From 01954a4e7bec844091436cd0d1b2400f9c4479be Mon Sep 17 00:00:00 2001
From: Jungkeun Park <parkjk@konkuk.ac.kr>
Date: Wed, 3 Jan 2024 03:21:07 +0900
Subject: [PATCH 1/2] Add conn_state to connection event structure

---
 CHANGELOG.md          | 1 +
 src/ingest/network.rs | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 68a1dcc..592c054 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ Versioning](https://semver.org/spec/v2.0.0.html).
 ### Changed
 
 - Modified event structure to store NTLM error information.
+- Modified connection event structure to report connection state.
 
 ## [0.15.2] - 2023-11-16
 
diff --git a/src/ingest/network.rs b/src/ingest/network.rs
index da6f502..e664ea8 100644
--- a/src/ingest/network.rs
+++ b/src/ingest/network.rs
@@ -17,6 +17,7 @@ pub struct Conn {
     pub resp_addr: IpAddr,
     pub resp_port: u16,
     pub proto: u8,
+    pub conn_state: String,
     pub duration: i64,
     pub service: String,
     pub orig_bytes: u64,
@@ -29,12 +30,13 @@ impl Display for Conn {
     fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
         write!(
             f,
-            "{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}",
+            "{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}",
             self.orig_addr,
             self.orig_port,
             self.resp_addr,
             self.resp_port,
             self.proto,
+            as_str_or_default(&self.conn_state),
             convert_time_format(self.duration),
             self.service,
             self.orig_bytes,

From 58d49b13baec134cab05716d5e20d2a5e8acf3c8 Mon Sep 17 00:00:00 2001
From: Jungkeun Park <parkjk@konkuk.ac.kr>
Date: Wed, 3 Jan 2024 03:41:15 +0900
Subject: [PATCH 2/2] Fix missing conn_state field

---
 src/ingest.rs  | 1 +
 src/publish.rs | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/src/ingest.rs b/src/ingest.rs
index b4742d9..fdab9b0 100644
--- a/src/ingest.rs
+++ b/src/ingest.rs
@@ -161,6 +161,7 @@ mod tests {
             resp_addr: "192.168.4.76".parse::<IpAddr>().unwrap(),
             resp_port: 80,
             proto: 6,
+            conn_state: String::new(),
             duration: 1000,
             service: "-".to_string(),
             orig_bytes: 77,
diff --git a/src/publish.rs b/src/publish.rs
index 11e19c5..7a591f1 100644
--- a/src/publish.rs
+++ b/src/publish.rs
@@ -540,6 +540,7 @@ mod tests {
             resp_addr: "192.168.4.76".parse::<IpAddr>().unwrap(),
             resp_port: 80,
             proto: 6,
+            conn_state: String::new(),
             duration: 1000,
             service: "-".to_string(),
             orig_bytes: 77,
@@ -695,6 +696,7 @@ mod tests {
             resp_addr: "192.168.4.76".parse::<IpAddr>().unwrap(),
             resp_port: 80,
             proto: 6,
+            conn_state: String::new(),
             duration: 1000,
             service: "-".to_string(),
             orig_bytes: 77,