Add acl ID into the samples #294
Description
What do you think about adding an extra field (acl id) into the stored TCP samples (samples.h)?
This will help with traffic / rules analysis and debug, as well as with security incidents investigations.
Current samples show
in_iface out_iface proto src_addr src_port dst_addr dst_port
--------- --------- ----- ------------ -------- -------- --------
kni1.3000 kni0.3000 tcp 7.7.7.7 1076 6.6.6.6 56789
kni1.3001 kni0.3001 tcp 8.8.8.8 1308 1.2.3.4 12345
proposed samples show
in_iface out_iface proto src_addr src_port dst_addr dst_port acl_id
--------- --------- ----- ----------- -------- -------- -------- --------
kni1.3000 kni0.3000 tcp 7.7.7.7 1076 6.6.6.6 56789 100
kni1.3001 kni0.3001 tcp 8.8.8.8 1308 1.2.3.4 12345 95
The field is already presented inside the internal structure.
struct sample_base_t
{
...
uint16_t acl_id;
It's just not saved and not used at all.