mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 17:48:21 +00:00
add local_resp to Conn Info
allow user to differentiate between local -> local and local -> remote connections
This commit is contained in:
Mike Smiley
parent
4bcb9d2d92
commit
a1d49e791e
1 changed files with 9 additions and 0 deletions
|
|
@ -62,6 +62,12 @@ export {
|
||||||
## field will be left empty at all times.
|
## field will be left empty at all times.
|
||||||
local_orig: bool &log &optional;
|
local_orig: bool &log &optional;
|
||||||
|
|
||||||
|
## If the connection is responded to locally, this value will be T.
|
||||||
|
## If it was responded to remotely it will be F. In the case that
|
||||||
|
## the :bro:id:`Site::local_nets` variable is undefined, this
|
||||||
|
## field will be left empty at all times.
|
||||||
|
local_resp: bool &log &optional;
|
||||||
|
|
||||||
## Indicates the number of bytes missed in content gaps, which
|
## Indicates the number of bytes missed in content gaps, which
|
||||||
## is representative of packet loss. A value other than zero
|
## is representative of packet loss. A value other than zero
|
||||||
## will normally cause protocol analysis to fail but some
|
## will normally cause protocol analysis to fail but some
|
||||||
|
|
@ -201,7 +207,10 @@ function set_conn(c: connection, eoc: bool)
|
||||||
add c$conn$tunnel_parents[c$tunnel[|c$tunnel|-1]$uid];
|
add c$conn$tunnel_parents[c$tunnel[|c$tunnel|-1]$uid];
|
||||||
c$conn$proto=get_port_transport_proto(c$id$resp_p);
|
c$conn$proto=get_port_transport_proto(c$id$resp_p);
|
||||||
if( |Site::local_nets| > 0 )
|
if( |Site::local_nets| > 0 )
|
||||||
|
{
|
||||||
c$conn$local_orig=Site::is_local_addr(c$id$orig_h);
|
c$conn$local_orig=Site::is_local_addr(c$id$orig_h);
|
||||||
|
c$conn$local_resp=Site::is_local_addr(c$id$resp_h);
|
||||||
|
}
|
||||||
|
|
||||||
if ( eoc )
|
if ( eoc )
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue