Dear Suricata Team,
Thank you for your continued work on this excellent tool. I have a feature request related to using DPDK in IPS mode. Specifically, I’d like to propose adding support for configuring the destination MAC address (dst_mac) when sending TCP reset packets.
Background
In our use case, it is essential to modify the destination MAC address for reset packets to a specified value to ensure they are routed correctly in certain network topologies. Without this feature, the reset packets might not reach their intended destination due to network device requirements or specialized routing setups.
Snort Implementation
I noticed that Snort provides this functionality in its active configuration. Here’s an example from their documentation:
active = {
attempts = 2,
device = “eth0”,
dst_mac = “00:06:76:DD:5F:E3”,
}
This allows users to specify the dst_mac value, ensuring better control over the reset packets’ behavior in various scenarios.
Questions
Does Suricata currently support similar functionality in DPDK IPS mode? If so, how can it be configured?
If this feature is not available, would it be possible to consider adding it in a future release? I believe this could be a valuable addition for users who require fine-grained control over their active response mechanisms.
Thank you for taking the time to consider this request. Please let me know if additional details or use cases would help clarify this need.
Best regards,
Blank