[Bro-Dev] Tunnels

[Vern Paxson]

> Almost makes me wonder if eventually we'd want to have fake IP connections similarly to the fake udp connections?

I'm not following this.  Seems we'd instead want (1) a one-time event
that identifies the presence of a tunnel, (2) regular processing (via
an analyzer chain) of the traffic inside the tunnel, and (3) a way to
tell that a give connection record (or other network event) ultimately
stems from tunneled traffic.

		Vern