Remove broxygen Sphinx integration

The broxygen-generated files now live in the git repo, have tests that check that they are up-to-date, and a script to re-generate them on-demand.
2025-10-17 14:08:20 +00:00 · 2018-12-17 16:25:41 -06:00 · 2018-12-17 16:25:41 -06:00 · 7e9d48f532
commit 7e9d48f532
parent 9e5e9d04b7
549 changed files with 89909 additions and 100 deletions
--- a/doc/scripts/policy/protocols/conn/known-hosts.bro.rst
+++ b/doc/scripts/policy/protocols/conn/known-hosts.bro.rst
@ -0,0 +1,176 @@
+:tocdepth: 3
+
+policy/protocols/conn/known-hosts.bro
+=====================================
+.. bro:namespace:: Known
+
+This script logs hosts that Bro determines have performed complete TCP 
+handshakes and logs the address once per day (by default).  The log that 
+is output provides an easy way to determine a count of the IP addresses in
+use on a network per day.
+
+:Namespace: Known
+:Imports: :doc:`base/frameworks/cluster </scripts/base/frameworks/cluster/index>`, :doc:`base/utils/directions-and-hosts.bro </scripts/base/utils/directions-and-hosts.bro>`
+
+Summary
+~~~~~~~
+Runtime Options
+###############
+============================================================================ =======================================================
+:bro:id:`Known::host_store_timeout`: :bro:type:`interval` :bro:attr:`&redef` The timeout interval to use for operations against
+                                                                             :bro:see:`Known::host_store`.
+:bro:id:`Known::host_tracking`: :bro:type:`Host` :bro:attr:`&redef`          The hosts whose existence should be logged and tracked.
+============================================================================ =======================================================
+
+Redefinable Options
+###################
+=========================================================================== ===================================================================
+:bro:id:`Known::host_store_expiry`: :bro:type:`interval` :bro:attr:`&redef` The expiry interval of new entries in :bro:see:`Known::host_store`.
+:bro:id:`Known::host_store_name`: :bro:type:`string` :bro:attr:`&redef`     The Broker topic name to use for :bro:see:`Known::host_store`.
+:bro:id:`Known::use_host_store`: :bro:type:`bool` :bro:attr:`&redef`        Toggles between different implementations of this script.
+=========================================================================== ===================================================================
+
+State Variables
+###############
+=================================================================================================== =================================================================
+:bro:id:`Known::host_store`: :bro:type:`Cluster::StoreInfo`                                         Holds the set of all known hosts.
+:bro:id:`Known::hosts`: :bro:type:`set` :bro:attr:`&create_expire` = ``1.0 day`` :bro:attr:`&redef` The set of all known addresses to store for preventing duplicate 
+                                                                                                    logging of addresses.
+=================================================================================================== =================================================================
+
+Types
+#####
+================================================ ========================================================================
+:bro:type:`Known::HostsInfo`: :bro:type:`record` The record type which contains the column fields of the known-hosts log.
+================================================ ========================================================================
+
+Redefinitions
+#############
+===================================== ==========================================
+:bro:type:`Log::ID`: :bro:type:`enum` The known-hosts logging stream identifier.
+===================================== ==========================================
+
+Events
+######
+=================================================== =======================================================================
+:bro:id:`Known::log_known_hosts`: :bro:type:`event` An event that can be handled to access the :bro:type:`Known::HostsInfo`
+                                                    record as it is sent on to the logging framework.
+=================================================== =======================================================================
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+Runtime Options
+###############
+.. bro:id:: Known::host_store_timeout
+
+   :Type: :bro:type:`interval`
+   :Attributes: :bro:attr:`&redef`
+   :Default: ``15.0 secs``
+
+   The timeout interval to use for operations against
+   :bro:see:`Known::host_store`.
+
+.. bro:id:: Known::host_tracking
+
+   :Type: :bro:type:`Host`
+   :Attributes: :bro:attr:`&redef`
+   :Default: ``ALL_HOSTS``
+
+   The hosts whose existence should be logged and tracked.
+   See :bro:type:`Host` for possible choices.
+
+Redefinable Options
+###################
+.. bro:id:: Known::host_store_expiry
+
+   :Type: :bro:type:`interval`
+   :Attributes: :bro:attr:`&redef`
+   :Default: ``1.0 day``
+
+   The expiry interval of new entries in :bro:see:`Known::host_store`.
+   This also changes the interval at which hosts get logged.
+
+.. bro:id:: Known::host_store_name
+
+   :Type: :bro:type:`string`
+   :Attributes: :bro:attr:`&redef`
+   :Default: ``"bro/known/hosts"``
+
+   The Broker topic name to use for :bro:see:`Known::host_store`.
+
+.. bro:id:: Known::use_host_store
+
+   :Type: :bro:type:`bool`
+   :Attributes: :bro:attr:`&redef`
+   :Default: ``T``
+
+   Toggles between different implementations of this script.
+   When true, use a Broker data store, else use a regular Bro set
+   with keys uniformly distributed over proxy nodes in cluster
+   operation.
+
+State Variables
+###############
+.. bro:id:: Known::host_store
+
+   :Type: :bro:type:`Cluster::StoreInfo`
+   :Default:
+
+   ::
+
+      {
+         name=<uninitialized>
+         store=<uninitialized>
+         master_node=""
+         master=F
+         backend=Broker::MEMORY
+         options=[sqlite=[path=""], rocksdb=[path=""]]
+         clone_resync_interval=10.0 secs
+         clone_stale_interval=5.0 mins
+         clone_mutation_buffer_interval=2.0 mins
+      }
+
+   Holds the set of all known hosts.  Keys in the store are addresses
+   and their associated value will always be the "true" boolean.
+
+.. bro:id:: Known::hosts
+
+   :Type: :bro:type:`set` [:bro:type:`addr`]
+   :Attributes: :bro:attr:`&create_expire` = ``1.0 day`` :bro:attr:`&redef`
+   :Default: ``{}``
+
+   The set of all known addresses to store for preventing duplicate 
+   logging of addresses.  It can also be used from other scripts to 
+   inspect if an address has been seen in use.
+   Maintain the list of known hosts for 24 hours so that the existence
+   of each individual address is logged each day.
+   
+   In cluster operation, this set is distributed uniformly across
+   proxy nodes.
+
+Types
+#####
+.. bro:type:: Known::HostsInfo
+
+   :Type: :bro:type:`record`
+
+      ts: :bro:type:`time` :bro:attr:`&log`
+         The timestamp at which the host was detected.
+
+      host: :bro:type:`addr` :bro:attr:`&log`
+         The address that was detected originating or responding to a
+         TCP connection.
+
+   The record type which contains the column fields of the known-hosts log.
+
+Events
+######
+.. bro:id:: Known::log_known_hosts
+
+   :Type: :bro:type:`event` (rec: :bro:type:`Known::HostsInfo`)
+
+   An event that can be handled to access the :bro:type:`Known::HostsInfo`
+   record as it is sent on to the logging framework.
+
+
--- a/doc/scripts/policy/protocols/conn/known-services.bro.rst
+++ b/doc/scripts/policy/protocols/conn/known-services.bro.rst
@ -0,0 +1,199 @@
+:tocdepth: 3
+
+policy/protocols/conn/known-services.bro
+========================================
+.. bro:namespace:: Known
+
+This script logs and tracks services.  In the case of this script, a service
+is defined as an IP address and port which has responded to and fully 
+completed a TCP handshake with another host.  If a protocol is detected
+during the session, the protocol will also be logged.
+
+:Namespace: Known
+:Imports: :doc:`base/frameworks/cluster </scripts/base/frameworks/cluster/index>`, :doc:`base/utils/directions-and-hosts.bro </scripts/base/utils/directions-and-hosts.bro>`
+
+Summary
+~~~~~~~
+Runtime Options
+###############
+=============================================================================== ======================================================
+:bro:id:`Known::service_store_timeout`: :bro:type:`interval` :bro:attr:`&redef` The timeout interval to use for operations against
+                                                                                :bro:see:`Known::service_store`.
+:bro:id:`Known::service_tracking`: :bro:type:`Host` :bro:attr:`&redef`          The hosts whose services should be tracked and logged.
+=============================================================================== ======================================================
+
+Redefinable Options
+###################
+============================================================================== ======================================================================
+:bro:id:`Known::service_store_expiry`: :bro:type:`interval` :bro:attr:`&redef` The expiry interval of new entries in :bro:see:`Known::service_store`.
+:bro:id:`Known::service_store_name`: :bro:type:`string` :bro:attr:`&redef`     The Broker topic name to use for :bro:see:`Known::service_store`.
+:bro:id:`Known::use_service_store`: :bro:type:`bool` :bro:attr:`&redef`        Toggles between different implementations of this script.
+============================================================================== ======================================================================
+
+State Variables
+###############
+=================================================================================== ====================================================================
+:bro:id:`Known::service_store`: :bro:type:`Cluster::StoreInfo`                      Holds the set of all known services.
+:bro:id:`Known::services`: :bro:type:`set` :bro:attr:`&create_expire` = ``1.0 day`` Tracks the set of daily-detected services for preventing the logging
+                                                                                    of duplicates, but can also be inspected by other scripts for
+                                                                                    different purposes.
+=================================================================================== ====================================================================
+
+Types
+#####
+=================================================== ======================================================================
+:bro:type:`Known::AddrPortPair`: :bro:type:`record` 
+:bro:type:`Known::ServicesInfo`: :bro:type:`record` The record type which contains the column fields of the known-services
+                                                    log.
+=================================================== ======================================================================
+
+Redefinitions
+#############
+========================================== =============================================
+:bro:type:`Log::ID`: :bro:type:`enum`      The known-services logging stream identifier.
+:bro:type:`connection`: :bro:type:`record` 
+========================================== =============================================
+
+Events
+######
+====================================================== =======================================================================
+:bro:id:`Known::log_known_services`: :bro:type:`event` Event that can be handled to access the :bro:type:`Known::ServicesInfo`
+                                                       record as it is sent on to the logging framework.
+====================================================== =======================================================================
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+Runtime Options
+###############
+.. bro:id:: Known::service_store_timeout
+
+   :Type: :bro:type:`interval`
+   :Attributes: :bro:attr:`&redef`
+   :Default: ``15.0 secs``
+
+   The timeout interval to use for operations against
+   :bro:see:`Known::service_store`.
+
+.. bro:id:: Known::service_tracking
+
+   :Type: :bro:type:`Host`
+   :Attributes: :bro:attr:`&redef`
+   :Default: ``ALL_HOSTS``
+
+   The hosts whose services should be tracked and logged.
+   See :bro:type:`Host` for possible choices.
+
+Redefinable Options
+###################
+.. bro:id:: Known::service_store_expiry
+
+   :Type: :bro:type:`interval`
+   :Attributes: :bro:attr:`&redef`
+   :Default: ``1.0 day``
+
+   The expiry interval of new entries in :bro:see:`Known::service_store`.
+   This also changes the interval at which services get logged.
+
+.. bro:id:: Known::service_store_name
+
+   :Type: :bro:type:`string`
+   :Attributes: :bro:attr:`&redef`
+   :Default: ``"bro/known/services"``
+
+   The Broker topic name to use for :bro:see:`Known::service_store`.
+
+.. bro:id:: Known::use_service_store
+
+   :Type: :bro:type:`bool`
+   :Attributes: :bro:attr:`&redef`
+   :Default: ``T``
+
+   Toggles between different implementations of this script.
+   When true, use a Broker data store, else use a regular Bro set
+   with keys uniformly distributed over proxy nodes in cluster
+   operation.
+
+State Variables
+###############
+.. bro:id:: Known::service_store
+
+   :Type: :bro:type:`Cluster::StoreInfo`
+   :Default:
+
+   ::
+
+      {
+         name=<uninitialized>
+         store=<uninitialized>
+         master_node=""
+         master=F
+         backend=Broker::MEMORY
+         options=[sqlite=[path=""], rocksdb=[path=""]]
+         clone_resync_interval=10.0 secs
+         clone_stale_interval=5.0 mins
+         clone_mutation_buffer_interval=2.0 mins
+      }
+
+   Holds the set of all known services.  Keys in the store are
+   :bro:type:`Known::AddrPortPair` and their associated value is
+   always the boolean value of "true".
+
+.. bro:id:: Known::services
+
+   :Type: :bro:type:`set` [:bro:type:`addr`, :bro:type:`port`]
+   :Attributes: :bro:attr:`&create_expire` = ``1.0 day``
+   :Default: ``{}``
+
+   Tracks the set of daily-detected services for preventing the logging
+   of duplicates, but can also be inspected by other scripts for
+   different purposes.
+   
+   In cluster operation, this set is uniformly distributed across
+   proxy nodes.
+   
+   This set is automatically populated and shouldn't be directly modified.
+
+Types
+#####
+.. bro:type:: Known::AddrPortPair
+
+   :Type: :bro:type:`record`
+
+      host: :bro:type:`addr`
+
+      p: :bro:type:`port`
+
+
+.. bro:type:: Known::ServicesInfo
+
+   :Type: :bro:type:`record`
+
+      ts: :bro:type:`time` :bro:attr:`&log`
+         The time at which the service was detected.
+
+      host: :bro:type:`addr` :bro:attr:`&log`
+         The host address on which the service is running.
+
+      port_num: :bro:type:`port` :bro:attr:`&log`
+         The port number on which the service is running.
+
+      port_proto: :bro:type:`transport_proto` :bro:attr:`&log`
+         The transport-layer protocol which the service uses.
+
+      service: :bro:type:`set` [:bro:type:`string`] :bro:attr:`&log`
+         A set of protocols that match the service's connection payloads.
+
+   The record type which contains the column fields of the known-services
+   log.
+
+Events
+######
+.. bro:id:: Known::log_known_services
+
+   :Type: :bro:type:`event` (rec: :bro:type:`Known::ServicesInfo`)
+
+   Event that can be handled to access the :bro:type:`Known::ServicesInfo`
+   record as it is sent on to the logging framework.
+
+
--- a/doc/scripts/policy/protocols/conn/mac-logging.bro.rst
+++ b/doc/scripts/policy/protocols/conn/mac-logging.bro.rst
@ -0,0 +1,23 @@
+:tocdepth: 3
+
+policy/protocols/conn/mac-logging.bro
+=====================================
+.. bro:namespace:: Conn
+
+This script adds link-layer address (MAC) information to the connection logs
+
+:Namespace: Conn
+:Imports: :doc:`base/protocols/conn </scripts/base/protocols/conn/index>`
+
+Summary
+~~~~~~~
+Redefinitions
+#############
+========================================== =
+:bro:type:`Conn::Info`: :bro:type:`record` 
+========================================== =
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+
--- a/doc/scripts/policy/protocols/conn/vlan-logging.bro.rst
+++ b/doc/scripts/policy/protocols/conn/vlan-logging.bro.rst
@ -0,0 +1,23 @@
+:tocdepth: 3
+
+policy/protocols/conn/vlan-logging.bro
+======================================
+.. bro:namespace:: Conn
+
+This script adds VLAN information to the connection log.
+
+:Namespace: Conn
+:Imports: :doc:`base/protocols/conn </scripts/base/protocols/conn/index>`
+
+Summary
+~~~~~~~
+Redefinitions
+#############
+========================================== =
+:bro:type:`Conn::Info`: :bro:type:`record` 
+========================================== =
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+
--- a/doc/scripts/policy/protocols/conn/weirds.bro.rst
+++ b/doc/scripts/policy/protocols/conn/weirds.bro.rst
@ -0,0 +1,27 @@
+:tocdepth: 3
+
+policy/protocols/conn/weirds.bro
+================================
+.. bro:namespace:: Conn
+
+This script handles core generated connection related "weird" events to 
+push weird information about connections into the weird framework.
+For live operational deployments, this can frequently cause load issues
+due to large numbers of these events and quite possibly shouldn't be
+loaded.
+
+:Namespace: Conn
+:Imports: :doc:`base/frameworks/notice </scripts/base/frameworks/notice/index>`
+
+Summary
+~~~~~~~
+Redefinitions
+#############
+========================================== =
+:bro:type:`Notice::Type`: :bro:type:`enum` 
+========================================== =
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+