Merge remote-tracking branch 'origin/topic/awelzel/add-community-id'

* origin/topic/awelzel/add-community-id: testing/external: Bump hashes for community_id addition NEWS: Add entry for Community ID policy: Import zeek-community-id scripts into protocols/conn frameworks/notice Add community_id_v1() based on corelight/zeek-community-id
2025-10-17 05:58:20 +00:00 · 2023-04-24 09:46:59 +02:00 · 2023-04-24 09:46:59 +02:00 · ffb73e4de9
commit ffb73e4de9
parent 0b22f792a5 0bbd7cab1b
38 changed files with 388 additions and 3 deletions
--- a/scripts/policy/frameworks/notice/community-id.zeek
+++ b/scripts/policy/frameworks/notice/community-id.zeek
@ -0,0 +1,35 @@
+# Source this script in addition to protocols/conn/community-id
+# to add Community ID to notices.
+
+# Only support loading this if the main script is also loaded.
+@load base/protocols/conn
+@load base/frameworks/notice
+
+@ifdef ( CommunityID::seed )
+
+module CommunityID::Notice;
+
+export {
+	# Turn notice support on/off at runtime. When disabled,
+	# this still leaves the `community_id` string in the notice
+	# log, just unset.
+	option enabled: bool = T;
+
+	redef record Notice::Info += {
+		community_id: string &optional &log;
+	};
+}
+
+hook Notice::notice(n: Notice::Info)
+	{
+	if ( CommunityID::Notice::enabled && n?$conn && n$conn?$conn )
+		{
+		local info = n$conn$conn;
+		# This is set during new_connection(), so it should
+		# always be there, but better safe than sorry.
+		if ( info?$community_id )
+			n$community_id = info$community_id;
+		}
+	}
+
+@endif