]> git.ipfire.org Git - people/ms/suricata.git/commit - src/source-af-packet.c
projects / people / ms / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 640bc93) | patch
bypass: use flow storage for bypass counter
authorEric Leblond <eric@regit.org>
Sun, 24 Mar 2019 18:47:02 +0000 (19:47 +0100)
committerVictor Julien <victor@inliniac.net>
Tue, 18 Jun 2019 05:07:02 +0000 (07:07 +0200)
commit6ab1cbcb8ef87ba6df05a14e045170088ab2c19b
tree3ea7b7fb798b527e66dd4c8b423c7dc4c8fb5e71tree | snapshot
parent640bc937b4843e0cfa575243658508af82d71df1commit | diff
bypass: use flow storage for bypass counter

There is a synchronization issue occuring when a flow is
added to the eBPF bypass maps. The flow can have packets
in the ring buffer that have already passed the eBPF stage.
By consequences, they are not accounted in the eBPF counter
but are accounted by Suricata flow engine.

This was causing counters to be completely wrong. This code
fixes the issue by avoiding the counter change in invalid
case.

To avoid adding 4 64bits integers to the Flow structure for the
bypass accounting, we use instead a FlowStorage. This limits the
memory usage to the size of a pointer.
src/decode.c diff | blob | blame | history
src/flow-util.c diff | blob | blame | history
src/flow.h diff | blob | blame | history
src/output-json-flow.c diff | blob | blame | history
src/source-af-packet.c diff | blob | blame | history
src/suricata.c diff | blob | blame | history
src/util-ebpf.c diff | blob | blame | history
Michael's tree of suricata