added 'g' $history character for content gaps

2025-10-17 05:58:20 +00:00 · 2019-04-17 14:20:48 -07:00 · 2019-04-17 14:20:48 -07:00 · 915189a06a
commit 915189a06a
parent 93d384adeb
13 changed files with 61 additions and 33 deletions
--- a/scripts/base/protocols/conn/main.zeek
+++ b/scripts/base/protocols/conn/main.zeek
@ -107,6 +107,7 @@ export {
 		## f       packet with FIN bit set
 		## r       packet with RST bit set
 		## c       packet with a bad checksum (applies to UDP too)
+		## g       a content gap
 		## t       packet with retransmitted payload
 		## w       packet with a zero window advertisement
 		## i       inconsistent packet (e.g. FIN+RST bits set)
@ -122,7 +123,7 @@ export {
 		## 's' can be recorded multiple times for either direction
 		## if the associated sequence number differs from the
 		## last-seen packet of the same flag type.
-		## 'c', 't' and 'w' are recorded in a logarithmic fashion:
+		## 'c', 'g', 't' and 'w' are recorded in a logarithmic fashion:
 		## the second instance represents that the event was seen
 		## (at least) 10 times; the third instance, 100 times; etc.
 		history:      string          &log &optional;