aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,569 Commits
8 Branches
163 Tags
187 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '74326a43e7'
${ noResults }
Commit Graph

80 Commits (74326a43e7cff0665c6973abad9b4accfcfb952d)

Author SHA1 Message Date
Jeff Lucovsky 31793aface time: Replace struct timeval with scalar value 
Issue: 5718

This commit switches the majority of time handling to a new type --
SCTime_t -- which is a 64 bit container for time:
- 44 bits -- seconds
- 20 bits -- useconds
 3 years ago
Victor Julien b31ffde6f4 output: remove error codes from output 3 years ago
Victor Julien 39f5c7f56a error: use SC_EINVAL for invalid input 3 years ago
Victor Julien e042cd785e error: use SC_ENOMEM for alloc errors 3 years ago
Sascha Steinbiss 148b53125b ebpf: update deprecated API calls 
This fixes build errors when libbpf 1.0 is used. It removes previously
deprecated API functions that were still in use in Suricata's eBPF
code.
 3 years ago
Philippe Antoine 02f2602dde src: rework includes as per cppclean 3 years ago
Eric Leblond d477d3a878 util/ebpf: fix deprecation warning 
The function bpf_program__title has been deprecated in favor of
bpf_program__section_name.
 5 years ago
Juliana Fajardini e7c1c3c374 ebpf/util: change flow storage to new 'id' type 5 years ago
Juliana Fajardini 3b1a653467 device/storage: use dedicated 'id' type 
- Wrap the id in a new LiveDevStorageId struct, to avoid id
 confusion with other storage API calls.
- Formatting fixes by clang.
 5 years ago
Eric Leblond 6494abc6b1 ebpf: fix invalid description in doc string 5 years ago
Jason Ish 900f1522b4 plugins: config.h: move into src and rename to autoconf.h 
While fixing files that include config.h, just remove the
include if possible.
 5 years ago
Eric Leblond 6126f105ea util-ebpf: fix creation of flow from pinned maps 6 years ago
Eric Leblond 0963fea390 util-ebpf: log bypassed flow maps count 6 years ago
Eric Leblond c938dbde27 util-ebpf: early exit if no map 6 years ago
Eric Leblond 9206b30fe1 af-packet: better accounting and error handling 
This patch improves the bypass error handling add adds more counters
to the interface so it is possible to get a view on success and
failure of insertion in the eBPF maps via the `iface-bypassed-stat`
command.
 6 years ago
Eric Leblond aeb2bd3aa1 util-ebpf: optimization on flow storage queries 6 years ago
Eric Leblond 288f335aa5 util-ebpf: simplify free function 
First key can't be null.
 6 years ago
Eric Leblond f4abe2f9c0 util-ebpf: set livedev in flow 
This will fix the accounting for pinned maps as the livedev field
of Flow is used to do the accounting of bypass flows.
 6 years ago
Eric Leblond 89e8cb50ed util-ebpf: case is not possible so remove warning 6 years ago
Eric Leblond d119845d98 bypass: compress flow keys structure 6 years ago
Eric Leblond 69d2c8eb75 ebpf: get rid of hash in map value 6 years ago
Eric Leblond b07bda7a7b bypass: new callback stragegy 
This patch introduces and uses a new bypass strategy
based on a callback. EBPF bypass implementation is
updated to use this new strategy.

Once the flow manager detect that a flow should be timeouted,
it asks the capture method if it has seen packets in the interval.
If it is the case the lastts of the flow is updated and the timeout
is postponed.
 6 years ago
Eric Leblond 44566e5a24 ebpf: only display that file is loaded if we do it 6 years ago
Eric Leblond af6daceeda util-ebpf: more useful error message 
At the time of the writing, libbpf output useful error message
on strdout only and errno is not really interesting. So let's
tell user to look at stdout.
 6 years ago
Eric Leblond 0f64c25b73 util-ebpf: improve code readability 
As pointed by Victor Julien, the pkts_cnt usage was quite confusing
so functions are now returning a bool.
 6 years ago
Eric Leblond a8f35cc30e util-ebpf: discard flow if no Flow storage 6 years ago
Eric Leblond efb648aa24 util-ebpf: fix ebpf bypass 
Fix endian order in eBPF bypass. It has to be updated after the
bypassed flows handling change.
 6 years ago
Eric Leblond f8aa9ee986 bypass: fix wait time at exit 
The loop on bypassed flow maps can take a few seconds on heavily
loaded system causing Suricata to not honor a stop before a few
seconds.

This patch adds the code needed to detect the need to exit from
the check loop.
 6 years ago
Eric Leblond 6ab1cbcb8e bypass: use flow storage for bypass counter 
There is a synchronization issue occuring when a flow is
added to the eBPF bypass maps. The flow can have packets
in the ring buffer that have already passed the eBPF stage.
By consequences, they are not accounted in the eBPF counter
but are accounted by Suricata flow engine.

This was causing counters to be completely wrong. This code
fixes the issue by avoiding the counter change in invalid
case.

To avoid adding 4 64bits integers to the Flow structure for the
bypass accounting, we use instead a FlowStorage. This limits the
memory usage to the size of a pointer.
 6 years ago
Eric Leblond 4e6add7faa bypass: generalize iface bypass stats 
Introduce functions in util-device.c to be able to manage the
flow bypassed count stats.
 6 years ago
Eric Leblond 258e90be76 util-ebpf: change flow accounting logic 
Update the flow counters during the life of a bypassed flow
instead of just accounting at the end of it.
 6 years ago
Eric Leblond 3026e9a80d util-ebpf: better error handling 6 years ago
Eric Leblond 2ffd3ad2b7 util-ebpf: better error handling of map unlink 6 years ago
Eric Leblond b952b32a26 util-ebpf: rename field 'unlink' to avoid confusion 6 years ago
Eric Leblond 4129938c21 util-ebpf: log level fixes and code cleaning 6 years ago
Eric Leblond 140269a6be util-ebpf: init code optimization 6 years ago
Eric Leblond c5e2af0545 util-ebpf: fix error reported by coccinelle check 
Some allocation errors were not checked during init phase.
 6 years ago
Eric Leblond 651a27e4fb ebpf: fix percpu hash handling 
An alignement issue was preventing the code to work properly.
We introduce macros taken from Linux source code sample to get
something that should work on the long term.
 6 years ago
Eric Leblond 07d0bd3a0f util-ebpf: fix IPv6 deletion loop 6 years ago
Eric Leblond 3bd8ba5d00 util-ebpf: add message if key deletion fails 6 years ago
Eric Leblond 269f601f8a util-ebpf: can't delete in place so update algo 6 years ago
Eric Leblond 36c6a62954 util-ebpf: simplify function declarations 6 years ago
Eric Leblond 69630d7a17 util-ebpf: micro optimization 6 years ago
Eric Leblond d21c3a6555 util-ebpf: create flow from bypassed flows 6 years ago
Eric Leblond 885fc992de ebpf: make table iterator generic 
Also adds a basic skeleton for flow creation loop.
 6 years ago
Eric Leblond 880c42f11c af-packet: bypass with init function 6 years ago
Eric Leblond 522e98d830 util-ebpf: fix iteration in flow timeout 
We were not setting the key using the correct item in map. Result
was deletion of wrong flow.
 6 years ago
Eric Leblond 0c3e1e8579 af-packet: correctly set up hardware offload 6 years ago
Eric Leblond 7e0ef4cec8 util-ebpf: change return of pinned maps loading 
The calling function needs to be able to see when this is a success
and XDP do not need to be reloaded.
 6 years ago
Eric Leblond d950a9f272 util-ebpf: conditional flow table loading 6 years ago