mirror of
https://github.com/zeek/zeek.git
synced 2025-10-15 04:58:21 +00:00
64aa5e3025
* origin/topic/awelzel/4605-conn-id-context:
NEWS: Adapt for conn_id$ctx introduction
conn_key/fivetuple: Drop support for non conn_id records
Conn: Move conn_id init and flip to IPBasedConnKey
IPBasedConnKey: Add GetTransportProto() helper
input/Manager: Ignore empty record types
external: Bump commit hashes for external suites
ip/vlan_fivetuple: Populate nested conn_id_context, not conn_id
ConnKey: Extend DoPopulateConnIdVal() with ctx
btest: Update tests and baselines after adding ctx to conn_id
init-bare: Add conn_id_ctx to conn_id
(cherry picked from commit 388cbcee48)
13 lines
539 B
Text
13 lines
539 B
Text
##! This script adapts Zeek's connection key to include 802.1Q VLAN and
|
|
##! Q-in-Q tags, when available. Zeek normally ignores VLAN tags for connection
|
|
##! lookups; this change makes it factor them in and also makes those VLAN tags
|
|
##! part of the :zeek:see:`conn_id` record.
|
|
|
|
redef record conn_id_ctx += {
|
|
## The outer VLAN for this connection, if applicable.
|
|
vlan: int &log &optional;
|
|
## The inner VLAN for this connection, if applicable.
|
|
inner_vlan: int &log &optional;
|
|
};
|
|
|
|
redef ConnKey::factory = ConnKey::CONNKEY_VLAN_FIVETUPLE;
|