Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/doc/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro.rst
Jon Siwek 7e9d48f532 Remove broxygen Sphinx integration 
The broxygen-generated files now live in the git repo, have tests
that check that they are up-to-date, and a script to re-generate
them on-demand.
2018-12-18 10:15:22 -06:00

122 lines
4.2 KiB
ReStructuredText
Raw Blame History

:tocdepth: 3
base/bif/plugins/Bro_TCP.functions.bif.bro
==========================================
.. bro:namespace:: GLOBAL
:Namespace: GLOBAL
Summary
~~~~~~~
Functions
#########
================================================= ======================================================================
:bro:id:`get_contents_file`: :bro:type:`function` Returns the file handle of the contents file of a connection.
:bro:id:`get_orig_seq`: :bro:type:`function` Get the originator sequence number of a TCP connection.
:bro:id:`get_resp_seq`: :bro:type:`function` Get the responder sequence number of a TCP connection.
:bro:id:`set_contents_file`: :bro:type:`function` Associates a file handle with a connection for writing TCP byte stream
contents.
================================================= ======================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Functions
#########
.. bro:id:: get_contents_file
:Type: :bro:type:`function` (cid: :bro:type:`conn_id`, direction: :bro:type:`count`) : :bro:type:`file`
Returns the file handle of the contents file of a connection.
:cid: The connection ID.
:direction: Controls what sides of the connection to record. See
:bro:id:`set_contents_file` for possible values.
:returns: The :bro:type:`file` handle for the contents file of the
connection identified by *cid*. If the connection exists
but there is no contents file for *direction*, then the function
generates an error and returns a file handle to ``stderr``.
.. bro:see:: set_contents_file set_record_packets contents_file_write_failure
.. bro:id:: get_orig_seq
:Type: :bro:type:`function` (cid: :bro:type:`conn_id`) : :bro:type:`count`
Get the originator sequence number of a TCP connection. Sequence numbers
are absolute (i.e., they reflect the values seen directly in packet headers;
they are not relative to the beginning of the connection).
:cid: The connection ID.
:returns: The highest sequence number sent by a connection's originator, or 0
if *cid* does not point to an active TCP connection.
.. bro:see:: get_resp_seq
.. bro:id:: get_resp_seq
:Type: :bro:type:`function` (cid: :bro:type:`conn_id`) : :bro:type:`count`
Get the responder sequence number of a TCP connection. Sequence numbers
are absolute (i.e., they reflect the values seen directly in packet headers;
they are not relative to the beginning of the connection).
:cid: The connection ID.
:returns: The highest sequence number sent by a connection's responder, or 0
if *cid* does not point to an active TCP connection.
.. bro:see:: get_orig_seq
.. bro:id:: set_contents_file
:Type: :bro:type:`function` (cid: :bro:type:`conn_id`, direction: :bro:type:`count`, f: :bro:type:`file`) : :bro:type:`bool`
Associates a file handle with a connection for writing TCP byte stream
contents.
:cid: The connection ID.
:direction: Controls what sides of the connection to record. The argument can
take one of the four values:
- ``CONTENTS_NONE``: Stop recording the connection's content.
- ``CONTENTS_ORIG``: Record the data sent by the connection
originator (often the client).
- ``CONTENTS_RESP``: Record the data sent by the connection
responder (often the server).
- ``CONTENTS_BOTH``: Record the data sent in both directions.
Results in the two directions being intermixed in the file,
in the order the data was seen by Bro.
:f: The file handle of the file to write the contents to.
:returns: Returns false if *cid* does not point to an active connection, and
true otherwise.
.. note::
The data recorded to the file reflects the byte stream, not the
contents of individual packets. Reordering and duplicates are
removed. If any data is missing, the recording stops at the
missing data; this can happen, e.g., due to an
:bro:id:`content_gap` event.
.. bro:see:: get_contents_file set_record_packets contents_file_write_failure
Reference in a new issue View git blame Copy permalink