base/bif/plugins/Zeek_UDP.events.bif.zeek

GLOBAL
Namespace

GLOBAL

Summary

Events

udp_contents: event

Generated for UDP packets to pass on their payload.

udp_multiple_checksum_errors: event

Generated if a UDP flow crosses a checksum-error threshold, per ‘C’/’c’ history reporting.

udp_reply: event

Generated for each packet sent by a UDP flow’s responder.

udp_request: event

Generated for each packet sent by a UDP flow’s originator.

Detailed Interface

Events

udp_contents
Type

event (u: connection, is_orig: bool, contents: string)

Generated for UDP packets to pass on their payload. As the number of UDP packets can be very large, this event is normally raised only for those on ports configured in udp_content_delivery_ports_orig (for packets sent by the flow’s originator) or udp_content_delivery_ports_resp (for packets sent by the flow’s responder). However, delivery can be enabled for all UDP request and reply packets by setting udp_content_deliver_all_orig or udp_content_deliver_all_resp, respectively. Note that this event is also raised for all matching UDP packets, including empty ones.

Parameters
  • u – The connection record for the corresponding UDP flow.

  • is_orig – True if the event is raised for the originator side.

  • contents – TODO.

See also: udp_reply, udp_request, udp_session_done, udp_content_deliver_all_orig, udp_content_deliver_all_resp, udp_content_delivery_ports_orig, udp_content_delivery_ports_resp

udp_multiple_checksum_errors
Type

event (u: connection, is_orig: bool, threshold: count)

Generated if a UDP flow crosses a checksum-error threshold, per ‘C’/’c’ history reporting.

Parameters
  • u – The connection record for the corresponding UDP flow.

  • is_orig – True if the event is raised for the originator side.

  • threshold – the threshold that was crossed

See also: udp_reply, udp_request, udp_session_done, tcp_multiple_checksum_errors

udp_reply
Type

event (u: connection)

Generated for each packet sent by a UDP flow’s responder. This a potentially expensive event due to the volume of UDP traffic and should be used with care.

Parameters

u – The connection record for the corresponding UDP flow.

See also: udp_contents, udp_request, udp_session_done

udp_request
Type

event (u: connection)

Generated for each packet sent by a UDP flow’s originator. This a potentially expensive event due to the volume of UDP traffic and should be used with care.

Parameters

u – The connection record for the corresponding UDP flow.

See also: udp_contents, udp_reply, udp_session_done