mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Add Q and update I documentation for conn history
- Q (MULTI_FLAG_PKT) was not in the documentation for the history field.
- I (FIN_RST_PKT) was documented incorrectly. It was documented as a
SYN+RST, when it actually represents a FIN+RST.
The new documentation was derived from:
d3f513f/src/analyzer/protocol/tcp/TCP.cc (L493)
Addresses BIT-1466
This commit is contained in:
Vlad Grigorescu
parent
d3f513fc80
commit
9cd4071cb3
1 changed files with 2 additions and 1 deletions
|
|
@ -87,7 +87,8 @@ export {
|
|||
## f packet with FIN bit set
|
||||
## r packet with RST bit set
|
||||
## c packet with a bad checksum
|
||||
## i inconsistent packet (e.g. SYN+RST bits both set)
|
||||
## i inconsistent packet (FIN+RST bits both set)
|
||||
## q multi-flag packet (SYN+FIN or SYN+RST bits both set)
|
||||
## ====== ====================================================
|
||||
##
|
||||
## If the event comes from the originator, the letter is in
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue