Bug #4214
openHonor vlan: use-for-tracking in ebpf maps
Description
In XDP and EBPF filters, it is possible to "disable" vlan used for tracking, but Suricata does not honor this config when adding keys to EBPF maps.
Will provide PR.
Updated by Odin Jenseg almost 4 years ago
Updated by Odin Jenseg almost 4 years ago
A second thought, it might make more sense to remove VLAN_TRACKING in https://github.com/OISF/suricata/tree/master/ebpf?
Updated by Eric Leblond almost 4 years ago
Odin Jenseg wrote in #note-2:
A second thought, it might make more sense to remove VLAN_TRACKING in https://github.com/OISF/suricata/tree/master/ebpf?
We may have some cases where vlan could be use to differentiate IP addresses.
IMO, it would make sense to have a version of the eBPF filter that does not contain the fields so we can spare some memory and computation. Problem is that Suricata would need to send two different set of keys in the eBPF calls. It should be doable but it will increase a bit more the complexity of the code.
Updated by Odin Jenseg almost 4 years ago
Agree, it make more sense to be able to do this. Would it make sense with my PR, to not include VLAN tags in the key if vlan use for tracking is disabled in Suricata.
If I understand the code correct now; vlan is still used as a ebpf key if vlan used for tracking is disabled in Suricata and makes the VLAN_TRACKING flag not usable in EBPF/XDP filters.
Updated by Philippe Antoine almost 3 years ago
- Status changed from New to In Review
Updated by Philippe Antoine almost 3 years ago
- Target version set to 7.0.0-beta1
Updated by Victor Julien about 2 years ago
- Status changed from In Review to New
- Assignee deleted (
Odin Jenseg) - Target version changed from 7.0.0-beta1 to TBD