base/protocols/conn/thresholds.bro
-
ConnThreshold
Implements a generic API to throw events when a connection crosses a fixed threshold of bytes or packets.
| Namespace: | ConnThreshold |
|---|---|
| Source File: | /scripts/base/protocols/conn/thresholds.bro |
Summary
Types
ConnThreshold::Thresholds: record |
Redefinitions
connection: record |
Events
ConnThreshold::bytes_threshold_crossed: event |
Generated for a connection that crossed a set byte threshold |
ConnThreshold::packets_threshold_crossed: event |
Generated for a connection that crossed a set byte threshold |
Functions
ConnThreshold::delete_bytes_threshold: function |
Deletes a byte threshold for connection sizes. |
ConnThreshold::delete_packets_threshold: function |
Deletes a packet threshold for connection sizes. |
ConnThreshold::set_bytes_threshold: function |
Sets a byte threshold for connection sizes, adding it to potentially already existing thresholds. |
ConnThreshold::set_packets_threshold: function |
Sets a packet threshold for connection sizes, adding it to potentially already existing thresholds. |
Detailed Interface
Types
-
ConnThreshold::Thresholds Type: - orig_byte:
set[count]&default={ }&optional current originator byte thresholds we watch for
- resp_byte:
set[count]&default={ }&optional current responder byte thresholds we watch for
- orig_packet:
set[count]&default={ }&optional corrent originator packet thresholds we watch for
- resp_packet:
set[count]&default={ }&optional corrent responder packet thresholds we watch for
- orig_byte:
Events
-
ConnThreshold::bytes_threshold_crossed Type: event(c:connection, threshold:count, is_orig:bool)Generated for a connection that crossed a set byte threshold
C: the connection Threshold: the threshold that was set Is_orig: True if the threshold was crossed by the originator of the connection
-
ConnThreshold::packets_threshold_crossed Type: event(c:connection, threshold:count, is_orig:bool)Generated for a connection that crossed a set byte threshold
C: the connection Threshold: the threshold that was set Is_orig: True if the threshold was crossed by the originator of the connection
Functions
-
ConnThreshold::delete_bytes_threshold Type: function(c:connection, threshold:count, is_orig:bool) :boolDeletes a byte threshold for connection sizes.
Cid: The connection id. Threshold: Threshold in bytes to remove. Is_orig: If true, threshold is removed for packets from originator, otherwhise for packets from responder. Returns: T on success, F on failure.
-
ConnThreshold::delete_packets_threshold Type: function(c:connection, threshold:count, is_orig:bool) :boolDeletes a packet threshold for connection sizes.
Cid: The connection id. Threshold: Threshold in packets. Is_orig: If true, threshold is removed for packets from originator, otherwise for packets from responder. Returns: T on success, F on failure.
-
ConnThreshold::set_bytes_threshold Type: function(c:connection, threshold:count, is_orig:bool) :boolSets a byte threshold for connection sizes, adding it to potentially already existing thresholds. conn_bytes_threshold_crossed will be raised for each set threshold.
Cid: The connection id. Threshold: Threshold in bytes. Is_orig: If true, threshold is set for bytes from originator, otherwise for bytes from responder. Returns: T on success, F on failure.
-
ConnThreshold::set_packets_threshold Type: function(c:connection, threshold:count, is_orig:bool) :boolSets a packet threshold for connection sizes, adding it to potentially already existing thresholds. conn_packets_threshold_crossed will be raised for each set threshold.
Cid: The connection id. Threshold: Threshold in packets. Is_orig: If true, threshold is set for packets from originator, otherwise for packets from responder. Returns: T on success, F on failure.
