suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

Netmap: Backport to 6.0.x

Open jlucovsky opened this issue 2 years ago • 2 comments

Continuation of #7115

Batch backport of Netmap issues to 6.0.x:

  • Issue #4582 that provide access to the Netmap API changes in Netmap API versions 14+.
  • Issue #4883 allows specification of Netmap libraries during configure

The new APIs are only available when you configure Suricata and include --enable-netmap-v14 Specify non-standard location of Netmap libraries with --with-netmap-libraries=dir

Updates

  • Removed many changes from master commit that weren't strictly necessary.

Describe changes:

  • Changes to configure to choose the new APIs. Use --enable-netmap-v14 to select the new APIs
  • Netmap V14+ api changes (cherry-picked and amended as needed).
  • Changes to configure to specify Netmap library directory. Use --with-netmap-libraries=dir

Updates:

  • Rebase

#suricata-verify-pr: #suricata-verify-repo: #suricata-verify-branch: #suricata-update-pr: #suricata-update-repo: #suricata-update-branch: #libhtp-pr: #libhtp-repo: #libhtp-branch:

jlucovsky avatar Jun 02 '22 14:06 jlucovsky

ERROR:

ERROR: QA failed on tlpw1_files_sha256.

ERROR: QA failed on tlpr1_alerts_cmp.

ERROR: QA failed on ips_afp_drop_chk.

ERROR: QA failed on generic_cfg_time.

Pipeline 7666

suricata-qa avatar Jun 03 '22 02:06 suricata-qa

ERROR:

ERROR: QA failed on tlpw1_files_sha256.

ERROR: QA failed on tlpr1_alerts_cmp.

ERROR: QA failed on ips_afp_drop_chk.

ERROR: QA failed on generic_cfg_time.

Pipeline 7666 WARNING: THERE IS A KNOWN BAD BASELINE WITH PACKET DROPS. BE MINDFUL OF ANY RESULTS.

suricata-qa avatar Aug 31 '22 18:08 suricata-qa

Merged in #8180, thanks!

victorjulien avatar Nov 17 '22 19:11 victorjulien

Was talking to @jlucovsky about this last week and we wanted to put more QA into it as per his request. I don’t think we enable this for the FreeBSD port when it hits. The broader change in 7 will be more justifiable overall.

fichtner avatar Nov 17 '22 19:11 fichtner

Was talking to @jlucovsky about this last week and we wanted to put more QA into it as per his request. I don’t think we enable this for the FreeBSD port when it hits. The broader change in 7 will be more justifiable overall.

Yeah this is why it is hidden behind the configure time option. But wanted to make it available to those who've been asking for it.

victorjulien avatar Nov 17 '22 19:11 victorjulien

If somebody actually asked for this they will eventually ask for it in the FreeBSD port too. This will be fun. :)

fichtner avatar Nov 17 '22 20:11 fichtner

If somebody actually asked for this they will eventually ask for it in the FreeBSD port too. This will be fun. :)

Good luck ;)

victorjulien avatar Nov 18 '22 15:11 victorjulien