From e54084fa87122d3c8b9a88dd063708cefa5a82dc Mon Sep 17 00:00:00 2001 From: Lukas Sismis Date: Sun, 24 Mar 2024 07:34:50 +0100 Subject: [PATCH] dpdk: implement DPDK SW tests Implement Github CI tests to run DPDK Suri with the minimal configuration to verify that Suricata can start in both IDS and IPS configuration. --- .github/workflows/builds.yml | 14 ++++++ .github/workflows/dpdk/suricata-null-ids.yaml | 38 +++++++++++++++ .github/workflows/dpdk/suricata-null-ips.yaml | 47 +++++++++++++++++++ 3 files changed, 99 insertions(+) create mode 100644 .github/workflows/dpdk/suricata-null-ids.yaml create mode 100644 .github/workflows/dpdk/suricata-null-ips.yaml diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index b393f66cba..ffa65b5f3e 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -2103,6 +2103,20 @@ jobs: - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-dpdk - run: make -j ${{ env.CPUS }} - run: make check + # IDS config + - run: rm -f ./eve.json + - run: | + timeout --kill-after=30 --preserve-status 3 \ + ./src/suricata -c .github/workflows/dpdk/suricata-null-ids.yaml -S /dev/null -l ./ --dpdk -vvvv + - run: | + test $(jq -c 'select(.event_type == "stats")' ./eve.json | tail -n1 | jq '.stats.capture.packets > 0') = true + # IPS config + - run: rm -f ./eve.json + - run: | + timeout --kill-after=30 --preserve-status 3 \ + ./src/suricata -c .github/workflows/dpdk/suricata-null-ips.yaml -S /dev/null -l ./ --dpdk -vvvv + - run: | + test $(jq -c 'select(.event_type == "stats")' ./eve.json | tail -n1 | jq '.stats.capture.packets > 0') = true debian-12: name: Debian 12 diff --git a/.github/workflows/dpdk/suricata-null-ids.yaml b/.github/workflows/dpdk/suricata-null-ids.yaml new file mode 100644 index 0000000000..ba13a7f744 --- /dev/null +++ b/.github/workflows/dpdk/suricata-null-ids.yaml @@ -0,0 +1,38 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filetype: regular + append: false + filename: eve.json + level: Info + types: + - stats: + totals: yes +dpdk: + eal-params: + proc-type: primary + vdev: net_null0 + no-huge: + m: 256 + + interfaces: + - interface: net_null0 # PCIe address of the NIC port + threads: auto + mempool-size: 511 + mempool-cache-size: auto + rx-descriptors: 16 + tx-descriptors: 16 + copy-mode: none + copy-iface: none # or PCIe address of the second interface + +threading: + set-cpu-affinity: yes + cpu-affinity: + - management-cpu-set: + cpu: [ 0 ] + - worker-cpu-set: + cpu: [ "all" ] + mode: "exclusive" diff --git a/.github/workflows/dpdk/suricata-null-ips.yaml b/.github/workflows/dpdk/suricata-null-ips.yaml new file mode 100644 index 0000000000..6667ce2f8b --- /dev/null +++ b/.github/workflows/dpdk/suricata-null-ips.yaml @@ -0,0 +1,47 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filetype: regular + append: false + filename: eve.json + level: Info + types: + - stats: + totals: yes + +dpdk: + eal-params: + proc-type: primary + vdev: ["net_null0", "net_null1"] + no-huge: + m: 256 + + interfaces: + - interface: net_null0 + threads: 1 + mempool-size: 511 + mempool-cache-size: auto + rx-descriptors: 16 + tx-descriptors: 16 + copy-mode: ips + copy-iface: net_null1 + - interface: net_null1 + threads: 1 + mempool-size: 511 + mempool-cache-size: auto + rx-descriptors: 16 + tx-descriptors: 16 + copy-mode: ips + copy-iface: net_null0 + +threading: + set-cpu-affinity: yes + cpu-affinity: + - management-cpu-set: + cpu: [ 0 ] + - worker-cpu-set: + cpu: [ "1-2" ] + mode: "exclusive"