config/mt: Add vlan-tuple MT selector

[jlucovsky]

Continuation of #9738

Add a new MT selector type to support use cases where a VLAN tuple should be used to determine the MT tenant.

Packets with one VLAN id will never match as vlan-tuple requires at least QinQ.

The tuple can hold up to 3 values -- this is the max supported by Suricata atm.

Tenants are selected by specifying a VLAN tuple, e.g., [1010, 5]. A packet matches when:

• It has double VLAN encapsulation
• The outer VLAN id is 1015
• The inner VLAN id is 5

Wild card values are supported; values of 0 match 'any VLAN' value in the same position as expressed in the tuple:
Tenants are selected by specifying a VLAN tuple, e.g., [1010, 0]. A packet matches when:

• It has double VLAN encapsulation
• The outer VLAN id is 1015
• The inner VLAN id always matches since it's a wildcard value.

Link to redmine ticket: 6237

Describe changes:

• Add and document a new MT selector -- vlan-tuple -- for use cases where a VLAN pair should determines the tenant.

Updates

• Fixed size-mismatch error

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_REPO=
SV_BRANCH=pr/1354
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

[suricata-qa]

Information: QA ran without warnings.

Pipeline 16408

[codecov]

Codecov Report

Merging #9747 (54a8b2d) into master (c8a7204) will decrease coverage by 0.07%.
The diff coverage is 23.24%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #9747      +/-   ##
==========================================
- Coverage   82.56%   82.49%   -0.07%     
==========================================
  Files         968      968              
  Lines      273827   273960     +133     
==========================================
- Hits       226074   226013      -61     
- Misses      47753    47947     +194     

Flag	Coverage Δ
fuzzcorpus	64.34% <0.00%> (-0.52%)	⬇️
suricata-verify	61.17% <23.24%> (+0.20%)	⬆️
unittests	62.90% <0.00%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

[suricata-qa]

Information: QA ran without warnings.

Pipeline 16416

[jufajardini]

A few things to consider, some related to making reading clearer, some to formatting. Please see inline comments :)

[jufajardini]

This part is a bit confusing to me, maybe because of the example only actually having the id word for the tenant ids...

Maybe if we add a generic format to the VLAN-tuple [outtermost-id, middle-id, innermost-id] this could help remove ambiguity when reading this example?

[jlucovsky]

I agree that using id in the tenants section and tenant-id in the mappings section is a bit confusing.

I can change this but am concerned about support for existing multi-tenant configurations.

[jufajardini]

Hm.. Maybe just some addition to the documentation, to highlight /dismiss the confusion?

[jlucovsky]

Continued in #9951