]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d421d42) | patch
dpdk: warn about processing segmented DPDK mbufs 8861/head
authorLukas Sismis <lsismis@oisf.net>
Mon, 24 Apr 2023 16:04:42 +0000 (18:04 +0200)
committerVictor Julien <vjulien@oisf.net>
Wed, 10 May 2023 13:59:01 +0000 (15:59 +0200)
commitf751c93cb8de05c0baaa46d9506b064086dada03
tree640e2d2ebba11c5c57d892a333517a27f33ff40ftree
parentd421d424110ed557176498207e635028b4458131commit | diff
dpdk: warn about processing segmented DPDK mbufs

Segmented mbufs should never happen in Suricata.
Mbuf segmentation divides the received packet into multiple
mbufs. This can happen when MTU of the NIC is larger than
the allocated mbufs in the mbuf mempool. As Suricata sets the size
of the mbuf to be slightly higher than the configured MTU, mbuf
segmentation should never happen in Suricata. This is especially
true, if Suricata runs as a primary process and configures the
packet source (NIC).

Processing segmented mbufs can lead to missed/false
(pattern-matching) detections as Suricata only inspects the first
segment of the packet. It can also lead to segfault if Suricata
moves the detection window out of the segment boundaries.
src/source-dpdk.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git