Feature #6237
open
Multi-tenancy: Allow inner VLAN to be selected
Added by Jeff Lucovsky 10 months ago.
Updated 6 months ago.
Description
When using multi-tenancy and VLANs, some customers may want to use the "inner" VLAN for tenant selection with QinQ. Suricata has no mechanism to allow which VLAN is used for tenant selection -- the outer VLAN value is always selected.
Suggest adding a configuration setting with the default being the current behavior (outer VLAN).
- Description updated (diff)
- Target version changed from 8.0.0 to 7.0.1
- Label Needs backport added
- Status changed from New to In Review
- Assignee changed from OISF Dev to Jeff Lucovsky
The implementation in https://github.com/OISF/suricata/pull/9401 feels a little incomplete to me by just looking at the inner vlan.
I think a complete solution would allow the existing vlan selector, or a vlan-in-vlan selector where both levels of VLAN need to be specified, perhaps supporting a wildcard for the outer vlan?
Good point. This could be generalized into a "filter" of sorts
outer-vlan-specification:inner-vlan-specification
The current "vlan" selector could be thought of as "vlan:<wild-card>" and my initial "vlan-inner" PR would be "<wild-card>:vlan"
- Target version changed from 7.0.1 to 8.0.0-beta1
Lets work on a complete solution in 8 and see what we can backport.
Also available in: Atom
PDF