Skip to content

Xdp tunnel 7674 v16#15603

Closed
catenacyber wants to merge 13 commits into
OISF:mainfrom
catenacyber:xdp-tunnel-7674-v16
Closed

Xdp tunnel 7674 v16#15603
catenacyber wants to merge 13 commits into
OISF:mainfrom
catenacyber:xdp-tunnel-7674-v16

Conversation

@catenacyber

Copy link
Copy Markdown
Contributor

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7674

Describe changes:

  • introduces configurable tunnel_id to distinguish same-looking (same 5-tuple) flows encapsulated in different tunnels
  • adds a config option to "skip" the packets that are not part of a tunnel on interfaces receiving tunneled traffic
  • handle xdp bypass of these encapsulated flows
  • use this new tunnel_id as a multi-tenant selector
  • EBPF is now in suricata --build-info list of features
  • ebpf: remove unused macro
  • test: new afpacket max-packets feature

SV_BRANCH=OISF/suricata-verify#3045

#15415 with needed rebase

On top of first #15446

@codecov

codecov Bot commented Jun 11, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 54.84950% with 135 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.87%. Comparing base (28b10fb) to head (41bcc02).

Additional details and impacted files
@@            Coverage Diff             @@
##             main   #15603      +/-   ##
==========================================
- Coverage   82.90%   82.87%   -0.03%     
==========================================
  Files        1006     1007       +1     
  Lines      273648   273876     +228     
==========================================
+ Hits       226869   226987     +118     
- Misses      46779    46889     +110     
Flag Coverage Δ
fuzzcorpus 61.31% <21.73%> (-0.05%) ⬇️
livemode 18.40% <13.04%> (-0.02%) ⬇️
netns 22.78% <17.39%> (-0.05%) ⬇️
pcap 45.13% <23.74%> (-0.10%) ⬇️
suricata-verify 66.67% <54.51%> (-0.05%) ⬇️
unittests 58.48% <16.72%> (-0.06%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa

Copy link
Copy Markdown

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.app_layer.flow.ftp_data 771 740 95.98%

Pipeline = 31954

catenacyber and others added 13 commits June 14, 2026 22:17
for SV to run tests based on the presence of this feature
Completes commit 7e725c6

autofp-scheduler with value ftp-hash ends up using
FlowGetIpPairProtoHash which ignores the ports for ftp-looking
flows so that the ftp and ftp-data flow get processed by the
same thread.

As for the other cases, we want to use every other parameter
to compute the flow hash, inclusing the live device
So that we know for a packet which precise type of tunnel it
is (like erspan2).
Ticket: 7674

To distinguish flows with the same 5-tuple but coming from different
configured tunnel sources.

For vxlan, we need to call
1. PacketTunnelPktSetup with vxlan header
2. Call a new DecodeVXLANtunnel which
  - sets the tunnel id
  - call DecodeEthernet on data after vxlan header as before
Ticket: 7674

On interfaces meant to receive only tunneled traffic
so as to run ebpf live tests
Ticket: 7674

Allows a compile-time option AFPACKET_TEST_REPLAY, that allows
to set a configuration max-packets per afpacket interface,
after which the PktAcqLoop stops.

This allows suricata-verify tests to run with tcpreplay,
and know when to stop
@catenacyber catenacyber force-pushed the xdp-tunnel-7674-v16 branch from 6ec593f to 41bcc02 Compare June 14, 2026 20:17
@suricata-qa

Copy link
Copy Markdown

WARNING:

field baseline test %
SURI_TLPR1_stats_chk
.app_layer.flow.ftp_data 604 624 103.31%

Pipeline = 32034

@catenacyber

Copy link
Copy Markdown
Contributor Author

Replaced by #15710

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants