Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 12:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/topic/jsiwek/tcp-improvements'

Browse source 
* origin/topic/jsiwek/tcp-improvements:
  Fix file_over_new_connection event to trigger when entire file is missed.
  Improve TCP connection size reporting for half-open connections.
  Improve gap reporting in TCP connections that never see data.
  Improve TCP FIN retransmission handling.

BIT-1119
This commit is contained in:
Robin Sommer 2014-01-28 15:24:20 -08:00
commit dfcb4938d0
13 changed files with 64 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/base/init-bare.bro
View file

@ -2860,6 +2860,12 @@ global load_sample_freq = 20 &redef;
## .. bro:see:: gap_report
const gap_report_freq = 1.0 sec &redef;
## Whether to attempt to automatically detect SYN/FIN/RST-filtered trace
## and not report missing segments for such connections.
## If this is enabled, then missing data at the end of connections may not
## be reported via :bro:see:`content_gap`.
const detect_filtered_trace = F &redef;
## Whether we want :bro:see:`content_gap` and :bro:see:`gap_report` for partial
## connections. A connection is partial if it is missing a full handshake. Note
## that gap reports for partial connections might not be reliable.