Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 23:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/testing
History
Johanna Amann f7edf70882 Allow setting packet and byte thresholds for connections. 
This extends the ConnSize analyzer to be able to raise events when each
direction of a connection crosses a certain amount of bytes or packets.

Thresholds are set using
set_conn_bytes_threshold(c$id, [num-bytes], [direction]);
and
set_conn_packets_threshold(c$id, [num-packets], [direction]);
respectively.

They raise the event
event conn_bytes_threshold_crossed(c: connection, threshold: count, is_orig: bool)
and
event conn_packets_threshold_crossed(c: connection, threshold: count, is_orig: bool)
respectively.

Current thresholds can be examined using
get_conn_bytes_threshold and get_conn_packets_threshold

Currently only one threshold can be set per connection.

This also fixes a bug where child packet analyzers of the TCP analyzer
where not found using FindChild.
2015-04-17 06:57:51 -07:00
..
btest Allow setting packet and byte thresholds for connections. 2015-04-17 06:57:51 -07:00
external Update mozilla CA list. 2015-04-14 16:40:41 -07:00
scripts Add/fix log fields in x509 diff canonifier. 2015-02-05 10:04:04 -06:00
.gitignore Test coverage integration for external tests and complete suite. 2012-01-12 11:58:13 -06:00
Makefile Add/invoke "distclean" for testing directories. 2014-12-01 10:43:41 -06:00
README Cleaning up some testing stuff. 2011-07-05 18:47:08 -07:00

README 

This directory contains suites for testing for Bro's correct
operation:

    btest/
        An ever-growing set of small unit tests testing Bro's
        functionality.

    external/
        A framework for downloading additional test sets that run more
        complex Bro configuration on larger traces files. Due to their
        size, these are not included directly. See the README for more
        information. 

    scripts/
        Helpers scripts used by some tests.