base/frameworks/netcontrol/shunt.bro

NetControl

Implementation of the shunt functionality for NetControl.

Namespace:NetControl
Imports:base/frameworks/netcontrol/main.bro
Source File:/scripts/base/frameworks/netcontrol/shunt.bro

Summary

Redefinitions

Log::ID: enum  

Events

NetControl::log_netcontrol_shunt: event Event that can be handled to access the NetControl::ShuntInfo record as it is sent on to the logging framework.

Functions

NetControl::shunt_flow: function Stops forwarding a uni-directional flow’s packets to Bro.

Detailed Interface

Types

NetControl::ShuntInfo
Type:

record

ts: time &log

Time at which the recorded activity occurred.

rule_id: string &log

ID of the rule; unique during each Bro run.

f: flow_id &log

Flow ID of the shunted flow.

expire: interval &log

Expiry time of the shunt.

location: string &log &optional

Location where the underlying action was triggered.

Events

NetControl::log_netcontrol_shunt
Type:event (rec: NetControl::ShuntInfo)

Event that can be handled to access the NetControl::ShuntInfo record as it is sent on to the logging framework.

Functions

NetControl::shunt_flow
Type:function (f: flow_id, t: interval, location: string &default = "" &optional) : string

Stops forwarding a uni-directional flow’s packets to Bro.

F:The flow to shunt.
T:How long to leave the shunt in place, with 0 being indefinitely.
Location:An optional string describing where the shunt was triggered.
Returns:The id of the inserted rule on success and zero on failure.
Copyright 2016, The Bro Project. Last updated on December 19, 2018. Created using Sphinx 1.8.2.