From a6f95bb90802f27fbdf066f93568e3b47400766b Mon Sep 17 00:00:00 2001 From: Adam Kiripolsky Date: Wed, 11 Dec 2024 10:45:16 +0100 Subject: [PATCH] dpdk/rte_flow: add doxygen --- src/runmode-dpdk.c | 1 + src/source-dpdk.c | 1 + src/source-dpdk.h | 2 +- src/util-dpdk-rte-flow-pattern.c | 25 +++++++-- src/util-dpdk-rte-flow-pattern.h | 9 ++-- src/util-dpdk-rte-flow.c | 92 ++++++++++++++++++++++---------- src/util-dpdk-rte-flow.h | 8 +++ 7 files changed, 102 insertions(+), 36 deletions(-) diff --git a/src/runmode-dpdk.c b/src/runmode-dpdk.c index 3225d4c41c37..892c6efe3ca9 100644 --- a/src/runmode-dpdk.c +++ b/src/runmode-dpdk.c @@ -316,6 +316,7 @@ static void DPDKDerefConfig(void *conf) { SCEnter(); DPDKIfaceConfig *iconf = (DPDKIfaceConfig *)conf; + iconf->RTERulesFree(&iconf->drop_filter); if (SC_ATOMIC_SUB(iconf->ref, 1) == 1) { diff --git a/src/source-dpdk.c b/src/source-dpdk.c index 8e6436c49065..bda8d94bf1b9 100644 --- a/src/source-dpdk.c +++ b/src/source-dpdk.c @@ -641,6 +641,7 @@ static TmEcode ReceiveDPDKThreadInit(ThreadVars *tv, const void *initdata, void SCLogError("%s: error when creating rte_flow rules", dpdk_config->iface); goto fail; } + // some PMDs requires additional actions only after the device has started DevicePostStartPMDSpecificActions(ptv, dev_info.driver_name); diff --git a/src/source-dpdk.h b/src/source-dpdk.h index 4a863bda2a63..a20c79db2e1b 100644 --- a/src/source-dpdk.h +++ b/src/source-dpdk.h @@ -50,7 +50,7 @@ typedef struct DPDKWorkerSync_ { } DPDKWorkerSync; typedef struct RuleStorage_ { - uint16_t curr_rule_count; + uint16_t curr_rule_count; uint16_t max_rule_count; char **rules; } RuleStorage; diff --git a/src/util-dpdk-rte-flow-pattern.c b/src/util-dpdk-rte-flow-pattern.c index 9085ad4e1a73..39ec159572b9 100644 --- a/src/util-dpdk-rte-flow-pattern.c +++ b/src/util-dpdk-rte-flow-pattern.c @@ -52,10 +52,13 @@ */ #include "util-debug.h" +#include "util-dpdk.h" +#include "util-dpdk-rte-flow-pattern.h" #ifdef HAVE_DPDK +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) + #include -#include "util-dpdk-rte-flow-pattern.h" enum index { /* Special tokens. */ @@ -392,6 +395,7 @@ struct arg { uint32_t size; /**< Field size. */ const uint8_t *mask; /**< Bit-mask to use instead of offset/size. */ }; + struct buffer { enum index command; /**< Flow command. */ union { @@ -1365,12 +1369,25 @@ static int flow_parse( return (ret >= 0 && !strlen(src)) ? 0 : -1; } - +#endif /* RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0)*/ +/** + * \brief Parse rte_flow rule pattern and store individual pattern items in items and their + * attributes in buffer data + * + * \param pattern rte_flow rule pattern to be parsed + * \param data buffer to store parsed pattern + * \param size size of buffer + * \param items parsed items used when creating rte_flow rules + * \return int 0 on success, -1 on error + */ int ParsePattern(char *pattern, uint8_t *data, unsigned int size, struct rte_flow_item **items) { SCEnter(); - int ret = flow_parse(pattern, (void *)data, size, items); - SCReturnInt(ret); +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) + SCReturnInt(flow_parse(pattern, (void *)data, size, items)); +#else + SCReturnInt(0); +#endif /* RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0)*/ } #endif /* HAVE_DPDK */ diff --git a/src/util-dpdk-rte-flow-pattern.h b/src/util-dpdk-rte-flow-pattern.h index 8c66ca407bb8..b676970df3cb 100644 --- a/src/util-dpdk-rte-flow-pattern.h +++ b/src/util-dpdk-rte-flow-pattern.h @@ -30,15 +30,18 @@ * */ -#ifdef HAVE_DPDK -#include -#endif +#include "util-dpdk.h" #ifndef SURICATA_RTE_FLOW_RULES_PATTERN_H #define SURICATA_RTE_FLOW_RULES_PATTERN_H +#ifdef HAVE_DPDK + +#include + int ParsePattern(char *pattern, uint8_t *data, unsigned int size, struct rte_flow_item **items); +#endif /* HAVE_DPDK */ #endif /* SURICATA_RTE_FLOW_RULES_PATTERN_H */ /** * @} diff --git a/src/util-dpdk-rte-flow.c b/src/util-dpdk-rte-flow.c index 3eec36d84f5c..b1ed2d25b18b 100644 --- a/src/util-dpdk-rte-flow.c +++ b/src/util-dpdk-rte-flow.c @@ -33,10 +33,12 @@ #include "decode.h" #include "runmode-dpdk.h" #include "util-debug.h" +#include "util-dpdk.h" #include "util-dpdk-rte-flow.h" #include "util-dpdk-rte-flow-pattern.h" #ifdef HAVE_DPDK +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) #define INITIAL_RULE_COUNT_CAPACITY 5 #define DATA_BUFFER_SIZE 1024 @@ -100,8 +102,47 @@ static int RuleStorageExtendCapacity(RuleStorage *rule_storage) SCReturnInt(0); } +/** + * \brief Check and log whether pattern is broad / not-specific + * as ice does not accept them + * + * \param items array of pattern items + */ +static void iceDeviceError(struct rte_flow_item *items) +{ + int i = 0; + while (items[i].type != RTE_FLOW_ITEM_TYPE_END) { + if (items[i].spec != NULL) { + SCReturn; + } + ++i; + } + SCLogError("ice driver does not support broad patterns"); +} + +/** + * \brief Specify ambigous error messages as some drivers have specific + * behaviour when creating rte_flow rules + * + * \param driver_name name of a driver + * \param items array of pattern items + */ +static void DriverSpecificErrorMessage(const char *driver_name, struct rte_flow_item *items) +{ + if (strcmp(driver_name, "net_ice") == 0) { + iceDeviceError(items); + } +} +#endif /* RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) */ + +/** + * \brief Deallocation of memory containing user set rte_flow rules + * + * \param rule_storage rules loaded from suricata.yaml + */ void RuleStorageFree(RuleStorage *rule_storage) { +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) if (rule_storage->rules == NULL) { SCReturn; } @@ -110,11 +151,22 @@ void RuleStorageFree(RuleStorage *rule_storage) } SCFree(rule_storage->rules); rule_storage->rules = NULL; +#endif /* RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) */ } +/** + * \brief Load rte_flow rules patterns from suricata.yaml + * + * \param if_root root node in suricata.yaml + * \param if_default default value + * \param filter_type type of rte_flow rules to be loaded, only drop_filter is supported + * \param rule_storage pointer to structure to load rte_flow rules into + * \return int 0 on success, -1 on failure + */ int ConfigLoadRTEFlowRules( ConfNode *if_root, ConfNode *if_default, const char *filter_type, RuleStorage *rule_storage) { +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) SCEnter(); ConfNode *node = ConfNodeLookupChild(if_root, filter_type); if (node == NULL) { @@ -137,36 +189,22 @@ int ConfigLoadRTEFlowRules( } } } +#endif SCReturnInt(0); } /** - * \brief Check and log whether pattern is broad / not-specific - * as ice does not accept them */ -static void iceDeviceError(struct rte_flow_item *items) -{ - int i = 0; - while (items[i].type != RTE_FLOW_ITEM_TYPE_END) { - if (items[i].spec != NULL) { - SCReturn; - } - ++i; - } - SCLogError("ice driver does not support broad patterns"); -} - -/** - * \brief Specify ambigous error messages as some drivers have specific - * behaviour when creating rte_flow rules */ -static void DriverSpecificErrorMessage(const char *driver_name, struct rte_flow_item *items) -{ - if (strcmp(driver_name, "net_ice") == 0) { - iceDeviceError(items); - } -} - + * \brief Create rte_flow drop rules with patterns stored in rule_storage on a port with id port_id + * + * \param port_name name of a port + * \param port_id identificator of a port + * \param rule_storage pointer to structure containing rte_flow rule patterns + * \param driver_name name of a driver + * \return int 0 on success, -1 on error + */ int CreateRules(char *port_name, int port_id, RuleStorage *rule_storage, const char *driver_name) { +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) SCEnter(); int failed_count = 0; struct rte_flow_error flush_error = { 0 }; @@ -187,14 +225,12 @@ int CreateRules(char *port_name, int port_id, RuleStorage *rule_storage, const c if ((ret = ParsePattern(rule_storage->rules[i], data, sizeof(data), &items)) != 0) { failed_count++; SCLogError("Error when parsing rte_flow rule: %s", rule_storage->rules[i]); - continue; } else if ((ret = rte_flow_validate(port_id, &attr, items, action, &flow_error)) != 0) { failed_count++; SCLogError("Error when validating rte_flow rule with pattern %s for port %s: %s " "errmsg: %s", rule_storage->rules[i], port_name, rte_strerror(-ret), flow_error.message); DriverSpecificErrorMessage(driver_name, items); - continue; } else if ((flow = rte_flow_create(port_id, &attr, items, action, &flow_error)) == NULL) { failed_count++; SCLogError("Error when creating rte_flow rule with pattern %s on %s: %s", @@ -214,9 +250,9 @@ int CreateRules(char *port_name, int port_id, RuleStorage *rule_storage, const c SCLogError("Unable to flush rte_flow rules of %s: %s Flush error msg: %s", port_name, rte_strerror(-ret), flush_error.message); } - SCReturn(-1); + SCReturnInt(-1); } - +#endif /* RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0)*/ SCReturnInt(0); } diff --git a/src/util-dpdk-rte-flow.h b/src/util-dpdk-rte-flow.h index 33f4c7b03deb..2591e0bd5038 100644 --- a/src/util-dpdk-rte-flow.h +++ b/src/util-dpdk-rte-flow.h @@ -29,14 +29,22 @@ * DPDK rte_flow rules util functions * */ + #include "conf.h" +#include "util-dpdk.h" #ifndef SURICATA_RTE_FLOW_RULES_H #define SURICATA_RTE_FLOW_RULES_H +#ifdef HAVE_DPDK + void RuleStorageFree(RuleStorage *rule_storage); int ConfigLoadRTEFlowRules(ConfNode *if_root, ConfNode *if_default, const char *filter_type, RuleStorage *rule_storage); int CreateRules(char *port_name, int port_id, RuleStorage *rule_storage, const char *driver_name); +#endif /* HAVE_DPDK */ #endif /* SURICATA_RTE_FLOW_RULES_H */ +/** + * @} + */