Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

init-bare: Add conn_id_ctx to conn_id

Browse source 
This nested record can be used to discriminate orig_h or resp_h being
observed in different "contexts". A context can be based on VLAN tags,
but any custom ConnKey implementation should populate the ctx field,
allowing to write context-aware Zeek scripts without needing to know
what the context really is.
This commit is contained in:
Arne Welzel 2025-06-27 12:49:51 +02:00
parent 5847a2d32e
commit 25fc4d5d98
3 changed files with 16 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
testing/btest/Baseline/coverage.record-fields/out.bare
View file

@ -6,6 +6,9 @@ connection {
* history: string, log=F, optional=F
* id: record conn_id, log=F, optional=F
conn_id {
* ctx: record conn_id_ctx, log=T, optional=T
conn_id_ctx {
}
* orig_h: addr, log=T, optional=F
* orig_p: port, log=T, optional=F
* proto: count, log=F, optional=T