bypass on
kernel prior to 4.15.
 7 years ago
Jesper Dangaard Brouer 796ec08dd7 ebpf: improve xdp-cpu-redirect distribution in xdp_filter.c 
The XDP CPU destination array/set, configured via xdp-cpu-redirect,
will always be fairly small.  My different benchmarking showed that
the current modulo hashing into the CPU array can easily result in bad
distribution, expecially if the number of CPU is an even number.

This patch uses a proper hashing function on the input key. The key
used for hashing is inspired by the ippair hashing code in
src/tmqh-flow.c, and is based on the IP src + dst.

An important property is that the hashing is flow symmetric, meaning
that if the source and destintation gets swapped then the selected CPU
will remain the same.  This is important for Suricate.

That hashing INITVAL (15485863 the 10^6th prime number) was fairly
arbitrary choosen, but experiments with kernel tree pktgen scripts
(pktgen_sample04_many_flows.sh +pktgen_sample05_flow_per_thread.sh)
showed this improved the distribution.

Signed-off-by: Jesper Dangaard Brouer <netoptimizer@brouer.com>
 7 years ago
Jesper Dangaard Brouer 460a0a6977 ebpf: add Paul Hsieh's (LGPL 2.1) hash function SuperFastHash 
Adjusted function call API to take an initval. This allow the API
user to set the initial value, as a seed. This could also be used for
inputting the previous hash.

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
 7 years ago
Eric Leblond 0e1a4173ff doc: how to get live info about ebpf behavior 7 years ago
Eric Leblond 276b93fb53 unix-socket: add ebpf-bypassed-stats command 
This command output the count of element in IPv4 and IPv6 flow
table of interfaces using eBPF/XDP bypass.
 7 years ago
Eric Leblond 0356293d84 unix-socket: add bypassed counter to iface-stat 7 years ago
Eric Leblond 93f5b5f1e8 util-ebpf: add bypassed counters 
Use LiveDevice bypassed counter and also add hash size counters
for the v4 and v6 flow table.
 7 years ago
Jesper Dangaard Brouer b93548d2ab ebpf: maintain a copy of kernel UAPI header file linux/bpf.h 7 years ago
Eric Leblond 027c903f50 ebpf: fix detection of llc 7 years ago
Eric Leblond 8c7b5cb088 doc: add info about xdp IPS bypass 7 years ago
Eric Leblond f04391031f af-packet: XDP bypass in IPS mode 
Implement XDP bypass in IPS mode by using XDP redirect to send
packets from bypassed flow directly to the transmission interface.
 7 years ago
Eric Leblond 7bec54158f flow-bypass: introduce update function 
Main objective of the function is to be able to bypass a flow on
other interfaces. This is necessary in AF_PACKET case as the flow
table are per interface.
 7 years ago
Eric Leblond bc34703c09 ebpf: add some comments to eBPF filter 7 years ago
Eric Leblond 0807dd6740 ebpf: slight bypass_filter optimization 7 years ago
Eric Leblond 2b56b02569 util-ebpf: simplify code cleaning 
Avoid to use an unnecessary callback strategy as the purpose of the
function using the callback is hardcoded.
 7 years ago
Eric Leblond 94a622cb55 af-packet: add comments to eBPF/XDP code 7 years ago
Eric Leblond 3379311e66 af-packet: fix error handling in bypass case 
If the key is already in the hash table then the bypass is
succesful.
 7 years ago
Eric Leblond e1515b48ad util-ebpf: fix libbpf error handling 7 years ago
Eric Leblond ce8b74b524 doc: document XDP CPU redirect 7 years ago
Eric Leblond 4f57008a23 af-packet: add support for XDP cpu redirect map 
This patch adds a boolean option "xdp-cpu-redirect" to af-packet
interface configuration. If set, then the XDP filter will load
balance the skb creation on specified CPUs instead of doing the
creation on the CPU handling the packet. In the case of a card
with asymetric hashing this will allow to avoid saturating the
single CPU handling the trafic.

The XDP filter must contains a set of map allowing load balancing.
This is the case of xdp_filter.bpf.

Fixed-by: Jesper Dangaard Brouer <netoptimizer@brouer.com>
 7 years ago
Eric Leblond 33072a49fe ebpf: import more recent version of helpers 7 years ago
Eric Leblond ac5957d461 util-affinity: export CPU set parsing function 7 years ago
Eric Leblond 2598078ee6 af-packet: code cleaning and comments 7 years ago
Eric Leblond cde438f670 af-packet: add missing copyright header 
And also fixes the copyright date in some files.
 7 years ago
Eric Leblond 3f3a206722 util-ebpf: add error handling in hash value fetch 7 years ago
Eric Leblond 60265e023a doc: update xdp documentation 
Also remove configuration info from yaml as they are now in the
documentation.
 7 years ago
Peter Manev 5ee44c877c doc: add XDP setup documentation 7 years ago
Eric Leblond 1e729f059f af-packet: improve xdp error handling 
Don't try to bypass the flow if the flow table is unknown.

Also continue after error message if ever XDP was not correctly
setup.
 7 years ago
Eric Leblond 126488f74d af-packet: add support for multi iface bypass 7 years ago
Eric Leblond 4474889667 util-device: change logic of registration 
Device storage requires the devices to be created after storage
is finalized so we need to first get the list of devices then
create them when the storage is finalized.

This patch introduces the LiveDeviceName structure that is a list
of device name used during registration.

Code uses LiveRegisterDeviceName for pre registration and keep
using the LiveRegisterDevice function for part of the code that
create the interface during the runmode creation.
 7 years ago
Eric Leblond 0998f37b78 util-device: add an iteration function 7 years ago
Eric Leblond 3ae714d354 device-storage: introduce feature 
The capture method may have to store data depending related to the
offloading so having a per interface storage via LiveDevice seems
interesting.
 7 years ago
Eric Leblond e2d31e1c57 flow-bypass: fix sleep strategy 7 years ago
Eric Leblond 7a0d53448d tm-threads: fix build warning in afl mode 7 years ago
Eric Leblond 9cb591aa6c af-packet: remove done fixme in XDP 7 years ago
Eric Leblond eff10fce10 af-packet: end of map factoring 7 years ago
Eric Leblond d65f45856c af-packet: cache map fd search 7 years ago
Eric Leblond 17a32bdaa0 af-packet: fix bypassing of IPv6 
Also misc fixes.
 7 years ago
Eric Leblond b937e1afef util-ebpf: fix ipv6 cleaning and add comments 7 years ago
Eric Leblond 60752d231c util-ebpf: fix XDP delete key 
The key was deleted twice so let's remove the local deletion.
 7 years ago
Eric Leblond 08eec0833e flow-bypass: add abstraction layer 
The flow bypass thread can now be used by any capture method that
register it timeout check function.
 7 years ago
Eric Leblond 43ecf0d78d util-ebpf: add call to remove memlock limit 
Without that, user has to use ulimit to be able to load the eBPF
file.
 7 years ago
Eric Leblond a229635792 ebpf: implement vlan filter 
Basic filter allowing only a list of VLANs.
 7 years ago
Eric Leblond 0654c31397 util-ebpf: suppress call on loop init 7 years ago
Eric Leblond 8c88087948 af-packet: implementation of XDP bypass 
This patch adds support for XDP bypass. It provides an XDP
filter that can be loaded to realize the bypass of flows.
 7 years ago
Eric Leblond 31c947b4d8 af-packet: use per CPU hash in bypass 
eBPF has a data type which is a per CPU array. By adding one element
to the array it is in fact added to all per CPU arrays in the kernel.
This allows to have a lockless structure in the kernel even when doing
counter update.

In userspace, we need to update the flow bypass code to fetch all
elements of the per CPU arrays.
 7 years ago