mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
e11c20e1eb
Changing the default_file_bof_buffer_size has subtle impact on MIME type detection and changed the zeek-testing baseline. Do not load this new script via test-all-policy to avoid this. The new test was mainly an aid to understand what is actually going on. In short, if default_file_bof_buffer_size is larger than the file MIME detection only runs when the buffer is full, or when the file is removed. When a file transfer happens over multiple HTTP connections, only some or one of the http.log entries will have a proper response MIME type. PCAP extracted from 2009-M57-day11-18.trace.gz. |
||
|---|---|---|
| .. | ||
| base | ||
| policy | ||
| site | ||
| spicy | ||
| zeekygen | ||
| CMakeLists.txt | ||
| test-all-policy.zeek | ||