base/utils/directions-and-hosts.zeek

Imports

base/utils/site.zeek

Summary

Types

Direction: enum

Host: enum

Functions

addr_matches_host: function

Checks whether a given host (IP address) matches a given host type.

id_matches_direction: function

Checks whether a given connection is of a given direction with respect to the locally-monitored network.

Detailed Interface

Types

Direction
Type

enum

INBOUND

The connection originator is not within the locally-monitored network, but the other endpoint is.

OUTBOUND

The connection originator is within the locally-monitored network, but the other endpoint is not.

BIDIRECTIONAL

Only one endpoint is within the locally-monitored network, meaning the connection is either outbound or inbound.

NO_DIRECTION

This value doesn’t match any connection.

Host
Type

enum

LOCAL_HOSTS

A host within the locally-monitored network.

REMOTE_HOSTS

A host not within the locally-monitored network.

ALL_HOSTS

Any host.

NO_HOSTS

This value doesn’t match any host.

Functions

addr_matches_host
Type

function (ip: addr, h: Host) : bool

Checks whether a given host (IP address) matches a given host type.

Parameters
  • ip – address of a host.

  • h – a host type.

Returns

T if the given host matches the given type, else F.

id_matches_direction
Type

function (id: conn_id, d: Direction) : bool

Checks whether a given connection is of a given direction with respect to the locally-monitored network.

Parameters
  • id – a connection record containing the originator/responder hosts.

  • d – a direction with respect to the locally-monitored network.

Returns

T if the two connection endpoints match the given direction, else F.