aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,929 Commits
7 Branches
155 Tags
198 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c5e2af0545'
${ noResults }
Commit Graph

9929 Commits (c5e2af05459e809deba76547110248af8b73ced8)
 

Author SHA1 Message Date
Eric Leblond c5e2af0545 util-ebpf: fix error reported by coccinelle check 
Some allocation errors were not checked during init phase.
 6 years ago
Eric Leblond c1fd0da550 af-packet: add vlan_id in bypass key 
Bypassing on vlan was not supported due to the missing key.
 6 years ago
Eric Leblond 651a27e4fb ebpf: fix percpu hash handling 
An alignement issue was preventing the code to work properly.
We introduce macros taken from Linux source code sample to get
something that should work on the long term.
 6 years ago
Eric Leblond 142c69e1ef flow-bypass: increase bypass timeout 
This is needed as we did switch from counter maintained in kernel
to internal polling so we need a bigger value.
 6 years ago
Eric Leblond b8e184ceb5 flow-bypass: fix timeout of maps bypassed flows 
The time is taken from the parameter and is checked against real
flow entries so we need a standard time.
 6 years ago
Eric Leblond 07d0bd3a0f util-ebpf: fix IPv6 deletion loop 6 years ago
Eric Leblond b481f290e2 af-packet: fix bypass for IPv6 6 years ago
Eric Leblond 3bd8ba5d00 util-ebpf: add message if key deletion fails 6 years ago
Eric Leblond 269f601f8a util-ebpf: can't delete in place so update algo 6 years ago
Eric Leblond 5b056c15bf af-packet: fix default in pinned maps name 6 years ago
Eric Leblond eff56acca5 af-packet: be sure to nullify option if not set 6 years ago
Eric Leblond 36c6a62954 util-ebpf: simplify function declarations 6 years ago
Eric Leblond 69630d7a17 util-ebpf: micro optimization 6 years ago
Eric Leblond d21c3a6555 util-ebpf: create flow from bypassed flows 6 years ago
Eric Leblond 04c65a309e flow-hash: new function to get flow from flowkey 6 years ago
Eric Leblond 885fc992de ebpf: make table iterator generic 
Also adds a basic skeleton for flow creation loop.
 6 years ago
Eric Leblond 880c42f11c af-packet: bypass with init function 6 years ago
Eric Leblond f93573ac5e ebpf: fix indentation in xdp_filter 6 years ago
Eric Leblond 522e98d830 util-ebpf: fix iteration in flow timeout 
We were not setting the key using the correct item in map. Result
was deletion of wrong flow.
 6 years ago
Eric Leblond f270e53477 ebpf: set number of RSS queues to a power of 2 
This is needed as netronome can not do a division (so can't do a modulo)
in hardware.
 6 years ago
Eric Leblond 82c4f5135b doc: use github mirror to setup libbpf 6 years ago
Eric Leblond 94bda5b7fb ebpf: implement RSS load balancing in hardware mode 6 years ago
Eric Leblond 8b4c365352 ebpf: use atomic for counter in hw offload case 6 years ago
Eric Leblond 0c3e1e8579 af-packet: correctly set up hardware offload 6 years ago
Eric Leblond 7f60be83f5 ebpf: more conditional code for netronome support 6 years ago
Eric Leblond 638a006e87 ebpf: remove BPF_LL_OFF in nhoff offset 
It fixes invalid parsing in with recent kernels and does
not affect older kernels.
 6 years ago
Eric Leblond bd28f77a1e af-packet: fix loading of ebpf filter 6 years ago
Eric Leblond f8724485ed ebpf: sync header with upstream 6 years ago
Eric Leblond 1c4d214cdb doc: typo fixes on ebpf doc 6 years ago
Eric Leblond 6fdcb127e9 af-packet: fix the start when XDP is pinned 6 years ago
Eric Leblond 7e0ef4cec8 util-ebpf: change return of pinned maps loading 
The calling function needs to be able to see when this is a success
and XDP do not need to be reloaded.
 6 years ago
Eric Leblond b7560d7547 doc: document externally managed global switch 
This is currently implemented as an exposed map and it seems
a good way to do it.
 6 years ago
Eric Leblond d950a9f272 util-ebpf: conditional flow table loading 6 years ago
Eric Leblond 4777af213c ebpf: implement global switch bypass 
Add a switch to allow to bypass all traffic if the switch is on.
Concept is to use a persistant script and pinned maps, so an
external tool can be used to trigger global bypass in case Suricata
is dead.
 6 years ago
Eric Leblond d25e8dbfc7 af-packet: implement pinned-maps-name 6 years ago
Eric Leblond 36838017fe af-packet: fix build when eBPF not built-in 6 years ago
Eric Leblond b1769d5f8f util-ebpf: implement pinned maps loading 
Load flow tables at start if asked to.
 6 years ago
Eric Leblond 96f1454ebf util-ebpf: only unlink pinned maps in eBPF filter 6 years ago
Eric Leblond 4cf531008e af-packet: conditionaly remove XDP filter 
Only remove the XDP filter if we are in XDP mode and not using the
pinned maps.
 6 years ago
Eric Leblond 19c0a5edf5 doc: white space and typo fix 6 years ago
Eric Leblond 4f48c45727 util-ebpf: conditional pinning of maps 
Only pin maps if `pinned-maps` is set in the configuration. This
ensure backward compatibility.
 6 years ago
Eric Leblond 6d41a0ced0 doc: more eBPF and XDP capabilities 6 years ago
Eric Leblond 73a928fa0b util-ebpf: fix loop on maps 
We were missing the last element of the map by working on previous
key instead of current key.
 6 years ago
Eric Leblond 3ce69c446b util-ebpf: suppress spaces at end of line 6 years ago
Eric Leblond 954762a429 ebpf: add filter by maps on example filter 6 years ago
Eric Leblond 5d8ac36a49 util-ebpf: pin the maps 
By pinning the maps we are creating a file in /sys/fs/bpf that can
be used by external program to access the map. This has multiple
benefits such as handling list from an external program.

The pinned maps could be persistent accross Suricata reload but
this can be complicated in term of handling everything in the life
of Suricata.
 6 years ago
Eric Leblond bf4381b17b ebpf: document XDP iface redirect 6 years ago
Eric Leblond a37a7c4a21 ebpf: reduce counter size to allow netronome offload 6 years ago
Eric Leblond 2f579e6a4c ebpf: add VLAN support to loadbalancing 
This patchs adds VLAN support to eBPF load balancing by doing a
parsing of VLAN headers.
 6 years ago
Eric Leblond 315c29a8e6 ebpf: change the logic to avoid ktime usage 
Kernel time is not available (and/or costly) on NIC such as
Netronome so we update the logic to detect dead flows based on a
lack of update of packets counters. This way, the XDP filter will
be usable by network card.

This patch also updates the ebpf code to support per CPU and
regular mapping. Netronome is not supporting it and the structure
is using atomic for counter so the cost of simultaneous update
is really low.

This patch also updates the xdp_filter to be able to select if the
flow table is per CPU on shared. Second option will be used for
hardward offload. To deactivate the per cpu hash, you need to set
USE_PERCPU_HASH to 0.

This patch also adds an new option to af-packet named no-percpu-hash
If this option is set to yes then the Flow bypassed manager thread
will use one CPU instead of the number of cores. By doing that
we are able to handle the case where USE_PERCPU_HASH is unset (so
hardware offload for Netronome).

This patch also remove aligment indications in the eBPF filter. This
was not really needed and it seems it is causing problem with
some recent version of LLVM toolchain.
 6 years ago