Add a VLAN-aware flow tuple implementation.

This is a first "real" implementation of a custom tuple, adding additional
fields over the standard five-tuple.

Includes test cases.

testing/btest/Baseline/scripts.policy.frameworks.conn_key.vlan_fivetuple-2/conn.log.cut

@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	id.vlan	id.inner_vlan	orig_pkts	resp_pkts	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	59856	192.150.187.43	80	-	-	7	7	http
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	141.142.228.5	59856	192.150.187.43	80	10	20	7	7	http
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	141.142.228.5	59856	192.150.187.43	80	42	-	7	7	http

testing/btest/Baseline/scripts.policy.frameworks.conn_key.vlan_fivetuple-3/conn.log.cut

@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p			orig_pkts	resp_pkts	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	59856	192.150.187.43	80			7	7	http
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	141.142.228.5	59856	192.150.187.43	80			7	7	http
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	141.142.228.5	59856	192.150.187.43	80			7	7	http

testing/btest/Baseline/scripts.policy.frameworks.conn_key.vlan_fivetuple-4/conn.log.cut

@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	id.vlan	id.inner_vlan	orig_pkts	resp_pkts	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	59856	192.150.187.43	80	-	-	7	7	http
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	141.142.228.5	59856	192.150.187.43	80	10	20	7	7	http
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	141.142.228.5	59856	192.150.187.43	80	42	-	7	7	http

testing/btest/Baseline/scripts.policy.frameworks.conn_key.vlan_fivetuple-5/conn.log.cut

@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	id.vlan	id.inner_vlan	orig_pkts	resp_pkts	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	59856	192.150.187.43	80	-	-	7	7	http
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	141.142.228.5	59856	192.150.187.43	80	10	20	7	7	http
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	141.142.228.5	59856	192.150.187.43	80	42	-	7	7	http

testing/btest/Baseline/scripts.policy.frameworks.conn_key.vlan_fivetuple-6/conn.log.cut

@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	id.vlan	id.inner_vlan	orig_pkts	resp_pkts	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	59856	192.150.187.43	80	-	-	7	7	http
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	141.142.228.5	59856	192.150.187.43	80	-	-	7	7	http
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	141.142.228.5	59856	192.150.187.43	80	-	-	7	7	http

testing/btest/Baseline/scripts.policy.frameworks.conn_key.vlan_fivetuple/conn.log.cut

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p			orig_pkts	resp_pkts	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	59856	192.150.187.43	80			21	21	http

testing/btest/scripts/policy/frameworks/conn_key/vlan_fivetuple.zeek

@@ -0,0 +1,56 @@
+# @TEST-DOC: Verify VLAN-aware flow tuples on colliding traffic.
+#
+# The test pcap has 3 overlapping healthy TCP connections, each with different VLAN tagging: none, one VLAN tag, two VLAN tags.
+# To create: tcprewrite --enet-vlan=add --enet-vlan-tag 20 --enet-vlan-cfi=1 --enet-vlan-pri=2 -i in.pcap -o out.pcap
+#
+# @TEST-EXEC: zeek -r $TRACES/vlan-collisions.pcap %INPUT
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p id.vlan id.inner_vlan orig_pkts resp_pkts service <conn.log >conn.log.cut
+# @TEST-EXEC: btest-diff conn.log.cut
+
+# Default operation: Zeek isn't VLAN-aware, a single conn.log entry results.
+
+# @TEST-START-NEXT
+
+# Switch to VLAN-aware flow tuples: multiple conn.log entries with full
+# information.
+
+@load frameworks/conn_key/vlan_fivetuple
+
+# @TEST-START-NEXT
+
+# Leave out the conn_id redef: Zeek still distinguishes flows so multiple
+# conn.log entries result, but conn.log doesn't show the VLAN fields.
+
+redef ConnKey::factory = ConnKey::CONNKEY_VLAN_FIVETUPLE;
+
+# @TEST-START-NEXT
+
+# Add an extra field before the VLAN ones, to throw off any fixed-offset code.
+
+redef record conn_id += {
+	foo: int &default=1;
+};
+
+@load frameworks/conn_key/vlan_fivetuple
+
+# @TEST-START-NEXT
+
+# Add the right fields, but in the wrong order. (zeek-cut obscures the difference.)
+
+redef record conn_id += {
+	inner_vlan: int      &log &optional;
+	vlan: int      &log &optional;
+};
+
+redef ConnKey::factory = ConnKey::CONNKEY_VLAN_FIVETUPLE;
+
+# @TEST-START-NEXT
+
+# Add the right fields, but with the wrong types.
+
+redef record conn_id += {
+	vlan: string      &log &optional;
+	inner_vlan: string      &log &optional;
+};
+
+redef ConnKey::factory = ConnKey::CONNKEY_VLAN_FIVETUPLE;