Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Copy docs into Zeek repo directly

Browse source 
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.
This commit is contained in:
Tim Wojtulewicz 2025-09-15 15:52:18 -07:00
parent 83f1e74643
commit ded98cd373
1074 changed files with 169319 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/scripts/base/protocols/websocket/__load__.zeek.rst Normal file
View file

@ -0,0 +1,14 @@
:tocdepth: 3
base/protocols/websocket/__load__.zeek
======================================
:Imports: :doc:`base/protocols/websocket/consts.zeek </scripts/base/protocols/websocket/consts.zeek>`, :doc:`base/protocols/websocket/main.zeek </scripts/base/protocols/websocket/main.zeek>`
Summary
~~~~~~~
Detailed Interface
~~~~~~~~~~~~~~~~~~

107
doc/scripts/base/protocols/websocket/consts.zeek.rst Normal file
View file

@ -0,0 +1,107 @@
:tocdepth: 3
base/protocols/websocket/consts.zeek
====================================
.. zeek:namespace:: WebSocket
WebSocket constants.
:Namespace: WebSocket
Summary
~~~~~~~
Redefinable Options
###################
=================================================================================================================== =
:zeek:id:`WebSocket::opcodes`: :zeek:type:`table` :zeek:attr:`&default` = :zeek:type:`function` :zeek:attr:`&redef`
=================================================================================================================== =
Constants
#########
============================================================= =
:zeek:id:`WebSocket::HANDSHAKE_GUID`: :zeek:type:`string`
:zeek:id:`WebSocket::OPCODE_BINARY`: :zeek:type:`count`
:zeek:id:`WebSocket::OPCODE_CLOSE`: :zeek:type:`count`
:zeek:id:`WebSocket::OPCODE_CONTINUATION`: :zeek:type:`count`
:zeek:id:`WebSocket::OPCODE_PING`: :zeek:type:`count`
:zeek:id:`WebSocket::OPCODE_PONG`: :zeek:type:`count`
:zeek:id:`WebSocket::OPCODE_TEXT`: :zeek:type:`count`
============================================================= =
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. zeek:id:: WebSocket::opcodes
:source-code: base/protocols/websocket/consts.zeek 13 13
:Type: :zeek:type:`table` [:zeek:type:`count`] of :zeek:type:`string`
:Attributes: :zeek:attr:`&default` = :zeek:type:`function` :zeek:attr:`&redef`
:Default:
::
{
[0] = "continuation",
[9] = "ping",
[10] = "pong",
[2] = "binary",
[8] = "close",
[1] = "text"
}
Constants
#########
.. zeek:id:: WebSocket::HANDSHAKE_GUID
:source-code: base/protocols/websocket/consts.zeek 22 22
:Type: :zeek:type:`string`
:Default: ``"258EAFA5-E914-47DA-95CA-C5AB0DC85B11"``
.. zeek:id:: WebSocket::OPCODE_BINARY
:source-code: base/protocols/websocket/consts.zeek 8 8
:Type: :zeek:type:`count`
:Default: ``2``
.. zeek:id:: WebSocket::OPCODE_CLOSE
:source-code: base/protocols/websocket/consts.zeek 9 9
:Type: :zeek:type:`count`
:Default: ``8``
.. zeek:id:: WebSocket::OPCODE_CONTINUATION
:source-code: base/protocols/websocket/consts.zeek 6 6
:Type: :zeek:type:`count`
:Default: ``0``
.. zeek:id:: WebSocket::OPCODE_PING
:source-code: base/protocols/websocket/consts.zeek 10 10
:Type: :zeek:type:`count`
:Default: ``9``
.. zeek:id:: WebSocket::OPCODE_PONG
:source-code: base/protocols/websocket/consts.zeek 11 11
:Type: :zeek:type:`count`
:Default: ``10``
.. zeek:id:: WebSocket::OPCODE_TEXT
:source-code: base/protocols/websocket/consts.zeek 7 7
:Type: :zeek:type:`count`
:Default: ``1``

21
doc/scripts/base/protocols/websocket/index.rst Normal file
View file

@ -0,0 +1,21 @@
:orphan:
Package: base/protocols/websocket
=================================
:doc:`/scripts/base/protocols/websocket/__load__.zeek`
:doc:`/scripts/base/protocols/websocket/consts.zeek`
WebSocket constants.
:doc:`/scripts/base/protocols/websocket/main.zeek`
Implements base functionality for WebSocket analysis.
Upon a websocket_established() event, logs all gathered information into
websocket.log and configures the WebSocket analyzer with the headers
collected via http events.

170
doc/scripts/base/protocols/websocket/main.zeek.rst Normal file
View file

@ -0,0 +1,170 @@
:tocdepth: 3
base/protocols/websocket/main.zeek
==================================
.. zeek:namespace:: WebSocket
Implements base functionality for WebSocket analysis.
Upon a websocket_established() event, logs all gathered information into
websocket.log and configures the WebSocket analyzer with the headers
collected via http events.
:Namespace: WebSocket
:Imports: :doc:`base/protocols/http </scripts/base/protocols/http/index>`, :doc:`base/protocols/websocket/consts.zeek </scripts/base/protocols/websocket/consts.zeek>`
Summary
~~~~~~~
Types
#####
================================================= ======================================
:zeek:type:`WebSocket::Info`: :zeek:type:`record` The record type for the WebSocket log.
================================================= ======================================
Redefinitions
#############
========================================================================== ================================================================
:zeek:id:`HTTP::upgrade_analyzers`: :zeek:type:`table` :zeek:attr:`&redef`
:zeek:type:`Log::ID`: :zeek:type:`enum`
* :zeek:enum:`WebSocket::LOG`
:zeek:type:`connection`: :zeek:type:`record`
:New Fields: :zeek:type:`connection`
websocket: :zeek:type:`WebSocket::Info` :zeek:attr:`&optional`
========================================================================== ================================================================
Events
######
======================================================= =================================================================
:zeek:id:`WebSocket::log_websocket`: :zeek:type:`event` Event that can be handled to access the WebSocket record as it is
sent on to the logging framework.
======================================================= =================================================================
Hooks
#####
============================================================== =================================================================
:zeek:id:`WebSocket::configure_analyzer`: :zeek:type:`hook` Experimental: Hook to intercept WebSocket analyzer configuration.
:zeek:id:`WebSocket::log_policy`: :zeek:type:`Log::PolicyHook` Log policy hook.
============================================================== =================================================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Types
#####
.. zeek:type:: WebSocket::Info
:source-code: base/protocols/websocket/main.zeek 22 47
:Type: :zeek:type:`record`
.. zeek:field:: ts :zeek:type:`time` :zeek:attr:`&log`
Timestamp
.. zeek:field:: uid :zeek:type:`string` :zeek:attr:`&log`
Unique ID for the connection.
.. zeek:field:: id :zeek:type:`conn_id` :zeek:attr:`&log`
The connection's 4-tuple of endpoint addresses/ports.
.. zeek:field:: host :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
Same as in the HTTP log.
.. zeek:field:: uri :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
Same as in the HTTP log.
.. zeek:field:: user_agent :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
Same as in the HTTP log.
.. zeek:field:: subprotocol :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
The WebSocket subprotocol as selected by the server.
.. zeek:field:: client_protocols :zeek:type:`vector` of :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
The protocols requested by the client, if any.
.. zeek:field:: server_extensions :zeek:type:`vector` of :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
The extensions selected by the the server, if any.
.. zeek:field:: client_extensions :zeek:type:`vector` of :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional`
The extensions requested by the client, if any.
.. zeek:field:: client_key :zeek:type:`string` :zeek:attr:`&optional`
The Sec-WebSocket-Key header from the client.
.. zeek:field:: server_accept :zeek:type:`string` :zeek:attr:`&optional`
The Sec-WebSocket-Accept header from the server.
The record type for the WebSocket log.
Events
######
.. zeek:id:: WebSocket::log_websocket
:source-code: base/protocols/websocket/main.zeek 51 51
:Type: :zeek:type:`event` (rec: :zeek:type:`WebSocket::Info`)
Event that can be handled to access the WebSocket record as it is
sent on to the logging framework.
Hooks
#####
.. zeek:id:: WebSocket::configure_analyzer
:source-code: base/protocols/websocket/main.zeek 72 72
:Type: :zeek:type:`hook` (c: :zeek:type:`connection`, aid: :zeek:type:`count`, config: :zeek:type:`WebSocket::AnalyzerConfig`) : :zeek:type:`bool`
:param Experimental: Hook to intercept WebSocket analyzer configuration.
Breaking from this hook disables the WebSocket analyzer immediately.
To modify the configuration of the analyzer, use the
:zeek:see:`WebSocket::AnalyzerConfig` type.
While this API allows quite some flexibility currently, should be
considered experimental and may change in the future with or
without a deprecation phase.
:param c: The connection
:param aid: The analyzer ID for the WebSocket analyzer.
:param config: The configuration record, also containing information
about the subprotocol and extensions.
.. zeek:id:: WebSocket::log_policy
:source-code: base/protocols/websocket/main.zeek 54 54
:Type: :zeek:type:`Log::PolicyHook`
Log policy hook.