Project

General

Profile

Actions
Copy link

Bug #7753

open

vxlan: decoder drops packets with non-zero reserved fields

Added by Fupeng Zhao 6 days ago. Updated 5 days ago.

Status:
In Review
Priority:
Normal
Assignee:
Fupeng Zhao
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:
C, Needs Suricata-Verify test, Protocol

Description

The current VXLAN decoder implementation follows RFC draft-mahalingam-dutt-dcops-vxlan-00 too strictly and does not ignore the Reserved fields on receipt, as required by RFC 7348 §5 . This causes valid VXLAN packets with non-zero Reserved bits to be dropped, leading to loss of response-side traffic in some environments.

Files

vxlan-non-zero-reserved-fields.pcap (1.95 KB) vxlan-non-zero-reserved-fields.pcap Fupeng Zhao, 06/12/2025 06:44 AM
Actions
Copy link
 #1

Updated by Fupeng Zhao 6 days ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Fupeng Zhao

Assigned to myself.

I plan to remove the strict validation of the Reserved fields entirely. Since we don’t decode the inner packet before parsing the VXLAN header, we can’t reliably determine the packet direction (transmit vs receive) and thus can’t selectively apply Reserved field checks.

Open to alternative suggestions if there's a preferred way to handle this.

Actions
Copy link
 #2

Updated by Fupeng Zhao 5 days ago

  • Status changed from Assigned to In Review
Actions
Copy link

Also available in: Atom PDF