Project

General

Profile

Actions
Copy link

Bug #5771

open

xdp: Flows with nested VLANs are not bypassed by XDP filter

Added by Lukas Sismis over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:

Description

Even though the eBPF (XDP) and Suricata structures are ready to handle nested VLANs (VLAN in VLAN) after my testing all packets were passed to Suricata.

I've found this when trying out TLS bypass - bypass TLS flow after TLS handshake. I am attaching a single TLS stream where after adding a VLAN all packets are forwarded to Suricata even though they should be bypassed after the handshake (after ~23 packets).

Files

shmu-tls-vlan-stream.pcap (439 KB) shmu-tls-vlan-stream.pcap Lukas Sismis, 01/02/2023 09:10 AM
Actions
Copy link
 #1

Updated by Lukas Sismis over 1 year ago

  • Subject changed from xdp: Flows with nested VLANs are not bypassed] to xdp: Flows with nested VLANs are not bypassed by XDP filter
Actions
Copy link
 #2

Updated by Lukas Sismis over 1 year ago

  • Description updated (diff)
Actions
Copy link

Also available in: Atom PDF