[Bro] connection_state_remove
Christian Kreibich
christian at whoop.org
Tue Nov 29 17:11:00 PST 2005
On Tue, 2005-11-29 at 16:40 -0800, Robin Sommer wrote:
>
> *If* Bro expires a UDP connection, it raises
> connection_state_remove. But you're right, but default Bro doesn't
> remove (most of the) UDP state. But you can set a
> udp_inactivity_timeout, then it will (in fact, if you're analyzining
> UDP traffic you *really* want to have such a timeout; otherwise your
> table is probably the smallest problem :-)
Ah! I wasn't aware of that setting. udp_inactivity_timeout seems set to
10s by default, so I guess after 10s connection_state_remove *is*
actually triggered by default for UDP. I need to re-run my scripts to
see whether I'm actually leaking state. Thanks Robin!
~/devel/bro/doc/ref-manual > grep udp_inactivity_timeout *
~/devel/bro/doc/ref-manual > grep connection_state_remove *
~/devel/bro/doc/ref-manual >
I should have known to look in CHANGES. :)
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list