Add Teredo packet analyzer, disable old analyzer

2025-10-02 06:38:20 +00:00 · 2021-08-27 14:49:15 -07:00 · 2021-08-27 14:49:15 -07:00 · dc0ecf9811
commit dc0ecf9811
parent 05574ecce1
25 changed files with 683 additions and 91 deletions
--- a/scripts/base/frameworks/tunnels/main.zeek
+++ b/scripts/base/frameworks/tunnels/main.zeek
@ -90,15 +90,13 @@ export {
 	global finalize_tunnel: Conn::RemovalHook;
 }

-const teredo_ports = { 3544/udp };
 const gtpv1_ports = { 2152/udp, 2123/udp };
-redef likely_server_ports += { teredo_ports, gtpv1_ports };
+redef likely_server_ports += { gtpv1_ports };

 event zeek_init() &priority=5
 	{
 	Log::create_stream(Tunnel::LOG, [$columns=Info, $path="tunnel", $policy=log_policy]);

-	Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, teredo_ports);
 	Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, gtpv1_ports);
 	}