From: Eric Leblond <eric@regit.org>
Date: Sat, 11 May 2019 09:43:59 +0000 (+0200)
Subject: ebpf: add vlan tracking option to xdp_filter
X-Git-Tag: suricata-5.0.0-rc1~324
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=640bc937b4843e0cfa575243658508af82d71df1;p=thirdparty%2Fsuricata.git

ebpf: add vlan tracking option to xdp_filter

If vlan is not use for tracking in Suricata this result in vlan not
being used in the flow key in Suricata and we need to adjust that
in the XDP filter to avoid any problem.
---

diff --git a/ebpf/xdp_filter.c b/ebpf/xdp_filter.c
index f84cecd435..076ed4d551 100644
--- a/ebpf/xdp_filter.c
+++ b/ebpf/xdp_filter.c
@@ -56,6 +56,10 @@
  * and unset BUILD_CPUMAP (number must be a power of 2 for netronome) */
 #define RSS_QUEUE_NUMBERS   32
 
+/* no vlan tracking: set it to 0 if you don't use VLAN for tracking. Can
+ * also be used as workaround of some hardware offload issue */
+#define VLAN_TRACKING    1
+
 struct vlan_hdr {
     __u16	h_vlan_TCI;
     __u16	h_vlan_encapsulated_proto;
@@ -509,7 +513,11 @@ int SEC("xdp") xdp_hashfilter(struct xdp_md *ctx)
         if (data + nh_off > data_end)
             return XDP_PASS;
         h_proto = vhdr->h_vlan_encapsulated_proto;
+#if VLAN_TRACKING
         vlan0 = vhdr->h_vlan_TCI & 0x0fff;
+#else
+        vlan0 = 0;
+#endif
     }
     if (h_proto == __constant_htons(ETH_P_8021Q) || h_proto == __constant_htons(ETH_P_8021AD)) {
         struct vlan_hdr *vhdr;
@@ -519,7 +527,11 @@ int SEC("xdp") xdp_hashfilter(struct xdp_md *ctx)
         if (data + nh_off > data_end)
             return XDP_PASS;
         h_proto = vhdr->h_vlan_encapsulated_proto;
+#if VLAN_TRACKING
         vlan1 = vhdr->h_vlan_TCI & 0x0fff;
+#else
+        vlan1 = 0;
+#endif
     }
 
     if (h_proto == __constant_htons(ETH_P_IP))