Merge remote-tracking branch 'origin/master' into topic/seth/smb

# Conflicts: # scripts/site/local.bro
2025-10-02 14:48:21 +00:00 · 2016-06-14 15:35:05 -04:00 · 2016-06-14 15:35:05 -04:00 · 56a24bdef6
commit 56a24bdef6
parent 134d0922d5 151f9d6ced
80 changed files with 8168 additions and 458 deletions
--- a/scripts/policy/protocols/conn/mac-logging.bro
+++ b/scripts/policy/protocols/conn/mac-logging.bro
@ -0,0 +1,24 @@
+##! This script adds link-layer address (MAC) information to the connection logs
+
+@load base/protocols/conn
+
+module Conn;
+
+redef record Info += {
+	## Link-layer address of the originator, if available.
+	orig_l2_addr: string	&log &optional;
+	## Link-layer address of the responder, if available.
+	resp_l2_addr: string	&log &optional;
+};
+
+# Add the link-layer addresses to the Conn::Info structure after the connection
+# has been removed. This ensures it's only done once, and is done before the
+# connection information is written to the log.
+event connection_state_remove(c: connection)
+	{
+	if ( c$orig?$l2_addr )
+		c$conn$orig_l2_addr = c$orig$l2_addr;
+
+	if ( c$resp?$l2_addr )
+		c$conn$resp_l2_addr = c$resp$l2_addr;
+	}