suricata
decode-events.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DecodeEvents_
 

Macros

#define EVENT_IS_DECODER_PACKET_ERROR(e)   ((e) < (DECODE_EVENT_PACKET_MAX))
 

Enumerations

enum  {
  IPV4_PKT_TOO_SMALL = 0, IPV4_HLEN_TOO_SMALL, IPV4_IPLEN_SMALLER_THAN_HLEN, IPV4_TRUNC_PKT,
  IPV4_OPT_INVALID, IPV4_OPT_INVALID_LEN, IPV4_OPT_MALFORMED, IPV4_OPT_PAD_REQUIRED,
  IPV4_OPT_EOL_REQUIRED, IPV4_OPT_DUPLICATE, IPV4_OPT_UNKNOWN, IPV4_WRONG_IP_VER,
  IPV4_WITH_ICMPV6, ICMPV4_PKT_TOO_SMALL, ICMPV4_UNKNOWN_TYPE, ICMPV4_UNKNOWN_CODE,
  ICMPV4_IPV4_TRUNC_PKT, ICMPV4_IPV4_UNKNOWN_VER, ICMPV6_UNKNOWN_TYPE, ICMPV6_UNKNOWN_CODE,
  ICMPV6_PKT_TOO_SMALL, ICMPV6_IPV6_UNKNOWN_VER, ICMPV6_IPV6_TRUNC_PKT, ICMPV6_MLD_MESSAGE_WITH_INVALID_HL,
  ICMPV6_UNASSIGNED_TYPE, ICMPV6_EXPERIMENTATION_TYPE, IPV6_PKT_TOO_SMALL, IPV6_TRUNC_PKT,
  IPV6_TRUNC_EXTHDR, IPV6_EXTHDR_DUPL_FH, IPV6_EXTHDR_USELESS_FH, IPV6_EXTHDR_DUPL_RH,
  IPV6_EXTHDR_DUPL_HH, IPV6_EXTHDR_DUPL_DH, IPV6_EXTHDR_DUPL_AH, IPV6_EXTHDR_DUPL_EH,
  IPV6_EXTHDR_INVALID_OPTLEN, IPV6_WRONG_IP_VER, IPV6_EXTHDR_AH_RES_NOT_NULL, IPV6_HOPOPTS_UNKNOWN_OPT,
  IPV6_HOPOPTS_ONLY_PADDING, IPV6_DSTOPTS_UNKNOWN_OPT, IPV6_DSTOPTS_ONLY_PADDING, IPV6_EXTHDR_RH_TYPE_0,
  IPV6_EXTHDR_ZERO_LEN_PADN, IPV6_FH_NON_ZERO_RES_FIELD, IPV6_DATA_AFTER_NONE_HEADER, IPV6_UNKNOWN_NEXT_HEADER,
  IPV6_WITH_ICMPV4, TCP_PKT_TOO_SMALL, TCP_HLEN_TOO_SMALL, TCP_INVALID_OPTLEN,
  TCP_OPT_INVALID_LEN, TCP_OPT_DUPLICATE, UDP_PKT_TOO_SMALL, UDP_HLEN_TOO_SMALL,
  UDP_HLEN_INVALID, SLL_PKT_TOO_SMALL, ETHERNET_PKT_TOO_SMALL, PPP_PKT_TOO_SMALL,
  PPPVJU_PKT_TOO_SMALL, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPP_WRONG_TYPE,
  PPP_UNSUP_PROTO, PPPOE_PKT_TOO_SMALL, PPPOE_WRONG_CODE, PPPOE_MALFORMED_TAGS,
  GRE_PKT_TOO_SMALL, GRE_WRONG_VERSION, GRE_VERSION0_RECUR, GRE_VERSION0_FLAGS,
  GRE_VERSION0_HDR_TOO_BIG, GRE_VERSION0_MALFORMED_SRE_HDR, GRE_VERSION1_CHKSUM, GRE_VERSION1_ROUTE,
  GRE_VERSION1_SSR, GRE_VERSION1_RECUR, GRE_VERSION1_FLAGS, GRE_VERSION1_NO_KEY,
  GRE_VERSION1_WRONG_PROTOCOL, GRE_VERSION1_MALFORMED_SRE_HDR, GRE_VERSION1_HDR_TOO_BIG, VLAN_HEADER_TOO_SMALL,
  VLAN_UNKNOWN_TYPE, VLAN_HEADER_TOO_MANY_LAYERS, IEEE8021AH_HEADER_TOO_SMALL, IPRAW_INVALID_IPV,
  LTNULL_PKT_TOO_SMALL, LTNULL_UNSUPPORTED_TYPE, SCTP_PKT_TOO_SMALL, IPV4_FRAG_PKT_TOO_LARGE,
  IPV6_FRAG_PKT_TOO_LARGE, IPV4_FRAG_OVERLAP, IPV6_FRAG_OVERLAP, IPV4_FRAG_IGNORED,
  IPV6_FRAG_IGNORED, IPV4_IN_IPV6_PKT_TOO_SMALL, IPV4_IN_IPV6_WRONG_IP_VER, IPV6_IN_IPV6_PKT_TOO_SMALL,
  IPV6_IN_IPV6_WRONG_IP_VER, MPLS_HEADER_TOO_SMALL, MPLS_PKT_TOO_SMALL, MPLS_BAD_LABEL_ROUTER_ALERT,
  MPLS_BAD_LABEL_IMPLICIT_NULL, MPLS_BAD_LABEL_RESERVED, MPLS_UNKNOWN_PAYLOAD_TYPE, ERSPAN_HEADER_TOO_SMALL,
  ERSPAN_UNSUPPORTED_VERSION, ERSPAN_TOO_MANY_VLAN_LAYERS, DCE_PKT_TOO_SMALL, DECODE_EVENT_PACKET_MAX = DCE_PKT_TOO_SMALL,
  STREAM_3WHS_ACK_IN_WRONG_DIR, STREAM_3WHS_ASYNC_WRONG_SEQ, STREAM_3WHS_RIGHT_SEQ_WRONG_ACK_EVASION, STREAM_3WHS_SYNACK_IN_WRONG_DIRECTION,
  STREAM_3WHS_SYNACK_RESEND_WITH_DIFFERENT_ACK, STREAM_3WHS_SYNACK_RESEND_WITH_DIFF_SEQ, STREAM_3WHS_SYNACK_TOSERVER_ON_SYN_RECV, STREAM_3WHS_SYNACK_WITH_WRONG_ACK,
  STREAM_3WHS_SYNACK_FLOOD, STREAM_3WHS_SYN_RESEND_DIFF_SEQ_ON_SYN_RECV, STREAM_3WHS_SYN_TOCLIENT_ON_SYN_RECV, STREAM_3WHS_WRONG_SEQ_WRONG_ACK,
  STREAM_3WHS_ACK_DATA_INJECT, STREAM_4WHS_SYNACK_WITH_WRONG_ACK, STREAM_4WHS_SYNACK_WITH_WRONG_SYN, STREAM_4WHS_WRONG_SEQ,
  STREAM_4WHS_INVALID_ACK, STREAM_CLOSEWAIT_ACK_OUT_OF_WINDOW, STREAM_CLOSEWAIT_FIN_OUT_OF_WINDOW, STREAM_CLOSEWAIT_PKT_BEFORE_LAST_ACK,
  STREAM_CLOSEWAIT_INVALID_ACK, STREAM_CLOSING_ACK_WRONG_SEQ, STREAM_CLOSING_INVALID_ACK, STREAM_EST_PACKET_OUT_OF_WINDOW,
  STREAM_EST_PKT_BEFORE_LAST_ACK, STREAM_EST_SYNACK_RESEND, STREAM_EST_SYNACK_RESEND_WITH_DIFFERENT_ACK, STREAM_EST_SYNACK_RESEND_WITH_DIFF_SEQ,
  STREAM_EST_SYNACK_TOSERVER, STREAM_EST_SYN_RESEND, STREAM_EST_SYN_RESEND_DIFF_SEQ, STREAM_EST_SYN_TOCLIENT,
  STREAM_EST_INVALID_ACK, STREAM_FIN_INVALID_ACK, STREAM_FIN1_ACK_WRONG_SEQ, STREAM_FIN1_FIN_WRONG_SEQ,
  STREAM_FIN1_INVALID_ACK, STREAM_FIN2_ACK_WRONG_SEQ, STREAM_FIN2_FIN_WRONG_SEQ, STREAM_FIN2_INVALID_ACK,
  STREAM_FIN_BUT_NO_SESSION, STREAM_FIN_OUT_OF_WINDOW, STREAM_LASTACK_ACK_WRONG_SEQ, STREAM_LASTACK_INVALID_ACK,
  STREAM_RST_BUT_NO_SESSION, STREAM_TIMEWAIT_ACK_WRONG_SEQ, STREAM_TIMEWAIT_INVALID_ACK, STREAM_SHUTDOWN_SYN_RESEND,
  STREAM_PKT_INVALID_TIMESTAMP, STREAM_PKT_INVALID_ACK, STREAM_PKT_BROKEN_ACK, STREAM_RST_INVALID_ACK,
  STREAM_PKT_RETRANSMISSION, STREAM_PKT_BAD_WINDOW_UPDATE, STREAM_SUSPECTED_RST_INJECT, STREAM_WRONG_THREAD,
  STREAM_REASSEMBLY_SEGMENT_BEFORE_BASE_SEQ, STREAM_REASSEMBLY_NO_SEGMENT, STREAM_REASSEMBLY_SEQ_GAP, STREAM_REASSEMBLY_OVERLAP_DIFFERENT_DATA,
  DECODE_EVENT_MAX
}
 

Variables

enum { ... }  __attribute__
 DNP3 application header. More...
 
const struct DecodeEvents_ DEvents [DECODE_EVENT_MAX+1]
 

Detailed Description

Macro Definition Documentation

#define EVENT_IS_DECODER_PACKET_ERROR (   e)    ((e) < (DECODE_EVENT_PACKET_MAX))

Definition at line 265 of file decode-events.h.

Enumeration Type Documentation

anonymous enum
Enumerator
IPV4_PKT_TOO_SMALL 

ipv4 pkt smaller than minimum header size

IPV4_HLEN_TOO_SMALL 

ipv4 header smaller than minimum size

IPV4_IPLEN_SMALLER_THAN_HLEN 

ipv4 pkt len smaller than ip header size

IPV4_TRUNC_PKT 

truncated ipv4 packet

IPV4_OPT_INVALID 

invalid ip options

IPV4_OPT_INVALID_LEN 

ip options with invalid len

IPV4_OPT_MALFORMED 

malformed ip options

IPV4_OPT_PAD_REQUIRED 

pad bytes are needed in ip options

IPV4_OPT_EOL_REQUIRED 

"end of list" needed in ip options

IPV4_OPT_DUPLICATE 

duplicated ip option

IPV4_OPT_UNKNOWN 

unknown ip option

IPV4_WRONG_IP_VER 

wrong ip version in ip options

IPV4_WITH_ICMPV6 

IPv4 packet with ICMPv6 header

ICMPV4_PKT_TOO_SMALL 

icmpv4 packet smaller than minimum size

ICMPV4_UNKNOWN_TYPE 

icmpv4 unknown type

ICMPV4_UNKNOWN_CODE 

icmpv4 unknown code

ICMPV4_IPV4_TRUNC_PKT 

truncated icmpv4 packet

ICMPV4_IPV4_UNKNOWN_VER 

unknown version in icmpv4 packet

ICMPV6_UNKNOWN_TYPE 

icmpv6 unknown type

ICMPV6_UNKNOWN_CODE 

icmpv6 unknown code

ICMPV6_PKT_TOO_SMALL 

icmpv6 smaller than minimum size

ICMPV6_IPV6_UNKNOWN_VER 

unknown version in icmpv6 packet

ICMPV6_IPV6_TRUNC_PKT 

truncated icmpv6 packet

ICMPV6_MLD_MESSAGE_WITH_INVALID_HL 

invalid MLD that doesn't have HL 1

ICMPV6_UNASSIGNED_TYPE 

unsassigned ICMPv6 type

ICMPV6_EXPERIMENTATION_TYPE 

uprivate experimentation ICMPv6 type

IPV6_PKT_TOO_SMALL 

ipv6 packet smaller than minimum size

IPV6_TRUNC_PKT 

truncated ipv6 packet

IPV6_TRUNC_EXTHDR 

truncated ipv6 extension header

IPV6_EXTHDR_DUPL_FH 

duplicated "fragment" header in ipv6 extension headers

IPV6_EXTHDR_USELESS_FH 

useless FH: offset 0 + no more fragments

IPV6_EXTHDR_DUPL_RH 

duplicated "routing" header in ipv6 extension headers

IPV6_EXTHDR_DUPL_HH 

duplicated "hop-by-hop" header in ipv6 extension headers

IPV6_EXTHDR_DUPL_DH 

duplicated "destination" header in ipv6 extension headers

IPV6_EXTHDR_DUPL_AH 

duplicated "authentication" header in ipv6 extension headers

IPV6_EXTHDR_DUPL_EH 

duplicated "ESP" header in ipv6 extension headers

IPV6_EXTHDR_INVALID_OPTLEN 

the opt len in an hop or dst hdr is invalid.

IPV6_WRONG_IP_VER 

wrong version in ipv6

IPV6_EXTHDR_AH_RES_NOT_NULL 

AH hdr reserved fields not null (rfc 4302)

IPV6_HOPOPTS_UNKNOWN_OPT 

unknown HOP opt

IPV6_HOPOPTS_ONLY_PADDING 

all options in HOP opts are padding

IPV6_DSTOPTS_UNKNOWN_OPT 

unknown DST opt

IPV6_DSTOPTS_ONLY_PADDING 

all options in DST opts are padding

IPV6_EXTHDR_RH_TYPE_0 

RH 0 is deprecated as per rfc5095

IPV6_EXTHDR_ZERO_LEN_PADN 

padN w/o data (0 len)

IPV6_FH_NON_ZERO_RES_FIELD 

reserved field not zero

IPV6_DATA_AFTER_NONE_HEADER 

data after 'none' (59) header

IPV6_UNKNOWN_NEXT_HEADER 

unknown/unsupported next header

IPV6_WITH_ICMPV4 

IPv6 packet with ICMPv4 header

TCP_PKT_TOO_SMALL 

tcp packet smaller than minimum size

TCP_HLEN_TOO_SMALL 

tcp header smaller than minimum size

TCP_INVALID_OPTLEN 

invalid len in tcp options

TCP_OPT_INVALID_LEN 

tcp option with invalid len

TCP_OPT_DUPLICATE 

duplicated tcp option

UDP_PKT_TOO_SMALL 

udp packet smaller than minimum size

UDP_HLEN_TOO_SMALL 

udp header smaller than minimum size

UDP_HLEN_INVALID 

invalid len of upd header

SLL_PKT_TOO_SMALL 

sll packet smaller than minimum size

ETHERNET_PKT_TOO_SMALL 

ethernet packet smaller than minimum size

PPP_PKT_TOO_SMALL 

ppp packet smaller than minimum size

PPPVJU_PKT_TOO_SMALL 

ppp vj uncompressed packet smaller than minimum size

PPPIPV4_PKT_TOO_SMALL 

ppp ipv4 packet smaller than minimum size

PPPIPV6_PKT_TOO_SMALL 

ppp ipv6 packet smaller than minimum size

PPP_WRONG_TYPE 

wrong type in ppp frame

PPP_UNSUP_PROTO 

protocol not supported for ppp

PPPOE_PKT_TOO_SMALL 

pppoe packet smaller than minimum size

PPPOE_WRONG_CODE 

wrong code for pppoe

PPPOE_MALFORMED_TAGS 

malformed tags in pppoe

GRE_PKT_TOO_SMALL 

gre packet smaller than minimum size

GRE_WRONG_VERSION 

wrong version in gre header

GRE_VERSION0_RECUR 

gre v0 recursion control

GRE_VERSION0_FLAGS 

gre v0 flags

GRE_VERSION0_HDR_TOO_BIG 

gre v0 header bigger than maximum size

GRE_VERSION0_MALFORMED_SRE_HDR 

gre v0 malformed source route entry header

GRE_VERSION1_CHKSUM 

gre v1 checksum

GRE_VERSION1_ROUTE 

gre v1 routing

GRE_VERSION1_SSR 

gre v1 strict source route

GRE_VERSION1_RECUR 

gre v1 recursion control

GRE_VERSION1_FLAGS 

gre v1 flags

GRE_VERSION1_NO_KEY 

gre v1 no key present in header

GRE_VERSION1_WRONG_PROTOCOL 

gre v1 wrong protocol

GRE_VERSION1_MALFORMED_SRE_HDR 

gre v1 malformed source route entry header

GRE_VERSION1_HDR_TOO_BIG 

gre v1 header too big

VLAN_HEADER_TOO_SMALL 

vlan header smaller than minimum size

VLAN_UNKNOWN_TYPE 

vlan unknown type

VLAN_HEADER_TOO_MANY_LAYERS 
IEEE8021AH_HEADER_TOO_SMALL 
IPRAW_INVALID_IPV 

invalid ip version in ip raw

LTNULL_PKT_TOO_SMALL 

pkt too small for lt:null

LTNULL_UNSUPPORTED_TYPE 

pkt has a type that the decoder doesn't support

SCTP_PKT_TOO_SMALL 

sctp packet smaller than minimum size

IPV4_FRAG_PKT_TOO_LARGE 
IPV6_FRAG_PKT_TOO_LARGE 
IPV4_FRAG_OVERLAP 
IPV6_FRAG_OVERLAP 
IPV4_FRAG_IGNORED 
IPV6_FRAG_IGNORED 
IPV4_IN_IPV6_PKT_TOO_SMALL 
IPV4_IN_IPV6_WRONG_IP_VER 
IPV6_IN_IPV6_PKT_TOO_SMALL 
IPV6_IN_IPV6_WRONG_IP_VER 
MPLS_HEADER_TOO_SMALL 
MPLS_PKT_TOO_SMALL 
MPLS_BAD_LABEL_ROUTER_ALERT 
MPLS_BAD_LABEL_IMPLICIT_NULL 
MPLS_BAD_LABEL_RESERVED 
MPLS_UNKNOWN_PAYLOAD_TYPE 
ERSPAN_HEADER_TOO_SMALL 
ERSPAN_UNSUPPORTED_VERSION 
ERSPAN_TOO_MANY_VLAN_LAYERS 
DCE_PKT_TOO_SMALL 
DECODE_EVENT_PACKET_MAX 
STREAM_3WHS_ACK_IN_WRONG_DIR 
STREAM_3WHS_ASYNC_WRONG_SEQ 
STREAM_3WHS_RIGHT_SEQ_WRONG_ACK_EVASION 
STREAM_3WHS_SYNACK_IN_WRONG_DIRECTION 
STREAM_3WHS_SYNACK_RESEND_WITH_DIFFERENT_ACK 
STREAM_3WHS_SYNACK_RESEND_WITH_DIFF_SEQ 
STREAM_3WHS_SYNACK_TOSERVER_ON_SYN_RECV 
STREAM_3WHS_SYNACK_WITH_WRONG_ACK 
STREAM_3WHS_SYNACK_FLOOD 
STREAM_3WHS_SYN_RESEND_DIFF_SEQ_ON_SYN_RECV 
STREAM_3WHS_SYN_TOCLIENT_ON_SYN_RECV 
STREAM_3WHS_WRONG_SEQ_WRONG_ACK 
STREAM_3WHS_ACK_DATA_INJECT 
STREAM_4WHS_SYNACK_WITH_WRONG_ACK 
STREAM_4WHS_SYNACK_WITH_WRONG_SYN 
STREAM_4WHS_WRONG_SEQ 
STREAM_4WHS_INVALID_ACK 
STREAM_CLOSEWAIT_ACK_OUT_OF_WINDOW 
STREAM_CLOSEWAIT_FIN_OUT_OF_WINDOW 
STREAM_CLOSEWAIT_PKT_BEFORE_LAST_ACK 
STREAM_CLOSEWAIT_INVALID_ACK 
STREAM_CLOSING_ACK_WRONG_SEQ 
STREAM_CLOSING_INVALID_ACK 
STREAM_EST_PACKET_OUT_OF_WINDOW 
STREAM_EST_PKT_BEFORE_LAST_ACK 
STREAM_EST_SYNACK_RESEND 
STREAM_EST_SYNACK_RESEND_WITH_DIFFERENT_ACK 
STREAM_EST_SYNACK_RESEND_WITH_DIFF_SEQ 
STREAM_EST_SYNACK_TOSERVER 
STREAM_EST_SYN_RESEND 
STREAM_EST_SYN_RESEND_DIFF_SEQ 
STREAM_EST_SYN_TOCLIENT 
STREAM_EST_INVALID_ACK 
STREAM_FIN_INVALID_ACK 
STREAM_FIN1_ACK_WRONG_SEQ 
STREAM_FIN1_FIN_WRONG_SEQ 
STREAM_FIN1_INVALID_ACK 
STREAM_FIN2_ACK_WRONG_SEQ 
STREAM_FIN2_FIN_WRONG_SEQ 
STREAM_FIN2_INVALID_ACK 
STREAM_FIN_BUT_NO_SESSION 
STREAM_FIN_OUT_OF_WINDOW 
STREAM_LASTACK_ACK_WRONG_SEQ 
STREAM_LASTACK_INVALID_ACK 
STREAM_RST_BUT_NO_SESSION 
STREAM_TIMEWAIT_ACK_WRONG_SEQ 
STREAM_TIMEWAIT_INVALID_ACK 
STREAM_SHUTDOWN_SYN_RESEND 
STREAM_PKT_INVALID_TIMESTAMP 
STREAM_PKT_INVALID_ACK 
STREAM_PKT_BROKEN_ACK 
STREAM_RST_INVALID_ACK 
STREAM_PKT_RETRANSMISSION 
STREAM_PKT_BAD_WINDOW_UPDATE 
STREAM_SUSPECTED_RST_INJECT 
STREAM_WRONG_THREAD 
STREAM_REASSEMBLY_SEGMENT_BEFORE_BASE_SEQ 
STREAM_REASSEMBLY_NO_SEGMENT 
STREAM_REASSEMBLY_SEQ_GAP 
STREAM_REASSEMBLY_OVERLAP_DIFFERENT_DATA 
DECODE_EVENT_MAX 

Definition at line 29 of file decode-events.h.

Variable Documentation

struct StreamingBufferSegment_ __attribute__

DNP3 application header.

DNP3 internal indicators.

Part of the application header for responses only.

Definition at line 582 of file detect-engine-analyzer.c.

Referenced by JsonFiveTuple(), RunModeNapatechRegister(), and StreamingBufferFree().

const struct DecodeEvents_ DEvents[DECODE_EVENT_MAX+1]

Definition at line 29 of file decode-events.c.

Referenced by DecodeRegisterPerfCounters(), and DetectEngineEventRegister().