Project

General

Profile

Actions
Copy link

Feature #7674

open
PA PA

source/tunnels: config option to distinguish tunnels

Feature #7674: source/tunnels: config option to distinguish tunnels

Added by Philippe Antoine about 1 year ago. Updated 11 months ago.

Status:
In Review
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

The ebpf xdp_filter.c program does not handle encapsulated flows (with erspan, VXLAN, or some other tunnel)
But it could.

Even if it does, Suricata AFPXDPBypassCallback checks PacketIsTunnel and falls back to local bypass in this case

The feature request here is to
  • Have config options for which kinds of tunnels AFPXDPBypassCallback can handle
  • have the example xdp_filter.c handle these

Some other improvements to xdp_filter.c will be proposed : ARP bypass, and tunnel stripping ( related to https://github.com/OISF/suricata/pull/11472 )

Related issues 2 (1 open1 closed)

Related to Suricata - Feature #7717: vxlan: treat as its own tunnelClosedPhilippe AntoineActions
Related to Suricata - Feature #5673: capture: option to decapsulate everything firstAssignedOISF DevActions
Actions
Copy link

Also available in: PDF Atom