Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

added 'g' $history character for content gaps

Browse source
This commit is contained in:
Vern Paxson 2019-04-17 14:20:48 -07:00
parent 93d384adeb
commit 915189a06a
13 changed files with 61 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/analyzer/protocol/tcp/TCP_Endpoint.cc
View file

@ -32,8 +32,8 @@ TCP_Endpoint::TCP_Endpoint(TCP_Analyzer* arg_analyzer, int arg_is_orig)
tcp_analyzer = arg_analyzer;
is_orig = arg_is_orig;
chk_cnt = rxmt_cnt = win0_cnt = 0;
chk_thresh = rxmt_thresh = win0_thresh = 1;
gap_cnt = chk_cnt = rxmt_cnt = win0_cnt = 0;
gap_thresh = chk_thresh = rxmt_thresh = win0_thresh = 1;
hist_last_SYN = hist_last_FIN = hist_last_RST = 0;
@ -313,3 +313,11 @@ void TCP_Endpoint::ZeroWindow()
Conn()->HistoryThresholdEvent(tcp_multiple_zero_windows,
IsOrig(), t);
}
void TCP_Endpoint::Gap(uint64 seq, uint64 len)
{
uint32 t = gap_thresh;
if ( Conn()->ScaledHistoryEntry(IsOrig() ? 'G' : 'g',
gap_cnt, gap_thresh) )
Conn()->HistoryThresholdEvent(tcp_multiple_gap, IsOrig(), t);
}