<div dir="ltr"><span style="font-family:arial,sans-serif;font-size:12.222222328186035px">Hey, had a quick question about the connection information in the Software::Info structure.</span><div style="font-family:arial,sans-serif;font-size:12.222222328186035px">
<br></div><div style="font-family:arial,sans-serif;font-size:12.222222328186035px">From what I can see in the source code / manual there seems to be only one side of the connection represented ( only "host" and "host_p" ).</div>
<div style="font-family:arial,sans-serif;font-size:12.222222328186035px"><br></div><div style="font-family:arial,sans-serif;font-size:12.222222328186035px">For what we are trying to do, we want the full connection to be logged. Just how HTTP for example records the originating / responding host / port. Since the Software::found function seems to take a connection as a parameter, would it be possible to pull c$id$orig_h, c$id$orig_p, c$id$resp_h, and c$id$resp_p fields out and pass them into this framework? Or is there some limitation that prevents those fields from being accessed?</div>
<div style="font-family:arial,sans-serif;font-size:12.222222328186035px"><br></div><div style="font-family:arial,sans-serif;font-size:12.222222328186035px">To access the information, I was thinking of adding two fields to the Software::Info record which would hold the other 2 values not represented by host and host_p - and then modify the Software::found calls in the SMTP, SSH, HTTP etc policies so that they pass along the additional information from their connection object. Does this seem like a reasonable approach or is there an easier way?</div>
<div style="font-family:arial,sans-serif;font-size:12.222222328186035px"><br></div><div style="font-family:arial,sans-serif;font-size:12.222222328186035px">Thanks,</div><div style="font-family:arial,sans-serif;font-size:12.222222328186035px">
N. Siow</div></div>