suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

Draft: Introduce support for DPDK secondary mode for workers runmode

Open lukashino opened this issue 2 years ago • 4 comments

  • [X] I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing
  • [X] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/
  • [X] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket about Suricata secondary process support. Link to redmine ticket about prefilter application.

This is a follow-up of #7283 which incorporates two Redmine tickets together, one for Suricata secondary mode support and the other for adding an app that would run as a primary process. The PR extends the work of #7283 by continuing in reaching the prefilter concept. As of now, the prefilter configures the provided NICs according to the YAML configuration and then passes packets to Suricata through DPDK rings. It also uses a message system between Suricata and Prefilter for asynchronous bypass method. Suricata can also load Prefilter configuration by reading Prefilter's shared configuration stored in a memory zone. The prefilter is intended to be architecturally flexible (not depending on any hardcoded module) but as of now, for some use-cases, the prefilter uses Suricata library. Use flags --enable-dpdk --enable-dpdk-apps to enable Prefilter in the configuration process. The plan is to have a shared DPDK configuration codebase for prefilter and Suricata. As of result, prior to the compilation of the prefilter app, Suricata needs to be first compiled and installed (together with headers and library). Makefile target dpdk-apps-prereq should solve the issue. After the Suricata library is installed, it needs to be added to the list of shared libraries (ldconfig) or at least edit LD_LIBRARY_PATH variable. Makefile target dpdk-apps compiles the prefitler app. The final prefilter binary can be found in dpdk/prefilter/build folder.

Changelog from #7283:

  • new asynchronous bypass support through message mechanism
  • Suricata reading Prefilter configuration from a shared configuration memory zone
  • bug fixes

lukashino avatar May 27 '22 09:05 lukashino

Codecov Report

Merging #7433 (98df185) into master (0b51022) will decrease coverage by 0.01%. The diff coverage is 22.53%.

@@            Coverage Diff             @@
##           master    #7433      +/-   ##
==========================================
- Coverage   75.91%   75.89%   -0.02%     
==========================================
  Files         656      656              
  Lines      189943   190004      +61     
==========================================
+ Hits       144189   144208      +19     
- Misses      45754    45796      +42
Flag Coverage Δ
fuzzcorpus 60.56% <1.53%> (+<0.01%) :arrow_up:
suricata-verify 51.86% <25.80%> (-0.03%) :arrow_down:
unittests 61.05% <0.00%> (-0.03%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

codecov[bot] avatar May 27 '22 09:05 codecov[bot]

@lukashino do you need feedback on this ? Or can you rebase it ?

catenacyber avatar Jul 06 '22 08:07 catenacyber

This is supposed to be a preview PR. I would like to get feedback on this, however, I believe in a short span I will push a new version with more things so we might just wait for that one. Thanks. Alternatively, we can close this one for now.

lukashino avatar Jul 12 '22 10:07 lukashino

Ok, then waiting for the next :-)

catenacyber avatar Jul 12 '22 11:07 catenacyber

Can you push a rebased version of this?

victorjulien avatar Aug 26 '22 09:08 victorjulien

Rebased and updated version continues in #7818

lukashino avatar Sep 02 '22 11:09 lukashino