Project

General

Profile

Actions
Copy link

Bug #5580

closed
VJ LS

dpdk: IDS vs IPS confusion

Bug #5580: dpdk: IDS vs IPS confusion

Added by Victor Julien over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Sismis
Target version:
7.0.0-rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

DPDK is in IPS, but it isn't reflected in No 'host-mode': suricata is in IDS mode, using default setting 'sniffer-only'

[3654270] 18/10/2022 -- 05:15:55 - (suricata.c:1091) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (859b5a35e 2022-10-15) running in SYSTEM mode
[3654270] 18/10/2022 -- 05:15:55 - (util-cpu.c:178) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 8
[3654270] 18/10/2022 -- 05:15:55 - (util-device.c:265) <Info> (LiveSafeDeviceName) -- Shortening device name to: 0000..00.0
[3654270] 18/10/2022 -- 05:15:55 - (util-device.c:265) <Info> (LiveSafeDeviceName) -- Shortening device name to: 0000..00.1
[3654270] 18/10/2022 -- 05:15:55 - (suricata.c:2505) <Info> (PostConfLoadedSetupHostMode) -- No 'host-mode': suricata is in IDS mode, using default setting 'sniffer-only'
...
[3654270] 18/10/2022 -- 05:15:55 - (runmode-dpdk.c:633) <Info> (ConfigSetCopyIfaceSettings) -- DPDK IPS mode activated between 0000:03:00.0 and 0000:03:00.1
[3654270] 18/10/2022 -- 05:15:55 - (runmode-dpdk.c:1045) <Info> (DeviceConfigureQueues) -- Creating a packet mbuf pool mempool_0000:03:00.0 of size 65535, cache size 257, mbuf size 2176
[3654270] 18/10/2022 -- 05:15:55 - (runmode-dpdk.c:633) <Info> (ConfigSetCopyIfaceSettings) -- DPDK IPS mode activated between 0000:03:00.1 and 0000:03:00.0
[3654270] 18/10/2022 -- 05:15:55 - (util-runmodes.c:263) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 8 thread(s) for device 0000:03:00.0
[3654270] 18/10/2022 -- 05:15:56 - (runmode-dpdk.c:633) <Info> (ConfigSetCopyIfaceSettings) -- DPDK IPS mode activated between 0000:03:00.1 and 0000:03:00.0
[3654270] 18/10/2022 -- 05:15:56 - (runmode-dpdk.c:1045) <Info> (DeviceConfigureQueues) -- Creating a packet mbuf pool mempool_0000:03:00.1 of size 65535, cache size 257, mbuf size 2176
[3654270] 18/10/2022 -- 05:15:56 - (runmode-dpdk.c:633) <Info> (ConfigSetCopyIfaceSettings) -- DPDK IPS mode activated between 0000:03:00.0 and 0000:03:00.1
[3654270] 18/10/2022 -- 05:15:56 - (util-runmodes.c:263) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 8 thread(s) for device 0000:03:00.1
[3654270] 18/10/2022 -- 05:15:56 - (tm-threads.c:1927) <Notice> (TmThreadWaitOnThreadInit) -- Threads created -> W: 16 FM: 1 FR: 1   Engine started.

Config is minimal, just a dpdk + eve-log section.

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #1

  • Priority changed from Normal to High

Looks like the issue is that EngineModeSetIPS is never set by DPDK. DPDK IPS will not issue drops unless this is set.

LS Updated by Lukas Sismis over 3 years ago Actions
Copy link
 #2

  • Status changed from Assigned to Resolved

LS Updated by Lukas Sismis over 3 years ago Actions
Copy link
 #3

  • Status changed from Resolved to Closed

LS Updated by Lukas Sismis over 3 years ago Actions
Copy link
 #4

  • Status changed from Closed to In Review

Not post-merge yet.

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #6

  • Status changed from In Review to Closed
  • Priority changed from High to Normal
Actions
Copy link

Also available in: PDF Atom