mirror of
https://github.com/zeek/zeek.git
synced 2025-10-15 21:18:20 +00:00
Merge remote-tracking branch 'origin/topic/awelzel/4605-conn-id-context'
* origin/topic/awelzel/4605-conn-id-context:
NEWS: Adapt for conn_id$ctx introduction
conn_key/fivetuple: Drop support for non conn_id records
Conn: Move conn_id init and flip to IPBasedConnKey
IPBasedConnKey: Add GetTransportProto() helper
input/Manager: Ignore empty record types
external: Bump commit hashes for external suites
ip/vlan_fivetuple: Populate nested conn_id_context, not conn_id
ConnKey: Extend DoPopulateConnIdVal() with ctx
btest: Update tests and baselines after adding ctx to conn_id
init-bare: Add conn_id_ctx to conn_id
(cherry picked from commit 388cbcee48
)
This commit is contained in:
parent
13b79ecb74
commit
64aa5e3025
274 changed files with 97157 additions and 96446 deletions
|
@ -203,6 +203,15 @@ type transport_proto: enum {
|
|||
icmp ##< ICMP.
|
||||
};
|
||||
|
||||
## A record type containing the context of a conn_id instance.
|
||||
##
|
||||
## This context is used to discriminate between :zeek:see:`conn_id` instances
|
||||
## with identical five tuples, but not otherwise related due to, e.g. being observed
|
||||
## on different VLANs, or within independent tunnel connections like VXLAN or Geneve.
|
||||
##
|
||||
## This record type is meant to be extended by custom ConnKey implementations.
|
||||
type conn_id_ctx: record { };
|
||||
|
||||
## A connection's identifying 4-tuple of endpoints and ports.
|
||||
##
|
||||
## .. note:: It's actually a 5-tuple: the transport-layer protocol is stored as
|
||||
|
@ -213,11 +222,12 @@ type transport_proto: enum {
|
|||
## see :ref:`the manual's description of the connection record
|
||||
## <writing-scripts-connection-record>`.
|
||||
type conn_id: record {
|
||||
orig_h: addr; ##< The originator's IP address.
|
||||
orig_p: port; ##< The originator's port number.
|
||||
resp_h: addr; ##< The responder's IP address.
|
||||
resp_p: port; ##< The responder's port number.
|
||||
} &log;
|
||||
orig_h: addr &log; ##< The originator's IP address.
|
||||
orig_p: port &log; ##< The originator's port number.
|
||||
resp_h: addr &log; ##< The responder's IP address.
|
||||
resp_p: port &log; ##< The responder's port number.
|
||||
ctx: conn_id_ctx &log &default=conn_id_ctx(); ##< The context in which this connection exists.
|
||||
};
|
||||
|
||||
## The identifying 4-tuple of a uni-directional flow.
|
||||
##
|
||||
|
|
|
@ -3,12 +3,11 @@
|
|||
##! lookups; this change makes it factor them in and also makes those VLAN tags
|
||||
##! part of the :zeek:see:`conn_id` record.
|
||||
|
||||
redef record conn_id += {
|
||||
redef record conn_id_ctx += {
|
||||
## The outer VLAN for this connection, if applicable.
|
||||
vlan: int &log &optional;
|
||||
|
||||
vlan: int &log &optional;
|
||||
## The inner VLAN for this connection, if applicable.
|
||||
inner_vlan: int &log &optional;
|
||||
inner_vlan: int &log &optional;
|
||||
};
|
||||
|
||||
redef ConnKey::factory = ConnKey::CONNKEY_VLAN_FIVETUPLE;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue