suricata
decode-vxlan.c
Go to the documentation of this file.
1 /* Copyright (C) 2019-2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Henrik Kramshoej <hlk@kramse.org>
22  *
23  * VXLAN tunneling scheme decoder.
24  *
25  * This implementation is based on the following specification doc:
26  * https://tools.ietf.org/html/rfc7348
27  */
28 
29 #include "suricata-common.h"
30 #include "decode.h"
31 #include "decode-vxlan.h"
32 #include "decode-events.h"
33 
34 #include "detect.h"
35 #include "detect-engine-port.h"
36 
37 #include "flow.h"
38 
39 #include "util-validate.h"
40 #include "util-unittest.h"
41 #include "util-debug.h"
42 
43 #define VXLAN_HEADER_LEN sizeof(VXLANHeader)
44 
45 #define VXLAN_MAX_PORTS 4
46 #define VXLAN_UNSET_PORT -1
47 #define VXLAN_DEFAULT_PORT 4789
48 #define VXLAN_DEFAULT_PORT_S "4789"
49 
50 typedef enum {
51  VXLAN_RES_CHECK_STRICT = 0,
52  VXLAN_RES_CHECK_PERMISSIVE,
53 } VXLANReservedCheckMode;
54 
55 static bool g_vxlan_enabled = true;
56 static int g_vxlan_ports_idx = 0;
57 static int g_vxlan_ports[VXLAN_MAX_PORTS] = { VXLAN_DEFAULT_PORT, VXLAN_UNSET_PORT,
58  VXLAN_UNSET_PORT, VXLAN_UNSET_PORT };
59 static VXLANReservedCheckMode g_vxlan_reserved_check_mode = VXLAN_RES_CHECK_STRICT;
60 
61 typedef struct VXLANHeader_ {
62  uint8_t flags[2];
63  uint16_t gdp;
64  uint8_t vni[3];
65  uint8_t res;
66 } VXLANHeader;
67 
68 bool DecodeVXLANEnabledForPort(const uint16_t dp)
69 {
70  SCLogDebug("checking dest port %u against ports %d %d %d %d", dp, g_vxlan_ports[0],
71  g_vxlan_ports[1], g_vxlan_ports[2], g_vxlan_ports[3]);
72 
73  if (g_vxlan_enabled) {
74  for (int i = 0; i < g_vxlan_ports_idx; i++) {
75  if (g_vxlan_ports[i] == VXLAN_UNSET_PORT)
76  return false;
77  /* RFC 7348: VXLAN identification is based on destination port only */
78  if (g_vxlan_ports[i] == (const int)dp)
79  return true;
80  }
81  }
82  return false;
83 }
84 
85 static void DecodeVXLANConfigPorts(const char *pstr)
86 {
87  SCLogDebug("parsing \'%s\'", pstr);
88 
89  DetectPort *head = NULL;
90  DetectPortParse(NULL, &head, pstr);
91 
92  g_vxlan_ports_idx = 0;
93  for (DetectPort *p = head; p != NULL; p = p->next) {
94  if (g_vxlan_ports_idx >= VXLAN_MAX_PORTS) {
95  SCLogWarning("more than %d VXLAN ports defined", VXLAN_MAX_PORTS);
96  break;
97  }
98  g_vxlan_ports[g_vxlan_ports_idx++] = (int)p->port;
99  }
100 
101  DetectPortCleanupList(NULL, head);
102 }
103 
104 void DecodeVXLANConfig(void)
105 {
106  int enabled = 0;
107  if (SCConfGetBool("decoder.vxlan.enabled", &enabled) == 1) {
108  if (enabled) {
109  g_vxlan_enabled = true;
110  } else {
111  g_vxlan_enabled = false;
112  }
113  }
114 
115  if (g_vxlan_enabled) {
116  SCConfNode *node = SCConfGetNode("decoder.vxlan.ports");
117  if (node && node->val) {
118  DecodeVXLANConfigPorts(node->val);
119  } else {
120  DecodeVXLANConfigPorts(VXLAN_DEFAULT_PORT_S);
121  }
122 
123  node = SCConfGetNode("decoder.vxlan.reserved-bits-check");
124  if (node && node->val) {
125  if (strcasecmp(node->val, "strict") == 0) {
126  g_vxlan_reserved_check_mode = VXLAN_RES_CHECK_STRICT;
127  } else if (strcasecmp(node->val, "permissive") == 0) {
128  g_vxlan_reserved_check_mode = VXLAN_RES_CHECK_PERMISSIVE;
129  } else {
130  SCLogWarning(
131  "Invalid VXLAN reserved-bits-check mode '%s', using 'strict'", node->val);
132  g_vxlan_reserved_check_mode = VXLAN_RES_CHECK_STRICT;
133  }
134  }
135  }
136 }
137 
138 /** \param pkt payload data directly above UDP header
139  * \param len length in bytes of pkt
140  *
141  * \note p->flow is not set yet at this point, so we cannot easily
142  * check if the flow is unidirectional here.
143  */
144 int DecodeVXLAN(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
145  const uint8_t *pkt, uint32_t len)
146 {
147  DEBUG_VALIDATE_BUG_ON(pkt == NULL);
148 
149  /* Initial packet validation */
150  if (unlikely(!g_vxlan_enabled))
151  return TM_ECODE_FAILED;
152 
153  if (len < (VXLAN_HEADER_LEN + sizeof(EthernetHdr)))
154  return TM_ECODE_FAILED;
155  if (!PacketIncreaseCheckLayers(p)) {
156  return TM_ECODE_FAILED;
157  }
158 
159  const VXLANHeader *vxlanh = (const VXLANHeader *)pkt;
160  if ((vxlanh->flags[0] & 0x08) == 0)
161  return TM_ECODE_FAILED;
162 
163  switch (g_vxlan_reserved_check_mode) {
164  case VXLAN_RES_CHECK_STRICT:
165  if ((vxlanh->flags[0] & 0xF7) != 0 || /* All reserved bits are zero except I bit */
166  vxlanh->flags[1] != 0 || /* Second byte should be all zeros */
167  vxlanh->gdp != 0 || /* GDP field is reserved in standard VXLAN */
168  vxlanh->res != 0) { /* Last reserved byte should be zero */
169  return TM_ECODE_FAILED;
170  }
171  break;
172  case VXLAN_RES_CHECK_PERMISSIVE:
173  break;
174  }
175 
176 #if DEBUG
177  uint32_t vni = (vxlanh->vni[0] << 16) + (vxlanh->vni[1] << 8) + (vxlanh->vni[2]);
178  SCLogDebug("VXLAN vni %u", vni);
179 #endif
180 
181  /* Increment stats counter for VXLAN packets */
182  StatsIncr(tv, dtv->counter_vxlan);
183 
184  EthernetHdr *ethh = (EthernetHdr *)(pkt + VXLAN_HEADER_LEN);
185  int decode_tunnel_proto = DECODE_TUNNEL_UNSET;
186 
187  /* Look at encapsulated Ethernet frame to get next protocol */
188  uint16_t eth_type = SCNtohs(ethh->eth_type);
189  SCLogDebug("VXLAN ethertype 0x%04x", eth_type);
190 
191  switch (eth_type) {
192  case ETHERNET_TYPE_ARP:
193  SCLogDebug("VXLAN found ARP");
194  break;
195  case ETHERNET_TYPE_IP:
196  SCLogDebug("VXLAN found IPv4");
197  decode_tunnel_proto = DECODE_TUNNEL_IPV4;
198  break;
199  case ETHERNET_TYPE_IPV6:
200  SCLogDebug("VXLAN found IPv6");
201  decode_tunnel_proto = DECODE_TUNNEL_IPV6;
202  break;
203  case ETHERNET_TYPE_VLAN:
204  case ETHERNET_TYPE_8021AD:
205  case ETHERNET_TYPE_8021QINQ:
206  SCLogDebug("VXLAN found VLAN");
207  decode_tunnel_proto = DECODE_TUNNEL_VLAN;
208  break;
209  default:
210  SCLogDebug("VXLAN found unsupported Ethertype - expected IPv4, IPv6, VLAN, or ARP");
211  ENGINE_SET_INVALID_EVENT(p, VXLAN_UNKNOWN_PAYLOAD_TYPE);
212  }
213 
214  /* Set-up and process inner packet if it is a supported ethertype */
215  if (decode_tunnel_proto != DECODE_TUNNEL_UNSET) {
216  Packet *tp = PacketTunnelPktSetup(tv, dtv, p, pkt + VXLAN_HEADER_LEN + ETHERNET_HEADER_LEN,
217  len - (VXLAN_HEADER_LEN + ETHERNET_HEADER_LEN), decode_tunnel_proto);
218  if (tp != NULL) {
219  PKT_SET_SRC(tp, PKT_SRC_DECODER_VXLAN);
220  PacketEnqueueNoLock(&tv->decode_pq, tp);
221  }
222  }
223 
224  return TM_ECODE_OK;
225 }
226 
227 #ifdef UNITTESTS
228 #include "conf-yaml-loader.h"
229 
230 /**
231  * \test DecodeVXLANTest01 test a good vxlan header.
232  * Contains a DNS request packet.
233  */
234 static int DecodeVXLANtest01 (void)
235 {
236  uint8_t raw_vxlan[] = {
237  0x12, 0xb5, 0x12, 0xb5, 0x00, 0x3a, 0x87, 0x51, /* UDP header */
238  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x25, 0x00, /* VXLAN header */
239  0x10, 0x00, 0x00, 0x0c, 0x01, 0x00, /* inner destination MAC */
240  0x00, 0x51, 0x52, 0xb3, 0x54, 0xe5, /* inner source MAC */
241  0x08, 0x00, /* another IPv4 0x0800 */
242  0x45, 0x00, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x40, 0x11,
243  0x44, 0x45, 0x0a, 0x60, 0x00, 0x0a, 0xb9, 0x1b, 0x73, 0x06, /* IPv4 hdr */
244  0x00, 0x35, 0x30, 0x39, 0x00, 0x08, 0x98, 0xe4 /* UDP probe src port 53 */
245  };
246  Packet *p = PacketGetFromAlloc();
247  FAIL_IF_NULL(p);
248  ThreadVars tv;
249  DecodeThreadVars dtv;
250  memset(&tv, 0, sizeof(ThreadVars));
251  memset(&dtv, 0, sizeof(DecodeThreadVars));
252 
253  DecodeVXLANConfigPorts(VXLAN_DEFAULT_PORT_S);
254  FlowInitConfig(FLOW_QUIET);
255 
256  DecodeUDP(&tv, &dtv, p, raw_vxlan, sizeof(raw_vxlan));
257  FAIL_IF_NOT(PacketIsUDP(p));
258  FAIL_IF(tv.decode_pq.top == NULL);
259 
260  Packet *tp = PacketDequeueNoLock(&tv.decode_pq);
261  FAIL_IF_NOT(PacketIsUDP(tp));
262  FAIL_IF_NOT(tp->sp == 53);
263 
264  FlowShutdown();
265  PacketFree(p);
266  PacketFreeOrRelease(tp);
267  PASS;
268 }
269 
270 /**
271  * \test DecodeVXLANtest02 tests default port disabled by the config.
272  */
273 static int DecodeVXLANtest02 (void)
274 {
275  uint8_t raw_vxlan[] = {
276  0x12, 0xb5, 0x12, 0xb5, 0x00, 0x3a, 0x87, 0x51, /* UDP header */
277  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x25, 0x00, /* VXLAN header */
278  0x10, 0x00, 0x00, 0x0c, 0x01, 0x00, /* inner destination MAC */
279  0x00, 0x51, 0x52, 0xb3, 0x54, 0xe5, /* inner source MAC */
280  0x08, 0x00, /* another IPv4 0x0800 */
281  0x45, 0x00, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x40, 0x11,
282  0x44, 0x45, 0x0a, 0x60, 0x00, 0x0a, 0xb9, 0x1b, 0x73, 0x06, /* IPv4 hdr */
283  0x00, 0x35, 0x30, 0x39, 0x00, 0x08, 0x98, 0xe4 /* UDP probe src port 53 */
284  };
285  Packet *p = PacketGetFromAlloc();
286  FAIL_IF_NULL(p);
287  ThreadVars tv;
288  DecodeThreadVars dtv;
289  memset(&tv, 0, sizeof(ThreadVars));
290  memset(&dtv, 0, sizeof(DecodeThreadVars));
291 
292  DecodeVXLANConfigPorts("1");
293  FlowInitConfig(FLOW_QUIET);
294 
295  DecodeUDP(&tv, &dtv, p, raw_vxlan, sizeof(raw_vxlan));
296  FAIL_IF_NOT(PacketIsUDP(p));
297  FAIL_IF(tv.decode_pq.top != NULL);
298 
299  DecodeVXLANConfigPorts(VXLAN_DEFAULT_PORT_S); /* reset */
300  FlowShutdown();
301  PacketFree(p);
302  PASS;
303 }
304 
305 /**
306  * \test DecodeVXLANtest03 tests the non-zero res field on receiver side.
307  * Contains a HTTP response packet.
308  */
309 static int DecodeVXLANtest03(void)
310 {
311  uint8_t raw_vxlan[] = {
312  0xc0, 0x00, 0x12, 0xb5, 0x00, 0x57, 0x00, 0x00, /* UDP header */
313  0xff, 0x01, 0xd2, 0x0a, 0x00, 0x00, 0x0b, 0x01, /* VXLAN header (res = 0x01) */
314  0xfa, 0x16, 0x3e, 0xfe, 0x55, 0x1c, /* inner destination MAC */
315  0xfa, 0x16, 0x3e, 0xfe, 0x57, 0xdc, /* inner source MAC */
316  0x08, 0x00, /* another IPv4 0x0800 */
317  0x45, 0x00, 0x00, 0x39, 0xc2, 0xae, 0x40, 0x00, 0x40, 0x06, 0x7e, 0x61, 0xc0, 0xa8, 0x01,
318  0x86, 0xda, 0x5e, 0x5d, 0x22, /* IPv4 hdr */
319  0x00, 0x50, 0xc8, 0x34, 0xaf, 0xbd, 0x02, 0x16, 0x56, 0xea, 0x3b, 0x41, 0x50, 0x18, 0x00,
320  0xee, 0xf9, 0xda, 0x00, 0x00, /* TCP probe src port 80 */
321  0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, 0x20, 0x4f, 0x4b,
322  0xd, 0xa /* HTTP response (HTTP/1.0 200 OK\r\n) */
323  };
324  char config[] = "\
325 %YAML 1.1\n\
326 ---\n\
327 decoder:\n\
328 \n\
329  vxlan:\n\
330  enabled: true\n\
331  ports: \"4789\"\n\
332  reserved-bits-check: permissive\n\
333 ";
334 
335  SCConfCreateContextBackup();
336  SCConfInit();
337  SCConfYamlLoadString(config, strlen(config));
338 
339  Packet *p = PacketGetFromAlloc();
340  FAIL_IF_NULL(p);
341  ThreadVars tv;
342  DecodeThreadVars dtv;
343  memset(&tv, 0, sizeof(ThreadVars));
344  memset(&dtv, 0, sizeof(DecodeThreadVars));
345 
346  DecodeVXLANConfig();
347  DecodeVXLANConfigPorts(VXLAN_DEFAULT_PORT_S);
348  FlowInitConfig(FLOW_QUIET);
349 
350  DecodeUDP(&tv, &dtv, p, raw_vxlan, sizeof(raw_vxlan));
351  FAIL_IF_NOT(PacketIsUDP(p));
352  FAIL_IF(tv.decode_pq.top == NULL);
353 
354  Packet *tp = PacketDequeueNoLock(&tv.decode_pq);
355  FAIL_IF_NOT(PacketIsTCP(tp));
356  FAIL_IF_NOT(tp->sp == 80);
357 
358  FlowShutdown();
359  PacketFree(p);
360  PacketFreeOrRelease(tp);
361  SCConfDeInit();
362  SCConfRestoreContextBackup();
363  PASS;
364 }
365 
366 /**
367  * \test DecodeVXLANtest04 tests strict mode with standard VXLAN header.
368  */
369 static int DecodeVXLANtest04(void)
370 {
371  uint8_t raw_vxlan[] = {
372  0x12, 0xb5, 0x12, 0xb5, 0x00, 0x3a, 0x87, 0x51, /* UDP header */
373  0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x25, 0x00, /* VXLAN header (strict compliant) */
374  0x10, 0x00, 0x00, 0x0c, 0x01, 0x00, /* inner destination MAC */
375  0x00, 0x51, 0x52, 0xb3, 0x54, 0xe5, /* inner source MAC */
376  0x08, 0x00, /* another IPv4 0x0800 */
377  0x45, 0x00, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x40, 0x11, 0x44, 0x45, 0x0a, 0x60, 0x00,
378  0x0a, 0xb9, 0x1b, 0x73, 0x06, /* IPv4 hdr */
379  0x00, 0x35, 0x30, 0x39, 0x00, 0x08, 0x98, 0xe4 /* UDP probe src port 53 */
380  };
381  char config[] = "\
382 %YAML 1.1\n\
383 ---\n\
384 decoder:\n\
385 \n\
386  vxlan:\n\
387  enabled: true\n\
388  ports: \"4789\"\n\
389  reserved-bits-check: strict\n\
390 ";
391 
392  SCConfCreateContextBackup();
393  SCConfInit();
394  SCConfYamlLoadString(config, strlen(config));
395 
396  Packet *p = PacketGetFromAlloc();
397  FAIL_IF_NULL(p);
398  ThreadVars tv;
399  DecodeThreadVars dtv;
400  memset(&tv, 0, sizeof(ThreadVars));
401  memset(&dtv, 0, sizeof(DecodeThreadVars));
402 
403  DecodeVXLANConfig();
404  DecodeVXLANConfigPorts(VXLAN_DEFAULT_PORT_S);
405  FlowInitConfig(FLOW_QUIET);
406 
407  DecodeUDP(&tv, &dtv, p, raw_vxlan, sizeof(raw_vxlan));
408  FAIL_IF_NOT(PacketIsUDP(p));
409  FAIL_IF(tv.decode_pq.top == NULL);
410 
411  Packet *tp = PacketDequeueNoLock(&tv.decode_pq);
412  FAIL_IF_NOT(PacketIsUDP(tp));
413  FAIL_IF_NOT(tp->sp == 53);
414 
415  FlowShutdown();
416  PacketFree(p);
417  PacketFreeOrRelease(tp);
418  SCConfDeInit();
419  SCConfRestoreContextBackup();
420  PASS;
421 }
422 
423 /**
424  * \test DecodeVXLANtest05 tests strict mode with GBP header (should fail).
425  */
426 static int DecodeVXLANtest05(void)
427 {
428  uint8_t raw_vxlan[] = {
429  0x12, 0xb5, 0x12, 0xb5, 0x00, 0x3a, 0x87, 0x51, /* UDP header */
430  0x88, 0x00, 0x12, 0x34, 0x00, 0x00, 0x25,
431  0x00, /* VXLAN-GBP header (G bit set, Group Policy ID) */
432  0x10, 0x00, 0x00, 0x0c, 0x01, 0x00, /* inner destination MAC */
433  0x00, 0x51, 0x52, 0xb3, 0x54, 0xe5, /* inner source MAC */
434  0x08, 0x00, /* another IPv4 0x0800 */
435  0x45, 0x00, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x40, 0x11, 0x44, 0x45, 0x0a, 0x60, 0x00,
436  0x0a, 0xb9, 0x1b, 0x73, 0x06, /* IPv4 hdr */
437  0x00, 0x35, 0x30, 0x39, 0x00, 0x08, 0x98, 0xe4 /* UDP probe src port 53 */
438  };
439  char config[] = "\
440 %YAML 1.1\n\
441 ---\n\
442 decoder:\n\
443 \n\
444  vxlan:\n\
445  enabled: true\n\
446  ports: \"4789\"\n\
447  reserved-bits-check: strict\n\
448 ";
449 
450  SCConfCreateContextBackup();
451  SCConfInit();
452  SCConfYamlLoadString(config, strlen(config));
453 
454  Packet *p = PacketGetFromAlloc();
455  FAIL_IF_NULL(p);
456  ThreadVars tv;
457  DecodeThreadVars dtv;
458  memset(&tv, 0, sizeof(ThreadVars));
459  memset(&dtv, 0, sizeof(DecodeThreadVars));
460 
461  DecodeVXLANConfig();
462  DecodeVXLANConfigPorts(VXLAN_DEFAULT_PORT_S);
463  FlowInitConfig(FLOW_QUIET);
464 
465  DecodeUDP(&tv, &dtv, p, raw_vxlan, sizeof(raw_vxlan));
466  FAIL_IF_NOT(PacketIsUDP(p));
467  /* Should fail to decode VXLAN in strict mode */
468  FAIL_IF(tv.decode_pq.top != NULL);
469 
470  FlowShutdown();
471  PacketFree(p);
472  SCConfDeInit();
473  SCConfRestoreContextBackup();
474  PASS;
475 }
476 
477 /**
478  * \test DecodeVXLANtest06 tests permissive mode with GBP header (should pass).
479  */
480 static int DecodeVXLANtest06(void)
481 {
482  uint8_t raw_vxlan[] = {
483  0x12, 0xb5, 0x12, 0xb5, 0x00, 0x3a, 0x87, 0x51, /* UDP header */
484  0x88, 0x00, 0x12, 0x34, 0x00, 0x00, 0x25,
485  0x00, /* VXLAN-GBP header (G bit set, Group Policy ID) */
486  0x10, 0x00, 0x00, 0x0c, 0x01, 0x00, /* inner destination MAC */
487  0x00, 0x51, 0x52, 0xb3, 0x54, 0xe5, /* inner source MAC */
488  0x08, 0x00, /* another IPv4 0x0800 */
489  0x45, 0x00, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x40, 0x11, 0x44, 0x45, 0x0a, 0x60, 0x00,
490  0x0a, 0xb9, 0x1b, 0x73, 0x06, /* IPv4 hdr */
491  0x00, 0x35, 0x30, 0x39, 0x00, 0x08, 0x98, 0xe4 /* UDP probe src port 53 */
492  };
493  char config[] = "\
494 %YAML 1.1\n\
495 ---\n\
496 decoder:\n\
497 \n\
498  vxlan:\n\
499  enabled: true\n\
500  ports: \"4789\"\n\
501  reserved-bits-check: permissive\n\
502 ";
503 
504  SCConfCreateContextBackup();
505  SCConfInit();
506  SCConfYamlLoadString(config, strlen(config));
507 
508  Packet *p = PacketGetFromAlloc();
509  FAIL_IF_NULL(p);
510  ThreadVars tv;
511  DecodeThreadVars dtv;
512  memset(&tv, 0, sizeof(ThreadVars));
513  memset(&dtv, 0, sizeof(DecodeThreadVars));
514 
515  DecodeVXLANConfig();
516  DecodeVXLANConfigPorts(VXLAN_DEFAULT_PORT_S);
517  FlowInitConfig(FLOW_QUIET);
518 
519  DecodeUDP(&tv, &dtv, p, raw_vxlan, sizeof(raw_vxlan));
520  FAIL_IF_NOT(PacketIsUDP(p));
521  FAIL_IF(tv.decode_pq.top == NULL);
522 
523  Packet *tp = PacketDequeueNoLock(&tv.decode_pq);
524  FAIL_IF_NOT(PacketIsUDP(tp));
525  FAIL_IF_NOT(tp->sp == 53);
526 
527  FlowShutdown();
528  PacketFree(p);
529  PacketFreeOrRelease(tp);
530  SCConfDeInit();
531  SCConfRestoreContextBackup();
532  PASS;
533 }
534 
535 /**
536  * \test DecodeVXLANtest07 tests that only destination port is checked for VXLAN identification.
537  * Source port 4789, destination port 53 DNS query should NOT be VXLAN.
538  */
539 static int DecodeVXLANtest07(void)
540 {
541  uint8_t raw_dns[] = {
542  0x12, 0xb5, 0x00, 0x35, 0x00, 0x24, 0xb9, 0xd7, /* UDP header (sp=4789, dp=53) */
543  0x49, 0xa1, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x67, 0x6f,
544  0x6f, 0x67, 0x6c, 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x1d, 0x00,
545  0x01 /* DNS query (google.com) */
546  };
547 
548  Packet *p = PacketGetFromAlloc();
549  FAIL_IF_NULL(p);
550  ThreadVars tv;
551  DecodeThreadVars dtv;
552  memset(&tv, 0, sizeof(ThreadVars));
553  memset(&dtv, 0, sizeof(DecodeThreadVars));
554 
555  DecodeVXLANConfigPorts(VXLAN_DEFAULT_PORT_S);
556  FlowInitConfig(FLOW_QUIET);
557 
558  DecodeUDP(&tv, &dtv, p, raw_dns, sizeof(raw_dns));
559  FAIL_IF_NOT(PacketIsUDP(p));
560 
561  /* Should not be VXLAN packet, and not invalid packet */
562  FAIL_IF(DecodeVXLANEnabledForPort(p->dp));
563  FAIL_IF(tv.decode_pq.top != NULL);
564  FAIL_IF(p->flags & PKT_IS_INVALID);
565 
566  FlowShutdown();
567  PacketFree(p);
568  PASS;
569 }
570 #endif /* UNITTESTS */
571 
572 void DecodeVXLANRegisterTests(void)
573 {
574 #ifdef UNITTESTS
575  UtRegisterTest("DecodeVXLANtest01",
576  DecodeVXLANtest01);
577  UtRegisterTest("DecodeVXLANtest02",
578  DecodeVXLANtest02);
579  UtRegisterTest("DecodeVXLANtest03", DecodeVXLANtest03);
580  UtRegisterTest("DecodeVXLANtest04", DecodeVXLANtest04);
581  UtRegisterTest("DecodeVXLANtest05", DecodeVXLANtest05);
582  UtRegisterTest("DecodeVXLANtest06", DecodeVXLANtest06);
583  UtRegisterTest("DecodeVXLANtest07", DecodeVXLANtest07);
584 #endif /* UNITTESTS */
585 }
VXLANHeader_
Definition: decode-vxlan.c:61
SCConfYamlLoadString
int SCConfYamlLoadString(const char *string, size_t len)
Load configuration from a YAML string.
Definition: conf-yaml-loader.c:523
VXLAN_UNSET_PORT
#define VXLAN_UNSET_PORT
Definition: decode-vxlan.c:46
len
uint8_t len
Definition: app-layer-dnp3.h:2
DECODE_TUNNEL_IPV6
@ DECODE_TUNNEL_IPV6
Definition: decode.h:1108
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
decode-vxlan.h
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:166
DecodeUDP
int DecodeUDP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-udp.c:75
PacketFreeOrRelease
void PacketFreeOrRelease(Packet *p)
Return a packet to where it was allocated.
Definition: decode.c:276
DecodeThreadVars_::counter_vxlan
uint16_t counter_vxlan
Definition: decode.h:1004
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:279
ETHERNET_TYPE_IPV6
#define ETHERNET_TYPE_IPV6
Definition: decode-ethernet.h:39
Packet_::flags
uint32_t flags
Definition: decode.h:544
VXLAN_HEADER_LEN
#define VXLAN_HEADER_LEN
Definition: decode-vxlan.c:43
VXLAN_UNKNOWN_PAYLOAD_TYPE
@ VXLAN_UNKNOWN_PAYLOAD_TYPE
Definition: decode-events.h:207
SCConfGetBool
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:497
VXLANReservedCheckMode
VXLANReservedCheckMode
Definition: decode-vxlan.c:50
VXLANHeader_::flags
uint8_t flags[2]
Definition: decode-vxlan.c:62
VXLAN_RES_CHECK_PERMISSIVE
@ VXLAN_RES_CHECK_PERMISSIVE
Definition: decode-vxlan.c:52
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:82
DecodeVXLANConfig
void DecodeVXLANConfig(void)
Definition: decode-vxlan.c:104
util-unittest.h
VXLAN_MAX_PORTS
#define VXLAN_MAX_PORTS
Definition: decode-vxlan.c:45
ETHERNET_TYPE_8021QINQ
#define ETHERNET_TYPE_8021QINQ
Definition: decode-ethernet.h:47
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:81
PKT_SET_SRC
#define PKT_SET_SRC(p, src_val)
Definition: decode.h:1327
SCConfInit
void SCConfInit(void)
Initialize the configuration system.
Definition: conf.c:120
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:547
DetectPortParse
int DetectPortParse(const DetectEngineCtx *de_ctx, DetectPort **head, const char *str)
Function for parsing port strings.
Definition: detect-engine-port.c:1185
decode.h
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
VXLAN_RES_CHECK_STRICT
@ VXLAN_RES_CHECK_STRICT
Definition: decode-vxlan.c:51
ETHERNET_TYPE_8021AD
#define ETHERNET_TYPE_8021AD
Definition: decode-ethernet.h:43
PacketDequeueNoLock
Packet * PacketDequeueNoLock(PacketQueueNoLock *qnl)
Definition: packet-queue.c:208
VXLAN_DEFAULT_PORT
#define VXLAN_DEFAULT_PORT
Definition: decode-vxlan.c:47
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
Packet_::sp
Port sp
Definition: decode.h:508
eth_type
uint16_t eth_type
Definition: decode-ethernet.h:2
PacketFree
void PacketFree(Packet *p)
Return a malloced packet.
Definition: decode.c:219
detect-engine-port.h
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:259
DetectPort_
Port structure for detection engine.
Definition: detect.h:220
DECODE_TUNNEL_VLAN
@ DECODE_TUNNEL_VLAN
Definition: decode.h:1106
Packet_
Definition: decode.h:501
VXLANHeader
struct VXLANHeader_ VXLANHeader
conf-yaml-loader.h
DECODE_TUNNEL_IPV4
@ DECODE_TUNNEL_IPV4
Definition: decode.h:1107
ETHERNET_HEADER_LEN
#define ETHERNET_HEADER_LEN
Definition: decode-ethernet.h:27
DecodeVXLAN
int DecodeVXLAN(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Definition: decode-vxlan.c:144
SCConfCreateContextBackup
void SCConfCreateContextBackup(void)
Creates a backup of the conf_hash hash_table used by the conf API.
Definition: conf.c:684
decode-events.h
Flow_::next
struct Flow_ * next
Definition: flow.h:388
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
PacketEnqueueNoLock
void PacketEnqueueNoLock(PacketQueueNoLock *qnl, Packet *p)
Definition: packet-queue.c:168
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
SCNtohs
#define SCNtohs(x)
Definition: suricata-common.h:431
suricata-common.h
PacketQueueNoLock_::top
struct Packet_ * top
Definition: packet-queue.h:35
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:691
VXLANHeader_::vni
uint8_t vni[3]
Definition: decode-vxlan.c:64
VXLANHeader_::res
uint8_t res
Definition: decode-vxlan.c:65
DecodeVXLANEnabledForPort
bool DecodeVXLANEnabledForPort(const uint16_t dp)
Definition: decode-vxlan.c:68
SCConfDeInit
void SCConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:703
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
VXLANHeader_::gdp
uint16_t gdp
Definition: decode-vxlan.c:63
util-validate.h
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:258
PKT_SRC_DECODER_VXLAN
@ PKT_SRC_DECODER_VXLAN
Definition: decode.h:60
DecodeVXLANRegisterTests
void DecodeVXLANRegisterTests(void)
Definition: decode-vxlan.c:572
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:181
head
Flow * head
Definition: flow-hash.h:1
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:963
SCConfRestoreContextBackup
void SCConfRestoreContextBackup(void)
Restores the backup of the hash_table present in backup_conf_hash back to conf_hash.
Definition: conf.c:694
ETHERNET_TYPE_ARP
#define ETHERNET_TYPE_ARP
Definition: decode-ethernet.h:35
ThreadVars_::decode_pq
PacketQueueNoLock decode_pq
Definition: threadvars.h:112
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition: decode.h:1196
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:43
ETHERNET_TYPE_VLAN
#define ETHERNET_TYPE_VLAN
Definition: decode-vlan.h:31
PacketTunnelPktSetup
Packet * PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent, const uint8_t *pkt, uint32_t len, enum DecodeTunnelProto proto)
Setup a pseudo packet (tunnel)
Definition: decode.c:393
VXLAN_DEFAULT_PORT_S
#define VXLAN_DEFAULT_PORT_S
Definition: decode-vxlan.c:48
flow.h
Packet_::dp
Port dp
Definition: decode.h:516
SCConfNode_
Definition: conf.h:37
SCConfNode_::val
char * val
Definition: conf.h:39
ETHERNET_TYPE_IP
#define ETHERNET_TYPE_IP
Definition: decode-ethernet.h:34
DetectPortCleanupList
void DetectPortCleanupList(const DetectEngineCtx *de_ctx, DetectPort *head)
Free a DetectPort list and each of its members.
Definition: detect-engine-port.c:124
DECODE_TUNNEL_UNSET
@ DECODE_TUNNEL_UNSET
Definition: decode.h:1113
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
PKT_IS_INVALID
#define PKT_IS_INVALID
Definition: decode.h:1293