base/frameworks/netcontrol/drop.zeek

NetControl

Implementation of the drop functionality for NetControl.

Namespace:: NetControl
Imports:: base/frameworks/netcontrol/main.zeek

Summary

Types

NetControl::DropInfo: record

Redefinitions

Log::ID: enum

NetControl::DROP_LOG

Events

NetControl::log_netcontrol_drop: event

Event that can be handled to access the NetControl::ShuntInfo record as it is sent on to the logging framework.

Hooks

`NetControl::drop_rule_policy`: `hook`	Hook that allows the modification of rules passed to drop_* before they are passed on.
`NetControl::log_policy_drop`: `Log::PolicyHook`

Functions

`NetControl::drop_address`: `function`	Stops all packets involving an IP address from being forwarded.
`NetControl::drop_connection`: `function`	Stops all packets involving a connection address from being forwarded.

Detailed Interface

Types

NetControl::DropInfo 

Type:

Fields:

ts: time &log: Time at which the recorded activity occurred.

rule_id: string &log: ID of the rule; unique during each Zeek run.

orig_h: addr &log: The originator’s IP address.

orig_p: port &log &optional: The originator’s port number.

resp_h: addr &log &optional: The responder’s IP address.

resp_p: port &log &optional: The responder’s port number.

expire: interval &log: Expiry time of the shunt.

location: string &log &optional: Location where the underlying action was triggered.

Events

NetControl::log_netcontrol_drop 

Type:: event (rec: NetControl::DropInfo)

Event that can be handled to access the NetControl::ShuntInfo record as it is sent on to the logging framework.

Hooks

NetControl::drop_rule_policy 

Type:: hook (r: NetControl::Rule) : bool

Hook that allows the modification of rules passed to drop_* before they are passed on. If one of the hooks uses break, the rule is ignored.

Parameters:: r – The rule to be added.

NetControl::log_policy_drop 

Type:: Log::PolicyHook

Functions

NetControl::drop_address 

Type:: function (a: addr, t: interval, location: string &default = "" &optional) : string

Stops all packets involving an IP address from being forwarded.

Parameters:

a – The address to be dropped.
t – How long to drop it, with 0 being indefinitely.
location – An optional string describing where the drop was triggered.

Returns:

The id of the inserted rule on success and zero on failure.

NetControl::drop_connection 

Type:: function (c: conn_id, t: interval, location: string &default = "" &optional) : string

Stops all packets involving a connection address from being forwarded.

Parameters:

c – The connection to be dropped.
t – How long to drop it, with 0 being indefinitely.
location – An optional string describing where the drop was triggered.

Returns:

The id of the inserted rule on success and zero on failure.