bpf_filter.py
Configuration objects built around Dynamite's optional BPF filtering script.
To import...
from dynamite_nsm.services.base.config_objects.zeek import bpf_filter as zeek_config_bpf_filter
BpfFilter
__init__(self, interface_name, pattern)
special
Represents a BPF filter applied to a single network interface.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
interface_name |
str |
The name of the network interface (E.G eth0, en0, mon0) |
required |
pattern |
str |
A valid BPF filter (E.G udp dst port not 53) |
required |
Source code in dynamite_nsm/services/base/config_objects/zeek/bpf_filter.py
def __init__(self, interface_name: str, pattern: str):
"""
Represents a BPF filter applied to a single network interface.
Args:
interface_name: The name of the network interface (E.G eth0, en0, mon0)
pattern: A valid BPF filter (E.G udp dst port not 53)
"""
self.interface = interface_name
self.pattern = pattern
get_raw(self)
Get the representation of the value as it would appear the config.
Returns:
Type | Description |
---|---|
str |
A line containing both the network interface and pattern associated with it. |
Source code in dynamite_nsm/services/base/config_objects/zeek/bpf_filter.py
def get_raw(self) -> str:
"""Get the representation of the value as it would appear the config.
Returns:
A line containing both the network interface and pattern associated with it.
"""
return f'{self.interface}\t{self.pattern}'
BpfFilters
__init__(self, bpf_filters=None)
special
A collection of BpfFilters
Parameters:
Name | Type | Description | Default |
---|---|---|---|
bpf_filters |
Optional[List[dynamite_nsm.services.base.config_objects.zeek.bpf_filter.BpfFilter]] |
A collection of BpfFilter objects |
None |
Source code in dynamite_nsm/services/base/config_objects/zeek/bpf_filter.py
def __init__(self, bpf_filters: Optional[List[BpfFilter]] = None):
"""A collection of BpfFilters
Args:
bpf_filters: A collection of BpfFilter objects
"""
super().__init__('interface', bpf_filters)
self.bpf_filters = self.items
self._idx = 0