mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
242db4981d
Skimming through the RFC, the previous approach of having containers for most fields seems unfounded for normal protocol operation. The new weirds could just as well be considered protocol violations. Outside of duplicated or missed data they just shouldn't happen for well-behaved client/server behavior. Additionally, with non-conformant traffic it would be trivial to cause unbounded state growth and immense log record sizes. Unfortunately, things have become a bit clunky now. Closes #3504
11 lines
563 B
Text
11 lines
563 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path ldap
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id version opcode result diagnostic_message object argument
|
|
#types time string addr port addr port int int string string string string string
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.31.1.104 3116 172.31.1.101 389 215 3 bind SASL success - - GSS-SPNEGO
|
|
#close XXXX-XX-XX-XX-XX-XX
|