Feature #8334: firewall: allow matching on packet layers - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #8334

open

VJ OD

firewall: allow matching on packet layers

Feature #8334: firewall: allow matching on packet layers

Added by Victor Julien 4 months ago. Updated 13 days ago.

Status:

Triaged

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

The firewall mode should be able to distinguish between "Ethernet/IP/TCP" and "Ethernet/VLAN/GRE/Ethernet/IP/TCP". A packet should somehow expose this to the detection engine.

Perhaps a field that holds a list of protocol id's, starting at the datalink:
DLT_EN10MB:IPV4:TCP

Perhaps this would just be string buffer, where we can match using content.

Related issues 1 (1 open — 0 closed)

VJ Updated by Victor Julien 3 months ago Actions
Copy link
#1

Related to Task #8435: firewall: investigate handling of encapsulation/tunneling like GRE/VXLAN added

JI Updated by Jason Ish 13 days ago Actions
Copy link
#2

Status changed from New to Triaged
Assignee set to OISF Dev

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #8334

firewall: allow matching on packet layers

VJ Updated by Victor Julien 3 months ago Actions
Copy link
#1

JI Updated by Jason Ish 13 days ago Actions
Copy link
#2

Project

General

Profile

Suricata

Custom queries

Feature #8334

firewall: allow matching on packet layers

VJ Updated by Victor Julien 3 months ago ActionsCopy link #1

JI Updated by Jason Ish 13 days ago ActionsCopy link #2

VJ Updated by Victor Julien 3 months ago Actions
Copy link
#1

JI Updated by Jason Ish 13 days ago Actions
Copy link
#2