diff --git a/CHANGES b/CHANGES index add558f878..18e2d85a74 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,27 @@ +2.6-249 | 2019-04-26 19:26:44 -0700 + + * Fix parsing of hybrid IPv6-IPv4 addr literals with no zero compression (Jon Siwek, Corelight) + +2.6-246 | 2019-04-25 10:22:11 -0700 + + * Add Zeexygen cross-reference links for some events (Jon Siwek, Corelight) + +2.6-245 | 2019-04-23 18:42:02 -0700 + + * Expose TCP analyzer utility functions to derived classes (Vern Paxson, Corelight) + +2.6-243 | 2019-04-22 19:42:52 -0700 + + * GH-234: rename Broxygen to Zeexygen along with roles/directives (Jon Siwek, Corelight) + + * All "Broxygen" usages have been replaced in + code, documentation, filenames, etc. + + * Sphinx roles/directives like ":bro:see" are now ":zeek:see" + + * The "--broxygen" command-line option is now "--zeexygen" + 2.6-242 | 2019-04-22 22:43:09 +0200 * update SSL consts from TLS 1.3 (Johanna Amann) diff --git a/NEWS b/NEWS index 55f1330c9a..b93aa2300b 100644 --- a/NEWS +++ b/NEWS @@ -175,6 +175,14 @@ Changed Functionality the end of a connection (in a FIN or RST) are considered unreliable and aren't counted as true gaps. +- The Broxygen component, which is used to generate our Doxygen-like + scripting API documentation has been renamed to Zeexygen. This likely has + no breaking or visible changes for most users, except in the case one + used it to generate their own documentation via the ``--broxygen`` flag, + which is now named ``--zeexygen``. Besides that, the various documentation + in scripts has also been updated to replace Sphinx cross-referencing roles + and directives like ":bro:see:" with ":zeek:zee:". + Removed Functionality --------------------- diff --git a/VERSION b/VERSION index 39cb43fbe0..acde488fd3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-242 +2.6-249 diff --git a/aux/bifcl b/aux/bifcl index 1dea95dd78..1b5375e9f8 160000 --- a/aux/bifcl +++ b/aux/bifcl @@ -1 +1 @@ -Subproject commit 1dea95dd7819cb6b80291d5830e2b7d04b14abd0 +Subproject commit 1b5375e9f81ecec59f983e6abe86300c6bbbcb8f diff --git a/aux/binpac b/aux/binpac index f648419d79..04c7e27a22 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit f648419d796f8ab9f36991062ae790174e084aee +Subproject commit 04c7e27a22491a91ee309877253da0922d0822bc diff --git a/aux/broccoli b/aux/broccoli index 0ec42e5f54..8668422406 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 0ec42e5f54b7f0a65e35213d709ae19499526647 +Subproject commit 8668422406cb74f4f0c574a0c9b6365a21f3e81a diff --git a/aux/broctl b/aux/broctl index 5698525ae4..39ae4a469d 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 5698525ae41c397c18eba1d5350cca18fa081665 +Subproject commit 39ae4a469d6ae86c12b49020b361da4fcab24b5b diff --git a/aux/broker b/aux/broker index 1ab04b7bd8..56408c5582 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 1ab04b7bd893f65c1339b2ac92596dca6ed66412 +Subproject commit 56408c5582c80db6774c8b25642149dfb542345a diff --git a/aux/zeek-aux b/aux/zeek-aux index 0ec8103a69..ba482418c4 160000 --- a/aux/zeek-aux +++ b/aux/zeek-aux @@ -1 +1 @@ -Subproject commit 0ec8103a698ae71ff23d4dfa9e38b624c22ae718 +Subproject commit ba482418c4e16551fd7b9128a4082348ef2842f0 diff --git a/cmake b/cmake index 8554b602ee..5521da04df 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 8554b602eed13076484fdac18fbdd934b061bed7 +Subproject commit 5521da04df0190e3362e4c5164df5c2c8884dd2c diff --git a/doc b/doc index 38f6edaf27..073bb08473 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 38f6edaf273401eef51cf754010f144be6398066 +Subproject commit 073bb08473b8172b8bb175e0702204f15f522392 diff --git a/man/bro.8 b/man/bro.8 index 66d0fc4f20..a4c54d48f6 100644 --- a/man/bro.8 +++ b/man/bro.8 @@ -99,7 +99,7 @@ Record process status in file \fB\-W\fR,\ \-\-watchdog activate watchdog timer .TP -\fB\-X\fR,\ \-\-broxygen +\fB\-X\fR,\ \-\-zeexygen generate documentation based on config file .TP \fB\-\-pseudo\-realtime[=\fR] @@ -150,7 +150,7 @@ ASCII log file extension Output file for script execution statistics .TP .B BRO_DISABLE_BROXYGEN -Disable Broxygen documentation support +Disable Zeexygen (Broxygen) documentation support .SH AUTHOR .B bro was written by The Bro Project . diff --git a/scripts/base/files/extract/main.zeek b/scripts/base/files/extract/main.zeek index eaae44a089..93288c5127 100644 --- a/scripts/base/files/extract/main.zeek +++ b/scripts/base/files/extract/main.zeek @@ -29,12 +29,12 @@ export { ## to know where to write the file to. If not specified, then ## a filename in the format "extract--" is ## automatically assigned (using the *source* and *id* - ## fields of :bro:see:`fa_file`). + ## fields of :zeek:see:`fa_file`). extract_filename: string &optional; ## The maximum allowed file size in bytes of *extract_filename*. - ## Once reached, a :bro:see:`file_extraction_limit` event is + ## Once reached, a :zeek:see:`file_extraction_limit` event is ## raised and the analyzer will be removed unless - ## :bro:see:`FileExtract::set_limit` is called to increase the + ## :zeek:see:`FileExtract::set_limit` is called to increase the ## limit. A value of zero means "no limit". extract_limit: count &default=default_limit; }; diff --git a/scripts/base/frameworks/analyzer/main.zeek b/scripts/base/frameworks/analyzer/main.zeek index 57a602f308..0775768dca 100644 --- a/scripts/base/frameworks/analyzer/main.zeek +++ b/scripts/base/frameworks/analyzer/main.zeek @@ -5,7 +5,7 @@ ##! particular analyzer for new connections. ##! ##! Protocol analyzers are identified by unique tags of type -##! :bro:type:`Analyzer::Tag`, such as :bro:enum:`Analyzer::ANALYZER_HTTP`. +##! :zeek:type:`Analyzer::Tag`, such as :zeek:enum:`Analyzer::ANALYZER_HTTP`. ##! These tags are defined internally by ##! the analyzers themselves, and documented in their analyzer-specific ##! description along with the events that they generate. @@ -17,7 +17,7 @@ module Analyzer; export { ## If true, all available analyzers are initially disabled at startup. ## One can then selectively enable them with - ## :bro:id:`Analyzer::enable_analyzer`. + ## :zeek:id:`Analyzer::enable_analyzer`. global disable_all = F &redef; ## Enables an analyzer. Once enabled, the analyzer may be used for analysis @@ -109,7 +109,7 @@ export { ## Automatically creates a BPF filter for the specified protocol based ## on the data supplied for the protocol through the - ## :bro:see:`Analyzer::register_for_ports` function. + ## :zeek:see:`Analyzer::register_for_ports` function. ## ## tag: The analyzer tag. ## diff --git a/scripts/base/frameworks/broker/main.zeek b/scripts/base/frameworks/broker/main.zeek index 93ed69c3c5..f64ff0ce14 100644 --- a/scripts/base/frameworks/broker/main.zeek +++ b/scripts/base/frameworks/broker/main.zeek @@ -10,19 +10,19 @@ export { ## Default interval to retry listening on a port if it's currently in ## use already. Use of the BRO_DEFAULT_LISTEN_RETRY environment variable ## (set as a number of seconds) will override this option and also - ## any values given to :bro:see:`Broker::listen`. + ## any values given to :zeek:see:`Broker::listen`. const default_listen_retry = 30sec &redef; ## Default address on which to listen. ## - ## .. bro:see:: Broker::listen + ## .. zeek:see:: Broker::listen const default_listen_address = getenv("BRO_DEFAULT_LISTEN_ADDRESS") &redef; ## Default interval to retry connecting to a peer if it cannot be made to ## work initially, or if it ever becomes disconnected. Use of the ## BRO_DEFAULT_CONNECT_RETRY environment variable (set as number of ## seconds) will override this option and also any values given to - ## :bro:see:`Broker::peer`. + ## :zeek:see:`Broker::peer`. const default_connect_retry = 30sec &redef; ## If true, do not use SSL for network connections. By default, SSL will @@ -47,7 +47,7 @@ export { const ssl_certificate = "" &redef; ## Passphrase to decrypt the private key specified by - ## :bro:see:`Broker::ssl_keyfile`. If set, Bro will require valid + ## :zeek:see:`Broker::ssl_keyfile`. If set, Bro will require valid ## certificates for all peers. const ssl_passphrase = "" &redef; @@ -96,7 +96,7 @@ export { ## Forward all received messages to subscribing peers. const forward_messages = F &redef; - ## Whether calling :bro:see:`Broker::peer` will register the Broker + ## Whether calling :zeek:see:`Broker::peer` will register the Broker ## system as an I/O source that will block the process from shutting ## down. For example, set this to false when you are reading pcaps, ## but also want to initaiate a Broker peering and still shutdown after @@ -107,7 +107,7 @@ export { ## id is appended when writing to a particular stream. const default_log_topic_prefix = "bro/logs/" &redef; - ## The default implementation for :bro:see:`Broker::log_topic`. + ## The default implementation for :zeek:see:`Broker::log_topic`. function default_log_topic(id: Log::ID, path: string): string { return default_log_topic_prefix + cat(id); @@ -116,7 +116,7 @@ export { ## A function that will be called for each log entry to determine what ## broker topic string will be used for sending it to peers. The ## default implementation will return a value based on - ## :bro:see:`Broker::default_log_topic_prefix`. + ## :zeek:see:`Broker::default_log_topic_prefix`. ## ## id: the ID associated with the log stream entry that will be sent. ## @@ -232,7 +232,7 @@ export { ## ## Returns: the bound port or 0/? on failure. ## - ## .. bro:see:: Broker::status + ## .. zeek:see:: Broker::status global listen: function(a: string &default = default_listen_address, p: port &default = default_port, retry: interval &default = default_listen_retry): port; @@ -252,7 +252,7 @@ export { ## it's a new peer. The actual connection may not be established ## until a later point in time. ## - ## .. bro:see:: Broker::status + ## .. zeek:see:: Broker::status global peer: function(a: string, p: port &default=default_port, retry: interval &default=default_connect_retry): bool; @@ -262,12 +262,12 @@ export { ## just means that we won't exchange any further information with it ## unless peering resumes later. ## - ## a: the address used in previous successful call to :bro:see:`Broker::peer`. + ## a: the address used in previous successful call to :zeek:see:`Broker::peer`. ## - ## p: the port used in previous successful call to :bro:see:`Broker::peer`. + ## p: the port used in previous successful call to :zeek:see:`Broker::peer`. ## ## Returns: true if the arguments match a previously successful call to - ## :bro:see:`Broker::peer`. + ## :zeek:see:`Broker::peer`. ## ## TODO: We do not have a function yet to terminate a connection. global unpeer: function(a: string, p: port): bool; @@ -298,7 +298,7 @@ export { ## Register interest in all peer event messages that use a certain topic ## prefix. Note that subscriptions may not be altered immediately after - ## calling (except during :bro:see:`zeek_init`). + ## calling (except during :zeek:see:`zeek_init`). ## ## topic_prefix: a prefix to match against remote message topics. ## e.g. an empty prefix matches everything and "a" matches @@ -309,10 +309,10 @@ export { ## Unregister interest in all peer event messages that use a topic prefix. ## Note that subscriptions may not be altered immediately after calling - ## (except during :bro:see:`zeek_init`). + ## (except during :zeek:see:`zeek_init`). ## ## topic_prefix: a prefix previously supplied to a successful call to - ## :bro:see:`Broker::subscribe` or :bro:see:`Broker::forward`. + ## :zeek:see:`Broker::subscribe` or :zeek:see:`Broker::forward`. ## ## Returns: true if interest in the topic prefix is no longer advertised. global unsubscribe: function(topic_prefix: string): bool; @@ -320,8 +320,8 @@ export { ## Register a topic prefix subscription for events that should only be ## forwarded to any subscribing peers and not raise any event handlers ## on the receiving/forwarding node. i.e. it's the same as - ## :bro:see:`Broker::subscribe` except matching events are not raised - ## on the receiver, just forwarded. Use :bro:see:`Broker::unsubscribe` + ## :zeek:see:`Broker::subscribe` except matching events are not raised + ## on the receiver, just forwarded. Use :zeek:see:`Broker::unsubscribe` ## with the same argument to undo this operation. ## ## topic_prefix: a prefix to match against remote message topics. @@ -346,9 +346,9 @@ export { ## Stop automatically sending an event to peers upon local dispatch. ## - ## topic: a topic originally given to :bro:see:`Broker::auto_publish`. + ## topic: a topic originally given to :zeek:see:`Broker::auto_publish`. ## - ## ev: an event originally given to :bro:see:`Broker::auto_publish`. + ## ev: an event originally given to :zeek:see:`Broker::auto_publish`. ## ## Returns: true if automatic events will not occur for the topic/event ## pair. diff --git a/scripts/base/frameworks/broker/store.zeek b/scripts/base/frameworks/broker/store.zeek index 2e216afa93..dace2032c9 100644 --- a/scripts/base/frameworks/broker/store.zeek +++ b/scripts/base/frameworks/broker/store.zeek @@ -353,7 +353,7 @@ export { ## ## Returns: a set with the keys. If you expect the keys to be of ## non-uniform type, consider using - ## :bro:see:`Broker::set_iterator` to iterate over the result. + ## :zeek:see:`Broker::set_iterator` to iterate over the result. global keys: function(h: opaque of Broker::Store): QueryResult; ## Deletes all of a store's content, it will be empty afterwards. diff --git a/scripts/base/frameworks/cluster/__load__.zeek b/scripts/base/frameworks/cluster/__load__.zeek index 20060357a4..e3b318c1d5 100644 --- a/scripts/base/frameworks/cluster/__load__.zeek +++ b/scripts/base/frameworks/cluster/__load__.zeek @@ -17,7 +17,7 @@ redef Broker::log_topic = Cluster::rr_log_topic; # If this script isn't found anywhere, the cluster bombs out. # Loading the cluster framework requires that a script by this name exists # somewhere in the BROPATH. The only thing in the file should be the -# cluster definition in the :bro:id:`Cluster::nodes` variable. +# cluster definition in the :zeek:id:`Cluster::nodes` variable. @load cluster-layout @if ( Cluster::node in Cluster::nodes ) diff --git a/scripts/base/frameworks/cluster/main.zeek b/scripts/base/frameworks/cluster/main.zeek index 08d48ac858..02c063c346 100644 --- a/scripts/base/frameworks/cluster/main.zeek +++ b/scripts/base/frameworks/cluster/main.zeek @@ -1,8 +1,8 @@ ##! A framework for establishing and controlling a cluster of Bro instances. ##! In order to use the cluster framework, a script named ##! ``cluster-layout.zeek`` must exist somewhere in Bro's script search path -##! which has a cluster definition of the :bro:id:`Cluster::nodes` variable. -##! The ``CLUSTER_NODE`` environment variable or :bro:id:`Cluster::node` +##! which has a cluster definition of the :zeek:id:`Cluster::nodes` variable. +##! The ``CLUSTER_NODE`` environment variable or :zeek:id:`Cluster::node` ##! must also be sent and the cluster framework loaded as a package like ##! ``@load base/frameworks/cluster``. @@ -44,23 +44,23 @@ export { const nodeid_topic_prefix = "bro/cluster/nodeid/" &redef; ## Name of the node on which master data stores will be created if no other - ## has already been specified by the user in :bro:see:`Cluster::stores`. + ## has already been specified by the user in :zeek:see:`Cluster::stores`. ## An empty value means "use whatever name corresponds to the manager ## node". const default_master_node = "" &redef; ## The type of data store backend that will be used for all data stores if - ## no other has already been specified by the user in :bro:see:`Cluster::stores`. + ## no other has already been specified by the user in :zeek:see:`Cluster::stores`. const default_backend = Broker::MEMORY &redef; ## The type of persistent data store backend that will be used for all data ## stores if no other has already been specified by the user in - ## :bro:see:`Cluster::stores`. This will be used when script authors call - ## :bro:see:`Cluster::create_store` with the *persistent* argument set true. + ## :zeek:see:`Cluster::stores`. This will be used when script authors call + ## :zeek:see:`Cluster::create_store` with the *persistent* argument set true. const default_persistent_backend = Broker::SQLITE &redef; ## Setting a default dir will, for persistent backends that have not - ## been given an explicit file path via :bro:see:`Cluster::stores`, + ## been given an explicit file path via :zeek:see:`Cluster::stores`, ## automatically create a path within this dir that is based on the name of ## the data store. const default_store_dir = "" &redef; @@ -81,21 +81,21 @@ export { ## Parameters used for configuring the backend. options: Broker::BackendOptions &default=Broker::BackendOptions(); ## A resync/reconnect interval to pass through to - ## :bro:see:`Broker::create_clone`. + ## :zeek:see:`Broker::create_clone`. clone_resync_interval: interval &default=Broker::default_clone_resync_interval; ## A staleness duration to pass through to - ## :bro:see:`Broker::create_clone`. + ## :zeek:see:`Broker::create_clone`. clone_stale_interval: interval &default=Broker::default_clone_stale_interval; ## A mutation buffer interval to pass through to - ## :bro:see:`Broker::create_clone`. + ## :zeek:see:`Broker::create_clone`. clone_mutation_buffer_interval: interval &default=Broker::default_clone_mutation_buffer_interval; }; ## A table of cluster-enabled data stores that have been created, indexed ## by their name. This table will be populated automatically by - ## :bro:see:`Cluster::create_store`, but if you need to customize + ## :zeek:see:`Cluster::create_store`, but if you need to customize ## the options related to a particular data store, you may redef this - ## table. Calls to :bro:see:`Cluster::create_store` will first check + ## table. Calls to :zeek:see:`Cluster::create_store` will first check ## the table for an entry of the same name and, if found, will use the ## predefined options there when setting up the store. global stores: table[string] of StoreInfo &default=StoreInfo() &redef; @@ -174,15 +174,15 @@ export { ## This function can be called at any time to determine if the cluster ## framework is being enabled for this run. ## - ## Returns: True if :bro:id:`Cluster::node` has been set. + ## Returns: True if :zeek:id:`Cluster::node` has been set. global is_enabled: function(): bool; ## This function can be called at any time to determine what type of ## cluster node the current Bro instance is going to be acting as. - ## If :bro:id:`Cluster::is_enabled` returns false, then - ## :bro:enum:`Cluster::NONE` is returned. + ## If :zeek:id:`Cluster::is_enabled` returns false, then + ## :zeek:enum:`Cluster::NONE` is returned. ## - ## Returns: The :bro:type:`Cluster::NodeType` the calling node acts as. + ## Returns: The :zeek:type:`Cluster::NodeType` the calling node acts as. global local_node_type: function(): NodeType; ## This gives the value for the number of workers currently connected to, @@ -241,8 +241,8 @@ export { ## Retrieve the topic associated with a specific node in the cluster. ## - ## id: the id of the cluster node (from :bro:see:`Broker::EndpointInfo` - ## or :bro:see:`Broker::node_id`. + ## id: the id of the cluster node (from :zeek:see:`Broker::EndpointInfo` + ## or :zeek:see:`Broker::node_id`. ## ## Returns: a topic string that may used to send a message exclusively to ## a given cluster node. diff --git a/scripts/base/frameworks/cluster/pools.zeek b/scripts/base/frameworks/cluster/pools.zeek index 40f9a9cbf1..ae14a09527 100644 --- a/scripts/base/frameworks/cluster/pools.zeek +++ b/scripts/base/frameworks/cluster/pools.zeek @@ -58,17 +58,17 @@ export { alive_count: count &default = 0; }; - ## The specification for :bro:see:`Cluster::proxy_pool`. + ## The specification for :zeek:see:`Cluster::proxy_pool`. global proxy_pool_spec: PoolSpec = PoolSpec($topic = "bro/cluster/pool/proxy", $node_type = Cluster::PROXY) &redef; - ## The specification for :bro:see:`Cluster::worker_pool`. + ## The specification for :zeek:see:`Cluster::worker_pool`. global worker_pool_spec: PoolSpec = PoolSpec($topic = "bro/cluster/pool/worker", $node_type = Cluster::WORKER) &redef; - ## The specification for :bro:see:`Cluster::logger_pool`. + ## The specification for :zeek:see:`Cluster::logger_pool`. global logger_pool_spec: PoolSpec = PoolSpec($topic = "bro/cluster/pool/logger", $node_type = Cluster::LOGGER) &redef; @@ -120,10 +120,10 @@ export { global rr_topic: function(pool: Pool, key: string &default=""): string; ## Distributes log message topics among logger nodes via round-robin. - ## This will be automatically assigned to :bro:see:`Broker::log_topic` - ## if :bro:see:`Cluster::enable_round_robin_logging` is enabled. + ## This will be automatically assigned to :zeek:see:`Broker::log_topic` + ## if :zeek:see:`Cluster::enable_round_robin_logging` is enabled. ## If no logger nodes are active, then this will return the value - ## of :bro:see:`Broker::default_log_topic`. + ## of :zeek:see:`Broker::default_log_topic`. global rr_log_topic: function(id: Log::ID, path: string): string; } @@ -136,7 +136,7 @@ export { ## Returns: F if a node of the same name already exists in the pool, else T. global init_pool_node: function(pool: Pool, name: string): bool; -## Mark a pool node as alive/online/available. :bro:see:`Cluster::hrw_topic` +## Mark a pool node as alive/online/available. :zeek:see:`Cluster::hrw_topic` ## will distribute keys to nodes marked as alive. ## ## pool: the pool to which the node belongs. @@ -146,7 +146,7 @@ global init_pool_node: function(pool: Pool, name: string): bool; ## Returns: F if the node does not exist in the pool, else T. global mark_pool_node_alive: function(pool: Pool, name: string): bool; -## Mark a pool node as dead/offline/unavailable. :bro:see:`Cluster::hrw_topic` +## Mark a pool node as dead/offline/unavailable. :zeek:see:`Cluster::hrw_topic` ## will not distribute keys to nodes marked as dead. ## ## pool: the pool to which the node belongs. diff --git a/scripts/base/frameworks/cluster/setup-connections.zeek b/scripts/base/frameworks/cluster/setup-connections.zeek index 004dd22f2a..4903f62c0a 100644 --- a/scripts/base/frameworks/cluster/setup-connections.zeek +++ b/scripts/base/frameworks/cluster/setup-connections.zeek @@ -1,5 +1,5 @@ ##! This script establishes communication among all nodes in a cluster -##! as defined by :bro:id:`Cluster::nodes`. +##! as defined by :zeek:id:`Cluster::nodes`. @load ./main @load ./pools diff --git a/scripts/base/frameworks/config/main.zeek b/scripts/base/frameworks/config/main.zeek index aacebbc530..b801c82267 100644 --- a/scripts/base/frameworks/config/main.zeek +++ b/scripts/base/frameworks/config/main.zeek @@ -24,14 +24,14 @@ export { location: string &optional &log; }; - ## Event that can be handled to access the :bro:type:`Config::Info` + ## Event that can be handled to access the :zeek:type:`Config::Info` ## record as it is sent on to the logging framework. global log_config: event(rec: Info); ## This function is the config framework layer around the lower-level - ## :bro:see:`Option::set` call. Config::set_value will set the configuration + ## :zeek:see:`Option::set` call. Config::set_value will set the configuration ## value for all nodes in the cluster, no matter where it was called. Note - ## that :bro:see:`Option::set` does not distribute configuration changes + ## that :zeek:see:`Option::set` does not distribute configuration changes ## to other nodes. ## ## ID: The ID of the option to update. diff --git a/scripts/base/frameworks/control/main.zeek b/scripts/base/frameworks/control/main.zeek index e374806b55..ad1bf3bcce 100644 --- a/scripts/base/frameworks/control/main.zeek +++ b/scripts/base/frameworks/control/main.zeek @@ -8,7 +8,7 @@ export { ## The topic prefix used for exchanging control messages via Broker. const topic_prefix = "bro/control"; - ## Whether the controllee should call :bro:see:`Broker::listen`. + ## Whether the controllee should call :zeek:see:`Broker::listen`. ## In a cluster, this isn't needed since the setup process calls it. const controllee_listen = T &redef; @@ -18,7 +18,7 @@ export { ## The port of the host that will be controlled. const host_port = 0/tcp &redef; - ## If :bro:id:`Control::host` is a non-global IPv6 address and + ## If :zeek:id:`Control::host` is a non-global IPv6 address and ## requires a specific :rfc:`4007` ``zone_id``, it can be set here. const zone_id = "" &redef; @@ -45,7 +45,7 @@ export { ## Event for requesting the value of an ID (a variable). global id_value_request: event(id: string); ## Event for returning the value of an ID after an - ## :bro:id:`Control::id_value_request` event. + ## :zeek:id:`Control::id_value_request` event. global id_value_response: event(id: string, val: string); ## Requests the current communication status. @@ -62,7 +62,7 @@ export { ## updated. global configuration_update_request: event(); ## This event is a wrapper and alias for the - ## :bro:id:`Control::configuration_update_request` event. + ## :zeek:id:`Control::configuration_update_request` event. ## This event is also a primary hooking point for the control framework. global configuration_update: event(); ## Message in response to a configuration update request. diff --git a/scripts/base/frameworks/files/main.zeek b/scripts/base/frameworks/files/main.zeek index fc75d68e8e..591d6724e6 100644 --- a/scripts/base/frameworks/files/main.zeek +++ b/scripts/base/frameworks/files/main.zeek @@ -18,19 +18,19 @@ export { type AnalyzerArgs: record { ## An event which will be generated for all new file contents, ## chunk-wise. Used when *tag* (in the - ## :bro:see:`Files::add_analyzer` function) is - ## :bro:see:`Files::ANALYZER_DATA_EVENT`. + ## :zeek:see:`Files::add_analyzer` function) is + ## :zeek:see:`Files::ANALYZER_DATA_EVENT`. chunk_event: event(f: fa_file, data: string, off: count) &optional; ## An event which will be generated for all new file contents, ## stream-wise. Used when *tag* is - ## :bro:see:`Files::ANALYZER_DATA_EVENT`. + ## :zeek:see:`Files::ANALYZER_DATA_EVENT`. stream_event: event(f: fa_file, data: string) &optional; } &redef; ## Contains all metadata related to the analysis of a given file. ## For the most part, fields here are derived from ones of the same name - ## in :bro:see:`fa_file`. + ## in :zeek:see:`fa_file`. type Info: record { ## The time when the file was first seen. ts: time &log; @@ -66,7 +66,7 @@ export { analyzers: set[string] &default=string_set() &log; ## A mime type provided by the strongest file magic signature - ## match against the *bof_buffer* field of :bro:see:`fa_file`, + ## match against the *bof_buffer* field of :zeek:see:`fa_file`, ## or in the cases where no buffering of the beginning of file ## occurs, an initial guess of the mime type based on the first ## data seen. @@ -82,7 +82,7 @@ export { ## If the source of this file is a network connection, this field ## indicates if the data originated from the local network or not as - ## determined by the configured :bro:see:`Site::local_nets`. + ## determined by the configured :zeek:see:`Site::local_nets`. local_orig: bool &log &optional; ## If the source of this file is a network connection, this field @@ -118,8 +118,8 @@ export { const disable: table[Files::Tag] of bool = table() &redef; ## The salt concatenated to unique file handle strings generated by - ## :bro:see:`get_file_handle` before hashing them in to a file id - ## (the *id* field of :bro:see:`fa_file`). + ## :zeek:see:`get_file_handle` before hashing them in to a file id + ## (the *id* field of :zeek:see:`fa_file`). ## Provided to help mitigate the possibility of manipulating parts of ## network connections that factor in to the file handle in order to ## generate two handles that would hash to the same file id. @@ -142,11 +142,11 @@ export { ## Returns: T if the file uid is known. global file_exists: function(fuid: string): bool; - ## Lookup an :bro:see:`fa_file` record with the file id. + ## Lookup an :zeek:see:`fa_file` record with the file id. ## ## fuid: the file id. ## - ## Returns: the associated :bro:see:`fa_file` record. + ## Returns: the associated :zeek:see:`fa_file` record. global lookup_file: function(fuid: string): fa_file; ## Allows the file reassembler to be used if it's necessary because the @@ -169,10 +169,10 @@ export { ## max: Maximum allowed size of the reassembly buffer. global set_reassembly_buffer_size: function(f: fa_file, max: count); - ## Sets the *timeout_interval* field of :bro:see:`fa_file`, which is + ## Sets the *timeout_interval* field of :zeek:see:`fa_file`, which is ## used to determine the length of inactivity that is allowed for a file ## before internal state related to it is cleaned up. When used within - ## a :bro:see:`file_timeout` handler, the analysis will delay timing out + ## a :zeek:see:`file_timeout` handler, the analysis will delay timing out ## again for the period specified by *t*. ## ## f: the file. @@ -255,7 +255,7 @@ export { ## ## tag: Tag for the protocol analyzer having a callback being registered. ## - ## reg: A :bro:see:`Files::ProtoRegistration` record. + ## reg: A :zeek:see:`Files::ProtoRegistration` record. ## ## Returns: true if the protocol being registered was not previously registered. global register_protocol: function(tag: Analyzer::Tag, reg: ProtoRegistration): bool; diff --git a/scripts/base/frameworks/input/main.zeek b/scripts/base/frameworks/input/main.zeek index 0839602a7a..84488f130c 100644 --- a/scripts/base/frameworks/input/main.zeek +++ b/scripts/base/frameworks/input/main.zeek @@ -193,7 +193,7 @@ export { ## Descriptive name that uniquely identifies the input source. ## Can be used to remove a stream at a later time. ## This will also be used for the unique *source* field of - ## :bro:see:`fa_file`. Most of the time, the best choice for this + ## :zeek:see:`fa_file`. Most of the time, the best choice for this ## field will be the same value as the *source* field. name: string; diff --git a/scripts/base/frameworks/intel/main.zeek b/scripts/base/frameworks/intel/main.zeek index f59323369d..380cb39eaa 100644 --- a/scripts/base/frameworks/intel/main.zeek +++ b/scripts/base/frameworks/intel/main.zeek @@ -35,7 +35,7 @@ export { ## Set of intelligence data types. type TypeSet: set[Type]; - ## Data about an :bro:type:`Intel::Item`. + ## Data about an :zeek:type:`Intel::Item`. type MetaData: record { ## An arbitrary string value representing the data source. This ## value is used as unique key to identify a metadata record in @@ -75,7 +75,7 @@ export { ## The type of data that the indicator represents. indicator_type: Type &log &optional; - ## If the indicator type was :bro:enum:`Intel::ADDR`, then this + ## If the indicator type was :zeek:enum:`Intel::ADDR`, then this ## field will be present. host: addr &optional; @@ -155,7 +155,7 @@ export { global extend_match: hook(info: Info, s: Seen, items: set[Item]); ## The expiration timeout for intelligence items. Once an item expires, the - ## :bro:id:`Intel::item_expired` hook is called. Reinsertion of an item + ## :zeek:id:`Intel::item_expired` hook is called. Reinsertion of an item ## resets the timeout. A negative value disables expiration of intelligence ## items. const item_expiration = -1 min &redef; diff --git a/scripts/base/frameworks/logging/main.zeek b/scripts/base/frameworks/logging/main.zeek index 798b54839e..8746ee3654 100644 --- a/scripts/base/frameworks/logging/main.zeek +++ b/scripts/base/frameworks/logging/main.zeek @@ -176,7 +176,7 @@ export { ## easy to flood the disk by returning a new string for each ## connection. Upon adding a filter to a stream, if neither ## ``path`` nor ``path_func`` is explicitly set by them, then - ## :bro:see:`Log::default_path_func` is used. + ## :zeek:see:`Log::default_path_func` is used. ## ## id: The ID associated with the log stream. ## @@ -191,7 +191,7 @@ export { ## ## Returns: The path to be used for the filter, which will be ## subject to the same automatic correction rules as - ## the *path* field of :bro:type:`Log::Filter` in the + ## the *path* field of :zeek:type:`Log::Filter` in the ## case of conflicts with other filters trying to use ## the same writer/path pair. path_func: function(id: ID, path: string, rec: any): string &optional; @@ -232,7 +232,7 @@ export { interv: interval &default=default_rotation_interval; ## Callback function to trigger for rotated files. If not set, the - ## default comes out of :bro:id:`Log::default_rotation_postprocessors`. + ## default comes out of :zeek:id:`Log::default_rotation_postprocessors`. postprocessor: function(info: RotationInfo) : bool &optional; ## A key/value table that will be passed on to the writer. @@ -253,7 +253,7 @@ export { ## Returns: True if a new logging stream was successfully created and ## a default filter added to it. ## - ## .. bro:see:: Log::add_default_filter Log::remove_default_filter + ## .. zeek:see:: Log::add_default_filter Log::remove_default_filter global create_stream: function(id: ID, stream: Stream) : bool; ## Removes a logging stream completely, stopping all the threads. @@ -262,7 +262,7 @@ export { ## ## Returns: True if the stream was successfully removed. ## - ## .. bro:see:: Log::create_stream + ## .. zeek:see:: Log::create_stream global remove_stream: function(id: ID) : bool; ## Enables a previously disabled logging stream. Disabled streams @@ -273,7 +273,7 @@ export { ## ## Returns: True if the stream is re-enabled or was not previously disabled. ## - ## .. bro:see:: Log::disable_stream + ## .. zeek:see:: Log::disable_stream global enable_stream: function(id: ID) : bool; ## Disables a currently enabled logging stream. Disabled streams @@ -284,7 +284,7 @@ export { ## ## Returns: True if the stream is now disabled or was already disabled. ## - ## .. bro:see:: Log::enable_stream + ## .. zeek:see:: Log::enable_stream global disable_stream: function(id: ID) : bool; ## Adds a custom filter to an existing logging stream. If a filter @@ -299,7 +299,7 @@ export { ## the filter was not added or the *filter* argument was not ## the correct type. ## - ## .. bro:see:: Log::remove_filter Log::add_default_filter + ## .. zeek:see:: Log::remove_filter Log::add_default_filter ## Log::remove_default_filter Log::get_filter Log::get_filter_names global add_filter: function(id: ID, filter: Filter) : bool; @@ -309,12 +309,12 @@ export { ## remove a filter. ## ## name: A string to match against the ``name`` field of a - ## :bro:type:`Log::Filter` for identification purposes. + ## :zeek:type:`Log::Filter` for identification purposes. ## ## Returns: True if the logging stream's filter was removed or ## if no filter associated with *name* was found. ## - ## .. bro:see:: Log::remove_filter Log::add_default_filter + ## .. zeek:see:: Log::remove_filter Log::add_default_filter ## Log::remove_default_filter Log::get_filter Log::get_filter_names global remove_filter: function(id: ID, name: string) : bool; @@ -326,7 +326,7 @@ export { ## ## Returns: The set of filter names associated with the stream. ## - ## ..bro:see:: Log::remove_filter Log::add_default_filter + ## ..zeek:see:: Log::remove_filter Log::add_default_filter ## Log::remove_default_filter Log::get_filter global get_filter_names: function(id: ID) : set[string]; @@ -336,13 +336,13 @@ export { ## obtain one of its filters. ## ## name: A string to match against the ``name`` field of a - ## :bro:type:`Log::Filter` for identification purposes. + ## :zeek:type:`Log::Filter` for identification purposes. ## ## Returns: A filter attached to the logging stream *id* matching ## *name* or, if no matches are found returns the - ## :bro:id:`Log::no_filter` sentinel value. + ## :zeek:id:`Log::no_filter` sentinel value. ## - ## .. bro:see:: Log::add_filter Log::remove_filter Log::add_default_filter + ## .. zeek:see:: Log::add_filter Log::remove_filter Log::add_default_filter ## Log::remove_default_filter Log::get_filter_names global get_filter: function(id: ID, name: string) : Filter; @@ -360,7 +360,7 @@ export { ## to handle, or one of the stream's filters has an invalid ## ``path_func``. ## - ## .. bro:see:: Log::enable_stream Log::disable_stream + ## .. zeek:see:: Log::enable_stream Log::disable_stream global write: function(id: ID, columns: any) : bool; ## Sets the buffering status for all the writers of a given logging stream. @@ -375,7 +375,7 @@ export { ## Returns: True if buffering status was set, false if the logging stream ## does not exist. ## - ## .. bro:see:: Log::flush + ## .. zeek:see:: Log::flush global set_buf: function(id: ID, buffered: bool): bool; ## Flushes any currently buffered output for all the writers of a given @@ -388,50 +388,50 @@ export { ## buffered data or if the logging stream is disabled, ## false if the logging stream does not exist. ## - ## .. bro:see:: Log::set_buf Log::enable_stream Log::disable_stream + ## .. zeek:see:: Log::set_buf Log::enable_stream Log::disable_stream global flush: function(id: ID): bool; - ## Adds a default :bro:type:`Log::Filter` record with ``name`` field + ## Adds a default :zeek:type:`Log::Filter` record with ``name`` field ## set as "default" to a given logging stream. ## ## id: The ID associated with a logging stream for which to add a default ## filter. ## - ## Returns: The status of a call to :bro:id:`Log::add_filter` using a - ## default :bro:type:`Log::Filter` argument with ``name`` field + ## Returns: The status of a call to :zeek:id:`Log::add_filter` using a + ## default :zeek:type:`Log::Filter` argument with ``name`` field ## set to "default". ## - ## .. bro:see:: Log::add_filter Log::remove_filter + ## .. zeek:see:: Log::add_filter Log::remove_filter ## Log::remove_default_filter global add_default_filter: function(id: ID) : bool; - ## Removes the :bro:type:`Log::Filter` with ``name`` field equal to + ## Removes the :zeek:type:`Log::Filter` with ``name`` field equal to ## "default". ## ## id: The ID associated with a logging stream from which to remove the ## default filter. ## - ## Returns: The status of a call to :bro:id:`Log::remove_filter` using + ## Returns: The status of a call to :zeek:id:`Log::remove_filter` using ## "default" as the argument. ## - ## .. bro:see:: Log::add_filter Log::remove_filter Log::add_default_filter + ## .. zeek:see:: Log::add_filter Log::remove_filter Log::add_default_filter global remove_default_filter: function(id: ID) : bool; - ## Runs a command given by :bro:id:`Log::default_rotation_postprocessor_cmd` + ## Runs a command given by :zeek:id:`Log::default_rotation_postprocessor_cmd` ## on a rotated file. Meant to be called from postprocessor functions - ## that are added to :bro:id:`Log::default_rotation_postprocessors`. + ## that are added to :zeek:id:`Log::default_rotation_postprocessors`. ## ## info: A record holding meta-information about the log being rotated. ## ## npath: The new path of the file (after already being rotated/processed ## by writer-specific postprocessor as defined in - ## :bro:id:`Log::default_rotation_postprocessors`). + ## :zeek:id:`Log::default_rotation_postprocessors`). ## - ## Returns: True when :bro:id:`Log::default_rotation_postprocessor_cmd` + ## Returns: True when :zeek:id:`Log::default_rotation_postprocessor_cmd` ## is empty or the system command given by it has been invoked ## to postprocess a rotated log file. ## - ## .. bro:see:: Log::default_rotation_date_format + ## .. zeek:see:: Log::default_rotation_date_format ## Log::default_rotation_postprocessor_cmd ## Log::default_rotation_postprocessors global run_rotation_postprocessor_cmd: function(info: RotationInfo, npath: string) : bool; diff --git a/scripts/base/frameworks/logging/postprocessors/scp.zeek b/scripts/base/frameworks/logging/postprocessors/scp.zeek index 462cb86b20..22adc29e47 100644 --- a/scripts/base/frameworks/logging/postprocessors/scp.zeek +++ b/scripts/base/frameworks/logging/postprocessors/scp.zeek @@ -2,22 +2,22 @@ ##! to a logging filter in order to automatically SCP (secure copy) ##! a log stream (or a subset of it) to a remote host at configurable ##! rotation time intervals. Generally, to use this functionality -##! you must handle the :bro:id:`zeek_init` event and do the following +##! you must handle the :zeek:id:`zeek_init` event and do the following ##! in your handler: ##! -##! 1) Create a new :bro:type:`Log::Filter` record that defines a name/path, +##! 1) Create a new :zeek:type:`Log::Filter` record that defines a name/path, ##! rotation interval, and set the ``postprocessor`` to -##! :bro:id:`Log::scp_postprocessor`. -##! 2) Add the filter to a logging stream using :bro:id:`Log::add_filter`. -##! 3) Add a table entry to :bro:id:`Log::scp_destinations` for the filter's -##! writer/path pair which defines a set of :bro:type:`Log::SCPDestination` +##! :zeek:id:`Log::scp_postprocessor`. +##! 2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`. +##! 3) Add a table entry to :zeek:id:`Log::scp_destinations` for the filter's +##! writer/path pair which defines a set of :zeek:type:`Log::SCPDestination` ##! records. module Log; export { ## Secure-copies the rotated log to all the remote hosts - ## defined in :bro:id:`Log::scp_destinations` and then deletes + ## defined in :zeek:id:`Log::scp_destinations` and then deletes ## the local copy of the rotated log. It's not active when ## reading from trace files. ## @@ -42,7 +42,7 @@ export { }; ## A table indexed by a particular log writer and filter path, that yields - ## a set of remote destinations. The :bro:id:`Log::scp_postprocessor` + ## a set of remote destinations. The :zeek:id:`Log::scp_postprocessor` ## function queries this table upon log rotation and performs a secure ## copy of the rotated log to each destination in the set. This ## table can be modified at run-time. diff --git a/scripts/base/frameworks/logging/postprocessors/sftp.zeek b/scripts/base/frameworks/logging/postprocessors/sftp.zeek index 803851261f..75ab438809 100644 --- a/scripts/base/frameworks/logging/postprocessors/sftp.zeek +++ b/scripts/base/frameworks/logging/postprocessors/sftp.zeek @@ -2,22 +2,22 @@ ##! to a logging filter in order to automatically SFTP ##! a log stream (or a subset of it) to a remote host at configurable ##! rotation time intervals. Generally, to use this functionality -##! you must handle the :bro:id:`zeek_init` event and do the following +##! you must handle the :zeek:id:`zeek_init` event and do the following ##! in your handler: ##! -##! 1) Create a new :bro:type:`Log::Filter` record that defines a name/path, +##! 1) Create a new :zeek:type:`Log::Filter` record that defines a name/path, ##! rotation interval, and set the ``postprocessor`` to -##! :bro:id:`Log::sftp_postprocessor`. -##! 2) Add the filter to a logging stream using :bro:id:`Log::add_filter`. -##! 3) Add a table entry to :bro:id:`Log::sftp_destinations` for the filter's -##! writer/path pair which defines a set of :bro:type:`Log::SFTPDestination` +##! :zeek:id:`Log::sftp_postprocessor`. +##! 2) Add the filter to a logging stream using :zeek:id:`Log::add_filter`. +##! 3) Add a table entry to :zeek:id:`Log::sftp_destinations` for the filter's +##! writer/path pair which defines a set of :zeek:type:`Log::SFTPDestination` ##! records. module Log; export { ## Securely transfers the rotated log to all the remote hosts - ## defined in :bro:id:`Log::sftp_destinations` and then deletes + ## defined in :zeek:id:`Log::sftp_destinations` and then deletes ## the local copy of the rotated log. It's not active when ## reading from trace files. ## @@ -44,7 +44,7 @@ export { }; ## A table indexed by a particular log writer and filter path, that yields - ## a set of remote destinations. The :bro:id:`Log::sftp_postprocessor` + ## a set of remote destinations. The :zeek:id:`Log::sftp_postprocessor` ## function queries this table upon log rotation and performs a secure ## transfer of the rotated log to each destination in the set. This ## table can be modified at run-time. diff --git a/scripts/base/frameworks/netcontrol/catch-and-release.zeek b/scripts/base/frameworks/netcontrol/catch-and-release.zeek index 83d9e1d7af..1a8ba88574 100644 --- a/scripts/base/frameworks/netcontrol/catch-and-release.zeek +++ b/scripts/base/frameworks/netcontrol/catch-and-release.zeek @@ -80,7 +80,7 @@ export { ## again. ## ## In cluster mode, this function works on workers as well as the manager. On managers, - ## the returned :bro:see:`NetControl::BlockInfo` record will not contain the block ID, + ## the returned :zeek:see:`NetControl::BlockInfo` record will not contain the block ID, ## which will be assigned on the manager. ## ## a: The address to be dropped. @@ -89,7 +89,7 @@ export { ## ## location: An optional string describing where the drop was triggered. ## - ## Returns: The :bro:see:`NetControl::BlockInfo` record containing information about + ## Returns: The :zeek:see:`NetControl::BlockInfo` record containing information about ## the inserted block. global drop_address_catch_release: function(a: addr, location: string &default="") : BlockInfo; @@ -114,7 +114,7 @@ export { ## a: The address that was seen and should be re-dropped if it is being watched. global catch_release_seen: function(a: addr); - ## Get the :bro:see:`NetControl::BlockInfo` record for an address currently blocked by catch and release. + ## Get the :zeek:see:`NetControl::BlockInfo` record for an address currently blocked by catch and release. ## If the address is unknown to catch and release, the watch_until time will be set to 0. ## ## In cluster mode, this function works on the manager and workers. On workers, the data will @@ -123,7 +123,7 @@ export { ## ## a: The address to get information about. ## - ## Returns: The :bro:see:`NetControl::BlockInfo` record containing information about + ## Returns: The :zeek:see:`NetControl::BlockInfo` record containing information about ## the inserted block. global get_catch_release_info: function(a: addr) : BlockInfo; @@ -132,7 +132,7 @@ export { ## ## a: The address that is no longer being managed. ## - ## bi: The :bro:see:`NetControl::BlockInfo` record containing information about the block. + ## bi: The :zeek:see:`NetControl::BlockInfo` record containing information about the block. global catch_release_forgotten: event(a: addr, bi: BlockInfo); ## If true, catch_release_seen is called on the connection originator in new_connection, @@ -148,7 +148,7 @@ export { ## effect. const catch_release_intervals: vector of interval = vector(10min, 1hr, 24hrs, 7days) &redef; - ## Event that can be handled to access the :bro:type:`NetControl::CatchReleaseInfo` + ## Event that can be handled to access the :zeek:type:`NetControl::CatchReleaseInfo` ## record as it is sent on to the logging framework. global log_netcontrol_catch_release: event(rec: CatchReleaseInfo); diff --git a/scripts/base/frameworks/netcontrol/drop.zeek b/scripts/base/frameworks/netcontrol/drop.zeek index 40304e1187..9c1adc73d2 100644 --- a/scripts/base/frameworks/netcontrol/drop.zeek +++ b/scripts/base/frameworks/netcontrol/drop.zeek @@ -50,7 +50,7 @@ export { ## r: The rule to be added. global NetControl::drop_rule_policy: hook(r: Rule); - ## Event that can be handled to access the :bro:type:`NetControl::ShuntInfo` + ## Event that can be handled to access the :zeek:type:`NetControl::ShuntInfo` ## record as it is sent on to the logging framework. global log_netcontrol_drop: event(rec: DropInfo); } diff --git a/scripts/base/frameworks/netcontrol/main.zeek b/scripts/base/frameworks/netcontrol/main.zeek index ee5f6a276c..97b6e27459 100644 --- a/scripts/base/frameworks/netcontrol/main.zeek +++ b/scripts/base/frameworks/netcontrol/main.zeek @@ -98,7 +98,7 @@ export { ## Returns: Vector of inserted rules on success, empty list on failure. global quarantine_host: function(infected: addr, dns: addr, quarantine: addr, t: interval, location: string &default="") : vector of string; - ## Flushes all state by calling :bro:see:`NetControl::remove_rule` on all currently active rules. + ## Flushes all state by calling :zeek:see:`NetControl::remove_rule` on all currently active rules. global clear: function(); # ### @@ -122,7 +122,7 @@ export { ## Removes a rule. ## - ## id: The rule to remove, specified as the ID returned by :bro:see:`NetControl::add_rule`. + ## id: The rule to remove, specified as the ID returned by :zeek:see:`NetControl::add_rule`. ## ## reason: Optional string argument giving information on why the rule was removed. ## @@ -138,7 +138,7 @@ export { ## the rule has been added; if it is not removed from them by a separate mechanism, ## it will stay installed and not be removed later. ## - ## id: The rule to delete, specified as the ID returned by :bro:see:`NetControl::add_rule`. + ## id: The rule to delete, specified as the ID returned by :zeek:see:`NetControl::add_rule`. ## ## reason: Optional string argument giving information on why the rule was deleted. ## @@ -321,7 +321,7 @@ export { plugin: string &log &optional; }; - ## Event that can be handled to access the :bro:type:`NetControl::Info` + ## Event that can be handled to access the :zeek:type:`NetControl::Info` ## record as it is sent on to the logging framework. global log_netcontrol: event(rec: Info); } diff --git a/scripts/base/frameworks/netcontrol/plugins/broker.zeek b/scripts/base/frameworks/netcontrol/plugins/broker.zeek index 4bfb231c94..599613d06d 100644 --- a/scripts/base/frameworks/netcontrol/plugins/broker.zeek +++ b/scripts/base/frameworks/netcontrol/plugins/broker.zeek @@ -9,7 +9,7 @@ module NetControl; @load base/frameworks/broker export { - ## This record specifies the configuration that is passed to :bro:see:`NetControl::create_broker`. + ## This record specifies the configuration that is passed to :zeek:see:`NetControl::create_broker`. type BrokerConfig: record { ## The broker topic to send events to. topic: string &optional; diff --git a/scripts/base/frameworks/netcontrol/plugins/openflow.zeek b/scripts/base/frameworks/netcontrol/plugins/openflow.zeek index f1403a70a8..d80d7c4a41 100644 --- a/scripts/base/frameworks/netcontrol/plugins/openflow.zeek +++ b/scripts/base/frameworks/netcontrol/plugins/openflow.zeek @@ -7,7 +7,7 @@ module NetControl; export { - ## This record specifies the configuration that is passed to :bro:see:`NetControl::create_openflow`. + ## This record specifies the configuration that is passed to :zeek:see:`NetControl::create_openflow`. type OfConfig: record { monitor: bool &default=T; ##< Accept rules that target the monitor path. forward: bool &default=T; ##< Accept rules that target the forward path. diff --git a/scripts/base/frameworks/netcontrol/shunt.zeek b/scripts/base/frameworks/netcontrol/shunt.zeek index 58923a0cb3..7cbd8512e2 100644 --- a/scripts/base/frameworks/netcontrol/shunt.zeek +++ b/scripts/base/frameworks/netcontrol/shunt.zeek @@ -31,7 +31,7 @@ export { location: string &log &optional; }; - ## Event that can be handled to access the :bro:type:`NetControl::ShuntInfo` + ## Event that can be handled to access the :zeek:type:`NetControl::ShuntInfo` ## record as it is sent on to the logging framework. global log_netcontrol_shunt: event(rec: ShuntInfo); } diff --git a/scripts/base/frameworks/netcontrol/types.zeek b/scripts/base/frameworks/netcontrol/types.zeek index 7fda65ea6b..2be65ce3e6 100644 --- a/scripts/base/frameworks/netcontrol/types.zeek +++ b/scripts/base/frameworks/netcontrol/types.zeek @@ -1,6 +1,6 @@ ##! This file defines the types that are used by the NetControl framework. ##! -##! The most important type defined in this file is :bro:see:`NetControl::Rule`, +##! The most important type defined in this file is :zeek:see:`NetControl::Rule`, ##! which is used to describe all rules that can be expressed by the NetControl framework. module NetControl; @@ -10,11 +10,11 @@ export { option default_priority: int = +0; ## The default priority that is used when using the high-level functions to - ## push whitelist entries to the backends (:bro:see:`NetControl::whitelist_address` and - ## :bro:see:`NetControl::whitelist_subnet`). + ## push whitelist entries to the backends (:zeek:see:`NetControl::whitelist_address` and + ## :zeek:see:`NetControl::whitelist_subnet`). ## ## Note that this priority is not automatically used when manually creating rules - ## that have a :bro:see:`NetControl::RuleType` of :bro:enum:`NetControl::WHITELIST`. + ## that have a :zeek:see:`NetControl::RuleType` of :zeek:enum:`NetControl::WHITELIST`. const whitelist_priority: int = +5 &redef; ## Type defining the entity that a rule applies to. @@ -25,7 +25,7 @@ export { MAC, ##< Activity involving a MAC address. }; - ## Flow is used in :bro:type:`NetControl::Entity` together with :bro:enum:`NetControl::FLOW` to specify + ## Flow is used in :zeek:type:`NetControl::Entity` together with :zeek:enum:`NetControl::FLOW` to specify ## a uni-directional flow that a rule applies to. ## ## If optional fields are not set, they are interpreted as wildcarded. @@ -41,10 +41,10 @@ export { ## Type defining the entity a rule is operating on. type Entity: record { ty: EntityType; ##< Type of entity. - conn: conn_id &optional; ##< Used with :bro:enum:`NetControl::CONNECTION`. - flow: Flow &optional; ##< Used with :bro:enum:`NetControl::FLOW`. - ip: subnet &optional; ##< Used with :bro:enum:`NetControl::ADDRESS` to specifiy a CIDR subnet. - mac: string &optional; ##< Used with :bro:enum:`NetControl::MAC`. + conn: conn_id &optional; ##< Used with :zeek:enum:`NetControl::CONNECTION`. + flow: Flow &optional; ##< Used with :zeek:enum:`NetControl::FLOW`. + ip: subnet &optional; ##< Used with :zeek:enum:`NetControl::ADDRESS` to specifiy a CIDR subnet. + mac: string &optional; ##< Used with :zeek:enum:`NetControl::MAC`. }; ## Type defining the target of a rule. @@ -59,7 +59,7 @@ export { }; ## Type of rules that the framework supports. Each type lists the extra - ## :bro:type:`NetControl::Rule` fields it uses, if any. + ## :zeek:type:`NetControl::Rule` fields it uses, if any. ## ## Plugins may extend this type to define their own. type RuleType: enum { @@ -108,8 +108,8 @@ export { priority: int &default=default_priority; ##< Priority if multiple rules match an entity (larger value is higher priority). location: string &optional; ##< Optional string describing where/what installed the rule. - out_port: count &optional; ##< Argument for :bro:enum:`NetControl::REDIRECT` rules. - mod: FlowMod &optional; ##< Argument for :bro:enum:`NetControl::MODIFY` rules. + out_port: count &optional; ##< Argument for :zeek:enum:`NetControl::REDIRECT` rules. + mod: FlowMod &optional; ##< Argument for :zeek:enum:`NetControl::MODIFY` rules. id: string &default=""; ##< Internally determined unique ID for this rule. Will be set when added. cid: count &default=0; ##< Internally determined unique numeric ID for this rule. Set when added. diff --git a/scripts/base/frameworks/notice/actions/add-geodata.zeek b/scripts/base/frameworks/notice/actions/add-geodata.zeek index 7d097f5eb6..04cc10209d 100644 --- a/scripts/base/frameworks/notice/actions/add-geodata.zeek +++ b/scripts/base/frameworks/notice/actions/add-geodata.zeek @@ -13,7 +13,7 @@ module Notice; export { redef enum Action += { ## Indicates that the notice should have geodata added for the - ## "remote" host. :bro:id:`Site::local_nets` must be defined + ## "remote" host. :zeek:id:`Site::local_nets` must be defined ## in order for this to work. ACTION_ADD_GEODATA }; diff --git a/scripts/base/frameworks/notice/actions/drop.zeek b/scripts/base/frameworks/notice/actions/drop.zeek index a189faaeda..024c3b5b92 100644 --- a/scripts/base/frameworks/notice/actions/drop.zeek +++ b/scripts/base/frameworks/notice/actions/drop.zeek @@ -8,7 +8,7 @@ module Notice; export { redef enum Action += { - ## Drops the address via :bro:see:`NetControl::drop_address_catch_release`. + ## Drops the address via :zeek:see:`NetControl::drop_address_catch_release`. ACTION_DROP }; diff --git a/scripts/base/frameworks/notice/actions/email_admin.zeek b/scripts/base/frameworks/notice/actions/email_admin.zeek index fb82f2b960..1b02e5ff0c 100644 --- a/scripts/base/frameworks/notice/actions/email_admin.zeek +++ b/scripts/base/frameworks/notice/actions/email_admin.zeek @@ -1,6 +1,6 @@ ##! Adds a new notice action type which can be used to email notices ##! to the administrators of a particular address space as set by -##! :bro:id:`Site::local_admins` if the notice contains a source +##! :zeek:id:`Site::local_admins` if the notice contains a source ##! or destination address that lies within their space. @load ../main @@ -12,7 +12,7 @@ export { redef enum Action += { ## Indicate that the generated email should be addressed to the ## appropriate email addresses as found by the - ## :bro:id:`Site::get_emails` function based on the relevant + ## :zeek:id:`Site::get_emails` function based on the relevant ## address or addresses indicated in the notice. ACTION_EMAIL_ADMIN }; diff --git a/scripts/base/frameworks/notice/actions/page.zeek b/scripts/base/frameworks/notice/actions/page.zeek index 73432337d1..99ca44537b 100644 --- a/scripts/base/frameworks/notice/actions/page.zeek +++ b/scripts/base/frameworks/notice/actions/page.zeek @@ -7,12 +7,12 @@ module Notice; export { redef enum Action += { ## Indicates that the notice should be sent to the pager email - ## address configured in the :bro:id:`Notice::mail_page_dest` + ## address configured in the :zeek:id:`Notice::mail_page_dest` ## variable. ACTION_PAGE }; - ## Email address to send notices with the :bro:enum:`Notice::ACTION_PAGE` + ## Email address to send notices with the :zeek:enum:`Notice::ACTION_PAGE` ## action. option mail_page_dest = ""; } diff --git a/scripts/base/frameworks/notice/actions/pp-alarms.zeek b/scripts/base/frameworks/notice/actions/pp-alarms.zeek index 02fe65e163..a327f3f9d6 100644 --- a/scripts/base/frameworks/notice/actions/pp-alarms.zeek +++ b/scripts/base/frameworks/notice/actions/pp-alarms.zeek @@ -12,7 +12,7 @@ export { const pretty_print_alarms = T &redef; ## Address to send the pretty-printed reports to. Default if not set is - ## :bro:id:`Notice::mail_dest`. + ## :zeek:id:`Notice::mail_dest`. ## ## Note that this is overridden by the BroControl MailAlarmsTo option. const mail_dest_pretty_printed = "" &redef; diff --git a/scripts/base/frameworks/notice/main.zeek b/scripts/base/frameworks/notice/main.zeek index 5b2625e0db..f4a7796495 100644 --- a/scripts/base/frameworks/notice/main.zeek +++ b/scripts/base/frameworks/notice/main.zeek @@ -18,7 +18,7 @@ export { ## Scripts creating new notices need to redef this enum to add their ## own specific notice types which would then get used when they call - ## the :bro:id:`NOTICE` function. The convention is to give a general + ## the :zeek:id:`NOTICE` function. The convention is to give a general ## category along with the specific notice separating words with ## underscores and using leading capitals on each word except for ## abbreviations which are kept in all capitals. For example, @@ -37,12 +37,12 @@ export { ## logging stream. ACTION_LOG, ## Indicates that the notice should be sent to the email - ## address(es) configured in the :bro:id:`Notice::mail_dest` + ## address(es) configured in the :zeek:id:`Notice::mail_dest` ## variable. ACTION_EMAIL, ## Indicates that the notice should be alarmed. A readable ## ASCII version of the alarm log is emailed in bulk to the - ## address(es) configured in :bro:id:`Notice::mail_dest`. + ## address(es) configured in :zeek:id:`Notice::mail_dest`. ACTION_ALARM, }; @@ -50,7 +50,7 @@ export { type ActionSet: set[Notice::Action]; ## The notice framework is able to do automatic notice suppression by - ## utilizing the *identifier* field in :bro:type:`Notice::Info` records. + ## utilizing the *identifier* field in :zeek:type:`Notice::Info` records. ## Set this to "0secs" to completely disable automated notice ## suppression. option default_suppression_interval = 1hrs; @@ -103,18 +103,18 @@ export { ## *conn*, *iconn* or *p* is specified. proto: transport_proto &log &optional; - ## The :bro:type:`Notice::Type` of the notice. + ## The :zeek:type:`Notice::Type` of the notice. note: Type &log; ## The human readable message for the notice. msg: string &log &optional; ## The human readable sub-message. sub: string &log &optional; - ## Source address, if we don't have a :bro:type:`conn_id`. + ## Source address, if we don't have a :zeek:type:`conn_id`. src: addr &log &optional; ## Destination address. dst: addr &log &optional; - ## Associated port, if we don't have a :bro:type:`conn_id`. + ## Associated port, if we don't have a :zeek:type:`conn_id`. p: port &log &optional; ## Associated count, or perhaps a status code. n: count &log &optional; @@ -131,14 +131,14 @@ export { ## By adding chunks of text into this element, other scripts ## can expand on notices that are being emailed. The normal ## way to add text is to extend the vector by handling the - ## :bro:id:`Notice::notice` event and modifying the notice in + ## :zeek:id:`Notice::notice` event and modifying the notice in ## place. email_body_sections: vector of string &optional; ## Adding a string "token" to this set will cause the notice ## framework's built-in emailing functionality to delay sending ## the email until either the token has been removed or the - ## email has been delayed for :bro:id:`Notice::max_email_delay`. + ## email has been delayed for :zeek:id:`Notice::max_email_delay`. email_delay_tokens: set[string] &optional; ## This field is to be provided when a notice is generated for @@ -192,8 +192,8 @@ export { ## Note that this is overridden by the BroControl SendMail option. option sendmail = "/usr/sbin/sendmail"; ## Email address to send notices with the - ## :bro:enum:`Notice::ACTION_EMAIL` action or to send bulk alarm logs - ## on rotation with :bro:enum:`Notice::ACTION_ALARM`. + ## :zeek:enum:`Notice::ACTION_EMAIL` action or to send bulk alarm logs + ## on rotation with :zeek:enum:`Notice::ACTION_ALARM`. ## ## Note that this is overridden by the BroControl MailTo option. const mail_dest = "" &redef; @@ -212,18 +212,18 @@ export { ## The maximum amount of time a plugin can delay email from being sent. const max_email_delay = 15secs &redef; - ## Contains a portion of :bro:see:`fa_file` that's also contained in - ## :bro:see:`Notice::Info`. + ## Contains a portion of :zeek:see:`fa_file` that's also contained in + ## :zeek:see:`Notice::Info`. type FileInfo: record { fuid: string; ##< File UID. desc: string; ##< File description from e.g. - ##< :bro:see:`Files::describe`. + ##< :zeek:see:`Files::describe`. mime: string &optional; ##< Strongest mime type match for file. cid: conn_id &optional; ##< Connection tuple over which file is sent. cuid: string &optional; ##< Connection UID over which file is sent. }; - ## Creates a record containing a subset of a full :bro:see:`fa_file` record. + ## Creates a record containing a subset of a full :zeek:see:`fa_file` record. ## ## f: record containing metadata about a file. ## @@ -245,7 +245,7 @@ export { global populate_file_info2: function(fi: Notice::FileInfo, n: Notice::Info); ## A log postprocessing function that implements emailing the contents - ## of a log upon rotation to any configured :bro:id:`Notice::mail_dest`. + ## of a log upon rotation to any configured :zeek:id:`Notice::mail_dest`. ## The rotated log is removed upon being sent. ## ## info: A record containing the rotated log file information. @@ -254,9 +254,9 @@ export { global log_mailing_postprocessor: function(info: Log::RotationInfo): bool; ## This is the event that is called as the entry point to the - ## notice framework by the global :bro:id:`NOTICE` function. By the + ## notice framework by the global :zeek:id:`NOTICE` function. By the ## time this event is generated, default values have already been - ## filled out in the :bro:type:`Notice::Info` record and the notice + ## filled out in the :zeek:type:`Notice::Info` record and the notice ## policy has also been applied. ## ## n: The record containing notice data. @@ -268,7 +268,7 @@ export { ## ## suppress_for: length of time that this notice should be suppressed. ## - ## note: The :bro:type:`Notice::Type` of the notice. + ## note: The :zeek:type:`Notice::Type` of the notice. ## ## identifier: The identifier string of the notice that should be suppressed. global begin_suppression: event(ts: time, suppress_for: interval, note: Type, identifier: string); @@ -286,8 +286,8 @@ export { global suppressed: event(n: Notice::Info); ## Call this function to send a notice in an email. It is already used - ## by default with the built in :bro:enum:`Notice::ACTION_EMAIL` and - ## :bro:enum:`Notice::ACTION_PAGE` actions. + ## by default with the built in :zeek:enum:`Notice::ACTION_EMAIL` and + ## :zeek:enum:`Notice::ACTION_PAGE` actions. ## ## n: The record of notice data to email. ## @@ -308,13 +308,13 @@ export { ## appended. global email_headers: function(subject_desc: string, dest: string): string; - ## This event can be handled to access the :bro:type:`Notice::Info` + ## This event can be handled to access the :zeek:type:`Notice::Info` ## record as it is sent on to the logging framework. ## ## rec: The record containing notice data before it is logged. global log_notice: event(rec: Info); - ## This is an internal wrapper for the global :bro:id:`NOTICE` + ## This is an internal wrapper for the global :zeek:id:`NOTICE` ## function; disregard. ## ## n: The record of notice data. @@ -598,7 +598,7 @@ function populate_file_info2(fi: Notice::FileInfo, n: Notice::Info) # This is run synchronously as a function before all of the other # notice related functions and events. It also modifies the -# :bro:type:`Notice::Info` record in place. +# :zeek:type:`Notice::Info` record in place. function apply_policy(n: Notice::Info) { # Fill in some defaults. diff --git a/scripts/base/frameworks/openflow/plugins/log.zeek b/scripts/base/frameworks/openflow/plugins/log.zeek index 7f1ecf86ea..23a16c3186 100644 --- a/scripts/base/frameworks/openflow/plugins/log.zeek +++ b/scripts/base/frameworks/openflow/plugins/log.zeek @@ -41,7 +41,7 @@ export { flow_mod: ofp_flow_mod &log; }; - ## Event that can be handled to access the :bro:type:`OpenFlow::Info` + ## Event that can be handled to access the :zeek:type:`OpenFlow::Info` ## record as it is sent on to the logging framework. global log_openflow: event(rec: Info); } diff --git a/scripts/base/frameworks/packet-filter/main.zeek b/scripts/base/frameworks/packet-filter/main.zeek index c06e801710..160139b1db 100644 --- a/scripts/base/frameworks/packet-filter/main.zeek +++ b/scripts/base/frameworks/packet-filter/main.zeek @@ -2,7 +2,7 @@ ##! Bro sets a capture filter that allows all traffic. If a filter ##! is set on the command line, that filter takes precedence over the default ##! open filter and all filters defined in Bro scripts with the -##! :bro:id:`capture_filters` and :bro:id:`restrict_filters` variables. +##! :zeek:id:`capture_filters` and :zeek:id:`restrict_filters` variables. @load base/frameworks/notice @load base/frameworks/analyzer @@ -48,7 +48,7 @@ export { }; ## The BPF filter that is used by default to define what traffic should - ## be captured. Filters defined in :bro:id:`restrict_filters` will + ## be captured. Filters defined in :zeek:id:`restrict_filters` will ## still be applied to reduce the captured traffic. const default_capture_filter = "ip or not ip" &redef; @@ -64,7 +64,7 @@ export { ## The maximum amount of time that you'd like to allow for BPF filters to compile. ## If this time is exceeded, compensation measures may be taken by the framework ## to reduce the filter size. This threshold being crossed also results - ## in the :bro:see:`PacketFilter::Too_Long_To_Compile_Filter` notice. + ## in the :zeek:see:`PacketFilter::Too_Long_To_Compile_Filter` notice. const max_filter_compile_time = 100msec &redef; ## Install a BPF filter to exclude some traffic. The filter should diff --git a/scripts/base/frameworks/packet-filter/utils.zeek b/scripts/base/frameworks/packet-filter/utils.zeek index 29b54229af..cbf07f64ad 100644 --- a/scripts/base/frameworks/packet-filter/utils.zeek +++ b/scripts/base/frameworks/packet-filter/utils.zeek @@ -1,7 +1,7 @@ module PacketFilter; export { - ## Takes a :bro:type:`port` and returns a BPF expression which will + ## Takes a :zeek:type:`port` and returns a BPF expression which will ## match the port. ## ## p: The port. diff --git a/scripts/base/frameworks/reporter/main.zeek b/scripts/base/frameworks/reporter/main.zeek index 39f0755325..54e4123407 100644 --- a/scripts/base/frameworks/reporter/main.zeek +++ b/scripts/base/frameworks/reporter/main.zeek @@ -2,9 +2,9 @@ ##! internal messages/warnings/errors. It should typically be loaded to ##! log such messages to a file in a standard way. For the options to ##! toggle whether messages are additionally written to STDERR, see -##! :bro:see:`Reporter::info_to_stderr`, -##! :bro:see:`Reporter::warnings_to_stderr`, and -##! :bro:see:`Reporter::errors_to_stderr`. +##! :zeek:see:`Reporter::info_to_stderr`, +##! :zeek:see:`Reporter::warnings_to_stderr`, and +##! :zeek:see:`Reporter::errors_to_stderr`. ##! ##! Note that this framework deals with the handling of internally generated ##! reporter messages, for the interface diff --git a/scripts/base/frameworks/signatures/main.zeek b/scripts/base/frameworks/signatures/main.zeek index da19416871..910f3b461c 100644 --- a/scripts/base/frameworks/signatures/main.zeek +++ b/scripts/base/frameworks/signatures/main.zeek @@ -13,22 +13,22 @@ export { Sensitive_Signature, ## Host has triggered many signatures on the same host. The ## number of signatures is defined by the - ## :bro:id:`Signatures::vert_scan_thresholds` variable. + ## :zeek:id:`Signatures::vert_scan_thresholds` variable. Multiple_Signatures, ## Host has triggered the same signature on multiple hosts as - ## defined by the :bro:id:`Signatures::horiz_scan_thresholds` + ## defined by the :zeek:id:`Signatures::horiz_scan_thresholds` ## variable. Multiple_Sig_Responders, ## The same signature has triggered multiple times for a host. ## The number of times the signature has been triggered is - ## defined by the :bro:id:`Signatures::count_thresholds` + ## defined by the :zeek:id:`Signatures::count_thresholds` ## variable. To generate this notice, the - ## :bro:enum:`Signatures::SIG_COUNT_PER_RESP` action must be + ## :zeek:enum:`Signatures::SIG_COUNT_PER_RESP` action must be ## set for the signature. Count_Signature, ## Summarize the number of times a host triggered a signature. ## The interval between summaries is defined by the - ## :bro:id:`Signatures::summary_interval` variable. + ## :zeek:id:`Signatures::summary_interval` variable. Signature_Summary, }; @@ -48,7 +48,7 @@ export { SIG_QUIET, ## Generate a notice. SIG_LOG, - ## The same as :bro:enum:`Signatures::SIG_LOG`, but ignore for + ## The same as :zeek:enum:`Signatures::SIG_LOG`, but ignore for ## aggregate/scan processing. SIG_FILE_BUT_NO_SCAN, ## Generate a notice and set it to be alarmed upon. @@ -58,8 +58,8 @@ export { ## Alarm once and then never again. SIG_ALARM_ONCE, ## Count signatures per responder host and alarm with the - ## :bro:enum:`Signatures::Count_Signature` notice if a threshold - ## defined by :bro:id:`Signatures::count_thresholds` is reached. + ## :zeek:enum:`Signatures::Count_Signature` notice if a threshold + ## defined by :zeek:id:`Signatures::count_thresholds` is reached. SIG_COUNT_PER_RESP, ## Don't alarm, but generate per-orig summary. SIG_SUMMARY, @@ -114,11 +114,11 @@ export { ## different signature matches has reached one of the thresholds. const vert_scan_thresholds = { 5, 10, 50, 100, 500, 1000 } &redef; - ## Generate a notice if a :bro:enum:`Signatures::SIG_COUNT_PER_RESP` + ## Generate a notice if a :zeek:enum:`Signatures::SIG_COUNT_PER_RESP` ## signature is triggered as often as given by one of these thresholds. const count_thresholds = { 5, 10, 50, 100, 500, 1000, 10000, 1000000, } &redef; - ## The interval between when :bro:enum:`Signatures::Signature_Summary` + ## The interval between when :zeek:enum:`Signatures::Signature_Summary` ## notices are generated. option summary_interval = 1 day; diff --git a/scripts/base/frameworks/software/main.zeek b/scripts/base/frameworks/software/main.zeek index 291ca539a1..83669cbc82 100644 --- a/scripts/base/frameworks/software/main.zeek +++ b/scripts/base/frameworks/software/main.zeek @@ -2,7 +2,7 @@ ##! parsing but doesn't actually do any detection on it's own. It relies on ##! other protocol specific scripts to parse out software from the protocols ##! that they analyze. The entry point for providing new software detections -##! to this framework is through the :bro:id:`Software::found` function. +##! to this framework is through the :zeek:id:`Software::found` function. @load base/utils/directions-and-hosts @load base/utils/numbers @@ -16,7 +16,7 @@ export { ## Scripts detecting new types of software need to redef this enum to add ## their own specific software types which would then be used when they - ## create :bro:type:`Software::Info` records. + ## create :zeek:type:`Software::Info` records. type Type: enum { ## A placeholder type for when the type of software is not known. UNKNOWN, @@ -45,7 +45,7 @@ export { ## The port on which the software is running. Only sensible for ## server software. host_p: port &log &optional; - ## The type of software detected (e.g. :bro:enum:`HTTP::SERVER`). + ## The type of software detected (e.g. :zeek:enum:`HTTP::SERVER`). software_type: Type &log &default=UNKNOWN; ## Name of the software (e.g. Apache). name: string &log &optional; @@ -96,9 +96,9 @@ export { ["Flash Player"] = "Flash", } &default=function(a: string): string { return a; }; - ## Type to represent a collection of :bro:type:`Software::Info` records. + ## Type to represent a collection of :zeek:type:`Software::Info` records. ## It's indexed with the name of a piece of software such as "Firefox" - ## and it yields a :bro:type:`Software::Info` record with more + ## and it yields a :zeek:type:`Software::Info` record with more ## information about the software. type SoftwareSet: table[string] of Info; @@ -108,7 +108,7 @@ export { ## uniformly distributed among proxy nodes. global tracked: table[addr] of SoftwareSet &create_expire=1day; - ## This event can be handled to access the :bro:type:`Software::Info` + ## This event can be handled to access the :zeek:type:`Software::Info` ## record as it is sent on to the logging framework. global log_software: event(rec: Info); @@ -117,7 +117,7 @@ export { global version_change: event(old: Info, new: Info); ## This event is raised when software is about to be registered for - ## tracking in :bro:see:`Software::tracked`. + ## tracking in :zeek:see:`Software::tracked`. global register: event(info: Info); } diff --git a/scripts/base/frameworks/sumstats/cluster.zeek b/scripts/base/frameworks/sumstats/cluster.zeek index 670ad86fe1..d2633afd87 100644 --- a/scripts/base/frameworks/sumstats/cluster.zeek +++ b/scripts/base/frameworks/sumstats/cluster.zeek @@ -35,12 +35,12 @@ export { global cluster_get_result: event(uid: string, ss_name: string, key: Key, cleanup: bool); ## This event is sent by nodes in response to a - ## :bro:id:`SumStats::cluster_get_result` event. + ## :zeek:id:`SumStats::cluster_get_result` event. global cluster_send_result: event(uid: string, ss_name: string, key: Key, result: Result, cleanup: bool); ## This is sent by workers to indicate that they crossed the percent ## of the current threshold by the percentage defined globally in - ## :bro:id:`SumStats::cluster_request_global_view_percent`. + ## :zeek:id:`SumStats::cluster_request_global_view_percent`. global cluster_key_intermediate_response: event(ss_name: string, key: SumStats::Key); ## This event is scheduled internally on workers to send result chunks. diff --git a/scripts/base/frameworks/sumstats/main.zeek b/scripts/base/frameworks/sumstats/main.zeek index a312377111..3f73d278e5 100644 --- a/scripts/base/frameworks/sumstats/main.zeek +++ b/scripts/base/frameworks/sumstats/main.zeek @@ -105,7 +105,7 @@ export { reducers: set[Reducer]; ## A function that will be called once for each observation in order - ## to calculate a value from the :bro:see:`SumStats::Result` structure + ## to calculate a value from the :zeek:see:`SumStats::Result` structure ## which will be used for thresholding. ## This function is required if a *threshold* value or ## a *threshold_series* is given. @@ -157,7 +157,7 @@ export { ## Dynamically request a sumstat key. This function should be ## used sparingly and not as a replacement for the callbacks - ## from the :bro:see:`SumStats::SumStat` record. The function is only + ## from the :zeek:see:`SumStats::SumStat` record. The function is only ## available for use within "when" statements as an asynchronous ## function. ## @@ -168,7 +168,7 @@ export { ## Returns: The result for the requested sumstat key. global request_key: function(ss_name: string, key: Key): Result; - ## Helper function to represent a :bro:type:`SumStats::Key` value as + ## Helper function to represent a :zeek:type:`SumStats::Key` value as ## a simple string. ## ## key: The metric key that is to be converted into a string. diff --git a/scripts/base/frameworks/sumstats/plugins/last.zeek b/scripts/base/frameworks/sumstats/plugins/last.zeek index b12d854bbb..a2c19f3f51 100644 --- a/scripts/base/frameworks/sumstats/plugins/last.zeek +++ b/scripts/base/frameworks/sumstats/plugins/last.zeek @@ -19,7 +19,7 @@ export { redef record ResultVal += { ## This is the queue where elements are maintained. ## Don't access this value directly, instead use the - ## :bro:see:`SumStats::get_last` function to get a vector of + ## :zeek:see:`SumStats::get_last` function to get a vector of ## the current element values. last_elements: Queue::Queue &optional; }; diff --git a/scripts/base/frameworks/tunnels/main.zeek b/scripts/base/frameworks/tunnels/main.zeek index f72a7d3445..09441c177c 100644 --- a/scripts/base/frameworks/tunnels/main.zeek +++ b/scripts/base/frameworks/tunnels/main.zeek @@ -3,7 +3,7 @@ ##! ##! For any connection that occurs over a tunnel, information about its ##! encapsulating tunnels is also found in the *tunnel* field of -##! :bro:type:`connection`. +##! :zeek:type:`connection`. module Tunnel; @@ -18,7 +18,7 @@ export { ## A tunnel connection has closed. CLOSE, ## No new connections over a tunnel happened in the amount of - ## time indicated by :bro:see:`Tunnel::expiration_interval`. + ## time indicated by :zeek:see:`Tunnel::expiration_interval`. EXPIRE, }; @@ -27,7 +27,7 @@ export { ## Time at which some tunnel activity occurred. ts: time &log; ## The unique identifier for the tunnel, which may correspond - ## to a :bro:type:`connection`'s *uid* field for non-IP-in-IP tunnels. + ## to a :zeek:type:`connection`'s *uid* field for non-IP-in-IP tunnels. ## This is optional because there could be numerous connections ## for payload proxies like SOCKS but we should treat it as a ## single tunnel. @@ -42,29 +42,29 @@ export { }; ## Logs all tunnels in an encapsulation chain with action - ## :bro:see:`Tunnel::DISCOVER` that aren't already in the - ## :bro:id:`Tunnel::active` table and adds them if not. + ## :zeek:see:`Tunnel::DISCOVER` that aren't already in the + ## :zeek:id:`Tunnel::active` table and adds them if not. global register_all: function(ecv: EncapsulatingConnVector); ## Logs a single tunnel "connection" with action - ## :bro:see:`Tunnel::DISCOVER` if it's not already in the - ## :bro:id:`Tunnel::active` table and adds it if not. + ## :zeek:see:`Tunnel::DISCOVER` if it's not already in the + ## :zeek:id:`Tunnel::active` table and adds it if not. global register: function(ec: EncapsulatingConn); ## Logs a single tunnel "connection" with action - ## :bro:see:`Tunnel::EXPIRE` and removes it from the - ## :bro:id:`Tunnel::active` table. + ## :zeek:see:`Tunnel::EXPIRE` and removes it from the + ## :zeek:id:`Tunnel::active` table. ## ## t: A table of tunnels. ## ## idx: The index of the tunnel table corresponding to the tunnel to expire. ## ## Returns: 0secs, which when this function is used as an - ## :bro:attr:`&expire_func`, indicates to remove the element at + ## :zeek:attr:`&expire_func`, indicates to remove the element at ## *idx* immediately. global expire: function(t: table[conn_id] of Info, idx: conn_id): interval; - ## Removes a single tunnel from the :bro:id:`Tunnel::active` table + ## Removes a single tunnel from the :zeek:id:`Tunnel::active` table ## and logs the closing/expiration of the tunnel. ## ## tunnel: The tunnel which has closed or expired. @@ -78,7 +78,7 @@ export { ## Currently active tunnels. That is, tunnels for which new, ## encapsulated connections have been seen in the interval indicated by - ## :bro:see:`Tunnel::expiration_interval`. + ## :zeek:see:`Tunnel::expiration_interval`. global active: table[conn_id] of Info = table() &read_expire=expiration_interval &expire_func=expire; } diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index cc328cd9aa..202173e3d9 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -99,7 +99,7 @@ type files_tag_set: set[Files::Tag]; ## A structure indicating a MIME type and strength of a match against ## file magic signatures. ## -## :bro:see:`file_magic` +## :zeek:see:`file_magic` type mime_match: record { strength: int; ##< How strongly the signature matched. Used for ##< prioritization when multiple file magic signatures @@ -110,7 +110,7 @@ type mime_match: record { ## A vector of file magic signature matches, ordered by strength of ## the signature, strongest first. ## -## :bro:see:`file_magic` +## :zeek:see:`file_magic` type mime_matches: vector of mime_match; ## A connection's transport-layer protocol. Note that Bro uses the term @@ -126,7 +126,7 @@ type transport_proto: enum { ## ## .. note:: It's actually a 5-tuple: the transport-layer protocol is stored as ## part of the port values, `orig_p` and `resp_p`, and can be extracted from -## them with :bro:id:`get_port_transport_proto`. +## them with :zeek:id:`get_port_transport_proto`. type conn_id: record { orig_h: addr; ##< The originator's IP address. orig_p: port; ##< The originator's port number. @@ -138,7 +138,7 @@ type conn_id: record { ## ## .. note:: It's actually a 5-tuple: the transport-layer protocol is stored as ## part of the port values, `src_p` and `dst_p`, and can be extracted from -## them with :bro:id:`get_port_transport_proto`. +## them with :zeek:id:`get_port_transport_proto`. type flow_id : record { src_h: addr; ##< The source IP address. src_p: port; ##< The source port number. @@ -147,9 +147,9 @@ type flow_id : record { } &log; ## Specifics about an ICMP conversation. ICMP events typically pass this in -## addition to :bro:type:`conn_id`. +## addition to :zeek:type:`conn_id`. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent +## .. zeek:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent ## icmp_time_exceeded icmp_unreachable type icmp_conn: record { orig_h: addr; ##< The originator's IP address. @@ -164,7 +164,7 @@ type icmp_conn: record { ## Packet context part of an ICMP message. The fields of this record reflect the ## packet that is described by the context. ## -## .. bro:see:: icmp_time_exceeded icmp_unreachable +## .. zeek:see:: icmp_time_exceeded icmp_unreachable type icmp_context: record { id: conn_id; ##< The packet's 4-tuple. len: count; ##< The length of the IP packet (headers + payload). @@ -183,7 +183,7 @@ type icmp_context: record { ## Values extracted from a Prefix Information option in an ICMPv6 neighbor ## discovery message as specified by :rfc:`4861`. ## -## .. bro:see:: icmp6_nd_option +## .. zeek:see:: icmp6_nd_option type icmp6_nd_prefix_info: record { ## Number of leading bits of the *prefix* that are valid. prefix_len: count; @@ -199,14 +199,14 @@ type icmp6_nd_prefix_info: record { ## (0xffffffff represents infinity). preferred_lifetime: interval; ## An IP address or prefix of an IP address. Use the *prefix_len* field - ## to convert this into a :bro:type:`subnet`. + ## to convert this into a :zeek:type:`subnet`. prefix: addr; }; ## Options extracted from ICMPv6 neighbor discovery messages as specified ## by :rfc:`4861`. ## -## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_advertisement icmp_neighbor_solicitation icmp_redirect ## icmp6_nd_options type icmp6_nd_option: record { @@ -238,7 +238,7 @@ type icmp6_nd_options: vector of icmp6_nd_option; # A DNS mapping between IP address and hostname resolved by Bro's internal # resolver. # -# .. bro:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name +# .. zeek:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name # dns_mapping_unverified dns_mapping_valid type dns_mapping: record { ## The time when the mapping was created, which corresponds to when @@ -264,7 +264,7 @@ type dns_mapping: record { ## A parsed host/port combination describing server endpoint for an upcoming ## data transfer. ## -## .. bro:see:: fmt_ftp_port parse_eftp_port parse_ftp_epsv parse_ftp_pasv +## .. zeek:see:: fmt_ftp_port parse_eftp_port parse_ftp_epsv parse_ftp_pasv ## parse_ftp_port type ftp_port: record { h: addr; ##< The host's address. @@ -274,7 +274,7 @@ type ftp_port: record { ## Statistics about what a TCP endpoint sent. ## -## .. bro:see:: conn_stats +## .. zeek:see:: conn_stats type endpoint_stats: record { num_pkts: count; ##< Number of packets. num_rxmit: count; ##< Number of retransmissions. @@ -283,9 +283,9 @@ type endpoint_stats: record { num_OO: count; ##< Number of out-of-order packets. num_repl: count; ##< Number of replicated packets (last packet was sent again). ## Endian type used by the endpoint, if it could be determined from - ## the sequence numbers used. This is one of :bro:see:`ENDIAN_UNKNOWN`, - ## :bro:see:`ENDIAN_BIG`, :bro:see:`ENDIAN_LITTLE`, and - ## :bro:see:`ENDIAN_CONFUSED`. + ## the sequence numbers used. This is one of :zeek:see:`ENDIAN_UNKNOWN`, + ## :zeek:see:`ENDIAN_BIG`, :zeek:see:`ENDIAN_LITTLE`, and + ## :zeek:see:`ENDIAN_CONFUSED`. endian_type: count; }; @@ -302,7 +302,7 @@ export { ## The type of tunnel. tunnel_type: Tunnel::Type; ## A globally unique identifier that, for non-IP-in-IP tunnels, - ## cross-references the *uid* field of :bro:type:`connection`. + ## cross-references the *uid* field of :zeek:type:`connection`. uid: string &optional; } &log; } # end export @@ -316,22 +316,22 @@ module GLOBAL; ## directly and then remove this alias. type EncapsulatingConnVector: vector of Tunnel::EncapsulatingConn; -## Statistics about a :bro:type:`connection` endpoint. +## Statistics about a :zeek:type:`connection` endpoint. ## -## .. bro:see:: connection +## .. zeek:see:: connection type endpoint: record { size: count; ##< Logical size of data sent (for TCP: derived from sequence numbers). ## Endpoint state. For a TCP connection, one of the constants: - ## :bro:see:`TCP_INACTIVE` :bro:see:`TCP_SYN_SENT` - ## :bro:see:`TCP_SYN_ACK_SENT` :bro:see:`TCP_PARTIAL` - ## :bro:see:`TCP_ESTABLISHED` :bro:see:`TCP_CLOSED` :bro:see:`TCP_RESET`. - ## For UDP, one of :bro:see:`UDP_ACTIVE` and :bro:see:`UDP_INACTIVE`. + ## :zeek:see:`TCP_INACTIVE` :zeek:see:`TCP_SYN_SENT` + ## :zeek:see:`TCP_SYN_ACK_SENT` :zeek:see:`TCP_PARTIAL` + ## :zeek:see:`TCP_ESTABLISHED` :zeek:see:`TCP_CLOSED` :zeek:see:`TCP_RESET`. + ## For UDP, one of :zeek:see:`UDP_ACTIVE` and :zeek:see:`UDP_INACTIVE`. state: count; - ## Number of packets sent. Only set if :bro:id:`use_conn_size_analyzer` + ## Number of packets sent. Only set if :zeek:id:`use_conn_size_analyzer` ## is true. num_pkts: count &optional; ## Number of IP-level bytes sent. Only set if - ## :bro:id:`use_conn_size_analyzer` is true. + ## :zeek:id:`use_conn_size_analyzer` is true. num_bytes_ip: count &optional; ## The current IPv6 flow label that the connection endpoint is using. ## Always 0 if the connection is over IPv4. @@ -361,7 +361,7 @@ type connection: record { ## to parse the same data. If so, all will be recorded. Also note that ## the recorded services are independent of any transport-level protocols. service: set[string]; - history: string; ##< State history of connections. See *history* in :bro:see:`Conn::Info`. + history: string; ##< State history of connections. See *history* in :zeek:see:`Conn::Info`. ## A globally unique connection identifier. For each connection, Bro ## creates an ID that is very likely unique across independent Bro runs. ## These IDs can thus be used to tag and locate information associated @@ -370,7 +370,7 @@ type connection: record { ## If the connection is tunneled, this field contains information about ## the encapsulating "connection(s)" with the outermost one starting ## at index zero. It's also always the first such encapsulation seen - ## for the connection unless the :bro:id:`tunnel_changed` event is + ## for the connection unless the :zeek:id:`tunnel_changed` event is ## handled and reassigns this field to the new encapsulation. tunnel: EncapsulatingConnVector &optional; @@ -460,7 +460,7 @@ type fa_metadata: record { ## Fields of a SYN packet. ## -## .. bro:see:: connection_SYN_packet +## .. zeek:see:: connection_SYN_packet type SYN_packet: record { is_orig: bool; ##< True if the packet was sent the connection's originator. DF: bool; ##< True if the *don't fragment* is set in the IP header. @@ -474,7 +474,7 @@ type SYN_packet: record { ## Packet capture statistics. All counts are cumulative. ## -## .. bro:see:: get_net_stats +## .. zeek:see:: get_net_stats type NetStats: record { pkts_recvd: count &default=0; ##< Packets received by Bro. pkts_dropped: count &default=0; ##< Packets reported dropped by the system. @@ -514,7 +514,7 @@ type ConnStats: record { ## Statistics about Bro's process. ## -## .. bro:see:: get_proc_stats +## .. zeek:see:: get_proc_stats ## ## .. note:: All process-level values refer to Bro's main process only, not to ## the child process it spawns for doing communication. @@ -540,7 +540,7 @@ type EventStats: record { ## Holds statistics for all types of reassembly. ## -## .. bro:see:: get_reassembler_stats +## .. zeek:see:: get_reassembler_stats type ReassemblerStats: record { file_size: count; ##< Byte size of File reassembly tracking. frag_size: count; ##< Byte size of Fragment reassembly tracking. @@ -550,7 +550,7 @@ type ReassemblerStats: record { ## Statistics of all regular expression matchers. ## -## .. bro:see:: get_matcher_stats +## .. zeek:see:: get_matcher_stats type MatcherStats: record { matchers: count; ##< Number of distinct RE matchers. nfa_states: count; ##< Number of NFA states across all matchers. @@ -563,7 +563,7 @@ type MatcherStats: record { ## Statistics of timers. ## -## .. bro:see:: get_timer_stats +## .. zeek:see:: get_timer_stats type TimerStats: record { current: count; ##< Current number of pending timers. max: count; ##< Maximum number of concurrent timers pending so far. @@ -572,7 +572,7 @@ type TimerStats: record { ## Statistics of file analysis. ## -## .. bro:see:: get_file_analysis_stats +## .. zeek:see:: get_file_analysis_stats type FileAnalysisStats: record { current: count; ##< Current number of files being analyzed. max: count; ##< Maximum number of concurrent files so far. @@ -583,7 +583,7 @@ type FileAnalysisStats: record { ## about Bro performing DNS queries on it's own, not traffic ## being seen. ## -## .. bro:see:: get_dns_stats +## .. zeek:see:: get_dns_stats type DNSStats: record { requests: count; ##< Number of DNS requests made successful: count; ##< Number of successful DNS replies. @@ -595,7 +595,7 @@ type DNSStats: record { ## Statistics about number of gaps in TCP connections. ## -## .. bro:see:: get_gap_stats +## .. zeek:see:: get_gap_stats type GapStats: record { ack_events: count; ##< How many ack events *could* have had gaps. ack_bytes: count; ##< How many bytes those covered. @@ -605,14 +605,14 @@ type GapStats: record { ## Statistics about threads. ## -## .. bro:see:: get_thread_stats +## .. zeek:see:: get_thread_stats type ThreadStats: record { num_threads: count; }; ## Statistics about Broker communication. ## -## .. bro:see:: get_broker_stats +## .. zeek:see:: get_broker_stats type BrokerStats: record { num_peers: count; ## Number of active data stores. @@ -635,7 +635,7 @@ type BrokerStats: record { ## Statistics about reporter messages and weirds. ## -## .. bro:see:: get_reporter_stats +## .. zeek:see:: get_reporter_stats type ReporterStats: record { ## Number of total weirds encountered, before any rate-limiting. weirds: count; @@ -657,7 +657,7 @@ type packet: record { ## Table type used to map variable names to their memory allocation. ## -## .. bro:see:: global_sizes +## .. zeek:see:: global_sizes ## ## .. todo:: We need this type definition only for declaring builtin functions ## via ``bifcl``. We should extend ``bifcl`` to understand composite types @@ -666,21 +666,21 @@ type var_sizes: table[string] of count; ## Meta-information about a script-level identifier. ## -## .. bro:see:: global_ids id_table +## .. zeek:see:: global_ids id_table type script_id: record { type_name: string; ##< The name of the identifier's type. exported: bool; ##< True if the identifier is exported. constant: bool; ##< True if the identifier is a constant. enum_constant: bool; ##< True if the identifier is an enum value. option_value: bool; ##< True if the identifier is an option. - redefinable: bool; ##< True if the identifier is declared with the :bro:attr:`&redef` attribute. + redefinable: bool; ##< True if the identifier is declared with the :zeek:attr:`&redef` attribute. value: any &optional; ##< The current value of the identifier. }; ## Table type used to map script-level identifiers to meta-information ## describing them. ## -## .. bro:see:: global_ids script_id +## .. zeek:see:: global_ids script_id ## ## .. todo:: We need this type definition only for declaring builtin functions ## via ``bifcl``. We should extend ``bifcl`` to understand composite types @@ -689,20 +689,20 @@ type id_table: table[string] of script_id; ## Meta-information about a record field. ## -## .. bro:see:: record_fields record_field_table +## .. zeek:see:: record_fields record_field_table type record_field: record { type_name: string; ##< The name of the field's type. - log: bool; ##< True if the field is declared with :bro:attr:`&log` attribute. + log: bool; ##< True if the field is declared with :zeek:attr:`&log` attribute. ## The current value of the field in the record instance passed into - ## :bro:see:`record_fields` (if it has one). + ## :zeek:see:`record_fields` (if it has one). value: any &optional; - default_val: any &optional; ##< The value of the :bro:attr:`&default` attribute if defined. + default_val: any &optional; ##< The value of the :zeek:attr:`&default` attribute if defined. }; ## Table type used to map record field declarations to meta-information ## describing them. ## -## .. bro:see:: record_fields record_field +## .. zeek:see:: record_fields record_field ## ## .. todo:: We need this type definition only for declaring builtin functions ## via ``bifcl``. We should extend ``bifcl`` to understand composite types @@ -711,21 +711,21 @@ type record_field_table: table[string] of record_field; ## Meta-information about a parameter to a function/event. ## -## .. bro:see:: call_argument_vector new_event +## .. zeek:see:: call_argument_vector new_event type call_argument: record { name: string; ##< The name of the parameter. type_name: string; ##< The name of the parameters's type. - default_val: any &optional; ##< The value of the :bro:attr:`&default` attribute if defined. + default_val: any &optional; ##< The value of the :zeek:attr:`&default` attribute if defined. ## The value of the parameter as passed into a given call instance. - ## Might be unset in the case a :bro:attr:`&default` attribute is + ## Might be unset in the case a :zeek:attr:`&default` attribute is ## defined. value: any &optional; }; ## Vector type used to capture parameters of a function/event call. ## -## .. bro:see:: call_argument new_event +## .. zeek:see:: call_argument new_event type call_argument_vector: vector of call_argument; # todo:: Do we still need these here? Can they move into the packet filter @@ -736,28 +736,28 @@ type call_argument_vector: vector of call_argument; ## Set of BPF capture filters to use for capturing, indexed by a user-definable ## ID (which must be unique). If Bro is *not* configured with -## :bro:id:`PacketFilter::enable_auto_protocol_capture_filters`, +## :zeek:id:`PacketFilter::enable_auto_protocol_capture_filters`, ## all packets matching at least one of the filters in this table (and all in -## :bro:id:`restrict_filters`) will be analyzed. +## :zeek:id:`restrict_filters`) will be analyzed. ## -## .. bro:see:: PacketFilter PacketFilter::enable_auto_protocol_capture_filters +## .. zeek:see:: PacketFilter PacketFilter::enable_auto_protocol_capture_filters ## PacketFilter::unrestricted_filter restrict_filters global capture_filters: table[string] of string &redef; ## Set of BPF filters to restrict capturing, indexed by a user-definable ID ## (which must be unique). ## -## .. bro:see:: PacketFilter PacketFilter::enable_auto_protocol_capture_filters +## .. zeek:see:: PacketFilter PacketFilter::enable_auto_protocol_capture_filters ## PacketFilter::unrestricted_filter capture_filters global restrict_filters: table[string] of string &redef; ## Enum type identifying dynamic BPF filters. These are used by -## :bro:see:`Pcap::precompile_pcap_filter` and :bro:see:`Pcap::precompile_pcap_filter`. +## :zeek:see:`Pcap::precompile_pcap_filter` and :zeek:see:`Pcap::precompile_pcap_filter`. type PcapFilterID: enum { None }; ## Deprecated. ## -## .. bro:see:: anonymize_addr +## .. zeek:see:: anonymize_addr type IPAddrAnonymization: enum { KEEP_ORIG_ADDR, SEQUENTIALLY_NUMBERED, @@ -768,7 +768,7 @@ type IPAddrAnonymization: enum { ## Deprecated. ## -## .. bro:see:: anonymize_addr +## .. zeek:see:: anonymize_addr type IPAddrAnonymizationClass: enum { ORIG_ADDR, RESP_ADDR, @@ -776,14 +776,14 @@ type IPAddrAnonymizationClass: enum { }; ## A locally unique ID identifying a communication peer. The ID is returned by -## :bro:id:`connect`. +## :zeek:id:`connect`. ## -## .. bro:see:: connect +## .. zeek:see:: connect type peer_id: count; ## A communication peer. ## -## .. bro:see:: complete_handshake disconnect finished_send_state +## .. zeek:see:: complete_handshake disconnect finished_send_state ## get_event_peer get_local_event_peer remote_capture_filter ## remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done @@ -794,19 +794,19 @@ type peer_id: count; ## ## .. todo::The type's name is too narrow these days, should rename. type event_peer: record { - id: peer_id; ##< Locally unique ID of peer (returned by :bro:id:`connect`). + id: peer_id; ##< Locally unique ID of peer (returned by :zeek:id:`connect`). host: addr; ##< The IP address of the peer. ## Either the port we connected to at the peer; or our port the peer ## connected to if the session is remotely initiated. p: port; is_local: bool; ##< True if this record describes the local process. - descr: string; ##< The peer's :bro:see:`peer_description`. + descr: string; ##< The peer's :zeek:see:`peer_description`. class: string &optional; ##< The self-assigned *class* of the peer. }; ## Deprecated. ## -## .. bro:see:: rotate_file rotate_file_by_name rotate_interval +## .. zeek:see:: rotate_file rotate_file_by_name rotate_interval type rotate_info: record { old_name: string; ##< Original filename. new_name: string; ##< File name after rotation. @@ -824,7 +824,7 @@ type rotate_info: record { ## Parameters for the Smith-Waterman algorithm. ## -## .. bro:see:: str_smith_waterman +## .. zeek:see:: str_smith_waterman type sw_params: record { ## Minimum size of a substring, minimum "granularity". min_strlen: count &default = 3; @@ -835,7 +835,7 @@ type sw_params: record { ## Helper type for return value of Smith-Waterman algorithm. ## -## .. bro:see:: str_smith_waterman sw_substring_vec sw_substring sw_align_vec sw_params +## .. zeek:see:: str_smith_waterman sw_substring_vec sw_substring sw_align_vec sw_params type sw_align: record { str: string; ##< String a substring is part of. index: count; ##< Offset substring is located. @@ -843,12 +843,12 @@ type sw_align: record { ## Helper type for return value of Smith-Waterman algorithm. ## -## .. bro:see:: str_smith_waterman sw_substring_vec sw_substring sw_align sw_params +## .. zeek:see:: str_smith_waterman sw_substring_vec sw_substring sw_align sw_params type sw_align_vec: vector of sw_align; ## Helper type for return value of Smith-Waterman algorithm. ## -## .. bro:see:: str_smith_waterman sw_substring_vec sw_align_vec sw_align sw_params +## .. zeek:see:: str_smith_waterman sw_substring_vec sw_align_vec sw_align sw_params ## type sw_substring: record { str: string; ##< A substring. @@ -858,7 +858,7 @@ type sw_substring: record { ## Return type for Smith-Waterman algorithm. ## -## .. bro:see:: str_smith_waterman sw_substring sw_align_vec sw_align sw_params +## .. zeek:see:: str_smith_waterman sw_substring sw_align_vec sw_align sw_params ## ## .. todo:: We need this type definition only for declaring builtin functions ## via ``bifcl``. We should extend ``bifcl`` to understand composite types @@ -869,7 +869,7 @@ type sw_substring_vec: vector of sw_substring; ## includes the complete packet as returned by libpcap, including the link-layer ## header. ## -## .. bro:see:: dump_packet get_current_packet +## .. zeek:see:: dump_packet get_current_packet type pcap_packet: record { ts_sec: count; ##< The non-fractional part of the packet's timestamp (i.e., full seconds since the epoch). ts_usec: count; ##< The fractional part of the packet's timestamp. @@ -881,7 +881,7 @@ type pcap_packet: record { ## GeoIP location information. ## -## .. bro:see:: lookup_location +## .. zeek:see:: lookup_location type geo_location: record { country_code: string &optional; ##< The country code. region: string &optional; ##< The region. @@ -898,7 +898,7 @@ const mmdb_dir: string = "" &redef; ## `_ for more information, Bro uses the same ## code. ## -## .. bro:see:: entropy_test_add entropy_test_finish entropy_test_init find_entropy +## .. zeek:see:: entropy_test_add entropy_test_finish entropy_test_init find_entropy type entropy_test_result: record { entropy: double; ##< Information density. chi_square: double; ##< Chi-Square value. @@ -907,7 +907,7 @@ type entropy_test_result: record { serial_correlation: double; ##< Serial correlation coefficient. }; -# TCP values for :bro:see:`endpoint` *state* field. +# TCP values for :zeek:see:`endpoint` *state* field. # todo:: these should go into an enum to make them autodoc'able. const TCP_INACTIVE = 0; ##< Endpoint is still inactive. const TCP_SYN_SENT = 1; ##< Endpoint has sent SYN. @@ -917,7 +917,7 @@ const TCP_ESTABLISHED = 4; ##< Endpoint has finished initial handshake regularly const TCP_CLOSED = 5; ##< Endpoint has closed connection. const TCP_RESET = 6; ##< Endpoint has sent RST. -# UDP values for :bro:see:`endpoint` *state* field. +# UDP values for :zeek:see:`endpoint` *state* field. # todo:: these should go into an enum to make them autodoc'able. const UDP_INACTIVE = 0; ##< Endpoint is still inactive. const UDP_ACTIVE = 1; ##< Endpoint has sent something. @@ -933,7 +933,7 @@ const ignore_checksums = F &redef; const partial_connection_ok = T &redef; ## If true, instantiate connection state when a SYN/ACK is seen but not the -## initial SYN (even if :bro:see:`partial_connection_ok` is false). +## initial SYN (even if :zeek:see:`partial_connection_ok` is false). const tcp_SYN_ack_ok = T &redef; ## If true, pass any undelivered to the signature engine before flushing the state. @@ -963,53 +963,53 @@ const tcp_close_delay = 5 secs &redef; ## Upon seeing a RST, flush state after this much time. const tcp_reset_delay = 5 secs &redef; -## Generate a :bro:id:`connection_partial_close` event this much time after one +## Generate a :zeek:id:`connection_partial_close` event this much time after one ## half of a partial connection closes, assuming there has been no subsequent ## activity. const tcp_partial_close_delay = 3 secs &redef; ## If a connection belongs to an application that we don't analyze, ## time it out after this interval. If 0 secs, then don't time it out (but -## :bro:see:`tcp_inactivity_timeout`, :bro:see:`udp_inactivity_timeout`, and -## :bro:see:`icmp_inactivity_timeout` still apply). +## :zeek:see:`tcp_inactivity_timeout`, :zeek:see:`udp_inactivity_timeout`, and +## :zeek:see:`icmp_inactivity_timeout` still apply). const non_analyzed_lifetime = 0 secs &redef; ## If a TCP connection is inactive, time it out after this interval. If 0 secs, ## then don't time it out. ## -## .. bro:see:: udp_inactivity_timeout icmp_inactivity_timeout set_inactivity_timeout +## .. zeek:see:: udp_inactivity_timeout icmp_inactivity_timeout set_inactivity_timeout const tcp_inactivity_timeout = 5 min &redef; ## If a UDP flow is inactive, time it out after this interval. If 0 secs, then ## don't time it out. ## -## .. bro:see:: tcp_inactivity_timeout icmp_inactivity_timeout set_inactivity_timeout +## .. zeek:see:: tcp_inactivity_timeout icmp_inactivity_timeout set_inactivity_timeout const udp_inactivity_timeout = 1 min &redef; ## If an ICMP flow is inactive, time it out after this interval. If 0 secs, then ## don't time it out. ## -## .. bro:see:: tcp_inactivity_timeout udp_inactivity_timeout set_inactivity_timeout +## .. zeek:see:: tcp_inactivity_timeout udp_inactivity_timeout set_inactivity_timeout const icmp_inactivity_timeout = 1 min &redef; ## Number of FINs/RSTs in a row that constitute a "storm". Storms are reported ## as ``weird`` via the notice framework, and they must also come within -## intervals of at most :bro:see:`tcp_storm_interarrival_thresh`. +## intervals of at most :zeek:see:`tcp_storm_interarrival_thresh`. ## -## .. bro:see:: tcp_storm_interarrival_thresh +## .. zeek:see:: tcp_storm_interarrival_thresh const tcp_storm_thresh = 1000 &redef; ## FINs/RSTs must come with this much time or less between them to be ## considered a "storm". ## -## .. bro:see:: tcp_storm_thresh +## .. zeek:see:: tcp_storm_thresh const tcp_storm_interarrival_thresh = 1 sec &redef; ## Maximum amount of data that might plausibly be sent in an initial flight ## (prior to receiving any acks). Used to determine whether we must not be ## seeing our peer's ACKs. Set to zero to turn off this determination. ## -## .. bro:see:: tcp_max_above_hole_without_any_acks tcp_excessive_data_without_further_acks +## .. zeek:see:: tcp_max_above_hole_without_any_acks tcp_excessive_data_without_further_acks const tcp_max_initial_window = 16384 &redef; ## If we're not seeing our peer's ACKs, the maximum volume of data above a @@ -1017,7 +1017,7 @@ const tcp_max_initial_window = 16384 &redef; ## drop and we should give up on tracking a connection. If set to zero, then we ## don't ever give up. ## -## .. bro:see:: tcp_max_initial_window tcp_excessive_data_without_further_acks +## .. zeek:see:: tcp_max_initial_window tcp_excessive_data_without_further_acks const tcp_max_above_hole_without_any_acks = 16384 &redef; ## If we've seen this much data without any of it being acked, we give up @@ -1026,7 +1026,7 @@ const tcp_max_above_hole_without_any_acks = 16384 &redef; ## track the current window on a connection and use it to infer that data ## has in fact gone too far, but for now we just make this quite beefy. ## -## .. bro:see:: tcp_max_initial_window tcp_max_above_hole_without_any_acks +## .. zeek:see:: tcp_max_initial_window tcp_max_above_hole_without_any_acks const tcp_excessive_data_without_further_acks = 10 * 1024 * 1024 &redef; ## Number of TCP segments to buffer beyond what's been acknowledged already @@ -1037,46 +1037,46 @@ const tcp_max_old_segments = 0 &redef; ## For services without a handler, these sets define originator-side ports ## that still trigger reassembly. ## -## .. bro:see:: tcp_reassembler_ports_resp +## .. zeek:see:: tcp_reassembler_ports_resp const tcp_reassembler_ports_orig: set[port] = {} &redef; ## For services without a handler, these sets define responder-side ports ## that still trigger reassembly. ## -## .. bro:see:: tcp_reassembler_ports_orig +## .. zeek:see:: tcp_reassembler_ports_orig const tcp_reassembler_ports_resp: set[port] = {} &redef; ## Defines destination TCP ports for which the contents of the originator stream -## should be delivered via :bro:see:`tcp_contents`. +## should be delivered via :zeek:see:`tcp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_resp tcp_content_deliver_all_orig +## .. zeek:see:: tcp_content_delivery_ports_resp tcp_content_deliver_all_orig ## tcp_content_deliver_all_resp udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_orig ## udp_content_deliver_all_resp tcp_contents const tcp_content_delivery_ports_orig: table[port] of bool = {} &redef; ## Defines destination TCP ports for which the contents of the responder stream -## should be delivered via :bro:see:`tcp_contents`. +## should be delivered via :zeek:see:`tcp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig tcp_content_deliver_all_orig +## .. zeek:see:: tcp_content_delivery_ports_orig tcp_content_deliver_all_orig ## tcp_content_deliver_all_resp udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_orig ## udp_content_deliver_all_resp tcp_contents const tcp_content_delivery_ports_resp: table[port] of bool = {} &redef; ## If true, all TCP originator-side traffic is reported via -## :bro:see:`tcp_contents`. +## :zeek:see:`tcp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig tcp_content_delivery_ports_resp +## .. zeek:see:: tcp_content_delivery_ports_orig tcp_content_delivery_ports_resp ## tcp_content_deliver_all_resp udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_orig ## udp_content_deliver_all_resp tcp_contents const tcp_content_deliver_all_orig = F &redef; ## If true, all TCP responder-side traffic is reported via -## :bro:see:`tcp_contents`. +## :zeek:see:`tcp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig +## .. zeek:see:: tcp_content_delivery_ports_orig ## tcp_content_delivery_ports_resp ## tcp_content_deliver_all_orig udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_orig @@ -1084,9 +1084,9 @@ const tcp_content_deliver_all_orig = F &redef; const tcp_content_deliver_all_resp = F &redef; ## Defines UDP destination ports for which the contents of the originator stream -## should be delivered via :bro:see:`udp_contents`. +## should be delivered via :zeek:see:`udp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig +## .. zeek:see:: tcp_content_delivery_ports_orig ## tcp_content_delivery_ports_resp ## tcp_content_deliver_all_orig tcp_content_deliver_all_resp ## udp_content_delivery_ports_resp udp_content_deliver_all_orig @@ -1094,18 +1094,18 @@ const tcp_content_deliver_all_resp = F &redef; const udp_content_delivery_ports_orig: table[port] of bool = {} &redef; ## Defines UDP destination ports for which the contents of the responder stream -## should be delivered via :bro:see:`udp_contents`. +## should be delivered via :zeek:see:`udp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig +## .. zeek:see:: tcp_content_delivery_ports_orig ## tcp_content_delivery_ports_resp tcp_content_deliver_all_orig ## tcp_content_deliver_all_resp udp_content_delivery_ports_orig ## udp_content_deliver_all_orig udp_content_deliver_all_resp udp_contents const udp_content_delivery_ports_resp: table[port] of bool = {} &redef; ## If true, all UDP originator-side traffic is reported via -## :bro:see:`udp_contents`. +## :zeek:see:`udp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig +## .. zeek:see:: tcp_content_delivery_ports_orig ## tcp_content_delivery_ports_resp tcp_content_deliver_all_resp ## tcp_content_delivery_ports_orig udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_resp @@ -1113,9 +1113,9 @@ const udp_content_delivery_ports_resp: table[port] of bool = {} &redef; const udp_content_deliver_all_orig = F &redef; ## If true, all UDP responder-side traffic is reported via -## :bro:see:`udp_contents`. +## :zeek:see:`udp_contents`. ## -## .. bro:see:: tcp_content_delivery_ports_orig +## .. zeek:see:: tcp_content_delivery_ports_orig ## tcp_content_delivery_ports_resp tcp_content_deliver_all_resp ## tcp_content_delivery_ports_orig udp_content_delivery_ports_orig ## udp_content_delivery_ports_resp udp_content_deliver_all_orig @@ -1124,19 +1124,19 @@ const udp_content_deliver_all_resp = F &redef; ## Check for expired table entries after this amount of time. ## -## .. bro:see:: table_incremental_step table_expire_delay +## .. zeek:see:: table_incremental_step table_expire_delay const table_expire_interval = 10 secs &redef; ## When expiring/serializing table entries, don't work on more than this many ## table entries at a time. ## -## .. bro:see:: table_expire_interval table_expire_delay +## .. zeek:see:: table_expire_interval table_expire_delay const table_incremental_step = 5000 &redef; ## When expiring table entries, wait this amount of time before checking the ## next chunk of entries. ## -## .. bro:see:: table_expire_interval table_incremental_step +## .. zeek:see:: table_expire_interval table_incremental_step const table_expire_delay = 0.01 secs &redef; ## Time to wait before timing out a DNS request. @@ -1158,7 +1158,7 @@ const encap_hdr_size = 0 &redef; ## Whether to use the ``ConnSize`` analyzer to count the number of packets and ## IP-level bytes transferred by each endpoint. If true, these values are -## returned in the connection's :bro:see:`endpoint` record value. +## returned in the connection's :zeek:see:`endpoint` record value. const use_conn_size_analyzer = T &redef; # todo:: these should go into an enum to make them autodoc'able. @@ -1167,7 +1167,7 @@ const ENDIAN_LITTLE = 1; ##< Little endian. const ENDIAN_BIG = 2; ##< Big endian. const ENDIAN_CONFUSED = 3; ##< Tried to determine endian, but failed. -# Values for :bro:see:`set_contents_file` *direction* argument. +# Values for :zeek:see:`set_contents_file` *direction* argument. # todo:: these should go into an enum to make them autodoc'able const CONTENTS_NONE = 0; ##< Turn off recording of contents. const CONTENTS_ORIG = 1; ##< Record originator contents. @@ -1177,7 +1177,7 @@ const CONTENTS_BOTH = 3; ##< Record both originator and responder contents. # Values for code of ICMP *unreachable* messages. The list is not exhaustive. # todo:: these should go into an enum to make them autodoc'able # -# .. bro:see:: icmp_unreachable +# .. zeek:see:: icmp_unreachable const ICMP_UNREACH_NET = 0; ##< Network unreachable. const ICMP_UNREACH_HOST = 1; ##< Host unreachable. const ICMP_UNREACH_PROTOCOL = 2; ##< Protocol unreachable. @@ -1211,7 +1211,7 @@ const IPPROTO_MOBILITY = 135; ##< IPv6 mobility header. ## Values extracted from an IPv6 extension header's (e.g. hop-by-hop or ## destination option headers) option field. ## -## .. bro:see:: ip6_hdr ip6_ext_hdr ip6_hopopts ip6_dstopts +## .. zeek:see:: ip6_hdr ip6_ext_hdr ip6_hopopts ip6_dstopts type ip6_option: record { otype: count; ##< Option type. len: count; ##< Option data length. @@ -1223,10 +1223,10 @@ type ip6_options: vector of ip6_option; ## Values extracted from an IPv6 Hop-by-Hop options extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr ip6_option +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr ip6_option type ip6_hopopts: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## Length of header in 8-octet units, excluding first unit. len: count; @@ -1236,10 +1236,10 @@ type ip6_hopopts: record { ## Values extracted from an IPv6 Destination options extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr ip6_option +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr ip6_option type ip6_dstopts: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## Length of header in 8-octet units, excluding first unit. len: count; @@ -1249,10 +1249,10 @@ type ip6_dstopts: record { ## Values extracted from an IPv6 Routing extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr type ip6_routing: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## Length of header in 8-octet units, excluding first unit. len: count; @@ -1266,10 +1266,10 @@ type ip6_routing: record { ## Values extracted from an IPv6 Fragment extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr type ip6_fragment: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## 8-bit reserved field. rsv1: count; @@ -1285,10 +1285,10 @@ type ip6_fragment: record { ## Values extracted from an IPv6 Authentication extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr type ip6_ah: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## Length of header in 4-octet units, excluding first two units. len: count; @@ -1304,7 +1304,7 @@ type ip6_ah: record { ## Values extracted from an IPv6 ESP extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr type ip6_esp: record { ## Security Parameters Index. spi: count; @@ -1314,7 +1314,7 @@ type ip6_esp: record { ## Values extracted from an IPv6 Mobility Binding Refresh Request message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_brr: record { ## Reserved. rsv: count; @@ -1324,7 +1324,7 @@ type ip6_mobility_brr: record { ## Values extracted from an IPv6 Mobility Home Test Init message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_hoti: record { ## Reserved. rsv: count; @@ -1336,7 +1336,7 @@ type ip6_mobility_hoti: record { ## Values extracted from an IPv6 Mobility Care-of Test Init message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_coti: record { ## Reserved. rsv: count; @@ -1348,7 +1348,7 @@ type ip6_mobility_coti: record { ## Values extracted from an IPv6 Mobility Home Test message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_hot: record { ## Home Nonce Index. nonce_idx: count; @@ -1362,7 +1362,7 @@ type ip6_mobility_hot: record { ## Values extracted from an IPv6 Mobility Care-of Test message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_cot: record { ## Care-of Nonce Index. nonce_idx: count; @@ -1376,7 +1376,7 @@ type ip6_mobility_cot: record { ## Values extracted from an IPv6 Mobility Binding Update message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_bu: record { ## Sequence number. seq: count; @@ -1396,7 +1396,7 @@ type ip6_mobility_bu: record { ## Values extracted from an IPv6 Mobility Binding Acknowledgement message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_back: record { ## Status. status: count; @@ -1412,7 +1412,7 @@ type ip6_mobility_back: record { ## Values extracted from an IPv6 Mobility Binding Error message. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr ip6_mobility_msg type ip6_mobility_be: record { ## Status. status: count; @@ -1424,7 +1424,7 @@ type ip6_mobility_be: record { ## Values extracted from an IPv6 Mobility header's message data. ## -## .. bro:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: ip6_mobility_hdr ip6_hdr ip6_ext_hdr type ip6_mobility_msg: record { ## The type of message from the header's MH Type field. id: count; @@ -1448,10 +1448,10 @@ type ip6_mobility_msg: record { ## Values extracted from an IPv6 Mobility header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr type ip6_mobility_hdr: record { ## Protocol number of the next header (RFC 1700 et seq., IANA assigned - ## number), e.g. :bro:id:`IPPROTO_ICMP`. + ## number), e.g. :zeek:id:`IPPROTO_ICMP`. nxt: count; ## Length of header in 8-octet units, excluding first unit. len: count; @@ -1467,7 +1467,7 @@ type ip6_mobility_hdr: record { ## A general container for a more specific IPv6 extension header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_hopopts ip6_dstopts ip6_routing ip6_fragment +## .. zeek:see:: pkt_hdr ip4_hdr ip6_hopopts ip6_dstopts ip6_routing ip6_fragment ## ip6_ah ip6_esp type ip6_ext_hdr: record { ## The RFC 1700 et seq. IANA assigned number identifying the type of @@ -1494,7 +1494,7 @@ type ip6_ext_hdr_chain: vector of ip6_ext_hdr; ## Values extracted from an IPv6 header. ## -## .. bro:see:: pkt_hdr ip4_hdr ip6_ext_hdr ip6_hopopts ip6_dstopts +## .. zeek:see:: pkt_hdr ip4_hdr ip6_ext_hdr ip6_hopopts ip6_dstopts ## ip6_routing ip6_fragment ip6_ah ip6_esp type ip6_hdr: record { class: count; ##< Traffic class. @@ -1502,7 +1502,7 @@ type ip6_hdr: record { len: count; ##< Payload length. nxt: count; ##< Protocol number of the next header ##< (RFC 1700 et seq., IANA assigned number) - ##< e.g. :bro:id:`IPPROTO_ICMP`. + ##< e.g. :zeek:id:`IPPROTO_ICMP`. hlim: count; ##< Hop limit. src: addr; ##< Source address. dst: addr; ##< Destination address. @@ -1511,7 +1511,7 @@ type ip6_hdr: record { ## Values extracted from an IPv4 header. ## -## .. bro:see:: pkt_hdr ip6_hdr discarder_check_ip +## .. zeek:see:: pkt_hdr ip6_hdr discarder_check_ip type ip4_hdr: record { hl: count; ##< Header length in bytes. tos: count; ##< Type of service. @@ -1536,7 +1536,7 @@ const TH_FLAGS = 63; ##< Mask combining all flags. ## Values extracted from a TCP header. ## -## .. bro:see:: pkt_hdr discarder_check_tcp +## .. zeek:see:: pkt_hdr discarder_check_tcp type tcp_hdr: record { sport: port; ##< source port. dport: port; ##< destination port @@ -1550,7 +1550,7 @@ type tcp_hdr: record { ## Values extracted from a UDP header. ## -## .. bro:see:: pkt_hdr discarder_check_udp +## .. zeek:see:: pkt_hdr discarder_check_udp type udp_hdr: record { sport: port; ##< source port dport: port; ##< destination port @@ -1559,14 +1559,14 @@ type udp_hdr: record { ## Values extracted from an ICMP header. ## -## .. bro:see:: pkt_hdr discarder_check_icmp +## .. zeek:see:: pkt_hdr discarder_check_icmp type icmp_hdr: record { icmp_type: count; ##< type of message }; ## A packet header, consisting of an IP header and transport-layer header. ## -## .. bro:see:: new_packet +## .. zeek:see:: new_packet type pkt_hdr: record { ip: ip4_hdr &optional; ##< The IPv4 header if an IPv4 packet. ip6: ip6_hdr &optional; ##< The IPv6 header if an IPv6 packet. @@ -1577,7 +1577,7 @@ type pkt_hdr: record { ## Values extracted from the layer 2 header. ## -## .. bro:see:: pkt_hdr +## .. zeek:see:: pkt_hdr type l2_hdr: record { encap: link_encap; ##< L2 link encapsulation. len: count; ##< Total frame length on wire. @@ -1591,9 +1591,9 @@ type l2_hdr: record { }; ## A raw packet header, consisting of L2 header and everything in -## :bro:see:`pkt_hdr`. . +## :zeek:see:`pkt_hdr`. . ## -## .. bro:see:: raw_packet pkt_hdr +## .. zeek:see:: raw_packet pkt_hdr type raw_pkt_hdr: record { l2: l2_hdr; ##< The layer 2 header. ip: ip4_hdr &optional; ##< The IPv4 header if an IPv4 packet. @@ -1606,7 +1606,7 @@ type raw_pkt_hdr: record { ## A Teredo origin indication header. See :rfc:`4380` for more information ## about the Teredo protocol. ## -## .. bro:see:: teredo_bubble teredo_origin_indication teredo_authentication +## .. zeek:see:: teredo_bubble teredo_origin_indication teredo_authentication ## teredo_hdr type teredo_auth: record { id: string; ##< Teredo client identifier. @@ -1622,7 +1622,7 @@ type teredo_auth: record { ## A Teredo authentication header. See :rfc:`4380` for more information ## about the Teredo protocol. ## -## .. bro:see:: teredo_bubble teredo_origin_indication teredo_authentication +## .. zeek:see:: teredo_bubble teredo_origin_indication teredo_authentication ## teredo_hdr type teredo_origin: record { p: port; ##< Unobfuscated UDP port of Teredo client. @@ -1632,7 +1632,7 @@ type teredo_origin: record { ## A Teredo packet header. See :rfc:`4380` for more information about the ## Teredo protocol. ## -## .. bro:see:: teredo_bubble teredo_origin_indication teredo_authentication +## .. zeek:see:: teredo_bubble teredo_origin_indication teredo_authentication type teredo_hdr: record { auth: teredo_auth &optional; ##< Teredo authentication header. origin: teredo_origin &optional; ##< Teredo origin indication header. @@ -1831,7 +1831,7 @@ global log_file_name: function(tag: string): string &redef; global open_log_file: function(tag: string): file &redef; ## Specifies a directory for Bro to store its persistent state. All globals can -## be declared persistent via the :bro:attr:`&persistent` attribute. +## be declared persistent via the :zeek:attr:`&persistent` attribute. const state_dir = ".state" &redef; ## Length of the delays inserted when storing state incrementally. To avoid @@ -1892,7 +1892,7 @@ global secondary_filters: table[string] of event(filter: string, pkt: pkt_hdr) ## Maximum length of payload passed to discarder functions. ## -## .. bro:see:: discarder_check_tcp discarder_check_udp discarder_check_icmp +## .. zeek:see:: discarder_check_tcp discarder_check_udp discarder_check_icmp ## discarder_check_ip global discarder_maxlen = 128 &redef; @@ -1905,7 +1905,7 @@ global discarder_maxlen = 128 &redef; ## ## Returns: True if the packet should not be analyzed any further. ## -## .. bro:see:: discarder_check_tcp discarder_check_udp discarder_check_icmp +## .. zeek:see:: discarder_check_tcp discarder_check_udp discarder_check_icmp ## discarder_maxlen ## ## .. note:: This is very low-level functionality and potentially expensive. @@ -1919,11 +1919,11 @@ global discarder_check_ip: function(p: pkt_hdr): bool; ## ## p: The IP and TCP headers of the considered packet. ## -## d: Up to :bro:see:`discarder_maxlen` bytes of the TCP payload. +## d: Up to :zeek:see:`discarder_maxlen` bytes of the TCP payload. ## ## Returns: True if the packet should not be analyzed any further. ## -## .. bro:see:: discarder_check_ip discarder_check_udp discarder_check_icmp +## .. zeek:see:: discarder_check_ip discarder_check_udp discarder_check_icmp ## discarder_maxlen ## ## .. note:: This is very low-level functionality and potentially expensive. @@ -1937,11 +1937,11 @@ global discarder_check_tcp: function(p: pkt_hdr, d: string): bool; ## ## p: The IP and UDP headers of the considered packet. ## -## d: Up to :bro:see:`discarder_maxlen` bytes of the UDP payload. +## d: Up to :zeek:see:`discarder_maxlen` bytes of the UDP payload. ## ## Returns: True if the packet should not be analyzed any further. ## -## .. bro:see:: discarder_check_ip discarder_check_tcp discarder_check_icmp +## .. zeek:see:: discarder_check_ip discarder_check_tcp discarder_check_icmp ## discarder_maxlen ## ## .. note:: This is very low-level functionality and potentially expensive. @@ -1957,7 +1957,7 @@ global discarder_check_udp: function(p: pkt_hdr, d: string): bool; ## ## Returns: True if the packet should not be analyzed any further. ## -## .. bro:see:: discarder_check_ip discarder_check_tcp discarder_check_udp +## .. zeek:see:: discarder_check_ip discarder_check_tcp discarder_check_udp ## discarder_maxlen ## ## .. note:: This is very low-level functionality and potentially expensive. @@ -1979,7 +1979,7 @@ const max_remote_events_processed = 10 &redef; # These need to match the definitions in Login.h. # -# .. bro:see:: get_login_state +# .. zeek:see:: get_login_state # # todo:: use enum to make them autodoc'able const LOGIN_STATE_AUTHENTICATE = 0; # Trying to authenticate. @@ -2061,7 +2061,7 @@ global login_timeouts: set[string] &redef; ## A MIME header key/value pair. ## -## .. bro:see:: mime_header_list http_all_headers mime_all_headers mime_one_header +## .. zeek:see:: mime_header_list http_all_headers mime_all_headers mime_one_header type mime_header_rec: record { name: string; ##< The header name. value: string; ##< The header value. @@ -2069,22 +2069,22 @@ type mime_header_rec: record { ## A list of MIME headers. ## -## .. bro:see:: mime_header_rec http_all_headers mime_all_headers +## .. zeek:see:: mime_header_rec http_all_headers mime_all_headers type mime_header_list: table[count] of mime_header_rec; ## The length of MIME data segments delivered to handlers of -## :bro:see:`mime_segment_data`. +## :zeek:see:`mime_segment_data`. ## -## .. bro:see:: mime_segment_data mime_segment_overlap_length +## .. zeek:see:: mime_segment_data mime_segment_overlap_length global mime_segment_length = 1024 &redef; ## The number of bytes of overlap between successive segments passed to -## :bro:see:`mime_segment_data`. +## :zeek:see:`mime_segment_data`. global mime_segment_overlap_length = 0 &redef; ## An RPC portmapper mapping. ## -## .. bro:see:: pm_mappings +## .. zeek:see:: pm_mappings type pm_mapping: record { program: count; ##< The RPC program. version: count; ##< The program version. @@ -2093,12 +2093,12 @@ type pm_mapping: record { ## Table of RPC portmapper mappings. ## -## .. bro:see:: pm_request_dump +## .. zeek:see:: pm_request_dump type pm_mappings: table[count] of pm_mapping; ## An RPC portmapper request. ## -## .. bro:see:: pm_attempt_getport pm_request_getport +## .. zeek:see:: pm_attempt_getport pm_request_getport type pm_port_request: record { program: count; ##< The RPC program. version: count; ##< The program version. @@ -2107,7 +2107,7 @@ type pm_port_request: record { ## An RPC portmapper *callit* request. ## -## .. bro:see:: pm_attempt_callit pm_request_callit +## .. zeek:see:: pm_attempt_callit pm_request_callit type pm_callit_request: record { program: count; ##< The RPC program. version: count; ##< The program version. @@ -2128,7 +2128,7 @@ type pm_callit_request: record { ## Mapping of numerical RPC status codes to readable messages. ## -## .. bro:see:: pm_attempt_callit pm_attempt_dump pm_attempt_getport +## .. zeek:see:: pm_attempt_callit pm_attempt_dump pm_attempt_getport ## pm_attempt_null pm_attempt_set pm_attempt_unset rpc_dialogue rpc_reply const RPC_status = { [RPC_SUCCESS] = "ok", @@ -2145,17 +2145,17 @@ const RPC_status = { module NFS3; export { - ## If true, :bro:see:`nfs_proc_read` and :bro:see:`nfs_proc_write` + ## If true, :zeek:see:`nfs_proc_read` and :zeek:see:`nfs_proc_write` ## events return the file data that has been read/written. ## - ## .. bro:see:: NFS3::return_data_max NFS3::return_data_first_only + ## .. zeek:see:: NFS3::return_data_max NFS3::return_data_first_only const return_data = F &redef; - ## If :bro:id:`NFS3::return_data` is true, how much data should be + ## If :zeek:id:`NFS3::return_data` is true, how much data should be ## returned at most. const return_data_max = 512 &redef; - ## If :bro:id:`NFS3::return_data` is true, whether to *only* return data + ## If :zeek:id:`NFS3::return_data` is true, whether to *only* return data ## if the read or write offset is 0, i.e., only return data for the ## beginning of the file. const return_data_first_only = T &redef; @@ -2171,7 +2171,7 @@ export { ## analyzer. Depending on the reassembler, this might be well after the ## first packet of the request was received. ## - ## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup + ## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup ## nfs_proc_mkdir nfs_proc_not_implemented nfs_proc_null ## nfs_proc_read nfs_proc_readdir nfs_proc_readlink nfs_proc_remove ## nfs_proc_rmdir nfs_proc_write nfs_reply_status @@ -2206,7 +2206,7 @@ export { ## NFS file attributes. Field names are based on RFC 1813. ## - ## .. bro:see:: nfs_proc_sattr + ## .. zeek:see:: nfs_proc_sattr type sattr_t: record { mode: count &optional; ##< Mode uid: count &optional; ##< User ID. @@ -2218,7 +2218,7 @@ export { ## NFS file attributes. Field names are based on RFC 1813. ## - ## .. bro:see:: nfs_proc_getattr + ## .. zeek:see:: nfs_proc_getattr type fattr_t: record { ftype: file_type_t; ##< File type. mode: count; ##< Mode @@ -2238,7 +2238,7 @@ export { ## NFS symlinkdata attributes. Field names are based on RFC 1813 ## - ## .. bro:see:: nfs_proc_symlink + ## .. zeek:see:: nfs_proc_symlink type symlinkdata_t: record { symlink_attributes: sattr_t; ##< The initial attributes for the symbolic link nfspath: string &optional; ##< The string containing the symbolic link data. @@ -2246,7 +2246,7 @@ export { ## NFS *readdir* arguments. ## - ## .. bro:see:: nfs_proc_readdir + ## .. zeek:see:: nfs_proc_readdir type diropargs_t : record { dirfh: string; ##< The file handle of the directory. fname: string; ##< The name of the file we are interested in. @@ -2254,7 +2254,7 @@ export { ## NFS *rename* arguments. ## - ## .. bro:see:: nfs_proc_rename + ## .. zeek:see:: nfs_proc_rename type renameopargs_t : record { src_dirfh : string; src_fname : string; @@ -2264,7 +2264,7 @@ export { ## NFS *symlink* arguments. ## - ## .. bro:see:: nfs_proc_symlink + ## .. zeek:see:: nfs_proc_symlink type symlinkargs_t: record { link : diropargs_t; ##< The location of the link to be created. symlinkdata: symlinkdata_t; ##< The symbolic link to be created. @@ -2272,7 +2272,7 @@ export { ## NFS *link* arguments. ## - ## .. bro:see:: nfs_proc_link + ## .. zeek:see:: nfs_proc_link type linkargs_t: record { fh : string; ##< The file handle for the existing file system object. link : diropargs_t; ##< The location of the link to be created. @@ -2280,7 +2280,7 @@ export { ## NFS *sattr* arguments. ## - ## .. bro:see:: nfs_proc_sattr + ## .. zeek:see:: nfs_proc_sattr type sattrargs_t: record { fh : string; ##< The file handle for the existing file system object. new_attributes: sattr_t; ##< The new attributes for the file. @@ -2290,7 +2290,7 @@ export { ## lookup succeeded, *fh* is always set and *obj_attr* and *dir_attr* ## may be set. ## - ## .. bro:see:: nfs_proc_lookup + ## .. zeek:see:: nfs_proc_lookup type lookup_reply_t: record { fh: string &optional; ##< File handle of object looked up. obj_attr: fattr_t &optional; ##< Optional attributes associated w/ file @@ -2299,7 +2299,7 @@ export { ## NFS *read* arguments. ## - ## .. bro:see:: nfs_proc_read + ## .. zeek:see:: nfs_proc_read type readargs_t: record { fh: string; ##< File handle to read from. offset: count; ##< Offset in file. @@ -2318,7 +2318,7 @@ export { ## NFS *readline* reply. If the request fails, *attr* may be set. If the ## request succeeds, *attr* may be set and all other fields are set. ## - ## .. bro:see:: nfs_proc_readlink + ## .. zeek:see:: nfs_proc_readlink type readlink_reply_t: record { attr: fattr_t &optional; ##< Attributes. nfspath: string &optional; ##< Contents of the symlink; in general a pathname as text. @@ -2326,7 +2326,7 @@ export { ## NFS *write* arguments. ## - ## .. bro:see:: nfs_proc_write + ## .. zeek:see:: nfs_proc_write type writeargs_t: record { fh: string; ##< File handle to write to. offset: count; ##< Offset in file. @@ -2337,7 +2337,7 @@ export { ## NFS *wcc* attributes. ## - ## .. bro:see:: NFS3::write_reply_t + ## .. zeek:see:: NFS3::write_reply_t type wcc_attr_t: record { size: count; ##< The size. atime: time; ##< Access time. @@ -2346,7 +2346,7 @@ export { ## NFS *link* reply. ## - ## .. bro:see:: nfs_proc_link + ## .. zeek:see:: nfs_proc_link type link_reply_t: record { post_attr: fattr_t &optional; ##< Optional post-operation attributes of the file system object identified by file preattr: wcc_attr_t &optional; ##< Optional attributes associated w/ file. @@ -2365,7 +2365,7 @@ export { ## If the request succeeds, *pre|post* attr may be set and all other ## fields are set. ## - ## .. bro:see:: nfs_proc_write + ## .. zeek:see:: nfs_proc_write type write_reply_t: record { preattr: wcc_attr_t &optional; ##< Pre operation attributes. postattr: fattr_t &optional; ##< Post operation attributes. @@ -2379,7 +2379,7 @@ export { ## *attr*'s may be set. Note: no guarantee that *fh* is set after ## success. ## - ## .. bro:see:: nfs_proc_create nfs_proc_mkdir + ## .. zeek:see:: nfs_proc_create nfs_proc_mkdir type newobj_reply_t: record { fh: string &optional; ##< File handle of object created. obj_attr: fattr_t &optional; ##< Optional attributes associated w/ new object. @@ -2389,7 +2389,7 @@ export { ## NFS reply for *remove*, *rmdir*. Corresponds to *wcc_data* in the spec. ## - ## .. bro:see:: nfs_proc_remove nfs_proc_rmdir + ## .. zeek:see:: nfs_proc_remove nfs_proc_rmdir type delobj_reply_t: record { dir_pre_attr: wcc_attr_t &optional; ##< Optional attributes associated w/ dir. dir_post_attr: fattr_t &optional; ##< Optional attributes associated w/ dir. @@ -2397,7 +2397,7 @@ export { ## NFS reply for *rename*. Corresponds to *wcc_data* in the spec. ## - ## .. bro:see:: nfs_proc_rename + ## .. zeek:see:: nfs_proc_rename type renameobj_reply_t: record { src_dir_pre_attr: wcc_attr_t; src_dir_post_attr: fattr_t; @@ -2407,7 +2407,7 @@ export { ## NFS *readdir* arguments. Used for both *readdir* and *readdirplus*. ## - ## .. bro:see:: nfs_proc_readdir + ## .. zeek:see:: nfs_proc_readdir type readdirargs_t: record { isplus: bool; ##< Is this a readdirplus request? dirfh: string; ##< The directory filehandle. @@ -2420,7 +2420,7 @@ export { ## NFS *direntry*. *fh* and *attr* are used for *readdirplus*. However, ## even for *readdirplus* they may not be filled out. ## - ## .. bro:see:: NFS3::direntry_vec_t NFS3::readdir_reply_t + ## .. zeek:see:: NFS3::direntry_vec_t NFS3::readdir_reply_t type direntry_t: record { fileid: count; ##< E.g., inode number. fname: string; ##< Filename. @@ -2431,7 +2431,7 @@ export { ## Vector of NFS *direntry*. ## - ## .. bro:see:: NFS3::readdir_reply_t + ## .. zeek:see:: NFS3::readdir_reply_t type direntry_vec_t: vector of direntry_t; ## NFS *readdir* reply. Used for *readdir* and *readdirplus*. If an is @@ -2473,7 +2473,7 @@ export { # analyzer. Depending on the reassembler, this might be well after the # first packet of the request was received. # - # .. bro:see:: mount_proc_mnt mount_proc_dump mount_proc_umnt + # .. zeek:see:: mount_proc_mnt mount_proc_dump mount_proc_umnt # mount_proc_umntall mount_proc_export mount_proc_not_implemented type info_t: record { ## The RPC status. @@ -2506,7 +2506,7 @@ export { ## MOUNT *mnt* arguments. ## - ## .. bro:see:: mount_proc_mnt + ## .. zeek:see:: mount_proc_mnt type dirmntargs_t : record { dirname: string; ##< Name of directory to mount }; @@ -2514,7 +2514,7 @@ export { ## MOUNT lookup reply. If the mount failed, *dir_attr* may be set. If the ## mount succeeded, *fh* is always set. ## - ## .. bro:see:: mount_proc_mnt + ## .. zeek:see:: mount_proc_mnt type mnt_reply_t: record { dirfh: string &optional; ##< Dir handle auth_flavors: vector of auth_flavor_t &optional; ##< Returned authentication flavors @@ -2571,7 +2571,7 @@ module GLOBAL; ## An NTP message. ## -## .. bro:see:: ntp_message +## .. zeek:see:: ntp_message type ntp_msg: record { id: count; ##< Message ID. code: count; ##< Message code. @@ -2730,7 +2730,7 @@ export { ## ## For more information, see MS-SMB2:2.2.16 ## - ## .. bro:see:: smb1_nt_create_andx_response smb2_create_response + ## .. zeek:see:: smb1_nt_create_andx_response smb2_create_response type SMB::MACTimes: record { ## The time when data was last written to the file. modified : time &log; @@ -2746,7 +2746,7 @@ export { ## only comes into play as a heuristic to identify named ## pipes when the drive mapping wasn't seen by Bro. ## - ## .. bro:see:: smb_pipe_connect_heuristic + ## .. zeek:see:: smb_pipe_connect_heuristic const SMB::pipe_filenames: set[string] &redef; } @@ -2755,7 +2755,7 @@ module SMB1; export { ## An SMB1 header. ## - ## .. bro:see:: smb1_message smb1_empty_response smb1_error + ## .. zeek:see:: smb1_message smb1_empty_response smb1_error ## smb1_check_directory_request smb1_check_directory_response ## smb1_close_request smb1_create_directory_request ## smb1_create_directory_response smb1_echo_request @@ -3112,7 +3112,7 @@ export { ## ## For more information, see MS-SMB2:2.2.1.1 and MS-SMB2:2.2.1.2 ## - ## .. bro:see:: smb2_message smb2_close_request smb2_close_response + ## .. zeek:see:: smb2_message smb2_close_request smb2_close_response ## smb2_create_request smb2_create_response smb2_negotiate_request ## smb2_negotiate_response smb2_read_request ## smb2_session_setup_request smb2_session_setup_response @@ -3150,7 +3150,7 @@ export { ## ## For more information, see MS-SMB2:2.2.14.1 ## - ## .. bro:see:: smb2_close_request smb2_create_response smb2_read_request + ## .. zeek:see:: smb2_close_request smb2_create_response smb2_read_request ## smb2_file_rename smb2_file_delete smb2_write_request type SMB2::GUID: record { ## A file handle that remains persistent when reconnected after a disconnect @@ -3163,7 +3163,7 @@ export { ## ## For more information, see MS-CIFS:2.2.1.2.3 and MS-FSCC:2.6 ## - ## .. bro:see:: smb2_create_response + ## .. zeek:see:: smb2_create_response type SMB2::FileAttrs: record { ## The file is read only. Applications can read the file but cannot ## write to it or delete it. @@ -3214,7 +3214,7 @@ export { ## ## For more information, see MS-SMB2:2.2.16 ## - ## .. bro:see:: smb2_close_response + ## .. zeek:see:: smb2_close_response type SMB2::CloseResponse: record { ## The size, in bytes of the data that is allocated to the file. alloc_size : count; @@ -3289,7 +3289,7 @@ export { ## ## For more information, see MS-SMB2:2.2.4 ## - ## .. bro:see:: smb2_negotiate_response + ## .. zeek:see:: smb2_negotiate_response type SMB2::NegotiateResponse: record { ## The preferred common SMB2 Protocol dialect number from the array that was sent in the SMB2 ## NEGOTIATE Request. @@ -3314,7 +3314,7 @@ export { ## ## For more information, see MS-SMB2:2.2.5 ## - ## .. bro:see:: smb2_session_setup_request + ## .. zeek:see:: smb2_session_setup_request type SMB2::SessionSetupRequest: record { ## The security mode field specifies whether SMB signing is enabled or required at the client. security_mode: count; @@ -3325,7 +3325,7 @@ export { ## ## For more information, see MS-SMB2:2.2.6 ## - ## .. bro:see:: smb2_session_setup_response + ## .. zeek:see:: smb2_session_setup_response type SMB2::SessionSetupFlags: record { ## If set, the client has been authenticated as a guest user. guest: bool; @@ -3341,7 +3341,7 @@ export { ## ## For more information, see MS-SMB2:2.2.6 ## - ## .. bro:see:: smb2_session_setup_response + ## .. zeek:see:: smb2_session_setup_response type SMB2::SessionSetupResponse: record { ## Additional information about the session flags: SMB2::SessionSetupFlags; @@ -3352,7 +3352,7 @@ export { ## ## For more information, see MS-SMB2:2.2.9 ## - ## .. bro:see:: smb2_tree_connect_response + ## .. zeek:see:: smb2_tree_connect_response type SMB2::TreeConnectResponse: record { ## The type of share being accessed. Physical disk, named pipe, or printer. share_type: count; @@ -3362,7 +3362,7 @@ export { ## ## For more information, see MS-SMB2:2.2.13 ## - ## .. bro:see:: smb2_create_request + ## .. zeek:see:: smb2_create_request type SMB2::CreateRequest: record { ## Name of the file filename : string; @@ -3377,7 +3377,7 @@ export { ## ## For more information, see MS-SMB2:2.2.14 ## - ## .. bro:see:: smb2_create_response + ## .. zeek:see:: smb2_create_response type SMB2::CreateResponse: record { ## The SMB2 GUID for the file. file_id : SMB2::GUID; @@ -3395,7 +3395,7 @@ export { ## ## For more information, see MS-SMB2:2.2.41 ## - ## .. bro:see:: smb2_transform_header smb2_message smb2_close_request smb2_close_response + ## .. zeek:see:: smb2_transform_header smb2_message smb2_close_request smb2_close_response ## smb2_create_request smb2_create_response smb2_negotiate_request ## smb2_negotiate_response smb2_read_request ## smb2_session_setup_request smb2_session_setup_response @@ -3424,11 +3424,11 @@ export { ## A list of addresses offered by a DHCP server. Could be routers, ## DNS servers, or other. ## - ## .. bro:see:: dhcp_message + ## .. zeek:see:: dhcp_message type DHCP::Addrs: vector of addr; ## A DHCP message. - ## .. bro:see:: dhcp_message + ## .. zeek:see:: dhcp_message type DHCP::Msg: record { op: count; ##< Message OP code. 1 = BOOTREQUEST, 2 = BOOTREPLY m_type: count; ##< The type of DHCP message. @@ -3447,7 +3447,7 @@ export { }; ## DHCP Client Identifier (Option 61) - ## .. bro:see:: dhcp_message + ## .. zeek:see:: dhcp_message type DHCP::ClientID: record { hwtype: count; hwaddr: string; @@ -3467,7 +3467,7 @@ export { }; ## DHCP Relay Agent Information Option (Option 82) - ## .. bro:see:: dhcp_message + ## .. zeek:see:: dhcp_message type DHCP::SubOpt: record { code: count; value: string; @@ -3565,7 +3565,7 @@ export { module GLOBAL; ## A DNS message. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end ## dns_message dns_query_reply dns_rejected dns_request @@ -3590,7 +3590,7 @@ type dns_msg: record { ## A DNS SOA record. ## -## .. bro:see:: dns_SOA_reply +## .. zeek:see:: dns_SOA_reply type dns_soa: record { mname: string; ##< Primary source of data for zone. rname: string; ##< Mailbox for responsible person. @@ -3603,7 +3603,7 @@ type dns_soa: record { ## An additional DNS EDNS record. ## -## .. bro:see:: dns_EDNS_addl +## .. zeek:see:: dns_EDNS_addl type dns_edns_additional: record { query: string; ##< Query. qtype: count; ##< Query type. @@ -3618,7 +3618,7 @@ type dns_edns_additional: record { ## An additional DNS TSIG record. ## -## .. bro:see:: dns_TSIG_addl +## .. zeek:see:: dns_TSIG_addl type dns_tsig_additional: record { query: string; ##< Query. qtype: count; ##< Query type. @@ -3633,7 +3633,7 @@ type dns_tsig_additional: record { ## A DNSSEC RRSIG record. ## -## .. bro:see:: dns_RRSIG +## .. zeek:see:: dns_RRSIG type dns_rrsig_rr: record { query: string; ##< Query. answer_type: count; ##< Ans type. @@ -3651,7 +3651,7 @@ type dns_rrsig_rr: record { ## A DNSSEC DNSKEY record. ## -## .. bro:see:: dns_DNSKEY +## .. zeek:see:: dns_DNSKEY type dns_dnskey_rr: record { query: string; ##< Query. answer_type: count; ##< Ans type. @@ -3664,7 +3664,7 @@ type dns_dnskey_rr: record { ## A DNSSEC NSEC3 record. ## -## .. bro:see:: dns_NSEC3 +## .. zeek:see:: dns_NSEC3 type dns_nsec3_rr: record { query: string; ##< Query. answer_type: count; ##< Ans type. @@ -3681,7 +3681,7 @@ type dns_nsec3_rr: record { ## A DNSSEC DS record. ## -## .. bro:see:: dns_DS +## .. zeek:see:: dns_DS type dns_ds_rr: record { query: string; ##< Query. answer_type: count; ##< Ans type. @@ -3694,7 +3694,7 @@ type dns_ds_rr: record { # DNS answer types. # -# .. bro:see:: dns_answerr +# .. zeek:see:: dns_answerr # # todo:: use enum to make them autodoc'able const DNS_QUERY = 0; ##< A query. This shouldn't occur, just for completeness. @@ -3704,12 +3704,12 @@ const DNS_ADDL = 3; ##< An additional record. ## The general part of a DNS reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_HINFO_reply +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_HINFO_reply ## dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply ## dns_TXT_reply dns_WKS_reply type dns_answer: record { - ## Answer type. One of :bro:see:`DNS_QUERY`, :bro:see:`DNS_ANS`, - ## :bro:see:`DNS_AUTH` and :bro:see:`DNS_ADDL`. + ## Answer type. One of :zeek:see:`DNS_QUERY`, :zeek:see:`DNS_ANS`, + ## :zeek:see:`DNS_AUTH` and :zeek:see:`DNS_ADDL`. answer_type: count; query: string; ##< Query. qtype: count; ##< Query type. @@ -3720,23 +3720,23 @@ type dns_answer: record { ## For DNS servers in these sets, omit processing the AUTH records they include ## in their replies. ## -## .. bro:see:: dns_skip_all_auth dns_skip_addl +## .. zeek:see:: dns_skip_all_auth dns_skip_addl global dns_skip_auth: set[addr] &redef; ## For DNS servers in these sets, omit processing the ADDL records they include ## in their replies. ## -## .. bro:see:: dns_skip_all_addl dns_skip_auth +## .. zeek:see:: dns_skip_all_addl dns_skip_auth global dns_skip_addl: set[addr] &redef; ## If true, all DNS AUTH records are skipped. ## -## .. bro:see:: dns_skip_all_addl dns_skip_auth +## .. zeek:see:: dns_skip_all_addl dns_skip_auth global dns_skip_all_auth = T &redef; ## If true, all DNS ADDL records are skipped. ## -## .. bro:see:: dns_skip_all_auth dns_skip_addl +## .. zeek:see:: dns_skip_all_auth dns_skip_addl global dns_skip_all_addl = T &redef; ## If a DNS request includes more than this many queries, assume it's non-DNS @@ -3751,7 +3751,7 @@ const dns_resolver = [::] &redef; ## HTTP session statistics. ## -## .. bro:see:: http_stats +## .. zeek:see:: http_stats type http_stats_rec: record { num_requests: count; ##< Number of requests. num_replies: count; ##< Number of replies. @@ -3761,7 +3761,7 @@ type http_stats_rec: record { ## HTTP message statistics. ## -## .. bro:see:: http_message_done +## .. zeek:see:: http_message_done type http_message_stat: record { ## When the request/reply line was complete. start: time; @@ -3779,25 +3779,25 @@ type http_message_stat: record { ## Maximum number of HTTP entity data delivered to events. ## -## .. bro:see:: http_entity_data skip_http_entity_data skip_http_data +## .. zeek:see:: http_entity_data skip_http_entity_data skip_http_data global http_entity_data_delivery_size = 1500 &redef; ## Skip HTTP data for performance considerations. The skipped ## portion will not go through TCP reassembly. ## -## .. bro:see:: http_entity_data skip_http_entity_data http_entity_data_delivery_size +## .. zeek:see:: http_entity_data skip_http_entity_data http_entity_data_delivery_size const skip_http_data = F &redef; ## Maximum length of HTTP URIs passed to events. Longer ones will be truncated ## to prevent over-long URIs (usually sent by worms) from slowing down event ## processing. A value of -1 means "do not truncate". ## -## .. bro:see:: http_request +## .. zeek:see:: http_request const truncate_http_URI = -1 &redef; ## IRC join information. ## -## .. bro:see:: irc_join_list +## .. zeek:see:: irc_join_list type irc_join_info: record { nick: string; channel: string; @@ -3807,7 +3807,7 @@ type irc_join_info: record { ## Set of IRC join information. ## -## .. bro:see:: irc_join_message +## .. zeek:see:: irc_join_message type irc_join_list: set[irc_join_info]; module PE; @@ -4016,7 +4016,7 @@ type backdoor_endp_stats: record { ## Description of a signature match. ## -## .. bro:see:: signature_match +## .. zeek:see:: signature_match type signature_state: record { sig_id: string; ##< ID of the matching signature. conn: connection; ##< Matching connection. @@ -4046,7 +4046,7 @@ type software: record { ## Quality of passive fingerprinting matches. ## -## .. bro:see:: OS_version +## .. zeek:see:: OS_version type OS_version_inference: enum { direct_inference, ##< TODO. generic_inference, ##< TODO. @@ -4055,7 +4055,7 @@ type OS_version_inference: enum { ## Passive fingerprinting match. ## -## .. bro:see:: OS_version_found +## .. zeek:see:: OS_version_found type OS_version: record { genre: string; ##< Linux, Windows, AIX, ... detail: string; ##< Kernel version or such. @@ -4065,17 +4065,17 @@ type OS_version: record { ## Defines for which subnets we should do passive fingerprinting. ## -## .. bro:see:: OS_version_found +## .. zeek:see:: OS_version_found global generate_OS_version_event: set[subnet] &redef; -# Type used to report load samples via :bro:see:`load_sample`. For now, it's a +# Type used to report load samples via :zeek:see:`load_sample`. For now, it's a # set of names (event names, source file names, and perhaps ````), which were seen during the sample. type load_sample_info: set[string]; ## A BitTorrent peer. ## -## .. bro:see:: bittorrent_peer_set +## .. zeek:see:: bittorrent_peer_set type bittorrent_peer: record { h: addr; ##< The peer's address. p: port; ##< The peer's port. @@ -4083,13 +4083,13 @@ type bittorrent_peer: record { ## A set of BitTorrent peers. ## -## .. bro:see:: bt_tracker_response +## .. zeek:see:: bt_tracker_response type bittorrent_peer_set: set[bittorrent_peer]; ## BitTorrent "benc" value. Note that "benc" = Bencode ("Bee-Encode"), per ## http://en.wikipedia.org/wiki/Bencode. ## -## .. bro:see:: bittorrent_benc_dir +## .. zeek:see:: bittorrent_benc_dir type bittorrent_benc_value: record { i: int &optional; ##< TODO. s: string &optional; ##< TODO. @@ -4099,12 +4099,12 @@ type bittorrent_benc_value: record { ## A table of BitTorrent "benc" values. ## -## .. bro:see:: bt_tracker_response +## .. zeek:see:: bt_tracker_response type bittorrent_benc_dir: table[string] of bittorrent_benc_value; ## Header table type used by BitTorrent analyzer. ## -## .. bro:see:: bt_tracker_request bt_tracker_response +## .. zeek:see:: bt_tracker_request bt_tracker_response ## bt_tracker_response_not_ok type bt_tracker_headers: table[string] of string; @@ -4405,7 +4405,7 @@ export { }; ## A ``VarBindList`` data structure from either :rfc:`1157` or :rfc:`3416`. - ## A sequences of :bro:see:`SNMP::Binding`, which maps an OIDs to values. + ## A sequences of :zeek:see:`SNMP::Binding`, which maps an OIDs to values. type SNMP::Bindings: vector of SNMP::Binding; ## A ``PDU`` data structure from either :rfc:`1157` or :rfc:`3416`. @@ -4648,77 +4648,77 @@ const log_encryption_key = "" &redef; ## Write profiling info into this file in regular intervals. The easiest way to ## activate profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`. ## -## .. bro:see:: profiling_interval expensive_profiling_multiple segment_profiling +## .. zeek:see:: profiling_interval expensive_profiling_multiple segment_profiling global profiling_file: file &redef; ## Update interval for profiling (0 disables). The easiest way to activate ## profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`. ## -## .. bro:see:: profiling_file expensive_profiling_multiple segment_profiling +## .. zeek:see:: profiling_file expensive_profiling_multiple segment_profiling const profiling_interval = 0 secs &redef; -## Multiples of :bro:see:`profiling_interval` at which (more expensive) memory +## Multiples of :zeek:see:`profiling_interval` at which (more expensive) memory ## profiling is done (0 disables). ## -## .. bro:see:: profiling_interval profiling_file segment_profiling +## .. zeek:see:: profiling_interval profiling_file segment_profiling const expensive_profiling_multiple = 0 &redef; ## If true, then write segment profiling information (very high volume!) ## in addition to profiling statistics. ## -## .. bro:see:: profiling_interval expensive_profiling_multiple profiling_file +## .. zeek:see:: profiling_interval expensive_profiling_multiple profiling_file const segment_profiling = F &redef; ## Output modes for packet profiling information. ## -## .. bro:see:: pkt_profile_mode pkt_profile_freq pkt_profile_file +## .. zeek:see:: pkt_profile_mode pkt_profile_freq pkt_profile_file type pkt_profile_modes: enum { PKT_PROFILE_MODE_NONE, ##< No output. - PKT_PROFILE_MODE_SECS, ##< Output every :bro:see:`pkt_profile_freq` seconds. - PKT_PROFILE_MODE_PKTS, ##< Output every :bro:see:`pkt_profile_freq` packets. - PKT_PROFILE_MODE_BYTES, ##< Output every :bro:see:`pkt_profile_freq` bytes. + PKT_PROFILE_MODE_SECS, ##< Output every :zeek:see:`pkt_profile_freq` seconds. + PKT_PROFILE_MODE_PKTS, ##< Output every :zeek:see:`pkt_profile_freq` packets. + PKT_PROFILE_MODE_BYTES, ##< Output every :zeek:see:`pkt_profile_freq` bytes. }; ## Output mode for packet profiling information. ## -## .. bro:see:: pkt_profile_modes pkt_profile_freq pkt_profile_file +## .. zeek:see:: pkt_profile_modes pkt_profile_freq pkt_profile_file const pkt_profile_mode = PKT_PROFILE_MODE_NONE &redef; ## Frequency associated with packet profiling. ## -## .. bro:see:: pkt_profile_modes pkt_profile_mode pkt_profile_file +## .. zeek:see:: pkt_profile_modes pkt_profile_mode pkt_profile_file const pkt_profile_freq = 0.0 &redef; ## File where packet profiles are logged. ## -## .. bro:see:: pkt_profile_modes pkt_profile_freq pkt_profile_mode +## .. zeek:see:: pkt_profile_modes pkt_profile_freq pkt_profile_mode global pkt_profile_file: file &redef; -## Rate at which to generate :bro:see:`load_sample` events. As all +## Rate at which to generate :zeek:see:`load_sample` events. As all ## events, the event is only generated if you've also defined a -## :bro:see:`load_sample` handler. Units are inverse number of packets; e.g., +## :zeek:see:`load_sample` handler. Units are inverse number of packets; e.g., ## a value of 20 means "roughly one in every 20 packets". ## -## .. bro:see:: load_sample +## .. zeek:see:: load_sample global load_sample_freq = 20 &redef; ## Whether to attempt to automatically detect SYN/FIN/RST-filtered trace ## and not report missing segments for such connections. ## If this is enabled, then missing data at the end of connections may not -## be reported via :bro:see:`content_gap`. +## be reported via :zeek:see:`content_gap`. const detect_filtered_trace = F &redef; -## Whether we want :bro:see:`content_gap` for partial +## Whether we want :zeek:see:`content_gap` for partial ## connections. A connection is partial if it is missing a full handshake. Note ## that gap reports for partial connections might not be reliable. ## -## .. bro:see:: content_gap partial_connection +## .. zeek:see:: content_gap partial_connection const report_gaps_for_partial = F &redef; ## Flag to prevent Bro from exiting automatically when input is exhausted. ## Normally Bro terminates when all packet sources have gone dry ## and communication isn't enabled. If this flag is set, Bro's main loop will -## instead keep idling until :bro:see:`terminate` is explicitly called. +## instead keep idling until :zeek:see:`terminate` is explicitly called. ## ## This is mainly for testing purposes when termination behaviour needs to be ## controlled for reproducing results. @@ -4726,18 +4726,18 @@ const exit_only_after_terminate = F &redef; ## The CA certificate file to authorize remote Bros/Broccolis. ## -## .. bro:see:: ssl_private_key ssl_passphrase +## .. zeek:see:: ssl_private_key ssl_passphrase const ssl_ca_certificate = "" &redef; ## File containing our private key and our certificate. ## -## .. bro:see:: ssl_ca_certificate ssl_passphrase +## .. zeek:see:: ssl_ca_certificate ssl_passphrase const ssl_private_key = "" &redef; ## The passphrase for our private key. Keeping this undefined ## causes Bro to prompt for the passphrase. ## -## .. bro:see:: ssl_private_key ssl_ca_certificate +## .. zeek:see:: ssl_private_key ssl_ca_certificate const ssl_passphrase = "" &redef; ## Default mode for Bro's user-space dynamic packet filter. If true, packets @@ -4747,7 +4747,7 @@ const ssl_passphrase = "" &redef; ## .. note:: This is not the BPF packet filter but an additional dynamic filter ## that Bro optionally applies just before normal processing starts. ## -## .. bro:see:: install_dst_addr_filter install_dst_net_filter +## .. zeek:see:: install_dst_addr_filter install_dst_net_filter ## install_src_addr_filter install_src_net_filter uninstall_dst_addr_filter ## uninstall_dst_net_filter uninstall_src_addr_filter uninstall_src_net_filter const packet_filter_default = F &redef; @@ -4763,7 +4763,7 @@ const peer_description = "bro" &redef; ## If true, broadcast events received from one peer to all other peers. ## -## .. bro:see:: forward_remote_state_changes +## .. zeek:see:: forward_remote_state_changes ## ## .. note:: This option is only temporary and will disappear once we get a ## more sophisticated script-level communication framework. @@ -4771,7 +4771,7 @@ const forward_remote_events = F &redef; ## If true, broadcast state updates received from one peer to all other peers. ## -## .. bro:see:: forward_remote_events +## .. zeek:see:: forward_remote_events ## ## .. note:: This option is only temporary and will disappear once we get a ## more sophisticated script-level communication framework. @@ -4806,16 +4806,16 @@ const REMOTE_SRC_SCRIPT = 3; ##< Message from a policy script. ## Synchronize trace processing at a regular basis in pseudo-realtime mode. ## -## .. bro:see:: remote_trace_sync_peers +## .. zeek:see:: remote_trace_sync_peers const remote_trace_sync_interval = 0 secs &redef; ## Number of peers across which to synchronize trace processing in ## pseudo-realtime mode. ## -## .. bro:see:: remote_trace_sync_interval +## .. zeek:see:: remote_trace_sync_interval const remote_trace_sync_peers = 0 &redef; -## Whether for :bro:attr:`&synchronized` state to send the old value as a +## Whether for :zeek:attr:`&synchronized` state to send the old value as a ## consistency check. const remote_check_sync_consistency = F &redef; @@ -4823,7 +4823,7 @@ const remote_check_sync_consistency = F &redef; ## signature matching. Enabling this provides more accurate matching at the ## expense of CPU cycles. ## -## .. bro:see:: dpd_buffer_size +## .. zeek:see:: dpd_buffer_size ## dpd_match_only_beginning dpd_ignore_ports ## ## .. note:: Despite the name, this option affects *all* signature matching, not @@ -4838,14 +4838,14 @@ const dpd_reassemble_first_packets = T &redef; ## are activated afterwards. Then only analyzers that can deal with partial ## connections will be able to analyze the session. ## -## .. bro:see:: dpd_reassemble_first_packets dpd_match_only_beginning +## .. zeek:see:: dpd_reassemble_first_packets dpd_match_only_beginning ## dpd_ignore_ports const dpd_buffer_size = 1024 &redef; -## If true, stops signature matching if :bro:see:`dpd_buffer_size` has been +## If true, stops signature matching if :zeek:see:`dpd_buffer_size` has been ## reached. ## -## .. bro:see:: dpd_reassemble_first_packets dpd_buffer_size +## .. zeek:see:: dpd_reassemble_first_packets dpd_buffer_size ## dpd_ignore_ports ## ## .. note:: Despite the name, this option affects *all* signature matching, not @@ -4855,7 +4855,7 @@ const dpd_match_only_beginning = T &redef; ## If true, don't consider any ports for deciding which protocol analyzer to ## use. ## -## .. bro:see:: dpd_reassemble_first_packets dpd_buffer_size +## .. zeek:see:: dpd_reassemble_first_packets dpd_buffer_size ## dpd_match_only_beginning const dpd_ignore_ports = F &redef; @@ -4882,7 +4882,7 @@ const suppress_local_output = F &redef; ## Holds the filename of the trace file given with ``-w`` (empty if none). ## -## .. bro:see:: record_all_packets +## .. zeek:see:: record_all_packets const trace_output_file = ""; ## If a trace file is given with ``-w``, dump *all* packets seen by Bro into it. @@ -4891,16 +4891,16 @@ const trace_output_file = ""; ## actually process them, which can be helpful for debugging in case the ## analysis triggers a crash. ## -## .. bro:see:: trace_output_file +## .. zeek:see:: trace_output_file const record_all_packets = F &redef; -## Ignore certain TCP retransmissions for :bro:see:`conn_stats`. Some +## Ignore certain TCP retransmissions for :zeek:see:`conn_stats`. Some ## connections (e.g., SSH) retransmit the acknowledged last byte to keep the ## connection alive. If *ignore_keep_alive_rexmit* is set to true, such ## retransmissions will be excluded in the rexmit counter in -## :bro:see:`conn_stats`. +## :zeek:see:`conn_stats`. ## -## .. bro:see:: conn_stats +## .. zeek:see:: conn_stats const ignore_keep_alive_rexmit = F &redef; module JSON; @@ -4944,14 +4944,14 @@ export { ## With this set, the Teredo analyzer waits until it sees both sides ## of a connection using a valid Teredo encapsulation before issuing - ## a :bro:see:`protocol_confirmation`. If it's false, the first + ## a :zeek:see:`protocol_confirmation`. If it's false, the first ## occurrence of a packet with valid Teredo encapsulation causes a ## confirmation. const delay_teredo_confirmation = T &redef; ## With this set, the GTP analyzer waits until the most-recent upflow ## and downflow packets are a valid GTPv1 encapsulation before - ## issuing :bro:see:`protocol_confirmation`. If it's false, the + ## issuing :zeek:see:`protocol_confirmation`. If it's false, the ## first occurrence of a packet with valid GTPv1 encapsulation causes ## confirmation. Since the same inner connection can be carried ## differing outer upflow/downflow connections, setting to false @@ -4971,7 +4971,7 @@ export { ## The set of UDP ports used for VXLAN traffic. Traffic using this ## UDP destination port will attempt to be decapsulated. Note that if ## if you customize this, you may still want to manually ensure that - ## :bro:see:`likely_server_ports` also gets populated accordingly. + ## :zeek:see:`likely_server_ports` also gets populated accordingly. const vxlan_ports: set[port] = { 4789/udp } &redef; } # end export @@ -5050,7 +5050,7 @@ export { ## "conn" weirds, counters and expiration timers are kept for the duration ## of the connection for each named weird and reset when necessary. E.g. ## if a "conn" weird by the name of "foo" is seen more than - ## :bro:see:`Weird::sampling_threshold` times, then an expiration timer + ## :zeek:see:`Weird::sampling_threshold` times, then an expiration timer ## begins for "foo" and upon triggering will reset the counter for "foo" ## and unthrottle its rate-limiting until it once again exceeds the ## threshold. @@ -5070,7 +5070,7 @@ export { ## The threshold, in bytes, at which the BinPAC flowbuffer of a given ## connection/analyzer will have its capacity contracted to - ## :bro:see:`BinPAC::flowbuffer_capacity_min` after parsing a full unit. + ## :zeek:see:`BinPAC::flowbuffer_capacity_min` after parsing a full unit. ## I.e. this is the maximum capacity to reserve in between the parsing of ## units. If, after parsing a unit, the flowbuffer capacity is greater ## than this value, it will be contracted. diff --git a/scripts/base/misc/find-filtered-trace.zeek b/scripts/base/misc/find-filtered-trace.zeek index a756f78551..f7bdbb9e91 100644 --- a/scripts/base/misc/find-filtered-trace.zeek +++ b/scripts/base/misc/find-filtered-trace.zeek @@ -1,7 +1,7 @@ ##! Discovers trace files that contain TCP traffic consisting only of ##! control packets (e.g. it's been filtered to contain only SYN/FIN/RST ##! packets and no content). On finding such a trace, a warning is -##! emitted that suggests toggling the :bro:see:`detect_filtered_trace` +##! emitted that suggests toggling the :zeek:see:`detect_filtered_trace` ##! option may be desired if the user does not want Bro to report ##! missing TCP segments. diff --git a/scripts/base/protocols/conn/contents.zeek b/scripts/base/protocols/conn/contents.zeek index dbfbbd0dc1..ea689c6350 100644 --- a/scripts/base/protocols/conn/contents.zeek +++ b/scripts/base/protocols/conn/contents.zeek @@ -2,7 +2,7 @@ ##! responders data or both. By default nothing is extracted, and in order ##! to actually extract data the ``c$extract_orig`` and/or the ##! ``c$extract_resp`` variable must be set to ``T``. One way to achieve this -##! would be to handle the :bro:id:`connection_established` event elsewhere +##! would be to handle the :zeek:id:`connection_established` event elsewhere ##! and set the ``extract_orig`` and ``extract_resp`` options there. ##! However, there may be trouble with the timing due to event queue delay. ##! diff --git a/scripts/base/protocols/conn/main.zeek b/scripts/base/protocols/conn/main.zeek index cb391a8bf4..ecc9e436ac 100644 --- a/scripts/base/protocols/conn/main.zeek +++ b/scripts/base/protocols/conn/main.zeek @@ -78,13 +78,13 @@ export { ## If the connection is originated locally, this value will be T. ## If it was originated remotely it will be F. In the case that - ## the :bro:id:`Site::local_nets` variable is undefined, this + ## the :zeek:id:`Site::local_nets` variable is undefined, this ## field will be left empty at all times. local_orig: bool &log &optional; ## If the connection is responded to locally, this value will be T. ## If it was responded to remotely it will be F. In the case that - ## the :bro:id:`Site::local_nets` variable is undefined, this + ## the :zeek:id:`Site::local_nets` variable is undefined, this ## field will be left empty at all times. local_resp: bool &log &optional; @@ -128,18 +128,18 @@ export { ## (at least) 10 times; the third instance, 100 times; etc. history: string &log &optional; ## Number of packets that the originator sent. - ## Only set if :bro:id:`use_conn_size_analyzer` = T. + ## Only set if :zeek:id:`use_conn_size_analyzer` = T. orig_pkts: count &log &optional; ## Number of IP level bytes that the originator sent (as seen on ## the wire, taken from the IP total_length header field). - ## Only set if :bro:id:`use_conn_size_analyzer` = T. + ## Only set if :zeek:id:`use_conn_size_analyzer` = T. orig_ip_bytes: count &log &optional; ## Number of packets that the responder sent. - ## Only set if :bro:id:`use_conn_size_analyzer` = T. + ## Only set if :zeek:id:`use_conn_size_analyzer` = T. resp_pkts: count &log &optional; ## Number of IP level bytes that the responder sent (as seen on ## the wire, taken from the IP total_length header field). - ## Only set if :bro:id:`use_conn_size_analyzer` = T. + ## Only set if :zeek:id:`use_conn_size_analyzer` = T. resp_ip_bytes: count &log &optional; ## If this connection was over a tunnel, indicate the ## *uid* values for any encapsulating parent connections @@ -147,7 +147,7 @@ export { tunnel_parents: set[string] &log &optional; }; - ## Event that can be handled to access the :bro:type:`Conn::Info` + ## Event that can be handled to access the :zeek:type:`Conn::Info` ## record as it is sent on to the logging framework. global log_conn: event(rec: Info); } diff --git a/scripts/base/protocols/dhcp/main.zeek b/scripts/base/protocols/dhcp/main.zeek index 20998c082c..1f98cd0583 100644 --- a/scripts/base/protocols/dhcp/main.zeek +++ b/scripts/base/protocols/dhcp/main.zeek @@ -89,13 +89,13 @@ export { ## This event is used internally to distribute data around clusters ## since DHCP doesn't follow the normal "connection" model used by ## most protocols. It can also be handled to extend the DHCP log. - ## bro:see::`DHCP::log_info`. + ## :zeek:see:`DHCP::log_info`. global DHCP::aggregate_msgs: event(ts: time, id: conn_id, uid: string, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options); ## This is a global variable that is only to be used in the - ## :bro::see::`DHCP::aggregate_msgs` event. It can be used to avoid + ## :zeek:see:`DHCP::aggregate_msgs` event. It can be used to avoid ## looking up the info record for a transaction ID in every event handler - ## for :bro:see::`DHCP::aggregate_msgs`. + ## for :zeek:see:`DHCP::aggregate_msgs`. global DHCP::log_info: Info; ## Event that can be handled to access the DHCP diff --git a/scripts/base/protocols/dns/main.zeek b/scripts/base/protocols/dns/main.zeek index 8504d614f6..f91a94b0cb 100644 --- a/scripts/base/protocols/dns/main.zeek +++ b/scripts/base/protocols/dns/main.zeek @@ -80,7 +80,7 @@ export { saw_reply: bool &default=F; }; - ## An event that can be handled to access the :bro:type:`DNS::Info` + ## An event that can be handled to access the :zeek:type:`DNS::Info` ## record as it is sent to the logging framework. global log_dns: event(rec: Info); @@ -109,7 +109,7 @@ export { ## is_query: Indicator for if this is being called for a query or a response. global set_session: hook(c: connection, msg: dns_msg, is_query: bool); - ## Yields a queue of :bro:see:`DNS::Info` objects for a given + ## Yields a queue of :zeek:see:`DNS::Info` objects for a given ## DNS message query/transaction ID. type PendingMessages: table[count] of Queue::Queue; @@ -126,7 +126,7 @@ export { option max_pending_query_ids = 50; ## A record type which tracks the status of DNS queries for a given - ## :bro:type:`connection`. + ## :zeek:type:`connection`. type State: record { ## A single query that hasn't been matched with a response yet. ## Note this is maintained separate from the *pending_queries* diff --git a/scripts/base/protocols/ftp/gridftp.zeek b/scripts/base/protocols/ftp/gridftp.zeek index cdbe354a08..ef6965d3ca 100644 --- a/scripts/base/protocols/ftp/gridftp.zeek +++ b/scripts/base/protocols/ftp/gridftp.zeek @@ -6,7 +6,7 @@ ##! indicating the GSI mechanism for GSSAPI was used. This analysis ##! is all supported internally, this script simply adds the "gridftp" ##! label to the *service* field of the control channel's -##! :bro:type:`connection` record. +##! :zeek:type:`connection` record. ##! ##! GridFTP data channels are identified by a heuristic that relies on ##! the fact that default settings for GridFTP clients typically @@ -33,7 +33,7 @@ export { option size_threshold = 1073741824; ## Time during which we check whether a connection's size exceeds the - ## :bro:see:`GridFTP::size_threshold`. + ## :zeek:see:`GridFTP::size_threshold`. option max_time = 2 min; ## Whether to skip further processing of the GridFTP data channel once @@ -46,8 +46,8 @@ export { global data_channel_detected: event(c: connection); ## The initial criteria used to determine whether to start polling - ## the connection for the :bro:see:`GridFTP::size_threshold` to have - ## been exceeded. This is called in a :bro:see:`ssl_established` event + ## the connection for the :zeek:see:`GridFTP::size_threshold` to have + ## been exceeded. This is called in a :zeek:see:`ssl_established` event ## handler and by default looks for both a client and server certificate ## and for a NULL bulk cipher. One way in which this function could be ## redefined is to make it also consider client/server certificate @@ -56,7 +56,7 @@ export { ## c: The connection which may possibly be a GridFTP data channel. ## ## Returns: true if the connection should be further polled for an - ## exceeded :bro:see:`GridFTP::size_threshold`, else false. + ## exceeded :zeek:see:`GridFTP::size_threshold`, else false. const data_channel_initial_criteria: function(c: connection): bool &redef; } diff --git a/scripts/base/protocols/ftp/main.zeek b/scripts/base/protocols/ftp/main.zeek index 78a4dbabff..1c2dce17f8 100644 --- a/scripts/base/protocols/ftp/main.zeek +++ b/scripts/base/protocols/ftp/main.zeek @@ -36,7 +36,7 @@ export { ## Parse FTP reply codes into the three constituent single digit values. global parse_ftp_reply_code: function(code: count): ReplyCode; - ## Event that can be handled to access the :bro:type:`FTP::Info` + ## Event that can be handled to access the :zeek:type:`FTP::Info` ## record as it is sent on to the logging framework. global log_ftp: event(rec: Info); } diff --git a/scripts/base/protocols/ftp/utils.zeek b/scripts/base/protocols/ftp/utils.zeek index 74aeaa1e03..44c621b361 100644 --- a/scripts/base/protocols/ftp/utils.zeek +++ b/scripts/base/protocols/ftp/utils.zeek @@ -7,16 +7,16 @@ module FTP; export { - ## Creates a URL from an :bro:type:`FTP::Info` record. + ## Creates a URL from an :zeek:type:`FTP::Info` record. ## - ## rec: An :bro:type:`FTP::Info` record. + ## rec: An :zeek:type:`FTP::Info` record. ## ## Returns: A URL, not prefixed by ``"ftp://"``. global build_url: function(rec: Info): string; - ## Creates a URL from an :bro:type:`FTP::Info` record. + ## Creates a URL from an :zeek:type:`FTP::Info` record. ## - ## rec: An :bro:type:`FTP::Info` record. + ## rec: An :zeek:type:`FTP::Info` record. ## ## Returns: A URL prefixed with ``"ftp://"``. global build_url_ftp: function(rec: Info): string; diff --git a/scripts/base/protocols/http/entities.zeek b/scripts/base/protocols/http/entities.zeek index c16bb3f630..0a72c6b76e 100644 --- a/scripts/base/protocols/http/entities.zeek +++ b/scripts/base/protocols/http/entities.zeek @@ -14,44 +14,44 @@ export { }; ## Maximum number of originator files to log. - ## :bro:see:`HTTP::max_files_policy` even is called once this + ## :zeek:see:`HTTP::max_files_policy` even is called once this ## limit is reached to determine if it's enforced. option max_files_orig = 15; ## Maximum number of responder files to log. - ## :bro:see:`HTTP::max_files_policy` even is called once this + ## :zeek:see:`HTTP::max_files_policy` even is called once this ## limit is reached to determine if it's enforced. option max_files_resp = 15; ## Called when reaching the max number of files across a given HTTP - ## connection according to :bro:see:`HTTP::max_files_orig` - ## or :bro:see:`HTTP::max_files_resp`. Break from the hook + ## connection according to :zeek:see:`HTTP::max_files_orig` + ## or :zeek:see:`HTTP::max_files_resp`. Break from the hook ## early to signal that the file limit should not be applied. global max_files_policy: hook(f: fa_file, is_orig: bool); redef record Info += { ## An ordered vector of file unique IDs. - ## Limited to :bro:see:`HTTP::max_files_orig` entries. + ## Limited to :zeek:see:`HTTP::max_files_orig` entries. orig_fuids: vector of string &log &optional; ## An ordered vector of filenames from the client. - ## Limited to :bro:see:`HTTP::max_files_orig` entries. + ## Limited to :zeek:see:`HTTP::max_files_orig` entries. orig_filenames: vector of string &log &optional; ## An ordered vector of mime types. - ## Limited to :bro:see:`HTTP::max_files_orig` entries. + ## Limited to :zeek:see:`HTTP::max_files_orig` entries. orig_mime_types: vector of string &log &optional; ## An ordered vector of file unique IDs. - ## Limited to :bro:see:`HTTP::max_files_resp` entries. + ## Limited to :zeek:see:`HTTP::max_files_resp` entries. resp_fuids: vector of string &log &optional; ## An ordered vector of filenames from the server. - ## Limited to :bro:see:`HTTP::max_files_resp` entries. + ## Limited to :zeek:see:`HTTP::max_files_resp` entries. resp_filenames: vector of string &log &optional; ## An ordered vector of mime types. - ## Limited to :bro:see:`HTTP::max_files_resp` entries. + ## Limited to :zeek:see:`HTTP::max_files_resp` entries. resp_mime_types: vector of string &log &optional; ## The current entity. diff --git a/scripts/base/protocols/http/utils.zeek b/scripts/base/protocols/http/utils.zeek index 67f13f2640..a48841cef5 100644 --- a/scripts/base/protocols/http/utils.zeek +++ b/scripts/base/protocols/http/utils.zeek @@ -17,18 +17,18 @@ export { ## Returns: A vector of strings containing the keys. global extract_keys: function(data: string, kv_splitter: pattern): string_vec; - ## Creates a URL from an :bro:type:`HTTP::Info` record. This should + ## Creates a URL from an :zeek:type:`HTTP::Info` record. This should ## handle edge cases such as proxied requests appropriately. ## - ## rec: An :bro:type:`HTTP::Info` record. + ## rec: An :zeek:type:`HTTP::Info` record. ## ## Returns: A URL, not prefixed by ``"http://"``. global build_url: function(rec: Info): string; - ## Creates a URL from an :bro:type:`HTTP::Info` record. This should + ## Creates a URL from an :zeek:type:`HTTP::Info` record. This should ## handle edge cases such as proxied requests appropriately. ## - ## rec: An :bro:type:`HTTP::Info` record. + ## rec: An :zeek:type:`HTTP::Info` record. ## ## Returns: A URL prefixed with ``"http://"``. global build_url_http: function(rec: Info): string; diff --git a/scripts/base/protocols/ssh/main.zeek b/scripts/base/protocols/ssh/main.zeek index 2e70bc1aba..293c529b6d 100644 --- a/scripts/base/protocols/ssh/main.zeek +++ b/scripts/base/protocols/ssh/main.zeek @@ -75,7 +75,7 @@ export { ## c: The connection over which the :abbr:`SSH (Secure Shell)` ## connection took place. ## - ## .. bro:see:: ssh_server_version ssh_client_version + ## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_result ssh_auth_attempted ## ssh_capabilities ssh2_server_host_key ssh1_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -98,7 +98,7 @@ export { ## auth_attempts: The number of authentication attempts that were ## observed. ## - ## .. bro:see:: ssh_server_version ssh_client_version + ## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_attempted ## ssh_capabilities ssh2_server_host_key ssh1_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -106,10 +106,10 @@ export { global ssh_auth_result: event(c: connection, result: bool, auth_attempts: count); ## Event that can be handled when the analyzer sees an SSH server host - ## key. This abstracts :bro:id:`ssh1_server_host_key` and - ## :bro:id:`ssh2_server_host_key`. + ## key. This abstracts :zeek:id:`ssh1_server_host_key` and + ## :zeek:id:`ssh2_server_host_key`. ## - ## .. bro:see:: ssh_server_version ssh_client_version + ## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh1_server_host_key ssh_encrypted_packet ssh2_dh_server_params diff --git a/scripts/base/utils/active-http.zeek b/scripts/base/utils/active-http.zeek index 8243a7a9a9..27eb6e2bb2 100644 --- a/scripts/base/utils/active-http.zeek +++ b/scripts/base/utils/active-http.zeek @@ -46,7 +46,7 @@ export { }; ## Perform an HTTP request according to the - ## :bro:type:`ActiveHTTP::Request` record. This is an asynchronous + ## :zeek:type:`ActiveHTTP::Request` record. This is an asynchronous ## function and must be called within a "when" statement. ## ## req: A record instance representing all options for an HTTP request. diff --git a/scripts/base/utils/conn-ids.zeek b/scripts/base/utils/conn-ids.zeek index 6601b665e5..b5d7fffd77 100644 --- a/scripts/base/utils/conn-ids.zeek +++ b/scripts/base/utils/conn-ids.zeek @@ -13,7 +13,7 @@ export { ## on the right to the originator on the left. global reverse_id_string: function(id: conn_id): string; - ## Calls :bro:id:`id_string` or :bro:id:`reverse_id_string` if the + ## Calls :zeek:id:`id_string` or :zeek:id:`reverse_id_string` if the ## second argument is T or F, respectively. global directed_id_string: function(id: conn_id, is_orig: bool): string; } diff --git a/scripts/base/utils/dir.zeek b/scripts/base/utils/dir.zeek index eb5597a7b7..678e81d7ed 100644 --- a/scripts/base/utils/dir.zeek +++ b/scripts/base/utils/dir.zeek @@ -6,7 +6,7 @@ module Dir; export { ## The default interval this module checks for files in directories when - ## using the :bro:see:`Dir::monitor` function. + ## using the :zeek:see:`Dir::monitor` function. option polling_interval = 30sec; ## Register a directory to monitor with a callback that is called diff --git a/scripts/base/utils/exec.zeek b/scripts/base/utils/exec.zeek index fe44853541..85500bf9c2 100644 --- a/scripts/base/utils/exec.zeek +++ b/scripts/base/utils/exec.zeek @@ -8,7 +8,7 @@ export { type Command: record { ## The command line to execute. Use care to avoid injection ## attacks (i.e., if the command uses untrusted/variable data, - ## sanitize it with :bro:see:`safe_shell_quote`). + ## sanitize it with :zeek:see:`safe_shell_quote`). cmd: string; ## Provide standard input to the program as a string. stdin: string &default=""; diff --git a/scripts/base/utils/geoip-distance.zeek b/scripts/base/utils/geoip-distance.zeek index 8d3149cb03..8aa2601500 100644 --- a/scripts/base/utils/geoip-distance.zeek +++ b/scripts/base/utils/geoip-distance.zeek @@ -10,7 +10,7 @@ ## Returns: The distance between *a1* and *a2* in miles, or -1.0 if GeoIP data ## is not available for either of the IP addresses. ## -## .. bro:see:: haversine_distance lookup_location +## .. zeek:see:: haversine_distance lookup_location function haversine_distance_ip(a1: addr, a2: addr): double { local loc1 = lookup_location(a1); diff --git a/scripts/base/utils/paths.zeek b/scripts/base/utils/paths.zeek index 6de5b85e2e..fdc9bd5d3d 100644 --- a/scripts/base/utils/paths.zeek +++ b/scripts/base/utils/paths.zeek @@ -75,7 +75,7 @@ function build_path(dir: string, file_name: string): string } ## Returns a compressed path to a file given a directory and file name. -## See :bro:id:`build_path` and :bro:id:`compress_path`. +## See :zeek:id:`build_path` and :zeek:id:`compress_path`. function build_path_compressed(dir: string, file_name: string): string { return compress_path(build_path(dir, file_name)); diff --git a/scripts/base/utils/patterns.zeek b/scripts/base/utils/patterns.zeek index 47b8cf4e37..6d955339f8 100644 --- a/scripts/base/utils/patterns.zeek +++ b/scripts/base/utils/patterns.zeek @@ -37,7 +37,7 @@ type PatternMatchResult: record { }; ## Matches the given pattern against the given string, returning -## a :bro:type:`PatternMatchResult` record. +## a :zeek:type:`PatternMatchResult` record. ## For example: ``match_pattern("foobar", /o*[a-k]/)`` returns ## ``[matched=T, str=f, off=1]``, because the *first* match is for ## zero o's followed by an [a-k], but ``match_pattern("foobar", /o+[a-k]/)`` diff --git a/scripts/base/utils/site.zeek b/scripts/base/utils/site.zeek index 541dcb3f9a..949f340410 100644 --- a/scripts/base/utils/site.zeek +++ b/scripts/base/utils/site.zeek @@ -22,9 +22,9 @@ export { option local_nets: set[subnet] = {}; ## This is used for retrieving the subnet when using multiple entries in - ## :bro:id:`Site::local_nets`. It's populated automatically from there. + ## :zeek:id:`Site::local_nets`. It's populated automatically from there. ## A membership query can be done with an - ## :bro:type:`addr` and the table will yield the subnet it was found + ## :zeek:type:`addr` and the table will yield the subnet it was found ## within. global local_nets_table: table[subnet] of subnet = {}; @@ -45,33 +45,33 @@ export { ## Function that returns true if an address corresponds to one of ## the local networks, false if not. - ## The function inspects :bro:id:`Site::local_nets`. + ## The function inspects :zeek:id:`Site::local_nets`. global is_local_addr: function(a: addr): bool; ## Function that returns true if an address corresponds to one of ## the neighbor networks, false if not. - ## The function inspects :bro:id:`Site::neighbor_nets`. + ## The function inspects :zeek:id:`Site::neighbor_nets`. global is_neighbor_addr: function(a: addr): bool; ## Function that returns true if an address corresponds to one of ## the private/unrouted networks, false if not. - ## The function inspects :bro:id:`Site::private_address_space`. + ## The function inspects :zeek:id:`Site::private_address_space`. global is_private_addr: function(a: addr): bool; ## Function that returns true if a host name is within a local ## DNS zone. - ## The function inspects :bro:id:`Site::local_zones`. + ## The function inspects :zeek:id:`Site::local_zones`. global is_local_name: function(name: string): bool; ## Function that returns true if a host name is within a neighbor ## DNS zone. - ## The function inspects :bro:id:`Site::neighbor_zones`. + ## The function inspects :zeek:id:`Site::neighbor_zones`. global is_neighbor_name: function(name: string): bool; ## Function that returns a comma-separated list of email addresses ## that are considered administrators for the IP address provided as ## an argument. - ## The function inspects :bro:id:`Site::local_admins`. + ## The function inspects :zeek:id:`Site::local_admins`. global get_emails: function(a: addr): string; } diff --git a/scripts/base/utils/thresholds.zeek b/scripts/base/utils/thresholds.zeek index 31d1d3e84f..d30e9f2b0a 100644 --- a/scripts/base/utils/thresholds.zeek +++ b/scripts/base/utils/thresholds.zeek @@ -1,8 +1,8 @@ ##! Functions for using multiple thresholds with a counting tracker. For ##! example, you may want to generate a notice when something happens 10 times ##! and again when it happens 100 times but nothing in between. You can use -##! the :bro:id:`check_threshold` function to define your threshold points -##! and the :bro:type:`TrackCount` variable where you are keeping track of your +##! the :zeek:id:`check_threshold` function to define your threshold points +##! and the :zeek:type:`TrackCount` variable where you are keeping track of your ##! counter. module GLOBAL; @@ -18,12 +18,12 @@ export { }; ## The thresholds you would like to use as defaults with the - ## :bro:id:`default_check_threshold` function. + ## :zeek:id:`default_check_threshold` function. const default_notice_thresholds: vector of count = { 30, 100, 1000, 10000, 100000, 1000000, 10000000, } &redef; - ## This will check if a :bro:type:`TrackCount` variable has crossed any + ## This will check if a :zeek:type:`TrackCount` variable has crossed any ## thresholds in a given set. ## ## v: a vector holding counts that represent thresholds. @@ -34,8 +34,8 @@ export { ## Returns: T if a threshold has been crossed, else F. global check_threshold: function(v: vector of count, tracker: TrackCount): bool; - ## This will use the :bro:id:`default_notice_thresholds` variable to - ## check a :bro:type:`TrackCount` variable to see if it has crossed + ## This will use the :zeek:id:`default_notice_thresholds` variable to + ## check a :zeek:type:`TrackCount` variable to see if it has crossed ## another threshold. global default_check_threshold: function(tracker: TrackCount): bool; } diff --git a/scripts/base/utils/urls.zeek b/scripts/base/utils/urls.zeek index a34b6a02c1..c6ec41cbfc 100644 --- a/scripts/base/utils/urls.zeek +++ b/scripts/base/utils/urls.zeek @@ -3,7 +3,7 @@ ## A regular expression for matching and extracting URLs. const url_regex = /^([a-zA-Z\-]{3,5})(:\/\/[^\/?#"'\r\n><]*)([^?#"'\r\n><]*)([^[:blank:]\r\n"'><]*|\??[^"'\r\n><]*)/ &redef; -## A URI, as parsed by :bro:id:`decompose_uri`. +## A URI, as parsed by :zeek:id:`decompose_uri`. type URI: record { ## The URL's scheme.. scheme: string &optional; diff --git a/scripts/broxygen/README b/scripts/broxygen/README deleted file mode 100644 index ac7f522285..0000000000 --- a/scripts/broxygen/README +++ /dev/null @@ -1,4 +0,0 @@ -This package is loaded during the process which automatically generates -reference documentation for all Bro scripts (i.e. "Broxygen"). Its only -purpose is to provide an easy way to load all known Bro scripts plus any -extra scripts needed or used by the documentation process. diff --git a/scripts/policy/frameworks/dpd/packet-segment-logging.zeek b/scripts/policy/frameworks/dpd/packet-segment-logging.zeek index 35a52c3870..7dff2b07f8 100644 --- a/scripts/policy/frameworks/dpd/packet-segment-logging.zeek +++ b/scripts/policy/frameworks/dpd/packet-segment-logging.zeek @@ -1,6 +1,6 @@ ##! This script enables logging of packet segment data when a protocol ##! parsing violation is encountered. The amount of data from the -##! packet logged is set by the :bro:see:`DPD::packet_segment_size` variable. +##! packet logged is set by the :zeek:see:`DPD::packet_segment_size` variable. ##! A caveat to logging packet data is that in some cases, the packet may ##! not be the packet that actually caused the protocol violation. diff --git a/scripts/policy/frameworks/notice/extend-email/hostnames.zeek b/scripts/policy/frameworks/notice/extend-email/hostnames.zeek index 9ee58d3e0b..5be74c7913 100644 --- a/scripts/policy/frameworks/notice/extend-email/hostnames.zeek +++ b/scripts/policy/frameworks/notice/extend-email/hostnames.zeek @@ -1,6 +1,6 @@ -##! Loading this script extends the :bro:enum:`Notice::ACTION_EMAIL` action +##! Loading this script extends the :zeek:enum:`Notice::ACTION_EMAIL` action ##! by appending to the email the hostnames associated with -##! :bro:type:`Notice::Info`'s *src* and *dst* fields as determined by a +##! :zeek:type:`Notice::Info`'s *src* and *dst* fields as determined by a ##! DNS lookup. @load base/frameworks/notice/main diff --git a/scripts/policy/frameworks/packet-filter/shunt.zeek b/scripts/policy/frameworks/packet-filter/shunt.zeek index 13ff27252c..3a08dfaddd 100644 --- a/scripts/policy/frameworks/packet-filter/shunt.zeek +++ b/scripts/policy/frameworks/packet-filter/shunt.zeek @@ -23,7 +23,7 @@ export { ## update done by the `PacketFilter` framework. global unshunt_host_pair: function(id: conn_id): bool; - ## Performs the same function as the :bro:id:`PacketFilter::unshunt_host_pair` + ## Performs the same function as the :zeek:id:`PacketFilter::unshunt_host_pair` ## function, but it forces an immediate filter update. global force_unshunt_host_pair: function(id: conn_id): bool; @@ -34,7 +34,7 @@ export { global current_shunted_host_pairs: function(): set[conn_id]; redef enum Notice::Type += { - ## Indicative that :bro:id:`PacketFilter::max_bpf_shunts` + ## Indicative that :zeek:id:`PacketFilter::max_bpf_shunts` ## connections are already being shunted with BPF filters and ## no more are allowed. No_More_Conn_Shunts_Available, diff --git a/scripts/policy/frameworks/software/version-changes.zeek b/scripts/policy/frameworks/software/version-changes.zeek index 215a64d6b7..865cc20447 100644 --- a/scripts/policy/frameworks/software/version-changes.zeek +++ b/scripts/policy/frameworks/software/version-changes.zeek @@ -12,7 +12,7 @@ export { ## For certain software, a version changing may matter. In that ## case, this notice will be generated. Software that matters ## if the version changes can be configured with the - ## :bro:id:`Software::interesting_version_changes` variable. + ## :zeek:id:`Software::interesting_version_changes` variable. Software_Version_Change, }; diff --git a/scripts/policy/integration/barnyard2/main.zeek b/scripts/policy/integration/barnyard2/main.zeek index 7d0bb59d5a..876467eb8a 100644 --- a/scripts/policy/integration/barnyard2/main.zeek +++ b/scripts/policy/integration/barnyard2/main.zeek @@ -18,8 +18,8 @@ export { alert: AlertData &log; }; - ## This can convert a Barnyard :bro:type:`Barnyard2::PacketID` value to - ## a :bro:type:`conn_id` value in the case that you might need to index + ## This can convert a Barnyard :zeek:type:`Barnyard2::PacketID` value to + ## a :zeek:type:`conn_id` value in the case that you might need to index ## into an existing data structure elsewhere within Bro. global pid2cid: function(p: PacketID): conn_id; } diff --git a/scripts/policy/misc/capture-loss.zeek b/scripts/policy/misc/capture-loss.zeek index 302919597f..c6516d46eb 100644 --- a/scripts/policy/misc/capture-loss.zeek +++ b/scripts/policy/misc/capture-loss.zeek @@ -41,7 +41,7 @@ export { option watch_interval = 15mins; ## The percentage of missed data that is considered "too much" - ## when the :bro:enum:`CaptureLoss::Too_Much_Loss` notice should be + ## when the :zeek:enum:`CaptureLoss::Too_Much_Loss` notice should be ## generated. The value is expressed as a double between 0 and 1 with 1 ## being 100%. option too_much_loss: double = 0.1; diff --git a/scripts/policy/misc/detect-traceroute/main.zeek b/scripts/policy/misc/detect-traceroute/main.zeek index 8271277af6..091ceceed6 100644 --- a/scripts/policy/misc/detect-traceroute/main.zeek +++ b/scripts/policy/misc/detect-traceroute/main.zeek @@ -34,7 +34,7 @@ export { const icmp_time_exceeded_threshold: double = 3 &redef; ## Interval at which to watch for the - ## :bro:id:`Traceroute::icmp_time_exceeded_threshold` variable to be + ## :zeek:id:`Traceroute::icmp_time_exceeded_threshold` variable to be ## crossed. At the end of each interval the counter is reset. const icmp_time_exceeded_interval = 3min &redef; diff --git a/scripts/policy/misc/profiling.zeek b/scripts/policy/misc/profiling.zeek index 5a0dfe5fcf..fed8c41f54 100644 --- a/scripts/policy/misc/profiling.zeek +++ b/scripts/policy/misc/profiling.zeek @@ -9,7 +9,7 @@ redef profiling_file = open_log_file("prof"); redef profiling_interval = 15 secs; ## Set the expensive profiling interval (multiple of -## :bro:id:`profiling_interval`). +## :zeek:id:`profiling_interval`). redef expensive_profiling_multiple = 20; event zeek_init() diff --git a/scripts/policy/misc/scan.zeek b/scripts/policy/misc/scan.zeek index 6468767674..26dc54ce90 100644 --- a/scripts/policy/misc/scan.zeek +++ b/scripts/policy/misc/scan.zeek @@ -15,17 +15,17 @@ export { redef enum Notice::Type += { ## Address scans detect that a host appears to be scanning some ## number of destinations on a single port. This notice is - ## generated when more than :bro:id:`Scan::addr_scan_threshold` + ## generated when more than :zeek:id:`Scan::addr_scan_threshold` ## unique hosts are seen over the previous - ## :bro:id:`Scan::addr_scan_interval` time range. + ## :zeek:id:`Scan::addr_scan_interval` time range. Address_Scan, ## Port scans detect that an attacking host appears to be ## scanning a single victim host on several ports. This notice ## is generated when an attacking host attempts to connect to - ## :bro:id:`Scan::port_scan_threshold` + ## :zeek:id:`Scan::port_scan_threshold` ## unique ports on a single host over the previous - ## :bro:id:`Scan::port_scan_interval` time range. + ## :zeek:id:`Scan::port_scan_interval` time range. Port_Scan, }; diff --git a/scripts/policy/misc/trim-trace-file.zeek b/scripts/policy/misc/trim-trace-file.zeek index 2d78977d8c..3f50406f3b 100644 --- a/scripts/policy/misc/trim-trace-file.zeek +++ b/scripts/policy/misc/trim-trace-file.zeek @@ -11,7 +11,7 @@ export { ## tracefile rotation is required with the caveat that the script ## doesn't currently attempt to get back on schedule automatically and ## the next trim likely won't happen on the - ## :bro:id:`TrimTraceFile::trim_interval`. + ## :zeek:id:`TrimTraceFile::trim_interval`. global go: event(first_trim: bool); } diff --git a/scripts/policy/protocols/conn/known-hosts.zeek b/scripts/policy/protocols/conn/known-hosts.zeek index 493784a859..702ab59ca3 100644 --- a/scripts/policy/protocols/conn/known-hosts.zeek +++ b/scripts/policy/protocols/conn/known-hosts.zeek @@ -28,22 +28,22 @@ export { const use_host_store = T &redef; ## The hosts whose existence should be logged and tracked. - ## See :bro:type:`Host` for possible choices. + ## See :zeek:type:`Host` for possible choices. option host_tracking = LOCAL_HOSTS; ## Holds the set of all known hosts. Keys in the store are addresses ## and their associated value will always be the "true" boolean. global host_store: Cluster::StoreInfo; - ## The Broker topic name to use for :bro:see:`Known::host_store`. + ## The Broker topic name to use for :zeek:see:`Known::host_store`. const host_store_name = "bro/known/hosts" &redef; - ## The expiry interval of new entries in :bro:see:`Known::host_store`. + ## The expiry interval of new entries in :zeek:see:`Known::host_store`. ## This also changes the interval at which hosts get logged. const host_store_expiry = 1day &redef; ## The timeout interval to use for operations against - ## :bro:see:`Known::host_store`. + ## :zeek:see:`Known::host_store`. option host_store_timeout = 15sec; ## The set of all known addresses to store for preventing duplicate @@ -56,7 +56,7 @@ export { ## proxy nodes. global hosts: set[addr] &create_expire=1day &redef; - ## An event that can be handled to access the :bro:type:`Known::HostsInfo` + ## An event that can be handled to access the :zeek:type:`Known::HostsInfo` ## record as it is sent on to the logging framework. global log_known_hosts: event(rec: HostsInfo); } diff --git a/scripts/policy/protocols/conn/known-services.zeek b/scripts/policy/protocols/conn/known-services.zeek index 63d9f7fa71..767962b791 100644 --- a/scripts/policy/protocols/conn/known-services.zeek +++ b/scripts/policy/protocols/conn/known-services.zeek @@ -34,7 +34,7 @@ export { const use_service_store = T &redef; ## The hosts whose services should be tracked and logged. - ## See :bro:type:`Host` for possible choices. + ## See :zeek:type:`Host` for possible choices. option service_tracking = LOCAL_HOSTS; type AddrPortPair: record { @@ -43,19 +43,19 @@ export { }; ## Holds the set of all known services. Keys in the store are - ## :bro:type:`Known::AddrPortPair` and their associated value is + ## :zeek:type:`Known::AddrPortPair` and their associated value is ## always the boolean value of "true". global service_store: Cluster::StoreInfo; - ## The Broker topic name to use for :bro:see:`Known::service_store`. + ## The Broker topic name to use for :zeek:see:`Known::service_store`. const service_store_name = "bro/known/services" &redef; - ## The expiry interval of new entries in :bro:see:`Known::service_store`. + ## The expiry interval of new entries in :zeek:see:`Known::service_store`. ## This also changes the interval at which services get logged. const service_store_expiry = 1day &redef; ## The timeout interval to use for operations against - ## :bro:see:`Known::service_store`. + ## :zeek:see:`Known::service_store`. option service_store_timeout = 15sec; ## Tracks the set of daily-detected services for preventing the logging @@ -68,7 +68,7 @@ export { ## This set is automatically populated and shouldn't be directly modified. global services: set[addr, port] &create_expire=1day; - ## Event that can be handled to access the :bro:type:`Known::ServicesInfo` + ## Event that can be handled to access the :zeek:type:`Known::ServicesInfo` ## record as it is sent on to the logging framework. global log_known_services: event(rec: ServicesInfo); } diff --git a/scripts/policy/protocols/dhcp/deprecated_events.zeek b/scripts/policy/protocols/dhcp/deprecated_events.zeek index 941e5c72c3..553d13bc05 100644 --- a/scripts/policy/protocols/dhcp/deprecated_events.zeek +++ b/scripts/policy/protocols/dhcp/deprecated_events.zeek @@ -11,9 +11,9 @@ ## .. note:: This type is included to support the deprecated events dhcp_ack, ## dhcp_decline, dhcp_discover, dhcp_inform, dhcp_nak, dhcp_offer, ## dhcp_release and dhcp_request and is thus similarly deprecated -## itself. Use :bro:see:`dhcp_message` instead. +## itself. Use :zeek:see:`dhcp_message` instead. ## -## .. bro:see:: dhcp_message dhcp_ack dhcp_decline dhcp_discover +## .. zeek:see:: dhcp_message dhcp_ack dhcp_decline dhcp_discover ## dhcp_inform dhcp_nak dhcp_offer dhcp_release dhcp_request type dhcp_msg: record { op: count; ##< Message OP code. 1 = BOOTREQUEST, 2 = BOOTREPLY @@ -28,9 +28,9 @@ type dhcp_msg: record { ## ## .. note:: This type is included to support the deprecated events dhcp_ack ## and dhcp_offer and is thus similarly deprecated -## itself. Use :bro:see:`dhcp_message` instead. +## itself. Use :zeek:see:`dhcp_message` instead. ## -## .. bro:see:: dhcp_message dhcp_ack dhcp_offer +## .. zeek:see:: dhcp_message dhcp_ack dhcp_offer type dhcp_router_list: table[count] of addr; ## Generated for DHCP messages of type *DHCPDISCOVER* (client broadcast to locate @@ -44,7 +44,7 @@ type dhcp_router_list: table[count] of addr; ## ## host_name: The value of the host name option, if specified by the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_decline dhcp_ack dhcp_nak dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -74,7 +74,7 @@ global dhcp_discover: event(c: connection, msg: dhcp_msg, req_addr: addr, host_n ## host_name: Optional host name value. May differ from the host name requested ## from the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_request dhcp_decline +## .. zeek:see:: dhcp_message dhcp_discover dhcp_request dhcp_decline ## dhcp_ack dhcp_nak dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -101,7 +101,7 @@ global dhcp_offer: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_ ## ## host_name: The value of the host name option, if specified by the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_decline +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_decline ## dhcp_ack dhcp_nak dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -122,7 +122,7 @@ global dhcp_request: event(c: connection, msg: dhcp_msg, req_addr: addr, serv_ad ## ## host_name: Optional host name value. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_ack dhcp_nak dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -152,7 +152,7 @@ global dhcp_decline: event(c: connection, msg: dhcp_msg, host_name: string) &dep ## host_name: Optional host name value. May differ from the host name requested ## from the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_decline dhcp_nak dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -170,7 +170,7 @@ global dhcp_ack: event(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_ro ## ## host_name: Optional host name value. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_decline dhcp_ack dhcp_release dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -191,7 +191,7 @@ global dhcp_nak: event(c: connection, msg: dhcp_msg, host_name: string) &depreca ## ## host_name: The value of the host name option, if specified by the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_decline dhcp_ack dhcp_nak dhcp_inform ## ## .. note:: This event has been deprecated, and will be removed in the next version. @@ -209,7 +209,7 @@ global dhcp_release: event(c: connection, msg: dhcp_msg, host_name: string) &dep ## ## host_name: The value of the host name option, if specified by the client. ## -## .. bro:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request +## .. zeek:see:: dhcp_message dhcp_discover dhcp_offer dhcp_request ## dhcp_decline dhcp_ack dhcp_nak dhcp_release ## ## .. note:: This event has been deprecated, and will be removed in the next version. diff --git a/scripts/policy/protocols/dns/detect-external-names.zeek b/scripts/policy/protocols/dns/detect-external-names.zeek index ea56e5676f..9533f396a2 100644 --- a/scripts/policy/protocols/dns/detect-external-names.zeek +++ b/scripts/policy/protocols/dns/detect-external-names.zeek @@ -1,6 +1,6 @@ ##! This script detects names which are not within zones considered to be ##! local but resolving to addresses considered local. -##! The :bro:id:`Site::local_zones` variable **must** be set appropriately for +##! The :zeek:id:`Site::local_zones` variable **must** be set appropriately for ##! this detection. @load base/frameworks/notice @@ -11,7 +11,7 @@ module DNS; export { redef enum Notice::Type += { ## Raised when a non-local name is found to be pointing at a - ## local host. The :bro:id:`Site::local_zones` variable + ## local host. The :zeek:id:`Site::local_zones` variable ## **must** be set appropriately for this detection. External_Name, }; diff --git a/scripts/policy/protocols/http/detect-sqli.zeek b/scripts/policy/protocols/http/detect-sqli.zeek index 3ad9efbfe2..5baf6b89ab 100644 --- a/scripts/policy/protocols/http/detect-sqli.zeek +++ b/scripts/policy/protocols/http/detect-sqli.zeek @@ -35,7 +35,7 @@ export { const sqli_requests_threshold: double = 50.0 &redef; ## Interval at which to watch for the - ## :bro:id:`HTTP::sqli_requests_threshold` variable to be crossed. + ## :zeek:id:`HTTP::sqli_requests_threshold` variable to be crossed. ## At the end of each interval the counter is reset. const sqli_requests_interval = 5min &redef; diff --git a/scripts/policy/protocols/smtp/entities-excerpt.zeek b/scripts/policy/protocols/smtp/entities-excerpt.zeek index f4ee2b07d5..4dad6d3e39 100644 --- a/scripts/policy/protocols/smtp/entities-excerpt.zeek +++ b/scripts/policy/protocols/smtp/entities-excerpt.zeek @@ -13,7 +13,7 @@ export { ## This is the default value for how much of the entity body should be ## included for all MIME entities. The lesser of this value and - ## :bro:see:`default_file_bof_buffer_size` will be used. + ## :zeek:see:`default_file_bof_buffer_size` will be used. option default_entity_excerpt_len = 0; } diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.zeek b/scripts/policy/protocols/ssh/detect-bruteforcing.zeek index 208f3db04c..4368258b98 100644 --- a/scripts/policy/protocols/ssh/detect-bruteforcing.zeek +++ b/scripts/policy/protocols/ssh/detect-bruteforcing.zeek @@ -11,7 +11,7 @@ module SSH; export { redef enum Notice::Type += { ## Indicates that a host has been identified as crossing the - ## :bro:id:`SSH::password_guesses_limit` threshold with + ## :zeek:id:`SSH::password_guesses_limit` threshold with ## failed logins. Password_Guessing, ## Indicates that a host previously identified as a "password diff --git a/scripts/policy/protocols/ssh/geo-data.zeek b/scripts/policy/protocols/ssh/geo-data.zeek index af9e05f011..5c98f62229 100644 --- a/scripts/policy/protocols/ssh/geo-data.zeek +++ b/scripts/policy/protocols/ssh/geo-data.zeek @@ -8,7 +8,7 @@ module SSH; export { redef enum Notice::Type += { ## If an SSH login is seen to or from a "watched" country based - ## on the :bro:id:`SSH::watched_countries` variable then this + ## on the :zeek:id:`SSH::watched_countries` variable then this ## notice will be generated. Watched_Country_Login, }; diff --git a/scripts/policy/protocols/ssh/interesting-hostnames.zeek b/scripts/policy/protocols/ssh/interesting-hostnames.zeek index 064556f9c4..92f7bfc1dd 100644 --- a/scripts/policy/protocols/ssh/interesting-hostnames.zeek +++ b/scripts/policy/protocols/ssh/interesting-hostnames.zeek @@ -12,7 +12,7 @@ export { redef enum Notice::Type += { ## Generated if a login originates or responds with a host where ## the reverse hostname lookup resolves to a name matched by the - ## :bro:id:`SSH::interesting_hostnames` regular expression. + ## :zeek:id:`SSH::interesting_hostnames` regular expression. Interesting_Hostname_Login, }; diff --git a/scripts/policy/protocols/ssl/expiring-certs.zeek b/scripts/policy/protocols/ssl/expiring-certs.zeek index 1e806942d7..630d23d145 100644 --- a/scripts/policy/protocols/ssl/expiring-certs.zeek +++ b/scripts/policy/protocols/ssl/expiring-certs.zeek @@ -15,7 +15,7 @@ export { ## and the certificate is now invalid. Certificate_Expired, ## Indicates that a certificate is going to expire within - ## :bro:id:`SSL::notify_when_cert_expiring_in`. + ## :zeek:id:`SSL::notify_when_cert_expiring_in`. Certificate_Expires_Soon, ## Indicates that a certificate's NotValidBefore date is future ## dated. @@ -30,7 +30,7 @@ export { option notify_certs_expiration = LOCAL_HOSTS; ## The time before a certificate is going to expire that you would like - ## to start receiving :bro:enum:`SSL::Certificate_Expires_Soon` notices. + ## to start receiving :zeek:enum:`SSL::Certificate_Expires_Soon` notices. option notify_when_cert_expiring_in = 30days; } diff --git a/scripts/policy/protocols/ssl/known-certs.zeek b/scripts/policy/protocols/ssl/known-certs.zeek index 3841b77d87..3a8ec75922 100644 --- a/scripts/policy/protocols/ssl/known-certs.zeek +++ b/scripts/policy/protocols/ssl/known-certs.zeek @@ -43,19 +43,19 @@ export { }; ## Holds the set of all known certificates. Keys in the store are of - ## type :bro:type:`Known::AddrCertHashPair` and their associated value is + ## type :zeek:type:`Known::AddrCertHashPair` and their associated value is ## always the boolean value of "true". global cert_store: Cluster::StoreInfo; - ## The Broker topic name to use for :bro:see:`Known::cert_store`. + ## The Broker topic name to use for :zeek:see:`Known::cert_store`. const cert_store_name = "bro/known/certs" &redef; - ## The expiry interval of new entries in :bro:see:`Known::cert_store`. + ## The expiry interval of new entries in :zeek:see:`Known::cert_store`. ## This also changes the interval at which certs get logged. option cert_store_expiry = 1day; ## The timeout interval to use for operations against - ## :bro:see:`Known::cert_store`. + ## :zeek:see:`Known::cert_store`. option cert_store_timeout = 15sec; ## The set of all known certificates to store for preventing duplicate diff --git a/scripts/zeexygen/README b/scripts/zeexygen/README new file mode 100644 index 0000000000..f099b09833 --- /dev/null +++ b/scripts/zeexygen/README @@ -0,0 +1,4 @@ +This package is loaded during the process which automatically generates +reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only +purpose is to provide an easy way to load all known Zeek scripts plus any +extra scripts needed or used by the documentation process. diff --git a/scripts/broxygen/__load__.zeek b/scripts/zeexygen/__load__.zeek similarity index 100% rename from scripts/broxygen/__load__.zeek rename to scripts/zeexygen/__load__.zeek diff --git a/scripts/broxygen/example.zeek b/scripts/zeexygen/example.zeek similarity index 88% rename from scripts/broxygen/example.zeek rename to scripts/zeexygen/example.zeek index d241051b7d..69affed96a 100644 --- a/scripts/broxygen/example.zeek +++ b/scripts/zeexygen/example.zeek @@ -1,4 +1,4 @@ -##! This is an example script that demonstrates Broxygen-style +##! This is an example script that demonstrates Zeexygen-style ##! documentation. It generally will make most sense when viewing ##! the script's raw source code and comparing to the HTML-rendered ##! version. @@ -11,14 +11,14 @@ ##! .. tip:: You can embed directives and roles within ``##``-stylized comments. ##! ##! There's also a custom role to reference any identifier node in -##! the Bro Sphinx domain that's good for "see alsos", e.g. +##! the Zeek Sphinx domain that's good for "see alsos", e.g. ##! -##! See also: :bro:see:`BroxygenExample::a_var`, -##! :bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info` +##! See also: :zeek:see:`ZeexygenExample::a_var`, +##! :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` ##! ##! And a custom directive does the equivalent references: ##! -##! .. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info +##! .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info # Comments that use a single pound sign (#) are not significant to # a script's auto-generated documentation, but ones that use a @@ -30,7 +30,7 @@ # variable declarations to associate with the last-declared identifier. # # Generally, the auto-doc comments (##) are associated with the -# next declaration/identifier found in the script, but Broxygen +# next declaration/identifier found in the script, but Zeexygen # will track/render identifiers regardless of whether they have any # of these special comments associated with them. # @@ -49,19 +49,19 @@ # "module" statements are self-documenting, don't use any ``##`` style # comments with them. -module BroxygenExample; +module ZeexygenExample; # Redefinitions of "Notice::Type" are self-documenting, but # more information can be supplied in two different ways. redef enum Notice::Type += { ## Any number of this type of comment - ## will document "Broxygen_One". - Broxygen_One, - Broxygen_Two, ##< Any number of this type of comment - ##< will document "BROXYGEN_TWO". - Broxygen_Three, + ## will document "Zeexygen_One". + Zeexygen_One, + Zeexygen_Two, ##< Any number of this type of comment + ##< will document "ZEEXYGEN_TWO". + Zeexygen_Three, ## Omitting comments is fine, and so is mixing ``##`` and ``##<``, but - Broxygen_Four, ##< it's probably best to use only one style consistently. + Zeexygen_Four, ##< it's probably best to use only one style consistently. }; # All redefs are automatically tracked. Comments of the "##" form can be use @@ -110,7 +110,7 @@ export { type ComplexRecord: record { field1: count; ##< Counts something. field2: bool; ##< Toggles something. - field3: SimpleRecord; ##< Broxygen automatically tracks types + field3: SimpleRecord; ##< Zeexygen automatically tracks types ##< and cross-references are automatically ##< inserted in to generated docs. msg: string &default="blah"; ##< Attributes are self-documenting. @@ -163,9 +163,9 @@ export { ## Summarize "an_event" here. ## Give more details about "an_event" here. ## - ## BroxygenExample::a_function should not be confused as a parameter + ## ZeexygenExample::a_function should not be confused as a parameter ## in the generated docs, but it also doesn't generate a cross-reference - ## link. Use the see role instead: :bro:see:`BroxygenExample::a_function`. + ## link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. ## ## name: Describe the argument here. global an_event: event(name: string); diff --git a/src/Attr.cc b/src/Attr.cc index 47ea7d4f06..2f9673346c 100644 --- a/src/Attr.cc +++ b/src/Attr.cc @@ -51,7 +51,7 @@ void Attr::Describe(ODesc* d) const void Attr::DescribeReST(ODesc* d) const { - d->Add(":bro:attr:`"); + d->Add(":zeek:attr:`"); AddTag(d); d->Add("`"); @@ -64,14 +64,14 @@ void Attr::DescribeReST(ODesc* d) const if ( expr->Tag() == EXPR_NAME ) { - d->Add(":bro:see:`"); + d->Add(":zeek:see:`"); expr->Describe(d); d->Add("`"); } else if ( expr->Type()->Tag() == TYPE_FUNC ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(expr->Type()->AsFuncType()->FlavorString()); d->Add("`"); } diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index da7042f956..94aca30eb9 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -143,7 +143,7 @@ set(bro_PLUGIN_LIBS CACHE INTERNAL "plugin libraries" FORCE) add_subdirectory(analyzer) add_subdirectory(broker) -add_subdirectory(broxygen) +add_subdirectory(zeexygen) add_subdirectory(file_analysis) add_subdirectory(input) add_subdirectory(iosource) diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index 07590590df..baddd2bdd8 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -18,7 +18,7 @@ DebugLogger::Stream DebugLogger::streams[NUM_DBGS] = { { "dpd", 0, false }, { "tm", 0, false }, { "logging", 0, false }, {"input", 0, false }, { "threading", 0, false }, { "file_analysis", 0, false }, - { "plugins", 0, false }, { "broxygen", 0, false }, + { "plugins", 0, false }, { "zeexygen", 0, false }, { "pktio", 0, false }, { "broker", 0, false }, { "scripts", 0, false} }; diff --git a/src/DebugLogger.h b/src/DebugLogger.h index 1eb8e30417..8026e8ba3c 100644 --- a/src/DebugLogger.h +++ b/src/DebugLogger.h @@ -30,7 +30,7 @@ enum DebugStream { DBG_THREADING, // Threading system DBG_FILE_ANALYSIS, // File analysis DBG_PLUGINS, // Plugin system - DBG_BROXYGEN, // Broxygen + DBG_ZEEXYGEN, // Zeexygen DBG_PKTIO, // Packet sources and dumpers. DBG_BROKER, // Broker communication DBG_SCRIPTS, // Script initialization diff --git a/src/ID.cc b/src/ID.cc index fd99d7c937..24c1c829ff 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -14,7 +14,7 @@ #include "PersistenceSerializer.h" #include "Scope.h" #include "Traverse.h" -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" ID::ID(const char* arg_name, IDScope arg_scope, bool arg_is_export) { @@ -651,9 +651,9 @@ void ID::DescribeExtended(ODesc* d) const void ID::DescribeReSTShort(ODesc* d) const { if ( is_type ) - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); else - d->Add(":bro:id:`"); + d->Add(":zeek:id:`"); d->Add(name); d->Add("`"); @@ -661,7 +661,7 @@ void ID::DescribeReSTShort(ODesc* d) const if ( type ) { d->Add(": "); - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); if ( ! is_type && ! type->GetName().empty() ) d->Add(type->GetName().c_str()); @@ -682,7 +682,7 @@ void ID::DescribeReSTShort(ODesc* d) const if ( is_type ) d->Add(type_name(t)); else - d->Add(broxygen_mgr->GetEnumTypeName(Name()).c_str()); + d->Add(zeexygen_mgr->GetEnumTypeName(Name()).c_str()); break; default: @@ -706,18 +706,18 @@ void ID::DescribeReST(ODesc* d, bool roles_only) const if ( roles_only ) { if ( is_type ) - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); else - d->Add(":bro:id:`"); + d->Add(":zeek:id:`"); d->Add(name); d->Add("`"); } else { if ( is_type ) - d->Add(".. bro:type:: "); + d->Add(".. zeek:type:: "); else - d->Add(".. bro:id:: "); + d->Add(".. zeek:id:: "); d->Add(name); } @@ -730,7 +730,7 @@ void ID::DescribeReST(ODesc* d, bool roles_only) const if ( ! is_type && ! type->GetName().empty() ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(type->GetName()); d->Add("`"); } diff --git a/src/Type.cc b/src/Type.cc index 741f1cfc0f..0bc7d0e3fe 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -8,8 +8,8 @@ #include "Scope.h" #include "Serializer.h" #include "Reporter.h" -#include "broxygen/Manager.h" -#include "broxygen/utils.h" +#include "zeexygen/Manager.h" +#include "zeexygen/utils.h" #include #include @@ -190,7 +190,7 @@ void BroType::Describe(ODesc* d) const void BroType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(fmt(":bro:type:`%s`", type_name(Tag()))); + d->Add(fmt(":zeek:type:`%s`", type_name(Tag()))); } void BroType::SetError() @@ -478,7 +478,7 @@ void IndexType::Describe(ODesc* d) const void IndexType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); if ( IsSet() ) d->Add("set"); @@ -497,7 +497,7 @@ void IndexType::DescribeReST(ODesc* d, bool roles_only) const if ( ! t->GetName().empty() ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(t->GetName()); d->Add("`"); } @@ -513,7 +513,7 @@ void IndexType::DescribeReST(ODesc* d, bool roles_only) const if ( ! yield_type->GetName().empty() ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(yield_type->GetName()); d->Add("`"); } @@ -800,7 +800,7 @@ void FuncType::Describe(ODesc* d) const void FuncType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(FlavorString()); d->Add("`"); d->Add(" ("); @@ -813,7 +813,7 @@ void FuncType::DescribeReST(ODesc* d, bool roles_only) const if ( ! yield->GetName().empty() ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(yield->GetName()); d->Add("`"); } @@ -957,7 +957,7 @@ void TypeDecl::DescribeReST(ODesc* d, bool roles_only) const if ( ! type->GetName().empty() ) { - d->Add(":bro:type:`"); + d->Add(":zeek:type:`"); d->Add(type->GetName()); d->Add("`"); } @@ -1073,7 +1073,7 @@ void RecordType::Describe(ODesc* d) const void RecordType::DescribeReST(ODesc* d, bool roles_only) const { d->PushType(this); - d->Add(":bro:type:`record`"); + d->Add(":zeek:type:`record`"); if ( num_fields == 0 ) return; @@ -1197,8 +1197,8 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const if ( func_args ) continue; - using broxygen::IdentifierInfo; - IdentifierInfo* doc = broxygen_mgr->GetIdentifierInfo(GetName()); + using zeexygen::IdentifierInfo; + IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(GetName()); if ( ! doc ) { @@ -1217,7 +1217,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const field_from_script != type_from_script ) { d->PushIndent(); - d->Add(broxygen::redef_indication(field_from_script).c_str()); + d->Add(zeexygen::redef_indication(field_from_script).c_str()); d->PopIndent(); } @@ -1237,7 +1237,7 @@ void RecordType::DescribeFieldsReST(ODesc* d, bool func_args) const { string s = cmnts[i]; - if ( broxygen::prettify_params(s) ) + if ( zeexygen::prettify_params(s) ) d->NL(); d->Add(s.c_str()); @@ -1405,7 +1405,7 @@ void OpaqueType::Describe(ODesc* d) const void OpaqueType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(fmt(":bro:type:`%s` of %s", type_name(Tag()), name.c_str())); + d->Add(fmt(":zeek:type:`%s` of %s", type_name(Tag()), name.c_str())); } IMPLEMENT_SERIAL(OpaqueType, SER_OPAQUE_TYPE); @@ -1505,7 +1505,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, if ( deprecated ) id->MakeDeprecated(); - broxygen_mgr->Identifier(id); + zeexygen_mgr->Identifier(id); } else { @@ -1597,7 +1597,7 @@ EnumVal* EnumType::GetVal(bro_int_t i) void EnumType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(":bro:type:`enum`"); + d->Add(":zeek:type:`enum`"); // Create temporary, reverse name map so that enums can be documented // in ascending order of their actual integral value instead of by name. @@ -1614,12 +1614,12 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const d->PushIndent(); if ( roles_only ) - d->Add(fmt(":bro:enum:`%s`", it->second.c_str())); + d->Add(fmt(":zeek:enum:`%s`", it->second.c_str())); else - d->Add(fmt(".. bro:enum:: %s %s", it->second.c_str(), GetName().c_str())); + d->Add(fmt(".. zeek:enum:: %s %s", it->second.c_str(), GetName().c_str())); - using broxygen::IdentifierInfo; - IdentifierInfo* doc = broxygen_mgr->GetIdentifierInfo(it->second); + using zeexygen::IdentifierInfo; + IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(it->second); if ( ! doc ) { @@ -1634,7 +1634,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const if ( doc->GetDeclaringScript() ) enum_from_script = doc->GetDeclaringScript()->Name(); - IdentifierInfo* type_doc = broxygen_mgr->GetIdentifierInfo(GetName()); + IdentifierInfo* type_doc = zeexygen_mgr->GetIdentifierInfo(GetName()); if ( type_doc && type_doc->GetDeclaringScript() ) type_from_script = type_doc->GetDeclaringScript()->Name(); @@ -1644,7 +1644,7 @@ void EnumType::DescribeReST(ODesc* d, bool roles_only) const { d->NL(); d->PushIndent(); - d->Add(broxygen::redef_indication(enum_from_script).c_str()); + d->Add(zeexygen::redef_indication(enum_from_script).c_str()); d->PopIndent(); } @@ -1818,12 +1818,12 @@ void VectorType::Describe(ODesc* d) const void VectorType::DescribeReST(ODesc* d, bool roles_only) const { - d->Add(fmt(":bro:type:`%s` of ", type_name(Tag()))); + d->Add(fmt(":zeek:type:`%s` of ", type_name(Tag()))); if ( yield_type->GetName().empty() ) yield_type->DescribeReST(d, roles_only); else - d->Add(fmt(":bro:type:`%s`", yield_type->GetName().c_str())); + d->Add(fmt(":zeek:type:`%s`", yield_type->GetName().c_str())); } BroType* base_type_no_ref(TypeTag tag) diff --git a/src/analyzer/protocol/arp/events.bif b/src/analyzer/protocol/arp/events.bif index efee33d7f4..e12d0acd1c 100644 --- a/src/analyzer/protocol/arp/events.bif +++ b/src/analyzer/protocol/arp/events.bif @@ -15,7 +15,7 @@ ## ## THA: The target hardware address. ## -## .. bro:see:: arp_reply bad_arp +## .. zeek:see:: arp_reply bad_arp event arp_request%(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string%); @@ -36,7 +36,7 @@ event arp_request%(mac_src: string, mac_dst: string, SPA: addr, SHA: string, ## ## THA: The target hardware address. ## -## .. bro:see:: arp_request bad_arp +## .. zeek:see:: arp_request bad_arp event arp_reply%(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string%); @@ -54,7 +54,7 @@ event arp_reply%(mac_src: string, mac_dst: string, SPA: addr, SHA: string, ## ## explanation: A short description of why the ARP packet is considered "bad". ## -## .. bro:see:: arp_reply arp_request +## .. zeek:see:: arp_reply arp_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet diff --git a/src/analyzer/protocol/bittorrent/events.bif b/src/analyzer/protocol/bittorrent/events.bif index 8c4ddc146f..d86b497437 100644 --- a/src/analyzer/protocol/bittorrent/events.bif +++ b/src/analyzer/protocol/bittorrent/events.bif @@ -3,7 +3,7 @@ ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_have bittorrent_peer_interested bittorrent_peer_keep_alive ## bittorrent_peer_not_interested bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -16,7 +16,7 @@ event bittorrent_peer_handshake%(c: connection, is_orig: bool, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_not_interested bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -28,7 +28,7 @@ event bittorrent_peer_keep_alive%(c: connection, is_orig: bool%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -40,7 +40,7 @@ event bittorrent_peer_choke%(c: connection, is_orig: bool%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request @@ -52,7 +52,7 @@ event bittorrent_peer_unchoke%(c: connection, is_orig: bool%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_keep_alive ## bittorrent_peer_not_interested bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -64,7 +64,7 @@ event bittorrent_peer_interested%(c: connection, is_orig: bool%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -76,7 +76,7 @@ event bittorrent_peer_not_interested%(c: connection, is_orig: bool%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_interested bittorrent_peer_keep_alive ## bittorrent_peer_not_interested bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -88,7 +88,7 @@ event bittorrent_peer_have%(c: connection, is_orig: bool, piece_index: count%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_cancel bittorrent_peer_choke bittorrent_peer_handshake +## .. zeek:see:: bittorrent_peer_cancel bittorrent_peer_choke bittorrent_peer_handshake ## bittorrent_peer_have bittorrent_peer_interested bittorrent_peer_keep_alive ## bittorrent_peer_not_interested bittorrent_peer_piece bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -100,7 +100,7 @@ event bittorrent_peer_bitfield%(c: connection, is_orig: bool, bitfield: string%) ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_unchoke bittorrent_peer_unknown @@ -113,7 +113,7 @@ event bittorrent_peer_request%(c: connection, is_orig: bool, index: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_port ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -126,7 +126,7 @@ event bittorrent_peer_piece%(c: connection, is_orig: bool, index: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -139,7 +139,7 @@ event bittorrent_peer_cancel%(c: connection, is_orig: bool, index: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_request bittorrent_peer_unchoke bittorrent_peer_unknown @@ -151,7 +151,7 @@ event bittorrent_peer_port%(c: connection, is_orig: bool, listen_port: port%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -164,7 +164,7 @@ event bittorrent_peer_unknown%(c: connection, is_orig: bool, message_id: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -176,7 +176,7 @@ event bittorrent_peer_weird%(c: connection, is_orig: bool, msg: string%); ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -189,7 +189,7 @@ event bt_tracker_request%(c: connection, uri: string, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -204,7 +204,7 @@ event bt_tracker_response%(c: connection, status: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke @@ -217,7 +217,7 @@ event bt_tracker_response_not_ok%(c: connection, status: count, ## See `Wikipedia `__ for ## more information about the BitTorrent protocol. ## -## .. bro:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke +## .. zeek:see:: bittorrent_peer_bitfield bittorrent_peer_cancel bittorrent_peer_choke ## bittorrent_peer_handshake bittorrent_peer_have bittorrent_peer_interested ## bittorrent_peer_keep_alive bittorrent_peer_not_interested bittorrent_peer_piece ## bittorrent_peer_port bittorrent_peer_request bittorrent_peer_unchoke diff --git a/src/analyzer/protocol/conn-size/events.bif b/src/analyzer/protocol/conn-size/events.bif index 38b263db57..9b1007ec3b 100644 --- a/src/analyzer/protocol/conn-size/events.bif +++ b/src/analyzer/protocol/conn-size/events.bif @@ -8,7 +8,7 @@ ## ## is_orig: true if the threshold was crossed by the originator of the connection ## -## .. bro:see:: set_current_conn_packets_threshold set_current_conn_bytes_threshold conn_packets_threshold_crossed +## .. zeek:see:: set_current_conn_packets_threshold set_current_conn_bytes_threshold conn_packets_threshold_crossed ## get_current_conn_bytes_threshold get_current_conn_packets_threshold event conn_bytes_threshold_crossed%(c: connection, threshold: count, is_orig: bool%); @@ -22,6 +22,6 @@ event conn_bytes_threshold_crossed%(c: connection, threshold: count, is_orig: bo ## ## is_orig: true if the threshold was crossed by the originator of the connection ## -## .. bro:see:: set_current_conn_packets_threshold set_current_conn_bytes_threshold conn_bytes_threshold_crossed +## .. zeek:see:: set_current_conn_packets_threshold set_current_conn_bytes_threshold conn_bytes_threshold_crossed ## get_current_conn_bytes_threshold get_current_conn_packets_threshold event conn_packets_threshold_crossed%(c: connection, threshold: count, is_orig: bool%); diff --git a/src/analyzer/protocol/conn-size/functions.bif b/src/analyzer/protocol/conn-size/functions.bif index d4ad045da7..9dc91bb722 100644 --- a/src/analyzer/protocol/conn-size/functions.bif +++ b/src/analyzer/protocol/conn-size/functions.bif @@ -26,7 +26,7 @@ static analyzer::Analyzer* GetConnsizeAnalyzer(Val* cid) ## ## is_orig: If true, threshold is set for bytes from originator, otherwhise for bytes from responder. ## -## .. bro:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed +## .. zeek:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed ## get_current_conn_bytes_threshold get_current_conn_packets_threshold function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool %{ @@ -49,7 +49,7 @@ function set_current_conn_bytes_threshold%(cid: conn_id, threshold: count, is_or ## ## is_orig: If true, threshold is set for packets from originator, otherwhise for packets from responder. ## -## .. bro:see:: set_current_conn_bytes_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed +## .. zeek:see:: set_current_conn_bytes_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed ## get_current_conn_bytes_threshold get_current_conn_packets_threshold function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_orig: bool%): bool %{ @@ -70,7 +70,7 @@ function set_current_conn_packets_threshold%(cid: conn_id, threshold: count, is_ ## ## Returns: 0 if no threshold is set or the threshold in bytes ## -## .. bro:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed +## .. zeek:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed ## get_current_conn_packets_threshold function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count %{ @@ -89,7 +89,7 @@ function get_current_conn_bytes_threshold%(cid: conn_id, is_orig: bool%): count ## ## Returns: 0 if no threshold is set or the threshold in packets ## -## .. bro:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed +## .. zeek:see:: set_current_conn_packets_threshold conn_bytes_threshold_crossed conn_packets_threshold_crossed ## get_current_conn_bytes_threshold function get_current_conn_packets_threshold%(cid: conn_id, is_orig: bool%): count %{ diff --git a/src/analyzer/protocol/dce-rpc/events.bif b/src/analyzer/protocol/dce-rpc/events.bif index 1e4a4e0d51..1f2b61255c 100644 --- a/src/analyzer/protocol/dce-rpc/events.bif +++ b/src/analyzer/protocol/dce-rpc/events.bif @@ -12,7 +12,7 @@ ## ## ptype: Enum representation of the prodecure type of the message. ## -## .. bro:see:: dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response +## .. zeek:see:: dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response event dce_rpc_message%(c: connection, is_orig: bool, fid: count, ptype_id: count, ptype: DCE_RPC::PType%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` bind request message. @@ -33,7 +33,7 @@ event dce_rpc_message%(c: connection, is_orig: bool, fid: count, ptype_id: count ## ## ver_minor: The minor version of the endpoint being requested. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind_ack dce_rpc_request dce_rpc_response +## .. zeek:see:: dce_rpc_message dce_rpc_bind_ack dce_rpc_request dce_rpc_response event dce_rpc_bind%(c: connection, fid: count, ctx_id: count, uuid: string, ver_major: count, ver_minor: count%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` alter context request message. @@ -54,7 +54,7 @@ event dce_rpc_bind%(c: connection, fid: count, ctx_id: count, uuid: string, ver_ ## ## ver_minor: The minor version of the endpoint being requested. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response dce_rpc_alter_context_resp +## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response dce_rpc_alter_context_resp event dce_rpc_alter_context%(c: connection, fid: count, ctx_id: count, uuid: string, ver_major: count, ver_minor: count%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` bind request ack message. @@ -67,7 +67,7 @@ event dce_rpc_alter_context%(c: connection, fid: count, ctx_id: count, uuid: str ## ## sec_addr: Secondary address for the ack. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_request dce_rpc_response +## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_request dce_rpc_response event dce_rpc_bind_ack%(c: connection, fid: count, sec_addr: string%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` alter context response message. @@ -78,7 +78,7 @@ event dce_rpc_bind_ack%(c: connection, fid: count, sec_addr: string%); ## message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was ## not transported over a pipe. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response dce_rpc_alter_context +## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response dce_rpc_alter_context event dce_rpc_alter_context_resp%(c: connection, fid: count%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` request message. @@ -95,7 +95,7 @@ event dce_rpc_alter_context_resp%(c: connection, fid: count%); ## ## stub_len: Length of the data for the request. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_response +## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_response event dce_rpc_request%(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count%); ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` response message. @@ -112,5 +112,5 @@ event dce_rpc_request%(c: connection, fid: count, ctx_id: count, opnum: count, s ## ## stub_len: Length of the data for the response. ## -## .. bro:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request +## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request event dce_rpc_response%(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count%); diff --git a/src/analyzer/protocol/dns/events.bif b/src/analyzer/protocol/dns/events.bif index 6fe741d4d9..1113ca2687 100644 --- a/src/analyzer/protocol/dns/events.bif +++ b/src/analyzer/protocol/dns/events.bif @@ -13,7 +13,7 @@ ## ## len: The length of the message's raw representation (i.e., the DNS payload). ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end ## dns_full_request dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -40,7 +40,7 @@ event dns_message%(c: connection, is_orig: bool, msg: dns_msg, len: count%); ## ## qclass: The queried resource record class. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end ## dns_full_request dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -69,7 +69,7 @@ event dns_request%(c: connection, msg: dns_msg, query: string, qtype: count, qcl ## ## qclass: The queried resource record class. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end ## dns_full_request dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -95,7 +95,7 @@ event dns_rejected%(c: connection, msg: dns_msg, query: string, qtype: count, qc ## ## qclass: The queried resource record class. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end ## dns_full_request dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -121,7 +121,7 @@ event dns_query_reply%(c: connection, msg: dns_msg, query: string, ## ## a: The address returned by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A6_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply +## .. zeek:see:: dns_AAAA_reply dns_A6_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply ## dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -146,7 +146,7 @@ event dns_A_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%); ## ## a: The address returned by the reply. ## -## .. bro:see:: dns_A_reply dns_A6_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply +## .. zeek:see:: dns_A_reply dns_A6_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply ## dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl ## dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered ## dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified @@ -171,7 +171,7 @@ event dns_AAAA_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%); ## ## a: The address returned by the reply. ## -## .. bro:see:: dns_A_reply dns_AAAA_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply +## .. zeek:see:: dns_A_reply dns_AAAA_reply dns_CNAME_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply ## dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl ## dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered ## dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified @@ -196,7 +196,7 @@ event dns_A6_reply%(c: connection, msg: dns_msg, ans: dns_answer, a: addr%); ## ## name: The name returned by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -221,7 +221,7 @@ event dns_NS_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string%) ## ## name: The name returned by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_EDNS_addl dns_HINFO_reply dns_MX_reply ## dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl ## dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered ## dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified @@ -246,7 +246,7 @@ event dns_CNAME_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: strin ## ## name: The name returned by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_SOA_reply dns_SRV_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -271,7 +271,7 @@ event dns_PTR_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string% ## ## soa: The parsed SOA value. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SRV_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -294,7 +294,7 @@ event dns_SOA_reply%(c: connection, msg: dns_msg, ans: dns_answer, soa: dns_soa% ## ## ans: The type-independent part of the parsed answer record. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -317,7 +317,7 @@ event dns_WKS_reply%(c: connection, msg: dns_msg, ans: dns_answer%); ## ## ans: The type-independent part of the parsed answer record. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl dns_MX_reply +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl dns_MX_reply ## dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl ## dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered ## dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified @@ -344,7 +344,7 @@ event dns_HINFO_reply%(c: connection, msg: dns_msg, ans: dns_answer%); ## ## preference: The preference for *name* specified by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -369,7 +369,7 @@ event dns_MX_reply%(c: connection, msg: dns_msg, ans: dns_answer, name: string, ## ## strs: The textual information returned by the reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -423,7 +423,7 @@ event dns_CAA_reply%(c: connection, msg: dns_msg, ans: dns_answer, flags: count, ## p: Port of the SRV response -- the TCP or UDP port on which the ## service is to be found. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -442,7 +442,7 @@ event dns_SRV_reply%(c: connection, msg: dns_msg, ans: dns_answer, target: strin ## ## ans: The type-independent part of the parsed answer record. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_SRV_reply dns_end event dns_unknown_reply%(c: connection, msg: dns_msg, ans: dns_answer%); @@ -461,7 +461,7 @@ event dns_unknown_reply%(c: connection, msg: dns_msg, ans: dns_answer%); ## ## ans: The parsed EDNS reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_HINFO_reply dns_MX_reply +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_HINFO_reply dns_MX_reply ## dns_NS_reply dns_PTR_reply dns_SOA_reply dns_SRV_reply dns_TSIG_addl ## dns_TXT_reply dns_WKS_reply dns_end dns_full_request dns_mapping_altered ## dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified @@ -484,7 +484,7 @@ event dns_EDNS_addl%(c: connection, msg: dns_msg, ans: dns_edns_additional%); ## ## ans: The parsed TSIG reply. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TXT_reply dns_WKS_reply dns_end dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name @@ -573,7 +573,7 @@ event dns_DS%(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr%); ## ## msg: The parsed DNS message header. ## -## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl +## .. zeek:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl ## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply ## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_full_request ## dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name diff --git a/src/analyzer/protocol/finger/events.bif b/src/analyzer/protocol/finger/events.bif index e495263b12..d1b9212c22 100644 --- a/src/analyzer/protocol/finger/events.bif +++ b/src/analyzer/protocol/finger/events.bif @@ -11,7 +11,7 @@ ## ## hostname: The request's host name. ## -## .. bro:see:: finger_reply +## .. zeek:see:: finger_reply ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet @@ -28,7 +28,7 @@ event finger_request%(c: connection, full: bool, username: string, hostname: str ## ## reply_line: The reply as returned by the server ## -## .. bro:see:: finger_request +## .. zeek:see:: finger_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet diff --git a/src/analyzer/protocol/ftp/events.bif b/src/analyzer/protocol/ftp/events.bif index 16faa417d3..6cc2317936 100644 --- a/src/analyzer/protocol/ftp/events.bif +++ b/src/analyzer/protocol/ftp/events.bif @@ -9,7 +9,7 @@ ## ## arg: The arguments going with the command. ## -## .. bro:see:: ftp_reply fmt_ftp_port parse_eftp_port +## .. zeek:see:: ftp_reply fmt_ftp_port parse_eftp_port ## parse_ftp_epsv parse_ftp_pasv parse_ftp_port event ftp_request%(c: connection, command: string, arg: string%); @@ -29,7 +29,7 @@ event ftp_request%(c: connection, command: string, arg: string%); ## to reassemble the pieces before processing the response any ## further. ## -## .. bro:see:: ftp_request fmt_ftp_port parse_eftp_port +## .. zeek:see:: ftp_request fmt_ftp_port parse_eftp_port ## parse_ftp_epsv parse_ftp_pasv parse_ftp_port event ftp_reply%(c: connection, code: count, msg: string, cont_resp: bool%); diff --git a/src/analyzer/protocol/ftp/functions.bif b/src/analyzer/protocol/ftp/functions.bif index 20c26b7c57..ad9c89fadb 100644 --- a/src/analyzer/protocol/ftp/functions.bif +++ b/src/analyzer/protocol/ftp/functions.bif @@ -117,20 +117,20 @@ static Val* parse_eftp(const char* line) %%} ## Converts a string representation of the FTP PORT command to an -## :bro:type:`ftp_port`. +## :zeek:type:`ftp_port`. ## ## s: The string of the FTP PORT command, e.g., ``"10,0,0,1,4,31"``. ## ## Returns: The FTP PORT, e.g., ``[h=10.0.0.1, p=1055/tcp, valid=T]``. ## -## .. bro:see:: parse_eftp_port parse_ftp_pasv parse_ftp_epsv fmt_ftp_port +## .. zeek:see:: parse_eftp_port parse_ftp_pasv parse_ftp_epsv fmt_ftp_port function parse_ftp_port%(s: string%): ftp_port %{ return parse_port(s->CheckString()); %} ## Converts a string representation of the FTP EPRT command (see :rfc:`2428`) -## to an :bro:type:`ftp_port`. The format is +## to an :zeek:type:`ftp_port`. The format is ## ``"EPRT"``, ## where ```` is a delimiter in the ASCII range 33-126 (usually ``|``). ## @@ -138,19 +138,19 @@ function parse_ftp_port%(s: string%): ftp_port ## ## Returns: The FTP PORT, e.g., ``[h=10.0.0.1, p=1055/tcp, valid=T]``. ## -## .. bro:see:: parse_ftp_port parse_ftp_pasv parse_ftp_epsv fmt_ftp_port +## .. zeek:see:: parse_ftp_port parse_ftp_pasv parse_ftp_epsv fmt_ftp_port function parse_eftp_port%(s: string%): ftp_port %{ return parse_eftp(s->CheckString()); %} -## Converts the result of the FTP PASV command to an :bro:type:`ftp_port`. +## Converts the result of the FTP PASV command to an :zeek:type:`ftp_port`. ## ## str: The string containing the result of the FTP PASV command. ## ## Returns: The FTP PORT, e.g., ``[h=10.0.0.1, p=1055/tcp, valid=T]``. ## -## .. bro:see:: parse_ftp_port parse_eftp_port parse_ftp_epsv fmt_ftp_port +## .. zeek:see:: parse_ftp_port parse_eftp_port parse_ftp_epsv fmt_ftp_port function parse_ftp_pasv%(str: string%): ftp_port %{ const char* s = str->CheckString(); @@ -170,14 +170,14 @@ function parse_ftp_pasv%(str: string%): ftp_port %} ## Converts the result of the FTP EPSV command (see :rfc:`2428`) to an -## :bro:type:`ftp_port`. The format is ``" ()"``, +## :zeek:type:`ftp_port`. The format is ``" ()"``, ## where ```` is a delimiter in the ASCII range 33-126 (usually ``|``). ## ## str: The string containing the result of the FTP EPSV command. ## ## Returns: The FTP PORT, e.g., ``[h=10.0.0.1, p=1055/tcp, valid=T]``. ## -## .. bro:see:: parse_ftp_port parse_eftp_port parse_ftp_pasv fmt_ftp_port +## .. zeek:see:: parse_ftp_port parse_eftp_port parse_ftp_pasv fmt_ftp_port function parse_ftp_epsv%(str: string%): ftp_port %{ const char* s = str->CheckString(); @@ -196,7 +196,7 @@ function parse_ftp_epsv%(str: string%): ftp_port ## ## Returns: The FTP PORT string. ## -## .. bro:see:: parse_ftp_port parse_eftp_port parse_ftp_pasv parse_ftp_epsv +## .. zeek:see:: parse_ftp_port parse_eftp_port parse_ftp_pasv parse_ftp_epsv function fmt_ftp_port%(a: addr, p: port%): string %{ const uint32* addr; diff --git a/src/analyzer/protocol/gnutella/events.bif b/src/analyzer/protocol/gnutella/events.bif index 9384f34e88..f09b0890c7 100644 --- a/src/analyzer/protocol/gnutella/events.bif +++ b/src/analyzer/protocol/gnutella/events.bif @@ -3,7 +3,7 @@ ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify +## .. zeek:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify ## gnutella_not_establish gnutella_partial_binary_msg gnutella_signature_found ## ## @@ -18,7 +18,7 @@ event gnutella_text_msg%(c: connection, orig: bool, headers: string%); ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_establish gnutella_http_notify gnutella_not_establish +## .. zeek:see:: gnutella_establish gnutella_http_notify gnutella_not_establish ## gnutella_partial_binary_msg gnutella_signature_found gnutella_text_msg ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -35,7 +35,7 @@ event gnutella_binary_msg%(c: connection, orig: bool, msg_type: count, ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify +## .. zeek:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify ## gnutella_not_establish gnutella_signature_found gnutella_text_msg ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -50,7 +50,7 @@ event gnutella_partial_binary_msg%(c: connection, orig: bool, ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_binary_msg gnutella_http_notify gnutella_not_establish +## .. zeek:see:: gnutella_binary_msg gnutella_http_notify gnutella_not_establish ## gnutella_partial_binary_msg gnutella_signature_found gnutella_text_msg ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -64,7 +64,7 @@ event gnutella_establish%(c: connection%); ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify +## .. zeek:see:: gnutella_binary_msg gnutella_establish gnutella_http_notify ## gnutella_partial_binary_msg gnutella_signature_found gnutella_text_msg ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -78,7 +78,7 @@ event gnutella_not_establish%(c: connection%); ## See `Wikipedia `__ for more ## information about the Gnutella protocol. ## -## .. bro:see:: gnutella_binary_msg gnutella_establish gnutella_not_establish +## .. zeek:see:: gnutella_binary_msg gnutella_establish gnutella_not_establish ## gnutella_partial_binary_msg gnutella_signature_found gnutella_text_msg ## ## .. todo:: Bro's current default configuration does not activate the protocol diff --git a/src/analyzer/protocol/http/events.bif b/src/analyzer/protocol/http/events.bif index ab005ba8d6..f86ee09ccd 100644 --- a/src/analyzer/protocol/http/events.bif +++ b/src/analyzer/protocol/http/events.bif @@ -2,7 +2,7 @@ ## Generated for HTTP requests. Bro supports persistent and pipelined HTTP ## sessions and raises corresponding events as it parses client/server ## dialogues. This event is generated as soon as a request's initial line has -## been parsed, and before any :bro:id:`http_header` events are raised. +## been parsed, and before any :zeek:id:`http_header` events are raised. ## ## See `Wikipedia `__ ## for more information about the HTTP protocol. @@ -17,7 +17,7 @@ ## ## version: The version number specified in the request (e.g., ``1.1``). ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_message_done http_reply http_stats ## truncate_http_URI http_connection_upgrade event http_request%(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string%); @@ -25,7 +25,7 @@ event http_request%(c: connection, method: string, original_URI: string, unescap ## Generated for HTTP replies. Bro supports persistent and pipelined HTTP ## sessions and raises corresponding events as it parses client/server ## dialogues. This event is generated as soon as a reply's initial line has -## been parsed, and before any :bro:id:`http_header` events are raised. +## been parsed, and before any :zeek:id:`http_header` events are raised. ## ## See `Wikipedia `__ ## for more information about the HTTP protocol. @@ -38,7 +38,7 @@ event http_request%(c: connection, method: string, original_URI: string, unescap ## ## reason: The textual description returned by the server along with *code*. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_message_done http_request ## http_stats http_connection_upgrade event http_reply%(c: connection, version: string, code: count, reason: string%); @@ -58,7 +58,7 @@ event http_reply%(c: connection, version: string, code: count, reason: string%); ## ## value: The value of the header. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_message_done http_reply http_request ## http_stats http_connection_upgrade ## @@ -81,7 +81,7 @@ event http_header%(c: connection, is_orig: bool, name: string, value: string%); ## The table is indexed by the position of the header (1 for the first, ## 2 for the second, etc.). ## -## .. bro:see:: http_begin_entity http_content_type http_end_entity http_entity_data +## .. zeek:see:: http_begin_entity http_content_type http_end_entity http_entity_data ## http_event http_header http_message_done http_reply http_request http_stats ## http_connection_upgrade ## @@ -103,7 +103,7 @@ event http_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%); ## is_orig: True if the entity was sent by the originator of the TCP ## connection. ## -## .. bro:see:: http_all_headers http_content_type http_end_entity http_entity_data +## .. zeek:see:: http_all_headers http_content_type http_end_entity http_entity_data ## http_event http_header http_message_done http_reply http_request http_stats ## mime_begin_entity http_connection_upgrade event http_begin_entity%(c: connection, is_orig: bool%); @@ -122,7 +122,7 @@ event http_begin_entity%(c: connection, is_orig: bool%); ## is_orig: True if the entity was sent by the originator of the TCP ## connection. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_entity_data +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_entity_data ## http_event http_header http_message_done http_reply http_request ## http_stats mime_end_entity http_connection_upgrade event http_end_entity%(c: connection, is_orig: bool%); @@ -134,7 +134,7 @@ event http_end_entity%(c: connection, is_orig: bool%); ## A common idiom for using this event is to first *reassemble* the data ## at the scripting layer by concatenating it to a successively growing ## string; and only perform further content analysis once the corresponding -## :bro:id:`http_end_entity` event has been raised. Note, however, that doing so +## :zeek:id:`http_end_entity` event has been raised. Note, however, that doing so ## can be quite expensive for HTTP tranders. At the very least, one should ## impose an upper size limit on how much data is being buffered. ## @@ -150,7 +150,7 @@ event http_end_entity%(c: connection, is_orig: bool%); ## ## data: One chunk of raw entity data. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_event http_header http_message_done http_reply http_request http_stats ## mime_entity_data http_entity_data_delivery_size skip_http_data ## http_connection_upgrade @@ -173,7 +173,7 @@ event http_entity_data%(c: connection, is_orig: bool, length: count, data: strin ## ## subty: The subtype. ## -## .. bro:see:: http_all_headers http_begin_entity http_end_entity http_entity_data +## .. zeek:see:: http_all_headers http_begin_entity http_end_entity http_entity_data ## http_event http_header http_message_done http_reply http_request http_stats ## http_connection_upgrade ## @@ -199,7 +199,7 @@ event http_content_type%(c: connection, is_orig: bool, ty: string, subty: string ## ## stat: Further meta information about the message. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_reply http_request http_stats ## http_connection_upgrade event http_message_done%(c: connection, is_orig: bool, stat: http_message_stat%); @@ -216,7 +216,7 @@ event http_message_done%(c: connection, is_orig: bool, stat: http_message_stat%) ## ## detail: Further more detailed description of the error. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_header http_message_done http_reply http_request ## http_stats mime_event http_connection_upgrade event http_event%(c: connection, event_type: string, detail: string%); @@ -230,7 +230,7 @@ event http_event%(c: connection, event_type: string, detail: string%); ## stats: Statistics summarizing HTTP-level properties of the finished ## connection. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_message_done http_reply ## http_request http_connection_upgrade event http_stats%(c: connection, stats: http_stats_rec%); @@ -243,7 +243,7 @@ event http_stats%(c: connection, stats: http_stats_rec%); ## ## protocol: The protocol to which the connection is switching. ## -## .. bro:see:: http_all_headers http_begin_entity http_content_type http_end_entity +## .. zeek:see:: http_all_headers http_begin_entity http_content_type http_end_entity ## http_entity_data http_event http_header http_message_done http_reply ## http_request event http_connection_upgrade%(c: connection, protocol: string%); diff --git a/src/analyzer/protocol/http/functions.bif b/src/analyzer/protocol/http/functions.bif index 6ef6fecb81..ff4f0015b7 100644 --- a/src/analyzer/protocol/http/functions.bif +++ b/src/analyzer/protocol/http/functions.bif @@ -9,7 +9,7 @@ ## ## is_orig: If true, the client data is skipped, and the server data otherwise. ## -## .. bro:see:: skip_smtp_data +## .. zeek:see:: skip_smtp_data function skip_http_entity_data%(c: connection, is_orig: bool%): any %{ analyzer::ID id = mgr.CurrentAnalyzer(); diff --git a/src/analyzer/protocol/icmp/events.bif b/src/analyzer/protocol/icmp/events.bif index bd55f17b27..ef7d2b7da5 100644 --- a/src/analyzer/protocol/icmp/events.bif +++ b/src/analyzer/protocol/icmp/events.bif @@ -12,10 +12,10 @@ ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## -## .. bro:see:: icmp_error_message icmp_sent_payload +## .. zeek:see:: icmp_error_message icmp_sent_payload event icmp_sent%(c: connection, icmp: icmp_conn%); -## The same as :bro:see:`icmp_sent` except containing the ICMP payload. +## The same as :zeek:see:`icmp_sent` except containing the ICMP payload. ## ## c: The connection record for the corresponding ICMP flow. ## @@ -24,7 +24,7 @@ event icmp_sent%(c: connection, icmp: icmp_conn%); ## ## payload: The payload of the ICMP message. ## -## .. bro:see:: icmp_error_message icmp_sent_payload +## .. zeek:see:: icmp_error_message icmp_sent_payload event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%); ## Generated for ICMP *echo request* messages. @@ -45,7 +45,7 @@ event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%); ## payload: The message-specific data of the packet payload, i.e., everything ## after the first 8 bytes of the ICMP header. ## -## .. bro:see:: icmp_echo_reply +## .. zeek:see:: icmp_echo_reply event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); ## Generated for ICMP *echo reply* messages. @@ -66,7 +66,7 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, ## payload: The message-specific data of the packet payload, i.e., everything ## after the first 8 bytes of the ICMP header. ## -## .. bro:see:: icmp_echo_request +## .. zeek:see:: icmp_echo_request event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); ## Generated for all ICMPv6 error messages that are not handled @@ -88,7 +88,7 @@ event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, pa ## context: A record with specifics of the original packet that the message ## refers to. ## -## .. bro:see:: icmp_unreachable icmp_packet_too_big +## .. zeek:see:: icmp_unreachable icmp_packet_too_big ## icmp_time_exceeded icmp_parameter_problem event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); @@ -112,7 +112,7 @@ event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: ## includes only a partial IP header for some reason, no ## fields of *context* will be filled out. ## -## .. bro:see:: icmp_error_message icmp_packet_too_big +## .. zeek:see:: icmp_error_message icmp_packet_too_big ## icmp_time_exceeded icmp_parameter_problem event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); @@ -136,7 +136,7 @@ event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: ic ## a partial IP header for some reason, no fields of *context* will ## be filled out. ## -## .. bro:see:: icmp_error_message icmp_unreachable +## .. zeek:see:: icmp_error_message icmp_unreachable ## icmp_time_exceeded icmp_parameter_problem event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); @@ -160,7 +160,7 @@ event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: ## only a partial IP header for some reason, no fields of *context* ## will be filled out. ## -## .. bro:see:: icmp_error_message icmp_unreachable icmp_packet_too_big +## .. zeek:see:: icmp_error_message icmp_unreachable icmp_packet_too_big ## icmp_parameter_problem event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); @@ -184,7 +184,7 @@ event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: ## includes only a partial IP header for some reason, no fields ## of *context* will be filled out. ## -## .. bro:see:: icmp_error_message icmp_unreachable icmp_packet_too_big +## .. zeek:see:: icmp_error_message icmp_unreachable icmp_packet_too_big ## icmp_time_exceeded event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); @@ -201,7 +201,7 @@ event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, conte ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## -## .. bro:see:: icmp_router_advertisement +## .. zeek:see:: icmp_router_advertisement ## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_nd_options%); @@ -239,7 +239,7 @@ event icmp_router_solicitation%(c: connection, icmp: icmp_conn, options: icmp6_n ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## -## .. bro:see:: icmp_router_solicitation +## .. zeek:see:: icmp_router_solicitation ## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval, options: icmp6_nd_options%); @@ -258,7 +258,7 @@ event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## -## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_advertisement icmp_redirect event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, options: icmp6_nd_options%); @@ -284,7 +284,7 @@ event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt: addr, opt ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## -## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_solicitation icmp_redirect event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr, options: icmp6_nd_options%); @@ -306,7 +306,7 @@ event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, ## ## options: Any Neighbor Discovery options included with message (:rfc:`4861`). ## -## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## .. zeek:see:: icmp_router_solicitation icmp_router_advertisement ## icmp_neighbor_solicitation icmp_neighbor_advertisement event icmp_redirect%(c: connection, icmp: icmp_conn, tgt: addr, dest: addr, options: icmp6_nd_options%); diff --git a/src/analyzer/protocol/ident/events.bif b/src/analyzer/protocol/ident/events.bif index 96a7f37a31..ecbf8efee8 100644 --- a/src/analyzer/protocol/ident/events.bif +++ b/src/analyzer/protocol/ident/events.bif @@ -9,7 +9,7 @@ ## ## rport: The request's remote port. ## -## .. bro:see:: ident_error ident_reply +## .. zeek:see:: ident_error ident_reply ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet @@ -32,7 +32,7 @@ event ident_request%(c: connection, lport: port, rport: port%); ## ## system: The operating system returned by the reply. ## -## .. bro:see:: ident_error ident_request +## .. zeek:see:: ident_error ident_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet @@ -53,7 +53,7 @@ event ident_reply%(c: connection, lport: port, rport: port, user_id: string, sys ## ## line: The error description returned by the reply. ## -## .. bro:see:: ident_reply ident_request +## .. zeek:see:: ident_reply ident_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet diff --git a/src/analyzer/protocol/irc/events.bif b/src/analyzer/protocol/irc/events.bif index be425817b2..d6af5fbae1 100644 --- a/src/analyzer/protocol/irc/events.bif +++ b/src/analyzer/protocol/irc/events.bif @@ -15,7 +15,7 @@ ## ## arguments: The arguments for the command. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -23,7 +23,7 @@ ## ## .. note:: This event is generated only for messages that originate ## at the client-side. Commands coming in from remote trigger -## the :bro:id:`irc_message` event instead. +## the :zeek:id:`irc_message` event instead. event irc_request%(c: connection, is_orig: bool, prefix: string, command: string, arguments: string%); @@ -45,7 +45,7 @@ event irc_request%(c: connection, is_orig: bool, prefix: string, ## ## params: The reply's parameters. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -69,7 +69,7 @@ event irc_reply%(c: connection, is_orig: bool, prefix: string, ## ## message: TODO. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -79,7 +79,7 @@ event irc_reply%(c: connection, is_orig: bool, prefix: string, ## ## This event is generated only for messages that are forwarded by the server ## to the client. Commands coming from client trigger the -## :bro:id:`irc_request` event instead. +## :zeek:id:`irc_request` event instead. event irc_message%(c: connection, is_orig: bool, prefix: string, command: string, message: string%); @@ -98,7 +98,7 @@ event irc_message%(c: connection, is_orig: bool, prefix: string, ## ## message: The text included with the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -122,7 +122,7 @@ event irc_quit_message%(c: connection, is_orig: bool, nick: string, message: str ## ## message: The text of communication. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -147,7 +147,7 @@ event irc_privmsg_message%(c: connection, is_orig: bool, source: string, ## ## message: The text of communication. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_oper_message irc_oper_response irc_part_message @@ -172,7 +172,7 @@ event irc_notice_message%(c: connection, is_orig: bool, source: string, ## ## message: The text of communication. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -193,7 +193,7 @@ event irc_squery_message%(c: connection, is_orig: bool, source: string, ## ## info_list: The user information coming with the command. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -217,7 +217,7 @@ event irc_join_message%(c: connection, is_orig: bool, info_list: irc_join_list%) ## ## message: The text coming with the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -240,7 +240,7 @@ event irc_part_message%(c: connection, is_orig: bool, nick: string, ## ## newnick: The new nickname. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -257,7 +257,7 @@ event irc_nick_message%(c: connection, is_orig: bool, who: string, newnick: stri ## is_orig: True if the command was sent by the originator of the TCP ## connection. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -280,7 +280,7 @@ event irc_invalid_nick%(c: connection, is_orig: bool%); ## ## servers: The number of servers as returned in the reply. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -304,7 +304,7 @@ event irc_network_info%(c: connection, is_orig: bool, users: count, ## ## servers: The number of servers as returned in the reply. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -324,7 +324,7 @@ event irc_server_info%(c: connection, is_orig: bool, users: count, ## ## chans: The number of channels as returned in the reply. ## -## .. bro:see:: irc_channel_topic irc_dcc_message irc_error_message irc_global_users +## .. zeek:see:: irc_channel_topic irc_dcc_message irc_error_message irc_global_users ## irc_invalid_nick irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -359,7 +359,7 @@ event irc_channel_info%(c: connection, is_orig: bool, chans: count%); ## ## real_name: The real name. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -386,7 +386,7 @@ event irc_who_line%(c: connection, is_orig: bool, target_nick: string, ## ## users: The set of users. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -406,7 +406,7 @@ event irc_names_info%(c: connection, is_orig: bool, c_type: string, ## ## nick: The nickname specified in the reply. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -427,7 +427,7 @@ event irc_whois_operator_line%(c: connection, is_orig: bool, nick: string%); ## ## chans: The set of channels returned. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -453,7 +453,7 @@ event irc_whois_channel_line%(c: connection, is_orig: bool, nick: string, ## ## real_name: The real name specified in the reply. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -474,7 +474,7 @@ event irc_whois_user_line%(c: connection, is_orig: bool, nick: string, ## got_oper: True if the *oper* command was executed successfully ## (*youreport*) and false otherwise (*nooperhost*). ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_part_message @@ -496,7 +496,7 @@ event irc_oper_response%(c: connection, is_orig: bool, got_oper: bool%); ## ## msg: The message coming with the reply. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_invalid_nick irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -517,7 +517,7 @@ event irc_global_users%(c: connection, is_orig: bool, prefix: string, msg: strin ## ## topic: The topic specified in the reply. ## -## .. bro:see:: irc_channel_info irc_dcc_message irc_error_message irc_global_users +## .. zeek:see:: irc_channel_info irc_dcc_message irc_error_message irc_global_users ## irc_invalid_nick irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -539,7 +539,7 @@ event irc_channel_topic%(c: connection, is_orig: bool, channel: string, topic: s ## ## oper: True if the operator flag was set. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -561,7 +561,7 @@ event irc_who_message%(c: connection, is_orig: bool, mask: string, oper: bool%); ## ## users: TODO. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -583,7 +583,7 @@ event irc_whois_message%(c: connection, is_orig: bool, server: string, users: st ## ## password: The password specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_response irc_part_message @@ -610,7 +610,7 @@ event irc_oper_message%(c: connection, is_orig: bool, user: string, password: st ## ## comment: The comment specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -634,7 +634,7 @@ event irc_kick_message%(c: connection, is_orig: bool, prefix: string, ## ## message: The textual description specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_global_users +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_global_users ## irc_invalid_nick irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -659,7 +659,7 @@ event irc_error_message%(c: connection, is_orig: bool, prefix: string, message: ## ## channel: The channel specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -683,7 +683,7 @@ event irc_invite_message%(c: connection, is_orig: bool, prefix: string, ## ## params: The parameters coming with the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -708,7 +708,7 @@ event irc_mode_message%(c: connection, is_orig: bool, prefix: string, params: st ## ## message: The textual description specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -742,7 +742,7 @@ event irc_squit_message%(c: connection, is_orig: bool, prefix: string, ## ## size: The size specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_error_message irc_global_users +## .. zeek:see:: irc_channel_info irc_channel_topic irc_error_message irc_global_users ## irc_invalid_nick irc_invite_message irc_join_message irc_kick_message ## irc_message irc_mode_message irc_names_info irc_network_info irc_nick_message ## irc_notice_message irc_oper_message irc_oper_response irc_part_message @@ -771,7 +771,7 @@ event irc_dcc_message%(c: connection, is_orig: bool, ## ## real_name: The real name specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response @@ -791,7 +791,7 @@ event irc_user_message%(c: connection, is_orig: bool, user: string, host: string ## ## password: The password specified in the message. ## -## .. bro:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message +## .. zeek:see:: irc_channel_info irc_channel_topic irc_dcc_message irc_error_message ## irc_global_users irc_invalid_nick irc_invite_message irc_join_message ## irc_kick_message irc_message irc_mode_message irc_names_info irc_network_info ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response diff --git a/src/analyzer/protocol/krb/events.bif b/src/analyzer/protocol/krb/events.bif index 19b165a4be..26405442ed 100644 --- a/src/analyzer/protocol/krb/events.bif +++ b/src/analyzer/protocol/krb/events.bif @@ -11,7 +11,7 @@ ## ## msg: A Kerberos KDC request message data structure. ## -## .. bro:see:: krb_as_response krb_tgs_request krb_tgs_response krb_ap_request +## .. zeek:see:: krb_as_response krb_tgs_request krb_tgs_response krb_ap_request ## krb_ap_response krb_priv krb_safe krb_cred krb_error event krb_as_request%(c: connection, msg: KRB::KDC_Request%); @@ -27,7 +27,7 @@ event krb_as_request%(c: connection, msg: KRB::KDC_Request%); ## ## msg: A Kerberos KDC reply message data structure. ## -## .. bro:see:: krb_as_request krb_tgs_request krb_tgs_response krb_ap_request +## .. zeek:see:: krb_as_request krb_tgs_request krb_tgs_response krb_ap_request ## krb_ap_response krb_priv krb_safe krb_cred krb_error event krb_as_response%(c: connection, msg: KRB::KDC_Response%); @@ -44,7 +44,7 @@ event krb_as_response%(c: connection, msg: KRB::KDC_Response%); ## ## msg: A Kerberos KDC request message data structure. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_response krb_ap_request +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_response krb_ap_request ## krb_ap_response krb_priv krb_safe krb_cred krb_error event krb_tgs_request%(c: connection, msg: KRB::KDC_Request%); @@ -60,7 +60,7 @@ event krb_tgs_request%(c: connection, msg: KRB::KDC_Request%); ## ## msg: A Kerberos KDC reply message data structure. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_ap_request +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_ap_request ## krb_ap_response krb_priv krb_safe krb_cred krb_error event krb_tgs_response%(c: connection, msg: KRB::KDC_Response%); @@ -78,7 +78,7 @@ event krb_tgs_response%(c: connection, msg: KRB::KDC_Response%); ## ## opts: A Kerberos AP options data structure. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_response krb_priv krb_safe krb_cred krb_error event krb_ap_request%(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options%); @@ -93,7 +93,7 @@ event krb_ap_request%(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options% ## ## c: The connection over which this Kerberos message was sent. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_request krb_priv krb_safe krb_cred krb_error event krb_ap_response%(c: connection%); @@ -109,7 +109,7 @@ event krb_ap_response%(c: connection%); ## ## is_orig: Whether the originator of the connection sent this message. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_request krb_ap_response krb_safe krb_cred krb_error event krb_priv%(c: connection, is_orig: bool%); @@ -125,7 +125,7 @@ event krb_priv%(c: connection, is_orig: bool%); ## ## msg: A Kerberos SAFE message data structure. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_request krb_ap_response krb_priv krb_cred krb_error event krb_safe%(c: connection, is_orig: bool, msg: KRB::SAFE_Msg%); @@ -141,7 +141,7 @@ event krb_safe%(c: connection, is_orig: bool, msg: KRB::SAFE_Msg%); ## ## tickets: Tickets obtained from the KDC that are being forwarded. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_request krb_ap_response krb_priv krb_safe krb_error event krb_cred%(c: connection, is_orig: bool, tickets: KRB::Ticket_Vector%); @@ -154,6 +154,6 @@ event krb_cred%(c: connection, is_orig: bool, tickets: KRB::Ticket_Vector%); ## ## msg: A Kerberos error message data structure. ## -## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response +## .. zeek:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response ## krb_ap_request krb_ap_response krb_priv krb_safe krb_cred event krb_error%(c: connection, msg: KRB::Error_Msg%); diff --git a/src/analyzer/protocol/login/events.bif b/src/analyzer/protocol/login/events.bif index 91c58f21c4..39921b4c5e 100644 --- a/src/analyzer/protocol/login/events.bif +++ b/src/analyzer/protocol/login/events.bif @@ -14,7 +14,7 @@ ## ## new_session: True if this is the first command of the Rsh session. ## -## .. bro:see:: rsh_reply login_confused login_confused_text login_display +## .. zeek:see:: rsh_reply login_confused login_confused_text login_display ## login_failure login_input_line login_output_line login_prompt login_success ## login_terminal ## @@ -41,7 +41,7 @@ event rsh_request%(c: connection, client_user: string, server_user: string, line ## ## line: The command line sent in the request. ## -## .. bro:see:: rsh_request login_confused login_confused_text login_display +## .. zeek:see:: rsh_request login_confused login_confused_text login_display ## login_failure login_input_line login_output_line login_prompt login_success ## login_terminal ## @@ -72,7 +72,7 @@ event rsh_reply%(c: connection, client_user: string, server_user: string, line: ## line: The line of text that led the analyzer to conclude that the ## authentication had failed. ## -## .. bro:see:: login_confused login_confused_text login_display login_input_line +## .. zeek:see:: login_confused login_confused_text login_display login_input_line ## login_output_line login_prompt login_success login_terminal direct_login_prompts ## get_login_state login_failure_msgs login_non_failure_msgs login_prompts login_success_msgs ## login_timeouts set_login_state @@ -85,7 +85,7 @@ event rsh_reply%(c: connection, client_user: string, server_user: string, line: ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_failure%(c: connection, user: string, client_user: string, password: string, line: string%); @@ -107,7 +107,7 @@ event login_failure%(c: connection, user: string, client_user: string, password: ## line: The line of text that led the analyzer to conclude that the ## authentication had succeeded. ## -## .. bro:see:: login_confused login_confused_text login_display login_failure +## .. zeek:see:: login_confused login_confused_text login_display login_failure ## login_input_line login_output_line login_prompt login_terminal ## direct_login_prompts get_login_state login_failure_msgs login_non_failure_msgs ## login_prompts login_success_msgs login_timeouts set_login_state @@ -120,7 +120,7 @@ event login_failure%(c: connection, user: string, client_user: string, password: ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_success%(c: connection, user: string, client_user: string, password: string, line: string%); @@ -131,13 +131,13 @@ event login_success%(c: connection, user: string, client_user: string, password: ## ## line: The input line. ## -## .. bro:see:: login_confused login_confused_text login_display login_failure +## .. zeek:see:: login_confused login_confused_text login_display login_failure ## login_output_line login_prompt login_success login_terminal rsh_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_input_line%(c: connection, line: string%); @@ -148,13 +148,13 @@ event login_input_line%(c: connection, line: string%); ## ## line: The ouput line. ## -## .. bro:see:: login_confused login_confused_text login_display login_failure +## .. zeek:see:: login_confused login_confused_text login_display login_failure ## login_input_line login_prompt login_success login_terminal rsh_reply ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_output_line%(c: connection, line: string%); @@ -173,7 +173,7 @@ event login_output_line%(c: connection, line: string%); ## line: The line of text that caused the heuristics to conclude they were ## confused. ## -## .. bro:see:: login_confused_text login_display login_failure login_input_line login_output_line +## .. zeek:see:: login_confused_text login_display login_failure login_input_line login_output_line ## login_prompt login_success login_terminal direct_login_prompts get_login_state ## login_failure_msgs login_non_failure_msgs login_prompts login_success_msgs ## login_timeouts set_login_state @@ -181,20 +181,20 @@ event login_output_line%(c: connection, line: string%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_confused%(c: connection, msg: string, line: string%); ## Generated after getting confused while tracking a Telnet/Rlogin ## authentication dialog. The *login* analyzer generates this even for every -## line of user input after it has reported :bro:id:`login_confused` for a +## line of user input after it has reported :zeek:id:`login_confused` for a ## connection. ## ## c: The connection. ## ## line: The line the user typed. ## -## .. bro:see:: login_confused login_display login_failure login_input_line +## .. zeek:see:: login_confused login_display login_failure login_input_line ## login_output_line login_prompt login_success login_terminal direct_login_prompts ## get_login_state login_failure_msgs login_non_failure_msgs login_prompts ## login_success_msgs login_timeouts set_login_state @@ -202,7 +202,7 @@ event login_confused%(c: connection, msg: string, line: string%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_confused_text%(c: connection, line: string%); @@ -213,13 +213,13 @@ event login_confused_text%(c: connection, line: string%); ## ## terminal: The TERM value transmitted. ## -## .. bro:see:: login_confused login_confused_text login_display login_failure +## .. zeek:see:: login_confused login_confused_text login_display login_failure ## login_input_line login_output_line login_prompt login_success ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_terminal%(c: connection, terminal: string%); @@ -230,13 +230,13 @@ event login_terminal%(c: connection, terminal: string%); ## ## display: The DISPLAY transmitted. ## -## .. bro:see:: login_confused login_confused_text login_failure login_input_line +## .. zeek:see:: login_confused login_confused_text login_failure login_input_line ## login_output_line login_prompt login_success login_terminal ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_display%(c: connection, display: string%); @@ -252,16 +252,16 @@ event login_display%(c: connection, display: string%); ## ## c: The connection. ## -## .. bro:see:: authentication_rejected authentication_skipped login_success +## .. zeek:see:: authentication_rejected authentication_skipped login_success ## ## .. note:: This event inspects the corresponding Telnet option -## while :bro:id:`login_success` heuristically determines success by watching +## while :zeek:id:`login_success` heuristically determines success by watching ## session data. ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event authentication_accepted%(name: string, c: connection%); @@ -277,16 +277,16 @@ event authentication_accepted%(name: string, c: connection%); ## ## c: The connection. ## -## .. bro:see:: authentication_accepted authentication_skipped login_failure +## .. zeek:see:: authentication_accepted authentication_skipped login_failure ## ## .. note:: This event inspects the corresponding Telnet option -## while :bro:id:`login_success` heuristically determines failure by watching +## while :zeek:id:`login_success` heuristically determines failure by watching ## session data. ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event authentication_rejected%(name: string, c: connection%); @@ -298,7 +298,7 @@ event authentication_rejected%(name: string, c: connection%); ## ## c: The connection. ## -## .. bro:see:: authentication_accepted authentication_rejected direct_login_prompts +## .. zeek:see:: authentication_accepted authentication_rejected direct_login_prompts ## get_login_state login_failure_msgs login_non_failure_msgs login_prompts ## login_success_msgs login_timeouts set_login_state ## @@ -310,7 +310,7 @@ event authentication_rejected%(name: string, c: connection%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event authentication_skipped%(c: connection%); @@ -325,13 +325,13 @@ event authentication_skipped%(c: connection%); ## ## prompt: The TTYPROMPT transmitted. ## -## .. bro:see:: login_confused login_confused_text login_display login_failure +## .. zeek:see:: login_confused login_confused_text login_display login_failure ## login_input_line login_output_line login_success login_terminal ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event login_prompt%(c: connection, prompt: string%); @@ -344,7 +344,7 @@ event login_prompt%(c: connection, prompt: string%); ## ## c: The connection. ## -## .. bro:see:: authentication_accepted authentication_rejected authentication_skipped +## .. zeek:see:: authentication_accepted authentication_rejected authentication_skipped ## login_confused login_confused_text login_display login_failure login_input_line ## login_output_line login_prompt login_success login_terminal event activating_encryption%(c: connection%); @@ -362,7 +362,7 @@ event activating_encryption%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: bad_option bad_option_termination authentication_accepted +## .. zeek:see:: bad_option bad_option_termination authentication_accepted ## authentication_rejected authentication_skipped login_confused ## login_confused_text login_display login_failure login_input_line ## login_output_line login_prompt login_success login_terminal @@ -375,7 +375,7 @@ event inconsistent_option%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: inconsistent_option bad_option_termination authentication_accepted +## .. zeek:see:: inconsistent_option bad_option_termination authentication_accepted ## authentication_rejected authentication_skipped login_confused ## login_confused_text login_display login_failure login_input_line ## login_output_line login_prompt login_success login_terminal @@ -383,7 +383,7 @@ event inconsistent_option%(c: connection%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event bad_option%(c: connection%); @@ -394,7 +394,7 @@ event bad_option%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: inconsistent_option bad_option authentication_accepted +## .. zeek:see:: inconsistent_option bad_option authentication_accepted ## authentication_rejected authentication_skipped login_confused ## login_confused_text login_display login_failure login_input_line ## login_output_line login_prompt login_success login_terminal @@ -402,6 +402,6 @@ event bad_option%(c: connection%); ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event bad_option_termination%(c: connection%); diff --git a/src/analyzer/protocol/login/functions.bif b/src/analyzer/protocol/login/functions.bif index bc4b2a7104..932020595c 100644 --- a/src/analyzer/protocol/login/functions.bif +++ b/src/analyzer/protocol/login/functions.bif @@ -21,7 +21,7 @@ ## does not correctly know the state of the connection, and/or ## the username associated with it. ## -## .. bro:see:: set_login_state +## .. zeek:see:: set_login_state function get_login_state%(cid: conn_id%): count %{ Connection* c = sessions->FindConnection(cid); @@ -40,12 +40,12 @@ function get_login_state%(cid: conn_id%): count ## cid: The connection ID. ## ## new_state: The new state of the login analyzer. See -## :bro:id:`get_login_state` for possible values. +## :zeek:id:`get_login_state` for possible values. ## ## Returns: Returns false if *cid* is not an active connection ## or is not tagged as a login analyzer, and true otherwise. ## -## .. bro:see:: get_login_state +## .. zeek:see:: get_login_state function set_login_state%(cid: conn_id, new_state: count%): bool %{ Connection* c = sessions->FindConnection(cid); diff --git a/src/analyzer/protocol/mime/events.bif b/src/analyzer/protocol/mime/events.bif index c0b2e66132..1c73e2e69b 100644 --- a/src/analyzer/protocol/mime/events.bif +++ b/src/analyzer/protocol/mime/events.bif @@ -9,12 +9,12 @@ ## ## c: The connection. ## -## .. bro:see:: mime_all_data mime_all_headers mime_content_hash mime_end_entity +## .. zeek:see:: mime_all_data mime_all_headers mime_content_hash mime_end_entity ## mime_entity_data mime_event mime_one_header mime_segment_data smtp_data ## http_begin_entity ## ## .. note:: Bro also extracts MIME entities from HTTP sessions. For those, -## however, it raises :bro:id:`http_begin_entity` instead. +## however, it raises :zeek:id:`http_begin_entity` instead. event mime_begin_entity%(c: connection%); ## Generated when finishing parsing an email MIME entity. MIME is a @@ -28,12 +28,12 @@ event mime_begin_entity%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_entity_data mime_event mime_one_header mime_segment_data smtp_data ## http_end_entity ## ## .. note:: Bro also extracts MIME entities from HTTP sessions. For those, -## however, it raises :bro:id:`http_end_entity` instead. +## however, it raises :zeek:id:`http_end_entity` instead. event mime_end_entity%(c: connection%); ## Generated for individual MIME headers extracted from email MIME @@ -48,12 +48,12 @@ event mime_end_entity%(c: connection%); ## ## h: The parsed MIME header. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_event mime_segment_data ## http_header http_all_headers ## ## .. note:: Bro also extracts MIME headers from HTTP sessions. For those, -## however, it raises :bro:id:`http_header` instead. +## however, it raises :zeek:id:`http_header` instead. event mime_one_header%(c: connection, h: mime_header_rec%); ## Generated for MIME headers extracted from email MIME entities, passing all @@ -70,12 +70,12 @@ event mime_one_header%(c: connection, h: mime_header_rec%); ## The table is indexed by the position of the header (1 for the first, ## 2 for the second, etc.). ## -## .. bro:see:: mime_all_data mime_begin_entity mime_content_hash mime_end_entity +## .. zeek:see:: mime_all_data mime_begin_entity mime_content_hash mime_end_entity ## mime_entity_data mime_event mime_one_header mime_segment_data ## http_header http_all_headers ## ## .. note:: Bro also extracts MIME headers from HTTP sessions. For those, -## however, it raises :bro:id:`http_header` instead. +## however, it raises :zeek:id:`http_header` instead. event mime_all_headers%(c: connection, hlist: mime_header_list%); ## Generated for chunks of decoded MIME data from email MIME entities. MIME @@ -83,7 +83,7 @@ event mime_all_headers%(c: connection, hlist: mime_header_list%); ## corresponding metadata, for transmission. As Bro parses the data of an ## entity, it raises a sequence of these events, each coming as soon as a new ## chunk of data is available. In contrast, there is also -## :bro:id:`mime_entity_data`, which passes all of an entities data at once +## :zeek:id:`mime_entity_data`, which passes all of an entities data at once ## in a single block. While the latter is more convenient to handle, ## ``mime_segment_data`` is more efficient as Bro does not need to buffer ## the data. Thus, if possible, this event should be preferred. @@ -98,17 +98,17 @@ event mime_all_headers%(c: connection, hlist: mime_header_list%); ## ## data: The raw data of one segment of the current entity. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_event mime_one_header http_entity_data ## mime_segment_length mime_segment_overlap_length ## ## .. note:: Bro also extracts MIME data from HTTP sessions. For those, -## however, it raises :bro:id:`http_entity_data` (sic!) instead. +## however, it raises :zeek:id:`http_entity_data` (sic!) instead. event mime_segment_data%(c: connection, length: count, data: string%); ## Generated for data decoded from an email MIME entity. This event delivers ## the complete content of a single MIME entity with the quoted-printable and -## and base64 data decoded. In contrast, there is also :bro:id:`mime_segment_data`, +## and base64 data decoded. In contrast, there is also :zeek:id:`mime_segment_data`, ## which passes on a sequence of data chunks as they come in. While ## ``mime_entity_data`` is more convenient to handle, ``mime_segment_data`` is ## more efficient as Bro does not need to buffer the data. Thus, if possible, @@ -124,7 +124,7 @@ event mime_segment_data%(c: connection, length: count, data: string%); ## ## data: The raw data of the complete entity. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_event mime_one_header mime_segment_data ## ## .. note:: While Bro also decodes MIME entities extracted from HTTP @@ -147,7 +147,7 @@ event mime_entity_data%(c: connection, length: count, data: string%); ## ## data: The raw data of all MIME entities concatenated. ## -## .. bro:see:: mime_all_headers mime_begin_entity mime_content_hash mime_end_entity +## .. zeek:see:: mime_all_headers mime_begin_entity mime_content_hash mime_end_entity ## mime_entity_data mime_event mime_one_header mime_segment_data ## ## .. note:: While Bro also decodes MIME entities extracted from HTTP @@ -167,11 +167,11 @@ event mime_all_data%(c: connection, length: count, data: string%); ## ## detail: Further more detailed description of the error. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_one_header mime_segment_data http_event ## ## .. note:: Bro also extracts MIME headers from HTTP sessions. For those, -## however, it raises :bro:id:`http_event` instead. +## however, it raises :zeek:id:`http_event` instead. event mime_event%(c: connection, event_type: string, detail: string%); ## Generated for decoded MIME entities extracted from email messages, passing on @@ -188,7 +188,7 @@ event mime_event%(c: connection, event_type: string, detail: string%); ## ## hash_value: The MD5 hash. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_end_entity +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_end_entity ## mime_entity_data mime_event mime_one_header mime_segment_data ## ## .. note:: While Bro also decodes MIME entities extracted from HTTP diff --git a/src/analyzer/protocol/mysql/events.bif b/src/analyzer/protocol/mysql/events.bif index 34cbc54b4b..7ce65276a6 100644 --- a/src/analyzer/protocol/mysql/events.bif +++ b/src/analyzer/protocol/mysql/events.bif @@ -9,7 +9,7 @@ ## ## arg: The argument for the command (empty string if not provided). ## -## .. bro:see:: mysql_error mysql_ok mysql_server_version mysql_handshake +## .. zeek:see:: mysql_error mysql_ok mysql_server_version mysql_handshake event mysql_command_request%(c: connection, command: count, arg: string%); ## Generated for an unsuccessful MySQL response. @@ -23,7 +23,7 @@ event mysql_command_request%(c: connection, command: count, arg: string%); ## ## msg: Any extra details about the error (empty string if not provided). ## -## .. bro:see:: mysql_command_request mysql_ok mysql_server_version mysql_handshake +## .. zeek:see:: mysql_command_request mysql_ok mysql_server_version mysql_handshake event mysql_error%(c: connection, code: count, msg: string%); ## Generated for a successful MySQL response. @@ -35,7 +35,7 @@ event mysql_error%(c: connection, code: count, msg: string%); ## ## affected_rows: The number of rows that were affected. ## -## .. bro:see:: mysql_command_request mysql_error mysql_server_version mysql_handshake +## .. zeek:see:: mysql_command_request mysql_error mysql_server_version mysql_handshake event mysql_ok%(c: connection, affected_rows: count%); ## Generated for each MySQL ResultsetRow response packet. @@ -47,7 +47,7 @@ event mysql_ok%(c: connection, affected_rows: count%); ## ## row: The result row data. ## -## .. bro:see:: mysql_command_request mysql_error mysql_server_version mysql_handshake mysql_ok +## .. zeek:see:: mysql_command_request mysql_error mysql_server_version mysql_handshake mysql_ok event mysql_result_row%(c: connection, row: string_vec%); ## Generated for the initial server handshake packet, which includes the MySQL server version. @@ -59,7 +59,7 @@ event mysql_result_row%(c: connection, row: string_vec%); ## ## ver: The server version string. ## -## .. bro:see:: mysql_command_request mysql_error mysql_ok mysql_handshake +## .. zeek:see:: mysql_command_request mysql_error mysql_ok mysql_handshake event mysql_server_version%(c: connection, ver: string%); ## Generated for a client handshake response packet, which includes the username the client is attempting @@ -72,6 +72,6 @@ event mysql_server_version%(c: connection, ver: string%); ## ## username: The username supplied by the client ## -## .. bro:see:: mysql_command_request mysql_error mysql_ok mysql_server_version +## .. zeek:see:: mysql_command_request mysql_error mysql_ok mysql_server_version event mysql_handshake%(c: connection, username: string%); diff --git a/src/analyzer/protocol/ncp/events.bif b/src/analyzer/protocol/ncp/events.bif index 9b5b7d77a7..05da060658 100644 --- a/src/analyzer/protocol/ncp/events.bif +++ b/src/analyzer/protocol/ncp/events.bif @@ -11,7 +11,7 @@ ## ## func: The requested function, as specified by the protocol. ## -## .. bro:see:: ncp_reply +## .. zeek:see:: ncp_reply ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet @@ -36,7 +36,7 @@ event ncp_request%(c: connection, frame_type: count, length: count, func: count% ## ## completion_code: The reply's completion code, as specified by the protocol. ## -## .. bro:see:: ncp_request +## .. zeek:see:: ncp_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet diff --git a/src/analyzer/protocol/netbios/events.bif b/src/analyzer/protocol/netbios/events.bif index 72933f1e49..ed51264e92 100644 --- a/src/analyzer/protocol/netbios/events.bif +++ b/src/analyzer/protocol/netbios/events.bif @@ -16,7 +16,7 @@ ## ## data_len: The length of the message's payload. ## -## .. bro:see:: netbios_session_accepted netbios_session_keepalive +## .. zeek:see:: netbios_session_accepted netbios_session_keepalive ## netbios_session_raw_message netbios_session_rejected netbios_session_request ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## @@ -44,7 +44,7 @@ event netbios_session_message%(c: connection, is_orig: bool, msg_type: count, da ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header. ## -## .. bro:see:: netbios_session_accepted netbios_session_keepalive +## .. zeek:see:: netbios_session_accepted netbios_session_keepalive ## netbios_session_message netbios_session_raw_message netbios_session_rejected ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## @@ -72,7 +72,7 @@ event netbios_session_request%(c: connection, msg: string%); ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header. ## -## .. bro:see:: netbios_session_keepalive netbios_session_message +## .. zeek:see:: netbios_session_keepalive netbios_session_message ## netbios_session_raw_message netbios_session_rejected netbios_session_request ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## @@ -100,7 +100,7 @@ event netbios_session_accepted%(c: connection, msg: string%); ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header. ## -## .. bro:see:: netbios_session_accepted netbios_session_keepalive +## .. zeek:see:: netbios_session_accepted netbios_session_keepalive ## netbios_session_message netbios_session_raw_message netbios_session_request ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## @@ -132,7 +132,7 @@ event netbios_session_rejected%(c: connection, msg: string%); ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header (i.e., the ``user_data``). ## -## .. bro:see:: netbios_session_accepted netbios_session_keepalive +## .. zeek:see:: netbios_session_accepted netbios_session_keepalive ## netbios_session_message netbios_session_rejected netbios_session_request ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## @@ -163,7 +163,7 @@ event netbios_session_raw_message%(c: connection, is_orig: bool, msg: string%); ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header. ## -## .. bro:see:: netbios_session_accepted netbios_session_keepalive +## .. zeek:see:: netbios_session_accepted netbios_session_keepalive ## netbios_session_message netbios_session_raw_message netbios_session_rejected ## netbios_session_request decode_netbios_name decode_netbios_name_type ## @@ -193,7 +193,7 @@ event netbios_session_ret_arg_resp%(c: connection, msg: string%); ## msg: The raw payload of the message sent, excluding the common NetBIOS ## header. ## -## .. bro:see:: netbios_session_accepted netbios_session_message +## .. zeek:see:: netbios_session_accepted netbios_session_message ## netbios_session_raw_message netbios_session_rejected netbios_session_request ## netbios_session_ret_arg_resp decode_netbios_name decode_netbios_name_type ## diff --git a/src/analyzer/protocol/netbios/functions.bif b/src/analyzer/protocol/netbios/functions.bif index f92402a3e8..c86156931f 100644 --- a/src/analyzer/protocol/netbios/functions.bif +++ b/src/analyzer/protocol/netbios/functions.bif @@ -5,7 +5,7 @@ ## ## Returns: The decoded NetBIOS name, e.g., ``"THE NETBIOS NAME"``. ## -## .. bro:see:: decode_netbios_name_type +## .. zeek:see:: decode_netbios_name_type function decode_netbios_name%(name: string%): string %{ char buf[16]; @@ -41,7 +41,7 @@ function decode_netbios_name%(name: string%): string ## ## Returns: The numeric value of *name*. ## -## .. bro:see:: decode_netbios_name +## .. zeek:see:: decode_netbios_name function decode_netbios_name_type%(name: string%): count %{ const u_char* s = name->Bytes(); diff --git a/src/analyzer/protocol/ntlm/events.bif b/src/analyzer/protocol/ntlm/events.bif index a36d653968..88def089fa 100644 --- a/src/analyzer/protocol/ntlm/events.bif +++ b/src/analyzer/protocol/ntlm/events.bif @@ -4,7 +4,7 @@ ## ## negotiate: The parsed data of the :abbr:`NTLM (NT LAN Manager)` message. See init-bare for more details. ## -## .. bro:see:: ntlm_challenge ntlm_authenticate +## .. zeek:see:: ntlm_challenge ntlm_authenticate event ntlm_negotiate%(c: connection, negotiate: NTLM::Negotiate%); ## Generated for :abbr:`NTLM (NT LAN Manager)` messages of type *challenge*. @@ -13,7 +13,7 @@ event ntlm_negotiate%(c: connection, negotiate: NTLM::Negotiate%); ## ## negotiate: The parsed data of the :abbr:`NTLM (NT LAN Manager)` message. See init-bare for more details. ## -## .. bro:see:: ntlm_negotiate ntlm_authenticate +## .. zeek:see:: ntlm_negotiate ntlm_authenticate event ntlm_challenge%(c: connection, challenge: NTLM::Challenge%); ## Generated for :abbr:`NTLM (NT LAN Manager)` messages of type *authenticate*. @@ -22,5 +22,5 @@ event ntlm_challenge%(c: connection, challenge: NTLM::Challenge%); ## ## request: The parsed data of the :abbr:`NTLM (NT LAN Manager)` message. See init-bare for more details. ## -## .. bro:see:: ntlm_negotiate ntlm_challenge +## .. zeek:see:: ntlm_negotiate ntlm_challenge event ntlm_authenticate%(c: connection, request: NTLM::Authenticate%); diff --git a/src/analyzer/protocol/ntp/events.bif b/src/analyzer/protocol/ntp/events.bif index bba2dfbbe5..d32d680799 100644 --- a/src/analyzer/protocol/ntp/events.bif +++ b/src/analyzer/protocol/ntp/events.bif @@ -11,7 +11,7 @@ ## excess: The raw bytes of any optional parts of the NTP packet. Bro does not ## further parse any optional fields. ## -## .. bro:see:: ntp_session_timeout +## .. zeek:see:: ntp_session_timeout ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet diff --git a/src/analyzer/protocol/pop3/events.bif b/src/analyzer/protocol/pop3/events.bif index 74cf1f6f68..c51632b6c2 100644 --- a/src/analyzer/protocol/pop3/events.bif +++ b/src/analyzer/protocol/pop3/events.bif @@ -12,7 +12,7 @@ ## ## arg: The argument to the command. ## -## .. bro:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply +## .. zeek:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply ## pop3_unexpected ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -37,7 +37,7 @@ event pop3_request%(c: connection, is_orig: bool, ## ## msg: The textual description the server sent along with *cmd*. ## -## .. bro:see:: pop3_data pop3_login_failure pop3_login_success pop3_request +## .. zeek:see:: pop3_data pop3_login_failure pop3_login_success pop3_request ## pop3_unexpected ## ## .. todo:: This event is receiving odd parameters, should unify. @@ -62,7 +62,7 @@ event pop3_reply%(c: connection, is_orig: bool, cmd: string, msg: string%); ## ## data: The data sent. ## -## .. bro:see:: pop3_login_failure pop3_login_success pop3_reply pop3_request +## .. zeek:see:: pop3_login_failure pop3_login_success pop3_reply pop3_request ## pop3_unexpected ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -86,7 +86,7 @@ event pop3_data%(c: connection, is_orig: bool, data: string%); ## ## detail: The input that triggered the event. ## -## .. bro:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply pop3_request +## .. zeek:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply pop3_request ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet @@ -105,7 +105,7 @@ event pop3_unexpected%(c: connection, is_orig: bool, ## ## c: The connection. ## -## .. bro:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply +## .. zeek:see:: pop3_data pop3_login_failure pop3_login_success pop3_reply ## pop3_request pop3_unexpected ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -128,7 +128,7 @@ event pop3_starttls%(c: connection%); ## ## password: The password used for authentication. ## -## .. bro:see:: pop3_data pop3_login_failure pop3_reply pop3_request +## .. zeek:see:: pop3_data pop3_login_failure pop3_reply pop3_request ## pop3_unexpected ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -152,7 +152,7 @@ event pop3_login_success%(c: connection, is_orig: bool, ## ## password: The password attempted for authentication. ## -## .. bro:see:: pop3_data pop3_login_success pop3_reply pop3_request +## .. zeek:see:: pop3_data pop3_login_success pop3_reply pop3_request ## pop3_unexpected ## ## .. todo:: Bro's current default configuration does not activate the protocol diff --git a/src/analyzer/protocol/rpc/events.bif b/src/analyzer/protocol/rpc/events.bif index b811a60cda..fd6331360d 100644 --- a/src/analyzer/protocol/rpc/events.bif +++ b/src/analyzer/protocol/rpc/events.bif @@ -10,7 +10,7 @@ ## ## info: Reports the status of the dialogue, along with some meta information. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_read nfs_proc_readdir nfs_proc_readlink ## nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status rpc_call ## rpc_dialogue rpc_reply @@ -38,7 +38,7 @@ event nfs_proc_null%(c: connection, info: NFS3::info_t%); ## attrs: The attributes returned in the reply. The values may not be valid if ## the request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## rpc_call rpc_dialogue rpc_reply file_mode @@ -66,7 +66,7 @@ event nfs_proc_getattr%(c: connection, info: NFS3::info_t, fh: string, attrs: NF ## rep: The attributes returned in the reply. The values may not be ## valid if the request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## rpc_call rpc_dialogue rpc_reply file_mode @@ -94,7 +94,7 @@ event nfs_proc_sattr%(c: connection, info: NFS3::info_t, req: NFS3::sattrargs_t, ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## rpc_call rpc_dialogue rpc_reply @@ -122,7 +122,7 @@ event nfs_proc_lookup%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_remove nfs_proc_rmdir ## nfs_proc_write nfs_reply_status rpc_call rpc_dialogue rpc_reply ## NFS3::return_data NFS3::return_data_first_only NFS3::return_data_max @@ -150,7 +150,7 @@ event nfs_proc_read%(c: connection, info: NFS3::info_t, req: NFS3::readargs_t, r ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## nfs_proc_symlink rpc_call rpc_dialogue rpc_reply @@ -178,7 +178,7 @@ event nfs_proc_readlink%(c: connection, info: NFS3::info_t, fh: string, rep: NFS ## rep: The attributes returned in the reply. The values may not be ## valid if the request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## nfs_proc_link rpc_call rpc_dialogue rpc_reply file_mode @@ -206,7 +206,7 @@ event nfs_proc_symlink%(c: connection, info: NFS3::info_t, req: NFS3::symlinkarg ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status rpc_call ## nfs_proc_symlink rpc_dialogue rpc_reply @@ -234,7 +234,7 @@ event nfs_proc_link%(c: connection, info: NFS3::info_t, req: NFS3::linkargs_t, r ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_reply_status rpc_call ## rpc_dialogue rpc_reply NFS3::return_data NFS3::return_data_first_only @@ -263,7 +263,7 @@ event nfs_proc_write%(c: connection, info: NFS3::info_t, req: NFS3::writeargs_t, ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## rpc_call rpc_dialogue rpc_reply @@ -291,7 +291,7 @@ event nfs_proc_create%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status ## rpc_call rpc_dialogue rpc_reply @@ -319,7 +319,7 @@ event nfs_proc_mkdir%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t, ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_rmdir nfs_proc_write nfs_reply_status rpc_call ## rpc_dialogue rpc_reply @@ -347,7 +347,7 @@ event nfs_proc_remove%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_write nfs_reply_status rpc_call ## rpc_dialogue rpc_reply @@ -375,7 +375,7 @@ event nfs_proc_rmdir%(c: connection, info: NFS3::info_t, req: NFS3::diropargs_t, ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rename nfs_proc_write ## nfs_reply_status rpc_call rpc_dialogue rpc_reply @@ -403,7 +403,7 @@ event nfs_proc_rename%(c: connection, info: NFS3::info_t, req: NFS3::renameoparg ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readlink ## nfs_proc_remove nfs_proc_rmdir nfs_proc_write nfs_reply_status rpc_call ## rpc_dialogue rpc_reply @@ -427,7 +427,7 @@ event nfs_proc_readdir%(c: connection, info: NFS3::info_t, req: NFS3::readdirarg ## ## proc: The procedure called that Bro does not implement. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_null nfs_proc_read nfs_proc_readdir nfs_proc_readlink nfs_proc_remove ## nfs_proc_rmdir nfs_proc_write nfs_reply_status rpc_call rpc_dialogue rpc_reply ## @@ -444,7 +444,7 @@ event nfs_proc_not_implemented%(c: connection, info: NFS3::info_t, proc: NFS3::p ## ## info: Reports the status included in the reply. ## -## .. bro:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir +## .. zeek:see:: nfs_proc_create nfs_proc_getattr nfs_proc_lookup nfs_proc_mkdir ## nfs_proc_not_implemented nfs_proc_null nfs_proc_read nfs_proc_readdir ## nfs_proc_readlink nfs_proc_remove nfs_proc_rmdir nfs_proc_write rpc_call ## rpc_dialogue rpc_reply @@ -463,7 +463,7 @@ event nfs_reply_status%(n: connection, info: NFS3::info_t%); ## ## r: The RPC connection. ## -## .. bro:see:: pm_request_set pm_request_unset pm_request_getport +## .. zeek:see:: pm_request_set pm_request_unset pm_request_getport ## pm_request_dump pm_request_callit pm_attempt_null pm_attempt_set ## pm_attempt_unset pm_attempt_getport pm_attempt_dump ## pm_attempt_callit pm_bad_port rpc_call rpc_dialogue rpc_reply @@ -488,7 +488,7 @@ event pm_request_null%(r: connection%); ## reply. If no reply was seen, this will be false once the request ## times out. ## -## .. bro:see:: pm_request_null pm_request_unset pm_request_getport +## .. zeek:see:: pm_request_null pm_request_unset pm_request_getport ## pm_request_dump pm_request_callit pm_attempt_null pm_attempt_set ## pm_attempt_unset pm_attempt_getport pm_attempt_dump ## pm_attempt_callit pm_bad_port rpc_call rpc_dialogue rpc_reply @@ -513,7 +513,7 @@ event pm_request_set%(r: connection, m: pm_mapping, success: bool%); ## reply. If no reply was seen, this will be false once the request ## times out. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_getport +## .. zeek:see:: pm_request_null pm_request_set pm_request_getport ## pm_request_dump pm_request_callit pm_attempt_null pm_attempt_set ## pm_attempt_unset pm_attempt_getport pm_attempt_dump ## pm_attempt_callit pm_bad_port rpc_call rpc_dialogue rpc_reply @@ -536,7 +536,7 @@ event pm_request_unset%(r: connection, m: pm_mapping, success: bool%); ## ## p: The port returned by the server. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_dump pm_request_callit pm_attempt_null pm_attempt_set ## pm_attempt_unset pm_attempt_getport pm_attempt_dump ## pm_attempt_callit pm_bad_port rpc_call rpc_dialogue rpc_reply @@ -557,7 +557,7 @@ event pm_request_getport%(r: connection, pr: pm_port_request, p: port%); ## ## m: The mappings returned by the server. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_callit pm_attempt_null ## pm_attempt_set pm_attempt_unset pm_attempt_getport ## pm_attempt_dump pm_attempt_callit pm_bad_port rpc_call @@ -581,7 +581,7 @@ event pm_request_dump%(r: connection, m: pm_mappings%); ## ## p: The port value returned by the call. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_attempt_null ## pm_attempt_set pm_attempt_unset pm_attempt_getport ## pm_attempt_dump pm_attempt_callit pm_bad_port rpc_call @@ -602,9 +602,9 @@ event pm_request_callit%(r: connection, call: pm_callit_request, p: port%); ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_set pm_attempt_unset pm_attempt_getport ## pm_attempt_dump pm_attempt_callit pm_bad_port rpc_call @@ -625,11 +625,11 @@ event pm_attempt_null%(r: connection, status: rpc_status%); ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## m: The argument to the original request. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_unset pm_attempt_getport ## pm_attempt_dump pm_attempt_callit pm_bad_port rpc_call @@ -650,11 +650,11 @@ event pm_attempt_set%(r: connection, status: rpc_status, m: pm_mapping%); ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## m: The argument to the original request. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_set pm_attempt_getport ## pm_attempt_dump pm_attempt_callit pm_bad_port rpc_call @@ -675,11 +675,11 @@ event pm_attempt_unset%(r: connection, status: rpc_status, m: pm_mapping%); ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## pr: The argument to the original request. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_set pm_attempt_unset pm_attempt_dump ## pm_attempt_callit pm_bad_port rpc_call rpc_dialogue rpc_reply @@ -699,9 +699,9 @@ event pm_attempt_getport%(r: connection, status: rpc_status, pr: pm_port_request ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_set pm_attempt_unset ## pm_attempt_getport pm_attempt_callit pm_bad_port rpc_call @@ -722,11 +722,11 @@ event pm_attempt_dump%(r: connection, status: rpc_status%); ## r: The RPC connection. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## call: The argument to the original request. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_set pm_attempt_unset ## pm_attempt_getport pm_attempt_dump pm_bad_port rpc_call @@ -751,7 +751,7 @@ event pm_attempt_callit%(r: connection, status: rpc_status, call: pm_callit_requ ## ## bad_p: The invalid port value. ## -## .. bro:see:: pm_request_null pm_request_set pm_request_unset +## .. zeek:see:: pm_request_null pm_request_set pm_request_unset ## pm_request_getport pm_request_dump pm_request_callit ## pm_attempt_null pm_attempt_set pm_attempt_unset ## pm_attempt_getport pm_attempt_dump pm_attempt_callit rpc_call @@ -767,7 +767,7 @@ event pm_bad_port%(r: connection, bad_p: count%); ## and reply by their transaction identifiers and raises this event once both ## have been seen. If there's not a reply, this event will still be generated ## eventually on timeout. In that case, *status* will be set to -## :bro:enum:`RPC_TIMEOUT`. +## :zeek:enum:`RPC_TIMEOUT`. ## ## See `Wikipedia `__ for more information ## about the ONC RPC protocol. @@ -781,7 +781,7 @@ event pm_bad_port%(r: connection, bad_p: count%); ## proc: The procedure of the remote program to call. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## start_time: The time when the *call* was seen. ## @@ -789,13 +789,13 @@ event pm_bad_port%(r: connection, bad_p: count%); ## ## reply_len: The size of the *reply_body* PDU. ## -## .. bro:see:: rpc_call rpc_reply dce_rpc_bind dce_rpc_message dce_rpc_request +## .. zeek:see:: rpc_call rpc_reply dce_rpc_bind dce_rpc_message dce_rpc_request ## dce_rpc_response rpc_timeout ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status: rpc_status, start_time: time, call_len: count, reply_len: count%); @@ -816,13 +816,13 @@ event rpc_dialogue%(c: connection, prog: count, ver: count, proc: count, status: ## ## call_len: The size of the *call_body* PDU. ## -## .. bro:see:: rpc_dialogue rpc_reply dce_rpc_bind dce_rpc_message dce_rpc_request +## .. zeek:see:: rpc_dialogue rpc_reply dce_rpc_bind dce_rpc_message dce_rpc_request ## dce_rpc_response rpc_timeout ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count, call_len: count%); @@ -836,17 +836,17 @@ event rpc_call%(c: connection, xid: count, prog: count, ver: count, proc: count, ## xid: The transaction identifier allowing to match requests with replies. ## ## status: The status of the reply, which should be one of the index values of -## :bro:id:`RPC_status`. +## :zeek:id:`RPC_status`. ## ## reply_len: The size of the *reply_body* PDU. ## -## .. bro:see:: rpc_call rpc_dialogue dce_rpc_bind dce_rpc_message dce_rpc_request +## .. zeek:see:: rpc_call rpc_dialogue dce_rpc_bind dce_rpc_message dce_rpc_request ## dce_rpc_response rpc_timeout ## ## .. todo:: Bro's current default configuration does not activate the protocol ## analyzer that generates this event; the corresponding script has not yet ## been ported to Bro 2.x. To still enable this event, one needs to add a -## call to :bro:see:`Analyzer::register_for_ports` or a DPD payload +## call to :zeek:see:`Analyzer::register_for_ports` or a DPD payload ## signature. event rpc_reply%(c: connection, xid: count, status: rpc_status, reply_len: count%); @@ -859,7 +859,7 @@ event rpc_reply%(c: connection, xid: count, status: rpc_status, reply_len: count ## ## info: Reports the status of the dialogue, along with some meta information. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -882,7 +882,7 @@ event mount_proc_null%(c: connection, info: MOUNT3::info_t%); ## rep: The response returned in the reply. The values may not be valid if the ## request was unsuccessful. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -902,7 +902,7 @@ event mount_proc_mnt%(c: connection, info: MOUNT3::info_t, req: MOUNT3::dirmntar ## ## req: The arguments passed in the request. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -922,7 +922,7 @@ event mount_proc_umnt%(c: connection, info: MOUNT3::info_t, req: MOUNT3::dirmnta ## ## req: The arguments passed in the request. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -940,7 +940,7 @@ event mount_proc_umnt_all%(c: connection, info: MOUNT3::info_t, req: MOUNT3::dir ## ## proc: The procedure called that Bro does not implement. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol @@ -956,7 +956,7 @@ event mount_proc_not_implemented%(c: connection, info: MOUNT3::info_t, proc: MOU ## ## info: Reports the status included in the reply. ## -## .. bro:see:: mount_proc_mnt mount_proc_umnt +## .. zeek:see:: mount_proc_mnt mount_proc_umnt ## mount_proc_umnt_all mount_proc_not_implemented ## ## .. todo:: Bro's current default configuration does not activate the protocol diff --git a/src/analyzer/protocol/sip/events.bif b/src/analyzer/protocol/sip/events.bif index f8ab6f4f37..fb8f9b77d1 100644 --- a/src/analyzer/protocol/sip/events.bif +++ b/src/analyzer/protocol/sip/events.bif @@ -13,7 +13,7 @@ ## ## version: The version number specified in the request (e.g., ``2.0``). ## -## .. bro:see:: sip_reply sip_header sip_all_headers sip_begin_entity sip_end_entity +## .. zeek:see:: sip_reply sip_header sip_all_headers sip_begin_entity sip_end_entity event sip_request%(c: connection, method: string, original_URI: string, version: string%); ## Generated for :abbr:`SIP (Session Initiation Protocol)` replies, used in Voice over IP (VoIP). @@ -31,7 +31,7 @@ event sip_request%(c: connection, method: string, original_URI: string, version: ## ## reason: Textual details for the response code. ## -## .. bro:see:: sip_request sip_header sip_all_headers sip_begin_entity sip_end_entity +## .. zeek:see:: sip_request sip_header sip_all_headers sip_begin_entity sip_end_entity event sip_reply%(c: connection, version: string, code: count, reason: string%); ## Generated for each :abbr:`SIP (Session Initiation Protocol)` header. @@ -47,7 +47,7 @@ event sip_reply%(c: connection, version: string, code: count, reason: string%); ## ## value: Header value. ## -## .. bro:see:: sip_request sip_reply sip_all_headers sip_begin_entity sip_end_entity +## .. zeek:see:: sip_request sip_reply sip_all_headers sip_begin_entity sip_end_entity event sip_header%(c: connection, is_orig: bool, name: string, value: string%); ## Generated once for all :abbr:`SIP (Session Initiation Protocol)` headers from the originator or responder. @@ -61,7 +61,7 @@ event sip_header%(c: connection, is_orig: bool, name: string, value: string%); ## ## hlist: All the headers, and their values ## -## .. bro:see:: sip_request sip_reply sip_header sip_begin_entity sip_end_entity +## .. zeek:see:: sip_request sip_reply sip_header sip_begin_entity sip_end_entity event sip_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%); ## Generated at the beginning of a :abbr:`SIP (Session Initiation Protocol)` message. @@ -75,7 +75,7 @@ event sip_all_headers%(c: connection, is_orig: bool, hlist: mime_header_list%); ## ## is_orig: Whether the message came from the originator. ## -## .. bro:see:: sip_request sip_reply sip_header sip_all_headers sip_end_entity +## .. zeek:see:: sip_request sip_reply sip_header sip_all_headers sip_end_entity event sip_begin_entity%(c: connection, is_orig: bool%); ## Generated at the end of a :abbr:`SIP (Session Initiation Protocol)` message. @@ -87,5 +87,5 @@ event sip_begin_entity%(c: connection, is_orig: bool%); ## ## is_orig: Whether the message came from the originator. ## -## .. bro:see:: sip_request sip_reply sip_header sip_all_headers sip_begin_entity +## .. zeek:see:: sip_request sip_reply sip_header sip_all_headers sip_begin_entity event sip_end_entity%(c: connection, is_orig: bool%); diff --git a/src/analyzer/protocol/smb/events.bif b/src/analyzer/protocol/smb/events.bif index d0091589fe..77746c2a09 100644 --- a/src/analyzer/protocol/smb/events.bif +++ b/src/analyzer/protocol/smb/events.bif @@ -3,7 +3,7 @@ ## up is when the drive mapping isn't seen so the analyzer is not able ## to determine whether to send the data to the files framework or to ## the DCE_RPC analyzer. This heuristic can be tuned by adding or -## removing "named pipe" names from the :bro:see:`SMB::pipe_filenames` +## removing "named pipe" names from the :zeek:see:`SMB::pipe_filenames` ## const. ## ## c: The connection. diff --git a/src/analyzer/protocol/smb/smb1_com_check_directory.bif b/src/analyzer/protocol/smb/smb1_com_check_directory.bif index 15feb3ad59..26f83210ff 100644 --- a/src/analyzer/protocol/smb/smb1_com_check_directory.bif +++ b/src/analyzer/protocol/smb/smb1_com_check_directory.bif @@ -10,7 +10,7 @@ ## ## directory_name: The directory name to check for existence. ## -## .. bro:see:: smb1_message smb1_check_directory_response +## .. zeek:see:: smb1_message smb1_check_directory_response event smb1_check_directory_request%(c: connection, hdr: SMB1::Header, directory_name: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -23,5 +23,5 @@ event smb1_check_directory_request%(c: connection, hdr: SMB1::Header, directory_ ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 1 message. ## -## .. bro:see:: smb1_message smb1_check_directory_request +## .. zeek:see:: smb1_message smb1_check_directory_request event smb1_check_directory_response%(c: connection, hdr: SMB1::Header%); \ No newline at end of file diff --git a/src/analyzer/protocol/smb/smb1_com_close.bif b/src/analyzer/protocol/smb/smb1_com_close.bif index 37958e1d19..8d2d8f0747 100644 --- a/src/analyzer/protocol/smb/smb1_com_close.bif +++ b/src/analyzer/protocol/smb/smb1_com_close.bif @@ -10,6 +10,6 @@ ## ## file_id: The file identifier being closed. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_close_request%(c: connection, hdr: SMB1::Header, file_id: count%); diff --git a/src/analyzer/protocol/smb/smb1_com_create_directory.bif b/src/analyzer/protocol/smb/smb1_com_create_directory.bif index f5e29b467b..40ddf44c8d 100644 --- a/src/analyzer/protocol/smb/smb1_com_create_directory.bif +++ b/src/analyzer/protocol/smb/smb1_com_create_directory.bif @@ -11,7 +11,7 @@ ## ## directory_name: The name of the directory to create. ## -## .. bro:see:: smb1_message smb1_create_directory_response smb1_transaction2_request +## .. zeek:see:: smb1_message smb1_create_directory_response smb1_transaction2_request event smb1_create_directory_request%(c: connection, hdr: SMB1::Header, directory_name: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -25,5 +25,5 @@ event smb1_create_directory_request%(c: connection, hdr: SMB1::Header, directory ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 1 message. ## -## .. bro:see:: smb1_message smb1_create_directory_request smb1_transaction2_request +## .. zeek:see:: smb1_message smb1_create_directory_request smb1_transaction2_request event smb1_create_directory_response%(c: connection, hdr: SMB1::Header%); \ No newline at end of file diff --git a/src/analyzer/protocol/smb/smb1_com_echo.bif b/src/analyzer/protocol/smb/smb1_com_echo.bif index 5b255af371..f95261ca3c 100644 --- a/src/analyzer/protocol/smb/smb1_com_echo.bif +++ b/src/analyzer/protocol/smb/smb1_com_echo.bif @@ -12,7 +12,7 @@ ## ## data: The data for the server to echo. ## -## .. bro:see:: smb1_message smb1_echo_response +## .. zeek:see:: smb1_message smb1_echo_response event smb1_echo_request%(c: connection, echo_count: count, data: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -28,5 +28,5 @@ event smb1_echo_request%(c: connection, echo_count: count, data: string%); ## ## data: The data echoed back from the client. ## -## .. bro:see:: smb1_message smb1_echo_request +## .. zeek:see:: smb1_message smb1_echo_request event smb1_echo_response%(c: connection, seq_num: count, data: string%); \ No newline at end of file diff --git a/src/analyzer/protocol/smb/smb1_com_logoff_andx.bif b/src/analyzer/protocol/smb/smb1_com_logoff_andx.bif index 88b5016328..ff5168e4dd 100644 --- a/src/analyzer/protocol/smb/smb1_com_logoff_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_logoff_andx.bif @@ -10,6 +10,6 @@ ## ## is_orig: Indicates which host sent the logoff message. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_logoff_andx%(c: connection, is_orig: bool%); diff --git a/src/analyzer/protocol/smb/smb1_com_negotiate.bif b/src/analyzer/protocol/smb/smb1_com_negotiate.bif index fdb2201c1f..7dfe02cb68 100644 --- a/src/analyzer/protocol/smb/smb1_com_negotiate.bif +++ b/src/analyzer/protocol/smb/smb1_com_negotiate.bif @@ -11,7 +11,7 @@ ## ## dialects: The SMB dialects supported by the client. ## -## .. bro:see:: smb1_message smb1_negotiate_response +## .. zeek:see:: smb1_message smb1_negotiate_response event smb1_negotiate_request%(c: connection, hdr: SMB1::Header, dialects: string_vec%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -26,7 +26,7 @@ event smb1_negotiate_request%(c: connection, hdr: SMB1::Header, dialects: string ## ## response: A record structure containing more information from the response. ## -## .. bro:see:: smb1_message smb1_negotiate_request +## .. zeek:see:: smb1_message smb1_negotiate_request event smb1_negotiate_response%(c: connection, hdr: SMB1::Header, response: SMB1::NegotiateResponse%); #### Types diff --git a/src/analyzer/protocol/smb/smb1_com_nt_cancel.bif b/src/analyzer/protocol/smb/smb1_com_nt_cancel.bif index f04fc839ec..66bbbc5fb9 100644 --- a/src/analyzer/protocol/smb/smb1_com_nt_cancel.bif +++ b/src/analyzer/protocol/smb/smb1_com_nt_cancel.bif @@ -8,5 +8,5 @@ ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 1 message. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_nt_cancel_request%(c: connection, hdr: SMB1::Header%); \ No newline at end of file diff --git a/src/analyzer/protocol/smb/smb1_com_nt_create_andx.bif b/src/analyzer/protocol/smb/smb1_com_nt_create_andx.bif index f8008e878b..d19d59fd50 100644 --- a/src/analyzer/protocol/smb/smb1_com_nt_create_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_nt_create_andx.bif @@ -11,7 +11,7 @@ ## ## name: The ``name`` attribute specified in the message. ## -## .. bro:see:: smb1_message smb1_nt_create_andx_response +## .. zeek:see:: smb1_message smb1_nt_create_andx_response event smb1_nt_create_andx_request%(c: connection, hdr: SMB1::Header, file_name: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -30,7 +30,7 @@ event smb1_nt_create_andx_request%(c: connection, hdr: SMB1::Header, file_name: ## ## times: Timestamps associated with the file in question. ## -## .. bro:see:: smb1_message smb1_nt_create_andx_request +## .. zeek:see:: smb1_message smb1_nt_create_andx_request event smb1_nt_create_andx_response%(c: connection, hdr: SMB1::Header, file_id: count, file_size: count, times: SMB::MACTimes%); diff --git a/src/analyzer/protocol/smb/smb1_com_query_information.bif b/src/analyzer/protocol/smb/smb1_com_query_information.bif index 64a5150dc9..e2f1ded6bd 100644 --- a/src/analyzer/protocol/smb/smb1_com_query_information.bif +++ b/src/analyzer/protocol/smb/smb1_com_query_information.bif @@ -11,6 +11,6 @@ ## ## filename: The filename that the client is querying. ## -## .. bro:see:: smb1_message smb1_transaction2_request +## .. zeek:see:: smb1_message smb1_transaction2_request event smb1_query_information_request%(c: connection, hdr: SMB1::Header, filename: string%); diff --git a/src/analyzer/protocol/smb/smb1_com_read_andx.bif b/src/analyzer/protocol/smb/smb1_com_read_andx.bif index 73cacf0a65..a7c04bffca 100644 --- a/src/analyzer/protocol/smb/smb1_com_read_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_read_andx.bif @@ -15,7 +15,7 @@ ## ## length: The number of bytes being requested. ## -## .. bro:see:: smb1_message smb1_read_andx_response +## .. zeek:see:: smb1_message smb1_read_andx_response event smb1_read_andx_request%(c: connection, hdr: SMB1::Header, file_id: count, offset: count, length: count%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -29,6 +29,6 @@ event smb1_read_andx_request%(c: connection, hdr: SMB1::Header, file_id: count, ## ## data_len: The length of data from the requested file. ## -## .. bro:see:: smb1_message smb1_read_andx_request +## .. zeek:see:: smb1_message smb1_read_andx_request event smb1_read_andx_response%(c: connection, hdr: SMB1::Header, data_len: count%); diff --git a/src/analyzer/protocol/smb/smb1_com_session_setup_andx.bif b/src/analyzer/protocol/smb/smb1_com_session_setup_andx.bif index 7971a4977c..b50fa5d875 100644 --- a/src/analyzer/protocol/smb/smb1_com_session_setup_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_session_setup_andx.bif @@ -9,7 +9,7 @@ ## ## request: The parsed request data of the SMB message. See init-bare for more details. ## -## .. bro:see:: smb1_message smb1_session_setup_andx_response +## .. zeek:see:: smb1_message smb1_session_setup_andx_response event smb1_session_setup_andx_request%(c: connection, hdr: SMB1::Header, request: SMB1::SessionSetupAndXRequest%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -23,7 +23,7 @@ event smb1_session_setup_andx_request%(c: connection, hdr: SMB1::Header, request ## ## response: The parsed response data of the SMB message. See init-bare for more details. ## -## .. bro:see:: smb1_message smb1_session_setup_andx_request +## .. zeek:see:: smb1_message smb1_session_setup_andx_request event smb1_session_setup_andx_response%(c: connection, hdr: SMB1::Header, response: SMB1::SessionSetupAndXResponse%); #### Types diff --git a/src/analyzer/protocol/smb/smb1_com_transaction.bif b/src/analyzer/protocol/smb/smb1_com_transaction.bif index 0c411b55c3..cd80a668dc 100644 --- a/src/analyzer/protocol/smb/smb1_com_transaction.bif +++ b/src/analyzer/protocol/smb/smb1_com_transaction.bif @@ -18,7 +18,7 @@ ## ## data: content of the SMB_Data.Trans_Data field ## -## .. bro:see:: smb1_message smb1_transaction2_request +## .. zeek:see:: smb1_message smb1_transaction2_request event smb1_transaction_request%(c: connection, hdr: SMB1::Header, name: string, sub_cmd: count, parameters: string, data: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` diff --git a/src/analyzer/protocol/smb/smb1_com_transaction2.bif b/src/analyzer/protocol/smb/smb1_com_transaction2.bif index aa30aeebe1..48e2f7cdd6 100644 --- a/src/analyzer/protocol/smb/smb1_com_transaction2.bif +++ b/src/analyzer/protocol/smb/smb1_com_transaction2.bif @@ -15,7 +15,7 @@ ## ## sub_cmd: The sub command, some are parsed and have their own events. ## -## .. bro:see:: smb1_message smb1_trans2_find_first2_request smb1_trans2_query_path_info_request +## .. zeek:see:: smb1_message smb1_trans2_find_first2_request smb1_trans2_query_path_info_request ## smb1_trans2_get_dfs_referral_request smb1_transaction_request event smb1_transaction2_request%(c: connection, hdr: SMB1::Header, args: SMB1::Trans2_Args, sub_cmd: count%); @@ -31,7 +31,7 @@ event smb1_transaction2_request%(c: connection, hdr: SMB1::Header, args: SMB1::T ## ## args: A record data structure with arguments given to the command. ## -## .. bro:see:: smb1_message smb1_transaction2_request smb1_trans2_query_path_info_request +## .. zeek:see:: smb1_message smb1_transaction2_request smb1_trans2_query_path_info_request ## smb1_trans2_get_dfs_referral_request event smb1_trans2_find_first2_request%(c: connection, hdr: SMB1::Header, args: SMB1::Find_First2_Request_Args%); @@ -47,7 +47,7 @@ event smb1_trans2_find_first2_request%(c: connection, hdr: SMB1::Header, args: S ## ## file_name: File name the request is in reference to. ## -## .. bro:see:: smb1_message smb1_transaction2_request smb1_trans2_find_first2_request +## .. zeek:see:: smb1_message smb1_transaction2_request smb1_trans2_find_first2_request ## smb1_trans2_get_dfs_referral_request event smb1_trans2_query_path_info_request%(c: connection, hdr: SMB1::Header, file_name: string%); @@ -63,7 +63,7 @@ event smb1_trans2_query_path_info_request%(c: connection, hdr: SMB1::Header, fil ## ## file_name: File name the request is in reference to. ## -## .. bro:see:: smb1_message smb1_transaction2_request smb1_trans2_find_first2_request +## .. zeek:see:: smb1_message smb1_transaction2_request smb1_trans2_find_first2_request ## smb1_trans2_query_path_info_request event smb1_trans2_get_dfs_referral_request%(c: connection, hdr: SMB1::Header, file_name: string%); diff --git a/src/analyzer/protocol/smb/smb1_com_tree_connect_andx.bif b/src/analyzer/protocol/smb/smb1_com_tree_connect_andx.bif index 16aeb2bbb6..95274af115 100644 --- a/src/analyzer/protocol/smb/smb1_com_tree_connect_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_tree_connect_andx.bif @@ -12,7 +12,7 @@ ## ## service: The ``service`` attribute specified in the message. ## -## .. bro:see:: smb1_message smb1_tree_connect_andx_response +## .. zeek:see:: smb1_message smb1_tree_connect_andx_response event smb1_tree_connect_andx_request%(c: connection, hdr: SMB1::Header, path: string, service: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -29,6 +29,6 @@ event smb1_tree_connect_andx_request%(c: connection, hdr: SMB1::Header, path: st ## ## native_file_system: The file system of the remote server as indicate by the server. ## -## .. bro:see:: smb1_message smb1_tree_connect_andx_request +## .. zeek:see:: smb1_message smb1_tree_connect_andx_request event smb1_tree_connect_andx_response%(c: connection, hdr: SMB1::Header, service: string, native_file_system: string%); diff --git a/src/analyzer/protocol/smb/smb1_com_tree_disconnect.bif b/src/analyzer/protocol/smb/smb1_com_tree_disconnect.bif index 493ee66238..db94e1ff2a 100644 --- a/src/analyzer/protocol/smb/smb1_com_tree_disconnect.bif +++ b/src/analyzer/protocol/smb/smb1_com_tree_disconnect.bif @@ -10,6 +10,6 @@ ## ## is_orig: True if the message was from the originator. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_tree_disconnect%(c: connection, hdr: SMB1::Header, is_orig: bool%); diff --git a/src/analyzer/protocol/smb/smb1_com_write_andx.bif b/src/analyzer/protocol/smb/smb1_com_write_andx.bif index d30c8af2ba..6bf086e978 100644 --- a/src/analyzer/protocol/smb/smb1_com_write_andx.bif +++ b/src/analyzer/protocol/smb/smb1_com_write_andx.bif @@ -13,7 +13,7 @@ ## ## data: The data being written. ## -## .. bro:see:: smb1_message smb1_write_andx_response +## .. zeek:see:: smb1_message smb1_write_andx_response event smb1_write_andx_request%(c: connection, hdr: SMB1::Header, file_id: count, offset: count, data_len: count%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -28,5 +28,5 @@ event smb1_write_andx_request%(c: connection, hdr: SMB1::Header, file_id: count, ## ## written_bytes: The number of bytes the server reported having actually written. ## -## .. bro:see:: smb1_message smb1_write_andx_request +## .. zeek:see:: smb1_message smb1_write_andx_request event smb1_write_andx_response%(c: connection, hdr: SMB1::Header, written_bytes: count%); diff --git a/src/analyzer/protocol/smb/smb1_events.bif b/src/analyzer/protocol/smb/smb1_events.bif index 4746af34a4..e5134b8bd0 100644 --- a/src/analyzer/protocol/smb/smb1_events.bif +++ b/src/analyzer/protocol/smb/smb1_events.bif @@ -14,7 +14,7 @@ ## is_orig: True if the message was sent by the originator of the underlying ## transport-level connection. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb1_message%(c: connection, hdr: SMB1::Header, is_orig: bool%); ## Generated when there is an :abbr:`SMB (Server Message Block)` version 1 response with no message body. @@ -23,7 +23,7 @@ event smb1_message%(c: connection, hdr: SMB1::Header, is_orig: bool%); ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` message. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_empty_response%(c: connection, hdr: SMB1::Header%); ## Generated for :abbr:`SMB (Server Message Block)` version 1 messages @@ -37,6 +37,6 @@ event smb1_empty_response%(c: connection, hdr: SMB1::Header%); ## is_orig: True if the message was sent by the originator of the underlying ## transport-level connection. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb1_error%(c: connection, hdr: SMB1::Header, is_orig: bool%); diff --git a/src/analyzer/protocol/smb/smb2_com_close.bif b/src/analyzer/protocol/smb/smb2_com_close.bif index 5ac4afa1db..4f8d802c63 100644 --- a/src/analyzer/protocol/smb/smb2_com_close.bif +++ b/src/analyzer/protocol/smb/smb2_com_close.bif @@ -10,7 +10,7 @@ ## ## file_name: The SMB2 GUID of the file being closed. ## -## .. bro:see:: smb2_message smb2_close_response +## .. zeek:see:: smb2_message smb2_close_response event smb2_close_request%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -25,7 +25,7 @@ event smb2_close_request%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID% ## ## response: A record of attributes returned from the server from the close. ## -## .. bro:see:: smb2_message smb2_close_request +## .. zeek:see:: smb2_message smb2_close_request event smb2_close_response%(c: connection, hdr: SMB2::Header, response: SMB2::CloseResponse%); diff --git a/src/analyzer/protocol/smb/smb2_com_create.bif b/src/analyzer/protocol/smb/smb2_com_create.bif index 9a77878e9f..7d9c4e4895 100644 --- a/src/analyzer/protocol/smb/smb2_com_create.bif +++ b/src/analyzer/protocol/smb/smb2_com_create.bif @@ -10,7 +10,7 @@ ## ## request: A record with more information related to the request. ## -## .. bro:see:: smb2_message smb2_create_response +## .. zeek:see:: smb2_message smb2_create_response event smb2_create_request%(c: connection, hdr: SMB2::Header, request: SMB2::CreateRequest%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -25,7 +25,7 @@ event smb2_create_request%(c: connection, hdr: SMB2::Header, request: SMB2::Crea ## ## response: A record with more information related to the response. ## -## .. bro:see:: smb2_message smb2_create_request +## .. zeek:see:: smb2_message smb2_create_request event smb2_create_response%(c: connection, hdr: SMB2::Header, response: SMB2::CreateResponse%); #### Types diff --git a/src/analyzer/protocol/smb/smb2_com_negotiate.bif b/src/analyzer/protocol/smb/smb2_com_negotiate.bif index 80c7c1aea5..2202064933 100644 --- a/src/analyzer/protocol/smb/smb2_com_negotiate.bif +++ b/src/analyzer/protocol/smb/smb2_com_negotiate.bif @@ -10,7 +10,7 @@ ## ## dialects: A vector of the client's supported dialects. ## -## .. bro:see:: smb2_message smb2_negotiate_response +## .. zeek:see:: smb2_message smb2_negotiate_response event smb2_negotiate_request%(c: connection, hdr: SMB2::Header, dialects: index_vec%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -25,7 +25,7 @@ event smb2_negotiate_request%(c: connection, hdr: SMB2::Header, dialects: index_ ## ## response: The negotiate response data structure. ## -## .. bro:see:: smb2_message smb2_negotiate_request +## .. zeek:see:: smb2_message smb2_negotiate_request event smb2_negotiate_response%(c: connection, hdr: SMB2::Header, response: SMB2::NegotiateResponse%); #### Types diff --git a/src/analyzer/protocol/smb/smb2_com_read.bif b/src/analyzer/protocol/smb/smb2_com_read.bif index 4ccc8d7788..b14874b38b 100644 --- a/src/analyzer/protocol/smb/smb2_com_read.bif +++ b/src/analyzer/protocol/smb/smb2_com_read.bif @@ -14,5 +14,5 @@ ## ## length: The number of bytes of the file being read. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_read_request%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, offset: count, length: count%); diff --git a/src/analyzer/protocol/smb/smb2_com_session_setup.bif b/src/analyzer/protocol/smb/smb2_com_session_setup.bif index 99430d5ac9..b3dbe6cc57 100644 --- a/src/analyzer/protocol/smb/smb2_com_session_setup.bif +++ b/src/analyzer/protocol/smb/smb2_com_session_setup.bif @@ -11,7 +11,7 @@ ## ## request: A record containing more information related to the request. ## -## .. bro:see:: smb2_message smb2_session_setup_response +## .. zeek:see:: smb2_message smb2_session_setup_response event smb2_session_setup_request%(c: connection, hdr: SMB2::Header, request: SMB2::SessionSetupRequest%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -26,7 +26,7 @@ event smb2_session_setup_request%(c: connection, hdr: SMB2::Header, request: SMB ## ## response: A record containing more information related to the response. ## -## .. bro:see:: smb2_message smb2_session_setup_request +## .. zeek:see:: smb2_message smb2_session_setup_request event smb2_session_setup_response%(c: connection, hdr: SMB2::Header, response: SMB2::SessionSetupResponse%); #### Types diff --git a/src/analyzer/protocol/smb/smb2_com_set_info.bif b/src/analyzer/protocol/smb/smb2_com_set_info.bif index 1f6d9386f8..37a0b8900f 100644 --- a/src/analyzer/protocol/smb/smb2_com_set_info.bif +++ b/src/analyzer/protocol/smb/smb2_com_set_info.bif @@ -11,7 +11,7 @@ ## ## dst_filename: The filename to rename the file into. ## -## .. bro:see:: smb2_message smb2_file_delete smb2_file_sattr +## .. zeek:see:: smb2_message smb2_file_delete smb2_file_sattr event smb2_file_rename%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, dst_filename: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -28,7 +28,7 @@ event smb2_file_rename%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, d ## delete_pending: A boolean value to indicate that a file should be deleted ## when it's closed if set to T. ## -## .. bro:see:: smb2_message smb2_file_rename smb2_file_sattr +## .. zeek:see:: smb2_message smb2_file_rename smb2_file_sattr event smb2_file_delete%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, delete_pending: bool%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -46,7 +46,7 @@ event smb2_file_delete%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, d ## ## attrs: File attributes. ## -## .. bro:see:: smb2_message smb2_file_rename smb2_file_delete +## .. zeek:see:: smb2_message smb2_file_rename smb2_file_delete event smb2_file_sattr%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, times: SMB::MACTimes, attrs: SMB2::FileAttrs%); # TODO - Not implemented @@ -60,7 +60,7 @@ event smb2_file_sattr%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, ti # # request: A record containing more information related to the request. # -# .. bro:see:: smb2_message smb2_file_rename smb2_file_delete +# .. zeek:see:: smb2_message smb2_file_rename smb2_file_delete # event smb2_set_info_request%(c: connection, hdr: SMB2::Header, request: SMB2::SetInfoRequest%); # # type SMB2::SetInfoRequest: record; diff --git a/src/analyzer/protocol/smb/smb2_com_transform_header.bif b/src/analyzer/protocol/smb/smb2_com_transform_header.bif index 1506fe3222..629ae27841 100644 --- a/src/analyzer/protocol/smb/smb2_com_transform_header.bif +++ b/src/analyzer/protocol/smb/smb2_com_transform_header.bif @@ -8,7 +8,7 @@ ## ## hdr: The parsed transformed header message, which is starting with \xfdSMB and different from SMB1 and SMB2 headers. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_transform_header%(c: connection, hdr: SMB2::Transform_header%); type SMB2::Transform_header: record; diff --git a/src/analyzer/protocol/smb/smb2_com_tree_connect.bif b/src/analyzer/protocol/smb/smb2_com_tree_connect.bif index 78978f3971..877f5b2c4c 100644 --- a/src/analyzer/protocol/smb/smb2_com_tree_connect.bif +++ b/src/analyzer/protocol/smb/smb2_com_tree_connect.bif @@ -10,7 +10,7 @@ ## ## path: Path of the requested tree. ## -## .. bro:see:: smb2_message smb2_tree_connect_response +## .. zeek:see:: smb2_message smb2_tree_connect_response event smb2_tree_connect_request%(c: connection, hdr: SMB2::Header, path: string%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -25,7 +25,7 @@ event smb2_tree_connect_request%(c: connection, hdr: SMB2::Header, path: string% ## ## response: A record with more information related to the response. ## -## .. bro:see:: smb2_message smb2_tree_connect_request +## .. zeek:see:: smb2_message smb2_tree_connect_request event smb2_tree_connect_response%(c: connection, hdr: SMB2::Header, response: SMB2::TreeConnectResponse%); type SMB2::TreeConnectResponse: record; diff --git a/src/analyzer/protocol/smb/smb2_com_tree_disconnect.bif b/src/analyzer/protocol/smb/smb2_com_tree_disconnect.bif index fdcd5d9d8b..6c7f3b7c2d 100644 --- a/src/analyzer/protocol/smb/smb2_com_tree_disconnect.bif +++ b/src/analyzer/protocol/smb/smb2_com_tree_disconnect.bif @@ -6,7 +6,7 @@ ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 2 message. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_tree_disconnect_request%(c: connection, hdr: SMB2::Header%); @@ -18,5 +18,5 @@ event smb2_tree_disconnect_request%(c: connection, hdr: SMB2::Header%); ## ## hdr: The parsed header of the :abbr:`SMB (Server Message Block)` version 2 message. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_tree_disconnect_response%(c: connection, hdr: SMB2::Header%); diff --git a/src/analyzer/protocol/smb/smb2_com_write.bif b/src/analyzer/protocol/smb/smb2_com_write.bif index 66dab9b077..71df322090 100644 --- a/src/analyzer/protocol/smb/smb2_com_write.bif +++ b/src/analyzer/protocol/smb/smb2_com_write.bif @@ -14,7 +14,7 @@ ## ## length: The number of bytes of the file being written. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_write_request%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, offset: count, length: count%); ## Generated for :abbr:`SMB (Server Message Block)`/:abbr:`CIFS (Common Internet File System)` @@ -29,5 +29,5 @@ event smb2_write_request%(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID, ## ## length: The number of bytes of the file being written. ## -## .. bro:see:: smb2_message +## .. zeek:see:: smb2_message event smb2_write_response%(c: connection, hdr: SMB2::Header, length: count%); diff --git a/src/analyzer/protocol/smb/smb2_events.bif b/src/analyzer/protocol/smb/smb2_events.bif index a8a2c439fc..7f7d6ab9db 100644 --- a/src/analyzer/protocol/smb/smb2_events.bif +++ b/src/analyzer/protocol/smb/smb2_events.bif @@ -13,5 +13,5 @@ ## ## is_orig: True if the message came from the originator side. ## -## .. bro:see:: smb1_message +## .. zeek:see:: smb1_message event smb2_message%(c: connection, hdr: SMB2::Header, is_orig: bool%); diff --git a/src/analyzer/protocol/smtp/events.bif b/src/analyzer/protocol/smtp/events.bif index 898e98e0d1..9bc9190b31 100644 --- a/src/analyzer/protocol/smtp/events.bif +++ b/src/analyzer/protocol/smtp/events.bif @@ -16,7 +16,7 @@ ## ## arg: The request command's arguments. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_event mime_one_header mime_segment_data ## smtp_data smtp_reply ## @@ -47,7 +47,7 @@ event smtp_request%(c: connection, is_orig: bool, command: string, arg: string%) ## line. If so, further events will be raised and a handler may want to ## reassemble the pieces before processing the response any further. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_event mime_one_header mime_segment_data ## smtp_data smtp_request ## @@ -70,7 +70,7 @@ event smtp_reply%(c: connection, is_orig: bool, code: count, cmd: string, msg: s ## data: The raw data. Note that the size of each chunk is undefined and ## depends on specifics of the underlying TCP connection. ## -## .. bro:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash +## .. zeek:see:: mime_all_data mime_all_headers mime_begin_entity mime_content_hash ## mime_end_entity mime_entity_data mime_event mime_one_header mime_segment_data ## smtp_reply smtp_request skip_smtp_data ## @@ -96,7 +96,7 @@ event smtp_data%(c: connection, is_orig: bool, data: string%); ## ## detail: The actual SMTP line triggering the event. ## -## .. bro:see:: smtp_data smtp_request smtp_reply +## .. zeek:see:: smtp_data smtp_request smtp_reply event smtp_unexpected%(c: connection, is_orig: bool, msg: string, detail: string%); ## Generated if a connection switched to using TLS using STARTTLS or X-ANONYMOUSTLS. diff --git a/src/analyzer/protocol/smtp/functions.bif b/src/analyzer/protocol/smtp/functions.bif index 8630685096..a5670c7d64 100644 --- a/src/analyzer/protocol/smtp/functions.bif +++ b/src/analyzer/protocol/smtp/functions.bif @@ -7,7 +7,7 @@ ## ## c: The SMTP connection. ## -## .. bro:see:: skip_http_entity_data +## .. zeek:see:: skip_http_entity_data function skip_smtp_data%(c: connection%): any %{ analyzer::Analyzer* sa = c->FindAnalyzer("SMTP"); diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif index cb6c5e248e..6ff62e501d 100644 --- a/src/analyzer/protocol/ssh/events.bif +++ b/src/analyzer/protocol/ssh/events.bif @@ -7,7 +7,7 @@ ## ## version: The identification string ## -## .. bro:see:: ssh_client_version ssh_auth_successful ssh_auth_failed +## .. zeek:see:: ssh_client_version ssh_auth_successful ssh_auth_failed ## ssh_auth_result ssh_auth_attempted ssh_capabilities ## ssh2_server_host_key ssh1_server_host_key ssh_server_host_key ## ssh_encrypted_packet ssh2_dh_server_params ssh2_gss_error @@ -23,7 +23,7 @@ event ssh_server_version%(c: connection, version: string%); ## ## version: The identification string ## -## .. bro:see:: ssh_server_version ssh_auth_successful ssh_auth_failed +## .. zeek:see:: ssh_server_version ssh_auth_successful ssh_auth_failed ## ssh_auth_result ssh_auth_attempted ssh_capabilities ## ssh2_server_host_key ssh1_server_host_key ssh_server_host_key ## ssh_encrypted_packet ssh2_dh_server_params ssh2_gss_error @@ -44,7 +44,7 @@ event ssh_client_version%(c: connection, version: string%); ## :abbr:`SSH (Secure Shell)` protocol provides a mechanism for ## unauthenticated access, which some servers support. ## -## .. bro:see:: ssh_server_version ssh_client_version ssh_auth_failed +## .. zeek:see:: ssh_server_version ssh_client_version ssh_auth_failed ## ssh_auth_result ssh_auth_attempted ssh_capabilities ## ssh2_server_host_key ssh1_server_host_key ssh_server_host_key ## ssh_encrypted_packet ssh2_dh_server_params ssh2_gss_error @@ -74,7 +74,7 @@ event ssh_auth_successful%(c: connection, auth_method_none: bool%); ## authenticated: This is true if the analyzer detected a ## successful connection from the authentication attempt. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_capabilities ssh2_server_host_key ssh1_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -96,7 +96,7 @@ event ssh_auth_attempted%(c: connection, authenticated: bool%); ## capabilities: The list of algorithms and languages that the sender ## advertises support for, in order of preference. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh2_server_host_key ssh1_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -113,7 +113,7 @@ event ssh_capabilities%(c: connection, cookie: string, capabilities: SSH::Capabi ## key: The server's public host key. Note that this is the public key ## itself, and not just the fingerprint or hash. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh1_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -131,7 +131,7 @@ event ssh2_server_host_key%(c: connection, key: string%); ## ## e: The exponent for the serer's public host key. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params @@ -141,7 +141,7 @@ event ssh1_server_host_key%(c: connection, p: string, e: string%); ## This event is generated when an :abbr:`SSH (Secure Shell)` ## encrypted packet is seen. This event is not handled by default, but ## is provided for heuristic analysis scripts. Note that you have to set -## :bro:id:`SSH::disable_analyzer_after_detection` to false to use this +## :zeek:id:`SSH::disable_analyzer_after_detection` to false to use this ## event. This carries a performance penalty. ## ## c: The connection over which the :abbr:`SSH (Secure Shell)` @@ -153,7 +153,7 @@ event ssh1_server_host_key%(c: connection, p: string, e: string%); ## len: The length of the :abbr:`SSH (Secure Shell)` payload, in ## bytes. Note that this ignores reassembly, as this is unknown. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh1_server_host_key ssh_server_host_key ssh2_dh_server_params @@ -171,7 +171,7 @@ event ssh_encrypted_packet%(c: connection, orig: bool, len: count%); ## ## q: The DH generator. ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh1_server_host_key ssh_server_host_key ssh_encrypted_packet @@ -191,7 +191,7 @@ event ssh2_dh_server_params%(c: connection, p: string, q: string%); ## ## err_msg: Detailed human-readable error message ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh1_server_host_key ssh_server_host_key ssh_encrypted_packet @@ -211,7 +211,7 @@ event ssh2_gss_error%(c: connection, major_status: count, minor_status: count, e ## ## q: The ephemeral public key ## -## .. bro:see:: ssh_server_version ssh_client_version +## .. zeek:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_auth_result ## ssh_auth_attempted ssh_capabilities ssh2_server_host_key ## ssh1_server_host_key ssh_server_host_key ssh_encrypted_packet diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 774017eb9f..4e7b7113eb 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -10,7 +10,7 @@ ## ## version: The protocol version as extracted from the client's message. The ## values are standardized as part of the SSL/TLS protocol. The -## :bro:id:`SSL::version_strings` table maps them to descriptive names. +## :zeek:id:`SSL::version_strings` table maps them to descriptive names. ## ## record_version: TLS version given in the record layer of the message. ## Set to 0 for SSLv2. @@ -25,12 +25,12 @@ ## ## ciphers: The list of ciphers the client offered to use. The values are ## standardized as part of the SSL/TLS protocol. The -## :bro:id:`SSL::cipher_desc` table maps them to descriptive names. +## :zeek:id:`SSL::cipher_desc` table maps them to descriptive names. ## ## comp_methods: The list of compression methods that the client offered to use. ## This value is not sent in TLSv1.3 or SSLv2. ## -## .. bro:see:: ssl_alert ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_alert ssl_established ssl_extension ssl_server_hello ## ssl_session_ticket_handshake x509_certificate ssl_handshake_message ## ssl_change_cipher_spec ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -49,7 +49,7 @@ event ssl_client_hello%(c: connection, version: count, record_version: count, po ## ## version: The protocol version as extracted from the server's message. ## The values are standardized as part of the SSL/TLS protocol. The -## :bro:id:`SSL::version_strings` table maps them to descriptive names. +## :zeek:id:`SSL::version_strings` table maps them to descriptive names. ## ## record_version: TLS version given in the record layer of the message. ## Set to 0 for SSLv2. @@ -65,14 +65,14 @@ event ssl_client_hello%(c: connection, version: count, record_version: count, po ## the connection-id is returned. ## ## cipher: The cipher chosen by the server. The values are standardized as part -## of the SSL/TLS protocol. The :bro:id:`SSL::cipher_desc` table maps +## of the SSL/TLS protocol. The :zeek:id:`SSL::cipher_desc` table maps ## them to descriptive names. ## ## comp_method: The compression method chosen by the client. The values are ## standardized as part of the SSL/TLS protocol. This value is not ## sent in TLSv1.3 or SSLv2. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_extension ## ssl_session_ticket_handshake x509_certificate ssl_server_curve ## ssl_dh_server_params ssl_handshake_message ssl_change_cipher_spec ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params @@ -91,12 +91,12 @@ event ssl_server_hello%(c: connection, version: count, record_version: count, po ## is_orig: True if event is raised for originator side of the connection. ## ## code: The numerical code of the extension. The values are standardized as -## part of the SSL/TLS protocol. The :bro:id:`SSL::extensions` table maps +## part of the SSL/TLS protocol. The :zeek:id:`SSL::extensions` table maps ## them to descriptive names. ## ## val: The raw extension value that was sent in the message. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension_ec_point_formats ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_extension_signature_algorithm ssl_extension_key_share @@ -113,7 +113,7 @@ event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%); ## ## curves: List of supported elliptic curves. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_ec_point_formats ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm @@ -133,7 +133,7 @@ event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index ## ## point_formats: List of supported point formats. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm @@ -154,7 +154,7 @@ event ssl_extension_ec_point_formats%(c: connection, is_orig: bool, point_format ## ## signature_algorithms: List of supported signature and hash algorithm pairs. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_server_curve ssl_extension_key_share @@ -173,7 +173,7 @@ event ssl_extension_signature_algorithm%(c: connection, is_orig: bool, signature ## ## curves: List of supported/chosen named groups. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_server_curve @@ -196,7 +196,7 @@ event ssl_extension_pre_shared_key_server_hello%(c: connection, is_orig: bool, s ## .. note:: This event is deprecated and superseded by the ssl_ecdh_server_params ## event. This event will be removed in a future version of Bro. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation ## ssl_extension_server_name ssl_extension_key_share @@ -215,7 +215,7 @@ event ssl_server_curve%(c: connection, curve: count%) &deprecated; ## ## point: The server's ECDH public key. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature ## ssl_dh_client_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); @@ -232,7 +232,7 @@ event ssl_ecdh_server_params%(c: connection, curve: count, point: string%); ## ## Ys: The server's DH public key. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params ## ssl_rsa_client_pms @@ -255,7 +255,7 @@ event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); ## corresponding to the certified public key in the server's certificate ## message is used for signing. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_rsa_client_pms ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::SignatureAndHashAlgorithm, signature: string%); @@ -268,7 +268,7 @@ event ssl_server_signature%(c: connection, signature_and_hashalgorithm: SSL::Sig ## ## point: The client's ECDH public key. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_rsa_client_pms event ssl_ecdh_client_params%(c: connection, point: string%); @@ -281,7 +281,7 @@ event ssl_ecdh_client_params%(c: connection, point: string%); ## ## Yc: The client's DH public key. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature ## ssl_ecdh_server_params ssl_ecdh_client_params ssl_rsa_client_pms event ssl_dh_client_params%(c: connection, Yc: string%); @@ -294,7 +294,7 @@ event ssl_dh_client_params%(c: connection, Yc: string%); ## ## pms: The encrypted pre-master secret. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_server_curve ssl_server_signature ## ssl_dh_client_params ssl_ecdh_server_params ssl_ecdh_client_params event ssl_rsa_client_pms%(c: connection, pms: string%); @@ -312,7 +312,7 @@ event ssl_rsa_client_pms%(c: connection, pms: string%); ## ## protocols: List of supported application layer protocols. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_ec_point_formats ## ssl_extension_server_name ssl_extension_key_share @@ -332,7 +332,7 @@ event ssl_extension_application_layer_protocol_negotiation%(c: connection, is_or ## ## names: A list of server names (DNS hostnames). ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_ec_point_formats ## ssl_extension_application_layer_protocol_negotiation @@ -362,7 +362,7 @@ event ssl_extension_server_name%(c: connection, is_orig: bool, names: string_vec ## ## signature: signature part of the digitally_signed struct ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_ec_point_formats ## ssl_extension_server_name ssl_extension_key_share @@ -382,7 +382,7 @@ event ssl_extension_signed_certificate_timestamp%(c: connection, is_orig: bool, ## ## versions: List of supported TLS versions. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_ec_point_formats ## ssl_extension_application_layer_protocol_negotiation @@ -399,7 +399,7 @@ event ssl_extension_supported_versions%(c: connection, is_orig: bool, versions: ## ## versions: List of supported Pre-Shared Key Exchange Modes. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_ec_point_formats ## ssl_extension_application_layer_protocol_negotiation @@ -418,7 +418,7 @@ event ssl_extension_psk_key_exchange_modes%(c: connection, is_orig: bool, modes: ## ## c: The connection. ## -## .. bro:see:: ssl_alert ssl_client_hello ssl_extension ssl_server_hello +## .. zeek:see:: ssl_alert ssl_client_hello ssl_extension ssl_server_hello ## ssl_session_ticket_handshake x509_certificate event ssl_established%(c: connection%); @@ -441,7 +441,7 @@ event ssl_established%(c: connection%); ## desc: A numerical value identifying the cause of the *alert*. The values are ## defined as part of the SSL/TLS protocol. ## -## .. bro:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello ## ssl_session_ticket_handshake event ssl_alert%(c: connection, is_orig: bool, level: count, desc: count%); @@ -462,7 +462,7 @@ event ssl_alert%(c: connection, is_orig: bool, level: count, desc: count%); ## ## ticket: The raw ticket data. ## -## .. bro:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello ## ssl_alert event ssl_session_ticket_handshake%(c: connection, ticket_lifetime_hint: count, ticket: string%); @@ -484,7 +484,7 @@ event ssl_session_ticket_handshake%(c: connection, ticket_lifetime_hint: count, ## payload: payload contained in the heartbeat message. Size can differ from ## payload_length, if payload_length and actual packet length disagree. ## -## .. bro:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello ## ssl_alert ssl_encrypted_data event ssl_heartbeat%(c: connection, is_orig: bool, length: count, heartbeat_type: count, payload_length: count, payload: string%); @@ -507,14 +507,14 @@ event ssl_heartbeat%(c: connection, is_orig: bool, length: count, heartbeat_type ## ## length: length of the entire message. ## -## .. bro:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello ## ssl_alert ssl_heartbeat event ssl_plaintext_data%(c: connection, is_orig: bool, record_version: count, content_type: count, length: count%); ## Generated for SSL/TLS messages that are sent after session encryption ## started. ## -## Note that :bro:id:`SSL::disable_analyzer_after_detection` has to be changed +## Note that :zeek:id:`SSL::disable_analyzer_after_detection` has to be changed ## from its default to false for this event to be generated. ## ## c: The connection. @@ -529,7 +529,7 @@ event ssl_plaintext_data%(c: connection, is_orig: bool, record_version: count, c ## ## length: length of the entire message. ## -## .. bro:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello ## ssl_alert ssl_heartbeat event ssl_encrypted_data%(c: connection, is_orig: bool, record_version: count, content_type: count, length: count%); @@ -554,7 +554,7 @@ event ssl_stapled_ocsp%(c: connection, is_orig: bool, response: string%); ## ## length: Length of the handshake message that was seen. ## -## .. bro:see:: ssl_alert ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_alert ssl_established ssl_extension ssl_server_hello ## ssl_session_ticket_handshake x509_certificate ssl_client_hello ## ssl_change_cipher_spec event ssl_handshake_message%(c: connection, is_orig: bool, msg_type: count, length: count%); @@ -566,7 +566,7 @@ event ssl_handshake_message%(c: connection, is_orig: bool, msg_type: count, leng ## ## is_orig: True if event is raised for originator side of the connection. ## -## .. bro:see:: ssl_alert ssl_established ssl_extension ssl_server_hello +## .. zeek:see:: ssl_alert ssl_established ssl_extension ssl_server_hello ## ssl_session_ticket_handshake x509_certificate ssl_client_hello ## ssl_handshake_message event ssl_change_cipher_spec%(c: connection, is_orig: bool%); diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 1f5309a1b9..188df11092 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -1019,9 +1019,9 @@ void TCP_Analyzer::CheckPIA_FirstPacket(int is_orig, const IP_Hdr* ip) } } -static uint64 get_relative_seq(const TCP_Endpoint* endpoint, - uint32 cur_base, uint32 last, uint32 wraps, - bool* underflow = 0) +uint64 TCP_Analyzer::get_relative_seq(const TCP_Endpoint* endpoint, + uint32 cur_base, uint32 last, + uint32 wraps, bool* underflow) { int32 delta = seq_delta(cur_base, last); @@ -1052,7 +1052,7 @@ static uint64 get_relative_seq(const TCP_Endpoint* endpoint, return endpoint->ToRelativeSeqSpace(cur_base, wraps); } -static int get_segment_len(int payload_len, TCP_Flags flags) +int TCP_Analyzer::get_segment_len(int payload_len, TCP_Flags flags) { int seg_len = payload_len; diff --git a/src/analyzer/protocol/tcp/TCP.h b/src/analyzer/protocol/tcp/TCP.h index 69f3482ae0..95ef5c72d7 100644 --- a/src/analyzer/protocol/tcp/TCP.h +++ b/src/analyzer/protocol/tcp/TCP.h @@ -174,6 +174,13 @@ protected: const u_char* option, TCP_Analyzer* analyzer, bool is_orig, void* cookie); + // A couple utility functions that may also be useful to derived analyzers. + static uint64 get_relative_seq(const TCP_Endpoint* endpoint, + uint32 cur_base, uint32 last, + uint32 wraps, bool* underflow = 0); + + static int get_segment_len(int payload_len, TCP_Flags flags); + private: TCP_Endpoint* orig; TCP_Endpoint* resp; diff --git a/src/analyzer/protocol/tcp/events.bif b/src/analyzer/protocol/tcp/events.bif index 5e862317b1..72cf44c243 100644 --- a/src/analyzer/protocol/tcp/events.bif +++ b/src/analyzer/protocol/tcp/events.bif @@ -5,7 +5,7 @@ ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -15,13 +15,13 @@ event new_connection_contents%(c: connection%); ## Generated for an unsuccessful connection attempt. This event is raised when ## an originator unsuccessfully attempted to establish a connection. -## "Unsuccessful" is defined as at least :bro:id:`tcp_attempt_delay` seconds +## "Unsuccessful" is defined as at least :zeek:id:`tcp_attempt_delay` seconds ## having elapsed since the originator first sent a connection establishment ## packet to the destination without seeing a reply. ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_established +## .. zeek:see:: connection_EOF connection_SYN_packet connection_established ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -31,15 +31,15 @@ event connection_attempt%(c: connection%); ## Generated when seeing a SYN-ACK packet from the responder in a TCP ## handshake. An associated SYN packet was not seen from the originator -## side if its state is not set to :bro:see:`TCP_ESTABLISHED`. +## side if its state is not set to :zeek:see:`TCP_ESTABLISHED`. ## The final ACK of the handshake in response to SYN-ACK may ## or may not occur later, one way to tell is to check the *history* field of -## :bro:type:`connection` to see if the originator sent an ACK, indicated by +## :zeek:type:`connection` to see if the originator sent an ACK, indicated by ## 'A' in the history string. ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -54,7 +54,7 @@ event connection_established%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -66,12 +66,12 @@ event partial_connection%(c: connection%); ## Generated when a previously inactive endpoint attempts to close a TCP ## connection via a normal FIN handshake or an abort RST sequence. When the ## endpoint sent one of these packets, Bro waits -## :bro:id:`tcp_partial_close_delay` prior to generating the event, to give +## :zeek:id:`tcp_partial_close_delay` prior to generating the event, to give ## the other endpoint a chance to close the connection normally. ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -84,7 +84,7 @@ event connection_partial_close%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -98,7 +98,7 @@ event connection_finished%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -112,7 +112,7 @@ event connection_half_finished%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_reset connection_reused connection_state_remove @@ -121,10 +121,10 @@ event connection_half_finished%(c: connection%); ## ## .. note:: ## -## If the responder does not respond at all, :bro:id:`connection_attempt` is +## If the responder does not respond at all, :zeek:id:`connection_attempt` is ## raised instead. If the responder initially accepts the connection but -## aborts it later, Bro first generates :bro:id:`connection_established` -## and then :bro:id:`connection_reset`. +## aborts it later, Bro first generates :zeek:id:`connection_established` +## and then :zeek:id:`connection_reset`. event connection_rejected%(c: connection%); ## Generated when an endpoint aborted a TCP connection. The event is raised @@ -133,7 +133,7 @@ event connection_rejected%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reused @@ -146,7 +146,7 @@ event connection_reset%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_rejected connection_reset connection_reused connection_state_remove @@ -161,7 +161,7 @@ event connection_pending%(c: connection%); ## ## pkt: Information extracted from the SYN packet. ## -## .. bro:see:: connection_EOF connection_attempt connection_established +## .. zeek:see:: connection_EOF connection_attempt connection_established ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -182,7 +182,7 @@ event connection_SYN_packet%(c: connection, pkt: SYN_packet%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -202,7 +202,7 @@ event connection_first_ACK%(c: connection%); ## ## is_orig: True if the event is raised for the originator side. ## -## .. bro:see:: connection_SYN_packet connection_attempt connection_established +## .. zeek:see:: connection_SYN_packet connection_attempt connection_established ## connection_external connection_finished connection_first_ACK ## connection_half_finished connection_partial_close connection_pending ## connection_rejected connection_reset connection_reused connection_state_remove @@ -213,7 +213,7 @@ event connection_EOF%(c: connection, is_orig: bool%); ## Generated for every TCP packet. This is a very low-level and expensive event ## that should be avoided when at all possible. It's usually infeasible to ## handle when processing even medium volumes of traffic in real-time. It's -## slightly better than :bro:id:`new_packet` because it affects only TCP, but +## slightly better than :zeek:id:`new_packet` because it affects only TCP, but ## not much. That said, if you work from a trace and want to do some ## packet-level analysis, it may come in handy. ## @@ -235,7 +235,7 @@ event connection_EOF%(c: connection, is_orig: bool%); ## payload: The raw TCP payload. Note that this may be shorter than *len* if ## the packet was not fully captured. ## -## .. bro:see:: new_packet packet_contents tcp_option tcp_contents tcp_rexmit +## .. zeek:see:: new_packet packet_contents tcp_option tcp_contents tcp_rexmit event tcp_packet%(c: connection, is_orig: bool, flags: string, seq: count, ack: count, len: count, payload: string%); ## Generated for each option found in a TCP header. Like many of the ``tcp_*`` @@ -250,16 +250,16 @@ event tcp_packet%(c: connection, is_orig: bool, flags: string, seq: count, ack: ## ## optlen: The length of the options value. ## -## .. bro:see:: tcp_packet tcp_contents tcp_rexmit +## .. zeek:see:: tcp_packet tcp_contents tcp_rexmit ## ## .. note:: There is currently no way to get the actual option value, if any. event tcp_option%(c: connection, is_orig: bool, opt: count, optlen: count%); ## Generated for each chunk of reassembled TCP payload. When content delivery is -## enabled for a TCP connection (via :bro:id:`tcp_content_delivery_ports_orig`, -## :bro:id:`tcp_content_delivery_ports_resp`, -## :bro:id:`tcp_content_deliver_all_orig`, -## :bro:id:`tcp_content_deliver_all_resp`), this event is raised for each chunk +## enabled for a TCP connection (via :zeek:id:`tcp_content_delivery_ports_orig`, +## :zeek:id:`tcp_content_delivery_ports_resp`, +## :zeek:id:`tcp_content_deliver_all_orig`, +## :zeek:id:`tcp_content_deliver_all_resp`), this event is raised for each chunk ## of in-order payload reconstructed from the packet stream. Note that this ## event is potentially expensive if many connections carry significant amounts ## of data as then all that data needs to be passed on to the scripting layer. @@ -273,7 +273,7 @@ event tcp_option%(c: connection, is_orig: bool, opt: count, optlen: count%); ## ## contents: The raw payload, which will be non-empty. ## -## .. bro:see:: tcp_packet tcp_option tcp_rexmit +## .. zeek:see:: tcp_packet tcp_option tcp_rexmit ## tcp_content_delivery_ports_orig tcp_content_delivery_ports_resp ## tcp_content_deliver_all_resp tcp_content_deliver_all_orig ## @@ -299,7 +299,7 @@ event tcp_rexmit%(c: connection, is_orig: bool, seq: count, len: count, data_in_ ## ## threshold: the threshold that was crossed ## -## .. bro:see:: udp_multiple_checksum_errors +## .. zeek:see:: udp_multiple_checksum_errors ## tcp_multiple_zero_windows tcp_multiple_retransmissions tcp_multiple_gap event tcp_multiple_checksum_errors%(c: connection, is_orig: bool, threshold: count%); @@ -312,7 +312,7 @@ event tcp_multiple_checksum_errors%(c: connection, is_orig: bool, threshold: cou ## ## threshold: the threshold that was crossed ## -## .. bro:see:: tcp_multiple_checksum_errors tcp_multiple_retransmissions tcp_multiple_gap +## .. zeek:see:: tcp_multiple_checksum_errors tcp_multiple_retransmissions tcp_multiple_gap event tcp_multiple_zero_windows%(c: connection, is_orig: bool, threshold: count%); ## Generated if a TCP flow crosses a retransmission threshold, per @@ -324,7 +324,7 @@ event tcp_multiple_zero_windows%(c: connection, is_orig: bool, threshold: count% ## ## threshold: the threshold that was crossed ## -## .. bro:see:: tcp_multiple_checksum_errors tcp_multiple_zero_windows tcp_multiple_gap +## .. zeek:see:: tcp_multiple_checksum_errors tcp_multiple_zero_windows tcp_multiple_gap event tcp_multiple_retransmissions%(c: connection, is_orig: bool, threshold: count%); ## Generated if a TCP flow crosses a gap threshold, per 'G'/'g' history @@ -336,7 +336,7 @@ event tcp_multiple_retransmissions%(c: connection, is_orig: bool, threshold: cou ## ## threshold: the threshold that was crossed ## -## .. bro:see:: tcp_multiple_checksum_errors tcp_multiple_zero_windows tcp_multiple_retransmissions +## .. zeek:see:: tcp_multiple_checksum_errors tcp_multiple_zero_windows tcp_multiple_retransmissions event tcp_multiple_gap%(c: connection, is_orig: bool, threshold: count%); ## Generated when failing to write contents of a TCP stream to a file. @@ -347,5 +347,5 @@ event tcp_multiple_gap%(c: connection, is_orig: bool, threshold: count%); ## ## msg: A reason or description for the failure. ## -## .. bro:see:: set_contents_file get_contents_file +## .. zeek:see:: set_contents_file get_contents_file event contents_file_write_failure%(c: connection, is_orig: bool, msg: string%); diff --git a/src/analyzer/protocol/tcp/functions.bif b/src/analyzer/protocol/tcp/functions.bif index 90c3e5ae2a..4aa218991e 100644 --- a/src/analyzer/protocol/tcp/functions.bif +++ b/src/analyzer/protocol/tcp/functions.bif @@ -12,7 +12,7 @@ ## Returns: The highest sequence number sent by a connection's originator, or 0 ## if *cid* does not point to an active TCP connection. ## -## .. bro:see:: get_resp_seq +## .. zeek:see:: get_resp_seq function get_orig_seq%(cid: conn_id%): count %{ Connection* c = sessions->FindConnection(cid); @@ -41,7 +41,7 @@ function get_orig_seq%(cid: conn_id%): count ## Returns: The highest sequence number sent by a connection's responder, or 0 ## if *cid* does not point to an active TCP connection. ## -## .. bro:see:: get_orig_seq +## .. zeek:see:: get_orig_seq function get_resp_seq%(cid: conn_id%): count %{ Connection* c = sessions->FindConnection(cid); @@ -89,9 +89,9 @@ function get_resp_seq%(cid: conn_id%): count ## contents of individual packets. Reordering and duplicates are ## removed. If any data is missing, the recording stops at the ## missing data; this can happen, e.g., due to an -## :bro:id:`content_gap` event. +## :zeek:id:`content_gap` event. ## -## .. bro:see:: get_contents_file set_record_packets contents_file_write_failure +## .. zeek:see:: get_contents_file set_record_packets contents_file_write_failure function set_contents_file%(cid: conn_id, direction: count, f: file%): bool %{ Connection* c = sessions->FindConnection(cid); @@ -107,14 +107,14 @@ function set_contents_file%(cid: conn_id, direction: count, f: file%): bool ## cid: The connection ID. ## ## direction: Controls what sides of the connection to record. See -## :bro:id:`set_contents_file` for possible values. +## :zeek:id:`set_contents_file` for possible values. ## -## Returns: The :bro:type:`file` handle for the contents file of the +## Returns: The :zeek:type:`file` handle for the contents file of the ## connection identified by *cid*. If the connection exists ## but there is no contents file for *direction*, then the function ## generates an error and returns a file handle to ``stderr``. ## -## .. bro:see:: set_contents_file set_record_packets contents_file_write_failure +## .. zeek:see:: set_contents_file set_record_packets contents_file_write_failure function get_contents_file%(cid: conn_id, direction: count%): file %{ Connection* c = sessions->FindConnection(cid); diff --git a/src/analyzer/protocol/teredo/events.bif b/src/analyzer/protocol/teredo/events.bif index 62bc7d06cd..080eb1bf6e 100644 --- a/src/analyzer/protocol/teredo/events.bif +++ b/src/analyzer/protocol/teredo/events.bif @@ -5,7 +5,7 @@ ## ## inner: The Teredo-encapsulated IPv6 packet header and transport header. ## -## .. bro:see:: teredo_authentication teredo_origin_indication teredo_bubble +## .. zeek:see:: teredo_authentication teredo_origin_indication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling ## it may become particularly expensive for real-time analysis. @@ -19,7 +19,7 @@ event teredo_packet%(outer: connection, inner: teredo_hdr%); ## ## inner: The Teredo-encapsulated IPv6 packet header and transport header. ## -## .. bro:see:: teredo_packet teredo_origin_indication teredo_bubble +## .. zeek:see:: teredo_packet teredo_origin_indication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling ## it may become particularly expensive for real-time analysis. @@ -33,21 +33,21 @@ event teredo_authentication%(outer: connection, inner: teredo_hdr%); ## ## inner: The Teredo-encapsulated IPv6 packet header and transport header. ## -## .. bro:see:: teredo_packet teredo_authentication teredo_bubble +## .. zeek:see:: teredo_packet teredo_authentication teredo_bubble ## ## .. note:: Since this event may be raised on a per-packet basis, handling ## it may become particularly expensive for real-time analysis. event teredo_origin_indication%(outer: connection, inner: teredo_hdr%); ## Generated for Teredo bubble packets. That is, IPv6 packets encapsulated -## in a Teredo tunnel that have a Next Header value of :bro:id:`IPPROTO_NONE`. +## in a Teredo tunnel that have a Next Header value of :zeek:id:`IPPROTO_NONE`. ## See :rfc:`4380` for more information about the Teredo protocol. ## ## outer: The Teredo tunnel connection. ## ## inner: The Teredo-encapsulated IPv6 packet header and transport header. ## -## .. bro:see:: teredo_packet teredo_authentication teredo_origin_indication +## .. zeek:see:: teredo_packet teredo_authentication teredo_origin_indication ## ## .. note:: Since this event may be raised on a per-packet basis, handling ## it may become particularly expensive for real-time analysis. diff --git a/src/analyzer/protocol/udp/events.bif b/src/analyzer/protocol/udp/events.bif index afcace330b..60326bf601 100644 --- a/src/analyzer/protocol/udp/events.bif +++ b/src/analyzer/protocol/udp/events.bif @@ -4,7 +4,7 @@ ## ## u: The connection record for the corresponding UDP flow. ## -## .. bro:see:: udp_contents udp_reply udp_session_done +## .. zeek:see:: udp_contents udp_reply udp_session_done event udp_request%(u: connection%); ## Generated for each packet sent by a UDP flow's responder. This a potentially @@ -13,17 +13,17 @@ event udp_request%(u: connection%); ## ## u: The connection record for the corresponding UDP flow. ## -## .. bro:see:: udp_contents udp_request udp_session_done +## .. zeek:see:: udp_contents udp_request udp_session_done event udp_reply%(u: connection%); ## Generated for UDP packets to pass on their payload. As the number of UDP ## packets can be very large, this event is normally raised only for those on -## ports configured in :bro:id:`udp_content_delivery_ports_orig` (for packets -## sent by the flow's originator) or :bro:id:`udp_content_delivery_ports_resp` +## ports configured in :zeek:id:`udp_content_delivery_ports_orig` (for packets +## sent by the flow's originator) or :zeek:id:`udp_content_delivery_ports_resp` ## (for packets sent by the flow's responder). However, delivery can be enabled ## for all UDP request and reply packets by setting -## :bro:id:`udp_content_deliver_all_orig` or -## :bro:id:`udp_content_deliver_all_resp`, respectively. Note that this +## :zeek:id:`udp_content_deliver_all_orig` or +## :zeek:id:`udp_content_deliver_all_resp`, respectively. Note that this ## event is also raised for all matching UDP packets, including empty ones. ## ## u: The connection record for the corresponding UDP flow. @@ -32,7 +32,7 @@ event udp_reply%(u: connection%); ## ## contents: TODO. ## -## .. bro:see:: udp_reply udp_request udp_session_done +## .. zeek:see:: udp_reply udp_request udp_session_done ## udp_content_deliver_all_orig udp_content_deliver_all_resp ## udp_content_delivery_ports_orig udp_content_delivery_ports_resp event udp_contents%(u: connection, is_orig: bool, contents: string%); @@ -46,6 +46,6 @@ event udp_contents%(u: connection, is_orig: bool, contents: string%); ## ## threshold: the threshold that was crossed ## -## .. bro:see:: udp_reply udp_request udp_session_done +## .. zeek:see:: udp_reply udp_request udp_session_done ## tcp_multiple_checksum_errors event udp_multiple_checksum_errors%(u: connection, is_orig: bool, threshold: count%); diff --git a/src/bro.bif b/src/bro.bif index 4440f823c7..7493d5618b 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -303,7 +303,7 @@ static int next_fmt(const char*& fmt, val_list* args, ODesc* d, int& n) ## Returns the current wall-clock time. ## -## In general, you should use :bro:id:`network_time` instead +## In general, you should use :zeek:id:`network_time` instead ## unless you are using Bro for non-networking uses (such as general ## scripting; not particularly recommended), because otherwise your script ## may behave very differently on live traffic versus played-back traffic @@ -311,7 +311,7 @@ static int next_fmt(const char*& fmt, val_list* args, ODesc* d, int& n) ## ## Returns: The wall-clock time. ## -## .. bro:see:: network_time +## .. zeek:see:: network_time function current_time%(%): time %{ return new Val(current_time(), TYPE_TIME); @@ -323,7 +323,7 @@ function current_time%(%): time ## ## Returns: The timestamp of the packet processed. ## -## .. bro:see:: current_time +## .. zeek:see:: current_time function network_time%(%): time %{ return new Val(network_time, TYPE_TIME); @@ -336,7 +336,7 @@ function network_time%(%): time ## Returns: The system environment variable identified by *var*, or an empty ## string if it is not defined. ## -## .. bro:see:: setenv +## .. zeek:see:: setenv function getenv%(var: string%): string %{ const char* env_val = getenv(var->CheckString()); @@ -353,7 +353,7 @@ function getenv%(var: string%): string ## ## Returns: True on success. ## -## .. bro:see:: getenv +## .. zeek:see:: getenv function setenv%(var: string, val: string%): bool %{ int result = setenv(var->AsString()->CheckString(), @@ -368,7 +368,7 @@ function setenv%(var: string, val: string%): bool ## ## code: The exit code to return with. ## -## .. bro:see:: terminate +## .. zeek:see:: terminate function exit%(code: int%): any %{ exit(code); @@ -380,7 +380,7 @@ function exit%(code: int%): any ## Returns: True after successful termination and false when Bro is still in ## the process of shutting down. ## -## .. bro:see:: exit bro_is_terminating +## .. zeek:see:: exit bro_is_terminating function terminate%(%): bool %{ if ( terminating ) @@ -446,7 +446,7 @@ static int do_system(const char* s) ## ## Returns: The return value from the OS ``system`` function. ## -## .. bro:see:: system_env safe_shell_quote piped_exec +## .. zeek:see:: system_env safe_shell_quote piped_exec ## ## .. note:: ## @@ -461,18 +461,18 @@ function system%(str: string%): int %} ## Invokes a command via the ``system`` function of the OS with a prepared -## environment. The function is essentially the same as :bro:id:`system`, +## environment. The function is essentially the same as :zeek:id:`system`, ## but changes the environment before invoking the command. ## ## str: The command to execute. ## -## env: A :bro:type:`table` with the environment variables in the form +## env: A :zeek:type:`table` with the environment variables in the form ## of key-value pairs. Each specified environment variable name ## will be automatically prepended with ``BRO_ARG_``. ## ## Returns: The return value from the OS ``system`` function. ## -## .. bro:see:: system safe_shell_quote piped_exec +## .. zeek:see:: system safe_shell_quote piped_exec function system_env%(str: string, env: table_string_of_string%): int %{ if ( env->Type()->Tag() != TYPE_TABLE ) @@ -500,7 +500,7 @@ function system_env%(str: string, env: table_string_of_string%): int ## ## Returns: True on success. ## -## .. bro:see:: system system_env +## .. zeek:see:: system system_env function piped_exec%(program: string, to_write: string%): bool %{ const char* prog = program->CheckString(); @@ -536,14 +536,14 @@ function piped_exec%(program: string, to_write: string%): bool ## ## Returns: The MD5 hash value of the concatenated arguments. ## -## .. bro:see:: md5_hmac md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish ## ## .. note:: ## ## This function performs a one-shot computation of its arguments. -## For incremental hash computation, see :bro:id:`md5_hash_init` and +## For incremental hash computation, see :zeek:id:`md5_hash_init` and ## friends. function md5_hash%(...%): string %{ @@ -556,14 +556,14 @@ function md5_hash%(...%): string ## ## Returns: The SHA1 hash value of the concatenated arguments. ## -## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish ## ## .. note:: ## ## This function performs a one-shot computation of its arguments. -## For incremental hash computation, see :bro:id:`sha1_hash_init` and +## For incremental hash computation, see :zeek:id:`sha1_hash_init` and ## friends. function sha1_hash%(...%): string %{ @@ -576,14 +576,14 @@ function sha1_hash%(...%): string ## ## Returns: The SHA256 hash value of the concatenated arguments. ## -## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash_init sha256_hash_update sha256_hash_finish ## ## .. note:: ## ## This function performs a one-shot computation of its arguments. -## For incremental hash computation, see :bro:id:`sha256_hash_init` and +## For incremental hash computation, see :zeek:id:`sha256_hash_init` and ## friends. function sha256_hash%(...%): string %{ @@ -598,7 +598,7 @@ function sha256_hash%(...%): string ## ## Returns: The HMAC-MD5 hash value of the concatenated arguments. ## -## .. bro:see:: md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hmac%(...%): string @@ -609,8 +609,8 @@ function md5_hmac%(...%): string %} ## Constructs an MD5 handle to enable incremental hash computation. You can -## feed data to the returned opaque value with :bro:id:`md5_hash_update` and -## eventually need to call :bro:id:`md5_hash_finish` to finish the computation +## feed data to the returned opaque value with :zeek:id:`md5_hash_update` and +## eventually need to call :zeek:id:`md5_hash_finish` to finish the computation ## and get the hash digest. ## ## For example, when computing incremental MD5 values of transferred files in @@ -618,12 +618,12 @@ function md5_hmac%(...%): string ## HTTP session record. Then, one would call ## ``c$http$md5_handle = md5_hash_init()`` once before invoking ## ``md5_hash_update(c$http$md5_handle, some_more_data)`` in the -## :bro:id:`http_entity_data` event handler. When all data has arrived, a call -## to :bro:id:`md5_hash_finish` returns the final hash value. +## :zeek:id:`http_entity_data` event handler. When all data has arrived, a call +## to :zeek:id:`md5_hash_finish` returns the final hash value. ## ## Returns: The opaque handle associated with this hash computation. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hash_init%(%): opaque of md5 @@ -634,8 +634,8 @@ function md5_hash_init%(%): opaque of md5 %} ## Constructs an SHA1 handle to enable incremental hash computation. You can -## feed data to the returned opaque value with :bro:id:`sha1_hash_update` and -## finally need to call :bro:id:`sha1_hash_finish` to finish the computation +## feed data to the returned opaque value with :zeek:id:`sha1_hash_update` and +## finally need to call :zeek:id:`sha1_hash_finish` to finish the computation ## and get the hash digest. ## ## For example, when computing incremental SHA1 values of transferred files in @@ -643,12 +643,12 @@ function md5_hash_init%(%): opaque of md5 ## HTTP session record. Then, one would call ## ``c$http$sha1_handle = sha1_hash_init()`` once before invoking ## ``sha1_hash_update(c$http$sha1_handle, some_more_data)`` in the -## :bro:id:`http_entity_data` event handler. When all data has arrived, a call -## to :bro:id:`sha1_hash_finish` returns the final hash value. +## :zeek:id:`http_entity_data` event handler. When all data has arrived, a call +## to :zeek:id:`sha1_hash_finish` returns the final hash value. ## ## Returns: The opaque handle associated with this hash computation. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function sha1_hash_init%(%): opaque of sha1 @@ -659,8 +659,8 @@ function sha1_hash_init%(%): opaque of sha1 %} ## Constructs an SHA256 handle to enable incremental hash computation. You can -## feed data to the returned opaque value with :bro:id:`sha256_hash_update` and -## finally need to call :bro:id:`sha256_hash_finish` to finish the computation +## feed data to the returned opaque value with :zeek:id:`sha256_hash_update` and +## finally need to call :zeek:id:`sha256_hash_finish` to finish the computation ## and get the hash digest. ## ## For example, when computing incremental SHA256 values of transferred files in @@ -668,12 +668,12 @@ function sha1_hash_init%(%): opaque of sha1 ## HTTP session record. Then, one would call ## ``c$http$sha256_handle = sha256_hash_init()`` once before invoking ## ``sha256_hash_update(c$http$sha256_handle, some_more_data)`` in the -## :bro:id:`http_entity_data` event handler. When all data has arrived, a call -## to :bro:id:`sha256_hash_finish` returns the final hash value. +## :zeek:id:`http_entity_data` event handler. When all data has arrived, a call +## to :zeek:id:`sha256_hash_finish` returns the final hash value. ## ## Returns: The opaque handle associated with this hash computation. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_update sha256_hash_finish function sha256_hash_init%(%): opaque of sha256 @@ -684,7 +684,7 @@ function sha256_hash_init%(%): opaque of sha256 %} ## Updates the MD5 value associated with a given index. It is required to -## call :bro:id:`md5_hash_init` once before calling this +## call :zeek:id:`md5_hash_init` once before calling this ## function. ## ## handle: The opaque handle associated with this hash computation. @@ -693,7 +693,7 @@ function sha256_hash_init%(%): opaque of sha256 ## ## Returns: True on success. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hash_update%(handle: opaque of md5, data: string%): bool @@ -703,7 +703,7 @@ function md5_hash_update%(handle: opaque of md5, data: string%): bool %} ## Updates the SHA1 value associated with a given index. It is required to -## call :bro:id:`sha1_hash_init` once before calling this +## call :zeek:id:`sha1_hash_init` once before calling this ## function. ## ## handle: The opaque handle associated with this hash computation. @@ -712,7 +712,7 @@ function md5_hash_update%(handle: opaque of md5, data: string%): bool ## ## Returns: True on success. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function sha1_hash_update%(handle: opaque of sha1, data: string%): bool @@ -722,7 +722,7 @@ function sha1_hash_update%(handle: opaque of sha1, data: string%): bool %} ## Updates the SHA256 value associated with a given index. It is required to -## call :bro:id:`sha256_hash_init` once before calling this +## call :zeek:id:`sha256_hash_init` once before calling this ## function. ## ## handle: The opaque handle associated with this hash computation. @@ -731,7 +731,7 @@ function sha1_hash_update%(handle: opaque of sha1, data: string%): bool ## ## Returns: True on success. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_finish function sha256_hash_update%(handle: opaque of sha256, data: string%): bool @@ -746,7 +746,7 @@ function sha256_hash_update%(handle: opaque of sha256, data: string%): bool ## ## Returns: The hash value associated with the computation of *handle*. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hash_finish%(handle: opaque of md5%): string @@ -760,7 +760,7 @@ function md5_hash_finish%(handle: opaque of md5%): string ## ## Returns: The hash value associated with the computation of *handle*. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function sha1_hash_finish%(handle: opaque of sha1%): string @@ -774,7 +774,7 @@ function sha1_hash_finish%(handle: opaque of sha1%): string ## ## Returns: The hash value associated with the computation of *handle*. ## -## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update function sha256_hash_finish%(handle: opaque of sha256%): string @@ -789,7 +789,7 @@ function sha256_hash_finish%(handle: opaque of sha256%): string ## ## Returns: The hashed value. ## -## .. bro:see:: hrw_weight +## .. zeek:see:: hrw_weight function fnv1a32%(input: any%): count %{ ODesc desc(DESC_BINARY); @@ -814,14 +814,14 @@ function fnv1a32%(input: any%): count ## The weight function used is the one recommended in the original ## paper: ``_. ## -## key_digest: A 32-bit digest of a key. E.g. use :bro:see:`fnv1a32` to +## key_digest: A 32-bit digest of a key. E.g. use :zeek:see:`fnv1a32` to ## produce this. ## ## site_id: A 32-bit site/node identifier. ## ## Returns: The weight value for the key/site pair. ## -## .. bro:see:: fnv1a32 +## .. zeek:see:: fnv1a32 function hrw_weight%(key_digest: count, site_id: count%): count %{ uint32 d = key_digest; @@ -845,7 +845,7 @@ function hrw_weight%(key_digest: count, site_id: count%): count ## ## Returns: a random positive integer in the interval *[0, max)*. ## -## .. bro:see:: srand +## .. zeek:see:: srand ## ## .. note:: ## @@ -857,11 +857,11 @@ function rand%(max: count%): count return val_mgr->GetCount(result); %} -## Sets the seed for subsequent :bro:id:`rand` calls. +## Sets the seed for subsequent :zeek:id:`rand` calls. ## ## seed: The seed for the PRNG. ## -## .. bro:see:: rand +## .. zeek:see:: rand ## ## .. note:: ## @@ -897,7 +897,7 @@ function syslog%(s: string%): any ## Returns: The MIME type of *data*, or "" if there was an error ## or no match. This is the strongest signature match. ## -## .. bro:see:: file_magic +## .. zeek:see:: file_magic function identify_data%(data: string, return_mime: bool &default=T%): string %{ if ( ! return_mime ) @@ -918,7 +918,7 @@ function identify_data%(data: string, return_mime: bool &default=T%): string ## ## Returns: All matching signatures, in order of strength. ## -## .. bro:see:: identify_data +## .. zeek:see:: identify_data function file_magic%(data: string%): mime_matches %{ RuleMatcher::MIME_Matches matches; @@ -965,7 +965,7 @@ function file_magic%(data: string%): mime_matches ## which each byte in the file depends upon the previous byte. ## For random sequences this value will be close to zero. ## -## .. bro:see:: entropy_test_init entropy_test_add entropy_test_finish +## .. zeek:see:: entropy_test_init entropy_test_add entropy_test_finish function find_entropy%(data: string%): entropy_test_result %{ double montepi, scc, ent, mean, chisq; @@ -987,7 +987,7 @@ function find_entropy%(data: string%): entropy_test_result ## ## Returns: An opaque handle to be used in subsequent operations. ## -## .. bro:see:: find_entropy entropy_test_add entropy_test_finish +## .. zeek:see:: find_entropy entropy_test_add entropy_test_finish function entropy_test_init%(%): opaque of entropy %{ return new EntropyVal(); @@ -1001,7 +1001,7 @@ function entropy_test_init%(%): opaque of entropy ## ## Returns: True on success. ## -## .. bro:see:: find_entropy entropy_test_add entropy_test_finish +## .. zeek:see:: find_entropy entropy_test_add entropy_test_finish function entropy_test_add%(handle: opaque of entropy, data: string%): bool %{ bool status = static_cast(handle)->Feed(data->Bytes(), @@ -1010,15 +1010,15 @@ function entropy_test_add%(handle: opaque of entropy, data: string%): bool %} ## Finishes an incremental entropy calculation. Before using this function, -## one needs to obtain an opaque handle with :bro:id:`entropy_test_init` and -## add data to it via :bro:id:`entropy_test_add`. +## one needs to obtain an opaque handle with :zeek:id:`entropy_test_init` and +## add data to it via :zeek:id:`entropy_test_add`. ## ## handle: The opaque handle representing the entropy calculation state. ## -## Returns: The result of the entropy test. See :bro:id:`find_entropy` for a +## Returns: The result of the entropy test. See :zeek:id:`find_entropy` for a ## description of the individual components. ## -## .. bro:see:: find_entropy entropy_test_init entropy_test_add +## .. zeek:see:: find_entropy entropy_test_init entropy_test_add function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result %{ double montepi, scc, ent, mean, chisq; @@ -1040,7 +1040,7 @@ function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result ## ## Returns: A string identifier that is unique. ## -## .. bro:see:: unique_id_from +## .. zeek:see:: unique_id_from function unique_id%(prefix: string%) : string %{ char tmp[20]; @@ -1056,7 +1056,7 @@ function unique_id%(prefix: string%) : string ## ## Returns: A string identifier that is unique. ## -## .. bro:see:: unique_id +## .. zeek:see:: unique_id function unique_id_from%(pool: int, prefix: string%) : string %{ pool += UID_POOL_CUSTOM_SCRIPT; // Make sure we don't conflict with internal pool. @@ -1181,7 +1181,7 @@ function val_size%(v: any%): count ## ## newsize: The new size of *aggr*. ## -## Returns: The old size of *aggr*, or 0 if *aggr* is not a :bro:type:`vector`. +## Returns: The old size of *aggr*, or 0 if *aggr* is not a :zeek:type:`vector`. function resize%(aggr: any, newsize: count%) : count %{ if ( aggr->Type()->Tag() != TYPE_VECTOR ) @@ -1200,7 +1200,7 @@ function resize%(aggr: any, newsize: count%) : count ## ## Returns: True if any element in *v* is true. ## -## .. bro:see:: all_set +## .. zeek:see:: all_set function any_set%(v: any%) : bool %{ if ( v->Type()->Tag() != TYPE_VECTOR || @@ -1225,7 +1225,7 @@ function any_set%(v: any%) : bool ## ## Returns: True iff all elements in *v* are true or there are no elements. ## -## .. bro:see:: any_set +## .. zeek:see:: any_set ## ## .. note:: ## @@ -1324,7 +1324,7 @@ bool indirect_unsigned_sort_function(size_t a, size_t b) ## Returns: The vector, sorted from minimum to maximum value. If the vector ## could not be sorted, then the original vector is returned instead. ## -## .. bro:see:: order +## .. zeek:see:: order function sort%(v: any, ...%) : any %{ v->Ref(); // we always return v @@ -1384,7 +1384,7 @@ function sort%(v: any, ...%) : any %} ## Returns the order of the elements in a vector according to some -## comparison function. See :bro:id:`sort` for details about the comparison +## comparison function. See :zeek:id:`sort` for details about the comparison ## function. ## ## v: The vector whose order to compute. @@ -1393,7 +1393,7 @@ function sort%(v: any, ...%) : any ## For example, the elements of *v* in order are (assuming ``o`` ## is the vector returned by ``order``): v[o[0]], v[o[1]], etc. ## -## .. bro:see:: sort +## .. zeek:see:: sort function order%(v: any, ...%) : index_vec %{ VectorVal* result_v = new VectorVal( @@ -1501,7 +1501,7 @@ function cat%(...%): string %} ## Concatenates all arguments, with a separator placed between each one. This -## function is similar to :bro:id:`cat`, but places a separator between each +## function is similar to :zeek:id:`cat`, but places a separator between each ## given argument. If any of the variable arguments is an empty string it is ## replaced by a given default string instead. ## @@ -1512,7 +1512,7 @@ function cat%(...%): string ## Returns: A concatenation of all arguments with *sep* between each one and ## empty strings replaced with *def*. ## -## .. bro:see:: cat string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat string_cat cat_string_array cat_string_array_n function cat_sep%(sep: string, def: string, ...%): string %{ ODesc d; @@ -1574,12 +1574,12 @@ function cat_sep%(sep: string, def: string, ...%): string ## ## - ``[efg]``: Double ## -## Returns: Returns the formatted string. Given no arguments, :bro:id:`fmt` +## Returns: Returns the formatted string. Given no arguments, :zeek:id:`fmt` ## returns an empty string. Given no format string or the wrong ## number of additional arguments for the given format specifier, -## :bro:id:`fmt` generates a run-time error. +## :zeek:id:`fmt` generates a run-time error. ## -## .. bro:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n function fmt%(...%): string %{ if ( @ARGC@ == 0 ) @@ -1623,27 +1623,27 @@ function fmt%(...%): string # # =========================================================================== -## Computes the greatest integer less than the given :bro:type:`double` value. +## Computes the greatest integer less than the given :zeek:type:`double` value. ## For example, ``floor(3.14)`` returns ``3.0``, and ``floor(-3.14)`` ## returns ``-4.0``. ## -## d: The :bro:type:`double` to manipulate. +## d: The :zeek:type:`double` to manipulate. ## -## Returns: The next lowest integer of *d* as :bro:type:`double`. +## Returns: The next lowest integer of *d* as :zeek:type:`double`. ## -## .. bro:see:: sqrt exp ln log10 +## .. zeek:see:: sqrt exp ln log10 function floor%(d: double%): double %{ return new Val(floor(d), TYPE_DOUBLE); %} -## Computes the square root of a :bro:type:`double`. +## Computes the square root of a :zeek:type:`double`. ## ## x: The number to compute the square root of. ## ## Returns: The square root of *x*. ## -## .. bro:see:: floor exp ln log10 +## .. zeek:see:: floor exp ln log10 function sqrt%(x: double%): double %{ if ( x < 0 ) @@ -1661,7 +1661,7 @@ function sqrt%(x: double%): double ## ## Returns: *e* to the power of *d*. ## -## .. bro:see:: floor sqrt ln log10 +## .. zeek:see:: floor sqrt ln log10 function exp%(d: double%): double %{ return new Val(exp(d), TYPE_DOUBLE); @@ -1673,7 +1673,7 @@ function exp%(d: double%): double ## ## Returns: The natural logarithm of *d*. ## -## .. bro:see:: exp floor sqrt log10 +## .. zeek:see:: exp floor sqrt log10 function ln%(d: double%): double %{ return new Val(log(d), TYPE_DOUBLE); @@ -1685,7 +1685,7 @@ function ln%(d: double%): double ## ## Returns: The common logarithm of *d*. ## -## .. bro:see:: exp floor sqrt ln +## .. zeek:see:: exp floor sqrt ln function log10%(d: double%): double %{ return new Val(log10(d), TYPE_DOUBLE); @@ -1787,7 +1787,7 @@ function type_name%(t: any%): string ## ## Returns: True if reading traffic from a network interface. ## -## .. bro:see:: reading_traces +## .. zeek:see:: reading_traces function reading_live_traffic%(%): bool %{ return val_mgr->GetBool(reading_live); @@ -1798,7 +1798,7 @@ function reading_live_traffic%(%): bool ## ## Returns: True if reading traffic from a network trace. ## -## .. bro:see:: reading_live_traffic +## .. zeek:see:: reading_live_traffic function reading_traces%(%): bool %{ return val_mgr->GetBool(reading_traces); @@ -1810,7 +1810,7 @@ function reading_traces%(%): bool ## ## Returns: A table that maps variable names to their sizes. ## -## .. bro:see:: global_ids +## .. zeek:see:: global_ids function global_sizes%(%): var_sizes %{ TableVal* sizes = new TableVal(var_sizes); @@ -1837,7 +1837,7 @@ function global_sizes%(%): var_sizes ## ## Returns: A table that maps identifier names to information about them. ## -## .. bro:see:: global_sizes +## .. zeek:see:: global_sizes function global_ids%(%): id_table %{ TableVal* ids = new TableVal(id_table); @@ -1977,10 +1977,10 @@ function record_fields%(rec: any%): record_field_table ## Enables detailed collection of profiling statistics. Statistics include ## CPU/memory usage, connections, TCP states/reassembler, DNS lookups, -## timers, and script-level state. The script variable :bro:id:`profiling_file` +## timers, and script-level state. The script variable :zeek:id:`profiling_file` ## holds the name of the file. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -2052,7 +2052,7 @@ function is_local_interface%(ip: addr%) : bool ## ## Returns: True (unconditionally). ## -## .. bro:see:: get_matcher_stats +## .. zeek:see:: get_matcher_stats function dump_rule_stats%(f: file%): bool %{ if ( rule_matcher ) @@ -2065,7 +2065,7 @@ function dump_rule_stats%(f: file%): bool ## ## Returns: True if Bro is in the process of shutting down. ## -## .. bro:see:: terminate +## .. zeek:see:: terminate function bro_is_terminating%(%): bool %{ return val_mgr->GetBool(terminating); @@ -2143,10 +2143,10 @@ function is_v6_subnet%(s: subnet%): bool # # =========================================================================== -## Converts the *data* field of :bro:type:`ip6_routing` records that have +## Converts the *data* field of :zeek:type:`ip6_routing` records that have ## *rtype* of 0 into a vector of addresses. ## -## s: The *data* field of an :bro:type:`ip6_routing` record that has +## s: The *data* field of an :zeek:type:`ip6_routing` record that has ## an *rtype* of 0. ## ## Returns: The vector of addresses contained in the routing header data. @@ -2173,14 +2173,14 @@ function routing0_data_to_addrs%(s: string%): addr_vec return rval; %} -## Converts an :bro:type:`addr` to an :bro:type:`index_vec`. +## Converts an :zeek:type:`addr` to an :zeek:type:`index_vec`. ## ## a: The address to convert into a vector of counts. ## ## Returns: A vector containing the host-order address representation, ## four elements in size for IPv6 addresses, or one element for IPv4. ## -## .. bro:see:: counts_to_addr +## .. zeek:see:: counts_to_addr function addr_to_counts%(a: addr%): index_vec %{ VectorVal* rval = new VectorVal(internal_type("index_vec")->AsVectorType()); @@ -2193,14 +2193,14 @@ function addr_to_counts%(a: addr%): index_vec return rval; %} -## Converts an :bro:type:`index_vec` to an :bro:type:`addr`. +## Converts an :zeek:type:`index_vec` to an :zeek:type:`addr`. ## ## v: The vector containing host-order IP address representation, ## one element for IPv4 addresses, four elements for IPv6 addresses. ## ## Returns: An IP address. ## -## .. bro:see:: addr_to_counts +## .. zeek:see:: addr_to_counts function counts_to_addr%(v: index_vec%): addr %{ if ( v->AsVector()->size() == 1 ) @@ -2223,11 +2223,11 @@ function counts_to_addr%(v: index_vec%): addr } %} -## Converts an :bro:type:`enum` to an :bro:type:`int`. +## Converts an :zeek:type:`enum` to an :zeek:type:`int`. ## -## e: The :bro:type:`enum` to convert. +## e: The :zeek:type:`enum` to convert. ## -## Returns: The :bro:type:`int` value that corresponds to the :bro:type:`enum`. +## Returns: The :zeek:type:`int` value that corresponds to the :zeek:type:`enum`. function enum_to_int%(e: any%): int %{ if ( e->Type()->Tag() != TYPE_ENUM ) @@ -2239,13 +2239,13 @@ function enum_to_int%(e: any%): int return val_mgr->GetInt(e->AsEnum()); %} -## Converts a :bro:type:`string` to an :bro:type:`int`. +## Converts a :zeek:type:`string` to an :zeek:type:`int`. ## -## str: The :bro:type:`string` to convert. +## str: The :zeek:type:`string` to convert. ## -## Returns: The :bro:type:`string` *str* as :bro:type:`int`. +## Returns: The :zeek:type:`string` *str* as :zeek:type:`int`. ## -## .. bro:see:: to_addr to_port to_subnet +## .. zeek:see:: to_addr to_port to_subnet function to_int%(str: string%): int %{ const char* s = str->CheckString(); @@ -2264,11 +2264,11 @@ function to_int%(str: string%): int %} -## Converts a (positive) :bro:type:`int` to a :bro:type:`count`. +## Converts a (positive) :zeek:type:`int` to a :zeek:type:`count`. ## -## n: The :bro:type:`int` to convert. +## n: The :zeek:type:`int` to convert. ## -## Returns: The :bro:type:`int` *n* as unsigned integer, or 0 if *n* < 0. +## Returns: The :zeek:type:`int` *n* as unsigned integer, or 0 if *n* < 0. function int_to_count%(n: int%): count %{ if ( n < 0 ) @@ -2279,13 +2279,13 @@ function int_to_count%(n: int%): count return val_mgr->GetCount(n); %} -## Converts a :bro:type:`double` to a :bro:type:`count`. +## Converts a :zeek:type:`double` to a :zeek:type:`count`. ## -## d: The :bro:type:`double` to convert. +## d: The :zeek:type:`double` to convert. ## -## Returns: The :bro:type:`double` *d* as unsigned integer, or 0 if *d* < 0.0. +## Returns: The :zeek:type:`double` *d* as unsigned integer, or 0 if *d* < 0.0. ## -## .. bro:see:: double_to_time +## .. zeek:see:: double_to_time function double_to_count%(d: double%): count %{ if ( d < 0.0 ) @@ -2294,14 +2294,14 @@ function double_to_count%(d: double%): count return val_mgr->GetCount(bro_uint_t(rint(d))); %} -## Converts a :bro:type:`string` to a :bro:type:`count`. +## Converts a :zeek:type:`string` to a :zeek:type:`count`. ## -## str: The :bro:type:`string` to convert. +## str: The :zeek:type:`string` to convert. ## -## Returns: The :bro:type:`string` *str* as unsigned integer, or 0 if *str* has +## Returns: The :zeek:type:`string` *str* as unsigned integer, or 0 if *str* has ## an invalid format. ## -## .. bro:see:: to_addr to_int to_port to_subnet +## .. zeek:see:: to_addr to_int to_port to_subnet function to_count%(str: string%): count %{ const char* s = str->CheckString(); @@ -2318,88 +2318,88 @@ function to_count%(str: string%): count return val_mgr->GetCount(u); %} -## Converts an :bro:type:`interval` to a :bro:type:`double`. +## Converts an :zeek:type:`interval` to a :zeek:type:`double`. ## -## i: The :bro:type:`interval` to convert. +## i: The :zeek:type:`interval` to convert. ## -## Returns: The :bro:type:`interval` *i* as :bro:type:`double`. +## Returns: The :zeek:type:`interval` *i* as :zeek:type:`double`. ## -## .. bro:see:: double_to_interval +## .. zeek:see:: double_to_interval function interval_to_double%(i: interval%): double %{ return new Val(i, TYPE_DOUBLE); %} -## Converts a :bro:type:`time` value to a :bro:type:`double`. +## Converts a :zeek:type:`time` value to a :zeek:type:`double`. ## -## t: The :bro:type:`time` to convert. +## t: The :zeek:type:`time` to convert. ## -## Returns: The :bro:type:`time` value *t* as :bro:type:`double`. +## Returns: The :zeek:type:`time` value *t* as :zeek:type:`double`. ## -## .. bro:see:: double_to_time +## .. zeek:see:: double_to_time function time_to_double%(t: time%): double %{ return new Val(t, TYPE_DOUBLE); %} -## Converts a :bro:type:`double` value to a :bro:type:`time`. +## Converts a :zeek:type:`double` value to a :zeek:type:`time`. ## -## d: The :bro:type:`double` to convert. +## d: The :zeek:type:`double` to convert. ## -## Returns: The :bro:type:`double` value *d* as :bro:type:`time`. +## Returns: The :zeek:type:`double` value *d* as :zeek:type:`time`. ## -## .. bro:see:: time_to_double double_to_count +## .. zeek:see:: time_to_double double_to_count function double_to_time%(d: double%): time %{ return new Val(d, TYPE_TIME); %} -## Converts a :bro:type:`double` to an :bro:type:`interval`. +## Converts a :zeek:type:`double` to an :zeek:type:`interval`. ## -## d: The :bro:type:`double` to convert. +## d: The :zeek:type:`double` to convert. ## -## Returns: The :bro:type:`double` *d* as :bro:type:`interval`. +## Returns: The :zeek:type:`double` *d* as :zeek:type:`interval`. ## -## .. bro:see:: interval_to_double +## .. zeek:see:: interval_to_double function double_to_interval%(d: double%): interval %{ return new Val(d, TYPE_INTERVAL); %} -## Converts a :bro:type:`port` to a :bro:type:`count`. +## Converts a :zeek:type:`port` to a :zeek:type:`count`. ## -## p: The :bro:type:`port` to convert. +## p: The :zeek:type:`port` to convert. ## -## Returns: The :bro:type:`port` *p* as :bro:type:`count`. +## Returns: The :zeek:type:`port` *p* as :zeek:type:`count`. ## -## .. bro:see:: count_to_port +## .. zeek:see:: count_to_port function port_to_count%(p: port%): count %{ return val_mgr->GetCount(p->Port()); %} -## Converts a :bro:type:`count` and ``transport_proto`` to a :bro:type:`port`. +## Converts a :zeek:type:`count` and ``transport_proto`` to a :zeek:type:`port`. ## -## num: The :bro:type:`port` number. +## num: The :zeek:type:`port` number. ## ## proto: The transport protocol. ## -## Returns: The :bro:type:`count` *num* as :bro:type:`port`. +## Returns: The :zeek:type:`count` *num* as :zeek:type:`port`. ## -## .. bro:see:: port_to_count +## .. zeek:see:: port_to_count function count_to_port%(num: count, proto: transport_proto%): port %{ return val_mgr->GetPort(num, (TransportProto)proto->AsEnum()); %} -## Converts a :bro:type:`string` to an :bro:type:`addr`. +## Converts a :zeek:type:`string` to an :zeek:type:`addr`. ## -## ip: The :bro:type:`string` to convert. +## ip: The :zeek:type:`string` to convert. ## -## Returns: The :bro:type:`string` *ip* as :bro:type:`addr`, or the unspecified +## Returns: The :zeek:type:`string` *ip* as :zeek:type:`addr`, or the unspecified ## address ``::`` if the input string does not parse correctly. ## -## .. bro:see:: to_count to_int to_port count_to_v4_addr raw_bytes_to_v4_addr +## .. zeek:see:: to_count to_int to_port count_to_v4_addr raw_bytes_to_v4_addr ## to_subnet function to_addr%(ip: string%): addr %{ @@ -2409,14 +2409,14 @@ function to_addr%(ip: string%): addr return ret; %} -## Converts a :bro:type:`string` to a :bro:type:`subnet`. +## Converts a :zeek:type:`string` to a :zeek:type:`subnet`. ## ## sn: The subnet to convert. ## -## Returns: The *sn* string as a :bro:type:`subnet`, or the unspecified subnet +## Returns: The *sn* string as a :zeek:type:`subnet`, or the unspecified subnet ## ``::/0`` if the input string does not parse correctly. ## -## .. bro:see:: to_count to_int to_port count_to_v4_addr raw_bytes_to_v4_addr +## .. zeek:see:: to_count to_int to_port count_to_v4_addr raw_bytes_to_v4_addr ## to_addr function to_subnet%(sn: string%): subnet %{ @@ -2426,49 +2426,49 @@ function to_subnet%(sn: string%): subnet return ret; %} -## Converts a :bro:type:`addr` to a :bro:type:`subnet`. +## Converts a :zeek:type:`addr` to a :zeek:type:`subnet`. ## ## a: The address to convert. ## -## Returns: The address as a :bro:type:`subnet`. +## Returns: The address as a :zeek:type:`subnet`. ## -## .. bro:see:: to_subnet +## .. zeek:see:: to_subnet function addr_to_subnet%(a: addr%): subnet %{ int width = (a->AsAddr().GetFamily() == IPv4 ? 32 : 128); return new SubNetVal(a->AsAddr(), width); %} -## Converts a :bro:type:`subnet` to an :bro:type:`addr` by +## Converts a :zeek:type:`subnet` to an :zeek:type:`addr` by ## extracting the prefix. ## ## sn: The subnet to convert. ## -## Returns: The subnet as an :bro:type:`addr`. +## Returns: The subnet as an :zeek:type:`addr`. ## -## .. bro:see:: to_subnet +## .. zeek:see:: to_subnet function subnet_to_addr%(sn: subnet%): addr %{ return new AddrVal(sn->Prefix()); %} -## Returns the width of a :bro:type:`subnet`. +## Returns the width of a :zeek:type:`subnet`. ## ## sn: The subnet. ## ## Returns: The width of the subnet. ## -## .. bro:see:: to_subnet +## .. zeek:see:: to_subnet function subnet_width%(sn: subnet%): count %{ return val_mgr->GetCount(sn->Width()); %} -## Converts a :bro:type:`string` to a :bro:type:`double`. +## Converts a :zeek:type:`string` to a :zeek:type:`double`. ## -## str: The :bro:type:`string` to convert. +## str: The :zeek:type:`string` to convert. ## -## Returns: The :bro:type:`string` *str* as double, or 0 if *str* has +## Returns: The :zeek:type:`string` *str* as double, or 0 if *str* has ## an invalid format. ## function to_double%(str: string%): double @@ -2487,13 +2487,13 @@ function to_double%(str: string%): double return new Val(d, TYPE_DOUBLE); %} -## Converts a :bro:type:`count` to an :bro:type:`addr`. +## Converts a :zeek:type:`count` to an :zeek:type:`addr`. ## -## ip: The :bro:type:`count` to convert. +## ip: The :zeek:type:`count` to convert. ## -## Returns: The :bro:type:`count` *ip* as :bro:type:`addr`. +## Returns: The :zeek:type:`count` *ip* as :zeek:type:`addr`. ## -## .. bro:see:: raw_bytes_to_v4_addr to_addr to_subnet +## .. zeek:see:: raw_bytes_to_v4_addr to_addr to_subnet function count_to_v4_addr%(ip: count%): addr %{ if ( ip > 4294967295LU ) @@ -2505,15 +2505,15 @@ function count_to_v4_addr%(ip: count%): addr return new AddrVal(htonl(uint32(ip))); %} -## Converts a :bro:type:`string` of bytes into an IPv4 address. In particular, +## Converts a :zeek:type:`string` of bytes into an IPv4 address. In particular, ## this function interprets the first 4 bytes of the string as an IPv4 address ## in network order. ## -## b: The raw bytes (:bro:type:`string`) to convert. +## b: The raw bytes (:zeek:type:`string`) to convert. ## -## Returns: The byte :bro:type:`string` *b* as :bro:type:`addr`. +## Returns: The byte :zeek:type:`string` *b* as :zeek:type:`addr`. ## -## .. bro:see:: raw_bytes_to_v4_addr to_addr to_subnet +## .. zeek:see:: raw_bytes_to_v4_addr to_addr to_subnet function raw_bytes_to_v4_addr%(b: string%): addr %{ uint32 a = 0; @@ -2530,13 +2530,13 @@ function raw_bytes_to_v4_addr%(b: string%): addr return new AddrVal(htonl(a)); %} -## Converts a :bro:type:`string` to a :bro:type:`port`. +## Converts a :zeek:type:`string` to a :zeek:type:`port`. ## -## s: The :bro:type:`string` to convert. +## s: The :zeek:type:`string` to convert. ## -## Returns: A :bro:type:`port` converted from *s*. +## Returns: A :zeek:type:`port` converted from *s*. ## -## .. bro:see:: to_addr to_count to_int to_subnet +## .. zeek:see:: to_addr to_count to_int to_subnet function to_port%(s: string%): port %{ int port = 0; @@ -2561,7 +2561,7 @@ function to_port%(s: string%): port return val_mgr->GetPort(port, TRANSPORT_UNKNOWN); %} -## Converts a string of bytes (in network byte order) to a :bro:type:`double`. +## Converts a string of bytes (in network byte order) to a :zeek:type:`double`. ## ## s: A string of bytes containing the binary representation of a double value. ## @@ -2582,7 +2582,7 @@ function bytestring_to_double%(s: string%): double return new Val(ntohd(d), TYPE_DOUBLE); %} -## Converts a string of bytes to a :bro:type:`count`. +## Converts a string of bytes to a :zeek:type:`count`. ## ## s: A string of bytes containing the binary representation of the value. ## @@ -2680,7 +2680,7 @@ function bytestring_to_count%(s: string, is_le: bool &default=F%): count ## ## Returns: The IP address corresponding to *s*. ## -## .. bro:see:: addr_to_ptr_name to_addr +## .. zeek:see:: addr_to_ptr_name to_addr function ptr_name_to_addr%(s: string%): addr %{ if ( s->Len() != 72 ) @@ -2744,7 +2744,7 @@ function ptr_name_to_addr%(s: string%): addr ## ## Returns: The reverse pointer representation of *a*. ## -## .. bro:see:: ptr_name_to_addr to_addr +## .. zeek:see:: ptr_name_to_addr to_addr function addr_to_ptr_name%(a: addr%): string %{ return new StringVal(a->AsAddr().PtrName().c_str()); @@ -2757,7 +2757,7 @@ function addr_to_ptr_name%(a: addr%): string ## ## Returns: The hexadecimal representation of *bytestring*. ## -## .. bro:see:: hexdump hexstr_to_bytestring +## .. zeek:see:: hexdump hexstr_to_bytestring function bytestring_to_hexstr%(bytestring: string%): string %{ bro_uint_t len = bytestring->AsString()->Len(); @@ -2781,7 +2781,7 @@ function bytestring_to_hexstr%(bytestring: string%): string ## ## Returns: The binary representation of *hexstr*. ## -## .. bro:see:: hexdump bytestring_to_hexstr +## .. zeek:see:: hexdump bytestring_to_hexstr function hexstr_to_bytestring%(hexstr: string%): string %{ bro_uint_t len = hexstr->AsString()->Len(); @@ -2826,7 +2826,7 @@ function hexstr_to_bytestring%(hexstr: string%): string ## ## Returns: The encoded version of *s*. ## -## .. bro:see:: decode_base64 +## .. zeek:see:: decode_base64 function encode_base64%(s: string, a: string &default=""%): string %{ BroString* t = encode_base64(s->AsString(), a->AsString()); @@ -2849,7 +2849,7 @@ function encode_base64%(s: string, a: string &default=""%): string ## ## Returns: The encoded version of *s*. ## -## .. bro:see:: encode_base64 +## .. zeek:see:: encode_base64 function encode_base64_custom%(s: string, a: string%): string &deprecated %{ BroString* t = encode_base64(s->AsString(), a->AsString()); @@ -2871,7 +2871,7 @@ function encode_base64_custom%(s: string, a: string%): string &deprecated ## ## Returns: The decoded version of *s*. ## -## .. bro:see:: decode_base64_conn encode_base64 +## .. zeek:see:: decode_base64_conn encode_base64 function decode_base64%(s: string, a: string &default=""%): string %{ BroString* t = decode_base64(s->AsString(), a->AsString()); @@ -2897,7 +2897,7 @@ function decode_base64%(s: string, a: string &default=""%): string ## ## Returns: The decoded version of *s*. ## -## .. bro:see:: decode_base64 +## .. zeek:see:: decode_base64 function decode_base64_conn%(cid: conn_id, s: string, a: string &default=""%): string %{ Connection* conn = sessions->FindConnection(cid); @@ -2926,7 +2926,7 @@ function decode_base64_conn%(cid: conn_id, s: string, a: string &default=""%): s ## ## Returns: The decoded version of *s*. ## -## .. bro:see:: decode_base64 decode_base64_conn +## .. zeek:see:: decode_base64 decode_base64_conn function decode_base64_custom%(s: string, a: string%): string &deprecated %{ BroString* t = decode_base64(s->AsString(), a->AsString()); @@ -2990,12 +2990,12 @@ function uuid_to_string%(uuid: string%): string ## ## Returns: The compiled pattern of the concatenation of *p1* and *p2*. ## -## .. bro:see:: convert_for_pattern string_to_pattern +## .. zeek:see:: convert_for_pattern string_to_pattern ## ## .. note:: ## ## This function must be called at Zeek startup time, e.g., in the event -## :bro:id:`zeek_init`. +## :zeek:id:`zeek_init`. function merge_pattern%(p1: pattern, p2: pattern%): pattern &deprecated %{ RE_Matcher* re = new RE_Matcher(); @@ -3028,16 +3028,16 @@ char* to_pat_str(int sn, const char* ss) } %%} -## Escapes a string so that it becomes a valid :bro:type:`pattern` and can be -## used with the :bro:id:`string_to_pattern`. Any character from the set +## Escapes a string so that it becomes a valid :zeek:type:`pattern` and can be +## used with the :zeek:id:`string_to_pattern`. Any character from the set ## ``^$-:"\/|*+?.(){}[]`` is prefixed with a ``\``. ## ## s: The string to escape. ## ## Returns: An escaped version of *s* that has the structure of a valid -## :bro:type:`pattern`. +## :zeek:type:`pattern`. ## -## .. bro:see:: merge_pattern string_to_pattern +## .. zeek:see:: merge_pattern string_to_pattern ## function convert_for_pattern%(s: string%): string %{ @@ -3047,22 +3047,22 @@ function convert_for_pattern%(s: string%): string return ret; %} -## Converts a :bro:type:`string` into a :bro:type:`pattern`. +## Converts a :zeek:type:`string` into a :zeek:type:`pattern`. ## ## s: The string to convert. ## ## convert: If true, *s* is first passed through the function -## :bro:id:`convert_for_pattern` to escape special characters of +## :zeek:id:`convert_for_pattern` to escape special characters of ## patterns. ## -## Returns: *s* as :bro:type:`pattern`. +## Returns: *s* as :zeek:type:`pattern`. ## -## .. bro:see:: convert_for_pattern merge_pattern +## .. zeek:see:: convert_for_pattern merge_pattern ## ## .. note:: ## ## This function must be called at Zeek startup time, e.g., in the event -## :bro:id:`zeek_init`. +## :zeek:id:`zeek_init`. function string_to_pattern%(s: string, convert: bool%): pattern %{ const char* ss = (const char*) (s->Bytes()); @@ -3147,7 +3147,7 @@ function strptime%(fmt: string, d: string%) : time ## ## Returns: The address *a* masked down to *top_bits_to_keep* bits. ## -## .. bro:see:: remask_addr +## .. zeek:see:: remask_addr function mask_addr%(a: addr, top_bits_to_keep: count%): subnet %{ return new SubNetVal(a->AsAddr(), top_bits_to_keep); @@ -3169,7 +3169,7 @@ function mask_addr%(a: addr, top_bits_to_keep: count%): subnet ## ## Returns: The address *a* masked down to *top_bits_to_keep* bits. ## -## .. bro:see:: mask_addr +## .. zeek:see:: mask_addr function remask_addr%(a1: addr, a2: addr, top_bits_from_a1: count%): addr %{ IPAddr addr1(a1->AsAddr()); @@ -3179,37 +3179,37 @@ function remask_addr%(a1: addr, a2: addr, top_bits_from_a1: count%): addr return new AddrVal(addr1|addr2); %} -## Checks whether a given :bro:type:`port` has TCP as transport protocol. +## Checks whether a given :zeek:type:`port` has TCP as transport protocol. ## -## p: The :bro:type:`port` to check. +## p: The :zeek:type:`port` to check. ## ## Returns: True iff *p* is a TCP port. ## -## .. bro:see:: is_udp_port is_icmp_port +## .. zeek:see:: is_udp_port is_icmp_port function is_tcp_port%(p: port%): bool %{ return val_mgr->GetBool(p->IsTCP()); %} -## Checks whether a given :bro:type:`port` has UDP as transport protocol. +## Checks whether a given :zeek:type:`port` has UDP as transport protocol. ## -## p: The :bro:type:`port` to check. +## p: The :zeek:type:`port` to check. ## ## Returns: True iff *p* is a UDP port. ## -## .. bro:see:: is_icmp_port is_tcp_port +## .. zeek:see:: is_icmp_port is_tcp_port function is_udp_port%(p: port%): bool %{ return val_mgr->GetBool(p->IsUDP()); %} -## Checks whether a given :bro:type:`port` has ICMP as transport protocol. +## Checks whether a given :zeek:type:`port` has ICMP as transport protocol. ## -## p: The :bro:type:`port` to check. +## p: The :zeek:type:`port` to check. ## ## Returns: True iff *p* is an ICMP port. ## -## .. bro:see:: is_tcp_port is_udp_port +## .. zeek:see:: is_tcp_port is_udp_port function is_icmp_port%(p: port%): bool %{ return val_mgr->GetBool(p->IsICMP()); @@ -3251,7 +3251,7 @@ EnumVal* map_conn_type(TransportProto tp) ## ## Returns: The transport protocol of the connection identified by *cid*. ## -## .. bro:see:: get_port_transport_proto +## .. zeek:see:: get_port_transport_proto ## get_orig_seq get_resp_seq function get_conn_transport_proto%(cid: conn_id%): transport_proto %{ @@ -3265,13 +3265,13 @@ function get_conn_transport_proto%(cid: conn_id%): transport_proto return map_conn_type(c->ConnTransport()); %} -## Extracts the transport protocol from a :bro:type:`port`. +## Extracts the transport protocol from a :zeek:type:`port`. ## ## p: The port. ## ## Returns: The transport protocol of the port *p*. ## -## .. bro:see:: get_conn_transport_proto +## .. zeek:see:: get_conn_transport_proto ## get_orig_seq get_resp_seq function get_port_transport_proto%(p: port%): transport_proto %{ @@ -3284,7 +3284,7 @@ function get_port_transport_proto%(p: port%): transport_proto ## ## Returns: True if the connection identified by *c* exists. ## -## .. bro:see:: lookup_connection +## .. zeek:see:: lookup_connection function connection_exists%(c: conn_id%): bool %{ if ( sessions->FindConnection(c) ) @@ -3293,15 +3293,15 @@ function connection_exists%(c: conn_id%): bool return val_mgr->GetBool(0); %} -## Returns the :bro:type:`connection` record for a given connection identifier. +## Returns the :zeek:type:`connection` record for a given connection identifier. ## ## cid: The connection ID. ## -## Returns: The :bro:type:`connection` record for *cid*. If *cid* does not point +## Returns: The :zeek:type:`connection` record for *cid*. If *cid* does not point ## to an existing connection, the function generates a run-time error ## and returns a dummy value. ## -## .. bro:see:: connection_exists +## .. zeek:see:: connection_exists function lookup_connection%(cid: conn_id%): connection %{ Connection* conn = sessions->FindConnection(cid); @@ -3361,7 +3361,7 @@ const char* conn_id_string(Val* c) ## ## Returns: True on success. ## -## .. bro:see:: dump_packet get_current_packet send_current_packet +## .. zeek:see:: dump_packet get_current_packet send_current_packet function dump_current_packet%(file_name: string%) : bool %{ const Packet* pkt; @@ -3392,7 +3392,7 @@ function dump_current_packet%(file_name: string%) : bool ## Returns: The currently processed packet, which is a record ## containing the timestamp, ``snaplen``, and packet data. ## -## .. bro:see:: dump_current_packet dump_packet send_current_packet +## .. zeek:see:: dump_current_packet dump_packet send_current_packet function get_current_packet%(%) : pcap_packet %{ const Packet* p; @@ -3422,10 +3422,10 @@ function get_current_packet%(%) : pcap_packet ## Function to get the raw headers of the currently processed packet. ## -## Returns: The :bro:type:`raw_pkt_hdr` record containing the Layer 2, 3 and +## Returns: The :zeek:type:`raw_pkt_hdr` record containing the Layer 2, 3 and ## 4 headers of the currently processed packet. ## -## .. bro:see:: raw_pkt_hdr get_current_packet +## .. zeek:see:: raw_pkt_hdr get_current_packet function get_current_packet_header%(%) : raw_pkt_hdr %{ const Packet* p; @@ -3448,7 +3448,7 @@ function get_current_packet_header%(%) : raw_pkt_hdr ## ## Returns: True on success ## -## .. bro:see:: get_current_packet dump_current_packet send_current_packet +## .. zeek:see:: get_current_packet dump_current_packet send_current_packet function dump_packet%(pkt: pcap_packet, file_name: string%) : bool %{ if ( addl_pkt_dumper && addl_pkt_dumper->Path() != file_name->CheckString()) @@ -3555,7 +3555,7 @@ private: ## ## Returns: The DNS name of *host*. ## -## .. bro:see:: lookup_hostname +## .. zeek:see:: lookup_hostname function lookup_addr%(host: addr%) : string %{ // FIXME: It should be easy to adapt the function to synchronous @@ -3584,7 +3584,7 @@ function lookup_addr%(host: addr%) : string ## ## Returns: The DNS TXT record associated with *host*. ## -## .. bro:see:: lookup_hostname +## .. zeek:see:: lookup_hostname function lookup_hostname_txt%(host: string%) : string %{ // FIXME: Is should be easy to adapt the function to synchronous @@ -3613,7 +3613,7 @@ function lookup_hostname_txt%(host: string%) : string ## ## Returns: A set of DNS A and AAAA records associated with *host*. ## -## .. bro:see:: lookup_addr +## .. zeek:see:: lookup_addr function lookup_hostname%(host: string%) : addr_set %{ // FIXME: Is should be easy to adapt the function to synchronous @@ -3945,7 +3945,7 @@ static bool mmdb_try_open_asn () ## ## Returns: A boolean indicating whether the db was successfully opened. ## -## .. bro:see:: lookup_asn +## .. zeek:see:: lookup_asn function mmdb_open_location_db%(f: string%) : bool %{ #ifdef USE_GEOIP @@ -3962,7 +3962,7 @@ function mmdb_open_location_db%(f: string%) : bool ## ## Returns: A boolean indicating whether the db was successfully opened. ## -## .. bro:see:: lookup_asn +## .. zeek:see:: lookup_asn function mmdb_open_asn_db%(f: string%) : bool %{ #ifdef USE_GEOIP @@ -3979,7 +3979,7 @@ function mmdb_open_asn_db%(f: string%) : bool ## ## Returns: A record with country, region, city, latitude, and longitude. ## -## .. bro:see:: lookup_asn +## .. zeek:see:: lookup_asn function lookup_location%(a: addr%) : geo_location %{ RecordVal* location = new RecordVal(geo_location); @@ -4064,7 +4064,7 @@ function lookup_location%(a: addr%) : geo_location ## ## Returns: The number of the ASN that contains *a*. ## -## .. bro:see:: lookup_location +## .. zeek:see:: lookup_location function lookup_asn%(a: addr%) : count %{ #ifdef USE_GEOIP @@ -4128,7 +4128,7 @@ function lookup_asn%(a: addr%) : count ## ## Returns: Distance in miles. ## -## .. bro:see:: haversine_distance_ip +## .. zeek:see:: haversine_distance_ip function haversine_distance%(lat1: double, long1: double, lat2: double, long2: double%): double %{ const double PI = 3.14159; @@ -4254,7 +4254,7 @@ function file_mode%(mode: count%): string ## Returns: True if the connection identified by *cid* exists and has analyzer ## *aid*. ## -## .. bro:see:: Analyzer::schedule_analyzer Analyzer::name +## .. zeek:see:: Analyzer::schedule_analyzer Analyzer::name function disable_analyzer%(cid: conn_id, aid: count, err_if_no_conn: bool &default=T%) : bool %{ Connection* c = sessions->FindConnection(cid); @@ -4289,7 +4289,7 @@ function disable_analyzer%(cid: conn_id, aid: count, err_if_no_conn: bool &defau ## .. note:: ## ## Bro will still generate connection-oriented events such as -## :bro:id:`connection_finished`. +## :zeek:id:`connection_finished`. function skip_further_processing%(cid: conn_id%): bool %{ Connection* c = sessions->FindConnection(cid); @@ -4311,15 +4311,15 @@ function skip_further_processing%(cid: conn_id%): bool ## Returns: False if *cid* does not point to an active connection, and true ## otherwise. ## -## .. bro:see:: skip_further_processing +## .. zeek:see:: skip_further_processing ## ## .. note:: ## ## This is independent of whether Bro processes the packets of this ## connection, which is controlled separately by -## :bro:id:`skip_further_processing`. +## :zeek:id:`skip_further_processing`. ## -## .. bro:see:: get_contents_file set_contents_file +## .. zeek:see:: get_contents_file set_contents_file function set_record_packets%(cid: conn_id, do_record: bool%): bool %{ Connection* c = sessions->FindConnection(cid); @@ -4357,13 +4357,13 @@ function set_inactivity_timeout%(cid: conn_id, t: interval%): interval # =========================================================================== ## Opens a file for writing. If a file with the same name already exists, this -## function overwrites it (as opposed to :bro:id:`open_for_append`). +## function overwrites it (as opposed to :zeek:id:`open_for_append`). ## ## f: The path to the file. ## -## Returns: A :bro:type:`file` handle for subsequent operations. +## Returns: A :zeek:type:`file` handle for subsequent operations. ## -## .. bro:see:: active_file open_for_append close write_file +## .. zeek:see:: active_file open_for_append close write_file ## get_file_name set_buf flush_all mkdir enable_raw_output ## rmdir unlink rename function open%(f: string%): file @@ -4377,13 +4377,13 @@ function open%(f: string%): file %} ## Opens a file for writing or appending. If a file with the same name already -## exists, this function appends to it (as opposed to :bro:id:`open`). +## exists, this function appends to it (as opposed to :zeek:id:`open`). ## ## f: The path to the file. ## -## Returns: A :bro:type:`file` handle for subsequent operations. +## Returns: A :zeek:type:`file` handle for subsequent operations. ## -## .. bro:see:: active_file open close write_file +## .. zeek:see:: active_file open close write_file ## get_file_name set_buf flush_all mkdir enable_raw_output ## rmdir unlink rename function open_for_append%(f: string%): file @@ -4393,11 +4393,11 @@ function open_for_append%(f: string%): file ## Closes an open file and flushes any buffered content. ## -## f: A :bro:type:`file` handle to an open file. +## f: A :zeek:type:`file` handle to an open file. ## ## Returns: True on success. ## -## .. bro:see:: active_file open open_for_append write_file +## .. zeek:see:: active_file open open_for_append write_file ## get_file_name set_buf flush_all mkdir enable_raw_output ## rmdir unlink rename function close%(f: file%): bool @@ -4407,13 +4407,13 @@ function close%(f: file%): bool ## Writes data to an open file. ## -## f: A :bro:type:`file` handle to an open file. +## f: A :zeek:type:`file` handle to an open file. ## ## data: The data to write to *f*. ## ## Returns: True on success. ## -## .. bro:see:: active_file open open_for_append close +## .. zeek:see:: active_file open open_for_append close ## get_file_name set_buf flush_all mkdir enable_raw_output ## rmdir unlink rename function write_file%(f: file, data: string%): bool @@ -4426,14 +4426,14 @@ function write_file%(f: file, data: string%): bool ## Alters the buffering behavior of a file. ## -## f: A :bro:type:`file` handle to an open file. +## f: A :zeek:type:`file` handle to an open file. ## ## buffered: When true, *f* is fully buffered, i.e., bytes are saved in a ## buffer until the block size has been reached. When ## false, *f* is line buffered, i.e., bytes are saved up until a ## newline occurs. ## -## .. bro:see:: active_file open open_for_append close +## .. zeek:see:: active_file open open_for_append close ## get_file_name write_file flush_all mkdir enable_raw_output ## rmdir unlink rename function set_buf%(f: file, buffered: bool%): any @@ -4446,7 +4446,7 @@ function set_buf%(f: file, buffered: bool%): any ## ## Returns: True on success. ## -## .. bro:see:: active_file open open_for_append close +## .. zeek:see:: active_file open open_for_append close ## get_file_name write_file set_buf mkdir enable_raw_output ## rmdir unlink rename function flush_all%(%): bool @@ -4461,7 +4461,7 @@ function flush_all%(%): bool ## Returns: True if the operation succeeds or if *f* already exists, ## and false if the file creation fails. ## -## .. bro:see:: active_file open_for_append close write_file +## .. zeek:see:: active_file open_for_append close write_file ## get_file_name set_buf flush_all enable_raw_output ## rmdir unlink rename function mkdir%(f: string%): bool @@ -4493,7 +4493,7 @@ function mkdir%(f: string%): bool ## Returns: True if the operation succeeds, and false if the ## directory delete operation fails. ## -## .. bro:see:: active_file open_for_append close write_file +## .. zeek:see:: active_file open_for_append close write_file ## get_file_name set_buf flush_all enable_raw_output ## mkdir unlink rename function rmdir%(d: string%): bool @@ -4517,7 +4517,7 @@ function rmdir%(d: string%): bool ## Returns: True if the operation succeeds and the file was deleted, ## and false if the deletion fails. ## -## .. bro:see:: active_file open_for_append close write_file +## .. zeek:see:: active_file open_for_append close write_file ## get_file_name set_buf flush_all enable_raw_output ## mkdir rmdir rename function unlink%(f: string%): bool @@ -4542,7 +4542,7 @@ function unlink%(f: string%): bool ## ## Returns: True if the rename succeeds and false otherwise. ## -## .. bro:see:: active_file open_for_append close write_file +## .. zeek:see:: active_file open_for_append close write_file ## get_file_name set_buf flush_all enable_raw_output ## mkdir rmdir unlink function rename%(src_f: string, dst_f: string%): bool @@ -4564,7 +4564,7 @@ function rename%(src_f: string, dst_f: string%): bool ## ## f: The file to check. ## -## Returns: True if *f* is an open :bro:type:`file`. +## Returns: True if *f* is an open :zeek:type:`file`. ## ## .. todo:: Rename to ``is_open``. function active_file%(f: file%): bool @@ -4578,7 +4578,7 @@ function active_file%(f: file%): bool ## ## Returns: The filename associated with *f*. ## -## .. bro:see:: open +## .. zeek:see:: open function get_file_name%(f: file%): string %{ if ( ! f ) @@ -4594,7 +4594,7 @@ function get_file_name%(f: file%): string ## Returns: Rotation statistics which include the original file name, the name ## after the rotation, and the time when *f* was opened/closed. ## -## .. bro:see:: rotate_file_by_name calc_next_rotate +## .. zeek:see:: rotate_file_by_name calc_next_rotate function rotate_file%(f: file%): rotate_info %{ RecordVal* info = f->Rotate(); @@ -4618,7 +4618,7 @@ function rotate_file%(f: file%): rotate_info ## Returns: Rotation statistics which include the original file name, the name ## after the rotation, and the time when *f* was opened/closed. ## -## .. bro:see:: rotate_file calc_next_rotate +## .. zeek:see:: rotate_file calc_next_rotate function rotate_file_by_name%(f: string%): rotate_info %{ RecordVal* info = new RecordVal(rotate_info); @@ -4672,7 +4672,7 @@ function rotate_file_by_name%(f: string%): rotate_info ## ## Returns: The duration until the next file rotation time. ## -## .. bro:see:: rotate_file rotate_file_by_name +## .. zeek:see:: rotate_file rotate_file_by_name function calc_next_rotate%(i: interval%) : interval %{ const char* base_time = log_rotate_base_time ? @@ -4697,16 +4697,16 @@ function file_size%(f: string%) : double return new Val(double(s.st_size), TYPE_DOUBLE); %} -## Disables sending :bro:id:`print_hook` events to remote peers for a given +## Disables sending :zeek:id:`print_hook` events to remote peers for a given ## file. In a ## distributed setup, communicating Bro instances generate the event -## :bro:id:`print_hook` for each print statement and send it to the remote +## :zeek:id:`print_hook` for each print statement and send it to the remote ## side. When disabled for a particular file, these events will not be ## propagated to other peers. ## -## f: The file to disable :bro:id:`print_hook` events for. +## f: The file to disable :zeek:id:`print_hook` events for. ## -## .. bro:see:: enable_raw_output +## .. zeek:see:: enable_raw_output function disable_print_hook%(f: file%): any %{ f->DisablePrintHook(); @@ -4714,11 +4714,11 @@ function disable_print_hook%(f: file%): any %} ## Prevents escaping of non-ASCII characters when writing to a file. -## This function is equivalent to :bro:attr:`&raw_output`. +## This function is equivalent to :zeek:attr:`&raw_output`. ## ## f: The file to disable raw output for. ## -## .. bro:see:: disable_print_hook +## .. zeek:see:: disable_print_hook function enable_raw_output%(f: file%): any %{ f->EnableRawOutput(); @@ -4745,7 +4745,7 @@ function enable_raw_output%(f: file%): any ## ## Returns: True (unconditionally). ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -4775,7 +4775,7 @@ function install_src_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b ## ## Returns: True (unconditionally). ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## uninstall_src_addr_filter @@ -4799,7 +4799,7 @@ function install_src_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## ## Returns: True on success. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4820,7 +4820,7 @@ function uninstall_src_addr_filter%(ip: addr%) : bool ## ## Returns: True on success. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4850,7 +4850,7 @@ function uninstall_src_net_filter%(snet: subnet%) : bool ## ## Returns: True (unconditionally). ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4880,7 +4880,7 @@ function install_dst_addr_filter%(ip: addr, tcp_flags: count, prob: double%) : b ## ## Returns: True (unconditionally). ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4904,7 +4904,7 @@ function install_dst_net_filter%(snet: subnet, tcp_flags: count, prob: double%) ## ## Returns: True on success. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4925,7 +4925,7 @@ function uninstall_dst_addr_filter%(ip: addr%) : bool ## ## Returns: True on success. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter @@ -4966,13 +4966,13 @@ function enable_communication%(%): any &deprecated return 0; %} -## Flushes in-memory state tagged with the :bro:attr:`&persistent` attribute +## Flushes in-memory state tagged with the :zeek:attr:`&persistent` attribute ## to disk. The function writes the state to the file ``.state/state.bst`` in ## the directory where Bro was started. ## ## Returns: True on success. ## -## .. bro:see:: rescan_state +## .. zeek:see:: rescan_state function checkpoint_state%(%) : bool %{ return val_mgr->GetBool(persistence_serializer->WriteState(true)); @@ -4980,11 +4980,11 @@ function checkpoint_state%(%) : bool ## Reads persistent state and populates the in-memory data structures ## accordingly. Persistent state is read from the ``.state`` directory. -## This function is the dual to :bro:id:`checkpoint_state`. +## This function is the dual to :zeek:id:`checkpoint_state`. ## ## Returns: True on success. ## -## .. bro:see:: checkpoint_state +## .. zeek:see:: checkpoint_state function rescan_state%(%) : bool %{ return val_mgr->GetBool(persistence_serializer->ReadAll(false, true)); @@ -4997,7 +4997,7 @@ function rescan_state%(%) : bool ## ## Returns: True if opening the target file succeeds. ## -## .. bro:see:: capture_state_updates +## .. zeek:see:: capture_state_updates function capture_events%(filename: string%) : bool %{ if ( ! event_serializer ) @@ -5009,14 +5009,14 @@ function capture_events%(filename: string%) : bool (const char*) filename->CheckString())); %} -## Writes state updates generated by :bro:attr:`&synchronized` variables to a +## Writes state updates generated by :zeek:attr:`&synchronized` variables to a ## file. ## ## filename: The name of the file which stores the state updates. ## ## Returns: True if opening the target file succeeds. ## -## .. bro:see:: capture_events +## .. zeek:see:: capture_events function capture_state_updates%(filename: string%) : bool %{ if ( ! state_serializer ) @@ -5049,7 +5049,7 @@ function capture_state_updates%(filename: string%) : bool ## ## Returns: A locally unique ID of the new peer. ## -## .. bro:see:: disconnect +## .. zeek:see:: disconnect ## listen ## request_remote_events ## request_remote_sync @@ -5068,11 +5068,11 @@ function connect%(ip: addr, zone_id: string, p: port, our_class: string, retry: ## Terminate the connection with a peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## Returns: True on success. ## -## .. bro:see:: connect listen +## .. zeek:see:: connect listen function disconnect%(p: event_peer%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5082,13 +5082,13 @@ function disconnect%(p: event_peer%) : bool &deprecated ## Subscribes to all events from a remote peer whose names match a given ## pattern. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## handlers: The pattern describing the events to request from peer *p*. ## ## Returns: True on success. ## -## .. bro:see:: request_remote_sync +## .. zeek:see:: request_remote_sync ## request_remote_logs ## set_accept_state function request_remote_events%(p: event_peer, handlers: pattern%) : bool &deprecated @@ -5099,14 +5099,14 @@ function request_remote_events%(p: event_peer, handlers: pattern%) : bool &depre ## Requests synchronization of IDs with a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## auth: If true, the local instance considers its current state authoritative ## and sends it to *p* right after the handshake. ## ## Returns: True on success. ## -## .. bro:see:: request_remote_events +## .. zeek:see:: request_remote_events ## request_remote_logs ## set_accept_state function request_remote_sync%(p: event_peer, auth: bool%) : bool &deprecated @@ -5117,11 +5117,11 @@ function request_remote_sync%(p: event_peer, auth: bool%) : bool &deprecated ## Requests logs from a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## Returns: True on success. ## -## .. bro:see:: request_remote_events +## .. zeek:see:: request_remote_events ## request_remote_sync function request_remote_logs%(p: event_peer%) : bool &deprecated %{ @@ -5131,13 +5131,13 @@ function request_remote_logs%(p: event_peer%) : bool &deprecated ## Sets a boolean flag indicating whether Bro accepts state from a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## accept: True if Bro accepts state from peer *p*, or false otherwise. ## ## Returns: True on success. ## -## .. bro:see:: request_remote_events +## .. zeek:see:: request_remote_events ## request_remote_sync ## set_compression_level function set_accept_state%(p: event_peer, accept: bool%) : bool &deprecated @@ -5148,14 +5148,14 @@ function set_accept_state%(p: event_peer, accept: bool%) : bool &deprecated ## Sets the compression level of the session with a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## level: Allowed values are in the range *[0, 9]*, where 0 is the default and ## means no compression. ## ## Returns: True on success. ## -## .. bro:see:: set_accept_state +## .. zeek:see:: set_accept_state function set_compression_level%(p: event_peer, level: count%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5181,7 +5181,7 @@ function set_compression_level%(p: event_peer, level: count%) : bool &deprecated ## ## Returns: True on success. ## -## .. bro:see:: connect disconnect +## .. zeek:see:: connect disconnect function listen%(ip: addr, p: port, ssl: bool, ipv6: bool, zone_id: string, retry_interval: interval%) : bool &deprecated %{ return val_mgr->GetBool(remote_serializer->Listen(ip->AsAddr(), p->Port(), ssl, ipv6, zone_id->CheckString(), retry_interval)); @@ -5197,11 +5197,11 @@ function is_remote_event%(%) : bool ## Sends all persistent state to a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## Returns: True on success. ## -## .. bro:see:: send_id send_ping send_current_packet send_capture_filter +## .. zeek:see:: send_id send_ping send_current_packet send_capture_filter function send_state%(p: event_peer%) : bool %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5211,13 +5211,13 @@ function send_state%(p: event_peer%) : bool ## Sends a global identifier to a remote peer, which then might install it ## locally. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## id: The identifier to send. ## ## Returns: True on success. ## -## .. bro:see:: send_state send_ping send_current_packet send_capture_filter +## .. zeek:see:: send_state send_ping send_current_packet send_capture_filter function send_id%(p: event_peer, id: string%) : bool &deprecated %{ RemoteSerializer::PeerID pid = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5245,7 +5245,7 @@ function terminate_communication%(%) : bool &deprecated ## Signals a remote peer that the local Bro instance finished the initial ## handshake. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## Returns: True on success. function complete_handshake%(p: event_peer%) : bool &deprecated @@ -5255,16 +5255,16 @@ function complete_handshake%(p: event_peer%) : bool &deprecated %} ## Sends a ping event to a remote peer. In combination with an event handler -## for :bro:id:`remote_pong`, this function can be used to measure latency +## for :zeek:id:`remote_pong`, this function can be used to measure latency ## between two peers. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## -## seq: A sequence number (also included by :bro:id:`remote_pong`). +## seq: A sequence number (also included by :zeek:id:`remote_pong`). ## ## Returns: True if sending the ping succeeds. ## -## .. bro:see:: send_state send_id send_current_packet send_capture_filter +## .. zeek:see:: send_state send_id send_current_packet send_capture_filter function send_ping%(p: event_peer, seq: count%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5273,11 +5273,11 @@ function send_ping%(p: event_peer, seq: count%) : bool &deprecated ## Sends the currently processed packet to a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## Returns: True if sending the packet succeeds. ## -## .. bro:see:: send_id send_state send_ping send_capture_filter +## .. zeek:see:: send_id send_state send_ping send_capture_filter ## dump_packet dump_current_packet get_current_packet function send_current_packet%(p: event_peer%) : bool &deprecated %{ @@ -5301,7 +5301,7 @@ function send_current_packet%(p: event_peer%) : bool &deprecated ## ## Returns: The ID of the peer who generated the last event. ## -## .. bro:see:: get_local_event_peer +## .. zeek:see:: get_local_event_peer function get_event_peer%(%) : event_peer &deprecated %{ SourceID src = mgr.CurrentSource(); @@ -5340,7 +5340,7 @@ function get_event_peer%(%) : event_peer &deprecated ## ## Returns: The peer ID of the local Bro instance. ## -## .. bro:see:: get_event_peer +## .. zeek:see:: get_event_peer function get_local_event_peer%(%) : event_peer &deprecated %{ RecordVal* p = mgr.GetLocalPeerVal(); @@ -5350,13 +5350,13 @@ function get_local_event_peer%(%) : event_peer &deprecated ## Sends a capture filter to a remote peer. ## -## p: The peer ID returned from :bro:id:`connect`. +## p: The peer ID returned from :zeek:id:`connect`. ## ## s: The capture filter. ## ## Returns: True if sending the packet succeeds. ## -## .. bro:see:: send_id send_state send_ping send_current_packet +## .. zeek:see:: send_id send_state send_ping send_current_packet function send_capture_filter%(p: event_peer, s: string%) : bool &deprecated %{ RemoteSerializer::PeerID id = p->AsRecordVal()->Lookup(0)->AsCount(); @@ -5367,7 +5367,7 @@ function send_capture_filter%(p: event_peer, s: string%) : bool &deprecated ## distributed trace processing with communication enabled ## (*pseudo-realtime* mode). ## -## .. bro:see:: continue_processing suspend_state_updates resume_state_updates +## .. zeek:see:: continue_processing suspend_state_updates resume_state_updates function suspend_processing%(%) : any %{ net_suspend_processing(); @@ -5376,16 +5376,16 @@ function suspend_processing%(%) : any ## Resumes Bro's packet processing. ## -## .. bro:see:: suspend_processing suspend_state_updates resume_state_updates +## .. zeek:see:: suspend_processing suspend_state_updates resume_state_updates function continue_processing%(%) : any %{ net_continue_processing(); return 0; %} -## Stops propagating :bro:attr:`&synchronized` accesses. +## Stops propagating :zeek:attr:`&synchronized` accesses. ## -## .. bro:see:: suspend_processing continue_processing resume_state_updates +## .. zeek:see:: suspend_processing continue_processing resume_state_updates function suspend_state_updates%(%) : any &deprecated %{ if ( remote_serializer ) @@ -5393,9 +5393,9 @@ function suspend_state_updates%(%) : any &deprecated return 0; %} -## Resumes propagating :bro:attr:`&synchronized` accesses. +## Resumes propagating :zeek:attr:`&synchronized` accesses. ## -## .. bro:see:: suspend_processing continue_processing suspend_state_updates +## .. zeek:see:: suspend_processing continue_processing suspend_state_updates function resume_state_updates%(%) : any &deprecated %{ if ( remote_serializer ) @@ -5442,7 +5442,7 @@ function match_signatures%(c: connection, pattern_type: int, s: string, ## ## width: The number of bits from the top that should remain intact. ## -## .. bro:see:: preserve_subnet anonymize_addr +## .. zeek:see:: preserve_subnet anonymize_addr ## ## .. todo:: Currently dysfunctional. function preserve_prefix%(a: addr, width: count%): any @@ -5468,7 +5468,7 @@ function preserve_prefix%(a: addr, width: count%): any ## ## a: The subnet to preserve. ## -## .. bro:see:: preserve_prefix anonymize_addr +## .. zeek:see:: preserve_prefix anonymize_addr ## ## .. todo:: Currently dysfunctional. function preserve_subnet%(a: subnet%): any @@ -5504,7 +5504,7 @@ function preserve_subnet%(a: subnet%): any ## ## Returns: An anonymized version of *a*. ## -## .. bro:see:: preserve_prefix preserve_subnet +## .. zeek:see:: preserve_prefix preserve_subnet ## ## .. todo:: Currently dysfunctional. function anonymize_addr%(a: addr, cl: IPAddrAnonymizationClass%): addr diff --git a/src/broker/data.bif b/src/broker/data.bif index 2f6dc2cd77..53ce5d506c 100644 --- a/src/broker/data.bif +++ b/src/broker/data.bif @@ -7,7 +7,7 @@ module Broker; -## Enumerates the possible types that :bro:see:`Broker::Data` may be in +## Enumerates the possible types that :zeek:see:`Broker::Data` may be in ## terms of Bro data types. enum DataType %{ NONE, diff --git a/src/broker/messaging.bif b/src/broker/messaging.bif index ec7696c752..807cefa3fc 100644 --- a/src/broker/messaging.bif +++ b/src/broker/messaging.bif @@ -74,7 +74,7 @@ module Broker; type Broker::Event: record; ## Create a data structure that may be used to send a remote event via -## :bro:see:`Broker::publish`. +## :zeek:see:`Broker::publish`. ## ## args: an event, followed by a list of argument values that may be used ## to call it. @@ -93,7 +93,7 @@ function Broker::make_event%(...%): Broker::Event ## topic: a topic associated with the event message. ## ## args: Either the event arguments as already made by -## :bro:see:`Broker::make_event` or the argument list to pass along +## :zeek:see:`Broker::make_event` or the argument list to pass along ## to it. ## ## Returns: true if the message is sent. @@ -172,7 +172,7 @@ type Cluster::Pool: record; ## script like "Intel::cluster_rr_key". ## ## args: Either the event arguments as already made by -## :bro:see:`Broker::make_event` or the argument list to pass along +## :zeek:see:`Broker::make_event` or the argument list to pass along ## to it. ## ## Returns: true if the message is sent. @@ -215,7 +215,7 @@ function Cluster::publish_rr%(pool: Pool, key: string, ...%): bool ## distribute keys among available nodes. ## ## args: Either the event arguments as already made by -## :bro:see:`Broker::make_event` or the argument list to pass along +## :zeek:see:`Broker::make_event` or the argument list to pass along ## to it. ## ## Returns: true if the message is sent. diff --git a/src/event.bif b/src/event.bif index 2cab61752c..3505c686a5 100644 --- a/src/event.bif +++ b/src/event.bif @@ -24,7 +24,7 @@ # # - Parameters # -# - .. bro:see:: +# - .. zeek:see:: # # - .. note:: # @@ -35,12 +35,12 @@ ## one-time initialization code at startup. At the time a handler runs, Zeek will ## have executed any global initializations and statements. ## -## .. bro:see:: zeek_done +## .. zeek:see:: zeek_done ## ## .. note:: ## ## When a ``zeek_init`` handler executes, Zeek has not yet seen any input -## packets and therefore :bro:id:`network_time` is not initialized yet. An +## packets and therefore :zeek:id:`network_time` is not initialized yet. An ## artifact of that is that any timer installed in a ``zeek_init`` handler ## will fire immediately with the first packet. The standard way to work ## around that is to ignore the first time the timer fires and immediately @@ -48,9 +48,7 @@ ## event zeek_init%(%); -## Deprecated synonym for ``zeek_init``. -## -## .. bro:see: zeek_init +## Deprecated synonym for :zeek:see:`zeek_init`. event bro_init%(%) &deprecated; ## Generated at Zeek termination time. The event engine generates this event when @@ -58,17 +56,15 @@ event bro_init%(%) &deprecated; ## trace file(s), receiving a termination signal, or because Zeek was run without ## a network input source and has finished executing any global statements. ## -## .. bro:see:: zeek_init +## .. zeek:see:: zeek_init ## ## .. note:: ## -## If Zeek terminates due to an invocation of :bro:id:`exit`, then this event +## If Zeek terminates due to an invocation of :zeek:id:`exit`, then this event ## is not generated. event zeek_done%(%); -## Deprecated synonym for ``zeek_done``. -## -## .. bro:see: zeek_done +## Deprecated synonym for :zeek:see:`zeek_done`. event bro_done%(%) &deprecated; ## Generated for every new connection. This event is raised with the first @@ -78,7 +74,7 @@ event bro_done%(%) &deprecated; ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -108,12 +104,12 @@ event tunnel_changed%(c: connection, e: EncapsulatingConnVector%); ## Generated when a TCP connection timed out. This event is raised when ## no activity was seen for an interval of at least -## :bro:id:`tcp_connection_linger`, and either one endpoint has already +## :zeek:id:`tcp_connection_linger`, and either one endpoint has already ## closed the connection or one side never became active. ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -125,7 +121,7 @@ event tunnel_changed%(c: connection, e: EncapsulatingConnVector%); ## ## The precise semantics of this event can be unintuitive as it only ## covers a subset of cases where a connection times out. Often, handling -## :bro:id:`connection_state_remove` is the better option. That one will be +## :zeek:id:`connection_state_remove` is the better option. That one will be ## generated reliably when an interval of ``tcp_inactivity_timeout`` has ## passed without any activity seen (but also for all other ways a ## connection may terminate). @@ -140,7 +136,7 @@ event connection_timeout%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -155,7 +151,7 @@ event connection_state_remove%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_state_remove @@ -169,7 +165,7 @@ event connection_reused%(c: connection%); ## ## c: The connection. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -188,7 +184,7 @@ event connection_status_update%(c: connection%); ## ## new_label: The new flow label that the endpoint is using. ## -## .. bro:see:: connection_established new_connection +## .. zeek:see:: connection_established new_connection event connection_flow_label_changed%(c: connection, is_orig: bool, old_label: count, new_label: count%); ## Generated for a new connection received from the communication subsystem. @@ -208,11 +204,11 @@ event connection_external%(c: connection, tag: string%); ## ## u: The connection record for the corresponding UDP flow. ## -## .. bro:see:: udp_contents udp_reply udp_request +## .. zeek:see:: udp_contents udp_reply udp_request event udp_session_done%(u: connection%); ## Generated when a connection is seen that is marked as being expected. -## The function :bro:id:`Analyzer::schedule_analyzer` tells Bro to expect a +## The function :zeek:id:`Analyzer::schedule_analyzer` tells Bro to expect a ## particular connection to come up, and which analyzer to associate with it. ## Once the first packet of such a connection is indeed seen, this event is ## raised. @@ -220,11 +216,11 @@ event udp_session_done%(u: connection%); ## c: The connection. ## ## a: The analyzer that was scheduled for the connection with the -## :bro:id:`Analyzer::schedule_analyzer` call. When the event is raised, that +## :zeek:id:`Analyzer::schedule_analyzer` call. When the event is raised, that ## analyzer will already have been activated to process the connection. The ## ``count`` is one of the ``ANALYZER_*`` constants, e.g., ``ANALYZER_HTTP``. ## -## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt +## .. zeek:see:: connection_EOF connection_SYN_packet connection_attempt ## connection_established connection_external connection_finished ## connection_first_ACK connection_half_finished connection_partial_close ## connection_pending connection_rejected connection_reset connection_reused @@ -243,11 +239,11 @@ event scheduled_analyzer_applied%(c: connection, a: Analyzer::Tag%); ## ## p: Information from the header of the packet that triggered the event. ## -## .. bro:see:: new_packet packet_contents +## .. zeek:see:: new_packet packet_contents event raw_packet%(p: raw_pkt_hdr%); ## Generated for all packets that make it into Bro's connection processing. In -## contrast to :bro:id:`raw_packet` this filters out some more packets that don't +## contrast to :zeek:id:`raw_packet` this filters out some more packets that don't ## pass certain sanity checks. ## ## This is a very low-level and expensive event that should be avoided when at all @@ -259,7 +255,7 @@ event raw_packet%(p: raw_pkt_hdr%); ## ## p: Information from the header of the packet that triggered the event. ## -## .. bro:see:: tcp_packet packet_contents raw_packet +## .. zeek:see:: tcp_packet packet_contents raw_packet event new_packet%(c: connection, p: pkt_hdr%); ## Generated for every IPv6 packet that contains extension headers. @@ -270,7 +266,7 @@ event new_packet%(c: connection, p: pkt_hdr%); ## ## p: Information from the header of the packet that triggered the event. ## -## .. bro:see:: new_packet tcp_packet packet_contents esp_packet +## .. zeek:see:: new_packet tcp_packet packet_contents esp_packet event ipv6_ext_headers%(c: connection, p: pkt_hdr%); ## Generated for any packets using the IPv6 Encapsulating Security Payload (ESP) @@ -278,35 +274,35 @@ event ipv6_ext_headers%(c: connection, p: pkt_hdr%); ## ## p: Information from the header of the packet that triggered the event. ## -## .. bro:see:: new_packet tcp_packet ipv6_ext_headers +## .. zeek:see:: new_packet tcp_packet ipv6_ext_headers event esp_packet%(p: pkt_hdr%); ## Generated for any packet using a Mobile IPv6 Mobility Header. ## ## p: Information from the header of the packet that triggered the event. ## -## .. bro:see:: new_packet tcp_packet ipv6_ext_headers +## .. zeek:see:: new_packet tcp_packet ipv6_ext_headers event mobile_ipv6_message%(p: pkt_hdr%); ## Generated for every packet that has a non-empty transport-layer payload. ## This is a very low-level and expensive event that should be avoided when ## at all possible. It's usually infeasible to handle when processing even ## medium volumes of traffic in real-time. It's even worse than -## :bro:id:`new_packet`. That said, if you work from a trace and want to +## :zeek:id:`new_packet`. That said, if you work from a trace and want to ## do some packet-level analysis, it may come in handy. ## ## c: The connection the packet is part of. ## ## contents: The raw transport-layer payload. ## -## .. bro:see:: new_packet tcp_packet +## .. zeek:see:: new_packet tcp_packet event packet_contents%(c: connection, contents: string%); ## Generated when Bro detects a TCP retransmission inconsistency. When ## reassembling a TCP stream, Bro buffers all payload until it sees the ## responder acking it. If during that time, the sender resends a chunk of ## payload but with different content than originally, this event will be -## raised. In addition, if :bro:id:`tcp_max_old_segments` is larger than zero, +## raised. In addition, if :zeek:id:`tcp_max_old_segments` is larger than zero, ## mismatches with that older still-buffered data will likewise trigger the event. ## ## c: The connection showing the inconsistency. @@ -321,7 +317,7 @@ event packet_contents%(c: connection, contents: string%); ## ``A`` -> ACK; ``P`` -> PUSH. This string will not always be set, ## only if the information is available; it's "best effort". ## -## .. bro:see:: tcp_rexmit tcp_contents +## .. zeek:see:: tcp_rexmit tcp_contents event rexmit_inconsistency%(c: connection, t1: string, t2: string, tcp_flags: string%); ## Generated when Bro detects a gap in a reassembled TCP payload stream. This @@ -362,14 +358,14 @@ event content_gap%(c: connection, is_orig: bool, seq: count, length: count%); ## aid: A unique integer ID identifying the specific *instance* of the ## analyzer *atype* that is analyzing the connection ``c``. The ID can ## be used to reference the analyzer when using builtin functions like -## :bro:id:`disable_analyzer`. +## :zeek:id:`disable_analyzer`. ## -## .. bro:see:: protocol_violation +## .. zeek:see:: protocol_violation ## ## .. note:: ## ## Bro's default scripts use this event to determine the ``service`` column -## of :bro:type:`Conn::Info`: once confirmed, the protocol will be listed +## of :zeek:type:`Conn::Info`: once confirmed, the protocol will be listed ## there (and thus in ``conn.log``). event protocol_confirmation%(c: connection, atype: Analyzer::Tag, aid: count%); @@ -390,16 +386,16 @@ event protocol_confirmation%(c: connection, atype: Analyzer::Tag, aid: count%); ## aid: A unique integer ID identifying the specific *instance* of the ## analyzer *atype* that is analyzing the connection ``c``. The ID can ## be used to reference the analyzer when using builtin functions like -## :bro:id:`disable_analyzer`. +## :zeek:id:`disable_analyzer`. ## ## reason: TODO. ## -## .. bro:see:: protocol_confirmation +## .. zeek:see:: protocol_confirmation ## ## .. note:: ## ## Bro's default scripts use this event to disable an analyzer via -## :bro:id:`disable_analyzer` if it's parsing the wrong protocol. That's +## :zeek:id:`disable_analyzer` if it's parsing the wrong protocol. That's ## however a script-level decision and not done automatically by the event ## engine. event protocol_violation%(c: connection, atype: Analyzer::Tag, aid: count, reason: string%); @@ -414,7 +410,7 @@ event protocol_violation%(c: connection, atype: Analyzer::Tag, aid: count, reaso ## ## rs: Statistics for the responder endpoint. ## -## .. bro:see:: connection_state_remove +## .. zeek:see:: connection_state_remove event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%); ## Generated for unexpected activity related to a specific connection. When @@ -431,7 +427,7 @@ event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%); ## ## addl: Optional additional context further describing the situation. ## -## .. bro:see:: flow_weird net_weird file_weird +## .. zeek:see:: flow_weird net_weird file_weird ## ## .. note:: "Weird" activity is much more common in real-world network traffic ## than one would intuitively expect. While in principle, any protocol @@ -454,7 +450,7 @@ event conn_weird%(name: string, c: connection, addl: string%); ## ## dst: The destination address corresponding to the activity. ## -## .. bro:see:: conn_weird net_weird file_weird +## .. zeek:see:: conn_weird net_weird file_weird ## ## .. note:: "Weird" activity is much more common in real-world network traffic ## than one would intuitively expect. While in principle, any protocol @@ -472,7 +468,7 @@ event flow_weird%(name: string, src: addr, dst: addr%); ## scripts use this name in filtering policies that specify which ## "weirds" are worth reporting. ## -## .. bro:see:: flow_weird file_weird +## .. zeek:see:: flow_weird file_weird ## ## .. note:: "Weird" activity is much more common in real-world network traffic ## than one would intuitively expect. While in principle, any protocol @@ -493,7 +489,7 @@ event net_weird%(name: string%); ## ## addl: Additional information related to the weird. ## -## .. bro:see:: flow_weird net_weird conn_weird +## .. zeek:see:: flow_weird net_weird conn_weird ## ## .. note:: "Weird" activity is much more common in real-world network traffic ## than one would intuitively expect. While in principle, any protocol @@ -502,7 +498,7 @@ event net_weird%(name: string%); event file_weird%(name: string, f: fa_file, addl: string%); ## Generated regularly for the purpose of profiling Bro's processing. This event -## is raised for every :bro:id:`load_sample_freq` packet. For these packets, +## is raised for every :zeek:id:`load_sample_freq` packet. For these packets, ## Bro records script-level functions executed during their processing as well ## as further internal locations. By sampling the processing in this form, one ## can understand where Bro spends its time. @@ -538,7 +534,7 @@ event signature_match%(state: signature_state, msg: string, data: string%); ## used on a system. This is a protocol-independent event that is fed by ## different analyzers. For example, the HTTP analyzer reports user-agent and ## server software by raising this event, assuming it can parse it (if not, -## :bro:id:`software_parse_error` will be generated instead). +## :zeek:id:`software_parse_error` will be generated instead). ## ## c: The connection. ## @@ -549,7 +545,7 @@ event signature_match%(state: signature_state, msg: string, data: string%); ## descr: The raw (unparsed) software identification string as extracted from ## the protocol. ## -## .. bro:see:: software_parse_error software_unparsed_version_found OS_version_found +## .. zeek:see:: software_parse_error software_unparsed_version_found OS_version_found event software_version_found%(c: connection, host: addr, s: software, descr: string%); @@ -557,7 +553,7 @@ event software_version_found%(c: connection, host: addr, ## used on a system but cannot parse it. This is a protocol-independent event ## that is fed by different analyzers. For example, the HTTP analyzer reports ## user-agent and server software by raising this event if it cannot parse them -## directly (if it can :bro:id:`software_version_found` will be generated +## directly (if it can :zeek:id:`software_version_found` will be generated ## instead). ## ## c: The connection. @@ -567,7 +563,7 @@ event software_version_found%(c: connection, host: addr, ## descr: The raw (unparsed) software identification string as extracted from ## the protocol. ## -## .. bro:see:: software_version_found software_unparsed_version_found +## .. zeek:see:: software_version_found software_unparsed_version_found ## OS_version_found event software_parse_error%(c: connection, host: addr, descr: string%); @@ -575,7 +571,7 @@ event software_parse_error%(c: connection, host: addr, descr: string%); ## used on a system. This is a protocol-independent event that is fed by ## different analyzers. For example, the HTTP analyzer reports user-agent and ## server software by raising this event. Different from -## :bro:id:`software_version_found` and :bro:id:`software_parse_error`, this +## :zeek:id:`software_version_found` and :zeek:id:`software_parse_error`, this ## event is always raised, independent of whether Bro can parse the version ## string. ## @@ -585,13 +581,13 @@ event software_parse_error%(c: connection, host: addr, descr: string%); ## ## str: The software identification string as extracted from the protocol. ## -## .. bro:see:: software_parse_error software_version_found OS_version_found +## .. zeek:see:: software_parse_error software_version_found OS_version_found event software_unparsed_version_found%(c: connection, host: addr, str: string%); ## Generated when an operating system has been fingerprinted. Bro uses `p0f ## `__ to fingerprint endpoints passively, ## and it raises this event for each system identified. The p0f fingerprints are -## defined by :bro:id:`passive_fingerprint_file`. +## defined by :zeek:id:`passive_fingerprint_file`. ## ## c: The connection. ## @@ -599,7 +595,7 @@ event software_unparsed_version_found%(c: connection, host: addr, str: string%); ## ## OS: The OS version string. ## -## .. bro:see:: passive_fingerprint_file software_parse_error +## .. zeek:see:: passive_fingerprint_file software_parse_error ## software_version_found software_unparsed_version_found ## generate_OS_version_event event OS_version_found%(c: connection, host: addr, OS: OS_version%); @@ -610,7 +606,7 @@ event OS_version_found%(c: connection, host: addr, OS: OS_version%); ## ## p: A record describing the peer. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_handshake_done remote_event_registered remote_log remote_pong ## remote_state_access_performed remote_state_inconsistency print_hook event remote_connection_established%(p: event_peer%); @@ -621,7 +617,7 @@ event remote_connection_established%(p: event_peer%); ## ## p: A record describing the peer. ## -## .. bro:see:: remote_capture_filter remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log remote_pong remote_state_access_performed ## remote_state_inconsistency print_hook @@ -633,7 +629,7 @@ event remote_connection_closed%(p: event_peer%); ## ## p: A record describing the peer. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_established remote_event_registered remote_log remote_pong ## remote_state_access_performed remote_state_inconsistency print_hook event remote_connection_handshake_done%(p: event_peer%); @@ -646,7 +642,7 @@ event remote_connection_handshake_done%(p: event_peer%); ## ## name: TODO. ## -## .. bro:see:: remote_capture_filter remote_connection_closed +## .. zeek:see:: remote_capture_filter remote_connection_closed ## remote_connection_error remote_connection_established ## remote_connection_handshake_done remote_log remote_pong ## remote_state_access_performed remote_state_inconsistency print_hook @@ -660,7 +656,7 @@ event remote_event_registered%(p: event_peer, name: string%); ## ## reason: A textual description of the error. ## -## .. bro:see:: remote_capture_filter remote_connection_closed +## .. zeek:see:: remote_capture_filter remote_connection_closed ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log remote_pong remote_state_access_performed ## remote_state_inconsistency print_hook @@ -674,20 +670,20 @@ event remote_connection_error%(p: event_peer, reason: string%); ## ## filter: The filter string sent by the peer. ## -## .. bro:see:: remote_connection_closed remote_connection_error +## .. zeek:see:: remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log remote_pong remote_state_access_performed ## remote_state_inconsistency print_hook event remote_capture_filter%(p: event_peer, filter: string%); -## Generated after a call to :bro:id:`send_state` when all data has been +## Generated after a call to :zeek:id:`send_state` when all data has been ## successfully sent to the remote side. While this event is ## intended primarily for use by Bro's communication framework, it can also ## trigger additional code if helpful. ## ## p: A record describing the remote peer. ## -## .. bro:see:: remote_capture_filter remote_connection_closed +## .. zeek:see:: remote_capture_filter remote_connection_closed ## remote_connection_error remote_connection_established ## remote_connection_handshake_done remote_event_registered remote_log remote_pong ## remote_state_access_performed remote_state_inconsistency print_hook @@ -696,7 +692,7 @@ event finished_send_state%(p: event_peer%); ## Generated if state synchronization detects an inconsistency. While this ## event is intended primarily for use by Bro's communication framework, it can ## also trigger additional code if helpful. This event is only raised if -## :bro:id:`remote_check_sync_consistency` is false. +## :zeek:id:`remote_check_sync_consistency` is false. ## ## operation: The textual description of the state operation performed. ## @@ -709,7 +705,7 @@ event finished_send_state%(p: event_peer%); ## found before the operation was carried out. The difference between ## *real_old* and *expected_old* is the inconsistency being reported. ## -## .. bro:see:: remote_capture_filter remote_connection_closed +## .. zeek:see:: remote_capture_filter remote_connection_closed ## remote_connection_error remote_connection_established ## remote_connection_handshake_done remote_event_registered remote_log remote_pong ## remote_state_access_performed print_hook remote_check_sync_consistency @@ -720,17 +716,17 @@ event remote_state_inconsistency%(operation: string, id: string, ## intended primarily for use by Bro's communication framework, it can also ## trigger additional code if helpful. ## -## level: The log level, which is either :bro:id:`REMOTE_LOG_INFO` or -## :bro:id:`REMOTE_LOG_ERROR`. +## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or +## :zeek:id:`REMOTE_LOG_ERROR`. ## ## src: The component of the communication system that logged the message. -## Currently, this will be one of :bro:id:`REMOTE_SRC_CHILD` (Bro's -## child process), :bro:id:`REMOTE_SRC_PARENT` (Bro's main process), or -## :bro:id:`REMOTE_SRC_SCRIPT` (the script level). +## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's +## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or +## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level). ## ## msg: The message logged. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_pong remote_state_access_performed ## remote_state_inconsistency print_hook remote_log_peer @@ -739,21 +735,21 @@ event remote_log%(level: count, src: count, msg: string%); ## Generated for communication log messages. While this event is ## intended primarily for use by Bro's communication framework, it can also ## trigger additional code if helpful. This event is equivalent to -## :bro:see:`remote_log` except the message is with respect to a certain peer. +## :zeek:see:`remote_log` except the message is with respect to a certain peer. ## ## p: A record describing the remote peer. ## -## level: The log level, which is either :bro:id:`REMOTE_LOG_INFO` or -## :bro:id:`REMOTE_LOG_ERROR`. +## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or +## :zeek:id:`REMOTE_LOG_ERROR`. ## ## src: The component of the communication system that logged the message. -## Currently, this will be one of :bro:id:`REMOTE_SRC_CHILD` (Bro's -## child process), :bro:id:`REMOTE_SRC_PARENT` (Bro's main process), or -## :bro:id:`REMOTE_SRC_SCRIPT` (the script level). +## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's +## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or +## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level). ## ## msg: The message logged. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_pong remote_state_access_performed ## remote_state_inconsistency print_hook remote_log @@ -761,12 +757,12 @@ event remote_log_peer%(p: event_peer, level: count, src: count, msg: string%); ## Generated when a remote peer has answered to our ping. This event is part of ## Bro's infrastructure for measuring communication latency. One can send a ping -## by calling :bro:id:`send_ping` and when a corresponding reply is received, +## by calling :zeek:id:`send_ping` and when a corresponding reply is received, ## this event will be raised. ## ## p: The peer sending us the pong. ## -## seq: The sequence number passed to the original :bro:id:`send_ping` call. +## seq: The sequence number passed to the original :zeek:id:`send_ping` call. ## The number is sent back by the peer in its response. ## ## d1: The time interval between sending the ping and receiving the pong. This @@ -779,7 +775,7 @@ event remote_log_peer%(p: event_peer, level: count, src: count, msg: string%); ## ping and when its parent process sent the pong. This is the ## processing latency at the peer. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log remote_state_access_performed ## remote_state_inconsistency print_hook @@ -793,27 +789,27 @@ event remote_pong%(p: event_peer, seq: count, ## ## v: The new value of the variable. ## -## .. bro:see:: remote_capture_filter remote_connection_closed remote_connection_error +## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error ## remote_connection_established remote_connection_handshake_done ## remote_event_registered remote_log remote_pong remote_state_inconsistency ## print_hook event remote_state_access_performed%(id: string, v: any%); ## Generated each time Bro's internal profiling log is updated. The file is -## defined by :bro:id:`profiling_file`, and its update frequency by -## :bro:id:`profiling_interval` and :bro:id:`expensive_profiling_multiple`. +## defined by :zeek:id:`profiling_file`, and its update frequency by +## :zeek:id:`profiling_interval` and :zeek:id:`expensive_profiling_multiple`. ## ## f: The profiling file. ## ## expensive: True if this event corresponds to heavier-weight profiling as -## indicated by the :bro:id:`expensive_profiling_multiple` variable. +## indicated by the :zeek:id:`expensive_profiling_multiple` variable. ## -## .. bro:see:: profiling_interval expensive_profiling_multiple +## .. zeek:see:: profiling_interval expensive_profiling_multiple event profiling_update%(f: file, expensive: bool%); ## Raised for informational messages reported via Bro's reporter framework. Such ## messages may be generated internally by the event engine and also by other -## scripts calling :bro:id:`Reporter::info`. +## scripts calling :zeek:id:`Reporter::info`. ## ## t: The time the message was passed to the reporter. ## @@ -822,7 +818,7 @@ event profiling_update%(f: file, expensive: bool%); ## location: A (potentially empty) string describing a location associated with ## the message. ## -## .. bro:see:: reporter_warning reporter_error Reporter::info Reporter::warning +## .. zeek:see:: reporter_warning reporter_error Reporter::info Reporter::warning ## Reporter::error ## ## .. note:: Bro will not call reporter events recursively. If the handler of @@ -832,7 +828,7 @@ event reporter_info%(t: time, msg: string, location: string%) &error_handler; ## Raised for warnings reported via Bro's reporter framework. Such messages may ## be generated internally by the event engine and also by other scripts calling -## :bro:id:`Reporter::warning`. +## :zeek:id:`Reporter::warning`. ## ## t: The time the warning was passed to the reporter. ## @@ -841,7 +837,7 @@ event reporter_info%(t: time, msg: string, location: string%) &error_handler; ## location: A (potentially empty) string describing a location associated with ## the warning. ## -## .. bro:see:: reporter_info reporter_error Reporter::info Reporter::warning +## .. zeek:see:: reporter_info reporter_error Reporter::info Reporter::warning ## Reporter::error ## ## .. note:: Bro will not call reporter events recursively. If the handler of @@ -851,7 +847,7 @@ event reporter_warning%(t: time, msg: string, location: string%) &error_handler; ## Raised for errors reported via Bro's reporter framework. Such messages may ## be generated internally by the event engine and also by other scripts calling -## :bro:id:`Reporter::error`. +## :zeek:id:`Reporter::error`. ## ## t: The time the error was passed to the reporter. ## @@ -860,7 +856,7 @@ event reporter_warning%(t: time, msg: string, location: string%) &error_handler; ## location: A (potentially empty) string describing a location associated with ## the error. ## -## .. bro:see:: reporter_info reporter_warning Reporter::info Reporter::warning +## .. zeek:see:: reporter_info reporter_warning Reporter::info Reporter::warning ## Reporter::error ## ## .. note:: Bro will not call reporter events recursively. If the handler of @@ -876,13 +872,11 @@ event reporter_error%(t: time, msg: string, location: string%) &error_handler; ## recursively for each ``@load``. event zeek_script_loaded%(path: string, level: count%); -## Deprecated synonym for ``zeek_script_loaded``. -## -## .. bro:see: zeek_script_loaded +## Deprecated synonym for :zeek:see:`zeek_script_loaded`. event bro_script_loaded%(path: string, level: count%) &deprecated; ## Generated each time Bro's script interpreter opens a file. This event is -## triggered only for files opened via :bro:id:`open`, and in particular not for +## triggered only for files opened via :zeek:id:`open`, and in particular not for ## normal log files as created by log writers. ## ## f: The opened file. @@ -896,7 +890,7 @@ event event_queue_flush_point%(%); ## belongs. All incoming data to the framework is buffered, and depends ## on a handler for this event to return a string value that uniquely ## identifies a file. Among all handlers of this event, the last one to -## call :bro:see:`set_file_handle` will "win". +## call :zeek:see:`set_file_handle` will "win". ## ## tag: The analyzer which is carrying the file data. ## @@ -904,15 +898,15 @@ event event_queue_flush_point%(%); ## ## is_orig: The direction the file data is flowing over the connection. ## -## .. bro:see:: set_file_handle +## .. zeek:see:: set_file_handle event get_file_handle%(tag: Analyzer::Tag, c: connection, is_orig: bool%); ## Indicates that an analysis of a new file has begun. The analysis can be -## augmented at this time via :bro:see:`Files::add_analyzer`. +## augmented at this time via :zeek:see:`Files::add_analyzer`. ## ## f: The file. ## -## .. bro:see:: file_over_new_connection file_timeout file_gap +## .. zeek:see:: file_over_new_connection file_timeout file_gap ## file_sniff file_state_remove event file_new%(f: fa_file%); @@ -925,16 +919,16 @@ event file_new%(f: fa_file%); ## ## is_orig: true if the originator of *c* is the one sending the file. ## -## .. bro:see:: file_new file_timeout file_gap file_sniff +## .. zeek:see:: file_new file_timeout file_gap file_sniff ## file_state_remove event file_over_new_connection%(f: fa_file, c: connection, is_orig: bool%); ## Provide all metadata that has been inferred about a particular file ## from inspection of the initial content that been seen at the beginning ## of the file. The analysis can be augmented at this time via -## :bro:see:`Files::add_analyzer`. The amount of data fed into the file +## :zeek:see:`Files::add_analyzer`. The amount of data fed into the file ## sniffing can be increased or decreased by changing either -## :bro:see:`default_file_bof_buffer_size` or the `bof_buffer_size` field +## :zeek:see:`default_file_bof_buffer_size` or the `bof_buffer_size` field ## in an `fa_file` record. The event will be raised even if content inspection ## has been unable to infer any metadata, in which case the fields in *meta* ## will be left all unset. @@ -943,7 +937,7 @@ event file_over_new_connection%(f: fa_file, c: connection, is_orig: bool%); ## ## meta: Metadata that's been discovered about the file. ## -## .. bro:see:: file_over_new_connection file_timeout file_gap +## .. zeek:see:: file_over_new_connection file_timeout file_gap ## file_state_remove event file_sniff%(f: fa_file, meta: fa_metadata%); @@ -952,7 +946,7 @@ event file_sniff%(f: fa_file, meta: fa_metadata%); ## ## f: The file. ## -## .. bro:see:: file_new file_over_new_connection file_gap +## .. zeek:see:: file_new file_over_new_connection file_gap ## file_sniff file_state_remove default_file_timeout_interval ## Files::set_timeout_interval event file_timeout%(f: fa_file%); @@ -965,12 +959,12 @@ event file_timeout%(f: fa_file%); ## ## len: The number of missing bytes. ## -## .. bro:see:: file_new file_over_new_connection file_timeout +## .. zeek:see:: file_new file_over_new_connection file_timeout ## file_sniff file_state_remove file_reassembly_overflow event file_gap%(f: fa_file, offset: count, len: count%); ## Indicates that the file had an overflow of the reassembly buffer. -## This is a specialization of the :bro:id:`file_gap` event. +## This is a specialization of the :zeek:id:`file_gap` event. ## ## f: The file. ## @@ -981,7 +975,7 @@ event file_gap%(f: fa_file, offset: count, len: count%); ## file data and get back under the reassembly buffer size limit. ## This value will also be represented as a gap. ## -## .. bro:see:: file_new file_over_new_connection file_timeout +## .. zeek:see:: file_new file_over_new_connection file_timeout ## file_sniff file_state_remove file_gap ## Files::enable_reassembler Files::reassembly_buffer_size ## Files::enable_reassembly Files::disable_reassembly @@ -992,7 +986,7 @@ event file_reassembly_overflow%(f: fa_file, offset: count, skipped: count%); ## ## f: The file. ## -## .. bro:see:: file_new file_over_new_connection file_timeout file_gap +## .. zeek:see:: file_new file_over_new_connection file_timeout file_gap ## file_sniff event file_state_remove%(f: fa_file%); @@ -1003,7 +997,7 @@ event file_state_remove%(f: fa_file%); ## ## dm: A record describing the new resolver result (which matches the old one). ## -## .. bro:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name +## .. zeek:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name ## dns_mapping_unverified event dns_mapping_valid%(dm: dns_mapping%); @@ -1015,7 +1009,7 @@ event dns_mapping_valid%(dm: dns_mapping%); ## ## dm: A record describing the old resolver result. ## -## .. bro:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name +## .. zeek:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name ## dns_mapping_valid event dns_mapping_unverified%(dm: dns_mapping%); @@ -1026,7 +1020,7 @@ event dns_mapping_unverified%(dm: dns_mapping%); ## ## dm: A record describing the new resolver result. ## -## .. bro:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_unverified +## .. zeek:see:: dns_mapping_altered dns_mapping_lost_name dns_mapping_unverified ## dns_mapping_valid event dns_mapping_new_name%(dm: dns_mapping%); @@ -1038,7 +1032,7 @@ event dns_mapping_new_name%(dm: dns_mapping%); ## ## dm: A record describing the old resolver result. ## -## .. bro:see:: dns_mapping_altered dns_mapping_new_name dns_mapping_unverified +## .. zeek:see:: dns_mapping_altered dns_mapping_new_name dns_mapping_unverified ## dns_mapping_valid event dns_mapping_lost_name%(dm: dns_mapping%); @@ -1055,7 +1049,7 @@ event dns_mapping_lost_name%(dm: dns_mapping%); ## new_addrs: Addresses that were not part of the returned set for the query ## described by *dm*, but now are. ## -## .. bro:see:: dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified +## .. zeek:see:: dns_mapping_lost_name dns_mapping_new_name dns_mapping_unverified ## dns_mapping_valid event dns_mapping_altered%(dm: dns_mapping, old_addrs: addr_set, new_addrs: addr_set%); diff --git a/src/file_analysis/analyzer/extract/events.bif b/src/file_analysis/analyzer/extract/events.bif index d1dfe0c654..2324294b88 100644 --- a/src/file_analysis/analyzer/extract/events.bif +++ b/src/file_analysis/analyzer/extract/events.bif @@ -1,17 +1,17 @@ ## This event is generated when a file extraction analyzer is about ## to exceed the maximum permitted file size allowed by the -## *extract_limit* field of :bro:see:`Files::AnalyzerArgs`. +## *extract_limit* field of :zeek:see:`Files::AnalyzerArgs`. ## The analyzer is automatically removed from file *f*. ## ## f: The file. ## ## args: Arguments that identify a particular file extraction analyzer. ## This is only provided to be able to pass along to -## :bro:see:`FileExtract::set_limit`. +## :zeek:see:`FileExtract::set_limit`. ## ## limit: The limit, in bytes, the extracted file is about to breach. ## ## len: The length of the file chunk about to be written. ## -## .. bro:see:: Files::add_analyzer Files::ANALYZER_EXTRACT +## .. zeek:see:: Files::add_analyzer Files::ANALYZER_EXTRACT event file_extraction_limit%(f: fa_file, args: Files::AnalyzerArgs, limit: count, len: count%); diff --git a/src/file_analysis/analyzer/extract/functions.bif b/src/file_analysis/analyzer/extract/functions.bif index 18e9dde171..c91f0590bd 100644 --- a/src/file_analysis/analyzer/extract/functions.bif +++ b/src/file_analysis/analyzer/extract/functions.bif @@ -6,7 +6,7 @@ module FileExtract; #include "file_analysis/Manager.h" %%} -## :bro:see:`FileExtract::set_limit`. +## :zeek:see:`FileExtract::set_limit`. function FileExtract::__set_limit%(file_id: string, args: any, n: count%): bool %{ using BifType::Record::Files::AnalyzerArgs; diff --git a/src/file_analysis/analyzer/hash/events.bif b/src/file_analysis/analyzer/hash/events.bif index e03cbf359a..814c4741e6 100644 --- a/src/file_analysis/analyzer/hash/events.bif +++ b/src/file_analysis/analyzer/hash/events.bif @@ -7,6 +7,6 @@ ## ## hash: The result of the hashing. ## -## .. bro:see:: Files::add_analyzer Files::ANALYZER_MD5 +## .. zeek:see:: Files::add_analyzer Files::ANALYZER_MD5 ## Files::ANALYZER_SHA1 Files::ANALYZER_SHA256 event file_hash%(f: fa_file, kind: string, hash: string%); diff --git a/src/file_analysis/analyzer/pe/events.bif b/src/file_analysis/analyzer/pe/events.bif index c804937c49..1d25936a65 100644 --- a/src/file_analysis/analyzer/pe/events.bif +++ b/src/file_analysis/analyzer/pe/events.bif @@ -6,7 +6,7 @@ ## ## h: The parsed DOS header information. ## -## .. bro:see:: pe_dos_code pe_file_header pe_optional_header pe_section_header +## .. zeek:see:: pe_dos_code pe_file_header pe_optional_header pe_section_header event pe_dos_header%(f: fa_file, h: PE::DOSHeader%); ## A :abbr:`PE (Portable Executable)` file DOS stub was parsed. @@ -17,7 +17,7 @@ event pe_dos_header%(f: fa_file, h: PE::DOSHeader%); ## ## code: The DOS stub ## -## .. bro:see:: pe_dos_header pe_file_header pe_optional_header pe_section_header +## .. zeek:see:: pe_dos_header pe_file_header pe_optional_header pe_section_header event pe_dos_code%(f: fa_file, code: string%); ## A :abbr:`PE (Portable Executable)` file file header was parsed. @@ -29,7 +29,7 @@ event pe_dos_code%(f: fa_file, code: string%); ## ## h: The parsed file header information. ## -## .. bro:see:: pe_dos_header pe_dos_code pe_optional_header pe_section_header +## .. zeek:see:: pe_dos_header pe_dos_code pe_optional_header pe_section_header event pe_file_header%(f: fa_file, h: PE::FileHeader%); ## A :abbr:`PE (Portable Executable)` file optional header was parsed. @@ -42,7 +42,7 @@ event pe_file_header%(f: fa_file, h: PE::FileHeader%); ## ## h: The parsed optional header information. ## -## .. bro:see:: pe_dos_header pe_dos_code pe_file_header pe_section_header +## .. zeek:see:: pe_dos_header pe_dos_code pe_file_header pe_section_header event pe_optional_header%(f: fa_file, h: PE::OptionalHeader%); ## A :abbr:`PE (Portable Executable)` file section header was parsed. @@ -53,5 +53,5 @@ event pe_optional_header%(f: fa_file, h: PE::OptionalHeader%); ## ## h: The parsed section header information. ## -## .. bro:see:: pe_dos_header pe_dos_code pe_file_header pe_optional_header +## .. zeek:see:: pe_dos_header pe_dos_code pe_file_header pe_optional_header event pe_section_header%(f: fa_file, h: PE::SectionHeader%); diff --git a/src/file_analysis/analyzer/x509/events.bif b/src/file_analysis/analyzer/x509/events.bif index 68afe5340a..fd4f9fadfe 100644 --- a/src/file_analysis/analyzer/x509/events.bif +++ b/src/file_analysis/analyzer/x509/events.bif @@ -11,7 +11,7 @@ ## ## cert: The parsed certificate information. ## -## .. bro:see:: x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse x509_verify ## x509_get_certificate_string x509_ocsp_ext_signed_certificate_timestamp event x509_certificate%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate%); @@ -25,7 +25,7 @@ event x509_certificate%(f: fa_file, cert_ref: opaque of x509, cert: X509::Certif ## ## ext: The parsed extension. ## -## .. bro:see:: x509_certificate x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse x509_verify ## x509_get_certificate_string x509_ocsp_ext_signed_certificate_timestamp event x509_extension%(f: fa_file, ext: X509::Extension%); @@ -37,7 +37,7 @@ event x509_extension%(f: fa_file, ext: X509::Extension%); ## ## ext: The parsed basic constraints extension. ## -## .. bro:see:: x509_certificate x509_extension +## .. zeek:see:: x509_certificate x509_extension ## x509_ext_subject_alternative_name x509_parse x509_verify ## x509_get_certificate_string x509_ocsp_ext_signed_certificate_timestamp event x509_ext_basic_constraints%(f: fa_file, ext: X509::BasicConstraints%); @@ -51,7 +51,7 @@ event x509_ext_basic_constraints%(f: fa_file, ext: X509::BasicConstraints%); ## ## ext: The parsed subject alternative name extension. ## -## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_parse x509_verify x509_ocsp_ext_signed_certificate_timestamp ## x509_get_certificate_string event x509_ext_subject_alternative_name%(f: fa_file, ext: X509::SubjectAlternativeName%); @@ -76,7 +76,7 @@ event x509_ext_subject_alternative_name%(f: fa_file, ext: X509::SubjectAlternati ## ## signature: signature part of the digitally_signed struct ## -## .. bro:see:: ssl_extension_signed_certificate_timestamp x509_extension x509_ext_basic_constraints +## .. zeek:see:: ssl_extension_signed_certificate_timestamp x509_extension x509_ext_basic_constraints ## x509_parse x509_verify x509_ext_subject_alternative_name ## x509_get_certificate_string ssl_extension_signed_certificate_timestamp ## sct_verify ocsp_request ocsp_request_certificate ocsp_response_status diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif index e4e263fd35..40d4ec6da8 100644 --- a/src/file_analysis/analyzer/x509/functions.bif +++ b/src/file_analysis/analyzer/x509/functions.bif @@ -192,7 +192,7 @@ const EVP_MD* hash_to_evp(int hash) ## ## Returns: A X509::Certificate structure. ## -## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_verify ## x509_get_certificate_string function x509_parse%(cert: opaque of x509%): X509::Certificate @@ -213,7 +213,7 @@ function x509_parse%(cert: opaque of x509%): X509::Certificate ## ## Returns: X509 certificate as a string. ## -## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse x509_verify function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F%): string %{ @@ -249,7 +249,7 @@ function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F ## Returns: A record of type X509::Result containing the result code of the ## verify operation. ## -## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse ## x509_get_certificate_string x509_verify function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result @@ -536,7 +536,7 @@ x509_ocsp_cleanup: ## verify operation. In case of success also returns the full ## certificate chain. ## -## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints +## .. zeek:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse ## x509_get_certificate_string x509_ocsp_verify sct_verify function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result @@ -646,7 +646,7 @@ x509_verify_chainerror: ## ## Returns: T if the validation could be performed succesfully, F otherwhise. ## -## .. bro:see:: ssl_extension_signed_certificate_timestamp +## .. zeek:see:: ssl_extension_signed_certificate_timestamp ## x509_ocsp_ext_signed_certificate_timestamp ## x509_verify function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signature: string, timestamp: count, hash_algorithm: count, issuer_key_hash: string &default=""%): bool @@ -876,7 +876,7 @@ StringVal* x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int ha ## ## Returns: The hash as a string. ## -## .. bro:see:: x509_issuer_name_hash x509_spki_hash +## .. zeek:see:: x509_issuer_name_hash x509_spki_hash ## x509_verify sct_verify function x509_subject_name_hash%(cert: opaque of x509, hash_alg: count%): string %{ @@ -894,7 +894,7 @@ function x509_subject_name_hash%(cert: opaque of x509, hash_alg: count%): string ## ## Returns: The hash as a string. ## -## .. bro:see:: x509_subject_name_hash x509_spki_hash +## .. zeek:see:: x509_subject_name_hash x509_spki_hash ## x509_verify sct_verify function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: count%): string %{ @@ -912,7 +912,7 @@ function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: count%): string ## ## Returns: The hash as a string. ## -## .. bro:see:: x509_subject_name_hash x509_issuer_name_hash +## .. zeek:see:: x509_subject_name_hash x509_issuer_name_hash ## x509_verify sct_verify function x509_spki_hash%(cert: opaque of x509, hash_alg: count%): string %{ diff --git a/src/file_analysis/analyzer/x509/ocsp_events.bif b/src/file_analysis/analyzer/x509/ocsp_events.bif index f49208d238..564126b2bb 100644 --- a/src/file_analysis/analyzer/x509/ocsp_events.bif +++ b/src/file_analysis/analyzer/x509/ocsp_events.bif @@ -7,7 +7,7 @@ ## ## req: version: the version of the OCSP request. Typically 0 (Version 1). ## -## .. bro:see:: ocsp_request_certificate ocsp_response_status +## .. zeek:see:: ocsp_request_certificate ocsp_response_status ## ocsp_response_bytes ocsp_response_certificate ocsp_extension ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_request%(f: fa_file, version: count%); @@ -27,7 +27,7 @@ event ocsp_request%(f: fa_file, version: count%); ## ## serialNumber: Serial number of the certificate for which the status is requested. ## -## .. bro:see:: ocsp_request ocsp_response_status +## .. zeek:see:: ocsp_request ocsp_response_status ## ocsp_response_bytes ocsp_response_certificate ocsp_extension ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_request_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string%); @@ -41,7 +41,7 @@ event ocsp_request_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHas ## ## status: The status of the OCSP response (e.g. succesful, malformedRequest, tryLater). ## -## .. bro:see:: ocsp_request ocsp_request_certificate +## .. zeek:see:: ocsp_request ocsp_request_certificate ## ocsp_response_bytes ocsp_response_certificate ocsp_extension ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_response_status%(f: fa_file, status: string%); @@ -68,7 +68,7 @@ event ocsp_response_status%(f: fa_file, status: string%); ## certs: Optional list of certificates that are sent with the OCSP response; these typically ## are needed to perform validation of the reply. ## -## .. bro:see:: ocsp_request ocsp_request_certificate ocsp_response_status +## .. zeek:see:: ocsp_request ocsp_request_certificate ocsp_response_status ## ocsp_response_certificate ocsp_extension ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_response_bytes%(f: fa_file, resp_ref: opaque of ocsp_resp, status: string, version: count, responderId: string, producedAt: time, signatureAlgorithm: string, certs: x509_opaque_vector%); @@ -96,7 +96,7 @@ event ocsp_response_bytes%(f: fa_file, resp_ref: opaque of ocsp_resp, status: st ## ## nextUpdate: Time next response will be ready; 0 if not supploed. ## -## .. bro:see:: ocsp_request ocsp_request_certificate ocsp_response_status +## .. zeek:see:: ocsp_request ocsp_request_certificate ocsp_response_status ## ocsp_response_bytes ocsp_extension ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_response_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHash: string, issuerKeyHash: string, serialNumber: string, certStatus: string, revokeTime: time, revokeReason: string, thisUpdate: time, nextUpdate: time%); @@ -111,7 +111,7 @@ event ocsp_response_certificate%(f: fa_file, hashAlgorithm: string, issuerNameHa ## global_resp: T if extension encountered in the global response (in ResponseData), ## F when encountered in a SingleResponse. ## -## .. bro:see:: ocsp_request ocsp_request_certificate ocsp_response_status +## .. zeek:see:: ocsp_request ocsp_request_certificate ocsp_response_status ## ocsp_response_bytes ocsp_response_certificate ## x509_ocsp_ext_signed_certificate_timestamp event ocsp_extension%(f: fa_file, ext: X509::Extension, global_resp: bool%); diff --git a/src/file_analysis/file_analysis.bif b/src/file_analysis/file_analysis.bif index 81435bc3b5..f3086041b0 100644 --- a/src/file_analysis/file_analysis.bif +++ b/src/file_analysis/file_analysis.bif @@ -8,35 +8,35 @@ module Files; type AnalyzerArgs: record; -## :bro:see:`Files::set_timeout_interval`. +## :zeek:see:`Files::set_timeout_interval`. function Files::__set_timeout_interval%(file_id: string, t: interval%): bool %{ bool result = file_mgr->SetTimeoutInterval(file_id->CheckString(), t); return val_mgr->GetBool(result); %} -## :bro:see:`Files::enable_reassembly`. +## :zeek:see:`Files::enable_reassembly`. function Files::__enable_reassembly%(file_id: string%): bool %{ bool result = file_mgr->EnableReassembly(file_id->CheckString()); return val_mgr->GetBool(result); %} -## :bro:see:`Files::disable_reassembly`. +## :zeek:see:`Files::disable_reassembly`. function Files::__disable_reassembly%(file_id: string%): bool %{ bool result = file_mgr->DisableReassembly(file_id->CheckString()); return val_mgr->GetBool(result); %} -## :bro:see:`Files::set_reassembly_buffer_size`. +## :zeek:see:`Files::set_reassembly_buffer_size`. function Files::__set_reassembly_buffer%(file_id: string, max: count%): bool %{ bool result = file_mgr->SetReassemblyBuffer(file_id->CheckString(), max); return val_mgr->GetBool(result); %} -## :bro:see:`Files::add_analyzer`. +## :zeek:see:`Files::add_analyzer`. function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool %{ using BifType::Record::Files::AnalyzerArgs; @@ -47,7 +47,7 @@ function Files::__add_analyzer%(file_id: string, tag: Files::Tag, args: any%): b return val_mgr->GetBool(result); %} -## :bro:see:`Files::remove_analyzer`. +## :zeek:see:`Files::remove_analyzer`. function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%): bool %{ using BifType::Record::Files::AnalyzerArgs; @@ -58,20 +58,20 @@ function Files::__remove_analyzer%(file_id: string, tag: Files::Tag, args: any%) return val_mgr->GetBool(result); %} -## :bro:see:`Files::stop`. +## :zeek:see:`Files::stop`. function Files::__stop%(file_id: string%): bool %{ bool result = file_mgr->IgnoreFile(file_id->CheckString()); return val_mgr->GetBool(result); %} -## :bro:see:`Files::analyzer_name`. +## :zeek:see:`Files::analyzer_name`. function Files::__analyzer_name%(tag: Files::Tag%) : string %{ return new StringVal(file_mgr->GetComponentName(tag)); %} -## :bro:see:`Files::file_exists`. +## :zeek:see:`Files::file_exists`. function Files::__file_exists%(fuid: string%): bool %{ if ( file_mgr->LookupFile(fuid->CheckString()) != nullptr ) @@ -80,7 +80,7 @@ function Files::__file_exists%(fuid: string%): bool return val_mgr->GetFalse(); %} -## :bro:see:`Files::lookup_file`. +## :zeek:see:`Files::lookup_file`. function Files::__lookup_file%(fuid: string%): fa_file %{ auto f = file_mgr->LookupFile(fuid->CheckString()); @@ -95,14 +95,14 @@ function Files::__lookup_file%(fuid: string%): fa_file module GLOBAL; -## For use within a :bro:see:`get_file_handle` handler to set a unique +## For use within a :zeek:see:`get_file_handle` handler to set a unique ## identifier to associate with the current input to the file analysis ## framework. Using an empty string for the handle signifies that the ## input will be ignored/discarded. ## ## handle: A string that uniquely identifies a file. ## -## .. bro:see:: get_file_handle +## .. zeek:see:: get_file_handle function set_file_handle%(handle: string%): any %{ auto bytes = reinterpret_cast(handle->Bytes()); diff --git a/src/iosource/pcap/pcap.bif b/src/iosource/pcap/pcap.bif index 1e7ca8a844..9e6e0238ba 100644 --- a/src/iosource/pcap/pcap.bif +++ b/src/iosource/pcap/pcap.bif @@ -12,7 +12,7 @@ const bufsize: count; ## ## Returns: True if *s* is valid and precompiles successfully. ## -## .. bro:see:: Pcap::install_pcap_filter +## .. zeek:see:: Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -51,14 +51,14 @@ function precompile_pcap_filter%(id: PcapFilterID, s: string%): bool %} ## Installs a PCAP filter that has been precompiled with -## :bro:id:`Pcap::precompile_pcap_filter`. +## :zeek:id:`Pcap::precompile_pcap_filter`. ## ## id: The PCAP filter id of a precompiled filter. ## ## Returns: True if the filter associated with *id* has been installed ## successfully. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## install_src_addr_filter ## install_src_net_filter ## uninstall_src_addr_filter @@ -90,7 +90,7 @@ function Pcap::install_pcap_filter%(id: PcapFilterID%): bool ## ## Returns: A descriptive error message of the PCAP function that failed. ## -## .. bro:see:: Pcap::precompile_pcap_filter +## .. zeek:see:: Pcap::precompile_pcap_filter ## Pcap::install_pcap_filter ## install_src_addr_filter ## install_src_net_filter diff --git a/src/main.cc b/src/main.cc index 1dddc99681..af29b1e7d7 100644 --- a/src/main.cc +++ b/src/main.cc @@ -55,7 +55,7 @@ extern "C" { #include "analyzer/Tag.h" #include "plugin/Manager.h" #include "file_analysis/Manager.h" -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" #include "iosource/Manager.h" #include "broker/Manager.h" @@ -91,7 +91,7 @@ input::Manager* input_mgr = 0; plugin::Manager* plugin_mgr = 0; analyzer::Manager* analyzer_mgr = 0; file_analysis::Manager* file_mgr = 0; -broxygen::Manager* broxygen_mgr = 0; +zeexygen::Manager* zeexygen_mgr = 0; iosource::Manager* iosource_mgr = 0; bro_broker::Manager* broker_mgr = 0; @@ -194,7 +194,7 @@ void usage(int code = 1) fprintf(stderr, " -T|--re-level | set 'RE_level' for rules\n"); fprintf(stderr, " -U|--status-file | Record process status in file\n"); fprintf(stderr, " -W|--watchdog | activate watchdog timer\n"); - fprintf(stderr, " -X|--broxygen | generate documentation based on config file\n"); + fprintf(stderr, " -X|--zeexygen | generate documentation based on config file\n"); #ifdef USE_PERFTOOLS_DEBUG fprintf(stderr, " -m|--mem-leaks | show leaks [perftools]\n"); @@ -214,7 +214,7 @@ void usage(int code = 1) fprintf(stderr, " $BRO_SEED_FILE | file to load seeds from (not set)\n"); fprintf(stderr, " $BRO_LOG_SUFFIX | ASCII log file extension (.%s)\n", logging::writer::Ascii::LogExt().c_str()); fprintf(stderr, " $BRO_PROFILER_FILE | Output file for script execution statistics (not set)\n"); - fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Broxygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); + fprintf(stderr, " $BRO_DISABLE_BROXYGEN | Disable Zeexygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set"); fprintf(stderr, "\n"); @@ -370,7 +370,7 @@ void terminate_bro() plugin_mgr->FinishPlugins(); - delete broxygen_mgr; + delete zeexygen_mgr; delete timer_mgr; delete persistence_serializer; delete event_serializer; @@ -534,7 +534,7 @@ int main(int argc, char** argv) {"filter", required_argument, 0, 'f'}, {"help", no_argument, 0, 'h'}, {"iface", required_argument, 0, 'i'}, - {"broxygen", required_argument, 0, 'X'}, + {"zeexygen", required_argument, 0, 'X'}, {"prefix", required_argument, 0, 'p'}, {"readfile", required_argument, 0, 'r'}, {"rulefile", required_argument, 0, 's'}, @@ -586,7 +586,7 @@ int main(int argc, char** argv) if ( p ) add_to_name_list(p, ':', prefixes); - string broxygen_config; + string zeexygen_config; #ifdef USE_IDMEF string libidmef_dtd_path = "idmef-message.dtd"; @@ -739,7 +739,7 @@ int main(int argc, char** argv) break; case 'X': - broxygen_config = optarg; + zeexygen_config = optarg; break; #ifdef USE_PERFTOOLS_DEBUG @@ -821,7 +821,7 @@ int main(int argc, char** argv) timer_mgr = new PQ_TimerMgr(""); // timer_mgr = new CQ_TimerMgr(); - broxygen_mgr = new broxygen::Manager(broxygen_config, bro_argv[0]); + zeexygen_mgr = new zeexygen::Manager(zeexygen_config, bro_argv[0]); add_essential_input_file("base/init-bare.zeek"); add_essential_input_file("base/init-frameworks-and-bifs.zeek"); @@ -872,7 +872,7 @@ int main(int argc, char** argv) plugin_mgr->InitPreScript(); analyzer_mgr->InitPreScript(); file_mgr->InitPreScript(); - broxygen_mgr->InitPreScript(); + zeexygen_mgr->InitPreScript(); bool missing_plugin = false; @@ -958,7 +958,7 @@ int main(int argc, char** argv) exit(1); plugin_mgr->InitPostScript(); - broxygen_mgr->InitPostScript(); + zeexygen_mgr->InitPostScript(); broker_mgr->InitPostScript(); if ( print_plugins ) @@ -988,7 +988,7 @@ int main(int argc, char** argv) } reporter->InitOptions(); - broxygen_mgr->GenerateDocs(); + zeexygen_mgr->GenerateDocs(); if ( user_pcap_filter ) { diff --git a/src/option.bif b/src/option.bif index 2156808763..849e6ccfb0 100644 --- a/src/option.bif +++ b/src/option.bif @@ -48,10 +48,10 @@ static bool call_option_handlers_and_set_value(StringVal* name, ID* i, Val* val, ## ## Returns: true on success, false when an error occurred. ## -## .. bro:see:: Option::set_change_handler Config::set_value +## .. zeek:see:: Option::set_change_handler Config::set_value ## -## .. note:: :bro:id:`Option::set` only works on one node and does not distribute -## new values across a cluster. The higher-level :bro:id:`Config::set_value` +## .. note:: :zeek:id:`Option::set` only works on one node and does not distribute +## new values across a cluster. The higher-level :zeek:id:`Config::set_value` ## supports clusterization and should typically be used instead of this ## lower-level function. function Option::set%(ID: string, val: any, location: string &default=""%): bool @@ -105,7 +105,7 @@ function Option::set%(ID: string, val: any, location: string &default=""%): bool %} ## Set a change handler for an option. The change handler will be -## called anytime :bro:id:`Option::set` is called for the option. +## called anytime :zeek:id:`Option::set` is called for the option. ## ## ID: The ID of the option for which change notifications are desired. ## @@ -127,7 +127,7 @@ function Option::set%(ID: string, val: any, location: string &default=""%): bool ## ## Returns: true when the change handler was set, false when an error occurred. ## -## .. bro:see:: Option::set +## .. zeek:see:: Option::set function Option::set_change_handler%(ID: string, on_change: any, priority: int &default=0%): bool %{ auto i = global_scope()->Lookup(ID->CheckString()); diff --git a/src/parse.y b/src/parse.y index 3b5d2cab14..0e363eb321 100644 --- a/src/parse.y +++ b/src/parse.y @@ -88,7 +88,7 @@ #include "Scope.h" #include "Reporter.h" #include "Brofiler.h" -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" #include #include @@ -1039,7 +1039,7 @@ type_decl: $$ = new TypeDecl($3, $1, $4, (in_record > 0)); if ( in_record > 0 && cur_decl_type_id ) - broxygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); + zeexygen_mgr->RecordField(cur_decl_type_id, $$, ::filename); } ; @@ -1073,7 +1073,7 @@ decl: TOK_MODULE TOK_ID ';' { current_module = $2; - broxygen_mgr->ModuleUsage(::filename, current_module); + zeexygen_mgr->ModuleUsage(::filename, current_module); } | TOK_EXPORT '{' { is_export = true; } decl_list '}' @@ -1082,36 +1082,36 @@ decl: | TOK_GLOBAL def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REGULAR); - broxygen_mgr->Identifier($2); + zeexygen_mgr->Identifier($2); } | TOK_OPTION def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_OPTION); - broxygen_mgr->Identifier($2); + zeexygen_mgr->Identifier($2); } | TOK_CONST def_global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_CONST); - broxygen_mgr->Identifier($2); + zeexygen_mgr->Identifier($2); } | TOK_REDEF global_id opt_type init_class opt_init opt_attr ';' { add_global($2, $3, $4, $5, $6, VAR_REDEF); - broxygen_mgr->Redef($2, ::filename); + zeexygen_mgr->Redef($2, ::filename); } | TOK_REDEF TOK_ENUM global_id TOK_ADD_TO '{' - { parser_redef_enum($3); broxygen_mgr->Redef($3, ::filename); } + { parser_redef_enum($3); zeexygen_mgr->Redef($3, ::filename); } enum_body '}' ';' { - // Broxygen already grabbed new enum IDs as the type created them. + // Zeexygen already grabbed new enum IDs as the type created them. } | TOK_REDEF TOK_RECORD global_id - { cur_decl_type_id = $3; broxygen_mgr->Redef($3, ::filename); } + { cur_decl_type_id = $3; zeexygen_mgr->Redef($3, ::filename); } TOK_ADD_TO '{' { ++in_record; } type_decl_list @@ -1127,12 +1127,12 @@ decl: } | TOK_TYPE global_id ':' - { cur_decl_type_id = $2; broxygen_mgr->StartType($2); } + { cur_decl_type_id = $2; zeexygen_mgr->StartType($2); } type opt_attr ';' { cur_decl_type_id = 0; add_type($2, $5, $6); - broxygen_mgr->Identifier($2); + zeexygen_mgr->Identifier($2); } | func_hdr func_body @@ -1167,7 +1167,7 @@ func_hdr: begin_func($2, current_module.c_str(), FUNC_FLAVOR_FUNCTION, 0, $3, $4); $$ = $3; - broxygen_mgr->Identifier($2); + zeexygen_mgr->Identifier($2); } | TOK_EVENT event_id func_params opt_attr { diff --git a/src/plugin/ComponentManager.h b/src/plugin/ComponentManager.h index 0069c77359..22bd2dd302 100644 --- a/src/plugin/ComponentManager.h +++ b/src/plugin/ComponentManager.h @@ -10,7 +10,7 @@ #include "Var.h" #include "Val.h" #include "Reporter.h" -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" namespace plugin { @@ -134,7 +134,7 @@ ComponentManager::ComponentManager(const string& arg_module, const string& tag_enum_type = new EnumType(module + "::" + local_id); ::ID* id = install_ID(local_id.c_str(), module.c_str(), true, true); add_type(id, tag_enum_type, 0); - broxygen_mgr->Identifier(id); + zeexygen_mgr->Identifier(id); } template diff --git a/src/probabilistic/bloom-filter.bif b/src/probabilistic/bloom-filter.bif index 468a6eeae2..284aebc745 100644 --- a/src/probabilistic/bloom-filter.bif +++ b/src/probabilistic/bloom-filter.bif @@ -22,14 +22,14 @@ module GLOBAL; ## rate of *fp*. ## ## name: A name that uniquely identifies and seeds the Bloom filter. If empty, -## the filter will use :bro:id:`global_hash_seed` if that's set, and +## the filter will use :zeek:id:`global_hash_seed` if that's set, and ## otherwise use a local seed tied to the current Bro process. Only ## filters with the same seed can be merged with -## :bro:id:`bloomfilter_merge`. +## :zeek:id:`bloomfilter_merge`. ## ## Returns: A Bloom filter handle. ## -## .. bro:see:: bloomfilter_basic_init2 bloomfilter_counting_init bloomfilter_add +## .. zeek:see:: bloomfilter_basic_init2 bloomfilter_counting_init bloomfilter_add ## bloomfilter_lookup bloomfilter_clear bloomfilter_merge global_hash_seed function bloomfilter_basic_init%(fp: double, capacity: count, name: string &default=""%): opaque of bloomfilter @@ -50,7 +50,7 @@ function bloomfilter_basic_init%(fp: double, capacity: count, %} ## Creates a basic Bloom filter. This function serves as a low-level -## alternative to :bro:id:`bloomfilter_basic_init` where the user has full +## alternative to :zeek:id:`bloomfilter_basic_init` where the user has full ## control over the number of hash functions and cells in the underlying bit ## vector. ## @@ -59,14 +59,14 @@ function bloomfilter_basic_init%(fp: double, capacity: count, ## cells: The number of cells of the underlying bit vector. ## ## name: A name that uniquely identifies and seeds the Bloom filter. If empty, -## the filter will use :bro:id:`global_hash_seed` if that's set, and +## the filter will use :zeek:id:`global_hash_seed` if that's set, and ## otherwise use a local seed tied to the current Bro process. Only ## filters with the same seed can be merged with -## :bro:id:`bloomfilter_merge`. +## :zeek:id:`bloomfilter_merge`. ## ## Returns: A Bloom filter handle. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_counting_init bloomfilter_add +## .. zeek:see:: bloomfilter_basic_init bloomfilter_counting_init bloomfilter_add ## bloomfilter_lookup bloomfilter_clear bloomfilter_merge global_hash_seed function bloomfilter_basic_init2%(k: count, cells: count, name: string &default=""%): opaque of bloomfilter @@ -103,14 +103,14 @@ function bloomfilter_basic_init2%(k: count, cells: count, ## counter vector becomes a cell of size *w* bits. ## ## name: A name that uniquely identifies and seeds the Bloom filter. If empty, -## the filter will use :bro:id:`global_hash_seed` if that's set, and +## the filter will use :zeek:id:`global_hash_seed` if that's set, and ## otherwise use a local seed tied to the current Bro process. Only ## filters with the same seed can be merged with -## :bro:id:`bloomfilter_merge`. +## :zeek:id:`bloomfilter_merge`. ## ## Returns: A Bloom filter handle. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_basic_init2 bloomfilter_add +## .. zeek:see:: bloomfilter_basic_init bloomfilter_basic_init2 bloomfilter_add ## bloomfilter_lookup bloomfilter_clear bloomfilter_merge global_hash_seed function bloomfilter_counting_init%(k: count, cells: count, max: count, name: string &default=""%): opaque of bloomfilter @@ -139,7 +139,7 @@ function bloomfilter_counting_init%(k: count, cells: count, max: count, ## ## x: The element to add. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_basic_init2 +## .. zeek:see:: bloomfilter_basic_init bloomfilter_basic_init2 ## bloomfilter_counting_init bloomfilter_lookup bloomfilter_clear ## bloomfilter_merge function bloomfilter_add%(bf: opaque of bloomfilter, x: any%): any @@ -166,7 +166,7 @@ function bloomfilter_add%(bf: opaque of bloomfilter, x: any%): any ## ## Returns: the counter associated with *x* in *bf*. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_basic_init2 +## .. zeek:see:: bloomfilter_basic_init bloomfilter_basic_init2 ## bloomfilter_counting_init bloomfilter_add bloomfilter_clear ## bloomfilter_merge function bloomfilter_lookup%(bf: opaque of bloomfilter, x: any%): count @@ -191,7 +191,7 @@ function bloomfilter_lookup%(bf: opaque of bloomfilter, x: any%): count ## ## bf: The Bloom filter handle. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_basic_init2 +## .. zeek:see:: bloomfilter_basic_init bloomfilter_basic_init2 ## bloomfilter_counting_init bloomfilter_add bloomfilter_lookup ## bloomfilter_merge function bloomfilter_clear%(bf: opaque of bloomfilter%): any @@ -216,7 +216,7 @@ function bloomfilter_clear%(bf: opaque of bloomfilter%): any ## ## Returns: The union of *bf1* and *bf2*. ## -## .. bro:see:: bloomfilter_basic_init bloomfilter_basic_init2 +## .. zeek:see:: bloomfilter_basic_init bloomfilter_basic_init2 ## bloomfilter_counting_init bloomfilter_add bloomfilter_lookup ## bloomfilter_clear function bloomfilter_merge%(bf1: opaque of bloomfilter, diff --git a/src/probabilistic/cardinality-counter.bif b/src/probabilistic/cardinality-counter.bif index 4ba528bd3c..2fa7953c9e 100644 --- a/src/probabilistic/cardinality-counter.bif +++ b/src/probabilistic/cardinality-counter.bif @@ -17,7 +17,7 @@ module GLOBAL; ## ## Returns: a HLL cardinality handle. ## -## .. bro:see:: hll_cardinality_estimate hll_cardinality_merge_into hll_cardinality_add +## .. zeek:see:: hll_cardinality_estimate hll_cardinality_merge_into hll_cardinality_add ## hll_cardinality_copy function hll_cardinality_init%(err: double, confidence: double%): opaque of cardinality %{ @@ -35,7 +35,7 @@ function hll_cardinality_init%(err: double, confidence: double%): opaque of card ## ## Returns: true on success. ## -## .. bro:see:: hll_cardinality_estimate hll_cardinality_merge_into +## .. zeek:see:: hll_cardinality_estimate hll_cardinality_merge_into ## hll_cardinality_init hll_cardinality_copy function hll_cardinality_add%(handle: opaque of cardinality, elem: any%): bool %{ @@ -60,7 +60,7 @@ function hll_cardinality_add%(handle: opaque of cardinality, elem: any%): bool ## Merges a HLL cardinality counter into another. ## ## .. note:: The same restrictions as for Bloom filter merging apply, -## see :bro:id:`bloomfilter_merge`. +## see :zeek:id:`bloomfilter_merge`. ## ## handle1: the first HLL handle, which will contain the merged result. ## @@ -68,7 +68,7 @@ function hll_cardinality_add%(handle: opaque of cardinality, elem: any%): bool ## ## Returns: true on success. ## -## .. bro:see:: hll_cardinality_estimate hll_cardinality_add +## .. zeek:see:: hll_cardinality_estimate hll_cardinality_add ## hll_cardinality_init hll_cardinality_copy function hll_cardinality_merge_into%(handle1: opaque of cardinality, handle2: opaque of cardinality%): bool %{ @@ -103,7 +103,7 @@ function hll_cardinality_merge_into%(handle1: opaque of cardinality, handle2: op ## ## Returns: the cardinality estimate. Returns -1.0 if the counter is empty. ## -## .. bro:see:: hll_cardinality_merge_into hll_cardinality_add +## .. zeek:see:: hll_cardinality_merge_into hll_cardinality_add ## hll_cardinality_init hll_cardinality_copy function hll_cardinality_estimate%(handle: opaque of cardinality%): double %{ @@ -121,7 +121,7 @@ function hll_cardinality_estimate%(handle: opaque of cardinality%): double ## ## Returns: copy of handle. ## -## .. bro:see:: hll_cardinality_estimate hll_cardinality_merge_into hll_cardinality_add +## .. zeek:see:: hll_cardinality_estimate hll_cardinality_merge_into hll_cardinality_add ## hll_cardinality_init function hll_cardinality_copy%(handle: opaque of cardinality%): opaque of cardinality %{ diff --git a/src/probabilistic/top-k.bif b/src/probabilistic/top-k.bif index 8d2a8c0fd8..8691521f31 100644 --- a/src/probabilistic/top-k.bif +++ b/src/probabilistic/top-k.bif @@ -10,7 +10,7 @@ ## ## Returns: Opaque pointer to the data structure. ## -## .. bro:see:: topk_add topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_add topk_get_top topk_count topk_epsilon ## topk_size topk_sum topk_merge topk_merge_prune function topk_init%(size: count%): opaque of topk %{ @@ -28,7 +28,7 @@ function topk_init%(size: count%): opaque of topk ## ## value: observed value. ## -## .. bro:see:: topk_init topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_init topk_get_top topk_count topk_epsilon ## topk_size topk_sum topk_merge topk_merge_prune function topk_add%(handle: opaque of topk, value: any%): any %{ @@ -47,7 +47,7 @@ function topk_add%(handle: opaque of topk, value: any%): any ## ## Returns: vector of the first k elements. ## -## .. bro:see:: topk_init topk_add topk_count topk_epsilon +## .. zeek:see:: topk_init topk_add topk_count topk_epsilon ## topk_size topk_sum topk_merge topk_merge_prune function topk_get_top%(handle: opaque of topk, k: count%): any_vec %{ @@ -68,7 +68,7 @@ function topk_get_top%(handle: opaque of topk, k: count%): any_vec ## ## Returns: Overestimated number for how often the element has been encountered. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_epsilon +## .. zeek:see:: topk_init topk_add topk_get_top topk_epsilon ## topk_size topk_sum topk_merge topk_merge_prune function topk_count%(handle: opaque of topk, value: any%): count %{ @@ -79,7 +79,7 @@ function topk_count%(handle: opaque of topk, value: any%): count ## Get the maximal overestimation for count. ## -## .. note:: Same restrictions as for :bro:id:`topk_count` apply. +## .. note:: Same restrictions as for :zeek:id:`topk_count` apply. ## ## handle: the TopK handle. ## @@ -88,7 +88,7 @@ function topk_count%(handle: opaque of topk, value: any%): count ## Returns: Number which represents the maximal overestimation for the count of ## this element. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_count +## .. zeek:see:: topk_init topk_add topk_get_top topk_count ## topk_size topk_sum topk_merge topk_merge_prune function topk_epsilon%(handle: opaque of topk, value: any%): count %{ @@ -107,7 +107,7 @@ function topk_epsilon%(handle: opaque of topk, value: any%): count ## ## Returns: size given during initialization. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_init topk_add topk_get_top topk_count topk_epsilon ## topk_sum topk_merge topk_merge_prune function topk_size%(handle: opaque of topk%): count %{ @@ -120,14 +120,14 @@ function topk_size%(handle: opaque of topk%): count ## ## .. note:: This is equal to the number of all inserted objects if the data ## structure never has been pruned. Do not use after -## calling :bro:id:`topk_merge_prune` (will throw a warning message if used +## calling :zeek:id:`topk_merge_prune` (will throw a warning message if used ## afterwards). ## ## handle: the TopK handle. ## ## Returns: sum of all counts. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_init topk_add topk_get_top topk_count topk_epsilon ## topk_size topk_merge topk_merge_prune function topk_sum%(handle: opaque of topk%): count %{ @@ -145,7 +145,7 @@ function topk_sum%(handle: opaque of topk%): count ## .. note:: This does not remove any elements, the resulting data structure ## can be bigger than the maximum size given on initialization. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_init topk_add topk_get_top topk_count topk_epsilon ## topk_size topk_sum topk_merge_prune function topk_merge%(handle1: opaque of topk, handle2: opaque of topk%): any %{ @@ -164,14 +164,14 @@ function topk_merge%(handle1: opaque of topk, handle2: opaque of topk%): any ## data structure back to the size given on initialization. ## ## .. note:: Use with care and only when being aware of the restrictions this -## entails. Do not call :bro:id:`topk_size` or :bro:id:`topk_add` afterwards, +## entails. Do not call :zeek:id:`topk_size` or :zeek:id:`topk_add` afterwards, ## results will probably not be what you expect. ## ## handle1: the TopK handle in which the second TopK structure is merged. ## ## handle2: the TopK handle in which is merged into the first TopK structure. ## -## .. bro:see:: topk_init topk_add topk_get_top topk_count topk_epsilon +## .. zeek:see:: topk_init topk_add topk_get_top topk_count topk_epsilon ## topk_size topk_sum topk_merge function topk_merge_prune%(handle1: opaque of topk, handle2: opaque of topk%): any %{ diff --git a/src/reporter.bif b/src/reporter.bif index d273c5cac8..dd74b944d6 100644 --- a/src/reporter.bif +++ b/src/reporter.bif @@ -19,7 +19,7 @@ module Reporter; ## ## Returns: Always true. ## -## .. bro:see:: reporter_info +## .. zeek:see:: reporter_info function Reporter::info%(msg: string%): bool %{ reporter->PushLocation(frame->GetCall()->GetLocationInfo()); @@ -34,7 +34,7 @@ function Reporter::info%(msg: string%): bool ## ## Returns: Always true. ## -## .. bro:see:: reporter_warning +## .. zeek:see:: reporter_warning function Reporter::warning%(msg: string%): bool %{ reporter->PushLocation(frame->GetCall()->GetLocationInfo()); @@ -50,7 +50,7 @@ function Reporter::warning%(msg: string%): bool ## ## Returns: Always true. ## -## .. bro:see:: reporter_error +## .. zeek:see:: reporter_error function Reporter::error%(msg: string%): bool %{ reporter->PushLocation(frame->GetCall()->GetLocationInfo()); diff --git a/src/scan.l b/src/scan.l index fb8ca20f8e..4da90394e7 100644 --- a/src/scan.l +++ b/src/scan.l @@ -29,7 +29,7 @@ #include "Traverse.h" #include "analyzer/Analyzer.h" -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" #include "plugin/Manager.h" @@ -152,7 +152,7 @@ D [0-9]+ HEX [0-9a-fA-F]+ IDCOMPONENT [A-Za-z_][A-Za-z_0-9]* ID {IDCOMPONENT}(::{IDCOMPONENT})* -IP6 ("["({HEX}:){7}{HEX}"]")|("["0x{HEX}({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*({D}"."){3}{D}"]") +IP6 ("["({HEX}:){7}{HEX}"]")|("["0x{HEX}({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}|:)*"::"({HEX}|:)*"]")|("["({HEX}:){6}({D}"."){3}{D}"]")|("["({HEX}|:)*"::"({HEX}|:)*({D}"."){3}{D}"]") FILE [^ \t\n]+ PREFIX [^ \t\n]+ FLOAT (({D}*"."?{D})|({D}"."?{D}*))([eE][-+]?{D})? @@ -162,19 +162,19 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+)) %% ##!.* { - broxygen_mgr->SummaryComment(::filename, yytext + 3); + zeexygen_mgr->SummaryComment(::filename, yytext + 3); } ##<.* { string hint(cur_enum_type && last_id_tok ? make_full_var_name(current_module.c_str(), last_id_tok) : ""); - broxygen_mgr->PostComment(yytext + 3, hint); + zeexygen_mgr->PostComment(yytext + 3, hint); } ##.* { if ( yytext[2] != '#' ) - broxygen_mgr->PreComment(yytext + 2); + zeexygen_mgr->PreComment(yytext + 2); } #{OWS}@no-test.* return TOK_NO_TEST; @@ -376,7 +376,7 @@ when return TOK_WHEN; string loader = ::filename; // load_files may change ::filename, save copy string loading = find_relative_script_file(new_file); (void) load_files(new_file); - broxygen_mgr->ScriptDependency(loader, loading); + zeexygen_mgr->ScriptDependency(loader, loading); } @load-sigs{WS}{FILE} { @@ -720,7 +720,7 @@ static int load_files(const char* orig_file) else file_stack.append(new FileInfo); - broxygen_mgr->Script(file_path); + zeexygen_mgr->Script(file_path); DBG_LOG(DBG_SCRIPTS, "Loading %s", file_path.c_str()); diff --git a/src/stats.bif b/src/stats.bif index bb4d92586f..d31f66de4e 100644 --- a/src/stats.bif +++ b/src/stats.bif @@ -25,7 +25,7 @@ RecordType* ReporterStats; ## ## Returns: A record of packet statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -74,7 +74,7 @@ function get_net_stats%(%): NetStats ## ## Returns: A record with connection and packet statistics. ## -## .. bro:see:: get_dns_stats +## .. zeek:see:: get_dns_stats ## get_event_stats ## get_file_analysis_stats ## get_gap_stats @@ -125,7 +125,7 @@ function get_conn_stats%(%): ConnStats ## ## Returns: A record with process statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -182,7 +182,7 @@ function get_proc_stats%(%): ProcStats ## ## Returns: A record with event engine statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_file_analysis_stats ## get_gap_stats @@ -209,7 +209,7 @@ function get_event_stats%(%): EventStats ## ## Returns: A record with reassembler statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -238,7 +238,7 @@ function get_reassembler_stats%(%): ReassemblerStats ## ## Returns: A record with DNS lookup statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_event_stats ## get_file_analysis_stats ## get_gap_stats @@ -272,7 +272,7 @@ function get_dns_stats%(%): DNSStats ## ## Returns: A record with timer usage statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -300,7 +300,7 @@ function get_timer_stats%(%): TimerStats ## ## Returns: A record with file analysis statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_gap_stats @@ -328,7 +328,7 @@ function get_file_analysis_stats%(%): FileAnalysisStats ## ## Returns: A record with thread usage statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -354,7 +354,7 @@ function get_thread_stats%(%): ThreadStats ## ## Returns: A record with TCP gap statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -386,7 +386,7 @@ function get_gap_stats%(%): GapStats ## ## Returns: A record with matcher statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -423,7 +423,7 @@ function get_matcher_stats%(%): MatcherStats ## ## Returns: A record with Broker statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats @@ -459,7 +459,7 @@ function get_broker_stats%(%): BrokerStats ## ## Returns: A record with reporter statistics. ## -## .. bro:see:: get_conn_stats +## .. zeek:see:: get_conn_stats ## get_dns_stats ## get_event_stats ## get_file_analysis_stats diff --git a/src/strings.bif b/src/strings.bif index e7571d5c70..ef584ee7af 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -55,7 +55,7 @@ function levenshtein_distance%(s1: string, s2: string%): count ## ## Returns: The concatenation of all (string) arguments. ## -## .. bro:see:: cat cat_sep cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep cat_string_array cat_string_array_n ## fmt ## join_string_vec join_string_array function string_cat%(...%): string @@ -123,11 +123,11 @@ BroString* cat_string_array_n(TableVal* tbl, int start, int end) ## Concatenates all elements in an array of strings. ## -## a: The :bro:type:`string_array` (``table[count] of string``). +## a: The :zeek:type:`string_array` (``table[count] of string``). ## ## Returns: The concatenation of all elements in *a*. ## -## .. bro:see:: cat cat_sep string_cat cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat cat_string_array_n ## fmt ## join_string_vec join_string_array function cat_string_array%(a: string_array%): string &deprecated @@ -138,7 +138,7 @@ function cat_string_array%(a: string_array%): string &deprecated ## Concatenates a specific range of elements in an array of strings. ## -## a: The :bro:type:`string_array` (``table[count] of string``). +## a: The :zeek:type:`string_array` (``table[count] of string``). ## ## start: The array index of the first element of the range. ## @@ -146,7 +146,7 @@ function cat_string_array%(a: string_array%): string &deprecated ## ## Returns: The concatenation of the range *[start, end]* in *a*. ## -## .. bro:see:: cat string_cat cat_string_array +## .. zeek:see:: cat string_cat cat_string_array ## fmt ## join_string_vec join_string_array function cat_string_array_n%(a: string_array, start: count, end: count%): string &deprecated @@ -160,12 +160,12 @@ function cat_string_array_n%(a: string_array, start: count, end: count%): string ## ## sep: The separator to place between each element. ## -## a: The :bro:type:`string_array` (``table[count] of string``). +## a: The :zeek:type:`string_array` (``table[count] of string``). ## ## Returns: The concatenation of all elements in *a*, with *sep* placed ## between each element. ## -## .. bro:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n ## fmt ## join_string_vec function join_string_array%(sep: string, a: string_array%): string &deprecated @@ -196,12 +196,12 @@ function join_string_array%(sep: string, a: string_array%): string &deprecated ## ## sep: The separator to place between each element. ## -## vec: The :bro:type:`string_vec` (``vector of string``). +## vec: The :zeek:type:`string_vec` (``vector of string``). ## ## Returns: The concatenation of all elements in *vec*, with *sep* placed ## between each element. ## -## .. bro:see:: cat cat_sep string_cat cat_string_array cat_string_array_n +## .. zeek:see:: cat cat_sep string_cat cat_string_array cat_string_array_n ## fmt ## join_string_array function join_string_vec%(vec: string_vec, sep: string%): string @@ -233,11 +233,11 @@ function join_string_vec%(vec: string_vec, sep: string%): string ## Sorts an array of strings. ## -## a: The :bro:type:`string_array` (``table[count] of string``). +## a: The :zeek:type:`string_array` (``table[count] of string``). ## ## Returns: A sorted copy of *a*. ## -## .. bro:see:: sort +## .. zeek:see:: sort function sort_string_array%(a: string_array%): string_array &deprecated %{ TableVal* tbl = a->AsTableVal(); @@ -278,7 +278,7 @@ function sort_string_array%(a: string_array%): string_array &deprecated ## Returns: An edited version of *arg_s* where *arg_edit_char* triggers the ## deletion of the last character. ## -## .. bro:see:: clean +## .. zeek:see:: clean ## to_string_literal ## escape_string ## strip @@ -558,7 +558,7 @@ Val* do_sub(StringVal* str_val, RE_Matcher* re, StringVal* repl, int do_all) ## Returns: An array of strings where each element corresponds to a substring ## in *str* separated by *re*. ## -## .. bro:see:: split1 split_all split_n str_split split_string1 split_string_all split_string_n str_split +## .. zeek:see:: split1 split_all split_n str_split split_string1 split_string_all split_string_n str_split ## ## .. note:: The returned table starts at index 1. Note that conceptually the ## return value is meant to be a vector and this might change in the @@ -578,7 +578,7 @@ function split%(str: string, re: pattern%): string_array &deprecated ## Returns: An array of strings where each element corresponds to a substring ## in *str* separated by *re*. ## -## .. bro:see:: split_string1 split_string_all split_string_n str_split +## .. zeek:see:: split_string1 split_string_all split_string_n str_split ## function split_string%(str: string, re: pattern%): string_vec %{ @@ -586,7 +586,7 @@ function split_string%(str: string, re: pattern%): string_vec %} ## Splits a string *once* into a two-element array of strings according to a -## pattern. This function is the same as :bro:id:`split`, but *str* is only +## pattern. This function is the same as :zeek:id:`split`, but *str* is only ## split once (if possible) at the earliest position and an array of two strings ## is returned. ## @@ -599,14 +599,14 @@ function split_string%(str: string, re: pattern%): string_vec ## second everything after *re*. An array of one string is returned ## when *s* cannot be split. ## -## .. bro:see:: split split_all split_n str_split split_string split_string_all split_string_n str_split +## .. zeek:see:: split split_all split_n str_split split_string split_string_all split_string_n str_split function split1%(str: string, re: pattern%): string_array &deprecated %{ return do_split(str, re, 0, 1); %} ## Splits a string *once* into a two-element array of strings according to a -## pattern. This function is the same as :bro:id:`split_string`, but *str* is +## pattern. This function is the same as :zeek:id:`split_string`, but *str* is ## only split once (if possible) at the earliest position and an array of two ## strings is returned. ## @@ -619,14 +619,14 @@ function split1%(str: string, re: pattern%): string_array &deprecated ## second everything after *re*. An array of one string is returned ## when *s* cannot be split. ## -## .. bro:see:: split_string split_string_all split_string_n str_split +## .. zeek:see:: split_string split_string_all split_string_n str_split function split_string1%(str: string, re: pattern%): string_vec %{ return do_split_string(str, re, 0, 1); %} ## Splits a string into an array of strings according to a pattern. This -## function is the same as :bro:id:`split`, except that the separators are +## function is the same as :zeek:id:`split`, except that the separators are ## returned as well. For example, ``split_all("a-b--cd", /(\-)+/)`` returns ## ``{"a", "-", "b", "--", "cd"}``: odd-indexed elements do not match the ## pattern and even-indexed ones do. @@ -639,14 +639,14 @@ function split_string1%(str: string, re: pattern%): string_vec ## to a substring in *str* of the part not matching *re* (odd-indexed) ## and the part that matches *re* (even-indexed). ## -## .. bro:see:: split split1 split_n str_split split_string split_string1 split_string_n str_split +## .. zeek:see:: split split1 split_n str_split split_string split_string1 split_string_n str_split function split_all%(str: string, re: pattern%): string_array &deprecated %{ return do_split(str, re, 1, 0); %} ## Splits a string into an array of strings according to a pattern. This -## function is the same as :bro:id:`split_string`, except that the separators +## function is the same as :zeek:id:`split_string`, except that the separators ## are returned as well. For example, ``split_string_all("a-b--cd", /(\-)+/)`` ## returns ``{"a", "-", "b", "--", "cd"}``: odd-indexed elements do match the ## pattern and even-indexed ones do not. @@ -659,15 +659,15 @@ function split_all%(str: string, re: pattern%): string_array &deprecated ## to a substring in *str* of the part not matching *re* (even-indexed) ## and the part that matches *re* (odd-indexed). ## -## .. bro:see:: split_string split_string1 split_string_n str_split +## .. zeek:see:: split_string split_string1 split_string_n str_split function split_string_all%(str: string, re: pattern%): string_vec %{ return do_split_string(str, re, 1, 0); %} ## Splits a string a given number of times into an array of strings according -## to a pattern. This function is similar to :bro:id:`split1` and -## :bro:id:`split_all`, but with customizable behavior with respect to +## to a pattern. This function is similar to :zeek:id:`split1` and +## :zeek:id:`split_all`, but with customizable behavior with respect to ## including separators in the result and the number of times to split. ## ## str: The string to split. @@ -675,7 +675,7 @@ function split_string_all%(str: string, re: pattern%): string_vec ## re: The pattern describing the element separator in *str*. ## ## incl_sep: A flag indicating whether to include the separator matches in the -## result (as in :bro:id:`split_all`). +## result (as in :zeek:id:`split_all`). ## ## max_num_sep: The number of times to split *str*. ## @@ -684,7 +684,7 @@ function split_string_all%(str: string, re: pattern%): string_vec ## not matching *re* (odd-indexed) and the part that matches *re* ## (even-indexed). ## -## .. bro:see:: split split1 split_all str_split split_string split_string1 split_string_all str_split +## .. zeek:see:: split split1 split_all str_split split_string split_string1 split_string_all str_split function split_n%(str: string, re: pattern, incl_sep: bool, max_num_sep: count%): string_array &deprecated %{ @@ -692,8 +692,8 @@ function split_n%(str: string, re: pattern, %} ## Splits a string a given number of times into an array of strings according -## to a pattern. This function is similar to :bro:id:`split_string1` and -## :bro:id:`split_string_all`, but with customizable behavior with respect to +## to a pattern. This function is similar to :zeek:id:`split_string1` and +## :zeek:id:`split_string_all`, but with customizable behavior with respect to ## including separators in the result and the number of times to split. ## ## str: The string to split. @@ -701,7 +701,7 @@ function split_n%(str: string, re: pattern, ## re: The pattern describing the element separator in *str*. ## ## incl_sep: A flag indicating whether to include the separator matches in the -## result (as in :bro:id:`split_string_all`). +## result (as in :zeek:id:`split_string_all`). ## ## max_num_sep: The number of times to split *str*. ## @@ -710,7 +710,7 @@ function split_n%(str: string, re: pattern, ## not matching *re* (even-indexed) and the part that matches *re* ## (odd-indexed). ## -## .. bro:see:: split_string split_string1 split_string_all str_split +## .. zeek:see:: split_string split_string1 split_string_all str_split function split_string_n%(str: string, re: pattern, incl_sep: bool, max_num_sep: count%): string_vec %{ @@ -729,7 +729,7 @@ function split_string_n%(str: string, re: pattern, ## Returns: A copy of *str* with the first occurence of *re* replaced with ## *repl*. ## -## .. bro:see:: gsub subst_string +## .. zeek:see:: gsub subst_string function sub%(str: string, re: pattern, repl: string%): string %{ return do_sub(str, re, repl, 0); @@ -746,7 +746,7 @@ function sub%(str: string, re: pattern, repl: string%): string ## ## Returns: A copy of *str* with all occurrences of *re* replaced with *repl*. ## -## .. bro:see:: sub subst_string +## .. zeek:see:: sub subst_string function gsub%(str: string, re: pattern, repl: string%): string %{ return do_sub(str, re, repl, 1); @@ -775,7 +775,7 @@ function strcmp%(s1: string, s2: string%): int ## Returns: The location of *little* in *big*, or 0 if *little* is not found in ## *big*. ## -## .. bro:see:: find_all find_last +## .. zeek:see:: find_all find_last function strstr%(big: string, little: string%): count %{ return val_mgr->GetCount( @@ -792,7 +792,7 @@ function strstr%(big: string, little: string%): count ## ## Returns: A copy of *s* where each occurrence of *from* is replaced with *to*. ## -## .. bro:see:: sub gsub +## .. zeek:see:: sub gsub function subst_string%(s: string, from: string, to: string%): string %{ const int little_len = from->Len(); @@ -843,7 +843,7 @@ function subst_string%(s: string, from: string, to: string%): string ## by ``isascii`` and ``isupper``) folded to lowercase ## (via ``tolower``). ## -## .. bro:see:: to_upper is_ascii +## .. zeek:see:: to_upper is_ascii function to_lower%(str: string%): string %{ const u_char* s = str->Bytes(); @@ -872,7 +872,7 @@ function to_lower%(str: string%): string ## by ``isascii`` and ``islower``) folded to uppercase ## (via ``toupper``). ## -## .. bro:see:: to_lower is_ascii +## .. zeek:see:: to_lower is_ascii function to_upper%(str: string%): string %{ const u_char* s = str->Bytes(); @@ -900,13 +900,13 @@ function to_upper%(str: string%): string ## ## If the string does not yet have a trailing NUL, one is added internally. ## -## In contrast to :bro:id:`escape_string`, this encoding is *not* fully reversible.` +## In contrast to :zeek:id:`escape_string`, this encoding is *not* fully reversible.` ## ## str: The string to escape. ## ## Returns: The escaped string. ## -## .. bro:see:: to_string_literal escape_string +## .. zeek:see:: to_string_literal escape_string function clean%(str: string%): string %{ char* s = str->AsString()->Render(); @@ -924,7 +924,7 @@ function clean%(str: string%): string ## ## Returns: The escaped string. ## -## .. bro:see:: clean escape_string +## .. zeek:see:: clean escape_string function to_string_literal%(str: string%): string %{ char* s = str->AsString()->Render(BroString::BRO_STRING_LITERAL); @@ -938,7 +938,7 @@ function to_string_literal%(str: string%): string ## Returns: False if any byte value of *str* is greater than 127, and true ## otherwise. ## -## .. bro:see:: to_upper to_lower +## .. zeek:see:: to_upper to_lower function is_ascii%(str: string%): bool %{ int n = str->Len(); @@ -957,13 +957,13 @@ function is_ascii%(str: string%): bool ## - values not in *[32, 126]* to ``\xXX`` ## - ``\`` to ``\\`` ## -## In contrast to :bro:id:`clean`, this encoding is fully reversible.` +## In contrast to :zeek:id:`clean`, this encoding is fully reversible.` ## ## str: The string to escape. ## ## Returns: The escaped string. ## -## .. bro:see:: clean to_string_literal +## .. zeek:see:: clean to_string_literal function escape_string%(s: string%): string %{ char* escstr = s->AsString()->Render(BroString::ESC_HEX | BroString::ESC_ESC); @@ -1022,7 +1022,7 @@ function str_smith_waterman%(s1: string, s2: string, params: sw_params%) : sw_su ## ## Returns: A vector of strings. ## -## .. bro:see:: split split1 split_all split_n +## .. zeek:see:: split split1 split_all split_n function str_split%(s: string, idx: index_vec%): string_vec %{ vector* idx_v = idx->AsVector(); @@ -1057,7 +1057,7 @@ function str_split%(s: string, idx: index_vec%): string_vec ## ## Returns: A copy of *str* with leading and trailing whitespace removed. ## -## .. bro:see:: sub gsub lstrip rstrip +## .. zeek:see:: sub gsub lstrip rstrip function strip%(str: string%): string %{ const u_char* s = str->Bytes(); @@ -1105,7 +1105,7 @@ static bool should_strip(u_char c, const BroString* strip_chars) ## Returns: A copy of *str* with the characters in *chars* removed from ## the beginning. ## -## .. bro:see:: sub gsub strip rstrip +## .. zeek:see:: sub gsub strip rstrip function lstrip%(str: string, chars: string &default=" \t\n\r\v\f"%): string %{ const u_char* s = str->Bytes(); @@ -1136,7 +1136,7 @@ function lstrip%(str: string, chars: string &default=" \t\n\r\v\f"%): string ## Returns: A copy of *str* with the characters in *chars* removed from ## the end. ## -## .. bro:see:: sub gsub strip lstrip +## .. zeek:see:: sub gsub strip lstrip function rstrip%(str: string, chars: string &default=" \t\n\r\v\f"%): string %{ const u_char* s = str->Bytes(); @@ -1180,7 +1180,7 @@ function string_fill%(len: int, source: string%): string ## Takes a string and escapes characters that would allow execution of ## commands at the shell level. Must be used before including strings in -## :bro:id:`system` or similar calls. +## :zeek:id:`system` or similar calls. ## ## source: The string to escape. ## @@ -1191,7 +1191,7 @@ function string_fill%(len: int, source: string%): string ## backslash-escaped string in double-quotes to ultimately preserve ## the literal value of all input characters. ## -## .. bro:see:: system safe_shell_quote +## .. zeek:see:: system safe_shell_quote function safe_shell_quote%(source: string%): string %{ unsigned j = 0; @@ -1220,9 +1220,9 @@ function safe_shell_quote%(source: string%): string ## Takes a string and escapes characters that would allow execution of ## commands at the shell level. Must be used before including strings in -## :bro:id:`system` or similar calls. This function is deprecated, use -## :bro:see:`safe_shell_quote` as a replacement. The difference is that -## :bro:see:`safe_shell_quote` automatically returns a value that is +## :zeek:id:`system` or similar calls. This function is deprecated, use +## :zeek:see:`safe_shell_quote` as a replacement. The difference is that +## :zeek:see:`safe_shell_quote` automatically returns a value that is ## wrapped in double-quotes, which is required to correctly and fully ## escape any characters that might be interpreted by the shell. ## @@ -1230,7 +1230,7 @@ function safe_shell_quote%(source: string%): string ## ## Returns: A shell-escaped version of *source*. ## -## .. bro:see:: system safe_shell_quote +## .. zeek:see:: system safe_shell_quote function str_shell_escape%(source: string%): string &deprecated %{ unsigned j = 0; @@ -1267,7 +1267,7 @@ function str_shell_escape%(source: string%): string &deprecated ## ## Returns: The set of strings in *str* that match *re*, or the empty set. ## -## .. bro:see: find_last strstr +## .. zeek:see: find_last strstr function find_all%(str: string, re: pattern%) : string_set %{ TableVal* a = new TableVal(string_set); @@ -1301,7 +1301,7 @@ function find_all%(str: string, re: pattern%) : string_set ## ## Returns: The last string in *str* that matches *re*, or the empty string. ## -## .. bro:see: find_all strstr +## .. zeek:see: find_all strstr function find_last%(str: string, re: pattern%) : string %{ const u_char* s = str->Bytes(); @@ -1325,7 +1325,7 @@ function find_last%(str: string, re: pattern%) : string ## ## Returns: The hex dump of the given string. ## -## .. bro:see:: string_to_ascii_hex bytestring_to_hexstr +## .. zeek:see:: string_to_ascii_hex bytestring_to_hexstr ## ## .. note:: Based on Netdude's hex editor code. ## diff --git a/src/broxygen/CMakeLists.txt b/src/zeexygen/CMakeLists.txt similarity index 73% rename from src/broxygen/CMakeLists.txt rename to src/zeexygen/CMakeLists.txt index f41cd68ff5..43060866a9 100644 --- a/src/broxygen/CMakeLists.txt +++ b/src/zeexygen/CMakeLists.txt @@ -7,7 +7,7 @@ include_directories(BEFORE ${CMAKE_CURRENT_BINARY_DIR} ) -set(broxygen_SRCS +set(zeexygen_SRCS Manager.cc Info.h PackageInfo.cc @@ -19,7 +19,7 @@ set(broxygen_SRCS utils.cc ) -bif_target(broxygen.bif) -bro_add_subdir_library(broxygen ${broxygen_SRCS}) +bif_target(zeexygen.bif) +bro_add_subdir_library(zeexygen ${zeexygen_SRCS}) -add_dependencies(bro_broxygen generate_outputs) +add_dependencies(bro_zeexygen generate_outputs) diff --git a/src/broxygen/Configuration.cc b/src/zeexygen/Configuration.cc similarity index 87% rename from src/broxygen/Configuration.cc rename to src/zeexygen/Configuration.cc index 4780e6ad99..7b1f5e35fd 100644 --- a/src/broxygen/Configuration.cc +++ b/src/zeexygen/Configuration.cc @@ -11,7 +11,7 @@ #include #include -using namespace broxygen; +using namespace zeexygen; using namespace std; static TargetFactory create_target_factory() @@ -37,7 +37,7 @@ Config::Config(const string& arg_file, const string& delim) ifstream f(file.c_str()); if ( ! f.is_open() ) - reporter->FatalError("failed to open Broxygen config file '%s': %s", + reporter->FatalError("failed to open Zeexygen config file '%s': %s", file.c_str(), strerror(errno)); string line; @@ -59,20 +59,20 @@ Config::Config(const string& arg_file, const string& delim) continue; if ( tokens.size() != 3 ) - reporter->FatalError("malformed Broxygen target in %s:%u: %s", + reporter->FatalError("malformed Zeexygen target in %s:%u: %s", file.c_str(), line_number, line.c_str()); Target* target = target_factory.Create(tokens[0], tokens[2], tokens[1]); if ( ! target ) - reporter->FatalError("unknown Broxygen target type: %s", + reporter->FatalError("unknown Zeexygen target type: %s", tokens[0].c_str()); targets.push_back(target); } if ( f.bad() ) - reporter->InternalError("error reading Broxygen config file '%s': %s", + reporter->InternalError("error reading Zeexygen config file '%s': %s", file.c_str(), strerror(errno)); } @@ -99,5 +99,5 @@ time_t Config::GetModificationTime() const if ( file.empty() ) return 0; - return broxygen::get_mtime(file); + return zeexygen::get_mtime(file); } diff --git a/src/broxygen/Configuration.h b/src/zeexygen/Configuration.h similarity index 80% rename from src/broxygen/Configuration.h rename to src/zeexygen/Configuration.h index d41deb2c71..a0da9761bc 100644 --- a/src/broxygen/Configuration.h +++ b/src/zeexygen/Configuration.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_CONFIGURATION_H -#define BROXYGEN_CONFIGURATION_H +#ifndef ZEEXYGEN_CONFIGURATION_H +#define ZEEXYGEN_CONFIGURATION_H #include "Info.h" #include "Target.h" @@ -9,7 +9,7 @@ #include #include -namespace broxygen { +namespace zeexygen { /** * Manages the generation of reStructuredText documents corresponding to @@ -22,8 +22,8 @@ class Config { public: /** - * Read a Broxygen configuration file, parsing all targets in it. - * @param file The file containing a list of Broxygen targets. If it's + * Read a Zeexygen configuration file, parsing all targets in it. + * @param file The file containing a list of Zeexygen targets. If it's * an empty string most methods are a no-op. * @param delim The delimiter between target fields. */ @@ -41,7 +41,7 @@ public: void FindDependencies(const std::vector& infos); /** - * Build each Broxygen target (i.e. write out the reST documents to disk). + * Build each Zeexygen target (i.e. write out the reST documents to disk). */ void GenerateDocs() const; @@ -58,6 +58,6 @@ private: TargetFactory target_factory; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/IdentifierInfo.cc b/src/zeexygen/IdentifierInfo.cc similarity index 97% rename from src/broxygen/IdentifierInfo.cc rename to src/zeexygen/IdentifierInfo.cc index afc0cf751a..ebb15373bf 100644 --- a/src/broxygen/IdentifierInfo.cc +++ b/src/zeexygen/IdentifierInfo.cc @@ -7,7 +7,7 @@ #include "Val.h" using namespace std; -using namespace broxygen; +using namespace zeexygen; IdentifierInfo::IdentifierInfo(ID* arg_id, ScriptInfo* script) : Info(), @@ -128,7 +128,7 @@ string IdentifierInfo::DoReStructuredText(bool roles_only) const { string s = comments[i]; - if ( broxygen::prettify_params(s) ) + if ( zeexygen::prettify_params(s) ) d.NL(); d.Add(s.c_str()); diff --git a/src/broxygen/IdentifierInfo.h b/src/zeexygen/IdentifierInfo.h similarity index 92% rename from src/broxygen/IdentifierInfo.h rename to src/zeexygen/IdentifierInfo.h index be7e721838..a930f67feb 100644 --- a/src/broxygen/IdentifierInfo.h +++ b/src/zeexygen/IdentifierInfo.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_IDENTIFIERINFO_H -#define BROXYGEN_IDENTIFIERINFO_H +#ifndef ZEEXYGEN_IDENTIFIERINFO_H +#define ZEEXYGEN_IDENTIFIERINFO_H #include "Info.h" #include "ScriptInfo.h" @@ -14,7 +14,7 @@ #include #include -namespace broxygen { +namespace zeexygen { class ScriptInfo; @@ -42,7 +42,7 @@ public: * Add a comment associated with the identifier. If the identifier is a * record type and it's in the middle of parsing fields, the comment is * associated with the last field that was parsed. - * @param comment A string extracted from Broxygen-style comment. + * @param comment A string extracted from Zeexygen-style comment. */ void AddComment(const std::string& comment) { last_field_seen ? last_field_seen->comments.push_back(comment) @@ -102,13 +102,13 @@ public: std::string GetDeclaringScriptForField(const std::string& field) const; /** - * @return All Broxygen comments associated with the identifier. + * @return All Zeexygen comments associated with the identifier. */ std::vector GetComments() const; /** * @param field A record field name. - * @return All Broxygen comments associated with the record field. + * @return All Zeexygen comments associated with the record field. */ std::vector GetFieldComments(const std::string& field) const; @@ -118,7 +118,7 @@ public: struct Redefinition { std::string from_script; /**< Name of script doing the redef. */ std::string new_val_desc; /**< Description of new value bound to ID. */ - std::vector comments; /**< Broxygen comments on redef. */ + std::vector comments; /**< Zeexygen comments on redef. */ }; /** @@ -159,6 +159,6 @@ private: ScriptInfo* declaring_script; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/Info.h b/src/zeexygen/Info.h similarity index 89% rename from src/broxygen/Info.h rename to src/zeexygen/Info.h index 9df73f899f..46fba7b7b6 100644 --- a/src/broxygen/Info.h +++ b/src/zeexygen/Info.h @@ -1,15 +1,15 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_INFO_H -#define BROXYGEN_INFO_H +#ifndef ZEEXYGEN_INFO_H +#define ZEEXYGEN_INFO_H #include #include -namespace broxygen { +namespace zeexygen { /** - * Abstract base class for any thing that Broxygen can document. + * Abstract base class for any thing that Zeexygen can document. */ class Info { @@ -68,6 +68,6 @@ private: { } }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/Manager.cc b/src/zeexygen/Manager.cc similarity index 87% rename from src/broxygen/Manager.cc rename to src/zeexygen/Manager.cc index c54b05754e..d638705d8b 100644 --- a/src/broxygen/Manager.cc +++ b/src/zeexygen/Manager.cc @@ -7,7 +7,7 @@ #include #include -using namespace broxygen; +using namespace zeexygen; using namespace std; static void DbgAndWarn(const char* msg) @@ -19,7 +19,7 @@ static void DbgAndWarn(const char* msg) return; reporter->Warning("%s", msg); - DBG_LOG(DBG_BROXYGEN, "%s", msg); + DBG_LOG(DBG_ZEEXYGEN, "%s", msg); } static void WarnMissingScript(const char* type, const ID* id, @@ -28,7 +28,7 @@ static void WarnMissingScript(const char* type, const ID* id, if ( script == "" ) return; - DbgAndWarn(fmt("Can't generate Broxygen doumentation for %s %s, " + DbgAndWarn(fmt("Can't generate Zeexygen doumentation for %s %s, " "lookup of %s failed", type, id->Name(), script.c_str())); } @@ -83,7 +83,7 @@ Manager::Manager(const string& arg_config, const string& bro_command) // a PATH component that starts with a tilde (such as "~/bin"). A simple // workaround is to just run bro with a relative or absolute path. if ( path_to_bro.empty() || stat(path_to_bro.c_str(), &s) < 0 ) - reporter->InternalError("Broxygen can't get mtime of bro binary %s (try again by specifying the absolute or relative path to Bro): %s", + reporter->InternalError("Zeexygen can't get mtime of bro binary %s (try again by specifying the absolute or relative path to Bro): %s", path_to_bro.c_str(), strerror(errno)); bro_mtime = s.st_mtime; @@ -129,7 +129,7 @@ void Manager::Script(const string& path) if ( scripts.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Broxygen script documentation: %s", + DbgAndWarn(fmt("Duplicate Zeexygen script documentation: %s", name.c_str())); return; } @@ -137,7 +137,7 @@ void Manager::Script(const string& path) ScriptInfo* info = new ScriptInfo(name, path); scripts.map[name] = info; all_info.push_back(info); - DBG_LOG(DBG_BROXYGEN, "Made ScriptInfo %s", name.c_str()); + DBG_LOG(DBG_ZEEXYGEN, "Made ScriptInfo %s", name.c_str()); if ( ! info->IsPkgLoader() ) return; @@ -146,7 +146,7 @@ void Manager::Script(const string& path) if ( packages.GetInfo(name) ) { - DbgAndWarn(fmt("Duplicate Broxygen package documentation: %s", + DbgAndWarn(fmt("Duplicate Zeexygen package documentation: %s", name.c_str())); return; } @@ -154,7 +154,7 @@ void Manager::Script(const string& path) PackageInfo* pkginfo = new PackageInfo(name); packages.map[name] = pkginfo; all_info.push_back(pkginfo); - DBG_LOG(DBG_BROXYGEN, "Made PackageInfo %s", name.c_str()); + DBG_LOG(DBG_ZEEXYGEN, "Made PackageInfo %s", name.c_str()); } void Manager::ScriptDependency(const string& path, const string& dep) @@ -164,7 +164,7 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( dep.empty() ) { - DbgAndWarn(fmt("Empty Broxygen script doc dependency: %s", + DbgAndWarn(fmt("Empty Zeexygen script doc dependency: %s", path.c_str())); return; } @@ -175,17 +175,17 @@ void Manager::ScriptDependency(const string& path, const string& dep) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Broxygen script doc dependency %s " + DbgAndWarn(fmt("Failed to add Zeexygen script doc dependency %s " "for %s", depname.c_str(), name.c_str())); return; } script_info->AddDependency(depname); - DBG_LOG(DBG_BROXYGEN, "Added script dependency %s for %s", + DBG_LOG(DBG_ZEEXYGEN, "Added script dependency %s for %s", depname.c_str(), name.c_str()); for ( size_t i = 0; i < comment_buffer.size(); ++i ) - DbgAndWarn(fmt("Discarded extraneous Broxygen comment: %s", + DbgAndWarn(fmt("Discarded extraneous Zeexygen comment: %s", comment_buffer[i].c_str())); } @@ -199,13 +199,13 @@ void Manager::ModuleUsage(const string& path, const string& module) if ( ! script_info ) { - DbgAndWarn(fmt("Failed to add Broxygen module usage %s in %s", + DbgAndWarn(fmt("Failed to add Zeexygen module usage %s in %s", module.c_str(), name.c_str())); return; } script_info->AddModule(module); - DBG_LOG(DBG_BROXYGEN, "Added module usage %s in %s", + DBG_LOG(DBG_ZEEXYGEN, "Added module usage %s in %s", module.c_str(), name.c_str()); } @@ -246,7 +246,7 @@ void Manager::StartType(ID* id) if ( id->GetLocationInfo() == &no_location ) { - DbgAndWarn(fmt("Can't generate broxygen doumentation for %s, " + DbgAndWarn(fmt("Can't generate zeexygen doumentation for %s, " "no location available", id->Name())); return; } @@ -261,7 +261,7 @@ void Manager::StartType(ID* id) } incomplete_type = CreateIdentifierInfo(id, script_info); - DBG_LOG(DBG_BROXYGEN, "Made IdentifierInfo (incomplete) %s, in %s", + DBG_LOG(DBG_ZEEXYGEN, "Made IdentifierInfo (incomplete) %s, in %s", id->Name(), script.c_str()); } @@ -279,7 +279,7 @@ void Manager::Identifier(ID* id) { if ( incomplete_type->Name() == id->Name() ) { - DBG_LOG(DBG_BROXYGEN, "Finished document for type %s", id->Name()); + DBG_LOG(DBG_ZEEXYGEN, "Finished document for type %s", id->Name()); incomplete_type->CompletedTypeDecl(); incomplete_type = 0; return; @@ -309,7 +309,7 @@ void Manager::Identifier(ID* id) { // Internally-created identifier (e.g. file/proto analyzer enum tags). // Handled specially since they don't have a script location. - DBG_LOG(DBG_BROXYGEN, "Made internal IdentifierInfo %s", + DBG_LOG(DBG_ZEEXYGEN, "Made internal IdentifierInfo %s", id->Name()); CreateIdentifierInfo(id, 0); return; @@ -325,7 +325,7 @@ void Manager::Identifier(ID* id) } CreateIdentifierInfo(id, script_info); - DBG_LOG(DBG_BROXYGEN, "Made IdentifierInfo %s, in script %s", + DBG_LOG(DBG_ZEEXYGEN, "Made IdentifierInfo %s, in script %s", id->Name(), script.c_str()); } @@ -339,7 +339,7 @@ void Manager::RecordField(const ID* id, const TypeDecl* field, if ( ! idd ) { - DbgAndWarn(fmt("Can't generate broxygen doumentation for " + DbgAndWarn(fmt("Can't generate zeexygen doumentation for " "record field %s, unknown record: %s", field->id, id->Name())); return; @@ -348,7 +348,7 @@ void Manager::RecordField(const ID* id, const TypeDecl* field, string script = NormalizeScriptPath(path); idd->AddRecordField(field, script, comment_buffer); comment_buffer.clear(); - DBG_LOG(DBG_BROXYGEN, "Document record field %s, identifier %s, script %s", + DBG_LOG(DBG_ZEEXYGEN, "Document record field %s, identifier %s, script %s", field->id, id->Name(), script.c_str()); } @@ -365,7 +365,7 @@ void Manager::Redef(const ID* id, const string& path) if ( ! id_info ) { - DbgAndWarn(fmt("Can't generate broxygen doumentation for " + DbgAndWarn(fmt("Can't generate zeexygen doumentation for " "redef of %s, identifier lookup failed", id->Name())); return; @@ -384,7 +384,7 @@ void Manager::Redef(const ID* id, const string& path) script_info->AddRedef(id_info); comment_buffer.clear(); last_identifier_seen = id_info; - DBG_LOG(DBG_BROXYGEN, "Added redef of %s from %s", + DBG_LOG(DBG_ZEEXYGEN, "Added redef of %s from %s", id->Name(), from_script.c_str()); } @@ -421,7 +421,7 @@ void Manager::PostComment(const string& comment, const string& id_hint) if ( last_identifier_seen ) last_identifier_seen->AddComment(RemoveLeadingSpace(comment)); else - DbgAndWarn(fmt("Discarded unassociated Broxygen comment %s", + DbgAndWarn(fmt("Discarded unassociated Zeexygen comment %s", comment.c_str())); return; diff --git a/src/broxygen/Manager.h b/src/zeexygen/Manager.h similarity index 89% rename from src/broxygen/Manager.h rename to src/zeexygen/Manager.h index 7978adc180..5b2142e047 100644 --- a/src/broxygen/Manager.h +++ b/src/zeexygen/Manager.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_MANAGER_H -#define BROXYGEN_MANAGER_H +#ifndef ZEEXYGEN_MANAGER_H +#define ZEEXYGEN_MANAGER_H #include "Configuration.h" #include "Info.h" @@ -21,7 +21,7 @@ #include #include -namespace broxygen { +namespace zeexygen { /** * Map of info objects. Just a wrapper around std::map to improve code @@ -54,7 +54,7 @@ public: /** * Ctor. - * @param config Path to a Broxygen config file if documentation is to be + * @param config Path to a Zeexygen config file if documentation is to be * written to disk. * @param bro_command The command used to invoke the bro process. * It's used when checking for out-of-date targets. If the bro binary is @@ -80,7 +80,7 @@ public: void InitPostScript(); /** - * Builds all Broxygen targets specified by config file and write out + * Builds all Zeexygen targets specified by config file and write out * documentation to disk. */ void GenerateDocs() const; @@ -140,24 +140,24 @@ public: void Redef(const ID* id, const std::string& path); /** - * Register Broxygen script summary content. + * Register Zeexygen script summary content. * @param path Absolute path to a Bro script. - * @param comment Broxygen-style summary comment ("##!") to associate with + * @param comment Zeexygen-style summary comment ("##!") to associate with * script given by \a path. */ void SummaryComment(const std::string& path, const std::string& comment); /** - * Register a Broxygen comment ("##") for an upcoming identifier (i.e. + * Register a Zeexygen comment ("##") for an upcoming identifier (i.e. * this content is buffered and consumed by next identifier/field * declaration. - * @param comment Content of the Broxygen comment. + * @param comment Content of the Zeexygen comment. */ void PreComment(const std::string& comment); /** - * Register a Broxygen comment ("##<") for the last identifier seen. - * @param comment Content of the Broxygen comment. + * Register a Zeexygen comment ("##<") for the last identifier seen. + * @param comment Content of the Zeexygen comment. * @param identifier_hint Expected name of identifier with which to * associate \a comment. */ @@ -197,11 +197,11 @@ public: { return packages.GetInfo(name); } /** - * Check if a Broxygen target is up-to-date. - * @param target_file output file of a Broxygen target. + * Check if a Zeexygen target is up-to-date. + * @param target_file output file of a Zeexygen target. * @param dependencies all dependencies of the target. * @return true if modification time of \a target_file is newer than - * modification time of Bro binary, Broxygen config file, and all + * modification time of Bro binary, Zeexygen config file, and all * dependencies, else false. */ template @@ -241,7 +241,7 @@ bool Manager::IsUpToDate(const string& target_file, // Doesn't exist. return false; - reporter->InternalError("Broxygen failed to stat target file '%s': %s", + reporter->InternalError("Zeexygen failed to stat target file '%s': %s", target_file.c_str(), strerror(errno)); } @@ -258,8 +258,8 @@ bool Manager::IsUpToDate(const string& target_file, return true; } -} // namespace broxygen +} // namespace zeexygen -extern broxygen::Manager* broxygen_mgr; +extern zeexygen::Manager* zeexygen_mgr; #endif diff --git a/src/broxygen/PackageInfo.cc b/src/zeexygen/PackageInfo.cc similarity index 85% rename from src/broxygen/PackageInfo.cc rename to src/zeexygen/PackageInfo.cc index 1cbff5a07f..1fd607fd08 100644 --- a/src/broxygen/PackageInfo.cc +++ b/src/zeexygen/PackageInfo.cc @@ -9,7 +9,7 @@ #include using namespace std; -using namespace broxygen; +using namespace zeexygen; PackageInfo::PackageInfo(const string& arg_name) : Info(), @@ -23,7 +23,7 @@ PackageInfo::PackageInfo(const string& arg_name) ifstream f(readme_file.c_str()); if ( ! f.is_open() ) - reporter->InternalWarning("Broxygen failed to open '%s': %s", + reporter->InternalWarning("Zeexygen failed to open '%s': %s", readme_file.c_str(), strerror(errno)); string line; @@ -32,7 +32,7 @@ PackageInfo::PackageInfo(const string& arg_name) readme.push_back(line); if ( f.bad() ) - reporter->InternalWarning("Broxygen error reading '%s': %s", + reporter->InternalWarning("Zeexygen error reading '%s': %s", readme_file.c_str(), strerror(errno)); } @@ -54,5 +54,5 @@ time_t PackageInfo::DoGetModificationTime() const if ( readme_file.empty() ) return 0; - return broxygen::get_mtime(readme_file); + return zeexygen::get_mtime(readme_file); } diff --git a/src/broxygen/PackageInfo.h b/src/zeexygen/PackageInfo.h similarity index 89% rename from src/broxygen/PackageInfo.h rename to src/zeexygen/PackageInfo.h index 967bbe3443..977f31fece 100644 --- a/src/broxygen/PackageInfo.h +++ b/src/zeexygen/PackageInfo.h @@ -1,14 +1,14 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_PACKAGEINFO_H -#define BROXYGEN_PACKAGEINFO_H +#ifndef ZEEXYGEN_PACKAGEINFO_H +#define ZEEXYGEN_PACKAGEINFO_H #include "Info.h" #include #include -namespace broxygen { +namespace zeexygen { /** * Information about a Bro script package. @@ -45,6 +45,6 @@ private: std::vector readme; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/ReStructuredTextTable.cc b/src/zeexygen/ReStructuredTextTable.cc similarity index 98% rename from src/broxygen/ReStructuredTextTable.cc rename to src/zeexygen/ReStructuredTextTable.cc index 2cdb774224..c8306313e5 100644 --- a/src/broxygen/ReStructuredTextTable.cc +++ b/src/zeexygen/ReStructuredTextTable.cc @@ -5,7 +5,7 @@ #include using namespace std; -using namespace broxygen; +using namespace zeexygen; ReStructuredTextTable::ReStructuredTextTable(size_t arg_num_cols) : num_cols(arg_num_cols), rows(), longest_row_in_column() diff --git a/src/broxygen/ReStructuredTextTable.h b/src/zeexygen/ReStructuredTextTable.h similarity index 92% rename from src/broxygen/ReStructuredTextTable.h rename to src/zeexygen/ReStructuredTextTable.h index 34cc30c332..9a4059ca83 100644 --- a/src/broxygen/ReStructuredTextTable.h +++ b/src/zeexygen/ReStructuredTextTable.h @@ -1,12 +1,12 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_RESTTABLE_H -#define BROXYGEN_RESTTABLE_H +#ifndef ZEEXYGEN_RESTTABLE_H +#define ZEEXYGEN_RESTTABLE_H #include #include -namespace broxygen { +namespace zeexygen { /** * A reST table with arbitrary number of columns. @@ -48,6 +48,6 @@ private: std::vector longest_row_in_column; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/ScriptInfo.cc b/src/zeexygen/ScriptInfo.cc similarity index 86% rename from src/broxygen/ScriptInfo.cc rename to src/zeexygen/ScriptInfo.cc index b13498bddb..47769c615a 100644 --- a/src/broxygen/ScriptInfo.cc +++ b/src/zeexygen/ScriptInfo.cc @@ -10,7 +10,7 @@ #include "Desc.h" using namespace std; -using namespace broxygen; +using namespace zeexygen; bool IdInfoComp::operator ()(const IdentifierInfo* lhs, const IdentifierInfo* rhs) const @@ -24,11 +24,11 @@ static vector summary_comment(const vector& cmnts) for ( size_t i = 0; i < cmnts.size(); ++i ) { - size_t end = broxygen::end_of_first_sentence(cmnts[i]); + size_t end = zeexygen::end_of_first_sentence(cmnts[i]); if ( end == string::npos ) { - if ( broxygen::is_all_whitespace(cmnts[i]) ) + if ( zeexygen::is_all_whitespace(cmnts[i]) ) break; rval.push_back(cmnts[i]); @@ -86,7 +86,7 @@ static string make_summary(const string& heading, char underline, char border, add_summary_rows(d, summary_comment((*it)->GetComments()), &table); } - return broxygen::make_heading(heading, underline) + table.AsString(border) + return zeexygen::make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -115,7 +115,7 @@ static string make_redef_summary(const string& heading, char underline, add_summary_rows(d, summary_comment(iit->comments), &table); } - return broxygen::make_heading(heading, underline) + table.AsString(border) + return zeexygen::make_heading(heading, underline) + table.AsString(border) + "\n"; } @@ -125,7 +125,7 @@ static string make_details(const string& heading, char underline, if ( id_list.empty() ) return ""; - string rval = broxygen::make_heading(heading, underline); + string rval = zeexygen::make_heading(heading, underline); for ( id_info_list::const_iterator it = id_list.begin(); it != id_list.end(); ++it ) @@ -143,7 +143,7 @@ static string make_redef_details(const string& heading, char underline, if ( id_set.empty() ) return ""; - string rval = broxygen::make_heading(heading, underline); + string rval = zeexygen::make_heading(heading, underline); for ( id_info_set::const_iterator it = id_set.begin(); it != id_set.end(); ++it ) @@ -178,13 +178,13 @@ void ScriptInfo::DoInitPostScript() IdentifierInfo* info = it->second; ID* id = info->GetID(); - if ( ! broxygen::is_public_api(id) ) + if ( ! zeexygen::is_public_api(id) ) continue; if ( id->AsType() ) { types.push_back(info); - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a type", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a type", id->Name(), name.c_str()); continue; } @@ -193,17 +193,17 @@ void ScriptInfo::DoInitPostScript() { switch ( id->Type()->AsFuncType()->Flavor() ) { case FUNC_FLAVOR_HOOK: - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a hook", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a hook", id->Name(), name.c_str()); hooks.push_back(info); break; case FUNC_FLAVOR_EVENT: - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a event", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a event", id->Name(), name.c_str()); events.push_back(info); break; case FUNC_FLAVOR_FUNCTION: - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a function", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a function", id->Name(), name.c_str()); functions.push_back(info); break; @@ -219,13 +219,13 @@ void ScriptInfo::DoInitPostScript() { if ( id->FindAttr(ATTR_REDEF) ) { - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a redef_option", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a redef_option", id->Name(), name.c_str()); redef_options.push_back(info); } else { - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a constant", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a constant", id->Name(), name.c_str()); constants.push_back(info); } @@ -234,7 +234,7 @@ void ScriptInfo::DoInitPostScript() } else if ( id->IsOption() ) { - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as an runtime option", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as an runtime option", id->Name(), name.c_str()); options.push_back(info); @@ -246,7 +246,7 @@ void ScriptInfo::DoInitPostScript() // documentation. continue; - DBG_LOG(DBG_BROXYGEN, "Filter id '%s' in '%s' as a state variable", + DBG_LOG(DBG_ZEEXYGEN, "Filter id '%s' in '%s' as a state variable", id->Name(), name.c_str()); state_vars.push_back(info); } @@ -275,11 +275,11 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const string rval; rval += ":tocdepth: 3\n\n"; - rval += broxygen::make_heading(name, '='); + rval += zeexygen::make_heading(name, '='); for ( string_set::const_iterator it = module_usages.begin(); it != module_usages.end(); ++it ) - rval += ".. bro:namespace:: " + *it + "\n"; + rval += ".. zeek:namespace:: " + *it + "\n"; rval += "\n"; @@ -329,7 +329,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const //rval += fmt(":Source File: :download:`/scripts/%s`\n", name.c_str()); rval += "\n"; - rval += broxygen::make_heading("Summary", '~'); + rval += zeexygen::make_heading("Summary", '~'); rval += make_summary("Runtime Options", '#', '=', options); rval += make_summary("Redefinable Options", '#', '=', redef_options); rval += make_summary("Constants", '#', '=', constants); @@ -340,7 +340,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const rval += make_summary("Hooks", '#', '=', hooks); rval += make_summary("Functions", '#', '=', functions); rval += "\n"; - rval += broxygen::make_heading("Detailed Interface", '~'); + rval += zeexygen::make_heading("Detailed Interface", '~'); rval += make_details("Runtime Options", '#', options); rval += make_details("Redefinable Options", '#', redef_options); rval += make_details("Constants", '#', constants); @@ -356,25 +356,25 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const time_t ScriptInfo::DoGetModificationTime() const { - time_t most_recent = broxygen::get_mtime(path); + time_t most_recent = zeexygen::get_mtime(path); for ( string_set::const_iterator it = dependencies.begin(); it != dependencies.end(); ++it ) { - Info* info = broxygen_mgr->GetScriptInfo(*it); + Info* info = zeexygen_mgr->GetScriptInfo(*it); if ( ! info ) { for (const string& ext : script_extensions) { string pkg_name = *it + "/__load__" + ext; - info = broxygen_mgr->GetScriptInfo(pkg_name); + info = zeexygen_mgr->GetScriptInfo(pkg_name); if ( info ) break; } if ( ! info ) - reporter->InternalWarning("Broxygen failed to get mtime of %s", + reporter->InternalWarning("Zeexygen failed to get mtime of %s", it->c_str()); continue; } diff --git a/src/broxygen/ScriptInfo.h b/src/zeexygen/ScriptInfo.h similarity index 92% rename from src/broxygen/ScriptInfo.h rename to src/zeexygen/ScriptInfo.h index dd43e15a4e..fb0f0c15ae 100644 --- a/src/broxygen/ScriptInfo.h +++ b/src/zeexygen/ScriptInfo.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_SCRIPTINFO_H -#define BROXYGEN_SCRIPTINFO_H +#ifndef ZEEXYGEN_SCRIPTINFO_H +#define ZEEXYGEN_SCRIPTINFO_H #include "Info.h" #include "IdentifierInfo.h" @@ -12,7 +12,7 @@ #include #include -namespace broxygen { +namespace zeexygen { class IdentifierInfo; @@ -39,7 +39,7 @@ public: ScriptInfo(const std::string& name, const std::string& path); /** - * Associate a Broxygen summary comment ("##!") with the script. + * Associate a Zeexygen summary comment ("##!") with the script. * @param comment String extracted from the comment. */ void AddComment(const std::string& comment) @@ -83,7 +83,7 @@ public: { return is_pkg_loader; } /** - * @return All the scripts Broxygen summary comments. + * @return All the scripts Zeexygen summary comments. */ std::vector GetComments() const; @@ -119,6 +119,6 @@ private: id_info_set redefs; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/Target.cc b/src/zeexygen/Target.cc similarity index 89% rename from src/broxygen/Target.cc rename to src/zeexygen/Target.cc index 98b74ff8db..406f6ffe4d 100644 --- a/src/broxygen/Target.cc +++ b/src/zeexygen/Target.cc @@ -16,7 +16,7 @@ #include using namespace std; -using namespace broxygen; +using namespace zeexygen; static void write_plugin_section_heading(FILE* f, const plugin::Plugin* p) { @@ -38,7 +38,7 @@ static void write_analyzer_component(FILE* f, const analyzer::Component* c) if ( atag->Lookup("Analyzer", tag.c_str()) < 0 ) reporter->InternalError("missing analyzer tag for %s", tag.c_str()); - fprintf(f, ":bro:enum:`Analyzer::%s`\n\n", tag.c_str()); + fprintf(f, ":zeek:enum:`Analyzer::%s`\n\n", tag.c_str()); } static void write_analyzer_component(FILE* f, const file_analysis::Component* c) @@ -49,7 +49,7 @@ static void write_analyzer_component(FILE* f, const file_analysis::Component* c) if ( atag->Lookup("Files", tag.c_str()) < 0 ) reporter->InternalError("missing analyzer tag for %s", tag.c_str()); - fprintf(f, ":bro:enum:`Files::%s`\n\n", tag.c_str()); + fprintf(f, ":zeek:enum:`Files::%s`\n\n", tag.c_str()); } static void write_plugin_components(FILE* f, const plugin::Plugin* p) @@ -123,13 +123,13 @@ static void write_plugin_bif_items(FILE* f, const plugin::Plugin* p, for ( it = bifitems.begin(); it != bifitems.end(); ++it ) { - broxygen::IdentifierInfo* doc = broxygen_mgr->GetIdentifierInfo( + zeexygen::IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo( it->GetID()); if ( doc ) fprintf(f, "%s\n\n", doc->ReStructuredText().c_str()); else - reporter->InternalWarning("Broxygen ID lookup failed: %s\n", + reporter->InternalWarning("Zeexygen ID lookup failed: %s\n", it->GetID().c_str()); } } @@ -138,10 +138,10 @@ static void WriteAnalyzerTagDefn(FILE* f, const string& module) { string tag_id = module + "::Tag"; - broxygen::IdentifierInfo* doc = broxygen_mgr->GetIdentifierInfo(tag_id); + zeexygen::IdentifierInfo* doc = zeexygen_mgr->GetIdentifierInfo(tag_id); if ( ! doc ) - reporter->InternalError("Broxygen failed analyzer tag lookup: %s", + reporter->InternalError("Zeexygen failed analyzer tag lookup: %s", tag_id.c_str()); fprintf(f, "%s\n", doc->ReStructuredText().c_str()); @@ -177,7 +177,7 @@ static vector filter_matches(const vector& from, Target* t) if ( t->MatchesPattern(d) ) { - DBG_LOG(DBG_BROXYGEN, "'%s' matched pattern for target '%s'", + DBG_LOG(DBG_ZEEXYGEN, "'%s' matched pattern for target '%s'", d->Name().c_str(), t->Name().c_str()); rval.push_back(d); } @@ -194,14 +194,14 @@ TargetFile::TargetFile(const string& arg_name) string dir = SafeDirname(name).result; if ( ! ensure_intermediate_dirs(dir.c_str()) ) - reporter->FatalError("Broxygen failed to make dir %s", + reporter->FatalError("Zeexygen failed to make dir %s", dir.c_str()); } f = fopen(name.c_str(), "w"); if ( ! f ) - reporter->FatalError("Broxygen failed to open '%s' for writing: %s", + reporter->FatalError("Zeexygen failed to open '%s' for writing: %s", name.c_str(), strerror(errno)); } @@ -210,7 +210,7 @@ TargetFile::~TargetFile() if ( f ) fclose(f); - DBG_LOG(DBG_BROXYGEN, "Wrote out-of-date target '%s'", name.c_str()); + DBG_LOG(DBG_ZEEXYGEN, "Wrote out-of-date target '%s'", name.c_str()); } @@ -245,11 +245,11 @@ void AnalyzerTarget::DoFindDependencies(const std::vector& infos) void AnalyzerTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), vector()) ) + if ( zeexygen_mgr->IsUpToDate(Name(), vector()) ) return; if ( Pattern() != "*" ) - reporter->InternalWarning("Broxygen only implements analyzer target" + reporter->InternalWarning("Zeexygen only implements analyzer target" " pattern '*'"); TargetFile file(Name()); @@ -313,7 +313,7 @@ void PackageTarget::DoFindDependencies(const vector& infos) pkg_deps = filter_matches(infos, this); if ( pkg_deps.empty() ) - reporter->FatalError("No match for Broxygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); for ( size_t i = 0; i < infos.size(); ++i ) @@ -329,7 +329,7 @@ void PackageTarget::DoFindDependencies(const vector& infos) pkg_deps[j]->Name().size())) continue; - DBG_LOG(DBG_BROXYGEN, "Script %s associated with package %s", + DBG_LOG(DBG_ZEEXYGEN, "Script %s associated with package %s", script->Name().c_str(), pkg_deps[j]->Name().c_str()); pkg_manifest[pkg_deps[j]].push_back(script); script_deps.push_back(script); @@ -339,8 +339,8 @@ void PackageTarget::DoFindDependencies(const vector& infos) void PackageTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), script_deps) && - broxygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) && + zeexygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -382,13 +382,13 @@ void PackageIndexTarget::DoFindDependencies(const vector& infos) pkg_deps = filter_matches(infos, this); if ( pkg_deps.empty() ) - reporter->FatalError("No match for Broxygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); } void PackageIndexTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), pkg_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), pkg_deps) ) return; TargetFile file(Name()); @@ -402,7 +402,7 @@ void ScriptTarget::DoFindDependencies(const vector& infos) script_deps = filter_matches(infos, this); if ( script_deps.empty() ) - reporter->FatalError("No match for Broxygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); if ( ! IsDir() ) @@ -483,7 +483,7 @@ void ScriptTarget::DoGenerate() const vector dep; dep.push_back(script_deps[i]); - if ( broxygen_mgr->IsUpToDate(target_filename, dep) ) + if ( zeexygen_mgr->IsUpToDate(target_filename, dep) ) continue; TargetFile file(target_filename); @@ -508,7 +508,7 @@ void ScriptTarget::DoGenerate() const reporter->Warning("Failed to unlink %s: %s", f.c_str(), strerror(errno)); - DBG_LOG(DBG_BROXYGEN, "Delete stale script file %s", f.c_str()); + DBG_LOG(DBG_ZEEXYGEN, "Delete stale script file %s", f.c_str()); } return; @@ -516,7 +516,7 @@ void ScriptTarget::DoGenerate() const // Target is a single file, all matching scripts get written there. - if ( broxygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -527,7 +527,7 @@ void ScriptTarget::DoGenerate() const void ScriptSummaryTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -552,7 +552,7 @@ void ScriptSummaryTarget::DoGenerate() const void ScriptIndexTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), script_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), script_deps) ) return; TargetFile file(Name()); @@ -577,13 +577,13 @@ void IdentifierTarget::DoFindDependencies(const vector& infos) id_deps = filter_matches(infos, this); if ( id_deps.empty() ) - reporter->FatalError("No match for Broxygen target '%s' pattern '%s'", + reporter->FatalError("No match for Zeexygen target '%s' pattern '%s'", Name().c_str(), Pattern().c_str()); } void IdentifierTarget::DoGenerate() const { - if ( broxygen_mgr->IsUpToDate(Name(), id_deps) ) + if ( zeexygen_mgr->IsUpToDate(Name(), id_deps) ) return; TargetFile file(Name()); diff --git a/src/broxygen/Target.h b/src/zeexygen/Target.h similarity index 96% rename from src/broxygen/Target.h rename to src/zeexygen/Target.h index 7f18697eaf..ef3c8b2e00 100644 --- a/src/broxygen/Target.h +++ b/src/zeexygen/Target.h @@ -1,7 +1,7 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_TARGET_H -#define BROXYGEN_TARGET_H +#ifndef ZEEXYGEN_TARGET_H +#define ZEEXYGEN_TARGET_H #include "Info.h" #include "PackageInfo.h" @@ -13,7 +13,7 @@ #include #include -namespace broxygen { +namespace zeexygen { /** * Helper class to create files in arbitrary file paths and automatically @@ -39,7 +39,7 @@ struct TargetFile { }; /** - * A Broxygen target abstract base class. A target is generally any portion of + * A Zeexygen target abstract base class. A target is generally any portion of * documentation that Bro can build. It's identified by a type (e.g. script, * identifier, package), a pattern (e.g. "example.zeek", "HTTP::Info"), and * a path to an output file. @@ -125,7 +125,7 @@ public: /** * Register a new target type. - * @param type_name The target type name as it will appear in Broxygen + * @param type_name The target type name as it will appear in Zeexygen * config files. */ template @@ -136,7 +136,7 @@ public: /** * Instantiate a target. - * @param type_name The target type name as it appears in Broxygen config + * @param type_name The target type name as it appears in Zeexygen config * files. * @param name The output file name of the target. * @param pattern The dependency pattern of the target. @@ -384,6 +384,6 @@ private: std::vector id_deps; }; -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/utils.cc b/src/zeexygen/utils.cc similarity index 83% rename from src/broxygen/utils.cc rename to src/zeexygen/utils.cc index 93f822b846..5cf76c1af6 100644 --- a/src/broxygen/utils.cc +++ b/src/zeexygen/utils.cc @@ -7,10 +7,10 @@ #include #include -using namespace broxygen; +using namespace zeexygen; using namespace std; -bool broxygen::prettify_params(string& s) +bool zeexygen::prettify_params(string& s) { size_t identifier_start_pos = 0; bool in_identifier = false; @@ -76,29 +76,29 @@ bool broxygen::prettify_params(string& s) return false; } -bool broxygen::is_public_api(const ID* id) +bool zeexygen::is_public_api(const ID* id) { return (id->Scope() == SCOPE_GLOBAL) || (id->Scope() == SCOPE_MODULE && id->IsExport()); } -time_t broxygen::get_mtime(const string& filename) +time_t zeexygen::get_mtime(const string& filename) { struct stat s; if ( stat(filename.c_str(), &s) < 0 ) - reporter->InternalError("Broxygen failed to stat file '%s': %s", + reporter->InternalError("Zeexygen failed to stat file '%s': %s", filename.c_str(), strerror(errno)); return s.st_mtime; } -string broxygen::make_heading(const string& heading, char underline) +string zeexygen::make_heading(const string& heading, char underline) { return heading + "\n" + string(heading.size(), underline) + "\n"; } -size_t broxygen::end_of_first_sentence(const string& s) +size_t zeexygen::end_of_first_sentence(const string& s) { size_t rval = 0; @@ -119,7 +119,7 @@ size_t broxygen::end_of_first_sentence(const string& s) return rval; } -bool broxygen::is_all_whitespace(const string& s) +bool zeexygen::is_all_whitespace(const string& s) { for ( size_t i = 0; i < s.size(); ++i ) if ( ! isspace(s[i]) ) @@ -128,7 +128,7 @@ bool broxygen::is_all_whitespace(const string& s) return true; } -string broxygen::redef_indication(const string& from_script) +string zeexygen::redef_indication(const string& from_script) { return fmt("(present if :doc:`/scripts/%s` is loaded)", from_script.c_str()); diff --git a/src/broxygen/utils.h b/src/zeexygen/utils.h similarity index 88% rename from src/broxygen/utils.h rename to src/zeexygen/utils.h index 7e11019a3d..b9a99a71f7 100644 --- a/src/broxygen/utils.h +++ b/src/zeexygen/utils.h @@ -1,18 +1,18 @@ // See the file "COPYING" in the main distribution directory for copyright. -#ifndef BROXYGEN_UTILS_H -#define BROXYGEN_UTILS_H +#ifndef ZEEXYGEN_UTILS_H +#define ZEEXYGEN_UTILS_H #include "ID.h" #include -namespace broxygen { +namespace zeexygen { /** - * Transform content of a Broxygen comment which may contain function + * Transform content of a Zeexygen comment which may contain function * parameter or return value documentation to a prettier reST format. - * @param s Content from a Broxygen comment to transform. "id: ..." and + * @param s Content from a Zeexygen comment to transform. "id: ..." and * "Returns: ..." change to ":id: ..." and ":returns: ...". * @return Whether any content in \a s was transformed. */ @@ -62,6 +62,6 @@ bool is_all_whitespace(const std::string& s); */ std::string redef_indication(const std::string& from_script); -} // namespace broxygen +} // namespace zeexygen #endif diff --git a/src/broxygen/broxygen.bif b/src/zeexygen/zeexygen.bif similarity index 81% rename from src/broxygen/broxygen.bif rename to src/zeexygen/zeexygen.bif index 4b2f5653b2..f7ce04d292 100644 --- a/src/broxygen/broxygen.bif +++ b/src/zeexygen/zeexygen.bif @@ -3,7 +3,7 @@ ##! Functions for querying script, package, or variable documentation. %%{ -#include "broxygen/Manager.h" +#include "zeexygen/Manager.h" #include "util.h" static StringVal* comments_to_val(const vector& comments) @@ -12,7 +12,7 @@ static StringVal* comments_to_val(const vector& comments) } %%} -## Retrieve the Broxygen-style comments (``##``) associated with an identifier +## Retrieve the Zeexygen-style comments (``##``) associated with an identifier ## (e.g. a variable or type). ## ## name: a script-level identifier for which to retrieve comments. @@ -21,8 +21,8 @@ static StringVal* comments_to_val(const vector& comments) ## identifier, an empty string is returned. function get_identifier_comments%(name: string%): string %{ - using namespace broxygen; - IdentifierInfo* d = broxygen_mgr->GetIdentifierInfo(name->CheckString()); + using namespace zeexygen; + IdentifierInfo* d = zeexygen_mgr->GetIdentifierInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -30,7 +30,7 @@ function get_identifier_comments%(name: string%): string return comments_to_val(d->GetComments()); %} -## Retrieve the Broxygen-style summary comments (``##!``) associated with +## Retrieve the Zeexygen-style summary comments (``##!``) associated with ## a Bro script. ## ## name: the name of a Bro script. It must be a relative path to where @@ -41,8 +41,8 @@ function get_identifier_comments%(name: string%): string ## *name* is not a known script, an empty string is returned. function get_script_comments%(name: string%): string %{ - using namespace broxygen; - ScriptInfo* d = broxygen_mgr->GetScriptInfo(name->CheckString()); + using namespace zeexygen; + ScriptInfo* d = zeexygen_mgr->GetScriptInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -59,8 +59,8 @@ function get_script_comments%(name: string%): string ## package, an empty string is returned. function get_package_readme%(name: string%): string %{ - using namespace broxygen; - PackageInfo* d = broxygen_mgr->GetPackageInfo(name->CheckString()); + using namespace zeexygen; + PackageInfo* d = zeexygen_mgr->GetPackageInfo(name->CheckString()); if ( ! d ) return val_mgr->GetEmptyString(); @@ -68,7 +68,7 @@ function get_package_readme%(name: string%): string return comments_to_val(d->GetReadme()); %} -## Retrieve the Broxygen-style comments (``##``) associated with a record field. +## Retrieve the Zeexygen-style comments (``##``) associated with a record field. ## ## name: the name of a record type and a field within it formatted like ## a typical record field access: "$". @@ -78,7 +78,7 @@ function get_package_readme%(name: string%): string ## type, an empty string is returned. function get_record_field_comments%(name: string%): string %{ - using namespace broxygen; + using namespace zeexygen; string accessor = name->CheckString(); size_t i = accessor.find('$'); @@ -87,7 +87,7 @@ function get_record_field_comments%(name: string%): string string id = accessor.substr(0, i); - IdentifierInfo* d = broxygen_mgr->GetIdentifierInfo(id); + IdentifierInfo* d = zeexygen_mgr->GetIdentifierInfo(id); if ( ! d ) return val_mgr->GetEmptyString(); diff --git a/testing/btest/Baseline/core.plugins.hooks/output b/testing/btest/Baseline/core.plugins.hooks/output index f030cb0af2..2725e48507 100644 --- a/testing/btest/Baseline/core.plugins.hooks/output +++ b/testing/btest/Baseline/core.plugins.hooks/output @@ -275,7 +275,7 @@ 0.000000 MetaHookPost LoadFile(./average) -> -1 0.000000 MetaHookPost LoadFile(./bloom-filter.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./bro.bif.bro) -> -1 -0.000000 MetaHookPost LoadFile(./broxygen.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(./zeexygen.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./cardinality-counter.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./const.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./consts) -> -1 @@ -855,7 +855,7 @@ 0.000000 MetaHookPre LoadFile(./average) 0.000000 MetaHookPre LoadFile(./bloom-filter.bif.bro) 0.000000 MetaHookPre LoadFile(./bro.bif.bro) -0.000000 MetaHookPre LoadFile(./broxygen.bif.bro) +0.000000 MetaHookPre LoadFile(./zeexygen.bif.bro) 0.000000 MetaHookPre LoadFile(./cardinality-counter.bif.bro) 0.000000 MetaHookPre LoadFile(./const.bif.bro) 0.000000 MetaHookPre LoadFile(./consts) @@ -1435,7 +1435,7 @@ 0.000000 | HookLoadFile ./average.bro/bro 0.000000 | HookLoadFile ./bloom-filter.bif.bro/bro 0.000000 | HookLoadFile ./bro.bif.bro/bro -0.000000 | HookLoadFile ./broxygen.bif.bro/bro +0.000000 | HookLoadFile ./zeexygen.bif.bro/bro 0.000000 | HookLoadFile ./cardinality-counter.bif.bro/bro 0.000000 | HookLoadFile ./const.bif.bro/bro 0.000000 | HookLoadFile ./consts.bif.bro/bro diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 55c2c7c9f3..1976784e41 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -55,7 +55,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/broxygen.bif.zeek + build/scripts/base/bif/zeexygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek build/scripts/base/bif/cardinality-counter.bif.zeek diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index 68129bbab6..6595a63eb3 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -6,7 +6,7 @@ warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_ warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//broxygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//zeexygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 6c7f592b5f..7951d68e2b 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -55,7 +55,7 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek build/scripts/base/bif/__load__.zeek - build/scripts/base/bif/broxygen.bif.zeek + build/scripts/base/bif/zeexygen.bif.zeek build/scripts/base/bif/pcap.bif.zeek build/scripts/base/bif/bloom-filter.bif.zeek build/scripts/base/bif/cardinality-counter.bif.zeek diff --git a/testing/btest/Baseline/doc.broxygen.example/example.rst b/testing/btest/Baseline/doc.broxygen.example/example.rst deleted file mode 100644 index e012c20051..0000000000 --- a/testing/btest/Baseline/doc.broxygen.example/example.rst +++ /dev/null @@ -1,248 +0,0 @@ -:tocdepth: 3 - -broxygen/example.zeek -===================== -.. bro:namespace:: BroxygenExample - -This is an example script that demonstrates Broxygen-style -documentation. It generally will make most sense when viewing -the script's raw source code and comparing to the HTML-rendered -version. - -Comments in the from ``##!`` are meant to summarize the script's -purpose. They are transferred directly in to the generated -`reStructuredText `_ -(reST) document associated with the script. - -.. tip:: You can embed directives and roles within ``##``-stylized comments. - -There's also a custom role to reference any identifier node in -the Bro Sphinx domain that's good for "see alsos", e.g. - -See also: :bro:see:`BroxygenExample::a_var`, -:bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info` - -And a custom directive does the equivalent references: - -.. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info - -:Namespace: BroxygenExample -:Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.zeek ` - -Summary -~~~~~~~ -Redefinable Options -################### -==================================================================================== ======================================================= -:bro:id:`BroxygenExample::an_option`: :bro:type:`set` :bro:attr:`&redef` Add documentation for "an_option" here. -:bro:id:`BroxygenExample::option_with_init`: :bro:type:`interval` :bro:attr:`&redef` Default initialization will be generated automatically. -==================================================================================== ======================================================= - -State Variables -############### -======================================================================== ======================================================================== -:bro:id:`BroxygenExample::a_var`: :bro:type:`bool` Put some documentation for "a_var" here. -:bro:id:`BroxygenExample::summary_test`: :bro:type:`string` The first sentence for a particular identifier's summary text ends here. -:bro:id:`BroxygenExample::var_without_explicit_type`: :bro:type:`string` Types are inferred, that information is self-documenting. -======================================================================== ======================================================================== - -Types -##### -================================================================================= =========================================================== -:bro:type:`BroxygenExample::ComplexRecord`: :bro:type:`record` :bro:attr:`&redef` General documentation for a type "ComplexRecord" goes here. -:bro:type:`BroxygenExample::Info`: :bro:type:`record` An example record to be used with a logging stream. -:bro:type:`BroxygenExample::SimpleEnum`: :bro:type:`enum` Documentation for the "SimpleEnum" type goes here. -:bro:type:`BroxygenExample::SimpleRecord`: :bro:type:`record` General documentation for a type "SimpleRecord" goes here. -================================================================================= =========================================================== - -Redefinitions -############# -============================================================= ==================================================================== -:bro:type:`BroxygenExample::SimpleEnum`: :bro:type:`enum` Document the "SimpleEnum" redef here with any special info regarding - the *redef* itself. -:bro:type:`BroxygenExample::SimpleRecord`: :bro:type:`record` Document the record extension *redef* itself here. -:bro:type:`Log::ID`: :bro:type:`enum` -:bro:type:`Notice::Type`: :bro:type:`enum` -============================================================= ==================================================================== - -Events -###### -====================================================== ========================== -:bro:id:`BroxygenExample::an_event`: :bro:type:`event` Summarize "an_event" here. -====================================================== ========================== - -Functions -######### -=========================================================== ======================================= -:bro:id:`BroxygenExample::a_function`: :bro:type:`function` Summarize purpose of "a_function" here. -=========================================================== ======================================= - - -Detailed Interface -~~~~~~~~~~~~~~~~~~ -Redefinable Options -################### -.. bro:id:: BroxygenExample::an_option - - :Type: :bro:type:`set` [:bro:type:`addr`, :bro:type:`addr`, :bro:type:`string`] - :Attributes: :bro:attr:`&redef` - :Default: ``{}`` - - Add documentation for "an_option" here. - The type/attribute information is all generated automatically. - -.. bro:id:: BroxygenExample::option_with_init - - :Type: :bro:type:`interval` - :Attributes: :bro:attr:`&redef` - :Default: ``10.0 msecs`` - - Default initialization will be generated automatically. - More docs can be added here. - -State Variables -############### -.. bro:id:: BroxygenExample::a_var - - :Type: :bro:type:`bool` - - Put some documentation for "a_var" here. Any global/non-const that - isn't a function/event/hook is classified as a "state variable" - in the generated docs. - -.. bro:id:: BroxygenExample::summary_test - - :Type: :bro:type:`string` - - The first sentence for a particular identifier's summary text ends here. - And this second sentence doesn't show in the short description provided - by the table of all identifiers declared by this script. - -.. bro:id:: BroxygenExample::var_without_explicit_type - - :Type: :bro:type:`string` - :Default: ``"this works"`` - - Types are inferred, that information is self-documenting. - -Types -##### -.. bro:type:: BroxygenExample::ComplexRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field3: :bro:type:`BroxygenExample::SimpleRecord` - Broxygen automatically tracks types - and cross-references are automatically - inserted in to generated docs. - - msg: :bro:type:`string` :bro:attr:`&default` = ``"blah"`` :bro:attr:`&optional` - Attributes are self-documenting. - :Attributes: :bro:attr:`&redef` - - General documentation for a type "ComplexRecord" goes here. - -.. bro:type:: BroxygenExample::Info - - :Type: :bro:type:`record` - - ts: :bro:type:`time` :bro:attr:`&log` - - uid: :bro:type:`string` :bro:attr:`&log` - - status: :bro:type:`count` :bro:attr:`&log` :bro:attr:`&optional` - - An example record to be used with a logging stream. - Nothing special about it. If another script redefs this type - to add fields, the generated documentation will show all original - fields plus the extensions and the scripts which contributed to it - (provided they are also @load'ed). - -.. bro:type:: BroxygenExample::SimpleEnum - - :Type: :bro:type:`enum` - - .. bro:enum:: BroxygenExample::ONE BroxygenExample::SimpleEnum - - Documentation for particular enum values is added like this. - And can also span multiple lines. - - .. bro:enum:: BroxygenExample::TWO BroxygenExample::SimpleEnum - - Or this style is valid to document the preceding enum value. - - .. bro:enum:: BroxygenExample::THREE BroxygenExample::SimpleEnum - - .. bro:enum:: BroxygenExample::FOUR BroxygenExample::SimpleEnum - - And some documentation for "FOUR". - - .. bro:enum:: BroxygenExample::FIVE BroxygenExample::SimpleEnum - - Also "FIVE". - - Documentation for the "SimpleEnum" type goes here. - It can span multiple lines. - -.. bro:type:: BroxygenExample::SimpleRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field_ext: :bro:type:`string` :bro:attr:`&optional` - Document the extending field like this. - Or here, like this. - - General documentation for a type "SimpleRecord" goes here. - The way fields can be documented is similar to what's already seen - for enums. - -Events -###### -.. bro:id:: BroxygenExample::an_event - - :Type: :bro:type:`event` (name: :bro:type:`string`) - - Summarize "an_event" here. - Give more details about "an_event" here. - - BroxygenExample::a_function should not be confused as a parameter - in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :bro:see:`BroxygenExample::a_function`. - - - :name: Describe the argument here. - -Functions -######### -.. bro:id:: BroxygenExample::a_function - - :Type: :bro:type:`function` (tag: :bro:type:`string`, msg: :bro:type:`string`) : :bro:type:`string` - - Summarize purpose of "a_function" here. - Give more details about "a_function" here. - Separating the documentation of the params/return values with - empty comments is optional, but improves readability of script. - - - :tag: Function arguments can be described - like this. - - - :msg: Another param. - - - :returns: Describe the return type here. - - diff --git a/testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst b/testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst deleted file mode 100644 index 06f196b73c..0000000000 --- a/testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst +++ /dev/null @@ -1,30 +0,0 @@ -.. bro:id:: test_func_params_func - - :Type: :bro:type:`function` (i: :bro:type:`int`, j: :bro:type:`int`) : :bro:type:`string` - - This is a global function declaration. - - - :i: First param. - - :j: Second param. - - - :returns: A string. - -.. bro:type:: test_func_params_rec - - :Type: :bro:type:`record` - - field_func: :bro:type:`function` (i: :bro:type:`int`, j: :bro:type:`int`) : :bro:type:`string` - This is a record field function. - - - :i: First param. - - :j: Second param. - - - :returns: A string. - - diff --git a/testing/btest/Baseline/doc.broxygen.identifier/test.rst b/testing/btest/Baseline/doc.broxygen.identifier/test.rst deleted file mode 100644 index 0c7c44581d..0000000000 --- a/testing/btest/Baseline/doc.broxygen.identifier/test.rst +++ /dev/null @@ -1,230 +0,0 @@ -.. bro:id:: BroxygenExample::Broxygen_One - - :Type: :bro:type:`Notice::Type` - - Any number of this type of comment - will document "Broxygen_One". - -.. bro:id:: BroxygenExample::Broxygen_Two - - :Type: :bro:type:`Notice::Type` - - Any number of this type of comment - will document "BROXYGEN_TWO". - -.. bro:id:: BroxygenExample::Broxygen_Three - - :Type: :bro:type:`Notice::Type` - - -.. bro:id:: BroxygenExample::Broxygen_Four - - :Type: :bro:type:`Notice::Type` - - Omitting comments is fine, and so is mixing ``##`` and ``##<``, but - it's probably best to use only one style consistently. - -.. bro:id:: BroxygenExample::LOG - - :Type: :bro:type:`Log::ID` - - -.. bro:type:: BroxygenExample::SimpleEnum - - :Type: :bro:type:`enum` - - .. bro:enum:: BroxygenExample::ONE BroxygenExample::SimpleEnum - - Documentation for particular enum values is added like this. - And can also span multiple lines. - - .. bro:enum:: BroxygenExample::TWO BroxygenExample::SimpleEnum - - Or this style is valid to document the preceding enum value. - - .. bro:enum:: BroxygenExample::THREE BroxygenExample::SimpleEnum - - .. bro:enum:: BroxygenExample::FOUR BroxygenExample::SimpleEnum - - And some documentation for "FOUR". - - .. bro:enum:: BroxygenExample::FIVE BroxygenExample::SimpleEnum - - Also "FIVE". - - Documentation for the "SimpleEnum" type goes here. - It can span multiple lines. - -.. bro:id:: BroxygenExample::ONE - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - Documentation for particular enum values is added like this. - And can also span multiple lines. - -.. bro:id:: BroxygenExample::TWO - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - Or this style is valid to document the preceding enum value. - -.. bro:id:: BroxygenExample::THREE - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - -.. bro:id:: BroxygenExample::FOUR - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - And some documentation for "FOUR". - -.. bro:id:: BroxygenExample::FIVE - - :Type: :bro:type:`BroxygenExample::SimpleEnum` - - Also "FIVE". - -.. bro:type:: BroxygenExample::SimpleRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field_ext: :bro:type:`string` :bro:attr:`&optional` - Document the extending field like this. - Or here, like this. - - General documentation for a type "SimpleRecord" goes here. - The way fields can be documented is similar to what's already seen - for enums. - -.. bro:type:: BroxygenExample::ComplexRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`count` - Counts something. - - field2: :bro:type:`bool` - Toggles something. - - field3: :bro:type:`BroxygenExample::SimpleRecord` - Broxygen automatically tracks types - and cross-references are automatically - inserted in to generated docs. - - msg: :bro:type:`string` :bro:attr:`&default` = ``"blah"`` :bro:attr:`&optional` - Attributes are self-documenting. - :Attributes: :bro:attr:`&redef` - - General documentation for a type "ComplexRecord" goes here. - -.. bro:type:: BroxygenExample::Info - - :Type: :bro:type:`record` - - ts: :bro:type:`time` :bro:attr:`&log` - - uid: :bro:type:`string` :bro:attr:`&log` - - status: :bro:type:`count` :bro:attr:`&log` :bro:attr:`&optional` - - An example record to be used with a logging stream. - Nothing special about it. If another script redefs this type - to add fields, the generated documentation will show all original - fields plus the extensions and the scripts which contributed to it - (provided they are also @load'ed). - -.. bro:id:: BroxygenExample::an_option - - :Type: :bro:type:`set` [:bro:type:`addr`, :bro:type:`addr`, :bro:type:`string`] - :Attributes: :bro:attr:`&redef` - :Default: ``{}`` - - Add documentation for "an_option" here. - The type/attribute information is all generated automatically. - -.. bro:id:: BroxygenExample::option_with_init - - :Type: :bro:type:`interval` - :Attributes: :bro:attr:`&redef` - :Default: ``10.0 msecs`` - - Default initialization will be generated automatically. - More docs can be added here. - -.. bro:id:: BroxygenExample::a_var - - :Type: :bro:type:`bool` - - Put some documentation for "a_var" here. Any global/non-const that - isn't a function/event/hook is classified as a "state variable" - in the generated docs. - -.. bro:id:: BroxygenExample::var_without_explicit_type - - :Type: :bro:type:`string` - :Default: ``"this works"`` - - Types are inferred, that information is self-documenting. - -.. bro:id:: BroxygenExample::summary_test - - :Type: :bro:type:`string` - - The first sentence for a particular identifier's summary text ends here. - And this second sentence doesn't show in the short description provided - by the table of all identifiers declared by this script. - -.. bro:id:: BroxygenExample::a_function - - :Type: :bro:type:`function` (tag: :bro:type:`string`, msg: :bro:type:`string`) : :bro:type:`string` - - Summarize purpose of "a_function" here. - Give more details about "a_function" here. - Separating the documentation of the params/return values with - empty comments is optional, but improves readability of script. - - - :tag: Function arguments can be described - like this. - - - :msg: Another param. - - - :returns: Describe the return type here. - -.. bro:id:: BroxygenExample::an_event - - :Type: :bro:type:`event` (name: :bro:type:`string`) - - Summarize "an_event" here. - Give more details about "an_event" here. - - BroxygenExample::a_function should not be confused as a parameter - in the generated docs, but it also doesn't generate a cross-reference - link. Use the see role instead: :bro:see:`BroxygenExample::a_function`. - - - :name: Describe the argument here. - -.. bro:id:: BroxygenExample::function_without_proto - - :Type: :bro:type:`function` (tag: :bro:type:`string`) : :bro:type:`string` - - -.. bro:type:: BroxygenExample::PrivateRecord - - :Type: :bro:type:`record` - - field1: :bro:type:`bool` - - field2: :bro:type:`count` - - diff --git a/testing/btest/Baseline/doc.broxygen.package_index/test.rst b/testing/btest/Baseline/doc.broxygen.package_index/test.rst deleted file mode 100644 index f551ab1cd3..0000000000 --- a/testing/btest/Baseline/doc.broxygen.package_index/test.rst +++ /dev/null @@ -1,7 +0,0 @@ -:doc:`broxygen ` - - This package is loaded during the process which automatically generates - reference documentation for all Bro scripts (i.e. "Broxygen"). Its only - purpose is to provide an easy way to load all known Bro scripts plus any - extra scripts needed or used by the documentation process. - diff --git a/testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst b/testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst deleted file mode 100644 index 60d80f6b07..0000000000 --- a/testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst +++ /dev/null @@ -1,28 +0,0 @@ -.. bro:type:: TestRecord1 - - :Type: :bro:type:`record` - - field1: :bro:type:`bool` - - field2: :bro:type:`count` - - -.. bro:type:: TestRecord2 - - :Type: :bro:type:`record` - - A: :bro:type:`count` - document ``A`` - - B: :bro:type:`bool` - document ``B`` - - C: :bro:type:`TestRecord1` - and now ``C`` - is a declared type - - D: :bro:type:`set` [:bro:type:`count`, :bro:type:`bool`] - sets/tables should show the index types - - Here's the ways records and record fields can be documented. - diff --git a/testing/btest/Baseline/doc.broxygen.script_index/test.rst b/testing/btest/Baseline/doc.broxygen.script_index/test.rst deleted file mode 100644 index 30d849c2e0..0000000000 --- a/testing/btest/Baseline/doc.broxygen.script_index/test.rst +++ /dev/null @@ -1,5 +0,0 @@ -.. toctree:: - :maxdepth: 1 - - broxygen/__load__.zeek - broxygen/example.zeek diff --git a/testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst b/testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst deleted file mode 100644 index 3a26b8adc6..0000000000 --- a/testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst +++ /dev/null @@ -1,44 +0,0 @@ -.. bro:type:: BroxygenTest::TypeAlias - - :Type: :bro:type:`bool` - - This is just an alias for a builtin type ``bool``. - -.. bro:type:: BroxygenTest::NotTypeAlias - - :Type: :bro:type:`bool` - - This type should get its own comments, not associated w/ TypeAlias. - -.. bro:type:: BroxygenTest::OtherTypeAlias - - :Type: :bro:type:`bool` - - This cross references ``bool`` in the description of its type - instead of ``TypeAlias`` just because it seems more useful -- - one doesn't have to click through the full type alias chain to - find out what the actual type is... - -.. bro:id:: BroxygenTest::a - - :Type: :bro:type:`BroxygenTest::TypeAlias` - - But this should reference a type of ``TypeAlias``. - -.. bro:id:: BroxygenTest::b - - :Type: :bro:type:`BroxygenTest::OtherTypeAlias` - - And this should reference a type of ``OtherTypeAlias``. - -.. bro:type:: BroxygenTest::MyRecord - - :Type: :bro:type:`record` - - f1: :bro:type:`BroxygenTest::TypeAlias` - - f2: :bro:type:`BroxygenTest::OtherTypeAlias` - - f3: :bro:type:`bool` - - diff --git a/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr b/testing/btest/Baseline/doc.zeexygen.all_scripts/.stderr similarity index 100% rename from testing/btest/Baseline/doc.broxygen.all_scripts/.stderr rename to testing/btest/Baseline/doc.zeexygen.all_scripts/.stderr diff --git a/testing/btest/Baseline/doc.broxygen.all_scripts/.stdout b/testing/btest/Baseline/doc.zeexygen.all_scripts/.stdout similarity index 100% rename from testing/btest/Baseline/doc.broxygen.all_scripts/.stdout rename to testing/btest/Baseline/doc.zeexygen.all_scripts/.stdout diff --git a/testing/btest/Baseline/doc.broxygen.command_line/output b/testing/btest/Baseline/doc.zeexygen.command_line/output similarity index 100% rename from testing/btest/Baseline/doc.broxygen.command_line/output rename to testing/btest/Baseline/doc.zeexygen.command_line/output diff --git a/testing/btest/Baseline/doc.broxygen.comment_retrieval_bifs/out b/testing/btest/Baseline/doc.zeexygen.comment_retrieval_bifs/out similarity index 100% rename from testing/btest/Baseline/doc.broxygen.comment_retrieval_bifs/out rename to testing/btest/Baseline/doc.zeexygen.comment_retrieval_bifs/out diff --git a/testing/btest/Baseline/doc.broxygen.enums/autogen-reST-enums.rst b/testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst similarity index 51% rename from testing/btest/Baseline/doc.broxygen.enums/autogen-reST-enums.rst rename to testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst index c98d2792df..1cc82fbbe7 100644 --- a/testing/btest/Baseline/doc.broxygen.enums/autogen-reST-enums.rst +++ b/testing/btest/Baseline/doc.zeexygen.enums/autogen-reST-enums.rst @@ -1,47 +1,47 @@ -.. bro:type:: TestEnum1 +.. zeek:type:: TestEnum1 - :Type: :bro:type:`enum` + :Type: :zeek:type:`enum` - .. bro:enum:: ONE TestEnum1 + .. zeek:enum:: ONE TestEnum1 like this - .. bro:enum:: TWO TestEnum1 + .. zeek:enum:: TWO TestEnum1 or like this - .. bro:enum:: THREE TestEnum1 + .. zeek:enum:: THREE TestEnum1 multiple comments and even more comments - .. bro:enum:: FOUR TestEnum1 + .. zeek:enum:: FOUR TestEnum1 adding another value - .. bro:enum:: FIVE TestEnum1 + .. zeek:enum:: FIVE TestEnum1 adding another value There's tons of ways an enum can look... -.. bro:type:: TestEnum2 +.. zeek:type:: TestEnum2 - :Type: :bro:type:`enum` + :Type: :zeek:type:`enum` - .. bro:enum:: A TestEnum2 + .. zeek:enum:: A TestEnum2 like this - .. bro:enum:: B TestEnum2 + .. zeek:enum:: B TestEnum2 or like this - .. bro:enum:: C TestEnum2 + .. zeek:enum:: C TestEnum2 multiple comments @@ -50,10 +50,10 @@ The final comma is optional -.. bro:id:: TestEnumVal +.. zeek:id:: TestEnumVal - :Type: :bro:type:`TestEnum1` - :Attributes: :bro:attr:`&redef` + :Type: :zeek:type:`TestEnum1` + :Attributes: :zeek:attr:`&redef` :Default: ``ONE`` this should reference the TestEnum1 type and not a generic "enum" type diff --git a/testing/btest/Baseline/doc.zeexygen.example/example.rst b/testing/btest/Baseline/doc.zeexygen.example/example.rst new file mode 100644 index 0000000000..4ea8dfe0c3 --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.example/example.rst @@ -0,0 +1,248 @@ +:tocdepth: 3 + +zeexygen/example.zeek +===================== +.. zeek:namespace:: ZeexygenExample + +This is an example script that demonstrates Zeexygen-style +documentation. It generally will make most sense when viewing +the script's raw source code and comparing to the HTML-rendered +version. + +Comments in the from ``##!`` are meant to summarize the script's +purpose. They are transferred directly in to the generated +`reStructuredText `_ +(reST) document associated with the script. + +.. tip:: You can embed directives and roles within ``##``-stylized comments. + +There's also a custom role to reference any identifier node in +the Zeek Sphinx domain that's good for "see alsos", e.g. + +See also: :zeek:see:`ZeexygenExample::a_var`, +:zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` + +And a custom directive does the equivalent references: + +.. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info + +:Namespace: ZeexygenExample +:Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.zeek ` + +Summary +~~~~~~~ +Redefinable Options +################### +======================================================================================= ======================================================= +:zeek:id:`ZeexygenExample::an_option`: :zeek:type:`set` :zeek:attr:`&redef` Add documentation for "an_option" here. +:zeek:id:`ZeexygenExample::option_with_init`: :zeek:type:`interval` :zeek:attr:`&redef` Default initialization will be generated automatically. +======================================================================================= ======================================================= + +State Variables +############### +========================================================================== ======================================================================== +:zeek:id:`ZeexygenExample::a_var`: :zeek:type:`bool` Put some documentation for "a_var" here. +:zeek:id:`ZeexygenExample::summary_test`: :zeek:type:`string` The first sentence for a particular identifier's summary text ends here. +:zeek:id:`ZeexygenExample::var_without_explicit_type`: :zeek:type:`string` Types are inferred, that information is self-documenting. +========================================================================== ======================================================================== + +Types +##### +==================================================================================== =========================================================== +:zeek:type:`ZeexygenExample::ComplexRecord`: :zeek:type:`record` :zeek:attr:`&redef` General documentation for a type "ComplexRecord" goes here. +:zeek:type:`ZeexygenExample::Info`: :zeek:type:`record` An example record to be used with a logging stream. +:zeek:type:`ZeexygenExample::SimpleEnum`: :zeek:type:`enum` Documentation for the "SimpleEnum" type goes here. +:zeek:type:`ZeexygenExample::SimpleRecord`: :zeek:type:`record` General documentation for a type "SimpleRecord" goes here. +==================================================================================== =========================================================== + +Redefinitions +############# +=============================================================== ==================================================================== +:zeek:type:`Log::ID`: :zeek:type:`enum` +:zeek:type:`Notice::Type`: :zeek:type:`enum` +:zeek:type:`ZeexygenExample::SimpleEnum`: :zeek:type:`enum` Document the "SimpleEnum" redef here with any special info regarding + the *redef* itself. +:zeek:type:`ZeexygenExample::SimpleRecord`: :zeek:type:`record` Document the record extension *redef* itself here. +=============================================================== ==================================================================== + +Events +###### +======================================================== ========================== +:zeek:id:`ZeexygenExample::an_event`: :zeek:type:`event` Summarize "an_event" here. +======================================================== ========================== + +Functions +######### +============================================================= ======================================= +:zeek:id:`ZeexygenExample::a_function`: :zeek:type:`function` Summarize purpose of "a_function" here. +============================================================= ======================================= + + +Detailed Interface +~~~~~~~~~~~~~~~~~~ +Redefinable Options +################### +.. zeek:id:: ZeexygenExample::an_option + + :Type: :zeek:type:`set` [:zeek:type:`addr`, :zeek:type:`addr`, :zeek:type:`string`] + :Attributes: :zeek:attr:`&redef` + :Default: ``{}`` + + Add documentation for "an_option" here. + The type/attribute information is all generated automatically. + +.. zeek:id:: ZeexygenExample::option_with_init + + :Type: :zeek:type:`interval` + :Attributes: :zeek:attr:`&redef` + :Default: ``10.0 msecs`` + + Default initialization will be generated automatically. + More docs can be added here. + +State Variables +############### +.. zeek:id:: ZeexygenExample::a_var + + :Type: :zeek:type:`bool` + + Put some documentation for "a_var" here. Any global/non-const that + isn't a function/event/hook is classified as a "state variable" + in the generated docs. + +.. zeek:id:: ZeexygenExample::summary_test + + :Type: :zeek:type:`string` + + The first sentence for a particular identifier's summary text ends here. + And this second sentence doesn't show in the short description provided + by the table of all identifiers declared by this script. + +.. zeek:id:: ZeexygenExample::var_without_explicit_type + + :Type: :zeek:type:`string` + :Default: ``"this works"`` + + Types are inferred, that information is self-documenting. + +Types +##### +.. zeek:type:: ZeexygenExample::ComplexRecord + + :Type: :zeek:type:`record` + + field1: :zeek:type:`count` + Counts something. + + field2: :zeek:type:`bool` + Toggles something. + + field3: :zeek:type:`ZeexygenExample::SimpleRecord` + Zeexygen automatically tracks types + and cross-references are automatically + inserted in to generated docs. + + msg: :zeek:type:`string` :zeek:attr:`&default` = ``"blah"`` :zeek:attr:`&optional` + Attributes are self-documenting. + :Attributes: :zeek:attr:`&redef` + + General documentation for a type "ComplexRecord" goes here. + +.. zeek:type:: ZeexygenExample::Info + + :Type: :zeek:type:`record` + + ts: :zeek:type:`time` :zeek:attr:`&log` + + uid: :zeek:type:`string` :zeek:attr:`&log` + + status: :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional` + + An example record to be used with a logging stream. + Nothing special about it. If another script redefs this type + to add fields, the generated documentation will show all original + fields plus the extensions and the scripts which contributed to it + (provided they are also @load'ed). + +.. zeek:type:: ZeexygenExample::SimpleEnum + + :Type: :zeek:type:`enum` + + .. zeek:enum:: ZeexygenExample::ONE ZeexygenExample::SimpleEnum + + Documentation for particular enum values is added like this. + And can also span multiple lines. + + .. zeek:enum:: ZeexygenExample::TWO ZeexygenExample::SimpleEnum + + Or this style is valid to document the preceding enum value. + + .. zeek:enum:: ZeexygenExample::THREE ZeexygenExample::SimpleEnum + + .. zeek:enum:: ZeexygenExample::FOUR ZeexygenExample::SimpleEnum + + And some documentation for "FOUR". + + .. zeek:enum:: ZeexygenExample::FIVE ZeexygenExample::SimpleEnum + + Also "FIVE". + + Documentation for the "SimpleEnum" type goes here. + It can span multiple lines. + +.. zeek:type:: ZeexygenExample::SimpleRecord + + :Type: :zeek:type:`record` + + field1: :zeek:type:`count` + Counts something. + + field2: :zeek:type:`bool` + Toggles something. + + field_ext: :zeek:type:`string` :zeek:attr:`&optional` + Document the extending field like this. + Or here, like this. + + General documentation for a type "SimpleRecord" goes here. + The way fields can be documented is similar to what's already seen + for enums. + +Events +###### +.. zeek:id:: ZeexygenExample::an_event + + :Type: :zeek:type:`event` (name: :zeek:type:`string`) + + Summarize "an_event" here. + Give more details about "an_event" here. + + ZeexygenExample::a_function should not be confused as a parameter + in the generated docs, but it also doesn't generate a cross-reference + link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + + + :name: Describe the argument here. + +Functions +######### +.. zeek:id:: ZeexygenExample::a_function + + :Type: :zeek:type:`function` (tag: :zeek:type:`string`, msg: :zeek:type:`string`) : :zeek:type:`string` + + Summarize purpose of "a_function" here. + Give more details about "a_function" here. + Separating the documentation of the params/return values with + empty comments is optional, but improves readability of script. + + + :tag: Function arguments can be described + like this. + + + :msg: Another param. + + + :returns: Describe the return type here. + + diff --git a/testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst b/testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst new file mode 100644 index 0000000000..cd0b7871d4 --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.func-params/autogen-reST-func-params.rst @@ -0,0 +1,30 @@ +.. zeek:id:: test_func_params_func + + :Type: :zeek:type:`function` (i: :zeek:type:`int`, j: :zeek:type:`int`) : :zeek:type:`string` + + This is a global function declaration. + + + :i: First param. + + :j: Second param. + + + :returns: A string. + +.. zeek:type:: test_func_params_rec + + :Type: :zeek:type:`record` + + field_func: :zeek:type:`function` (i: :zeek:type:`int`, j: :zeek:type:`int`) : :zeek:type:`string` + This is a record field function. + + + :i: First param. + + :j: Second param. + + + :returns: A string. + + diff --git a/testing/btest/Baseline/doc.zeexygen.identifier/test.rst b/testing/btest/Baseline/doc.zeexygen.identifier/test.rst new file mode 100644 index 0000000000..128e1c6a5f --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.identifier/test.rst @@ -0,0 +1,230 @@ +.. zeek:id:: ZeexygenExample::Zeexygen_One + + :Type: :zeek:type:`Notice::Type` + + Any number of this type of comment + will document "Zeexygen_One". + +.. zeek:id:: ZeexygenExample::Zeexygen_Two + + :Type: :zeek:type:`Notice::Type` + + Any number of this type of comment + will document "ZEEXYGEN_TWO". + +.. zeek:id:: ZeexygenExample::Zeexygen_Three + + :Type: :zeek:type:`Notice::Type` + + +.. zeek:id:: ZeexygenExample::Zeexygen_Four + + :Type: :zeek:type:`Notice::Type` + + Omitting comments is fine, and so is mixing ``##`` and ``##<``, but + it's probably best to use only one style consistently. + +.. zeek:id:: ZeexygenExample::LOG + + :Type: :zeek:type:`Log::ID` + + +.. zeek:type:: ZeexygenExample::SimpleEnum + + :Type: :zeek:type:`enum` + + .. zeek:enum:: ZeexygenExample::ONE ZeexygenExample::SimpleEnum + + Documentation for particular enum values is added like this. + And can also span multiple lines. + + .. zeek:enum:: ZeexygenExample::TWO ZeexygenExample::SimpleEnum + + Or this style is valid to document the preceding enum value. + + .. zeek:enum:: ZeexygenExample::THREE ZeexygenExample::SimpleEnum + + .. zeek:enum:: ZeexygenExample::FOUR ZeexygenExample::SimpleEnum + + And some documentation for "FOUR". + + .. zeek:enum:: ZeexygenExample::FIVE ZeexygenExample::SimpleEnum + + Also "FIVE". + + Documentation for the "SimpleEnum" type goes here. + It can span multiple lines. + +.. zeek:id:: ZeexygenExample::ONE + + :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + + Documentation for particular enum values is added like this. + And can also span multiple lines. + +.. zeek:id:: ZeexygenExample::TWO + + :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + + Or this style is valid to document the preceding enum value. + +.. zeek:id:: ZeexygenExample::THREE + + :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + + +.. zeek:id:: ZeexygenExample::FOUR + + :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + + And some documentation for "FOUR". + +.. zeek:id:: ZeexygenExample::FIVE + + :Type: :zeek:type:`ZeexygenExample::SimpleEnum` + + Also "FIVE". + +.. zeek:type:: ZeexygenExample::SimpleRecord + + :Type: :zeek:type:`record` + + field1: :zeek:type:`count` + Counts something. + + field2: :zeek:type:`bool` + Toggles something. + + field_ext: :zeek:type:`string` :zeek:attr:`&optional` + Document the extending field like this. + Or here, like this. + + General documentation for a type "SimpleRecord" goes here. + The way fields can be documented is similar to what's already seen + for enums. + +.. zeek:type:: ZeexygenExample::ComplexRecord + + :Type: :zeek:type:`record` + + field1: :zeek:type:`count` + Counts something. + + field2: :zeek:type:`bool` + Toggles something. + + field3: :zeek:type:`ZeexygenExample::SimpleRecord` + Zeexygen automatically tracks types + and cross-references are automatically + inserted in to generated docs. + + msg: :zeek:type:`string` :zeek:attr:`&default` = ``"blah"`` :zeek:attr:`&optional` + Attributes are self-documenting. + :Attributes: :zeek:attr:`&redef` + + General documentation for a type "ComplexRecord" goes here. + +.. zeek:type:: ZeexygenExample::Info + + :Type: :zeek:type:`record` + + ts: :zeek:type:`time` :zeek:attr:`&log` + + uid: :zeek:type:`string` :zeek:attr:`&log` + + status: :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional` + + An example record to be used with a logging stream. + Nothing special about it. If another script redefs this type + to add fields, the generated documentation will show all original + fields plus the extensions and the scripts which contributed to it + (provided they are also @load'ed). + +.. zeek:id:: ZeexygenExample::an_option + + :Type: :zeek:type:`set` [:zeek:type:`addr`, :zeek:type:`addr`, :zeek:type:`string`] + :Attributes: :zeek:attr:`&redef` + :Default: ``{}`` + + Add documentation for "an_option" here. + The type/attribute information is all generated automatically. + +.. zeek:id:: ZeexygenExample::option_with_init + + :Type: :zeek:type:`interval` + :Attributes: :zeek:attr:`&redef` + :Default: ``10.0 msecs`` + + Default initialization will be generated automatically. + More docs can be added here. + +.. zeek:id:: ZeexygenExample::a_var + + :Type: :zeek:type:`bool` + + Put some documentation for "a_var" here. Any global/non-const that + isn't a function/event/hook is classified as a "state variable" + in the generated docs. + +.. zeek:id:: ZeexygenExample::var_without_explicit_type + + :Type: :zeek:type:`string` + :Default: ``"this works"`` + + Types are inferred, that information is self-documenting. + +.. zeek:id:: ZeexygenExample::summary_test + + :Type: :zeek:type:`string` + + The first sentence for a particular identifier's summary text ends here. + And this second sentence doesn't show in the short description provided + by the table of all identifiers declared by this script. + +.. zeek:id:: ZeexygenExample::a_function + + :Type: :zeek:type:`function` (tag: :zeek:type:`string`, msg: :zeek:type:`string`) : :zeek:type:`string` + + Summarize purpose of "a_function" here. + Give more details about "a_function" here. + Separating the documentation of the params/return values with + empty comments is optional, but improves readability of script. + + + :tag: Function arguments can be described + like this. + + + :msg: Another param. + + + :returns: Describe the return type here. + +.. zeek:id:: ZeexygenExample::an_event + + :Type: :zeek:type:`event` (name: :zeek:type:`string`) + + Summarize "an_event" here. + Give more details about "an_event" here. + + ZeexygenExample::a_function should not be confused as a parameter + in the generated docs, but it also doesn't generate a cross-reference + link. Use the see role instead: :zeek:see:`ZeexygenExample::a_function`. + + + :name: Describe the argument here. + +.. zeek:id:: ZeexygenExample::function_without_proto + + :Type: :zeek:type:`function` (tag: :zeek:type:`string`) : :zeek:type:`string` + + +.. zeek:type:: ZeexygenExample::PrivateRecord + + :Type: :zeek:type:`record` + + field1: :zeek:type:`bool` + + field2: :zeek:type:`count` + + diff --git a/testing/btest/Baseline/doc.broxygen.package/test.rst b/testing/btest/Baseline/doc.zeexygen.package/test.rst similarity index 58% rename from testing/btest/Baseline/doc.broxygen.package/test.rst rename to testing/btest/Baseline/doc.zeexygen.package/test.rst index 7c1f32dd44..345b2b6847 100644 --- a/testing/btest/Baseline/doc.broxygen.package/test.rst +++ b/testing/btest/Baseline/doc.zeexygen.package/test.rst @@ -1,19 +1,19 @@ :orphan: -Package: broxygen +Package: zeexygen ================= This package is loaded during the process which automatically generates -reference documentation for all Bro scripts (i.e. "Broxygen"). Its only -purpose is to provide an easy way to load all known Bro scripts plus any +reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only +purpose is to provide an easy way to load all known Zeek scripts plus any extra scripts needed or used by the documentation process. -:doc:`/scripts/broxygen/__load__.zeek` +:doc:`/scripts/zeexygen/__load__.zeek` -:doc:`/scripts/broxygen/example.zeek` +:doc:`/scripts/zeexygen/example.zeek` - This is an example script that demonstrates Broxygen-style + This is an example script that demonstrates Zeexygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -26,12 +26,12 @@ extra scripts needed or used by the documentation process. .. tip:: You can embed directives and roles within ``##``-stylized comments. There's also a custom role to reference any identifier node in - the Bro Sphinx domain that's good for "see alsos", e.g. + the Zeek Sphinx domain that's good for "see alsos", e.g. - See also: :bro:see:`BroxygenExample::a_var`, - :bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info` + See also: :zeek:see:`ZeexygenExample::a_var`, + :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: - .. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info + .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info diff --git a/testing/btest/Baseline/doc.zeexygen.package_index/test.rst b/testing/btest/Baseline/doc.zeexygen.package_index/test.rst new file mode 100644 index 0000000000..4a854e9736 --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.package_index/test.rst @@ -0,0 +1,7 @@ +:doc:`zeexygen ` + + This package is loaded during the process which automatically generates + reference documentation for all Zeek scripts (i.e. "Zeexygen"). Its only + purpose is to provide an easy way to load all known Zeek scripts plus any + extra scripts needed or used by the documentation process. + diff --git a/testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst b/testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst new file mode 100644 index 0000000000..a9b671623a --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.records/autogen-reST-records.rst @@ -0,0 +1,28 @@ +.. zeek:type:: TestRecord1 + + :Type: :zeek:type:`record` + + field1: :zeek:type:`bool` + + field2: :zeek:type:`count` + + +.. zeek:type:: TestRecord2 + + :Type: :zeek:type:`record` + + A: :zeek:type:`count` + document ``A`` + + B: :zeek:type:`bool` + document ``B`` + + C: :zeek:type:`TestRecord1` + and now ``C`` + is a declared type + + D: :zeek:type:`set` [:zeek:type:`count`, :zeek:type:`bool`] + sets/tables should show the index types + + Here's the ways records and record fields can be documented. + diff --git a/testing/btest/Baseline/doc.zeexygen.script_index/test.rst b/testing/btest/Baseline/doc.zeexygen.script_index/test.rst new file mode 100644 index 0000000000..eab6c439b2 --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.script_index/test.rst @@ -0,0 +1,5 @@ +.. toctree:: + :maxdepth: 1 + + zeexygen/__load__.zeek + zeexygen/example.zeek diff --git a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst b/testing/btest/Baseline/doc.zeexygen.script_summary/test.rst similarity index 64% rename from testing/btest/Baseline/doc.broxygen.script_summary/test.rst rename to testing/btest/Baseline/doc.zeexygen.script_summary/test.rst index 509f2c9286..3dd189ca77 100644 --- a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst +++ b/testing/btest/Baseline/doc.zeexygen.script_summary/test.rst @@ -1,5 +1,5 @@ -:doc:`/scripts/broxygen/example.zeek` - This is an example script that demonstrates Broxygen-style +:doc:`/scripts/zeexygen/example.zeek` + This is an example script that demonstrates Zeexygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered version. @@ -12,12 +12,12 @@ .. tip:: You can embed directives and roles within ``##``-stylized comments. There's also a custom role to reference any identifier node in - the Bro Sphinx domain that's good for "see alsos", e.g. + the Zeek Sphinx domain that's good for "see alsos", e.g. - See also: :bro:see:`BroxygenExample::a_var`, - :bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info` + See also: :zeek:see:`ZeexygenExample::a_var`, + :zeek:see:`ZeexygenExample::ONE`, :zeek:see:`SSH::Info` And a custom directive does the equivalent references: - .. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info + .. zeek:see:: ZeexygenExample::a_var ZeexygenExample::ONE SSH::Info diff --git a/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst b/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst new file mode 100644 index 0000000000..7f60859a5a --- /dev/null +++ b/testing/btest/Baseline/doc.zeexygen.type-aliases/autogen-reST-type-aliases.rst @@ -0,0 +1,44 @@ +.. zeek:type:: ZeexygenTest::TypeAlias + + :Type: :zeek:type:`bool` + + This is just an alias for a builtin type ``bool``. + +.. zeek:type:: ZeexygenTest::NotTypeAlias + + :Type: :zeek:type:`bool` + + This type should get its own comments, not associated w/ TypeAlias. + +.. zeek:type:: ZeexygenTest::OtherTypeAlias + + :Type: :zeek:type:`bool` + + This cross references ``bool`` in the description of its type + instead of ``TypeAlias`` just because it seems more useful -- + one doesn't have to click through the full type alias chain to + find out what the actual type is... + +.. zeek:id:: ZeexygenTest::a + + :Type: :zeek:type:`ZeexygenTest::TypeAlias` + + But this should reference a type of ``TypeAlias``. + +.. zeek:id:: ZeexygenTest::b + + :Type: :zeek:type:`ZeexygenTest::OtherTypeAlias` + + And this should reference a type of ``OtherTypeAlias``. + +.. zeek:type:: ZeexygenTest::MyRecord + + :Type: :zeek:type:`record` + + f1: :zeek:type:`ZeexygenTest::TypeAlias` + + f2: :zeek:type:`ZeexygenTest::OtherTypeAlias` + + f3: :zeek:type:`bool` + + diff --git a/testing/btest/Baseline/doc.broxygen.vectors/autogen-reST-vectors.rst b/testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst similarity index 50% rename from testing/btest/Baseline/doc.broxygen.vectors/autogen-reST-vectors.rst rename to testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst index 37eabb9419..48b7204b60 100644 --- a/testing/btest/Baseline/doc.broxygen.vectors/autogen-reST-vectors.rst +++ b/testing/btest/Baseline/doc.zeexygen.vectors/autogen-reST-vectors.rst @@ -1,6 +1,6 @@ -.. bro:id:: test_vector0 +.. zeek:id:: test_vector0 - :Type: :bro:type:`vector` of :bro:type:`string` + :Type: :zeek:type:`vector` of :zeek:type:`string` :Default: :: @@ -9,9 +9,9 @@ Yield type is documented/cross-referenced for primitize types. -.. bro:id:: test_vector1 +.. zeek:id:: test_vector1 - :Type: :bro:type:`vector` of :bro:type:`TestRecord` + :Type: :zeek:type:`vector` of :zeek:type:`TestRecord` :Default: :: @@ -20,9 +20,9 @@ Yield type is documented/cross-referenced for composite types. -.. bro:id:: test_vector2 +.. zeek:id:: test_vector2 - :Type: :bro:type:`vector` of :bro:type:`vector` of :bro:type:`TestRecord` + :Type: :zeek:type:`vector` of :zeek:type:`vector` of :zeek:type:`TestRecord` :Default: :: diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 27edb2b682..aa27d73819 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -277,7 +277,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> @@ -462,7 +462,7 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> 0.000000 MetaHookPost CallFunction(NetControl::init, , ()) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> @@ -707,7 +707,6 @@ 0.000000 MetaHookPost LoadFile(0, .<...>/bloom-filter.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/bro.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/broker.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/broxygen.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/cardinality-counter.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/catch-and-release.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/comm.bif.zeek) -> -1 @@ -786,6 +785,7 @@ 0.000000 MetaHookPost LoadFile(0, .<...>/utils.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/variance.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/weird.zeek) -> -1 +0.000000 MetaHookPost LoadFile(0, .<...>/zeexygen.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/hooks.zeek) -> -1 @@ -1180,7 +1180,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) @@ -1365,7 +1365,7 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ()) 0.000000 MetaHookPre CallFunction(NetControl::init, , ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) @@ -1610,7 +1610,6 @@ 0.000000 MetaHookPre LoadFile(0, .<...>/bloom-filter.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/bro.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/broker.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/broxygen.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/cardinality-counter.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/catch-and-release.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/comm.bif.zeek) @@ -1689,6 +1688,7 @@ 0.000000 MetaHookPre LoadFile(0, .<...>/utils.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/variance.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/weird.zeek) +0.000000 MetaHookPre LoadFile(0, .<...>/zeexygen.bif.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/hooks.zeek) @@ -2082,7 +2082,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) @@ -2267,7 +2267,7 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction NetControl::check_plugins() 0.000000 | HookCallFunction NetControl::init() 0.000000 | HookCallFunction Notice::want_pp() @@ -2514,7 +2514,6 @@ 0.000000 | HookLoadFile .<...>/bloom-filter.bif.zeek 0.000000 | HookLoadFile .<...>/bro.bif.zeek 0.000000 | HookLoadFile .<...>/broker.zeek -0.000000 | HookLoadFile .<...>/broxygen.bif.zeek 0.000000 | HookLoadFile .<...>/cardinality-counter.bif.zeek 0.000000 | HookLoadFile .<...>/catch-and-release.zeek 0.000000 | HookLoadFile .<...>/comm.bif.zeek @@ -2600,6 +2599,7 @@ 0.000000 | HookLoadFile .<...>/variance.zeek 0.000000 | HookLoadFile .<...>/video.sig 0.000000 | HookLoadFile .<...>/weird.zeek +0.000000 | HookLoadFile .<...>/zeexygen.bif.zeek 0.000000 | HookLoadFile <...>/__load__.zeek 0.000000 | HookLoadFile <...>/__preload__.zeek 0.000000 | HookLoadFile <...>/hooks.zeek @@ -2702,7 +2702,7 @@ 0.000000 | HookLoadFile base<...>/x509 0.000000 | HookLoadFile base<...>/xmpp 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} -0.000000 | HookLogWrite packet_filter [ts=1555694513.545387, node=bro, filter=ip or not ip, init=T, success=T] +0.000000 | HookLogWrite packet_filter [ts=1555986109.036092, node=bro, filter=ip or not ip, init=T, success=T] 0.000000 | HookQueueEvent NetControl::init() 0.000000 | HookQueueEvent filter_change_tracking() 0.000000 | HookQueueEvent zeek_init() diff --git a/testing/btest/coverage/broxygen.sh b/testing/btest/coverage/broxygen.sh index eee4575738..4dd12f27fe 100644 --- a/testing/btest/coverage/broxygen.sh +++ b/testing/btest/coverage/broxygen.sh @@ -1,12 +1,12 @@ -# This check piggy-backs on the test-all-policy.bro test, assuming that every +# This check piggy-backs on the test-all-policy.zeek test, assuming that every # loadable script is referenced there. The only additional check here is -# that the broxygen package should even load scripts that are commented -# out in test-all-policy.bro because the broxygen package is only loaded +# that the zeexygen package should even load scripts that are commented +# out in test-all-policy.zeek because the zeexygen package is only loaded # when generated documentation and will terminate has soon as zeek_init -# is handled, even if a script will e.g. put Bro into listen mode or otherwise +# is handled, even if a script will e.g. put Zeek into listen mode or otherwise # cause it to not terminate after scripts are parsed. -# @TEST-EXEC: bash %INPUT $DIST/scripts/test-all-policy.bro $DIST/scripts/broxygen/__load__.bro +# @TEST-EXEC: bash %INPUT $DIST/scripts/test-all-policy.zeek $DIST/scripts/zeexygen/__load__.zeek error_count=0 @@ -22,10 +22,10 @@ if [ $# -ne 2 ]; then fi all_loads=$(egrep "#[[:space:]]*@load.*" $1 | sed 's/#[[:space:]]*@load[[:space:]]*//g') -broxygen_loads=$(egrep "@load.*" $2 | sed 's/@load[[:space:]]*//g') +zeexygen_loads=$(egrep "@load.*" $2 | sed 's/@load[[:space:]]*//g') for f in $all_loads; do - echo "$broxygen_loads" | grep -q $f || error_msg "$f not loaded in broxygen/__load__.bro" + echo "$zeexygen_loads" | grep -q $f || error_msg "$f not loaded in zeexygen/__load__.zeek" done if [ $error_count -gt 0 ]; then diff --git a/testing/btest/coverage/sphinx-broxygen-docs.sh b/testing/btest/coverage/sphinx-broxygen-docs.sh index ab194cb027..d508a8361f 100644 --- a/testing/btest/coverage/sphinx-broxygen-docs.sh +++ b/testing/btest/coverage/sphinx-broxygen-docs.sh @@ -1,11 +1,11 @@ -# This script checks whether the reST docs generated by broxygen are stale. +# This script checks whether the reST docs generated by zeexygen are stale. # If this test fails when testing the master branch, then simply run: # -# testing/scripts/gen-broxygen-docs.sh +# testing/scripts/gen-zeexygen-docs.sh # # and then commit the changes. # -# @TEST-EXEC: bash $SCRIPTS/gen-broxygen-docs.sh ./doc +# @TEST-EXEC: bash $SCRIPTS/gen-zeexygen-docs.sh ./doc # @TEST-EXEC: bash %INPUT if [ -n "$TRAVIS_PULL_REQUEST" ]; then @@ -33,7 +33,7 @@ function check_diff echo "If this fails in the master branch or when merging to master," 1>&2 echo "re-run the following command:" 1>&2 echo "" 1>&2 - echo " $SCRIPTS/gen-broxygen-docs.sh" 1>&2 + echo " $SCRIPTS/gen-zeexygen-docs.sh" 1>&2 echo "" 1>&2 echo "Then commit/push the changes in the zeek-docs repo" 1>&2 echo "(the doc/ directory in the zeek repo)." 1>&2 diff --git a/testing/btest/doc/broxygen/example.zeek b/testing/btest/doc/broxygen/example.zeek deleted file mode 100644 index 7a7d30c92a..0000000000 --- a/testing/btest/doc/broxygen/example.zeek +++ /dev/null @@ -1,8 +0,0 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X broxygen.config %INPUT -# @TEST-EXEC: btest-diff example.rst - -@TEST-START-FILE broxygen.config -script broxygen/example.zeek example.rst -@TEST-END-FILE - -@load broxygen/example diff --git a/testing/btest/doc/broxygen/identifier.zeek b/testing/btest/doc/broxygen/identifier.zeek deleted file mode 100644 index ae49d812a0..0000000000 --- a/testing/btest/doc/broxygen/identifier.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -identifier BroxygenExample::* test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/package.zeek b/testing/btest/doc/broxygen/package.zeek deleted file mode 100644 index 6a9957804a..0000000000 --- a/testing/btest/doc/broxygen/package.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -package broxygen test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/package_index.zeek b/testing/btest/doc/broxygen/package_index.zeek deleted file mode 100644 index 49c367aa48..0000000000 --- a/testing/btest/doc/broxygen/package_index.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -package_index broxygen test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/script_index.zeek b/testing/btest/doc/broxygen/script_index.zeek deleted file mode 100644 index ab257ad35d..0000000000 --- a/testing/btest/doc/broxygen/script_index.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -script_index broxygen/* test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/script_summary.zeek b/testing/btest/doc/broxygen/script_summary.zeek deleted file mode 100644 index 6ea5e95576..0000000000 --- a/testing/btest/doc/broxygen/script_summary.zeek +++ /dev/null @@ -1,9 +0,0 @@ -# @TEST-PORT: BROKER_PORT -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-diff test.rst - -@TEST-START-FILE broxygen.config -script_summary broxygen/example.zeek test.rst -@TEST-END-FILE - -@load broxygen diff --git a/testing/btest/doc/broxygen/command_line.zeek b/testing/btest/doc/zeexygen/command_line.zeek similarity index 100% rename from testing/btest/doc/broxygen/command_line.zeek rename to testing/btest/doc/zeexygen/command_line.zeek diff --git a/testing/btest/doc/broxygen/comment_retrieval_bifs.zeek b/testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek similarity index 100% rename from testing/btest/doc/broxygen/comment_retrieval_bifs.zeek rename to testing/btest/doc/zeexygen/comment_retrieval_bifs.zeek diff --git a/testing/btest/doc/broxygen/enums.zeek b/testing/btest/doc/zeexygen/enums.zeek similarity index 89% rename from testing/btest/doc/broxygen/enums.zeek rename to testing/btest/doc/zeexygen/enums.zeek index 8fbdb11ab6..a385a36a6c 100644 --- a/testing/btest/doc/broxygen/enums.zeek +++ b/testing/btest/doc/zeexygen/enums.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-enums.rst -@TEST-START-FILE broxygen.config +@TEST-START-FILE zeexygen.config identifier TestEnum* autogen-reST-enums.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeexygen/example.zeek b/testing/btest/doc/zeexygen/example.zeek new file mode 100644 index 0000000000..53179dac39 --- /dev/null +++ b/testing/btest/doc/zeexygen/example.zeek @@ -0,0 +1,8 @@ +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -X zeexygen.config %INPUT +# @TEST-EXEC: btest-diff example.rst + +@TEST-START-FILE zeexygen.config +script zeexygen/example.zeek example.rst +@TEST-END-FILE + +@load zeexygen/example diff --git a/testing/btest/doc/broxygen/func-params.zeek b/testing/btest/doc/zeexygen/func-params.zeek similarity index 83% rename from testing/btest/doc/broxygen/func-params.zeek rename to testing/btest/doc/zeexygen/func-params.zeek index e53ca475f1..5facba3e05 100644 --- a/testing/btest/doc/broxygen/func-params.zeek +++ b/testing/btest/doc/zeexygen/func-params.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-func-params.rst -@TEST-START-FILE broxygen.config +@TEST-START-FILE zeexygen.config identifier test_func_params* autogen-reST-func-params.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeexygen/identifier.zeek b/testing/btest/doc/zeexygen/identifier.zeek new file mode 100644 index 0000000000..38a4f274ad --- /dev/null +++ b/testing/btest/doc/zeexygen/identifier.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeexygen.config +identifier ZeexygenExample::* test.rst +@TEST-END-FILE + +@load zeexygen diff --git a/testing/btest/doc/zeexygen/package.zeek b/testing/btest/doc/zeexygen/package.zeek new file mode 100644 index 0000000000..7038b5b50a --- /dev/null +++ b/testing/btest/doc/zeexygen/package.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeexygen.config +package zeexygen test.rst +@TEST-END-FILE + +@load zeexygen diff --git a/testing/btest/doc/zeexygen/package_index.zeek b/testing/btest/doc/zeexygen/package_index.zeek new file mode 100644 index 0000000000..3a0c92ca71 --- /dev/null +++ b/testing/btest/doc/zeexygen/package_index.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeexygen.config +package_index zeexygen test.rst +@TEST-END-FILE + +@load zeexygen diff --git a/testing/btest/doc/broxygen/records.zeek b/testing/btest/doc/zeexygen/records.zeek similarity index 84% rename from testing/btest/doc/broxygen/records.zeek rename to testing/btest/doc/zeexygen/records.zeek index fbaa957a9f..0c1f668df9 100644 --- a/testing/btest/doc/broxygen/records.zeek +++ b/testing/btest/doc/zeexygen/records.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-records.rst -@TEST-START-FILE broxygen.config +@TEST-START-FILE zeexygen.config identifier TestRecord* autogen-reST-records.rst @TEST-END-FILE diff --git a/testing/btest/doc/zeexygen/script_index.zeek b/testing/btest/doc/zeexygen/script_index.zeek new file mode 100644 index 0000000000..f92513d632 --- /dev/null +++ b/testing/btest/doc/zeexygen/script_index.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeexygen.config +script_index zeexygen/* test.rst +@TEST-END-FILE + +@load zeexygen diff --git a/testing/btest/doc/zeexygen/script_summary.zeek b/testing/btest/doc/zeexygen/script_summary.zeek new file mode 100644 index 0000000000..9378417f08 --- /dev/null +++ b/testing/btest/doc/zeexygen/script_summary.zeek @@ -0,0 +1,9 @@ +# @TEST-PORT: BROKER_PORT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-diff test.rst + +@TEST-START-FILE zeexygen.config +script_summary zeexygen/example.zeek test.rst +@TEST-END-FILE + +@load zeexygen diff --git a/testing/btest/doc/broxygen/type-aliases.zeek b/testing/btest/doc/zeexygen/type-aliases.zeek similarity index 81% rename from testing/btest/doc/broxygen/type-aliases.zeek rename to testing/btest/doc/zeexygen/type-aliases.zeek index 0971327c2b..40a6e24417 100644 --- a/testing/btest/doc/broxygen/type-aliases.zeek +++ b/testing/btest/doc/zeexygen/type-aliases.zeek @@ -1,11 +1,11 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-type-aliases.rst -@TEST-START-FILE broxygen.config -identifier BroxygenTest::* autogen-reST-type-aliases.rst +@TEST-START-FILE zeexygen.config +identifier ZeexygenTest::* autogen-reST-type-aliases.rst @TEST-END-FILE -module BroxygenTest; +module ZeexygenTest; export { ## This is just an alias for a builtin type ``bool``. diff --git a/testing/btest/doc/broxygen/vectors.zeek b/testing/btest/doc/zeexygen/vectors.zeek similarity index 83% rename from testing/btest/doc/broxygen/vectors.zeek rename to testing/btest/doc/zeexygen/vectors.zeek index 7c18225357..8a16a58149 100644 --- a/testing/btest/doc/broxygen/vectors.zeek +++ b/testing/btest/doc/zeexygen/vectors.zeek @@ -1,7 +1,7 @@ -# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X broxygen.config %INPUT +# @TEST-EXEC: unset BRO_DISABLE_BROXYGEN; bro -b -X zeexygen.config %INPUT # @TEST-EXEC: btest-diff autogen-reST-vectors.rst -@TEST-START-FILE broxygen.config +@TEST-START-FILE zeexygen.config identifier test_vector* autogen-reST-vectors.rst @TEST-END-FILE diff --git a/testing/btest/language/addr.zeek b/testing/btest/language/addr.zeek index dff376ec4a..8829c20da2 100644 --- a/testing/btest/language/addr.zeek +++ b/testing/btest/language/addr.zeek @@ -31,6 +31,7 @@ event zeek_init() local b6: addr = [aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222]; local b7: addr = [AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:1111:2222]; local b8 = [a::b]; + local b9 = [2001:db8:0:0:0:FFFF:192.168.0.5]; test_case( "IPv6 address inequality", b1 != b2 ); test_case( "IPv6 address equality", b1 == b5 ); diff --git a/testing/scripts/gen-broxygen-docs.sh b/testing/scripts/gen-zeexygen-docs.sh similarity index 81% rename from testing/scripts/gen-broxygen-docs.sh rename to testing/scripts/gen-zeexygen-docs.sh index 11f1cb066e..66287b01aa 100755 --- a/testing/scripts/gen-broxygen-docs.sh +++ b/testing/scripts/gen-zeexygen-docs.sh @@ -11,9 +11,9 @@ unset BRO_DEFAULT_CONNECT_RETRY dir="$( cd "$( dirname "$0" )" && pwd )" source_dir="$( cd $dir/../.. && pwd )" build_dir=$source_dir/build -conf_file=$build_dir/broxygen-test.conf +conf_file=$build_dir/zeexygen-test.conf output_dir=$source_dir/doc -bro_error_file=$build_dir/broxygen-test-stderr.txt +zeek_error_file=$build_dir/zeexygen-test-stderr.txt if [ -n "$1" ]; then output_dir=$1 @@ -28,13 +28,13 @@ cd $build_dir . bro-path-dev.sh export BRO_SEED_FILE=$source_dir/testing/btest/random.seed -function run_bro +function run_zeek { - ZEEK_ALLOW_INIT_ERRORS=1 bro -X $conf_file broxygen >/dev/null 2>$bro_error_file + ZEEK_ALLOW_INIT_ERRORS=1 bro -X $conf_file zeexygen >/dev/null 2>$zeek_error_file if [ $? -ne 0 ]; then - echo "Failed running bro with broxygen config file $conf_file" - echo "See stderr in $bro_error_file" + echo "Failed running zeek with zeexygen config file $conf_file" + echo "See stderr in $zeek_error_file" exit 1 fi } @@ -43,7 +43,7 @@ scripts_output_dir=$output_dir/scripts rm -rf $scripts_output_dir printf "script\t*\t$scripts_output_dir/" > $conf_file echo "Generating $scripts_output_dir/" -run_bro +run_zeek script_ref_dir=$output_dir/script-reference mkdir -p $script_ref_dir @@ -52,7 +52,7 @@ function generate_index { echo "Generating $script_ref_dir/$2" printf "$1\t*\t$script_ref_dir/$2\n" > $conf_file - run_bro + run_zeek } generate_index "script_index" "autogenerated-script-index.rst"