policy/frameworks/packet-filter/shunt.bro

PacketFilter
Namespace:PacketFilter
Imports:base/frameworks/notice, base/frameworks/packet-filter
Source File:/scripts/policy/frameworks/packet-filter/shunt.bro

Summary

Options

PacketFilter::max_bpf_shunts: count &redef The maximum number of BPF based shunts that Bro is allowed to perform.

Redefinitions

Notice::Type: enum  

Functions

PacketFilter::current_shunted_conns: function Retrieve the currently shunted connections.
PacketFilter::current_shunted_host_pairs: function Retrieve the currently shunted host pairs.
PacketFilter::force_unshunt_host_pair: function Performs the same function as the PacketFilter::unshunt_host_pair function, but it forces an immediate filter update.
PacketFilter::shunt_conn: function Call this function to use BPF to shunt a connection (to prevent the data packets from reaching Bro).
PacketFilter::shunt_host_pair: function This function will use a BPF expression to shunt traffic between the two hosts given in the conn_id so that the traffic is never exposed to Bro’s traffic processing.
PacketFilter::unshunt_host_pair: function Remove shunting for a host pair given as a conn_id.

Detailed Interface

Options

PacketFilter::max_bpf_shunts
Type:count
Attributes:&redef
Default:100

The maximum number of BPF based shunts that Bro is allowed to perform.

Functions

PacketFilter::current_shunted_conns
Type:function () : set [conn_id]

Retrieve the currently shunted connections.

PacketFilter::current_shunted_host_pairs
Type:function () : set [conn_id]

Retrieve the currently shunted host pairs.

PacketFilter::force_unshunt_host_pair
Type:function (id: conn_id) : bool

Performs the same function as the PacketFilter::unshunt_host_pair function, but it forces an immediate filter update.

PacketFilter::shunt_conn
Type:function (id: conn_id) : bool

Call this function to use BPF to shunt a connection (to prevent the data packets from reaching Bro). For TCP connections, control packets are still allowed through so that Bro can continue logging the connection and it can stop shunting once the connection ends.

PacketFilter::shunt_host_pair
Type:function (id: conn_id) : bool

This function will use a BPF expression to shunt traffic between the two hosts given in the conn_id so that the traffic is never exposed to Bro’s traffic processing.

PacketFilter::unshunt_host_pair
Type:function (id: conn_id) : bool

Remove shunting for a host pair given as a conn_id. The filter is not immediately removed. It waits for the occasional filter update done by the PacketFilter framework.


Table of Contents

Next Page

policy/frameworks/software/version-changes.bro

Previous Page

policy/frameworks/files/entropy-test-all-files.bro

Copyright 2016, The Bro Project. Last updated on December 07, 2018. Created using Sphinx 1.8.2.