-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Netmap 11 to 12 fix #3616
Netmap 11 to 12 fix #3616
Conversation
11 to 12, for every rx/tx ring that is being opened, one needs to explicitly call NETMAP_IF to get the fresh address of the netmap_if struct. When the netmap-rework branch is done, it will also handle the situation, but anyhow, this is a quick fix for 4.1.3 so that Suricata can still happily run on FreeBSD 12 & 11 newcoming releases, since they all come with the new netmap code. Contributed by: Sunny Valley Networks Attn: @inliniac
Hi, |
@vmaffione , here is the relavent netmap section. Suricata-netmap bridges igb0 hw <-> sw rings: netmap:
|
Is this a complete configuration that I can just copy-paste and it should work? |
@vmaffione , no worries. Attached. Make sure you rename it to suricata.yaml (github was not happy with .yaml extension). |
Thanks a lot, I will try asap. |
Hi,
This is the netmap section of my suricata.yaml:
and I see packets being captured
So why is this patch needed? |
(more information here https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230465#c14) |
You're not using em1+ likely because you stuff --netmap=em1 from the command line |
My bad, sorry. I'm not familiar with suricata. |
Give the yaml to suricata, do not mention interfaces on the command line. Run traffic through em1. It should block instead of flowing through when suricata is running (ping is enough to reproduce). |
@vmaffione , try adding --netmap (without interface name) suricata -c suricata.yaml --netmap -s signatures.rules |
Yes, indeed, thanks. |
All welcome 👍 |
I see the problem now, and your patch is the right fix. In the original netmap implementation, you could only open all the RX/TX/host rings, so all or none. However, with the introduction of the "partial opening" feature, that was not the case anymore. |
Btw this change of behavior happened way before switching from 11 to 12, so the latter control API change is not responsible for this issue (as the title suggests). |
@vmaffione thanks a lot for your feedback, appreciate it a lot that you've taken the time for this! @muratbalaban43 can you submit a new PR with the suggested updates? Also the coding style was a bit off and the commit message needs to be cleaned up a bit. Please see https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Github_work_flow#Create-a-new-branch-for-incorporating-feedback Thanks! |
@victorjulien no problems, I want suricata to work properly on netmap. Btw, is there any particular reason why you open each netmap ring using a separate instance of |
Of course you do that because you want to process each ring in a different thread.. please ignore my last message, and let's go for Murat's patch :) |
@vmaffione Thanks for the comments. @victorjulien , I'll be creating another request. Thank you for the pointers. |
Buffers with transforms are based on the non-transformed "base" buffer, with a new ID assigned and the transform callbacks added. This patch stores the id of the original buffer in the new buffer inspect and prefilter structures. This way the buffers with and without transforms can share some of the logic are progression of file and body inspection trackers. Related tickets: OISF#4361 OISF#4199 OISF#3616
Buffers with transforms are based on the non-transformed "base" buffer, with a new ID assigned and the transform callbacks added. This patch stores the id of the original buffer in the new buffer inspect and prefilter structures. This way the buffers with and without transforms can share some of the logic are progression of file and body inspection trackers. Related tickets: OISF#4361 OISF#4199 OISF#3616 (cherry picked from commit 975062c)
Buffers with transforms are based on the non-transformed "base" buffer, with a new ID assigned and the transform callbacks added. This patch stores the id of the original buffer in the new buffer inspect and prefilter structures. This way the buffers with and without transforms can share some of the logic are progression of file and body inspection trackers. Related tickets: OISF#4361 OISF#4199 OISF#3616 (cherry picked from commit 975062c)
Buffers with transforms are based on the non-transformed "base" buffer, with a new ID assigned and the transform callbacks added. This patch stores the id of the original buffer in the new buffer inspect and prefilter structures. This way the buffers with and without transforms can share some of the logic are progression of file and body inspection trackers. Related tickets: #4361 #4199 #3616 (cherry picked from commit 975062c)
Although, there are no visible API changes, moving from API version
11 to 12, for every rx/tx ring that is being opened, one needs to
explicitly call NETMAP_IF to get the fresh address of the netmap_if
struct.
When the netmap-rework branch is done, it will also handle the
situation, but anyhow, this is a quick fix for 4.1.3 so that Suricata
can still happily run on FreeBSD 12 & 11 newcoming releases, since
they all come with the new netmap code.
Contributed by: Sunny Valley Networks
Attn: @inliniac
Make sure these boxes are signed before submitting your Pull Request -- thank you.
Link to redmine ticket:
Describe changes:
PRScript output (if applicable):