Bug #1742: vlan use-for-tracking including Priority in hashing - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1742

closed

vlan use-for-tracking including Priority in hashing

Added by Andrew Brown over 8 years ago. Updated over 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

3.0.1RC1

Affected Versions:

Effort:

Difficulty:

Label:

Description

I had an issue on my switch until today where some packets entering the switch were getting tagged with Priority 2, and others were not (still Priority 0) even though every interface had a priority of 2 set. This was causing Suricata to split my streams when vlan: use-for-tracking was set to true.

While I think it's probably an abnormal practice to have different priorities on packets going different directions in a stream, I think it is counter-intuitive to break the flow on that. But if this is expected then please close this ticket.

I've attached a screenshot of the two packets in case that helps.

Files

Priorities.png (73.3 KB) Priorities.png

2 consecutive packets in a stream with different 802.1p priorities, which breaks the stream in suricata.

Andrew Brown, 03/10/2016 08:26 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #1742

vlan use-for-tracking including Priority in hashing

Updated by Victor Julien over 8 years ago

Updated by Andrew Brown over 8 years ago

Updated by Victor Julien over 8 years ago

Updated by Victor Julien over 8 years ago

Updated by Victor Julien over 8 years ago