Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 23:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Add MAC addresses to connection record.

Browse source 
c$eth_src and c$eth_dst now contain the Ethernet address if available.
A new script protocols/conn/mac-logging.bro adds these to conn.log
when loaded.
This commit is contained in:
Robin Sommer 2016-05-29 13:27:21 -07:00
parent 35686fb93a
commit 57aef6d49f
20 changed files with 486 additions and 321 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/iosource/Packet.cc
View file

@ -44,6 +44,8 @@ void Packet::Init(int arg_link_type, struct timeval *arg_ts, uint32 arg_caplen,
eth_type = 0;
vlan = 0;
inner_vlan = 0;
bzero(eth_src, sizeof(eth_src));
bzero(eth_dst, sizeof(eth_dst));
l2_valid = false;
@ -136,8 +138,12 @@ void Packet::ProcessLayer2()
{
// Get protocol being carried from the ethernet frame.
int protocol = (pdata[12] << 8) + pdata[13];
pdata += GetLinkHeaderSize(link_type);
eth_type = protocol;
memcpy(eth_dst, pdata, 6);
memcpy(eth_src, pdata + 6, 6);
pdata += GetLinkHeaderSize(link_type);
switch ( protocol )
{