-
Notifications
You must be signed in to change notification settings - Fork 0
/
suricata.db
executable file
·1 lines (1 loc) · 16.6 KB
/
suricata.db
1
{"gitRepoUrl": "https://github.com/OISF/suricata.git", "commitId": "9353b07292255025069674df73b84acd88b254db", "humanFuncDescription": [{"filePath": "ebpf/xdp_lb.c", "funcName": "hash_ipv4", "startLine": 73, "endLine": 99, "description": "This function computes the hash of the extracted IPv4 packet. After the initial bounds check, the cpu_hash is composed by adding the source and destination addresses. This is done in order to be able to hit the same CPU in case the source and destination IP pairs are the same. The SuperFastHash method is used to compose the hash. It takes in 3 arguments- constant character format of the composed cpu_hash, its length and a variable to add randomness called INITVAL. If the CPU assigned is greater than the maximum CPUs, modulus operator is used to wrap around and find a CPU within the maximum allocated range. If no CPU is assigned, the XDP-ABORTED action is returned. Else, the bpf_redirect_map is called to redirect the flow from one CPU to another allocated CPU.", "author": "Madhuri Annavazzala", "authorEmail": "madhuriannavazzala@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/xdp_lb.c", "funcName": "hash_ipv6", "startLine": 101, "endLine": 132, "description": "This function composes the hash of the extracted IPv6 packet. After the initial bounds check, the cpu_hash is composed by adding the source and destination addresses. This is done in order to be able to hit the same CPU in case the source and destination IP pairs are the same. The SuperFastHash method is used to compose the hash. It takes in 3 arguments- constant character format of the composed cpu_hash, its length and a variable to add randomness called INITVAL. If the CPU assigned is greater than the maximum CPUs, modulus operator is used to wrap around and find a CPU within the maximum allocated range. If no CPU is assigned, the XDP-ABORTED action is returned. Else, the bpf_redirect_map is called to redirect the flow from one CPU to another allocated CPU.", "author": "Madhuri Annavazzala", "authorEmail": "madhuriannavazzala@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/xdp_lb.c", "funcName": "filter_gre", "startLine": 134, "endLine": 202, "description": "This function extracts the encapsulated IP header packet to be hashed. Initially the GRE header is processed to get the GRE_VERSION and GRE_ROUTING information. Then any ERPSAN and VLAN headers present are stripped to reach the ETHERNET HEADER. Based on the version of the IP packet mentioned the relevant function handles the hashing. i.e. either hash_ipv4 or hash_ipv6. If an IP header is not present the packet is passed onto the usual onto the usual kernel network processing stack.", "author": "Madhuri Annavazzala", "authorEmail": "madhuriannavazzala@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/xdp_lb.c", "funcName": "filter_ipv4", "startLine": 204, "endLine": 214, "description": "This function filters the IPv4 packets. It initially does the basic bounds checking for the packet length, the packet is checked for a GRE header. If there is a GRE header it is handled by the filter_gre function, else the IPv4 packet is extracted to be hashed by hash_ipv4 funtion.", "author": "Madhuri Annavazzala", "authorEmail": "madhuriannavazzala@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/xdp_filter.c", "funcName": "filter_ipv4", "startLine": 235, "endLine": 377, "description": "This function filters the IPv4 packets. If the L4 protocol is TCP, tuple.ip_proto is set to 1. If it is UDP, tuple.ip_proto is set to 0. The source port and destination port of the packet are also extracted. The packet is DROPPED if the packets' ports are not able to get extracted. The tuple array consists of the identification fields for the packet such as - src address, destination address, src port, dest port, vlan0 and vlan1 (used for VLAN flow tracking) which are then used as a key to lookup in the map. If it exists, the number of packets is incremented by 1 and the bytes is incremented by the length of the packet. The increments are done using atomic operations if the map type is BPF_MAP_TYPE_ARRAY. If GOT_TX_PEER flag is enabled, the key0 is initialized as 0. The key is then searched in tx_peer_int BPF MAP. The packet is dropped if the key doesn't exist. Otherwise, the packet is redirect to the corresponding port. If ENCRYPTED_TLS_BYPASS flag is set, the key1 variable is initialized to 0. Then, the transport protocol is checked if it is secured. If the protocol is secured, the key1 is searched in the tls_bypass_count and incremented appropriately. If BUILD_CPUMAP flag is set, the hash is generated using the src and dst addresses using the SuperFastHash function. A destination CPU is selected from the available CPUs using this hash as key. If the corresponding value exists in the map, the packet is redirected to the destination CPU, otherwise it is dropped. If the RSS_QUE_NUMBERS macro is defined, the hash is generated using src and dst addresses using the SuperFastHash function. The rx_queue_index field of the context variable is updated with the hash. The packet is PASSED.", "author": "R V B R N Aaseesh", "authorEmail": "aaseesh.rallapalli@gmail.com", "date": "2023-04-04"}, {"filePath": "ebpf/xdp_lb.c", "funcName": "filter_ipv6", "startLine": 216, "endLine": 220, "description": "This function extracts the IPv6 packet and is then sent to be handled by the hash_ipv6 method.", "author": "Madhuri Annavazzala", "authorEmail": "madhuriannavazzala@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/xdp_filter.c", "funcName": "filter_ipv6", "startLine": 379, "endLine": 483, "description": "This function filters the IPv6 packets. If the L4 protocol is TCP, tuple.ip_proto is set to 1. If it is UDP, tuple.ip_proto is set to 0. The source port and destination port of the packet are also extracted. The packet is DROPPED if the packets' ports are not able to get extracted. The tuple array consists of the identification fields for the packet such as - src address, destination address, src port, dest port, vlan0 and vlan1 (used for VLAN flow tracking) which are then used as a key to lookup in the map. If it exists, the number of packets is incremented by 1 and the bytes is incremented by the length of the packet. The increments are done using atomic operations if the map type is BPF_MAP_TYPE_ARRAY. If GOT_TX_PEER flag is enabled, the key0 is initialized as 0. The key is then searched in tx_peer_int BPF MAP. The packet is dropped if the key doesn't exist. Otherwise, the packet is redirect to the corresponding port. If ENCRYPTED_TLS_BYPASS flag is set, the key1 variable is initialized to 0. Then, the transport protocol is checked if it is secured. If the protocol is secured, the key1 is searched in the tls_bypass_count and incremented appropriately. If BUILD_CPUMAP flag is set, the hash is generated using the src and dst addresses using the SuperFastHash function. A destination CPU is selected from the available CPUs using this hash as key. If the corresponding value exists in the map, the packet is redirected to the destination CPU, otherwise it is dropped. If the RSS_QUE_NUMBERS macro is defined, the hash is generated using src and dst addresses using the SuperFastHash function. The rx_queue_index field of the context variable is updated with the hash. The packet is PASSED.", "author": "R V B R N Aaseesh", "authorEmail": "aaseesh.rallapalli@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/xdp_lb.c", "funcName": "xdp_loadfilter", "startLine": 222, "endLine": 267, "description": "This function parses the received packet to extract the VLAN header, followed by the Ethernet header. Based on the version of the IP packet relevant filter functions are called i.e, for IPv4 packets filter_ipv4 function is called and for IPv6 packets the filter_ipv6 function is called.", "author": "Madhuri Annavazzala", "authorEmail": "madhuriannavazzala@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/lb.c", "funcName": "ipv4_hash", "startLine": 41, "endLine": 57, "description": "The function computes a hash for a given packet, by adding the source and destination IP addresses.", "author": "Pragna Mamidipaka", "authorEmail": "pragna.pune@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/lb.c", "funcName": "ipv6_addr_hash", "startLine": 59, "endLine": 67, "description": "The function takes an IPv6 address and computes a hash by bitwise XOR of its four octets.", "author": "Pragna Mamidipaka", "authorEmail": "pragna.pune@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/lb.c", "funcName": "ipv6_hash", "startLine": 69, "endLine": 81, "description": "The function uses source address hash and destination address hash of a packet, and returns the sum of the two as the final hash value.", "author": "Pragna Mamidipaka", "authorEmail": "pragna.pune@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/lb.c", "funcName": "lb", "startLine": 83, "endLine": 145, "description": "The function parses the ethernet and VLAN headers to extract the IP header. Based on whether it is an IPv4 packet or IPv6 packet, the corresponding hashing functions are called and hash values are returned. If IP header is not present, the ether type is returned. ", "author": "Pragna Mamidipaka", "authorEmail": "pragna.pune@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/bypass_filter.c", "funcName": "ipv4_filter", "startLine": 88, "endLine": 148, "description": "The function extracts the src and dst IP addresses of the IPv4 packet, and checks whether the dst address is in the list of IPs to be dropped. If yes, count of packet drops is incremented by 1, and function returns 0. If not, function returns -1.", "author": "Pragna Mamidipaka", "authorEmail": "pragna.pune@gmail.com", "date": "2023-04-04"}, {"filePath": "ebpf/filter.c", "funcName": "ipv4_filter", "startLine": 46, "endLine": 81, "description": "The function extracts the src and dst IP addresses of the IPv4 packet, and checks whether the dst address is in the list of IPs to be dropped. If yes, count of packet drops is incremented by 1, and function returns 0. If not, function returns -1.", "author": "Pragna Mamidipaka", "authorEmail": "pragna.pune@gmail.com", "date": "2023-04-04"}, {"filePath": "ebpf/bypass_filter.c", "funcName": "ipv6_filter", "startLine": 155, "endLine": 210, "description": "The function does not filter any IPv6 packets. It returns -1 for all packets.", "author": "Pragna Mamidipaka", "authorEmail": "pragna.pune@gmail.com", "date": "2023-04-04"}, {"filePath": "ebpf/filter.c", "funcName": "ipv6_filter", "startLine": 83, "endLine": 86, "description": "The function does not filter any IPv6 packets. It returns -1 for all packets.", "author": "Pragna Mamidipaka", "authorEmail": "pragna.pune@gmail.com", "date": "2023-04-04"}, {"filePath": "ebpf/bypass_filter.c", "funcName": "hashfilter", "startLine": 220, "endLine": 256, "description": "This hash function filter, filters the Ethernet packets based on the IP packet version. If GLOBAL_BYPASS flag is set, then the key0 is initialized to 0 and is checked in the global_bypass map. If the key exists, the same key0 is checked in tx_peer_int map. If the key doesn't exist, the packet is dropped. Othereise, the tx_port is written into the tx_peer map. If GLOBAL_BYPASS is not set, the fields vlan0 is set to the last 12 bits of the VLAN TCI field and vlan1 is set to 0 if the VLAN_TRACKING is off else it is set to the last 12 bits of the VLAN TCI field(since vlan0 is stripped by the OS). Based on the version of IP packets, the function filter_ipv4 or filter_ipv6 is invoked accordingly. If it is neither of them -1 is returned.", "author": "R V B R N Aaseesh", "authorEmail": "aaseesh.rallapalli@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/bypass_filter.c", "funcName": "hashfilter", "startLine": 220, "endLine": 256, "description": "The function checks whether the packet is an IPv4 packet or an IPv6 packet, and correspondingly calls the filter functions. If the packet does not contain any IP header, then -1 is returned.", "author": "Pragna Mamidipaka", "authorEmail": "pragna.pune@gmail.com", "date": "2023-04-04"}, {"filePath": "ebpf/vlan_filter.c", "funcName": "hashfilter", "startLine": 25, "endLine": 36, "description": "This hash function filter, filters the Ethernet packets based on the IP packet version. If GLOBAL_BYPASS flag is set, then the key0 is initialized to 0 and is checked in the global_bypass map. If the key exists, the same key0 is checked in tx_peer_int map. If the key doesn't exist, the packet is dropped. Othereise, the tx_port is written into the tx_peer map. If GLOBAL_BYPASS is not set, the fields vlan0 is set to the last 12 bits of the VLAN TCI field and vlan1 is set to 0 if the VLAN_TRACKING is off else it is set to the last 12 bits of the VLAN TCI field(since vlan0 is stripped by the OS). Based on the version of IP packets, the function filter_ipv4 or filter_ipv6 is invoked accordingly. If it is neither of them -1 is returned.", "author": "R V B R N Aaseesh", "authorEmail": "aaseesh.rallapalli@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/vlan_filter.c", "funcName": "hashfilter", "startLine": 25, "endLine": 36, "description": "The function checks whether the packet is an IPv4 packet or an IPv6 packet, and correspondingly calls the filter functions. If the packet does not contain any IP header, then -1 is returned.", "author": "Pragna Mamidipaka", "authorEmail": "pragna.pune@gmail.com", "date": "2023-04-04"}, {"filePath": "ebpf/filter.c", "funcName": "hashfilter", "startLine": 88, "endLine": 110, "description": "This hash function filter, filters the Ethernet packets based on the IP packet version. If GLOBAL_BYPASS flag is set, then the key0 is initialized to 0 and is checked in the global_bypass map. If the key exists, the same key0 is checked in tx_peer_int map. If the key doesn't exist, the packet is dropped. Othereise, the tx_port is written into the tx_peer map. If GLOBAL_BYPASS is not set, the fields vlan0 is set to the last 12 bits of the VLAN TCI field and vlan1 is set to 0 if the VLAN_TRACKING is off else it is set to the last 12 bits of the VLAN TCI field(since vlan0 is stripped by the OS). Based on the version of IP packets, the function filter_ipv4 or filter_ipv6 is invoked accordingly. If it is neither of them -1 is returned.", "author": "R V B R N Aaseesh", "authorEmail": "aaseesh.rallapalli@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/filter.c", "funcName": "hashfilter", "startLine": 88, "endLine": 110, "description": "The function checks whether the packet is an IPv4 packet or an IPv6 packet, and correspondingly calls the filter functions. If the packet does not contain any IP header, then -1 is returned.", "author": "Pragna Mamidipaka", "authorEmail": "pragna.pune@gmail.com", "date": "2023-04-04"}, {"filePath": "ebpf/xdp_filter.c", "funcName": "get_sport", "startLine": 191, "endLine": 211, "description": "This function extracts and returns the source port of the TCP and UDP packets. Returns -1 if the packet is invalid. Returns 0 if the packet is neither TCP nor UDP.", "author": "R V B R N Aaseesh", "authorEmail": "aaseesh.rallapalli@gmail.com", "date": "2023-04-04"}, {"filePath": "ebpf/xdp_filter.c", "funcName": "get_dport", "startLine": 213, "endLine": 233, "description": "This function extracts and returns the destination port of the TCP and UDP packets. Returns -1 if the packet is invalid. Returns 0 if the packet is neither TCP nor UDP.", "author": "R V B R N Aaseesh", "authorEmail": "aaseesh.rallapalli@gmail.com", "date": "2023-04-04"}, {"filePath": "ebpf/xdp_filter.c", "funcName": "xdp_hashfilter", "startLine": 485, "endLine": 552, "description": "This hash function filter, filters the Ethernet packets based on the IP packet version. If GLOBAL_BYPASS flag is set, then the key0 is initialized to 0 and is checked in the global_bypass map. If the key exists, the same key0 is checked in tx_peer_int map. If the key doesn't exist, the packet is dropped. Othereise, the tx_port is written into the tx_peer map. If GLOBAL_BYPASS is not set, the fields vlan0 is set to the last 12 bits of the VLAN TCI field and vlan1 is set to 0 if the VLAN_TRACKING is off else it is set to the last 12 bits of the VLAN TCI field(since vlan0 is stripped by the OS). Based on the version of IP packets, the function filter_ipv4 or filter_ipv6 is invoked accordingly. If it is neither of them -1 is returned.", "author": "R V B R N Aaseesh", "authorEmail": "aaseesh.rallapalli@gmail.com", "date": "2023-04-05"}, {"filePath": "ebpf/hash_func01.h", "funcName": "SuperFastHash", "startLine": 9, "endLine": 55, "description": "This function is the implementation of the SuperFastHash algorithm by Paul Hsieh of MIT. This function returns the hash of length len, for the input data based on the random state initval.", "author": "R V B R N Aaseesh", "authorEmail": "aaseesh.rallapalli@gmail.com", "date": "2023-04-05"}]}