Xdp tunnel 7674 v6.7

[catenacyber]

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7674

Describe changes:

• on top of Vxlan tunnel 7717 v1 #13302
• introduces configurable tunnel_id to distinguish same-looking (same 5-tuple) flows encapsulated in different tunnels
• adds a config option to "skip" the packets that are not part of a tunnel
• handle xdp bypass of these encapsulated flows
• use this new tunnel_id as a multi-tenant selector

Provide values to any of the below to override the defaults.

SV_BRANCH=OISF/suricata-verify#2522

#13654 with

• NULL deref fix with ebpf programs loaded and no tunnels section in suricata.yaml
• Fully handle the config option to skip non-tunneled packets

[codecov]

Codecov Report

❌ Patch coverage is 57.41935% with 132 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.53%. Comparing base (49629f7) to head (1b359e1).
⚠️ Report is 45 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #13748       +/-   ##
===========================================
+ Coverage   77.16%   83.53%    +6.36%     
===========================================
  Files         945     1012       +67     
  Lines      172228   277540   +105312     
===========================================
+ Hits       132906   231844    +98938     
- Misses      39322    45696     +6374     

Flag	Coverage Δ
fuzzcorpus	62.86% <30.00%> (-0.08%)	⬇️
livemode	18.75% <10.32%> (-0.25%)	⬇️
pcap	44.84% <30.32%> (+0.16%)	⬆️
suricata-verify	65.08% <55.83%> (+0.01%)	⬆️
unittests	58.66% <17.97%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[suricata-qa]

Information: QA ran without warnings.

Pipeline = 27230

[catenacyber]

Next version in #13839