mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
30399d86e9
I am not going to edit the attributes any further, please go ahead and text to the missing TODOs.
164 lines
4.3 KiB
ReStructuredText
164 lines
4.3 KiB
ReStructuredText
Builtin Types and Attributes
|
|
============================
|
|
|
|
Types
|
|
-----
|
|
|
|
The Bro scripting language supports the following built-in types.
|
|
|
|
.. TODO: add documentation
|
|
|
|
.. bro:type:: void
|
|
|
|
.. bro:type:: bool
|
|
|
|
.. bro:type:: int
|
|
|
|
.. bro:type:: count
|
|
|
|
.. bro:type:: counter
|
|
|
|
.. bro:type:: double
|
|
|
|
.. bro:type:: time
|
|
|
|
.. bro:type:: interval
|
|
|
|
.. bro:type:: string
|
|
|
|
.. bro:type:: pattern
|
|
|
|
.. bro:type:: enum
|
|
|
|
.. bro:type:: timer
|
|
|
|
.. bro:type:: port
|
|
|
|
.. bro:type:: addr
|
|
|
|
.. bro:type:: net
|
|
|
|
.. bro:type:: subnet
|
|
|
|
.. bro:type:: any
|
|
|
|
.. bro:type:: table
|
|
|
|
.. bro:type:: union
|
|
|
|
.. bro:type:: record
|
|
|
|
.. bro:type:: types
|
|
|
|
.. bro:type:: func
|
|
|
|
.. bro:type:: file
|
|
|
|
.. bro:type:: vector
|
|
|
|
.. TODO: below are kind of "special cases" that bro knows about?
|
|
|
|
.. bro:type:: set
|
|
|
|
.. bro:type:: function
|
|
|
|
.. bro:type:: event
|
|
|
|
Attributes
|
|
----------
|
|
|
|
Attributes occur at the end of type/event declarations and change their
|
|
behavior. The syntax is ``&key`` or ``&key=val``, e.g.,
|
|
``type T: set[count] &read_expire=5min`` or ``event foo() &priority=-3``.
|
|
The Bro scripting language supports the following built-in attributes.
|
|
|
|
## Allows record field to be missing. For example the type
|
|
## ``record { a: int, b: port &optional }`` could be instantiated both as
|
|
## singleton ``[$a=127.0.0.1]`` or pair ``[$a=127.0.0.1, $b=80/tcp]``.
|
|
.. bro:attr:: &optional
|
|
|
|
## Uses a default value for a record field or container elements. For example,
|
|
## ``table[int] of string &default="foo" }`` would create table that returns
|
|
## The :bro:type:`string` ``"foo"`` for any non-existing index.
|
|
.. bro:attr:: &default
|
|
|
|
## Allows for redefinition of initial object values. This is typically used
|
|
## with constants, for example, ``const clever = T &redef;`` would allow the
|
|
## constant to be redifined at some later point during script execution.
|
|
.. bro:attr:: &redef
|
|
|
|
## Rotates a file after a specified interval.
|
|
.. bro:attr:: &rotate_interval
|
|
|
|
## Rotates af file after it has reached a given size in bytes.
|
|
.. bro:attr:: &rotate_size
|
|
|
|
## ..TODO: needs to be documented.
|
|
.. bro:attr:: &add_func
|
|
|
|
## ..TODO: needs to be documented.
|
|
.. bro:attr:: &delete_func
|
|
|
|
## Called right before a container element expires.
|
|
.. bro:attr:: &expire_func
|
|
|
|
## Specifies a read expiration timeout for container elements. That is, the
|
|
## element expires after the given amount of time since the last time it has
|
|
## been read. Note that a write also counts as a read.
|
|
.. bro:attr:: &read_expire
|
|
|
|
## Specifies a write expiration timeout for container elements. That is, the
|
|
## element expires after the given amount of time since the last time it has
|
|
## been written.
|
|
.. bro:attr:: &write_expire
|
|
|
|
## Specifies a creation expiration timeout for container elements. That is, the
|
|
## element expires after the given amount of time since it has been inserted
|
|
## into the container, regardless of any reads or writes.
|
|
.. bro:attr:: &create_expire
|
|
|
|
## Makes a variable persistent, i.e., its value is writen to disk (per default
|
|
## at shutdown time).
|
|
.. bro:attr:: &persistent
|
|
|
|
## Synchronizes variable accesses across nodes. The value of a
|
|
## ``&synchronized`` variable is automatically propagated to all peers when it
|
|
## changes.
|
|
.. bro:attr:: &synchronized
|
|
|
|
## ..TODO: needs to be documented.
|
|
.. bro:attr:: &postprocessor
|
|
|
|
## Encryptes files right before writing them to disk.
|
|
## ..TODO: needs to be documented in more detail.
|
|
.. bro:attr:: &encrypt
|
|
|
|
## ..TODO: needs to be documented.
|
|
.. bro:attr:: &match
|
|
|
|
## Deprecated. Will be removed.
|
|
.. bro:attr:: &disable_print_hook
|
|
|
|
## Opens a file in raw mode, i.e., non-ASCII characters are not escaped.
|
|
.. bro:attr:: &raw_output
|
|
|
|
## Prefers set union to assignment for synchronized state. This attribute is
|
|
## used in conjunction with :bro:attr:`synchronized` container types: when the
|
|
## same container is updated at two peers with different value, the propagation
|
|
## of the state causes a race condition, where the last update succeeds. This
|
|
## can cause inconsistencies and can be avoided by unifying the two sets,
|
|
## rather than merely overwriting the old value.
|
|
.. bro:attr:: &mergeable
|
|
|
|
## Specifies the execution priority of an event handler. Higher values are
|
|
## executed before lower ones. The default value is 0.
|
|
.. bro:attr:: &priority
|
|
|
|
## Groups event handlers such that those in the same group can be jointly
|
|
## activated or deactivated.
|
|
.. bro:attr:: &group
|
|
|
|
## Writes a record field to the associated log stream.
|
|
.. bro:attr:: &log
|
|
|
|
.. bro:attr:: (&tracked)
|