suricata
decode-tcp.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup decode
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author Victor Julien <victor@inliniac.net>
29  *
30  * Decode TCP
31  */
32 
33 #include "suricata-common.h"
34 #include "decode.h"
35 #include "decode-tcp.h"
36 #include "decode-events.h"
37 #include "util-unittest.h"
38 #include "util-debug.h"
39 #include "util-optimize.h"
40 #include "flow.h"
41 #include "util-profiling.h"
42 #include "pkt-var.h"
43 #include "host.h"
44 
45 #define SET_OPTS(dst, src) \
46  (dst).type = (src).type; \
47  (dst).len = (src).len; \
48  (dst).data = (src).data
49 
50 static int DecodeTCPOptions(Packet *p, uint8_t *pkt, uint16_t pktlen)
51 {
52  uint8_t tcp_opt_cnt = 0;
53  TCPOpt tcp_opts[TCP_OPTMAX];
54 
55  uint16_t plen = pktlen;
56  while (plen)
57  {
58  const uint8_t type = *pkt;
59 
60  /* single byte options */
61  if (type == TCP_OPT_EOL) {
62  break;
63  } else if (type == TCP_OPT_NOP) {
64  pkt++;
65  plen--;
66 
67  /* multibyte options */
68  } else {
69  if (plen < 2) {
70  break;
71  }
72 
73  const uint8_t olen = *(pkt+1);
74 
75  /* we already know that the total options len is valid,
76  * so here the len of the specific option must be bad.
77  * Also check for invalid lengths 0 and 1. */
78  if (unlikely(olen > plen || olen < 2)) {
80  return -1;
81  }
82 
83  tcp_opts[tcp_opt_cnt].type = type;
84  tcp_opts[tcp_opt_cnt].len = olen;
85  tcp_opts[tcp_opt_cnt].data = (olen > 2) ? (pkt+2) : NULL;
86 
87  /* we are parsing the most commonly used opts to prevent
88  * us from having to walk the opts list for these all the
89  * time. */
90  switch (type) {
91  case TCP_OPT_WS:
92  if (olen != TCP_OPT_WS_LEN) {
94  } else {
95  if (p->tcpvars.ws.type != 0) {
97  } else {
98  SET_OPTS(p->tcpvars.ws, tcp_opts[tcp_opt_cnt]);
99  }
100  }
101  break;
102  case TCP_OPT_MSS:
103  if (olen != TCP_OPT_MSS_LEN) {
105  } else {
106  if (p->tcpvars.mss.type != 0) {
108  } else {
109  SET_OPTS(p->tcpvars.mss, tcp_opts[tcp_opt_cnt]);
110  }
111  }
112  break;
113  case TCP_OPT_SACKOK:
114  if (olen != TCP_OPT_SACKOK_LEN) {
116  } else {
117  if (p->tcpvars.sackok.type != 0) {
119  } else {
120  SET_OPTS(p->tcpvars.sackok, tcp_opts[tcp_opt_cnt]);
121  }
122  }
123  break;
124  case TCP_OPT_TS:
125  if (olen != TCP_OPT_TS_LEN) {
127  } else {
128  if (p->tcpvars.ts_set) {
130  } else {
131  uint32_t values[2];
132  memcpy(&values, tcp_opts[tcp_opt_cnt].data, sizeof(values));
133  p->tcpvars.ts_val = SCNtohl(values[0]);
134  p->tcpvars.ts_ecr = SCNtohl(values[1]);
135  p->tcpvars.ts_set = TRUE;
136  }
137  }
138  break;
139  case TCP_OPT_SACK:
140  SCLogDebug("SACK option, len %u", olen);
141  if (olen < TCP_OPT_SACK_MIN_LEN ||
142  olen > TCP_OPT_SACK_MAX_LEN ||
143  !((olen - 2) % 8 == 0))
144  {
146  } else {
147  if (p->tcpvars.sack.type != 0) {
149  } else {
150  SET_OPTS(p->tcpvars.sack, tcp_opts[tcp_opt_cnt]);
151  }
152  }
153  break;
154  }
155 
156  pkt += olen;
157  plen -= olen;
158  tcp_opt_cnt++;
159  }
160  }
161  return 0;
162 }
163 
164 static int DecodeTCPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
165 {
166  if (unlikely(len < TCP_HEADER_LEN)) {
168  return -1;
169  }
170 
171  p->tcph = (TCPHdr *)pkt;
172 
173  uint8_t hlen = TCP_GET_HLEN(p);
174  if (unlikely(len < hlen)) {
176  return -1;
177  }
178 
179  uint8_t tcp_opt_len = hlen - TCP_HEADER_LEN;
180  if (unlikely(tcp_opt_len > TCP_OPTLENMAX)) {
182  return -1;
183  }
184 
185  if (likely(tcp_opt_len > 0)) {
186  DecodeTCPOptions(p, pkt + TCP_HEADER_LEN, tcp_opt_len);
187  }
188 
189  SET_TCP_SRC_PORT(p,&p->sp);
190  SET_TCP_DST_PORT(p,&p->dp);
191 
192  p->proto = IPPROTO_TCP;
193 
194  p->payload = pkt + hlen;
195  p->payload_len = len - hlen;
196 
197  return 0;
198 }
199 
200 int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
201 {
202  StatsIncr(tv, dtv->counter_tcp);
203 
204  if (unlikely(DecodeTCPPacket(tv, p,pkt,len) < 0)) {
205  SCLogDebug("invalid TCP packet");
206  p->tcph = NULL;
207  return TM_ECODE_FAILED;
208  }
209 
210 #ifdef DEBUG
211  SCLogDebug("TCP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 " %s%s%s%s%s",
213  TCP_HAS_SACKOK(p) ? "SACKOK " : "", TCP_HAS_SACK(p) ? "SACK " : "",
214  TCP_HAS_WSCALE(p) ? "WS " : "", TCP_HAS_TS(p) ? "TS " : "",
215  TCP_HAS_MSS(p) ? "MSS " : "");
216 #endif
217 
218  FlowSetupPacket(p);
219 
220  return TM_ECODE_OK;
221 }
222 
223 #ifdef UNITTESTS
224 static int TCPCalculateValidChecksumtest01(void)
225 {
226  uint16_t csum = 0;
227 
228  uint8_t raw_ipshdr[] = {
229  0x40, 0x8e, 0x7e, 0xb2, 0xc0, 0xa8, 0x01, 0x03};
230 
231  uint8_t raw_tcp[] = {
232  0x00, 0x50, 0x8e, 0x16, 0x0d, 0x59, 0xcd, 0x3c,
233  0xcf, 0x0d, 0x21, 0x80, 0xa0, 0x12, 0x16, 0xa0,
234  0xfa, 0x03, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,
235  0x04, 0x02, 0x08, 0x0a, 0x6e, 0x18, 0x78, 0x73,
236  0x01, 0x71, 0x74, 0xde, 0x01, 0x03, 0x03, 02};
237 
238  csum = *( ((uint16_t *)raw_tcp) + 8);
239 
240  FAIL_IF(TCPChecksum((uint16_t *)raw_ipshdr,
241  (uint16_t *)raw_tcp, sizeof(raw_tcp), csum) != 0);
242  PASS;
243 }
244 
245 static int TCPCalculateInvalidChecksumtest02(void)
246 {
247  uint16_t csum = 0;
248 
249  uint8_t raw_ipshdr[] = {
250  0x40, 0x8e, 0x7e, 0xb2, 0xc0, 0xa8, 0x01, 0x03};
251 
252  uint8_t raw_tcp[] = {
253  0x00, 0x50, 0x8e, 0x16, 0x0d, 0x59, 0xcd, 0x3c,
254  0xcf, 0x0d, 0x21, 0x80, 0xa0, 0x12, 0x16, 0xa0,
255  0xfa, 0x03, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,
256  0x04, 0x02, 0x08, 0x0a, 0x6e, 0x18, 0x78, 0x73,
257  0x01, 0x71, 0x74, 0xde, 0x01, 0x03, 0x03, 03};
258 
259  csum = *( ((uint16_t *)raw_tcp) + 8);
260 
261  FAIL_IF(TCPChecksum((uint16_t *) raw_ipshdr,
262  (uint16_t *)raw_tcp, sizeof(raw_tcp), csum) == 0);
263  PASS;
264 }
265 
266 static int TCPV6CalculateValidChecksumtest03(void)
267 {
268  uint16_t csum = 0;
269 
270  static uint8_t raw_ipv6[] = {
271  0x00, 0x60, 0x97, 0x07, 0x69, 0xea, 0x00, 0x00,
272  0x86, 0x05, 0x80, 0xda, 0x86, 0xdd, 0x60, 0x00,
273  0x00, 0x00, 0x00, 0x20, 0x06, 0x40, 0x3f, 0xfe,
274  0x05, 0x07, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00,
275  0x86, 0xff, 0xfe, 0x05, 0x80, 0xda, 0x3f, 0xfe,
276  0x05, 0x01, 0x04, 0x10, 0x00, 0x00, 0x02, 0xc0,
277  0xdf, 0xff, 0xfe, 0x47, 0x03, 0x3e, 0x03, 0xfe,
278  0x00, 0x16, 0xd6, 0x76, 0xf5, 0x2d, 0x0c, 0x7a,
279  0x08, 0x77, 0x80, 0x10, 0x21, 0x5c, 0xc2, 0xf1,
280  0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x00, 0x08,
281  0xca, 0x5a, 0x00, 0x01, 0x69, 0x27};
282 
283  csum = *( ((uint16_t *)(raw_ipv6 + 70)));
284 
285  FAIL_IF(TCPV6Checksum((uint16_t *)(raw_ipv6 + 14 + 8),
286  (uint16_t *)(raw_ipv6 + 54), 32, csum) != 0);
287  PASS;
288 }
289 
290 static int TCPV6CalculateInvalidChecksumtest04(void)
291 {
292  uint16_t csum = 0;
293 
294  static uint8_t raw_ipv6[] = {
295  0x00, 0x60, 0x97, 0x07, 0x69, 0xea, 0x00, 0x00,
296  0x86, 0x05, 0x80, 0xda, 0x86, 0xdd, 0x60, 0x00,
297  0x00, 0x00, 0x00, 0x20, 0x06, 0x40, 0x3f, 0xfe,
298  0x05, 0x07, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00,
299  0x86, 0xff, 0xfe, 0x05, 0x80, 0xda, 0x3f, 0xfe,
300  0x05, 0x01, 0x04, 0x10, 0x00, 0x00, 0x02, 0xc0,
301  0xdf, 0xff, 0xfe, 0x47, 0x03, 0x3e, 0x03, 0xfe,
302  0x00, 0x16, 0xd6, 0x76, 0xf5, 0x2d, 0x0c, 0x7a,
303  0x08, 0x77, 0x80, 0x10, 0x21, 0x5c, 0xc2, 0xf1,
304  0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x00, 0x08,
305  0xca, 0x5a, 0x00, 0x01, 0x69, 0x28};
306 
307  csum = *( ((uint16_t *)(raw_ipv6 + 70)));
308 
309  FAIL_IF(TCPV6Checksum((uint16_t *)(raw_ipv6 + 14 + 8),
310  (uint16_t *)(raw_ipv6 + 54), 32, csum) == 0);
311  PASS;
312 }
313 
314 /** \test Get the wscale of 2 */
315 static int TCPGetWscaleTest01(void)
316 {
317  int retval = 0;
318  static uint8_t raw_tcp[] = {0xda, 0xc1, 0x00, 0x50, 0xb6, 0x21, 0x7f, 0x58,
319  0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0x16, 0xd0,
320  0x8a, 0xaf, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,
321  0x04, 0x02, 0x08, 0x0a, 0x00, 0x62, 0x88, 0x28,
322  0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x02};
323  Packet *p = PacketGetFromAlloc();
324  if (unlikely(p == NULL))
325  return 0;
326  IPV4Hdr ip4h;
327  ThreadVars tv;
328  DecodeThreadVars dtv;
329 
330  memset(&tv, 0, sizeof(ThreadVars));
331  memset(&dtv, 0, sizeof(DecodeThreadVars));
332  memset(&ip4h, 0, sizeof(IPV4Hdr));
333 
334  p->src.family = AF_INET;
335  p->dst.family = AF_INET;
336  p->ip4h = &ip4h;
337 
338 
340  DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp), NULL);
341 
342  if (p->tcph == NULL) {
343  printf("tcp packet decode failed: ");
344  goto end;
345  }
346 
347  uint8_t wscale = TCP_GET_WSCALE(p);
348  if (wscale != 2) {
349  printf("wscale %"PRIu8", expected 2: ", wscale);
350  goto end;
351  }
352 
353  retval = 1;
354 end:
355  PACKET_RECYCLE(p);
356  FlowShutdown();
357  SCFree(p);
358  return retval;
359 }
360 
361 /** \test Get the wscale of 15, so see if return 0 properly */
362 static int TCPGetWscaleTest02(void)
363 {
364  int retval = 0;
365  static uint8_t raw_tcp[] = {0xda, 0xc1, 0x00, 0x50, 0xb6, 0x21, 0x7f, 0x58,
366  0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0x16, 0xd0,
367  0x8a, 0xaf, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4,
368  0x04, 0x02, 0x08, 0x0a, 0x00, 0x62, 0x88, 0x28,
369  0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x0f};
370  Packet *p = PacketGetFromAlloc();
371  if (unlikely(p == NULL))
372  return 0;
373  IPV4Hdr ip4h;
374  ThreadVars tv;
375  DecodeThreadVars dtv;
376 
377  memset(&tv, 0, sizeof(ThreadVars));
378  memset(&dtv, 0, sizeof(DecodeThreadVars));
379  memset(&ip4h, 0, sizeof(IPV4Hdr));
380 
381  p->src.family = AF_INET;
382  p->dst.family = AF_INET;
383  p->ip4h = &ip4h;
384 
386  DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp), NULL);
387 
388  if (p->tcph == NULL) {
389  printf("tcp packet decode failed: ");
390  goto end;
391  }
392 
393  uint8_t wscale = TCP_GET_WSCALE(p);
394  if (wscale != 0) {
395  printf("wscale %"PRIu8", expected 0: ", wscale);
396  goto end;
397  }
398 
399  retval = 1;
400 end:
401  PACKET_RECYCLE(p);
402  FlowShutdown();
403  SCFree(p);
404  return retval;
405 }
406 
407 /** \test Get the wscale, but it's missing, so see if return 0 properly */
408 static int TCPGetWscaleTest03(void)
409 {
410  int retval = 0;
411  static uint8_t raw_tcp[] = {0xda, 0xc1, 0x00, 0x50, 0xb6, 0x21, 0x7f, 0x59,
412  0xdd, 0xa3, 0x6f, 0xf8, 0x80, 0x10, 0x05, 0xb4,
413  0x7c, 0x70, 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a,
414  0x00, 0x62, 0x88, 0x9e, 0x00, 0x00, 0x00, 0x00};
415  Packet *p = PacketGetFromAlloc();
416  if (unlikely(p == NULL))
417  return 0;
418  IPV4Hdr ip4h;
419  ThreadVars tv;
420  DecodeThreadVars dtv;
421 
422  memset(&tv, 0, sizeof(ThreadVars));
423  memset(&dtv, 0, sizeof(DecodeThreadVars));
424  memset(&ip4h, 0, sizeof(IPV4Hdr));
425 
426  p->src.family = AF_INET;
427  p->dst.family = AF_INET;
428  p->ip4h = &ip4h;
429 
431  DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp), NULL);
432 
433  if (p->tcph == NULL) {
434  printf("tcp packet decode failed: ");
435  goto end;
436  }
437 
438  uint8_t wscale = TCP_GET_WSCALE(p);
439  if (wscale != 0) {
440  printf("wscale %"PRIu8", expected 0: ", wscale);
441  goto end;
442  }
443 
444  retval = 1;
445 end:
446  PACKET_RECYCLE(p);
447  FlowShutdown();
448  SCFree(p);
449  return retval;
450 }
451 
452 static int TCPGetSackTest01(void)
453 {
454  int retval = 0;
455  static uint8_t raw_tcp[] = {
456  0x00, 0x50, 0x06, 0xa6, 0xfa, 0x87, 0x0b, 0xf5,
457  0xf1, 0x59, 0x02, 0xe0, 0xa0, 0x10, 0x3e, 0xbc,
458  0x1d, 0xe7, 0x00, 0x00, 0x01, 0x01, 0x05, 0x12,
459  0xf1, 0x59, 0x13, 0xfc, 0xf1, 0x59, 0x1f, 0x64,
460  0xf1, 0x59, 0x08, 0x94, 0xf1, 0x59, 0x0e, 0x48 };
461  static uint8_t raw_tcp_sack[] = {
462  0xf1, 0x59, 0x13, 0xfc, 0xf1, 0x59, 0x1f, 0x64,
463  0xf1, 0x59, 0x08, 0x94, 0xf1, 0x59, 0x0e, 0x48 };
464  Packet *p = PacketGetFromAlloc();
465  if (unlikely(p == NULL))
466  return 0;
467  IPV4Hdr ip4h;
468  ThreadVars tv;
469  DecodeThreadVars dtv;
470 
471  memset(&tv, 0, sizeof(ThreadVars));
472  memset(&dtv, 0, sizeof(DecodeThreadVars));
473  memset(&ip4h, 0, sizeof(IPV4Hdr));
474 
475  p->src.family = AF_INET;
476  p->dst.family = AF_INET;
477  p->ip4h = &ip4h;
478 
480  DecodeTCP(&tv, &dtv, p, raw_tcp, sizeof(raw_tcp), NULL);
481 
482  if (p->tcph == NULL) {
483  printf("tcp packet decode failed: ");
484  goto end;
485  }
486 
487  if (!TCP_HAS_SACK(p)) {
488  printf("tcp packet sack not decoded: ");
489  goto end;
490  }
491 
492  int sack = TCP_GET_SACK_CNT(p);
493  if (sack != 2) {
494  printf("expected 2 sack records, got %u: ", TCP_GET_SACK_CNT(p));
495  goto end;
496  }
497 
498  uint8_t *sackptr = TCP_GET_SACK_PTR(p);
499  if (sackptr == NULL) {
500  printf("no sack data: ");
501  goto end;
502  }
503 
504  if (memcmp(sackptr, raw_tcp_sack, 16) != 0) {
505  printf("malformed sack data: ");
506  goto end;
507  }
508 
509  retval = 1;
510 end:
511  PACKET_RECYCLE(p);
512  FlowShutdown();
513  SCFree(p);
514  return retval;
515 }
516 #endif /* UNITTESTS */
517 
519 {
520 #ifdef UNITTESTS
521  UtRegisterTest("TCPCalculateValidChecksumtest01",
522  TCPCalculateValidChecksumtest01);
523  UtRegisterTest("TCPCalculateInvalidChecksumtest02",
524  TCPCalculateInvalidChecksumtest02);
525  UtRegisterTest("TCPV6CalculateValidChecksumtest03",
526  TCPV6CalculateValidChecksumtest03);
527  UtRegisterTest("TCPV6CalculateInvalidChecksumtest04",
528  TCPV6CalculateInvalidChecksumtest04);
529  UtRegisterTest("TCPGetWscaleTest01", TCPGetWscaleTest01);
530  UtRegisterTest("TCPGetWscaleTest02", TCPGetWscaleTest02);
531  UtRegisterTest("TCPGetWscaleTest03", TCPGetWscaleTest03);
532  UtRegisterTest("TCPGetSackTest01", TCPGetSackTest01);
533 #endif /* UNITTESTS */
534 }
535 /**
536  * @}
537  */
void FlowSetupPacket(Packet *p)
prepare packet for a life with flow Set PKT_WANTS_FLOW flag to incidate workers should do a flow look...
Definition: flow-hash.c:288
uint32_t ts_ecr
Definition: decode-tcp.h:151
#define ENGINE_SET_EVENT(p, e)
Definition: decode.h:1000
#define SCLogDebug(...)
Definition: util-debug.h:335
#define TCP_OPT_WS_LEN
Definition: decode-tcp.h:56
uint8_t len
Definition: decode-tcp.h:124
#define PASS
Pass the test.
#define unlikely(expr)
Definition: util-optimize.h:35
Port sp
Definition: decode.h:414
#define TCP_OPT_SACKOK
Definition: decode-tcp.h:51
Port dp
Definition: decode.h:422
#define FAIL_IF(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:71
#define FLOW_QUIET
Definition: flow.h:37
Address dst
Definition: decode.h:412
#define PACKET_RECYCLE(p)
Definition: decode.h:827
int DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
Definition: decode-tcp.c:200
#define TCP_HAS_MSS(p)
Definition: decode-tcp.h:90
#define TCP_HEADER_LEN
Definition: decode-tcp.h:28
TCPHdr * tcph
Definition: decode.h:525
uint32_t ts_val
Definition: decode-tcp.h:150
#define TCP_OPT_MSS
Definition: decode-tcp.h:49
#define TCP_OPT_EOL
Definition: decode-tcp.h:47
#define TRUE
#define SET_TCP_SRC_PORT(pkt, prt)
Definition: decode.h:182
#define TCP_OPT_SACKOK_LEN
Definition: decode-tcp.h:55
TCPOpt sackok
Definition: decode-tcp.h:153
uint8_t type
Definition: decode-tcp.h:123
#define TCP_OPT_WS
Definition: decode-tcp.h:50
char family
Definition: decode.h:110
uint16_t type
uint8_t proto
Definition: decode.h:429
#define TCP_OPT_SACK_MIN_LEN
Definition: decode-tcp.h:59
#define TCP_OPT_SACK_MAX_LEN
Definition: decode-tcp.h:60
#define TCP_HAS_SACK(p)
Definition: decode-tcp.h:87
#define TCP_OPT_NOP
Definition: decode-tcp.h:48
#define TCP_HAS_TS(p)
Definition: decode-tcp.h:89
#define TCP_GET_WSCALE(p)
Definition: decode-tcp.h:93
void DecodeTCPRegisterTests(void)
Definition: decode-tcp.c:518
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
uint8_t * data
Definition: decode-tcp.h:125
Structure to hold thread specific data for all decode modules.
Definition: decode.h:642
uint16_t counter_tcp
Definition: decode.h:660
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:163
#define TCP_OPTMAX
Definition: decode-tcp.h:30
#define SCNtohl(x)
IPV4Hdr * ip4h
Definition: decode.h:503
#define TCP_OPT_SACK
Definition: decode-tcp.h:52
#define TCP_GET_SACK_CNT(p)
Definition: decode-tcp.h:99
#define TCP_GET_SACK_PTR(p)
Definition: decode-tcp.h:98
#define SCFree(a)
Definition: util-mem.h:236
TCPOpt mss
Definition: decode-tcp.h:155
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:599
#define TCP_HAS_SACKOK(p)
Definition: decode-tcp.h:88
#define GET_TCP_DST_PORT(p)
Definition: decode.h:221
#define TCP_OPT_TS_LEN
Definition: decode-tcp.h:57
#define TCP_OPTLENMAX
Definition: decode-tcp.h:29
#define TCP_GET_HLEN(p)
Definition: decode-tcp.h:103
TCPVars tcpvars
Definition: decode.h:517
uint8_t len
Per thread variable structure.
Definition: threadvars.h:57
uint16_t payload_len
Definition: decode.h:546
#define TCP_OPT_MSS_LEN
Definition: decode-tcp.h:58
#define likely(expr)
Definition: util-optimize.h:32
_Bool ts_set
Definition: decode-tcp.h:149
TCPOpt sack
Definition: decode-tcp.h:152
#define GET_TCP_SRC_PORT(p)
Definition: decode.h:220
#define SET_OPTS(dst, src)
Definition: decode-tcp.c:45
uint8_t * payload
Definition: decode.h:545
#define SET_TCP_DST_PORT(pkt, prt)
Definition: decode.h:186
#define TCP_OPT_TS
Definition: decode-tcp.h:53
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition: decode.h:1008
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:140
Address src
Definition: decode.h:411
IPV4Hdr ip4h
#define TCP_HAS_WSCALE(p)
Definition: decode-tcp.h:86
void FlowInitConfig(char quiet)
initialize the configuration
Definition: flow.c:444
TCPOpt ws
Definition: decode-tcp.h:154