mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
29b0f844c0
This is a first "real" implementation of a custom tuple, adding additional fields over the standard five-tuple. Includes test cases.
14 lines
546 B
Text
14 lines
546 B
Text
##! This script adapts Zeek's connection key to include 802.1Q VLAN and
|
|
##! Q-in-Q tags, when available. Zeek normally ignores VLAN tags for connection
|
|
##! lookups; this change makes it factor them in and also makes those VLAN tags
|
|
##! part of the :zeek:see:`conn_id` record.
|
|
|
|
redef record conn_id += {
|
|
## The outer VLAN for this connection, if applicable.
|
|
vlan: int &log &optional;
|
|
|
|
## The inner VLAN for this connection, if applicable.
|
|
inner_vlan: int &log &optional;
|
|
};
|
|
|
|
redef ConnKey::factory = ConnKey::CONNKEY_VLAN_FIVETUPLE;
|