Copy docs into Zeek repo directly

This is based on commit 2731def9159247e6da8a3191783c89683363689c from the zeek-docs repo.
2025-10-11 02:58:20 +00:00 · 2025-09-15 15:52:18 -07:00 · 2025-09-15 15:52:18 -07:00 · ded98cd373
commit ded98cd373
parent 83f1e74643
1074 changed files with 169319 additions and 0 deletions
--- a/doc/scripts/base/protocols/dnp3/load.zeek.rst
+++ b/doc/scripts/base/protocols/dnp3/load.zeek.rst
@ -0,0 +1,14 @@
+:tocdepth: 3
+
+base/protocols/dnp3/__load__.zeek
+=================================
+
+
+:Imports: :doc:`base/protocols/dnp3/main.zeek </scripts/base/protocols/dnp3/main.zeek>`
+
+Summary
+~~~~~~~
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+
--- a/doc/scripts/base/protocols/dnp3/consts.zeek.rst
+++ b/doc/scripts/base/protocols/dnp3/consts.zeek.rst
@ -0,0 +1,75 @@
+:tocdepth: 3
+
+base/protocols/dnp3/consts.zeek
+===============================
+.. zeek:namespace:: DNP3
+
+
+:Namespace: DNP3
+
+Summary
+~~~~~~~
+Redefinable Options
+###################
+===================================================================================================================== =======================================
+:zeek:id:`DNP3::function_codes`: :zeek:type:`table` :zeek:attr:`&default` = :zeek:type:`function` :zeek:attr:`&redef` Standard defined Modbus function codes.
+===================================================================================================================== =======================================
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+Redefinable Options
+###################
+.. zeek:id:: DNP3::function_codes
+   :source-code: base/protocols/dnp3/consts.zeek 6 6
+
+   :Type: :zeek:type:`table` [:zeek:type:`count`] of :zeek:type:`string`
+   :Attributes: :zeek:attr:`&default` = :zeek:type:`function` :zeek:attr:`&redef`
+   :Default:
+
+      ::
+
+         {
+            [19] = "SAVE_CONFIG",
+            [20] = "ENABLE_UNSOLICITED",
+            [33] = "AUTHENTICATE_REQ_NR",
+            [14] = "WARM_RESTART",
+            [15] = "INITIALIZE_DATA",
+            [6] = "DIRECT_OPERATE_NR",
+            [30] = "ABORT_FILE",
+            [31] = "ACTIVATE_CONFIG",
+            [28] = "GET_FILE_INFO",
+            [23] = "DELAY_MEASURE",
+            [8] = "IMMED_FREEZE_NR",
+            [27] = "DELETE_FILE",
+            [9] = "FREEZE_CLEAR",
+            [7] = "IMMED_FREEZE",
+            [10] = "FREEZE_CLEAR_NR",
+            [21] = "DISABLE_UNSOLICITED",
+            [4] = "OPERATE",
+            [26] = "CLOSE_FILE",
+            [13] = "COLD_RESTART",
+            [12] = "FREEZE_AT_TIME_NR",
+            [32] = "AUTHENTICATE_REQ",
+            [130] = "UNSOLICITED_RESPONSE",
+            [17] = "START_APPL",
+            [25] = "OPEN_FILE",
+            [2] = "WRITE",
+            [29] = "AUTHENTICATE_FILE",
+            [16] = "INITIALIZE_APPL",
+            [24] = "RECORD_CURRENT_TIME",
+            [1] = "READ",
+            [11] = "FREEZE_AT_TIME",
+            [5] = "DIRECT_OPERATE",
+            [22] = "ASSIGN_CLASS",
+            [18] = "STOP_APPL",
+            [3] = "SELECT",
+            [0] = "CONFIRM",
+            [131] = "AUTHENTICATE_RESP",
+            [129] = "RESPONSE"
+         }
+
+
+   Standard defined Modbus function codes.
+
+
--- a/doc/scripts/base/protocols/dnp3/index.rst
+++ b/doc/scripts/base/protocols/dnp3/index.rst
@ -0,0 +1,17 @@
+:orphan:
+
+Package: base/protocols/dnp3
+============================
+
+Support for Distributed Network Protocol (DNP3) analysis.
+
+:doc:`/scripts/base/protocols/dnp3/__load__.zeek`
+
+
+:doc:`/scripts/base/protocols/dnp3/main.zeek`
+
+   A very basic DNP3 analysis script that just logs requests and replies.
+
+:doc:`/scripts/base/protocols/dnp3/consts.zeek`
+
+
--- a/doc/scripts/base/protocols/dnp3/main.zeek.rst
+++ b/doc/scripts/base/protocols/dnp3/main.zeek.rst
@ -0,0 +1,115 @@
+:tocdepth: 3
+
+base/protocols/dnp3/main.zeek
+=============================
+.. zeek:namespace:: DNP3
+
+A very basic DNP3 analysis script that just logs requests and replies.
+
+:Namespace: DNP3
+:Imports: :doc:`base/protocols/conn/removal-hooks.zeek </scripts/base/protocols/conn/removal-hooks.zeek>`, :doc:`base/protocols/dnp3/consts.zeek </scripts/base/protocols/dnp3/consts.zeek>`
+
+Summary
+~~~~~~~
+Types
+#####
+============================================ =
+:zeek:type:`DNP3::Info`: :zeek:type:`record` 
+============================================ =
+
+Redefinitions
+#############
+==================================================================== ======================================================
+:zeek:type:`Log::ID`: :zeek:type:`enum`                              
+                                                                     
+                                                                     * :zeek:enum:`DNP3::LOG`
+:zeek:type:`connection`: :zeek:type:`record`                         
+                                                                     
+                                                                     :New Fields: :zeek:type:`connection`
+                                                                     
+                                                                       dnp3: :zeek:type:`DNP3::Info` :zeek:attr:`&optional`
+:zeek:id:`likely_server_ports`: :zeek:type:`set` :zeek:attr:`&redef` 
+==================================================================== ======================================================
+
+Events
+######
+============================================= ====================================================================
+:zeek:id:`DNP3::log_dnp3`: :zeek:type:`event` Event that can be handled to access the DNP3 record as it is sent on
+                                              to the logging framework.
+============================================= ====================================================================
+
+Hooks
+#####
+============================================================== =======================
+:zeek:id:`DNP3::finalize_dnp3`: :zeek:type:`Conn::RemovalHook` DNP3 finalization hook.
+:zeek:id:`DNP3::log_policy`: :zeek:type:`Log::PolicyHook`      
+============================================================== =======================
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+Types
+#####
+.. zeek:type:: DNP3::Info
+   :source-code: base/protocols/dnp3/main.zeek 13 26
+
+   :Type: :zeek:type:`record`
+
+
+   .. zeek:field:: ts :zeek:type:`time` :zeek:attr:`&log`
+
+      Time of the request.
+
+
+   .. zeek:field:: uid :zeek:type:`string` :zeek:attr:`&log`
+
+      Unique identifier for the connection.
+
+
+   .. zeek:field:: id :zeek:type:`conn_id` :zeek:attr:`&log`
+
+      Identifier for the connection.
+
+
+   .. zeek:field:: fc_request :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
+
+      The name of the function message in the request.
+
+
+   .. zeek:field:: fc_reply :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
+
+      The name of the function message in the reply.
+
+
+   .. zeek:field:: iin :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional`
+
+      The response's "internal indication number".
+
+
+
+Events
+######
+.. zeek:id:: DNP3::log_dnp3
+   :source-code: base/protocols/dnp3/main.zeek 30 30
+
+   :Type: :zeek:type:`event` (rec: :zeek:type:`DNP3::Info`)
+
+   Event that can be handled to access the DNP3 record as it is sent on
+   to the logging framework.
+
+Hooks
+#####
+.. zeek:id:: DNP3::finalize_dnp3
+   :source-code: base/protocols/dnp3/main.zeek 78 85
+
+   :Type: :zeek:type:`Conn::RemovalHook`
+
+   DNP3 finalization hook.  Remaining DNP3 info may get logged when it's called.
+
+.. zeek:id:: DNP3::log_policy
+   :source-code: base/protocols/dnp3/main.zeek 11 11
+
+   :Type: :zeek:type:`Log::PolicyHook`
+
+
+