PacketAnalyzer::Geneve: Add get_options()

Allow to extract Geneve options on-demand, for example during a new_connection() event.
2025-10-02 06:38:20 +00:00 · 2025-02-14 17:50:28 -08:00 · 2025-02-14 17:50:28 -08:00 · 776c003033
commit 776c003033
parent 2dc98acd1f
16 changed files with 168 additions and 2 deletions
--- a/scripts/base/packet-protocols/geneve/main.zeek
+++ b/scripts/base/packet-protocols/geneve/main.zeek
@ -6,6 +6,18 @@ export {
 	## if you customize this, you may still want to manually ensure that
 	## :zeek:see:`likely_server_ports` also gets populated accordingly.
 	const geneve_ports: set[port] = { 6081/udp } &redef;
+
+	## A Geneve option.
+	type Option: record {
+		## The class of the option.
+		class: count;
+		## The critical bit of the type.
+		critical: bool;
+		## The type field of the option with the critical bit masked.
+		typ: count;
+		## The data field of the option.
+		data: string;
+	};
 }

 redef likely_server_ports += { geneve_ports };
@ -25,3 +37,8 @@ event zeek_init() &priority=20
 	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_GENEVE, 0x08DD, PacketAnalyzer::ANALYZER_IP);
 	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_GENEVE, 0x0806, PacketAnalyzer::ANALYZER_ARP);
 	}
+
+module GLOBAL;
+
+type geneve_options_vec: vector of PacketAnalyzer::Geneve::Option;
+type geneve_options_vec_vec: vector of geneve_options_vec;