From e6becd0bfac37cf3ba347c02be6f0a728f084117 Mon Sep 17 00:00:00 2001 From: Fupeng Zhao Date: Thu, 18 Sep 2025 11:31:26 +0000 Subject: [PATCH] tests: add vxlan with non-zero reserved fields test Ticket: #7753 --- .../vxlan-non-zero-reserved-fields/README.md | 11 ++++++++ .../vxlan-non-zero-reserved-fields/input.pcap | Bin 0 -> 2001 bytes .../suricata.yaml | 24 +++++++++++++++++ .../vxlan-non-zero-reserved-fields/test.yaml | 25 ++++++++++++++++++ 4 files changed, 60 insertions(+) create mode 100644 tests/vxlan-non-zero-reserved-fields/README.md create mode 100644 tests/vxlan-non-zero-reserved-fields/input.pcap create mode 100644 tests/vxlan-non-zero-reserved-fields/suricata.yaml create mode 100644 tests/vxlan-non-zero-reserved-fields/test.yaml diff --git a/tests/vxlan-non-zero-reserved-fields/README.md b/tests/vxlan-non-zero-reserved-fields/README.md new file mode 100644 index 000000000..15ad9259c --- /dev/null +++ b/tests/vxlan-non-zero-reserved-fields/README.md @@ -0,0 +1,11 @@ +# Test Description + +Test VXLAN decoding with non-zero reserved fields. + +## PCAP + +Pcap provided by Fupeng Zhao. Manually crafted to reflect [vxlan: Support user-defined reserved bits](https://lwn.net/Articles/998601/). + +## Related issues + +https://redmine.openinfosecfoundation.org/issues/7753 diff --git a/tests/vxlan-non-zero-reserved-fields/input.pcap b/tests/vxlan-non-zero-reserved-fields/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..780f30368744c8600fb3681c95fc8b2b79f913c0 GIT binary patch literal 2001 zc-oznU2NM_6vwZcG$?wuaod*k|5 z=4}}1>*&On=o~`-GB^K3sK1r5P3QB^1{rDhr)gv#e}C-u#n<9A>qZ(CFWk-Crzc%z z5B`Whi4fcO*cZ&PV-bewW2uI}d)2TD8kiQnBO?v_(e&}c5Y3=EQ1M3k+9o>$I`%G~ za0m8(XlnpI=y;rJcy2I)bRg+r8eVN{c;|?Qmjey^p>-H>e-7#})m4W*&@o&bV408a z0Sma_zTS^MXHhV^x$K86?qB&%F8eO!-im~ASBYWPuiswtEqL>g8vFN<*`B|Juri5`xkc7k}#Aa;EB8qR=Ru)$Yad_D@)<`UR z-qBoHCHyOvN0hot_;ch^op`|H z9EQMnI)@wM=}}y89FvsE>Vn~mW2p%tHI7FX=1WV995#(A!E;2Z+M{?zckLPx6Z8Oj z;T5?eyT)P467l5~M^<2mAjP5uMIjEz@JYiLb-!kEGGGivrq3icXyk=PceG~aF6AX* zk~3SxqzK?JHuV{^8xnWSCXhYOvon!Re6pk@kc8jI2v z{tjBW7wg=5BGkSkTc1$-zU6h9#g{f5($Um844vkB#Lw6L3ZDsl8|+&omgehV%2X`6Lfkdt zW^tLg)h4NHViN3=!o>|=hn@x33y}B{G$A#u#bIdzEa}1{C&#dq$tE({bOz5Ym1qOZ z6VtRgT((_PJ!L>Ke*B8*ts4d(@glt!_Cd)Npdg#@B1In^AVj%$dgVU-2<}e6O@?v@ ffxF-0?)1tX3h(~*$LmzrpT7z0Gqn4!Leu;Qt0Rr# literal 0 Hc-jL100001 diff --git a/tests/vxlan-non-zero-reserved-fields/suricata.yaml b/tests/vxlan-non-zero-reserved-fields/suricata.yaml new file mode 100644 index 000000000..666ed0403 --- /dev/null +++ b/tests/vxlan-non-zero-reserved-fields/suricata.yaml @@ -0,0 +1,24 @@ +%YAML 1.1 +--- + +outputs: + - stats: + enabled: yes + filename: stats.log + append: yes # append to file (yes) or overwrite it (no) + totals: yes # stats for all threads merged together + threads: no # per thread stats + - eve-log: + enabled: yes + filetype: regular #regular|syslog|unix_dgram|unix_stream|redis + filename: eve.json + types: + - http + - stats + - flow + +decoder: + vxlan: + enabled: true + ports: "4789" + reserved-bits-check: permissive diff --git a/tests/vxlan-non-zero-reserved-fields/test.yaml b/tests/vxlan-non-zero-reserved-fields/test.yaml new file mode 100644 index 000000000..8040ade74 --- /dev/null +++ b/tests/vxlan-non-zero-reserved-fields/test.yaml @@ -0,0 +1,25 @@ +requires: + min-version: 9 + +args: + - --set decoder.vxlan.enabled=true + +checks: + - filter: + count: 1 + match: + event_type: flow + src_port: 51252 + dest_port: 80 + flow.pkts_toserver: 5 + flow.pkts_toclient: 5 + - filter: + count: 1 + match: + event_type: flow + dest_port: 4789 + - filter: + count: 1 + match: + event_type: stats + stats.decoder.vxlan: 10 -- 2.47.3