base/utils/directions-and-hosts.zeek
- Imports
Summary
Types
Functions
Checks whether a given host (IP address) matches a given host type. |
|
Checks whether a given connection is of a given direction with respect to the locally-monitored network. |
Detailed Interface
Types
- Direction
- Type
-
- INBOUND
The connection originator is not within the locally-monitored network, but the other endpoint is.
- OUTBOUND
The connection originator is within the locally-monitored network, but the other endpoint is not.
- BIDIRECTIONAL
Only one endpoint is within the locally-monitored network, meaning the connection is either outbound or inbound.
- NO_DIRECTION
This value doesn’t match any connection.
Functions
- addr_matches_host
-
Checks whether a given host (IP address) matches a given host type.
- Parameters
ip – address of a host.
h – a host type.
- Returns
T if the given host matches the given type, else F.
- id_matches_direction
-
Checks whether a given connection is of a given direction with respect to the locally-monitored network.
- Parameters
id – a connection record containing the originator/responder hosts.
d – a direction with respect to the locally-monitored network.
- Returns
T if the two connection endpoints match the given direction, else F.