Actions
Support #3456
closedAF_PACKET in IPS Mode Drop GRE
Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:
Description
Hey Team,
I have a some misunderstanding such Suricata behavior purpose. In IPS mode, which use AF_PACKET Suricata drops some GRE packet.
How I can do, so that Suricata will ignore and bypass GRE traffic in IPS mode?
drop.log:
02/06/2020-11:08:39.354518: IN= OUT= SRC=<src_ip> DST=<dest_ip> LEN=64 TOS=0x00 TTL=253 ID=51883 PROTO=GRE Unknown protocol 02/06/2020-11:08:41.757095: IN= OUT= SRC=<src_ip> DST=<dest_ip> LEN=64 TOS=0x00 TTL=253 ID=57167 PROTO=GRE Unknown protocol 02/06/2020-11:08:42.891276: IN= OUT= SRC=<src_ip> DST=<dest_ip> LEN=64 TOS=0x00 TTL=253 ID=59688 PROTO=GRE Unknown protocol 02/06/2020-11:08:45.069087: IN= OUT= SRC=<src_ip> DST=<dest_ip> LEN=64 TOS=0x00 TTL=253 ID=64274 PROTO=GRE Unknown protocol 02/06/2020-11:08:47.539530: IN= OUT= SRC=<src_ip> DST=<dest_ip> LEN=64 TOS=0x00 TTL=253 ID=3785 PROTO=GRE Unknown protocol
Actions