mirror of
https://github.com/zeek/zeek.git
synced 2025-10-12 19:48:20 +00:00
add whitelist and redirect high-level functions
This commit is contained in:
Johanna Amann
parent
2f1ebed2e9
commit
ae18062761
5 changed files with 66 additions and 15 deletions
|
|
@ -57,6 +57,30 @@ export {
|
|||
## Returns: The id of the inserted rule on succes and zero on failure.
|
||||
global shunt_flow: function(f: flow_id, t: interval, location: string &default="") : string;
|
||||
|
||||
## Allows all traffic involving a specific IP address from being forwarded.
|
||||
##
|
||||
## a: The address to be whitelistet.
|
||||
##
|
||||
## t: How long to whitelist it, with 0 being indefinitly.
|
||||
##
|
||||
## location: An optional string describing where the drop was triggered.
|
||||
##
|
||||
## Returns: The id of the inserted rule on succes and zero on failure.
|
||||
global whitelist_address: function(a: addr, t: interval, location: string &default="") : string;
|
||||
|
||||
## Redirects an uni-directional flow to another port.
|
||||
##
|
||||
## f: The flow to redirect.
|
||||
##
|
||||
## out_port: Port to redirect the flow to
|
||||
##
|
||||
## t: How long to leave the redirect in place, with 0 being indefinitly.
|
||||
##
|
||||
## location: An optional string describing where the shunt was triggered.
|
||||
##
|
||||
## Returns: The id of the inserted rule on succes and zero on failure.
|
||||
global redirect_flow: function(f: flow_id, out_port: count, t: interval, location: string &default="") : string;
|
||||
|
||||
## Removes all rules for an entity.
|
||||
##
|
||||
## e: The entity. Note that this will be directly to entities of existing
|
||||
|
|
@ -293,6 +317,14 @@ function drop_address(a: addr, t: interval, location: string &default="") : stri
|
|||
return add_rule(r);
|
||||
}
|
||||
|
||||
function whitelist_address(a: addr, t: interval, location: string &default="") : string
|
||||
{
|
||||
local e: Entity = [$ty=ADDRESS, $ip=addr_to_subnet(a)];
|
||||
local r: Rule = [$ty=WHITELIST, $priority=whitelist_priority, $target=FORWARD, $entity=e, $expire=t, $location=location];
|
||||
|
||||
return add_rule(r);
|
||||
}
|
||||
|
||||
function shunt_flow(f: flow_id, t: interval, location: string &default="") : string
|
||||
{
|
||||
local flow = Pacf::Flow(
|
||||
|
|
@ -307,6 +339,20 @@ function shunt_flow(f: flow_id, t: interval, location: string &default="") : str
|
|||
return add_rule(r);
|
||||
}
|
||||
|
||||
function redirect_flow(f: flow_id, out_port: count, t: interval, location: string &default="") : string
|
||||
{
|
||||
local flow = Pacf::Flow(
|
||||
$src_h=addr_to_subnet(f$src_h),
|
||||
$src_p=f$src_p,
|
||||
$dst_h=addr_to_subnet(f$dst_h),
|
||||
$dst_p=f$dst_p
|
||||
);
|
||||
local e: Entity = [$ty=FLOW, $flow=flow];
|
||||
local r: Rule = [$ty=REDIRECT, $target=FORWARD, $entity=e, $expire=t, $location=location, $c=out_port];
|
||||
|
||||
return add_rule(r);
|
||||
}
|
||||
|
||||
function reset(e: Entity)
|
||||
{
|
||||
print "Pacf::reset not implemented yet";
|
||||
|
|
|
|||
|
|
@ -2,6 +2,9 @@
|
|||
module Pacf;
|
||||
|
||||
export {
|
||||
const default_priority: int = +0 &redef;
|
||||
const whitelist_priority: int = +5 &redef;
|
||||
|
||||
## Type of a :bro:id:`Entity` for defining an action.
|
||||
type EntityType: enum {
|
||||
ADDRESS, ##< Activity involving a specific IP address.
|
||||
|
|
@ -45,11 +48,6 @@ export {
|
|||
## No arguments.
|
||||
DROP,
|
||||
|
||||
## Begin rate-limiting flows matching entity.
|
||||
##
|
||||
## d: Percent of available bandwidth.
|
||||
LIMIT,
|
||||
|
||||
## Begin modifying all packets matching entity.
|
||||
##
|
||||
## .. todo::
|
||||
|
|
@ -62,11 +60,6 @@ export {
|
|||
## c: output port to redirect traffic to.
|
||||
REDIRECT,
|
||||
|
||||
## Begin sampling all flows matching entity.
|
||||
##
|
||||
## d: Probability to include a flow between 0 and 1.
|
||||
SAMPLE,
|
||||
|
||||
## Whitelists all packets of an entity, meaning no restrictions will be applied.
|
||||
## While whitelisting is the default if no rule matches an this can type can be
|
||||
## used to override lower-priority rules that would otherwise take effect for the
|
||||
|
|
@ -93,7 +86,7 @@ export {
|
|||
target: TargetType; ##< Where to apply rule.
|
||||
entity: Entity; ##< Entity to apply rule to.
|
||||
expire: interval &optional; ##< Timeout after which to expire the rule.
|
||||
priority: int &default=+0; ##< Priority if multiple rules match an entity (larger value is higher priority).
|
||||
priority: int &default=default_priority; ##< Priority if multiple rules match an entity (larger value is higher priority).
|
||||
location: string &optional; ##< Optional string describing where/what installed the rule.
|
||||
|
||||
c: count &optional; ##< Argument for rule types requiring an count argument.
|
||||
|
|
@ -115,6 +108,4 @@ export {
|
|||
packet_count: count &optional; ##< number of packets exchanged over connections matched by the rule
|
||||
byte_count: count &optional; ##< total bytes exchanged over connections matched by the rule
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue