aconf->iface);
aconf->ebpf_t_config.flags |= EBPF_PINNED_MAPS;
}
+ const char *pinned_maps_name;
+ if (ConfGetChildValueWithDefault(if_root, if_default,
+ "pinned-maps-name",
+ &pinned_maps_name) != 1) {
+ aconf->ebpf_t_config.pinned_maps_name = pinned_maps_name;
+ } else {
+ aconf->ebpf_t_config.pinned_maps_name = NULL;
+ }
}
#endif
if (aconf->ebpf_lb_file && cluster_type == PACKET_FANOUT_EBPF) {
int ret = EBPFLoadFile(aconf->iface, aconf->ebpf_lb_file, "loadbalancer",
&aconf->ebpf_lb_fd,
- aconf->ebpf_t_config.flags);
+ &aconf->ebpf_t_config);
if (ret != 0) {
SCLogWarning(SC_ERR_INVALID_VALUE, "Error when loading eBPF lb file");
}
#ifdef HAVE_PACKET_EBPF
int ret = EBPFLoadFile(aconf->iface, aconf->ebpf_filter_file, "filter",
&aconf->ebpf_filter_fd,
- aconf->ebpf_t_config.flags);
+ &aconf->ebpf_t_config);
if (ret != 0) {
SCLogWarning(SC_ERR_INVALID_VALUE,
"Error when loading eBPF filter file");
#ifdef HAVE_PACKET_XDP
int ret = EBPFLoadFile(aconf->iface, aconf->xdp_filter_file, "xdp",
&aconf->xdp_filter_fd,
- aconf->ebpf_t_config.flags);
+ &aconf->ebpf_t_config);
if (ret != 0) {
SCLogWarning(SC_ERR_INVALID_VALUE,
"Error when loading XDP filter file");
return bpf_obj_get(pinnedpath);
}
-static int EBPFLoadPinnedMaps(LiveDevice *livedev, uint8_t flags)
+static int EBPFLoadPinnedMaps(LiveDevice *livedev, struct ebpf_timeout_config *config)
{
int fd_v4 = -1, fd_v6 = -1;
+ /* First try to load the eBPF check map and return if found */
+ if (config->pinned_maps_name) {
+ int ret = -1;
+ ret = EBPFLoadPinnedMapsFile(livedev, config->pinned_maps_name);
+ if (ret == 0) {
+ /* pinned maps found, let's just exit as XDP filter is in place */
+ return ret;
+ }
+ }
+
/* Get flow v4 table */
fd_v4 = EBPFLoadPinnedMapsFile(livedev, "flow_table_v4");
if (fd_v4 < 0) {
bpf_map_data->array[1].fd = fd_v6;
bpf_map_data->array[1].name = SCStrdup("flow_table_v6");
bpf_map_data->last = 2;
+ /* Attach the bpf_maps_info to the LiveDevice via the device storage */
+ LiveDevSetStorageById(livedev, g_livedev_storage_id, bpf_map_data);
return 0;
}
* \return -1 in case of error and 0 in case of success
*/
int EBPFLoadFile(const char *iface, const char *path, const char * section,
- int *val, uint8_t flags)
+ int *val, struct ebpf_timeout_config *config)
{
int err, pfd;
bool found = false;
if (livedev == NULL)
return -1;
- if (flags & EBPF_XDP_CODE) {
+ if (config->flags & EBPF_XDP_CODE) {
/* We try to get our flow table maps and if we have them we can simply return */
- if (EBPFLoadPinnedMaps(livedev, flags) == 0) {
+ if (EBPFLoadPinnedMaps(livedev, config) == 0) {
return 0;
}
}
bpf_object__for_each_program(bpfprog, bpfobj) {
const char *title = bpf_program__title(bpfprog, 0);
if (!strcmp(title, section)) {
- if (flags & EBPF_SOCKET_FILTER) {
+ if (config->flags & EBPF_SOCKET_FILTER) {
bpf_program__set_socket_filter(bpfprog);
} else {
bpf_program__set_xdp(bpfprog);
return -1;
}
bpf_map_data->array[bpf_map_data->last].unlink = 0;
- if (flags & EBPF_PINNED_MAPS) {
+ if (config->flags & EBPF_PINNED_MAPS) {
SCLogNotice("Pinning: %d to %s", bpf_map_data->array[bpf_map_data->last].fd,
bpf_map_data->array[bpf_map_data->last].name);
char buf[1024];
SCLogError(SC_ERR_AFP_CREATE, "Can not pin: %s", strerror(errno));
}
/* Don't unlink pinned maps in XDP mode to avoid a state reset */
- if (flags & EBPF_XDP_CODE) {
+ if (config->flags & EBPF_XDP_CODE) {
bpf_map_data->array[bpf_map_data->last].unlink = 0;
} else {
bpf_map_data->array[bpf_map_data->last].unlink = 1;
int EBPFGetMapFDByName(const char *iface, const char *name);
int EBPFLoadFile(const char *iface, const char *path, const char * section,
- int *val, uint8_t flags);
+ int *val, struct ebpf_timeout_config *config);
int EBPFSetupXDP(const char *iface, int fd, uint8_t flags);
int EBPFCheckBypassedFlowTimeout(struct flows_stats *bypassstats,
projects / thirdparty / suricata.git / commitdiff
