Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 05:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/src/packet_analysis/protocol/udp/events.bif
Tim Wojtulewicz c21af39a30 Add new UDP packet analyzer, remove old one
2021-05-18 11:52:04 -07:00

51 lines
2.1 KiB
C++
Raw Blame History

## Generated for each packet sent by a UDP flow's originator. This a potentially
## expensive event due to the volume of UDP traffic and should be used with
## care.
##
## u: The connection record for the corresponding UDP flow.
##
## .. zeek:see:: udp_contents udp_reply udp_session_done
event udp_request%(u: connection%);
## Generated for each packet sent by a UDP flow's responder. This a potentially
## expensive event due to the volume of UDP traffic and should be used with
## care.
##
## u: The connection record for the corresponding UDP flow.
##
## .. zeek:see:: udp_contents udp_request udp_session_done
event udp_reply%(u: connection%);
## Generated for UDP packets to pass on their payload. As the number of UDP
## packets can be very large, this event is normally raised only for those on
## ports configured in :zeek:id:`udp_content_delivery_ports_orig` (for packets
## sent by the flow's originator) or :zeek:id:`udp_content_delivery_ports_resp`
## (for packets sent by the flow's responder). However, delivery can be enabled
## for all UDP request and reply packets by setting
## :zeek:id:`udp_content_deliver_all_orig` or
## :zeek:id:`udp_content_deliver_all_resp`, respectively. Note that this
## event is also raised for all matching UDP packets, including empty ones.
##
## u: The connection record for the corresponding UDP flow.
##
## is_orig: True if the event is raised for the originator side.
##
## contents: TODO.
##
## .. zeek:see:: udp_reply udp_request udp_session_done
## udp_content_deliver_all_orig udp_content_deliver_all_resp
## udp_content_delivery_ports_orig udp_content_delivery_ports_resp
event udp_contents%(u: connection, is_orig: bool, contents: string%);
## Generated if a UDP flow crosses a checksum-error threshold, per
## 'C'/'c' history reporting.
##
## u: The connection record for the corresponding UDP flow.
##
## is_orig: True if the event is raised for the originator side.
##
## threshold: the threshold that was crossed
##
## .. zeek:see:: udp_reply udp_request udp_session_done
## tcp_multiple_checksum_errors
event udp_multiple_checksum_errors%(u: connection, is_orig: bool, threshold: count%);
Reference in a new issue View git blame Copy permalink