Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Geneve feature 3063 v1 #5332

Closed
wants to merge 3 commits into from
Closed

Geneve feature 3063 v1 #5332

wants to merge 3 commits into from

Conversation

alijkhalil
Copy link

@alijkhalil alijkhalil commented Aug 28, 2020
edited
Loading

Make sure these boxes are signed before submitting your Pull Request -- thank you.

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3063

Describe changes:

  • Added Geneve decoding functionality and associated unit tests
  • Refactored similar encapsulation modes (e.g. vxlan, teredo) to match Geneve

Testing:

  • New unit tests
  • Geneve pcap files randomly found online
  • Actual AWS internal Geneve encapsulated traffic

PRScript output (if applicable):

#suricata-verify-pr:
#suricata-verify-repo:
#suricata-verify-branch:
#suricata-update-pr:
#suricata-update-repo:
#suricata-update-branch:
#libhtp-pr:
#libhtp-repo:
#libhtp-branch:

Ali Jad Khalil added 3 commits August 27, 2020 23:15
decode/geneve: Add Geneve decoding functionality
ef9e532 
These changes are in response to feature request 3063. Geneve is
very similar to VXLAN, but uses a slightly different encapsulation
scheme.
decode/vxlan: Modified/refactored VXLAN logic
5adad55 
This is just a slight refactor to make analagous decoding/encapsulation
schemes - Geneve, Teredo, and VXLAN - be implemented as similarly as
possible.
decode/teredo: Modified/refactored Teredo logic
ef9fdb2 
This is just a slight refactor to make analagous decoding/encapsulation
schemes - Geneve, Teredo, and VXLAN - be implemented as similarly as
possible.
@alijkhalil alijkhalil requested a review from a team as a code owner August 28, 2020 07:04
@jasonish jasonish self-assigned this Aug 31, 2020
@jasonish
Copy link
Member

Can you provide a pcap? Or even better, a suricata-verify test? Thanks!

@alijkhalil
Copy link
Author

alijkhalil commented Aug 31, 2020
edited
Loading

I've attached a super simple geneve pcap below as a compressed file. (You can uncompress it with: tar xzf geneve.pcap.gz). I did not use the suricata-verify utility and instead used both my new unit tests and manual integration testing to confirm correctness of my changes.

geneve.pcap.gz

@victorjulien victorjulien added this to the 6.0 milestone Sep 3, 2020
This was referenced Sep 4, 2020
Closed
Merged
@victorjulien
Copy link
Member

Merged in #5361, thanks a lot for your contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jasonish jasonish

Labels
None yet
Milestone
6.0
Development

Successfully merging this pull request may close these issues.
3 participants
@alijkhalil @jasonish @victorjulien