In my opinion, it is a bug, as the original behavior does not make sense (using the BypassedCheckFuncInit function and checking only after that whether it exists).Adam Kiripolsky
At the initialization stage, BypassManager should check whether any BypassedCheckFunc has been registered. Instead, BM calls BypassedCheckFuncInit, then checks again whether it has been registered. I propose checking whether any Byp...Adam Kiripolsky
While investigating this issue on Suricata versions 8.0.0 and main-8.0.x, I noticed the following capture-bypass flow behavior. All flows that did not time out before Suricata shut down were injected into the worker's local queues and...Adam Kiripolsky
h1. Problem: When a worker times out a capture-bypassed flow, it does not call the necessary functions to update the flow statistics. Gathering statistics can be a costly operation, as it depends on the @BypassUpdate@ callback imple...Adam Kiripolsky
h1. Problem: Suricata fails to record statistics for capture-bypassed flows (e.g., eBPF) if the engine shuts down before a flow timeout occurs. This happens because the @BypassUpdate@ callback, which gathers stats for capture-bypasse...Adam Kiripolsky
There is an unnecessary loop in src/runmode-dpdk.c in ParseDpdkConfigAndConfigureDevice(), where pkt_mempools are assigned to ldev.dpdk_vars. When running Suricata with multiple threads (loop runs multiple times), this caused ldev.dpdk_...Adam Kiripolsky
Add capture bypass for dpdk runmode. The offloaded traffic will be handled by rte_flow rules. The feature aims to utilize the potential of modern SmartNICs, mainly Mellanox (ConnectX-5/6/7) NICsAdam Kiripolsky
Suricata in DPDK run mode can configure the DPDK Environment Abstraction Layer (EAL) using the dpdk.eal-params option defined in suricata.yaml. The commit "4dfd44d":https://github.com/OISF/suricata/pull/13383/commits/4dfd44d350717476f435...Adam Kiripolsky