mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Improve availability of IPv6 flow label in connection records.
Without this change, flow labeling of connections over IPv6 are only available in the per-packet types of events (e.g. new_packet) in which header fields can be inspected, but now minimal tracking of the most recent flow label is done internally and that's available per-connection for all events that use connection record arguments. Specifically, this adds a "flow_label" field to the "endpoint" record type, which is used for both the "orig" and "resp" fields of "connection" records. The new "connection_flow_label_changed" event also allows tracking of changes in flow labels: it's raised each time one direction of the connection starts using a different label.
This commit is contained in:
Jon Siwek
parent
60df9582d3
commit
5312b21d7b
9 changed files with 192 additions and 9 deletions
6
src/IP.h
6
src/IP.h
|
|
@ -524,6 +524,12 @@ public:
|
|||
int DF() const
|
||||
{ return ip4 ? ((ntohs(ip4->ip_off) & 0x4000) != 0) : 0; }
|
||||
|
||||
/**
|
||||
* Returns value of an IPv6 header's flow label field or 0 if it's IPv4.
|
||||
*/
|
||||
uint32 FlowLabel() const
|
||||
{ return ip4 ? 0 : (ntohl(ip6->ip6_flow) & 0x000fffff); }
|
||||
|
||||
/**
|
||||
* Returns number of IP headers in packet (includes IPv6 extension headers).
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue