Project

General

Profile

Actions
Copy link

Bug #7753

closed
FZ FZ

decoder/vxlan: packet drops with non-zero reserved fields

Bug #7753: decoder/vxlan: packet drops with non-zero reserved fields

Added by Fupeng Zhao 10 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Fupeng Zhao
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:
C, Needs Suricata-Verify test, Protocol

Description

The current VXLAN decoder implementation follows RFC draft-mahalingam-dutt-dcops-vxlan-00 too strictly and does not ignore the Reserved fields on receipt, as required by RFC 7348 §5 . This causes valid VXLAN packets with non-zero Reserved bits to be dropped, leading to loss of response-side traffic in some environments.

Files

vxlan-non-zero-reserved-fields.pcap (1.95 KB) vxlan-non-zero-reserved-fields.pcap Fupeng Zhao, 06/12/2025 06:44 AM

Subtasks 1 (0 open1 closed)

Bug #7940: decoder/vxlan: packet drops with non-zero reserved fields (8.0.x backport)ClosedFupeng ZhaoActions

FZ Updated by Fupeng Zhao 10 months ago Actions
Copy link
 #1

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Fupeng Zhao

Assigned to myself.

I plan to remove the strict validation of the Reserved fields entirely. Since we don’t decode the inner packet before parsing the VXLAN header, we can’t reliably determine the packet direction (transmit vs receive) and thus can’t selectively apply Reserved field checks.

Open to alternative suggestions if there's a preferred way to handle this.

FZ Updated by Fupeng Zhao 10 months ago Actions
Copy link
 #2

  • Status changed from Assigned to In Review

PA Updated by Philippe Antoine 10 months ago Actions
Copy link
 #3

  • Target version changed from TBD to 9.0.0-beta1

PA Updated by Philippe Antoine 9 months ago Actions
Copy link
 #4

  • Tracker changed from Bug to Feature

FZ Updated by Fupeng Zhao 7 months ago Actions
Copy link
 #5

  • Status changed from In Review to Closed

VJ Updated by Victor Julien 7 months ago Actions
Copy link
 #6

  • Label Needs backport to 8.0 added

VJ Updated by Victor Julien 7 months ago Actions
Copy link
 #7

  • Status changed from Closed to Resolved

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
 #8

  • Subtask #7940 added

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
 #9

  • Label deleted (Needs backport to 8.0)

PA Updated by Philippe Antoine 6 months ago Actions
Copy link
 #10

  • Status changed from Resolved to Closed

SB Updated by Shivani Bhardwaj 6 months ago Actions
Copy link
 #11

  • Tracker changed from Feature to Bug

SB Updated by Shivani Bhardwaj 6 months ago Actions
Copy link
 #12

  • Subject changed from vxlan: decoder drops packets with non-zero reserved fields to decoder/vxlan: packet drops with non-zero reserved fields
Actions
Copy link

Also available in: PDF Atom