Add VXLAN packet analyzer, disable old analyzer

2025-10-02 06:38:20 +00:00 · 2021-08-26 12:37:28 -07:00 · 2021-08-26 12:37:28 -07:00 · 05574ecce1
commit 05574ecce1
parent cbb0bcd49c
22 changed files with 194 additions and 29 deletions
--- a/scripts/base/frameworks/tunnels/main.zeek
+++ b/scripts/base/frameworks/tunnels/main.zeek
@ -92,7 +92,7 @@ export {

 const teredo_ports = { 3544/udp };
 const gtpv1_ports = { 2152/udp, 2123/udp };
-redef likely_server_ports += { teredo_ports, gtpv1_ports, vxlan_ports };
+redef likely_server_ports += { teredo_ports, gtpv1_ports };

 event zeek_init() &priority=5
 	{
@ -100,7 +100,6 @@ event zeek_init() &priority=5

 	Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, teredo_ports);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, gtpv1_ports);
-	Analyzer::register_for_ports(Analyzer::ANALYZER_VXLAN, vxlan_ports);
 	}

 function register_all(ecv: EncapsulatingConnVector)