]> git.ipfire.org Git - thirdparty/suricata-verify.git/commit
projects / thirdparty / suricata-verify.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2301045) | patch
pppoe: Add test for pppoe decoder protocol alerts
authorThomas Winter <Thomas.Winter@alliedtelesis.co.nz>
Mon, 21 Jul 2025 22:52:37 +0000 (10:52 +1200)
committerVictor Julien <victor@inliniac.net>
Mon, 8 Sep 2025 16:47:11 +0000 (18:47 +0200)
commitaac9b8f30e35b39e09b586b30a21c914cc2daa89
tree61fc796049efba59340f281178d53d721220c15ctree | snapshot
parent2301045f36d66d461043770b6db21bd219e83fd0commit | diff
pppoe: Add test for pppoe decoder protocol alerts

Suricata commit b23fa51e ("detect: fix decoder only events") fixed
decoder events to go off properly. However it was found that the pppoe
decoder was going off on valid ppp packets.
With drop rules isntead of alert rules, a ppp connection could not
be established.

The following pcap is a valid ppp connection but valid pppoe packets
are being detected as wrong_type or unsup_proto.
tests/pppoe/input.pcap [new file with mode: 0644] blob
tests/pppoe/test.rules [new file with mode: 0644] blob
tests/pppoe/test.yaml [new file with mode: 0644] blob
Mirror of https://github.com/OISF/suricata-verify.git