[IPS App] Not Receiving Response Data From Host

user45047 · April 8, 2022, 2:24am

Hello all,

I have been working closely with the Bluefield-2 DPU recently with the goal to familiarize myself with the hardware as well as DOCA. While following the documentation for the IPS application I have found that I can send traffic through the physical port on the DPU as well as through the scalable functions I have defined to run the application but once my request reached the host I do not receive that data on the client side.

For testing I have set up an Apache2 webserver on the host with the first goal being to be able to resolve that webpage from a browser and then create a Suricata rule for the DPI compiler to drop all packets going to that address at port 80. I still can’t determine how I would get the response back from the host as it is not clear to me how the second scalable function would route the traffic to the first ovs bridge which is where the first scalable function is located. I have set up my OVS to be exactly like the reference diagram in the documentation so I am unsure where I am messing up here. Any help would be greatly appreciated.

Thanks,

Austin

jubetz · April 13, 2022, 9:24pm

Hey Austin,

I think the shortest answer is that all traffic goes through the IPS App. Even traffic that you don’t intend on blocking or applying a policy to.

When you configure the SFs and OVS bridges in this way, traffic will not flow to the wire until the IPS App is running. Part of that DOCA application includes sending packets from SF0 <-> SF1. The other part of the DOCA application is the DPI library logic that will filter traffic based on the suricata style definition and regex.

From a networking perspective, the IPS app is a network bridge. It classic networking terms it would be like an inline transparent IPS appliance that bridges two VLANs together. You can only get traffic from SF0 to SF1 when the IPS application is running and processing packets.

Thanks!
-Justin