[Oisf-users] MPLS Support

Jason Ish lists at unx.ca
Fri Jul 18 16:01:29 UTC 2014


Adnan,

Great to hear.  I've updated MPLS support to handle encapsulated
ethernet as well, if you are using that. For testing purposes, I'd
rebase the patch against 2.0.2 if you are interested.  Just let me
know.

Jason

On Wed, Jul 16, 2014 at 11:29 AM, Adnan Baykal <abaykal at gmail.com> wrote:
> Jason,
>
> this is working fine. it is generating alerts and is analyzing the
> http streams. I also verified that http.log is seeing ton of entries.
>
> Thank you very much for you assistance.
>
> On Tue, Jul 15, 2014 at 5:18 PM, Matt Carothers <matt at somedamn.com> wrote:
>> You may (or may not) find this helpful as a starting point.  It's a patch to
>> strip MPLS headers from packets, so Suricata will at least function in an
>> MPLS environment.
>>
>> Caveat: it doesn't work correctly on MPLS VPNs where multiple ethernet
>> frames are encapsulated into a single MPLS-tagged frame.
>>
>> Matt
>>
>>
>> On 7/15/2014 12:23 PM, Jason Ish wrote:
>>>
>>> Hi Adnan,
>>>
>>> I can take a look at decoding MPLS traffic.  Will update update you
>>> when I have something usable.
>>>
>>> Jason
>>>
>>> On Mon, Jul 14, 2014 at 1:48 PM, Adnan Baykal <abaykal at gmail.com> wrote:
>>>>
>>>> are there any plans in the future to support MPLS in suricata? latest
>>>> discussions I can find are from 2011 and did not see anything since
>>>> then on the net.
>>>>
>>>> Thanks
>>>> _______________________________________________
>>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>>>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>> OISF: http://www.openinfosecfoundation.org/
>>>
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> OISF: http://www.openinfosecfoundation.org/
>>>
>>



More information about the Oisf-users mailing list