Cannot decapsulate GRE tunnels.

[systemxcom]

Is there a flag in nDPId to enable tunnels, like GRE, to be decapsulated? Or have we missed this in the documentation.

[utoni]

Nope, GRE tunnel dissection is currently not supported. But I'll add this feature ASAP.

[systemxcom]

Thank you for a great capability.

[utoni]

Hey @systemxcom, please try PR #55 and give me some feedback.
I won't merge it now, because some additional tests (as PCAP files) are needed.
Those will most likely get merged in upstream nDPI as the code is pretty similar related to GRE decoding.

[systemxcom]

Thank you Utoni! Will test right away and provide feedback.

[systemxcom]

Hi @utoni, tested in a lab on live network traffic, (no pcap). Working as expected. Will test at scale on this coming Monday. I see there is no -flag necessary and it decapsulates all identified GRE tunnels. At some point may want to add a -tunnel flag so operators can have the option not to decapsulate when monitoring complex environments. Great work and I will get you additional feedback if anything material crops up. Thank you for your hard work.

[utoni]

Hey @systemxcom,
there will be some additions to this PR i.e. adding -t to enable tunnel decoding.
Appreciated & You're welcome! 😸

[utoni]

-t as command line parameter added, decode-tunnel= as configuration option

PR #55 is now complete and will only get bug fixes before merging.
I'll start with long-term tests. Please do the same on your side. 😃

[systemxcom]

Will have testing feedback Thursday, this week.