pkappa2 icon indicating copy to clipboard operation
pkappa2 copied to clipboard

Published 20 hours ago verified publisher icon spq

fix an issue with some tags not including all matching streams

Open spq opened this issue 1 year ago • 0 comments

if pcaps come out of order, which side is client/server isn't always decidable when the initial connection wasn't seen at first. in this case, we see e.g. the client/server host+port being swapped and a service tag doesn't match, these streams are later corrected when the first pcap which contained the connect is processed but the tags were not re-evaluated as normally the host/port's can't change. with this change, the pcap processing returns 3 masks:

  • updated streams (those that were modified normally, e.g. new data)
  • reset streams (those that could be completely changed because the new pcap(s) touch the connection start and there are other pcaps that touch later parts)
  • added streams (those that are only touched by the new pcap(s)

spq avatar Aug 11 '24 22:08 spq