aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,964 Commits
7 Branches
155 Tags
198 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a8f35cc30e'
${ noResults }
Commit Graph

8591 Commits (a8f35cc30ec91d0a01615906e4f5dddae93c4467)

Author SHA1 Message Date
Eric Leblond a8f35cc30e util-ebpf: discard flow if no Flow storage 6 years ago
Eric Leblond efb648aa24 util-ebpf: fix ebpf bypass 
Fix endian order in eBPF bypass. It has to be updated after the
bypassed flows handling change.
 6 years ago
Eric Leblond f8aa9ee986 bypass: fix wait time at exit 
The loop on bypassed flow maps can take a few seconds on heavily
loaded system causing Suricata to not honor a stop before a few
seconds.

This patch adds the code needed to detect the need to exit from
the check loop.
 6 years ago
Eric Leblond a277f2eb0c af-packet: fix use after free on config 
ASAN did find that afp config was used after free. This was in
fact done in the Flow bypass manager hence this patch.
 6 years ago
Eric Leblond fc2f2fa7d3 bypass: allow bypass for packet without flow 
For capture method that have their own flow structure (not maintained
by Suricata), it can make sense to bypass a packet even if there is
no Flow in Suricata.

For AF_PACKET it does not make sense as the eBPF map entry will
be destroyed as soon as it will be checked by the flow bypass
manager. Thus we shortcut the bypass function if ever no Flow is
attached to the packet.

This path also removes reference to Flow in the bypass functions
for AF_PACKET. It was not necessary and we possibly could benefit
of it if ever we change the bypass algorithm.
 6 years ago
Eric Leblond 6ab1cbcb8e bypass: use flow storage for bypass counter 
There is a synchronization issue occuring when a flow is
added to the eBPF bypass maps. The flow can have packets
in the ring buffer that have already passed the eBPF stage.
By consequences, they are not accounted in the eBPF counter
but are accounted by Suricata flow engine.

This was causing counters to be completely wrong. This code
fixes the issue by avoiding the counter change in invalid
case.

To avoid adding 4 64bits integers to the Flow structure for the
bypass accounting, we use instead a FlowStorage. This limits the
memory usage to the size of a pointer.
 6 years ago
Eric Leblond 4e6add7faa bypass: generalize iface bypass stats 
Introduce functions in util-device.c to be able to manage the
flow bypassed count stats.
 6 years ago
Eric Leblond 258e90be76 util-ebpf: change flow accounting logic 
Update the flow counters during the life of a bypassed flow
instead of just accounting at the end of it.
 6 years ago
Eric Leblond 3026e9a80d util-ebpf: better error handling 6 years ago
Eric Leblond 2ffd3ad2b7 util-ebpf: better error handling of map unlink 6 years ago
Eric Leblond b952b32a26 util-ebpf: rename field 'unlink' to avoid confusion 6 years ago
Eric Leblond edf2db4e30 af-packet: improve warning message 6 years ago
Eric Leblond 567b5ee1bc af-packet: rename option 'no-percpu-hash' 6 years ago
Eric Leblond 0f6b1297a9 af-packet: warn when XDP is not supported 6 years ago
Eric Leblond b1c9b39435 af-packet: remove question from code 6 years ago
Eric Leblond 1992093c88 flow-bypass: rename variables 6 years ago
Eric Leblond d239e0f2d5 flow-hash: doc and code cleaning 6 years ago
Eric Leblond b736344975 flow-bypass: clock_gettime error handling 
Only reason clock_gettime could fail is a permission so let's
error and leave the flow bypass manager if it is the case.

Also let's suppress the error message if ever the error appear in
the middle of a run (which is unlikely).
 6 years ago
Eric Leblond 4129938c21 util-ebpf: log level fixes and code cleaning 6 years ago
Eric Leblond 140269a6be util-ebpf: init code optimization 6 years ago
Eric Leblond c5e2af0545 util-ebpf: fix error reported by coccinelle check 
Some allocation errors were not checked during init phase.
 6 years ago
Eric Leblond c1fd0da550 af-packet: add vlan_id in bypass key 
Bypassing on vlan was not supported due to the missing key.
 6 years ago
Eric Leblond 651a27e4fb ebpf: fix percpu hash handling 
An alignement issue was preventing the code to work properly.
We introduce macros taken from Linux source code sample to get
something that should work on the long term.
 6 years ago
Eric Leblond 142c69e1ef flow-bypass: increase bypass timeout 
This is needed as we did switch from counter maintained in kernel
to internal polling so we need a bigger value.
 6 years ago
Eric Leblond b8e184ceb5 flow-bypass: fix timeout of maps bypassed flows 
The time is taken from the parameter and is checked against real
flow entries so we need a standard time.
 6 years ago
Eric Leblond 07d0bd3a0f util-ebpf: fix IPv6 deletion loop 6 years ago
Eric Leblond b481f290e2 af-packet: fix bypass for IPv6 6 years ago
Eric Leblond 3bd8ba5d00 util-ebpf: add message if key deletion fails 6 years ago
Eric Leblond 269f601f8a util-ebpf: can't delete in place so update algo 6 years ago
Eric Leblond 5b056c15bf af-packet: fix default in pinned maps name 6 years ago
Eric Leblond eff56acca5 af-packet: be sure to nullify option if not set 6 years ago
Eric Leblond 36c6a62954 util-ebpf: simplify function declarations 6 years ago
Eric Leblond 69630d7a17 util-ebpf: micro optimization 6 years ago
Eric Leblond d21c3a6555 util-ebpf: create flow from bypassed flows 6 years ago
Eric Leblond 04c65a309e flow-hash: new function to get flow from flowkey 6 years ago
Eric Leblond 885fc992de ebpf: make table iterator generic 
Also adds a basic skeleton for flow creation loop.
 6 years ago
Eric Leblond 880c42f11c af-packet: bypass with init function 6 years ago
Eric Leblond 522e98d830 util-ebpf: fix iteration in flow timeout 
We were not setting the key using the correct item in map. Result
was deletion of wrong flow.
 6 years ago
Eric Leblond 0c3e1e8579 af-packet: correctly set up hardware offload 6 years ago
Eric Leblond bd28f77a1e af-packet: fix loading of ebpf filter 6 years ago
Eric Leblond 6fdcb127e9 af-packet: fix the start when XDP is pinned 6 years ago
Eric Leblond 7e0ef4cec8 util-ebpf: change return of pinned maps loading 
The calling function needs to be able to see when this is a success
and XDP do not need to be reloaded.
 6 years ago
Eric Leblond d950a9f272 util-ebpf: conditional flow table loading 6 years ago
Eric Leblond d25e8dbfc7 af-packet: implement pinned-maps-name 6 years ago
Eric Leblond 36838017fe af-packet: fix build when eBPF not built-in 6 years ago
Eric Leblond b1769d5f8f util-ebpf: implement pinned maps loading 
Load flow tables at start if asked to.
 6 years ago
Eric Leblond 96f1454ebf util-ebpf: only unlink pinned maps in eBPF filter 6 years ago
Eric Leblond 4cf531008e af-packet: conditionaly remove XDP filter 
Only remove the XDP filter if we are in XDP mode and not using the
pinned maps.
 6 years ago
Eric Leblond 4f48c45727 util-ebpf: conditional pinning of maps 
Only pin maps if `pinned-maps` is set in the configuration. This
ensure backward compatibility.
 6 years ago
Eric Leblond 73a928fa0b util-ebpf: fix loop on maps 
We were missing the last element of the map by working on previous
key instead of current key.
 6 years ago