OISF · victorjulien · Apr 15, 2021 · Apr 11, 2021 · Apr 12, 2021 · Apr 14, 2021
@@ -1225,7 +1225,10 @@ jobs:
                 pkg-config \
                 sudo \
                 zlib1g \
-                zlib1g-dev
+                zlib1g-dev \
+                clang \
+                libbpf-dev \
+                libelf-dev
       - name: Install Rust
         run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y
       - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
@@ -1242,7 +1245,7 @@ jobs:
           cp prep/cbindgen $HOME/.cargo/bin
           chmod 755 $HOME/.cargo/bin/cbindgen
       - run: ./autogen.sh
-      - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-fuzztargets
+      - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-fuzztargets --enable-ebpf --enable-ebpf-build
       - run: make -j2
       - run: make check
       - run: tar xf prep/suricata-verify.tar.gz

@@ -1820,6 +1820,7 @@
         if test "$have_xdp" = "yes"; then
             AC_DEFINE([HAVE_PACKET_XDP],[1],[XDP support is available])
         fi
+        AC_CHECK_FUNCS(bpf_program__section_name)
     fi;
 
   # Check for DAG support.

@@ -40,8 +40,8 @@
 /* Hashing initval */
 #define INITVAL 15485863
 
-/* Increase CPUMAP_MAX_CPUS if ever you have more than 64 CPUs */
-#define CPUMAP_MAX_CPUS     64
+/* Increase CPUMAP_MAX_CPUS if ever you have more than 128 CPUs */
+#define CPUMAP_MAX_CPUS 128
 
 struct vlan_hdr {
     __u16	h_vlan_TCI;
@@ -134,7 +134,7 @@ static int __always_inline hash_ipv6(void *data, void *data_end)
 static int __always_inline filter_gre(struct xdp_md *ctx, void *data, __u64 nh_off, void *data_end)
 {
     struct iphdr *iph = data + nh_off;
-    __be16 proto;
+    __u16 proto;
     struct gre_hdr {
         __be16 flags;
         __be16 proto;
@@ -158,6 +158,11 @@ static int __always_inline filter_gre(struct xdp_md *ctx, void *data, __u64 nh_o
     if (grhdr->flags & GRE_SEQ)
         nh_off += 4;
 
+    /* Update offset to skip ERPSAN header if we have one */
+    if (proto == __constant_htons(ETH_P_ERSPAN)) {
+        nh_off += 8;
+    }
+
     if (data + nh_off > data_end)
         return XDP_PASS;
     if (bpf_xdp_adjust_head(ctx, 0 + nh_off))
@@ -166,18 +171,32 @@ static int __always_inline filter_gre(struct xdp_md *ctx, void *data, __u64 nh_o
     data = (void *)(long)ctx->data;
     data_end = (void *)(long)ctx->data_end;
 
+    /* we have now data starting at Ethernet header */
+    struct ethhdr *eth = data;
+    proto = eth->h_proto;
+    /* we want to hash on IP so we need to get to ip hdr */
+    nh_off = sizeof(*eth);
+
+    if (data + nh_off > data_end)
+        return XDP_PASS;
+
+    /* we need to increase offset and update protocol
+     * in the case we have VLANs */
     if (proto == __constant_htons(ETH_P_8021Q)) {
-        struct vlan_hdr *vhdr = (struct vlan_hdr *)(data);
+        struct vlan_hdr *vhdr = (struct vlan_hdr *)(data + nh_off);
         if ((void *)(vhdr + 1) > data_end)
             return XDP_PASS;
         proto = vhdr->h_vlan_encapsulated_proto;
         nh_off += sizeof(struct vlan_hdr);
     }
 
+    if (data + nh_off > data_end)
+        return XDP_PASS;
+    /* proto should now be IP style */
     if (proto == __constant_htons(ETH_P_IP)) {
-        return hash_ipv4(data, data_end);
+        return hash_ipv4(data + nh_off, data_end);
     } else if (proto == __constant_htons(ETH_P_IPV6)) {
-        return hash_ipv6(data, data_end);
+        return hash_ipv6(data + nh_off, data_end);
     } else
         return XDP_PASS;
 }

@@ -63,7 +63,7 @@
 #include "util-print.h"
 #include "queue.h"
 
-static int g_ippair_expectation_id = -1;
+static IPPairStorageId g_ippair_expectation_id = { .id = -1 };
 static FlowStorageId g_flow_expectation_id = { .id = -1 };
 
 SC_ATOMIC_DECLARE(uint32_t, expectation_count);

@@ -1,4 +1,4 @@
-/* Copyright (C) 2017 Open Information Security Foundation
+/* Copyright (C) 2017-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free

@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2013 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -45,15 +45,15 @@
 SC_ATOMIC_DECLARE(unsigned int, num_tags);  /**< Atomic counter, to know if we
                                                  have tagged hosts/sessions,
                                                  to avoid locking */
-static int host_tag_id = -1;                /**< Host storage id for tags */
+static HostStorageId host_tag_id = { .id = -1 }; /**< Host storage id for tags */
 static FlowStorageId flow_tag_id = { .id = -1 }; /**< Flow storage id for tags */
 
 void TagInitCtx(void)
 {
     SC_ATOMIC_INIT(num_tags);
 
     host_tag_id = HostStorageRegister("tag", sizeof(void *), NULL, DetectTagDataListFree);
-    if (host_tag_id == -1) {
+    if (host_tag_id.id == -1) {
         FatalError(SC_ERR_FATAL, "Can't initiate host storage for tag");
     }
     flow_tag_id = FlowStorageRegister("tag", sizeof(void *), NULL, DetectTagDataListFree);
@@ -117,7 +117,7 @@ static DetectTagDataEntry *DetectTagDataCopy(DetectTagDataEntry *dtd)
  * \param p pointer to the current packet
  * \param tde pointer to the new DetectTagDataEntry
  *
- * \retval 0 if the tde was added succesfuly
+ * \retval 0 if the tde was added successfully
  * \retval 1 if an entry of this sid/gid already exist and was updated
  */
 int TagFlowAdd(Packet *p, DetectTagDataEntry *tde)

@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2015 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -69,23 +69,23 @@
 #include "util-var-name.h"
 #include "tm-threads.h"
 
-static int host_threshold_id = -1; /**< host storage id for thresholds */
-static int ippair_threshold_id = -1; /**< ip pair storage id for thresholds */
+static HostStorageId host_threshold_id = { .id = -1 };     /**< host storage id for thresholds */
+static IPPairStorageId ippair_threshold_id = { .id = -1 }; /**< ip pair storage id for thresholds */
 
-int ThresholdHostStorageId(void)
+HostStorageId ThresholdHostStorageId(void)
 {
     return host_threshold_id;
 }
 
 void ThresholdInit(void)
 {
     host_threshold_id = HostStorageRegister("threshold", sizeof(void *), NULL, ThresholdListFree);
-    if (host_threshold_id == -1) {
+    if (host_threshold_id.id == -1) {
         FatalError(SC_ERR_FATAL,
                    "Can't initiate host storage for thresholding");
     }
     ippair_threshold_id = IPPairStorageRegister("threshold", sizeof(void *), NULL, ThresholdListFree);
-    if (ippair_threshold_id == -1) {
+    if (ippair_threshold_id.id == -1) {
         FatalError(SC_ERR_FATAL,
                    "Can't initiate IP pair storage for thresholding");
     }

@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2010 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -28,10 +28,11 @@
 #include "detect.h"
 #include "host.h"
 #include "ippair.h"
+#include "host-storage.h"
 
 void ThresholdInit(void);
 
-int ThresholdHostStorageId(void);
+HostStorageId ThresholdHostStorageId(void);
 int ThresholdHostHasThreshold(Host *);
 
 int ThresholdIPPairHasThreshold(IPPair *pair);

@@ -1,4 +1,4 @@
-/* Copyright (C) 2018 Open Information Security Foundation
+/* Copyright (C) 2018-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -56,8 +56,12 @@ unsigned int LiveDevStorageSize(void)
  * It has to be called once during the init of the sub system
  */
 
-int LiveDevStorageRegister(const char *name, const unsigned int size, void *(*Alloc)(unsigned int), void (*Free)(void *)) {
-    return StorageRegister(STORAGE_DEVICE, name, size, Alloc, Free);
+LiveDevStorageId LiveDevStorageRegister(const char *name, const unsigned int size,
+        void *(*Alloc)(unsigned int), void (*Free)(void *))
+{
+    int id = StorageRegister(STORAGE_DEVICE, name, size, Alloc, Free);
+    LiveDevStorageId ldsi = { .id = id };
+    return ldsi;
 }
 
 /**
@@ -68,9 +72,9 @@ int LiveDevStorageRegister(const char *name, const unsigned int size, void *(*Al
  * \param ptr pointer to the data to store
  */
 
-int LiveDevSetStorageById(LiveDevice *d, int id, void *ptr)
+int LiveDevSetStorageById(LiveDevice *d, LiveDevStorageId id, void *ptr)
 {
-    return StorageSetById((Storage *)((void *)d + sizeof(LiveDevice)), STORAGE_DEVICE, id, ptr);
+    return StorageSetById((Storage *)((void *)d + sizeof(LiveDevice)), STORAGE_DEVICE, id.id, ptr);
 }
 
 /**
@@ -81,9 +85,9 @@ int LiveDevSetStorageById(LiveDevice *d, int id, void *ptr)
  *
  */
 
-void *LiveDevGetStorageById(LiveDevice *d, int id)
+void *LiveDevGetStorageById(LiveDevice *d, LiveDevStorageId id)
 {
-    return StorageGetById((Storage *)((void *)d + sizeof(LiveDevice)), STORAGE_DEVICE, id);
+    return StorageGetById((Storage *)((void *)d + sizeof(LiveDevice)), STORAGE_DEVICE, id.id);
 }
 
 /**
@@ -92,14 +96,15 @@ void *LiveDevGetStorageById(LiveDevice *d, int id)
 
 /* Start of "private" function */
 
-void *LiveDevAllocStorageById(LiveDevice *d, int id)
+void *LiveDevAllocStorageById(LiveDevice *d, LiveDevStorageId id)
 {
-    return StorageAllocByIdPrealloc((Storage *)((void *)d + sizeof(LiveDevice)), STORAGE_DEVICE, id);
+    return StorageAllocByIdPrealloc(
+            (Storage *)((void *)d + sizeof(LiveDevice)), STORAGE_DEVICE, id.id);
 }
 
-void LiveDevFreeStorageById(LiveDevice *d, int id)
+void LiveDevFreeStorageById(LiveDevice *d, LiveDevStorageId id)
 {
-    StorageFreeById((Storage *)((void *)d + sizeof(LiveDevice)), STORAGE_DEVICE, id);
+    StorageFreeById((Storage *)((void *)d + sizeof(LiveDevice)), STORAGE_DEVICE, id.id);
 }
 
 void LiveDevFreeStorage(LiveDevice *d)

@@ -1,4 +1,4 @@
-/* Copyright (C) 2018 Open Information Security Foundation
+/* Copyright (C) 2018-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -29,17 +29,22 @@
 #include "util-storage.h"
 #include "util-device.h"
 
+typedef struct LiveDevStorageId_ {
+    int id;
+} LiveDevStorageId;
+
 unsigned int LiveDevStorageSize(void);
 
-void *LiveDevGetStorageById(LiveDevice *d, int id);
-int LiveDevSetStorageById(LiveDevice *d, int id, void *ptr);
-void *LiveDevAllocStorageById(LiveDevice *d, int id);
+void *LiveDevGetStorageById(LiveDevice *d, LiveDevStorageId id);
+int LiveDevSetStorageById(LiveDevice *d, LiveDevStorageId id, void *ptr);
+void *LiveDevAllocStorageById(LiveDevice *d, LiveDevStorageId id);
 
-void LiveDevFreeStorageById(LiveDevice *d, int id);
+void LiveDevFreeStorageById(LiveDevice *d, LiveDevStorageId id);
 void LiveDevFreeStorage(LiveDevice *d);
 
 void RegisterLiveDevStorageTests(void);
 
-int LiveDevStorageRegister(const char *name, const unsigned int size, void *(*Alloc)(unsigned int), void (*Free)(void *));
+LiveDevStorageId LiveDevStorageRegister(const char *name, const unsigned int size,
+        void *(*Alloc)(unsigned int), void (*Free)(void *));
 
 #endif /* __DEVICE_STORAGE_H__ */
@@ -1,4 +1,4 @@
-/* Copyright (C) 2014 Open Information Security Foundation
+/* Copyright (C) 2014-2021 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -38,7 +38,7 @@
 #include "util-unittest.h"
 #include "host-storage.h"
 
-static int host_bit_id = -1;                /**< Host storage id for bits */
+static HostStorageId host_bit_id = { .id = -1 }; /**< Host storage id for bits */
 
 static void HostBitFreeAll(void *store)
 {
@@ -49,7 +49,7 @@ static void HostBitFreeAll(void *store)
 void HostBitInitCtx(void)
 {
     host_bit_id = HostStorageRegister("bit", sizeof(void *), NULL, HostBitFreeAll);
-    if (host_bit_id == -1) {
+    if (host_bit_id.id == -1) {
         FatalError(SC_ERR_FATAL, "Can't initiate host storage for bits");
     }
 }