Feature #7986
openprotocol decoder: l2tpv3
Description
This feature would implement a protocol decoder similar to GENEVE or VXLAN and allow packets encapsulated with L2TPv3 to be decoded further within Suricata.
The Linux kernel supports L2TPv3, and a few network vendors use L2TPv3 tunnels within their deployments such as Juniper's MIST line of Wireless APs for tunnelling of data between the APs and the controllers or Mikrotik's "l2tp-ether" implementation.
I've got a pull request ready for a l2tpv3 decoder against Suricata v7 and I'm happy to send a pull request on GitHub for the v9 development branch but opened this issue on the advice of @lavignen to discuss beforehand.
L2TPv3 RFC: https://datatracker.ietf.org/doc/html/rfc3931
VJ Updated by Victor Julien 7 months ago ยท Edited
- Status changed from New to Assigned
- Target version changed from TBD to 9.0.0-beta1
Hi @Damian Poole, this would certainly be a welcome addition. I didn't see a PR for Suricata 7, but indeed lets work again the main branch and then we can go through the backport steps after it is merged there. Assuming it's not too intrusive we'd probably accept it for backports towards 7 and 8.
(btw I gave you the developer role here in redmine)
DP Updated by Damian Poole 7 months ago
Pull Request: https://github.com/OISF/suricata/pull/14023
VJ Updated by Victor Julien 7 months ago
- Status changed from Assigned to In Review
PA Updated by Philippe Antoine 25 days ago
PA Updated by Philippe Antoine about 9 hours ago
- Status changed from In Review to Assigned
Repuuting in assigned state as PR got closed as stale