dpdk: implement DPDK SW tests

Implement Github CI tests to run DPDK Suri with the minimal configuration to verify that Suricata can start in both IDS and IPS configuration.
catenacyber · Apr 10, 2024 · e54084f · e54084f
1 parent 28ac3c2
commit e54084f
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 0 deletions.
diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
@@ -2103,6 +2103,20 @@ jobs:
       - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-dpdk
       - run: make -j ${{ env.CPUS }}
       - run: make check
+      # IDS config
+      - run: rm -f ./eve.json
+      - run: |
+          timeout --kill-after=30 --preserve-status 3 \
+            ./src/suricata -c .github/workflows/dpdk/suricata-null-ids.yaml -S /dev/null -l ./ --dpdk -vvvv
+      - run: |
+          test $(jq -c 'select(.event_type == "stats")' ./eve.json | tail -n1 | jq '.stats.capture.packets > 0')  = true
+      # IPS config
+      - run: rm -f ./eve.json
+      - run: |
+          timeout --kill-after=30 --preserve-status 3 \
+            ./src/suricata -c .github/workflows/dpdk/suricata-null-ips.yaml -S /dev/null -l ./ --dpdk -vvvv
+      - run: |
+          test $(jq -c 'select(.event_type == "stats")' ./eve.json | tail -n1 | jq '.stats.capture.packets > 0')  = true
 
   debian-12:
     name: Debian 12

diff --git a/.github/workflows/dpdk/suricata-null-ids.yaml b/.github/workflows/dpdk/suricata-null-ids.yaml
@@ -0,0 +1,38 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      append: false
+      filename: eve.json
+      level: Info
+      types:
+        - stats:
+            totals: yes
+dpdk:
+  eal-params:
+    proc-type: primary
+    vdev: net_null0
+    no-huge:
+    m: 256
+
+  interfaces:
+    - interface: net_null0 # PCIe address of the NIC port
+      threads: auto
+      mempool-size: 511
+      mempool-cache-size: auto
+      rx-descriptors: 16
+      tx-descriptors: 16
+      copy-mode: none
+      copy-iface: none # or PCIe address of the second interface
+
+threading:
+  set-cpu-affinity: yes
+  cpu-affinity:
+    - management-cpu-set:
+        cpu: [ 0 ]
+    - worker-cpu-set:
+        cpu: [ "all" ]
+        mode: "exclusive"
diff --git a/.github/workflows/dpdk/suricata-null-ips.yaml b/.github/workflows/dpdk/suricata-null-ips.yaml
@@ -0,0 +1,47 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      append: false
+      filename: eve.json
+      level: Info
+      types:
+        - stats:
+            totals: yes
+
+dpdk:
+  eal-params:
+    proc-type: primary
+    vdev: ["net_null0", "net_null1"]
+    no-huge:
+    m: 256
+
+  interfaces:
+    - interface: net_null0
+      threads: 1
+      mempool-size: 511
+      mempool-cache-size: auto
+      rx-descriptors: 16
+      tx-descriptors: 16
+      copy-mode: ips
+      copy-iface: net_null1
+    - interface: net_null1
+      threads: 1
+      mempool-size: 511
+      mempool-cache-size: auto
+      rx-descriptors: 16
+      tx-descriptors: 16
+      copy-mode: ips
+      copy-iface: net_null0
+
+threading:
+  set-cpu-affinity: yes
+  cpu-affinity:
+    - management-cpu-set:
+        cpu: [ 0 ]
+    - worker-cpu-set:
+        cpu: [ "1-2" ]
+        mode: "exclusive"