mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
init-bare: Default Tunnel::max_depth to 4
In AWS GLB environments, the max_depth of 2 is easily reached due to packets being encapsulated with GENEVE and VXLAN [1]. Any additional encapsulation layer causes Zeek raise a weird and ignore the inner traffic. Bump the default maximum depth to 4, while not common it's not unusual either to observe this in the wild. [1] https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-packet-formats.html Closes #3439
This commit is contained in:
Arne Welzel
parent
4c960fd7d5
commit
fddbdf6232
6 changed files with 37 additions and 1 deletions
|
|
@ -5220,7 +5220,7 @@ module Tunnel;
|
|||
export {
|
||||
## The maximum depth of a tunnel to decapsulate until giving up.
|
||||
## Setting this to zero will disable all types of tunnel decapsulation.
|
||||
const max_depth: count = 2 &redef;
|
||||
const max_depth: count = 4 &redef;
|
||||
|
||||
## With this set, the Teredo analyzer waits until it sees both sides
|
||||
## of a connection using a valid Teredo encapsulation before issuing
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue