|
suricata
|
|
suricata
|
Go to the source code of this file.
Data Structures | |
| struct | TCPOpt_ |
| struct | TCPOptSackRecord_ |
| struct | TCPHdr_ |
| struct | TCPVars_ |
Macros | |
| #define | TCP_HEADER_LEN 20 |
| #define | TCP_OPTLENMAX 40 |
| #define | TCP_OPTMAX |
| #define | TH_FIN 0x01 |
| #define | TH_SYN 0x02 |
| #define | TH_RST 0x04 |
| #define | TH_PUSH 0x08 |
| #define | TH_ACK 0x10 |
| #define | TH_URG 0x20 |
| #define | TH_ECN 0x40 |
| #define | TH_CWR 0x80 |
| #define | TCP_OPT_EOL 0x00 |
| #define | TCP_OPT_NOP 0x01 |
| #define | TCP_OPT_MSS 0x02 |
| #define | TCP_OPT_WS 0x03 |
| #define | TCP_OPT_SACKOK 0x04 |
| #define | TCP_OPT_SACK 0x05 |
| #define | TCP_OPT_TS 0x08 |
| #define | TCP_OPT_TFO 0x22 /* TCP Fast Open */ |
| #define | TCP_OPT_EXP1 0xfd /* Experimental, could be TFO */ |
| #define | TCP_OPT_EXP2 0xfe /* Experimental, could be TFO */ |
| #define | TCP_OPT_SACKOK_LEN 2 |
| #define | TCP_OPT_WS_LEN 3 |
| #define | TCP_OPT_TS_LEN 10 |
| #define | TCP_OPT_MSS_LEN 4 |
| #define | TCP_OPT_SACK_MIN_LEN 10 /* hdr 2, 1 pair 8 = 10 */ |
| #define | TCP_OPT_SACK_MAX_LEN 34 /* hdr 2, 4 pair 32= 34 */ |
| #define | TCP_OPT_TFO_MIN_LEN 6 /* kind, len, 6 */ |
| #define | TCP_OPT_TFO_MAX_LEN 20 /* kind, len, 18 */ |
| #define | TCP_WSCALE_MAX 14 |
| #define | TCP_GET_RAW_OFFSET(tcph) (((tcph)->th_offx2 & 0xf0) >> 4) |
| #define | TCP_GET_RAW_X2(tcph) (unsigned char)((tcph)->th_offx2 & 0x0f) |
| #define | TCP_GET_RAW_SRC_PORT(tcph) SCNtohs((tcph)->th_sport) |
| #define | TCP_GET_RAW_DST_PORT(tcph) SCNtohs((tcph)->th_dport) |
| #define | TCP_SET_RAW_TCP_OFFSET(tcph, value) ((tcph)->th_offx2 = (unsigned char)(((tcph)->th_offx2 & 0x0f) | (value << 4))) |
| #define | TCP_SET_RAW_TCP_X2(tcph, value) ((tcph)->th_offx2 = (unsigned char)(((tcph)->th_offx2 & 0xf0) | (value & 0x0f))) |
| #define | TCP_GET_RAW_SEQ(tcph) SCNtohl((tcph)->th_seq) |
| #define | TCP_GET_RAW_ACK(tcph) SCNtohl((tcph)->th_ack) |
| #define | TCP_GET_RAW_WINDOW(tcph) SCNtohs((tcph)->th_win) |
| #define | TCP_GET_RAW_URG_POINTER(tcph) SCNtohs((tcph)->th_urp) |
| #define | TCP_GET_RAW_SUM(tcph) SCNtohs((tcph)->th_sum) |
| #define | TCP_GET_TSVAL(p) ((p)->tcpvars.ts_val) |
| #define | TCP_GET_TSECR(p) ((p)->tcpvars.ts_ecr) |
| #define | TCP_HAS_WSCALE(p) ((p)->tcpvars.ws.type == TCP_OPT_WS) |
| #define | TCP_HAS_SACK(p) ((p)->tcpvars.sack.type == TCP_OPT_SACK) |
| #define | TCP_HAS_SACKOK(p) ((p)->tcpvars.sackok.type == TCP_OPT_SACKOK) |
| #define | TCP_HAS_TS(p) ((p)->tcpvars.ts_set == TRUE) |
| #define | TCP_HAS_MSS(p) ((p)->tcpvars.mss.type == TCP_OPT_MSS) |
| #define | TCP_HAS_TFO(p) ((p)->tcpvars.tfo.type == TCP_OPT_TFO) |
| #define | TCP_GET_WSCALE(p) |
| #define | TCP_GET_SACKOK(p) (TCP_HAS_SACKOK((p)) ? 1 : 0) |
| #define | TCP_GET_SACK_PTR(p) TCP_HAS_SACK((p)) ? (p)->tcpvars.sack.data : NULL |
| #define | TCP_GET_SACK_CNT(p) (TCP_HAS_SACK((p)) ? (((p)->tcpvars.sack.len - 2) / 8) : 0) |
| #define | TCP_GET_MSS(p) SCNtohs(*(uint16_t *)((p)->tcpvars.mss.data)) |
| #define | TCP_GET_OFFSET(p) TCP_GET_RAW_OFFSET((p)->tcph) |
| #define | TCP_GET_X2(p) TCP_GET_RAW_X2((p)->tcph) |
| #define | TCP_GET_HLEN(p) (TCP_GET_OFFSET((p)) << 2) |
| #define | TCP_GET_SRC_PORT(p) TCP_GET_RAW_SRC_PORT((p)->tcph) |
| #define | TCP_GET_DST_PORT(p) TCP_GET_RAW_DST_PORT((p)->tcph) |
| #define | TCP_GET_SEQ(p) TCP_GET_RAW_SEQ((p)->tcph) |
| #define | TCP_GET_ACK(p) TCP_GET_RAW_ACK((p)->tcph) |
| #define | TCP_GET_WINDOW(p) TCP_GET_RAW_WINDOW((p)->tcph) |
| #define | TCP_GET_URG_POINTER(p) TCP_GET_RAW_URG_POINTER((p)->tcph) |
| #define | TCP_GET_SUM(p) TCP_GET_RAW_SUM((p)->tcph) |
| #define | TCP_GET_FLAGS(p) (p)->tcph->th_flags |
| #define | TCP_ISSET_FLAG_FIN(p) ((p)->tcph->th_flags & TH_FIN) |
| #define | TCP_ISSET_FLAG_SYN(p) ((p)->tcph->th_flags & TH_SYN) |
| #define | TCP_ISSET_FLAG_RST(p) ((p)->tcph->th_flags & TH_RST) |
| #define | TCP_ISSET_FLAG_PUSH(p) ((p)->tcph->th_flags & TH_PUSH) |
| #define | TCP_ISSET_FLAG_ACK(p) ((p)->tcph->th_flags & TH_ACK) |
| #define | TCP_ISSET_FLAG_URG(p) ((p)->tcph->th_flags & TH_URG) |
| #define | TCP_ISSET_FLAG_RES2(p) ((p)->tcph->th_flags & TH_RES2) |
| #define | TCP_ISSET_FLAG_RES1(p) ((p)->tcph->th_flags & TH_RES1) |
| #define | CLEAR_TCP_PACKET(p) |
Typedefs | |
| typedef struct TCPOpt_ | TCPOpt |
| typedef struct TCPOptSackRecord_ | TCPOptSackRecord |
| typedef struct TCPVars_ | TCPVars |
Functions | |
| struct TCPHdr_ | __attribute__ ((__packed__)) TCPHdr |
| DNP3 link header. More... | |
| void | DecodeTCPRegisterTests (void) |
Variables | |
| uint16_t | th_sport |
| uint16_t | th_dport |
| uint32_t | th_seq |
| uint32_t | th_ack |
| uint8_t | th_offx2 |
| uint8_t | th_flags |
| uint16_t | th_win |
| uint16_t | th_sum |
| uint16_t | th_urp |
Definition in file decode-tcp.h.
| #define CLEAR_TCP_PACKET | ( | p | ) |
Definition at line 166 of file decode-tcp.h.
| #define TCP_GET_ACK | ( | p | ) | TCP_GET_RAW_ACK((p)->tcph) |
Definition at line 114 of file decode-tcp.h.
Referenced by DetectAckRegister(), StreamTcpPacket(), and StreamTcpThreadDeinit().
| #define TCP_GET_DST_PORT | ( | p | ) | TCP_GET_RAW_DST_PORT((p)->tcph) |
Definition at line 112 of file decode-tcp.h.
| #define TCP_GET_FLAGS | ( | p | ) | (p)->tcph->th_flags |
Definition at line 118 of file decode-tcp.h.
| #define TCP_GET_HLEN | ( | p | ) | (TCP_GET_OFFSET((p)) << 2) |
Definition at line 110 of file decode-tcp.h.
Referenced by DecodeTCP(), DetectCsumRegister(), DetectTcphdrRegister(), ReCalculateChecksum(), and StreamTcpPacket().
| #define TCP_GET_MSS | ( | p | ) | SCNtohs(*(uint16_t *)((p)->tcpvars.mss.data)) |
Definition at line 106 of file decode-tcp.h.
Referenced by DetectTcpmssFree(), and DetectTcpmssRegister().
| #define TCP_GET_OFFSET | ( | p | ) | TCP_GET_RAW_OFFSET((p)->tcph) |
Definition at line 108 of file decode-tcp.h.
Definition at line 79 of file decode-tcp.h.
Definition at line 73 of file decode-tcp.h.
| #define TCP_GET_RAW_OFFSET | ( | tcph | ) | (((tcph)->th_offx2 & 0xf0) >> 4) |
Definition at line 70 of file decode-tcp.h.
Definition at line 78 of file decode-tcp.h.
Definition at line 72 of file decode-tcp.h.
Definition at line 83 of file decode-tcp.h.
Definition at line 82 of file decode-tcp.h.
Definition at line 81 of file decode-tcp.h.
| #define TCP_GET_RAW_X2 | ( | tcph | ) | (unsigned char)((tcph)->th_offx2 & 0x0f) |
Definition at line 71 of file decode-tcp.h.
| #define TCP_GET_SACK_CNT | ( | p | ) | (TCP_HAS_SACK((p)) ? (((p)->tcpvars.sack.len - 2) / 8) : 0) |
Definition at line 105 of file decode-tcp.h.
Referenced by DecodeTCP(), and StreamTcpSackUpdatePacket().
| #define TCP_GET_SACK_PTR | ( | p | ) | TCP_HAS_SACK((p)) ? (p)->tcpvars.sack.data : NULL |
Definition at line 104 of file decode-tcp.h.
Referenced by DecodeTCP(), and StreamTcpSackUpdatePacket().
| #define TCP_GET_SACKOK | ( | p | ) | (TCP_HAS_SACKOK((p)) ? 1 : 0) |
Definition at line 103 of file decode-tcp.h.
| #define TCP_GET_SEQ | ( | p | ) | TCP_GET_RAW_SEQ((p)->tcph) |
Definition at line 113 of file decode-tcp.h.
Referenced by DetectSeqRegister(), StreamReassembleRawUpdateProgress(), StreamTcpInlineSegmentCompare(), StreamTcpInlineSegmentReplacePacket(), StreamTcpPacket(), StreamTcpReassembleHandleSegmentHandleData(), StreamTcpThreadDeinit(), StreamTcpUTAddSegmentWithByte(), and StreamTcpUTAddSegmentWithPayload().
| #define TCP_GET_SRC_PORT | ( | p | ) | TCP_GET_RAW_SRC_PORT((p)->tcph) |
Definition at line 111 of file decode-tcp.h.
| #define TCP_GET_SUM | ( | p | ) | TCP_GET_RAW_SUM((p)->tcph) |
Definition at line 117 of file decode-tcp.h.
| #define TCP_GET_TSECR | ( | p | ) | ((p)->tcpvars.ts_ecr) |
macro for getting the second timestamp from the packet in host order.
Definition at line 89 of file decode-tcp.h.
| #define TCP_GET_TSVAL | ( | p | ) | ((p)->tcpvars.ts_val) |
macro for getting the first timestamp from the packet in host order
Definition at line 86 of file decode-tcp.h.
Referenced by StreamTcpThreadDeinit().
| #define TCP_GET_URG_POINTER | ( | p | ) | TCP_GET_RAW_URG_POINTER((p)->tcph) |
Definition at line 116 of file decode-tcp.h.
| #define TCP_GET_WINDOW | ( | p | ) | TCP_GET_RAW_WINDOW((p)->tcph) |
Definition at line 115 of file decode-tcp.h.
Referenced by DetectWindowRegister().
| #define TCP_GET_WSCALE | ( | p | ) |
macro for getting the wscale from the packet.
Definition at line 99 of file decode-tcp.h.
Referenced by DecodeTCP().
| #define TCP_GET_X2 | ( | p | ) | TCP_GET_RAW_X2((p)->tcph) |
Definition at line 109 of file decode-tcp.h.
| #define TCP_HAS_MSS | ( | p | ) | ((p)->tcpvars.mss.type == TCP_OPT_MSS) |
Definition at line 95 of file decode-tcp.h.
Referenced by DecodeTCP(), DetectTcpmssFree(), and DetectTcpmssRegister().
| #define TCP_HAS_SACK | ( | p | ) | ((p)->tcpvars.sack.type == TCP_OPT_SACK) |
Definition at line 92 of file decode-tcp.h.
Referenced by DecodeTCP().
| #define TCP_HAS_SACKOK | ( | p | ) | ((p)->tcpvars.sackok.type == TCP_OPT_SACKOK) |
Definition at line 93 of file decode-tcp.h.
Referenced by DecodeTCP().
| #define TCP_HAS_TFO | ( | p | ) | ((p)->tcpvars.tfo.type == TCP_OPT_TFO) |
Definition at line 96 of file decode-tcp.h.
Referenced by DecodeTCP().
| #define TCP_HAS_TS | ( | p | ) | ((p)->tcpvars.ts_set == TRUE) |
Definition at line 94 of file decode-tcp.h.
Referenced by DecodeTCP(), and StreamTcpThreadDeinit().
| #define TCP_HAS_WSCALE | ( | p | ) | ((p)->tcpvars.ws.type == TCP_OPT_WS) |
Definition at line 91 of file decode-tcp.h.
Referenced by DecodeTCP().
| #define TCP_HEADER_LEN 20 |
Definition at line 28 of file decode-tcp.h.
Definition at line 124 of file decode-tcp.h.
Definition at line 120 of file decode-tcp.h.
Definition at line 123 of file decode-tcp.h.
| #define TCP_ISSET_FLAG_RES1 | ( | p | ) | ((p)->tcph->th_flags & TH_RES1) |
Definition at line 127 of file decode-tcp.h.
| #define TCP_ISSET_FLAG_RES2 | ( | p | ) | ((p)->tcph->th_flags & TH_RES2) |
Definition at line 126 of file decode-tcp.h.
Definition at line 122 of file decode-tcp.h.
Definition at line 121 of file decode-tcp.h.
Definition at line 125 of file decode-tcp.h.
| #define TCP_OPT_EOL 0x00 |
Definition at line 47 of file decode-tcp.h.
| #define TCP_OPT_EXP1 0xfd /* Experimental, could be TFO */ |
Definition at line 55 of file decode-tcp.h.
| #define TCP_OPT_EXP2 0xfe /* Experimental, could be TFO */ |
Definition at line 56 of file decode-tcp.h.
| #define TCP_OPT_MSS 0x02 |
Definition at line 49 of file decode-tcp.h.
| #define TCP_OPT_MSS_LEN 4 |
Definition at line 61 of file decode-tcp.h.
| #define TCP_OPT_NOP 0x01 |
Definition at line 48 of file decode-tcp.h.
| #define TCP_OPT_SACK 0x05 |
Definition at line 52 of file decode-tcp.h.
| #define TCP_OPT_SACK_MAX_LEN 34 /* hdr 2, 4 pair 32= 34 */ |
Definition at line 63 of file decode-tcp.h.
| #define TCP_OPT_SACK_MIN_LEN 10 /* hdr 2, 1 pair 8 = 10 */ |
Definition at line 62 of file decode-tcp.h.
| #define TCP_OPT_SACKOK 0x04 |
Definition at line 51 of file decode-tcp.h.
| #define TCP_OPT_SACKOK_LEN 2 |
Definition at line 58 of file decode-tcp.h.
| #define TCP_OPT_TFO 0x22 /* TCP Fast Open */ |
Definition at line 54 of file decode-tcp.h.
| #define TCP_OPT_TFO_MAX_LEN 20 /* kind, len, 18 */ |
Definition at line 65 of file decode-tcp.h.
| #define TCP_OPT_TFO_MIN_LEN 6 /* kind, len, 6 */ |
Definition at line 64 of file decode-tcp.h.
| #define TCP_OPT_TS 0x08 |
Definition at line 53 of file decode-tcp.h.
| #define TCP_OPT_TS_LEN 10 |
Definition at line 60 of file decode-tcp.h.
| #define TCP_OPT_WS 0x03 |
Definition at line 50 of file decode-tcp.h.
| #define TCP_OPT_WS_LEN 3 |
Definition at line 59 of file decode-tcp.h.
| #define TCP_OPTLENMAX 40 |
Definition at line 29 of file decode-tcp.h.
| #define TCP_OPTMAX |
Definition at line 30 of file decode-tcp.h.
| #define TCP_SET_RAW_TCP_OFFSET | ( | tcph, | |
| value | |||
| ) | ((tcph)->th_offx2 = (unsigned char)(((tcph)->th_offx2 & 0x0f) | (value << 4))) |
Definition at line 75 of file decode-tcp.h.
| #define TCP_SET_RAW_TCP_X2 | ( | tcph, | |
| value | |||
| ) | ((tcph)->th_offx2 = (unsigned char)(((tcph)->th_offx2 & 0xf0) | (value & 0x0f))) |
Definition at line 76 of file decode-tcp.h.
| #define TCP_WSCALE_MAX 14 |
Max valid wscale value.
Definition at line 68 of file decode-tcp.h.
| #define TH_ACK 0x10 |
Definition at line 39 of file decode-tcp.h.
Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), JsonTcpFlags(), StreamTcpPacket(), StreamTcpPseudoPacketCreateStreamEndPacket(), and StreamTcpThreadDeinit().
| #define TH_CWR 0x80 |
Echo Congestion flag
Definition at line 44 of file decode-tcp.h.
Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), JsonTcpFlags(), and PacketCreateMask().
| #define TH_ECN 0x40 |
Establish a new connection reducing window
Definition at line 42 of file decode-tcp.h.
Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), JsonTcpFlags(), and PacketCreateMask().
| #define TH_FIN 0x01 |
Definition at line 35 of file decode-tcp.h.
Referenced by DetectFlagsRegister(), JsonTcpFlags(), PacketCreateMask(), and StreamTcpReassembleHandleSegment().
| #define TH_PUSH 0x08 |
Definition at line 38 of file decode-tcp.h.
Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), and JsonTcpFlags().
| #define TH_RST 0x04 |
Definition at line 37 of file decode-tcp.h.
Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), JsonTcpFlags(), PacketCreateMask(), StreamTcpPacket(), StreamTcpReassembleHandleSegment(), and StreamTcpThreadDeinit().
| #define TH_SYN 0x02 |
Definition at line 36 of file decode-tcp.h.
Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), JsonTcpFlags(), PacketCreateMask(), SigMatchSignaturesGetSgh(), and StreamTcpPacket().
| #define TH_URG 0x20 |
Definition at line 40 of file decode-tcp.h.
Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), JsonTcpFlags(), and PacketCreateMask().
| typedef struct TCPOptSackRecord_ TCPOptSackRecord |
| void DecodeTCPRegisterTests | ( | void | ) |
Definition at line 551 of file decode-tcp.c.
References UtRegisterTest().
| uint32_t th_ack |
acknowledgement number
Definition at line 555 of file decode-tcp.h.
| uint16_t th_dport |
destination port
Definition at line 553 of file decode-tcp.h.
| uint8_t th_flags |
pkt flags
Definition at line 557 of file decode-tcp.h.
| uint8_t th_offx2 |
offset and reserved
Definition at line 556 of file decode-tcp.h.
| uint32_t th_seq |
sequence number
Definition at line 554 of file decode-tcp.h.
| uint16_t th_sport |
source port
Definition at line 552 of file decode-tcp.h.
| uint16_t th_sum |
checksum
Definition at line 559 of file decode-tcp.h.
| uint16_t th_urp |
urgent pointer
Definition at line 560 of file decode-tcp.h.
| uint16_t th_win |
pkt window
Definition at line 558 of file decode-tcp.h.
1.8.11 
