Xdp tunnel 7674 v7 #14290
Draft
Xdp tunnel 7674 v7 #14290
+997
−201
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
|
WARNING:
Pipeline = 28408 |
catenacyber
force-pushed
the
xdp-tunnel-7674-v7
branch
from
c8d75d5 to
b922ef6
Compare
Contributor
Author
|
Rebased and force-pushed this draft to get greener CI because SV was updated during the creation of this PR |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #14290 +/- ##
==========================================
- Coverage 84.16% 83.96% -0.21%
==========================================
Files 1012 1013 +1
Lines 261869 264347 +2478
==========================================
+ Hits 220405 221957 +1552
- Misses 41464 42390 +926
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
catenacyber
force-pushed
the
xdp-tunnel-7674-v7
branch
from
b922ef6 to
88f1e76
Compare
Contributor
Author
|
So, we have a rights problem on github CI even as root... Any ideas there ? |
catenacyber
force-pushed
the
xdp-tunnel-7674-v7
branch
from
88f1e76 to
fa8b7ec
Compare
|
Information: QA ran without warnings. Pipeline = 28437 |
Instead of directly accessing the field Will allow PacketTunnelType to hold the precise tunnel type like DECODE_TUNNEL_ERSPANII with a modification of PacketIsTunnelChild
So that we know for a packet which precise type of tunnel it is (like erspan2).
ebpf program does not handle 3 layers of vlan
Ticket: 7717 Allows for instance to process/log ARP packets over VXLAN. That means we need to decode the ethernet layer above vxlan instead of skipping it as part of the vxlan, even if the vxlan decoder still checks the ethernet layer to avoid FPs.
to save memory
Ticket: 7674 To distinguish flows with the same 5-tuple but coming from different tunnel sources.
Ticket: 7674
Ticket: 7674
Ticket: 7674 On interfaces meant to receive only tunneled traffic
for SV to run tests based on the presence of this feature
so as to run ebpf live tests
catenacyber
force-pushed
the
xdp-tunnel-7674-v7
branch
from
72eb509 to
109c9e2
Compare
|
Information: QA ran without warnings. Pipeline = 28459 |
|
Information: QA ran without warnings. Pipeline = 28460 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7674
Describe changes:
Provide values to any of the below to override the defaults.
SV_BRANCH=OISF/suricata-verify#2747
#14017 rebased, with better SV test live