Jon Siwek 9b12967d40 Improve gap reporting in TCP connections that never see data. ...

The previous behavior was to accomodate SYN/FIN/RST-filtered traces by
not reporting missing data (via the content_gap event) for such
connections.  The new behavior always reports gaps for connections that
are established and terminate normally, but sequence numbers indicate
that all data packets of the connection were missed.  The behavior can
be reverted by redef'ing "detect_filtered_trace".

2014-01-24 16:21:02 -06:00

1.2 KiB

Raw History

View raw