/
conn-ids.zeek
38 lines (31 loc) · 1.13 KB
/
conn-ids.zeek
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
##! Simple functions for generating ASCII strings from connection IDs.
module GLOBAL;
export {
## Takes a conn_id record and returns a string representation with the
## general data flow appearing to be from the connection originator
## on the left to the responder on the right.
global id_string: function(id: conn_id): string;
## Takes a conn_id record and returns a string representation with the
## general data flow appearing to be from the connection responder
## on the right to the originator on the left.
global reverse_id_string: function(id: conn_id): string;
## Calls :zeek:id:`id_string` or :zeek:id:`reverse_id_string` if the
## second argument is T or F, respectively.
global directed_id_string: function(id: conn_id, is_orig: bool): string;
}
function id_string(id: conn_id): string
{
return fmt("%s:%d > %s:%d",
id$orig_h, id$orig_p,
id$resp_h, id$resp_p);
}
function reverse_id_string(id: conn_id): string
{
return fmt("%s:%d < %s:%d",
id$orig_h, id$orig_p,
id$resp_h, id$resp_p);
}
function directed_id_string(id: conn_id, is_orig: bool): string
{
return is_orig ? id_string(id) : reverse_id_string(id);
}