Copy docs into Zeek repo directly

This is based on commit 2731def9159247e6da8a3191783c89683363689c from the zeek-docs repo.
2025-10-16 21:48:21 +00:00 · 2025-09-15 15:52:18 -07:00 · 2025-09-15 15:52:18 -07:00 · ded98cd373
commit ded98cd373
parent 83f1e74643
1074 changed files with 169319 additions and 0 deletions
--- a/doc/scripts/base/misc/find-checksum-offloading.zeek.rst
+++ b/doc/scripts/base/misc/find-checksum-offloading.zeek.rst
@ -0,0 +1,39 @@
+:tocdepth: 3
+
+base/misc/find-checksum-offloading.zeek
+=======================================
+.. zeek:namespace:: ChecksumOffloading
+
+Discover cases where the local interface is sniffed and outbound packets
+have checksum offloading.  Load this script to receive a notice if it's
+likely that checksum offload effects are being seen on a live interface or
+in a packet trace file.
+
+:Namespace: ChecksumOffloading
+:Imports: :doc:`base/frameworks/notice </scripts/base/frameworks/notice/index>`
+
+Summary
+~~~~~~~
+Redefinable Options
+###################
+======================================================================================== =========================================================
+:zeek:id:`ChecksumOffloading::check_interval`: :zeek:type:`interval` :zeek:attr:`&redef` The interval which is used for checking packet statistics
+                                                                                         to see if checksum offloading is affecting analysis.
+======================================================================================== =========================================================
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+Redefinable Options
+###################
+.. zeek:id:: ChecksumOffloading::check_interval
+   :source-code: base/misc/find-checksum-offloading.zeek 13 13
+
+   :Type: :zeek:type:`interval`
+   :Attributes: :zeek:attr:`&redef`
+   :Default: ``10.0 secs``
+
+   The interval which is used for checking packet statistics
+   to see if checksum offloading is affecting analysis.
+
+
--- a/doc/scripts/base/misc/find-filtered-trace.zeek.rst
+++ b/doc/scripts/base/misc/find-filtered-trace.zeek.rst
@ -0,0 +1,38 @@
+:tocdepth: 3
+
+base/misc/find-filtered-trace.zeek
+==================================
+.. zeek:namespace:: FilteredTraceDetection
+
+Discovers trace files that contain TCP traffic consisting only of
+control packets (e.g. it's been filtered to contain only SYN/FIN/RST
+packets and no content).  On finding such a trace, a warning is
+emitted that suggests toggling the :zeek:see:`detect_filtered_trace`
+option may be desired if the user does not want Zeek to report
+missing TCP segments.
+
+:Namespace: FilteredTraceDetection
+
+Summary
+~~~~~~~
+State Variables
+###############
+================================================================================ =================================================================
+:zeek:id:`FilteredTraceDetection::enable`: :zeek:type:`bool` :zeek:attr:`&redef` Flag to enable filtered trace file detection and warning message.
+================================================================================ =================================================================
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+State Variables
+###############
+.. zeek:id:: FilteredTraceDetection::enable
+   :source-code: base/misc/find-filtered-trace.zeek 13 13
+
+   :Type: :zeek:type:`bool`
+   :Attributes: :zeek:attr:`&redef`
+   :Default: ``T``
+
+   Flag to enable filtered trace file detection and warning message.
+
+
--- a/doc/scripts/base/misc/installation.zeek.rst
+++ b/doc/scripts/base/misc/installation.zeek.rst
@ -0,0 +1,74 @@
+:tocdepth: 3
+
+base/misc/installation.zeek
+===========================
+.. zeek:namespace:: Installation
+
+This module collects properties of the Zeek installation.
+
+Directories are absolute and guaranteed to exist. Not all are necessarily in
+operational use -- this depends on how you're running Zeek (as a standalone
+process or clusterized, via zeekctl or the Management framework, etc).
+
+For details about Zeek's version, see the :zeek:see:`Version` module.
+
+:Namespace: Installation
+
+Summary
+~~~~~~~
+Constants
+#########
+======================================================= ============================================
+:zeek:id:`Installation::etc_dir`: :zeek:type:`string`   The installation's configuration directory.
+:zeek:id:`Installation::log_dir`: :zeek:type:`string`   The installation's log directory.
+:zeek:id:`Installation::root_dir`: :zeek:type:`string`  Zeek installation root directory.
+:zeek:id:`Installation::spool_dir`: :zeek:type:`string` The installation's spool directory.
+:zeek:id:`Installation::state_dir`: :zeek:type:`string` The installation's variable-state directory.
+======================================================= ============================================
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+Constants
+#########
+.. zeek:id:: Installation::etc_dir
+   :source-code: base/misc/installation.zeek 15 15
+
+   :Type: :zeek:type:`string`
+   :Default: ``"/usr/local/zeek/etc"``
+
+   The installation's configuration directory.
+
+.. zeek:id:: Installation::log_dir
+   :source-code: base/misc/installation.zeek 18 18
+
+   :Type: :zeek:type:`string`
+   :Default: ``"/usr/local/zeek/logs"``
+
+   The installation's log directory.
+
+.. zeek:id:: Installation::root_dir
+   :source-code: base/misc/installation.zeek 12 12
+
+   :Type: :zeek:type:`string`
+   :Default: ``"/usr/local/zeek"``
+
+   Zeek installation root directory.
+
+.. zeek:id:: Installation::spool_dir
+   :source-code: base/misc/installation.zeek 21 21
+
+   :Type: :zeek:type:`string`
+   :Default: ``"/usr/local/zeek/spool"``
+
+   The installation's spool directory.
+
+.. zeek:id:: Installation::state_dir
+   :source-code: base/misc/installation.zeek 24 24
+
+   :Type: :zeek:type:`string`
+   :Default: ``"/usr/local/zeek/var/lib"``
+
+   The installation's variable-state directory.
+
+
--- a/doc/scripts/base/misc/version.zeek.rst
+++ b/doc/scripts/base/misc/version.zeek.rst
@ -0,0 +1,156 @@
+:tocdepth: 3
+
+base/misc/version.zeek
+======================
+.. zeek:namespace:: Version
+
+Provide information about the currently running Zeek version.  The most
+convenient way to access this are the :zeek:see:`Version::number` and
+:zeek:see:`Version::info` constants.
+
+:Namespace: Version
+
+Summary
+~~~~~~~
+Constants
+#########
+================================================================== ==========================================================================
+:zeek:id:`Version::info`: :zeek:type:`Version::VersionDescription` :zeek:see:`Version::VersionDescription` record pertaining to the currently
+                                                                   running version of Zeek.
+:zeek:id:`Version::number`: :zeek:type:`count`                     version number of the currently running version of Zeek as a numeric
+                                                                   representation.
+================================================================== ==========================================================================
+
+Types
+#####
+============================================================= ========================================
+:zeek:type:`Version::VersionDescription`: :zeek:type:`record` A type exactly describing a Zeek version
+============================================================= ========================================
+
+Functions
+#########
+=================================================== ==================================================================
+:zeek:id:`Version::at_least`: :zeek:type:`function` Test if the current running version of Zeek is greater or equal to
+                                                    the given version string.
+:zeek:id:`Version::parse`: :zeek:type:`function`    Parse a given version string.
+=================================================== ==================================================================
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+Constants
+#########
+.. zeek:id:: Version::info
+   :source-code: base/misc/version.zeek 123 123
+
+   :Type: :zeek:type:`Version::VersionDescription`
+
+   :zeek:see:`Version::VersionDescription` record pertaining to the currently
+   running version of Zeek.
+
+.. zeek:id:: Version::number
+   :source-code: base/misc/version.zeek 130 130
+
+   :Type: :zeek:type:`count`
+
+   version number of the currently running version of Zeek as a numeric
+   representation.  The format of the number is ABBCC with A being the
+   major version, bb being the minor version (2 digits) and CC being the
+   patchlevel (2 digits).  As an example, Zeek 2.4.1 results in the
+   number 20401
+
+Types
+#####
+.. zeek:type:: Version::VersionDescription
+   :source-code: base/misc/version.zeek 9 38
+
+   :Type: :zeek:type:`record`
+
+
+   .. zeek:field:: version_number :zeek:type:`count`
+
+      Number representing the version which can be used for easy comparison.
+      The format of the number is ABBCC with A being the major version,
+      bb being the minor version (2 digits) and CC being the patchlevel (2 digits).
+      As an example, Zeek 2.4.1 results in the number 20401.
+
+
+   .. zeek:field:: major :zeek:type:`count`
+
+      Major version number (e.g. 2 for 2.5)
+
+
+   .. zeek:field:: minor :zeek:type:`count`
+
+      Minor version number (e.g. 5 for 2.5)
+
+
+   .. zeek:field:: patch :zeek:type:`count`
+
+      Patch version number (e.g. 0 for 2.5 or 1 for 2.4.1)
+
+
+   .. zeek:field:: commit :zeek:type:`count`
+
+      Commit number for development versions, Versions prior to 3.0.0,
+      like "2.4-12", use a post-release commit number (12 commits
+      after the 2.4 release).  Versions after 3.0.0, like
+      "3.1.0-dev.37", use a pre-release commit number (37 commits
+      into the development cycle for 3.1.0).  For non-development version
+      this number will be zero.
+
+
+   .. zeek:field:: beta :zeek:type:`bool`
+
+      If set to true, the version is a beta build of Zeek.  These versions
+      may start like "2.6-beta" or "3.0.0-rc" (the "rc" form started
+      being used for 3.0.0 and later).
+
+
+   .. zeek:field:: debug :zeek:type:`bool`
+
+      If set to true, the version is a debug build
+
+
+   .. zeek:field:: localversion :zeek:type:`string`
+
+      Local version portion of the version string
+
+
+   .. zeek:field:: version_string :zeek:type:`string`
+
+      String representation of this version
+
+
+   A type exactly describing a Zeek version
+
+Functions
+#########
+.. zeek:id:: Version::at_least
+   :source-code: base/misc/version.zeek 133 136
+
+   :Type: :zeek:type:`function` (version_string: :zeek:type:`string`) : :zeek:type:`bool`
+
+   Test if the current running version of Zeek is greater or equal to
+   the given version string.
+   
+
+   :param version_string: Version to check against the current running version.
+   
+
+   :returns: True if running version greater or equal to the given version.
+
+.. zeek:id:: Version::parse
+   :source-code: base/misc/version.zeek 56 118
+
+   :Type: :zeek:type:`function` (version_string: :zeek:type:`string`) : :zeek:type:`Version::VersionDescription`
+
+   Parse a given version string.
+   
+
+   :param version_string: Zeek version string.
+   
+
+   :returns: :zeek:see:`Version::VersionDescription` record.
+
+