Tunnel documentation tweaks.

Checkpoint. Need to check cross-references once "make doc" works again.

scripts/policy/frameworks/tunnel.bro

@@ -2,7 +2,21 @@
 ##! 
 ##! Bro can decapsulate IPinIP and IPinUDP tunnels, were "IP" can be either
 ##! IPv4 or IPv6. The most common case will be decapsulating Teredo, 6to4,
-##! 6in4, and AYIAY. 
+##! 6in4, and AYIAY. When this script is loaded, decapsulation will be 
+##! enabled. "tunnel.log" will log the "parent" for each tunneled 
+##! connection. The identity (and existence) of the tunnel connection
+##! is otherwise lost. 
+##!
+##! Currently handles: 
+##!
+##!   * IP6 in IP{4,6}. (IP4 in IP is easy to add, but omitted due to lack
+##!     of test cases.
+##!   * IP{4,6} in UDP. This decapsulates e.g., standard *Teredo* packets
+##!     (without authentication or origin indicator)
+##!   * IP{4,6} in AYIAY
+##!   * Only checks for UDP tunnels on Teredo's and AYIAY's default 
+##!     ports. See :bro:id:`udp_tunnel_ports` and 
+##!     :bro:id:`udp_tunnel_allports`
 ##! 
 ##! Decapsulation happens early in a packets processing, right after IP
 ##! defragmentation but before there is a connection context. The tunnel
@@ -11,13 +25,14 @@
 ##! which is of type :bro:type:`parent_t`. 
 ##! 
 ##! *Limitation:* The decapsulated packets are not fed through the 
-##! defragmenter again. 
+##! defragmenter again and decapsulation happens only on the primary
+##! path, i.e., it's not available for the secondary path. 
 ##! 
 ##! 
 
 module Tunnel; 
 
-redef use_connection_compressor = F;
+#redef use_connection_compressor = F;
 redef Tunnel::decapsulate_ip = T;
 redef Tunnel::decapsulate_udp = T;
 redef Tunnel::udp_tunnel_allports = T;