Actions
Feature #6260
closed
CD
CD
flow: flow matching excluding packet recursion level
Feature #6260:
flow: flow matching excluding packet recursion level
Effort:
low
Difficulty:
low
Label:
Description
Add config for controlling the use of packet recursion level in the flow (and defrag) hashing. Packet recursion should be excluded from flow matching if egress packet pickup of tunneled packets occurs before the kernel has put the headers on, like when using netmap pipes, and the suricata device is a tunnel termination point.
CD Updated by Cole Dishington over 2 years ago
Added pull requests for suricata and suricata-verify:
https://github.com/OISF/suricata/pull/9363
https://github.com/OISF/suricata-verify/pull/1348
JL Updated by Jeff Lucovsky over 2 years ago
- Status changed from New to In Review
VJ Updated by Victor Julien over 2 years ago
- Target version changed from 7.0.1 to 7.0.2
VJ Updated by Victor Julien over 2 years ago
- Target version changed from 7.0.2 to 7.0.3
VJ Updated by Victor Julien over 2 years ago
- Target version changed from 7.0.3 to 8.0.0-beta1
CD Updated by Cole Dishington about 2 years ago
PA Updated by Philippe Antoine about 2 years ago
- Tracker changed from Bug to Feature
CD Updated by Cole Dishington over 1 year ago
This feature should address the issue in https://forum.suricata.io/t/suricata-on-ipip-tunneled-packets/4850/2
VJ Updated by Victor Julien about 1 year ago
- Status changed from In Review to Closed
VJ Updated by Victor Julien about 1 year ago
- Subject changed from Support flow matching excluding packet recursion level to flow: flow matching excluding packet recursion level
Actions