Long Term Support

End of Life (no more new supprot addition & features)

Purpose

Make use of DPDK PMD, with pre-parser and 3 Tuple ACL before Suricata worker stage. This helps to send only relevan ipv4 and ipv6 to Suricata worker pipeline.

How to build

Build Enviroment

DPDK

1. Download DPDK LTS http://fast.dpdk.org/rel/dpdk-18.11.5.tar.xz from dpdk.org.

2. Untar DPDK and use make config T=x86_64-native-linuxapp-gcc O=x86_64-native-linuxapp-gcc.

3. Build DPDK by

   export RTE_SDK=$PWD; 
   export RTE_TARGET=x86_64-native-linuxapp-gcc; 
   cd x86_64-native-linuxapp-gcc, 
   make -j 4

4. Test the custom build by cross checking examples like helloworld & l2fwd.

Suricata with DPDK

1. Download the project zip and unzip the contents.

2. Execute in terminal

   - cd DPDK-Suircata_3.0/suricata-3.0
   - autoconf

3. If DPDK enviroment variables are present, use

   - ./configure --enable-dpdkintel
   or
   - ./configure --sysconfdir=<mydesiredpath> --enable-dpdkintel

4. If DPDK is installed as package or custom build directory, use

   - ./configure --enable-dpdkintel --with-libdpdkintel-includes=<path to dpdk include> --with-libdpdkintel-libraries=<path to dpdk lib>
   or
   - ./configure --sysconfdir=<mydesiredpath> --enable-dpdkintel --with-libdpdkintel-includes=<path to dpdk include> --with-libdpdkintel-libraries=<path to dpdk lib>

5. Build suricata with

   make -j 10

modified suricata:

Test Run:

Configuration for suricata.yaml

1. IDS

   #dpdkintel support
   dpdkintel:
   
   inputs:
     - interface: 0
     - interface: 1
   
   # Select dpdk intel operation mode ips|ids|bypass
       opmode: ids

2. IPS

   #dpdkintel support
   dpdkintel:
   
   inputs:
     - interface: 0
       copy-interface: 1
     - interface: 1
       copy-interface: 0
   
   # Select dpdk intel operation mode ips|ids|bypass
       opmode: ips

Configuration for dpdk-suricata.ini