| blob | 541acf871c1608824067ca7e2ee749a5bc21fa67 |
1 Transform add_tcp_stop {
2 Match (tcp_flags_reset="True") Insert (tcp_stop="True");
3 Match (tcp_flags_fin="True") Insert (tcp_stop="True");
4 };
6 Pdu tcp_pdu Proto tcp Transport ip {
7 Extract addr From ip.addr;
8 Extract port From tcp.port;
9 Extract tcp_start From tcp.flags.syn;
10 Extract tcp_flags_reset From tcp.flags.reset;
11 Extract tcp_flags_fin From tcp.flags.fin;
12 Transform add_tcp_stop;
13 };
15 Gop tcp_ses On tcp_pdu Match (addr, addr, port, port) {
16 Start (tcp_start="True");
17 Stop (tcp_stop="True");
18 };
20 Done;