Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/doc/scripts/base/protocols/quic/spicy-events.zeek.rst
Tim Wojtulewicz ded98cd373 Copy docs into Zeek repo directly 
This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.
2025-09-26 02:58:29 +00:00

176 lines
5 KiB
ReStructuredText
Raw Permalink Blame History

:tocdepth: 3
base/protocols/quic/spicy-events.zeek
=====================================
Events generated by the QUIC analyzer.
See See `RFC9000 <https://tools.ietf.org/html/rfc9000>`__.
Summary
~~~~~~~
Events
######
=========================================================== ============================================
:zeek:id:`QUIC::connection_close_frame`: :zeek:type:`event` Generated for a QUIC CONNECTION_CLOSE frame.
:zeek:id:`QUIC::handshake_packet`: :zeek:type:`event` Generated for a QUIC Handshake packet.
:zeek:id:`QUIC::initial_packet`: :zeek:type:`event` Generated for a QUIC Initial packet.
:zeek:id:`QUIC::retry_packet`: :zeek:type:`event` Generated for a QUIC Retry packet.
:zeek:id:`QUIC::unhandled_version`: :zeek:type:`event` Generated for an unrecognized QUIC version.
:zeek:id:`QUIC::zero_rtt_packet`: :zeek:type:`event` Generated for a QUIC 0-RTT packet.
=========================================================== ============================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Events
######
.. zeek:id:: QUIC::connection_close_frame
:source-code: base/protocols/quic/main.zeek 182 192
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`, error_code: :zeek:type:`count`, reason_phrase: :zeek:type:`string`)
Generated for a QUIC CONNECTION_CLOSE frame.
:param c: The connection.
:param is_orig: True if the packet is from the the connection's originator.
:param version: The Version field.
:param dcid: The Destination Connection ID field.
:param scid: The Source Connection ID field.
:param error_code: Count indicating the reason for closing this connection.
:param reason_phrase: Additional diagnostic information for the closure.
.. note:: Packets with CONNECTION_CLOSE frames are usually encrypted after connection establishment and not visible to Zeek.
.. zeek:id:: QUIC::handshake_packet
:source-code: base/protocols/quic/main.zeek 142 146
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`)
Generated for a QUIC Handshake packet.
:param c: The connection.
:param is_orig: True if the packet is from the the connection's originator.
:param version: The Version field.
:param dcid: The Destination Connection ID field.
:param scid: The Source Connection ID field.
.. zeek:id:: QUIC::initial_packet
:source-code: base/protocols/quic/main.zeek 136 140
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`)
Generated for a QUIC Initial packet.
:param c: The connection.
:param is_orig: True if the packet is from the the connection's originator.
:param version: The Version field.
:param dcid: The Destination Connection ID field.
:param scid: The Source Connection ID field.
.. zeek:id:: QUIC::retry_packet
:source-code: base/protocols/quic/main.zeek 155 165
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`, retry_token: :zeek:type:`string`, retry_integrity_tag: :zeek:type:`string`)
Generated for a QUIC Retry packet.
:param c: The connection.
:param is_orig: True if the packet is from the the connection's originator.
:param version: The Version field.
:param dcid: The Destination Connection ID field.
:param scid: The Source Connection ID field.
:param retry_token: The Retry Token field.
:param integrity_tag: The Retry Integrity Tag field.
.. zeek:id:: QUIC::unhandled_version
:source-code: base/protocols/quic/main.zeek 168 178
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`)
Generated for an unrecognized QUIC version.
:param c: The connection.
:param is_orig: True if the packet is from the the connection's originator.
:param version: The Version field.
:param dcid: The Destination Connection ID field.
:param scid: The Source Connection ID field.
.. zeek:id:: QUIC::zero_rtt_packet
:source-code: base/protocols/quic/main.zeek 148 152
:Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`)
Generated for a QUIC 0-RTT packet.
:param c: The connection.
:param is_orig: True if the packet is from the the connection's originator.
:param version: The Version field.
:param dcid: The Destination Connection ID field.
:param scid: The Source Connection ID field.
Reference in a new issue View git blame Copy permalink