From 4c0dd8fa5d512eddf456de98340e3f71a16f64c6 Mon Sep 17 00:00:00 2001
From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Fri, 5 Jul 2019 17:42:44 +0530
Subject: [PATCH] decoder/vxlan: disable by default

---
 src/decode-vxlan.c | 10 ++++++++--
 suricata.yaml.in   |  2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/decode-vxlan.c b/src/decode-vxlan.c
index f5187542e4..8adb075e4c 100644
--- a/src/decode-vxlan.c
+++ b/src/decode-vxlan.c
@@ -43,7 +43,7 @@
 #define VXLAN_DEFAULT_PORT      4789
 #define VXLAN_DEFAULT_PORT_S    "4789"
 
-static bool g_vxlan_enabled = true;
+static bool g_vxlan_enabled = false;
 static int g_vxlan_ports[4] = { VXLAN_DEFAULT_PORT, -1, -1, -1 };
 static int g_vxlan_ports_idx = 0;
 
@@ -193,6 +193,8 @@ static int DecodeVXLANtest01 (void)
         0x44, 0x45, 0x0a, 0x60, 0x00, 0x0a, 0xb9, 0x1b, 0x73, 0x06,  /* IPv4 hdr */
         0x00, 0x35, 0x30, 0x39, 0x00, 0x08, 0x98, 0xe4 /* UDP probe src port 53 */
     };
+    bool orig_g_vxlan_enabled = g_vxlan_enabled;
+    g_vxlan_enabled = true;
     Packet *p = PacketGetFromAlloc();
     FAIL_IF_NULL(p);
     ThreadVars tv;
@@ -215,6 +217,7 @@ static int DecodeVXLANtest01 (void)
     FAIL_IF(tp->udph == NULL);
     FAIL_IF_NOT(tp->sp == 53);
 
+    g_vxlan_enabled = orig_g_vxlan_enabled; /* reset global variable */
     FlowShutdown();
     PacketFree(p);
     PacketFree(tp);
@@ -236,6 +239,8 @@ static int DecodeVXLANtest02 (void)
         0x44, 0x45, 0x0a, 0x60, 0x00, 0x0a, 0xb9, 0x1b, 0x73, 0x06,  /* IPv4 hdr */
         0x00, 0x35, 0x30, 0x39, 0x00, 0x08, 0x98, 0xe4 /* UDP probe src port 53 */
     };
+    bool orig_g_vxlan_enabled = g_vxlan_enabled;
+    g_vxlan_enabled = true;
     Packet *p = PacketGetFromAlloc();
     FAIL_IF_NULL(p);
     ThreadVars tv;
@@ -251,11 +256,12 @@ static int DecodeVXLANtest02 (void)
 
     FlowInitConfig(FLOW_QUIET);
     DecodeUDP(&tv, &dtv, p, raw_vxlan, sizeof(raw_vxlan), &pq);
-
     FAIL_IF(p->udph == NULL);
     FAIL_IF(pq.top != NULL);
 
     DecodeVXLANConfigPorts("4789"); /* reset */
+    g_vxlan_enabled = orig_g_vxlan_enabled; /* reset global variable */
+
     FlowShutdown();
     PacketFree(p);
     PASS;
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 8084316334..1d7cef2d36 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1402,7 +1402,7 @@ decoder:
   # VXLAN decoder is assigned to up to 4 UDP ports. By default only the
   # IANA assigned port 4789 is enabled.
   vxlan:
-    enabled: true
+    enabled: false
     ports: $VXLAN_PORTS # syntax: '8472, 4789'
 
 
-- 
2.47.2