#include "suricata-common.h"#include "threadvars.h"#include "decode-events.h"#include "flow-worker.h"#include "util-napatech.h"#include "source-nflog.h"#include "source-nfq.h"#include "source-ipfw.h"#include "source-pcap.h"#include "source-af-packet.h"#include "source-mpipe.h"#include "source-netmap.h"#include "action-globals.h"#include "decode-erspan.h"#include "decode-ethernet.h"#include "decode-gre.h"#include "decode-ppp.h"#include "decode-pppoe.h"#include "decode-sll.h"#include "decode-ipv4.h"#include "decode-ipv6.h"#include "decode-icmpv4.h"#include "decode-icmpv6.h"#include "decode-tcp.h"#include "decode-udp.h"#include "decode-sctp.h"#include "decode-raw.h"#include "decode-null.h"#include "decode-vlan.h"#include "decode-mpls.h"#include "detect-reference.h"#include "app-layer-protos.h"
Go to the source code of this file.
Data Structures | |
| struct | Address_ |
| struct | PacketAlert_ |
| struct | PacketAlerts_ |
| struct | PacketEngineEvents_ |
| struct | PktVar_ |
| struct | PktProfilingTmmData_ |
| Per TMM stats storage. More... | |
| struct | PktProfilingData_ |
| struct | PktProfilingDetectData_ |
| struct | PktProfilingAppData_ |
| struct | PktProfilingLoggerData_ |
| struct | PktProfilingPrefilterEngine_ |
| struct | PktProfilingPrefilterData_ |
| struct | PktProfiling_ |
| Per pkt stats storage. More... | |
| struct | Packet_ |
| struct | PacketQueue_ |
| struct | DecodeThreadVars_ |
| Structure to hold thread specific data for all decode modules. More... | |
| struct | CaptureStats_ |
Macros | |
| #define | COUNTERS |
| #define | addr_data32 address.address_un_data32 |
| #define | addr_data16 address.address_un_data16 |
| #define | addr_data8 address.address_un_data8 |
| #define | COPY_ADDRESS(a, b) |
| #define | SET_IPV4_SRC_ADDR(p, a) |
| #define | SET_IPV4_DST_ADDR(p, a) |
| #define | CLEAR_ADDR(a) |
| #define | SET_IPV6_SRC_ADDR(p, a) |
| #define | SET_IPV6_DST_ADDR(p, a) |
| #define | SET_TCP_SRC_PORT(pkt, prt) |
| #define | SET_TCP_DST_PORT(pkt, prt) |
| #define | SET_UDP_SRC_PORT(pkt, prt) |
| #define | SET_UDP_DST_PORT(pkt, prt) |
| #define | SET_SCTP_SRC_PORT(pkt, prt) |
| #define | SET_SCTP_DST_PORT(pkt, prt) |
| #define | GET_IPV4_SRC_ADDR_U32(p) ((p)->src.addr_data32[0]) |
| #define | GET_IPV4_DST_ADDR_U32(p) ((p)->dst.addr_data32[0]) |
| #define | GET_IPV4_SRC_ADDR_PTR(p) ((p)->src.addr_data32) |
| #define | GET_IPV4_DST_ADDR_PTR(p) ((p)->dst.addr_data32) |
| #define | GET_IPV6_SRC_ADDR(p) ((p)->src.addr_data32) |
| #define | GET_IPV6_DST_ADDR(p) ((p)->dst.addr_data32) |
| #define | GET_TCP_SRC_PORT(p) ((p)->sp) |
| #define | GET_TCP_DST_PORT(p) ((p)->dp) |
| #define | GET_PKT_LEN(p) ((p)->pktlen) |
| #define | GET_PKT_DATA(p) ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt) |
| #define | GET_PKT_DIRECT_DATA(p) (uint8_t *)((p) + 1) |
| #define | GET_PKT_DIRECT_MAX_SIZE(p) (default_packet_size) |
| #define | SET_PKT_LEN(p, len) |
| #define | SET_PORT(v, p) ((p) = (v)) |
| #define | COPY_PORT(a, b) ((b) = (a)) |
| #define | CMP_ADDR(a1, a2) |
| #define | CMP_PORT(p1, p2) ((p1) == (p2)) |
| #define | IP_GET_RAW_VER(pkt) ((((pkt)[0] & 0xf0) >> 4)) |
| #define | PKT_IS_IPV4(p) (((p)->ip4h != NULL)) |
| #define | PKT_IS_IPV6(p) (((p)->ip6h != NULL)) |
| #define | PKT_IS_TCP(p) (((p)->tcph != NULL)) |
| #define | PKT_IS_UDP(p) (((p)->udph != NULL)) |
| #define | PKT_IS_ICMPV4(p) (((p)->icmpv4h != NULL)) |
| #define | PKT_IS_ICMPV6(p) (((p)->icmpv6h != NULL)) |
| #define | PKT_IS_TOSERVER(p) (((p)->flowflags & FLOW_PKT_TOSERVER)) |
| #define | PKT_IS_TOCLIENT(p) (((p)->flowflags & FLOW_PKT_TOCLIENT)) |
| #define | IPH_IS_VALID(p) (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p))) |
| #define | IP_GET_IPPROTO(p) |
| #define | PACKET_ALERT_FLAG_DROP_FLOW 0x01 |
| #define | PACKET_ALERT_FLAG_STATE_MATCH 0x02 |
| #define | PACKET_ALERT_FLAG_STREAM_MATCH 0x04 |
| #define | PACKET_ALERT_FLAG_TX 0x08 |
| #define | PACKET_ALERT_RATE_FILTER_MODIFIED 0x10 |
| #define | PACKET_ALERT_MAX 15 |
| #define | PACKET_ENGINE_EVENT_MAX 15 |
| #define | tcpvars l4vars.tcpvars |
| #define | icmpv4vars l4vars.icmpv4vars |
| #define | icmpv6vars l4vars.icmpv6vars |
| #define | DEFAULT_MTU 1500 |
| #define | MINIMUM_MTU 68 |
| #define | DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN) |
| #define | MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28) |
| #define | SIZE_OF_PACKET (default_packet_size + sizeof(Packet)) |
| #define | PACKET_CLEAR_L4VARS(p) |
| #define | PACKET_RESET_CHECKSUMS(p) |
| reset these to -1(indicates that the packet is fresh from the queue) More... | |
| #define | PACKET_FREE_EXTDATA(p) |
| #define | PACKET_INITIALIZE(p) |
| Initialize a packet structure for use. More... | |
| #define | PACKET_RELEASE_REFS(p) |
| #define | PACKET_REINIT(p) |
| Recycle a packet structure for reuse. More... | |
| #define | PACKET_RECYCLE(p) |
| #define | PACKET_DESTRUCTOR(p) |
| Cleanup a packet so that we can free it. No memset needed.. More... | |
| #define | PACKET_SET_ACTION(p, a) |
| #define | PACKET_ALERT(p) PACKET_SET_ACTION(p, ACTION_ALERT) |
| #define | PACKET_ACCEPT(p) PACKET_SET_ACTION(p, ACTION_ACCEPT) |
| #define | PACKET_DROP(p) PACKET_SET_ACTION(p, ACTION_DROP) |
| #define | PACKET_REJECT(p) PACKET_SET_ACTION(p, (ACTION_REJECT|ACTION_DROP)) |
| #define | PACKET_REJECT_DST(p) PACKET_SET_ACTION(p, (ACTION_REJECT_DST|ACTION_DROP)) |
| #define | PACKET_REJECT_BOTH(p) PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH|ACTION_DROP)) |
| #define | PACKET_PASS(p) PACKET_SET_ACTION(p, ACTION_PASS) |
| #define | PACKET_TEST_ACTION(p, a) |
| #define | PACKET_UPDATE_ACTION(p, a) |
| #define | TUNNEL_INCR_PKT_RTV_NOLOCK(p) |
| #define | TUNNEL_INCR_PKT_TPR(p) |
| #define | TUNNEL_PKT_RTV(p) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt) |
| #define | TUNNEL_PKT_TPR(p) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt) |
| #define | IS_TUNNEL_PKT(p) (((p)->flags & PKT_TUNNEL)) |
| #define | SET_TUNNEL_PKT(p) ((p)->flags |= PKT_TUNNEL) |
| #define | UNSET_TUNNEL_PKT(p) ((p)->flags &= ~PKT_TUNNEL) |
| #define | IS_TUNNEL_ROOT_PKT(p) (IS_TUNNEL_PKT(p) && (p)->root == NULL) |
| #define | IS_TUNNEL_PKT_VERDICTED(p) (((p)->flags & PKT_TUNNEL_VERDICTED)) |
| #define | SET_TUNNEL_PKT_VERDICTED(p) ((p)->flags |= PKT_TUNNEL_VERDICTED) |
| #define | DecodeSetNoPayloadInspectionFlag(p) |
| Set the No payload inspection Flag for the packet. More... | |
| #define | DecodeUnsetNoPayloadInspectionFlag(p) |
| #define | DecodeSetNoPacketInspectionFlag(p) |
| Set the No packet inspection Flag for the packet. More... | |
| #define | DecodeUnsetNoPacketInspectionFlag(p) |
| #define | ENGINE_SET_EVENT(p, e) |
| #define | ENGINE_SET_INVALID_EVENT(p, e) |
| #define | ENGINE_ISSET_EVENT(p, e) |
| #define | LINKTYPE_NULL DLT_NULL |
| #define | LINKTYPE_ETHERNET DLT_EN10MB |
| #define | LINKTYPE_LINUX_SLL 113 |
| #define | LINKTYPE_PPP 9 |
| #define | LINKTYPE_RAW DLT_RAW |
| #define | LINKTYPE_RAW2 101 |
| #define | PPP_OVER_GRE 11 |
| #define | VLAN_OVER_GRE 13 |
| #define | PKT_NOPACKET_INSPECTION (1) |
| #define | PKT_NOPAYLOAD_INSPECTION (1<<2) |
| #define | PKT_ALLOC (1<<3) |
| #define | PKT_HAS_TAG (1<<4) |
| #define | PKT_STREAM_ADD (1<<5) |
| #define | PKT_STREAM_EST (1<<6) |
| #define | PKT_STREAM_EOF (1<<7) |
| #define | PKT_HAS_FLOW (1<<8) |
| #define | PKT_PSEUDO_STREAM_END (1<<9) |
| #define | PKT_STREAM_MODIFIED (1<<10) |
| #define | PKT_MARK_MODIFIED (1<<11) |
| #define | PKT_STREAM_NOPCAPLOG (1<<12) |
| #define | PKT_TUNNEL (1<<13) |
| #define | PKT_TUNNEL_VERDICTED (1<<14) |
| #define | PKT_IGNORE_CHECKSUM (1<<15) |
| #define | PKT_ZERO_COPY (1<<16) |
| #define | PKT_HOST_SRC_LOOKED_UP (1<<17) |
| #define | PKT_HOST_DST_LOOKED_UP (1<<18) |
| #define | PKT_IS_FRAGMENT (1<<19) |
| #define | PKT_IS_INVALID (1<<20) |
| #define | PKT_PROFILE (1<<21) |
| #define | PKT_WANTS_FLOW (1<<22) |
| #define | PKT_PROTO_DETECT_TS_DONE (1<<23) |
| #define | PKT_PROTO_DETECT_TC_DONE (1<<24) |
| #define | PKT_REBUILT_FRAGMENT (1<<25) |
| #define | PKT_DETECT_HAS_STREAMDATA (1<<26) |
| #define | PKT_PSEUDO_DETECTLOG_FLUSH (1<<27) |
| #define | PKT_IS_PSEUDOPKT(p) ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH)) |
| return 1 if the packet is a pseudo packet More... | |
| #define | PKT_SET_SRC(p, src_val) ((p)->pkt_src = src_val) |
Functions | |
| void | AppLayerDecoderEventsResetEvents (AppLayerDecoderEvents *events) |
| void | AppLayerDecoderEventsFreeEvents (AppLayerDecoderEvents **events) |
| void | CaptureStatsUpdate (ThreadVars *tv, CaptureStats *s, const Packet *p) |
| void | CaptureStatsSetup (ThreadVars *tv, CaptureStats *s) |
| Packet * | PacketTunnelPktSetup (ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent, uint8_t *pkt, uint16_t len, enum DecodeTunnelProto proto, PacketQueue *pq) |
| Setup a pseudo packet (tunnel) More... | |
| Packet * | PacketDefragPktSetup (Packet *parent, uint8_t *pkt, uint16_t len, uint8_t proto) |
| Setup a pseudo packet (reassembled frags) More... | |
| void | PacketDefragPktSetupParent (Packet *parent) |
| inform defrag "parent" that a pseudo packet is now assosiated to it. More... | |
| void | DecodeRegisterPerfCounters (DecodeThreadVars *, ThreadVars *) |
| Packet * | PacketGetFromQueueOrAlloc (void) |
| Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packet that is free'd again after processing. More... | |
| Packet * | PacketGetFromAlloc (void) |
| Get a malloced packet. More... | |
| void | PacketDecodeFinalize (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p) |
| Finalize decoding of a packet. More... | |
| void | PacketFree (Packet *p) |
| Return a malloced packet. More... | |
| void | PacketFreeOrRelease (Packet *p) |
| Return a packet to where it was allocated. More... | |
| int | PacketCallocExtPkt (Packet *p, int datalen) |
| int | PacketCopyData (Packet *p, uint8_t *pktdata, int pktlen) |
| Copy data to Packet payload and set packet length. More... | |
| int | PacketSetData (Packet *p, uint8_t *pktdata, int pktlen) |
| Set data for Packet and set length when zeo copy is used. More... | |
| int | PacketCopyDataOffset (Packet *p, int offset, uint8_t *data, int datalen) |
| Copy data to Packet payload at given offset. More... | |
| const char * | PktSrcToString (enum PktSrcEnum pkt_src) |
| void | PacketBypassCallback (Packet *p) |
| DecodeThreadVars * | DecodeThreadVarsAlloc (ThreadVars *) |
| Alloc and setup DecodeThreadVars. More... | |
| void | DecodeThreadVarsFree (ThreadVars *, DecodeThreadVars *) |
| void | DecodeUpdatePacketCounters (ThreadVars *tv, const DecodeThreadVars *dtv, const Packet *p) |
| int | DecodeEthernet (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeSll (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodePPP (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodePPPOESession (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| Main decoding function for PPPOE Session packets. More... | |
| int | DecodePPPOEDiscovery (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| Main decoding function for PPPOE Discovery packets. More... | |
| int | DecodeTunnel (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *, enum DecodeTunnelProto) __attribute__((warn_unused_result)) |
| int | DecodeNull (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeRaw (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeIPV4 (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeIPV6 (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeICMPV4 (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| Main ICMPv4 decoding function. More... | |
| int | DecodeICMPV6 (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| Decode ICMPV6 packets and fill the Packet with the decoded info. More... | |
| int | DecodeTCP (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeUDP (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeSCTP (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeGRE (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| Function to decode GRE packets. More... | |
| int | DecodeVLAN (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeMPLS (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeERSPAN (ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *) |
| Function to decode ERSPAN packets. More... | |
| int | DecodeTEMPLATE (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t, PacketQueue *) |
| Function to decode XXX packets. More... | |
| void | DecodeIPV6FragHeader (Packet *p, uint8_t *pkt, uint16_t hdrextlen, uint16_t plen, uint16_t prev_hdrextlen) |
| void | AddressDebugPrint (Address *) |
| Debug print function for printing addresses. More... | |
| void | DecodeGlobalConfig (void) |
Variables | |
| typedef | __attribute__ |
| int | g_default_mtu |
| uint32_t | default_packet_size |
Detailed Description
Definition in file decode.h.
Macro Definition Documentation
◆ addr_data16
◆ addr_data32
◆ addr_data8
◆ CLEAR_ADDR
| #define CLEAR_ADDR | ( | a | ) |
◆ CMP_ADDR
| #define CMP_ADDR | ( | a1, | |
| a2 | |||
| ) |
Definition at line 235 of file decode.h.
Referenced by FlowGetPacketDirection().
◆ CMP_PORT
| #define CMP_PORT | ( | p1, | |
| p2 | |||
| ) | ((p1) == (p2)) |
Definition at line 240 of file decode.h.
Referenced by FlowGetPacketDirection().
◆ COPY_ADDRESS
| #define COPY_ADDRESS | ( | a, | |
| b | |||
| ) |
Definition at line 123 of file decode.h.
Referenced by DetectAddressCopy(), and DetectAddressJoinIPv6().
◆ COPY_PORT
◆ COUNTERS
◆ DecodeSetNoPacketInspectionFlag
| #define DecodeSetNoPacketInspectionFlag | ( | p | ) |
Set the No packet inspection Flag for the packet.
- Parameters
-
p Packet to set the flag in
◆ DecodeSetNoPayloadInspectionFlag
| #define DecodeSetNoPayloadInspectionFlag | ( | p | ) |
Set the No payload inspection Flag for the packet.
- Parameters
-
p Packet to set the flag in
Definition at line 976 of file decode.h.
Referenced by PacketDefragPktSetupParent(), and PacketTunnelPktSetup().
◆ DecodeUnsetNoPacketInspectionFlag
| #define DecodeUnsetNoPacketInspectionFlag | ( | p | ) |
◆ DecodeUnsetNoPayloadInspectionFlag
| #define DecodeUnsetNoPayloadInspectionFlag | ( | p | ) |
◆ DEFAULT_MTU
◆ DEFAULT_PACKET_SIZE
| #define DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN) |
Definition at line 609 of file decode.h.
Referenced by RunUnittests().
◆ ENGINE_ISSET_EVENT
| #define ENGINE_ISSET_EVENT | ( | p, | |
| e | |||
| ) |
◆ ENGINE_SET_EVENT
| #define ENGINE_SET_EVENT | ( | p, | |
| e | |||
| ) |
Definition at line 996 of file decode.h.
Referenced by DecodeERSPAN(), DecodeICMPV4(), DecodeICMPV6(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), and DecodeVLAN().
◆ ENGINE_SET_INVALID_EVENT
| #define ENGINE_SET_INVALID_EVENT | ( | p, | |
| e | |||
| ) |
Definition at line 1004 of file decode.h.
Referenced by DecodeEthernet(), DecodeGRE(), DecodeICMPV4(), DecodeICMPV6(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), and DecodeVLAN().
◆ GET_IPV4_DST_ADDR_PTR
| #define GET_IPV4_DST_ADDR_PTR | ( | p | ) | ((p)->dst.addr_data32) |
Definition at line 213 of file decode.h.
Referenced by AlertFastLogger(), DefragGetOsPolicy(), StreamTcpSetOSPolicy(), and TLSGetIPInformations().
◆ GET_IPV4_DST_ADDR_U32
| #define GET_IPV4_DST_ADDR_U32 | ( | p | ) | ((p)->dst.addr_data32[0]) |
Definition at line 211 of file decode.h.
Referenced by IPOnlyMatchPacket().
◆ GET_IPV4_SRC_ADDR_PTR
| #define GET_IPV4_SRC_ADDR_PTR | ( | p | ) | ((p)->src.addr_data32) |
Definition at line 212 of file decode.h.
Referenced by AlertFastLogger(), and TLSGetIPInformations().
◆ GET_IPV4_SRC_ADDR_U32
| #define GET_IPV4_SRC_ADDR_U32 | ( | p | ) | ((p)->src.addr_data32[0]) |
Definition at line 210 of file decode.h.
Referenced by IPOnlyMatchPacket().
◆ GET_IPV6_DST_ADDR
| #define GET_IPV6_DST_ADDR | ( | p | ) | ((p)->dst.addr_data32) |
Definition at line 216 of file decode.h.
Referenced by AlertFastLogger(), DefragGetOsPolicy(), IPOnlyMatchPacket(), StreamTcpSetOSPolicy(), and TLSGetIPInformations().
◆ GET_IPV6_SRC_ADDR
| #define GET_IPV6_SRC_ADDR | ( | p | ) | ((p)->src.addr_data32) |
Definition at line 215 of file decode.h.
Referenced by AlertFastLogger(), IPOnlyMatchPacket(), and TLSGetIPInformations().
◆ GET_PKT_DATA
| #define GET_PKT_DATA | ( | p | ) | ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt) |
Definition at line 221 of file decode.h.
Referenced by AlertFastLogger(), DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeIPFW(), DecodeIPV6FragHeader(), DecodeNFQ(), DecodeNull(), DecodePcap(), DecodePfring(), DecodeRaw(), IPFWSetVerdict(), NapatechDecode(), PacketTunnelPktSetup(), ReceiveIPFWLoop(), StreamTcpPseudoPacketCreateStreamEndPacket(), and UTHBuildPacketReal().
◆ GET_PKT_DIRECT_DATA
| #define GET_PKT_DIRECT_DATA | ( | p | ) | (uint8_t *)((p) + 1) |
Definition at line 222 of file decode.h.
Referenced by PacketCopyDataOffset(), and ReceivePfringLoop().
◆ GET_PKT_DIRECT_MAX_SIZE
| #define GET_PKT_DIRECT_MAX_SIZE | ( | p | ) | (default_packet_size) |
Definition at line 223 of file decode.h.
Referenced by PacketCopyDataOffset(), and ReceivePfringLoop().
◆ GET_PKT_LEN
| #define GET_PKT_LEN | ( | p | ) | ((p)->pktlen) |
Definition at line 220 of file decode.h.
Referenced by AlertFastLogger(), DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeIPFW(), DecodeNFQ(), DecodeNull(), DecodePcap(), DecodePfring(), DecodeRaw(), DecodeUpdatePacketCounters(), FlowHandlePacketUpdate(), IPFWSetVerdict(), NapatechDecode(), PacketTunnelPktSetup(), ReceiveIPFWLoop(), and StreamTcpPseudoPacketCreateStreamEndPacket().
◆ GET_TCP_DST_PORT
◆ GET_TCP_SRC_PORT
◆ icmpv4vars
◆ icmpv6vars
◆ IP_GET_IPPROTO
| #define IP_GET_IPPROTO | ( | p | ) |
Definition at line 259 of file decode.h.
Referenced by AlertFastLogger(), IPOnlyMatchPacket(), SigMatchSignatures(), and SigMatchSignaturesGetSgh().
◆ IP_GET_RAW_VER
| #define IP_GET_RAW_VER | ( | pkt | ) | ((((pkt)[0] & 0xf0) >> 4)) |
Definition at line 245 of file decode.h.
Referenced by DecodeRaw().
◆ IPH_IS_VALID
| #define IPH_IS_VALID | ( | p | ) | (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p))) |
◆ IS_TUNNEL_PKT
| #define IS_TUNNEL_PKT | ( | p | ) | (((p)->flags & PKT_TUNNEL)) |
Definition at line 894 of file decode.h.
Referenced by TmqhOutputPacketpool(), VerdictIPFW(), and VerdictNFQ().
◆ IS_TUNNEL_PKT_VERDICTED
| #define IS_TUNNEL_PKT_VERDICTED | ( | p | ) | (((p)->flags & PKT_TUNNEL_VERDICTED)) |
Definition at line 899 of file decode.h.
Referenced by TmqhOutputPacketpool().
◆ IS_TUNNEL_ROOT_PKT
| #define IS_TUNNEL_ROOT_PKT | ( | p | ) | (IS_TUNNEL_PKT(p) && (p)->root == NULL) |
Definition at line 897 of file decode.h.
Referenced by TmqhOutputPacketpool().
◆ LINKTYPE_ETHERNET
| #define LINKTYPE_ETHERNET DLT_EN10MB |
Definition at line 1077 of file decode.h.
Referenced by DecodeAFP(), DecodeErfDag(), DecodePcap(), NapatechDecode(), and ReceivePcapFileThreadInit().
◆ LINKTYPE_LINUX_SLL
| #define LINKTYPE_LINUX_SLL 113 |
Definition at line 1078 of file decode.h.
Referenced by DecodeAFP(), DecodePcap(), and ReceivePcapFileThreadInit().
◆ LINKTYPE_NULL
| #define LINKTYPE_NULL DLT_NULL |
libpcap shows us the way to linktype codes
- Todo:
- we need more & maybe put them in a separate file?
Definition at line 1076 of file decode.h.
Referenced by DecodeAFP(), DecodePcap(), and ReceivePcapFileThreadInit().
◆ LINKTYPE_PPP
| #define LINKTYPE_PPP 9 |
Definition at line 1079 of file decode.h.
Referenced by DecodeAFP(), DecodePcap(), and ReceivePcapFileThreadInit().
◆ LINKTYPE_RAW
| #define LINKTYPE_RAW DLT_RAW |
Definition at line 1080 of file decode.h.
Referenced by AFPGetLinkType(), DecodeAFP(), DecodePcap(), and ReceivePcapFileThreadInit().
◆ LINKTYPE_RAW2
| #define LINKTYPE_RAW2 101 |
Definition at line 1083 of file decode.h.
Referenced by ReceivePcapFileThreadInit().
◆ MAX_PAYLOAD_SIZE
| #define MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28) |
Definition at line 611 of file decode.h.
Referenced by PacketCopyDataOffset().
◆ MINIMUM_MTU
◆ PACKET_ACCEPT
| #define PACKET_ACCEPT | ( | p | ) | PACKET_SET_ACTION(p, ACTION_ACCEPT) |
◆ PACKET_ALERT
| #define PACKET_ALERT | ( | p | ) | PACKET_SET_ACTION(p, ACTION_ALERT) |
◆ PACKET_ALERT_FLAG_DROP_FLOW
| #define PACKET_ALERT_FLAG_DROP_FLOW 0x01 |
After processing an alert by the thresholding module, if at last it gets triggered, we might want to stick the drop action to the flow on IPS mode
Definition at line 276 of file decode.h.
Referenced by SigMatchSignatures().
◆ PACKET_ALERT_FLAG_STATE_MATCH
| #define PACKET_ALERT_FLAG_STATE_MATCH 0x02 |
alert was generated based on state
Definition at line 278 of file decode.h.
Referenced by DetectSignatureApplyActions().
◆ PACKET_ALERT_FLAG_STREAM_MATCH
| #define PACKET_ALERT_FLAG_STREAM_MATCH 0x04 |
alert was generated based on stream
Definition at line 280 of file decode.h.
Referenced by DetectSignatureApplyActions().
◆ PACKET_ALERT_FLAG_TX
| #define PACKET_ALERT_FLAG_TX 0x08 |
◆ PACKET_ALERT_MAX
| #define PACKET_ALERT_MAX 15 |
Definition at line 286 of file decode.h.
Referenced by PacketAlertAppend().
◆ PACKET_ALERT_RATE_FILTER_MODIFIED
| #define PACKET_ALERT_RATE_FILTER_MODIFIED 0x10 |
◆ PACKET_CLEAR_L4VARS
| #define PACKET_CLEAR_L4VARS | ( | p | ) |
◆ PACKET_DESTRUCTOR
| #define PACKET_DESTRUCTOR | ( | p | ) |
Cleanup a packet so that we can free it. No memset needed..
Definition at line 835 of file decode.h.
Referenced by PacketFree().
◆ PACKET_DROP
| #define PACKET_DROP | ( | p | ) | PACKET_SET_ACTION(p, ACTION_DROP) |
Definition at line 860 of file decode.h.
Referenced by SigMatchSignatures().
◆ PACKET_ENGINE_EVENT_MAX
| #define PACKET_ENGINE_EVENT_MAX 15 |
◆ PACKET_FREE_EXTDATA
| #define PACKET_FREE_EXTDATA | ( | p | ) |
◆ PACKET_INITIALIZE
| #define PACKET_INITIALIZE | ( | p | ) |
Initialize a packet structure for use.
Definition at line 741 of file decode.h.
Referenced by PacketGetFromAlloc().
◆ PACKET_PASS
| #define PACKET_PASS | ( | p | ) | PACKET_SET_ACTION(p, ACTION_PASS) |
◆ PACKET_RECYCLE
| #define PACKET_RECYCLE | ( | p | ) |
◆ PACKET_REINIT
| #define PACKET_REINIT | ( | p | ) |
◆ PACKET_REJECT
| #define PACKET_REJECT | ( | p | ) | PACKET_SET_ACTION(p, (ACTION_REJECT|ACTION_DROP)) |
◆ PACKET_REJECT_BOTH
| #define PACKET_REJECT_BOTH | ( | p | ) | PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH|ACTION_DROP)) |
◆ PACKET_REJECT_DST
| #define PACKET_REJECT_DST | ( | p | ) | PACKET_SET_ACTION(p, (ACTION_REJECT_DST|ACTION_DROP)) |
◆ PACKET_RELEASE_REFS
| #define PACKET_RELEASE_REFS | ( | p | ) |
◆ PACKET_RESET_CHECKSUMS
| #define PACKET_RESET_CHECKSUMS | ( | p | ) |
◆ PACKET_SET_ACTION
| #define PACKET_SET_ACTION | ( | p, | |
| a | |||
| ) |
◆ PACKET_TEST_ACTION
| #define PACKET_TEST_ACTION | ( | p, | |
| a | |||
| ) |
Definition at line 870 of file decode.h.
Referenced by CaptureStatsUpdate(), IPFWSetVerdict(), NFQSetVerdict(), RejectSendIPv4ICMP(), RejectSendIPv4TCP(), RejectSendIPv6ICMP(), RejectSendIPv6TCP(), and RespondRejectFunc().
◆ PACKET_UPDATE_ACTION
| #define PACKET_UPDATE_ACTION | ( | p, | |
| a | |||
| ) |
Definition at line 875 of file decode.h.
Referenced by DetectSignatureApplyActions().
◆ PKT_ALLOC
| #define PKT_ALLOC (1<<3) |
Packet was alloc'd this run, needs to be freed
Definition at line 1090 of file decode.h.
Referenced by PacketFreeOrRelease(), PacketGetFromAlloc(), TmqhOutputPacketpool(), and TmqhOutputSimple().
◆ PKT_DETECT_HAS_STREAMDATA
| #define PKT_DETECT_HAS_STREAMDATA (1<<26) |
Set by Detect() if raw stream data is available.
Definition at line 1125 of file decode.h.
Referenced by Prefilter(), and SigMatchSignatures().
◆ PKT_HAS_FLOW
| #define PKT_HAS_FLOW (1<<8) |
Definition at line 1095 of file decode.h.
Referenced by FlowHandlePacket(), and SigMatchSignatures().
◆ PKT_HAS_TAG
| #define PKT_HAS_TAG (1<<4) |
Packet has matched a tag
Definition at line 1091 of file decode.h.
Referenced by Unified2Condition().
◆ PKT_HOST_DST_LOOKED_UP
◆ PKT_HOST_SRC_LOOKED_UP
◆ PKT_IGNORE_CHECKSUM
| #define PKT_IGNORE_CHECKSUM (1<<15) |
◆ PKT_IS_FRAGMENT
| #define PKT_IS_FRAGMENT (1<<19) |
◆ PKT_IS_ICMPV4
◆ PKT_IS_ICMPV6
◆ PKT_IS_INVALID
| #define PKT_IS_INVALID (1<<20) |
Definition at line 1111 of file decode.h.
Referenced by PacketDecodeFinalize().
◆ PKT_IS_IPV4
| #define PKT_IS_IPV4 | ( | p | ) | (((p)->ip4h != NULL)) |
Definition at line 247 of file decode.h.
Referenced by AlertFastLogger(), Defrag(), DefragGetOsPolicy(), DefragPolicyGetHostTimeout(), FlowInit(), IPOnlyMatchPacket(), LogHttpLogger(), ReCalculateChecksum(), RespondRejectFunc(), SigMatchSignaturesGetSgh(), SRepCIDRGetIPRepDst(), SRepCIDRGetIPRepSrc(), and StreamTcpSetOSPolicy().
◆ PKT_IS_IPV6
| #define PKT_IS_IPV6 | ( | p | ) | (((p)->ip6h != NULL)) |
Definition at line 248 of file decode.h.
Referenced by AlertFastLogger(), Defrag(), DefragGetOsPolicy(), FlowInit(), IPOnlyMatchPacket(), RespondRejectFunc(), SigMatchSignaturesGetSgh(), and StreamTcpSetOSPolicy().
◆ PKT_IS_PSEUDOPKT
| #define PKT_IS_PSEUDOPKT | ( | p | ) | ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH)) |
return 1 if the packet is a pseudo packet
Definition at line 1131 of file decode.h.
Referenced by DecodeNFQ(), and NFQSetVerdict().
◆ PKT_IS_TCP
| #define PKT_IS_TCP | ( | p | ) | (((p)->tcph != NULL)) |
Definition at line 249 of file decode.h.
Referenced by LogHttpLogger(), ReCalculateChecksum(), RespondRejectFunc(), and StreamTcp().
◆ PKT_IS_TOCLIENT
| #define PKT_IS_TOCLIENT | ( | p | ) | (((p)->flowflags & FLOW_PKT_TOCLIENT)) |
Definition at line 254 of file decode.h.
Referenced by StreamTcpPacket().
◆ PKT_IS_TOSERVER
| #define PKT_IS_TOSERVER | ( | p | ) | (((p)->flowflags & FLOW_PKT_TOSERVER)) |
Definition at line 253 of file decode.h.
Referenced by StreamReassembleRawHasDataReady(), StreamReassembleRawUpdateProgress(), StreamTcpDetectLogFlush(), StreamTcpPacket(), StreamTcpReassembleHandleSegmentHandleData(), and TLSGetIPInformations().
◆ PKT_IS_UDP
◆ PKT_MARK_MODIFIED
◆ PKT_NOPACKET_INSPECTION
| #define PKT_NOPACKET_INSPECTION (1) |
Flag to indicate that packet header or contents should not be inspected
Definition at line 1088 of file decode.h.
Referenced by SigMatchSignatures().
◆ PKT_NOPAYLOAD_INSPECTION
| #define PKT_NOPAYLOAD_INSPECTION (1<<2) |
Flag to indicate that packet contents should not be inspected
Definition at line 1089 of file decode.h.
Referenced by Prefilter().
◆ PKT_PROFILE
| #define PKT_PROFILE (1<<21) |
Definition at line 1112 of file decode.h.
Referenced by SCProfileRuleStart().
◆ PKT_PROTO_DETECT_TC_DONE
◆ PKT_PROTO_DETECT_TS_DONE
| #define PKT_PROTO_DETECT_TS_DONE (1<<23) |
◆ PKT_PSEUDO_DETECTLOG_FLUSH
| #define PKT_PSEUDO_DETECTLOG_FLUSH (1<<27) |
◆ PKT_PSEUDO_STREAM_END
| #define PKT_PSEUDO_STREAM_END (1<<9) |
Pseudo packet to end the stream
Definition at line 1096 of file decode.h.
Referenced by DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeIPFW(), DecodePcap(), DecodePcapFile(), DecodePfring(), NapatechDecode(), StreamTcp(), StreamTcpPseudoPacketCreateStreamEndPacket(), StreamTcpReassembleHandleSegment(), and VerdictIPFW().
◆ PKT_REBUILT_FRAGMENT
| #define PKT_REBUILT_FRAGMENT (1<<25) |
◆ PKT_SET_SRC
| #define PKT_SET_SRC | ( | p, | |
| src_val | |||
| ) | ((p)->pkt_src = src_val) |
Definition at line 1134 of file decode.h.
Referenced by DecodeGRE(), ReceiveErfFileLoop(), ReceiveIPFWLoop(), ReceivePfringLoop(), and StreamTcpPseudoPacketCreateStreamEndPacket().
◆ PKT_STREAM_ADD
| #define PKT_STREAM_ADD (1<<5) |
Packet payload was added to reassembled stream
Definition at line 1092 of file decode.h.
Referenced by SigMatchSignatures().
◆ PKT_STREAM_EOF
| #define PKT_STREAM_EOF (1<<7) |
Stream is in eof state
Definition at line 1094 of file decode.h.
Referenced by SigMatchSignatures().
◆ PKT_STREAM_EST
| #define PKT_STREAM_EST (1<<6) |
Packet is part of establised stream
Definition at line 1093 of file decode.h.
Referenced by SigMatchSignatures().
◆ PKT_STREAM_MODIFIED
| #define PKT_STREAM_MODIFIED (1<<10) |
Packet is modified by the stream engine, we need to recalc the csum and reinject/replace
Definition at line 1097 of file decode.h.
Referenced by CaptureStatsUpdate(), DetectReplaceExecuteInternal(), NFQSetVerdict(), and StreamTcpInlineSegmentReplacePacket().
◆ PKT_STREAM_NOPCAPLOG
| #define PKT_STREAM_NOPCAPLOG (1<<12) |
◆ PKT_TUNNEL
◆ PKT_TUNNEL_VERDICTED
◆ PKT_WANTS_FLOW
| #define PKT_WANTS_FLOW (1<<22) |
indication by decoder that it feels the packet should be handled by flow engine: Packet::flow_hash will be set
Definition at line 1116 of file decode.h.
Referenced by FlowSetupPacket(), and TmqhOutputFlowHash().
◆ PKT_ZERO_COPY
| #define PKT_ZERO_COPY (1<<16) |
Packet comes from zero copy (ext_pkt must not be freed)
Definition at line 1105 of file decode.h.
Referenced by PacketSetData().
◆ PPP_OVER_GRE
◆ SET_IPV4_DST_ADDR
| #define SET_IPV4_DST_ADDR | ( | p, | |
| a | |||
| ) |
◆ SET_IPV4_SRC_ADDR
| #define SET_IPV4_SRC_ADDR | ( | p, | |
| a | |||
| ) |
◆ SET_IPV6_DST_ADDR
| #define SET_IPV6_DST_ADDR | ( | p, | |
| a | |||
| ) |
◆ SET_IPV6_SRC_ADDR
| #define SET_IPV6_SRC_ADDR | ( | p, | |
| a | |||
| ) |
◆ SET_PKT_LEN
| #define SET_PKT_LEN | ( | p, | |
| len | |||
| ) |
Definition at line 225 of file decode.h.
Referenced by PacketCallocExtPkt(), PacketCopyData(), PacketCopyDataOffset(), PacketSetData(), UTHBuildPacketIPV6Real(), and UTHBuildPacketReal().
◆ SET_PORT
◆ SET_SCTP_DST_PORT
| #define SET_SCTP_DST_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 204 of file decode.h.
Referenced by FlowInit().
◆ SET_SCTP_SRC_PORT
| #define SET_SCTP_SRC_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 200 of file decode.h.
Referenced by FlowInit().
◆ SET_TCP_DST_PORT
| #define SET_TCP_DST_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 185 of file decode.h.
Referenced by FlowInit().
◆ SET_TCP_SRC_PORT
| #define SET_TCP_SRC_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 181 of file decode.h.
Referenced by FlowInit().
◆ SET_TUNNEL_PKT
| #define SET_TUNNEL_PKT | ( | p | ) | ((p)->flags |= PKT_TUNNEL) |
Definition at line 895 of file decode.h.
Referenced by PacketDefragPktSetup(), PacketDefragPktSetupParent(), and PacketTunnelPktSetup().
◆ SET_TUNNEL_PKT_VERDICTED
| #define SET_TUNNEL_PKT_VERDICTED | ( | p | ) | ((p)->flags |= PKT_TUNNEL_VERDICTED) |
Definition at line 900 of file decode.h.
Referenced by TmqhOutputPacketpool().
◆ SET_UDP_DST_PORT
| #define SET_UDP_DST_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 194 of file decode.h.
Referenced by FlowInit().
◆ SET_UDP_SRC_PORT
| #define SET_UDP_SRC_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 191 of file decode.h.
Referenced by FlowInit().
◆ SIZE_OF_PACKET
| #define SIZE_OF_PACKET (default_packet_size + sizeof(Packet)) |
Definition at line 613 of file decode.h.
Referenced by PacketGetFromAlloc().
◆ tcpvars
◆ TUNNEL_INCR_PKT_RTV_NOLOCK
| #define TUNNEL_INCR_PKT_RTV_NOLOCK | ( | p | ) |
Definition at line 881 of file decode.h.
Referenced by TmqhOutputPacketpool().
◆ TUNNEL_INCR_PKT_TPR
| #define TUNNEL_INCR_PKT_TPR | ( | p | ) |
Definition at line 885 of file decode.h.
Referenced by PacketDefragPktSetupParent(), and PacketTunnelPktSetup().
◆ TUNNEL_PKT_RTV
| #define TUNNEL_PKT_RTV | ( | p | ) | ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt) |
Definition at line 891 of file decode.h.
Referenced by TmqhOutputPacketpool().
◆ TUNNEL_PKT_TPR
| #define TUNNEL_PKT_TPR | ( | p | ) | ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt) |
Definition at line 892 of file decode.h.
Referenced by TmqhOutputPacketpool().
◆ UNSET_TUNNEL_PKT
| #define UNSET_TUNNEL_PKT | ( | p | ) | ((p)->flags &= ~PKT_TUNNEL) |
Definition at line 896 of file decode.h.
Referenced by PacketTunnelPktSetup().
◆ VLAN_OVER_GRE
Typedef Documentation
◆ Address
◆ AppLayerDecoderEvents
| typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents |
◆ AppLayerThreadCtx
| typedef struct AppLayerThreadCtx_ AppLayerThreadCtx |
◆ CaptureStats
| typedef struct CaptureStats_ CaptureStats |
◆ DecodeThreadVars
| typedef struct DecodeThreadVars_ DecodeThreadVars |
Structure to hold thread specific data for all decode modules.
◆ Packet
◆ PacketAlert
| typedef struct PacketAlert_ PacketAlert |
◆ PacketAlerts
| typedef struct PacketAlerts_ PacketAlerts |
◆ PacketEngineEvents
| typedef struct PacketEngineEvents_ PacketEngineEvents |
data structure to store decoder, defrag and stream events
◆ PacketQueue
| typedef struct PacketQueue_ PacketQueue |
◆ PktProfiling
| typedef struct PktProfiling_ PktProfiling |
Per pkt stats storage.
◆ PktProfilingAppData
| typedef struct PktProfilingAppData_ PktProfilingAppData |
◆ PktProfilingData
| typedef struct PktProfilingData_ PktProfilingData |
◆ PktProfilingDetectData
| typedef struct PktProfilingDetectData_ PktProfilingDetectData |
◆ PktProfilingLoggerData
| typedef struct PktProfilingLoggerData_ PktProfilingLoggerData |
◆ PktProfilingPrefilterData
| typedef struct PktProfilingPrefilterData_ PktProfilingPrefilterData |
◆ PktProfilingPrefilterEngine
| typedef struct PktProfilingPrefilterEngine_ PktProfilingPrefilterEngine |
◆ PktProfilingTmmData
| typedef struct PktProfilingTmmData_ PktProfilingTmmData |
Per TMM stats storage.
◆ PktVar
◆ Port
Enumeration Type Documentation
◆ ChecksumValidationMode
◆ DecodeTunnelProto
| enum DecodeTunnelProto |
◆ PktSrcEnum
| enum PktSrcEnum |
Function Documentation
◆ AppLayerDecoderEventsFreeEvents()
| void AppLayerDecoderEventsFreeEvents | ( | AppLayerDecoderEvents ** | events | ) |
Definition at line 132 of file app-layer-events.c.
References SCFree.
Referenced by AppLayerParserStateFree().
◆ AppLayerDecoderEventsResetEvents()
| void AppLayerDecoderEventsResetEvents | ( | AppLayerDecoderEvents * | events | ) |
Definition at line 125 of file app-layer-events.c.
References AppLayerDecoderEvents_::cnt.
◆ DecodeERSPAN()
| int DecodeERSPAN | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Function to decode ERSPAN packets.
Definition at line 46 of file decode-erspan.c.
References DecodeThreadVars_::counter_erspan, DecodeEthernet(), ENGINE_SET_EVENT, ERSPAN_HEADER_TOO_SMALL, ERSPAN_TOO_MANY_VLAN_LAYERS, ERSPAN_UNSUPPORTED_VERSION, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, version, DecodeThreadVars_::vlan_disabled, Packet_::vlan_id, and Packet_::vlan_idx.
Referenced by DecodeTunnel().
◆ DecodeEthernet()
| int DecodeEthernet | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 41 of file decode-ethernet.c.
References DecodeThreadVars_::counter_eth, DCE_PKT_TOO_SMALL, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), ENGINE_SET_INVALID_EVENT, ETHERNET_DCE_HEADER_LEN, ETHERNET_HEADER_LEN, ETHERNET_PKT_TOO_SMALL, ETHERNET_TYPE_8021QINQ, ETHERNET_TYPE_DCE, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_MPLS_MULTICAST, ETHERNET_TYPE_MPLS_UNICAST, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, Packet_::ethh, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeERSPAN(), DecodeEthernet(), DecodeMPLS(), DecodePcap(), DecodePfring(), DecodeTunnel(), NapatechDecode(), ReceivePcapFileThreadInit(), UTHBuildPacketArrayFromEth(), and UTHBuildPacketFromEth().
◆ DecodeGRE()
| int DecodeGRE | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Function to decode GRE packets.
- Todo:
- We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.
- Todo:
- We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.
Definition at line 46 of file decode-gre.c.
References DecodeThreadVars_::counter_gre, DECODE_TUNNEL_ERSPAN, DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_PPP, DECODE_TUNNEL_VLAN, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_BRIDGE, ETHERNET_TYPE_ERSPAN, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, GRE_CHKSUM_LEN, GRE_FLAG_ISSET_CHKSUM, GRE_FLAG_ISSET_KY, GRE_FLAG_ISSET_RECUR, GRE_FLAG_ISSET_ROUTE, GRE_FLAG_ISSET_SQ, GRE_FLAG_ISSET_SSR, GRE_GET_PROTO, GRE_GET_VERSION, GRE_HDR_LEN, GRE_KEY_LEN, GRE_OFFSET_LEN, GRE_PKT_TOO_SMALL, GRE_PROTO_PPP, GRE_SEQ_LEN, GRE_SRE_HDR_LEN, GRE_VERSION0_FLAGS, GRE_VERSION0_HDR_TOO_BIG, GRE_VERSION0_MALFORMED_SRE_HDR, GRE_VERSION0_RECUR, GRE_VERSION1_CHKSUM, GRE_VERSION1_FLAGS, GRE_VERSION1_HDR_TOO_BIG, GRE_VERSION1_NO_KEY, GRE_VERSION1_RECUR, GRE_VERSION1_ROUTE, GRE_VERSION1_SSR, GRE_VERSION1_WRONG_PROTOCOL, GRE_VERSION_0, GRE_VERSION_1, GRE_WRONG_VERSION, Packet_::greh, GREV1_ACK_LEN, GREV1_FLAG_ISSET_ACK, GREV1_FLAG_ISSET_FLAGS, PacketEnqueue(), PacketTunnelPktSetup(), PKT_SET_SRC, PKT_SRC_DECODER_GRE, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, and TM_ECODE_OK.
◆ DecodeICMPV4()
| int DecodeICMPV4 | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| uint8_t * | pkt, | ||
| uint16_t | len, | ||
| PacketQueue * | pq | ||
| ) |
Main ICMPv4 decoding function.
DecodeICMPV4
Definition at line 155 of file decode-icmpv4.c.
References Packet_::code, DecodeThreadVars_::counter_icmpv4, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ICMPV4_HEADER_LEN, ICMPV4_HEADER_PKT_OFFSET, ICMPV4_PKT_TOO_SMALL, ICMPV4_UNKNOWN_CODE, Packet_::icmpv4h, Packet_::icmpv4vars, ICMPV4ExtHdr_::id, ICMPV4Vars_::id, Packet_::payload, Packet_::payload_len, Packet_::proto, SCLogDebug, ICMPV4ExtHdr_::seq, ICMPV4Vars_::seq, StatsIncr(), TM_ECODE_FAILED, and Packet_::type.
◆ DecodeICMPV6()
| int DecodeICMPV6 | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| uint8_t * | pkt, | ||
| uint16_t | len, | ||
| PacketQueue * | pq | ||
| ) |
Decode ICMPV6 packets and fill the Packet with the decoded info.
- Parameters
-
tv Pointer to the thread variables dtv Pointer to the decode thread variables p Pointer to the packet we are filling pkt Pointer to the raw packet buffer len the len of the rest of the packet not processed yet pq the packet queue were this packet go
- Return values
-
void No return value
Definition at line 167 of file decode-icmpv6.c.
References ICMPV6Hdr_::code, Packet_::code, DecodeThreadVars_::counter_icmpv6, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_REJECTROUTE, ICMPV6_GET_CODE, ICMPV6_GET_TYPE, ICMPV6_HEADER_LEN, ICMPV6_PKT_TOO_SMALL, ICMPV6_UNKNOWN_CODE, Packet_::icmpv6h, Packet_::payload, Packet_::payload_len, Packet_::proto, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, ICMPV6Hdr_::type, and Packet_::type.
◆ DecodeIPV4()
| int DecodeIPV4 | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 533 of file decode-ipv4.c.
References DecodeThreadVars_::counter_ipv4, SCLogDebug, StatsIncr(), and unlikely.
Referenced by DecodeEthernet(), DecodeIPFW(), DecodeMPLS(), DecodeNFQ(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().
◆ DecodeIPV6()
| int DecodeIPV6 | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 584 of file decode-ipv6.c.
References DecodeThreadVars_::counter_ipv6, and StatsIncr().
Referenced by DecodeEthernet(), DecodeIPFW(), DecodeMPLS(), DecodeNFQ(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().
◆ DecodeIPV6FragHeader()
| void DecodeIPV6FragHeader | ( | Packet * | p, |
| uint8_t * | pkt, | ||
| uint16_t | hdrextlen, | ||
| uint16_t | plen, | ||
| uint16_t | prev_hdrextlen | ||
| ) |
Definition at line 107 of file decode-ipv6.c.
References FALSE, IPV6ExtHdrs_::fh_data_len, IPV6ExtHdrs_::fh_data_offset, IPV6ExtHdrs_::fh_header_offset, IPV6ExtHdrs_::fh_id, IPV6ExtHdrs_::fh_more_frags_set, IPV6ExtHdrs_::fh_nh, IPV6ExtHdrs_::fh_offset, IPV6ExtHdrs_::fh_prev_hdr_offset, GET_PKT_DATA, Packet_::ip6eh, SCLogDebug, and TRUE.
◆ DecodeMPLS()
| int DecodeMPLS | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 47 of file decode-mpls.c.
References DecodeThreadVars_::counter_mpls, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, MPLS_BAD_LABEL_IMPLICIT_NULL, MPLS_BAD_LABEL_RESERVED, MPLS_BAD_LABEL_ROUTER_ALERT, MPLS_BOTTOM, MPLS_HEADER_LEN, MPLS_HEADER_TOO_SMALL, MPLS_LABEL, MPLS_LABEL_IPV4, MPLS_LABEL_IPV6, MPLS_LABEL_NULL, MPLS_LABEL_ROUTER_ALERT, MPLS_MAX_RESERVED_LABEL, MPLS_PROTO_ETHERNET_PW, MPLS_PROTO_IPV4, MPLS_PROTO_IPV6, MPLS_PW_LEN, MPLS_UNKNOWN_PAYLOAD_TYPE, StatsIncr(), TM_ECODE_FAILED, and TM_ECODE_OK.
Referenced by DecodeEthernet().
◆ DecodeNull()
| int DecodeNull | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 48 of file decode-null.c.
References DecodeThreadVars_::counter_null, DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, HDR_SIZE, LTNULL_PKT_TOO_SMALL, LTNULL_UNSUPPORTED_TYPE, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, type, and unlikely.
Referenced by DecodeAFP(), DecodePcap(), and ReceivePcapFileThreadInit().
◆ DecodePPP()
| int DecodePPP | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 43 of file decode-ppp.c.
References DecodeThreadVars_::counter_ppp, DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV6_HEADER_LEN, likely, PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HEADER_LEN, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_PKT_TOO_SMALL, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, Packet_::ppph, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPVJU_PKT_TOO_SMALL, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeAFP(), DecodePcap(), DecodeTunnel(), and ReceivePcapFileThreadInit().
◆ DecodePPPOEDiscovery()
| int DecodePPPOEDiscovery | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Main decoding function for PPPOE Discovery packets.
Definition at line 50 of file decode-pppoe.c.
References DecodeThreadVars_::counter_pppoe, ENGINE_SET_INVALID_EVENT, PPPOE_CODE_PADI, PPPOE_CODE_PADO, PPPOE_CODE_PADR, PPPOE_CODE_PADS, PPPOE_CODE_PADT, PPPOE_DISCOVERY_HEADER_MIN_LEN, pppoe_length, PPPOE_MALFORMED_TAGS, PPPOE_PKT_TOO_SMALL, PPPOE_WRONG_CODE, Packet_::pppoedh, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, and TM_ECODE_OK.
Referenced by DecodeEthernet(), and DecodeVLAN().
◆ DecodePPPOESession()
| int DecodePPPOESession | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Main decoding function for PPPOE Session packets.
Definition at line 129 of file decode-pppoe.c.
References DecodeThreadVars_::counter_pppoe, DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV6_HEADER_LEN, PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, Packet_::ppph, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPOESessionHdr_::pppoe_code, PPPOESessionHdr_::pppoe_length, PPPOE_PKT_TOO_SMALL, PPPOE_SESSION_GET_TYPE, PPPOE_SESSION_GET_VERSION, PPPOE_SESSION_HEADER_LEN, Packet_::pppoesh, PPPVJU_PKT_TOO_SMALL, PPPOESessionHdr_::protocol, SCLogDebug, PPPOESessionHdr_::session_id, StatsIncr(), TM_ECODE_FAILED, and TM_ECODE_OK.
Referenced by DecodeEthernet(), and DecodeVLAN().
◆ DecodeRaw()
| int DecodeRaw | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 46 of file decode-raw.c.
References DecodeThreadVars_::counter_raw, DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, IP_GET_RAW_VER, IPRAW_INVALID_IPV, IPV4_HEADER_LEN, IPV4_PKT_TOO_SMALL, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeAFP(), DecodePcap(), and ReceivePcapFileThreadInit().
◆ DecodeSCTP()
| int DecodeSCTP | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 62 of file decode-sctp.c.
References DecodeThreadVars_::counter_sctp, StatsIncr(), and unlikely.
◆ DecodeSll()
| int DecodeSll | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 39 of file decode-sll.c.
References DecodeThreadVars_::counter_sll, DecodeIPV4(), DecodeIPV6(), DecodeVLAN(), ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, SCLogDebug, SLL_HEADER_LEN, SLL_PKT_TOO_SMALL, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeAFP(), DecodePcap(), and ReceivePcapFileThreadInit().
◆ DecodeTCP()
| int DecodeTCP | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 199 of file decode-tcp.c.
References DecodeThreadVars_::counter_tcp, StatsIncr(), and unlikely.
◆ DecodeTEMPLATE()
| int DecodeTEMPLATE | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint16_t | len, | ||
| PacketQueue * | pq | ||
| ) |
Function to decode XXX packets.
- Parameters
-
tv thread vars dtv decoder thread vars p packet pkt raw packet data len length in bytes of pkt array
- Return values
-
TM_ECODE_OK or TM_ECODE_FAILED on serious error
Definition at line 52 of file decode-template.c.
References DecodeUDP(), TM_ECODE_FAILED, and TM_ECODE_OK.
◆ DecodeUDP()
| int DecodeUDP | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 73 of file decode-udp.c.
References DecodeThreadVars_::counter_udp, StatsIncr(), and unlikely.
Referenced by DecodeTEMPLATE().
◆ DecodeVLAN()
| int DecodeVLAN | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 59 of file decode-vlan.c.
References DecodeThreadVars_::counter_vlan, DecodeThreadVars_::counter_vlan_qinq, DecodeIPV4(), DecodeIPV6(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_8021AD, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, GET_VLAN_CFI, GET_VLAN_ID, GET_VLAN_PRIORITY, GET_VLAN_PROTO, proto, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, DecodeThreadVars_::vlan_disabled, VLAN_HEADER_LEN, VLAN_HEADER_TOO_MANY_LAYERS, VLAN_HEADER_TOO_SMALL, Packet_::vlan_id, Packet_::vlan_idx, VLAN_UNKNOWN_TYPE, and Packet_::vlanh.
Referenced by DecodeEthernet(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().
Variable Documentation
◆ __attribute__
| typedef __attribute__ |
◆ default_packet_size
| uint32_t default_packet_size |
Definition at line 612 of file decode.h.
Referenced by PacketCopyDataOffset(), and RunUnittests().
◆ g_default_mtu
| int g_default_mtu |
highest mtu of the interfaces we monitor
Definition at line 227 of file suricata.c.
