Extendign connection history field to flag when Bro flips a

connection's endpoints. The character is '^'. Addresses BIT-1629.
2025-10-05 16:18:19 +00:00 · 2016-07-08 12:45:02 -07:00 · 2016-07-08 12:45:02 -07:00 · 0c080bca7a
commit 0c080bca7a
parent aa33da2775
16 changed files with 55 additions and 27 deletions
--- a/scripts/base/protocols/conn/main.bro
+++ b/scripts/base/protocols/conn/main.bro
@ -89,6 +89,7 @@ export {
 		## c       packet with a bad checksum
 		## i       inconsistent packet (e.g. FIN+RST bits set)
 		## q       multi-flag packet (SYN+FIN or SYN+RST bits set)
+                ## ^       connection direction was flipped by Bro's heuristic
 		## ======  ====================================================
 		##
 		## If the event comes from the originator, the letter is in