Add more DPD and packet filter framework docs.

2025-10-02 06:38:20 +00:00 · 2011-12-14 16:07:36 -06:00 · 2011-12-14 16:07:36 -06:00 · 303993254e
commit 303993254e
parent d89658c19b
3 changed files with 15 additions and 6 deletions
--- a/scripts/base/frameworks/dpd/main.bro
+++ b/scripts/base/frameworks/dpd/main.bro
@ -7,14 +7,16 @@ module DPD;
 redef signature_files += "base/frameworks/dpd/dpd.sig";

 export {
+	## Add the DPD logging stream identifier.
 	redef enum Log::ID += { LOG };

+	## The record type defining the columns to log in the DPD logging stream.
 	type Info: record {
 		## Timestamp for when protocol analysis failed.
 		ts:             time            &log;
 		## Connection unique ID.
 		uid:            string          &log;
-		## Connection ID.
+		## Connection ID containing the 4-tuple which identifies endpoints.
 		id:             conn_id         &log;
 		## Transport protocol for the violation.
 		proto:          transport_proto &log;
--- a/scripts/base/frameworks/packet-filter/main.bro
+++ b/scripts/base/frameworks/packet-filter/main.bro
@ -9,17 +9,22 @@
 module PacketFilter;

 export {
+	## Add the packet filter logging stream.
 	redef enum Log::ID += { LOG };
-	
+
+	## Add notice types related to packet filter errors.
 	redef enum Notice::Type += {
 		## This notice is generated if a packet filter is unable to be compiled.
 		Compile_Failure,
 	
-		## This notice is generated if a packet filter is unable to be installed.
+		## This notice is generated if a packet filter is fails to install.
 		Install_Failure,
 	};
-	
+
+	## The record type defining columns to be logged in the packet filter
+	## logging stream.
 	type Info: record {
+		## The time at which the packet filter installation attempt was made.
 		ts:     time   &log;
 		
 		## This is a string representation of the node that applied this
@ -40,7 +45,7 @@ export {
 	## By default, Bro will examine all packets. If this is set to false,
 	## it will dynamically build a BPF filter that only select protocols
 	## for which the user has loaded a corresponding analysis script.
-	## The latter used to be default for Bro versions < 1.6. That has now
+	## The latter used to be default for Bro versions < 2.0. That has now
 	## changed however to enable port-independent protocol analysis.
 	const all_packets = T &redef;
 	
--- a/scripts/base/frameworks/packet-filter/netstats.bro
+++ b/scripts/base/frameworks/packet-filter/netstats.bro
@ -1,4 +1,6 @@
 ##! This script reports on packet loss from the various packet sources.
+##! When Bro is reading input from trace files, this script will not
+##! report any packet loss statistics.

@load base/frameworks/notice

@ -6,7 +8,7 @@ module PacketFilter;

 export {
 	redef enum Notice::Type += {
-		## Bro reported packets dropped by the packet filter.
+		## Indicates packets were dropped by the packet filter.
 		Dropped_Packets,
 	};