Updating documentation for some utils/ policy scripts

2025-10-15 13:08:20 +00:00 · 2011-07-18 20:14:06 -05:00 · 2011-07-18 20:14:06 -05:00 · c5e98a8116
commit c5e98a8116
parent 9b27a98e93
5 changed files with 66 additions and 14 deletions
--- a/policy/utils/addrs.bro
+++ b/policy/utils/addrs.bro
@ -27,8 +27,9 @@ const ip_addr_regex =
    /(([0-9A-Fa-f]{1,4}:){6,6})([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/ | # 6Hex4Dec
    /(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4})*)?)::(([0-9A-Fa-f]{1,4}:)*)([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/; # CompressedHex4Dec
-## Takes an array of strings and returns T if all elements in are a valid
+## Checks if all elements of a string array are a valid octet value.
-## value for an octet (0-255), else returns F
+## octets: an array of strings to check for valid octet values.
 ## Returns: T if every element is between 0 and 255, inclusive, else F.
 function has_valid_octets(octets: string_array): bool
 	{
 	local num = 0;
@ -41,8 +42,9 @@ function has_valid_octets(octets: string_array): bool
 	return T;
 	}
-## Takes a string and returns T or F if the string appears to be a full and 
+## Checks if a string appears to be a valid IPv4 or IPv6 address.
-## valid IP address.
+## ip_str: the string to check for valid IP formatting.
 ## Returns: T if the string is a valid IPv4 or IPv6 address format.
 function is_valid_ip(ip_str: string): bool
 	{
 	local octets: string_array;
@ -81,9 +83,9 @@ function is_valid_ip(ip_str: string): bool
 	return F;
 	}
-## This outputs a string_array of ip addresses extracted from a string.
+## Extracts all IP (v4 or v6) address strings from a given string.
-## given: "this is 1.1.1.1 a test 2.2.2.2 string with ip addresses 3.3.3.3"
+## input: a string that may contain an IP address anywhere within it.
-## outputs: { [0] = 1.1.1.1, [1] = 2.2.2.2, [2] = 3.3.3.3 }
+## Returns: an array containing all valid IP address strings found in input.
 function find_ip_addresses(input: string): string_array
 	{
 	local parts = split_all(input, ip_addr_regex);
--- a/policy/utils/conn_ids.bro
+++ b/policy/utils/conn_ids.bro
@ -4,15 +4,17 @@ module GLOBAL;
 export {
 	## Takes a conn_id record and returns a string representation with the 
-	## the general data flow appearing to be toward the right.
+	## the general data flow appearing to be from the connection originator
 	## on the left to the responder on the right.
 	global id_string: function(id: conn_id): string;
 	## Takes a conn_id record and returns a string representation with the 
-	## the general data flow appearing to be toward the left.
+	## the general data flow appearing to be from the connection responder
 	## on the right to the originator on the left.
 	global reverse_id_string: function(id: conn_id): string;
-	## Calls either the :bro:id:`id_string` or :bro:id:`reverse_id_string`
+	## Calls :bro:id:`id_string` or :bro:id:`reverse_id_string` if the second
-	## function depending on the second argument.
+	## argument is T or F, respectively.
 	global directed_id_string: function(id: conn_id, is_orig: bool): string;
 }
--- a/policy/utils/directions-and-hosts.bro
+++ b/policy/utils/directions-and-hosts.bro
@ -1,6 +1,24 @@
@load site
-type Direction: enum { INBOUND, OUTBOUND, BIDIRECTIONAL, NO_DIRECTION };
+type Direction: enum {
 	## The connection originator is not within the locally-monitored network,
 	## but the other endpoint is.
 	INBOUND,
 	## The connection originator is within the locally-monitored network,
 	## but the other endpoint is not.
 	OUTBOUND,
 	## Only one endpoint is within the locally-monitored network, meaning
 	## the connection is either outbound or inbound.
 	BIDIRECTIONAL,
 	## This value doesn't match any connection.
 	NO_DIRECTION
 };
 ## Checks whether a given connection is of a given direction with respect
 ## to the locally-monitored network.
 ## id: a connection record containing the originator/responder hosts.
 ## d: a direction with respect to the locally-monitored network
 ## Returns: T if the two connection endpoints match the given direction, else F.
 function id_matches_direction(id: conn_id, d: Direction): bool
 	{
 	if ( d == NO_DIRECTION ) return F;
@ -16,7 +34,21 @@ function id_matches_direction(id: conn_id, d: Direction): bool
 		return !o_local && r_local;
 	}
-type Host: enum { LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS };
+type Host: enum {
 	## A host within the locally-monitored network.
 	LOCAL_HOSTS,
 	## A host not within the locally-monitored network.
 	REMOTE_HOSTS,
 	## Any host.
 	ALL_HOSTS,
 	## This value doesn't match any host.
 	NO_HOSTS
 };
 ## Checks whether a given host (IP address) matches a given host type.
 ## ip: address of a host
 ## h: a host type
 ## Returns: T if the given host matches the given type, else F.
 function addr_matches_host(ip: addr, h: Host): bool
 	{
 	if ( h == NO_HOSTS ) return F;
--- a/testing/btest/Baseline/policy.utils.addrs/output
+++ b/testing/btest/Baseline/policy.utils.addrs/output
@ -30,3 +30,14 @@ T
 F
 F
 F
 ============ test find_ip_addresses()
 {
 [0] = 1.1.1.1,
 [2] = 3.3.3.3,
 [1] = 2.2.2.2
 }
 {
 [0] = 1.1.1.1,
 [2] = 3.3.3.3,
 [1] = 0:0:0:0:0:0:0:0
 }
--- a/testing/btest/policy/utils/addrs.test
+++ b/testing/btest/policy/utils/addrs.test
@ -96,4 +96,9 @@ event bro_init()
 	# hybrid format's ipv4 part should test that all octet's are 0-255
 	ip = "2001:db8:0:0:0:FFFF:192.168.0.256";
 	print is_valid_ip(ip);
 	print "============ test find_ip_addresses()";
 	print find_ip_addresses("this is 1.1.1.1 a test 2.2.2.2 string with ip addresses 3.3.3.3");
 	print find_ip_addresses("this is 1.1.1.1 a test 0:0:0:0:0:0:0:0 string with ip addresses 3.3.3.3");
 	}