base/protocols/irc/dcc-send.zeek

IRC

File extraction and introspection for DCC transfers over IRC.

There is a major problem with this script in the cluster context because we might see A send B a message that a DCC connection is to be expected, but that connection will actually be between B and C which could be analyzed on a different worker.

Namespace:IRC
Imports:base/frameworks/cluster, base/protocols/conn/removal-hooks.zeek, base/protocols/irc/main.zeek, base/utils/files.zeek

Summary

Redefinitions

IRC::Info: record
New Fields:

IRC::Info

dcc_file_name: string &log &optional

DCC filename requested.

dcc_file_size: count &log &optional

Size of the DCC transfer as indicated by the sender.

dcc_mime_type: string &log &optional

Sniffed mime type of the file.

Hooks

IRC::finalize_irc_data: Conn::RemovalHook IRC DCC data finalization hook.

Detailed Interface

Hooks

IRC::finalize_irc_data
Type:Conn::RemovalHook

IRC DCC data finalization hook. Remaining expected IRC DCC state may be purged when it’s called.