Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config/mt: Add vlan-tuple MT selector #9952

Closed
wants to merge 3 commits into from
Closed

config/mt: Add vlan-tuple MT selector #9952

wants to merge 3 commits into from

Conversation

jlucovsky
Copy link
Contributor

Continuation of #9951

Add a new MT selector type to support use cases where a VLAN tuple should be used to determine the MT tenant.

Packets with one VLAN id will never match as vlan-tuple requires at least QinQ.

The tuple can hold up to 3 values -- this is the max supported by Suricata atm.

Tenants are selected by specifying a VLAN tuple, e.g., [1010, 5]. A packet matches when:

  • It has double VLAN encapsulation
  • The outer VLAN id is 1015
  • The inner VLAN id is 5

Wild card values are supported; values of 0 match 'any VLAN' value in the same position as expressed in the tuple:
Tenants are selected by specifying a VLAN tuple, e.g., [1010, 0]. A packet matches when:

  • It has double VLAN encapsulation
  • The outer VLAN id is 1015
  • The inner VLAN id always matches since it's a wildcard value.

Link to redmine ticket: 6237

Describe changes:

  • Add and document a new MT selector -- vlan-tuple -- for use cases where a VLAN pair should determines the tenant.

Updates

  • Fix typing mismatch

Provide values to any of the below to override the defaults.

To use a pull request use a branch name like pr/N where N is the
pull request number.

Alternatively, SV_BRANCH may also be a link to an
OISF/suricata-verify pull-request.

SV_REPO=
SV_BRANCH=pr/1354
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

@jlucovsky
doc/mt: Document vlan-tuple selector
0401dff 
Issue: 6237

The VLAN tuple selector uses a tuple of values to select a tenant.
- [ vlan-outermost, vlan-innermost]

The tuple can contain as many VLAN values as supported by Suricata -
currently 3.

Each of these can accept a wild-card value (0).

The tenant is selected by matching packet VLAN values with the selector
values.
@jlucovsky jlucovsky mentioned this pull request Dec 3, 2023
Closed
@jlucovsky
detect/mt: Add support for vlan-tuple selector
2bfbf1f 
Issue: 6237
@jlucovsky
conf/socket: Include the default socket name
3b2b23c 
Show the default value used for the unix control socket instead of a
generic name that's not used: custom.socket
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 16850

@suricata-qa
Copy link

WARNING:

field baseline test %
SURI_TLPW2_autofp_stats_chk
.uptime 181 197 108.84%
SURI_TLPR1_stats_chk
.uptime 955 1028 107.64%

Pipeline 16852

@jlucovsky jlucovsky mentioned this pull request Dec 4, 2023
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #9955

@jlucovsky jlucovsky closed this Dec 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@inashivb inashivb Awaiting requested review from inashivb inashivb is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jlucovsky @suricata-qa