Merge branch 'master' of https://github.com/aaronmbr/bro

* 'master' of https://github.com/aaronmbr/bro: Copy-paste issue Allow for logging of the VLAN data about a connection in conn.log Save the inner vlan in the Packet object for Q-in-Q setups
2025-10-10 10:38:20 +00:00 · 2015-07-23 13:01:35 -07:00 · 2015-07-23 13:01:35 -07:00 · fb848f795d
commit fb848f795d
parent a8f1ebf429 ba1facb6c3
21 changed files with 338 additions and 233 deletions
--- a/scripts/policy/protocols/conn/vlan-logging.bro
+++ b/scripts/policy/protocols/conn/vlan-logging.bro
@ -0,0 +1,26 @@
+##! This script add VLAN information to the connection logs
+
+@load base/protocols/conn
+
+module Conn;
+
+redef record Info += {
+	## The outer VLAN for this connection, if applicable.
+	vlan: int      &log &optional;
+
+	## The inner VLAN for this connection, if applicable.
+	inner_vlan: int      &log &optional;
+};
+
+# Add the VLAN information to the Conn::Info structure after the connection
+# has been removed. This ensures it's only done once, and is done before the
+# connection information is written to the log.
+event connection_state_remove(c: connection) &priority=5
+	{
+	if ( c?$vlan )
+		c$conn$vlan = c$vlan;
+
+	if ( c?$inner_vlan )
+		c$conn$inner_vlan = c$inner_vlan;
+	}
+