Allow for logging of the VLAN data about a connection in conn.log

src/Conn.cc

@@ -115,7 +115,7 @@ unsigned int Connection::external_connections = 0;
 IMPLEMENT_SERIAL(Connection, SER_CONNECTION);
 
 Connection::Connection(NetSessions* s, HashKey* k, double t, const ConnID* id,
-                       uint32 flow, const EncapsulationStack* arg_encap)
+                       uint32 flow, uint32 _vlan, uint32 _inner_vlan, const EncapsulationStack* arg_encap)
 	{
 	sessions = s;
 	key = k;
@@ -131,6 +131,9 @@ Connection::Connection(NetSessions* s, HashKey* k, double t, const ConnID* id,
 	saw_first_orig_packet = 1;
 	saw_first_resp_packet = 0;
 
+	vlan = _vlan;
+	inner_vlan = _inner_vlan;
+
 	conn_val = 0;
 	login_conn = 0;
 
@@ -378,6 +381,16 @@ RecordVal* Connection::BuildConnVal()
 
 		if ( encapsulation && encapsulation->Depth() > 0 )
 			conn_val->Assign(8, encapsulation->GetVectorVal());
+
+		if (vlan != 0)
+			{
+			conn_val->Assign(9, new Val(vlan, TYPE_INT));
+			}
+
+		if (inner_vlan != 0)
+			{
+			conn_val->Assign(10, new Val(inner_vlan, TYPE_INT));
+			}
 		}
 
 	if ( root_analyzer )

src/Conn.h

@@ -56,7 +56,7 @@ namespace analyzer { class Analyzer; }
 class Connection : public BroObj {
 public:
 	Connection(NetSessions* s, HashKey* k, double t, const ConnID* id,
-	           uint32 flow, const EncapsulationStack* arg_encap);
+	           uint32 flow, uint32 vlan, uint32 inner_vlan, const EncapsulationStack* arg_encap);
 	virtual ~Connection();
 
 	// Invoked when an encapsulation is discovered. It records the
@@ -295,6 +295,7 @@ protected:
 	uint32 orig_port, resp_port;	// in network order
 	TransportProto proto;
 	uint32 orig_flow_label, resp_flow_label; // most recent IPv6 flow labels
+	uint32 vlan, inner_vlan; // VLAN this connection traverses, if available
 	double start_time, last_time;
 	double inactivity_timeout;
 	RecordVal* conn_val;

src/Sessions.cc

@@ -674,7 +674,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 	conn = (Connection*) d->Lookup(h);
 	if ( ! conn )
 		{
-		conn = NewConn(h, t, &id, data, proto, ip_hdr->FlowLabel(), encapsulation);
+		conn = NewConn(h, t, &id, data, proto, ip_hdr->FlowLabel(), pkt->vlan, pkt->inner_vlan, encapsulation);
 		if ( conn )
 			d->Insert(h, conn);
 		}
@@ -694,7 +694,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 				conn->Event(connection_reused, 0);
 
 			Remove(conn);
-			conn = NewConn(h, t, &id, data, proto, ip_hdr->FlowLabel(), encapsulation);
+			conn = NewConn(h, t, &id, data, proto, ip_hdr->FlowLabel(), pkt->vlan, pkt->inner_vlan, encapsulation);
 			if ( conn )
 				d->Insert(h, conn);
 			}
@@ -1173,6 +1173,7 @@ void NetSessions::GetStats(SessionStats& s) const
 
 Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id,
 					const u_char* data, int proto, uint32 flow_label,
+					uint32 vlan, uint32 inner_vlan,
 					const EncapsulationStack* encapsulation)
 	{
 	// FIXME: This should be cleaned up a bit, it's too protocol-specific.
@@ -1229,7 +1230,7 @@ Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id,
 		id = &flip_id;
 		}
 
-	Connection* conn = new Connection(this, k, t, id, flow_label, encapsulation);
+	Connection* conn = new Connection(this, k, t, id, flow_label, vlan, inner_vlan, encapsulation);
 	conn->SetTransport(tproto);
 
 	if ( ! analyzer_mgr->BuildInitialAnalyzerTree(conn) )

src/Sessions.h

@@ -184,6 +184,7 @@ protected:
 
 	Connection* NewConn(HashKey* k, double t, const ConnID* id,
 			const u_char* data, int proto, uint32 flow_lable,
+			uint32 vlan, uint32 inner_vlan,
 			const EncapsulationStack* encapsulation);
 
 	// Check whether the tag of the current packet is consistent with

src/iosource/Packet.h

@@ -181,6 +181,12 @@ public:
 	 */
 	uint32 vlan;			///
 
+	/**
+	 * (Innermost) VLAN tag if any, else 0. Valid iff Layer2Valid()
+	 * returns true.
+	 */
+	uint32 inner_vlan;		///
+
 private:
 	// Calculate layer 2 attributes. Sets
 	void ProcessLayer2();