Project

General

Profile

Actions
Copy link

Bug #2478

open

PCAP logging does not include 802.1q header when using af-packet

Added by Paul Bakoyiannis over 6 years ago. Updated over 1 year ago.

Status:
Feedback
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:
Protocol

Description

PCAP files created while using af-packet v2/3 on tagged traffic do not include the vlan header. This is because the header is removed by the kernel and passed to us in an auxiliary data structure.

Related issues 2 (1 open1 closed)

Related to Suricata - Bug #1780: VLAN tags not forwarded in afpacket inline modeClosedEric Leblond05/06/2016Actions
Related to Suricata - Bug #2934: VLAN tags stripped when saving pcap logNewOISF DevActions
Actions
Copy link
 #1

Updated by Andreas Herz over 6 years ago

  • Target version set to TBD
Actions
Copy link
 #2

Updated by Victor Julien over 5 years ago

Similar to the AF_PACKET IPS mode we could forge the header back into the packet before it's written to disk.

Actions
Copy link
 #3

Updated by Andreas Herz over 5 years ago

  • Related to Bug #1780: VLAN tags not forwarded in afpacket inline mode added
Actions
Copy link
 #4

Updated by Andreas Herz over 5 years ago

  • Related to Bug #2934: VLAN tags stripped when saving pcap log added
Actions
Copy link
 #5

Updated by Victor Julien about 5 years ago

  • Status changed from New to Feedback

Paul, are you planning to submit a PR for this?

Actions
Copy link
 #6

Updated by Victor Julien almost 5 years ago

  • Label Protocol added
Actions
Copy link
 #7

Updated by Victor Julien over 1 year ago

  • Assignee changed from Paul Bakoyiannis to OISF Dev
Actions
Copy link

Also available in: Atom PDF