packet_analysis.bif.zeek

GLOBAL

PacketAnalyzer

Namespaces: GLOBAL, PacketAnalyzer

Summary

Functions

`PacketAnalyzer::__disable_analyzer`: `function`	Internal function to disable a packet analyzer.
`PacketAnalyzer::__enable_analyzer`: `function`	Internal function to enable a packet analyzer.
`PacketAnalyzer::__set_ignore_checksums_nets`: `function`	Internal function that is used to update the core-mirror of the script-level ignore_checksums_nets variable.
`PacketAnalyzer::register_packet_analyzer`: `function`	Add an entry to parent’s dispatcher that maps a protocol/index to a next-stage child analyzer.
`PacketAnalyzer::register_protocol_detection`: `function`	Registers a child analyzer with a parent analyzer to perform packet detection when determining whether to forward from parent to child.
`PacketAnalyzer::try_register_packet_analyzer_by_name`: `function`	Attempts to add an entry to parent’s dispatcher that maps a protocol/index to a next-stage child analyzer.

Detailed Interface

Functions

PacketAnalyzer::__disable_analyzer

Type: function (id: PacketAnalyzer::Tag) : bool

Internal function to disable a packet analyzer.

PacketAnalyzer::__enable_analyzer

Type: function (id: PacketAnalyzer::Tag) : bool

Internal function to enable a packet analyzer.

PacketAnalyzer::__set_ignore_checksums_nets

Type: function (v: subnet_set) : bool

Internal function that is used to update the core-mirror of the script-level ignore_checksums_nets variable.

PacketAnalyzer::register_packet_analyzer

Type: function (parent: PacketAnalyzer::Tag, identifier: count, child: PacketAnalyzer::Tag) : bool

Add an entry to parent’s dispatcher that maps a protocol/index to a next-stage child analyzer.

Parameters

parent – The parent analyzer being modified
identifier – The identifier for the protocol being registered
child – The analyzer that will be called for the identifier

PacketAnalyzer::register_protocol_detection

Type: function (parent: PacketAnalyzer::Tag, child: PacketAnalyzer::Tag) : bool

Registers a child analyzer with a parent analyzer to perform packet detection when determining whether to forward from parent to child.

Parameters

parent – The parent analyzer being modified
child – The analyzer that will use protocol detection

PacketAnalyzer::try_register_packet_analyzer_by_name

Type: function (parent: string, identifier: count, child: string) : bool

Attempts to add an entry to parent’s dispatcher that maps a protocol/index to a next-stage child analyzer. This may fail if either of the two names does not respond to a known analyzer.

Parameters

parent – The parent analyzer being modified
identifier – The identifier for the protocol being registered
child – The analyzer that will be called for the identifier