diff --git a/src/runmode-dpdk.c b/src/runmode-dpdk.c index 3225d4c41c37..9e04e002cc50 100644 --- a/src/runmode-dpdk.c +++ b/src/runmode-dpdk.c @@ -316,7 +316,10 @@ static void DPDKDerefConfig(void *conf) { SCEnter(); DPDKIfaceConfig *iconf = (DPDKIfaceConfig *)conf; + +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) iconf->RTERulesFree(&iconf->drop_filter); +#endif /* RTE_VERSION_NUM(21, 0, 0, 0) */ if (SC_ATOMIC_SUB(iconf->ref, 1) == 1) { if (iconf->pkt_mempool != NULL) { @@ -341,7 +344,10 @@ static void ConfigInit(DPDKIfaceConfig **iconf) SC_ATOMIC_INIT(ptr->ref); (void)SC_ATOMIC_ADD(ptr->ref, 1); ptr->DerefFunc = DPDKDerefConfig; + +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) ptr->RTERulesFree = RuleStorageFree; +#endif /* RTE_VERSION_NUM(21, 0, 0, 0) */ ptr->flags = 0; *iconf = ptr; @@ -846,10 +852,12 @@ static int ConfigLoad(DPDKIfaceConfig *iconf, const char *iface) if (retval < 0) SCReturnInt(retval); +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) retval = ConfigLoadRTEFlowRules(if_root, if_default, dpdk_yaml.drop_filter, &iconf->drop_filter); if (retval < 0) SCReturnInt(retval); +#endif /* SURICATA_RTE_FLOW_RULES_PATTERN_H */ SCReturnInt(0); } diff --git a/src/source-dpdk.c b/src/source-dpdk.c index 8e6436c49065..96ef0b999491 100644 --- a/src/source-dpdk.c +++ b/src/source-dpdk.c @@ -635,12 +635,15 @@ static TmEcode ReceiveDPDKThreadInit(ThreadVars *tv, const void *initdata, void goto fail; } +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) retval = CreateRules(dpdk_config->iface, dpdk_config->port_id, &dpdk_config->drop_filter, dev_info.driver_name); if (retval != 0) { SCLogError("%s: error when creating rte_flow rules", dpdk_config->iface); goto fail; } +#endif /* RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0)*/ + // some PMDs requires additional actions only after the device has started DevicePostStartPMDSpecificActions(ptv, dev_info.driver_name); @@ -658,6 +661,7 @@ static TmEcode ReceiveDPDKThreadInit(ThreadVars *tv, const void *initdata, void } } +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) // Save rte_flow rules from being destroyed char **tmp = dpdk_config->drop_filter.rules; dpdk_config->drop_filter.rules = NULL; @@ -668,6 +672,7 @@ static TmEcode ReceiveDPDKThreadInit(ThreadVars *tv, const void *initdata, void // Restore rte_flow rules dpdk_config->drop_filter.rules = tmp; tmp = NULL; +#endif /* SURICATA_RTE_FLOW_RULES_PATTERN_H */ SCReturnInt(TM_ECODE_OK); diff --git a/src/source-dpdk.h b/src/source-dpdk.h index 4a863bda2a63..a20c79db2e1b 100644 --- a/src/source-dpdk.h +++ b/src/source-dpdk.h @@ -50,7 +50,7 @@ typedef struct DPDKWorkerSync_ { } DPDKWorkerSync; typedef struct RuleStorage_ { - uint16_t curr_rule_count; + uint16_t curr_rule_count; uint16_t max_rule_count; char **rules; } RuleStorage; diff --git a/src/util-dpdk-rte-flow-pattern.c b/src/util-dpdk-rte-flow-pattern.c index 9085ad4e1a73..c66352baaef1 100644 --- a/src/util-dpdk-rte-flow-pattern.c +++ b/src/util-dpdk-rte-flow-pattern.c @@ -52,10 +52,13 @@ */ #include "util-debug.h" +#include "util-dpdk.h" +#include "util-dpdk-rte-flow-pattern.h" #ifdef HAVE_DPDK +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) + #include -#include "util-dpdk-rte-flow-pattern.h" enum index { /* Special tokens. */ @@ -392,6 +395,7 @@ struct arg { uint32_t size; /**< Field size. */ const uint8_t *mask; /**< Bit-mask to use instead of offset/size. */ }; + struct buffer { enum index command; /**< Flow command. */ union { @@ -1366,13 +1370,23 @@ static int flow_parse( return (ret >= 0 && !strlen(src)) ? 0 : -1; } +/** + * \brief Parse rte_flow rule pattern and store individual pattern items in items and their + * attributes in buffer data + * + * \param pattern rte_flow rule pattern to be parsed + * \param data buffer to store parsed pattern + * \param size size of buffer + * \param items parsed items used when creating rte_flow rules + * \return int 0 on success, -1 on error + */ int ParsePattern(char *pattern, uint8_t *data, unsigned int size, struct rte_flow_item **items) { SCEnter(); - int ret = flow_parse(pattern, (void *)data, size, items); - SCReturnInt(ret); + SCReturnInt(flow_parse(pattern, (void *)data, size, items)); } +#endif /* RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0)*/ #endif /* HAVE_DPDK */ /** * @} diff --git a/src/util-dpdk-rte-flow-pattern.h b/src/util-dpdk-rte-flow-pattern.h index 8c66ca407bb8..f8a6e18cf74c 100644 --- a/src/util-dpdk-rte-flow-pattern.h +++ b/src/util-dpdk-rte-flow-pattern.h @@ -30,15 +30,20 @@ * */ -#ifdef HAVE_DPDK -#include -#endif +#include "util-dpdk.h" #ifndef SURICATA_RTE_FLOW_RULES_PATTERN_H #define SURICATA_RTE_FLOW_RULES_PATTERN_H +#ifdef HAVE_DPDK +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) + +#include + int ParsePattern(char *pattern, uint8_t *data, unsigned int size, struct rte_flow_item **items); +#endif /* RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) */ +#endif /* HAVE_DPDK */ #endif /* SURICATA_RTE_FLOW_RULES_PATTERN_H */ /** * @} diff --git a/src/util-dpdk-rte-flow.c b/src/util-dpdk-rte-flow.c index 3eec36d84f5c..cbe010d6c75b 100644 --- a/src/util-dpdk-rte-flow.c +++ b/src/util-dpdk-rte-flow.c @@ -33,10 +33,12 @@ #include "decode.h" #include "runmode-dpdk.h" #include "util-debug.h" +#include "util-dpdk.h" #include "util-dpdk-rte-flow.h" #include "util-dpdk-rte-flow-pattern.h" #ifdef HAVE_DPDK +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) #define INITIAL_RULE_COUNT_CAPACITY 5 #define DATA_BUFFER_SIZE 1024 @@ -100,6 +102,11 @@ static int RuleStorageExtendCapacity(RuleStorage *rule_storage) SCReturnInt(0); } +/** + * \brief Deallocation of memory containing user set rte_flow rules + * + * \param rule_storage rules loaded from suricata.yaml + */ void RuleStorageFree(RuleStorage *rule_storage) { if (rule_storage->rules == NULL) { @@ -112,6 +119,15 @@ void RuleStorageFree(RuleStorage *rule_storage) rule_storage->rules = NULL; } +/** + * \brief Load rte_flow rules patterns from suricata.yaml + * + * \param if_root root node in suricata.yaml + * \param if_default default value + * \param filter_type type of rte_flow rules to be loaded, only drop_filter is supported + * \param rule_storage pointer to structure to load rte_flow rules into + * \return int 0 on success, -1 on failure + */ int ConfigLoadRTEFlowRules( ConfNode *if_root, ConfNode *if_default, const char *filter_type, RuleStorage *rule_storage) { @@ -142,7 +158,10 @@ int ConfigLoadRTEFlowRules( /** * \brief Check and log whether pattern is broad / not-specific - * as ice does not accept them */ + * as ice does not accept them + * + * \param items array of pattern items + */ static void iceDeviceError(struct rte_flow_item *items) { int i = 0; @@ -157,7 +176,11 @@ static void iceDeviceError(struct rte_flow_item *items) /** * \brief Specify ambigous error messages as some drivers have specific - * behaviour when creating rte_flow rules */ + * behaviour when creating rte_flow rules + * + * \param driver_name name of a driver + * \param items array of pattern items + */ static void DriverSpecificErrorMessage(const char *driver_name, struct rte_flow_item *items) { if (strcmp(driver_name, "net_ice") == 0) { @@ -165,6 +188,15 @@ static void DriverSpecificErrorMessage(const char *driver_name, struct rte_flow_ } } +/** + * \brief Create rte_flow drop rules with patterns stored in rule_storage on a port with id port_id + * + * \param port_name name of a port + * \param port_id identificator of a port + * \param rule_storage pointer to structure containing rte_flow rule patterns + * \param driver_name name of a driver + * \return int 0 on success, -1 on error + */ int CreateRules(char *port_name, int port_id, RuleStorage *rule_storage, const char *driver_name) { SCEnter(); @@ -187,14 +219,12 @@ int CreateRules(char *port_name, int port_id, RuleStorage *rule_storage, const c if ((ret = ParsePattern(rule_storage->rules[i], data, sizeof(data), &items)) != 0) { failed_count++; SCLogError("Error when parsing rte_flow rule: %s", rule_storage->rules[i]); - continue; } else if ((ret = rte_flow_validate(port_id, &attr, items, action, &flow_error)) != 0) { failed_count++; SCLogError("Error when validating rte_flow rule with pattern %s for port %s: %s " "errmsg: %s", rule_storage->rules[i], port_name, rte_strerror(-ret), flow_error.message); DriverSpecificErrorMessage(driver_name, items); - continue; } else if ((flow = rte_flow_create(port_id, &attr, items, action, &flow_error)) == NULL) { failed_count++; SCLogError("Error when creating rte_flow rule with pattern %s on %s: %s", @@ -214,12 +244,13 @@ int CreateRules(char *port_name, int port_id, RuleStorage *rule_storage, const c SCLogError("Unable to flush rte_flow rules of %s: %s Flush error msg: %s", port_name, rte_strerror(-ret), flush_error.message); } - SCReturn(-1); + SCReturnInt(-1); } SCReturnInt(0); } +#endif /* RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0)*/ #endif /* HAVE_DPDK */ /** * @} diff --git a/src/util-dpdk-rte-flow.h b/src/util-dpdk-rte-flow.h index 33f4c7b03deb..7038c8b55b18 100644 --- a/src/util-dpdk-rte-flow.h +++ b/src/util-dpdk-rte-flow.h @@ -29,14 +29,24 @@ * DPDK rte_flow rules util functions * */ + #include "conf.h" +#include "util-dpdk.h" #ifndef SURICATA_RTE_FLOW_RULES_H #define SURICATA_RTE_FLOW_RULES_H +#ifdef HAVE_DPDK +#if RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) + void RuleStorageFree(RuleStorage *rule_storage); int ConfigLoadRTEFlowRules(ConfNode *if_root, ConfNode *if_default, const char *filter_type, RuleStorage *rule_storage); int CreateRules(char *port_name, int port_id, RuleStorage *rule_storage, const char *driver_name); +#endif /* RTE_VERSION >= RTE_VERSION_NUM(21, 0, 0, 0) */ +#endif /* HAVE_DPDK */ #endif /* SURICATA_RTE_FLOW_RULES_H */ +/** + * @} + */