mirror of
https://github.com/zeek/zeek.git
synced 2025-10-09 10:08:20 +00:00
Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos
Conflicts: testing/btest/Baseline/core.print-bpf-filters/output2 testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
This commit is contained in:
Vlad Grigorescu
commit
2c8a3fce49
156 changed files with 3758 additions and 1614 deletions
|
|
@ -353,9 +353,10 @@ type connection: record {
|
|||
## gives up and discards any internal state related to the file.
|
||||
const default_file_timeout_interval: interval = 2 mins &redef;
|
||||
|
||||
## Default amount of bytes that file analysis will buffer before raising
|
||||
## :bro:see:`file_new`.
|
||||
const default_file_bof_buffer_size: count = 1024 &redef;
|
||||
## Default amount of bytes that file analysis will buffer in order to use
|
||||
## for mime type matching. File analyzers attached at the time of mime type
|
||||
## matching or later, will receive a copy of this buffer.
|
||||
const default_file_bof_buffer_size: count = 4096 &redef;
|
||||
|
||||
## A file that Bro is analyzing. This is Bro's type for describing the basic
|
||||
## internal metadata collected about a "file", which is essentially just a
|
||||
|
|
@ -394,8 +395,10 @@ type fa_file: record {
|
|||
## during the process of analysis e.g. due to dropped packets.
|
||||
missing_bytes: count &default=0;
|
||||
|
||||
## The number of not all-in-sequence bytes in the file stream that
|
||||
## were delivered to file analyzers due to reassembly buffer overflow.
|
||||
## The number of bytes in the file stream that were not delivered to
|
||||
## stream file analyzers. Generally, this consists of bytes that
|
||||
## couldn't be reassembled, either because reassembly simply isn't
|
||||
## enabled, or due to size limitations of the reassembly buffer.
|
||||
overflow_bytes: count &default=0;
|
||||
|
||||
## The amount of time between receiving new data for this file that
|
||||
|
|
@ -409,16 +412,6 @@ type fa_file: record {
|
|||
## The content of the beginning of a file up to *bof_buffer_size* bytes.
|
||||
## This is also the buffer that's used for file/mime type detection.
|
||||
bof_buffer: string &optional;
|
||||
|
||||
## The mime type of the strongest file magic signature matches against
|
||||
## the data chunk in *bof_buffer*, or in the cases where no buffering
|
||||
## of the beginning of file occurs, an initial guess of the mime type
|
||||
## based on the first data seen.
|
||||
mime_type: string &optional;
|
||||
|
||||
## All mime types that matched file magic signatures against the data
|
||||
## chunk in *bof_buffer*, in order of their strength value.
|
||||
mime_types: mime_matches &optional;
|
||||
} &redef;
|
||||
|
||||
## Fields of a SYN packet.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue