base/bif/plugins/Zeek_Teredo.events.bif.zeek

GLOBAL
Namespace:

GLOBAL

Summary

Events

new_teredo_state: event

Generated when per connection Teredo state is created.

teredo_authentication: event

Generated for IPv6 packets encapsulated in a Teredo tunnel that use the Teredo authentication encapsulation method.

teredo_bubble: event

Generated for Teredo bubble packets.

teredo_origin_indication: event

Generated for IPv6 packets encapsulated in a Teredo tunnel that use the Teredo origin indication encapsulation method.

teredo_packet: event

Generated for any IPv6 packet encapsulated in a Teredo tunnel.

Detailed Interface

Events

new_teredo_state
Type:

event (c: connection)

Generated when per connection Teredo state is created.

This is primarily useful to install a connection removal hook to clear internal per-connection Teredo state.

Parameters:

c – The Teredo tunnel connection.

teredo_authentication
Type:

event (outer: connection, inner: teredo_hdr)

Generated for IPv6 packets encapsulated in a Teredo tunnel that use the Teredo authentication encapsulation method. See RFC 4380 for more information about the Teredo protocol.

Parameters:
  • outer – The Teredo tunnel connection.

  • inner – The Teredo-encapsulated IPv6 packet header and transport header.

See also: teredo_packet, teredo_origin_indication, teredo_bubble

Note

Since this event may be raised on a per-packet basis, handling it may become particularly expensive for real-time analysis.

teredo_bubble
Type:

event (outer: connection, inner: teredo_hdr)

Generated for Teredo bubble packets. That is, IPv6 packets encapsulated in a Teredo tunnel that have a Next Header value of IPPROTO_NONE. See RFC 4380 for more information about the Teredo protocol.

Parameters:
  • outer – The Teredo tunnel connection.

  • inner – The Teredo-encapsulated IPv6 packet header and transport header.

See also: teredo_packet, teredo_authentication, teredo_origin_indication

Note

Since this event may be raised on a per-packet basis, handling it may become particularly expensive for real-time analysis.

teredo_origin_indication
Type:

event (outer: connection, inner: teredo_hdr)

Generated for IPv6 packets encapsulated in a Teredo tunnel that use the Teredo origin indication encapsulation method. See RFC 4380 for more information about the Teredo protocol.

Parameters:
  • outer – The Teredo tunnel connection.

  • inner – The Teredo-encapsulated IPv6 packet header and transport header.

See also: teredo_packet, teredo_authentication, teredo_bubble

Note

Since this event may be raised on a per-packet basis, handling it may become particularly expensive for real-time analysis.

teredo_packet
Type:

event (outer: connection, inner: teredo_hdr)

Generated for any IPv6 packet encapsulated in a Teredo tunnel. See RFC 4380 for more information about the Teredo protocol.

Parameters:
  • outer – The Teredo tunnel connection.

  • inner – The Teredo-encapsulated IPv6 packet header and transport header.

See also: teredo_authentication, teredo_origin_indication, teredo_bubble

Note

Since this event may be raised on a per-packet basis, handling it may become particularly expensive for real-time analysis.