quic: analyzer: Recognize and report unknown versions better

This makes the analyzer.log entry more informative by including the actual version and also allows to handle this scenario in script land if needed.
2025-10-05 08:08:19 +00:00 · 2024-01-04 20:07:18 +01:00 · 2024-01-04 20:07:18 +01:00 · 50cdac922f
commit 50cdac922f
parent 727091ed67
5 changed files with 26 additions and 5 deletions
--- a/testing/btest/scripts/base/protocols/quic/vector-max-size-crash.zeek
+++ b/testing/btest/scripts/base/protocols/quic/vector-max-size-crash.zeek
@ -1,11 +1,15 @@
 # @TEST-DOC: Test that runs the pcap

 # @TEST-REQUIRES: ${SCRIPTS}/have-spicy
-# @TEST-EXEC: zeek -Cr $TRACES/quic/vector-max-size-crash.pcap base/protocols/quic
+# @TEST-EXEC: zeek -Cr $TRACES/quic/vector-max-size-crash.pcap base/protocols/quic %INPUT > out
 # @TEST-EXEC: zeek-cut -m ts uid history service < conn.log > conn.log.cut
 # @TEST-EXEC: zeek-cut -m ts uid cause analyzer_kind analyzer_name failure_reason < analyzer.log > analyzer.log.cut
 # @TEST-EXEC: btest-diff conn.log.cut
+# @TEST-EXEC: btest-diff out

-# Only run btest-ddiff on analyzer.log with 6.1-dev or later. The violation
-# reporting has more detail in later versions.
-# @TEST-EXEC: zeek -b -e 'exit(Version::info$version_number < 60100 ? 0 : 1)' || TEST_DIFF_CANONIFIER='sed -r "s/\((.+)\.spicy:[0-9]+:[0-9]+\)/(\1.spicy:<line>:<column>)/g" | $SCRIPTS/diff-remove-abspath' btest-diff analyzer.log.cut
+# @TEST-EXEC: TEST_DIFF_CANONIFIER='sed -r "s/\((.+)\.spicy:[0-9]+:[0-9]+\)/(\1.spicy:<line>:<column>)/g" | $SCRIPTS/diff-remove-abspath' btest-diff analyzer.log.cut
+
+event QUIC::unhandled_version(c: connection, is_orig: bool, version: count, dcid: string, scid: string)
+	{
+	print "QUIC::unhandled_version", c$uid, is_orig, version, dcid, scid;
+	}