Suricata

This feature would implement a protocol decoder similar to GENEVE or VXLAN and allow packets encapsulated with L2TPv3 to be decoded further within Suricata.

The Linux kernel supports L2TPv3, and a few network vendors use L2TPv3 tunnels within their deployments such as Juniper's MIST line of Wireless APs for tunnelling of data between the APs and the controllers or Mikrotik's "l2tp-ether" implementation.

I've got a pull request ready for a l2tpv3 decoder against Suricata v7 and I'm happy to send a pull request on GitHub for the v9 development branch but opened this issue on the advice of @Jamie Lavigne to discuss beforehand.

L2TPv3 RFC: https://datatracker.ietf.org/doc/html/rfc3931