mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 09:38:19 +00:00
Fix typos and formatting in the ftp protocol docs
This commit is contained in:
Daniel Thayer
parent
bc337f3d5a
commit
98181e829b
4 changed files with 15 additions and 13 deletions
|
|
@ -4,20 +4,20 @@
|
||||||
##! that successfully negotiate the GSSAPI method of an AUTH request
|
##! that successfully negotiate the GSSAPI method of an AUTH request
|
||||||
##! and for which the exchange involved an encoded TLS/SSL handshake,
|
##! and for which the exchange involved an encoded TLS/SSL handshake,
|
||||||
##! indicating the GSI mechanism for GSSAPI was used. This analysis
|
##! indicating the GSI mechanism for GSSAPI was used. This analysis
|
||||||
##! is all supported internally, this script simple adds the "gridftp"
|
##! is all supported internally, this script simply adds the "gridftp"
|
||||||
##! label to the *service* field of the control channel's
|
##! label to the *service* field of the control channel's
|
||||||
##! :bro:type:`connection` record.
|
##! :bro:type:`connection` record.
|
||||||
##!
|
##!
|
||||||
##! GridFTP data channels are identified by a heuristic that relies on
|
##! GridFTP data channels are identified by a heuristic that relies on
|
||||||
##! the fact that default settings for GridFTP clients typically
|
##! the fact that default settings for GridFTP clients typically
|
||||||
##! mutally authenticate the data channel with TLS/SSL and negotiate a
|
##! mutually authenticate the data channel with TLS/SSL and negotiate a
|
||||||
##! NULL bulk cipher (no encryption). Connections with those
|
##! NULL bulk cipher (no encryption). Connections with those
|
||||||
##! attributes are then polled for two minutes with decreasing frequency
|
##! attributes are then polled for two minutes with decreasing frequency
|
||||||
##! to check if the transfer sizes are large enough to indicate a
|
##! to check if the transfer sizes are large enough to indicate a
|
||||||
##! GridFTP data channel that would be undesireable to analyze further
|
##! GridFTP data channel that would be undesirable to analyze further
|
||||||
##! (e.g. stop TCP reassembly). A side effect is that true connection
|
##! (e.g. stop TCP reassembly). A side effect is that true connection
|
||||||
##! sizes are not logged, but at the benefit of saving CPU cycles that
|
##! sizes are not logged, but at the benefit of saving CPU cycles that
|
||||||
##! otherwise go to analyzing the large (and likely benign) connections.
|
##! would otherwise go to analyzing the large (and likely benign) connections.
|
||||||
|
|
||||||
@load ./info
|
@load ./info
|
||||||
@load ./main
|
@load ./main
|
||||||
|
|
@ -59,8 +59,8 @@ export {
|
||||||
## been exceeded. This is called in a :bro:see:`ssl_established` event
|
## been exceeded. This is called in a :bro:see:`ssl_established` event
|
||||||
## handler and by default looks for both a client and server certificate
|
## handler and by default looks for both a client and server certificate
|
||||||
## and for a NULL bulk cipher. One way in which this function could be
|
## and for a NULL bulk cipher. One way in which this function could be
|
||||||
## redefined is to make it also consider client/server certificate issuer
|
## redefined is to make it also consider client/server certificate
|
||||||
## subjects.
|
## issuer subjects.
|
||||||
##
|
##
|
||||||
## c: The connection which may possibly be a GridFTP data channel.
|
## c: The connection which may possibly be a GridFTP data channel.
|
||||||
##
|
##
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,8 @@ export {
|
||||||
orig_h: addr &log;
|
orig_h: addr &log;
|
||||||
## The host that will be accepting the data connection.
|
## The host that will be accepting the data connection.
|
||||||
resp_h: addr &log;
|
resp_h: addr &log;
|
||||||
## The port at which the acceptor is listening for the data connection.
|
## The port at which the acceptor is listening for the data
|
||||||
|
## connection.
|
||||||
resp_p: port &log;
|
resp_p: port &log;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -38,7 +39,8 @@ export {
|
||||||
## Argument for the command if one is given.
|
## Argument for the command if one is given.
|
||||||
arg: string &log &optional;
|
arg: string &log &optional;
|
||||||
|
|
||||||
## Libmagic "sniffed" file type if the command indicates a file transfer.
|
## Libmagic "sniffed" file type if the command indicates a file
|
||||||
|
## transfer.
|
||||||
mime_type: string &log &optional;
|
mime_type: string &log &optional;
|
||||||
## Size of the file if the command indicates a file transfer.
|
## Size of the file if the command indicates a file transfer.
|
||||||
file_size: count &log &optional;
|
file_size: count &log &optional;
|
||||||
|
|
@ -59,8 +61,8 @@ export {
|
||||||
|
|
||||||
## Command that is currently waiting for a response.
|
## Command that is currently waiting for a response.
|
||||||
cmdarg: CmdArg &optional;
|
cmdarg: CmdArg &optional;
|
||||||
## Queue for commands that have been sent but not yet responded to
|
## Queue for commands that have been sent but not yet responded
|
||||||
## are tracked here.
|
## to are tracked here.
|
||||||
pending_commands: PendingCmds;
|
pending_commands: PendingCmds;
|
||||||
|
|
||||||
## Indicates if the session is in active or passive mode.
|
## Indicates if the session is in active or passive mode.
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ export {
|
||||||
const guest_ids = { "anonymous", "ftp", "ftpuser", "guest" } &redef;
|
const guest_ids = { "anonymous", "ftp", "ftpuser", "guest" } &redef;
|
||||||
|
|
||||||
## This record is to hold a parsed FTP reply code. For example, for the
|
## This record is to hold a parsed FTP reply code. For example, for the
|
||||||
## 201 status code, the digits would be parsed as: x->2, y->0, z=>1.
|
## 201 status code, the digits would be parsed as: x->2, y->0, z->1.
|
||||||
type ReplyCode: record {
|
type ReplyCode: record {
|
||||||
x: count;
|
x: count;
|
||||||
y: count;
|
y: count;
|
||||||
|
|
|
||||||
|
|
@ -11,14 +11,14 @@ export {
|
||||||
##
|
##
|
||||||
## rec: An :bro:type:`FTP::Info` record.
|
## rec: An :bro:type:`FTP::Info` record.
|
||||||
##
|
##
|
||||||
## Returns: A URL, not prefixed by "ftp://".
|
## Returns: A URL, not prefixed by ``"ftp://"``.
|
||||||
global build_url: function(rec: Info): string;
|
global build_url: function(rec: Info): string;
|
||||||
|
|
||||||
## Creates a URL from an :bro:type:`FTP::Info` record.
|
## Creates a URL from an :bro:type:`FTP::Info` record.
|
||||||
##
|
##
|
||||||
## rec: An :bro:type:`FTP::Info` record.
|
## rec: An :bro:type:`FTP::Info` record.
|
||||||
##
|
##
|
||||||
## Returns: A URL prefixed with "ftp://".
|
## Returns: A URL prefixed with ``"ftp://"``.
|
||||||
global build_url_ftp: function(rec: Info): string;
|
global build_url_ftp: function(rec: Info): string;
|
||||||
|
|
||||||
## Create an extremely shortened representation of a log line.
|
## Create an extremely shortened representation of a log line.
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue