Adding a LOCAL option to the Direction type?

Vlad_Grigorescu1 · August 28, 2014, 11:16pm

The Direction type (defined in base/utils/directions-and-hosts.bro) currently has directions for:

remote orig, local resp
local orig, remote resp
bidirectional (“Only one endpoint is within the locally-monitored network, meaning the connection is either outbound or inbound.”)
no_direction (“This value doesn’t match any connection.”)

Does it make sense to add LOCAL == local orig, local resp? Similarly, do we want to add EXTERNAL == remote orig, remote resp?

I’m looking at this for the SSH log in particular.

–Vlad

Seth_Hall3 · September 2, 2014, 1:53pm

Yes, I've been meaning to add this for years. Please do so.

.Seth

Topic		Replies	Views
inline record type definition Development development	4	88	May 6, 2022
[Bro-Commits] [git/bro] topic/johanna/input: first test. (029871e) Development development	1	52	May 6, 2022
Advice on REST plugin structure Zeek	1	59	May 6, 2022
Passing options to Bro plugins from a file Zeek	2	100	May 6, 2022
Question regarding an error Zeek	3	147	May 6, 2022