Feature #3953
Updated by Victor Julien over 3 years ago
Add packet decoder for 802.1BR E-tag. See the pcaps attached to the ticket. You can use @setup/setup-decoder.sh@ to bootstrap a new packet decoder. The minimal functionality should be that the decoder gets called when the ethernet header has a ethertype indicating this header type (see @DecodeNetworkLayer@, and then the header should be decoded to find the next ethertype, for which the correct packet decoder should be called as well then.
Wireshark is a useful tool to inspect the pcaps and see how the headers are aranged.
As part of this ticket Suricata-Verify tests should be created using both pcaps.