Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Baseline/core.tunnels.max-depth/conn.log.cut
Arne Welzel fddbdf6232 init-bare: Default Tunnel::max_depth to 4 
In AWS GLB environments, the max_depth of 2 is easily reached due to packets
being encapsulated with GENEVE and VXLAN [1]. Any additional encapsulation
layer causes Zeek raise a weird and ignore the inner traffic. Bump the default
maximum depth to 4, while not common it's not unusual either to observe
this in the wild.

[1] https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-packet-formats.html

Closes #3439
2024-01-11 10:22:36 +01:00

6 lines
475 B
Text
Raw Blame History

### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
uid id.orig_h id.resp_p id.resp_h id.resp_p proto history service tunnel_parents
CtPZjS20MLrsMUOJi2 4.4.4.4 53 4.4.4.9 53 udp D dns C4J4Th3PJpwUYZZ6gc
CHhAvVGS1DHFjwGM9 1.1.1.1 4789 1.1.1.9 4789 udp D vxlan -
ClEkJM2Vm5giqnMf4h 2.2.2.2 4789 2.2.2.9 4789 udp D vxlan CHhAvVGS1DHFjwGM9
C4J4Th3PJpwUYZZ6gc 3.3.3.3 4789 3.3.3.9 4789 udp D vxlan ClEkJM2Vm5giqnMf4h
Reference in a new issue View git blame Copy permalink