mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
e82a7455d7
Issue #3028 tracks how a flipped connections reset a connection's value including any state set during new_connection(). For the time being, update community-id functionality back to the original connection_state_remove() approach to avoid missing community_ids on flipped connections.
23 lines
583 B
Text
23 lines
583 B
Text
##! Adds community hash IDs to conn.log.
|
|
@load base/protocols/conn
|
|
|
|
module CommunityID;
|
|
|
|
export {
|
|
# An unsigned 16-bit number to seed our hashing
|
|
option seed: count = 0;
|
|
|
|
# Whether to add a base64 pass over the hash digest.
|
|
# Enabled by default, since it shortens the output.
|
|
option do_base64: bool = T;
|
|
|
|
# Add the ID string field to the connection log record.
|
|
redef record Conn::Info += {
|
|
community_id: string &optional &log;
|
|
};
|
|
}
|
|
|
|
event connection_state_remove(c: connection)
|
|
{
|
|
c$conn$community_id = community_id_v1(c$id, CommunityID::seed, CommunityID::do_base64);
|
|
}
|