[Zeek] Long lasting UDP connection's expiry

[Justin Azoff]

On Mon, Jun 8, 2020 at 3:09 AM Nabil Memon <nabilmemon.ec at gmail.com> wrote:
>
> Hi Zeek,
>
> Hope you are well.
>
> I am currently working on extracting data from SIP protocol. In which, I came across a use case of holding every data exchanged over a UDP connection into the connection record and at the time of connection terminates, I want to work with all the combined data.

What data are you talking about?  if the data is attached to the
connection somehow, you can always access it.

> The connection is over UDP and between two proxies. Because of which I see the connection to be very active. In UDP there is no connection termination sequence like we have in TCP(FIN/FIN-ACK). Because of which, the connection lasts very long and it almost never expires(considering the connection is over two proxies).
>
> What if I would like to terminate the UDP connection manually at some trigger. Is there a way where I can forcefully terminate the connection and not wait for 1 minute to bypass standard UDP connection expiry?

Do you need to terminate it?  If the connection terminated, what would you do?

-- 
Justin