Project

General

Profile

Actions
Copy link

Bug #5580

closed

dpdk: IDS vs IPS confusion

Added by Victor Julien over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Sismis
Target version:
7.0.0-rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

DPDK is in IPS, but it isn't reflected in No 'host-mode': suricata is in IDS mode, using default setting 'sniffer-only'

[3654270] 18/10/2022 -- 05:15:55 - (suricata.c:1091) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (859b5a35e 2022-10-15) running in SYSTEM mode
[3654270] 18/10/2022 -- 05:15:55 - (util-cpu.c:178) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 8
[3654270] 18/10/2022 -- 05:15:55 - (util-device.c:265) <Info> (LiveSafeDeviceName) -- Shortening device name to: 0000..00.0
[3654270] 18/10/2022 -- 05:15:55 - (util-device.c:265) <Info> (LiveSafeDeviceName) -- Shortening device name to: 0000..00.1
[3654270] 18/10/2022 -- 05:15:55 - (suricata.c:2505) <Info> (PostConfLoadedSetupHostMode) -- No 'host-mode': suricata is in IDS mode, using default setting 'sniffer-only'
...
[3654270] 18/10/2022 -- 05:15:55 - (runmode-dpdk.c:633) <Info> (ConfigSetCopyIfaceSettings) -- DPDK IPS mode activated between 0000:03:00.0 and 0000:03:00.1
[3654270] 18/10/2022 -- 05:15:55 - (runmode-dpdk.c:1045) <Info> (DeviceConfigureQueues) -- Creating a packet mbuf pool mempool_0000:03:00.0 of size 65535, cache size 257, mbuf size 2176
[3654270] 18/10/2022 -- 05:15:55 - (runmode-dpdk.c:633) <Info> (ConfigSetCopyIfaceSettings) -- DPDK IPS mode activated between 0000:03:00.1 and 0000:03:00.0
[3654270] 18/10/2022 -- 05:15:55 - (util-runmodes.c:263) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 8 thread(s) for device 0000:03:00.0
[3654270] 18/10/2022 -- 05:15:56 - (runmode-dpdk.c:633) <Info> (ConfigSetCopyIfaceSettings) -- DPDK IPS mode activated between 0000:03:00.1 and 0000:03:00.0
[3654270] 18/10/2022 -- 05:15:56 - (runmode-dpdk.c:1045) <Info> (DeviceConfigureQueues) -- Creating a packet mbuf pool mempool_0000:03:00.1 of size 65535, cache size 257, mbuf size 2176
[3654270] 18/10/2022 -- 05:15:56 - (runmode-dpdk.c:633) <Info> (ConfigSetCopyIfaceSettings) -- DPDK IPS mode activated between 0000:03:00.0 and 0000:03:00.1
[3654270] 18/10/2022 -- 05:15:56 - (util-runmodes.c:263) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 8 thread(s) for device 0000:03:00.1
[3654270] 18/10/2022 -- 05:15:56 - (tm-threads.c:1927) <Notice> (TmThreadWaitOnThreadInit) -- Threads created -> W: 16 FM: 1 FR: 1   Engine started.

Config is minimal, just a dpdk + eve-log section.

Actions
Copy link
 #1

Updated by Victor Julien over 1 year ago

  • Priority changed from Normal to High

Looks like the issue is that EngineModeSetIPS is never set by DPDK. DPDK IPS will not issue drops unless this is set.

Actions
Copy link
 #2

Updated by Lukas Sismis over 1 year ago

  • Status changed from Assigned to Resolved
Actions
Copy link
 #3

Updated by Lukas Sismis over 1 year ago

  • Status changed from Resolved to Closed
Actions
Copy link
 #4

Updated by Lukas Sismis over 1 year ago

  • Status changed from Closed to In Review

Not post-merge yet.

Actions
Copy link
 #6

Updated by Victor Julien about 1 year ago

  • Status changed from In Review to Closed
  • Priority changed from High to Normal
Actions
Copy link

Also available in: Atom PDF