Merge branch 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek

* 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek: Add NEWS entry for generic packet thresholds Allow for multiple generic packet thresholds Add btest for conn_generic_packet_threshold_crossed event Update dump-events btest baseline Add conn_generic_packet_threshold_crossed event
2025-10-02 06:38:20 +00:00 · 2025-07-08 17:53:56 +02:00 · 2025-07-08 17:53:56 +02:00 · 0c60f2a70a
commit 0c60f2a70a
parent 8ba77da152 50ab72efc2
11 changed files with 140 additions and 2 deletions
--- a/18
+++ b/18
@ -1,3 +1,21 @@
+8.0.0-dev.615 | 2025-07-08 17:53:56 +0200
+
+  * Add NEWS entry for generic packet thresholds (Jan Grashoefer, Corelight)
+
+  * Allow for multiple generic packet thresholds (Jan Grashoefer, Corelight)
+
+    Co-authored-by: Arne Welzel <arne.welzel@corelight.com>
+
+  * Add btest for conn_generic_packet_threshold_crossed event (Jan Grashoefer, Corelight)
+
+  * Update dump-events btest baseline (Jan Grashoefer, Corelight)
+
+    Changes in endpoint stats are a side-effect caused by the ConnSize
+    analyzer updating the conn record triggering the threshold event. The
+    phenomenon is described in https://github.com/zeek/zeek/issues/4214.
+
+  * Add conn_generic_packet_threshold_crossed event (Jan Grashoefer, Corelight)
+
 8.0.0-dev.609 | 2025-07-08 11:42:05 +0100

  * PPPoE: don't forward more bytes than header indicates (Johanna Amann, Corelight)