Add Teredo packet analyzer, disable old analyzer

2025-10-02 14:48:21 +00:00 · 2021-08-27 14:49:15 -07:00 · 2021-08-27 14:49:15 -07:00 · dc0ecf9811
commit dc0ecf9811
parent 05574ecce1
25 changed files with 683 additions and 91 deletions
--- a/scripts/base/protocols/tunnels/dpd.sig
+++ b/scripts/base/protocols/tunnels/dpd.sig
@ -1,8 +1,2 @@
 # Provide DPD signatures for tunneling protocols that otherwise
 # wouldn't be detected at all.
-
-signature dpd_teredo {
-  ip-proto = udp
-  payload /^(\x00\x00)|(\x00\x01)|([\x60-\x6f].{7}((\x20\x01\x00\x00)).{28})|([\x60-\x6f].{23}((\x20\x01\x00\x00))).{12}/
-  enable "teredo"
-}