[Oisf-users] MPLS Support
Adnan Baykal
abaykal at gmail.com
Wed Jul 16 17:29:02 UTC 2014
Jason,
this is working fine. it is generating alerts and is analyzing the
http streams. I also verified that http.log is seeing ton of entries.
Thank you very much for you assistance.
On Tue, Jul 15, 2014 at 5:18 PM, Matt Carothers <matt at somedamn.com> wrote:
> You may (or may not) find this helpful as a starting point. It's a patch to
> strip MPLS headers from packets, so Suricata will at least function in an
> MPLS environment.
>
> Caveat: it doesn't work correctly on MPLS VPNs where multiple ethernet
> frames are encapsulated into a single MPLS-tagged frame.
>
> Matt
>
>
> On 7/15/2014 12:23 PM, Jason Ish wrote:
>>
>> Hi Adnan,
>>
>> I can take a look at decoding MPLS traffic. Will update update you
>> when I have something usable.
>>
>> Jason
>>
>> On Mon, Jul 14, 2014 at 1:48 PM, Adnan Baykal <abaykal at gmail.com> wrote:
>>>
>>> are there any plans in the future to support MPLS in suricata? latest
>>> discussions I can find are from 2011 and did not see anything since
>>> then on the net.
>>>
>>> Thanks
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> OISF: http://www.openinfosecfoundation.org/
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>>
>
More information about the Oisf-users
mailing list