That does indeed seem relevant. VXLAN are unpacked and the inner packet is put in a ‘fake’ packet in Suricata’s internal processing. It may loose the info of the original interface.
That does indeed seem relevant. VXLAN are unpacked and the inner packet is put in a ‘fake’ packet in Suricata’s internal processing. It may loose the info of the original interface.