tolunFdancer commented 5 years ago

Hi，I have to get your help one more time. My DPDK is build success, and the dpdk bind info is :

Network devices using DPDK-compatible driver 0000:02:01.0 '82545EM Gigabit Ethernet Controller (Copper) 100f' drv=igb_uio unused=e1000,vfio-pci,uio_pci_generic 0000:02:04.0 '82545EM Gigabit Ethernet Controller (Copper) 100f' drv=igb_uio unused=e1000,vfio-pci,uio_pci_generic

And the suricata.yaml info is : dpdkintel support dpdkintel:

inputs:

interface: 0000:02:01.0 copy-interface: 0000:02:04.0

opmode: ids

Then when I run " ./src/suricata -c suricata.yaml -s /usr/local/etc/suricata/rulestest-baidu.rules --dpdkintel" it turns out the following info just like the issue 9 : 1/8/2019 -- 10:42:40 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - No Mapping found for Port: 1 1/8/2019 -- 10:42:40 - - DPDK Version: DPDK 18.02.2 1/8/2019 -- 10:42:40 - - ----- Global DPDK-INTEL Config ----- 1/8/2019 -- 10:42:40 - - Number Of Ports : 2 1/8/2019 -- 10:42:40 - - Operation Mode : IDS 1/8/2019 -- 10:42:40 - - Port:0, Map:0 1/8/2019 -- 10:42:40 - - Port:1, Map:0 1/8/2019 -- 10:42:40 - - ------------------------------------ 1/8/2019 -- 10:42:40 - - ----- Match Pattern ---- 1/8/2019 -- 10:42:40 - - http: 1 1/8/2019 -- 10:42:40 - - ftp: 0 1/8/2019 -- 10:42:40 - - tls: 0 1/8/2019 -- 10:42:40 - - dns: 0 1/8/2019 -- 10:42:40 - - smtp: 0 1/8/2019 -- 10:42:40 - - ssh: 0 1/8/2019 -- 10:42:40 - - smb: 0 1/8/2019 -- 10:42:40 - - smb2: 0 1/8/2019 -- 10:42:40 - - dcerpc:0 1/8/2019 -- 10:42:40 - - tcp: 1 1/8/2019 -- 10:42:40 - - udp: 0 1/8/2019 -- 10:42:40 - - sctp: 0 1/8/2019 -- 10:42:40 - - icmpv6:0 1/8/2019 -- 10:42:40 - - gre: 0 1/8/2019 -- 10:42:40 - - raw: 0 1/8/2019 -- 10:42:40 - - ipv4: 0 1/8/2019 -- 10:42:40 - - * ipv6: 0 1/8/2019 -- 10:42:40 - - ----------------------- 1/8/2019 -- 10:42:40 - - all 1 packet processing threads, 4 management threads initialized, engine started. 1/8/2019 -- 10:42:40 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - Unknown speed (1000) for 0

vipinpv85 commented 5 years ago

Marking as invalid, as the answer to the error is due to misconfiguration. you can refer to Configuration section for IDS to make things happen.

Note: Please read the README and wiki

tolunFdancer commented 5 years ago

When I make the configuration as follow:

dpdkintel support

dpdkintel:

inputs:

interface: 0000:02:01.0 copy-interface: 0000:02:01.0
interface: 0000:02:04.0 copy-interface: 0000:02:04.0

opmode: ids

It shows the following error info: 1/8/2019 -- 12:36:09 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - No Mapping found for Port: 1 1/8/2019 -- 12:36:09 - - DPDK Version: DPDK 18.02.2 1/8/2019 -- 12:36:09 - - ----- Global DPDK-INTEL Config ----- 1/8/2019 -- 12:36:09 - - Number Of Ports : 4 1/8/2019 -- 12:36:09 - - Operation Mode : IDS 1/8/2019 -- 12:36:09 - - Port:0, Map:0 1/8/2019 -- 12:36:09 - - Port:1, Map:0 1/8/2019 -- 12:36:09 - - Port:0, Map:0 1/8/2019 -- 12:36:09 - - Port:1, Map:0 1/8/2019 -- 12:36:09 - - ------------------------------------ 1/8/2019 -- 12:36:09 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - port 4 exceeds IDS 1/8/2019 -- 12:36:09 - - [ERRCODE: SC_ERR_MISSING_CONFIG_PARAM(118)] - DPDK config validate!!!

I do not know why the number of ports is 4.

vipinpv85 commented 5 years ago

wrong configuration, check the amount dpdk ports is it greater than 4 (use list-ports)

tolunFdancer commented 5 years ago

root@localhost suricata-3.0]# ./src/suricata --list-dpdkintel-ports EAL: Detected 8 lcore(s) EAL: No free hugepages reported in hugepages-1048576kB EAL: Multi-process socket /var/run/.rte_unix EAL: Probing VFIO support... EAL: VFIO support initialized EAL: PCI device 0000:02:00.0 on NUMA socket -1 EAL: Invalid NUMA socket, default to 0 EAL: probe driver: 8086:100f net_e1000_em EAL: PCI device 0000:02:01.0 on NUMA socket -1 EAL: Invalid NUMA socket, default to 0 EAL: probe driver: 8086:100f net_e1000_em EAL: PCI device 0000:02:04.0 on NUMA socket -1 EAL: Invalid NUMA socket, default to 0 EAL: probe driver: 8086:100f net_e1000_em

--- DPDK Intel Ports ---

Overall Ports: 2

-- Port: 0 --- MTU: 1500 --- MAX RX MTU: 16128 --- Driver: net_e1000_em --- Index: 0 --- Queues RX 1 & TX 1 --- SRIOV VF: 0 --- Offload RX: f TX: f --- CPU NUMA node: 0 --- Status: Up Led for 5 sec.......

-- Port: 1 --- MTU: 1500 --- MAX RX MTU: 16128 --- Driver: net_e1000_em --- Index: 0 --- Queues RX 1 & TX 1 --- SRIOV VF: 0 --- Offload RX: f TX: f --- CPU NUMA node: 0 --- Status: Up Led for 5 sec.......

vipinpv85 commented 5 years ago

very strange, since all devices are identifeid as net_e1000_em. Run and capture debug log with /src/suricata -c suricata.yaml -s /usr/local/etc/suricata/rulestest-baidu.rules --dpdkintel -vv

tolunFdancer commented 5 years ago

EAL: Detected 8 lcore(s) EAL: No free hugepages reported in hugepages-1048576kB EAL: Multi-process socket /var/run/.rte_unix EAL: Probing VFIO support... EAL: VFIO support initialized EAL: PCI device 0000:02:00.0 on NUMA socket -1 EAL: Invalid NUMA socket, default to 0 EAL: probe driver: 8086:100f net_e1000_em EAL: PCI device 0000:02:01.0 on NUMA socket -1 EAL: Invalid NUMA socket, default to 0 EAL: probe driver: 8086:100f net_e1000_em EAL: PCI device 0000:02:04.0 on NUMA socket -1 EAL: Invalid NUMA socket, default to 0 EAL: probe driver: 8086:100f net_e1000_em 1/8/2019 -- 13:11:01 - - This is Suricata version 3.0 RELEASE 1/8/2019 -- 13:11:01 - - CPUs/cores online: 8 1/8/2019 -- 13:11:01 - - Adding interface 0000:02:01.0 from config file 1/8/2019 -- 13:11:01 - - Adding interface 0000:02:04.0 from config file 1/8/2019 -- 13:11:01 - - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization. 1/8/2019 -- 13:11:01 - - 'default' server has 'response-body-minimal-inspect-size' set to 42119 and 'response-body-inspect-window' set to 16872 after randomization. 1/8/2019 -- 13:11:01 - - DNS request flood protection level: 500 1/8/2019 -- 13:11:01 - - DNS per flow memcap (state-memcap): 524288 1/8/2019 -- 13:11:01 - - DNS global memcap: 16777216 1/8/2019 -- 13:11:01 - - Protocol detection and parser disabled for modbus protocol. 1/8/2019 -- 13:11:01 - - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56 1/8/2019 -- 13:11:01 - - preallocated 65535 defrag trackers of size 168 1/8/2019 -- 13:11:01 - - defrag memory usage: 14679896 bytes, maximum: 33554432 1/8/2019 -- 13:11:01 - - AutoFP mode using default "Active Packets" flow load balancer 1/8/2019 -- 13:11:01 - - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 1/8/2019 -- 13:11:01 - - preallocated 1000 hosts of size 136 1/8/2019 -- 13:11:01 - - host memory usage: 398144 bytes, maximum: 16777216 1/8/2019 -- 13:11:01 - - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64 1/8/2019 -- 13:11:01 - - preallocated 10000 flows of size 288 1/8/2019 -- 13:11:01 - - flow memory usage: 7074304 bytes, maximum: 67108864 1/8/2019 -- 13:11:01 - - stream "prealloc-sessions": 2048 (per thread) 1/8/2019 -- 13:11:01 - - stream "memcap": 33554432 1/8/2019 -- 13:11:01 - - stream "midstream" session pickups: disabled 1/8/2019 -- 13:11:01 - - stream "async-oneside": disabled 1/8/2019 -- 13:11:01 - - stream "checksum-validation": enabled 1/8/2019 -- 13:11:01 - - stream."inline": disabled 1/8/2019 -- 13:11:01 - - stream "max-synack-queued": 5 1/8/2019 -- 13:11:01 - - stream.reassembly "memcap": 134217728 1/8/2019 -- 13:11:01 - - stream.reassembly "depth": 1048576 1/8/2019 -- 13:11:01 - - stream.reassembly "toserver-chunk-size": 2535 1/8/2019 -- 13:11:01 - - stream.reassembly "toclient-chunk-size": 2538 1/8/2019 -- 13:11:01 - - stream.reassembly.raw: enabled 1/8/2019 -- 13:11:01 - - segment pool: pktsize 4, prealloc 256 1/8/2019 -- 13:11:01 - - segment pool: pktsize 16, prealloc 512 1/8/2019 -- 13:11:01 - - segment pool: pktsize 112, prealloc 512 1/8/2019 -- 13:11:01 - - segment pool: pktsize 248, prealloc 512 1/8/2019 -- 13:11:01 - - segment pool: pktsize 512, prealloc 512 1/8/2019 -- 13:11:01 - - segment pool: pktsize 768, prealloc 1024 1/8/2019 -- 13:11:01 - - segment pool: pktsize 1448, prealloc 1024 1/8/2019 -- 13:11:01 - - segment pool: pktsize 65535, prealloc 128 1/8/2019 -- 13:11:01 - - stream.reassembly "chunk-prealloc": 250 1/8/2019 -- 13:11:01 - - stream.reassembly "zero-copy-size": 128 1/8/2019 -- 13:11:01 - - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64 1/8/2019 -- 13:11:01 - - preallocated 1000 ippairs of size 136 1/8/2019 -- 13:11:01 - - ippair memory usage: 398144 bytes, maximum: 16777216 1/8/2019 -- 13:11:01 - - using magic-file /usr/share/file/magic 1/8/2019 -- 13:11:01 - - Delayed detect disabled 1/8/2019 -- 13:11:01 - - IP reputation disabled 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/botcc.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/ciarmy.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/compromised.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/drop.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/dshield.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-activex.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-attack_response.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-chat.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-current_events.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-dns.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-dos.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-exploit.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-ftp.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-games.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-icmp_info.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-imap.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-inappropriate.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-malware.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-misc.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-mobile_malware.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-netbios.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-p2p.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-policy.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-pop3.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-rpc.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-scada.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-scan.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-shellcode.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-smtp.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-snmp.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-sql.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-telnet.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-tftp.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-trojan.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-user_agents.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-voip.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-web_client.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-web_server.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-web_specific_apps.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/emerging-worm.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/tor.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/decoder-events.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/stream-events.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/http-events.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/smtp-events.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/dns-events.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/tls-events.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rules/app-layer-events.rules 1/8/2019 -- 13:11:01 - - Loading rule file: /usr/local/etc/suricata/rules/test-baidu.rules 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /usr/local/etc/suricata/rulestest-baidu.rules 1/8/2019 -- 13:11:01 - - 50 rule files processed. 1 rules successfully loaded, 0 rules failed 1/8/2019 -- 13:11:01 - - 1 signatures processed. 0 are IP-only rules, 1 are inspecting packet payload, 1 inspect application layer, 0 are decoder event only 1/8/2019 -- 13:11:01 - - building signature grouping structure, stage 1: preprocessing rules... complete 1/8/2019 -- 13:11:01 - - building signature grouping structure, stage 2: building source address list... complete 1/8/2019 -- 13:11:01 - - building signature grouping structure, stage 3: building destination address lists... complete 1/8/2019 -- 13:11:01 - - Threshold config parsed: 0 rule(s) found 1/8/2019 -- 13:11:01 - - Core dump size set to unlimited. 1/8/2019 -- 13:11:01 - - fast output device (regular) initialized: fast.log 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_NOT_SUPPORTED(225)] - Eve-log support not compiled in. Reconfigure/recompile with libjansson and its development files installed to add eve-log support. 1/8/2019 -- 13:11:01 - - http-log output device (regular) initialized: http.log 1/8/2019 -- 13:11:01 - - stats output device (regular) initialized: stats.log 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - No Mapping found for Port: 1 1/8/2019 -- 13:11:01 - - DPDK Version: DPDK 18.02.2 1/8/2019 -- 13:11:01 - - ----- Global DPDK-INTEL Config ----- 1/8/2019 -- 13:11:01 - - Number Of Ports : 4 1/8/2019 -- 13:11:01 - - Operation Mode : IDS 1/8/2019 -- 13:11:01 - - Port:0, Map:0 1/8/2019 -- 13:11:01 - - Port:1, Map:0 1/8/2019 -- 13:11:01 - - Port:0, Map:0 1/8/2019 -- 13:11:01 - - Port:1, Map:0 1/8/2019 -- 13:11:01 - - ------------------------------------ 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - port 4 exceeds IDS 1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_MISSING_CONFIG_PARAM(118)] - DPDK config validate!!!

tolunFdancer commented 5 years ago

The test-baidu.rules is in the /usr/local/etc/suricata/rules

vipinpv85 commented 5 years ago

1/8/2019 -- 13:11:01 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - No Mapping found for Port: 1

tolunFdancer commented 5 years ago

Yeah, I do not know the meaning of it. So what should I do if you could tell me something, Thanks!

vipinpv85 commented 5 years ago

It means ParseDpdkConfig has not parsed properly for the content you have put in suricata.yaml. Can you share the screenshot of yaml of dpdk.

tolunFdancer commented 5 years ago

vipinpv85 commented 5 years ago

These configurations looks perfect, But Suricata API LiveGetDeviceCount is returning 4. One of the reason can be found from logs as

1/8/2019 -- 13:11:01 - - This is Suricata version 3.0 RELEASE 1/8/2019 -- 13:11:01 - - CPUs/cores online: 8 1/8/2019 -- 13:11:01 - - Adding interface 0000:02:01.0 from config file 1/8/2019 -- 13:11:01 - - Adding interface 0000:02:04.0 from config file

Along with yaml parsing

interface: 0000:02:01.0 copy-interface: 0000:02:01.0 interface: 0000:02:04.0 copy-interface: 0000:02:04.0

vipinpv85 commented 5 years ago

@tolunFdancer I am able to reproduce the error with DPDK 18.02.2 and changes to support vmx PMD. I am also removing the pcie address verification method as it is becoming difficult too.

I will upload the fix and update readme. Try and let me know.

vipinpv85 commented 5 years ago

Got rid of PCIe based mapping. please check the readme for the change in interface and copy-interface.

tolunFdancer commented 5 years ago

What is the dummy value, it is means 0000:02:01.0?

tolunFdancer commented 5 years ago

The suricata.yaml configuration is :

dpdkintel support

dpdkintel: inputs:

interface: 0 copy-interface: 0000:02:01.0
interface: 1 copy-interface: 0000:02:04.0 opmode: ids

When I run "./src/suricata -c suricata.yaml -s /usr/local/etc/suricata/rules/test-baidu.rules --dpdkintel ", it shows the following info and hang there (did not continue to work): 2/8/2019 -- 06:54:50 - - DPDK Version: DPDK 18.02.2 2/8/2019 -- 06:54:50 - - ----- Global DPDK-INTEL Config ----- 2/8/2019 -- 06:54:50 - - Number Of Ports : 2 2/8/2019 -- 06:54:50 - - Operation Mode : IDS 2/8/2019 -- 06:54:50 - - Port:0, Map:0 2/8/2019 -- 06:54:50 - - Port:1, Map:0 2/8/2019 -- 06:54:50 - - ------------------------------------ 2/8/2019 -- 06:54:50 - - ----- Match Pattern ---- 2/8/2019 -- 06:54:50 - - http: 1 2/8/2019 -- 06:54:50 - - ftp: 0 2/8/2019 -- 06:54:50 - - tls: 0 2/8/2019 -- 06:54:50 - - dns: 0 2/8/2019 -- 06:54:50 - - smtp: 0 2/8/2019 -- 06:54:50 - - ssh: 0 2/8/2019 -- 06:54:50 - - smb: 0 2/8/2019 -- 06:54:50 - - smb2: 0 2/8/2019 -- 06:54:50 - - dcerpc:0 2/8/2019 -- 06:54:50 - - tcp: 1 2/8/2019 -- 06:54:50 - - udp: 0 2/8/2019 -- 06:54:50 - - sctp: 0 2/8/2019 -- 06:54:50 - - icmpv6:0 2/8/2019 -- 06:54:50 - - gre: 0 2/8/2019 -- 06:54:50 - - raw: 0 2/8/2019 -- 06:54:50 - - ipv4: 0 2/8/2019 -- 06:54:50 - - * ipv6: 0 2/8/2019 -- 06:54:50 - - ----------------------- 2/8/2019 -- 06:54:50 - - all 2 packet processing threads, 4 management threads initialized, engine started. 2/8/2019 -- 06:54:50 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - Unknown speed (1000) for 0 2/8/2019 -- 06:54:50 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - Unknown speed (1000) for 1

2/8/2019 -- 06:54:52 - - DPDK Started in IDS Mode!!!

Then I run Ctrl+c ， it shows the following info: 2/8/2019 -- 06:54:50 - - DPDK Version: DPDK 18.02.2 2/8/2019 -- 06:54:50 - - ----- Global DPDK-INTEL Config ----- 2/8/2019 -- 06:54:50 - - Number Of Ports : 2 2/8/2019 -- 06:54:50 - - Operation Mode : IDS 2/8/2019 -- 06:54:50 - - Port:0, Map:0 2/8/2019 -- 06:54:50 - - Port:1, Map:0 2/8/2019 -- 06:54:50 - - ------------------------------------ 2/8/2019 -- 06:54:50 - - ----- Match Pattern ---- 2/8/2019 -- 06:54:50 - - http: 1 2/8/2019 -- 06:54:50 - - ftp: 0 2/8/2019 -- 06:54:50 - - tls: 0 2/8/2019 -- 06:54:50 - - dns: 0 2/8/2019 -- 06:54:50 - - smtp: 0 2/8/2019 -- 06:54:50 - - ssh: 0 2/8/2019 -- 06:54:50 - - smb: 0 2/8/2019 -- 06:54:50 - - smb2: 0 2/8/2019 -- 06:54:50 - - dcerpc:0 2/8/2019 -- 06:54:50 - - tcp: 1 2/8/2019 -- 06:54:50 - - udp: 0 2/8/2019 -- 06:54:50 - - sctp: 0 2/8/2019 -- 06:54:50 - - icmpv6:0 2/8/2019 -- 06:54:50 - - gre: 0 2/8/2019 -- 06:54:50 - - raw: 0 2/8/2019 -- 06:54:50 - - ipv4: 0 2/8/2019 -- 06:54:50 - - * ipv6: 0 2/8/2019 -- 06:54:50 - - ----------------------- 2/8/2019 -- 06:54:50 - - all 2 packet processing threads, 4 management threads initialized, engine started. 2/8/2019 -- 06:54:50 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - Unknown speed (1000) for 0 2/8/2019 -- 06:54:50 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - Unknown speed (1000) for 1

2/8/2019 -- 06:54:52 - - DPDK Started in IDS Mode!!!

^C2/8/2019 -- 06:56:16 - - Signal Received. Stopping engine. 2/8/2019 -- 06:56:16 - - Intf : 0 2/8/2019 -- 06:56:16 - - + ring full 0, enq err 0, tx err 0, Packet alloc fail 0, Packet Process Fail 0 2/8/2019 -- 06:56:16 - - + Errors RX: 0 TX: 0 Mbuff: 0 2/8/2019 -- 06:56:16 - - + Queue Dropped pkts: 0 2/8/2019 -- 06:56:16 - - ---------------------------------------------------------- 2/8/2019 -- 06:56:16 - - Intf : 1 2/8/2019 -- 06:56:16 - - + ring full 0, enq err 0, tx err 0, Packet alloc fail 0, Packet Process Fail 0 2/8/2019 -- 06:56:16 - - + Errors RX: 0 TX: 0 Mbuff: 0 2/8/2019 -- 06:56:16 - - + Queue Dropped pkts: 0 2/8/2019 -- 06:56:16 - - ---------------------------------------------------------- 2/8/2019 -- 06:56:16 - - Stats for '0': pkts: 0, drop: 0 (-nan%), invalid chksum: 0 2/8/2019 -- 06:56:16 - - Stats for '1': pkts: 0, drop: 0 (-nan%), invalid chksum: 0

And the /sur/local/var/log/suricata: [root@localhost suricata]# ll total 36 -rw-r--r--. 1 root root 0 Aug 1 09:59 fast.log -rw-r--r--. 1 root root 0 Aug 1 09:59 http.log -rw-r--r--. 1 root root 33234 Aug 2 06:56 stats.log

The stats.log : [root@localhost suricata]# ll total 36 -rw-r--r--. 1 root root 0 Aug 1 09:59 fast.log -rw-r--r--. 1 root root 0 Aug 1 09:59 http.log -rw-r--r--. 1 root root 33234 Aug 2 06:56 stats.log

I do not konw if this runs success, and I will make some thing to assure the test-baidu.rules work. As you can see ,the error still shows " [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - Unknown speed (1000) for 0".

vipinpv85 commented 5 years ago

What is the dummy value, it is means 0000:02:01.0?

Please read the readme

vipinpv85 commented 5 years ago

https://github.com/vipinpv85/DPDK-Suricata_3.0/issues/12#issuecomment-517530398

2/8/2019 -- 06:54:50 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - Unknown speed (1000) for 0
2/8/2019 -- 06:54:50 - - [ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - Unknown speed (1000) for 1

The request is to use DPDK 17.11. The version you are using is DPDK 18.02.2. I have fixed this also for you can pull the fix.

2/8/2019 -- 06:54:52 - - DPDK Started in IDS Mode!!!

This shows the suricata is started in IDS mode.

2/8/2019 -- 06:56:16 - - Intf : 0
2/8/2019 -- 06:56:16 - - + ring full 0, enq err 0, tx err 0, Packet alloc fail 0, Packet Process Fail 0
2/8/2019 -- 06:56:16 - - + Errors RX: 0 TX: 0 Mbuff: 0
2/8/2019 -- 06:56:16 - - + Queue Dropped pkts: 0
2/8/2019 -- 06:56:16 - - ----------------------------------------------------------
2/8/2019 -- 06:56:16 - - Intf : 1
2/8/2019 -- 06:56:16 - - + ring full 0, enq err 0, tx err 0, Packet alloc fail 0, Packet Process Fail 0
2/8/2019 -- 06:56:16 - - + Errors RX: 0 TX: 0 Mbuff: 0
2/8/2019 -- 06:56:16 - - + Queue Dropped pkts: 0
2/8/2019 -- 06:56:16 - - ----------------------------------------------------------
2/8/2019 -- 06:56:16 - - Stats for '0': pkts: 0, drop: 0 (-nan%), invalid chksum: 0
2/8/2019 -- 06:56:16 - - Stats for '1': pkts: 0, drop: 0 (-nan%), invalid chksum: 0

I do not see any traffic going on.

tolunFdancer commented 5 years ago

The suricata.yaml :

dpdkintel support

dpdkintel:

inputs:

interface: 0 copy-interface: 0000:02:01.0
interface: 1 copy-interface: 0000:02:04.0

And DPDK bind info: Network devices using DPDK-compatible driver 0000:02:01.0 '82545EM Gigabit Ethernet Controller (Copper) 100f' drv=igb_uio unused=e1000 0000:02:04.0 '82545EM Gigabit Ethernet Controller (Copper) 100f' drv=igb_uio unused=e1000

And I have test the DPDK ,it works success , I can assure that. Then when I run " ./src/suricata -c suricata.yaml -s /usr/local/etc/suricata/rules/test-baidu.rules --dpdkintel" it still shows the following info as I mentioned before ( no traffic going on): 5/8/2019 -- 12:54:05 - - DPDK Started in IDS Mode!!!

^C5/8/2019 -- 13:02:59 - - Signal Received. Stopping engine. 5/8/2019 -- 13:02:59 - - Intf : 0 5/8/2019 -- 13:02:59 - - + ring full 0, enq err 0, tx err 0, Packet alloc fail 0, Packet Process Fail 0 5/8/2019 -- 13:02:59 - - + Errors RX: 0 TX: 0 Mbuff: 0 5/8/2019 -- 13:02:59 - - + Queue Dropped pkts: 0 5/8/2019 -- 13:02:59 - - ---------------------------------------------------------- 5/8/2019 -- 13:02:59 - - Intf : 1 5/8/2019 -- 13:02:59 - - + ring full 0, enq err 0, tx err 0, Packet alloc fail 0, Packet Process Fail 0 5/8/2019 -- 13:02:59 - - + Errors RX: 0 TX: 0 Mbuff: 0 5/8/2019 -- 13:02:59 - - + Queue Dropped pkts: 0 5/8/2019 -- 13:02:59 - - ---------------------------------------------------------- 5/8/2019 -- 13:02:59 - - Stats for '0': pkts: 0, drop: 0 (-nan%), invalid chksum: 0 5/8/2019 -- 13:02:59 - - Stats for '1': pkts: 0, drop: 0 (-nan%), invalid chksum: 0

So what should I do to find out the problem?

vipinpv85 commented 5 years ago

The suricata.yaml :

dpdkintel support

dpdkintel:

inputs:

interface: 0 copy-interface: 0000:02:01.0

interface: 1 copy-interface: 0000:02:04.0

And DPDK bind info: Network devices using DPDK-compatible driver 0000:02:01.0 '82545EM Gigabit Ethernet Controller (Copper) 100f' drv=igb_uio unused=e1000 0000:02:04.0 '82545EM Gigabit Ethernet Controller (Copper) 100f' drv=igb_uio unused=e1000

And I have test the DPDK ,it works success , I can assure that. Then when I run " ./src/suricata -c suricata.yaml -s /usr/local/etc/suricata/rules/test-baidu.rules --dpdkintel" it still shows the following info as I mentioned before ( no traffic going on): 5/8/2019 -- 12:54:05 - - DPDK Started in IDS Mode!!!

^C5/8/2019 -- 13:02:59 - - Signal Received. Stopping engine. 5/8/2019 -- 13:02:59 - - Intf : 0 5/8/2019 -- 13:02:59 - - + ring full 0, enq err 0, tx err 0, Packet alloc fail 0, Packet Process Fail 0 5/8/2019 -- 13:02:59 - - + Errors RX: 0 TX: 0 Mbuff: 0 5/8/2019 -- 13:02:59 - - + Queue Dropped pkts: 0 5/8/2019 -- 13:02:59 - - ---------------------------------------------------------- 5/8/2019 -- 13:02:59 - - Intf : 1 5/8/2019 -- 13:02:59 - - + ring full 0, enq err 0, tx err 0, Packet alloc fail 0, Packet Process Fail 0 5/8/2019 -- 13:02:59 - - + Errors RX: 0 TX: 0 Mbuff: 0 5/8/2019 -- 13:02:59 - - + Queue Dropped pkts: 0 5/8/2019 -- 13:02:59 - - ---------------------------------------------------------- 5/8/2019 -- 13:02:59 - - Stats for '0': pkts: 0, drop: 0 (-nan%), invalid chksum: 0 5/8/2019 -- 13:02:59 - - Stats for '1': pkts: 0, drop: 0 (-nan%), invalid chksum: 0

So what should I do to find out the problem?

open a ticket as this is not related to ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - Unknown speed (1000) for 0

vipinpv85 / DPDK-Suricata_3.0

[ERRCODE: SC_ERR_DPDKINTEL_CONFIG_FAILED(275)] - Unknown speed (1000) for 0 #12

dpdkintel support

dpdkintel support

dpdkintel support

dpdkintel support