as title, I’m wondering if these protocols are in the scope of suricata.
1 Like
It would have to be implemented, but in general it should be possible if you compare it to GRE and other lower layers that are already supported to some extent.
yeah thanks, we are just doing it now. Although I’m still not sure if it’s suitable for suricata to do it, we don’t want to touch the rule engine, but there’s no datalink layer rule keyword(such as ether compared to the ip) now.