mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 09:38:19 +00:00
Fix typos and formatting in the packet filter docs
This commit is contained in:
Daniel Thayer
parent
ee921a419f
commit
3812716ace
2 changed files with 21 additions and 20 deletions
|
|
@ -1,4 +1,4 @@
|
||||||
##! This script supports how Bro sets it's BPF capture filter. By default
|
##! This script supports how Bro sets its BPF capture filter. By default
|
||||||
##! Bro sets a capture filter that allows all traffic. If a filter
|
##! Bro sets a capture filter that allows all traffic. If a filter
|
||||||
##! is set on the command line, that filter takes precedence over the default
|
##! is set on the command line, that filter takes precedence over the default
|
||||||
##! open filter and all filters defined in Bro scripts with the
|
##! open filter and all filters defined in Bro scripts with the
|
||||||
|
|
@ -19,7 +19,7 @@ export {
|
||||||
## This notice is generated if a packet filter cannot be compiled.
|
## This notice is generated if a packet filter cannot be compiled.
|
||||||
Compile_Failure,
|
Compile_Failure,
|
||||||
|
|
||||||
## Generated if a packet filter is fails to install.
|
## Generated if a packet filter fails to install.
|
||||||
Install_Failure,
|
Install_Failure,
|
||||||
|
|
||||||
## Generated when a notice takes too long to compile.
|
## Generated when a notice takes too long to compile.
|
||||||
|
|
@ -33,8 +33,8 @@ export {
|
||||||
ts: time &log;
|
ts: time &log;
|
||||||
|
|
||||||
## This is a string representation of the node that applied this
|
## This is a string representation of the node that applied this
|
||||||
## packet filter. It's mostly useful in the context of dynamically
|
## packet filter. It's mostly useful in the context of
|
||||||
## changing filters on clusters.
|
## dynamically changing filters on clusters.
|
||||||
node: string &log &optional;
|
node: string &log &optional;
|
||||||
|
|
||||||
## The packet filter that is being set.
|
## The packet filter that is being set.
|
||||||
|
|
@ -48,27 +48,28 @@ export {
|
||||||
};
|
};
|
||||||
|
|
||||||
## The BPF filter that is used by default to define what traffic should
|
## The BPF filter that is used by default to define what traffic should
|
||||||
## be captured. Filters defined in :bro:id:`restrict_filters` will still
|
## be captured. Filters defined in :bro:id:`restrict_filters` will
|
||||||
## be applied to reduce the captured traffic.
|
## still be applied to reduce the captured traffic.
|
||||||
const default_capture_filter = "ip or not ip" &redef;
|
const default_capture_filter = "ip or not ip" &redef;
|
||||||
|
|
||||||
## Filter string which is unconditionally or'ed to the beginning of every
|
## Filter string which is unconditionally or'ed to the beginning of
|
||||||
## dynamically built filter.
|
## every dynamically built filter.
|
||||||
const unrestricted_filter = "" &redef;
|
const unrestricted_filter = "" &redef;
|
||||||
|
|
||||||
## Filter string which is unconditionally and'ed to the beginning of every
|
## Filter string which is unconditionally and'ed to the beginning of
|
||||||
## dynamically built filter. This is mostly used when a custom filter is being
|
## every dynamically built filter. This is mostly used when a custom
|
||||||
## used but MPLS or VLAN tags are on the traffic.
|
## filter is being used but MPLS or VLAN tags are on the traffic.
|
||||||
const restricted_filter = "" &redef;
|
const restricted_filter = "" &redef;
|
||||||
|
|
||||||
## The maximum amount of time that you'd like to allow for BPF filters to compile.
|
## The maximum amount of time that you'd like to allow for BPF filters to compile.
|
||||||
## If this time is exceeded, compensation measures may be taken by the framework
|
## If this time is exceeded, compensation measures may be taken by the framework
|
||||||
## to reduce the filter size. This threshold being crossed also results in
|
## to reduce the filter size. This threshold being crossed also results
|
||||||
## the :bro:see:`PacketFilter::Too_Long_To_Compile_Filter` notice.
|
## in the :bro:see:`PacketFilter::Too_Long_To_Compile_Filter` notice.
|
||||||
const max_filter_compile_time = 100msec &redef;
|
const max_filter_compile_time = 100msec &redef;
|
||||||
|
|
||||||
## Install a BPF filter to exclude some traffic. The filter should positively
|
## Install a BPF filter to exclude some traffic. The filter should
|
||||||
## match what is to be excluded, it will be wrapped in a "not".
|
## positively match what is to be excluded, it will be wrapped in
|
||||||
|
## a "not".
|
||||||
##
|
##
|
||||||
## filter_id: An arbitrary string that can be used to identify
|
## filter_id: An arbitrary string that can be used to identify
|
||||||
## the filter.
|
## the filter.
|
||||||
|
|
@ -79,9 +80,9 @@ export {
|
||||||
## installed or not.
|
## installed or not.
|
||||||
global exclude: function(filter_id: string, filter: string): bool;
|
global exclude: function(filter_id: string, filter: string): bool;
|
||||||
|
|
||||||
## Install a temporary filter to traffic which should not be passed through
|
## Install a temporary filter to traffic which should not be passed
|
||||||
## the BPF filter. The filter should match the traffic you don't want
|
## through the BPF filter. The filter should match the traffic you
|
||||||
## to see (it will be wrapped in a "not" condition).
|
## don't want to see (it will be wrapped in a "not" condition).
|
||||||
##
|
##
|
||||||
## filter_id: An arbitrary string that can be used to identify
|
## filter_id: An arbitrary string that can be used to identify
|
||||||
## the filter.
|
## the filter.
|
||||||
|
|
@ -125,7 +126,7 @@ global dynamic_restrict_filters: table[string] of string = {};
|
||||||
# install the filter.
|
# install the filter.
|
||||||
global currently_building = F;
|
global currently_building = F;
|
||||||
|
|
||||||
# Internal tracking for if the the filter being built has possibly been changed.
|
# Internal tracking for if the filter being built has possibly been changed.
|
||||||
global filter_changed = F;
|
global filter_changed = F;
|
||||||
|
|
||||||
global filter_plugins: set[FilterPlugin] = {};
|
global filter_plugins: set[FilterPlugin] = {};
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ export {
|
||||||
##
|
##
|
||||||
## num_parts: The number of parts the traffic should be split into.
|
## num_parts: The number of parts the traffic should be split into.
|
||||||
##
|
##
|
||||||
## this_part: The part of the traffic this filter will accept. 0-based.
|
## this_part: The part of the traffic this filter will accept (0-based).
|
||||||
global sampling_filter: function(num_parts: count, this_part: count): string;
|
global sampling_filter: function(num_parts: count, this_part: count): string;
|
||||||
|
|
||||||
## Combines two valid BPF filter strings with a string based operator
|
## Combines two valid BPF filter strings with a string based operator
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue