Project

General

Profile

Actions
Copy link

Feature #1445

closed
GS VJ

Suricata does not work on pfSense/FreeBSD interfaces using PPPoE

Feature #1445: Suricata does not work on pfSense/FreeBSD interfaces using PPPoE

Added by Greg Siemon about 11 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
2.1beta4
Effort:
Difficulty:
Label:

Description

I've searched the issues database and can't find where anyone has logged a bug regarding this issue which has been discussed for sometime on the pfSense forums.

It appears that Suricata does not work on interfaces with PPPoE enabled on pfSense (and possibly any FreeBSD based OS). The system logs are filled with the following error if Suricata is enabled on a PPPoE:

Jun 26 09:09:04    suricata[20617]: 26/6/2014 -- 09:09:04 - <Error> -- [ERRCODE: SC_ERR_DATALINK_UNIMPLEMENTED(38)] - Error: datalink type 0 not yet supported in module DecodePcap

Please see following pfSense forum posts for some previous discussion on the issue:
https://forum.pfsense.org/index.php?topic=73906.msg411752#msg411752
https://forum.pfsense.org/index.php?topic=84529.0
https://forum.pfsense.org/index.php?topic=75780.msg451515#msg451515

As far as I can tell PPPoE should be supported but isn't working in this case, hence the Bug Report. If this is intentional, please convert this to a Feature request.

Files

packetcapture suricata.cap (199 KB) packetcapture suricata.cap Greg Siemon, 04/13/2015 04:14 AM
Actions
Copy link

Also available in: PDF Atom