From a682947d06778647780b7a0c8a2da558fcb5ce2e Mon Sep 17 00:00:00 2001
From: Cameron Bytheway <bytheway.cameron@gmail.com>
Date: Thu, 31 Oct 2024 14:04:18 -0600
Subject: [PATCH] pr feedback

---
 dc/s2n-quic-dc/events/map.rs                  |  30 +-
 dc/s2n-quic-dc/src/event/generated.rs         | 405 ++++++++++++++++--
 dc/s2n-quic-dc/src/path/secret/map/state.rs   |  35 +-
 ...state__tests__thread_shutdown__events.snap |   6 +
 .../src/path/secret/map/state/tests.rs        |  23 +-
 5 files changed, 428 insertions(+), 71 deletions(-)
 create mode 100644 dc/s2n-quic-dc/src/path/secret/map/state/snapshots/path__secret__map__state__tests__thread_shutdown__events.snap

diff --git a/dc/s2n-quic-dc/events/map.rs b/dc/s2n-quic-dc/events/map.rs
index 245273848..162218c8e 100644
--- a/dc/s2n-quic-dc/events/map.rs
+++ b/dc/s2n-quic-dc/events/map.rs
@@ -6,9 +6,6 @@
 struct PathSecretMapInitialized {
     /// The capacity of the path secret map
     capacity: usize,
-
-    /// The port that the path secret is listening on
-    control_socket_port: u16,
 }
 
 #[event("path_secret_map:uninitialized")]
@@ -17,9 +14,6 @@ struct PathSecretMapUninitialized {
     /// The capacity of the path secret map
     capacity: usize,
 
-    /// The port that the path secret is listening on
-    control_socket_port: u16,
-
     /// The number of entries in the map
     entries: usize,
 }
@@ -92,6 +86,14 @@ struct UnknownPathSecretPacketRejected<'a> {
     credential_id: &'a [u8],
 }
 
+#[event("path_secret_map:unknown_path_secret_packet_dropped")]
+#[subject(endpoint)]
+/// Emitted when an UnknownPathSecret packet was dropped due to a missing entry
+struct UnknownPathSecretPacketDropped<'a> {
+    peer_address: SocketAddress<'a>,
+    credential_id: &'a [u8],
+}
+
 #[event("path_secret_map:replay_definitely_detected")]
 #[subject(endpoint)]
 /// Emitted when credential replay was definitely detected
@@ -143,6 +145,14 @@ struct ReplayDetectedPacketRejected<'a> {
     credential_id: &'a [u8],
 }
 
+#[event("path_secret_map:replay_detected_packet_dropped")]
+#[subject(endpoint)]
+/// Emitted when an ReplayDetected packet was dropped due to a missing entry
+struct ReplayDetectedPacketDropped<'a> {
+    peer_address: SocketAddress<'a>,
+    credential_id: &'a [u8],
+}
+
 #[event("path_secret_map:stale_key_packet_sent")]
 #[subject(endpoint)]
 /// Emitted when an StaleKey packet was sent
@@ -174,3 +184,11 @@ struct StaleKeyPacketRejected<'a> {
     peer_address: SocketAddress<'a>,
     credential_id: &'a [u8],
 }
+
+#[event("path_secret_map:stale_key_packet_dropped")]
+#[subject(endpoint)]
+/// Emitted when an StaleKey packet was dropped due to a missing entry
+struct StaleKeyPacketDropped<'a> {
+    peer_address: SocketAddress<'a>,
+    credential_id: &'a [u8],
+}
diff --git a/dc/s2n-quic-dc/src/event/generated.rs b/dc/s2n-quic-dc/src/event/generated.rs
index c1f461e20..7656279a8 100644
--- a/dc/s2n-quic-dc/src/event/generated.rs
+++ b/dc/s2n-quic-dc/src/event/generated.rs
@@ -26,7 +26,9 @@ pub mod api {
     #[non_exhaustive]
     pub struct ApplicationWrite {
         #[doc = " The number of bytes that the application tried to write"]
-        pub len: usize,
+        pub total_len: usize,
+        #[doc = " The amount that was written"]
+        pub write_len: usize,
     }
     impl Event for ApplicationWrite {
         const NAME: &'static str = "application:write";
@@ -35,10 +37,12 @@ pub mod api {
     #[non_exhaustive]
     pub struct ApplicationRead {
         #[doc = " The number of bytes that the application tried to read"]
-        pub len: usize,
+        pub capacity: usize,
+        #[doc = " The amount that was read"]
+        pub read_len: usize,
     }
     impl Event for ApplicationRead {
-        const NAME: &'static str = "application:write";
+        const NAME: &'static str = "application:read";
     }
     #[derive(Clone, Debug)]
     #[non_exhaustive]
@@ -56,8 +60,6 @@ pub mod api {
     pub struct PathSecretMapInitialized {
         #[doc = " The capacity of the path secret map"]
         pub capacity: usize,
-        #[doc = " The port that the path secret is listening on"]
-        pub control_socket_port: u16,
     }
     impl Event for PathSecretMapInitialized {
         const NAME: &'static str = "path_secret_map:initialized";
@@ -67,8 +69,6 @@ pub mod api {
     pub struct PathSecretMapUninitialized {
         #[doc = " The capacity of the path secret map"]
         pub capacity: usize,
-        #[doc = " The port that the path secret is listening on"]
-        pub control_socket_port: u16,
         #[doc = " The number of entries in the map"]
         pub entries: usize,
     }
@@ -157,6 +157,16 @@ pub mod api {
     }
     #[derive(Clone, Debug)]
     #[non_exhaustive]
+    #[doc = " Emitted when an UnknownPathSecret packet was dropped due to a missing entry"]
+    pub struct UnknownPathSecretPacketDropped<'a> {
+        pub peer_address: SocketAddress<'a>,
+        pub credential_id: &'a [u8],
+    }
+    impl<'a> Event for UnknownPathSecretPacketDropped<'a> {
+        const NAME: &'static str = "path_secret_map:unknown_path_secret_packet_dropped";
+    }
+    #[derive(Clone, Debug)]
+    #[non_exhaustive]
     #[doc = " Emitted when credential replay was definitely detected"]
     pub struct ReplayDefinitelyDetected<'a> {
         pub credential_id: &'a [u8],
@@ -220,6 +230,16 @@ pub mod api {
     }
     #[derive(Clone, Debug)]
     #[non_exhaustive]
+    #[doc = " Emitted when an ReplayDetected packet was dropped due to a missing entry"]
+    pub struct ReplayDetectedPacketDropped<'a> {
+        pub peer_address: SocketAddress<'a>,
+        pub credential_id: &'a [u8],
+    }
+    impl<'a> Event for ReplayDetectedPacketDropped<'a> {
+        const NAME: &'static str = "path_secret_map:replay_detected_packet_dropped";
+    }
+    #[derive(Clone, Debug)]
+    #[non_exhaustive]
     #[doc = " Emitted when an StaleKey packet was sent"]
     pub struct StaleKeyPacketSent<'a> {
         pub peer_address: SocketAddress<'a>,
@@ -258,6 +278,16 @@ pub mod api {
     impl<'a> Event for StaleKeyPacketRejected<'a> {
         const NAME: &'static str = "path_secret_map:stale_key_packet_rejected";
     }
+    #[derive(Clone, Debug)]
+    #[non_exhaustive]
+    #[doc = " Emitted when an StaleKey packet was dropped due to a missing entry"]
+    pub struct StaleKeyPacketDropped<'a> {
+        pub peer_address: SocketAddress<'a>,
+        pub credential_id: &'a [u8],
+    }
+    impl<'a> Event for StaleKeyPacketDropped<'a> {
+        const NAME: &'static str = "path_secret_map:stale_key_packet_dropped";
+    }
 }
 pub mod tracing {
     #![doc = r" This module contains event integration with [`tracing`](https://docs.rs/tracing)"]
@@ -296,8 +326,11 @@ pub mod tracing {
             event: &api::ApplicationWrite,
         ) {
             let id = context.id();
-            let api::ApplicationWrite { len } = event;
-            tracing :: event ! (target : "application_write" , parent : id , tracing :: Level :: DEBUG , len = tracing :: field :: debug (len));
+            let api::ApplicationWrite {
+                total_len,
+                write_len,
+            } = event;
+            tracing :: event ! (target : "application_write" , parent : id , tracing :: Level :: DEBUG , total_len = tracing :: field :: debug (total_len) , write_len = tracing :: field :: debug (write_len));
         }
         #[inline]
         fn on_application_read(
@@ -307,8 +340,8 @@ pub mod tracing {
             event: &api::ApplicationRead,
         ) {
             let id = context.id();
-            let api::ApplicationRead { len } = event;
-            tracing :: event ! (target : "application_read" , parent : id , tracing :: Level :: DEBUG , len = tracing :: field :: debug (len));
+            let api::ApplicationRead { capacity, read_len } = event;
+            tracing :: event ! (target : "application_read" , parent : id , tracing :: Level :: DEBUG , capacity = tracing :: field :: debug (capacity) , read_len = tracing :: field :: debug (read_len));
         }
         #[inline]
         fn on_endpoint_initialized(
@@ -332,11 +365,8 @@ pub mod tracing {
             event: &api::PathSecretMapInitialized,
         ) {
             let parent = self.parent(meta);
-            let api::PathSecretMapInitialized {
-                capacity,
-                control_socket_port,
-            } = event;
-            tracing :: event ! (target : "path_secret_map_initialized" , parent : parent , tracing :: Level :: DEBUG , capacity = tracing :: field :: debug (capacity) , control_socket_port = tracing :: field :: debug (control_socket_port));
+            let api::PathSecretMapInitialized { capacity } = event;
+            tracing :: event ! (target : "path_secret_map_initialized" , parent : parent , tracing :: Level :: DEBUG , capacity = tracing :: field :: debug (capacity));
         }
         #[inline]
         fn on_path_secret_map_uninitialized(
@@ -345,12 +375,8 @@ pub mod tracing {
             event: &api::PathSecretMapUninitialized,
         ) {
             let parent = self.parent(meta);
-            let api::PathSecretMapUninitialized {
-                capacity,
-                control_socket_port,
-                entries,
-            } = event;
-            tracing :: event ! (target : "path_secret_map_uninitialized" , parent : parent , tracing :: Level :: DEBUG , capacity = tracing :: field :: debug (capacity) , control_socket_port = tracing :: field :: debug (control_socket_port) , entries = tracing :: field :: debug (entries));
+            let api::PathSecretMapUninitialized { capacity, entries } = event;
+            tracing :: event ! (target : "path_secret_map_uninitialized" , parent : parent , tracing :: Level :: DEBUG , capacity = tracing :: field :: debug (capacity) , entries = tracing :: field :: debug (entries));
         }
         #[inline]
         fn on_path_secret_map_background_handshake_requested(
@@ -455,6 +481,19 @@ pub mod tracing {
             tracing :: event ! (target : "unknown_path_secret_packet_rejected" , parent : parent , tracing :: Level :: DEBUG , peer_address = tracing :: field :: debug (peer_address) , credential_id = tracing :: field :: debug (credential_id));
         }
         #[inline]
+        fn on_unknown_path_secret_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::UnknownPathSecretPacketDropped,
+        ) {
+            let parent = self.parent(meta);
+            let api::UnknownPathSecretPacketDropped {
+                peer_address,
+                credential_id,
+            } = event;
+            tracing :: event ! (target : "unknown_path_secret_packet_dropped" , parent : parent , tracing :: Level :: DEBUG , peer_address = tracing :: field :: debug (peer_address) , credential_id = tracing :: field :: debug (credential_id));
+        }
+        #[inline]
         fn on_replay_definitely_detected(
             &self,
             meta: &api::EndpointMeta,
@@ -535,6 +574,19 @@ pub mod tracing {
             tracing :: event ! (target : "replay_detected_packet_rejected" , parent : parent , tracing :: Level :: DEBUG , peer_address = tracing :: field :: debug (peer_address) , credential_id = tracing :: field :: debug (credential_id));
         }
         #[inline]
+        fn on_replay_detected_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::ReplayDetectedPacketDropped,
+        ) {
+            let parent = self.parent(meta);
+            let api::ReplayDetectedPacketDropped {
+                peer_address,
+                credential_id,
+            } = event;
+            tracing :: event ! (target : "replay_detected_packet_dropped" , parent : parent , tracing :: Level :: DEBUG , peer_address = tracing :: field :: debug (peer_address) , credential_id = tracing :: field :: debug (credential_id));
+        }
+        #[inline]
         fn on_stale_key_packet_sent(
             &self,
             meta: &api::EndpointMeta,
@@ -586,6 +638,19 @@ pub mod tracing {
             } = event;
             tracing :: event ! (target : "stale_key_packet_rejected" , parent : parent , tracing :: Level :: DEBUG , peer_address = tracing :: field :: debug (peer_address) , credential_id = tracing :: field :: debug (credential_id));
         }
+        #[inline]
+        fn on_stale_key_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::StaleKeyPacketDropped,
+        ) {
+            let parent = self.parent(meta);
+            let api::StaleKeyPacketDropped {
+                peer_address,
+                credential_id,
+            } = event;
+            tracing :: event ! (target : "stale_key_packet_dropped" , parent : parent , tracing :: Level :: DEBUG , peer_address = tracing :: field :: debug (peer_address) , credential_id = tracing :: field :: debug (credential_id));
+        }
     }
 }
 pub mod builder {
@@ -625,28 +690,37 @@ pub mod builder {
     #[derive(Clone, Debug)]
     pub struct ApplicationWrite {
         #[doc = " The number of bytes that the application tried to write"]
-        pub len: usize,
+        pub total_len: usize,
+        #[doc = " The amount that was written"]
+        pub write_len: usize,
     }
     impl IntoEvent<api::ApplicationWrite> for ApplicationWrite {
         #[inline]
         fn into_event(self) -> api::ApplicationWrite {
-            let ApplicationWrite { len } = self;
+            let ApplicationWrite {
+                total_len,
+                write_len,
+            } = self;
             api::ApplicationWrite {
-                len: len.into_event(),
+                total_len: total_len.into_event(),
+                write_len: write_len.into_event(),
             }
         }
     }
     #[derive(Clone, Debug)]
     pub struct ApplicationRead {
         #[doc = " The number of bytes that the application tried to read"]
-        pub len: usize,
+        pub capacity: usize,
+        #[doc = " The amount that was read"]
+        pub read_len: usize,
     }
     impl IntoEvent<api::ApplicationRead> for ApplicationRead {
         #[inline]
         fn into_event(self) -> api::ApplicationRead {
-            let ApplicationRead { len } = self;
+            let ApplicationRead { capacity, read_len } = self;
             api::ApplicationRead {
-                len: len.into_event(),
+                capacity: capacity.into_event(),
+                read_len: read_len.into_event(),
             }
         }
     }
@@ -678,19 +752,13 @@ pub mod builder {
     pub struct PathSecretMapInitialized {
         #[doc = " The capacity of the path secret map"]
         pub capacity: usize,
-        #[doc = " The port that the path secret is listening on"]
-        pub control_socket_port: u16,
     }
     impl IntoEvent<api::PathSecretMapInitialized> for PathSecretMapInitialized {
         #[inline]
         fn into_event(self) -> api::PathSecretMapInitialized {
-            let PathSecretMapInitialized {
-                capacity,
-                control_socket_port,
-            } = self;
+            let PathSecretMapInitialized { capacity } = self;
             api::PathSecretMapInitialized {
                 capacity: capacity.into_event(),
-                control_socket_port: control_socket_port.into_event(),
             }
         }
     }
@@ -698,22 +766,15 @@ pub mod builder {
     pub struct PathSecretMapUninitialized {
         #[doc = " The capacity of the path secret map"]
         pub capacity: usize,
-        #[doc = " The port that the path secret is listening on"]
-        pub control_socket_port: u16,
         #[doc = " The number of entries in the map"]
         pub entries: usize,
     }
     impl IntoEvent<api::PathSecretMapUninitialized> for PathSecretMapUninitialized {
         #[inline]
         fn into_event(self) -> api::PathSecretMapUninitialized {
-            let PathSecretMapUninitialized {
-                capacity,
-                control_socket_port,
-                entries,
-            } = self;
+            let PathSecretMapUninitialized { capacity, entries } = self;
             api::PathSecretMapUninitialized {
                 capacity: capacity.into_event(),
-                control_socket_port: control_socket_port.into_event(),
                 entries: entries.into_event(),
             }
         }
@@ -877,6 +938,25 @@ pub mod builder {
         }
     }
     #[derive(Clone, Debug)]
+    #[doc = " Emitted when an UnknownPathSecret packet was dropped due to a missing entry"]
+    pub struct UnknownPathSecretPacketDropped<'a> {
+        pub peer_address: SocketAddress<'a>,
+        pub credential_id: &'a [u8],
+    }
+    impl<'a> IntoEvent<api::UnknownPathSecretPacketDropped<'a>> for UnknownPathSecretPacketDropped<'a> {
+        #[inline]
+        fn into_event(self) -> api::UnknownPathSecretPacketDropped<'a> {
+            let UnknownPathSecretPacketDropped {
+                peer_address,
+                credential_id,
+            } = self;
+            api::UnknownPathSecretPacketDropped {
+                peer_address: peer_address.into_event(),
+                credential_id: credential_id.into_event(),
+            }
+        }
+    }
+    #[derive(Clone, Debug)]
     #[doc = " Emitted when credential replay was definitely detected"]
     pub struct ReplayDefinitelyDetected<'a> {
         pub credential_id: &'a [u8],
@@ -998,6 +1078,25 @@ pub mod builder {
         }
     }
     #[derive(Clone, Debug)]
+    #[doc = " Emitted when an ReplayDetected packet was dropped due to a missing entry"]
+    pub struct ReplayDetectedPacketDropped<'a> {
+        pub peer_address: SocketAddress<'a>,
+        pub credential_id: &'a [u8],
+    }
+    impl<'a> IntoEvent<api::ReplayDetectedPacketDropped<'a>> for ReplayDetectedPacketDropped<'a> {
+        #[inline]
+        fn into_event(self) -> api::ReplayDetectedPacketDropped<'a> {
+            let ReplayDetectedPacketDropped {
+                peer_address,
+                credential_id,
+            } = self;
+            api::ReplayDetectedPacketDropped {
+                peer_address: peer_address.into_event(),
+                credential_id: credential_id.into_event(),
+            }
+        }
+    }
+    #[derive(Clone, Debug)]
     #[doc = " Emitted when an StaleKey packet was sent"]
     pub struct StaleKeyPacketSent<'a> {
         pub peer_address: SocketAddress<'a>,
@@ -1073,6 +1172,25 @@ pub mod builder {
             }
         }
     }
+    #[derive(Clone, Debug)]
+    #[doc = " Emitted when an StaleKey packet was dropped due to a missing entry"]
+    pub struct StaleKeyPacketDropped<'a> {
+        pub peer_address: SocketAddress<'a>,
+        pub credential_id: &'a [u8],
+    }
+    impl<'a> IntoEvent<api::StaleKeyPacketDropped<'a>> for StaleKeyPacketDropped<'a> {
+        #[inline]
+        fn into_event(self) -> api::StaleKeyPacketDropped<'a> {
+            let StaleKeyPacketDropped {
+                peer_address,
+                credential_id,
+            } = self;
+            api::StaleKeyPacketDropped {
+                peer_address: peer_address.into_event(),
+                credential_id: credential_id.into_event(),
+            }
+        }
+    }
 }
 pub use traits::*;
 mod traits {
@@ -1265,6 +1383,16 @@ mod traits {
             let _ = meta;
             let _ = event;
         }
+        #[doc = "Called when the `UnknownPathSecretPacketDropped` event is triggered"]
+        #[inline]
+        fn on_unknown_path_secret_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::UnknownPathSecretPacketDropped,
+        ) {
+            let _ = meta;
+            let _ = event;
+        }
         #[doc = "Called when the `ReplayDefinitelyDetected` event is triggered"]
         #[inline]
         fn on_replay_definitely_detected(
@@ -1325,6 +1453,16 @@ mod traits {
             let _ = meta;
             let _ = event;
         }
+        #[doc = "Called when the `ReplayDetectedPacketDropped` event is triggered"]
+        #[inline]
+        fn on_replay_detected_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::ReplayDetectedPacketDropped,
+        ) {
+            let _ = meta;
+            let _ = event;
+        }
         #[doc = "Called when the `StaleKeyPacketSent` event is triggered"]
         #[inline]
         fn on_stale_key_packet_sent(
@@ -1365,6 +1503,16 @@ mod traits {
             let _ = meta;
             let _ = event;
         }
+        #[doc = "Called when the `StaleKeyPacketDropped` event is triggered"]
+        #[inline]
+        fn on_stale_key_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::StaleKeyPacketDropped,
+        ) {
+            let _ = meta;
+            let _ = event;
+        }
         #[doc = r" Called for each event that relates to the endpoint and all connections"]
         #[inline]
         fn on_event<M: Meta, E: Event>(&self, meta: &M, event: &E) {
@@ -1531,6 +1679,15 @@ mod traits {
             (self.1).on_unknown_path_secret_packet_rejected(meta, event);
         }
         #[inline]
+        fn on_unknown_path_secret_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::UnknownPathSecretPacketDropped,
+        ) {
+            (self.0).on_unknown_path_secret_packet_dropped(meta, event);
+            (self.1).on_unknown_path_secret_packet_dropped(meta, event);
+        }
+        #[inline]
         fn on_replay_definitely_detected(
             &self,
             meta: &api::EndpointMeta,
@@ -1585,6 +1742,15 @@ mod traits {
             (self.1).on_replay_detected_packet_rejected(meta, event);
         }
         #[inline]
+        fn on_replay_detected_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::ReplayDetectedPacketDropped,
+        ) {
+            (self.0).on_replay_detected_packet_dropped(meta, event);
+            (self.1).on_replay_detected_packet_dropped(meta, event);
+        }
+        #[inline]
         fn on_stale_key_packet_sent(
             &self,
             meta: &api::EndpointMeta,
@@ -1621,6 +1787,15 @@ mod traits {
             (self.1).on_stale_key_packet_rejected(meta, event);
         }
         #[inline]
+        fn on_stale_key_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::StaleKeyPacketDropped,
+        ) {
+            (self.0).on_stale_key_packet_dropped(meta, event);
+            (self.1).on_stale_key_packet_dropped(meta, event);
+        }
+        #[inline]
         fn on_event<M: Meta, E: Event>(&self, meta: &M, event: &E) {
             self.0.on_event(meta, event);
             self.1.on_event(meta, event);
@@ -1681,6 +1856,11 @@ mod traits {
             &self,
             event: builder::UnknownPathSecretPacketRejected,
         );
+        #[doc = "Publishes a `UnknownPathSecretPacketDropped` event to the publisher's subscriber"]
+        fn on_unknown_path_secret_packet_dropped(
+            &self,
+            event: builder::UnknownPathSecretPacketDropped,
+        );
         #[doc = "Publishes a `ReplayDefinitelyDetected` event to the publisher's subscriber"]
         fn on_replay_definitely_detected(&self, event: builder::ReplayDefinitelyDetected);
         #[doc = "Publishes a `ReplayPotentiallyDetected` event to the publisher's subscriber"]
@@ -1693,6 +1873,8 @@ mod traits {
         fn on_replay_detected_packet_accepted(&self, event: builder::ReplayDetectedPacketAccepted);
         #[doc = "Publishes a `ReplayDetectedPacketRejected` event to the publisher's subscriber"]
         fn on_replay_detected_packet_rejected(&self, event: builder::ReplayDetectedPacketRejected);
+        #[doc = "Publishes a `ReplayDetectedPacketDropped` event to the publisher's subscriber"]
+        fn on_replay_detected_packet_dropped(&self, event: builder::ReplayDetectedPacketDropped);
         #[doc = "Publishes a `StaleKeyPacketSent` event to the publisher's subscriber"]
         fn on_stale_key_packet_sent(&self, event: builder::StaleKeyPacketSent);
         #[doc = "Publishes a `StaleKeyPacketReceived` event to the publisher's subscriber"]
@@ -1701,6 +1883,8 @@ mod traits {
         fn on_stale_key_packet_accepted(&self, event: builder::StaleKeyPacketAccepted);
         #[doc = "Publishes a `StaleKeyPacketRejected` event to the publisher's subscriber"]
         fn on_stale_key_packet_rejected(&self, event: builder::StaleKeyPacketRejected);
+        #[doc = "Publishes a `StaleKeyPacketDropped` event to the publisher's subscriber"]
+        fn on_stale_key_packet_dropped(&self, event: builder::StaleKeyPacketDropped);
         #[doc = r" Returns the QUIC version, if any"]
         fn quic_version(&self) -> Option<u32>;
     }
@@ -1821,6 +2005,16 @@ mod traits {
             self.subscriber.on_event(&self.meta, &event);
         }
         #[inline]
+        fn on_unknown_path_secret_packet_dropped(
+            &self,
+            event: builder::UnknownPathSecretPacketDropped,
+        ) {
+            let event = event.into_event();
+            self.subscriber
+                .on_unknown_path_secret_packet_dropped(&self.meta, &event);
+            self.subscriber.on_event(&self.meta, &event);
+        }
+        #[inline]
         fn on_replay_definitely_detected(&self, event: builder::ReplayDefinitelyDetected) {
             let event = event.into_event();
             self.subscriber
@@ -1863,6 +2057,13 @@ mod traits {
             self.subscriber.on_event(&self.meta, &event);
         }
         #[inline]
+        fn on_replay_detected_packet_dropped(&self, event: builder::ReplayDetectedPacketDropped) {
+            let event = event.into_event();
+            self.subscriber
+                .on_replay_detected_packet_dropped(&self.meta, &event);
+            self.subscriber.on_event(&self.meta, &event);
+        }
+        #[inline]
         fn on_stale_key_packet_sent(&self, event: builder::StaleKeyPacketSent) {
             let event = event.into_event();
             self.subscriber.on_stale_key_packet_sent(&self.meta, &event);
@@ -1890,6 +2091,13 @@ mod traits {
             self.subscriber.on_event(&self.meta, &event);
         }
         #[inline]
+        fn on_stale_key_packet_dropped(&self, event: builder::StaleKeyPacketDropped) {
+            let event = event.into_event();
+            self.subscriber
+                .on_stale_key_packet_dropped(&self.meta, &event);
+            self.subscriber.on_event(&self.meta, &event);
+        }
+        #[inline]
         fn quic_version(&self) -> Option<u32> {
             self.quic_version
         }
@@ -2061,16 +2269,19 @@ pub mod testing {
             pub unknown_path_secret_packet_received: AtomicU32,
             pub unknown_path_secret_packet_accepted: AtomicU32,
             pub unknown_path_secret_packet_rejected: AtomicU32,
+            pub unknown_path_secret_packet_dropped: AtomicU32,
             pub replay_definitely_detected: AtomicU32,
             pub replay_potentially_detected: AtomicU32,
             pub replay_detected_packet_sent: AtomicU32,
             pub replay_detected_packet_received: AtomicU32,
             pub replay_detected_packet_accepted: AtomicU32,
             pub replay_detected_packet_rejected: AtomicU32,
+            pub replay_detected_packet_dropped: AtomicU32,
             pub stale_key_packet_sent: AtomicU32,
             pub stale_key_packet_received: AtomicU32,
             pub stale_key_packet_accepted: AtomicU32,
             pub stale_key_packet_rejected: AtomicU32,
+            pub stale_key_packet_dropped: AtomicU32,
         }
         impl Drop for Subscriber {
             fn drop(&mut self) {
@@ -2113,16 +2324,19 @@ pub mod testing {
                     unknown_path_secret_packet_received: AtomicU32::new(0),
                     unknown_path_secret_packet_accepted: AtomicU32::new(0),
                     unknown_path_secret_packet_rejected: AtomicU32::new(0),
+                    unknown_path_secret_packet_dropped: AtomicU32::new(0),
                     replay_definitely_detected: AtomicU32::new(0),
                     replay_potentially_detected: AtomicU32::new(0),
                     replay_detected_packet_sent: AtomicU32::new(0),
                     replay_detected_packet_received: AtomicU32::new(0),
                     replay_detected_packet_accepted: AtomicU32::new(0),
                     replay_detected_packet_rejected: AtomicU32::new(0),
+                    replay_detected_packet_dropped: AtomicU32::new(0),
                     stale_key_packet_sent: AtomicU32::new(0),
                     stale_key_packet_received: AtomicU32::new(0),
                     stale_key_packet_accepted: AtomicU32::new(0),
                     stale_key_packet_rejected: AtomicU32::new(0),
+                    stale_key_packet_dropped: AtomicU32::new(0),
                 }
             }
         }
@@ -2265,6 +2479,18 @@ pub mod testing {
                     .unwrap()
                     .push(format!("{meta:?} {event:?}"));
             }
+            fn on_unknown_path_secret_packet_dropped(
+                &self,
+                meta: &api::EndpointMeta,
+                event: &api::UnknownPathSecretPacketDropped,
+            ) {
+                self.unknown_path_secret_packet_dropped
+                    .fetch_add(1, Ordering::Relaxed);
+                self.output
+                    .lock()
+                    .unwrap()
+                    .push(format!("{meta:?} {event:?}"));
+            }
             fn on_replay_definitely_detected(
                 &self,
                 meta: &api::EndpointMeta,
@@ -2337,6 +2563,18 @@ pub mod testing {
                     .unwrap()
                     .push(format!("{meta:?} {event:?}"));
             }
+            fn on_replay_detected_packet_dropped(
+                &self,
+                meta: &api::EndpointMeta,
+                event: &api::ReplayDetectedPacketDropped,
+            ) {
+                self.replay_detected_packet_dropped
+                    .fetch_add(1, Ordering::Relaxed);
+                self.output
+                    .lock()
+                    .unwrap()
+                    .push(format!("{meta:?} {event:?}"));
+            }
             fn on_stale_key_packet_sent(
                 &self,
                 meta: &api::EndpointMeta,
@@ -2384,6 +2622,18 @@ pub mod testing {
                     .unwrap()
                     .push(format!("{meta:?} {event:?}"));
             }
+            fn on_stale_key_packet_dropped(
+                &self,
+                meta: &api::EndpointMeta,
+                event: &api::StaleKeyPacketDropped,
+            ) {
+                self.stale_key_packet_dropped
+                    .fetch_add(1, Ordering::Relaxed);
+                self.output
+                    .lock()
+                    .unwrap()
+                    .push(format!("{meta:?} {event:?}"));
+            }
         }
     }
     #[derive(Debug)]
@@ -2403,16 +2653,19 @@ pub mod testing {
         pub unknown_path_secret_packet_received: AtomicU32,
         pub unknown_path_secret_packet_accepted: AtomicU32,
         pub unknown_path_secret_packet_rejected: AtomicU32,
+        pub unknown_path_secret_packet_dropped: AtomicU32,
         pub replay_definitely_detected: AtomicU32,
         pub replay_potentially_detected: AtomicU32,
         pub replay_detected_packet_sent: AtomicU32,
         pub replay_detected_packet_received: AtomicU32,
         pub replay_detected_packet_accepted: AtomicU32,
         pub replay_detected_packet_rejected: AtomicU32,
+        pub replay_detected_packet_dropped: AtomicU32,
         pub stale_key_packet_sent: AtomicU32,
         pub stale_key_packet_received: AtomicU32,
         pub stale_key_packet_accepted: AtomicU32,
         pub stale_key_packet_rejected: AtomicU32,
+        pub stale_key_packet_dropped: AtomicU32,
     }
     impl Drop for Subscriber {
         fn drop(&mut self) {
@@ -2457,16 +2710,19 @@ pub mod testing {
                 unknown_path_secret_packet_received: AtomicU32::new(0),
                 unknown_path_secret_packet_accepted: AtomicU32::new(0),
                 unknown_path_secret_packet_rejected: AtomicU32::new(0),
+                unknown_path_secret_packet_dropped: AtomicU32::new(0),
                 replay_definitely_detected: AtomicU32::new(0),
                 replay_potentially_detected: AtomicU32::new(0),
                 replay_detected_packet_sent: AtomicU32::new(0),
                 replay_detected_packet_received: AtomicU32::new(0),
                 replay_detected_packet_accepted: AtomicU32::new(0),
                 replay_detected_packet_rejected: AtomicU32::new(0),
+                replay_detected_packet_dropped: AtomicU32::new(0),
                 stale_key_packet_sent: AtomicU32::new(0),
                 stale_key_packet_received: AtomicU32::new(0),
                 stale_key_packet_accepted: AtomicU32::new(0),
                 stale_key_packet_rejected: AtomicU32::new(0),
+                stale_key_packet_dropped: AtomicU32::new(0),
             }
         }
     }
@@ -2637,6 +2893,18 @@ pub mod testing {
                 .unwrap()
                 .push(format!("{meta:?} {event:?}"));
         }
+        fn on_unknown_path_secret_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::UnknownPathSecretPacketDropped,
+        ) {
+            self.unknown_path_secret_packet_dropped
+                .fetch_add(1, Ordering::Relaxed);
+            self.output
+                .lock()
+                .unwrap()
+                .push(format!("{meta:?} {event:?}"));
+        }
         fn on_replay_definitely_detected(
             &self,
             meta: &api::EndpointMeta,
@@ -2709,6 +2977,18 @@ pub mod testing {
                 .unwrap()
                 .push(format!("{meta:?} {event:?}"));
         }
+        fn on_replay_detected_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::ReplayDetectedPacketDropped,
+        ) {
+            self.replay_detected_packet_dropped
+                .fetch_add(1, Ordering::Relaxed);
+            self.output
+                .lock()
+                .unwrap()
+                .push(format!("{meta:?} {event:?}"));
+        }
         fn on_stale_key_packet_sent(
             &self,
             meta: &api::EndpointMeta,
@@ -2756,6 +3036,18 @@ pub mod testing {
                 .unwrap()
                 .push(format!("{meta:?} {event:?}"));
         }
+        fn on_stale_key_packet_dropped(
+            &self,
+            meta: &api::EndpointMeta,
+            event: &api::StaleKeyPacketDropped,
+        ) {
+            self.stale_key_packet_dropped
+                .fetch_add(1, Ordering::Relaxed);
+            self.output
+                .lock()
+                .unwrap()
+                .push(format!("{meta:?} {event:?}"));
+        }
     }
     #[derive(Debug)]
     pub struct Publisher {
@@ -2774,16 +3066,19 @@ pub mod testing {
         pub unknown_path_secret_packet_received: AtomicU32,
         pub unknown_path_secret_packet_accepted: AtomicU32,
         pub unknown_path_secret_packet_rejected: AtomicU32,
+        pub unknown_path_secret_packet_dropped: AtomicU32,
         pub replay_definitely_detected: AtomicU32,
         pub replay_potentially_detected: AtomicU32,
         pub replay_detected_packet_sent: AtomicU32,
         pub replay_detected_packet_received: AtomicU32,
         pub replay_detected_packet_accepted: AtomicU32,
         pub replay_detected_packet_rejected: AtomicU32,
+        pub replay_detected_packet_dropped: AtomicU32,
         pub stale_key_packet_sent: AtomicU32,
         pub stale_key_packet_received: AtomicU32,
         pub stale_key_packet_accepted: AtomicU32,
         pub stale_key_packet_rejected: AtomicU32,
+        pub stale_key_packet_dropped: AtomicU32,
     }
     impl Publisher {
         #[doc = r" Creates a publisher with snapshot assertions enabled"]
@@ -2818,16 +3113,19 @@ pub mod testing {
                 unknown_path_secret_packet_received: AtomicU32::new(0),
                 unknown_path_secret_packet_accepted: AtomicU32::new(0),
                 unknown_path_secret_packet_rejected: AtomicU32::new(0),
+                unknown_path_secret_packet_dropped: AtomicU32::new(0),
                 replay_definitely_detected: AtomicU32::new(0),
                 replay_potentially_detected: AtomicU32::new(0),
                 replay_detected_packet_sent: AtomicU32::new(0),
                 replay_detected_packet_received: AtomicU32::new(0),
                 replay_detected_packet_accepted: AtomicU32::new(0),
                 replay_detected_packet_rejected: AtomicU32::new(0),
+                replay_detected_packet_dropped: AtomicU32::new(0),
                 stale_key_packet_sent: AtomicU32::new(0),
                 stale_key_packet_received: AtomicU32::new(0),
                 stale_key_packet_accepted: AtomicU32::new(0),
                 stale_key_packet_rejected: AtomicU32::new(0),
+                stale_key_packet_dropped: AtomicU32::new(0),
             }
         }
     }
@@ -2909,6 +3207,15 @@ pub mod testing {
             let event = event.into_event();
             self.output.lock().unwrap().push(format!("{event:?}"));
         }
+        fn on_unknown_path_secret_packet_dropped(
+            &self,
+            event: builder::UnknownPathSecretPacketDropped,
+        ) {
+            self.unknown_path_secret_packet_dropped
+                .fetch_add(1, Ordering::Relaxed);
+            let event = event.into_event();
+            self.output.lock().unwrap().push(format!("{event:?}"));
+        }
         fn on_replay_definitely_detected(&self, event: builder::ReplayDefinitelyDetected) {
             self.replay_definitely_detected
                 .fetch_add(1, Ordering::Relaxed);
@@ -2945,6 +3252,12 @@ pub mod testing {
             let event = event.into_event();
             self.output.lock().unwrap().push(format!("{event:?}"));
         }
+        fn on_replay_detected_packet_dropped(&self, event: builder::ReplayDetectedPacketDropped) {
+            self.replay_detected_packet_dropped
+                .fetch_add(1, Ordering::Relaxed);
+            let event = event.into_event();
+            self.output.lock().unwrap().push(format!("{event:?}"));
+        }
         fn on_stale_key_packet_sent(&self, event: builder::StaleKeyPacketSent) {
             self.stale_key_packet_sent.fetch_add(1, Ordering::Relaxed);
             let event = event.into_event();
@@ -2968,6 +3281,12 @@ pub mod testing {
             let event = event.into_event();
             self.output.lock().unwrap().push(format!("{event:?}"));
         }
+        fn on_stale_key_packet_dropped(&self, event: builder::StaleKeyPacketDropped) {
+            self.stale_key_packet_dropped
+                .fetch_add(1, Ordering::Relaxed);
+            let event = event.into_event();
+            self.output.lock().unwrap().push(format!("{event:?}"));
+        }
         fn quic_version(&self) -> Option<u32> {
             Some(1)
         }
diff --git a/dc/s2n-quic-dc/src/path/secret/map/state.rs b/dc/s2n-quic-dc/src/path/secret/map/state.rs
index 6fc3cd4e8..51da6823b 100644
--- a/dc/s2n-quic-dc/src/path/secret/map/state.rs
+++ b/dc/s2n-quic-dc/src/path/secret/map/state.rs
@@ -70,7 +70,6 @@ pub(super) struct State<S: event::Subscriber> {
     // This socket is used *only* for sending secret control packets.
     // FIXME: This will get replaced with sending on a handshake socket associated with the map.
     pub(super) control_socket: std::net::UdpSocket,
-    control_socket_port: u16,
 
     pub(super) receiver_shared: Arc<receiver::Shared>,
 
@@ -90,7 +89,6 @@ impl<S: event::Subscriber> State<S> {
         // of implementation).
         let control_socket = std::net::UdpSocket::bind((Ipv4Addr::UNSPECIFIED, 0)).unwrap();
         control_socket.set_nonblocking(true).unwrap();
-        let control_socket_port = control_socket.local_addr().unwrap().port();
 
         let state = Self {
             // This is around 500MB with current entry size.
@@ -104,7 +102,6 @@ impl<S: event::Subscriber> State<S> {
             signer,
             receiver_shared: receiver::Shared::new(),
             control_socket,
-            control_socket_port,
             subscriber,
         };
 
@@ -112,12 +109,9 @@ impl<S: event::Subscriber> State<S> {
 
         state.cleaner.spawn_thread(state.clone());
 
-        state.subscriber().on_path_secret_map_initialized(
-            event::builder::PathSecretMapInitialized {
-                capacity,
-                control_socket_port,
-            },
-        );
+        state
+            .subscriber()
+            .on_path_secret_map_initialized(event::builder::PathSecretMapInitialized { capacity });
 
         state
     }
@@ -151,6 +145,13 @@ impl<S: event::Subscriber> State<S> {
         );
 
         let Some(entry) = self.get_by_id(packet.credential_id()) else {
+            self.subscriber().on_unknown_path_secret_packet_dropped(
+                event::builder::UnknownPathSecretPacketDropped {
+                    credential_id: packet.credential_id().into_event(),
+                    peer_address,
+                },
+            );
+
             return;
         };
 
@@ -193,8 +194,11 @@ impl<S: event::Subscriber> State<S> {
             });
 
         let Some(entry) = self.ids.get_by_key(packet.credential_id()) else {
-            // If we get a control packet we don't have a registered path secret for, ignore the
-            // packet.
+            self.subscriber()
+                .on_stale_key_packet_dropped(event::builder::StaleKeyPacketDropped {
+                    credential_id: packet.credential_id().into_event(),
+                    peer_address,
+                });
             return;
         };
 
@@ -235,8 +239,12 @@ impl<S: event::Subscriber> State<S> {
         );
 
         let Some(entry) = self.ids.get_by_key(packet.credential_id()) else {
-            // If we get a control packet we don't have a registered path secret for, ignore the
-            // packet.
+            self.subscriber().on_replay_detected_packet_dropped(
+                event::builder::ReplayDetectedPacketDropped {
+                    credential_id: packet.credential_id().into_event(),
+                    peer_address,
+                },
+            );
             return;
         };
 
@@ -515,7 +523,6 @@ impl<S: event::Subscriber> Drop for State<S> {
         self.subscriber().on_path_secret_map_uninitialized(
             event::builder::PathSecretMapUninitialized {
                 capacity: self.secrets_capacity(),
-                control_socket_port: self.control_socket_port,
                 entries: self.secrets_len(),
             },
         );
diff --git a/dc/s2n-quic-dc/src/path/secret/map/state/snapshots/path__secret__map__state__tests__thread_shutdown__events.snap b/dc/s2n-quic-dc/src/path/secret/map/state/snapshots/path__secret__map__state__tests__thread_shutdown__events.snap
new file mode 100644
index 000000000..3c57f5302
--- /dev/null
+++ b/dc/s2n-quic-dc/src/path/secret/map/state/snapshots/path__secret__map__state__tests__thread_shutdown__events.snap
@@ -0,0 +1,6 @@
+---
+source: quic/s2n-quic-core/src/event/snapshot.rs
+input_file: dc/s2n-quic-dc/src/path/secret/map/state/tests.rs
+---
+EndpointMeta PathSecretMapInitialized { capacity: 10 }
+EndpointMeta PathSecretMapUninitialized { capacity: 10, entries: 0 }
diff --git a/dc/s2n-quic-dc/src/path/secret/map/state/tests.rs b/dc/s2n-quic-dc/src/path/secret/map/state/tests.rs
index 853627a18..4d321f7dc 100644
--- a/dc/s2n-quic-dc/src/path/secret/map/state/tests.rs
+++ b/dc/s2n-quic-dc/src/path/secret/map/state/tests.rs
@@ -3,7 +3,7 @@
 
 use super::*;
 use crate::{
-    event::tracing::Subscriber,
+    event::{testing, tracing},
     path::secret::{schedule, sender},
 };
 use s2n_quic_core::dc;
@@ -20,7 +20,7 @@ fn fake_entry(port: u16) -> Arc<Entry> {
 #[test]
 fn cleans_after_delay() {
     let signer = stateless_reset::Signer::new(b"secret");
-    let map = State::new(signer, 50, Subscriber::default());
+    let map = State::new(signer, 50, tracing::Subscriber::default());
 
     // Stop background processing. We expect to manually invoke clean, and a background worker
     // might interfere with our state.
@@ -48,7 +48,14 @@ fn cleans_after_delay() {
 #[test]
 fn thread_shutdown() {
     let signer = stateless_reset::Signer::new(b"secret");
-    let map = State::new(signer, 10, Subscriber::default());
+    let map = State::new(
+        signer,
+        10,
+        (
+            tracing::Subscriber::default(),
+            testing::Subscriber::snapshot(),
+        ),
+    );
     let state = Arc::downgrade(&map);
     drop(map);
 
@@ -116,7 +123,7 @@ enum Invariant {
 }
 
 impl Model {
-    fn perform(&mut self, operation: Operation, state: &State<Subscriber>) {
+    fn perform(&mut self, operation: Operation, state: &State<tracing::Subscriber>) {
         match operation {
             Operation::Insert { ip, path_secret_id } => {
                 let ip = SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::from([0, 0, 0, ip]), 0));
@@ -176,7 +183,7 @@ impl Model {
         }
     }
 
-    fn check_invariants(&self, state: &State<Subscriber>) {
+    fn check_invariants(&self, state: &State<tracing::Subscriber>) {
         for invariant in self.invariants.iter() {
             // We avoid assertions for contains() if we're running the small capacity test, since
             // they are likely broken -- we semi-randomly evict peers in that case.
@@ -249,7 +256,7 @@ fn check_invariants() {
 
             let mut model = Model::default();
             let signer = stateless_reset::Signer::new(b"secret");
-            let mut map = State::new(signer, 10_000, Subscriber::default());
+            let mut map = State::new(signer, 10_000, tracing::Subscriber::default());
 
             // Avoid background work interfering with testing.
             map.cleaner.stop();
@@ -279,7 +286,7 @@ fn check_invariants_no_overflow() {
 
             let mut model = Model::default();
             let signer = stateless_reset::Signer::new(b"secret");
-            let map = State::new(signer, 10_000, Subscriber::default());
+            let map = State::new(signer, 10_000, tracing::Subscriber::default());
 
             // Avoid background work interfering with testing.
             map.cleaner.stop();
@@ -302,7 +309,7 @@ fn check_invariants_no_overflow() {
 #[ignore = "memory growth takes a long time to run"]
 fn no_memory_growth() {
     let signer = stateless_reset::Signer::new(b"secret");
-    let map = State::new(signer, 100_000, Subscriber::default());
+    let map = State::new(signer, 100_000, tracing::Subscriber::default());
     map.cleaner.stop();
 
     for idx in 0..500_000 {