Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/doc/scripts/base/utils/addrs.zeek.rst
Tim Wojtulewicz ded98cd373 Copy docs into Zeek repo directly 
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.
2025-09-26 02:58:29 +00:00

392 lines
23 KiB
ReStructuredText
Raw Permalink Blame History

:tocdepth: 3
base/utils/addrs.zeek
=====================
Functions for parsing and manipulating IP and MAC addresses.
Summary
~~~~~~~
Constants
#########
======================================================================= =
:zeek:id:`ip_addr_regex`: :zeek:type:`pattern`
:zeek:id:`ipv4_addr_regex`: :zeek:type:`pattern`
:zeek:id:`ipv4_decim`: :zeek:type:`pattern`
:zeek:id:`ipv6_8hex_regex`: :zeek:type:`pattern`
:zeek:id:`ipv6_addr_regex`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_hex4dec_regex`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_hex_regex`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_hext4dec_lead_hextets0`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_hext4dec_lead_hextets1`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_hext4dec_lead_hextets2`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_hext4dec_lead_hextets3`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_hext4dec_lead_hextets4`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_hext4dec_lead_hextets5`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_lead_hextets0`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_lead_hextets1`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_lead_hextets2`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_lead_hextets3`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_lead_hextets4`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_lead_hextets5`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_lead_hextets6`: :zeek:type:`pattern`
:zeek:id:`ipv6_compressed_lead_hextets7`: :zeek:type:`pattern`
:zeek:id:`ipv6_hex4dec_regex`: :zeek:type:`pattern`
:zeek:id:`ipv6_hextet`: :zeek:type:`pattern`
======================================================================= =
Functions
#########
====================================================== =========================================================================
:zeek:id:`addr_to_uri`: :zeek:type:`function` Returns the string representation of an IP address suitable for inclusion
in a URI.
:zeek:id:`extract_ip_addresses`: :zeek:type:`function` Extracts all IP (v4 or v6) address strings from a given string.
:zeek:id:`has_valid_octets`: :zeek:type:`function` Checks if all elements of a string array are a valid octet value.
:zeek:id:`normalize_mac`: :zeek:type:`function` Given a string, extracts the hex digits and returns a MAC address in
the format: 00:a0:32:d7:81:8f.
====================================================== =========================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Constants
#########
.. zeek:id:: ip_addr_regex
:source-code: base/utils/addrs.zeek 64 64
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)|(^?((^?((^?((^?((^?(([0-9A-Fa-f]{1,4}:){7})$?)(^?([0-9A-Fa-f]{1,4})$?))$?)|(^?((^?((^?((^?((^?((^?((^?((^?(::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,6})?)$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){5}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){6}::)$?))$?))$?)|(^?((^?(([0-9A-Fa-f]{1,4}:){6})$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?((^?((^?((^?((^?((^?(::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?))$?))$?/
.. zeek:id:: ipv4_addr_regex
:source-code: base/utils/addrs.zeek 7 7
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?/
.. zeek:id:: ipv4_decim
:source-code: base/utils/addrs.zeek 5 5
:Type: :zeek:type:`pattern`
:Default:
::
/^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?/
.. zeek:id:: ipv6_8hex_regex
:source-code: base/utils/addrs.zeek 11 11
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?(([0-9A-Fa-f]{1,4}:){7})$?)(^?([0-9A-Fa-f]{1,4})$?))$?/
.. zeek:id:: ipv6_addr_regex
:source-code: base/utils/addrs.zeek 59 59
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?((^?((^?((^?(([0-9A-Fa-f]{1,4}:){7})$?)(^?([0-9A-Fa-f]{1,4})$?))$?)|(^?((^?((^?((^?((^?((^?((^?((^?(::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,6})?)$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){5}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){6}::)$?))$?))$?)|(^?((^?(([0-9A-Fa-f]{1,4}:){6})$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?((^?((^?((^?((^?((^?(::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?))$?/
.. zeek:id:: ipv6_compressed_hex4dec_regex
:source-code: base/utils/addrs.zeek 52 52
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?((^?((^?((^?((^?((^?(::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?)|(^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?))$?/
.. zeek:id:: ipv6_compressed_hex_regex
:source-code: base/utils/addrs.zeek 31 31
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?((^?((^?((^?((^?((^?((^?(::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,6})?)$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){5}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?)$?))$?)|(^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){6}::)$?))$?/
.. zeek:id:: ipv6_compressed_hext4dec_lead_hextets0
:source-code: base/utils/addrs.zeek 40 40
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?(::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?/
.. zeek:id:: ipv6_compressed_hext4dec_lead_hextets1
:source-code: base/utils/addrs.zeek 42 42
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?/
.. zeek:id:: ipv6_compressed_hext4dec_lead_hextets2
:source-code: base/utils/addrs.zeek 44 44
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?/
.. zeek:id:: ipv6_compressed_hext4dec_lead_hextets3
:source-code: base/utils/addrs.zeek 46 46
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?/
.. zeek:id:: ipv6_compressed_hext4dec_lead_hextets4
:source-code: base/utils/addrs.zeek 48 48
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?/
.. zeek:id:: ipv6_compressed_hext4dec_lead_hextets5
:source-code: base/utils/addrs.zeek 50 50
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::)$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?/
.. zeek:id:: ipv6_compressed_lead_hextets0
:source-code: base/utils/addrs.zeek 15 15
:Type: :zeek:type:`pattern`
:Default:
::
/^?(::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,6})?)$?/
.. zeek:id:: ipv6_compressed_lead_hextets1
:source-code: base/utils/addrs.zeek 17 17
:Type: :zeek:type:`pattern`
:Default:
::
/^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?)$?/
.. zeek:id:: ipv6_compressed_lead_hextets2
:source-code: base/utils/addrs.zeek 19 19
:Type: :zeek:type:`pattern`
:Default:
::
/^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,4})?)$?/
.. zeek:id:: ipv6_compressed_lead_hextets3
:source-code: base/utils/addrs.zeek 21 21
:Type: :zeek:type:`pattern`
:Default:
::
/^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){2}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,3})?)$?/
.. zeek:id:: ipv6_compressed_lead_hextets4
:source-code: base/utils/addrs.zeek 23 23
:Type: :zeek:type:`pattern`
:Default:
::
/^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){3}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,2})?)$?/
.. zeek:id:: ipv6_compressed_lead_hextets5
:source-code: base/utils/addrs.zeek 25 25
:Type: :zeek:type:`pattern`
:Default:
::
/^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){4}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,1})?)$?/
.. zeek:id:: ipv6_compressed_lead_hextets6
:source-code: base/utils/addrs.zeek 27 27
:Type: :zeek:type:`pattern`
:Default:
::
/^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){5}::([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,0})?)$?/
.. zeek:id:: ipv6_compressed_lead_hextets7
:source-code: base/utils/addrs.zeek 29 29
:Type: :zeek:type:`pattern`
:Default:
::
/^?([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){6}::)$?/
.. zeek:id:: ipv6_hex4dec_regex
:source-code: base/utils/addrs.zeek 13 13
:Type: :zeek:type:`pattern`
:Default:
::
/^?((^?(([0-9A-Fa-f]{1,4}:){6})$?)(^?((^?((^?((^?((^?((^?((^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?)(^?(\.)$?))$?)(^?([0-9]{1}|[0-9]{2}|0[0-9]{2}|1[0-9]{2}|2[0-4][0-9]|25[0-5])$?))$?))$?/
.. zeek:id:: ipv6_hextet
:source-code: base/utils/addrs.zeek 9 9
:Type: :zeek:type:`pattern`
:Default:
::
/^?([0-9A-Fa-f]{1,4})$?/
Functions
#########
.. zeek:id:: addr_to_uri
:source-code: base/utils/addrs.zeek 126 132
:Type: :zeek:type:`function` (a: :zeek:type:`addr`) : :zeek:type:`string`
Returns the string representation of an IP address suitable for inclusion
in a URI. For IPv4, this does no special formatting, but for IPv6, the
address is included in square brackets.
:param a: the address to make suitable for URI inclusion.
:returns: the string representation of the address suitable for URI inclusion.
.. zeek:id:: extract_ip_addresses
:source-code: base/utils/addrs.zeek 89 117
:Type: :zeek:type:`function` (input: :zeek:type:`string`, check_wrapping: :zeek:type:`bool` :zeek:attr:`&default` = ``F`` :zeek:attr:`&optional`) : :zeek:type:`string_vec`
Extracts all IP (v4 or v6) address strings from a given string.
:param input: a string that may contain an IP address anywhere within it.
:param check_wrapping: if true, will only return IP addresses that are wrapped in matching pairs of spaces, square brackets, curly braces, or parens. This can be used to avoid extracting strings that look like IPs from innocuous strings, such as SMTP headers.
:returns: an array containing all valid IP address strings found in *input*.
.. zeek:id:: has_valid_octets
:source-code: base/utils/addrs.zeek 71 80
:Type: :zeek:type:`function` (octets: :zeek:type:`string_vec`) : :zeek:type:`bool`
Checks if all elements of a string array are a valid octet value.
:param octets: an array of strings to check for valid octet values.
:returns: T if every element is between 0 and 255, inclusive, else F.
.. zeek:id:: normalize_mac
:source-code: base/utils/addrs.zeek 141 159
:Type: :zeek:type:`function` (a: :zeek:type:`string`) : :zeek:type:`string`
Given a string, extracts the hex digits and returns a MAC address in
the format: 00:a0:32:d7:81:8f. If the string doesn't contain 12 or 16 hex
digits, an empty string is returned.
:param a: the string to normalize.
:returns: a normalized MAC address, or an empty string in the case of an error.
Reference in a new issue View git blame Copy permalink