vlan: support more than 2 layers
When running 2 x 8100 vlan tags within my data the packets are parsed neatly into the eve.json log file in the format "vlan":[123,987]. We have just added a third tag to this data and despite being able to validate the tags in pcaps, the traffic is no longer be parsed into the eve.json log at all.
Is this a system limitation or a bug?
1 (1 open — 0 closed)
Currently Suricata will only deal with a max of 2 vlans per packet.
Thanks for the speedy response. Is it on the roadmap to resolve this?
- Tracker changed from Bug to Feature
- Subject changed from 3 VLAN tags breaks eve.json to vlan: support more than 2 layers
- Affected Versions deleted (
Not yet, but you're not the first to bring this up. So I think it should be addressed.
- Assignee set to OISF Dev
- Target version set to TBD
- Target version changed from TBD to 6.0.0beta1
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Victor Julien
- Target version changed from 6.0.0beta1 to 7.0.0-beta1
- Related to Optimization #5476: decoder: compact & flexible storage of decoder data in the packet added
- Status changed from Assigned to In Review
- Assignee changed from Victor Julien to Jeff Lucovsky
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
- Target version changed from 7.0.0-rc1 to 8.0.0-beta1
- Status changed from In Review to Closed
Also available in: Atom