base/frameworks/packet-filter/utils.zeek

PacketFilter

Namespace: PacketFilter

Summary

Functions

`PacketFilter::combine_filters`: `function`	Combines two valid BPF filter strings with a string based operator to form a new filter.
`PacketFilter::port_to_bpf`: `function`	Takes a `port` and returns a BPF expression which will match the port.
`PacketFilter::sampling_filter`: `function`	Create a BPF filter to sample IPv4 and IPv6 traffic.

Detailed Interface

Functions

PacketFilter::combine_filters 

Type: function (lfilter: string, op: string, rfilter: string) : string

Combines two valid BPF filter strings with a string based operator to form a new filter.

Parameters

lfilter – Filter which will go on the left side.
op – Operation being applied (typically “or” or “and”).
rfilter – Filter which will go on the right side.

Returns

A new string representing the two filters combined with the operator. Either filter being an empty string will still result in a valid filter.

PacketFilter::port_to_bpf 

Type: function (p: port) : string

Takes a port and returns a BPF expression which will match the port.

Parameters: p – The port.
Returns: A valid BPF filter string for matching the port.

PacketFilter::sampling_filter 

Type: function (num_parts: count, this_part: count) : string

Create a BPF filter to sample IPv4 and IPv6 traffic.

Parameters

num_parts – The number of parts the traffic should be split into.
this_part – The part of the traffic this filter will accept (0-based).

Read the Docs v: master (git/master)

Versions: master; v6.0.1; v6.0.0; v5.2.2; v5.2.0; v5.1.3; v5.1.2; v5.1.1; v5.1.0; v5.0.10; v5.0.9; v5.0.8; v5.0.7; v5.0.6; v5.0.5; v5.0.4; v5.0.3; v5.0.2; v5.0.1; v5.0.0; v4.2.2; v4.1.1; v4.0.9; v3.2.3; v3.1.4; v3.0.14; lts; current

Downloads: html

On Read the Docs: Project Home; Builds