Bug #5771: xdp: Flows with nested VLANs are not bypassed by XDP filter - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #5771

open

xdp: Flows with nested VLANs are not bypassed by XDP filter

Added by Lukas Sismis over 1 year ago. Updated over 1 year ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

Effort:

Difficulty:

Label:

Description

Even though the eBPF (XDP) and Suricata structures are ready to handle nested VLANs (VLAN in VLAN) after my testing all packets were passed to Suricata.

I've found this when trying out TLS bypass - bypass TLS flow after TLS handshake. I am attaching a single TLS stream where after adding a VLAN all packets are forwarded to Suricata even though they should be bypassed after the handshake (after ~23 packets).

Files

shmu-tls-vlan-stream.pcap (439 KB) shmu-tls-vlan-stream.pcap

Lukas Sismis, 01/02/2023 09:10 AM

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #5771

xdp: Flows with nested VLANs are not bypassed by XDP filter

Updated by Lukas Sismis over 1 year ago

Updated by Lukas Sismis over 1 year ago