policy/community-id: Populate conn$community_id in new_connection()

This wasn't possible before #3028 was fixed, but now it's safe to set
the value in new_connection() and allow other users access to the
field much earlier. We do not have to deal with connection_flipped()
because the community-id hash is symmetric.

scripts/policy/frameworks/notice/community-id.zeek

@@ -20,6 +20,12 @@ export {
 
 hook Notice::notice(n: Notice::Info)
 	{
-	if ( CommunityID::Notice::enabled && n?$conn )
+	if ( CommunityID::Notice::enabled && n?$conn && n$conn?$conn )
-		n$community_id = community_id_v1(n$conn$id, CommunityID::seed, CommunityID::do_base64);
+		{
+		local info = n$conn$conn;
+		# This is set during new_connection(), so it should
+		# always be there, but better safe than sorry.
+		if ( info?$community_id )
+			n$community_id = info$community_id;
+		}
 	}

scripts/policy/protocols/conn/community-id-logging.zeek

@@ -17,7 +17,10 @@ export {
 	};
 }
 
-event connection_state_remove(c: connection)
+module Conn;
+
+event new_connection(c: connection) &priority=5
 	{
+	Conn::set_conn(c, F);  # likely first to access :-/
 	c$conn$community_id = community_id_v1(c$id, CommunityID::seed, CommunityID::do_base64);
 	}

testing/btest/Baseline/scripts.policy.frameworks.notice.community-id/notice.log.cut

@@ -1,3 +1,4 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 -	-	-	-	-	-	COMMUNITY_ID_INIT	Zeek initializing
+141.142.228.5	59856	192.150.187.43	80	tcp	1:yvyB8h+3dnggTZW0UEITWCst97w=	COMMUNITY_ID_NEW_CONNECTION	New connection
 141.142.228.5	59856	192.150.187.43	80	tcp	1:yvyB8h+3dnggTZW0UEITWCst97w=	COMMUNITY_ID_CONN_ESTABLISHED	Connection establishment

testing/btest/Baseline/scripts.policy.protocols.conn.community-id-logging-flipped/conn.log.cut

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+141.142.228.5	59856	192.150.187.43	80	tcp	-	1:yvyB8h+3dnggTZW0UEITWCst97w=

testing/btest/Baseline/scripts.policy.protocols.conn.community-id-logging-flipped/out

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+new_connection, CHhAvVGS1DHFjwGM9, 1:yvyB8h+3dnggTZW0UEITWCst97w=

testing/btest/scripts/policy/frameworks/notice/community-id.zeek

@@ -13,6 +13,7 @@
 redef enum Notice::Type += {
 	COMMUNITY_ID_INIT,
 	COMMUNITY_ID_CONN_ESTABLISHED,
+	COMMUNITY_ID_NEW_CONNECTION,
 };
 
 event zeek_init()
@@ -22,6 +23,14 @@ event zeek_init()
 	        $msg="Zeek initializing"]);
 	}
 
+event new_connection(c: connection)
+	{
+	# A notice with connection context
+	NOTICE([$note=COMMUNITY_ID_NEW_CONNECTION,
+	        $msg="New connection",
+	        $conn=c]);
+	}
+
 event connection_established(c: connection)
 	{
 	# A notice with connection context

testing/btest/scripts/policy/protocols/conn/community-id-logging-flipped.zeek

@@ -0,0 +1,13 @@
+# @TEST-DOC: Ensure community_id is logged even if the connection is flipped.
+
+# @TEST-EXEC: zeek -b -r $TRACES/tcp/handshake-reorder.trace %INPUT >out
+# @TEST-EXEC: zeek-cut id.orig_h id.orig_p id.resp_h id.resp_p proto service community_id < conn.log > conn.log.cut
+# @TEST-EXEC: btest-diff out
+# @TEST-EXEC: btest-diff conn.log.cut
+
+@load protocols/conn/community-id-logging
+
+event new_connection(c: connection)
+	{
+	print "new_connection", c$uid, c$conn$community_id;
+	}