Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Copy docs into Zeek repo directly

Browse source 
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.
This commit is contained in:
Tim Wojtulewicz 2025-09-15 15:52:18 -07:00
parent 83f1e74643
commit ded98cd373
1074 changed files with 169319 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/scripts/base/protocols/irc/__load__.zeek.rst Normal file
View file

@ -0,0 +1,14 @@
:tocdepth: 3
base/protocols/irc/__load__.zeek
================================
:Imports: :doc:`base/protocols/irc/dcc-send.zeek </scripts/base/protocols/irc/dcc-send.zeek>`, :doc:`base/protocols/irc/files.zeek </scripts/base/protocols/irc/files.zeek>`, :doc:`base/protocols/irc/main.zeek </scripts/base/protocols/irc/main.zeek>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

56
doc/scripts/base/protocols/irc/dcc-send.zeek.rst Normal file
View file

@ -0,0 +1,56 @@
:tocdepth: 3
base/protocols/irc/dcc-send.zeek
================================
.. zeek:namespace:: IRC
File extraction and introspection for DCC transfers over IRC.
There is a major problem with this script in the cluster context because
we might see A send B a message that a DCC connection is to be expected,
but that connection will actually be between B and C which could be
analyzed on a different worker.
:Namespace: IRC
:Imports: :doc:`base/frameworks/cluster </scripts/base/frameworks/cluster/index>`, :doc:`base/protocols/conn/removal-hooks.zeek </scripts/base/protocols/conn/removal-hooks.zeek>`, :doc:`base/protocols/irc/main.zeek </scripts/base/protocols/irc/main.zeek>`, :doc:`base/utils/files.zeek </scripts/base/utils/files.zeek>`
Summary
~~~~~~~
Redefinitions
#############
=========================================== =============================================================================
:zeek:type:`IRC::Info`: :zeek:type:`record`
:New Fields: :zeek:type:`IRC::Info`
dcc_file_name: :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
DCC filename requested.
dcc_file_size: :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional`
Size of the DCC transfer as indicated by the sender.
dcc_mime_type: :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
Sniffed mime type of the file.
=========================================== =============================================================================
Hooks
#####
================================================================= ===============================
:zeek:id:`IRC::finalize_irc_data`: :zeek:type:`Conn::RemovalHook` IRC DCC data finalization hook.
================================================================= ===============================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Hooks
#####
.. zeek:id:: IRC::finalize_irc_data
:source-code: base/protocols/irc/dcc-send.zeek 135 146
:Type: :zeek:type:`Conn::RemovalHook`
IRC DCC data finalization hook. Remaining expected IRC DCC state may be
purged when it's called.

47
doc/scripts/base/protocols/irc/files.zeek.rst Normal file
View file

@ -0,0 +1,47 @@
:tocdepth: 3
base/protocols/irc/files.zeek
=============================
.. zeek:namespace:: IRC
:Namespace: IRC
:Imports: :doc:`base/frameworks/files </scripts/base/frameworks/files/index>`, :doc:`base/protocols/irc/dcc-send.zeek </scripts/base/protocols/irc/dcc-send.zeek>`, :doc:`base/utils/conn-ids.zeek </scripts/base/utils/conn-ids.zeek>`
Summary
~~~~~~~
Redefinitions
#############
============================================================= ====================================================================
:zeek:type:`IRC::Info`: :zeek:type:`record`
:New Fields: :zeek:type:`IRC::Info`
fuid: :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
File unique ID.
:zeek:type:`fa_file`: :zeek:type:`record` :zeek:attr:`&redef`
:New Fields: :zeek:type:`fa_file`
irc: :zeek:type:`IRC::Info` :zeek:attr:`&optional`
============================================================= ====================================================================
Functions
#########
====================================================== =====================================
:zeek:id:`IRC::get_file_handle`: :zeek:type:`function` Default file handle provider for IRC.
====================================================== =====================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Functions
#########
.. zeek:id:: IRC::get_file_handle
:source-code: base/protocols/irc/files.zeek 21 24
:Type: :zeek:type:`function` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`) : :zeek:type:`string`
Default file handle provider for IRC.

29
doc/scripts/base/protocols/irc/index.rst Normal file
View file

@ -0,0 +1,29 @@
:orphan:
Package: base/protocols/irc
===========================
Support for Internet Relay Chat (IRC) protocol analysis.
:doc:`/scripts/base/protocols/irc/__load__.zeek`
:doc:`/scripts/base/protocols/irc/main.zeek`
Implements the core IRC analysis support. The logging model is to log
IRC commands along with the associated response and some additional
metadata about the connection if it's available.
:doc:`/scripts/base/protocols/irc/dcc-send.zeek`
File extraction and introspection for DCC transfers over IRC.
There is a major problem with this script in the cluster context because
we might see A send B a message that a DCC connection is to be expected,
but that connection will actually be between B and C which could be
analyzed on a different worker.
:doc:`/scripts/base/protocols/irc/files.zeek`

147
doc/scripts/base/protocols/irc/main.zeek.rst Normal file
View file

@ -0,0 +1,147 @@
:tocdepth: 3
base/protocols/irc/main.zeek
============================
.. zeek:namespace:: IRC
Implements the core IRC analysis support. The logging model is to log
IRC commands along with the associated response and some additional
metadata about the connection if it's available.
:Namespace: IRC
Summary
~~~~~~~
Types
#####
=========================================== =
:zeek:type:`IRC::Info`: :zeek:type:`record`
=========================================== =
Redefinitions
#############
==================================================================== ====================================================
:zeek:type:`Log::ID`: :zeek:type:`enum`
* :zeek:enum:`IRC::LOG`
:zeek:type:`connection`: :zeek:type:`record`
:New Fields: :zeek:type:`connection`
irc: :zeek:type:`IRC::Info` :zeek:attr:`&optional`
IRC session information.
:zeek:id:`likely_server_ports`: :zeek:type:`set` :zeek:attr:`&redef`
==================================================================== ====================================================
Events
######
=========================================== ===================================================================
:zeek:id:`IRC::irc_log`: :zeek:type:`event` Event that can be handled to access the IRC record as it is sent on
to the logging framework.
=========================================== ===================================================================
Hooks
#####
======================================================== =
:zeek:id:`IRC::log_policy`: :zeek:type:`Log::PolicyHook`
======================================================== =
Detailed Interface
~~~~~~~~~~~~~~~~~~
Types
#####
.. zeek:type:: IRC::Info
:source-code: base/protocols/irc/main.zeek 13 31
:Type: :zeek:type:`record`
.. zeek:field:: ts :zeek:type:`time` :zeek:attr:`&log`
Timestamp when the command was seen.
.. zeek:field:: uid :zeek:type:`string` :zeek:attr:`&log`
Unique ID for the connection.
.. zeek:field:: id :zeek:type:`conn_id` :zeek:attr:`&log`
The connection's 4-tuple of endpoint addresses/ports.
.. zeek:field:: nick :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
Nickname given for the connection.
.. zeek:field:: user :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
Username given for the connection.
.. zeek:field:: command :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
Command given by the client.
.. zeek:field:: value :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
Value for the command given by the client.
.. zeek:field:: addl :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
Any additional data for the command.
.. zeek:field:: dcc_file_name :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
(present if :doc:`/scripts/base/protocols/irc/dcc-send.zeek` is loaded)
DCC filename requested.
.. zeek:field:: dcc_file_size :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional`
(present if :doc:`/scripts/base/protocols/irc/dcc-send.zeek` is loaded)
Size of the DCC transfer as indicated by the sender.
.. zeek:field:: dcc_mime_type :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
(present if :doc:`/scripts/base/protocols/irc/dcc-send.zeek` is loaded)
Sniffed mime type of the file.
.. zeek:field:: fuid :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
(present if :doc:`/scripts/base/protocols/irc/files.zeek` is loaded)
File unique ID.
Events
######
.. zeek:id:: IRC::irc_log
:source-code: base/protocols/irc/main.zeek 35 35
:Type: :zeek:type:`event` (rec: :zeek:type:`IRC::Info`)
Event that can be handled to access the IRC record as it is sent on
to the logging framework.
Hooks
#####
.. zeek:id:: IRC::log_policy
:source-code: base/protocols/irc/main.zeek 11 11
:Type: :zeek:type:`Log::PolicyHook`