Project

General

Profile

Actions

Task #5560

open

dpdk: Design a test-case for Suricata running as a secondary process

Added by Lukas Sismis over 2 years ago. Updated almost 2 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Suggest how to test Suricata running as a secondary process (further called secondary mode) while receiving packets through DPDK rings.
The format of DPDK rings are specified in the configuration file.
The main requirement is to only use the built-in, default DPDK application that will enqueue packets to the DPDK rings.


Files

suri-secondary-testcase.png (58.6 KB) suri-secondary-testcase.png Lukas Sismis, 09/27/2022 02:38 PM
suricata.yaml.2thr.secondarytest.ips (73.9 KB) suricata.yaml.2thr.secondarytest.ips IPS Suricata configuration for the secondary mode Lukas Sismis, 09/27/2022 02:57 PM
suricata.yaml.2thr.secondarytest.ids (74.7 KB) suricata.yaml.2thr.secondarytest.ids IDS Suricata configuration for the secondary mode Lukas Sismis, 09/27/2022 02:57 PM

Updated by Lukas Sismis over 2 years ago

The proposed architecture for the IPS test case is as shown in the attached picture. The IDS test case would terminate packet processing in Suricata.

DPKD-TESTPMD is the default application that comes with DPDK package and is used in many DPDK tests. In this test, it would be used together with NET_RING PMD (https://doc.dpdk.org/guides/nics/pcap_ring.html#rings-based-pmd) for creating DPDK rings and connecting dpdk-testpmd with Suricata.

An instance of testpmd application - dpdk-testpmd#1 - runs as a primary process and initializes all resources required for the test - meaning it initializes BOTH virtual devices (RX_RING and TX_RING) and afterward it starts transmitting packets to the RX_RING. RX_RING is a ring to which dpdk-testpmd#1 transmits packets and through which Suricata receives packets. TX_RING is a ring to which Suricata transmits packets and through which dpdk-testpmd#2 receives packets.
Suricata, running as a secondary process, dequeues(receives) packets from the RX_RING and after processing them it enqueues them to the TX_RING. The second instance of testpmd application - dpdk-testpmd#1 - runs as a secondary process as well. It dequeues packets of the TX_RING and release packets (puts mbufs back to the original pktmbuf mempool).

Example configuration for DPDK IDS mode (packet processing ends in Suricata and no transmission is required):
Run dpdk-testpmd#1 with:

sudo dpdk-testpmd -v -l 14,16,18 -n 4 --no-pci --vdev="net_ring_rxring" -- --portmask=0x1 --nb-ports 1 --nb-cores 2 --rxq 2 --txq 2 --forward-mode=txonly

The second instance - dpdk-testpmd#2 - is not run in this test as packets are released by Suricata.

Run Suricata with config suricata.yaml.2thr.secondarytest.ids and with the command:

sudo /home/local/xsismi01/suricata/usr/bin/suricata -c /home/local/xsismi01/measure-suri/suricata-host/configs/dpdk/testpmd/suricata.yaml.2thr.secondarytest.ids -S /dev/null --dpdk -vvv

Example configuration for DPDK IPS mode (as shown in the picture):
Run dpdk-testpmd#1 with:

sudo dpdk-testpmd -v -l 14,16,18 -n 4 --no-pci --vdev="net_ring_rxring" --vdev="net_ring_txring" -- --portmask=0x1 --nb-ports 1 --nb-cores 2 --rxq 2 --txq 2 --forward-mode=txonly

Run dpdk-testpmd#2 with:

sudo dpdk-testpmd -v -l 8,10,12 -n 4 --no-pci --vdev="net_ring_txring" --proc-type secondary -- --portmask=0x2 --nb-ports 1 --nb-cores 2 --rxq 2 --txq 2 --forward-mode=rxonly

Run Suricata with config suricata.yaml.2thr.secondarytest.ips and with the command:

sudo /home/local/xsismi01/suricata/usr/bin/suricata -c /home/local/xsismi01/measure-suri/suricata-host/configs/dpdk/testpmd/suricata.yaml.2thr.secondarytest.ips -S /dev/null --dpdk -vvv

Shutdown:
The primary application should always be the last application to shut down since it deinitializes virtual devices (DPDK rings) (which it initialized at the beginning of the test case). The ring devices would otherwise be still used with the other application and that would lead to the segmentation fault.

Actions #2

Updated by Lukas Sismis over 2 years ago

So far, the current implementation can be found at:
https://github.com/lukashino/suricata/tree/b8e8b464e435a2797e7c6954d5863ec1bfa262e6

Or in the follow-ups of branch feat/5203-primary-app-v5 in the https://github.com/lukashino/suricata

Draft PR:
https://github.com/OISF/suricata/pull/7818

Actions #3

Updated by Lukas Sismis about 2 years ago

  • Status changed from New to Feedback
Actions #4

Updated by Victor Julien about 2 years ago

  • Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Actions #5

Updated by Victor Julien almost 2 years ago

  • Target version changed from 7.0.0-rc1 to 8.0.0-beta1
Actions

Also available in: Atom PDF