[Bro-Dev] #338: Start time semantics in ConnCompressor when seeing multiple SYNs
Bro Tracker
bro at tracker.icir.org
Wed Dec 8 15:25:01 PST 2010
#338: Start time semantics in ConnCompressor when seeing multiple SYNs
---------------------+--------------------
Reporter: gregor | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: 1.5.2
Keywords: |
---------------------+--------------------
Bro used to set the start time of a TCP connection to the timestamp of
*last* SYN-packet. This was fixed/changed with #77 (and svn r6724).
However, Robin mentioned that the semantics of the ConnectionCompressor
have to be changed as well, but it seems this never happened. I.e., the
ConnCompressor still sets the start time to the last SYN received.
The attached patch should fix this.
**However, somebody who knows more about the ConnCompressor should verify
that this patch is indeed ok**
--
Ticket URL: <http://tracker.icir.org/bro/ticket/338>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list