base/protocols/quic/main.zeek
- QUIC
Initial idea for a quic.log.
- Namespace
QUIC
- Imports
base/frameworks/notice/weird.zeek, base/protocols/conn/removal-hooks.zeek, base/protocols/quic/consts.zeek
Summary
Runtime Options
The maximum length of the history field. |
Types
Redefinitions
|
Events
Hooks
Detailed Interface
Runtime Options
- QUIC::max_history_length
-
The maximum length of the history field.
Types
- QUIC::Info
- Type
-
- ts:
time
&log
Timestamp of first QUIC packet for this entry.
- uid:
string
&log
Unique ID for the connection.
- id:
conn_id
&log
The connection’s 4-tuple of endpoint addresses/ports.
- version:
string
&log
QUIC version as found in the first INITIAL packet from the client.
- client_initial_dcid:
string
&log
&optional
First Destination Connection ID used by client. This is random and unpredictable, but used for packet protection by client and server.
- client_scid:
string
&log
&optional
Client’s Source Connection ID from the first INITIAL packet.
- server_scid:
string
&log
&optional
Server chosen Connection ID usually from server’s first INITIAL packet. This is to be used by the client in subsequent packets.
- server_name:
string
&log
&optional
Server name extracted from SNI extension in ClientHello packet if available.
- client_protocol:
string
&log
&optional
First protocol extracted from ALPN extension in ClientHello packet if available.
- history:
string
&log
&default
=""
&optional
Experimental QUIC history.
Letters have the following meaning with client-sent letters being capitalized:
Letter
Meaning
I
INIT packet
H
HANDSHAKE packet
Z
0RTT packet
R
RETRY packet
C
CONNECTION_CLOSE packet
S
SSL Client/Server Hello
- ts:
Events
- QUIC::log_quic
- Type
event
(rec:QUIC::Info
)