base/protocols/conn/thresholds.bro

ConnThreshold

Implements a generic API to throw events when a connection crosses a fixed threshold of bytes or packets.

Namespace:ConnThreshold
Source File:/scripts/base/protocols/conn/thresholds.bro

Summary

Redefinitions

connection: record  

Events

ConnThreshold::bytes_threshold_crossed: event Generated for a connection that crossed a set byte threshold
ConnThreshold::packets_threshold_crossed: event Generated for a connection that crossed a set byte threshold

Functions

ConnThreshold::delete_bytes_threshold: function Deletes a byte threshold for connection sizes.
ConnThreshold::delete_packets_threshold: function Deletes a packet threshold for connection sizes.
ConnThreshold::set_bytes_threshold: function Sets a byte threshold for connection sizes, adding it to potentially already existing thresholds.
ConnThreshold::set_packets_threshold: function Sets a packet threshold for connection sizes, adding it to potentially already existing thresholds.

Detailed Interface

Types

ConnThreshold::Thresholds
Type:

record

orig_byte: set [count] &default = {  } &optional

current originator byte thresholds we watch for

resp_byte: set [count] &default = {  } &optional

current responder byte thresholds we watch for

orig_packet: set [count] &default = {  } &optional

corrent originator packet thresholds we watch for

resp_packet: set [count] &default = {  } &optional

corrent responder packet thresholds we watch for

Events

ConnThreshold::bytes_threshold_crossed
Type:event (c: connection, threshold: count, is_orig: bool)

Generated for a connection that crossed a set byte threshold

C:the connection
Threshold:the threshold that was set
Is_orig:True if the threshold was crossed by the originator of the connection
ConnThreshold::packets_threshold_crossed
Type:event (c: connection, threshold: count, is_orig: bool)

Generated for a connection that crossed a set byte threshold

C:the connection
Threshold:the threshold that was set
Is_orig:True if the threshold was crossed by the originator of the connection

Functions

ConnThreshold::delete_bytes_threshold
Type:function (c: connection, threshold: count, is_orig: bool) : bool

Deletes a byte threshold for connection sizes.

Cid:The connection id.
Threshold:Threshold in bytes to remove.
Is_orig:If true, threshold is removed for packets from originator, otherwhise for packets from responder.
Returns:T on success, F on failure.
ConnThreshold::delete_packets_threshold
Type:function (c: connection, threshold: count, is_orig: bool) : bool

Deletes a packet threshold for connection sizes.

Cid:The connection id.
Threshold:Threshold in packets.
Is_orig:If true, threshold is removed for packets from originator, otherwise for packets from responder.
Returns:T on success, F on failure.
ConnThreshold::set_bytes_threshold
Type:function (c: connection, threshold: count, is_orig: bool) : bool

Sets a byte threshold for connection sizes, adding it to potentially already existing thresholds. conn_bytes_threshold_crossed will be raised for each set threshold.

Cid:The connection id.
Threshold:Threshold in bytes.
Is_orig:If true, threshold is set for bytes from originator, otherwise for bytes from responder.
Returns:T on success, F on failure.
ConnThreshold::set_packets_threshold
Type:function (c: connection, threshold: count, is_orig: bool) : bool

Sets a packet threshold for connection sizes, adding it to potentially already existing thresholds. conn_packets_threshold_crossed will be raised for each set threshold.

Cid:The connection id.
Threshold:Threshold in packets.
Is_orig:If true, threshold is set for packets from originator, otherwise for packets from responder.
Returns:T on success, F on failure.
Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.