secubox-openwrt

History

CyberMind-FR fccac11148 docs: Add Dual-Stream DPI Architecture specification Comprehensive architecture for parallel traffic analysis: Stream 1 (MITM): - HAProxy + mitmproxy with SSL termination - Double buffer for async replay analysis - WAF rules + CrowdSec integration Stream 2 (TAP/Passive): - tc mirred port mirroring - netifyd/nDPI flow classification - Zero latency, metadata-only analysis Correlation Engine: - Match MITM events with DPI flows - Unified threat analytics - Context enrichment for alerts Includes: - Package structure for secubox-dpi-dual - UCI configuration schema - CLI tool specification - Integration points (LuCI, Streamlit, API) - 4-phase implementation plan Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-15 12:02:15 +01:00
..
secubox	docs: Add Dual-Stream DPI Architecture specification	2026-03-15 12:02:15 +01:00

CyberMind-FR fccac11148 docs: Add Dual-Stream DPI Architecture specification

Comprehensive architecture for parallel traffic analysis:

Stream 1 (MITM):
- HAProxy + mitmproxy with SSL termination
- Double buffer for async replay analysis
- WAF rules + CrowdSec integration

Stream 2 (TAP/Passive):
- tc mirred port mirroring
- netifyd/nDPI flow classification
- Zero latency, metadata-only analysis

Correlation Engine:
- Match MITM events with DPI flows
- Unified threat analytics
- Context enrichment for alerts

Includes:
- Package structure for secubox-dpi-dual
- UCI configuration schema
- CLI tool specification
- Integration points (LuCI, Streamlit, API)
- 4-phase implementation plan

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-03-15 12:02:15 +01:00

secubox

docs: Add Dual-Stream DPI Architecture specification

2026-03-15 12:02:15 +01:00