--- /dev/null
+Generic Decode Layer Keywords
+=============================
+
+decode-event
+------------
+
+Match on events generated by the decode layer. Decode events are generated during
+the packet decoding phase that indicate structural or invalid values for the
+Ethernet and layer 2 and layer 3 protocol data.
+
+Syntax::
+
+ decode-event:<event name>;
+
+Examples::
+
+ decode-event:ipv4.opt_duplicate
+ decode-event:ethernet.unknown_ethertype
+
+Decode Events
+~~~~~~~~~~~~~
+
+ethernet.unknown_ethertype
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The ethertype value was not recognized by Suricata. Suricata recognizes
+the following ethertype values::
+
+ ETHERNET_TYPE_IP
+ ETHERNET_TYPE_IPV6
+ ETHERNET_TYPE_VLAN
+ ETHERNET_TYPE_8021QINQ
+ ETHERNET_TYPE_8021AD
+ ETHERNET_TYPE_8021AH
+ ETHERNET_TYPE_ARP
+ ETHERNET_TYPE_MPLS_UNICAST
+ ETHERNET_TYPE_MPLS_MULTICAST
+ ETHERNET_TYPE_DCE
+ ETHERNET_TYPE_VNTAG
+ ETHERNET_TYPE_NSH
+ ETHERNET_TYPE_PPOE_SESS
+ ETHERNET_TYPE_PPOE_DISC
projects / thirdparty / suricata.git / commitdiff
