suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

decode/ethertype: Event on unknown ethertype

Open jlucovsky opened this issue 6 months ago • 10 comments

Continuation of #11557

Issue: 7129

Create a decode/engine event if unknown ethertypes are observed.

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7129

Describe changes:

  • Add an event created when unknown ethertypes are observed
  • Update schema with event counter
  • Add rule for event.

Updates

  • Rebase

Provide values to any of the below to override the defaults.

  • To use an LibHTP, Suricata-Verify or Suricata-Update pull request, link to the pull request in the respective _BRANCH variable.
  • Leave unused overrides blank or remove.

SV_REPO= SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1954 SU_REPO= SU_BRANCH= LIBHTP_REPO= LIBHTP_BRANCH=

jlucovsky avatar Aug 15 '24 12:08 jlucovsky