Copy docs into Zeek repo directly

This is based on commit 2731def9159247e6da8a3191783c89683363689c from the zeek-docs repo.
2025-10-09 01:58:20 +00:00 · 2025-09-15 15:52:18 -07:00 · 2025-09-15 15:52:18 -07:00 · ded98cd373
commit ded98cd373
parent 83f1e74643
1074 changed files with 169319 additions and 0 deletions
--- a/doc/scripts/base/protocols/ntp/load.zeek.rst
+++ b/doc/scripts/base/protocols/ntp/load.zeek.rst
@ -0,0 +1,14 @@
+:tocdepth: 3
+
+base/protocols/ntp/__load__.zeek
+================================
+
+
+:Imports: :doc:`base/protocols/ntp/consts.zeek </scripts/base/protocols/ntp/consts.zeek>`, :doc:`base/protocols/ntp/main.zeek </scripts/base/protocols/ntp/main.zeek>`
+
+Summary
+~~~~~~~
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+
--- a/doc/scripts/base/protocols/ntp/consts.zeek.rst
+++ b/doc/scripts/base/protocols/ntp/consts.zeek.rst
@ -0,0 +1,47 @@
+:tocdepth: 3
+
+base/protocols/ntp/consts.zeek
+==============================
+.. zeek:namespace:: NTP
+
+
+:Namespace: NTP
+
+Summary
+~~~~~~~
+Redefinable Options
+###################
+=========================================================================================================== ====================================================
+:zeek:id:`NTP::modes`: :zeek:type:`table` :zeek:attr:`&default` = :zeek:type:`function` :zeek:attr:`&redef` The descriptions of the NTP mode value, as described
+                                                                                                            in :rfc:`5905`, Figure 1
+=========================================================================================================== ====================================================
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+Redefinable Options
+###################
+.. zeek:id:: NTP::modes
+   :source-code: base/protocols/ntp/consts.zeek 6 6
+
+   :Type: :zeek:type:`table` [:zeek:type:`count`] of :zeek:type:`string`
+   :Attributes: :zeek:attr:`&default` = :zeek:type:`function` :zeek:attr:`&redef`
+   :Default:
+
+      ::
+
+         {
+            [2] = "symmetric passive",
+            [5] = "broadcast server",
+            [3] = "client",
+            [7] = "reserved",
+            [6] = "broadcast client",
+            [4] = "server",
+            [1] = "symmetric active"
+         }
+
+
+   The descriptions of the NTP mode value, as described
+   in :rfc:`5905`, Figure 1
+
+
--- a/doc/scripts/base/protocols/ntp/index.rst
+++ b/doc/scripts/base/protocols/ntp/index.rst
@ -0,0 +1,15 @@
+:orphan:
+
+Package: base/protocols/ntp
+===========================
+
+
+:doc:`/scripts/base/protocols/ntp/__load__.zeek`
+
+
+:doc:`/scripts/base/protocols/ntp/main.zeek`
+
+
+:doc:`/scripts/base/protocols/ntp/consts.zeek`
+
+
--- a/doc/scripts/base/protocols/ntp/main.zeek.rst
+++ b/doc/scripts/base/protocols/ntp/main.zeek.rst
@ -0,0 +1,161 @@
+:tocdepth: 3
+
+base/protocols/ntp/main.zeek
+============================
+.. zeek:namespace:: NTP
+
+
+:Namespace: NTP
+
+Summary
+~~~~~~~
+Types
+#####
+=========================================== =
+:zeek:type:`NTP::Info`: :zeek:type:`record` 
+=========================================== =
+
+Redefinitions
+#############
+==================================================================== ====================================================
+:zeek:type:`Log::ID`: :zeek:type:`enum`                              
+                                                                     
+                                                                     * :zeek:enum:`NTP::LOG`
+:zeek:type:`connection`: :zeek:type:`record`                         
+                                                                     
+                                                                     :New Fields: :zeek:type:`connection`
+                                                                     
+                                                                       ntp: :zeek:type:`NTP::Info` :zeek:attr:`&optional`
+:zeek:id:`likely_server_ports`: :zeek:type:`set` :zeek:attr:`&redef` 
+==================================================================== ====================================================
+
+Events
+######
+=========================================== ===================================================================
+:zeek:id:`NTP::log_ntp`: :zeek:type:`event` Event that can be handled to access the NTP record as it is sent on
+                                            to the logging framework.
+=========================================== ===================================================================
+
+Hooks
+#####
+======================================================== =
+:zeek:id:`NTP::log_policy`: :zeek:type:`Log::PolicyHook` 
+======================================================== =
+
+
+Detailed Interface
+~~~~~~~~~~~~~~~~~~
+Types
+#####
+.. zeek:type:: NTP::Info
+   :source-code: base/protocols/ntp/main.zeek 8 47
+
+   :Type: :zeek:type:`record`
+
+
+   .. zeek:field:: ts :zeek:type:`time` :zeek:attr:`&log`
+
+      Timestamp for when the event happened.
+
+
+   .. zeek:field:: uid :zeek:type:`string` :zeek:attr:`&log`
+
+      Unique ID for the connection.
+
+
+   .. zeek:field:: id :zeek:type:`conn_id` :zeek:attr:`&log`
+
+      The connection's 4-tuple of endpoint addresses/ports.
+
+
+   .. zeek:field:: version :zeek:type:`count` :zeek:attr:`&log`
+
+      The NTP version number (1, 2, 3, 4).
+
+
+   .. zeek:field:: mode :zeek:type:`count` :zeek:attr:`&log`
+
+      The NTP mode being used.
+
+
+   .. zeek:field:: stratum :zeek:type:`count` :zeek:attr:`&log`
+
+      The stratum (primary server, secondary server, etc.).
+
+
+   .. zeek:field:: poll :zeek:type:`interval` :zeek:attr:`&log`
+
+      The maximum interval between successive messages.
+
+
+   .. zeek:field:: precision :zeek:type:`interval` :zeek:attr:`&log`
+
+      The precision of the system clock.
+
+
+   .. zeek:field:: root_delay :zeek:type:`interval` :zeek:attr:`&log`
+
+      Total round-trip delay to the reference clock.
+
+
+   .. zeek:field:: root_disp :zeek:type:`interval` :zeek:attr:`&log`
+
+      Total dispersion to the reference clock.
+
+
+   .. zeek:field:: ref_id :zeek:type:`string` :zeek:attr:`&log`
+
+      For stratum 0, 4 character string used for debugging.
+      For stratum 1, ID assigned to the reference clock by IANA.
+      Above stratum 1, when using IPv4, the IP address of the reference
+      clock.  Note that the NTP protocol did not originally specify a
+      large enough field to represent IPv6 addresses, so they use
+      the first four bytes of the MD5 hash of the reference clock's
+      IPv6 address (i.e. an IPv4 address here is not necessarily IPv4).
+
+
+   .. zeek:field:: ref_time :zeek:type:`time` :zeek:attr:`&log`
+
+      Time when the system clock was last set or correct.
+
+
+   .. zeek:field:: org_time :zeek:type:`time` :zeek:attr:`&log`
+
+      Time at the client when the request departed for the NTP server.
+
+
+   .. zeek:field:: rec_time :zeek:type:`time` :zeek:attr:`&log`
+
+      Time at the server when the request arrived from the NTP client.
+
+
+   .. zeek:field:: xmt_time :zeek:type:`time` :zeek:attr:`&log`
+
+      Time at the server when the response departed for the NTP client.
+
+
+   .. zeek:field:: num_exts :zeek:type:`count` :zeek:attr:`&default` = ``0`` :zeek:attr:`&optional` :zeek:attr:`&log`
+
+      Number of extension fields (which are not currently parsed).
+
+
+
+Events
+######
+.. zeek:id:: NTP::log_ntp
+   :source-code: base/protocols/ntp/main.zeek 51 51
+
+   :Type: :zeek:type:`event` (rec: :zeek:type:`NTP::Info`)
+
+   Event that can be handled to access the NTP record as it is sent on
+   to the logging framework.
+
+Hooks
+#####
+.. zeek:id:: NTP::log_policy
+   :source-code: base/protocols/ntp/main.zeek 6 6
+
+   :Type: :zeek:type:`Log::PolicyHook`
+
+
+