]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8937d71)
decoder/vxlan: disable by default 4018/head 4026/head
authorShivani Bhardwaj <shivanib134@gmail.com>
Fri, 5 Jul 2019 12:12:44 +0000 (17:42 +0530)
committerShivani Bhardwaj <shivanib134@gmail.com>
Wed, 10 Jul 2019 14:02:25 +0000 (19:32 +0530)
src/decode-vxlan.c patch | blob | blame | history
suricata.yaml.in patch | blob | blame | history

diff --git a/src/decode-vxlan.c b/src/decode-vxlan.c
index f5187542e4fea9764e11ed4ecba80d953688490b..8adb075e4c2d360ef9a6f0ac41acff956cbd15a1 100644 (file)
--- a/src/decode-vxlan.c
+++ b/src/decode-vxlan.c
@@ -43,7 +43,7 @@
 #define VXLAN_DEFAULT_PORT      4789
 #define VXLAN_DEFAULT_PORT_S    "4789"
 
-static bool g_vxlan_enabled = true;
+static bool g_vxlan_enabled = false;
 static int g_vxlan_ports[4] = { VXLAN_DEFAULT_PORT, -1, -1, -1 };
 static int g_vxlan_ports_idx = 0;
 
@@ -193,6 +193,8 @@ static int DecodeVXLANtest01 (void)
         0x44, 0x45, 0x0a, 0x60, 0x00, 0x0a, 0xb9, 0x1b, 0x73, 0x06,  /* IPv4 hdr */
         0x00, 0x35, 0x30, 0x39, 0x00, 0x08, 0x98, 0xe4 /* UDP probe src port 53 */
     };
+    bool orig_g_vxlan_enabled = g_vxlan_enabled;
+    g_vxlan_enabled = true;
     Packet *p = PacketGetFromAlloc();
     FAIL_IF_NULL(p);
     ThreadVars tv;
@@ -215,6 +217,7 @@ static int DecodeVXLANtest01 (void)
     FAIL_IF(tp->udph == NULL);
     FAIL_IF_NOT(tp->sp == 53);
 
+    g_vxlan_enabled = orig_g_vxlan_enabled; /* reset global variable */
     FlowShutdown();
     PacketFree(p);
     PacketFree(tp);
@@ -236,6 +239,8 @@ static int DecodeVXLANtest02 (void)
         0x44, 0x45, 0x0a, 0x60, 0x00, 0x0a, 0xb9, 0x1b, 0x73, 0x06,  /* IPv4 hdr */
         0x00, 0x35, 0x30, 0x39, 0x00, 0x08, 0x98, 0xe4 /* UDP probe src port 53 */
     };
+    bool orig_g_vxlan_enabled = g_vxlan_enabled;
+    g_vxlan_enabled = true;
     Packet *p = PacketGetFromAlloc();
     FAIL_IF_NULL(p);
     ThreadVars tv;
@@ -251,11 +256,12 @@ static int DecodeVXLANtest02 (void)
 
     FlowInitConfig(FLOW_QUIET);
     DecodeUDP(&tv, &dtv, p, raw_vxlan, sizeof(raw_vxlan), &pq);
-
     FAIL_IF(p->udph == NULL);
     FAIL_IF(pq.top != NULL);
 
     DecodeVXLANConfigPorts("4789"); /* reset */
+    g_vxlan_enabled = orig_g_vxlan_enabled; /* reset global variable */
+
     FlowShutdown();
     PacketFree(p);
     PASS;
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 808431633497f50ecff3733eb285226a498baed1..1d7cef2d36f586ab5a24f06c59990ed82fcfaeec 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1402,7 +1402,7 @@ decoder:
   # VXLAN decoder is assigned to up to 4 UDP ports. By default only the
   # IANA assigned port 4789 is enabled.
   vxlan:
-    enabled: true
+    enabled: false
     ports: $VXLAN_PORTS # syntax: '8472, 4789'
 
 
Mirror of https://github.com/OISF/suricata.git