base/protocols/socks/main.zeek¶
-
SOCKS
¶
Namespace: | SOCKS |
---|---|
Imports: | base/frameworks/tunnels, base/protocols/conn/removal-hooks.zeek, base/protocols/socks/consts.zeek |
Summary¶
Runtime Options¶
SOCKS::default_capture_password : bool &redef |
Whether passwords are captured or not. |
Types¶
SOCKS::Info : record |
The record type which contains the fields of the SOCKS log. |
Redefinitions¶
Log::ID : enum |
|||
connection : record |
|
||
likely_server_ports : set &redef |
Events¶
SOCKS::log_socks : event |
Event that can be handled to access the SOCKS record as it is sent on to the logging framework. |
Hooks¶
SOCKS::finalize_socks : Conn::RemovalHook |
SOCKS finalization hook. |
SOCKS::log_policy : Log::PolicyHook |
Detailed Interface¶
Runtime Options¶
Types¶
-
SOCKS::Info
¶ Type: - ts:
time
&log
Time when the proxy connection was first detected.
- uid:
string
&log
Unique ID for the tunnel - may correspond to connection uid or be non-existent.
- id:
conn_id
&log
The connection’s 4-tuple of endpoint addresses/ports.
- version:
count
&log
Protocol version of SOCKS.
- user:
string
&log
&optional
Username used to request a login to the proxy.
- password:
string
&log
&optional
Password used to request a login to the proxy.
- status:
string
&log
&optional
Server status for the attempt at using the proxy.
- request:
SOCKS::Address
&log
&optional
Client requested SOCKS address. Could be an address, a name or both.
- request_p:
port
&log
&optional
Client requested port.
- bound:
SOCKS::Address
&log
&optional
Server bound address. Could be an address, a name or both.
- bound_p:
port
&log
&optional
Server bound port.
- capture_password:
bool
&default
=SOCKS::default_capture_password
&optional
Determines if the password will be captured for this request.
The record type which contains the fields of the SOCKS log.
- ts:
Events¶
-
SOCKS::log_socks
¶ Type: event
(rec:SOCKS::Info
)Event that can be handled to access the SOCKS record as it is sent on to the logging framework.
Hooks¶
-
SOCKS::finalize_socks
¶ Type: Conn::RemovalHook
SOCKS finalization hook. Remaining SOCKS info may get logged when it’s called.
-
SOCKS::log_policy
¶ Type: Log::PolicyHook