Merge remote-tracking branch 'origin/topic/johanna/gh-3242'

* origin/topic/johanna/gh-3242: Community-id: load main script in notice script, fix notice script
2025-10-02 06:38:20 +00:00 · 2023-08-23 12:31:16 +01:00 · 2023-08-23 12:31:16 +01:00 · 70c76977cf
commit 70c76977cf
parent e8292be0ce 4156c4764a
6 changed files with 28 additions and 10 deletions
--- a/16
+++ b/16
@ -1,3 +1,19 @@
+6.1.0-dev.312 | 2023-08-23 12:31:16 +0100
+
+  * Community-id: load main script in notice script, fix notice script (Johanna Amann, Corelight)
+
+    This change makes the community-id script that adds the community id to
+    notice.log automatically load the main script if this was not already
+    loaded.
+
+    In the past, the script just did not perform any action if the main
+    script was not loaded.
+
+    This change also makes the notice script respect the seed/base64
+    settings that were set in the main script.
+
+    Fixes GH-3242
+
 6.1.0-dev.310 | 2023-08-22 14:59:28 +0200

  * GH-3218/GH-3219: Spicy: Extend functionality of `export` in EVT
--- a/5
+++ b/5
@ -69,6 +69,11 @@ Changed Functionality
  values set in a ``new_connection()`` handler. A new ``connection_flipped()``
  event is added to allow updating custom state in script-land.

+- Loading ``policy/frameworks/notice/community-id.zeek`` now also automatically
+  community ID logging. In the past, loading the script had no effect unless
+  ``policy/protocols/conn/community-id-logging.zeek`` was loaded before. This
+  was fairly unusual and hard to debug behavior.
+
 Removed Functionality
 ---------------------

--- a/2
+++ b/2
@ -1 +1 @@
-6.1.0-dev.310
+6.1.0-dev.312
--- a/scripts/policy/frameworks/notice/community-id.zeek
+++ b/scripts/policy/frameworks/notice/community-id.zeek
@ -1,11 +1,9 @@
-# Source this script in addition to protocols/conn/community-id
-# to add Community ID to notices.
+# Source this script to add Community ID to notices.
+# This script will automatically load the main community-id script.

-# Only support loading this if the main script is also loaded.
@load base/protocols/conn
@load base/frameworks/notice
-
-@ifdef ( CommunityID::seed )
+@load policy/protocols/conn/community-id-logging

 module CommunityID::Notice;

@ -23,6 +21,5 @@ export {
 hook Notice::notice(n: Notice::Info)
 	{
 	if ( CommunityID::Notice::enabled && n?$conn )
-		n$community_id = community_id_v1(n$conn$id);
+		n$community_id = community_id_v1(n$conn$id, CommunityID::seed, CommunityID::do_base64);
 	}
-@endif
--- a/testing/external/commit-hash.zeek-testing
+++ b/testing/external/commit-hash.zeek-testing
@ -1 +1 @@
-d59caff708b41db11fa0cbfe0b1f95b46c3e700e
+5218e6b23477a8fc21c17655c9d955fb80c7de4a
--- a/testing/external/commit-hash.zeek-testing-private
+++ b/testing/external/commit-hash.zeek-testing-private
@ -1 +1 @@
-7162c907aa25e155ea841710ef30b65afb578c3f
+4046d6322e1435851c4b17f9b6dfba63481e7e2b