util-ebpf: only unlink pinned maps in eBPF filter

author Eric Leblond <eric@regit.org>

Sun, 9 Dec 2018 20:11:27 +0000 (21:11 +0100)

committer Victor Julien <victor@inliniac.net>

Tue, 18 Jun 2019 05:07:01 +0000 (07:07 +0200)
author Eric Leblond <eric@regit.org>
Sun, 9 Dec 2018 20:11:27 +0000 (21:11 +0100)
committer Victor Julien <victor@inliniac.net>
Tue, 18 Jun 2019 05:07:01 +0000 (07:07 +0200)
diff --git a/src/util-ebpf.c b/src/util-ebpf.c

index b5ebd4f54672cf81ca8d61859bee6577bf8a8277..2b8def0da56466241543c148fa98be61657b4743 100644 (file)
--- a/src/util-ebpf.c
+++ b/src/util-ebpf.c
@@ -66,6 +66,7 @@ struct bpf_map_item {
      char iface[IFNAMSIZ];
      char * name;
      int fd;
+    uint8_t unlink;
  };
  
  struct bpf_maps_info {
@@ -86,13 +87,15 @@ static void BpfMapsInfoFree(void *bpf)
      int i;
      for (i = 0; i < bpfinfo->last; i ++) {
          if (bpfinfo->array[i].name) {
-            char pinnedpath[1024];
-            snprintf(pinnedpath, sizeof(pinnedpath),
-                     "/sys/fs/bpf/suricata-%s-%s",
-                     bpfinfo->array[i].iface,
-                     bpfinfo->array[i].name);
-            /* Unlink the pinned entry */
-            unlink(pinnedpath);
+            if (bpfinfo->array[i].unlink) {
+                char pinnedpath[1024];
+                snprintf(pinnedpath, sizeof(pinnedpath),
+                        "/sys/fs/bpf/suricata-%s-%s",
+                        bpfinfo->array[i].iface,
+                        bpfinfo->array[i].name);
+                /* Unlink the pinned entry */
+                unlink(pinnedpath);
+            }
              SCFree(bpfinfo->array[i].name);
          }
      }
@@ -275,6 +278,7 @@ int EBPFLoadFile(const char *iface, const char *path, const char * section,
              BpfMapsInfoFree(bpf_map_data);
              return -1;
          }
+        bpf_map_data->array[bpf_map_data->last].unlink = 0;
          if (flags & EBPF_PINNED_MAPS) {
              SCLogNotice("Pinning: %d to %s", bpf_map_data->array[bpf_map_data->last].fd,
                      bpf_map_data->array[bpf_map_data->last].name);
@@ -285,6 +289,12 @@ int EBPFLoadFile(const char *iface, const char *path, const char * section,
              if (ret != 0) {
                  SCLogError(SC_ERR_AFP_CREATE, "Can not pin: %s", strerror(errno));
              }
+            /* Don't unlink pinned maps in XDP mode to avoid a state reset */
+            if (flags & EBPF_XDP_CODE) {
+                bpf_map_data->array[bpf_map_data->last].unlink = 0;
+            } else {
+                bpf_map_data->array[bpf_map_data->last].unlink = 1;
+            }
          }
          bpf_map_data->last++;
      }
author	Eric Leblond <eric@regit.org>
	Sun, 9 Dec 2018 20:11:27 +0000 (21:11 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 18 Jun 2019 05:07:01 +0000 (07:07 +0200)