acld.zeek¶

NetControl¶

Acld plugin for the netcontrol framework.

Namespace: NetControl
Imports: base/frameworks/broker, base/frameworks/netcontrol/main.zeek, base/frameworks/netcontrol/plugin.zeek

Summary¶

Types¶

`NetControl::AclRule`: `record`
`NetControl::AcldConfig`: `record`

Redefinitions¶

NetControl::PluginState: record

New Fields

NetControl::PluginState

acld_config: NetControl::AcldConfig &optional

acld_id: count &optional: The ID of this acld instance - for the mapping to PluginStates.

Events¶

`NetControl::acld_add_rule`: `event`	Events that are sent from us to Broker.
`NetControl::acld_remove_rule`: `event`
`NetControl::acld_rule_added`: `event`	Events that are sent from Broker to us.
`NetControl::acld_rule_error`: `event`
`NetControl::acld_rule_exists`: `event`
`NetControl::acld_rule_removed`: `event`

Hooks¶

NetControl::acld_rule_policy: hook

Hook that is called after a rule is converted to an acld rule.

Functions¶

NetControl::create_acld: function

Instantiates the acld plugin.

Detailed Interface¶

Types¶

NetControl::AclRule¶

Type

record

command: string

cookie: count

arg: string

comment: string &optional

NetControl::AcldConfig¶

Type

record

acld_topic: string

The acld topic to send events to.

acld_host: addr

Broker host to connect to.

acld_port: port

Broker port to connect to.

monitor: bool &default = F &optional

Do we accept rules for the monitor path? Default false.

forward: bool &default = T &optional

Do we accept rules for the forward path? Default true.

check_pred: function (p: NetControl::PluginState, r: NetControl::Rule)bool &optional

Predicate that is called on rule insertion or removal.

p: Current plugin state.
r: The rule to be inserted or removed.
returns: T if the rule can be handled by the current backend, F otherwise.

Events¶

NetControl::acld_add_rule¶

Type: event (id: count, r: NetControl::Rule, ar: NetControl::AclRule)

Events that are sent from us to Broker.

NetControl::acld_remove_rule¶

Type: event (id: count, r: NetControl::Rule, ar: NetControl::AclRule)

NetControl::acld_rule_added¶

Type: event (id: count, r: NetControl::Rule, msg: string)

Events that are sent from Broker to us.

NetControl::acld_rule_error¶

Type: event (id: count, r: NetControl::Rule, msg: string)

NetControl::acld_rule_exists¶

Type: event (id: count, r: NetControl::Rule, msg: string)

NetControl::acld_rule_removed¶

Type: event (id: count, r: NetControl::Rule, msg: string)

Hooks¶

NetControl::acld_rule_policy¶

Type: hook (p: NetControl::PluginState, r: NetControl::Rule, ar: NetControl::AclRule) : bool

Hook that is called after a rule is converted to an acld rule. The hook may modify the rule before it is sent to acld. Setting the acld command to F will cause the rule to be rejected by the plugin.

P: Current plugin state.
R: The rule to be inserted or removed.
Ar: The acld rule to be inserted or removed.

Functions¶

NetControl::create_acld¶

Type: function (config: NetControl::AcldConfig) : NetControl::PluginState

Instantiates the acld plugin.