base/frameworks/netcontrol/shunt.zeek

NetControl

Implementation of the shunt functionality for NetControl.

Namespace

NetControl

Imports

base/frameworks/netcontrol/main.zeek

Summary

Types

NetControl::ShuntInfo: record

Redefinitions

Log::ID: enum

Events

NetControl::log_netcontrol_shunt: event

Event that can be handled to access the NetControl::ShuntInfo record as it is sent on to the logging framework.

Hooks

NetControl::log_policy_shunt: Log::PolicyHook

Functions

NetControl::shunt_flow: function

Stops forwarding a uni-directional flow’s packets to Zeek.

Detailed Interface

Types

NetControl::ShuntInfo
Type

record

ts: time &log

Time at which the recorded activity occurred.

rule_id: string &log

ID of the rule; unique during each Zeek run.

f: flow_id &log

Flow ID of the shunted flow.

expire: interval &log

Expiry time of the shunt.

location: string &log &optional

Location where the underlying action was triggered.

Events

NetControl::log_netcontrol_shunt
Type

event (rec: NetControl::ShuntInfo)

Event that can be handled to access the NetControl::ShuntInfo record as it is sent on to the logging framework.

Hooks

NetControl::log_policy_shunt
Type

Log::PolicyHook

Functions

NetControl::shunt_flow
Type

function (f: flow_id, t: interval, location: string &default = "" &optional) : string

Stops forwarding a uni-directional flow’s packets to Zeek.

Parameters
  • f – The flow to shunt.

  • t – How long to leave the shunt in place, with 0 being indefinitely.

  • location – An optional string describing where the shunt was triggered.

Returns

The id of the inserted rule on success and zero on failure.