Add documentation for event parameters

Added documentation that was missing for some event parameters, and fixed documented name of event parameters.
2025-10-13 12:08:20 +00:00 · 2013-11-22 16:36:08 -06:00 · 2013-11-22 16:36:08 -06:00 · 5b6468a302
commit 5b6468a302
parent 6f06705c23
5 changed files with 20 additions and 4 deletions
--- a/src/analyzer/protocol/dnp3/events.bif
+++ b/src/analyzer/protocol/dnp3/events.bif
@ -32,6 +32,8 @@ event dnp3_application_response_header%(c: connection, is_orig: bool, fc: count,
 ##
 ## qua_field: qualifier field.
 ##
 ## number: TODO.
 ##
 ## rf_low: the structure of the range field depends on the qualified field.
 ##         In some cases, the range field contains only one logic part, e.g.,
 ##         number of objects, so only *rf_low* contains useful values.
--- a/src/analyzer/protocol/modbus/events.bif
+++ b/src/analyzer/protocol/modbus/events.bif
@ -149,7 +149,7 @@ event modbus_write_single_register_response%(c: connection, headers: ModbusHeade
 ##
 ## start_address: The memory address of the first coil to be written.
 ##
-## value: The values to be written to the coils.
+## coils: The values to be written to the coils.
 event modbus_write_multiple_coils_request%(c: connection, headers: ModbusHeaders, start_address: count, coils: ModbusCoils%);
 ## Generated for a Modbus write multiple coils response.
--- a/src/analyzer/protocol/tcp/events.bif
+++ b/src/analyzer/protocol/tcp/events.bif
@ -108,6 +108,8 @@ event connection_half_finished%(c: connection%);
 ## originator attempted to setup a TCP connection but the responder replied
 ## with a RST packet denying it.
 ##
 ## c: The connection.
 ##
 ## .. bro:see:: connection_EOF connection_SYN_packet connection_attempt
 ##    connection_established connection_external connection_finished
 ##    connection_first_ACK connection_half_finished connection_partial_close
@ -115,8 +117,6 @@ event connection_half_finished%(c: connection%);
 ##    connection_status_update connection_timeout scheduled_analyzer_applied
 ##    new_connection new_connection_contents partial_connection
 ##
 ## c: The connection.
 ##
 ## .. note::
 ##
 ##    If the responder does not respond at all, :bro:id:`connection_attempt` is
--- a/src/event.bif
+++ b/src/event.bif
@ -591,7 +591,11 @@ event software_unparsed_version_found%(c: connection, host: addr, str: string%);
 ## and it raises this event for each system identified. The p0f fingerprints are
 ## defined by :bro:id:`passive_fingerprint_file`.
 ##
-## TODO.
+## c: The connection.
 ##
 ## host: The host running the reported OS.
 ##
 ## OS: The OS version string.
 ##
 ## .. bro:see:: passive_fingerprint_file software_parse_error
 ##    software_version_found software_unparsed_version_found
--- a/src/file_analysis/analyzer/unified2/events.bif
+++ b/src/file_analysis/analyzer/unified2/events.bif
@ -1,7 +1,17 @@
 ## Abstract all of the various Unified2 event formats into 
 ## a single event.
 ##
 ## f: The file.
 ##
 ## ev: TODO.
 ##
 event unified2_event%(f: fa_file, ev: Unified2::IDSEvent%);
 ## The Unified2 packet format event.
 ##
 ## f: The file.
 ##
 ## pkt: TODO.
 ##
 event unified2_packet%(f: fa_file, pkt: Unified2::Packet%);