mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
20 lines
842 B
Text
20 lines
842 B
Text
module PacketAnalyzer::VXLAN;
|
|
|
|
export {
|
|
# There's no indicator in the VXLAN packet header format about what the next protocol
|
|
# in the chain is. All of the documentation just lists Ethernet, so default to that.
|
|
const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_ETHERNET &redef;
|
|
|
|
## The set of UDP ports used for VXLAN traffic. Traffic using this
|
|
## UDP destination port will attempt to be decapsulated. Note that if
|
|
## if you customize this, you may still want to manually ensure that
|
|
## :zeek:see:`likely_server_ports` also gets populated accordingly.
|
|
const vxlan_ports: set[port] = { 4789/udp } &redef;
|
|
}
|
|
|
|
redef likely_server_ports += { vxlan_ports };
|
|
|
|
event zeek_init() &priority=20
|
|
{
|
|
PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, vxlan_ports);
|
|
}
|