Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 13:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

add hook to pacf that allows users to modify all rules or implement

Browse source 
whitelists or similar.
This commit is contained in:
Johanna Amann 2015-06-02 14:23:25 -07:00
parent ed40855152
commit 1439c244fc
3 changed files with 55 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
scripts/base/frameworks/pacf/main.bro
View file

@ -159,6 +159,13 @@ export {
## msg: An optional informational message by the plugin.
global rule_error: event(r: Rule, p: PluginState, msg: string &default="");
## Hook that allows the modification of rules passed to add_rule before they
## are passed on to the plugins. If one of the hooks uses break, the rule is
## ignored and not passed on to any plugin.
##
## r: The rule to be added
global Pacf::rule_policy: hook(r: Rule);
## Type of an entry in the PACF log.
type InfoCategory: enum {
## A log entry reflecting a framework message.
@ -402,6 +409,9 @@ function add_rule_impl(rule: Rule) : string
if ( ! rule?$id || rule$id == "" )
rule$id = cat(rule$cid);
if ( ! hook Pacf::rule_policy(rule) )
return "";
local accepted = F;
local priority: int = +0;
local r = rule;