base/frameworks/netcontrol/drop.zeek
- NetControl
Implementation of the drop functionality for NetControl.
- Namespace
NetControl
- Imports
Summary
Types
Redefinitions
Events
Event that can be handled to access the |
Hooks
Hook that allows the modification of rules passed to drop_* before they are passed on. |
|
Functions
Stops all packets involving an IP address from being forwarded. |
|
Stops all packets involving a connection address from being forwarded. |
Detailed Interface
Types
- NetControl::DropInfo
- Type
-
- ts:
time
&log
Time at which the recorded activity occurred.
- rule_id:
string
&log
ID of the rule; unique during each Zeek run.
- orig_h:
addr
&log
The originator’s IP address.
- orig_p:
port
&log
&optional
The originator’s port number.
- resp_h:
addr
&log
&optional
The responder’s IP address.
- resp_p:
port
&log
&optional
The responder’s port number.
- expire:
interval
&log
Expiry time of the shunt.
- location:
string
&log
&optional
Location where the underlying action was triggered.
- ts:
Events
- NetControl::log_netcontrol_drop
- Type
event
(rec:NetControl::DropInfo
)
Event that can be handled to access the
NetControl::ShuntInfo
record as it is sent on to the logging framework.
Hooks
- NetControl::drop_rule_policy
- Type
hook
(r:NetControl::Rule
) :bool
Hook that allows the modification of rules passed to drop_* before they are passed on. If one of the hooks uses break, the rule is ignored.
- Parameters
r – The rule to be added.
Functions
- NetControl::drop_address
-
Stops all packets involving an IP address from being forwarded.
- Parameters
a – The address to be dropped.
t – How long to drop it, with 0 being indefinitely.
location – An optional string describing where the drop was triggered.
- Returns
The id of the inserted rule on success and zero on failure.
- NetControl::drop_connection
-
Stops all packets involving a connection address from being forwarded.
- Parameters
c – The connection to be dropped.
t – How long to drop it, with 0 being indefinitely.
location – An optional string describing where the drop was triggered.
- Returns
The id of the inserted rule on success and zero on failure.