mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 23:58:20 +00:00
47500ceef4
Fixed most @load dependency issues in the process. The test is still failing in a "known" way due to hot.conn.bro and scan.bro. Adressess #545
36 lines
877 B
Text
36 lines
877 B
Text
##! This script extends the built in notice code to implement the IP address
|
|
##! dropping functionality.
|
|
|
|
@load ../main
|
|
|
|
module Notice;
|
|
|
|
export {
|
|
redef enum Action += {
|
|
## Drops the address via Drop::drop_address, and generates an alarm.
|
|
ACTION_DROP
|
|
};
|
|
|
|
redef record Info += {
|
|
## Indicate if the $src IP address was dropped and denied network access.
|
|
dropped: bool &log &default=F;
|
|
};
|
|
}
|
|
|
|
# This is a little awkward because we want to inject drop along with the
|
|
# synchronous functions.
|
|
event bro_init()
|
|
{
|
|
local drop_func = function(n: Notice::Info)
|
|
{
|
|
if ( ACTION_DROP in n$actions )
|
|
{
|
|
#local drop = React::drop_address(n$src, "");
|
|
#local addl = drop?$sub ? fmt(" %s", drop$sub) : "";
|
|
#n$dropped = drop$note != Drop::AddressDropIgnored;
|
|
#n$msg += fmt(" [%s%s]", drop$note, addl);
|
|
}
|
|
};
|
|
|
|
add Notice::sync_functions[drop_func];
|
|
}
|