[Bro-Dev] [JIRA] (BIT-854) problem with VLAN/MPLS packet dumping
Seth Hall (JIRA)
jira at bro-tracker.atlassian.net
Thu Nov 7 08:51:31 PST 2013
[ https://bro-tracker.atlassian.net/browse/BIT-854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14633#comment-14633 ]
Seth Hall commented on BIT-854:
-------------------------------
I think the real question with this is what level of support we provide to "dumping" packets in Bro? Right now it's not something we consider much or put much effort into validating that it works correctly. I'm going to remove the milestone from this because it's possible that we address the issue later either by having timemachine actually dump the packets or from further work on protocol analysis through the upcoming binpac++ integration.
> problem with VLAN/MPLS packet dumping
> -------------------------------------
>
> Key: BIT-854
> URL: https://bro-tracker.atlassian.net/browse/BIT-854
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Jon Siwek
>
> report from Carsten Langer:
> {noformat}
> By the way: you have in my opinion a problem with packet dumping. If the
> trace contains VLAN or MPLS, you strip off VLAN/MPLS and if then you
> dump the packet, then the dumped trace is missing the Ethernet header
> for these packets, while the Ethernet header is still there for packets
> which did not have VLAN/MPLS. My previous GTP-detunneling did the same
> mistake, now I have introduced a fake Ethernet header so that if the
> packet is dumped, is still has its Ethernet header.
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2-OD-01#6204)
More information about the bro-dev
mailing list