Minor review nits

scripts/base/protocols/conn/main.zeek

@@ -160,7 +160,7 @@ export {
 		tunnel_parents: set[string] &log &optional;
 		## For IP-based connections, this contains the protocol
 		## identifier passed in the IP header. This is different
-		## from the ``proto`` field in that this value comes
+		## from the *proto* field in that this value comes
 		## directly from the header.
 		ip_proto:   count      &log &optional;
 	};
@@ -287,7 +287,8 @@ function set_conn(c: connection, eoc: bool)
 			c$conn$history=c$history;
 		}
 
-	c$conn$ip_proto = c$id$proto;
+	if ( c$id$proto != 65535 )
+		c$conn$ip_proto = c$id$proto;
 	}
 
 event content_gap(c: connection, is_orig: bool, seq: count, length: count) &priority=5

scripts/policy/protocols/conn/disable-unknown-ip-proto-support.zeek

@@ -8,4 +8,4 @@ redef record Conn::Info$ip_proto -= { &log };
 
 event zeek_init() {
 	Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_UNKNOWN_IP_TRANSPORT);
-}
+}

scripts/policy/protocols/conn/ip-proto-name-logging.zeek

@@ -157,15 +157,13 @@ global protocol_names: table[count] of string = {
 	[142] = "rohc",
 	[143] = "ethernet",
 	[144] = "aggfrag",
-	[145] = "nsh"
+	[145] = "nsh",
+	[146] = "homa"
 };
 
 event new_connection(c: connection) &priority=5 {
 	# In case we're the first access
 	Conn::set_conn(c, F);
-	if ( c$conn?$ip_proto && c$conn$ip_proto in protocol_names ) {
+	if ( c$conn?$ip_proto && c$conn$ip_proto in protocol_names )
 		c$conn$ip_proto_name = protocol_names[c$conn$ip_proto];
-	} else {
-		c$conn$ip_proto_name = "unknown";
-	}
 }