[Zeek-Dev] [EXT] Re: connection $history - 'g' for gap
vern at corelight.com
Wed Apr 10 06:29:30 PDT 2019
> That could get very messy in the real world. How about start of first gap,=
> length of first gap, total number of gaps?
I think if the goal is to know whether DPD failed due to content gaps,
much better than trying to infer that from a set of gap information would
be for dpd.log to include "no DPD decision because ran into a content gap"
More information about the zeek-dev