Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 19:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

NetControl: Add functions to search for rules affecting IPs/subnets

Browse source 
Adds the functions

NetControl::find_rules_addr and NetControl::fund_rules_subnet

which return a vector containing all rules affecting a certain IP or
subnet.
This commit is contained in:
Johanna Amann 2016-03-09 21:32:15 -08:00
parent 692662abcc
commit 21c300c333
5 changed files with 223 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
testing/btest/Baseline/scripts.base.frameworks.netcontrol.find-rules/out Normal file
View file

@ -0,0 +1,6 @@
1
[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=1.2.3.4/32, mac=<uninitialized>]
0
4
[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=8.8.8.8/32, dst_p=53/udp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::MODIFY
[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP