From: Lukas Sismis <lsismis@oisf.net>
Date: Wed, 19 Oct 2022 21:18:59 +0000 (+0200)
Subject: dpdk: add support for enabling IPS support in DPDK mode
X-Git-Tag: suricata-7.0.0-rc1~96
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2a5bc796167f49724d9da1d951237a08cfc0570;p=thirdparty%2Fsuricata.git

dpdk: add support for enabling IPS support in DPDK mode
---

diff --git a/src/runmode-dpdk.c b/src/runmode-dpdk.c
index 1d0a1839e1..55cac70a5f 100644
--- a/src/runmode-dpdk.c
+++ b/src/runmode-dpdk.c
@@ -45,6 +45,8 @@
 #include "util-dpdk-ice.h"
 #include "util-dpdk-ixgbe.h"
 #include "util-time.h"
+#include "util-conf.h"
+#include "suricata.h"
 
 #ifdef HAVE_DPDK
 
@@ -1362,6 +1364,62 @@ static int DPDKConfigGetThreadsCount(void *conf)
 
 #endif /* HAVE_DPDK */
 
+static int DPDKRunModeIsIPS(void)
+{
+    /* Find initial node */
+    const char dpdk_node_query[] = "dpdk.interfaces";
+    ConfNode *dpdk_node = ConfGetNode(dpdk_node_query);
+    if (dpdk_node == NULL) {
+        FatalError("Unable to get %s configuration node", dpdk_node_query);
+    }
+
+    const char default_iface[] = "default";
+    ConfNode *if_default = ConfNodeLookupKeyValue(dpdk_node, "interface", default_iface);
+    int nlive = LiveGetDeviceCount();
+    bool has_ips = false;
+    bool has_ids = false;
+    for (int ldev = 0; ldev < nlive; ldev++) {
+        const char *live_dev = LiveGetDeviceName(ldev);
+        if (live_dev == NULL)
+            FatalError("Unable to get device id %d from LiveDevice list", ldev);
+
+        ConfNode *if_root = ConfFindDeviceConfig(dpdk_node, live_dev);
+        if (if_root == NULL) {
+            if (if_default == NULL)
+                FatalError("Unable to get %s or %s  interface", live_dev, default_iface);
+
+            if_root = if_default;
+        }
+
+        const char *copymodestr = NULL;
+        if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", &copymodestr) == 1) {
+            if (strcmp(copymodestr, "ips") == 0) {
+                has_ips = true;
+            } else {
+                has_ids = true;
+            }
+        } else {
+            has_ids = true;
+        }
+
+        if (has_ids && has_ips) {
+            FatalError("Copy-mode of interface %s mixes with the previously set copy-modes "
+                       "(only IDS/TAP and IPS copy-mode combinations are allowed in DPDK",
+                    live_dev);
+        }
+    }
+
+    return has_ips;
+}
+
+static void DPDKRunModeEnableIPS(void)
+{
+    if (DPDKRunModeIsIPS()) {
+        SCLogInfo("Setting IPS mode");
+        EngineModeSetIPS();
+    }
+}
+
 const char *RunModeDpdkGetDefaultMode(void)
 {
     return "workers";
@@ -1372,7 +1430,7 @@ void RunModeDpdkRegister(void)
     RunModeRegisterNewRunMode(RUNMODE_DPDK, "workers",
             "Workers DPDK mode, each thread does all"
             " tasks from acquisition to logging",
-            RunModeIdsDpdkWorkers, NULL);
+            RunModeIdsDpdkWorkers, DPDKRunModeEnableIPS);
 }
 
 /**