Updates for the SOCKS analyzer.

- Now supports SOCKSv5 in the analyzer and the DPD sigs. - Reworked the core events. - Tests. - A SOCKS log!
2025-10-17 14:08:20 +00:00 · 2012-06-20 13:58:25 -04:00 · 2012-06-20 13:58:25 -04:00 · 896f252a31
commit 896f252a31
parent c30c0d5ff2
16 changed files with 411 additions and 47 deletions
--- a/testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log
+++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log
@ -0,0 +1,8 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	socks
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	user	status	req_h	req_name	req_p	bound_h	bound_name	bound_p
+#types	time	string	addr	port	addr	port	count	string	string	addr	string	port	addr	string	port
+1340113261.914619	UWkUyAuUGXf	10.0.0.50	59580	85.194.84.197	1080	5	-	succeeded	-	www.google.com	443	0.0.0.0	-	443
--- a/testing/btest/Baseline/scripts.base.protocols.socks.trace2/tunnel.log
+++ b/testing/btest/Baseline/scripts.base.protocols.socks.trace2/tunnel.log
@ -0,0 +1,8 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	tunnel
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
+#types	time	string	addr	port	addr	port	enum	enum
+1340113261.914619	-	10.0.0.50	0	85.194.84.197	1080	Tunnel::SOCKS	Tunnel::DISCOVER