base/frameworks/packet-filter/utils.zeek

PacketFilter
Namespace

PacketFilter

Summary

Functions

PacketFilter::combine_filters: function

Combines two valid BPF filter strings with a string based operator to form a new filter.

PacketFilter::port_to_bpf: function

Takes a port and returns a BPF expression which will match the port.

PacketFilter::sampling_filter: function

Create a BPF filter to sample IPv4 and IPv6 traffic.

Detailed Interface

Functions

PacketFilter::combine_filters
Type

function (lfilter: string, op: string, rfilter: string) : string

Combines two valid BPF filter strings with a string based operator to form a new filter.

Parameters
  • lfilter – Filter which will go on the left side.

  • op – Operation being applied (typically “or” or “and”).

  • rfilter – Filter which will go on the right side.

Returns

A new string representing the two filters combined with the operator. Either filter being an empty string will still result in a valid filter.

PacketFilter::port_to_bpf
Type

function (p: port) : string

Takes a port and returns a BPF expression which will match the port.

Parameters

p – The port.

Returns

A valid BPF filter string for matching the port.

PacketFilter::sampling_filter
Type

function (num_parts: count, this_part: count) : string

Create a BPF filter to sample IPv4 and IPv6 traffic.

Parameters
  • num_parts – The number of parts the traffic should be split into.

  • this_part – The part of the traffic this filter will accept (0-based).