From 6ae42b38e9976bb77c77fef936609da56ec57abc Mon Sep 17 00:00:00 2001
From: Chaz Lever <chazlever@users.noreply.github.com>
Date: Thu, 8 Apr 2021 18:29:05 -0400
Subject: [PATCH] Update method for computing sha256 of packets

This commit changes how packet hashes are computed. First, uses the
packet metadata timestamp as a salt. Second, it uses the entire packet
rahter than the UDP payload.
---
 parser/parse.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/parser/parse.go b/parser/parse.go
index 2a3e071..f4865bb 100644
--- a/parser/parse.go
+++ b/parser/parse.go
@@ -177,7 +177,13 @@ PACKETLOOP:
 			schema.SourcePort = uint16(udp.SrcPort)
 			schema.DestinationPort = uint16(udp.DstPort)
 			schema.Udp = true
-			schema.Sha256 = fmt.Sprintf("%x", sha256.Sum256(udp.Payload))
+
+			// Hash and salt packet for grouping related records
+			tsSalt, err := packet.Metadata().Timestamp.MarshalBinary()
+			if err != nil {
+				log.Errorf("Could not marshal timestamp: #{err}\n")
+			}
+			schema.Sha256 = fmt.Sprintf("%x", sha256.Sum256(append(tsSalt, packet.Data()...)))
 		}
 
 		// This means we did not attempt to parse a DNS payload and