base/bif/plugins/Bro_UDP.events.bif.bro¶
-
GLOBAL¶
| Namespace: | GLOBAL |
|---|---|
| Source File: | /scripts/base/bif/plugins/Bro_UDP.events.bif.bro |
Summary¶
Events¶
udp_contents: event |
Generated for UDP packets to pass on their payload. |
udp_multiple_checksum_errors: event |
Generated if a UDP flow crosses a checksum-error threshold, per ‘C’/’c’ history reporting. |
udp_reply: event |
Generated for each packet sent by a UDP flow’s responder. |
udp_request: event |
Generated for each packet sent by a UDP flow’s originator. |
Detailed Interface¶
Events¶
-
udp_contents¶ Type: event(u:connection, is_orig:bool, contents:string)Generated for UDP packets to pass on their payload. As the number of UDP packets can be very large, this event is normally raised only for those on ports configured in
udp_content_delivery_ports_orig(for packets sent by the flow’s originator) orudp_content_delivery_ports_resp(for packets sent by the flow’s responder). However, delivery can be enabled for all UDP request and reply packets by settingudp_content_deliver_all_origorudp_content_deliver_all_resp, respectively. Note that this event is also raised for all matching UDP packets, including empty ones.U: The connection record for the corresponding UDP flow. Is_orig: True if the event is raised for the originator side. Contents: TODO. See also:
udp_reply,udp_request,udp_session_done,udp_content_deliver_all_orig,udp_content_deliver_all_resp,udp_content_delivery_ports_orig,udp_content_delivery_ports_resp
-
udp_multiple_checksum_errors¶ Type: event(u:connection, is_orig:bool, threshold:count)Generated if a UDP flow crosses a checksum-error threshold, per ‘C’/’c’ history reporting.
U: The connection record for the corresponding UDP flow. Is_orig: True if the event is raised for the originator side. Threshold: the threshold that was crossed See also:
udp_reply,udp_request,udp_session_done,tcp_multiple_checksum_errors
-
udp_reply¶ Type: event(u:connection)Generated for each packet sent by a UDP flow’s responder. This a potentially expensive event due to the volume of UDP traffic and should be used with care.
U: The connection record for the corresponding UDP flow. See also:
udp_contents,udp_request,udp_session_done
-
udp_request¶ Type: event(u:connection)Generated for each packet sent by a UDP flow’s originator. This a potentially expensive event due to the volume of UDP traffic and should be used with care.
U: The connection record for the corresponding UDP flow. See also:
udp_contents,udp_reply,udp_session_done
