Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Minor whitespace cleanup in init-bare.zeek

Browse source
This commit is contained in:
Tim Wojtulewicz 2025-01-23 10:06:16 -07:00
parent aab8f6575a
commit 4eef4f4e33
1 changed files with 188 additions and 164 deletions
Download patch file Download diff file Expand all files Collapse all files

88
scripts/base/init-bare.zeek
View file

@ -597,6 +597,7 @@ export {
} }
module TCP; module TCP;
export { export {
## A TCP Option field parsed from a TCP header. ## A TCP Option field parsed from a TCP header.
type Option: record { type Option: record {
@ -633,6 +634,7 @@ export {
} }
module Tunnel; module Tunnel;
export { export {
## Records the identity of an encapsulating parent of a tunneled connection. ## Records the identity of an encapsulating parent of a tunneled connection.
type EncapsulatingConn: record { type EncapsulatingConn: record {
@ -685,9 +687,10 @@ export {
## may choose whether to perform the validation. ## may choose whether to perform the validation.
const validate_vxlan_checksums = T &redef; const validate_vxlan_checksums = T &redef;
} # end export }
module HTTP; module HTTP;
export { export {
## Lookup table for Upgrade analyzers. First, a case sensitive lookup ## Lookup table for Upgrade analyzers. First, a case sensitive lookup
## is done using the client's Upgrade header. If no match is found, ## is done using the client's Upgrade header. If no match is found,
@ -697,6 +700,7 @@ export {
} }
module WebSocket; module WebSocket;
export { export {
## The WebSocket analyzer consumes and forwards ## The WebSocket analyzer consumes and forwards
## frame payload in chunks to keep memory usage ## frame payload in chunks to keep memory usage
@ -1155,6 +1159,7 @@ type EventNameCounter: record {
## Times it was called, as counted by the event handlers. ## Times it was called, as counted by the event handlers.
times_called: count &log; times_called: count &log;
} &log; } &log;
type EventNameStats: vector of EventNameCounter; type EventNameStats: vector of EventNameCounter;
## Table type used to map variable names to their memory allocation. ## Table type used to map variable names to their memory allocation.
@ -3533,20 +3538,19 @@ export {
afiles: double; ##< TODO. afiles: double; ##< TODO.
invarsec: interval; ##< TODO. invarsec: interval; ##< TODO.
}; };
} # end export }
module MIME; module MIME;
export { export {
## Stop analysis of nested multipart MIME entities if this depth is ## Stop analysis of nested multipart MIME entities if this depth is
## reached. Setting this value to 0 removes the limit. ## reached. Setting this value to 0 removes the limit.
const max_depth = 100 &redef; const max_depth = 100 &redef;
} # end export }
module MOUNT3; module MOUNT3;
export { export {
## Record summarizing the general results and status of MOUNT3 ## Record summarizing the general results and status of MOUNT3
@ -3607,7 +3611,7 @@ export {
auth_flavors: vector of auth_flavor_t &optional; ##< Returned authentication flavors auth_flavors: vector of auth_flavor_t &optional; ##< Returned authentication flavors
}; };
} # end export }
module Log; module Log;
@ -3634,7 +3638,7 @@ export {
## .. :zeek:see:`Log::flush_interval` ## .. :zeek:see:`Log::flush_interval`
const write_buffer_size = 1000 &redef; const write_buffer_size = 1000 &redef;
} # end export }
module POP3; module POP3;
@ -3651,7 +3655,7 @@ export {
## Setting this value to 0 removes the limit. ## Setting this value to 0 removes the limit.
const max_unknown_client_commands = 10 &redef; const max_unknown_client_commands = 10 &redef;
} # end export }
module Threading; module Threading;
@ -4752,8 +4756,9 @@ export {
} }
module PE; module PE;
export { export {
type PE::DOSHeader: record { type PE::DOSHeader: record {
## The magic number of a portable executable file ("MZ"). ## The magic number of a portable executable file ("MZ").
signature : string; signature : string;
## The number of bytes in the last page that are used. ## The number of bytes in the last page that are used.
@ -4789,9 +4794,9 @@ type PE::DOSHeader: record {
oem_info : count; oem_info : count;
## Address of the new EXE header. ## Address of the new EXE header.
addr_of_new_exe_header : count; addr_of_new_exe_header : count;
}; };
type PE::FileHeader: record { type PE::FileHeader: record {
## The target machine that the file was compiled for. ## The target machine that the file was compiled for.
machine : count; machine : count;
## The time that the file was created at. ## The time that the file was created at.
@ -4804,9 +4809,9 @@ type PE::FileHeader: record {
optional_header_size : count; optional_header_size : count;
## Bit flags that determine if this file is executable, non-relocatable, and/or a DLL. ## Bit flags that determine if this file is executable, non-relocatable, and/or a DLL.
characteristics : set[count]; characteristics : set[count];
}; };
type PE::OptionalHeader: record { type PE::OptionalHeader: record {
## PE32 or PE32+ indicator. ## PE32 or PE32+ indicator.
magic : count; magic : count;
## The major version of the linker used to create the PE. ## The major version of the linker used to create the PE.
@ -4858,10 +4863,10 @@ type PE::OptionalHeader: record {
## the import table, the resource table, and debug information. ## the import table, the resource table, and debug information.
table_sizes : vector of count; table_sizes : vector of count;
}; };
## Record for Portable Executable (PE) section headers. ## Record for Portable Executable (PE) section headers.
type PE::SectionHeader: record { type PE::SectionHeader: record {
## The name of the section ## The name of the section
name : string; name : string;
## The total size of the section when loaded into memory. ## The total size of the section when loaded into memory.
@ -4886,10 +4891,11 @@ type PE::SectionHeader: record {
num_of_line_nums : count; num_of_line_nums : count;
## Bit-flags that describe the characteristics of the section. ## Bit-flags that describe the characteristics of the section.
characteristics : set[count]; characteristics : set[count];
}; };
} }
module SSL; module SSL;
export { export {
type SignatureAndHashAlgorithm: record { type SignatureAndHashAlgorithm: record {
HashAlgorithm: count; ##< Hash algorithm number HashAlgorithm: count; ##< Hash algorithm number
@ -4901,20 +4907,19 @@ export {
obfuscated_ticket_age: count; obfuscated_ticket_age: count;
}; };
## Number of non-DTLS frames that can occur in a DTLS connection before ## Number of non-DTLS frames that can occur in a DTLS connection before
## parsing of the connection is suspended. ## parsing of the connection is suspended.
## DTLS does not immediately stop parsing a connection because other protocols ## DTLS does not immediately stop parsing a connection because other protocols
## might be interleaved in the same UDP "connection". ## might be interleaved in the same UDP "connection".
const SSL::dtls_max_version_errors = 10 &redef; const SSL::dtls_max_version_errors = 10 &redef;
## Maximum number of invalid version errors to report in one DTLS connection. ## Maximum number of invalid version errors to report in one DTLS connection.
const SSL::dtls_max_reported_version_errors = 1 &redef; const SSL::dtls_max_reported_version_errors = 1 &redef;
## Maximum number of Alert messages parsed from an SSL record with
## content_type alert (21). The remaining alerts are discarded. For
## TLS 1.3 connections, this is implicitly 1 as defined by RFC 8446.
const SSL::max_alerts_per_record = 10 &redef;
## Maximum number of Alert messages parsed from an SSL record with
## content_type alert (21). The remaining alerts are discarded. For
## TLS 1.3 connections, this is implicitly 1 as defined by RFC 8446.
const SSL::max_alerts_per_record = 10 &redef;
} }
module GLOBAL; module GLOBAL;
@ -4929,6 +4934,7 @@ type signature_and_hashalgorithm_vec: vector of SSL::SignatureAndHashAlgorithm;
type psk_identity_vec: vector of SSL::PSKIdentity; type psk_identity_vec: vector of SSL::PSKIdentity;
module X509; module X509;
export { export {
type Certificate: record { type Certificate: record {
version: count &log; ##< Version number. version: count &log; ##< Version number.
@ -4980,6 +4986,7 @@ export {
} }
module SOCKS; module SOCKS;
export { export {
## This record is for a SOCKS client or server to provide either a ## This record is for a SOCKS client or server to provide either a
## name or an address to represent a desired or established connection. ## name or an address to represent a desired or established connection.
@ -5008,6 +5015,7 @@ export {
} }
module RDP; module RDP;
export { export {
type RDP::EarlyCapabilityFlags: record { type RDP::EarlyCapabilityFlags: record {
support_err_info_pdu: bool; support_err_info_pdu: bool;
@ -5122,6 +5130,7 @@ export {
@load base/bif/plugins/Zeek_SNMP.types.bif @load base/bif/plugins/Zeek_SNMP.types.bif
module SNMP; module SNMP;
export { export {
## The top-level message data structure of an SNMPv1 datagram, not ## The top-level message data structure of an SNMPv1 datagram, not
## including the PDU data. See :rfc:`1157`. ## including the PDU data. See :rfc:`1157`.
@ -5244,6 +5253,7 @@ export {
@load base/bif/plugins/Zeek_KRB.types.bif @load base/bif/plugins/Zeek_KRB.types.bif
module KRB; module KRB;
export { export {
## Kerberos keytab file name. Used to decrypt tickets encountered on the wire. ## Kerberos keytab file name. Used to decrypt tickets encountered on the wire.
const keytab = "" &redef; const keytab = "" &redef;
@ -5428,6 +5438,7 @@ export {
} }
module JSON; module JSON;
export { export {
type TimestampFormat: enum { type TimestampFormat: enum {
## Timestamps will be formatted as UNIX epoch doubles. This is ## Timestamps will be formatted as UNIX epoch doubles. This is
@ -5446,6 +5457,7 @@ export {
} }
module Reporter; module Reporter;
export { export {
## Tunable for sending reporter info messages to STDERR. The option to ## Tunable for sending reporter info messages to STDERR. The option to
## turn it off is presented here in case Zeek is being run by some ## turn it off is presented here in case Zeek is being run by some
@ -5464,6 +5476,7 @@ export {
} }
module Pcap; module Pcap;
export { export {
## Number of bytes per packet to capture from live interfaces. ## Number of bytes per packet to capture from live interfaces.
const snaplen = 9216 &redef; const snaplen = 9216 &redef;
@ -5529,9 +5542,10 @@ export {
fatal, # fatal issue, something that would prevent zeek from continuing fatal, # fatal issue, something that would prevent zeek from continuing
warning # non-fatal issue that should just be logged warning # non-fatal issue that should just be logged
}; };
} # end export }
module DCE_RPC; module DCE_RPC;
export { export {
## The maximum number of simultaneous fragmented commands that ## The maximum number of simultaneous fragmented commands that
## the DCE_RPC analyzer will tolerate before the it will generate ## the DCE_RPC analyzer will tolerate before the it will generate
@ -5545,12 +5559,14 @@ export {
} }
module NCP; module NCP;
export { export {
## The maximum number of bytes to allocate when parsing NCP frames. ## The maximum number of bytes to allocate when parsing NCP frames.
const max_frame_size = 65536 &redef; const max_frame_size = 65536 &redef;
} }
module NTP; module NTP;
export { export {
## NTP standard message as defined in :rfc:`5905` for modes 1-5 ## NTP standard message as defined in :rfc:`5905` for modes 1-5
## This record contains the standard fields used by the NTP protocol ## This record contains the standard fields used by the NTP protocol
@ -5725,6 +5741,7 @@ export {
} }
module MQTT; module MQTT;
export { export {
type MQTT::ConnectMsg: record { type MQTT::ConnectMsg: record {
## Protocol name ## Protocol name
@ -5800,6 +5817,7 @@ export {
} }
module Cluster; module Cluster;
export { export {
type Cluster::Pool: record {}; type Cluster::Pool: record {};
@ -5818,6 +5836,7 @@ export {
} }
module Weird; module Weird;
export { export {
## Prevents rate-limiting sampling of any weirds named in the table. ## Prevents rate-limiting sampling of any weirds named in the table.
option sampling_whitelist: set[string] = {}; option sampling_whitelist: set[string] = {};
@ -5851,6 +5870,7 @@ export {
} }
module UnknownProtocol; module UnknownProtocol;
export { export {
## How many reports for an analyzer/protocol pair will be allowed to ## How many reports for an analyzer/protocol pair will be allowed to
## raise events before becoming rate-limited. ## raise events before becoming rate-limited.
@ -5873,6 +5893,7 @@ export {
} }
module BinPAC; module BinPAC;
export { export {
## Maximum capacity, in bytes, that the BinPAC flowbuffer is allowed to ## Maximum capacity, in bytes, that the BinPAC flowbuffer is allowed to
## grow to for use with incremental parsing of a given connection/analyzer. ## grow to for use with incremental parsing of a given connection/analyzer.
@ -5896,6 +5917,7 @@ export {
@load base/bif/telemetry_types.bif @load base/bif/telemetry_types.bif
module Telemetry; module Telemetry;
export { export {
## Type that captures options used to create metrics. ## Type that captures options used to create metrics.
type MetricOpts: record { type MetricOpts: record {
@ -6187,7 +6209,9 @@ module GLOBAL;
global done_with_network = F; global done_with_network = F;
event net_done(t: time) event net_done(t: time)
{ done_with_network = T; } {
done_with_network = T;
}
# This sets up primary BIFs such that they can be used by any # This sets up primary BIFs such that they can be used by any
# further scripts within their global initializations and is intended to be # further scripts within their global initializations and is intended to be