base/utils/site.bro
-
Site
Definitions describing a site - which networks and DNS zones are “local”
and “neighbors”, and servers running particular services.
Detailed Interface
Runtime Options
-
Site::local_admins
-
If local network administrators are known and they have responsibility
for defined address space, then a mapping can be defined here between
networks for which they have responsibility and a set of email
addresses.
-
Site::local_nets
-
Networks that are considered “local”. Note that BroControl sets
this automatically.
-
Site::local_zones
-
DNS zones that are considered “local”.
-
Site::neighbor_nets
-
Networks that are considered “neighbors”.
-
Site::neighbor_zones
-
DNS zones that are considered “neighbors”.
-
Site::private_address_space
-
{
10.0.0.0/8,
127.0.0.0/8,
172.16.0.0/12,
100.64.0.0/10,
fe80::/10,
::1/128,
192.168.0.0/16
}
Address space that is considered private and unrouted.
By default it has RFC defined non-routable IPv4 address space.
State Variables
-
Site::local_nets_table
-
This is used for retrieving the subnet when using multiple entries in
Site::local_nets
. It’s populated automatically from there.
A membership query can be done with an
addr
and the table will yield the subnet it was found
within.
Functions
-
Site::get_emails
-
Function that returns a comma-separated list of email addresses
that are considered administrators for the IP address provided as
an argument.
The function inspects Site::local_admins
.
-
Site::is_local_addr
-
Function that returns true if an address corresponds to one of
the local networks, false if not.
The function inspects Site::local_nets
.
-
Site::is_local_name
-
Function that returns true if a host name is within a local
DNS zone.
The function inspects Site::local_zones
.
-
Site::is_neighbor_addr
-
Function that returns true if an address corresponds to one of
the neighbor networks, false if not.
The function inspects Site::neighbor_nets
.
-
Site::is_neighbor_name
-
Function that returns true if a host name is within a neighbor
DNS zone.
The function inspects Site::neighbor_zones
.
-
Site::is_private_addr
-
Function that returns true if an address corresponds to one of
the private/unrouted networks, false if not.
The function inspects Site::private_address_space
.