Add policy script to remove ip_proto field, rename protocol naming script

scripts/policy/protocols/conn/disable-unknown-ip-proto-support.zeek

@@ -0,0 +1,11 @@
+##! This script filters the ip_proto field out of the conn.log and disables
+##! logging of connections with unknown IP protocols.
+
+@load base/protocols/conn
+@load base/frameworks/analyzer/main
+
+redef record Conn::Info$ip_proto -= { &log };
+
+event zeek_init() {
+	Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_UNKNOWN_IP_TRANSPORT);
+}

scripts/policy/protocols/conn/ip-proto-name-logging.zeek

@@ -1,4 +1,6 @@
-##! This script adds a string version of the ip_proto field
+##! This script adds a string version of the ip_proto field. It's not recommended
+##! to load this policy and the ip_proto removal policy at the same time, as
+##! conn.log will end up with useless information in the log from this field.
 
 @load base/protocols/conn
 

scripts/test-all-policy.zeek

@@ -92,10 +92,11 @@
 @load misc/trim-trace-file.zeek
 @load misc/unknown-protocols.zeek
 @load protocols/conn/community-id-logging.zeek
+@load protocols/conn/disable-unknown-ip-proto-support.zeek
+@load protocols/conn/ip-proto-name-logging.zeek
 @load protocols/conn/known-hosts.zeek
 @load protocols/conn/known-services.zeek
 @load protocols/conn/mac-logging.zeek
-@load protocols/conn/protocol-strings.zeek
 @load protocols/conn/vlan-logging.zeek
 @load protocols/conn/weirds.zeek
 #@load protocols/conn/speculative-service.zeek

testing/external/commit-hash.zeek-testing

@@ -1 +1 @@
-c36d3945546457e5791316ce34947147ba1b0342
+0ea51b29a42346c148d93d72b4d7fc7cc7ca50c2

testing/external/commit-hash.zeek-testing-private

@@ -1 +1 @@
-ef56ba5182491ec888eebaa8d4984951fdb40466
+7f8f3e6034d10b176f08a12345918e52c74ffef9