base/utils/directions-and-hosts.zeek¶
- Imports
Summary¶
Functions¶
Checks whether a given host (IP address) matches a given host type. |
|
Checks whether a given connection is of a given direction with respect to the locally-monitored network. |
Detailed Interface¶
Types¶
-
Direction
¶ - Type
-
-
INBOUND
¶ The connection originator is not within the locally-monitored network, but the other endpoint is.
-
OUTBOUND
¶ The connection originator is within the locally-monitored network, but the other endpoint is not.
-
BIDIRECTIONAL
¶ Only one endpoint is within the locally-monitored network, meaning the connection is either outbound or inbound.
-
NO_DIRECTION
¶ This value doesn’t match any connection.
-
Functions¶
-
addr_matches_host
¶ -
Checks whether a given host (IP address) matches a given host type.
- Ip
address of a host.
- H
a host type.
- Returns
T if the given host matches the given type, else F.
-
id_matches_direction
¶ -
Checks whether a given connection is of a given direction with respect to the locally-monitored network.
- Id
a connection record containing the originator/responder hosts.
- D
a direction with respect to the locally-monitored network.
- Returns
T if the two connection endpoints match the given direction, else F.