Orginal implementation counts how many rules are added successfully. If rules are present, enqueue packets for Suricata processing.
Implemented 3 Tuple ACL (src-ip, dst-ip, proto) for IPv4 and IPv6. Parse successful signatures for ACL key and updated DPDK ACL. For all incoming packets perform DPDK ACL to filter if the packets need to processed by Suricata or not.
Operation Mode | PKT type | action
IDS | non IP | drop
IDS | IPv4 and IPv6 | rule hit suricata process else drop
IPS | non IP | fwd
IPS | IPv4 and IPv6 | rule hit suricata process else fwd
Note: currently we are processing 1 pkt at a time to maintain order.
Orginal implementation counts how many rules are added successfully. If rules are present, enqueue packets for Suricata processing.
Implemented 3 Tuple ACL (src-ip, dst-ip, proto) for IPv4 and IPv6. Parse successful signatures for ACL key and updated DPDK ACL. For all incoming packets perform DPDK ACL to filter if the packets need to processed by Suricata or not.
Operation Mode | PKT type | action IDS | non IP | drop IDS | IPv4 and IPv6 | rule hit suricata process else drop IPS | non IP | fwd IPS | IPv4 and IPv6 | rule hit suricata process else fwd
Note: currently we are processing 1 pkt at a time to maintain order.