base/protocols/sip/main.zeek
- SIP
Implements base functionality for SIP analysis. The logging model is to log request/response pairs and all relevant metadata together in a single record.
- Namespace:
SIP
- Imports:
base/protocols/conn/removal-hooks.zeek, base/utils/files.zeek, base/utils/numbers.zeek
Summary
Runtime Options
A list of SIP methods. |
Types
The record type which contains the fields of the SIP log. |
|
Redefinitions
|
|
Events
Event that can be handled to access the SIP record as it is sent on to the logging framework. |
Hooks
SIP finalization hook. |
|
Detailed Interface
Runtime Options
- SIP::sip_methods
- Type:
- Attributes:
- Default:
{ "BYE", "SUBSCRIBE", "NOTIFY", "REGISTER", "INVITE", "CANCEL", "OPTIONS", "ACK" }
A list of SIP methods. Other methods will generate a weird. Note that the SIP analyzer will only accept methods consisting solely of letters
[A-Za-z]
.
Types
- SIP::Info
- Type:
- Fields:
-
-
trans_depth:
count
&log
Represents the pipelined depth into the connection of this request/response transaction.
-
request_from:
string
&log
&optional
Contents of the request From: header Note: The tag= value that’s usually appended to the sender is stripped off and not logged.
-
response_from:
string
&log
&optional
Contents of the response From: header Note: The
tag=
value that’s usually appended to the sender is stripped off and not logged.
-
request_path:
vector
ofstring
&log
&optional
The client message transmission path, as extracted from the headers.
-
trans_depth:
The record type which contains the fields of the SIP log.
Events
- SIP::log_sip
-
Event that can be handled to access the SIP record as it is sent on to the logging framework.
Hooks
- SIP::finalize_sip
- Type:
SIP finalization hook. Remaining SIP info may get logged when it’s called.