Arne Welzel e11c20e1eb test-all-policy: Do not load iso-9660.zeek ...

Changing the default_file_bof_buffer_size has subtle impact on
MIME type detection and changed the zeek-testing baseline. Do
not load this new script via test-all-policy to avoid this.

The new test was mainly an aid to understand what is actually going on.
In short, if default_file_bof_buffer_size is larger than the file MIME
detection only runs when the buffer is full, or when the file is removed.
When a file transfer happens over multiple HTTP connections, only
some or one of the http.log entries will have a proper response MIME type.

PCAP extracted from 2009-M57-day11-18.trace.gz.

2024-02-26 17:58:26 +01:00

98 KiB

Raw Permalink History

View raw