Extract IP Header Options


I was wondering is there an existing way in Zeek to log IP Header Options? The conn log has a lot of the IP Header fields but not the IP Header “Options” field data. Specifically looking at logging data related to CIPSO packet labeling (reference: https://tools.ietf.org/html/draft-ietf-cipso-ipsecurity-01).

If not, can anyone point me to a decent example of a bro script logging similar data from the IP Header? (it’s been quite a few years since I’ve looked at bro scripts and I haven’t found any examples doing something similar to what I want)

Thank guys any information you can provide would be helpful!

Doesn't look like it, but you can try hacking it in. For example, add
the Options data as a field to the ip4_hdr record:


Add code to populate it here:


Then consume the data via a new_packet event handler:


- Jon