decode/vlan: Extend VLAN encapsulation support to 3 levels; flowhash livedev#8908
decode/vlan: Extend VLAN encapsulation support to 3 levels; flowhash livedev#8908jlucovsky wants to merge 7 commits into
Conversation
Issue: 2816 This commit extends the JSON schema with the additional VLAN stat for tracking VLAN encapsulated packets with 3 levels.
Issue: 2816 This commit increase the number of VLAN layers supported by Suricata from 2 to 3. 3-layers are dubbed "Q-in-Q-in-Q". Note that 3 layers are not compliant with any existing standard but are often seen in larger deployments.
This commit removes unused functions and macros related to fetching VLAN values.
Meaning that we support 65535 live devices at the most
For easier reasoning about the code
So that in a setup with different interfaces capturing different networks, flows do not get mixed up Ticket: OISF#5270
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #8908 +/- ##
=======================================
Coverage 82.30% 82.30%
=======================================
Files 969 969
Lines 273335 273391 +56
=======================================
+ Hits 224961 225022 +61
+ Misses 48374 48369 -5
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
WARNING:
Pipeline 13893 |
|
Do you need something from me here @jlucovsky ? |
I don't think I need anything right now. We suspect the memory use difference is due to the stats being written before everything has been deallocated/released. @victorjulien thoughts on the |
I don't know about the http.memuse one, but it's clear that the bigger one we discussed in Vienna is unrelated, see #8928 (comment) |
|
Merged in #8965, thanks! |
4 participants
Continuation of #8890 and #8895.
This PR extends Suricata's support for VLANs from 2 to 3 levels. There is no standard for 3 levels of VLANs but 3 levels are not uncommon in some environments.
Link to redmine tickets:
Describe changes:
Updates
OISF/suricata-verify#1204