Bug #4214
open
Honor vlan: use-for-tracking in ebpf maps
Added by Odin Jenseg about 4 years ago.
Updated over 1 year ago.
Description
In XDP and EBPF filters, it is possible to "disable" vlan used for tracking, but Suricata does not honor this config when adding keys to EBPF maps.
Will provide PR.
Odin Jenseg wrote in #note-2:
A second thought, it might make more sense to remove VLAN_TRACKING in https://github.com/OISF/suricata/tree/master/ebpf?
We may have some cases where vlan could be use to differentiate IP addresses.
IMO, it would make sense to have a version of the eBPF filter that does not contain the fields so we can spare some memory and computation. Problem is that Suricata would need to send two different set of keys in the eBPF calls. It should be doable but it will increase a bit more the complexity of the code.
Agree, it make more sense to be able to do this. Would it make sense with my PR, to not include VLAN tags in the key if vlan use for tracking is disabled in Suricata.
If I understand the code correct now; vlan is still used as a ebpf key if vlan used for tracking is disabled in Suricata and makes the VLAN_TRACKING flag not usable in EBPF/XDP filters.
- Status changed from New to In Review
- Target version set to 7.0.0-beta1
- Status changed from In Review to New
- Assignee deleted (
Odin Jenseg)
- Target version changed from 7.0.0-beta1 to TBD
- Assignee set to Community Ticket
Also available in: Atom
PDF