Feature #3953: 8021BR E packet decoder - Suricata - Open Information Security Foundation

Actions

Feature #3953

closed

SB FZ

8021BR E packet decoder

Feature #3953: 8021BR E packet decoder

Added by Shivani Bhardwaj over 5 years ago. Updated 7 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

Effort:

low

Difficulty:

low

Label:

Beginner, C, Protocol

Description

Add packet decoder for 802.1BR E-tag. See the pcaps attached to the ticket. You can use setup/setup-decoder.sh to bootstrap a new packet decoder. The minimal functionality should be that the decoder gets called when the ethernet header has a ethertype indicating this header type (see DecodeNetworkLayer, and then the header should be decoded to find the next ethertype, for which the correct packet decoder should be called as well then.

Wireshark is a useful tool to inspect the pcaps and see how the headers are aranged.

As part of this ticket Suricata-Verify tests should be created using both pcaps.

Files

Download all files

802.1BR-Etag-example2.pcap (116 Bytes) 802.1BR-Etag-example2.pcap		Victor Julien, 10/26/2020 06:57 AM
802.1BR-Etag-example.pcap (108 Bytes) 802.1BR-Etag-example.pcap		Victor Julien, 10/26/2020 06:57 AM

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#1

Subject changed from 8021BR E pkt decoder © to 8021BR E packet decoder

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#2

Label Protocol added

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#3

Assignee set to Community Ticket
Target version set to TBD
Effort set to low
Difficulty set to low
Label Beginner, C added

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#4

Pcaps: https://forum.suricata.io/t/802-1br-e-tag-support/594

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
#5

Description updated (diff)

VJ Updated by Victor Julien over 5 years ago Actions
Copy link Download all files
#6

File 802.1BR-Etag-example2.pcap 802.1BR-Etag-example2.pcap added
File 802.1BR-Etag-example.pcap 802.1BR-Etag-example.pcap added

Pcaps from the forum link attached.

SP Updated by Sumera Priyadarsini over 5 years ago Actions
Copy link
#7

Assignee changed from Community Ticket to Sumera Priyadarsini

JF Updated by Juliana Fajardini Reichow over 2 years ago Actions
Copy link
#8

Target version changed from TBD to 8.0.0-beta1

Hi there, according to our guidelines for stale tickets, I'm unassigning this ticket.

Thanks for all your contributions to our project, and feel free to reach out in case you have time and want to contribute to Suricata again :) :)

Refer to:
https://forum.suricata.io/t/important-outreachy-contribution-phase-wrap-up-prs-claimed-tickets-and-more
https://docs.suricata.io/en/latest/devguide/codebase/contributing/contribution-process.html#stale-tickets-policy

JF Updated by Juliana Fajardini Reichow over 2 years ago Actions
Copy link
#9

Assignee changed from Sumera Priyadarsini to Community Ticket

VJ Updated by Victor Julien almost 2 years ago Actions
Copy link
#10

Target version changed from 8.0.0-beta1 to TBD

FZ Updated by Fupeng Zhao 7 months ago Actions
Copy link
#11

Assignee changed from Community Ticket to Fupeng Zhao

https://github.com/OISF/suricata/pull/13814

VJ Updated by Victor Julien 7 months ago Actions
Copy link
#12

Status changed from New to In Review
Target version changed from TBD to 9.0.0-beta1

FZ Updated by Fupeng Zhao 7 months ago Actions
Copy link
#13

Status changed from In Review to Closed

Merged in https://github.com/OISF/suricata/pull/13880

JI Updated by Jason Ish 7 months ago · Edited Actions
Copy link
#14

Status changed from Closed to In Review

JI Updated by Jason Ish 7 months ago Actions
Copy link
#15

Status changed from In Review to Closed

Actions

Also available in: PDF Atom