Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base
History
Arne Welzel fddbdf6232 init-bare: Default Tunnel::max_depth to 4 
In AWS GLB environments, the max_depth of 2 is easily reached due to packets
being encapsulated with GENEVE and VXLAN [1]. Any additional encapsulation
layer causes Zeek raise a weird and ignore the inner traffic. Bump the default
maximum depth to 4, while not common it's not unusual either to observe
this in the wild.

[1] https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-packet-formats.html

Closes #3439
2024-01-11 10:22:36 +01:00
..
files Add extract_limit_includes_missing option for file extraction 2023-09-14 12:11:42 -07:00
frameworks logging: Do not keep delay state persistent 2023-11-29 11:53:11 +01:00
misc Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
packet-protocols Add registration for GRE-over-UDP 2023-10-16 11:42:24 -07:00
protocols quic: Handle and log unhandled_version 2024-01-09 17:10:11 +01:00
utils all: Fix typos identified by typos pre-commit hook 2023-06-13 17:57:32 +02:00
init-bare.zeek init-bare: Default Tunnel::max_depth to 4 2024-01-11 10:22:36 +01:00
init-default.zeek quic: Integrate as default analyzer 2023-10-11 14:10:22 +02:00
init-frameworks-and-bifs.zeek Do not load Spicy scripts if Spicy is not available. 2023-05-16 10:21:21 +02:00
init-supervisor.zeek Establish a separate init script when using the supervisor 2021-07-08 13:12:53 -07:00