conf: add dpdk configuration file

[vipinpv85]

Based on the work https://github.com/vipinpv85/DPDK-Suricata_3.0,
leverage DPDK features to pool, preparse, re-assemble, and flatten
buffers to improve suricata worker thread processing.

Target is to allow, easy integration of features like DPDK port config,
Hardware flow offload, 3 tuple ACL rules for ipv4 and ipv6. With IDS
mode, the matched rule packets are sent to worker and non matched are
dropped by DPDK processing thread. With IPS mode, the packets that
match rules are sent to woker thread and non matched are bypassed to
copy interface.

Current patch adds initial configuration, for DPDK EAL, port setup,
ACL for IPv4 and IPv6 3 tuple.

Make sure these boxes are signed before submitting your Pull Request -- thank you.

• I have read the contributing guide lines at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing
• I have signed the Open Information Security Foundation contribution agreement at https://suricata-ids.org/about/contribution-agreement/
• I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket:

Describe changes:

PRScript output (if applicable):

[vipinpv85]

Hi osif-team,

can you help me understand the possible cause for failure in debian10, debian9 and MacOS for file addition?

thanks in advance

[victorjulien]

Hi osif-team,

can you help me understand the possible cause for failure in debian10, debian9 and MacOS for file addition?

thanks in advance

There is a general CI issue that is not caused by your changes. A newer cbindgen fails to compile with the rust version some of the CI targets use.

[victorjulien]

How would one use this ini file?

[vipinpv85]

How would one use this ini file?

The ini is configuration parameter file for DPDK EAL and it's components. DPDK processing (SW or HW assisted) can be run in 2 modes of operation

1. Merged mode (DPDK threads + Suricata threads is process-1)
2. Independent mode (DPDK threads is process-1 + Suricata threads is process-2)

Note: Benefit of having Independent mode is

1. less code addition to Suricata.
2. ability to offload DPDK rules (ACL) and offload as eBPF.
3. allow packet copy (since eBPF lack clone API).
4. ability restart suricata or dpdk in crash scenarios or configuration changes

[victorjulien]

Can you add a user guide section to explain to users how this can be used?

[vipinpv85]

Can you add a user guide section to explain to users how this can be used?

I will try to create a draft ticket or feature request explaining the possible merge options with DPDK API.

[victorjulien]

As this needs to be part of a PR that adds actual DPDK support I'm closing this.

[vipinpv85]

Hi Victor, sorry for the late reply, yes sure. I will pull the latest the Suricata release and use that as the baseline for the new branch. [EDIT] closing this PR for sharing consolidated PR.

…

On Wed, 3 Jun 2020 at 17:27, Victor Julien ***@***.***> wrote: As this needs to be part of a PR that adds actual DPDK support I'm closing this. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#4902 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJ4NYLNPA7FKTDDTVBD6CLRUY3EDANCNFSM4MWW3ZMA> .

-- Thanks Vipin Varghese