Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Improve gap reporting in TCP connections that never see data.

Browse source 
The previous behavior was to accomodate SYN/FIN/RST-filtered traces by
not reporting missing data (via the content_gap event) for such
connections.  The new behavior always reports gaps for connections that
are established and terminate normally, but sequence numbers indicate
that all data packets of the connection were missed.  The behavior can
be reverted by redef'ing "detect_filtered_trace".
This commit is contained in:
Jon Siwek 2014-01-24 16:21:02 -06:00
parent 5b3573394e
commit 9b12967d40
7 changed files with 29 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/const.bif
View file

@ -5,6 +5,7 @@
const ignore_keep_alive_rexmit: bool;
const skip_http_data: bool;
const use_conn_size_analyzer: bool;
const detect_filtered_trace: bool;
const report_gaps_for_partial: bool;
const exit_only_after_terminate: bool;