[Bro-Dev] #342: Add payload to ICMP analyzer
Bro Tracker
bro at tracker.icir.org
Thu Dec 16 21:12:23 PST 2010
#342: Add payload to ICMP analyzer
---------------------+--------------------
Reporter: seth | Owner:
Type: Patch | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: 1.5.2
Resolution: | Keywords:
---------------------+--------------------
Comment (by matti):
I suppose that the payload would not be usefull for all of the ICMP
messages sent, so I would probably just include that for the types where
it is of use. I think it would make sense to rather have a whole lot of
different ICMP message events and then have the payload and other data
only available where it is relevant. This would at least avoid some of the
overhead. I'll add the payload for the new ICMP events in my branch where
it is usefull.
--
Ticket URL: <http://tracker.icir.org/bro/ticket/342#comment:3>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list