class ofp_flow_mod_command(enum.IntFlag):
"""Enum: ``OpenFlow::ofp_flow_mod_command``.
Openflow flow_mod_command definitions.
The openflow flow_mod_command describes of what kind an action is.
See Also:
`base/frameworks/openflow/consts.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/openflow/consts.zeek.html#type-OpenFlow::ofp_flow_mod_command>`__
"""
_ignore_ = 'ofp_flow_mod_command _'
ofp_flow_mod_command = vars()
#: New flow.
ofp_flow_mod_command['OFPFC_ADD'] = enum.auto()
#: Modify all matching flows.
ofp_flow_mod_command['OFPFC_MODIFY'] = enum.auto()
#: Modify entry strictly matching wildcards.
ofp_flow_mod_command['OFPFC_MODIFY_STRICT'] = enum.auto()
#: Delete all matching flows.
ofp_flow_mod_command['OFPFC_DELETE'] = enum.auto()
#: Strictly matching wildcards and priority.
ofp_flow_mod_command['OFPFC_DELETE_STRICT'] = enum.auto()
class SimpleEnum(enum.IntFlag):
"""Documentation for the “SimpleEnum” type goes here.
It can span multiple lines.
c.f. `zeekygen/example.zeek <https://docs.zeek.org/en/stable/scripts/zeekygen/example.zeek.html#type-ZeekygenExample::SimpleEnum>`__
"""
_ignore_ = 'SimpleEnum _'
SimpleEnum = vars()
#: Documentation for particular enum values is added like this.
#: And can also span multiple lines.
SimpleEnum['ONE'] = enum.auto()
#: Or this style is valid to document the preceding enum value.
SimpleEnum['TWO'] = enum.auto()
SimpleEnum['THREE'] = enum.auto()
#: And some documentation for “FOUR”.
SimpleEnum['FOUR'] = enum.auto()
#: Also “FIVE”.
SimpleEnum['FIVE'] = enum.auto()
class Tags(enum.IntFlag):
"""Indicate a type of attack or compromise in the record to be logged.
c.f. `base/protocols/http/main.zeek <https://docs.zeek.org/en/stable/scripts/base/protocols/http/main.zeek.html#type-HTTP::Tags>`__
"""
_ignore_ = 'Tags _'
Tags = vars()
#: Placeholder.
Tags['EMPTY'] = enum.auto()
#: (present if policy/protocols/http/detect-sqli.zeek is loaded)
#: Indicator of a URI based SQL injection attack.
Tags['URI_SQLI'] = enum.auto()
#: (present if policy/protocols/http/detect-sqli.zeek is loaded)
#: Indicator of client body based SQL injection attack. This is
#: typically the body content of a POST request. Not implemented
#: yet.
Tags['POST_SQLI'] = enum.auto()
#: (present if policy/protocols/http/detect-sqli.zeek is loaded)
#: Indicator of a cookie based SQL injection attack. Not
#: implemented yet.
Tags['COOKIE_SQLI'] = enum.auto()
class pkt_profile_modes(enum.IntFlag):
"""Enum: ``pkt_profile_modes``.
Output modes for packet profiling information.
See also: ``pkt_profile_mode``, ``pkt_profile_freq``, ``pkt_profile_file``.
See Also:
`base/init-bare.zeek <https://docs.zeek.org/en/stable/scripts/base/init-bare.zeek.html#type-pkt_profile_modes>`__
"""
_ignore_ = 'pkt_profile_modes _'
pkt_profile_modes = vars()
#: No output.
pkt_profile_modes['PKT_PROFILE_MODE_NONE'] = enum.auto()
#: Output every pkt\_profile\_freq seconds.
pkt_profile_modes['PKT_PROFILE_MODE_SECS'] = enum.auto()
#: Output every pkt\_profile\_freq packets.
pkt_profile_modes['PKT_PROFILE_MODE_PKTS'] = enum.auto()
#: Output every pkt\_profile\_freq bytes.
pkt_profile_modes['PKT_PROFILE_MODE_BYTES'] = enum.auto()
class transport_proto(enum.IntFlag):
"""Enum: ``transport_proto``.
A connection’s transport-layer protocol. Note that Zeek uses the term “connection” broadly, using
flow semantics for ICMP and UDP.
See Also:
`base/init-bare.zeek <https://docs.zeek.org/en/stable/scripts/base/init-bare.zeek.html#type-transport_proto>`__
"""
_ignore_ = 'transport_proto _'
transport_proto = vars()
#: An unknown transport-layer protocol.
transport_proto['unknown_transport'] = enum.auto()
#: TCP.
transport_proto['tcp'] = enum.auto()
#: UDP.
transport_proto['udp'] = enum.auto()
#: ICMP.
transport_proto['icmp'] = enum.auto()
class TimestampFormat(enum.IntFlag):
"""Enum: ``JSON::TimestampFormat``.
See Also:
`base/init-bare.zeek <https://docs.zeek.org/en/stable/scripts/base/init-bare.zeek.html#type-JSON::TimestampFormat>`__
"""
_ignore_ = 'TimestampFormat _'
TimestampFormat = vars()
#: Timestamps will be formatted as UNIX epoch doubles. This is
#: the format that Zeek typically writes out timestamps.
TimestampFormat['TS_EPOCH'] = enum.auto()
#: Timestamps will be formatted as unsigned integers that
#: represent the number of milliseconds since the UNIX
#: epoch.
TimestampFormat['TS_MILLIS'] = enum.auto()
#: Timestamps will be formatted in the ISO8601 DateTime format.
#: Subseconds are also included which isn’t actually part of the
#: standard but most consumers that parse ISO8601 seem to be able
#: to cope with that.
TimestampFormat['TS_ISO8601'] = enum.auto()
class Direction(enum.IntFlag):
"""Enum: ``Direction``.
See Also:
`base/utils/directions-and-hosts.zeek <https://docs.zeek.org/en/stable/scripts/base/utils/directions-and-hosts.zeek.html#type-Direction>`__
"""
_ignore_ = 'Direction _'
Direction = vars()
#: The connection originator is not within the locally-monitored
#: network, but the other endpoint is.
Direction['INBOUND'] = enum.auto()
#: The connection originator is within the locally-monitored network,
#: but the other endpoint is not.
Direction['OUTBOUND'] = enum.auto()
#: Only one endpoint is within the locally-monitored network, meaning
#: the connection is either outbound or inbound.
Direction['BIDIRECTIONAL'] = enum.auto()
#: This value doesn’t match any connection.
Direction['NO_DIRECTION'] = enum.auto()
class rpc_status(enum.IntFlag):
"""Enum: ``rpc_status``.
See Also:
`base/bif/types.bif.zeek <https://docs.zeek.org/en/stable/scripts/base/bif/types.bif.zeek.html#type-rpc_status>`__
"""
_ignore_ = 'rpc_status _'
rpc_status = vars()
rpc_status['RPC_SUCCESS'] = enum.auto()
rpc_status['RPC_PROG_UNAVAIL'] = enum.auto()
rpc_status['RPC_PROG_MISMATCH'] = enum.auto()
rpc_status['RPC_PROC_UNAVAIL'] = enum.auto()
rpc_status['RPC_GARBAGE_ARGS'] = enum.auto()
rpc_status['RPC_SYSTEM_ERR'] = enum.auto()
rpc_status['RPC_TIMEOUT'] = enum.auto()
rpc_status['RPC_VERS_MISMATCH'] = enum.auto()
rpc_status['RPC_AUTH_ERROR'] = enum.auto()
rpc_status['RPC_UNKNOWN_ERROR'] = enum.auto()
class ofp_config_flags(enum.IntFlag):
"""Enum: ``OpenFlow::ofp_config_flags``.
Openflow config flag definitions.
TODO: describe.
See Also:
`base/frameworks/openflow/consts.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/openflow/consts.zeek.html#type-OpenFlow::ofp_config_flags>`__
"""
_ignore_ = 'ofp_config_flags _'
ofp_config_flags = vars()
#: No special handling for fragments.
ofp_config_flags['OFPC_FRAG_NORMAL'] = enum.auto()
#: Drop fragments.
ofp_config_flags['OFPC_FRAG_DROP'] = enum.auto()
#: Reassemble (only if OFPC\_IP\_REASM set).
ofp_config_flags['OFPC_FRAG_REASM'] = enum.auto()
ofp_config_flags['OFPC_FRAG_MASK'] = enum.auto()
class RuleType(enum.IntFlag):
"""Type of rules that the framework supports. Each type lists the extra
NetControl::Rule fields it uses, if any.
Plugins may extend this type to define their own.
c.f. `base/frameworks/netcontrol/types.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/netcontrol/types.zeek.html#type-NetControl::RuleType>`__
"""
_ignore_ = 'RuleType _'
RuleType = vars()
#: Stop forwarding all packets matching the entity.
#: No additional arguments.
RuleType['DROP'] = enum.auto()
#: Modify all packets matching entity. The packets
#: will be modified according to the mod entry of
#: the rule.
RuleType['MODIFY'] = enum.auto()
#: Redirect all packets matching entity to a different switch port,
#: given in the out\_port argument of the rule.
RuleType['REDIRECT'] = enum.auto()
#: Whitelists all packets of an entity, meaning no restrictions will be applied.
#: While whitelisting is the default if no rule matches, this type can be
#: used to override lower-priority rules that would otherwise take effect for the
#: entity.
RuleType['WHITELIST'] = enum.auto()
class SubUnsub(enum.IntFlag):
"""c.f. `policy/protocols/mqtt/main.zeek <https://docs.zeek.org/en/stable/scripts/policy/protocols/mqtt/main.zeek.html#type-MQTT::SubUnsub>`__"""
_ignore_ = 'SubUnsub _'
SubUnsub = vars()
SubUnsub['SUBSCRIBE'] = enum.auto()
SubUnsub['UNSUBSCRIBE'] = enum.auto()
class link_encap(enum.IntFlag):
"""c.f. `base/bif/types.bif.zeek <https://docs.zeek.org/en/stable/scripts/base/bif/types.bif.zeek.html#type-link_encap>`__"""
_ignore_ = 'link_encap _'
link_encap = vars()
link_encap['LINK_ETHERNET'] = enum.auto()
link_encap['LINK_UNKNOWN'] = enum.auto()
class ModbusDeviceType(enum.IntFlag):
"""c.f. `policy/protocols/modbus/known-masters-slaves.zeek <https://docs.zeek.org/en/stable/scripts/policy/protocols/modbus/known-masters-slaves.zeek.html#type-Known::ModbusDeviceType>`__"""
_ignore_ = 'ModbusDeviceType _'
ModbusDeviceType = vars()
ModbusDeviceType['MODBUS_MASTER'] = enum.auto()
ModbusDeviceType['MODBUS_SLAVE'] = enum.auto()
class Type(enum.IntFlag):
"""Enum: ``Tunnel::Type``.
See Also:
`base/bif/types.bif.zeek <https://docs.zeek.org/en/stable/scripts/base/bif/types.bif.zeek.html#type-Tunnel::Type>`__
"""
_ignore_ = 'Type _'
Type = vars()
Type['NONE'] = enum.auto()
Type['IP'] = enum.auto()
Type['AYIYA'] = enum.auto()
Type['TEREDO'] = enum.auto()
Type['SOCKS'] = enum.auto()
Type['GTPv1'] = enum.auto()
Type['HTTP'] = enum.auto()
Type['GRE'] = enum.auto()
Type['VXLAN'] = enum.auto()
class stable_how_t(enum.IntFlag):
"""c.f. `base/bif/types.bif.zeek <https://docs.zeek.org/en/stable/scripts/base/bif/types.bif.zeek.html#type-NFS3::stable_how_t>`__"""
_ignore_ = 'stable_how_t _'
stable_how_t = vars()
stable_how_t['UNSTABLE'] = enum.auto()
stable_how_t['DATA_SYNC'] = enum.auto()
stable_how_t['FILE_SYNC'] = enum.auto()
class createmode_t(enum.IntFlag):
"""c.f. `base/bif/types.bif.zeek <https://docs.zeek.org/en/stable/scripts/base/bif/types.bif.zeek.html#type-NFS3::createmode_t>`__"""
_ignore_ = 'createmode_t _'
createmode_t = vars()
createmode_t['UNCHECKED'] = enum.auto()
createmode_t['GUARDED'] = enum.auto()
createmode_t['EXCLUSIVE'] = enum.auto()
class time_how_t(enum.IntFlag):
"""c.f. `base/bif/types.bif.zeek <https://docs.zeek.org/en/stable/scripts/base/bif/types.bif.zeek.html#type-NFS3::time_how_t>`__"""
_ignore_ = 'time_how_t _'
time_how_t = vars()
time_how_t['DONT_CHANGE'] = enum.auto()
time_how_t['SET_TO_SERVER_TIME'] = enum.auto()
time_how_t['SET_TO_CLIENT_TIME'] = enum.auto()
class RequestType(enum.IntFlag):
"""c.f. `base/protocols/socks/consts.zeek <https://docs.zeek.org/en/stable/scripts/base/protocols/socks/consts.zeek.html#type-SOCKS::RequestType>`__"""
_ignore_ = 'RequestType _'
RequestType = vars()
RequestType['CONNECTION'] = enum.auto()
RequestType['PORT'] = enum.auto()
RequestType['UDP_ASSOCIATE'] = enum.auto()
class Level(enum.IntFlag):
"""c.f. `base/bif/types.bif.zeek <https://docs.zeek.org/en/stable/scripts/base/bif/types.bif.zeek.html#type-Reporter::Level>`__"""
_ignore_ = 'Level _'
Level = vars()
Level['INFO'] = enum.auto()
Level['WARNING'] = enum.auto()
Level['ERROR'] = enum.auto()
class Writer(enum.IntFlag):
"""c.f. `base/frameworks/logging/main.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/logging/main.zeek.html#type-Log::Writer>`__"""
_ignore_ = 'Writer _'
Writer = vars()
Writer['WRITER_ASCII'] = enum.auto()
Writer['WRITER_NONE'] = enum.auto()
Writer['WRITER_SQLITE'] = enum.auto()
class auth_flavor_t(enum.IntFlag):
"""c.f. `base/bif/types.bif.zeek <https://docs.zeek.org/en/stable/scripts/base/bif/types.bif.zeek.html#type-MOUNT3::auth_flavor_t>`__"""
_ignore_ = 'auth_flavor_t _'
auth_flavor_t = vars()
auth_flavor_t['AUTH_NULL'] = enum.auto()
auth_flavor_t['AUTH_UNIX'] = enum.auto()
auth_flavor_t['AUTH_SHORT'] = enum.auto()
auth_flavor_t['AUTH_DES'] = enum.auto()
class QueryStatus(enum.IntFlag):
"""Whether a data store query could be completed or not.
c.f. `base/frameworks/broker/store.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/broker/store.zeek.html#type-Broker::QueryStatus>`__
"""
_ignore_ = 'QueryStatus _'
QueryStatus = vars()
QueryStatus['SUCCESS'] = enum.auto()
QueryStatus['FAILURE'] = enum.auto()
class layer3_proto(enum.IntFlag):
"""c.f. `base/bif/types.bif.zeek <https://docs.zeek.org/en/stable/scripts/base/bif/types.bif.zeek.html#type-layer3_proto>`__"""
_ignore_ = 'layer3_proto _'
layer3_proto = vars()
layer3_proto['L3_IPV4'] = enum.auto()
layer3_proto['L3_IPV6'] = enum.auto()
layer3_proto['L3_ARP'] = enum.auto()
layer3_proto['L3_UNKNOWN'] = enum.auto()
class dir(enum.IntFlag):
"""c.f. `policy/frameworks/dpd/detect-protocols.zeek <https://docs.zeek.org/en/stable/scripts/policy/frameworks/dpd/detect-protocols.zeek.html#type-ProtocolDetector::dir>`__"""
_ignore_ = 'dir _'
dir = vars()
dir['NONE'] = enum.auto()
dir['INCOMING'] = enum.auto()
dir['OUTGOING'] = enum.auto()
dir['BOTH'] = enum.auto()
class IPAddrAnonymizationClass(enum.IntFlag):
"""See also: anonymize\_addr
c.f. `base/init-bare.zeek <https://docs.zeek.org/en/stable/scripts/base/init-bare.zeek.html#type-IPAddrAnonymizationClass>`__
"""
_ignore_ = 'IPAddrAnonymizationClass _'
IPAddrAnonymizationClass = vars()
IPAddrAnonymizationClass['ORIG_ADDR'] = enum.auto()
IPAddrAnonymizationClass['RESP_ADDR'] = enum.auto()
IPAddrAnonymizationClass['OTHER_ADDR'] = enum.auto()
class BackendType(enum.IntFlag):
"""Enumerates the possible storage backends.
c.f. `base/frameworks/broker/store.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/broker/store.zeek.html#type-Broker::BackendType>`__
"""
_ignore_ = 'BackendType _'
BackendType = vars()
BackendType['MEMORY'] = enum.auto()
BackendType['SQLITE'] = enum.auto()
BackendType['ROCKSDB'] = enum.auto()
class Type(enum.IntFlag):
"""The type of a Broker activity being logged.
c.f. `base/frameworks/broker/log.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/broker/log.zeek.html#type-Broker::Type>`__
"""
_ignore_ = 'Type _'
Type = vars()
#: An informational status update.
Type['STATUS'] = enum.auto()
#: An error situation.
Type['ERROR'] = enum.auto()
class Host(enum.IntFlag):
"""c.f. `base/utils/directions-and-hosts.zeek <https://docs.zeek.org/en/stable/scripts/base/utils/directions-and-hosts.zeek.html#type-Host>`__"""
_ignore_ = 'Host _'
Host = vars()
#: A host within the locally-monitored network.
Host['LOCAL_HOSTS'] = enum.auto()
#: A host not within the locally-monitored network.
Host['REMOTE_HOSTS'] = enum.auto()
#: Any host.
Host['ALL_HOSTS'] = enum.auto()
#: This value doesn’t match any host.
Host['NO_HOSTS'] = enum.auto()
class InfoCategory(enum.IntFlag):
"""Type of an entry in the NetControl log.
c.f. `base/frameworks/netcontrol/main.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/netcontrol/main.zeek.html#type-NetControl::InfoCategory>`__
"""
_ignore_ = 'InfoCategory _'
InfoCategory = vars()
#: A log entry reflecting a framework message.
InfoCategory['MESSAGE'] = enum.auto()
#: A log entry reflecting a framework message.
InfoCategory['ERROR'] = enum.auto()
#: A log entry about a rule.
InfoCategory['RULE'] = enum.auto()
class TargetType(enum.IntFlag):
"""Type defining the target of a rule.
Rules can either be applied to the forward path, affecting all network traffic, or
on the monitor path, only affecting the traffic that is sent to Zeek. The second
is mostly used for shunting, which allows Zeek to tell the networking hardware that
it wants to no longer see traffic that it identified as benign.
c.f. `base/frameworks/netcontrol/types.zeek <https://docs.zeek.org/en/stable/scripts/base/frameworks/netcontrol/types.zeek.html#type-NetControl::TargetType>`__
"""
_ignore_ = 'TargetType _'
TargetType = vars()
TargetType['FORWARD'] = enum.auto()
TargetType['MONITOR'] = enum.auto()
