Project

General

Profile

Actions
Copy link

Feature #3953

closed

8021BR E packet decoder

Added by Shivani Bhardwaj about 5 years ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Fupeng Zhao
Target version:
9.0.0-beta1
Effort:
low
Difficulty:
low
Label:
Beginner, C, Protocol

Description

Add packet decoder for 802.1BR E-tag. See the pcaps attached to the ticket. You can use setup/setup-decoder.sh to bootstrap a new packet decoder. The minimal functionality should be that the decoder gets called when the ethernet header has a ethertype indicating this header type (see DecodeNetworkLayer, and then the header should be decoded to find the next ethertype, for which the correct packet decoder should be called as well then.

Wireshark is a useful tool to inspect the pcaps and see how the headers are aranged.

As part of this ticket Suricata-Verify tests should be created using both pcaps.

Files

Download all files
802.1BR-Etag-example2.pcap (116 Bytes) 802.1BR-Etag-example2.pcap Victor Julien, 10/26/2020 06:57 AM
802.1BR-Etag-example.pcap (108 Bytes) 802.1BR-Etag-example.pcap Victor Julien, 10/26/2020 06:57 AM
Actions
Copy link

Also available in: Atom PDF