base/protocols/socks/main.zeek

SOCKS
Namespace

SOCKS

Imports

base/frameworks/tunnels, base/protocols/conn/removal-hooks.zeek, base/protocols/socks/consts.zeek

Summary

Runtime Options

SOCKS::default_capture_password: bool &redef

Whether passwords are captured or not.

Types

SOCKS::Info: record

The record type which contains the fields of the SOCKS log.

Redefinitions

Log::ID: enum

connection: record

New Fields

connection

socks: SOCKS::Info &optional

likely_server_ports: set &redef

Events

SOCKS::log_socks: event

Event that can be handled to access the SOCKS record as it is sent on to the logging framework.

Hooks

SOCKS::finalize_socks: Conn::RemovalHook

SOCKS finalization hook.

SOCKS::log_policy: Log::PolicyHook

Detailed Interface

Runtime Options

SOCKS::default_capture_password
Type

bool

Attributes

&redef

Default

F

Whether passwords are captured or not.

Types

SOCKS::Info
Type

record

ts: time &log

Time when the proxy connection was first detected.

uid: string &log

Unique ID for the tunnel - may correspond to connection uid or be nonexistent.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

version: count &log

Protocol version of SOCKS.

user: string &log &optional

Username used to request a login to the proxy.

password: string &log &optional

Password used to request a login to the proxy.

status: string &log &optional

Server status for the attempt at using the proxy.

request: SOCKS::Address &log &optional

Client requested SOCKS address. Could be an address, a name or both.

request_p: port &log &optional

Client requested port.

bound: SOCKS::Address &log &optional

Server bound address. Could be an address, a name or both.

bound_p: port &log &optional

Server bound port.

capture_password: bool &default = SOCKS::default_capture_password &optional

Determines if the password will be captured for this request.

The record type which contains the fields of the SOCKS log.

Events

SOCKS::log_socks
Type

event (rec: SOCKS::Info)

Event that can be handled to access the SOCKS record as it is sent on to the logging framework.

Hooks

SOCKS::finalize_socks
Type

Conn::RemovalHook

SOCKS finalization hook. Remaining SOCKS info may get logged when it’s called.

SOCKS::log_policy
Type

Log::PolicyHook