Bug #1742
closedvlan use-for-tracking including Priority in hashing
Description
I had an issue on my switch until today where some packets entering the switch were getting tagged with Priority 2, and others were not (still Priority 0) even though every interface had a priority of 2 set. This was causing Suricata to split my streams when vlan: use-for-tracking was set to true.
While I think it's probably an abnormal practice to have different priorities on packets going different directions in a stream, I think it is counter-intuitive to break the flow on that. But if this is expected then please close this ticket.
I've attached a screenshot of the two packets in case that helps.
Files
Updated by Victor Julien about 8 years ago
Are you able to (private) share a small pcap? Preferably with a single TCP session with different priorities.
Updated by Andrew Brown about 8 years ago
PCAP sent via email this morning. Let me know if it is sufficient.
Updated by Victor Julien about 8 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 70
Updated by Victor Julien about 8 years ago
PF_RING just pushed a fix https://github.com/ntop/PF_RING/commit/e4de2809f749eaddbd678fc11466606049538a68
Updated by Victor Julien about 8 years ago
- Status changed from Assigned to Closed
- Target version changed from 70 to 3.0.1RC1