Just noticed that "detect_filtered_trace" should be "FilteredTraceDetection::enable". Updated the text reported to the user, not sure if the bro docs section in the comments in appropriate. Patch attached.
CentOS 7, bro-master
I believe the text is correct (though probably not as clear as it should be).
The "FilteredTraceDetection::enable" boolean determines whether or not the
"find-filtered-trace.bro" script will warn the user when it determines that a
trace file contains TCP traffic consisting only of control packets, whereas
the "detect_filtered_trace" boolean is used internally by Bro in the TCP
reassembler. See for more info.
Right you are!
So I guess the real confusion is just the comment:
Flag to enable filtered trace file detection and warning message.
Closing, because there does not seem anything that remains to do.
If you want to take a shot and making the explanation better, please feel free to provide an updated version of it and re-open the bug.