mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
83d5243cf6
Now that Conn::set_conn is guaranteed to be called at the beginning and at the end of the connection, we can skip re-setting the elements that we know will not have changed. This prevents repeated lookups, e.g. to check that addresses are in the local networks. During `connection_state_remove`, only the duration, number of packets, service, and history fields are updated. local_orig and local_resp are updated when the connection is flipped. A test was added for that purpose. It uses the already existing http.zeek-image-post-1080-8000-x.pcap, which was slightly rewritten for this, so that one side of the connection has IP addresses different from 127.0.0.1. The existing history-flip test also was updated to have one side being in a local-net, to check that the flipping of local_orig and local_resp works correctly at the beginning of a connection.
11 lines
790 B
Text
11 lines
790 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path conn
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto orig_l2_addr resp_l2_addr
|
|
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count string string
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 1080 44.1.1.1 8000 tcp http 0.020403 5958 182 SF T F 0 ^hADadFf 10 6486 9 650 - 6 - -
|
|
#close XXXX-XX-XX-XX-XX-XX
|