decode-icmpv4.h File Reference

#include "decode.h"
#include "decode-tcp.h"
#include "decode-sctp.h"
#include "decode-udp.h"

Include dependency graph for decode-icmpv4.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	ICMPV4Hdr_
struct	ICMPV4ExtHdr_
struct	ICMPV4Vars_
struct	ICMPV4RtrAdvert_
struct	ICMPV4Timestamp_

Macros
#define	ICMPV4_HEADER_LEN   8
#define	ICMPV4_GET_TYPE(p)   (p)->icmpv4h->type
#define	ICMPV4_GET_CODE(p)   (p)->icmpv4h->code
#define	CLEAR_ICMPV4_PACKET(p)
#define	ICMPV4_HEADER_PKT_OFFSET   8
#define	ICMPV4_GET_TYPE(p)   (p)->icmpv4h->type
#define	ICMPV4_GET_CODE(p)   (p)->icmpv4h->code
#define	ICMPV4_GET_RAW_CSUM(p)   SCNtohs((p)->icmpv4h->checksum)
#define	ICMPV4_GET_CSUM(p)   (p)->icmpv4h->checksum
#define	ICMPV4_GET_ID(p)   ((p)->icmpv4vars.id)
#define	ICMPV4_GET_SEQ(p)   ((p)->icmpv4vars.seq)
#define	ICMPV4_GET_EMB_PROTO(p)   (p)->icmpv4vars.emb_ip4_proto
#define	ICMPV4_GET_EMB_IPV4(p)   (p)->icmpv4vars.emb_ipv4h
#define	ICMPV4_GET_EMB_TCP(p)   (p)->icmpv4vars.emb_tcph
#define	ICMPV4_GET_EMB_UDP(p)   (p)->icmpv4vars.emb_udph
#define	ICMPV4_GET_EMB_ICMPV4H(p)   (p)->icmpv4vars.emb_icmpv4h
#define	ICMPV4_GET_HLEN_ICMPV4H(p)   (p)->icmpv4vars.hlen
#define	ICMPV4_DEST_UNREACH_IS_VALID(p)
#define	ICMPV4_IS_ERROR_MSG(p)

Typedefs
typedef struct ICMPV4ExtHdr_	ICMPV4ExtHdr
typedef struct ICMPV4Vars_	ICMPV4Vars

Functions
struct ICMPV4Hdr_	__attribute__ ((__packed__)) ICMPV4Hdr
	DNP3 link header. More...
void	DecodeICMPV4RegisterTests (void)
	Registers ICMPV4 unit test. More...
int	ICMPv4GetCounterpart (uint8_t type)

Variables
uint8_t	type
uint8_t	code
uint16_t	checksum
uint8_t	naddr
uint8_t	addr_sz
uint32_t	orig_ts
uint32_t	rx_ts
uint32_t	tx_ts

Detailed Description

Author

Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file decode-icmpv4.h.

Macro Definition Documentation

CLEAR_ICMPV4_PACKET

#define CLEAR_ICMPV4_PACKET

(

p

)

Value:

    do { \
    (p)->level4_comp_csum = -1;     \
    PACKET_CLEAR_L4VARS((p));       \
    (p)->icmpv4h = NULL;            \
} while(0)

Definition at line 227 of file decode-icmpv4.h.

ICMPV4_DEST_UNREACH_IS_VALID

#define ICMPV4_DEST_UNREACH_IS_VALID

(

p

)

Value:

    ( \
    (!((p)->flags & PKT_IS_INVALID)) && \
    ((p)->icmpv4h != NULL) && \
    (ICMPV4_GET_TYPE((p)) == ICMP_DEST_UNREACH) && \
    (ICMPV4_GET_EMB_IPV4((p)) != NULL) && \
    ((ICMPV4_GET_EMB_TCP((p)) != NULL) || \
     (ICMPV4_GET_EMB_UDP((p)) != NULL)))

macro for checking if a ICMP DEST UNREACH packet is valid for use in other parts of the engine, such as the flow engine.

Warning

use only after the decoder has processed the packet

Definition at line 270 of file decode-icmpv4.h.

ICMPV4_GET_CODE [1/2]

#define ICMPV4_GET_CODE

(

p

)

(p)->icmpv4h->code

marco for icmpv4 code access

macro for icmpv4 "code" access

Definition at line 238 of file decode-icmpv4.h.

ICMPV4_GET_CODE [2/2]

#define ICMPV4_GET_CODE

(

p

)

(p)->icmpv4h->code

marco for icmpv4 code access

macro for icmpv4 "code" access

Definition at line 238 of file decode-icmpv4.h.

ICMPV4_GET_CSUM

#define ICMPV4_GET_CSUM

(

p

)

(p)->icmpv4h->checksum

Definition at line 241 of file decode-icmpv4.h.

ICMPV4_GET_EMB_ICMPV4H

#define ICMPV4_GET_EMB_ICMPV4H

(

p

)

(p)->icmpv4vars.emb_icmpv4h

macro for icmpv4 embedded "icmpv4h" header access

Definition at line 261 of file decode-icmpv4.h.

ICMPV4_GET_EMB_IPV4

#define ICMPV4_GET_EMB_IPV4

(

p

)

(p)->icmpv4vars.emb_ipv4h

macro for icmpv4 embedded "ipv4h" header access

Definition at line 255 of file decode-icmpv4.h.

ICMPV4_GET_EMB_PROTO

#define ICMPV4_GET_EMB_PROTO

(

p

)

(p)->icmpv4vars.emb_ip4_proto

macro for icmpv4 embedded "protocol" access

Definition at line 253 of file decode-icmpv4.h.

ICMPV4_GET_EMB_TCP

#define ICMPV4_GET_EMB_TCP

(

p

)

(p)->icmpv4vars.emb_tcph

macro for icmpv4 embedded "tcph" header access

Definition at line 257 of file decode-icmpv4.h.

ICMPV4_GET_EMB_UDP

#define ICMPV4_GET_EMB_UDP

(

p

)

(p)->icmpv4vars.emb_udph

macro for icmpv4 embedded "udph" header access

Definition at line 259 of file decode-icmpv4.h.

ICMPV4_GET_HLEN_ICMPV4H

#define ICMPV4_GET_HLEN_ICMPV4H

(

p

)

(p)->icmpv4vars.hlen

macro for icmpv4 header length

Definition at line 263 of file decode-icmpv4.h.

ICMPV4_GET_ID

#define ICMPV4_GET_ID

(

p

)

((p)->icmpv4vars.id)

macro for icmpv4 "id" access

Definition at line 246 of file decode-icmpv4.h.

ICMPV4_GET_RAW_CSUM

#define ICMPV4_GET_RAW_CSUM

(

p

)

SCNtohs((p)->icmpv4h->checksum)

macro for icmpv4 "csum" access

Definition at line 240 of file decode-icmpv4.h.

ICMPV4_GET_SEQ

#define ICMPV4_GET_SEQ

(

p

)

((p)->icmpv4vars.seq)

macro for icmpv4 "seq" access

Definition at line 248 of file decode-icmpv4.h.

ICMPV4_GET_TYPE [1/2]

#define ICMPV4_GET_TYPE

(

p

)

(p)->icmpv4h->type

marco for icmpv4 type access

macro for icmpv4 "type" access

Definition at line 236 of file decode-icmpv4.h.

ICMPV4_GET_TYPE [2/2]

#define ICMPV4_GET_TYPE

(

p

)

(p)->icmpv4h->type

marco for icmpv4 type access

macro for icmpv4 "type" access

Definition at line 236 of file decode-icmpv4.h.

ICMPV4_HEADER_LEN

#define ICMPV4_HEADER_LEN   8

Definition at line 33 of file decode-icmpv4.h.

ICMPV4_HEADER_PKT_OFFSET

#define ICMPV4_HEADER_PKT_OFFSET   8

Definition at line 233 of file decode-icmpv4.h.

ICMPV4_IS_ERROR_MSG

#define ICMPV4_IS_ERROR_MSG

(

p

)

Value:

        (ICMPV4_GET_TYPE((p)) == ICMP_DEST_UNREACH || \
        ICMPV4_GET_TYPE((p)) == ICMP_SOURCE_QUENCH || \
        ICMPV4_GET_TYPE((p)) == ICMP_REDIRECT || \
        ICMPV4_GET_TYPE((p)) == ICMP_TIME_EXCEEDED || \
        ICMPV4_GET_TYPE((p)) == ICMP_PARAMETERPROB)

marco for checking if a ICMP packet is an error message or an query message.

Todo:

This check is used in the flow engine and needs to be as cheap as possible. Consider setting a bitflag at the decoder stage so we can to a bit check instead of the more expensive check below.

Definition at line 287 of file decode-icmpv4.h.

Typedef Documentation

ICMPV4ExtHdr

typedef struct ICMPV4ExtHdr_ ICMPV4ExtHdr

ICMPV4Vars

typedef struct ICMPV4Vars_ ICMPV4Vars

Function Documentation

DecodeICMPV4RegisterTests()

void DecodeICMPV4RegisterTests

(

void

)

Registers ICMPV4 unit test.

Definition at line 825 of file decode-icmpv4.c.

References UtRegisterTest().

Here is the call graph for this function:

ICMPv4GetCounterpart()

int ICMPv4GetCounterpart

(

uint8_t

type

)

Return values

type	counterpart type or -1

Definition at line 351 of file decode-icmpv4.c.

References CASE_CODE, and type.

Referenced by DecodeICMPV4().

Here is the caller graph for this function:

Variable Documentation

addr_sz

uint8_t addr_sz

Size of each advertised address

Definition at line 4 of file decode-icmpv4.h.

checksum

uint16_t checksum

Definition at line 2 of file decode-icmpv4.h.

code

uint8_t code

Definition at line 1 of file decode-icmpv4.h.

Referenced by DecodeRegisterPerfCounters().

naddr

uint8_t naddr

Number of advertised addresses

Definition at line 1 of file decode-icmpv4.h.

orig_ts

uint32_t orig_ts

Definition at line 0 of file decode-icmpv4.h.

rx_ts

uint32_t rx_ts

Definition at line 1 of file decode-icmpv4.h.

tx_ts

uint32_t tx_ts

Definition at line 2 of file decode-icmpv4.h.

type

uint8_t type

Definition at line 0 of file decode-icmpv4.h.

Referenced by BloomFilterCountingInit(), DecodeNull(), DetectSigmatchListEnumToString(), DetectVarStoreMatch(), DetectVarStoreMatchKeyValue(), ICMPv4GetCounterpart(), ICMPv6GetCounterpart(), Ja3IsDisabled(), LoadHashTable(), OutputRegisterStreamingLogger(), TmThreadAppend(), TmThreadGetNbThreads(), TmThreadSetCPU(), VarNameStoreLookupById(), and VarNameStoreLookupByName().