#include "suricata-common.h"
#include "threadvars.h"
#include "decode-events.h"
#include "flow-worker.h"
#include "util-napatech.h"
#include "source-nflog.h"
#include "source-nfq.h"
#include "source-ipfw.h"
#include "source-pcap.h"
#include "source-af-packet.h"
#include "source-netmap.h"
#include "source-windivert.h"
#include "action-globals.h"
#include "decode-erspan.h"
#include "decode-ethernet.h"
#include "decode-gre.h"
#include "decode-ppp.h"
#include "decode-pppoe.h"
#include "decode-sll.h"
#include "decode-ipv4.h"
#include "decode-ipv6.h"
#include "decode-icmpv4.h"
#include "decode-icmpv6.h"
#include "decode-tcp.h"
#include "decode-udp.h"
#include "decode-sctp.h"
#include "decode-raw.h"
#include "decode-null.h"
#include "decode-vlan.h"
#include "decode-vxlan.h"
#include "decode-mpls.h"
#include "detect-reference.h"
#include "app-layer-protos.h"

Include dependency graph for decode.h:

Data Structures
struct	Address_

struct	PacketAlert_

struct	PacketAlerts_

struct	PacketEngineEvents_

struct	PktVar_

struct	PktProfilingTmmData_
	Per TMM stats storage. More...

struct	PktProfilingData_

struct	PktProfilingDetectData_

struct	PktProfilingAppData_

struct	PktProfilingLoggerData_

struct	PktProfilingPrefilterEngine_

struct	PktProfilingPrefilterData_

struct	PktProfiling_
	Per pkt stats storage. More...

struct	Packet_

struct	PacketQueue_

struct	DecodeThreadVars_
	Structure to hold thread specific data for all decode modules. More...

struct	CaptureStats_

Macros
#define	COUNTERS

#define	addr_data32 address.address_un_data32

#define	addr_data16 address.address_un_data16

#define	addr_data8 address.address_un_data8

#define	addr_in6addr address.address_un_in6

#define	COPY_ADDRESS(a, b)

#define	SET_IPV4_SRC_ADDR(p, a)

#define	SET_IPV4_DST_ADDR(p, a)

#define	CLEAR_ADDR(a)

#define	SET_IPV6_SRC_ADDR(p, a)

#define	SET_IPV6_DST_ADDR(p, a)

#define	SET_TCP_SRC_PORT(pkt, prt)

#define	SET_TCP_DST_PORT(pkt, prt)

#define	SET_UDP_SRC_PORT(pkt, prt)

#define	SET_UDP_DST_PORT(pkt, prt)

#define	SET_SCTP_SRC_PORT(pkt, prt)

#define	SET_SCTP_DST_PORT(pkt, prt)

#define	GET_IPV4_SRC_ADDR_U32(p) ((p)->src.addr_data32[0])

#define	GET_IPV4_DST_ADDR_U32(p) ((p)->dst.addr_data32[0])

#define	GET_IPV4_SRC_ADDR_PTR(p) ((p)->src.addr_data32)

#define	GET_IPV4_DST_ADDR_PTR(p) ((p)->dst.addr_data32)

#define	GET_IPV6_SRC_IN6ADDR(p) ((p)->src.addr_in6addr)

#define	GET_IPV6_DST_IN6ADDR(p) ((p)->dst.addr_in6addr)

#define	GET_IPV6_SRC_ADDR(p) ((p)->src.addr_data32)

#define	GET_IPV6_DST_ADDR(p) ((p)->dst.addr_data32)

#define	GET_TCP_SRC_PORT(p) ((p)->sp)

#define	GET_TCP_DST_PORT(p) ((p)->dp)

#define	GET_PKT_LEN(p) ((p)->pktlen)

#define	GET_PKT_DATA(p) ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt)

#define	GET_PKT_DIRECT_DATA(p) (uint8_t *)((p) + 1)

#define	GET_PKT_DIRECT_MAX_SIZE(p) (default_packet_size)

#define	SET_PKT_LEN(p, len)

#define	SET_PORT(v, p) ((p) = (v))

#define	COPY_PORT(a, b) ((b) = (a))

#define	CMP_ADDR(a1, a2)

#define	CMP_PORT(p1, p2) ((p1) == (p2))

#define	IP_GET_RAW_VER(pkt) ((((pkt)[0] & 0xf0) >> 4))

#define	PKT_IS_IPV4(p) (((p)->ip4h != NULL))

#define	PKT_IS_IPV6(p) (((p)->ip6h != NULL))

#define	PKT_IS_TCP(p) (((p)->tcph != NULL))

#define	PKT_IS_UDP(p) (((p)->udph != NULL))

#define	PKT_IS_ICMPV4(p) (((p)->icmpv4h != NULL))

#define	PKT_IS_ICMPV6(p) (((p)->icmpv6h != NULL))

#define	PKT_IS_TOSERVER(p) (((p)->flowflags & FLOW_PKT_TOSERVER))

#define	PKT_IS_TOCLIENT(p) (((p)->flowflags & FLOW_PKT_TOCLIENT))

#define	IPH_IS_VALID(p) (PKT_IS_IPV4((p)) \|\| PKT_IS_IPV6((p)))

#define	IP_GET_IPPROTO(p)

#define	PACKET_ALERT_FLAG_DROP_FLOW 0x01

#define	PACKET_ALERT_FLAG_STATE_MATCH 0x02

#define	PACKET_ALERT_FLAG_STREAM_MATCH 0x04

#define	PACKET_ALERT_FLAG_TX 0x08

#define	PACKET_ALERT_RATE_FILTER_MODIFIED 0x10

#define	PACKET_ALERT_MAX 15

#define	PACKET_ENGINE_EVENT_MAX 15

#define	tcpvars l4vars.tcpvars

#define	icmpv4vars l4vars.icmpv4vars

#define	icmpv6vars l4vars.icmpv6vars

#define	DEFAULT_MTU 1500

#define	MINIMUM_MTU 68

#define	DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN)

#define	MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28)

#define	SIZE_OF_PACKET (default_packet_size + sizeof(Packet))

#define	PACKET_CLEAR_L4VARS(p)

#define	PACKET_RESET_CHECKSUMS(p)
	reset these to -1(indicates that the packet is fresh from the queue) More...

#define	PACKET_FREE_EXTDATA(p)

#define	PACKET_INITIALIZE(p)
	Initialize a packet structure for use. More...

#define	PACKET_RELEASE_REFS(p)

#define	PACKET_REINIT(p)
	Recycle a packet structure for reuse. More...

#define	PACKET_RECYCLE(p)

#define	PACKET_DESTRUCTOR(p)
	Cleanup a packet so that we can free it. No memset needed.. More...

#define	PACKET_SET_ACTION(p, a)

#define	PACKET_ALERT(p) PACKET_SET_ACTION(p, ACTION_ALERT)

#define	PACKET_ACCEPT(p) PACKET_SET_ACTION(p, ACTION_ACCEPT)

#define	PACKET_DROP(p) PACKET_SET_ACTION(p, ACTION_DROP)

#define	PACKET_REJECT(p) PACKET_SET_ACTION(p, (ACTION_REJECT\|ACTION_DROP))

#define	PACKET_REJECT_DST(p) PACKET_SET_ACTION(p, (ACTION_REJECT_DST\|ACTION_DROP))

#define	PACKET_REJECT_BOTH(p) PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH\|ACTION_DROP))

#define	PACKET_PASS(p) PACKET_SET_ACTION(p, ACTION_PASS)

#define	PACKET_TEST_ACTION(p, a)

#define	PACKET_UPDATE_ACTION(p, a)

#define	TUNNEL_INCR_PKT_RTV_NOLOCK(p)

#define	TUNNEL_INCR_PKT_TPR(p)

#define	TUNNEL_PKT_RTV(p) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)

#define	TUNNEL_PKT_TPR(p) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)

#define	IS_TUNNEL_PKT(p) (((p)->flags & PKT_TUNNEL))

#define	SET_TUNNEL_PKT(p) ((p)->flags \|= PKT_TUNNEL)

#define	UNSET_TUNNEL_PKT(p) ((p)->flags &= ~PKT_TUNNEL)

#define	IS_TUNNEL_ROOT_PKT(p) (IS_TUNNEL_PKT(p) && (p)->root == NULL)

#define	IS_TUNNEL_PKT_VERDICTED(p) (((p)->flags & PKT_TUNNEL_VERDICTED))

#define	SET_TUNNEL_PKT_VERDICTED(p) ((p)->flags \|= PKT_TUNNEL_VERDICTED)

#define	DecodeSetNoPayloadInspectionFlag(p)
	Set the No payload inspection Flag for the packet. More...

#define	DecodeUnsetNoPayloadInspectionFlag(p)

#define	DecodeSetNoPacketInspectionFlag(p)
	Set the No packet inspection Flag for the packet. More...

#define	DecodeUnsetNoPacketInspectionFlag(p)

#define	ENGINE_SET_EVENT(p, e)

#define	ENGINE_SET_INVALID_EVENT(p, e)

#define	ENGINE_ISSET_EVENT(p, e)

#define	LINKTYPE_NULL DLT_NULL

#define	LINKTYPE_ETHERNET DLT_EN10MB

#define	LINKTYPE_LINUX_SLL 113

#define	LINKTYPE_PPP 9

#define	LINKTYPE_RAW DLT_RAW

#define	LINKTYPE_RAW2 101

#define	LINKTYPE_IPV4 228

#define	LINKTYPE_GRE_OVER_IP 778

#define	PPP_OVER_GRE 11

#define	VLAN_OVER_GRE 13

#define	PKT_NOPACKET_INSPECTION (1)

#define	PKT_NOPAYLOAD_INSPECTION (1<<2)

#define	PKT_ALLOC (1<<3)

#define	PKT_HAS_TAG (1<<4)

#define	PKT_STREAM_ADD (1<<5)

#define	PKT_STREAM_EST (1<<6)

#define	PKT_STREAM_EOF (1<<7)

#define	PKT_HAS_FLOW (1<<8)

#define	PKT_PSEUDO_STREAM_END (1<<9)

#define	PKT_STREAM_MODIFIED (1<<10)

#define	PKT_MARK_MODIFIED (1<<11)

#define	PKT_STREAM_NOPCAPLOG (1<<12)

#define	PKT_TUNNEL (1<<13)

#define	PKT_TUNNEL_VERDICTED (1<<14)

#define	PKT_IGNORE_CHECKSUM (1<<15)

#define	PKT_ZERO_COPY (1<<16)

#define	PKT_HOST_SRC_LOOKED_UP (1<<17)

#define	PKT_HOST_DST_LOOKED_UP (1<<18)

#define	PKT_IS_FRAGMENT (1<<19)

#define	PKT_IS_INVALID (1<<20)

#define	PKT_PROFILE (1<<21)

#define	PKT_WANTS_FLOW (1<<22)

#define	PKT_PROTO_DETECT_TS_DONE (1<<23)

#define	PKT_PROTO_DETECT_TC_DONE (1<<24)

#define	PKT_REBUILT_FRAGMENT (1<<25)

#define	PKT_DETECT_HAS_STREAMDATA (1<<26)

#define	PKT_PSEUDO_DETECTLOG_FLUSH (1<<27)

#define	PKT_STREAM_NO_EVENTS (1<<28)

#define	PKT_IS_PSEUDOPKT(p) ((p)->flags & (PKT_PSEUDO_STREAM_END\|PKT_PSEUDO_DETECTLOG_FLUSH))
	return 1 if the packet is a pseudo packet More...

#define	PKT_SET_SRC(p, src_val) ((p)->pkt_src = src_val)

Typedefs
typedef struct AppLayerThreadCtx_	AppLayerThreadCtx

typedef struct AppLayerDecoderEvents_	AppLayerDecoderEvents

typedef struct Address_	Address

typedef uint16_t	Port

typedef struct PacketAlert_	PacketAlert

typedef struct PacketAlerts_	PacketAlerts

typedef struct PacketEngineEvents_	PacketEngineEvents

typedef struct PktVar_	PktVar

typedef struct PktProfilingTmmData_	PktProfilingTmmData
	Per TMM stats storage. More...

typedef struct PktProfilingData_	PktProfilingData

typedef struct PktProfilingDetectData_	PktProfilingDetectData

typedef struct PktProfilingAppData_	PktProfilingAppData

typedef struct PktProfilingLoggerData_	PktProfilingLoggerData

typedef struct PktProfilingPrefilterEngine_	PktProfilingPrefilterEngine

typedef struct PktProfilingPrefilterData_	PktProfilingPrefilterData

typedef struct PktProfiling_	PktProfiling
	Per pkt stats storage. More...

typedef struct Packet_	Packet

typedef struct PacketQueue_	PacketQueue

typedef struct DecodeThreadVars_	DecodeThreadVars
	Structure to hold thread specific data for all decode modules. More...

typedef struct CaptureStats_	CaptureStats

typedef int(*	DecoderFunc) (ThreadVars tv, DecodeThreadVars dtv, Packet p, const uint8_t pkt, uint32_t len, PacketQueue *pq)

Functions
void	AppLayerDecoderEventsResetEvents (AppLayerDecoderEvents *events)

void	AppLayerDecoderEventsFreeEvents (AppLayerDecoderEvents **events)

void	CaptureStatsUpdate (ThreadVars tv, CaptureStats s, const Packet *p)

void	CaptureStatsSetup (ThreadVars tv, CaptureStats s)

Packet *	PacketTunnelPktSetup (ThreadVars tv, DecodeThreadVars dtv, Packet parent, const uint8_t pkt, uint32_t len, enum DecodeTunnelProto proto, PacketQueue *pq)
	Setup a pseudo packet (tunnel) More...

Packet *	PacketDefragPktSetup (Packet parent, const uint8_t pkt, uint32_t len, uint8_t proto)
	Setup a pseudo packet (reassembled frags) More...

void	PacketDefragPktSetupParent (Packet *parent)
	inform defrag "parent" that a pseudo packet is now assosiated to it. More...

void	DecodeRegisterPerfCounters (DecodeThreadVars , ThreadVars )

Packet *	PacketGetFromQueueOrAlloc (void)
	Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packet that is free'd again after processing. More...

Packet *	PacketGetFromAlloc (void)
	Get a malloced packet. More...

void	PacketDecodeFinalize (ThreadVars tv, DecodeThreadVars dtv, Packet *p)
	Finalize decoding of a packet. More...

void	PacketUpdateEngineEventCounters (ThreadVars tv, DecodeThreadVars dtv, Packet *p)

void	PacketFree (Packet *p)
	Return a malloced packet. More...

void	PacketFreeOrRelease (Packet *p)
	Return a packet to where it was allocated. More...

int	PacketCallocExtPkt (Packet *p, int datalen)

int	PacketCopyData (Packet p, const uint8_t pktdata, uint32_t pktlen)
	Copy data to Packet payload and set packet length. More...

int	PacketSetData (Packet p, const uint8_t pktdata, uint32_t pktlen)
	Set data for Packet and set length when zeo copy is used. More...

int	PacketCopyDataOffset (Packet p, uint32_t offset, const uint8_t data, uint32_t datalen)
	Copy data to Packet payload at given offset. More...

const char *	PktSrcToString (enum PktSrcEnum pkt_src)

void	PacketBypassCallback (Packet *p)

void	PacketSwap (Packet *p)
	switch direction of a packet More...

DecodeThreadVars *	DecodeThreadVarsAlloc (ThreadVars *)
	Alloc and setup DecodeThreadVars. More...

void	DecodeThreadVarsFree (ThreadVars , DecodeThreadVars )

void	DecodeUpdatePacketCounters (ThreadVars tv, const DecodeThreadVars dtv, const Packet *p)

int	DecodeEthernet (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)

int	DecodeSll (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)

int	DecodePPP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)

int	DecodePPPOESession (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)
	Main decoding function for PPPOE Session packets. More...

int	DecodePPPOEDiscovery (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)
	Main decoding function for PPPOE Discovery packets. More...

int	DecodeTunnel (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *, enum DecodeTunnelProto) __attribute__((warn_unused_result))

int	DecodeNull (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)

int	DecodeRaw (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)

int	DecodeIPV4 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t, PacketQueue *)

int	DecodeIPV6 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t, PacketQueue *)

int	DecodeICMPV4 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)
	Main ICMPv4 decoding function. More...

int	DecodeICMPV6 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)
	Decode ICMPV6 packets and fill the Packet with the decoded info. More...

int	DecodeTCP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t, PacketQueue *)

int	DecodeUDP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t, PacketQueue *)

int	DecodeSCTP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t, PacketQueue *)

int	DecodeGRE (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)
	Function to decode GRE packets. More...

int	DecodeVLAN (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)

int	DecodeVXLAN (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)

int	DecodeMPLS (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)

int	DecodeERSPAN (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)
	Function to decode ERSPAN packets. More...

int	DecodeTEMPLATE (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)
	Function to decode TEMPLATE packets. More...

void	DecodeIPV6FragHeader (Packet p, const uint8_t pkt, uint16_t hdrextlen, uint16_t plen, uint16_t prev_hdrextlen)

void	AddressDebugPrint (Address *)
	Debug print function for printing addresses. More...

void	DecodeGlobalConfig (void)

void	DecodeUnregisterCounters (void)

Variables
int	g_default_mtu

uint32_t	default_packet_size

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file decode.h.

Macro Definition Documentation

#define addr_data16 address.address_un_data16

Definition at line 121 of file decode.h.

#define addr_data32 address.address_un_data32

Definition at line 120 of file decode.h.

#define addr_data8 address.address_un_data8

Definition at line 122 of file decode.h.

#define addr_in6addr address.address_un_in6

Definition at line 123 of file decode.h.

#define CLEAR_ADDR ( a )

Value:

do {       \
        (a)->family = 0;         \
        (a)->addr_data32[0] = 0; \
        (a)->addr_data32[1] = 0; \
        (a)->addr_data32[2] = 0; \
        (a)->addr_data32[3] = 0; \
    } while (0)

Definition at line 155 of file decode.h.

#define CMP_ADDR	(	a1,
		a2
	)

Value:

(((a1)->addr_data32[3] == (a2)->addr_data32[3] && \
      (a1)->addr_data32[2] == (a2)->addr_data32[2] && \
      (a1)->addr_data32[1] == (a2)->addr_data32[1] && \
      (a1)->addr_data32[0] == (a2)->addr_data32[0]))

Definition at line 239 of file decode.h.

Referenced by DetectSameipRegister(), FlowGetPacketDirection(), and IPPairCleanup().

#define CMP_PORT	(	p1,
		p2
	)	((p1) == (p2))

Definition at line 244 of file decode.h.

Referenced by FlowGetPacketDirection().

#define COPY_ADDRESS	(	a,
		b
	)

Value:

do {                    \
        (b)->family = (a)->family;                 \
        (b)->addr_data32[0] = (a)->addr_data32[0]; \
        (b)->addr_data32[1] = (a)->addr_data32[1]; \
        (b)->addr_data32[2] = (a)->addr_data32[2]; \
        (b)->addr_data32[3] = (a)->addr_data32[3]; \
    } while (0)

Definition at line 125 of file decode.h.

Referenced by DetectAddressCopy(), DetectAddressJoinIPv6(), HostFree(), IPPairCleanup(), and IPPairFree().

#define COPY_PORT	(	a,
		b
	)	((b) = (a))

Definition at line 237 of file decode.h.

#define COUNTERS

Definition at line 28 of file decode.h.

#define DecodeSetNoPacketInspectionFlag ( p )

Value:

do { \
        (p)->flags |= PKT_NOPACKET_INSPECTION;  \
    } while (0)

Set the No packet inspection Flag for the packet.

Parameters

p	Packet to set the flag in

Definition at line 984 of file decode.h.

Referenced by FlowHandlePacketUpdate(), StreamTcpPacket(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define DecodeSetNoPayloadInspectionFlag ( p )

Value:

do { \
        (p)->flags |= PKT_NOPAYLOAD_INSPECTION;  \
    } while (0)

Set the No payload inspection Flag for the packet.

Parameters

p	Packet to set the flag in

Definition at line 972 of file decode.h.

Referenced by FlowHandlePacketUpdate(), PacketDefragPktSetupParent(), PacketTunnelPktSetup(), StreamTcpPacket(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define DecodeUnsetNoPacketInspectionFlag ( p )

Value:

do { \
        (p)->flags &= ~PKT_NOPACKET_INSPECTION;  \
    } while (0)

Definition at line 987 of file decode.h.

#define DecodeUnsetNoPayloadInspectionFlag ( p )

Value:

do { \
        (p)->flags &= ~PKT_NOPAYLOAD_INSPECTION;  \
    } while (0)

Definition at line 976 of file decode.h.

#define DEFAULT_MTU 1500

Definition at line 611 of file decode.h.

Referenced by PostRunDeinit().

#define DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN)

Definition at line 614 of file decode.h.

Referenced by PostRunDeinit(), and RunUnittests().

#define ENGINE_ISSET_EVENT	(	p,
		e
	)

Value:

({ \
    int r = 0; \
    uint8_t u; \
    for (u = 0; u < (p)->events.cnt; u++) { \
        if ((p)->events.events[u] == (e)) { \
            r = 1; \
            break; \
        } \
    } \
    r; \
})

Definition at line 1007 of file decode.h.

Referenced by __attribute__(), DecodeEthernet(), DecodeGRE(), DecodeICMPV6(), DecodeIPV6(), DecodeMPLS(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DetectEngineEventRegister(), and ICMPv4GetCounterpart().

#define ENGINE_SET_EVENT	(	p,
		e
	)

Value:

do { \
    SCLogDebug("p %p event %d", (p), e); \
    if ((p)->events.cnt < PACKET_ENGINE_EVENT_MAX) { \
        (p)->events.events[(p)->events.cnt] = e; \
        (p)->events.cnt++; \
    } \
} while(0)

Definition at line 992 of file decode.h.

Referenced by DecodeERSPAN(), DecodeICMPV4(), DecodeICMPV6(), DecodeIPV6(), DecodeIPV6FragHeader(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeVLAN(), DefragRbFragCompare(), and DetectEngineEventRegister().

#define ENGINE_SET_INVALID_EVENT	(	p,
		e
	)

Value:

do { \
    p->flags |= PKT_IS_INVALID; \
    ENGINE_SET_EVENT(p, e); \
} while(0)

Definition at line 1000 of file decode.h.

Referenced by __attribute__(), DecodeEthernet(), DecodeGRE(), DecodeICMPV4(), DecodeICMPV6(), DecodeIPV4(), DecodeIPV6FragHeader(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), and DecodeVLAN().

#define GET_IPV4_DST_ADDR_PTR ( p ) ((p)->dst.addr_data32)

Definition at line 215 of file decode.h.

Referenced by AlertFastLogger(), DecodeIPV4(), DefragGetOsPolicy(), DefragPolicyGetHostTimeout(), JsonFiveTuple(), SRepCIDRGetIPRepDst(), StreamTcpSetOSPolicy(), and TLSGetIPInformations().

#define GET_IPV4_DST_ADDR_U32 ( p ) ((p)->dst.addr_data32[0])

Definition at line 213 of file decode.h.

Referenced by AFPSetBPFFilter(), DetectGeoipRegister(), and IPOnlyMatchPacket().

#define GET_IPV4_SRC_ADDR_PTR ( p ) ((p)->src.addr_data32)

Definition at line 214 of file decode.h.

Referenced by AlertFastLogger(), DecodeIPV4(), JsonFiveTuple(), SRepCIDRGetIPRepSrc(), and TLSGetIPInformations().

#define GET_IPV4_SRC_ADDR_U32 ( p ) ((p)->src.addr_data32[0])

Definition at line 212 of file decode.h.

Referenced by AFPSetBPFFilter(), DetectGeoipRegister(), and IPOnlyMatchPacket().

#define GET_IPV6_DST_ADDR ( p ) ((p)->dst.addr_data32)

Definition at line 220 of file decode.h.

Referenced by AFPSetBPFFilter(), AlertFastLogger(), DecodeIPV6(), DefragGetOsPolicy(), DefragPolicyGetHostTimeout(), IPOnlyMatchPacket(), JsonFiveTuple(), SRepCIDRGetIPRepDst(), StreamTcpSetOSPolicy(), and TLSGetIPInformations().

#define GET_IPV6_DST_IN6ADDR ( p ) ((p)->dst.addr_in6addr)

Definition at line 218 of file decode.h.

#define GET_IPV6_SRC_ADDR ( p ) ((p)->src.addr_data32)

Definition at line 219 of file decode.h.

Referenced by AFPSetBPFFilter(), AlertFastLogger(), DecodeIPV6(), IPOnlyMatchPacket(), JsonFiveTuple(), SRepCIDRGetIPRepSrc(), and TLSGetIPInformations().

#define GET_IPV6_SRC_IN6ADDR ( p ) ((p)->src.addr_in6addr)

Definition at line 217 of file decode.h.

#define GET_PKT_DATA ( p ) ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt)

#define GET_PKT_DIRECT_DATA ( p ) (uint8_t *)((p) + 1)

Definition at line 226 of file decode.h.

Referenced by NoWinDivertSupportExit(), PacketCopyDataOffset(), and ReceivePfringLoop().

#define GET_PKT_DIRECT_MAX_SIZE ( p ) (default_packet_size)

Definition at line 227 of file decode.h.

Referenced by NoWinDivertSupportExit(), PacketCopyDataOffset(), ReceivePfringLoop(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define GET_PKT_LEN ( p ) ((p)->pktlen)

Definition at line 224 of file decode.h.

Referenced by AlertFastLogger(), DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeIPFW(), DecodeIPV4(), DecodeIPV6(), DecodeNFQ(), DecodeNull(), DecodePcap(), DecodePfring(), DecodeRaw(), DecodeUpdatePacketCounters(), DefragRbFragCompare(), DetectCsumRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectLuaRegister(), DetectReplaceFreeInternal(), DetectTcphdrRegister(), DetectUdphdrRegister(), FlowHandlePacketUpdate(), IPFWSetVerdict(), JsonPacket(), NapatechDecode(), NFQSetVerdict(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), PacketTunnelPktSetup(), PcapFileGlobalInit(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), ReceiveIPFWLoop(), StreamTcpPseudoPacketCreateStreamEndPacket(), StreamTcpPseudoSetup(), TagHashAddTag(), TmModuleDecodeAFPRegister(), and TmModuleDecodeNetmapRegister().

#define GET_TCP_DST_PORT ( p ) ((p)->dp)

Definition at line 222 of file decode.h.

Referenced by AFPSetBPFFilter(), and DecodeTCP().

#define GET_TCP_SRC_PORT ( p ) ((p)->sp)

Definition at line 221 of file decode.h.

Referenced by AFPSetBPFFilter(), and DecodeTCP().

#define icmpv4vars l4vars.icmpv4vars

Definition at line 519 of file decode.h.

#define icmpv6vars l4vars.icmpv6vars

Definition at line 520 of file decode.h.

#define IP_GET_IPPROTO ( p )

Value:

(p->proto ? p->proto : \

(PKT_IS_IPV4((p))? IPV4_GET_IPPROTO((p)) : (PKT_IS_IPV6((p))? IPV6_GET_L4PROTO((p)) : 0)))

IPV4_GET_IPPROTO

#define IPV4_GET_IPPROTO(p)

Definition: decode-ipv4.h:148

PKT_IS_IPV6

#define PKT_IS_IPV6(p)

Definition: decode.h:252

PKT_IS_IPV4

#define PKT_IS_IPV4(p)

Definition: decode.h:251

IPV6_GET_L4PROTO

#define IPV6_GET_L4PROTO(p)

Definition: decode-ipv6.h:93

Definition at line 263 of file decode.h.

Referenced by AlertFastLogger(), IPOnlyMatchPacket(), JsonFiveTuple(), and SigMatchSignaturesGetSgh().

#define IP_GET_RAW_VER ( pkt ) ((((pkt)[0] & 0xf0) >> 4))

Definition at line 249 of file decode.h.

Referenced by DecodeIPV6FragHeader(), DecodeRaw(), and DecodeTeredo().

#define IPH_IS_VALID ( p ) (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p)))

Definition at line 260 of file decode.h.

#define IS_TUNNEL_PKT ( p ) (((p)->flags & PKT_TUNNEL))

Definition at line 881 of file decode.h.

Referenced by AFPSetBPFFilter(), AlertJsonHeader(), DetectMarkDataFree(), NoWinDivertSupportExit(), SCProfilingAddPacket(), TmModuleDecodePfringRegister(), TmqhOutputPacketpool(), VerdictIPFW(), and VerdictNFQ().

#define IS_TUNNEL_PKT_VERDICTED ( p ) (((p)->flags & PKT_TUNNEL_VERDICTED))

Definition at line 886 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define IS_TUNNEL_ROOT_PKT ( p ) (IS_TUNNEL_PKT(p) && (p)->root == NULL)

Definition at line 884 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define LINKTYPE_ETHERNET DLT_EN10MB

Definition at line 1073 of file decode.h.

Referenced by DecodeAFP(), DecodeErfDag(), DecodePcap(), NapatechDecode(), NapatechPacketLoopZC(), ReceiveAFPLoop(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), RunModeIdsAFPRegister(), TmModuleDecodeNetmapRegister(), TmModuleDecodePfringRegister(), and ValidateLinkType().

#define LINKTYPE_GRE_OVER_IP 778

Definition at line 1081 of file decode.h.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

#define LINKTYPE_IPV4 228

Definition at line 1080 of file decode.h.

Referenced by ValidateLinkType().

#define LINKTYPE_LINUX_SLL 113

Definition at line 1074 of file decode.h.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

#define LINKTYPE_NULL DLT_NULL

libpcap shows us the way to linktype codes

Todo:: we need more & maybe put them in a separate file?

Definition at line 1072 of file decode.h.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

#define LINKTYPE_PPP 9

Definition at line 1075 of file decode.h.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

#define LINKTYPE_RAW DLT_RAW

Definition at line 1076 of file decode.h.

Referenced by AFPGetLinkType(), DecodeAFP(), DecodePcap(), ReceiveAFPLoop(), and ValidateLinkType().

#define LINKTYPE_RAW2 101

Definition at line 1079 of file decode.h.

Referenced by ValidateLinkType().

#define MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28)

Definition at line 616 of file decode.h.

Referenced by DefragTrackerFreeFrags(), NoWinDivertSupportExit(), and PacketCopyDataOffset().

#define MINIMUM_MTU 68

ipv4 minimum: rfc791

Definition at line 612 of file decode.h.

#define PACKET_ACCEPT ( p ) PACKET_SET_ACTION(p, ACTION_ACCEPT)

Definition at line 845 of file decode.h.

#define PACKET_ALERT ( p ) PACKET_SET_ACTION(p, ACTION_ALERT)

Definition at line 843 of file decode.h.

Referenced by ThresholdIPPairTimeoutCheck().

#define PACKET_ALERT_FLAG_DROP_FLOW 0x01

After processing an alert by the thresholding module, if at last it gets triggered, we might want to stick the drop action to the flow on IPS mode

Definition at line 280 of file decode.h.

Referenced by DetectBufferTypeGetByIdTransforms(), IPOnlyMatchPacket(), and PacketAlertFinalize().

#define PACKET_ALERT_FLAG_STATE_MATCH 0x02

alert was generated based on state

Definition at line 282 of file decode.h.

Referenced by AlertJsonHeader(), and DetectSignatureApplyActions().

#define PACKET_ALERT_FLAG_STREAM_MATCH 0x04

alert was generated based on stream

Definition at line 284 of file decode.h.

Referenced by AlertJsonHeader(), DetectBufferTypeGetByIdTransforms(), and DetectSignatureApplyActions().

#define PACKET_ALERT_FLAG_TX 0x08

alert is in a tx, tx_id set

Definition at line 286 of file decode.h.

Referenced by AlertJsonHeader().

#define PACKET_ALERT_MAX 15

Definition at line 290 of file decode.h.

Referenced by PacketAlertAppend().

#define PACKET_ALERT_RATE_FILTER_MODIFIED 0x10

action was changed by rate_filter

Definition at line 288 of file decode.h.

Referenced by AlertJsonHeader(), and ThresholdIPPairTimeoutCheck().

#define PACKET_CLEAR_L4VARS ( p )

Value:

do {                         \
        memset(&(p)->l4vars, 0x00, sizeof((p)->l4vars));    \
    } while (0)

Definition at line 706 of file decode.h.

#define PACKET_DESTRUCTOR ( p )

Value:

do {                  \
        if ((p)->pktvar != NULL) {              \
            PktVarFree((p)->pktvar);            \
        }                                       \
        PACKET_FREE_EXTDATA((p));               \
        SCMutexDestroy(&(p)->tunnel_mutex);     \
        AppLayerDecoderEventsFreeEvents(&(p)->app_layer_events); \
        PACKET_PROFILING_RESET((p));            \
    } while (0)

Cleanup a packet so that we can free it. No memset needed..

Definition at line 822 of file decode.h.

Referenced by PacketFree().

#define PACKET_DROP ( p ) PACKET_SET_ACTION(p, ACTION_DROP)

Definition at line 847 of file decode.h.

Referenced by SigMatchSignaturesGetSgh(), StreamTcpPacket(), and ThresholdIPPairTimeoutCheck().

#define PACKET_ENGINE_EVENT_MAX 15

number of decoder events we support per packet. Power of 2 minus 1 for memory layout

Definition at line 302 of file decode.h.

#define PACKET_FREE_EXTDATA ( p )

Value:

do {                 \
        if ((p)->ext_pkt) {                         \
            if (!((p)->flags & PKT_ZERO_COPY)) {    \
                SCFree((p)->ext_pkt);               \
            }                                       \
            (p)->ext_pkt = NULL;                    \
        }                                           \
    } while(0)

Definition at line 719 of file decode.h.

#define PACKET_INITIALIZE ( p )

Value:

{         \
    SCMutexInit(&(p)->tunnel_mutex, NULL); \
    PACKET_RESET_CHECKSUMS((p)); \
    (p)->livedev = NULL; \
}

Initialize a packet structure for use.

Definition at line 731 of file decode.h.

Referenced by PacketGetFromAlloc().

#define PACKET_PASS ( p ) PACKET_SET_ACTION(p, ACTION_PASS)

Definition at line 855 of file decode.h.

Referenced by ThresholdIPPairTimeoutCheck().

#define PACKET_RECYCLE ( p )

Value:

do { \
        PACKET_RELEASE_REFS((p)); \
        PACKET_REINIT((p)); \
    } while (0)

Definition at line 814 of file decode.h.

Referenced by __attribute__(), DecodeICMPV6(), DecodeIPV4(), DecodeIPV6(), DecodeRaw(), DecodeTCP(), DetectFragBitsRegister(), DetectPortHashFree(), DetectReplaceFreeInternal(), DetectSetupParseRegexes(), SigParseApplyDsizeToContent(), and Unified2AlertInitCtx().

#define PACKET_REINIT ( p )

Recycle a packet structure for reuse.

Definition at line 746 of file decode.h.

Referenced by PacketPoolGetPacket().

#define PACKET_REJECT ( p ) PACKET_SET_ACTION(p, (ACTION_REJECT|ACTION_DROP))

Definition at line 849 of file decode.h.

Referenced by ThresholdIPPairTimeoutCheck().

#define PACKET_REJECT_BOTH ( p ) PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH|ACTION_DROP))

Definition at line 853 of file decode.h.

#define PACKET_REJECT_DST ( p ) PACKET_SET_ACTION(p, (ACTION_REJECT_DST|ACTION_DROP))

Definition at line 851 of file decode.h.

#define PACKET_RELEASE_REFS ( p )

Value:

do {              \
        FlowDeReference(&((p)->flow));          \
        HostDeReference(&((p)->host_src));      \
        HostDeReference(&((p)->host_dst));      \
    } while (0)

Definition at line 737 of file decode.h.

Referenced by PacketPoolReturnPacket(), and TmqhOutputPacketpool().

#define PACKET_RESET_CHECKSUMS ( p )

Value:

do { \
        (p)->level3_comp_csum = -1;   \
        (p)->level4_comp_csum = -1;   \
    } while (0)

reset these to -1(indicates that the packet is fresh from the queue)

Definition at line 713 of file decode.h.

#define PACKET_SET_ACTION	(	p,
		a
	)

Value:

do { \
    ((p)->root ? \
     ((p)->root->action = a) : \
     ((p)->action = a)); \
} while (0)

Definition at line 837 of file decode.h.

#define PACKET_TEST_ACTION	(	p,
		a
	)

Value:

((p)->root ? \
     ((p)->root->action & a) : \
     ((p)->action & a))

Definition at line 857 of file decode.h.

Referenced by AlertJsonHeader(), CaptureStatsUpdate(), DetectDetectionFilterRegister(), DetectIPRepFree(), DetectSignatureApplyActions(), DetectThresholdRegister(), IPFWSetVerdict(), NoWinDivertSupportExit(), PacketAlertFinalize(), ReceiveNFQThreadExitStats(), RejectSendIPv4ICMP(), RejectSendIPv4TCP(), RejectSendIPv6ICMP(), RejectSendIPv6TCP(), RespondRejectFunc(), SCThresholdConfParseFile(), TmModuleDecodeAFPRegister(), and TmModuleDecodeNetmapRegister().

#define PACKET_UPDATE_ACTION	(	p,
		a
	)

Value:

do { \
    ((p)->root ? \
     ((p)->root->action |= a) : \
     ((p)->action |= a)); \
} while (0)

Definition at line 862 of file decode.h.

Referenced by DetectSignatureApplyActions().

#define PKT_ALLOC (1<<3)

Packet was alloc'd this run, needs to be freed

Definition at line 1088 of file decode.h.

Referenced by PacketFreeOrRelease(), PacketGetFromAlloc(), PacketPoolWaitForN(), TmqhOutputPacketpool(), and TmqhOutputSimple().

#define PKT_DETECT_HAS_STREAMDATA (1<<26)

Set by Detect() if raw stream data is available.

Definition at line 1123 of file decode.h.

Referenced by DetectBufferTypeGetByIdTransforms(), PacketCreateMask(), Prefilter(), and SigMatchSignaturesGetSgh().

#define PKT_HAS_FLOW (1<<8)

Definition at line 1093 of file decode.h.

Referenced by DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHostbitFree(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectProtoContainsProto(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FlowHandlePacket(), HtpConfigRestoreBackup(), IPOnlyAddSignature(), PacketCreateMask(), RegisterModbusParsers(), SCSigSignatureOrderingModuleCleanup(), SigMatchSignaturesGetSgh(), SMTPParserCleanup(), StreamTcpPseudoPacketCreateStreamEndPacket(), and UTHAssignFlow().

#define PKT_HAS_TAG (1<<4)

Packet has matched a tag

Definition at line 1089 of file decode.h.

Referenced by AlertJsonHeader(), TagHashAddTag(), TagTimeoutCheck(), and Unified2Condition().

#define PKT_HOST_DST_LOOKED_UP (1<<18)

Definition at line 1106 of file decode.h.

Referenced by DetectIPRepRegister().

#define PKT_HOST_SRC_LOOKED_UP (1<<17)

Definition at line 1105 of file decode.h.

Referenced by DetectIPRepRegister().

#define PKT_IGNORE_CHECKSUM (1<<15)

Packet checksum is not computed (TX packet for example)

Definition at line 1102 of file decode.h.

Referenced by CleanupPcapFileFileVars(), DetectCsumRegister(), StreamTcp(), StreamTcpPacket(), StreamTcpPseudoPacketCreateStreamEndPacket(), TmModuleDecodeAFPRegister(), TmModuleDecodePcapRegister(), and TmModuleDecodePfringRegister().

#define PKT_IS_FRAGMENT (1<<19)

Packet is a fragment

Definition at line 1108 of file decode.h.

Referenced by DecodeIPV4(), DecodeIPV6FragHeader(), IPOnlyMatchPacket(), and SigMatchSignaturesGetSgh().

#define PKT_IS_ICMPV4 ( p ) (((p)->icmpv4h != NULL))

Definition at line 255 of file decode.h.

Referenced by DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectICodeFree(), DetectITypeFree(), FlowGetPacketDirection(), FlowSetupPacket(), and SigMatchSignaturesGetSgh().

#define PKT_IS_ICMPV6 ( p ) (((p)->icmpv6h != NULL))

Definition at line 256 of file decode.h.

Referenced by DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectICodeFree(), and DetectITypeFree().

#define PKT_IS_INVALID (1<<20)

Definition at line 1109 of file decode.h.

Referenced by DecodeIPV4(), PacketDecodeFinalize(), and PacketTunnelPktSetup().

#define PKT_IS_IPV4 ( p ) (((p)->ip4h != NULL))

Definition at line 251 of file decode.h.

Referenced by AFPSetBPFFilter(), AlertFastLogger(), AlertJsonHeader(), Defrag(), DefragGetOsPolicy(), DefragPolicyGetHostTimeout(), DetectFragBitsRegister(), DetectFragOffsetFree(), DetectFragOffsetRegister(), DetectGeoipRegister(), DetectIdFree(), DetectIdRegister(), DetectTemplate2Free(), DetectTemplate2Register(), DetectTemplateRegister(), DetectTosRegister(), DetectTtlFree(), DetectTtlRegister(), FlowHandlePacketUpdate(), FlowInit(), IPOnlyMatchPacket(), JsonFiveTuple(), LogHttpLogger(), PacketAlertGetTag(), ReCalculateChecksum(), RespondRejectFunc(), SCProfilingAddPacket(), SCProfilingPrintPacketProfile(), SigMatchSignaturesGetSgh(), SRepCIDRGetIPRepDst(), SRepCIDRGetIPRepSrc(), StreamTcpPacket(), StreamTcpPseudoSetup(), StreamTcpSetOSPolicy(), TLSGetIPInformations(), and Unified2Logger().

#define PKT_IS_IPV6 ( p ) (((p)->ip6h != NULL))

#define PKT_IS_PSEUDOPKT ( p ) ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH))

return 1 if the packet is a pseudo packet

Definition at line 1132 of file decode.h.

Referenced by DecodeNFQ(), DetectAckRegister(), DetectCsumRegister(), DetectDsizeRegister(), DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFragBitsRegister(), DetectFragOffsetFree(), DetectFragOffsetRegister(), DetectGeoipRegister(), DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectICodeFree(), DetectIdFree(), DetectIdRegister(), DetectITypeFree(), DetectSeqRegister(), DetectTcpmssFree(), DetectTcpmssRegister(), DetectTemplate2Free(), DetectTemplate2Register(), DetectTemplateRegister(), DetectTosRegister(), DetectTtlFree(), DetectTtlRegister(), DetectWindowRegister(), NFQSetVerdict(), NoWinDivertSupportExit(), PacketCreateMask(), StreamTcpFreeConfig(), TmModuleDecodeAFPRegister(), and TmModuleDecodeNetmapRegister().

#define PKT_IS_TCP ( p ) (((p)->tcph != NULL))

Definition at line 253 of file decode.h.

Referenced by AFPSetBPFFilter(), DetectAckRegister(), DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectRpcRegister(), DetectSeqRegister(), DetectStreamSizeRegister(), DetectTcpmssFree(), DetectTcpmssRegister(), DetectWindowRegister(), LogHttpLogger(), PacketCreateMask(), ReCalculateChecksum(), RespondRejectFunc(), StreamTcp(), and TmModuleDecodePfringRegister().

#define PKT_IS_TOCLIENT ( p ) (((p)->flowflags & FLOW_PKT_TOCLIENT))

Definition at line 258 of file decode.h.

Referenced by JsonFiveTuple(), StreamTcpFreeConfig(), StreamTcpPacket(), StreamTcpPseudoPacketCreateStreamEndPacket(), and StreamTcpThreadDeinit().

#define PKT_IS_TOSERVER ( p ) (((p)->flowflags & FLOW_PKT_TOSERVER))

Definition at line 257 of file decode.h.

Referenced by JsonFiveTuple(), PacketSwap(), StreamReassembleRaw(), StreamReassembleRawHasDataReady(), StreamReassembleRawUpdateProgress(), StreamTcpDetectLogFlush(), StreamTcpFreeConfig(), StreamTcpPacket(), StreamTcpPseudoPacketCreateStreamEndPacket(), StreamTcpReassembleHandleSegmentHandleData(), StreamTcpThreadDeinit(), and TLSGetIPInformations().

#define PKT_IS_UDP ( p ) (((p)->udph != NULL))

Definition at line 254 of file decode.h.

Referenced by AFPSetBPFFilter(), DetectRpcRegister(), ReCalculateChecksum(), and TmModuleDecodePfringRegister().

#define PKT_MARK_MODIFIED (1<<11)

Packet mark is modified

Definition at line 1096 of file decode.h.

Referenced by DetectMarkDataFree(), NFQInitConfig(), and NFQSetVerdict().

#define PKT_NOPACKET_INSPECTION (1)

Flag to indicate that packet header or contents should not be inspected

Definition at line 1086 of file decode.h.

Referenced by DetectSignatureApplyActions(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define PKT_NOPAYLOAD_INSPECTION (1<<2)

Flag to indicate that packet contents should not be inspected

Definition at line 1087 of file decode.h.

Referenced by PacketCreateMask(), Prefilter(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define PKT_PROFILE (1<<21)

Definition at line 1110 of file decode.h.

Referenced by SCProfileRuleStart().

#define PKT_PROTO_DETECT_TC_DONE (1<<24)

Definition at line 1118 of file decode.h.

Referenced by AppLayerIncTxCounter(), and FlowHandlePacketUpdate().

#define PKT_PROTO_DETECT_TS_DONE (1<<23)

protocol detection done

Definition at line 1117 of file decode.h.

Referenced by AppLayerIncTxCounter(), and FlowHandlePacketUpdate().

#define PKT_PSEUDO_DETECTLOG_FLUSH (1<<27)

Detect/log flush for protocol upgrade

Definition at line 1125 of file decode.h.

Referenced by StreamTcpPseudoPacketCreateStreamEndPacket().

#define PKT_PSEUDO_STREAM_END (1<<9)

#define PKT_REBUILT_FRAGMENT (1<<25)

Packet is rebuilt from fragments.

Definition at line 1120 of file decode.h.

Referenced by DefragTrackerFreeFrags(), DetectFlowFree(), DetectFlowRegister(), and DetectMarkDataFree().

#define PKT_SET_SRC	(	p,
		src_val
	)	((p)->pkt_src = src_val)

Definition at line 1135 of file decode.h.

Referenced by CleanupPcapFileFileVars(), DecodeGRE(), DecodeIPV4(), DecodeTeredo(), DecodeVXLAN(), DefragTrackerFreeFrags(), FlowForceReassemblyForFlow(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), ReceiveIPFWLoop(), ReceivePfringLoop(), StreamTcpPseudoPacketCreateStreamEndPacket(), TmModuleDecodeAFPRegister(), TmModuleDecodeNetmapRegister(), and TmModuleDecodePcapRegister().

#define PKT_STREAM_ADD (1<<5)

Packet payload was added to reassembled stream

Definition at line 1090 of file decode.h.

Referenced by DetectBufferTypeGetByIdTransforms(), DetectEngineInspectStream(), SigMatchSignaturesGetSgh(), StreamReassembleRawHasDataReady(), StreamReassembleRawUpdateProgress(), and StreamTcpReassembleHandleSegment().

#define PKT_STREAM_EOF (1<<7)

Stream is in eof state

Definition at line 1092 of file decode.h.

Referenced by SigMatchSignaturesGetSgh(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define PKT_STREAM_EST (1<<6)

Packet is part of establised stream

Definition at line 1091 of file decode.h.

Referenced by DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), HtpConfigRestoreBackup(), RegisterModbusParsers(), SCSigSignatureOrderingModuleCleanup(), SigMatchSignaturesGetSgh(), SMTPParserCleanup(), StreamTcpPacket(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define PKT_STREAM_MODIFIED (1<<10)

Packet is modified by the stream engine, we need to recalc the csum and reinject/replace

Definition at line 1095 of file decode.h.

Referenced by CaptureStatsUpdate(), DetectReplaceExecuteInternal(), NFQInitConfig(), NFQSetVerdict(), ReceiveNFQThreadExitStats(), StreamTcpInlineSegmentReplacePacket(), and StreamTcpPacket().

#define PKT_STREAM_NO_EVENTS (1<<28)

Packet is part of stream in known bad condition (loss, wrong thread), so flag it for not setting stream events

Definition at line 1129 of file decode.h.

Referenced by StreamTcpPacket().

#define PKT_STREAM_NOPCAPLOG (1<<12)

Exclude packet from pcap logging as it's part of a stream that has reassembly depth reached.

Definition at line 1097 of file decode.h.

Referenced by StreamTcpPacket().

#define PKT_TUNNEL (1<<13)

Definition at line 1099 of file decode.h.

#define PKT_TUNNEL_VERDICTED (1<<14)

Definition at line 1100 of file decode.h.

#define PKT_WANTS_FLOW (1<<22)

indication by decoder that it feels the packet should be handled by flow engine: Packet::flow_hash will be set

Definition at line 1114 of file decode.h.

Referenced by DecodeIPV4(), FlowSetupPacket(), and TmqhOutputFlowHash().

#define PKT_ZERO_COPY (1<<16)

Packet comes from zero copy (ext_pkt must not be freed)

Definition at line 1103 of file decode.h.

Referenced by PacketSetData().

#define PPP_OVER_GRE 11

Definition at line 1082 of file decode.h.

#define SET_IPV4_DST_ADDR	(	p,
		a
	)

Value:

do {                              \
        (a)->family = AF_INET;                                    \
        (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \
        (a)->addr_data32[1] = 0;                                  \
        (a)->addr_data32[2] = 0;                                  \
        (a)->addr_data32[3] = 0;                                  \
    } while (0)

Definition at line 146 of file decode.h.

Referenced by StreamTcpPseudoSetup().

#define SET_IPV4_SRC_ADDR	(	p,
		a
	)

Value:

do {                              \
        (a)->family = AF_INET;                                    \
        (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \
        (a)->addr_data32[1] = 0;                                  \
        (a)->addr_data32[2] = 0;                                  \
        (a)->addr_data32[3] = 0;                                  \
    } while (0)

Definition at line 138 of file decode.h.

Referenced by StreamTcpPseudoSetup().

#define SET_IPV6_DST_ADDR	(	p,
		a
	)

Value:

do {                    \
        (a)->family = AF_INET6;                         \
        (a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0];  \
        (a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1];  \
        (a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2];  \
        (a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3];  \
    } while (0)

Definition at line 173 of file decode.h.

Referenced by DecodeIPV6FragHeader(), and StreamTcpPseudoSetup().

#define SET_IPV6_SRC_ADDR	(	p,
		a
	)

Value:

do {                    \
        (a)->family = AF_INET6;                         \
        (a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0];  \
        (a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1];  \
        (a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2];  \
        (a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3];  \
    } while (0)

Definition at line 165 of file decode.h.

Referenced by DecodeIPV6FragHeader(), and StreamTcpPseudoSetup().

#define SET_PKT_LEN	(	p,
		len
	)

Value:

do { \
    (p)->pktlen = (len); \
    } while (0)

Definition at line 229 of file decode.h.

Referenced by DefragTrackerFreeFrags(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), PacketCallocExtPkt(), PacketCopyData(), PacketCopyDataOffset(), PacketSetData(), ReceiveErfDagLoop(), StreamTcpPseudoPacketCreateStreamEndPacket(), TmModuleDecodeAFPRegister(), TmModuleDecodePfringRegister(), Unified2AlertInitCtx(), UTHBuildPacketIPV6Real(), and UTHBuildPacketReal().

#define SET_PORT	(	v,
		p
	)	((p) = (v))

Definition at line 236 of file decode.h.

#define SET_SCTP_DST_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(SCTP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 206 of file decode.h.

Referenced by FlowInit().

#define SET_SCTP_SRC_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(SCTP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 202 of file decode.h.

Referenced by FlowInit().

#define SET_TCP_DST_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(TCP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 187 of file decode.h.

Referenced by FlowInit(), and StreamTcpPseudoSetup().

#define SET_TCP_SRC_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(TCP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 183 of file decode.h.

Referenced by FlowInit(), and StreamTcpPseudoSetup().

#define SET_TUNNEL_PKT ( p ) ((p)->flags |= PKT_TUNNEL)

Definition at line 882 of file decode.h.

Referenced by PacketDefragPktSetup(), PacketDefragPktSetupParent(), PacketTunnelPktSetup(), and StreamTcpPseudoSetup().

#define SET_TUNNEL_PKT_VERDICTED ( p ) ((p)->flags |= PKT_TUNNEL_VERDICTED)

Definition at line 887 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define SET_UDP_DST_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(UDP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 196 of file decode.h.

Referenced by FlowInit().

#define SET_UDP_SRC_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(UDP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 193 of file decode.h.

Referenced by FlowInit().

#define SIZE_OF_PACKET (default_packet_size + sizeof(Packet))

#define tcpvars l4vars.tcpvars

Definition at line 518 of file decode.h.

#define TUNNEL_INCR_PKT_RTV_NOLOCK ( p )

Value:

do {                                          \
        ((p)->root ? (p)->root->tunnel_rtv_cnt++ : (p)->tunnel_rtv_cnt++);          \
    } while (0)

Definition at line 868 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define TUNNEL_INCR_PKT_TPR ( p )

Value:

do {                                                 \
        SCMutexLock((p)->root ? &(p)->root->tunnel_mutex : &(p)->tunnel_mutex);     \
        ((p)->root ? (p)->root->tunnel_tpr_cnt++ : (p)->tunnel_tpr_cnt++);          \
        SCMutexUnlock((p)->root ? &(p)->root->tunnel_mutex : &(p)->tunnel_mutex);   \
    } while (0)

Definition at line 872 of file decode.h.

Referenced by PacketDefragPktSetupParent(), PacketTunnelPktSetup(), and StreamTcpPseudoSetup().

#define TUNNEL_PKT_RTV ( p ) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)

Definition at line 878 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define TUNNEL_PKT_TPR ( p ) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)

Definition at line 879 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define UNSET_TUNNEL_PKT ( p ) ((p)->flags &= ~PKT_TUNNEL)

Definition at line 883 of file decode.h.

Referenced by DefragRbFragCompare(), and PacketTunnelPktSetup().

#define VLAN_OVER_GRE 13

Definition at line 1083 of file decode.h.

Typedef Documentation

typedef struct Address_ Address

typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents

Definition at line 105 of file decode.h.

typedef struct AppLayerThreadCtx_ AppLayerThreadCtx

Definition at line 99 of file decode.h.

typedef struct CaptureStats_ CaptureStats

typedef int(* DecoderFunc) (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len, PacketQueue *pq)

Definition at line 955 of file decode.h.

typedef struct DecodeThreadVars_ DecodeThreadVars

Structure to hold thread specific data for all decode modules.

typedef struct Packet_ Packet

typedef struct PacketAlert_ PacketAlert

typedef struct PacketAlerts_ PacketAlerts

typedef struct PacketEngineEvents_ PacketEngineEvents

data structure to store decoder, defrag and stream events

typedef struct PacketQueue_ PacketQueue

typedef struct PktProfiling_ PktProfiling

Per pkt stats storage.

typedef struct PktProfilingAppData_ PktProfilingAppData

typedef struct PktProfilingData_ PktProfilingData

typedef struct PktProfilingDetectData_ PktProfilingDetectData

typedef struct PktProfilingLoggerData_ PktProfilingLoggerData

typedef struct PktProfilingPrefilterData_ PktProfilingPrefilterData

typedef struct PktProfilingPrefilterEngine_ PktProfilingPrefilterEngine

typedef struct PktProfilingTmmData_ PktProfilingTmmData

Per TMM stats storage.

typedef struct PktVar_ PktVar

typedef uint16_t Port

Definition at line 235 of file decode.h.

Enumeration Type Documentation

enum ChecksumValidationMode

Enumerator
CHECKSUM_VALIDATION_DISABLE
CHECKSUM_VALIDATION_ENABLE
CHECKSUM_VALIDATION_AUTO
CHECKSUM_VALIDATION_RXONLY
CHECKSUM_VALIDATION_KERNEL

Definition at line 40 of file decode.h.

enum DecodeTunnelProto

Enumerator
DECODE_TUNNEL_ETHERNET
DECODE_TUNNEL_ERSPAN
DECODE_TUNNEL_VLAN
DECODE_TUNNEL_IPV4
DECODE_TUNNEL_IPV6
DECODE_TUNNEL_IPV6_TEREDO	separate protocol for stricter error handling
DECODE_TUNNEL_PPP

Definition at line 889 of file decode.h.

enum PktSrcEnum

Enumerator
PKT_SRC_WIRE
PKT_SRC_DECODER_GRE
PKT_SRC_DECODER_IPV4
PKT_SRC_DECODER_IPV6
PKT_SRC_DECODER_TEREDO
PKT_SRC_DEFRAG
PKT_SRC_STREAM_TCP_STREAM_END_PSEUDO
PKT_SRC_FFR
PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH
PKT_SRC_DECODER_VXLAN

Definition at line 48 of file decode.h.

Function Documentation

void AppLayerDecoderEventsFreeEvents ( AppLayerDecoderEvents ** events )

Definition at line 148 of file app-layer-events.c.

References SCFree.

Referenced by AppLayerParserStateFree(), DetectEngineThreadCtxInit(), main(), SMTPStateAlloc(), and SSLVersionToString().

Here is the caller graph for this function:

void AppLayerDecoderEventsResetEvents ( AppLayerDecoderEvents * events )

Definition at line 141 of file app-layer-events.c.

References AppLayerDecoderEvents_::cnt.

int DecodeERSPAN	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Function to decode ERSPAN packets.

Definition at line 46 of file decode-erspan.c.

References DecodeThreadVars_::counter_erspan, DecodeEthernet(), ENGINE_SET_EVENT, ERSPAN_HEADER_TOO_SMALL, ERSPAN_TOO_MANY_VLAN_LAYERS, ERSPAN_UNSUPPORTED_VERSION, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, version, Packet_::vlan_id, and Packet_::vlan_idx.

Referenced by DecodeTunnel(), and RegisterAllModules().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeEthernet	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 41 of file decode-ethernet.c.

References DecodeThreadVars_::counter_eth, DCE_PKT_TOO_SMALL, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), ENGINE_ISSET_EVENT, ENGINE_SET_INVALID_EVENT, ETHERNET_DCE_HEADER_LEN, ETHERNET_HEADER_LEN, ETHERNET_PKT_TOO_SMALL, ETHERNET_TYPE_8021QINQ, ETHERNET_TYPE_DCE, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_MPLS_MULTICAST, ETHERNET_TYPE_MPLS_UNICAST, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, Packet_::ethh, FAIL_IF_NOT, FAIL_IF_NULL, PASS, SCFree, SCLogDebug, SCMalloc, SCNtohs, SIZE_OF_PACKET, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeERSPAN(), DecodeEthernet(), DecodeIPV4(), DecodeMPLS(), DecodePcap(), DecodePfring(), DecodeTunnel(), DetectFragBitsRegister(), DetectIPProtoRemoveAllSMs(), DetectReplaceFreeInternal(), DetectSetupParseRegexes(), NapatechDecode(), RegisterAllModules(), TmModuleDecodeNetmapRegister(), Unified2AlertInitCtx(), UTHBuildPacketArrayFromEth(), UTHBuildPacketFromEth(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeGRE	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Function to decode GRE packets.

Todo:: We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.

Todo:: We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.

Definition at line 46 of file decode-gre.c.

References DecodeThreadVars_::counter_gre, DECODE_TUNNEL_ERSPAN, DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_PPP, DECODE_TUNNEL_VLAN, DecodeGRE(), ENGINE_ISSET_EVENT, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_BRIDGE, ETHERNET_TYPE_ERSPAN, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, GRE_CHKSUM_LEN, GRE_FLAG_ISSET_CHKSUM, GRE_FLAG_ISSET_KY, GRE_FLAG_ISSET_RECUR, GRE_FLAG_ISSET_ROUTE, GRE_FLAG_ISSET_SQ, GRE_FLAG_ISSET_SSR, GRE_GET_PROTO, GRE_GET_VERSION, GRE_HDR_LEN, GRE_KEY_LEN, GRE_OFFSET_LEN, GRE_PKT_TOO_SMALL, GRE_PROTO_PPP, GRE_SEQ_LEN, GRE_SRE_HDR_LEN, GRE_VERSION0_FLAGS, GRE_VERSION0_HDR_TOO_BIG, GRE_VERSION0_MALFORMED_SRE_HDR, GRE_VERSION0_RECUR, GRE_VERSION1_CHKSUM, GRE_VERSION1_FLAGS, GRE_VERSION1_HDR_TOO_BIG, GRE_VERSION1_NO_KEY, GRE_VERSION1_RECUR, GRE_VERSION1_ROUTE, GRE_VERSION1_SSR, GRE_VERSION1_WRONG_PROTOCOL, GRE_VERSION_0, GRE_VERSION_1, GRE_WRONG_VERSION, Packet_::greh, GREV1_ACK_LEN, GREV1_FLAG_ISSET_ACK, GREV1_FLAG_ISSET_FLAGS, PacketEnqueue(), PacketGetFromAlloc(), PacketTunnelPktSetup(), PKT_SET_SRC, PKT_SRC_DECODER_GRE, SCFree, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeGRE(), DecodeIPV4(), and DecodeIPV6().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeICMPV4	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len,
		PacketQueue *	pq
	)

Main ICMPv4 decoding function.

DecodeICMPV4

Definition at line 155 of file decode-icmpv4.c.

References DecodeThreadVars_::counter_icmpv4, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FlowSetupPacket(), Packet_::icmp_d, Packet_::icmp_s, ICMPV4_HEADER_LEN, ICMPV4_HEADER_PKT_OFFSET, ICMPV4_PKT_TOO_SMALL, ICMPV4_UNKNOWN_CODE, ICMPV4_UNKNOWN_TYPE, ICMPv4GetCounterpart(), Packet_::icmpv4h, Packet_::icmpv4vars, ICMPV4ExtHdr_::id, ICMPV4Vars_::id, Packet_::payload, Packet_::payload_len, Packet_::proto, SCLogDebug, ICMPV4ExtHdr_::seq, ICMPV4Vars_::seq, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeIPV4(), DetectIcmpIdFree(), and ICMPv4GetCounterpart().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeICMPV6	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len,
		PacketQueue *	pq
	)

Decode ICMPV6 packets and fill the Packet with the decoded info.

Parameters

tv	Pointer to the thread variables
dtv	Pointer to the decode thread variables
p	Pointer to the packet we are filling
pkt	Pointer to the raw packet buffer
len	the len of the rest of the packet not processed yet
pq	the packet queue were this packet go

Return values

void	No return value

Definition at line 189 of file decode-icmpv6.c.

References CERT_PATH_ADVERT, CERT_PATH_SOLICIT, ICMPV6Hdr_::code, DecodeThreadVars_::counter_icmpv6, DecodeIPV6(), DUPL_ADDR_CONFIRM, DUPL_ADDR_REQUEST, ICMPV6Vars_::emb_ip6_dst, ICMPV6Vars_::emb_ip6_src, ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ICMPV6Vars_::error_ptr, FAIL, FAIL_IF, FAIL_IF_NULL, FLOW_QUIET, FlowInitConfig(), FlowSetupPacket(), FlowShutdown(), FMIPV6_MSG, HOME_AGENT_AD_REPLY, HOME_AGENT_AD_REQUEST, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_REJECTROUTE, ICMP6_ECHO_REPLY, ICMP6_ECHO_REQUEST, ICMP6_MOBILE_EXPERIMENTAL, ICMP6_NI_QUERY, ICMP6_NI_REPLY, ICMP6_PACKET_TOO_BIG, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, ICMP6_RR, ICMP6_TIME_EXCEED_REASSEMBLY, ICMP6_TIME_EXCEEDED, Packet_::icmp_d, Packet_::icmp_s, ICMPV6_EXPERIMENTATION_TYPE, ICMPV6_GET_CODE, ICMPV6_GET_EMB_IPV6, ICMPV6_GET_EMB_PROTO, ICMPV6_GET_ERROR_PTR, ICMPV6_GET_ID, ICMPV6_GET_MTU, ICMPV6_GET_SEQ, ICMPV6_GET_TYPE, ICMPV6_HEADER_LEN, ICMPV6_IPV6_TRUNC_PKT, ICMPV6_IPV6_UNKNOWN_VER, ICMPV6_MLD_MESSAGE_WITH_INVALID_HL, ICMPV6_PKT_TOO_SMALL, ICMPV6_UNASSIGNED_TYPE, ICMPV6_UNKNOWN_CODE, ICMPV6_UNKNOWN_TYPE, ICMPV6Hdr_::icmpv6b, ICMPv6GetCounterpart(), Packet_::icmpv6h, ICMPV6Hdr_::icmpv6i, Packet_::icmpv6vars, ICMPV6Info_::id, ICMPV6Vars_::id, Packet_::ip6h, IPV6_GET_HLIM, IPV6_GET_RAW_PLEN, IPV6_HEADER_LEN, LOCATOR_UDATE_MSG, MC_ROUTER_ADVERT, MC_ROUTER_SOLICIT, MC_ROUTER_TERMINATE, MLD_LISTENER_QUERY, MLD_LISTENER_REDUCTION, MLD_LISTENER_REPORT, MLD_V2_LIST_REPORT, MOBILE_PREFIX_ADVERT, MOBILE_PREFIX_SOLICIT, MPL_CONTROL_MSG, ICMPV6Vars_::mtu, ND_INVERSE_ADVERT, ND_INVERSE_SOLICIT, ND_NEIGHBOR_ADVERT, ND_NEIGHBOR_SOLICIT, ND_REDIRECT, ND_ROUTER_ADVERT, ND_ROUTER_SOLICIT, PACKET_RECYCLE, PASS, Packet_::payload, Packet_::payload_len, Packet_::proto, RPL_CONTROL_MSG, SCFree, SCLogDebug, SCMalloc, SCNtohs, ICMPV6Info_::seq, ICMPV6Vars_::seq, SIZE_OF_PACKET, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, ICMPV6Hdr_::type, and unlikely.

Referenced by DecodeIPV6(), and DecodeIPV6FragHeader().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeIPV4	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint16_t	,
		PacketQueue *
	)

Definition at line 532 of file decode-ipv4.c.

References DecodeThreadVars_::counter_ipv4, DECODE_TUNNEL_IPV6, DecodeEthernet(), DecodeGRE(), DecodeICMPV4(), DecodeIPV4(), DecodeSCTP(), DecodeTCP(), DecodeUDP(), Defrag(), DefragDestroy(), DefragInit(), ENGINE_SET_INVALID_EVENT, ETHERNET_HEADER_LEN, FAIL_IF, FAIL_IF_NULL, Packet_::flags, Packet_::flow_hash, FLOW_QUIET, FlowInitConfig(), FlowSetupPacket(), FlowShutdown(), GET_IPV4_DST_ADDR_PTR, GET_IPV4_SRC_ADDR_PTR, GET_PKT_DATA, GET_PKT_LEN, Packet_::ip4h, IPPROTO_GRE, IPV4_GET_DF, IPV4_GET_HLEN, IPV4_GET_IPID, IPV4_GET_IPLEN, IPV4_GET_IPOFFSET, IPV4_GET_IPPROTO, IPV4_GET_MF, IPV4_GET_RF, IPV4_OPT_CIPSO, IPV4_OPT_EOL, IPV4_OPT_LSRR, IPV4_OPT_NOP, IPV4_OPT_QS, IPV4_OPT_RR, IPV4_OPT_RTRALT, IPV4_OPT_SEC, IPV4_OPT_SID, IPV4_OPT_SSRR, IPV4_OPT_TS, IPV4_WITH_ICMPV6, IPV4Options_::o_cipso, IPV4Options_::o_lsrr, IPV4Options_::o_qs, IPV4Options_::o_rr, IPV4Options_::o_rtralt, IPV4Options_::o_sec, IPV4Options_::o_sid, IPV4Options_::o_ssrr, IPV4Options_::o_ts, PACKET_RECYCLE, PacketCopyData(), PacketDequeue(), PacketEnqueue(), PacketGetFromAlloc(), PacketTunnelPktSetup(), PASS, PKT_IS_FRAGMENT, PKT_IS_INVALID, PKT_SET_SRC, PKT_SRC_DECODER_IPV4, PKT_WANTS_FLOW, PPP_VJ_UCOMP, Packet_::ppph, PrintInet(), Packet_::proto, Packet_::recursion_level, SCFree, SCLogDebug, SCLogDebugEnabled(), SCMalloc, SCNtohs, SIZE_OF_PACKET, StatsIncr(), Packet_::tcph, TM_ECODE_FAILED, TM_ECODE_OK, IPV4Opt_::type, and unlikely.

Referenced by DecodeEthernet(), DecodeIPFW(), DecodeIPV4(), DecodeMPLS(), DecodeNFQ(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), DecodeVLAN(), DefragRbFragCompare(), NoNFLOGSupportExit(), and NoWinDivertSupportExit().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeIPV6	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint16_t	,
		PacketQueue *
	)

Definition at line 585 of file decode-ipv6.c.

References DecodeThreadVars_::counter_ipv6, DecodeGRE(), DecodeICMPV6(), DecodeIPV6(), DecodeSCTP(), DecodeTCP(), DecodeUDP(), Defrag(), DefragDestroy(), DefragInit(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, FAIL_IF, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), GET_IPV6_DST_ADDR, GET_IPV6_SRC_ADDR, GET_PKT_DATA, GET_PKT_LEN, Packet_::ip6eh, Packet_::ip6h, IPPROTO_GRE, IPV6_EXTHDR_ISSET_FH, IPV6_EXTHDR_ISSET_RH, IPV6_GET_CLASS, IPV6_GET_FLOW, IPV6_GET_HLIM, IPV6_GET_L4PROTO, IPV6_GET_NH, IPV6_GET_PLEN, IPV6_HEADER_LEN, IPV6_HOPOPTS_UNKNOWN_OPT, IPV6_SET_L4PROTO, IPV6_UNKNOWN_NEXT_HEADER, IPV6_WITH_ICMPV4, PacketQueue_::len, PACKET_RECYCLE, PacketCopyData(), PacketDequeue(), PacketEnqueue(), PacketGetFromAlloc(), PASS, PrintInet(), Packet_::proto, IPV6ExtHdrs_::rh_type, SCFree, SCLogDebug, SCLogDebugEnabled(), StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeEthernet(), DecodeICMPV6(), DecodeIPFW(), DecodeIPV6(), DecodeMPLS(), DecodeNFQ(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), DecodeVLAN(), DefragRbFragCompare(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), and SigParseApplyDsizeToContent().

Here is the call graph for this function:

Here is the caller graph for this function:

void DecodeIPV6FragHeader	(	Packet *	p,
		const uint8_t *	pkt,
		uint16_t	hdrextlen,
		uint16_t	plen,
		uint16_t	prev_hdrextlen
	)

Definition at line 105 of file decode-ipv6.c.

References DecodeICMPV6(), DecodeIPV6FragHeader(), DecodeSCTP(), DecodeTCP(), DecodeUDP(), Packet_::dst, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FALSE, IPV6ExtHdrs_::fh_data_len, IPV6ExtHdrs_::fh_data_offset, IPV6ExtHdrs_::fh_header_offset, IPV6ExtHdrs_::fh_id, IPV6ExtHdrs_::fh_more_frags_set, IPV6ExtHdrs_::fh_nh, IPV6ExtHdrs_::fh_offset, IPV6ExtHdrs_::fh_prev_hdr_offset, Packet_::flags, GET_PKT_DATA, Packet_::ip6eh, Packet_::ip6h, IPV6OptHAO_::ip6hao_hoa, IPV6OptHAO_::ip6hao_len, IPV6OptHAO_::ip6hao_type, IPV6OptJumbo_::ip6j_len, IPV6OptJumbo_::ip6j_payload_len, IPV6OptJumbo_::ip6j_type, IPV6OptRA_::ip6ra_len, IPV6OptRA_::ip6ra_type, IPV6OptRA_::ip6ra_value, ip6rh_type, IP_GET_RAW_VER, IPV6_DATA_AFTER_NONE_HEADER, IPV6_DSTOPTS_ONLY_PADDING, IPV6_DSTOPTS_UNKNOWN_OPT, IPV6_EXTHDR_AH_RES_NOT_NULL, IPV6_EXTHDR_DUPL_AH, IPV6_EXTHDR_DUPL_DH, IPV6_EXTHDR_DUPL_EH, IPV6_EXTHDR_DUPL_FH, IPV6_EXTHDR_DUPL_HH, IPV6_EXTHDR_DUPL_RH, IPV6_EXTHDR_INVALID_OPTLEN, IPV6_EXTHDR_ISSET_FH, IPV6_EXTHDR_RH_TYPE_0, IPV6_EXTHDR_SET_FH, IPV6_EXTHDR_SET_RH, IPV6_EXTHDR_USELESS_FH, IPV6_EXTHDR_ZERO_LEN_PADN, IPV6_FH_NON_ZERO_RES_FIELD, IPV6_GET_NH, IPV6_GET_PLEN, IPV6_HEADER_LEN, IPV6_HOPOPTS_ONLY_PADDING, IPV6_HOPOPTS_UNKNOWN_OPT, IPV6_SET_EXTHDRS_LEN, IPV6_SET_L4PROTO, IPV6_TRUNC_EXTHDR, IPV6_TRUNC_PKT, IPV6_UNKNOWN_NEXT_HEADER, IPV6_WITH_ICMPV4, IPV6_WRONG_IP_VER, IPV6OPT_HAO, IPV6OPT_JUMBO, IPV6OPT_PAD1, IPV6OPT_PADN, IPV6OPT_RA, len, offset, PKT_IS_FRAGMENT, IPV6ExtHdrs_::rh_type, SCEnter, SCLogDebug, SCNtohl, SCNtohs, SCReturn, SET_IPV6_DST_ADDR, SET_IPV6_SRC_ADDR, Packet_::src, TRUE, and unlikely.

Referenced by DecodeIPV6FragHeader().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeMPLS	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 47 of file decode-mpls.c.

References DecodeThreadVars_::counter_mpls, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FAIL_IF, FAIL_IF_NOT, FAIL_IF_NULL, MPLS_BAD_LABEL_IMPLICIT_NULL, MPLS_BAD_LABEL_RESERVED, MPLS_BAD_LABEL_ROUTER_ALERT, MPLS_BOTTOM, MPLS_HEADER_LEN, MPLS_HEADER_TOO_SMALL, MPLS_LABEL, MPLS_LABEL_IPV4, MPLS_LABEL_IPV6, MPLS_LABEL_NULL, MPLS_LABEL_ROUTER_ALERT, MPLS_MAX_RESERVED_LABEL, MPLS_PKT_TOO_SMALL, MPLS_PROTO_ETHERNET_PW, MPLS_PROTO_IPV4, MPLS_PROTO_IPV6, MPLS_PW_LEN, MPLS_UNKNOWN_PAYLOAD_TYPE, PASS, SCCalloc, SCFree, SCMalloc, SIZE_OF_PACKET, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeEthernet(), DecodeMPLS(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeNull	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 48 of file decode-null.c.

References DecodeThreadVars_::counter_null, DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, HDR_SIZE, LTNULL_PKT_TOO_SMALL, LTNULL_UNSUPPORTED_TYPE, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, type, and unlikely.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodePPP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 43 of file decode-ppp.c.

References DecodeThreadVars_::counter_ppp, DecodeIPV4(), DecodeIPV6(), DecodePPP(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV4_TRUNC_PKT, IPV6_HEADER_LEN, likely, PacketGetFromAlloc(), PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HEADER_LEN, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_PKT_TOO_SMALL, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, Packet_::ppph, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPVJU_PKT_TOO_SMALL, SCFree, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeAFP(), DecodePcap(), DecodePPP(), DecodeTunnel(), RegisterAllModules(), Unified2AlertInitCtx(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodePPPOEDiscovery	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Main decoding function for PPPOE Discovery packets.

Definition at line 50 of file decode-pppoe.c.

References DecodeThreadVars_::counter_pppoe, ENGINE_SET_INVALID_EVENT, PPPOE_CODE_PADI, PPPOE_CODE_PADO, PPPOE_CODE_PADR, PPPOE_CODE_PADS, PPPOE_CODE_PADT, PPPOE_DISCOVERY_HEADER_MIN_LEN, pppoe_length, PPPOE_MALFORMED_TAGS, PPPOE_PKT_TOO_SMALL, PPPOE_WRONG_CODE, Packet_::pppoedh, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, and TM_ECODE_OK.

Referenced by DecodeEthernet(), DecodePPPOESession(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodePPPOESession	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Main decoding function for PPPOE Session packets.

Definition at line 130 of file decode-pppoe.c.

References DecodeThreadVars_::counter_pppoe, DecodeIPV4(), DecodeIPV6(), DecodePPPOEDiscovery(), DecodePPPOESession(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), ICMPV4_UNKNOWN_TYPE, IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV6_HEADER_LEN, PacketGetFromAlloc(), PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, Packet_::ppph, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPOESessionHdr_::pppoe_code, PPPOE_DISCOVERY_GET_TYPE, PPPOE_DISCOVERY_GET_VERSION, PPPOESessionHdr_::pppoe_length, PPPOE_MALFORMED_TAGS, PPPOE_PKT_TOO_SMALL, PPPOE_SESSION_GET_TYPE, PPPOE_SESSION_GET_VERSION, PPPOE_SESSION_HEADER_LEN, PPPOESessionHdr_::pppoe_version_type, PPPOE_WRONG_CODE, Packet_::pppoedh, Packet_::pppoesh, PPPVJU_PKT_TOO_SMALL, PPPOESessionHdr_::protocol, SCFree, SCLogDebug, SCNtohs, PPPOESessionHdr_::session_id, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeEthernet(), DecodePPPOESession(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeRaw	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 46 of file decode-raw.c.

References DecodeThreadVars_::counter_raw, DecodeIPV4(), DecodeIPV6(), DecodeRaw(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), GET_PKT_DATA, GET_PKT_LEN, Packet_::ip4h, Packet_::ip6h, IP_GET_RAW_VER, IPRAW_INVALID_IPV, IPV4_HEADER_LEN, IPV4_PKT_TOO_SMALL, PACKET_RECYCLE, PacketCopyData(), PacketGetFromAlloc(), SCFree, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeAFP(), DecodePcap(), DecodeRaw(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeSCTP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint16_t	,
		PacketQueue *
	)

Definition at line 62 of file decode-sctp.c.

References DecodeThreadVars_::counter_sctp, FlowSetupPacket(), SCLogDebug, SCTP_GET_DST_PORT, SCTP_GET_SRC_PORT, Packet_::sctph, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeIPV4(), DecodeIPV6(), and DecodeIPV6FragHeader().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeSll	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 39 of file decode-sll.c.

References DecodeThreadVars_::counter_sll, DecodeIPV4(), DecodeIPV6(), DecodeVLAN(), ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, SCLogDebug, SCNtohs, SLL_HEADER_LEN, SLL_PKT_TOO_SMALL, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeTCP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint16_t	,
		PacketQueue *
	)

Definition at line 233 of file decode-tcp.c.

References DecodeThreadVars_::counter_tcp, DecodeTCP(), Packet_::dst, FAIL_IF, Address_::family, FLOW_QUIET, FlowInitConfig(), FlowSetupPacket(), FlowShutdown(), GET_TCP_DST_PORT, GET_TCP_SRC_PORT, Packet_::ip4h, PACKET_RECYCLE, PacketGetFromAlloc(), PASS, SCFree, SCLogDebug, Packet_::src, StatsIncr(), TCP_GET_HLEN, TCP_GET_SACK_CNT, TCP_GET_SACK_PTR, TCP_GET_WSCALE, TCP_HAS_MSS, TCP_HAS_SACK, TCP_HAS_SACKOK, TCP_HAS_TFO, TCP_HAS_TS, TCP_HAS_WSCALE, Packet_::tcph, TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeIPV4(), DecodeIPV6(), DecodeIPV6FragHeader(), and DecodeTCP().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeTEMPLATE	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len,
		PacketQueue *	pq
	)

Function to decode TEMPLATE packets.

Parameters

tv	thread vars
dtv	decoder thread vars
p	packet
pkt	raw packet data
len	length in bytes of pkt array

Return values

TM_ECODE_OK or TM_ECODE_FAILED on serious error

Definition at line 49 of file decode-template.c.

References DecodeUDP(), TM_ECODE_FAILED, and TM_ECODE_OK.

Here is the call graph for this function:

int DecodeUDP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint16_t	,
		PacketQueue *
	)

Definition at line 74 of file decode-udp.c.

References DecodeThreadVars_::counter_udp, DecodeTeredo(), DecodeVXLAN(), DecodeVXLANEnabledForPort(), Packet_::dp, FAIL_IF, FlowSetupPacket(), PASS, Packet_::payload, Packet_::payload_len, SCLogDebug, Packet_::sp, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, UDP_GET_DST_PORT, UDP_GET_SRC_PORT, UDP_HEADER_LEN, Packet_::udph, and unlikely.

Referenced by DecodeIPV4(), DecodeIPV6(), DecodeIPV6FragHeader(), DecodeTEMPLATE(), and DecodeVXLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeVLAN	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 62 of file decode-vlan.c.

References DecodeThreadVars_::counter_vlan, DecodeThreadVars_::counter_vlan_qinq, DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_8021AD, ETHERNET_TYPE_8021AH, ETHERNET_TYPE_ARP, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_MPLS_MULTICAST, ETHERNET_TYPE_MPLS_UNICAST, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, GET_VLAN_CFI, GET_VLAN_ID, GET_VLAN_PRIORITY, GET_VLAN_PROTO, proto, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, unlikely, VLAN_HEADER_LEN, VLAN_HEADER_TOO_MANY_LAYERS, VLAN_HEADER_TOO_SMALL, Packet_::vlan_id, Packet_::vlan_idx, and VLAN_UNKNOWN_TYPE.

Referenced by __attribute__(), DecodeEthernet(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeVXLAN	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len,
		PacketQueue *	pq
	)

Parameters

pkt	payload data directly above UDP header
len	length in bytes of pkt

Definition at line 119 of file decode-vxlan.c.

References DecodeThreadVars_::counter_vxlan, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DecodeUDP(), ETHERNET_HEADER_LEN, ETHERNET_TYPE_ARP, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, FAIL_IF, FAIL_IF_NOT, FAIL_IF_NULL, VXLANHeader_::flags, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), PacketDequeue(), PacketEnqueue(), PacketFree(), PacketGetFromAlloc(), PacketTunnelPktSetup(), PASS, PKT_SET_SRC, PKT_SRC_DECODER_VXLAN, VXLANHeader_::res, SCLogDebug, SCNtohs, SIZE_OF_PACKET, Packet_::sp, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, PacketQueue_::top, Packet_::udph, unlikely, VXLANHeader_::vni, and VXLAN_HEADER_LEN.

Referenced by DecodeUDP().

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

uint32_t default_packet_size

Definition at line 617 of file decode.h.

Referenced by AFPGetLinkType(), AFPSetBPFFilter(), PacketCopyDataOffset(), PostRunDeinit(), ReceivePfringThreadInit(), RunUnittests(), and TmModuleDecodeNetmapRegister().

int g_default_mtu

highest mtu of the interfaces we monitor

Definition at line 224 of file suricata.c.

Referenced by PostRunDeinit().

Enumerations
enum	ChecksumValidationMode { CHECKSUM_VALIDATION_DISABLE, CHECKSUM_VALIDATION_ENABLE, CHECKSUM_VALIDATION_AUTO, CHECKSUM_VALIDATION_RXONLY, CHECKSUM_VALIDATION_KERNEL }

enum	PktSrcEnum { PKT_SRC_WIRE = 1, PKT_SRC_DECODER_GRE, PKT_SRC_DECODER_IPV4, PKT_SRC_DECODER_IPV6, PKT_SRC_DECODER_TEREDO, PKT_SRC_DEFRAG, PKT_SRC_STREAM_TCP_STREAM_END_PSEUDO, PKT_SRC_FFR, PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH, PKT_SRC_DECODER_VXLAN }

enum	DecodeTunnelProto { DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_ERSPAN, DECODE_TUNNEL_VLAN, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_IPV6_TEREDO, DECODE_TUNNEL_PPP }

Data Structures

Macros

Typedefs

Enumerations

Functions

Variables

Detailed Description

Macro Definition Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation

Variable Documentation