aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,961 Commits
7 Branches
161 Tags
210 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f8aa9ee986'
${ noResults }
Commit Graph

53 Commits (f8aa9ee9868f748e80c57acbfca3da96d594abf4)

Author SHA1 Message Date
Eric Leblond f8aa9ee986 bypass: fix wait time at exit 
The loop on bypassed flow maps can take a few seconds on heavily
loaded system causing Suricata to not honor a stop before a few
seconds.

This patch adds the code needed to detect the need to exit from
the check loop.
 6 years ago
Eric Leblond 6ab1cbcb8e bypass: use flow storage for bypass counter 
There is a synchronization issue occuring when a flow is
added to the eBPF bypass maps. The flow can have packets
in the ring buffer that have already passed the eBPF stage.
By consequences, they are not accounted in the eBPF counter
but are accounted by Suricata flow engine.

This was causing counters to be completely wrong. This code
fixes the issue by avoiding the counter change in invalid
case.

To avoid adding 4 64bits integers to the Flow structure for the
bypass accounting, we use instead a FlowStorage. This limits the
memory usage to the size of a pointer.
 6 years ago
Eric Leblond 4e6add7faa bypass: generalize iface bypass stats 
Introduce functions in util-device.c to be able to manage the
flow bypassed count stats.
 6 years ago
Eric Leblond 258e90be76 util-ebpf: change flow accounting logic 
Update the flow counters during the life of a bypassed flow
instead of just accounting at the end of it.
 6 years ago
Eric Leblond 3026e9a80d util-ebpf: better error handling 6 years ago
Eric Leblond 2ffd3ad2b7 util-ebpf: better error handling of map unlink 6 years ago
Eric Leblond b952b32a26 util-ebpf: rename field 'unlink' to avoid confusion 6 years ago
Eric Leblond 4129938c21 util-ebpf: log level fixes and code cleaning 6 years ago
Eric Leblond 140269a6be util-ebpf: init code optimization 6 years ago
Eric Leblond c5e2af0545 util-ebpf: fix error reported by coccinelle check 
Some allocation errors were not checked during init phase.
 6 years ago
Eric Leblond 651a27e4fb ebpf: fix percpu hash handling 
An alignement issue was preventing the code to work properly.
We introduce macros taken from Linux source code sample to get
something that should work on the long term.
 6 years ago
Eric Leblond 07d0bd3a0f util-ebpf: fix IPv6 deletion loop 6 years ago
Eric Leblond 3bd8ba5d00 util-ebpf: add message if key deletion fails 6 years ago
Eric Leblond 269f601f8a util-ebpf: can't delete in place so update algo 6 years ago
Eric Leblond 36c6a62954 util-ebpf: simplify function declarations 6 years ago
Eric Leblond 69630d7a17 util-ebpf: micro optimization 6 years ago
Eric Leblond d21c3a6555 util-ebpf: create flow from bypassed flows 6 years ago
Eric Leblond 885fc992de ebpf: make table iterator generic 
Also adds a basic skeleton for flow creation loop.
 6 years ago
Eric Leblond 880c42f11c af-packet: bypass with init function 6 years ago
Eric Leblond 522e98d830 util-ebpf: fix iteration in flow timeout 
We were not setting the key using the correct item in map. Result
was deletion of wrong flow.
 6 years ago
Eric Leblond 0c3e1e8579 af-packet: correctly set up hardware offload 6 years ago
Eric Leblond 7e0ef4cec8 util-ebpf: change return of pinned maps loading 
The calling function needs to be able to see when this is a success
and XDP do not need to be reloaded.
 6 years ago
Eric Leblond d950a9f272 util-ebpf: conditional flow table loading 6 years ago
Eric Leblond d25e8dbfc7 af-packet: implement pinned-maps-name 6 years ago
Eric Leblond b1769d5f8f util-ebpf: implement pinned maps loading 
Load flow tables at start if asked to.
 6 years ago
Eric Leblond 96f1454ebf util-ebpf: only unlink pinned maps in eBPF filter 6 years ago
Eric Leblond 4f48c45727 util-ebpf: conditional pinning of maps 
Only pin maps if `pinned-maps` is set in the configuration. This
ensure backward compatibility.
 6 years ago
Eric Leblond 73a928fa0b util-ebpf: fix loop on maps 
We were missing the last element of the map by working on previous
key instead of current key.
 6 years ago
Eric Leblond 3ce69c446b util-ebpf: suppress spaces at end of line 6 years ago
Eric Leblond 954762a429 ebpf: add filter by maps on example filter 6 years ago
Eric Leblond 5d8ac36a49 util-ebpf: pin the maps 
By pinning the maps we are creating a file in /sys/fs/bpf that can
be used by external program to access the map. This has multiple
benefits such as handling list from an external program.

The pinned maps could be persistent accross Suricata reload but
this can be complicated in term of handling everything in the life
of Suricata.
 6 years ago
Eric Leblond bf4381b17b ebpf: document XDP iface redirect 6 years ago
Eric Leblond 315c29a8e6 ebpf: change the logic to avoid ktime usage 
Kernel time is not available (and/or costly) on NIC such as
Netronome so we update the logic to detect dead flows based on a
lack of update of packets counters. This way, the XDP filter will
be usable by network card.

This patch also updates the ebpf code to support per CPU and
regular mapping. Netronome is not supporting it and the structure
is using atomic for counter so the cost of simultaneous update
is really low.

This patch also updates the xdp_filter to be able to select if the
flow table is per CPU on shared. Second option will be used for
hardward offload. To deactivate the per cpu hash, you need to set
USE_PERCPU_HASH to 0.

This patch also adds an new option to af-packet named no-percpu-hash
If this option is set to yes then the Flow bypassed manager thread
will use one CPU instead of the number of cores. By doing that
we are able to handle the case where USE_PERCPU_HASH is unset (so
hardware offload for Netronome).

This patch also remove aligment indications in the eBPF filter. This
was not really needed and it seems it is causing problem with
some recent version of LLVM toolchain.
 6 years ago
Eric Leblond 6f69c65c48 util-ebpf: rename local variable 8 years ago
Eric Leblond 276b93fb53 unix-socket: add ebpf-bypassed-stats command 
This command output the count of element in IPv4 and IPv6 flow
table of interfaces using eBPF/XDP bypass.
 8 years ago
Eric Leblond 93f5b5f1e8 util-ebpf: add bypassed counters 
Use LiveDevice bypassed counter and also add hash size counters
for the v4 and v6 flow table.
 8 years ago
Eric Leblond f04391031f af-packet: XDP bypass in IPS mode 
Implement XDP bypass in IPS mode by using XDP redirect to send
packets from bypassed flow directly to the transmission interface.
 8 years ago
Eric Leblond 2b56b02569 util-ebpf: simplify code cleaning 
Avoid to use an unnecessary callback strategy as the purpose of the
function using the callback is hardcoded.
 8 years ago
Eric Leblond 94a622cb55 af-packet: add comments to eBPF/XDP code 8 years ago
Eric Leblond e1515b48ad util-ebpf: fix libbpf error handling 8 years ago
Eric Leblond 4f57008a23 af-packet: add support for XDP cpu redirect map 
This patch adds a boolean option "xdp-cpu-redirect" to af-packet
interface configuration. If set, then the XDP filter will load
balance the skb creation on specified CPUs instead of doing the
creation on the CPU handling the packet. In the case of a card
with asymetric hashing this will allow to avoid saturating the
single CPU handling the trafic.

The XDP filter must contains a set of map allowing load balancing.
This is the case of xdp_filter.bpf.

Fixed-by: Jesper Dangaard Brouer <netoptimizer@brouer.com>
 8 years ago
Eric Leblond 3f3a206722 util-ebpf: add error handling in hash value fetch 8 years ago
Eric Leblond 126488f74d af-packet: add support for multi iface bypass 8 years ago
Eric Leblond 17a32bdaa0 af-packet: fix bypassing of IPv6 
Also misc fixes.
 8 years ago
Eric Leblond b937e1afef util-ebpf: fix ipv6 cleaning and add comments 8 years ago
Eric Leblond 60752d231c util-ebpf: fix XDP delete key 
The key was deleted twice so let's remove the local deletion.
 8 years ago
Eric Leblond 08eec0833e flow-bypass: add abstraction layer 
The flow bypass thread can now be used by any capture method that
register it timeout check function.
 8 years ago
Eric Leblond 43ecf0d78d util-ebpf: add call to remove memlock limit 
Without that, user has to use ulimit to be able to load the eBPF
file.
 8 years ago
Eric Leblond 0654c31397 util-ebpf: suppress call on loop init 8 years ago
Eric Leblond 8c88087948 af-packet: implementation of XDP bypass 
This patch adds support for XDP bypass. It provides an XDP
filter that can be loaded to realize the bypass of flows.
 8 years ago