Skip to content

Xdp tunnel 7674 v6.2 #13304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 11 commits into from
Closed

Xdp tunnel 7674 v6.2 #13304

wants to merge 11 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7674

Describe changes:

  • on top of Vxlan tunnel 7717 v1 #13302
  • introduces configurable tunnel_id to distinguish same-looking (same 5-tuple) flows encapsulated in different tunnels
  • adds a config option to "skip" the packets that are not part of a tunnel
  • handle xdp bypass of these encapsulated flows
  • use this new tunnel_id as a multi-tenant selector

Provide values to any of the below to override the defaults.

SV_BRANCH=OISF/suricata-verify#2522

#13241 with a lot more

catenacyber and others added 5 commits May 23, 2025 08:30
@catenacyber
decode: use PacketIsTunnelChild
a0bfee9 
Instead of directly accessing the field

Will allow PacketTunnelType to hold the precise tunnel type like
DECODE_TUNNEL_ERSPANII with a modification of PacketIsTunnelChild
@catenacyber
decode: merge DecodeTunnelProto into PacketTunnelType
d86442e 
So that we know for a packet which precise type of tunnel it
is (like erspan2).
@catenacyber
ebpf: check maps compatibility
9b4d9c8 
ebpf program does not handle 3 layers of vlan
@catenacyber
decode/xvlan: treat as its own tunnel
c05fdc9 
Ticket: 7717

Allows for instance to process/log ARP packets over VXLAN.

That means we need to decode the ethernet layer above vxlan
instead of skipping it as part of the vxlan, even if the vxlan
decoder still checks the ethernet layer to avoid FPs.
@catenacyber
flow: factorize duplicated code for hashing
f94bd1e
@catenacyber catenacyber mentioned this pull request May 23, 2025
Closed
@catenacyber catenacyber force-pushed the xdp-tunnel-7674-v6.2 branch from ce6ba26 to 1becbd0 Compare May 23, 2025 14:45
@catenacyber catenacyber marked this pull request as draft May 23, 2025 14:53
@catenacyber catenacyber force-pushed the xdp-tunnel-7674-v6.2 branch from 9c87fe6 to 8e2855f Compare May 23, 2025 15:16
@codecov Codecov
Copy link

codecov bot commented May 23, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 58.66667% with 124 lines in your changes missing coverage. Please review.

Project coverage is 83.23%. Comparing base (b4095bf) to head (8e2855f).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #13304      +/-   ##
==========================================
- Coverage   83.41%   83.23%   -0.18%     
==========================================
  Files         995      996       +1     
  Lines      272813   275269    +2456     
==========================================
+ Hits       227558   229122    +1564     
- Misses      45255    46147     +892
Flag Coverage Δ
fuzzcorpus 61.99% <30.87%> (-0.05%) ⬇️
livemode 18.68% <10.73%> (-0.26%) ⬇️
pcap 45.08% <31.20%> (+0.16%) ⬆️
suricata-verify 65.01% <56.72%> (+0.02%) ⬆️
unittests 58.73% <18.24%> (-0.52%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

ERROR:
ERROR: buid failure for build_fetch QA build

ERROR: QA failed on build_fetch.

Pipeline 26197

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 26200

@catenacyber catenacyber mentioned this pull request May 27, 2025
Closed
@catenacyber
Copy link
Contributor Author

Clean in #13323

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish

@jufajardini jufajardini Awaiting requested review from jufajardini

@victorjulien victorjulien Awaiting requested review from victorjulien

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa