Actions
Feature #2816
closedvlan: support more than 2 layers
Effort:
Difficulty:
Label:
Protocol
Description
When running 2 x 8100 vlan tags within my data the packets are parsed neatly into the eve.json log file in the format "vlan":[123,987]. We have just added a third tag to this data and despite being able to validate the tags in pcaps, the traffic is no longer be parsed into the eve.json log at all.
Is this a system limitation or a bug?
Thanks
Updated by Victor Julien about 5 years ago
Currently Suricata will only deal with a max of 2 vlans per packet.
Updated by Tony Gumbrell about 5 years ago
Thanks for the speedy response. Is it on the roadmap to resolve this?
Updated by Victor Julien about 5 years ago
- Tracker changed from Bug to Feature
- Subject changed from 3 VLAN tags breaks eve.json to vlan: support more than 2 layers
- Affected Versions deleted (
4.1)
Not yet, but you're not the first to bring this up. So I think it should be addressed.
Updated by Andreas Herz almost 5 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Victor Julien over 4 years ago
- Target version changed from TBD to 6.0.0beta1
Updated by Victor Julien about 4 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Victor Julien
Updated by Victor Julien over 3 years ago
- Target version changed from 6.0.0beta1 to 7.0.0-beta1
Updated by Victor Julien over 1 year ago
- Related to Optimization #5476: decoder: compact & flexible storage of decoder data in the packet added
Updated by Jeff Lucovsky over 1 year ago
- Status changed from Assigned to In Review
- Assignee changed from Victor Julien to Jeff Lucovsky
Updated by Victor Julien over 1 year ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Victor Julien about 1 year ago
- Target version changed from 7.0.0-rc1 to 8.0.0-beta1
Updated by Jeff Lucovsky 11 months ago
- Status changed from In Review to Closed
Actions