mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 10:38:20 +00:00
151 lines
No EOL
3 KiB
Text
151 lines
No EOL
3 KiB
Text
# Notes
|
|
# * irc_dcc_message doesn't seem to work.
|
|
|
|
@load functions
|
|
|
|
module IRC;
|
|
|
|
redef enum Log::ID += { IRC };
|
|
|
|
export {
|
|
type Tags: enum { EMPTY };
|
|
|
|
type Info: record {
|
|
ts: time &log;
|
|
uid: string &log;
|
|
id: conn_id &log;
|
|
nick: string &log &optional;
|
|
user: string &log &optional;
|
|
channels: set[string] &log &optional;
|
|
|
|
command: string &log &optional;
|
|
value: string &log &optional;
|
|
addl: string &log &optional;
|
|
tags: set[Tags] &log;
|
|
};
|
|
|
|
const logged_commands = set("JOIN", "DCC SEND");
|
|
|
|
global irc_log: event(rec: Info);
|
|
}
|
|
|
|
redef record connection += {
|
|
irc: Info &optional;
|
|
};
|
|
|
|
# Some common IRC ports.
|
|
redef capture_filters += { ["irc-6666"] = "port 6666" };
|
|
redef capture_filters += { ["irc-6667"] = "port 6667" };
|
|
|
|
# DPD configuration.
|
|
global irc_ports = { 6666/tcp, 6667/tcp } &redef;
|
|
redef dpd_config += { [ANALYZER_IRC] = [$ports = irc_ports] };
|
|
|
|
event bro_init()
|
|
{
|
|
Log::create_stream(IRC, [$columns=Info, $ev=irc_log]);
|
|
}
|
|
|
|
function new_session(c: connection): Info
|
|
{
|
|
local info: Info;
|
|
info$ts = network_time();
|
|
info$uid = c$uid;
|
|
info$id = c$id;
|
|
return info;
|
|
}
|
|
|
|
function set_session(c: connection)
|
|
{
|
|
if ( ! c?$irc )
|
|
c$irc = new_session(c);
|
|
|
|
c$irc$ts=network_time();
|
|
}
|
|
|
|
event irc_client(c: connection, prefix: string, data: string)
|
|
{
|
|
set_session(c);
|
|
|
|
local parts = split1(data, / /);
|
|
local command = parts[1];
|
|
|
|
if ( /^PING/ !in data )
|
|
{
|
|
#print "irc_client";
|
|
#print data;
|
|
}
|
|
}
|
|
|
|
event irc_server(c: connection, prefix: string, data: string)
|
|
{
|
|
set_session(c);
|
|
|
|
local parts = split1(data, / /);
|
|
local command = parts[1];
|
|
|
|
if ( command == "PRIVMSG" )
|
|
{
|
|
local more_parts = split1(data, /\x01/);
|
|
if ( |more_parts| > 1 )
|
|
{
|
|
if ( /^DCC/ in more_parts[1] )
|
|
{
|
|
|
|
}
|
|
}
|
|
#local p = split1(data, /:/);
|
|
#if ( /DCC CHAT/ in data )
|
|
# print p;
|
|
#expect_connection(c$id$resp_h, data$h, data$p, ANALYZER_FILE, 5 min);
|
|
|
|
#print data;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
event irc_nick_message(c: connection, who: string, newnick: string) &priority=5
|
|
{
|
|
c$irc$command="NICK";
|
|
c$irc$value = newnick;
|
|
|
|
Log::write(IRC, c$irc);
|
|
|
|
c$irc$nick=newnick;
|
|
}
|
|
|
|
event irc_nick_message(c: connection, who: string, newnick: string) &priority=-5
|
|
{
|
|
Log::write(IRC, c$irc);
|
|
c$irc$nick=newnick;
|
|
}
|
|
|
|
event irc_user_message(c: connection, user: string, host: string, server: string, real_name: string)
|
|
{
|
|
c$irc$command = "USER";
|
|
c$irc$value = user;
|
|
c$irc$addl=fmt("%s %s %s", host, server, real_name);
|
|
}
|
|
|
|
event irc_user_message(c: connection, user: string, host: string,
|
|
server: string, real_name: string) &priority=-5
|
|
{
|
|
Log::write(IRC, c$irc);
|
|
c$irc$user = user;
|
|
}
|
|
|
|
event irc_join_message(c: connection, info_list: irc_join_list) &priority=5
|
|
{
|
|
c$irc$command = "JOIN";
|
|
}
|
|
|
|
event irc_join_message(c: connection, info_list: irc_join_list) &priority=-5
|
|
{
|
|
for ( l in info_list )
|
|
{
|
|
c$irc$value = l$channel;
|
|
c$irc$addl = (l$password != "" ? fmt(" with channel key: '%s'", l$password) : "");
|
|
Log::write(IRC, c$irc);
|
|
}
|
|
} |