Fixes for community ID hashing with new proto values

src/communityid.bif

@@ -1,4 +1,5 @@
 %%{ // C segment
+#include "zeek/IP.h"
 #include "zeek/IPAddr.h"
 #include "zeek/Val.h"
 #include "zeek/digest.h"
@@ -48,9 +49,16 @@ function community_id_v1%(cid: conn_id, seed: count &default=0, do_base64: bool
                 hash_proto = IPPROTO_ICMPV6;
 
             break;
-        case TRANSPORT_UNKNOWN:
+        case TRANSPORT_UNKNOWN: {
-            emit_builtin_error("CommunityID: unknown transport layer", cid);
+            uint16_t cid_proto = static_cast<uint16_t>(cid_rec->GetFieldAs<zeek::CountVal>(4));
-            return zeek::make_intrusive<zeek::StringVal>("");
+            if ( cid_proto == zeek::UNKNOWN_IP_PROTO ) {
+                emit_builtin_error("CommunityID: unknown transport layer", cid);
+                return zeek::make_intrusive<zeek::StringVal>("");
+            }
+
+            hash_proto = static_cast<uint8_t>(cid_proto);
+            break;
+        }
         default:
             emit_builtin_error("CommunityID: unhandled transport layer", cid);
             return zeek::make_intrusive<zeek::StringVal>("");

testing/btest/Baseline/bifs.community_id.run-pcaps/sctp.pcap.out

@@ -1,2 +1,2 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-[orig_h=192.168.170.8, orig_p=0/unknown, resp_h=192.168.170.56, resp_p=0/unknown, proto=132], 
+[orig_h=192.168.170.8, orig_p=0/unknown, resp_h=192.168.170.56, resp_p=0/unknown, proto=132], 1:U5cVwrVgLshgANPmc8hKzEcqp1M=

testing/btest/Baseline/bifs.community_id.v1/.stdout

@@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

testing/btest/Baseline/bifs.community_id.v1/out

@@ -9,3 +9,5 @@ PASS: expected '1:9pr4ZGTICiuZoIh90RRYE2RyXpU=', got '1:9pr4ZGTICiuZoIh90RRYE2Ry
 PASS: expected '1:IO27GQzPuCtNnwFvjWALMHu5tJE=', got '1:IO27GQzPuCtNnwFvjWALMHu5tJE=' ([orig_h=fe80:1:203:405:607:809:a0b:c0d, orig_p=128/icmp, resp_h=fe80:1011:1213:1415:1617:1819:1a1b:1c1d, resp_p=129/icmp, proto=1], seed=1)
 PASS: expected '', got '' ([orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown, proto=65535], seed=0)
 PASS: expected '', got '' ([orig_h=fe80:1:203:405:607:809:a0b:c0d, orig_p=0/unknown, resp_h=fe80:1011:1213:1415:1617:1819:1a1b:1c1d, resp_p=0/unknown, proto=65535], seed=1)
+PASS: expected '1:yXTIO8p5F2ZhuXBcNBN8CsgCUTE=', got '1:yXTIO8p5F2ZhuXBcNBN8CsgCUTE=' ([orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown, proto=10], seed=0)
+PASS: expected '1:OrvlNyNZWyubXHIUHR/w18b5im8=', got '1:OrvlNyNZWyubXHIUHR/w18b5im8=' ([orig_h=fe80:1:203:405:607:809:a0b:c0d, orig_p=0/unknown, resp_h=fe80:1011:1213:1415:1617:1819:1a1b:1c1d, resp_p=0/unknown, proto=10], seed=1)

testing/btest/bifs/community_id/v1.zeek

@@ -1,5 +1,6 @@
 # @TEST-EXEC: zeek -b %INPUT >out
 # @TEST-EXEC: btest-diff out
+# @TEST-EXEC: btest-diff .stdout
 
 function test_it(cid: conn_id, seed: count, expected: string)
 	{
@@ -26,4 +27,9 @@ event zeek_init()
 	test_it([$orig_h=1.2.3.4, $orig_p=0/unknown, $resp_h=5.6.7.8, $resp_p=0/unknown], 0, "");
 	test_it([$orig_h=[fe80:0001:0203:0405:0607:0809:0A0B:0C0D], $orig_p=0/unknown,
 	         $resp_h=[fe80:1011:1213:1415:1617:1819:1A1B:1C1D], $resp_p=0/unknown], 1, "");
+
+	# Test with some unknown-but-valid proto values.
+	test_it([$orig_h=1.2.3.4, $orig_p=0/unknown, $resp_h=5.6.7.8, $resp_p=0/unknown, $proto=10], 0, "1:yXTIO8p5F2ZhuXBcNBN8CsgCUTE=");
+	test_it([$orig_h=[fe80:0001:0203:0405:0607:0809:0A0B:0C0D], $orig_p=0/unknown,
+	         $resp_h=[fe80:1011:1213:1415:1617:1819:1A1B:1C1D], $resp_p=0/unknown, $proto=10], 1, "1:OrvlNyNZWyubXHIUHR/w18b5im8=");
 	}