dpdk: warn about processing segmented DPDK mbufs

Segmented mbufs should never happen in Suricata. Mbuf segmentation divides the received packet into multiple mbufs. This can happen when MTU of the NIC is larger than the allocated mbufs in the mbuf mempool. As Suricata sets the size of the mbuf to be slightly higher than the configured MTU, mbuf segmentation should never happen in Suricata. This is especially true, if Suricata runs as a primary process and configures the packet source (NIC). Processing segmented mbufs can lead to missed/false (pattern-matching) detections as Suricata only inspects the first segment of the packet. It can also lead to segfault if Suricata moves the detection window out of the segment boundaries.
OISF · May 10, 2023 · 7946f06 · 7946f06
1 parent e6e6508
commit 7946f06
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/src/source-dpdk.c b/src/source-dpdk.c
@@ -345,6 +345,7 @@ static TmEcode ReceiveDPDKLoop(ThreadVars *tv, void *data, void *slot)
     uint16_t nb_rx;
     time_t last_dump = 0;
     time_t current_time;
+    bool segmented_mbufs_warned = 0;
 
     DPDKThreadVars *ptv = (DPDKThreadVars *)data;
     TmSlot *s = (TmSlot *)slot;
@@ -409,6 +410,23 @@ static TmEcode ReceiveDPDKLoop(ThreadVars *tv, void *data, void *slot)
                 }
             }
 
+            if (!rte_pktmbuf_is_contiguous(p->dpdk_v.mbuf) && !segmented_mbufs_warned) {
+                char warn_s[] = "Segmented mbufs detected! Redmine Ticket #6012 "
+                                "Check your configuration or report the issue";
+                enum rte_proc_type_t eal_t = rte_eal_process_type();
+                if (eal_t == RTE_PROC_SECONDARY) {
+                    SCLogWarning("%s. To avoid segmented mbufs, "
+                                 "try to increase mbuf size in your primary application",
+                            warn_s);
+                } else if (eal_t == RTE_PROC_PRIMARY) {
+                    SCLogWarning("%s. To avoid segmented mbufs, "
+                                 "try to increase MTU in your suricata.yaml",
+                            warn_s);
+                }
+
+                segmented_mbufs_warned = 1;
+            }
+
             PacketSetData(p, rte_pktmbuf_mtod(p->dpdk_v.mbuf, uint8_t *),
                     rte_pktmbuf_pkt_len(p->dpdk_v.mbuf));
             if (TmThreadsSlotProcessPkt(ptv->tv, ptv->slot, p) != TM_ECODE_OK) {