Closed dihin11 closed 4 years ago
vipinpv85
commented
4 years ago There are no verdict functions in your code, how to set the ips mode to drop packet?
Can you help me understand, with the rule you are setting. Please fill up the template for issue too. If this is question or feature, please use feature template
dihin11
commented
4 years ago Ignore it, sorry
vipinpv85
commented
4 years ago So I assume the result of ips actually does rte_mbuf_free for drop rules. Ok, thanks
vipinpv85
commented
4 years ago @dihin11 can try
diff --git a/suricata-3.0/src/source-dpdkintel.c b/suricata-3.0/src/source-dpdkintel.c
index 730f995..139e370 100644
--- a/suricata-3.0/src/source-dpdkintel.c
+++ b/suricata-3.0/src/source-dpdkintel.c
@@ -146,7 +146,20 @@ void DpdkIntelReleasePacket(Packet *p)
if (DPDKINTEL_GENCFG.OpMode == IDS) {
SCLogDebug(" Free frame as its IDS ");
rte_pktmbuf_free(m);
- } else if (DPDKINTEL_GENCFG.OpMode == IPS || DPDKINTEL_GENCFG.OpMode == BYPASS) {
+ } else if (DPDKINTEL_GENCFG.OpMode == IPS) {
+ /* test packet action as drop, if true drop */
+ if (PACKET_TEST_ACTION(p, ACTION_DROP) == 0) {
+ if (rte_eth_tx_burst(portId, 0, (struct rte_mbuf **)&m, 1) != 1) {
+ SCLogDebug(" Unable to TX via port %d for %p in OpMode %d",
+ portId, m, DPDKINTEL_GENCFG.OpMode);
+ rte_pktmbuf_free(m);
+ }
+ }
+ else {
+ SCLogDebug(" Pkt Action to DROP in IPS, hence free mbuf ");
+ rte_pktmbuf_free(m);
+ }
+ } else if (DPDKINTEL_GENCFG.OpMode == BYPASS) {
if (rte_eth_tx_burst(portId, 0, (struct rte_mbuf **)&m, 1) != 1) {
SCLogDebug(" Unable to TX via port %d for %p in OpMode %d",
portId, m, DPDKINTEL_GENCFG.OpMode);I think this is what you are asking for?
There are no verdict functions in your code, how to set the ips mode to drop packet?