[Bro] connection_state_remove

Christian Kreibich christian at whoop.org
Tue Nov 29 15:38:00 PST 2005


could I please get a summary of when connection_state_remove is
triggered. It sounds like what I need, is mentioned in a bunch of places
in the code, but unfortunately not documented and so I'm confused about
its semantics.

Some context: if I have a table[conn_id] of blah that indexes on both
UDP and TCP connection identifiers, then what's the best way to reliably
expire all of its entries as time progresses? Can I just fix an upper-
bound @read_expire that is larger than TCP's, so I can rely on UDP being
kicked out eventually without interfering with the TCP state management,
and if so, what value do I use? Thanks!


More information about the Bro mailing list