Open Information Security Foundation

07/17/2019

10:33 AM Suricata Bug #3089: Fedora rawhide af-packet compilation err

It seems we are suffering from that: https://github.com/linux-can/can-utils/pull/147 Eric Leblond

07/10/2019

01:38 PM Suricata Feature #3081 (Assigned): Decapsulation of GRE in XDP filter

XDP allows to shift the start of the data of the packet. This can be used to decapsulate GRE and by consequence load ... Eric Leblond

01:33 PM Suricata Feature #3080 (Assigned): Provide a IP pair XDP load balancing

By using CPU redirect map, we can load balance efficiently in XDP code. By using IP pair load balancing we should fix... Eric Leblond

06/20/2019

08:30 PM Suricata Feature #3011: Add new 'cluster_peer' runmode to allow for load balancing by IP header (src<->dst) only

By using cluster_ebpf and the provided lb.pdf file, you will have IP pair load balancing done by the kernel. The docu... Eric Leblond

08:04 PM Suricata Feature #3059: Use pinned maps in XDP bypass

Merged in https://github.com/OISF/suricata/pull/3948 Eric Leblond

08:04 PM Suricata Feature #3059 (Closed): Use pinned maps in XDP bypass

XDP filter can persist when Suricata is stopped. By using that we will be able to keep the bypassed flow table accros... Eric Leblond

07:55 PM Suricata Feature #3058: Hardware offload for XDP bypass

Implemented for Netronome NIC in: https://github.com/OISF/suricata/pull/3948 Eric Leblond

07:54 PM Suricata Feature #3058 (Closed): Hardware offload for XDP bypass

By using XDP hardware mode to implement bypass we would benefit of early bypass and avoid unnecessary work by CPU. Eric Leblond

07:34 PM Suricata Bug #2654: Off-by-one iteration of EBPF flow_table_vX in EBPFForEachFlowVXTable (util-ebpf.c)

Fixed in PR: https://github.com/OISF/suricata/pull/3948 Eric Leblond

07:34 PM Suricata Support #2840: xdp modes - Invalid argument (-22) on certain NICs

Fixed in PR: https://github.com/OISF/suricata/pull/3948 Eric Leblond