Transparent Security is a solution for identify the source devices of a DDoS attack and mitigates the attack in the customer premises or the access network. This solution leverages a P4 based programmable data plane for add in-band network telemetry (INT) for device identification and in-band mitigation.
Added TRPT logic only when table is configured
Added bridge metadata to normal packets as mirrored ones have a value of 0x2 and using that value to determine mirroring was poor logic. Now that the egress processing always has a byte added to the header we can parse the headers the same as mirrored packets. Normal packets will have a prepended header byte value of 0x1
Do you have any concerns with this PR?
no
How can the reviewer verify this PR?
ensure CI didn't fail
Any background context you want to provide?
Found this bug in the lab_trial environment where the hosts had mac addresses starting with 0x2 as the first byte which was messing up with the parsing logic resulting in the first real byte of the original packet to get dropped.
Screenshots or logs (if appropriate)
Questions:
Have you connected this PR to the issue it resolves? yes
Does the documentation need an update? no
Does this add new dependencies? no
Have you added unit or functional tests for this PR? no
What does this PR do?
Fixes #385, Fixes #273, Fixes #388, Fixes #393, Fixes #387
Added TRPT logic only when table is configured Added bridge metadata to normal packets as mirrored ones have a value of 0x2 and using that value to determine mirroring was poor logic. Now that the egress processing always has a byte added to the header we can parse the headers the same as mirrored packets. Normal packets will have a prepended header byte value of 0x1
Do you have any concerns with this PR?
no
How can the reviewer verify this PR?
ensure CI didn't fail
Any background context you want to provide?
Found this bug in the lab_trial environment where the hosts had mac addresses starting with 0x2 as the first byte which was messing up with the parsing logic resulting in the first real byte of the original packet to get dropped.
Screenshots or logs (if appropriate)
Questions: