Documenting tunnel decapsulation.

Haven't tested the autodoc output yet.

scripts/base/bro.init

@@ -83,8 +83,14 @@ type AnalyzerID: count;
 
 module Tunnel;
 export {
+	## Records the identity of a the parent of a tunneled connection. 
 	type parent_t: record {
+		## The 4-tuple of the tunnel "connection". In case of an IP-in-IP
+		## tunnel the ports will be set to 0. The direction (i.e., orig and
+		## resp) of the parent are set according to the tunneled connection
+		## and not according to the side that established the tunnel. 
 		cid: conn_id;
+		## The type of tunnel.
 		tunnel_type: tunneltype_t;
 	} &log;
 } # end export
@@ -1495,20 +1501,21 @@ const parse_udp_tunnels = F &redef;
 
 module Tunnel;
 export {
-	# Whether to decapsulate IP tunnels (IPinIP, 6in4, 6to4)
+	## Whether to decapsulate IP tunnels (IPinIP, 6in4, 6to4)
 	const decapsulate_ip = F &redef;
 
-	# Whether to decapsulate URDP tunnels (e.g., Teredo, IPv4 in UDP)
+	## Whether to decapsulate URDP tunnels (e.g., Teredo, IPv4 in UDP)
 	const decapsulate_udp = F &redef;
 
-	# If decapsulating UDP: the set of ports for which to do so
+	## If decapsulating UDP: the set of ports for which to do so. 
+	## Can be overridden by :bro:id:`Tunnel::udp_tunnel_allports`
 	const udp_tunnel_ports: set[port] = { 
 		3544/udp,    # Teredo 
 		5072/udp,    # AYIAY
 	} &redef;
 
-	# If udp_tunnel_allports is T udp_tunnel_ports is ignored and we
-	# check every UDP packet for tunnels. 
+	## If udp_tunnel_allports is T :bro:id:`udp_tunnel_ports` is ignored and we
+	## check every UDP packet for tunnels. 
 	const udp_tunnel_allports = F &redef;
 } # end export
 module GLOBAL;