base/frameworks/netcontrol/drop.bro

NetControl

Implementation of the drop functionality for NetControl.

Namespace:	NetControl
Imports:	base/frameworks/netcontrol/main.bro
Source File:	`/scripts/base/frameworks/netcontrol/drop.bro`

Summary

Types

NetControl::DropInfo: record

Redefinitions

Log::ID: enum

Events

NetControl::log_netcontrol_drop: event Event that can be handled to access the NetControl::ShuntInfo record as it is sent on to the logging framework.

Hooks

NetControl::drop_rule_policy: hook Hook that allows the modification of rules passed to drop_* before they are passed on.

Functions

`NetControl::drop_address`: `function`	Stops all packets involving an IP address from being forwarded.
`NetControl::drop_connection`: `function`	Stops all packets involving a connection address from being forwarded.

Detailed Interface

Types

NetControl::DropInfo

Type:

Type:	`record` ts: `time` `&log` Time at which the recorded activity occurred. rule_id: `string` `&log` ID of the rule; unique during each Bro run. orig_h: `addr` `&log` The originator’s IP address. orig_p: `port` `&log` `&optional` The originator’s port number. resp_h: `addr` `&log` `&optional` The responder’s IP address. resp_p: `port` `&log` `&optional` The responder’s port number. expire: `interval` `&log` Expiry time of the shunt. location: `string` `&log` `&optional` Location where the underlying action was triggered.

record

ts: time &log: Time at which the recorded activity occurred.
rule_id: string &log: ID of the rule; unique during each Bro run.
orig_h: addr &log: The originator’s IP address.
orig_p: port &log &optional: The originator’s port number.
resp_h: addr &log &optional: The responder’s IP address.
resp_p: port &log &optional: The responder’s port number.
expire: interval &log: Expiry time of the shunt.
location: string &log &optional: Location where the underlying action was triggered.

Events

NetControl::log_netcontrol_drop

Type:	`event` (rec: `NetControl::DropInfo`)

Event that can be handled to access the NetControl::ShuntInfo record as it is sent on to the logging framework.

Hooks

NetControl::drop_rule_policy

Type:	`hook` (r: `NetControl::Rule`) : `bool`

Hook that allows the modification of rules passed to drop_* before they are passed on. If one of the hooks uses break, the rule is ignored.

R:	The rule to be added.

Functions

NetControl::drop_address

Type:	`function` (a: `addr`, t: `interval`, location: `string` `&default` = `""` `&optional`) : `string`

Stops all packets involving an IP address from being forwarded.

A:	The address to be dropped.
T:	How long to drop it, with 0 being indefinitely.
Location:	An optional string describing where the drop was triggered.
Returns:	The id of the inserted rule on success and zero on failure.

NetControl::drop_connection

Type:	`function` (c: `conn_id`, t: `interval`, location: `string` `&default` = `""` `&optional`) : `string`

Stops all packets involving a connection address from being forwarded.

C:	The connection to be dropped.
T:	How long to drop it, with 0 being indefinitely.
Location:	An optional string describing where the drop was triggered.
Returns:	The id of the inserted rule on success and zero on failure.

base/frameworks/netcontrol/drop.bro

Summary

Types

Redefinitions

Events

Hooks

Functions

Detailed Interface

Types

Events

Hooks

Functions

Table of Contents

Next Page

Previous Page

base/frameworks/netcontrol/drop.bro

Summary

Types

Redefinitions

Events

Hooks

Functions

Detailed Interface

Types

Events

Hooks

Functions

Table of Contents

Next Page

Previous Page

Search