Project

General

Profile

Actions
Copy link

Feature #8225

open

dpdk: recognize net_pcap driver and stop after no packets are rx_bursted

Added by Lukas Sismis 1 day ago. Updated about 9 hours ago.

Status:
Assigned
Priority:
Normal
Assignee:
Lukas Sismis
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

This can be used to read PCAP files, similarly to the PCAP reading mode in Suriacta. The purpose is to test DPDK capture method "offline". This can be done currently as well but Suricata is now stuck in the RX loop after the PCAP reading is finished. The PCAP end of file is characterized by receiving no packets.
The workaround nowadays is to use timeout command, but as a side effect, it slows the evaluation down because "the test" waits until the timeout duration elapses.

This, in turn, stops immediately after PCAP is read and processed.

Within the task, document this option and also evaluate if something like "streaming PCAP files" should be considered.

Subtasks 1 (1 open0 closed)

Feature #8229: dpdk: recognize net_pcap driver and stop after no packets are rx_bursted (8.0.x backport)AssignedLukas SismisActions
Actions
Copy link
 #1

Updated by OISF Ticketbot about 9 hours ago

  • Subtask #8229 added
Actions
Copy link
 #2

Updated by OISF Ticketbot about 9 hours ago

  • Label deleted (Needs backport to 8.0)
Actions
Copy link

Also available in: Atom PDF