suricata
Data Structures | Macros | Typedefs | Functions | Variables
decode-tcp.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  TCPOpt_
 
struct  TCPOptSackRecord_
 
struct  TCPHdr_
 
struct  TCPVars_
 

Macros

#define TCP_HEADER_LEN   20
 
#define TCP_OPTLENMAX   40
 
#define TCP_OPTMAX
 
#define TH_FIN   0x01
 
#define TH_SYN   0x02
 
#define TH_RST   0x04
 
#define TH_PUSH   0x08
 
#define TH_ACK   0x10
 
#define TH_URG   0x20
 
#define TH_ECN   0x40
 
#define TH_CWR   0x80
 
#define TCP_OPT_EOL   0x00
 
#define TCP_OPT_NOP   0x01
 
#define TCP_OPT_MSS   0x02
 
#define TCP_OPT_WS   0x03
 
#define TCP_OPT_SACKOK   0x04
 
#define TCP_OPT_SACK   0x05
 
#define TCP_OPT_TS   0x08
 
#define TCP_OPT_SACKOK_LEN   2
 
#define TCP_OPT_WS_LEN   3
 
#define TCP_OPT_TS_LEN   10
 
#define TCP_OPT_MSS_LEN   4
 
#define TCP_OPT_SACK_MIN_LEN   10 /* hdr 2, 1 pair 8 = 10 */
 
#define TCP_OPT_SACK_MAX_LEN   34 /* hdr 2, 4 pair 32= 34 */
 
#define TCP_WSCALE_MAX   14
 
#define TCP_GET_RAW_OFFSET(tcph)   (((tcph)->th_offx2 & 0xf0) >> 4)
 
#define TCP_GET_RAW_X2(tcph)   (unsigned char)((tcph)->th_offx2 & 0x0f)
 
#define TCP_GET_RAW_SRC_PORT(tcph)   SCNtohs((tcph)->th_sport)
 
#define TCP_GET_RAW_DST_PORT(tcph)   SCNtohs((tcph)->th_dport)
 
#define TCP_SET_RAW_TCP_OFFSET(tcph, value)   ((tcph)->th_offx2 = (unsigned char)(((tcph)->th_offx2 & 0x0f) | (value << 4)))
 
#define TCP_SET_RAW_TCP_X2(tcph, value)   ((tcph)->th_offx2 = (unsigned char)(((tcph)->th_offx2 & 0xf0) | (value & 0x0f)))
 
#define TCP_GET_RAW_SEQ(tcph)   SCNtohl((tcph)->th_seq)
 
#define TCP_GET_RAW_ACK(tcph)   SCNtohl((tcph)->th_ack)
 
#define TCP_GET_RAW_WINDOW(tcph)   SCNtohs((tcph)->th_win)
 
#define TCP_GET_RAW_URG_POINTER(tcph)   SCNtohs((tcph)->th_urp)
 
#define TCP_GET_RAW_SUM(tcph)   SCNtohs((tcph)->th_sum)
 
#define TCP_GET_TSVAL(p)   ((p)->tcpvars.ts_val)
 
#define TCP_GET_TSECR(p)   ((p)->tcpvars.ts_ecr)
 
#define TCP_HAS_WSCALE(p)   ((p)->tcpvars.ws.type == TCP_OPT_WS)
 
#define TCP_HAS_SACK(p)   ((p)->tcpvars.sack.type == TCP_OPT_SACK)
 
#define TCP_HAS_SACKOK(p)   ((p)->tcpvars.sackok.type == TCP_OPT_SACKOK)
 
#define TCP_HAS_TS(p)   ((p)->tcpvars.ts_set == TRUE)
 
#define TCP_HAS_MSS(p)   ((p)->tcpvars.mss.type == TCP_OPT_MSS)
 
#define TCP_GET_WSCALE(p)
 
#define TCP_GET_SACKOK(p)   (TCP_HAS_SACKOK((p)) ? 1 : 0)
 
#define TCP_GET_SACK_PTR(p)   TCP_HAS_SACK((p)) ? (p)->tcpvars.sack.data : NULL
 
#define TCP_GET_SACK_CNT(p)   (TCP_HAS_SACK((p)) ? (((p)->tcpvars.sack.len - 2) / 8) : 0)
 
#define TCP_GET_OFFSET(p)   TCP_GET_RAW_OFFSET((p)->tcph)
 
#define TCP_GET_X2(p)   TCP_GET_RAW_X2((p)->tcph)
 
#define TCP_GET_HLEN(p)   (TCP_GET_OFFSET((p)) << 2)
 
#define TCP_GET_SRC_PORT(p)   TCP_GET_RAW_SRC_PORT((p)->tcph)
 
#define TCP_GET_DST_PORT(p)   TCP_GET_RAW_DST_PORT((p)->tcph)
 
#define TCP_GET_SEQ(p)   TCP_GET_RAW_SEQ((p)->tcph)
 
#define TCP_GET_ACK(p)   TCP_GET_RAW_ACK((p)->tcph)
 
#define TCP_GET_WINDOW(p)   TCP_GET_RAW_WINDOW((p)->tcph)
 
#define TCP_GET_URG_POINTER(p)   TCP_GET_RAW_URG_POINTER((p)->tcph)
 
#define TCP_GET_SUM(p)   TCP_GET_RAW_SUM((p)->tcph)
 
#define TCP_GET_FLAGS(p)   (p)->tcph->th_flags
 
#define TCP_ISSET_FLAG_FIN(p)   ((p)->tcph->th_flags & TH_FIN)
 
#define TCP_ISSET_FLAG_SYN(p)   ((p)->tcph->th_flags & TH_SYN)
 
#define TCP_ISSET_FLAG_RST(p)   ((p)->tcph->th_flags & TH_RST)
 
#define TCP_ISSET_FLAG_PUSH(p)   ((p)->tcph->th_flags & TH_PUSH)
 
#define TCP_ISSET_FLAG_ACK(p)   ((p)->tcph->th_flags & TH_ACK)
 
#define TCP_ISSET_FLAG_URG(p)   ((p)->tcph->th_flags & TH_URG)
 
#define TCP_ISSET_FLAG_RES2(p)   ((p)->tcph->th_flags & TH_RES2)
 
#define TCP_ISSET_FLAG_RES1(p)   ((p)->tcph->th_flags & TH_RES1)
 
#define CLEAR_TCP_PACKET(p)
 

Typedefs

typedef struct TCPOpt_ TCPOpt
 
typedef struct TCPOptSackRecord_ TCPOptSackRecord
 
typedef struct TCPVars_ TCPVars
 

Functions

struct TCPHdr_ __attribute__ ((__packed__)) TCPHdr
 DNP3 link header. More...
 
void DecodeTCPRegisterTests (void)
 

Variables

uint16_t th_sport
 
uint16_t th_dport
 
uint32_t th_seq
 
uint32_t th_ack
 
uint8_t th_offx2
 
uint8_t th_flags
 
uint16_t th_win
 
uint16_t th_sum
 
uint16_t th_urp
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t
Todo:
RAW* macro's should be returning the raw value, not the host order

Definition in file decode-tcp.h.

Macro Definition Documentation

#define CLEAR_TCP_PACKET (   p)
Value:
{ \
(p)->level4_comp_csum = -1; \
PACKET_CLEAR_L4VARS((p)); \
(p)->tcph = NULL; \
}
tcph
TCPHdr tcph
Definition: alert-unified2-alert.c:319
PACKET_CLEAR_L4VARS
#define PACKET_CLEAR_L4VARS(p)
Definition: decode.h:717

Definition at line 158 of file decode-tcp.h.

#define TCP_GET_ACK (   p)    TCP_GET_RAW_ACK((p)->tcph)

Definition at line 107 of file decode-tcp.h.

Referenced by DetectAckRegister(), StreamTcpPacket(), and StreamTcpThreadDeinit().

#define TCP_GET_DST_PORT (   p)    TCP_GET_RAW_DST_PORT((p)->tcph)

Definition at line 105 of file decode-tcp.h.

#define TCP_GET_FLAGS (   p)    (p)->tcph->th_flags

Definition at line 111 of file decode-tcp.h.

#define TCP_GET_HLEN (   p)    (TCP_GET_OFFSET((p)) << 2)

Definition at line 103 of file decode-tcp.h.

Referenced by DecodeTCP(), DetectCsumRegister(), ReCalculateChecksum(), and StreamTcpPacket().

#define TCP_GET_OFFSET (   p)    TCP_GET_RAW_OFFSET((p)->tcph)

Definition at line 101 of file decode-tcp.h.

#define TCP_GET_RAW_ACK (   tcph)    SCNtohl((tcph)->th_ack)

Definition at line 74 of file decode-tcp.h.

#define TCP_GET_RAW_DST_PORT (   tcph)    SCNtohs((tcph)->th_dport)

Definition at line 68 of file decode-tcp.h.

#define TCP_GET_RAW_OFFSET (   tcph)    (((tcph)->th_offx2 & 0xf0) >> 4)

Definition at line 65 of file decode-tcp.h.

#define TCP_GET_RAW_SEQ (   tcph)    SCNtohl((tcph)->th_seq)

Definition at line 73 of file decode-tcp.h.

#define TCP_GET_RAW_SRC_PORT (   tcph)    SCNtohs((tcph)->th_sport)

Definition at line 67 of file decode-tcp.h.

#define TCP_GET_RAW_SUM (   tcph)    SCNtohs((tcph)->th_sum)

Definition at line 78 of file decode-tcp.h.

#define TCP_GET_RAW_URG_POINTER (   tcph)    SCNtohs((tcph)->th_urp)

Definition at line 77 of file decode-tcp.h.

#define TCP_GET_RAW_WINDOW (   tcph)    SCNtohs((tcph)->th_win)

Definition at line 76 of file decode-tcp.h.

#define TCP_GET_RAW_X2 (   tcph)    (unsigned char)((tcph)->th_offx2 & 0x0f)

Definition at line 66 of file decode-tcp.h.

#define TCP_GET_SACK_CNT (   p)    (TCP_HAS_SACK((p)) ? (((p)->tcpvars.sack.len - 2) / 8) : 0)

Definition at line 99 of file decode-tcp.h.

Referenced by DecodeTCP(), and StreamTcpSackUpdatePacket().

#define TCP_GET_SACK_PTR (   p)    TCP_HAS_SACK((p)) ? (p)->tcpvars.sack.data : NULL

Definition at line 98 of file decode-tcp.h.

Referenced by DecodeTCP(), and StreamTcpSackUpdatePacket().

#define TCP_GET_SACKOK (   p)    (TCP_HAS_SACKOK((p)) ? 1 : 0)

Definition at line 97 of file decode-tcp.h.

#define TCP_GET_SEQ (   p)    TCP_GET_RAW_SEQ((p)->tcph)

Definition at line 106 of file decode-tcp.h.

Referenced by DetectSeqRegister(), StreamReassembleRawUpdateProgress(), StreamTcpInlineSegmentCompare(), StreamTcpInlineSegmentReplacePacket(), StreamTcpPacket(), StreamTcpReassembleHandleSegmentHandleData(), StreamTcpThreadDeinit(), StreamTcpUTAddSegmentWithByte(), and StreamTcpUTAddSegmentWithPayload().

#define TCP_GET_SRC_PORT (   p)    TCP_GET_RAW_SRC_PORT((p)->tcph)

Definition at line 104 of file decode-tcp.h.

#define TCP_GET_SUM (   p)    TCP_GET_RAW_SUM((p)->tcph)

Definition at line 110 of file decode-tcp.h.

#define TCP_GET_TSECR (   p)    ((p)->tcpvars.ts_ecr)

macro for getting the second timestamp from the packet in host order.

Definition at line 84 of file decode-tcp.h.

#define TCP_GET_TSVAL (   p)    ((p)->tcpvars.ts_val)

macro for getting the first timestamp from the packet in host order

Definition at line 81 of file decode-tcp.h.

Referenced by StreamTcpThreadDeinit().

#define TCP_GET_URG_POINTER (   p)    TCP_GET_RAW_URG_POINTER((p)->tcph)

Definition at line 109 of file decode-tcp.h.

#define TCP_GET_WINDOW (   p)    TCP_GET_RAW_WINDOW((p)->tcph)

Definition at line 108 of file decode-tcp.h.

Referenced by DetectWindowRegister().

#define TCP_GET_WSCALE (   p)
Value:
(TCP_HAS_WSCALE((p)) ? \
(((*(uint8_t *)(p)->tcpvars.ws.data) <= TCP_WSCALE_MAX) ? \
(*(uint8_t *)((p)->tcpvars.ws.data)) : 0) : 0)
TCP_WSCALE_MAX
#define TCP_WSCALE_MAX
Definition: decode-tcp.h:63
TCP_HAS_WSCALE
#define TCP_HAS_WSCALE(p)
Definition: decode-tcp.h:86

macro for getting the wscale from the packet.

Definition at line 93 of file decode-tcp.h.

Referenced by DecodeTCP().

#define TCP_GET_X2 (   p)    TCP_GET_RAW_X2((p)->tcph)

Definition at line 102 of file decode-tcp.h.

#define TCP_HAS_MSS (   p)    ((p)->tcpvars.mss.type == TCP_OPT_MSS)

Definition at line 90 of file decode-tcp.h.

Referenced by DecodeTCP().

#define TCP_HAS_SACK (   p)    ((p)->tcpvars.sack.type == TCP_OPT_SACK)

Definition at line 87 of file decode-tcp.h.

Referenced by DecodeTCP().

#define TCP_HAS_SACKOK (   p)    ((p)->tcpvars.sackok.type == TCP_OPT_SACKOK)

Definition at line 88 of file decode-tcp.h.

Referenced by DecodeTCP().

#define TCP_HAS_TS (   p)    ((p)->tcpvars.ts_set == TRUE)

Definition at line 89 of file decode-tcp.h.

Referenced by DecodeTCP(), and StreamTcpThreadDeinit().

#define TCP_HAS_WSCALE (   p)    ((p)->tcpvars.ws.type == TCP_OPT_WS)

Definition at line 86 of file decode-tcp.h.

Referenced by DecodeTCP().

#define TCP_HEADER_LEN   20

Definition at line 28 of file decode-tcp.h.

#define TCP_ISSET_FLAG_ACK (   p)    ((p)->tcph->th_flags & TH_ACK)

Definition at line 117 of file decode-tcp.h.

#define TCP_ISSET_FLAG_FIN (   p)    ((p)->tcph->th_flags & TH_FIN)

Definition at line 113 of file decode-tcp.h.

#define TCP_ISSET_FLAG_PUSH (   p)    ((p)->tcph->th_flags & TH_PUSH)

Definition at line 116 of file decode-tcp.h.

#define TCP_ISSET_FLAG_RES1 (   p)    ((p)->tcph->th_flags & TH_RES1)

Definition at line 120 of file decode-tcp.h.

#define TCP_ISSET_FLAG_RES2 (   p)    ((p)->tcph->th_flags & TH_RES2)

Definition at line 119 of file decode-tcp.h.

#define TCP_ISSET_FLAG_RST (   p)    ((p)->tcph->th_flags & TH_RST)

Definition at line 115 of file decode-tcp.h.

#define TCP_ISSET_FLAG_SYN (   p)    ((p)->tcph->th_flags & TH_SYN)

Definition at line 114 of file decode-tcp.h.

#define TCP_ISSET_FLAG_URG (   p)    ((p)->tcph->th_flags & TH_URG)

Definition at line 118 of file decode-tcp.h.

#define TCP_OPT_EOL   0x00

Definition at line 47 of file decode-tcp.h.

#define TCP_OPT_MSS   0x02

Definition at line 49 of file decode-tcp.h.

#define TCP_OPT_MSS_LEN   4

Definition at line 58 of file decode-tcp.h.

#define TCP_OPT_NOP   0x01

Definition at line 48 of file decode-tcp.h.

#define TCP_OPT_SACK   0x05

Definition at line 52 of file decode-tcp.h.

#define TCP_OPT_SACK_MAX_LEN   34 /* hdr 2, 4 pair 32= 34 */

Definition at line 60 of file decode-tcp.h.

#define TCP_OPT_SACK_MIN_LEN   10 /* hdr 2, 1 pair 8 = 10 */

Definition at line 59 of file decode-tcp.h.

#define TCP_OPT_SACKOK   0x04

Definition at line 51 of file decode-tcp.h.

#define TCP_OPT_SACKOK_LEN   2

Definition at line 55 of file decode-tcp.h.

#define TCP_OPT_TS   0x08

Definition at line 53 of file decode-tcp.h.

#define TCP_OPT_TS_LEN   10

Definition at line 57 of file decode-tcp.h.

#define TCP_OPT_WS   0x03

Definition at line 50 of file decode-tcp.h.

#define TCP_OPT_WS_LEN   3

Definition at line 56 of file decode-tcp.h.

#define TCP_OPTLENMAX   40

Definition at line 29 of file decode-tcp.h.

#define TCP_OPTMAX
Value:
20 /* every opt is at least 2 bytes
* (type + len), except EOL and NOP */

Definition at line 30 of file decode-tcp.h.

#define TCP_SET_RAW_TCP_OFFSET (   tcph,
  value 
)    ((tcph)->th_offx2 = (unsigned char)(((tcph)->th_offx2 & 0x0f) | (value << 4)))

Definition at line 70 of file decode-tcp.h.

#define TCP_SET_RAW_TCP_X2 (   tcph,
  value 
)    ((tcph)->th_offx2 = (unsigned char)(((tcph)->th_offx2 & 0xf0) | (value & 0x0f)))

Definition at line 71 of file decode-tcp.h.

#define TCP_WSCALE_MAX   14

Max valid wscale value.

Definition at line 63 of file decode-tcp.h.

#define TH_ACK   0x10

Definition at line 39 of file decode-tcp.h.

Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), OutputJsonRegister(), StreamTcpPacket(), StreamTcpPseudoPacketCreateStreamEndPacket(), and StreamTcpThreadDeinit().

#define TH_CWR   0x80

Echo Congestion flag

Definition at line 44 of file decode-tcp.h.

Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), OutputJsonRegister(), and PacketCreateMask().

#define TH_ECN   0x40

Establish a new connection reducing window

Definition at line 42 of file decode-tcp.h.

Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), OutputJsonRegister(), and PacketCreateMask().

#define TH_FIN   0x01

Definition at line 35 of file decode-tcp.h.

Referenced by DetectFlagsRegister(), OutputJsonRegister(), PacketCreateMask(), and StreamTcpReassembleHandleSegment().

#define TH_PUSH   0x08

Definition at line 38 of file decode-tcp.h.

Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), and OutputJsonRegister().

#define TH_RST   0x04

Definition at line 37 of file decode-tcp.h.

Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), OutputJsonRegister(), PacketCreateMask(), StreamTcpPacket(), StreamTcpReassembleHandleSegment(), and StreamTcpThreadDeinit().

#define TH_SYN   0x02

Definition at line 36 of file decode-tcp.h.

Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFlagsSignatureNeedsSynPackets(), OutputJsonRegister(), PacketCreateMask(), SigMatchSignaturesGetSgh(), and StreamTcpPacket().

#define TH_URG   0x20

Definition at line 40 of file decode-tcp.h.

Referenced by DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), OutputJsonRegister(), and PacketCreateMask().

Typedef Documentation

typedef struct TCPOpt_ TCPOpt
typedef struct TCPOptSackRecord_ TCPOptSackRecord
typedef struct TCPVars_ TCPVars

Function Documentation

void DecodeTCPRegisterTests ( void  )

Definition at line 518 of file decode-tcp.c.

References UtRegisterTest().

Here is the call graph for this function:

Variable Documentation

uint32_t th_ack

acknowledgement number

Definition at line 522 of file decode-tcp.h.

uint16_t th_dport

destination port

Definition at line 520 of file decode-tcp.h.

uint8_t th_flags

pkt flags

Definition at line 524 of file decode-tcp.h.

uint8_t th_offx2

offset and reserved

Definition at line 523 of file decode-tcp.h.

uint32_t th_seq

sequence number

Definition at line 521 of file decode-tcp.h.

uint16_t th_sport

source port

Definition at line 519 of file decode-tcp.h.

uint16_t th_sum

checksum

Definition at line 526 of file decode-tcp.h.

uint16_t th_urp

urgent pointer

Definition at line 527 of file decode-tcp.h.

uint16_t th_win

pkt window

Definition at line 525 of file decode-tcp.h.