search

cablelabs / transparent-security

Transparent Security is a solution for identify the source devices of a DDoS attack and mitigates the attack in the customer premises or the access network. This solution leverages a P4 based programmable data plane for add in-band network telemetry (INT) for device identification and in-band mitigation.
https://www.cablelabs.com/vaccinate-your-network-to-prevent-the-spread-of-ddos-attacks
Apache License 2.0
32 stars 4 forks source link

Bug fix when TRPT not configured and added bridge_md for all packets #386

Closed spisarski closed 3 years ago

spisarski commented 3 years ago

What does this PR do?

Fixes #385, Fixes #273, Fixes #388, Fixes #393, Fixes #387

Added TRPT logic only when table is configured Added bridge metadata to normal packets as mirrored ones have a value of 0x2 and using that value to determine mirroring was poor logic. Now that the egress processing always has a byte added to the header we can parse the headers the same as mirrored packets. Normal packets will have a prepended header byte value of 0x1

Do you have any concerns with this PR?

no

How can the reviewer verify this PR?

ensure CI didn't fail

Any background context you want to provide?

Found this bug in the lab_trial environment where the hosts had mac addresses starting with 0x2 as the first byte which was messing up with the parsing logic resulting in the first real byte of the original packet to get dropped.

Screenshots or logs (if appropriate)

Questions:

spisarski commented 3 years ago

Run Tofino Environment Build

spisarski commented 3 years ago

Run Tofino lab trial build

spisarski commented 3 years ago

Run Tofino lab trial build