decode/erspan: ERSPAN TypeI configurable

For the backport, ERSPAN TypeI decode is

1. Disabled by default
2. Configurable: `decoder.erspan_typeI.enabled`

(cherry picked from commit ae6beedd13)
(cherry picked from commit 33b56b31b5)

src/decode-erspan.c

@@ -43,12 +43,26 @@
  * \brief Functions to decode ERSPAN Type I and II packets
  */
 
+bool g_erspan_typeI_enabled = false;
+
+void DecodeERSPANConfig(void)
+{
+    int enabled = 0;
+    if (ConfGetBool("decoder.erspan.typeI.enabled", &enabled) == 1) {
+        g_erspan_typeI_enabled = (enabled == 1);
+    }
+    SCLogDebug("ERSPAN Type I decode support %s", g_erspan_typeI_enabled ? "enabled" : "disabled");
+}
+
 /**
  * \brief ERSPAN Type I
  */
 int DecodeERSPANTypeI(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p,
                       uint8_t *pkt, uint32_t len, PacketQueue *pq)
 {
+    if (unlikely(!g_erspan_typeI_enabled))
+        return TM_ECODE_FAILED;
+
     StatsIncr(tv, dtv->counter_erspan);
 
     return DecodeEthernet(tv, dtv, p, pkt, len, pq);

src/decode-erspan.h

@@ -34,4 +34,5 @@ typedef struct ErspanHdr_ {
     uint32_t padding;
 } __attribute__((__packed__)) ErspanHdr;
 
+void DecodeERSPANConfig(void);
 #endif /* __DECODE_ERSPAN_H__ */

src/decode.c

@@ -698,6 +698,7 @@ void DecodeGlobalConfig(void)
 {
     DecodeTeredoConfig();
     DecodeVXLANConfig();
+    DecodeERSPANConfig();
 }
 
 /**

suricata.yaml.in

@@ -1408,6 +1408,10 @@ decoder:
   vxlan:
     enabled: false
     ports: $VXLAN_PORTS # syntax: '8472, 4789'
+  # ERSPAN Type I decode support
+  erspan:
+    typeI:
+      enabled: false
 
 
 ##