Add Teredo tunnel decapsulation.

Also fix header truncation check for IPv6 No Next header and add an
"ipv6_no_next" weird for such packets that aren't tunneled over Teredo
(which it calls "bubbles" and are used to create mappings in NATs).

scripts/base/frameworks/dpd/dpd.sig

@@ -156,6 +156,12 @@ signature dpd_ayiya {
   enable "ayiya"
 }
 
+signature dpd_teredo {
+  ip-proto = udp
+  payload /^(\x00\x00)|(\x00\x01)|([\x60-\x6f])/
+  enable "teredo"
+}
+
 signature dpd_socks_client {
 	ip-proto == tcp
 	# '32' is a rather arbitrary max length for the user name.

scripts/base/frameworks/tunnels/__load__.bro

@@ -1,4 +1 @@
 @load ./main
-
-const ports = { 5072/udp } &redef;
-redef dpd_config += { [ANALYZER_AYIYA] = [$ports = ports] };

scripts/base/frameworks/tunnels/main.bro

@@ -74,6 +74,14 @@ export {
 	global active: table[conn_id] of Info = table() &synchronized &read_expire=24hrs &expire_func=expire;
 }
 
+const ayiya_ports = { 5072/udp };
+redef dpd_config += { [ANALYZER_AYIYA] = [$ports = ayiya_ports] };
+
+const teredo_ports = { 3544/udp };
+redef dpd_config += { [ANALYZER_TEREDO] = [$ports = teredo_ports] };
+
+redef likely_server_ports += { ayiya_ports, teredo_ports };
+
 event bro_init() &priority=5
 	{
 	Log::create_stream(Tunnel::LOG, [$columns=Info]);