Project

General

Profile

Actions
Copy link

Feature #2816

closed
TG JL

vlan: support more than 2 layers

Feature #2816: vlan: support more than 2 layers

Added by Tony Gumbrell about 7 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jeff Lucovsky
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:
Protocol

Description

When running 2 x 8100 vlan tags within my data the packets are parsed neatly into the eve.json log file in the format "vlan":[123,987]. We have just added a third tag to this data and despite being able to validate the tags in pcaps, the traffic is no longer be parsed into the eve.json log at all.

Is this a system limitation or a bug?

Thanks

Related issues 1 (1 open0 closed)

Related to Suricata - Optimization #5476: decoder: compact & flexible storage of decoder data in the packetAssignedVictor JulienActions

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
 #1

Currently Suricata will only deal with a max of 2 vlans per packet.

TG Updated by Tony Gumbrell about 7 years ago Actions
Copy link
 #2

Thanks for the speedy response. Is it on the roadmap to resolve this?

VJ Updated by Victor Julien about 7 years ago Actions
Copy link
 #3

  • Tracker changed from Bug to Feature
  • Subject changed from 3 VLAN tags breaks eve.json to vlan: support more than 2 layers
  • Affected Versions deleted (4.1)

Not yet, but you're not the first to bring this up. So I think it should be addressed.

AH Updated by Andreas Herz almost 7 years ago Actions
Copy link
 #4

  • Assignee set to OISF Dev
  • Target version set to TBD

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #5

  • Target version changed from TBD to 6.0.0beta1

VJ Updated by Victor Julien about 6 years ago Actions
Copy link
 #6

  • Label Protocol added

VJ Updated by Victor Julien about 6 years ago Actions
Copy link
 #7

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #8

  • Target version changed from 6.0.0beta1 to 7.0.0-beta1

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #9

  • Related to Optimization #5476: decoder: compact & flexible storage of decoder data in the packet added

JL Updated by Jeff Lucovsky over 3 years ago Actions
Copy link
 #10

  • Status changed from Assigned to In Review
  • Assignee changed from Victor Julien to Jeff Lucovsky

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #11

  • Target version changed from 7.0.0-beta1 to 7.0.0-rc1

VJ Updated by Victor Julien about 3 years ago Actions
Copy link
 #12

  • Target version changed from 7.0.0-rc1 to 8.0.0-beta1

JL Updated by Jeff Lucovsky almost 3 years ago Actions
Copy link
 #13

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: PDF Atom