mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
3e4f67e67c
c$conn is often needed for connection events, but it being established in connection_state_removed can be a problem because event handlers have to remember to call Con::set_conn(). This commit moves to call Conn::set_conn() in new_connection. Addresses GH-4202 update logs
17 lines
568 B
Text
17 lines
568 B
Text
##! This script adds a string version of the ip_proto field. It's not recommended
|
|
##! to load this policy and the ip_proto removal policy at the same time, as
|
|
##! conn.log will end up with useless information in the log from this field.
|
|
|
|
@load base/protocols/conn
|
|
|
|
module Conn;
|
|
|
|
redef record Info += {
|
|
## A string version of the ip_proto field
|
|
ip_proto_name: string &log &optional;
|
|
};
|
|
|
|
event new_connection(c: connection) &priority=5 {
|
|
if ( c$conn?$ip_proto && c$conn$ip_proto in IP::protocol_names )
|
|
c$conn$ip_proto_name = IP::protocol_names[c$conn$ip_proto];
|
|
}
|