suricata
suricata copied to clipboard
OISF
eve: revert ethernet addresses when needed
Update of #9651 fixing the formatting.
EVE logging has a direction parameter that can cause the logging of an application layer to be done in a direction that is not linked to the packet. As a result the source IP addres could be assigned the MAC address of the destination IP and reverse.
This patch addresses this by propagating the direction to the ethernet logging function and using it there to define the correct mapping.
Issue #6405
Make sure these boxes are signed before submitting your Pull Request -- thank you.
- [x] I have read the contributing guide lines at https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html
- [x] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/ (note: this is only required once)
- [x] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/6405
Describe changes:
- Fix formatting
- Rebase on master
Provide values to any of the below to override the defaults.
SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1667
It looks like netflow events need a fix. Setting to draft for now.
Humm suricata-verify needs an update in fact.
Information:
ERROR: QA failed on SURI_TLPW2_autofp_suri_time.
| field | baseline | test | % |
|---|---|---|---|
| SURI_TLPW2_autofp_stats_chk | |||
| .uptime | 101 | 112 | 110.89% |
Pipeline 18725
