Project

General

Profile

Actions

Feature #3953

open

8021BR E packet decoder

Added by Shivani Bhardwaj over 4 years ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Target version:
Effort:
low
Difficulty:
low
Label:
Beginner, C, Protocol

Description

Add packet decoder for 802.1BR E-tag. See the pcaps attached to the ticket. You can use setup/setup-decoder.sh to bootstrap a new packet decoder. The minimal functionality should be that the decoder gets called when the ethernet header has a ethertype indicating this header type (see DecodeNetworkLayer, and then the header should be decoded to find the next ethertype, for which the correct packet decoder should be called as well then.

Wireshark is a useful tool to inspect the pcaps and see how the headers are aranged.

As part of this ticket Suricata-Verify tests should be created using both pcaps.


Files

802.1BR-Etag-example2.pcap (116 Bytes) 802.1BR-Etag-example2.pcap Victor Julien, 10/26/2020 06:57 AM
802.1BR-Etag-example.pcap (108 Bytes) 802.1BR-Etag-example.pcap Victor Julien, 10/26/2020 06:57 AM
Actions

Also available in: Atom PDF