NetControl
Namespace¶
Namespace: NetControl
.
- class zlogging.enum.net_control.InfoCategory(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]
Bases:
IntFlag
Enum:
NetControl::InfoCategory
.Type of an entry in the NetControl log.
See also
- MESSAGE = 1
A log entry reflecting a framework message.
- ERROR = 2
A log entry reflecting a framework message.
- RULE = 4
A log entry about a rule.
- static _generate_next_value_(name, start, count, last_values)
Generate the next value when not given.
name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None
- class zlogging.enum.net_control.InfoState(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]
Bases:
IntFlag
Enum:
NetControl::InfoState
.State of an entry in the NetControl log.
See also
- REQUESTED = 1
The request to add/remove a rule was sent to the respective backend.
- SUCCEEDED = 2
A rule was successfully added by a backend.
- EXISTS = 4
A backend reported that a rule was already existing.
- FAILED = 8
A rule addition failed.
- REMOVED = 16
A rule was successfully removed by a backend.
- TIMEOUT = 32
A rule timeout was triggered by the NetControl framework or a backend.
- static _generate_next_value_(name, start, count, last_values)
Generate the next value when not given.
name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None
- class zlogging.enum.net_control.EntityType(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]
Bases:
IntFlag
Enum:
NetControl::EntityType
.Type defining the entity that a rule applies to.
- ADDRESS = 1
Activity involving a specific IP address.
- CONNECTION = 2
Activity involving all of a bi-directional connection’s activity.
- FLOW = 4
Activity involving a uni-directional flow’s activity. Can contain wildcards.
- MAC = 8
Activity involving a MAC address.
- static _generate_next_value_(name, start, count, last_values)
Generate the next value when not given.
name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None
- class zlogging.enum.net_control.RuleType(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]
Bases:
IntFlag
Enum:
NetControl::RuleType
.Type of rules that the framework supports. Each type lists the extra
NetControl::Rule
fields it uses, if any.Plugins may extend this type to define their own.
- DROP = 1
Stop forwarding all packets matching the entity. No additional arguments.
- MODIFY = 2
Modify all packets matching entity. The packets will be modified according to the mod entry of the rule.
- REDIRECT = 4
Redirect all packets matching entity to a different switch port, given in the out_port argument of the rule.
- WHITELIST = 8
Whitelists all packets of an entity, meaning no restrictions will be applied. While whitelisting is the default if no rule matches, this type can be used to override lower-priority rules that would otherwise take effect for the entity.
- static _generate_next_value_(name, start, count, last_values)
Generate the next value when not given.
name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None
- class zlogging.enum.net_control.TargetType(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]
Bases:
IntFlag
Enum:
NetControl::TargetType
.Type defining the target of a rule.
Rules can either be applied to the forward path, affecting all network traffic, or on the monitor path, only affecting the traffic that is sent to Zeek. The second is mostly used for shunting, which allows Zeek to tell the networking hardware that it wants to no longer see traffic that it identified as benign.
- FORWARD = 1
- MONITOR = 2
- static _generate_next_value_(name, start, count, last_values)
Generate the next value when not given.
name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None
- class zlogging.enum.net_control.CatchReleaseActions(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]
Bases:
IntFlag
Enum:
NetControl::CatchReleaseActions
.The enum that contains the different kinds of messages that are logged by catch and release.
- INFO = 1
Log lines marked with info are purely informational; no action was taken.
- ADDED = 2
A rule for the specified IP address already existed in NetControl (outside of catch-and-release). Catch and release did not add a new rule, but is now watching the IP address and will add a new rule after the current rule expires.
- DROP_REQUESTED = 4
A drop was requested by catch and release.
- DROPPED = 8
An address was successfully blocked by catch and release.
- UNBLOCK = 16
An address was unblocked after the timeout expired.
- FORGOTTEN = 32
An address was forgotten because it did not reappear within the watch_until interval.
- SEEN_AGAIN = 64
A watched IP address was seen again; catch and release will re-block it.
- static _generate_next_value_(name, start, count, last_values)
Generate the next value when not given.
name: the name of the member start: the initial start value or None count: the number of existing members last_values: the last value assigned or None