base/bif/packet_analysis.bif.zeek

GLOBAL
PacketAnalyzer
Namespaces

GLOBAL, PacketAnalyzer

Summary

Functions

PacketAnalyzer::__disable_analyzer: function

Internal function to disable a packet analyzer.

PacketAnalyzer::__enable_analyzer: function

Internal function to enable a packet analyzer.

PacketAnalyzer::__set_ignore_checksums_nets: function

Internal function that is used to update the core-mirror of the script-level ignore_checksums_nets variable.

PacketAnalyzer::register_packet_analyzer: function

Add an entry to parent’s dispatcher that maps a protocol/index to a next-stage child analyzer.

PacketAnalyzer::register_protocol_detection: function

Registers a child analyzer with a parent analyzer to perform packet detection when determining whether to forward from parent to child.

PacketAnalyzer::try_register_packet_analyzer_by_name: function

Attempts to add an entry to parent’s dispatcher that maps a protocol/index to a next-stage child analyzer.

Detailed Interface

Functions

PacketAnalyzer::__disable_analyzer
Type

function (id: PacketAnalyzer::Tag) : bool

Internal function to disable a packet analyzer.

PacketAnalyzer::__enable_analyzer
Type

function (id: PacketAnalyzer::Tag) : bool

Internal function to enable a packet analyzer.

PacketAnalyzer::__set_ignore_checksums_nets
Type

function (v: subnet_set) : bool

Internal function that is used to update the core-mirror of the script-level ignore_checksums_nets variable.

PacketAnalyzer::register_packet_analyzer
Type

function (parent: PacketAnalyzer::Tag, identifier: count, child: PacketAnalyzer::Tag) : bool

Add an entry to parent’s dispatcher that maps a protocol/index to a next-stage child analyzer.

Parameters

  • parent – The parent analyzer being modified

  • identifier – The identifier for the protocol being registered

  • child – The analyzer that will be called for the identifier

PacketAnalyzer::register_protocol_detection
Type

function (parent: PacketAnalyzer::Tag, child: PacketAnalyzer::Tag) : bool

Registers a child analyzer with a parent analyzer to perform packet detection when determining whether to forward from parent to child.

Parameters

  • parent – The parent analyzer being modified

  • child – The analyzer that will use protocol detection

PacketAnalyzer::try_register_packet_analyzer_by_name
Type

function (parent: string, identifier: count, child: string) : bool

Attempts to add an entry to parent’s dispatcher that maps a protocol/index to a next-stage child analyzer. This may fail if either of the two names does not respond to a known analyzer.

Parameters

  • parent – The parent analyzer being modified

  • identifier – The identifier for the protocol being registered

  • child – The analyzer that will be called for the identifier