suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

Draft: Introduce support for DPDK secondary mode for workers runmode and DPDK Prefilter

Open lukashino opened this issue 1 year ago • 1 comments

  • [X] I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing
  • [X] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/
  • [X] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket about Suricata secondary process support. Link to redmine ticket about prefilter application.

This is a follow-up of #7433 which incorporates two Redmine tickets together, one for Suricata secondary mode support and the other for adding an app that would run as a primary process. The PR extends the work of #7283 by continuing in reaching the prefilter concept. As of now, the prefilter configures the provided NICs according to the YAML configuration and then passes packets to Suricata through DPDK rings. It also uses a message system between Suricata and Prefilter for the asynchronous bypass method. Suricata can also load Prefilter configuration by reading Prefilter's shared configuration stored in a memory zone. DPDK Prefilter is intended to be architecturally flexible (not depending on any hardcoded module) but as of now, for some use-cases, DPDK Prefilter uses the Suricata library. Use flags --enable-dpdk --enable-dpdk-apps to enable Prefilter in the configuration process. The plan is to have a shared DPDK configuration codebase for DPDK Prefilter and Suricata. As of result, prior to the compilation of the prefilter app, Suricata needs to be first compiled and installed (together with headers and library). Makefile target dpdk-apps-prereq should solve the issue. After the Suricata library is installed, it needs to be added to the list of shared libraries (ldconfig) or at least edit LD_LIBRARY_PATH variable. Makefile target dpdk-apps compiles the prefitler app. The final prefilter binary can be found in dpdk/prefilter/build folder.

Changelog from #7433 :

  • updated asynchronous bypass support through message mechanism
  • bug fixes
  • rebase on the main branch

lukashino avatar Sep 01 '22 19:09 lukashino

Left some suggestions for the documentation page :P

@jufajardini made the changes, thanks! They will be part of the next PR.. ;)

lukashino avatar Sep 15 '22 14:09 lukashino