Merge remote-tracking branch 'origin/topic/johanna/connection-syn-packet-doc'

* origin/topic/johanna/connection-syn-packet-doc:
  Documentation: connection_SYN_packet

CHANGES

@@ -1,3 +1,10 @@
+8.0.0-dev.653 | 2025-07-14 11:26:06 -0700
+
+  * Documentation: connection_SYN_packet (Johanna Amann, Corelight)
+
+    Slightly clarify documentation related to the connection_SYN_packet
+    event.
+
 8.0.0-dev.651 | 2025-07-14 09:31:19 -0700
 
   * Use ranges::reverse_view to fix a few reverse ranged-for loops (Tim Wojtulewicz)

VERSION

@@ -1 +1 @@
-8.0.0-dev.651
+8.0.0-dev.653

scripts/base/init-bare.zeek

@@ -1043,7 +1043,7 @@ type SYN_packet: record {
 	win_size: count;	##< The window size from the TCP header.
 	win_scale: int;	##< The window scale option if present, or -1 if not.
 	MSS: count;	##< The maximum segment size if present, or 0 if not.
-	SACK_OK: bool;	##< True if the *SACK* option is present.
+	SACK_OK: bool;	##< True if the *SACK* option (Selective ACKnowledgement) is present.
 	TSval: count &optional;	##< The TCP TS value if present.
 	TSecr: count &optional;	##< The TCP TS echo reply if present.
 };

src/analyzer/protocol/tcp/events.bif

@@ -155,7 +155,8 @@ event connection_reset%(c: connection%);
 event connection_pending%(c: connection%);
 
 ## Generated for a SYN packet. Zeek raises this event for every SYN packet seen
-## by its TCP analyzer.
+## by its TCP analyzer. This includes packets that have other flags set - like
+## in the case of SYN-ACK packets.
 ##
 ## c: The connection.
 ##