Tzsp protocol support

Curious to know if there’s any direction or movement in allowing suricata to handle the tzsp protocol, my use case is mikrotik packet sniffing to forward packets on to another machine to handle the suricata ids/ips.
As far as I can see, suricata mutually exclusively, handles the case of listening on eth0 or read from the generated pcap that contains the tzsp protocol data. Is there a developer guide to be able to add a protocol handler for tzsp. Looking at the guide, yields a 404.

Would you have a pcap to share ?

1 Like