[Oisf-users] MPLS Support

Adnan Baykal abaykal at gmail.com
Fri Jul 18 16:04:03 UTC 2014 

absolutely - as long as it does not change the current functionality,
that is fine. push it out :)

are you planning to add counters etc.. in the future?


On Fri, Jul 18, 2014 at 12:01 PM, Jason Ish <lists at unx.ca> wrote:
> Adnan,
>
> Great to hear.  I've updated MPLS support to handle encapsulated
> ethernet as well, if you are using that. For testing purposes, I'd
> rebase the patch against 2.0.2 if you are interested.  Just let me
> know.
>
> Jason
>
> On Wed, Jul 16, 2014 at 11:29 AM, Adnan Baykal <abaykal at gmail.com> wrote:
>> Jason,
>>
>> this is working fine. it is generating alerts and is analyzing the
>> http streams. I also verified that http.log is seeing ton of entries.
>>
>> Thank you very much for you assistance.
>>
>> On Tue, Jul 15, 2014 at 5:18 PM, Matt Carothers <matt at somedamn.com> wrote:
>>> You may (or may not) find this helpful as a starting point.  It's a patch to
>>> strip MPLS headers from packets, so Suricata will at least function in an
>>> MPLS environment.
>>>
>>> Caveat: it doesn't work correctly on MPLS VPNs where multiple ethernet
>>> frames are encapsulated into a single MPLS-tagged frame.
>>>
>>> Matt
>>>
>>>
>>> On 7/15/2014 12:23 PM, Jason Ish wrote:
>>>>
>>>> Hi Adnan,
>>>>
>>>> I can take a look at decoding MPLS traffic.  Will update update you
>>>> when I have something usable.
>>>>
>>>> Jason
>>>>
>>>> On Mon, Jul 14, 2014 at 1:48 PM, Adnan Baykal <abaykal at gmail.com> wrote:
>>>>>
>>>>> are there any plans in the future to support MPLS in suricata? latest
>>>>> discussions I can find are from 2011 and did not see anything since
>>>>> then on the net.
>>>>>
>>>>> Thanks
>>>>> _______________________________________________
>>>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>>>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>>>>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>>> OISF: http://www.openinfosecfoundation.org/
>>>>
>>>> _______________________________________________
>>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>>>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>> OISF: http://www.openinfosecfoundation.org/
>>>>
>>>

More information about the Oisf-users mailing list