base/frameworks/packet-filter/utils.zeek

PacketFilter

Namespace

PacketFilter

Summary

Functions

PacketFilter::combine_filters: function	Combines two valid BPF filter strings with a string based operator to form a new filter.
PacketFilter::port_to_bpf: function	Takes a port and returns a BPF expression which will match the port.
PacketFilter::sampling_filter: function	Create a BPF filter to sample IPv4 and IPv6 traffic.

Detailed Interface

Functions

PacketFilter::combine_filters

Type

function (lfilter: string, op: string, rfilter: string) : string

Combines two valid BPF filter strings with a string based operator to form a new filter.

Lfilter

Filter which will go on the left side.

Op

Operation being applied (typically “or” or “and”).

Rfilter

Filter which will go on the right side.

Returns

A new string representing the two filters combined with the operator. Either filter being an empty string will still result in a valid filter.

PacketFilter::port_to_bpf

Type

function (p: port) : string

Takes a port and returns a BPF expression which will match the port.

P

The port.

Returns

A valid BPF filter string for matching the port.

PacketFilter::sampling_filter

Type

function (num_parts: count, this_part: count) : string

Create a BPF filter to sample IPv4 and IPv6 traffic.

Num_parts

The number of parts the traffic should be split into.

This_part

The part of the traffic this filter will accept (0-based).