[Oisf-users] Reg Decoder Vlan Unknown Type
Victor Julien
lists at inliniac.net
Fri May 13 14:57:27 UTC 2016
On 13-05-16 16:55, Murali Kandula wrote:
> I am observing the stat decoder.vlan.unknown_type gets incrementing to
> huge value. Regarding this stat I have some questions:
>
> 1) Why the suricata is failed to decode those vlans?
Decoding of these types is simply not yet implemented.
> 2) Does that mean suricata will not process those packets?
Not fully, no.
> 3) Will this count increment results in any kind of issues regarding the
> extraction?.
That is certainly possible.
If you can share a pcap with this traffic I'll have a look at adding
support for the type(s).
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list