Minor whitespace cleanup in init-bare.zeek

2025-10-02 06:38:20 +00:00 · 2025-01-23 10:06:16 -07:00 · 2025-01-23 10:06:16 -07:00 · 4eef4f4e33
commit 4eef4f4e33
parent aab8f6575a
1 changed files with 188 additions and 164 deletions
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -597,6 +597,7 @@ export {
 }

 module TCP;
+
 export {
 	## A TCP Option field parsed from a TCP header.
 	type Option: record {
@ -633,6 +634,7 @@ export {
 }

 module Tunnel;
+
 export {
 	## Records the identity of an encapsulating parent of a tunneled connection.
 	type EncapsulatingConn: record {
@ -685,9 +687,10 @@ export {
 	## may choose whether to perform the validation.
 	const validate_vxlan_checksums = T &redef;

-} # end export
+}

 module HTTP;
+
 export {
 	## Lookup table for Upgrade analyzers. First, a case sensitive lookup
 	## is done using the client's Upgrade header. If no match is found,
@ -697,6 +700,7 @@ export {
 }

 module WebSocket;
+
 export {
 	## The WebSocket analyzer consumes and forwards
 	## frame payload in chunks to keep memory usage
@ -1155,6 +1159,7 @@ type EventNameCounter: record {
 	## Times it was called, as counted by the event handlers.
 	times_called: count &log;
 } &log;
+
 type EventNameStats: vector of EventNameCounter;

 ## Table type used to map variable names to their memory allocation.
@ -3533,20 +3538,19 @@ export {
 		afiles: double;	##< TODO.
 		invarsec: interval;	##< TODO.
 	};
-} # end export
-
+}

 module MIME;
+
 export {
 	## Stop analysis of nested multipart MIME entities if this depth is
 	## reached. Setting this value to 0 removes the limit.
 	const max_depth = 100 &redef;

-} # end export
-
-
+}

 module MOUNT3;
+
 export {

 	## Record summarizing the general results and status of MOUNT3
@ -3607,7 +3611,7 @@ export {
 		auth_flavors: vector of auth_flavor_t &optional;	##< Returned authentication flavors
 	};

-} # end export
+}

 module Log;

@ -3634,7 +3638,7 @@ export {
 	## .. :zeek:see:`Log::flush_interval`
 	const write_buffer_size = 1000 &redef;

-} # end export
+}

 module POP3;

@ -3651,7 +3655,7 @@ export {
 	## Setting this value to 0 removes the limit.
 	const max_unknown_client_commands = 10 &redef;

-} # end export
+}

 module Threading;

@ -4752,8 +4756,9 @@ export {
 }

 module PE;
+
 export {
-type PE::DOSHeader: record {
+	type PE::DOSHeader: record {
 		## The magic number of a portable executable file ("MZ").
 		signature                : string;
 		## The number of bytes in the last page that are used.
@ -4789,9 +4794,9 @@ type PE::DOSHeader: record {
 		oem_info                 : count;
 		## Address of the new EXE header.
 		addr_of_new_exe_header   : count;
-};
+	};

-type PE::FileHeader: record {
+	type PE::FileHeader: record {
 		## The target machine that the file was compiled for.
 		machine              : count;
 		## The time that the file was created at.
@ -4804,9 +4809,9 @@ type PE::FileHeader: record {
 		optional_header_size : count;
 		## Bit flags that determine if this file is executable, non-relocatable, and/or a DLL.
 		characteristics      : set[count];
-};
+	};

-type PE::OptionalHeader: record {
+	type PE::OptionalHeader: record {
 		## PE32 or PE32+ indicator.
 		magic                   : count;
 		## The major version of the linker used to create the PE.
@ -4858,10 +4863,10 @@ type PE::OptionalHeader: record {
 		## the import table, the resource table, and debug information.
 		table_sizes             : vector of count;

-};
+	};

-## Record for Portable Executable (PE) section headers.
-type PE::SectionHeader: record {
+	## Record for Portable Executable (PE) section headers.
+	type PE::SectionHeader: record {
 		## The name of the section
 		name             : string;
 		## The total size of the section when loaded into memory.
@ -4886,10 +4891,11 @@ type PE::SectionHeader: record {
 		num_of_line_nums : count;
 		## Bit-flags that describe the characteristics of the section.
 		characteristics  : set[count];
-};
+	};
 }

 module SSL;
+
 export {
 	type SignatureAndHashAlgorithm: record {
 		HashAlgorithm: count; ##< Hash algorithm number
@ -4901,20 +4907,19 @@ export {
 		obfuscated_ticket_age: count;
 	};

-## Number of non-DTLS frames that can occur in a DTLS connection before
-## parsing of the connection is suspended.
-## DTLS does not immediately stop parsing a connection because other protocols
-## might be interleaved in the same UDP "connection".
-const SSL::dtls_max_version_errors = 10 &redef;
+	## Number of non-DTLS frames that can occur in a DTLS connection before
+	## parsing of the connection is suspended.
+	## DTLS does not immediately stop parsing a connection because other protocols
+	## might be interleaved in the same UDP "connection".
+	const SSL::dtls_max_version_errors = 10 &redef;

-## Maximum number of invalid version errors to report in one DTLS connection.
-const SSL::dtls_max_reported_version_errors = 1 &redef;
-
-## Maximum number of Alert messages parsed from an SSL record with
-## content_type alert (21). The remaining alerts are discarded. For
-## TLS 1.3 connections, this is implicitly 1 as defined by RFC 8446.
-const SSL::max_alerts_per_record = 10 &redef;
+	## Maximum number of invalid version errors to report in one DTLS connection.
+	const SSL::dtls_max_reported_version_errors = 1 &redef;

+	## Maximum number of Alert messages parsed from an SSL record with
+	## content_type alert (21). The remaining alerts are discarded. For
+	## TLS 1.3 connections, this is implicitly 1 as defined by RFC 8446.
+	const SSL::max_alerts_per_record = 10 &redef;
 }

 module GLOBAL;
@ -4929,6 +4934,7 @@ type signature_and_hashalgorithm_vec: vector of SSL::SignatureAndHashAlgorithm;
 type psk_identity_vec: vector of SSL::PSKIdentity;

 module X509;
+
 export {
 	type Certificate: record {
 		version: count &log;	##< Version number.
@ -4980,6 +4986,7 @@ export {
 }

 module SOCKS;
+
 export {
 	## This record is for a SOCKS client or server to provide either a
 	## name or an address to represent a desired or established connection.
@ -5008,6 +5015,7 @@ export {
 }

 module RDP;
+
 export {
 	type RDP::EarlyCapabilityFlags: record {
 		support_err_info_pdu:       bool;
@ -5122,6 +5130,7 @@ export {
@load base/bif/plugins/Zeek_SNMP.types.bif

 module SNMP;
+
 export {
 	## The top-level message data structure of an SNMPv1 datagram, not
 	## including the PDU data.  See :rfc:`1157`.
@ -5244,6 +5253,7 @@ export {
@load base/bif/plugins/Zeek_KRB.types.bif

 module KRB;
+
 export {
 	## Kerberos keytab file name. Used to decrypt tickets encountered on the wire.
 	const keytab = "" &redef;
@ -5428,6 +5438,7 @@ export {
 }

 module JSON;
+
 export {
 	type TimestampFormat: enum {
 		## Timestamps will be formatted as UNIX epoch doubles.  This is
@ -5446,6 +5457,7 @@ export {
 }

 module Reporter;
+
 export {
 	## Tunable for sending reporter info messages to STDERR.  The option to
 	## turn it off is presented here in case Zeek is being run by some
@ -5464,6 +5476,7 @@ export {
 }

 module Pcap;
+
 export {
 	## Number of bytes per packet to capture from live interfaces.
 	const snaplen = 9216 &redef;
@ -5529,9 +5542,10 @@ export {
 		fatal,  # fatal issue, something that would prevent zeek from continuing
 		warning # non-fatal issue that should just be logged
 	};
-} # end export
+}

 module DCE_RPC;
+
 export {
 	## The maximum number of simultaneous fragmented commands that
 	## the DCE_RPC analyzer will tolerate before the it will generate
@ -5545,12 +5559,14 @@ export {
 }

 module NCP;
+
 export {
 	## The maximum number of bytes to allocate when parsing NCP frames.
 	const max_frame_size = 65536 &redef;
 }

 module NTP;
+
 export {
 	## NTP standard message as defined in :rfc:`5905` for modes 1-5
 	## This record contains the standard fields used by the NTP protocol
@ -5725,6 +5741,7 @@ export {
 }

 module MQTT;
+
 export {
 	type MQTT::ConnectMsg: record {
 		## Protocol name
@ -5800,6 +5817,7 @@ export {
 }

 module Cluster;
+
 export {
 	type Cluster::Pool: record {};

@ -5818,6 +5836,7 @@ export {
 }

 module Weird;
+
 export {
 	## Prevents rate-limiting sampling of any weirds named in the table.
 	option sampling_whitelist: set[string] = {};
@ -5851,6 +5870,7 @@ export {
 }

 module UnknownProtocol;
+
 export {
 	## How many reports for an analyzer/protocol pair will be allowed to
 	## raise events before becoming rate-limited.
@ -5873,6 +5893,7 @@ export {
 }

 module BinPAC;
+
 export {
 	## Maximum capacity, in bytes, that the BinPAC flowbuffer is allowed to
 	## grow to for use with incremental parsing of a given connection/analyzer.
@ -5896,6 +5917,7 @@ export {
@load base/bif/telemetry_types.bif

 module Telemetry;
+
 export {
 	## Type that captures options used to create metrics.
 	type MetricOpts: record {
@ -6187,7 +6209,9 @@ module GLOBAL;

 global done_with_network = F;
 event net_done(t: time)
-	{ done_with_network = T; }
+	{
+	done_with_network = T;
+	}

 # This sets up primary BIFs such that they can be used by any
 # further scripts within their global initializations and is intended to be