Minor whitespace cleanup in init-bare.zeek

2025-10-02 06:38:20 +00:00 · 2025-01-23 10:06:16 -07:00 · 2025-01-23 10:06:16 -07:00 · 4eef4f4e33
commit 4eef4f4e33
parent aab8f6575a
1 changed files with 188 additions and 164 deletions
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -144,8 +144,8 @@ type string_mapper: function(s: string): string;
 ## :zeek:see:`file_magic`
 type mime_match: record {
 	strength: int;    ##< How strongly the signature matched.  Used for
-	                  ##< prioritization when multiple file magic signatures
+			  ##< prioritization when multiple file magic signatures
-	                  ##< match.
+			  ##< match.
 	mime:     string; ##< The MIME type of the file magic signature match.
 };
@ -197,10 +197,10 @@ const allow_network_time_forward = T &redef;
 ## A connection's transport-layer protocol. Note that Zeek uses the term
 ## "connection" broadly, using flow semantics for ICMP and UDP.
 type transport_proto: enum {
-    unknown_transport,	##< An unknown transport-layer protocol.
+	unknown_transport,	##< An unknown transport-layer protocol.
-    tcp,	##< TCP.
+	tcp,	##< TCP.
-    udp,	##< UDP.
+	udp,	##< UDP.
-    icmp	##< ICMP.
+	icmp	##< ICMP.
 };
 ## A connection's identifying 4-tuple of endpoints and ports.
@ -597,6 +597,7 @@ export {
 }
 module TCP;
 export {
 	## A TCP Option field parsed from a TCP header.
 	type Option: record {
@ -633,6 +634,7 @@ export {
 }
 module Tunnel;
 export {
 	## Records the identity of an encapsulating parent of a tunneled connection.
 	type EncapsulatingConn: record {
@ -685,9 +687,10 @@ export {
 	## may choose whether to perform the validation.
 	const validate_vxlan_checksums = T &redef;
-} # end export
+}
 module HTTP;
 export {
 	## Lookup table for Upgrade analyzers. First, a case sensitive lookup
 	## is done using the client's Upgrade header. If no match is found,
@ -697,6 +700,7 @@ export {
 }
 module WebSocket;
 export {
 	## The WebSocket analyzer consumes and forwards
 	## frame payload in chunks to keep memory usage
@ -1155,6 +1159,7 @@ type EventNameCounter: record {
 	## Times it was called, as counted by the event handlers.
 	times_called: count &log;
 } &log;
 type EventNameStats: vector of EventNameCounter;
 ## Table type used to map variable names to their memory allocation.
@ -2221,12 +2226,12 @@ type raw_pkt_hdr: record {
 type teredo_auth: record {
 	id:      string;  ##< Teredo client identifier.
 	value:   string;  ##< HMAC-SHA1 over shared secret key between client and
-	                  ##< server, nonce, confirmation byte, origin indication
+			  ##< server, nonce, confirmation byte, origin indication
-	                  ##< (if present), and the IPv6 packet.
+			  ##< (if present), and the IPv6 packet.
 	nonce:   count;   ##< Nonce chosen by Teredo client to be repeated by
-	                  ##< Teredo server.
+			  ##< Teredo server.
 	confirm: count;   ##< Confirmation byte to be set to 0 by Teredo client
-	                  ##< and non-zero by server if client needs new key.
+			  ##< and non-zero by server if client needs new key.
 };
 ## A Teredo authentication header.  See :rfc:`4380` for more information
@ -3533,20 +3538,19 @@ export {
 		afiles: double;	##< TODO.
 		invarsec: interval;	##< TODO.
 	};
-} # end export
+}
 module MIME;
 export {
 	## Stop analysis of nested multipart MIME entities if this depth is
 	## reached. Setting this value to 0 removes the limit.
 	const max_depth = 100 &redef;
-} # end export
+}
 module MOUNT3;
 export {
 	## Record summarizing the general results and status of MOUNT3
@ -3607,7 +3611,7 @@ export {
 		auth_flavors: vector of auth_flavor_t &optional;	##< Returned authentication flavors
 	};
-} # end export
+}
 module Log;
@ -3634,7 +3638,7 @@ export {
 	## .. :zeek:see:`Log::flush_interval`
 	const write_buffer_size = 1000 &redef;
-} # end export
+}
 module POP3;
@ -3651,7 +3655,7 @@ export {
 	## Setting this value to 0 removes the limit.
 	const max_unknown_client_commands = 10 &redef;
-} # end export
+}
 module Threading;
@ -4752,144 +4756,146 @@ export {
 }
 module PE;
 export {
-type PE::DOSHeader: record {
+	type PE::DOSHeader: record {
-	## The magic number of a portable executable file ("MZ").
+		## The magic number of a portable executable file ("MZ").
-	signature                : string;
+		signature                : string;
-	## The number of bytes in the last page that are used.
+		## The number of bytes in the last page that are used.
-	used_bytes_in_last_page  : count;
+		used_bytes_in_last_page  : count;
-	## The number of pages in the file that are part of the PE file itself.
+		## The number of pages in the file that are part of the PE file itself.
-	file_in_pages            : count;
+		file_in_pages            : count;
-	## Number of relocation entries stored after the header.
+		## Number of relocation entries stored after the header.
-	num_reloc_items          : count;
+		num_reloc_items          : count;
-	## Number of paragraphs in the header.
+		## Number of paragraphs in the header.
-	header_in_paragraphs     : count;
+		header_in_paragraphs     : count;
-	## Number of paragraphs of additional memory that the program will need.
+		## Number of paragraphs of additional memory that the program will need.
-	min_extra_paragraphs     : count;
+		min_extra_paragraphs     : count;
-	## Maximum number of paragraphs of additional memory.
+		## Maximum number of paragraphs of additional memory.
-	max_extra_paragraphs     : count;
+		max_extra_paragraphs     : count;
-	## Relative value of the stack segment.
+		## Relative value of the stack segment.
-	init_relative_ss         : count;
+		init_relative_ss         : count;
-	## Initial value of the SP register.
+		## Initial value of the SP register.
-	init_sp                  : count;
+		init_sp                  : count;
-	## Checksum. The 16-bit sum of all words in the file should be 0. Normally not set.
+		## Checksum. The 16-bit sum of all words in the file should be 0. Normally not set.
-	checksum                 : count;
+		checksum                 : count;
-	## Initial value of the IP register.
+		## Initial value of the IP register.
-	init_ip                  : count;
+		init_ip                  : count;
-	## Initial value of the CS register (relative to the initial segment).
+		## Initial value of the CS register (relative to the initial segment).
-	init_relative_cs         : count;
+		init_relative_cs         : count;
-	## Offset of the first relocation table.
+		## Offset of the first relocation table.
-	addr_of_reloc_table      : count;
+		addr_of_reloc_table      : count;
-	## Overlays allow you to append data to the end of the file. If this is the main program,
+		## Overlays allow you to append data to the end of the file. If this is the main program,
-	## this will be 0.
+		## this will be 0.
-	overlay_num              : count;
+		overlay_num              : count;
-	## OEM identifier.
+		## OEM identifier.
-	oem_id                   : count;
+		oem_id                   : count;
-	## Additional OEM info, specific to oem_id.
+		## Additional OEM info, specific to oem_id.
-	oem_info                 : count;
+		oem_info                 : count;
-	## Address of the new EXE header.
+		## Address of the new EXE header.
-	addr_of_new_exe_header   : count;
+		addr_of_new_exe_header   : count;
-};
+	};
-type PE::FileHeader: record {
+	type PE::FileHeader: record {
-	## The target machine that the file was compiled for.
+		## The target machine that the file was compiled for.
-	machine              : count;
+		machine              : count;
-	## The time that the file was created at.
+		## The time that the file was created at.
-	ts                   : time;
+		ts                   : time;
-	## Pointer to the symbol table.
+		## Pointer to the symbol table.
-	sym_table_ptr        : count;
+		sym_table_ptr        : count;
-	## Number of symbols.
+		## Number of symbols.
-	num_syms             : count;
+		num_syms             : count;
-	## The size of the optional header.
+		## The size of the optional header.
-	optional_header_size : count;
+		optional_header_size : count;
-	## Bit flags that determine if this file is executable, non-relocatable, and/or a DLL.
+		## Bit flags that determine if this file is executable, non-relocatable, and/or a DLL.
-	characteristics      : set[count];
+		characteristics      : set[count];
-};
+	};
-type PE::OptionalHeader: record {
+	type PE::OptionalHeader: record {
-	## PE32 or PE32+ indicator.
+		## PE32 or PE32+ indicator.
-	magic                   : count;
+		magic                   : count;
-	## The major version of the linker used to create the PE.
+		## The major version of the linker used to create the PE.
-	major_linker_version    : count;
+		major_linker_version    : count;
-	## The minor version of the linker used to create the PE.
+		## The minor version of the linker used to create the PE.
-	minor_linker_version    : count;
+		minor_linker_version    : count;
-	## Size of the .text section.
+		## Size of the .text section.
-	size_of_code            : count;
+		size_of_code            : count;
-	## Size of the .data section.
+		## Size of the .data section.
-	size_of_init_data       : count;
+		size_of_init_data       : count;
-	## Size of the .bss section.
+		## Size of the .bss section.
-	size_of_uninit_data     : count;
+		size_of_uninit_data     : count;
-	## The relative virtual address (RVA) of the entry point.
+		## The relative virtual address (RVA) of the entry point.
-	addr_of_entry_point     : count;
+		addr_of_entry_point     : count;
-	## The relative virtual address (RVA) of the .text section.
+		## The relative virtual address (RVA) of the .text section.
-	base_of_code            : count;
+		base_of_code            : count;
-	## The relative virtual address (RVA) of the .data section.
+		## The relative virtual address (RVA) of the .data section.
-	base_of_data            : count &optional;
+		base_of_data            : count &optional;
-	## Preferred memory location for the image to be based at.
+		## Preferred memory location for the image to be based at.
-	image_base              : count;
+		image_base              : count;
-	## The alignment (in bytes) of sections when they're loaded in memory.
+		## The alignment (in bytes) of sections when they're loaded in memory.
-	section_alignment       : count;
+		section_alignment       : count;
-	## The alignment (in bytes) of the raw data of sections.
+		## The alignment (in bytes) of the raw data of sections.
-	file_alignment          : count;
+		file_alignment          : count;
-	## The major version of the required OS.
+		## The major version of the required OS.
-	os_version_major        : count;
+		os_version_major        : count;
-	## The minor version of the required OS.
+		## The minor version of the required OS.
-	os_version_minor        : count;
+		os_version_minor        : count;
-	## The major version of this image.
+		## The major version of this image.
-	major_image_version     : count;
+		major_image_version     : count;
-	## The minor version of this image.
+		## The minor version of this image.
-	minor_image_version     : count;
+		minor_image_version     : count;
-	## The major version of the subsystem required to run this file.
+		## The major version of the subsystem required to run this file.
-	major_subsys_version    : count;
+		major_subsys_version    : count;
-	## The minor version of the subsystem required to run this file.
+		## The minor version of the subsystem required to run this file.
-	minor_subsys_version    : count;
+		minor_subsys_version    : count;
-	## The size (in bytes) of the image as the image is loaded in memory.
+		## The size (in bytes) of the image as the image is loaded in memory.
-	size_of_image           : count;
+		size_of_image           : count;
-	## The size (in bytes) of the headers, rounded up to file_alignment.
+		## The size (in bytes) of the headers, rounded up to file_alignment.
-	size_of_headers         : count;
+		size_of_headers         : count;
-	## The image file checksum.
+		## The image file checksum.
-	checksum                : count;
+		checksum                : count;
-	## The subsystem that's required to run this image.
+		## The subsystem that's required to run this image.
-	subsystem               : count;
+		subsystem               : count;
-	## Bit flags that determine how to execute or load this file.
+		## Bit flags that determine how to execute or load this file.
-	dll_characteristics     : set[count];
+		dll_characteristics     : set[count];
-	## A vector with the sizes of various tables and strings that are
+		## A vector with the sizes of various tables and strings that are
-	## defined in the optional header data directories. Examples include
+		## defined in the optional header data directories. Examples include
-	## the import table, the resource table, and debug information.
+		## the import table, the resource table, and debug information.
-	table_sizes             : vector of count;
+		table_sizes             : vector of count;
-};
+	};
-## Record for Portable Executable (PE) section headers.
+	## Record for Portable Executable (PE) section headers.
-type PE::SectionHeader: record {
+	type PE::SectionHeader: record {
-	## The name of the section
+		## The name of the section
-	name             : string;
+		name             : string;
-	## The total size of the section when loaded into memory.
+		## The total size of the section when loaded into memory.
-	virtual_size     : count;
+		virtual_size     : count;
-	## The relative virtual address (RVA) of the section.
+		## The relative virtual address (RVA) of the section.
-	virtual_addr     : count;
+		virtual_addr     : count;
-	## The size of the initialized data for the section, as it is
+		## The size of the initialized data for the section, as it is
-	## in the file on disk.
+		## in the file on disk.
-	size_of_raw_data : count;
+		size_of_raw_data : count;
-	## The virtual address of the initialized dat for the section,
+		## The virtual address of the initialized dat for the section,
-	## as it is in the file on disk.
+		## as it is in the file on disk.
-	ptr_to_raw_data  : count;
+		ptr_to_raw_data  : count;
-	## The file pointer to the beginning of relocation entries for
+		## The file pointer to the beginning of relocation entries for
-	## the section.
+		## the section.
-	ptr_to_relocs    : count;
+		ptr_to_relocs    : count;
-	## The file pointer to the beginning of line-number entries for
+		## The file pointer to the beginning of line-number entries for
-	## the section.
+		## the section.
-	ptr_to_line_nums : count;
+		ptr_to_line_nums : count;
-	## The number of relocation entries for the section.
+		## The number of relocation entries for the section.
-	num_of_relocs    : count;
+		num_of_relocs    : count;
-	## The number of line-number entries for the section.
+		## The number of line-number entries for the section.
-	num_of_line_nums : count;
+		num_of_line_nums : count;
-	## Bit-flags that describe the characteristics of the section.
+		## Bit-flags that describe the characteristics of the section.
-	characteristics  : set[count];
+		characteristics  : set[count];
-};
+	};
 }
 module SSL;
 export {
 	type SignatureAndHashAlgorithm: record {
 		HashAlgorithm: count; ##< Hash algorithm number
@ -4901,20 +4907,19 @@ export {
 		obfuscated_ticket_age: count;
 	};
-## Number of non-DTLS frames that can occur in a DTLS connection before
+	## Number of non-DTLS frames that can occur in a DTLS connection before
-## parsing of the connection is suspended.
+	## parsing of the connection is suspended.
-## DTLS does not immediately stop parsing a connection because other protocols
+	## DTLS does not immediately stop parsing a connection because other protocols
-## might be interleaved in the same UDP "connection".
+	## might be interleaved in the same UDP "connection".
-const SSL::dtls_max_version_errors = 10 &redef;
+	const SSL::dtls_max_version_errors = 10 &redef;
-## Maximum number of invalid version errors to report in one DTLS connection.
+	## Maximum number of invalid version errors to report in one DTLS connection.
-const SSL::dtls_max_reported_version_errors = 1 &redef;
+	const SSL::dtls_max_reported_version_errors = 1 &redef;
 ## Maximum number of Alert messages parsed from an SSL record with
 ## content_type alert (21). The remaining alerts are discarded. For
 ## TLS 1.3 connections, this is implicitly 1 as defined by RFC 8446.
 const SSL::max_alerts_per_record = 10 &redef;
 	## Maximum number of Alert messages parsed from an SSL record with
 	## content_type alert (21). The remaining alerts are discarded. For
 	## TLS 1.3 connections, this is implicitly 1 as defined by RFC 8446.
 	const SSL::max_alerts_per_record = 10 &redef;
 }
 module GLOBAL;
@ -4929,13 +4934,14 @@ type signature_and_hashalgorithm_vec: vector of SSL::SignatureAndHashAlgorithm;
 type psk_identity_vec: vector of SSL::PSKIdentity;
 module X509;
 export {
 	type Certificate: record {
 		version: count &log;	##< Version number.
 		serial: string &log;	##< Serial number.
 		subject: string &log;	##< Subject.
 		issuer: string &log;	##< Issuer.
-		cn: string &optional; ##< Last (most specific) common name.
+		cn: string &optional;	##< Last (most specific) common name.
 		not_valid_before: time &log;	##< Timestamp before when certificate is not valid.
 		not_valid_after: time &log;	##< Timestamp after when certificate is not valid.
 		key_alg: string &log;	##< Name of the key algorithm
@ -4980,6 +4986,7 @@ export {
 }
 module SOCKS;
 export {
 	## This record is for a SOCKS client or server to provide either a
 	## name or an address to represent a desired or established connection.
@ -5008,6 +5015,7 @@ export {
 }
 module RDP;
 export {
 	type RDP::EarlyCapabilityFlags: record {
 		support_err_info_pdu:       bool;
@ -5122,6 +5130,7 @@ export {
@load base/bif/plugins/Zeek_SNMP.types.bif
 module SNMP;
 export {
 	## The top-level message data structure of an SNMPv1 datagram, not
 	## including the PDU data.  See :rfc:`1157`.
@ -5244,6 +5253,7 @@ export {
@load base/bif/plugins/Zeek_KRB.types.bif
 module KRB;
 export {
 	## Kerberos keytab file name. Used to decrypt tickets encountered on the wire.
 	const keytab = "" &redef;
@ -5428,6 +5438,7 @@ export {
 }
 module JSON;
 export {
 	type TimestampFormat: enum {
 		## Timestamps will be formatted as UNIX epoch doubles.  This is
@ -5446,6 +5457,7 @@ export {
 }
 module Reporter;
 export {
 	## Tunable for sending reporter info messages to STDERR.  The option to
 	## turn it off is presented here in case Zeek is being run by some
@ -5464,6 +5476,7 @@ export {
 }
 module Pcap;
 export {
 	## Number of bytes per packet to capture from live interfaces.
 	const snaplen = 9216 &redef;
@ -5529,9 +5542,10 @@ export {
 		fatal,  # fatal issue, something that would prevent zeek from continuing
 		warning # non-fatal issue that should just be logged
 	};
-} # end export
+}
 module DCE_RPC;
 export {
 	## The maximum number of simultaneous fragmented commands that
 	## the DCE_RPC analyzer will tolerate before the it will generate
@ -5545,12 +5559,14 @@ export {
 }
 module NCP;
 export {
 	## The maximum number of bytes to allocate when parsing NCP frames.
 	const max_frame_size = 65536 &redef;
 }
 module NTP;
 export {
 	## NTP standard message as defined in :rfc:`5905` for modes 1-5
 	## This record contains the standard fields used by the NTP protocol
@ -5725,6 +5741,7 @@ export {
 }
 module MQTT;
 export {
 	type MQTT::ConnectMsg: record {
 		## Protocol name
@ -5800,6 +5817,7 @@ export {
 }
 module Cluster;
 export {
 	type Cluster::Pool: record {};
@ -5818,6 +5836,7 @@ export {
 }
 module Weird;
 export {
 	## Prevents rate-limiting sampling of any weirds named in the table.
 	option sampling_whitelist: set[string] = {};
@ -5851,6 +5870,7 @@ export {
 }
 module UnknownProtocol;
 export {
 	## How many reports for an analyzer/protocol pair will be allowed to
 	## raise events before becoming rate-limited.
@ -5873,6 +5893,7 @@ export {
 }
 module BinPAC;
 export {
 	## Maximum capacity, in bytes, that the BinPAC flowbuffer is allowed to
 	## grow to for use with incremental parsing of a given connection/analyzer.
@ -5896,6 +5917,7 @@ export {
@load base/bif/telemetry_types.bif
 module Telemetry;
 export {
 	## Type that captures options used to create metrics.
 	type MetricOpts: record {
@ -6187,7 +6209,9 @@ module GLOBAL;
 global done_with_network = F;
 event net_done(t: time)
-	{ done_with_network = T; }
+	{
 	done_with_network = T;
 	}
 # This sets up primary BIFs such that they can be used by any
 # further scripts within their global initializations and is intended to be