Add MAC addresses to connection record.

c$eth_src and c$eth_dst now contain the Ethernet address if available. A new script protocols/conn/mac-logging.bro adds these to conn.log when loaded.
2025-10-14 20:48:21 +00:00 · 2016-05-29 13:27:21 -07:00 · 2016-05-29 13:27:21 -07:00 · 57aef6d49f
commit 57aef6d49f
parent 35686fb93a
20 changed files with 486 additions and 321 deletions
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@ -365,11 +365,19 @@ type connection: record {
 	## handled and reassigns this field to the new encapsulation.
 	tunnel: EncapsulatingConnVector &optional;

-	## The outer VLAN, if applicable, for this connection.
+	## The outer VLAN, if applicable for this connection.
 	vlan: int &optional;

-	## The inner VLAN, if applicable, for this connection.
+	## The inner VLAN, if applicable for this connection.
 	inner_vlan: int &optional;
+
+	## The Ethernet MAC source addrees, if applicable for this connection.
+        ## The address is derived from the connection's first packet.
+	eth_src: string &optional;
+
+	## The destination Ethernet MAC addrees, if applicable for this connection.
+        ## The address is derived from the connection's first packet.
+	eth_dst: string &optional;
 };

 ## Default amount of time a file can be inactive before the file analysis