suricata
decode-events.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
23  */
24 
25 #ifndef __DECODE_EVENTS_H__
26 #define __DECODE_EVENTS_H__
27 
28 /* packet decoder events */
29 enum {
30  /* IPV4 EVENTS */
31  IPV4_PKT_TOO_SMALL = 0, /**< ipv4 pkt smaller than minimum header size */
32  IPV4_HLEN_TOO_SMALL, /**< ipv4 header smaller than minimum size */
33  IPV4_IPLEN_SMALLER_THAN_HLEN, /**< ipv4 pkt len smaller than ip header size */
34  IPV4_TRUNC_PKT, /**< truncated ipv4 packet */
35 
36  /* IPV4 OPTIONS */
37  IPV4_OPT_INVALID, /**< invalid ip options */
38  IPV4_OPT_INVALID_LEN, /**< ip options with invalid len */
39  IPV4_OPT_MALFORMED, /**< malformed ip options */
40  IPV4_OPT_PAD_REQUIRED, /**< pad bytes are needed in ip options */
41  IPV4_OPT_EOL_REQUIRED, /**< "end of list" needed in ip options */
42  IPV4_OPT_DUPLICATE, /**< duplicated ip option */
43  IPV4_OPT_UNKNOWN, /**< unknown ip option */
44  IPV4_WRONG_IP_VER, /**< wrong ip version in ip options */
45  IPV4_WITH_ICMPV6, /**< IPv4 packet with ICMPv6 header */
46 
47  /* ICMP EVENTS */
48  ICMPV4_PKT_TOO_SMALL, /**< icmpv4 packet smaller than minimum size */
49  ICMPV4_UNKNOWN_TYPE, /**< icmpv4 unknown type */
50  ICMPV4_UNKNOWN_CODE, /**< icmpv4 unknown code */
51  ICMPV4_IPV4_TRUNC_PKT, /**< truncated icmpv4 packet */
52  ICMPV4_IPV4_UNKNOWN_VER, /**< unknown version in icmpv4 packet*/
53 
54  /* ICMPv6 EVENTS */
55  ICMPV6_UNKNOWN_TYPE, /**< icmpv6 unknown type */
56  ICMPV6_UNKNOWN_CODE, /**< icmpv6 unknown code */
57  ICMPV6_PKT_TOO_SMALL, /**< icmpv6 smaller than minimum size */
58  ICMPV6_IPV6_UNKNOWN_VER, /**< unknown version in icmpv6 packet */
59  ICMPV6_IPV6_TRUNC_PKT, /**< truncated icmpv6 packet */
60  ICMPV6_MLD_MESSAGE_WITH_INVALID_HL, /**< invalid MLD that doesn't have HL 1 */
61  ICMPV6_UNASSIGNED_TYPE, /**< unsassigned ICMPv6 type */
62  ICMPV6_EXPERIMENTATION_TYPE, /**< uprivate experimentation ICMPv6 type */
63 
64  /* IPV6 EVENTS */
65  IPV6_PKT_TOO_SMALL, /**< ipv6 packet smaller than minimum size */
66  IPV6_TRUNC_PKT, /**< truncated ipv6 packet */
67  IPV6_TRUNC_EXTHDR, /**< truncated ipv6 extension header */
68  IPV6_EXTHDR_DUPL_FH, /**< duplicated "fragment" header in ipv6 extension headers */
69  IPV6_EXTHDR_USELESS_FH, /**< useless FH: offset 0 + no more fragments */
70  IPV6_EXTHDR_DUPL_RH, /**< duplicated "routing" header in ipv6 extension headers */
71  IPV6_EXTHDR_DUPL_HH, /**< duplicated "hop-by-hop" header in ipv6 extension headers */
72  IPV6_EXTHDR_DUPL_DH, /**< duplicated "destination" header in ipv6 extension headers */
73  IPV6_EXTHDR_DUPL_AH, /**< duplicated "authentication" header in ipv6 extension headers */
74  IPV6_EXTHDR_DUPL_EH, /**< duplicated "ESP" header in ipv6 extension headers */
75 
76  IPV6_EXTHDR_INVALID_OPTLEN, /**< the opt len in an hop or dst hdr is invalid. */
77  IPV6_WRONG_IP_VER, /**< wrong version in ipv6 */
78  IPV6_EXTHDR_AH_RES_NOT_NULL, /**< AH hdr reserved fields not null (rfc 4302) */
79 
80  IPV6_HOPOPTS_UNKNOWN_OPT, /**< unknown HOP opt */
81  IPV6_HOPOPTS_ONLY_PADDING, /**< all options in HOP opts are padding */
82  IPV6_DSTOPTS_UNKNOWN_OPT, /**< unknown DST opt */
83  IPV6_DSTOPTS_ONLY_PADDING, /**< all options in DST opts are padding */
84 
85  IPV6_EXTHDR_RH_TYPE_0, /**< RH 0 is deprecated as per rfc5095 */
86  IPV6_EXTHDR_ZERO_LEN_PADN, /**< padN w/o data (0 len) */
87  IPV6_FH_NON_ZERO_RES_FIELD, /**< reserved field not zero */
88  IPV6_DATA_AFTER_NONE_HEADER, /**< data after 'none' (59) header */
89 
90  IPV6_UNKNOWN_NEXT_HEADER, /**< unknown/unsupported next header */
91  IPV6_WITH_ICMPV4, /**< IPv6 packet with ICMPv4 header */
92 
93  /* TCP EVENTS */
94  TCP_PKT_TOO_SMALL, /**< tcp packet smaller than minimum size */
95  TCP_HLEN_TOO_SMALL, /**< tcp header smaller than minimum size */
96  TCP_INVALID_OPTLEN, /**< invalid len in tcp options */
97 
98  /* TCP OPTIONS */
99  TCP_OPT_INVALID_LEN, /**< tcp option with invalid len */
100  TCP_OPT_DUPLICATE, /**< duplicated tcp option */
101 
102  /* UDP EVENTS */
103  UDP_PKT_TOO_SMALL, /**< udp packet smaller than minimum size */
104  UDP_HLEN_TOO_SMALL, /**< udp header smaller than minimum size */
105  UDP_HLEN_INVALID, /**< invalid len of upd header */
106 
107  /* SLL EVENTS */
108  SLL_PKT_TOO_SMALL, /**< sll packet smaller than minimum size */
109 
110  /* ETHERNET EVENTS */
111  ETHERNET_PKT_TOO_SMALL, /**< ethernet packet smaller than minimum size */
112 
113  /* PPP EVENTS */
114  PPP_PKT_TOO_SMALL, /**< ppp packet smaller than minimum size */
115  PPPVJU_PKT_TOO_SMALL, /**< ppp vj uncompressed packet smaller than minimum size */
116  PPPIPV4_PKT_TOO_SMALL, /**< ppp ipv4 packet smaller than minimum size */
117  PPPIPV6_PKT_TOO_SMALL, /**< ppp ipv6 packet smaller than minimum size */
118  PPP_WRONG_TYPE, /**< wrong type in ppp frame */
119  PPP_UNSUP_PROTO, /**< protocol not supported for ppp */
120 
121  /* PPPOE EVENTS */
122  PPPOE_PKT_TOO_SMALL, /**< pppoe packet smaller than minimum size */
123  PPPOE_WRONG_CODE, /**< wrong code for pppoe */
124  PPPOE_MALFORMED_TAGS, /**< malformed tags in pppoe */
125 
126  /* GRE EVENTS */
127  GRE_PKT_TOO_SMALL, /**< gre packet smaller than minimum size */
128  GRE_WRONG_VERSION, /**< wrong version in gre header */
129  GRE_VERSION0_RECUR, /**< gre v0 recursion control */
130  GRE_VERSION0_FLAGS, /**< gre v0 flags */
131  GRE_VERSION0_HDR_TOO_BIG, /**< gre v0 header bigger than maximum size */
132  GRE_VERSION0_MALFORMED_SRE_HDR, /**< gre v0 malformed source route entry header */
133  GRE_VERSION1_CHKSUM, /**< gre v1 checksum */
134  GRE_VERSION1_ROUTE, /**< gre v1 routing */
135  GRE_VERSION1_SSR, /**< gre v1 strict source route */
136  GRE_VERSION1_RECUR, /**< gre v1 recursion control */
137  GRE_VERSION1_FLAGS, /**< gre v1 flags */
138  GRE_VERSION1_NO_KEY, /**< gre v1 no key present in header */
139  GRE_VERSION1_WRONG_PROTOCOL, /**< gre v1 wrong protocol */
140  GRE_VERSION1_MALFORMED_SRE_HDR, /**< gre v1 malformed source route entry header */
141  GRE_VERSION1_HDR_TOO_BIG, /**< gre v1 header too big */
142 
143  /* VLAN EVENTS */
144  VLAN_HEADER_TOO_SMALL, /**< vlan header smaller than minimum size */
145  VLAN_UNKNOWN_TYPE, /**< vlan unknown type */
147 
149 
150  /* RAW EVENTS */
151  IPRAW_INVALID_IPV, /**< invalid ip version in ip raw */
152 
153  /* LINKTYPE NULL EVENTS */
154  LTNULL_PKT_TOO_SMALL, /**< pkt too small for lt:null */
155  LTNULL_UNSUPPORTED_TYPE, /**< pkt has a type that the decoder doesn't support */
156 
157  /* SCTP EVENTS */
158  SCTP_PKT_TOO_SMALL, /**< sctp packet smaller than minimum size */
159 
160  /* Fragmentation reasembly events. */
165 
166  /* Fragment ignored due to internal error */
169 
170  /* IPv4 in IPv6 events */
173 
174  /* IPv6 in IPv6 events */
177 
178  /* MPLS decode events. */
185 
186  /* ERSPAN events */
190 
191  /* Cisco Fabric Path/DCE events. */
193 
194  /* END OF DECODE EVENTS ON SINGLE PACKET */
196 
197  /* STREAM EVENTS */
252 
255 
260 
261  /* should always be last! */
263 };
264 
265 #define EVENT_IS_DECODER_PACKET_ERROR(e) \
266  ((e) < (DECODE_EVENT_PACKET_MAX))
267 
268 /* supported decoder events */
269 
271  const char *event_name;
272  uint8_t code;
273 };
274 /* +1 for the end of table marker */
275 extern const struct DecodeEvents_ DEvents[DECODE_EVENT_MAX + 1];
276 
277 #endif /* __DECODE_EVENTS_H__ */
const char * event_name
const struct DecodeEvents_ DEvents[DECODE_EVENT_MAX+1]
Definition: decode-events.c:29