From 7502ba7f2d76d597b5ead836e97416cfd89f696d Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Thu, 10 Apr 2025 15:18:14 -0700
Subject: [PATCH] Use conntuple builder's FillConnIdVal() in
 Connection::GetVal()

This allows tuple builders to complete conn_id instances in implementations that
redef that record. We could be more invasive here and shift most of GetVal() into
the five-tuple builder implementation.
---
 src/Conn.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/Conn.cc b/src/Conn.cc
index 4f386529d8..dc05b00dc3 100644
--- a/src/Conn.cc
+++ b/src/Conn.cc
@@ -17,6 +17,7 @@
 #include "zeek/analyzer/Analyzer.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/protocol/pia/PIA.h"
+#include "zeek/conntuple/Manager.h"
 #include "zeek/iosource/IOSource.h"
 #include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
 #include "zeek/packet_analysis/protocol/tcp/TCP.h"
@@ -202,6 +203,9 @@ const RecordValPtr& Connection::GetVal() {
         id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type));
         id_val->Assign(4, KeyProto());
 
+        // Allow the connection tuple builder to augment the conn_id.
+        zeek::conntuple_mgr->GetBuilder().FillConnIdVal(key, id_val);
+
         auto orig_endp = make_intrusive<RecordVal>(id::endpoint);
         orig_endp->Assign(0, 0);
         orig_endp->Assign(1, 0);