diff --git a/src/packet_analysis/protocol/vxlan/VXLAN.cc b/src/packet_analysis/protocol/vxlan/VXLAN.cc index 7bc7b75c3e..2c063b329d 100644 --- a/src/packet_analysis/protocol/vxlan/VXLAN.cc +++ b/src/packet_analysis/protocol/vxlan/VXLAN.cc @@ -58,8 +58,6 @@ bool VXLAN_Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack ec->ip_hdr->ToPktHdrVal(), val_mgr->Count(vni)); } } - else - AnalyzerViolation("VXLAN invalid inner packet", packet->session); return fwd_ret_val; } diff --git a/testing/btest/Baseline/core.tunnels.vxlan-unknown-internal-packet/conn.log b/testing/btest/Baseline/core.tunnels.vxlan-unknown-internal-packet/conn.log new file mode 100644 index 0000000000..200f6e79b9 --- /dev/null +++ b/testing/btest/Baseline/core.tunnels.vxlan-unknown-internal-packet/conn.log @@ -0,0 +1,12 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open 2023-01-25-16-21-59 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +1673538029.809899 CHhAvVGS1DHFjwGM9 172.30.0.1 48036 172.30.0.2 4789 udp - - - - OTH - - 0 C 0 0 0 0 - +1673538054.797831 ClEkJM2Vm5giqnMf4h 172.30.0.1 45303 172.30.0.2 4789 udp - - - - OTH - - 0 C 0 0 0 0 - +1673538167.375490 C4J4Th3PJpwUYZZ6gc 172.30.0.1 36030 172.30.0.2 4789 udp - - - - OTH - - 0 C 0 0 0 0 - +#close 2023-01-25-16-21-59 diff --git a/testing/btest/Traces/tunnels/vxlan-encapsulated-igmp-v2.pcap b/testing/btest/Traces/tunnels/vxlan-encapsulated-igmp-v2.pcap new file mode 100644 index 0000000000..1e0206ac52 Binary files /dev/null and b/testing/btest/Traces/tunnels/vxlan-encapsulated-igmp-v2.pcap differ diff --git a/testing/btest/core/tunnels/vxlan-unknown-internal-packet.zeek b/testing/btest/core/tunnels/vxlan-unknown-internal-packet.zeek new file mode 100644 index 0000000000..af80d894b9 --- /dev/null +++ b/testing/btest/core/tunnels/vxlan-unknown-internal-packet.zeek @@ -0,0 +1,10 @@ +# This test validates that we can read VXLAN traffic without throwing analyzer violations +# when the internal packets are something we can't process. In this case, the internal +# packets are IGMP, which we don't have an analyzer for. + +# @TEST-EXEC: zeek -r $TRACES/tunnels/vxlan-encapsulated-igmp-v2.pcap %INPUT +# @TEST-EXEC: btest-diff conn.log +# @TEST-EXEC: ! test -f analyzer.log + +@load base/frameworks/tunnels +@load base/protocols/conn