Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

it makes much more sense for the high level api to still return rule

Browse source 
numbers.
This commit is contained in:
Johanna Amann 2015-05-22 18:07:57 -07:00
parent b9953e7048
commit 93b79c87bd
1 changed files with 8 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

18
scripts/base/frameworks/pacf/main.bro
View file

@ -43,8 +43,8 @@ export {
## ##
## location: An optional string describing where the drop was triggered. ## location: An optional string describing where the drop was triggered.
## ##
## Returns: True if a plugin accepted the rule for carrying it out. ## Returns: The id of the inserted rule on succes and zero on failure.
global drop_address: function(a: addr, t: interval, location: string &default="") : bool; global drop_address: function(a: addr, t: interval, location: string &default="") : count;
## Stops forwarding a uni-directional flow's packets to Bro. ## Stops forwarding a uni-directional flow's packets to Bro.
## ##
@ -54,8 +54,8 @@ export {
## ##
## location: An optional string describing where the shunt was triggered. ## location: An optional string describing where the shunt was triggered.
## ##
## Returns: True if a plugin accepted the rule for carrying it out. ## Returns: The id of the inserted rule on succes and zero on failure.
global shunt_flow: function(f: flow_id, t: interval, location: string &default="") : bool; global shunt_flow: function(f: flow_id, t: interval, location: string &default="") : count;
## Removes all rules and notifications for an entity. ## Removes all rules and notifications for an entity.
## ##
@ -355,16 +355,15 @@ function activate(p: PluginState, priority: int)
log_msg(fmt("activated plugin with priority %d", priority), p); log_msg(fmt("activated plugin with priority %d", priority), p);
} }
function drop_address(a: addr, t: interval, location: string &default="") : bool function drop_address(a: addr, t: interval, location: string &default="") : count
{ {
local e: Entity = [$ty=ADDRESS, $ip=addr_to_subnet(a)]; local e: Entity = [$ty=ADDRESS, $ip=addr_to_subnet(a)];
local r: Rule = [$ty=DROP, $target=FORWARD, $entity=e, $expire=t, $location=location]; local r: Rule = [$ty=DROP, $target=FORWARD, $entity=e, $expire=t, $location=location];
local id = add_rule(r); return add_rule(r);
return id > 0;
} }
function shunt_flow(f: flow_id, t: interval, location: string &default="") : bool function shunt_flow(f: flow_id, t: interval, location: string &default="") : count
{ {
local flow = Pacf::Flow( local flow = Pacf::Flow(
$src_h=addr_to_subnet(f$src_h), $src_h=addr_to_subnet(f$src_h),
@ -375,8 +374,7 @@ function shunt_flow(f: flow_id, t: interval, location: string &default="") : boo
local e: Entity = [$ty=FLOW, $flow=flow]; local e: Entity = [$ty=FLOW, $flow=flow];
local r: Rule = [$ty=DROP, $target=MONITOR, $entity=e, $expire=t, $location=location]; local r: Rule = [$ty=DROP, $target=MONITOR, $entity=e, $expire=t, $location=location];
local id = add_rule(r); return add_rule(r);
return id > 0;
} }
function reset(e: Entity) function reset(e: Entity)