base/bif/plugins/Zeek_ConnSize.functions.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Functions

get_current_conn_bytes_threshold: function

get_current_conn_duration_threshold: function

Gets the current duration threshold size for a connection.

get_current_conn_packets_threshold: function

Gets the current packet threshold size for a connection.

set_current_conn_bytes_threshold: function

Sets the current byte threshold for connection sizes, overwriting any potential old threshold.

set_current_conn_duration_threshold: function

Sets the current duration threshold for connection, overwriting any potential old threshold.

set_current_conn_packets_threshold: function

Sets a threshold for connection packets, overwriting any potential old thresholds.

Detailed Interface

Functions

get_current_conn_bytes_threshold
Type

function (cid: conn_id, is_orig: bool) : count

Parameters
  • cid – The connection id.

  • is_orig – If true, threshold of originator, otherwise threshold of responder.

Returns

0 if no threshold is set or the threshold in bytes

See also: set_current_conn_packets_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_packets_threshold, set_current_conn_duration_threshold, get_current_conn_duration_threshold

get_current_conn_duration_threshold
Type

function (cid: conn_id) : interval

Gets the current duration threshold size for a connection.

Parameters

cid – The connection id.

Returns

0 if no threshold is set or the threshold in seconds

See also: set_current_conn_packets_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_packets_threshold, set_current_conn_duration_threshold

get_current_conn_packets_threshold
Type

function (cid: conn_id, is_orig: bool) : count

Gets the current packet threshold size for a connection.

Parameters
  • cid – The connection id.

  • is_orig – If true, threshold of originator, otherwise threshold of responder.

Returns

0 if no threshold is set or the threshold in packets

See also: set_current_conn_packets_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_bytes_threshold, set_current_conn_duration_threshold, get_current_conn_duration_threshold

set_current_conn_bytes_threshold
Type

function (cid: conn_id, threshold: count, is_orig: bool) : bool

Sets the current byte threshold for connection sizes, overwriting any potential old threshold. Be aware that in nearly any case you will want to use the high level API instead (ConnThreshold::set_bytes_threshold).

Parameters
  • cid – The connection id.

  • threshold – Threshold in bytes.

  • is_orig – If true, threshold is set for bytes from originator, otherwise for bytes from responder.

See also: set_current_conn_packets_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, set_current_conn_duration_threshold, get_current_conn_duration_threshold

set_current_conn_duration_threshold
Type

function (cid: conn_id, threshold: interval) : bool

Sets the current duration threshold for connection, overwriting any potential old threshold. Be aware that in nearly any case you will want to use the high level API instead (ConnThreshold::set_duration_threshold).

Parameters
  • cid – The connection id.

  • threshold – Threshold in seconds.

See also: set_current_conn_packets_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, get_current_conn_duration_threshold

set_current_conn_packets_threshold
Type

function (cid: conn_id, threshold: count, is_orig: bool) : bool

Sets a threshold for connection packets, overwriting any potential old thresholds. Be aware that in nearly any case you will want to use the high level API instead (ConnThreshold::set_packets_threshold).

Parameters
  • cid – The connection id.

  • threshold – Threshold in packets.

  • is_orig – If true, threshold is set for packets from originator, otherwise for packets from responder.

See also: set_current_conn_bytes_threshold, conn_bytes_threshold_crossed, conn_packets_threshold_crossed, get_current_conn_bytes_threshold, get_current_conn_packets_threshold, set_current_conn_duration_threshold, get_current_conn_duration_threshold