Feature #8334: firewall: allow matching on packet layers - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #8334

open

firewall: allow matching on packet layers

Feature #8334: firewall: allow matching on packet layers

Added by Victor Julien about 2 months ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

TBD

Effort:

Difficulty:

Label:

Description

The firewall mode should be able to distinguish between "Ethernet/IP/TCP" and "Ethernet/VLAN/GRE/Ethernet/IP/TCP". A packet should somehow expose this to the detection engine.

Perhaps a field that holds a list of protocol id's, starting at the datalink:
DLT_EN10MB:IPV4:TCP

Perhaps this would just be string buffer, where we can match using content.

Related issues 1 (1 open — 0 closed)

History
Property changes

VJ Updated by Victor Julien 15 days ago Actions
Copy link
#1

Related to Task #8435: firewall: investigate handling of encapsulation/tunneling like GRE/VXLAN added

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Feature #8334

firewall: allow matching on packet layers

VJ Updated by Victor Julien 15 days ago Actions
Copy link
#1

Project

General

Profile

Suricata

Custom queries

Feature #8334

firewall: allow matching on packet layers

VJ Updated by Victor Julien 15 days ago ActionsCopy link #1

VJ Updated by Victor Julien 15 days ago Actions
Copy link
#1