]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 91e1256) | patch
af-packet: kernel bypass implementation
authorEric Leblond <eric@regit.org>
Sun, 26 Nov 2017 19:29:52 +0000 (20:29 +0100)
committerEric Leblond <eric@regit.org>
Tue, 6 Feb 2018 15:57:55 +0000 (16:57 +0100)
commit06173267c6d6c5702db6c4d3a9710b4f8dd2b56e
tree6def7d458060b26e5c7ec6abc0c58f1e360ddb9dtree
parent91e1256b0134ebe89b89e18bf785d20679c25225commit | diff
af-packet: kernel bypass implementation

This patch implements bypass capability for af-packet.

The filter only bypass TCP and UDP in IPv4 and IPv6. It don't
don't bypass IPv6 with extended headers.

This patch also introduces a bypassed flow manager that takes
care of timeouting the bypassed flows. It uses a 60 sec
timeout on flow. As they are supposed to be active we can
try that. If they are not active then we don't care to get them
back in Suricata.
15 files changed:
ebpf/Makefile.am diff | blob | blame | history
ebpf/bypass_filter.c [new file with mode: 0644] blob
src/Makefile.am diff | blob | blame | history
src/flow-bypass.c [new file with mode: 0644] blob
src/flow-bypass.h [new file with mode: 0644] blob
src/runmode-af-packet.c diff | blob | blame | history
src/runmodes.c diff | blob | blame | history
src/source-af-packet.c diff | blob | blame | history
src/source-af-packet.h diff | blob | blame | history
src/suricata.c diff | blob | blame | history
src/tm-modules.c diff | blob | blame | history
src/tm-threads-common.h diff | blob | blame | history
src/util-ebpf.c diff | blob | blame | history
src/util-ebpf.h diff | blob | blame | history
suricata.yaml.in diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git