lua:quic
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
lua:quic [2018/12/13 23:32] – [Network Security Monitoring for QUIC] veera | lua:quic [2018/12/13 23:37] – [QUIC protocol analysis using the Trisul Scripting API] veera | ||
---|---|---|---|
Line 8: | Line 8: | ||
+ | The QUIC analysis LUA scripts can be found here in the [[https:// | ||
===== Network Security Monitoring for QUIC ===== | ===== Network Security Monitoring for QUIC ===== | ||
Line 32: | Line 33: | ||
The quic-dissect.lua script is where the real stuff happens, the rest of the files are plumbing into the Trisul platform. Start from there. | The quic-dissect.lua script is where the real stuff happens, the rest of the files are plumbing into the Trisul platform. Start from there. | ||
- | What is the output | + | ==== Output |
The goal of all Trisul scripts is to add some piece of information into the streaming analysis. What we do in quic-simplecounter.lua is. | The goal of all Trisul scripts is to add some piece of information into the streaming analysis. What we do in quic-simplecounter.lua is. | ||
Line 42: | Line 44: | ||
- | This is how the outputs look like. Using the TRP API you can access these programatically too. | + | This is how the outputs look like. |
===== Flow Tags ===== | ===== Flow Tags ===== | ||
Line 69: | Line 70: | ||
{{ : | {{ : | ||
- | ====== Comparison to Bro/ | + | ===== Comparison to Bro/Zeek ===== |
The Trisul scripting API allows you to write in LUA rather than a mix of C/Bro language which need a compilation step. We find this is a major efficiency advantage. | The Trisul scripting API allows you to write in LUA rather than a mix of C/Bro language which need a compilation step. We find this is a major efficiency advantage. | ||
- | ====== Conclusion | + | ===== Conclusion ===== |
The goal here is to show the power of the Trisul scripting API rather than a production grade QUIC analyzer. | The goal here is to show the power of the Trisul scripting API rather than a production grade QUIC analyzer. | ||
Line 80: | Line 81: | ||
While the script is working fine in our test environment but putting into production would need some extra work. Particularly when QUIC is used for HD streaming, we need a more efficient way to shunt the stream after the initial handshake otherwise we enter the C->Lua interface for every UDP packet. | While the script is working fine in our test environment but putting into production would need some extra work. Particularly when QUIC is used for HD streaming, we need a more efficient way to shunt the stream after the initial handshake otherwise we enter the C->Lua interface for every UDP packet. | ||
+ | |||
+ | Head over to the Github page for the [[https:// |
lua/quic.txt · Last modified: 2024/06/04 16:58 by thiyagu