Honor vlan: use-for-tracking in ebpf maps
In XDP and EBPF filters, it is possible to "disable" vlan used for tracking, but Suricata does not honor this config when adding keys to EBPF maps.
Will provide PR.
Updated by Eric Leblond almost 3 years ago
Odin Jenseg wrote in #note-2:
A second thought, it might make more sense to remove VLAN_TRACKING in https://github.com/OISF/suricata/tree/master/ebpf?
We may have some cases where vlan could be use to differentiate IP addresses.
IMO, it would make sense to have a version of the eBPF filter that does not contain the fields so we can spare some memory and computation. Problem is that Suricata would need to send two different set of keys in the eBPF calls. It should be doable but it will increase a bit more the complexity of the code.
Updated by Odin Jenseg over 2 years ago
Agree, it make more sense to be able to do this. Would it make sense with my PR, to not include VLAN tags in the key if vlan use for tracking is disabled in Suricata.
If I understand the code correct now; vlan is still used as a ebpf key if vlan used for tracking is disabled in Suricata and makes the VLAN_TRACKING flag not usable in EBPF/XDP filters.