search

vipinpv85 / DPDK-Suricata_3.0

add dpdk interface and packet processing to suricata in worker mode
https://github.com/vipinpv85/DPDK-Suricata_3.0
GNU Lesser General Public License v3.0
62 stars 34 forks source link

The DPDK_suricata3.0 did not work out the alert. #13

Closed tolunFdancer closed 5 years ago

tolunFdancer commented 5 years ago

The suricata.yaml :

dpdkintel support

dpdkintel:

inputs:

interface: 0 copy-interface: 0000:02:01.0 interface: 1 copy-interface: 0000:02:04.0 And DPDK bind info: Network devices using DPDK-compatible driver 0000:02:01.0 '82545EM Gigabit Ethernet Controller (Copper) 100f' drv=igb_uio unused=e1000 0000:02:04.0 '82545EM Gigabit Ethernet Controller (Copper) 100f' drv=igb_uio unused=e1000

And I have test the DPDK ,it works success , I can assure that. Then when I run " ./src/suricata -c suricata.yaml -s /usr/local/etc/suricata/rules/test-baidu.rules --dpdkintel" it still shows the following info as I mentioned before ( no traffic going on): 5/8/2019 -- 12:54:05 - - DPDK Started in IDS Mode!!!

^C5/8/2019 -- 13:02:59 - - Signal Received. Stopping engine. 5/8/2019 -- 13:02:59 - - Intf : 0 5/8/2019 -- 13:02:59 - - + ring full 0, enq err 0, tx err 0, Packet alloc fail 0, Packet Process Fail 0 5/8/2019 -- 13:02:59 - - + Errors RX: 0 TX: 0 Mbuff: 0 5/8/2019 -- 13:02:59 - - + Queue Dropped pkts: 0 5/8/2019 -- 13:02:59 - - ---------------------------------------------------------- 5/8/2019 -- 13:02:59 - - Intf : 1 5/8/2019 -- 13:02:59 - - + ring full 0, enq err 0, tx err 0, Packet alloc fail 0, Packet Process Fail 0 5/8/2019 -- 13:02:59 - - + Errors RX: 0 TX: 0 Mbuff: 0 5/8/2019 -- 13:02:59 - - + Queue Dropped pkts: 0 5/8/2019 -- 13:02:59 - - ---------------------------------------------------------- 5/8/2019 -- 13:02:59 - - Stats for '0': pkts: 0, drop: 0 (-nan%), invalid chksum: 0 5/8/2019 -- 13:02:59 - - Stats for '1': pkts: 0, drop: 0 (-nan%), invalid chksum: 0

So what should I do to find out the problem?

vipinpv85 commented 5 years ago

Thanks @tolunFdancer for still using DPDK version greater than mentioned, this helps me to iron out issues from the ported Suricata code base.

I have updated codebase to fix 'commit 9b9bce9e56d6422685ff4189cb5dc3e45f245fe6'. You can pull and try for ids

vipinpv85 commented 5 years ago

Please check and if the current is fixed close the ticket.

vipinpv85 commented 5 years ago

closing the ticket since there is no reply

vipinpv85 commented 5 years ago 
6/8/2019 -- 12:16:38 - <Notice> - DPDK Version: DPDK 17.11.3
6/8/2019 -- 12:16:38 - <Notice> - ----- Global DPDK-INTEL Config -----
6/8/2019 -- 12:16:38 - <Notice> -  Number Of Ports  : 1
6/8/2019 -- 12:16:38 - <Notice> -  Operation Mode   : IDS
6/8/2019 -- 12:16:38 - <Notice> -  Port:0, Map:0
6/8/2019 -- 12:16:38 - <Notice> - ------------------------------------
6/8/2019 -- 12:16:39 - <Notice> - ----- Match Pattern ----
6/8/2019 -- 12:16:39 - <Notice> -  * http:  0
6/8/2019 -- 12:16:39 - <Notice> -  * ftp:   0
6/8/2019 -- 12:16:39 - <Notice> -  * tls:   0
6/8/2019 -- 12:16:39 - <Notice> -  * dns:   8
6/8/2019 -- 12:16:39 - <Notice> -  * smtp:  0
6/8/2019 -- 12:16:39 - <Notice> -  * ssh:   0
6/8/2019 -- 12:16:39 - <Notice> -  * smb:   0
6/8/2019 -- 12:16:39 - <Notice> -  * smb2:  0
6/8/2019 -- 12:16:39 - <Notice> -  * dcerpc:0
6/8/2019 -- 12:16:39 - <Notice> -  * tcp:   8
6/8/2019 -- 12:16:39 - <Notice> -  * udp:   8
6/8/2019 -- 12:16:39 - <Notice> -  * sctp:  0
6/8/2019 -- 12:16:39 - <Notice> -  * icmpv6:0
6/8/2019 -- 12:16:39 - <Notice> -  * gre:   0
6/8/2019 -- 12:16:39 - <Notice> -  * raw:   0
6/8/2019 -- 12:16:39 - <Notice> -  * ipv4:  0
6/8/2019 -- 12:16:39 - <Notice> -  * ipv6:  0
6/8/2019 -- 12:16:39 - <Notice> - -----------------------
6/8/2019 -- 12:16:39 - <Notice> - all 1 packet processing threads, 4 management threads initialized, engine started.
6/8/2019 -- 12:16:40 - <Notice> -  master_lcore 1 lcore_count 4
6/8/2019 -- 12:16:40 - <Notice> -  cpuIndex 4 lcore_id 2
6/8/2019 -- 12:16:40 - <Notice> - Frame Parser for IDS Mode
6/8/2019 -- 12:16:40 - <Notice> - IDS ports 1, core 2, enble 1, scket 0 phy 0
6/8/2019 -- 12:16:40 - <Notice> - DPDK Started in IDS Mode!!!
^C6/8/2019 -- 12:18:05 - <Notice> - Signal Received.  Stopping engine.
6/8/2019 -- 12:18:05 - <Notice> - IDS port 0
6/8/2019 -- 12:18:05 - <Notice> -  - pkts: RX 103307 TX 0 MISS 75820049
6/8/2019 -- 12:18:05 - <Notice> -  - ring: full 0, enq err 0, tx err 0
6/8/2019 -- 12:18:05 - <Notice> -  - SC Pkt: fail 0, Process Fail 0
6/8/2019 -- 12:18:06 - <Notice> - Intf : 0
6/8/2019 -- 12:18:06 - <Notice> -  + ring full 0, enq err 0, tx err 0
6/8/2019 -- 12:18:06 - <Notice> -  + fail: Packet alloc 0, Fail 0
6/8/2019 -- 12:18:06 - <Notice> -  + Errors RX: 0 TX: 0 Mbuff: 121162662304
6/8/2019 -- 12:18:06 - <Notice> -  + Queue Dropped pkts: 0
6/8/2019 -- 12:18:06 - <Notice> -  ----------------------------------------------------------
6/8/2019 -- 12:18:06 - <Notice> - Stats for '0':  pkts: 0, drop: 0 (-nan%), invalid chksum: 0
tolunFdancer commented 5 years ago

Finally, I wanna cry, it worked successful!👍 👍 👍 👍 👍 You are so kind, thank you very much!!!!!!!!!! I do not konw what else to say, just enjoy your life!

tolunFdancer commented 5 years ago

Hi,I wanna konw when the DPDK_suricata4.1.1 could work. Now I run DPDK_suricata3.0 successful, I want to updata DPDK_suricata3.0 to DPDK_suricata4.1.1.

vipinpv85 commented 5 years ago

Hi,I wanna konw when the DPDK_suricata4.1.1 could work. Now I run DPDK_suricata3.0 successful, I want to updata DPDK_suricata3.0 to DPDK_suricata4.1.1.

This is not with regard to DPDK-Suricata.3.0 . Please open or use DPDK-Suricata-4.1.1