Merge remote-tracking branch 'origin/topic/johanna/connection-syn-packet-doc'

* origin/topic/johanna/connection-syn-packet-doc: Documentation: connection_SYN_packet
2025-10-02 14:48:21 +00:00 · 2025-07-14 11:26:06 -07:00 · 2025-07-14 11:26:06 -07:00 · 55b427142d
commit 55b427142d
parent a843521e78 2fc75009f4
4 changed files with 11 additions and 3 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
 8.0.0-dev.653 | 2025-07-14 11:26:06 -0700
  * Documentation: connection_SYN_packet (Johanna Amann, Corelight)
    Slightly clarify documentation related to the connection_SYN_packet
    event.
 8.0.0-dev.651 | 2025-07-14 09:31:19 -0700
  * Use ranges::reverse_view to fix a few reverse ranged-for loops (Tim Wojtulewicz)
--- a/2
+++ b/2
@ -1 +1 @@
-8.0.0-dev.651
+8.0.0-dev.653
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -1043,7 +1043,7 @@ type SYN_packet: record {
 	win_size: count;	##< The window size from the TCP header.
 	win_scale: int;	##< The window scale option if present, or -1 if not.
 	MSS: count;	##< The maximum segment size if present, or 0 if not.
-	SACK_OK: bool;	##< True if the *SACK* option is present.
+	SACK_OK: bool;	##< True if the *SACK* option (Selective ACKnowledgement) is present.
 	TSval: count &optional;	##< The TCP TS value if present.
 	TSecr: count &optional;	##< The TCP TS echo reply if present.
 };
--- a/src/analyzer/protocol/tcp/events.bif
+++ b/src/analyzer/protocol/tcp/events.bif
@ -155,7 +155,8 @@ event connection_reset%(c: connection%);
 event connection_pending%(c: connection%);
 ## Generated for a SYN packet. Zeek raises this event for every SYN packet seen
-## by its TCP analyzer.
+## by its TCP analyzer. This includes packets that have other flags set - like
 ## in the case of SYN-ACK packets.
 ##
 ## c: The connection.
 ##