base/protocols/quic/spicy-events.zeek
Events generated by the QUIC analyzer.
See See RFC9000.
Summary
Events
Generated for a QUIC CONNECTION_CLOSE frame. |
|
Generated for a QUIC Handshake packet. |
|
Generated for a QUIC Initial packet. |
|
Generated for a QUIC Retry packet. |
|
Generated for an unrecognized QUIC version. |
|
Generated for a QUIC 0-RTT packet. |
Detailed Interface
Events
- QUIC::connection_close_frame
- Type
event
(c:connection
, is_orig:bool
, version:count
, dcid:string
, scid:string
, error_code:count
, reason_phrase:string
)
Generated for a QUIC CONNECTION_CLOSE frame.
- Parameters
c – The connection.
is_orig – True if the packet is from the the connection’s originator.
version – The Version field.
dcid – The Destination Connection ID field.
scid – The Source Connection ID field.
error_code – Count indicating the reason for closing this connection.
reason_phrase – Additional diagnostic information for the closure.
Note
Packets with CONNECTION_CLOSE frames are usually encrypted after connection establishment and not visible to Zeek.
- QUIC::handshake_packet
-
Generated for a QUIC Handshake packet.
- Parameters
c – The connection.
is_orig – True if the packet is from the the connection’s originator.
version – The Version field.
dcid – The Destination Connection ID field.
scid – The Source Connection ID field.
- QUIC::initial_packet
-
Generated for a QUIC Initial packet.
- Parameters
c – The connection.
is_orig – True if the packet is from the the connection’s originator.
version – The Version field.
dcid – The Destination Connection ID field.
scid – The Source Connection ID field.
- QUIC::retry_packet
- Type
event
(c:connection
, is_orig:bool
, version:count
, dcid:string
, scid:string
, retry_token:string
, retry_integrity_tag:string
)
Generated for a QUIC Retry packet.
- Parameters
c – The connection.
is_orig – True if the packet is from the the connection’s originator.
version – The Version field.
dcid – The Destination Connection ID field.
scid – The Source Connection ID field.
retry_token – The Retry Token field.
integrity_tag – The Retry Integrity Tag field.
- QUIC::unhandled_version
-
Generated for an unrecognized QUIC version.
- Parameters
c – The connection.
is_orig – True if the packet is from the the connection’s originator.
version – The Version field.
dcid – The Destination Connection ID field.
scid – The Source Connection ID field.
- QUIC::zero_rtt_packet
-
Generated for a QUIC 0-RTT packet.
- Parameters
c – The connection.
is_orig – True if the packet is from the the connection’s originator.
version – The Version field.
dcid – The Destination Connection ID field.
scid – The Source Connection ID field.