base/bif/plugins/Zeek_Teredo.events.bif.zeek
- GLOBAL
- Namespace:
GLOBAL
Summary
Events
Generated when per connection Teredo state is created. |
|
Generated for IPv6 packets encapsulated in a Teredo tunnel that use the Teredo authentication encapsulation method. |
|
Generated for Teredo bubble packets. |
|
Generated for IPv6 packets encapsulated in a Teredo tunnel that use the Teredo origin indication encapsulation method. |
|
Generated for any IPv6 packet encapsulated in a Teredo tunnel. |
Detailed Interface
Events
- new_teredo_state
- Type:
event
(c:connection
)
Generated when per connection Teredo state is created.
This is primarily useful to install a connection removal hook to clear internal per-connection Teredo state.
- Parameters:
c – The Teredo tunnel connection.
- teredo_authentication
- Type:
event
(outer:connection
, inner:teredo_hdr
)
Generated for IPv6 packets encapsulated in a Teredo tunnel that use the Teredo authentication encapsulation method. See RFC 4380 for more information about the Teredo protocol.
- Parameters:
outer – The Teredo tunnel connection.
inner – The Teredo-encapsulated IPv6 packet header and transport header.
See also:
teredo_packet
,teredo_origin_indication
,teredo_bubble
Note
Since this event may be raised on a per-packet basis, handling it may become particularly expensive for real-time analysis.
- teredo_bubble
- Type:
event
(outer:connection
, inner:teredo_hdr
)
Generated for Teredo bubble packets. That is, IPv6 packets encapsulated in a Teredo tunnel that have a Next Header value of
IPPROTO_NONE
. See RFC 4380 for more information about the Teredo protocol.- Parameters:
outer – The Teredo tunnel connection.
inner – The Teredo-encapsulated IPv6 packet header and transport header.
See also:
teredo_packet
,teredo_authentication
,teredo_origin_indication
Note
Since this event may be raised on a per-packet basis, handling it may become particularly expensive for real-time analysis.
- teredo_origin_indication
- Type:
event
(outer:connection
, inner:teredo_hdr
)
Generated for IPv6 packets encapsulated in a Teredo tunnel that use the Teredo origin indication encapsulation method. See RFC 4380 for more information about the Teredo protocol.
- Parameters:
outer – The Teredo tunnel connection.
inner – The Teredo-encapsulated IPv6 packet header and transport header.
See also:
teredo_packet
,teredo_authentication
,teredo_bubble
Note
Since this event may be raised on a per-packet basis, handling it may become particularly expensive for real-time analysis.
- teredo_packet
- Type:
event
(outer:connection
, inner:teredo_hdr
)
Generated for any IPv6 packet encapsulated in a Teredo tunnel. See RFC 4380 for more information about the Teredo protocol.
- Parameters:
outer – The Teredo tunnel connection.
inner – The Teredo-encapsulated IPv6 packet header and transport header.
See also:
teredo_authentication
,teredo_origin_indication
,teredo_bubble
Note
Since this event may be raised on a per-packet basis, handling it may become particularly expensive for real-time analysis.