base/frameworks/netcontrol/drop.bro

NetControl

Implementation of the drop functionality for NetControl.

Namespace:NetControl
Imports:base/frameworks/netcontrol/main.bro
Source File:/scripts/base/frameworks/netcontrol/drop.bro

Summary

Redefinitions

Log::ID: enum  

Events

NetControl::log_netcontrol_drop: event Event that can be handled to access the NetControl::ShuntInfo record as it is sent on to the logging framework.

Hooks

NetControl::drop_rule_policy: hook Hook that allows the modification of rules passed to drop_* before they are passed on.

Functions

NetControl::drop_address: function Stops all packets involving an IP address from being forwarded.
NetControl::drop_connection: function Stops all packets involving a connection address from being forwarded.

Detailed Interface

Types

NetControl::DropInfo
Type:

record

ts: time &log

Time at which the recorded activity occurred.

rule_id: string &log

ID of the rule; unique during each Bro run.

orig_h: addr &log

The originator’s IP address.

orig_p: port &log &optional

The originator’s port number.

resp_h: addr &log &optional

The responder’s IP address.

resp_p: port &log &optional

The responder’s port number.

expire: interval &log

Expiry time of the shunt.

location: string &log &optional

Location where the underlying action was triggered.

Events

NetControl::log_netcontrol_drop
Type:event (rec: NetControl::DropInfo)

Event that can be handled to access the NetControl::ShuntInfo record as it is sent on to the logging framework.

Hooks

NetControl::drop_rule_policy
Type:hook (r: NetControl::Rule) : bool

Hook that allows the modification of rules passed to drop_* before they are passed on. If one of the hooks uses break, the rule is ignored.

R:The rule to be added.

Functions

NetControl::drop_address
Type:function (a: addr, t: interval, location: string &default = "" &optional) : string

Stops all packets involving an IP address from being forwarded.

A:The address to be dropped.
T:How long to drop it, with 0 being indefinitely.
Location:An optional string describing where the drop was triggered.
Returns:The id of the inserted rule on success and zero on failure.
NetControl::drop_connection
Type:function (c: conn_id, t: interval, location: string &default = "" &optional) : string

Stops all packets involving a connection address from being forwarded.

C:The connection to be dropped.
T:How long to drop it, with 0 being indefinitely.
Location:An optional string describing where the drop was triggered.
Returns:The id of the inserted rule on success and zero on failure.
Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.