gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58a51eb271
secubox-openwrt/package/secubox/secubox-dpi-dual/files/etc/config/dpi-dual
CyberMind-FR 58a51eb271 feat(dpi): Implement Phase 1 of Dual-Stream DPI architecture 
- secubox-dpi-dual package with parallel MITM + Passive TAP analysis
- TAP stream: tc mirred port mirroring to dummy interface for netifyd
- Flow collector: Stats aggregation from netifyd, cleanup, JSON output
- Correlation engine: Matches MITM WAF events with TAP flow data
- Watches CrowdSec decisions and WAF alerts for threat enrichment
- CLI: dpi-dualctl with start/stop/status/flows/threats/mirror commands
- Procd service: manages flow-collector + correlator instances
- MITM double buffer: dpi_buffer.py mitmproxy addon (Phase 2 prep)
- UCI config: dual/mitm-only/tap-only mode selection

Architecture: package/secubox/DUAL-STREAM-DPI.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-15 12:15:17 +01:00

28 lines
653 B
Plaintext
Raw Blame History

config global 'settings'
option enabled '1'
option mode 'dual'
option correlation '1'
option stats_dir '/tmp/secubox'
option flow_dir '/tmp/dpi-flows'
config mitm 'mitm'
option enabled '1'
option buffer_size '1000'
option async_analysis '1'
option replay_on_alert '1'
option buffer_dir '/tmp/dpi-buffer'
config tap 'tap'
option enabled '1'
option interface 'tap0'
option mirror_source 'eth0'
option mirror_mode 'software'
option flow_retention '300'
option netifyd_instance 'tap'
config correlation 'correlation'
option enabled '1'
option window '60'
option output '/tmp/secubox/correlated-threats.json'
option watch_crowdsec '1'
Reference in New Issue View Git Blame Copy Permalink