af-xdp: detach XDP program early v8

[joser12345678]

To mitigate a bug with AF_XDP sockets in high traffic scenarios, the XDP program must be detatched before the sockets are closed. This issue happens when large ammounts of traffic are sent to suricata and the XDP program is not removed before AF_XDP sockets are closed. I believe this is a race condition bug as detailed here: https://bugzilla.kernel.org/show_bug.cgi?id=217712

Further investigation shows this may be a bug exclusive to the driver/AMD processor combination.

This commit addresses the bug by ensuring the first thread to run the deinit function removes the XDP program, which fixes the bug as detailed in the bugzilla link.

Bug #6238

Make sure these boxes are signed before submitting your Pull Request -- thank you.

• [ x] I have read the contributing guide lines at https://docs.suricata.io/en/latest/devguide/codebase/contributing/contribution-process.html
• [ x] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/
• [x ] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6238

Describe changes:
Added a RunModeAFXDPRemoveProg function to remove an AF_XDP program before closing sockets as this prevents the crash when receiving high traffic volume and shutting down suricata. Also fixed error for building and an error with an unread return value.
previous PR #9369

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_REPO=
SV_BRANCH=
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

[github-actions]

NOTE: This PR may contain new authors:

Joseph Reilly <joser17@vt.edu>

[codecov]

Codecov Report

Merging #9384 (9ac23da) into master (8770431) will decrease coverage by 0.25%.
Report is 54 commits behind head on master.
The diff coverage is 100.00%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #9384      +/-   ##
==========================================
- Coverage   82.42%   82.17%   -0.25%     
==========================================
  Files         968      968              
  Lines      274011   274198     +187     
==========================================
- Hits       225845   225326     -519     
- Misses      48166    48872     +706     

Flag	Coverage Δ
fuzzcorpus	64.04% <0.00%> (-0.61%)	⬇️
suricata-verify	60.88% <66.66%> (+0.03%)	⬆️
unittests	62.88% <33.33%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

[catenacyber]

@regit is this your domain of expertise ?

[regit]

@regit is this your domain of expertise ?

I ve looked at af_xdp but I don't have a big experience on it. I can look at MR if you want to.

[catenacyber]

Or is it @lukashino who knows best ?

[victorjulien]

@rmcconnell-r7 @giannitedesco could you have another look? Thanks!

[giannitedesco]

Looks good to me. There's a missing newline at end of file introduced but apart from that.

I'm unable to speak to the bug itself since we don't have AMD to repro, but the workaround looks reasonable.

[victorjulien]

@joser12345678 can you make sure to sign the CLA with the email address you use as the git author? Waiting for that, but we're ready to go after that. Thanks!

[joser12345678]

@victorjulien done!

[victorjulien]

Merged in #9847, thanks!

[victorjulien]

Thanks for your contribution @joser12345678 🎉