Project

General

Profile

Actions

Task #3515

closed

GRE ERSPAN Type 1 Support configuration

Added by Jeff Lucovsky over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
low
Difficulty:
low
Label:
Protocol

Description

Issue 3481 backports ERPAN Type I decode support to 5.0.x and makes it configurable:

decoder.erspan.typeI.enabled

Because of the potential change to the amount of packets being decoded, the decode support was made configurable with the default value providing no ERSPAN Type I decoding.

Future versions of Suricata, 6.0.x and higher, should check the value of the configuration value.

Some possible courses of action, if the configuration value exists:

1. Log an error message stating ERSPAN Type I decode is no longer configurable and exit.
2.Log a warning message stating that ESPAN Type I decode is no longer configurable and continue.
3. Use the configuration setting to determine if ERSPAN Type I decode should be performed.


Files

record3.pcap (6.42 KB) record3.pcap Golan Sharon, 12/18/2019 12:51 PM

Related issues 1 (0 open1 closed)

Copied from Suricata - Feature #3481: GRE ERSPAN Type 1 SupportClosedJeff LucovskyActions
Actions #1

Updated by Jeff Lucovsky over 4 years ago

Actions #2

Updated by Jeff Lucovsky over 4 years ago

There's one recommendation for choice 2.

Actions #3

Updated by Jeff Lucovsky over 4 years ago

  • Status changed from New to Assigned
Actions #4

Updated by Victor Julien over 4 years ago

Agreed, lets go with suggestion 2.

Actions #5

Updated by Jeff Lucovsky over 4 years ago

  • Status changed from Assigned to In Review
Actions #6

Updated by Jeff Lucovsky over 4 years ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF