mirror of
https://github.com/zeek/zeek.git
synced 2025-10-15 13:08:20 +00:00
dd447c3f15
* origin/topic/christian/extensible-conntuples:
btest/plugins: Add test for custom ConnKey factory
NEWS updates for pluggable connection tuples.
Add a VLAN-aware flow tuple implementation.
Deprecate ConnTuple and related APIs.
Deprecate the old Connection constructor and detail::ConnKey class.
Switch to virtualized use of new zeek::ConnKey class tree
Provide a connkey factory for Zeek's default five-tuples.
Add IP-specific ConnKey implementation.
Establish plugin infrastructure for ConnKey factories.
Add new ConnKey abstraction.
(cherry picked from commit cd934c460b)
With all the conflicts.
14 lines
546 B
Text
14 lines
546 B
Text
##! This script adapts Zeek's connection key to include 802.1Q VLAN and
|
|
##! Q-in-Q tags, when available. Zeek normally ignores VLAN tags for connection
|
|
##! lookups; this change makes it factor them in and also makes those VLAN tags
|
|
##! part of the :zeek:see:`conn_id` record.
|
|
|
|
redef record conn_id += {
|
|
## The outer VLAN for this connection, if applicable.
|
|
vlan: int &log &optional;
|
|
|
|
## The inner VLAN for this connection, if applicable.
|
|
inner_vlan: int &log &optional;
|
|
};
|
|
|
|
redef ConnKey::factory = ConnKey::CONNKEY_VLAN_FIVETUPLE;
|