base/frameworks/packet-filter/utils.zeek

PacketFilter

Namespace:PacketFilter

Summary

Functions

PacketFilter::combine_filters: function	Combines two valid BPF filter strings with a string based operator to form a new filter.
PacketFilter::port_to_bpf: function	Takes a port and returns a BPF expression which will match the port.
PacketFilter::sampling_filter: function	Create a BPF filter to sample IPv4 and IPv6 traffic.

Detailed Interface

Functions

PacketFilter::combine_filters

Type:function (lfilter: string, op: string, rfilter: string) : string

Combines two valid BPF filter strings with a string based operator to form a new filter.

Lfilter:Filter which will go on the left side. Op:Operation being applied (typically “or” or “and”). Rfilter:Filter which will go on the right side. Returns:A new string representing the two filters combined with the operator. Either filter being an empty string will still result in a valid filter.

PacketFilter::port_to_bpf

Type:function (p: port) : string

Takes a port and returns a BPF expression which will match the port.

P:The port. Returns:A valid BPF filter string for matching the port.

PacketFilter::sampling_filter

Type:function (num_parts: count, this_part: count) : string

Create a BPF filter to sample IPv4 and IPv6 traffic.

Num_parts:The number of parts the traffic should be split into. This_part:The part of the traffic this filter will accept (0-based).