Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add more DPD and packet filter framework docs.

Browse source
This commit is contained in:
Jon Siwek 2011-12-14 16:07:36 -06:00
parent d89658c19b
commit 303993254e
3 changed files with 15 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
scripts/base/frameworks/dpd/main.bro
View file

@ -7,14 +7,16 @@ module DPD;
redef signature_files += "base/frameworks/dpd/dpd.sig"; redef signature_files += "base/frameworks/dpd/dpd.sig";
export { export {
## Add the DPD logging stream identifier.
redef enum Log::ID += { LOG }; redef enum Log::ID += { LOG };
## The record type defining the columns to log in the DPD logging stream.
type Info: record { type Info: record {
## Timestamp for when protocol analysis failed. ## Timestamp for when protocol analysis failed.
ts: time &log; ts: time &log;
## Connection unique ID. ## Connection unique ID.
uid: string &log; uid: string &log;
## Connection ID. ## Connection ID containing the 4-tuple which identifies endpoints.
id: conn_id &log; id: conn_id &log;
## Transport protocol for the violation. ## Transport protocol for the violation.
proto: transport_proto &log; proto: transport_proto &log;

9
scripts/base/frameworks/packet-filter/main.bro
View file

@ -9,17 +9,22 @@
module PacketFilter; module PacketFilter;
export { export {
## Add the packet filter logging stream.
redef enum Log::ID += { LOG }; redef enum Log::ID += { LOG };
## Add notice types related to packet filter errors.
redef enum Notice::Type += { redef enum Notice::Type += {
## This notice is generated if a packet filter is unable to be compiled. ## This notice is generated if a packet filter is unable to be compiled.
Compile_Failure, Compile_Failure,
## This notice is generated if a packet filter is unable to be installed. ## This notice is generated if a packet filter is fails to install.
Install_Failure, Install_Failure,
}; };
## The record type defining columns to be logged in the packet filter
## logging stream.
type Info: record { type Info: record {
## The time at which the packet filter installation attempt was made.
ts: time &log; ts: time &log;
## This is a string representation of the node that applied this ## This is a string representation of the node that applied this
@ -40,7 +45,7 @@ export {
## By default, Bro will examine all packets. If this is set to false, ## By default, Bro will examine all packets. If this is set to false,
## it will dynamically build a BPF filter that only select protocols ## it will dynamically build a BPF filter that only select protocols
## for which the user has loaded a corresponding analysis script. ## for which the user has loaded a corresponding analysis script.
## The latter used to be default for Bro versions < 1.6. That has now ## The latter used to be default for Bro versions < 2.0. That has now
## changed however to enable port-independent protocol analysis. ## changed however to enable port-independent protocol analysis.
const all_packets = T &redef; const all_packets = T &redef;

4
scripts/base/frameworks/packet-filter/netstats.bro
View file

@ -1,4 +1,6 @@
##! This script reports on packet loss from the various packet sources. ##! This script reports on packet loss from the various packet sources.
##! When Bro is reading input from trace files, this script will not
##! report any packet loss statistics.
@load base/frameworks/notice @load base/frameworks/notice
@ -6,7 +8,7 @@ module PacketFilter;
export { export {
redef enum Notice::Type += { redef enum Notice::Type += {
## Bro reported packets dropped by the packet filter. ## Indicates packets were dropped by the packet filter.
Dropped_Packets, Dropped_Packets,
}; };