From: Eric Leblond <eric@regit.org>
Date: Tue, 28 May 2019 21:10:53 +0000 (+0200)
Subject: util-ebpf: fix ebpf bypass
X-Git-Tag: suricata-5.0.0-rc1~315
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efb648aa24bf0f62d3f6e95a2b1edd87a3a2369f;p=thirdparty%2Fsuricata.git

util-ebpf: fix ebpf bypass

Fix endian order in eBPF bypass. It has to be updated after the
bypassed flows handling change.
---

diff --git a/src/util-ebpf.c b/src/util-ebpf.c
index f4a3b32082..ac15f2b2c0 100644
--- a/src/util-ebpf.c
+++ b/src/util-ebpf.c
@@ -635,17 +635,19 @@ static int EBPFForEachFlowV4Table(ThreadVars *th_v, LiveDevice *dev, const char
         if (tcfg->mode == AFP_MODE_XDP_BYPASS) {
             flow_key.sp = ntohs(next_key.port16[0]);
             flow_key.dp = ntohs(next_key.port16[1]);
+            flow_key.src.addr_data32[0] = next_key.src;
+            flow_key.dst.addr_data32[0] = next_key.dst;
         } else {
             flow_key.sp = next_key.port16[0];
             flow_key.dp = next_key.port16[1];
+            flow_key.src.addr_data32[0] = ntohl(next_key.src);
+            flow_key.dst.addr_data32[0] = ntohl(next_key.dst);
         }
         flow_key.src.family = AF_INET;
-        flow_key.src.addr_data32[0] = next_key.src;
         flow_key.src.addr_data32[1] = 0;
         flow_key.src.addr_data32[2] = 0;
         flow_key.src.addr_data32[3] = 0;
         flow_key.dst.family = AF_INET;
-        flow_key.dst.addr_data32[0] = next_key.dst;
         flow_key.dst.addr_data32[1] = 0;
         flow_key.dst.addr_data32[2] = 0;
         flow_key.dst.addr_data32[3] = 0;
@@ -734,20 +736,30 @@ static int EBPFForEachFlowV6Table(ThreadVars *th_v,
         if (tcfg->mode == AFP_MODE_XDP_BYPASS) {
             flow_key.sp = ntohs(next_key.port16[0]);
             flow_key.dp = ntohs(next_key.port16[1]);
+            flow_key.src.family = AF_INET6;
+            flow_key.src.addr_data32[0] = next_key.src[0];
+            flow_key.src.addr_data32[1] = next_key.src[1];
+            flow_key.src.addr_data32[2] = next_key.src[2];
+            flow_key.src.addr_data32[3] = next_key.src[3];
+            flow_key.dst.family = AF_INET6;
+            flow_key.dst.addr_data32[0] = next_key.dst[0];
+            flow_key.dst.addr_data32[1] = next_key.dst[1];
+            flow_key.dst.addr_data32[2] = next_key.dst[2];
+            flow_key.dst.addr_data32[3] = next_key.dst[3];
         } else {
             flow_key.sp = next_key.port16[0];
             flow_key.dp = next_key.port16[1];
+            flow_key.src.family = AF_INET6;
+            flow_key.src.addr_data32[0] = ntohl(next_key.src[0]);
+            flow_key.src.addr_data32[1] = ntohl(next_key.src[1]);
+            flow_key.src.addr_data32[2] = ntohl(next_key.src[2]);
+            flow_key.src.addr_data32[3] = ntohl(next_key.src[3]);
+            flow_key.dst.family = AF_INET6;
+            flow_key.dst.addr_data32[0] = ntohl(next_key.dst[0]);
+            flow_key.dst.addr_data32[1] = ntohl(next_key.dst[1]);
+            flow_key.dst.addr_data32[2] = ntohl(next_key.dst[2]);
+            flow_key.dst.addr_data32[3] = ntohl(next_key.dst[3]);
         }
-        flow_key.src.family = AF_INET6;
-        flow_key.src.addr_data32[0] = next_key.src[0];
-        flow_key.src.addr_data32[1] = next_key.src[1];
-        flow_key.src.addr_data32[2] = next_key.src[2];
-        flow_key.src.addr_data32[3] = next_key.src[3];
-        flow_key.dst.family = AF_INET6;
-        flow_key.dst.addr_data32[0] = next_key.dst[0];
-        flow_key.dst.addr_data32[1] = next_key.dst[1];
-        flow_key.dst.addr_data32[2] = next_key.dst[2];
-        flow_key.dst.addr_data32[3] = next_key.dst[3];
         flow_key.vlan_id[0] = next_key.vlan_id[0];
         flow_key.vlan_id[1] = next_key.vlan_id[1];
         flow_key.proto = next_key.ip_proto;