policy/frameworks/packet-filter/shunt.zeek
- PacketFilter
- Namespace
PacketFilter
- Imports
Summary
Redefinable Options
The maximum number of BPF based shunts that Zeek is allowed to perform. |
Redefinitions
|
Functions
Retrieve the currently shunted connections. |
|
Retrieve the currently shunted host pairs. |
|
Performs the same function as the |
|
Call this function to use BPF to shunt a connection (to prevent the data packets from reaching Zeek). |
|
This function will use a BPF expression to shunt traffic between the two hosts given in the conn_id so that the traffic is never exposed to Zeek’s traffic processing. |
|
Remove shunting for a host pair given as a conn_id. |
Detailed Interface
Redefinable Options
- PacketFilter::max_bpf_shunts
-
The maximum number of BPF based shunts that Zeek is allowed to perform.
Functions
- PacketFilter::current_shunted_conns
-
Retrieve the currently shunted connections.
- PacketFilter::current_shunted_host_pairs
-
Retrieve the currently shunted host pairs.
- PacketFilter::force_unshunt_host_pair
-
Performs the same function as the
PacketFilter::unshunt_host_pair
function, but it forces an immediate filter update.
- PacketFilter::shunt_conn
-
Call this function to use BPF to shunt a connection (to prevent the data packets from reaching Zeek). For TCP connections, control packets are still allowed through so that Zeek can continue logging the connection and it can stop shunting once the connection ends.
- PacketFilter::shunt_host_pair
-
This function will use a BPF expression to shunt traffic between the two hosts given in the conn_id so that the traffic is never exposed to Zeek’s traffic processing.
- PacketFilter::unshunt_host_pair
-
Remove shunting for a host pair given as a conn_id. The filter is not immediately removed. It waits for the occasional filter update done by the PacketFilter framework.