mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
e221042f14
This also enforces conn_id and conn_id_ctx types instead of being able to handle any conn_id-like record.
13 lines
539 B
Text
13 lines
539 B
Text
##! This script adapts Zeek's connection key to include 802.1Q VLAN and
|
|
##! Q-in-Q tags, when available. Zeek normally ignores VLAN tags for connection
|
|
##! lookups; this change makes it factor them in and also makes those VLAN tags
|
|
##! part of the :zeek:see:`conn_id` record.
|
|
|
|
redef record conn_id_ctx += {
|
|
## The outer VLAN for this connection, if applicable.
|
|
vlan: int &log &optional;
|
|
## The inner VLAN for this connection, if applicable.
|
|
inner_vlan: int &log &optional;
|
|
};
|
|
|
|
redef ConnKey::factory = ConnKey::CONNKEY_VLAN_FIVETUPLE;
|