Skip to content

vipinpv85/DPDK-Suricata_3.0

Repository files navigation

Long Term Support

End of Life (no more new supprot addition & features)

Purpose

Make use of DPDK PMD, with pre-parser and 3 Tuple ACL before Suricata worker stage. This helps to send only relevan ipv4 and ipv6 to Suricata worker pipeline.

How to build

Build Enviroment

software release
gcc Ubuntu 7.3.0-27ubuntu1~18.04
OS 4.15.0-46-generic debian version Ubuntu 18.04.2 LTS

DPDK

  1. Download DPDK LTS http://fast.dpdk.org/rel/dpdk-18.11.5.tar.xz from dpdk.org.

  2. Untar DPDK and use make config T=x86_64-native-linuxapp-gcc O=x86_64-native-linuxapp-gcc.

  3. Build DPDK by

export RTE_SDK=$PWD; 
export RTE_TARGET=x86_64-native-linuxapp-gcc; 
cd x86_64-native-linuxapp-gcc, 
make -j 4
  1. Test the custom build by cross checking examples like helloworld & l2fwd.

Suricata with DPDK

  1. Download the project zip and unzip the contents.

  2. Execute in terminal

 - cd DPDK-Suircata_3.0/suricata-3.0
 - autoconf
  1. If DPDK enviroment variables are present, use
 - ./configure --enable-dpdkintel
 or
 - ./configure --sysconfdir=<mydesiredpath> --enable-dpdkintel
  1. If DPDK is installed as package or custom build directory, use
 - ./configure --enable-dpdkintel --with-libdpdkintel-includes=<path to dpdk include> --with-libdpdkintel-libraries=<path to dpdk lib>
 or
 - ./configure --sysconfdir=<mydesiredpath> --enable-dpdkintel --with-libdpdkintel-includes=<path to dpdk include> --with-libdpdkintel-libraries=<path to dpdk lib>
  1. Build suricata with
make -j 10

modified suricata:

steps explanation
autoconf to build the configure script with DPDK support
./configure --enable-dpdk makes configuration and build Makefile with DPDK support
make -j 10 build suricata with 10 threads

Test Run:

command purpose
./src/suricata --list-runmodes get suricata version and supported modes
./src/suricata --list-dpdkintel-ports list DPDK available ports
./src/suricata -c suricata.yaml --dpdkintel Run DPDK suircata with mysuricata.cfg

Configuration for suricata.yaml

  1. IDS
#dpdkintel support
dpdkintel:

  inputs:
     - interface: 0
     - interface: 1

# Select dpdk intel operation mode ips|ids|bypass
       opmode: ids
  1. IPS
#dpdkintel support
dpdkintel:

  inputs:
     - interface: 0
       copy-interface: 1
     - interface: 1
       copy-interface: 0

# Select dpdk intel operation mode ips|ids|bypass
       opmode: ips

Configuration for dpdk-suricata.ini

Section purpose
EAL dpdk eal args
PORT-[0-X] specific configuration per port
ACL-IPV4 rule count or number of entires
ACL-IPV6 rule count or number of entires