Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

GH-1764: Update mappings for Geneve analyzer to IP4/IP6/ARP

Browse source
This commit is contained in:
Tim Wojtulewicz 2021-12-06 12:24:42 -07:00
parent f44ea32df8
commit 368dec8372
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/base/packet-protocols/geneve/main.zeek
View file

@ -19,4 +19,9 @@ event zeek_init() &priority=20
# https://datatracker.ietf.org/doc/html/draft-gross-geneve-00#section-3.4
# for details.
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_GENEVE, 0x6558, PacketAnalyzer::ANALYZER_ETHERNET);
# Some additional mappings for protocols that we already handle natively.
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_GENEVE, 0x0800, PacketAnalyzer::ANALYZER_IP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_GENEVE, 0x08DD, PacketAnalyzer::ANALYZER_IP);
PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_GENEVE, 0x0808, PacketAnalyzer::ANALYZER_ARP);
}