#include "suricata-common.h"
#include "suricata-plugin.h"
#include "threadvars.h"
#include "util-debug.h"
#include "decode-events.h"
#include "util-exception-policy-types.h"
#include "flow-worker.h"
#include "app-layer-protos.h"
#include "util-napatech.h"
#include "source-nflog.h"
#include "source-nfq.h"
#include "source-ipfw.h"
#include "source-pcap.h"
#include "source-af-packet.h"
#include "source-netmap.h"
#include "source-windivert.h"
#include "decode-ethernet.h"
#include "decode-gre.h"
#include "decode-ppp.h"
#include "decode-pppoe.h"
#include "decode-ipv4.h"
#include "decode-ipv6.h"
#include "decode-icmpv4.h"
#include "decode-icmpv6.h"
#include "decode-tcp.h"
#include "decode-udp.h"
#include "decode-sctp.h"
#include "decode-esp.h"
#include "decode-vlan.h"
#include "decode-mpls.h"

Include dependency graph for decode.h:

Data Structures
struct	Address_

struct	PacketAlert_

struct	PacketAlerts_

struct	PacketEngineEvents_

struct	PktVar_

struct	PktProfilingTmmData_
	Per TMM stats storage. More...

struct	PktProfilingData_

struct	PktProfilingDetectData_

struct	PktProfilingAppData_

struct	PktProfilingLoggerData_

struct	PktProfilingPrefilterEngine_

struct	PktProfilingPrefilterData_

struct	PktProfiling_
	Per pkt stats storage. More...

struct	Packet_

struct	DecodeThreadVars_
	Structure to hold thread specific data for all decode modules. More...

Macros
#define	COUNTERS

#define	addr_data32 address.address_un_data32

#define	addr_data16 address.address_un_data16

#define	addr_data8 address.address_un_data8

#define	addr_in6addr address.address_un_in6

#define	COPY_ADDRESS(a, b)

#define	SET_IPV4_SRC_ADDR(p, a)

#define	SET_IPV4_DST_ADDR(p, a)

#define	SET_IPV6_SRC_ADDR(p, a)

#define	SET_IPV6_DST_ADDR(p, a)

#define	SET_TCP_SRC_PORT(pkt, prt)

#define	SET_TCP_DST_PORT(pkt, prt)

#define	SET_UDP_SRC_PORT(pkt, prt)

#define	SET_UDP_DST_PORT(pkt, prt)

#define	SET_SCTP_SRC_PORT(pkt, prt)

#define	SET_SCTP_DST_PORT(pkt, prt)

#define	GET_IPV4_SRC_ADDR_U32(p) ((p)->src.addr_data32[0])

#define	GET_IPV4_DST_ADDR_U32(p) ((p)->dst.addr_data32[0])

#define	GET_IPV4_SRC_ADDR_PTR(p) ((p)->src.addr_data32)

#define	GET_IPV4_DST_ADDR_PTR(p) ((p)->dst.addr_data32)

#define	GET_IPV6_SRC_IN6ADDR(p) ((p)->src.addr_in6addr)

#define	GET_IPV6_DST_IN6ADDR(p) ((p)->dst.addr_in6addr)

#define	GET_IPV6_SRC_ADDR(p) ((p)->src.addr_data32)

#define	GET_IPV6_DST_ADDR(p) ((p)->dst.addr_data32)

#define	GET_TCP_SRC_PORT(p) ((p)->sp)

#define	GET_TCP_DST_PORT(p) ((p)->dp)

#define	GET_PKT_LEN(p) (p)->pktlen

#define	GET_PKT_DATA(p) (((p)->ext_pkt == NULL) ? GET_PKT_DIRECT_DATA(p) : (p)->ext_pkt)

#define	GET_PKT_DIRECT_DATA(p) (p)->pkt_data

#define	GET_PKT_DIRECT_MAX_SIZE(p) (default_packet_size)

#define	SET_PKT_LEN(p, len)

#define	SET_PORT(v, p) ((p) = (v))

#define	COPY_PORT(a, b) ((b) = (a))

#define	CMP_ADDR(a1, a2)

#define	CMP_PORT(p1, p2) ((p1) == (p2))

#define	IP_GET_RAW_VER(pkt) ((((pkt)[0] & 0xf0) >> 4))

#define	PKT_IS_IPV4(p) (((p)->ip4h != NULL))

#define	PKT_IS_IPV6(p) (((p)->ip6h != NULL))

#define	PKT_IS_TCP(p) (((p)->tcph != NULL))

#define	PKT_IS_UDP(p) (((p)->udph != NULL))

#define	PKT_IS_ICMPV4(p) (((p)->icmpv4h != NULL))

#define	PKT_IS_ICMPV6(p) (((p)->icmpv6h != NULL))

#define	PKT_IS_TOSERVER(p) (((p)->flowflags & FLOW_PKT_TOSERVER))

#define	PKT_IS_TOCLIENT(p) (((p)->flowflags & FLOW_PKT_TOCLIENT))

#define	IPH_IS_VALID(p) (PKT_IS_IPV4((p)) \|\| PKT_IS_IPV6((p)))

#define	IP_GET_IPPROTO(p)

#define	PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW 0x1

#define	PACKET_ALERT_FLAG_STATE_MATCH 0x02

#define	PACKET_ALERT_FLAG_STREAM_MATCH 0x04

#define	PACKET_ALERT_FLAG_TX 0x08

#define	PACKET_ALERT_RATE_FILTER_MODIFIED 0x10

#define	PACKET_ALERT_FLAG_FRAME 0x20

#define	PACKET_ALERT_MAX 15

#define	PACKET_ENGINE_EVENT_MAX 15

#define	tcpvars l4vars.tcpvars

#define	icmpv4vars l4vars.icmpv4vars

#define	icmpv6vars l4vars.icmpv6vars

#define	DEFAULT_MTU 1500

#define	MINIMUM_MTU 68

#define	DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN)

#define	MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28)

#define	SIZE_OF_PACKET (default_packet_size + sizeof(Packet))

#define	PACKET_CLEAR_L4VARS(p)

#define	PACKET_RESET_CHECKSUMS(p)
	reset these to -1(indicates that the packet is fresh from the queue) More...

#define	PACKET_FREE_EXTDATA(p)

#define	TUNNEL_INCR_PKT_RTV_NOLOCK(p)

#define	TUNNEL_PKT_RTV(p) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)

#define	TUNNEL_PKT_TPR(p) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)

#define	ENGINE_SET_EVENT(p, e)

#define	ENGINE_SET_INVALID_EVENT(p, e)

#define	ENGINE_ISSET_EVENT(p, e)

#define	IPPROTO_IPIP 4

#define	IPPROTO_DCCP 33

#define	IPPROTO_SCTP 132

#define	IPPROTO_MH 135

#define	IPPROTO_HIP 139

#define	IPPROTO_SHIM6 140

#define	DLT_EN10MB 1

#define	DLT_C_HDLC 104

#define	DLT_RAW 12 /* raw IP */

#define	DLT_NULL 0

#define	LINKTYPE_NULL DLT_NULL

#define	LINKTYPE_ETHERNET DLT_EN10MB

#define	LINKTYPE_LINUX_SLL 113

#define	LINKTYPE_PPP 9

#define	LINKTYPE_RAW DLT_RAW

#define	LINKTYPE_RAW2 101

#define	LINKTYPE_IPV4 228

#define	LINKTYPE_IPV6 229

#define	LINKTYPE_GRE_OVER_IP 778

#define	LINKTYPE_CISCO_HDLC DLT_C_HDLC

#define	PPP_OVER_GRE 11

#define	VLAN_OVER_GRE 13

#define	PKT_NOPACKET_INSPECTION BIT_U32(0)

#define	PKT_PPP_VJ_UCOMP BIT_U32(1)

#define	PKT_NOPAYLOAD_INSPECTION BIT_U32(2)

#define	PKT_HAS_TAG BIT_U32(4)

#define	PKT_STREAM_ADD BIT_U32(5)

#define	PKT_STREAM_EST BIT_U32(6)

#define	PKT_STREAM_EOF BIT_U32(7)

#define	PKT_HAS_FLOW BIT_U32(8)

#define	PKT_PSEUDO_STREAM_END BIT_U32(9)

#define	PKT_STREAM_MODIFIED BIT_U32(10)

#define	PKT_STREAM_NOPCAPLOG BIT_U32(12)

#define	PKT_IGNORE_CHECKSUM BIT_U32(15)

#define	PKT_ZERO_COPY BIT_U32(16)

#define	PKT_HOST_SRC_LOOKED_UP BIT_U32(17)

#define	PKT_HOST_DST_LOOKED_UP BIT_U32(18)

#define	PKT_IS_FRAGMENT BIT_U32(19)

#define	PKT_IS_INVALID BIT_U32(20)

#define	PKT_PROFILE BIT_U32(21)

#define	PKT_WANTS_FLOW BIT_U32(22)

#define	PKT_PROTO_DETECT_TS_DONE BIT_U32(23)

#define	PKT_PROTO_DETECT_TC_DONE BIT_U32(24)

#define	PKT_REBUILT_FRAGMENT BIT_U32(25)

#define	PKT_DETECT_HAS_STREAMDATA BIT_U32(26)

#define	PKT_PSEUDO_DETECTLOG_FLUSH BIT_U32(27)

#define	PKT_STREAM_NO_EVENTS BIT_U32(28)

#define	PKT_FIRST_ALERTS BIT_U32(29)

#define	PKT_FIRST_TAG BIT_U32(30)

#define	PKT_IS_PSEUDOPKT(p) ((p)->flags & (PKT_PSEUDO_STREAM_END\|PKT_PSEUDO_DETECTLOG_FLUSH))
	return 1 if the packet is a pseudo packet More...

#define	PKT_SET_SRC(p, src_val) ((p)->pkt_src = src_val)

#define	PKT_DEFAULT_MAX_DECODED_LAYERS 16

Typedefs
typedef struct AppLayerThreadCtx_	AppLayerThreadCtx

typedef struct AppLayerDecoderEvents_	AppLayerDecoderEvents

typedef struct Address_	Address

typedef uint16_t	Port

typedef struct PacketAlert_	PacketAlert

typedef struct PacketAlerts_	PacketAlerts

typedef struct PacketEngineEvents_	PacketEngineEvents

typedef struct PktVar_	PktVar

typedef struct PktProfilingTmmData_	PktProfilingTmmData
	Per TMM stats storage. More...

typedef struct PktProfilingData_	PktProfilingData

typedef struct PktProfilingDetectData_	PktProfilingDetectData

typedef struct PktProfilingAppData_	PktProfilingAppData

typedef struct PktProfilingLoggerData_	PktProfilingLoggerData

typedef struct PktProfilingPrefilterEngine_	PktProfilingPrefilterEngine

typedef struct PktProfilingPrefilterData_	PktProfilingPrefilterData

typedef struct PktProfiling_	PktProfiling
	Per pkt stats storage. More...

typedef struct Packet_	Packet

typedef struct DecodeThreadVars_	DecodeThreadVars
	Structure to hold thread specific data for all decode modules. More...

typedef int(*	DecoderFunc) (ThreadVars tv, DecodeThreadVars dtv, Packet p, const uint8_t pkt, uint32_t len)

Enumerations
enum	ChecksumValidationMode { CHECKSUM_VALIDATION_DISABLE, CHECKSUM_VALIDATION_ENABLE, CHECKSUM_VALIDATION_AUTO, CHECKSUM_VALIDATION_RXONLY, CHECKSUM_VALIDATION_KERNEL, CHECKSUM_VALIDATION_OFFLOAD }

enum	PktSrcEnum { PKT_SRC_WIRE = 1, PKT_SRC_DECODER_GRE, PKT_SRC_DECODER_IPV4, PKT_SRC_DECODER_IPV6, PKT_SRC_DECODER_TEREDO, PKT_SRC_DEFRAG, PKT_SRC_FFR, PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH, PKT_SRC_DECODER_VXLAN, PKT_SRC_DETECT_RELOAD_FLUSH, PKT_SRC_CAPTURE_TIMEOUT, PKT_SRC_DECODER_GENEVE, PKT_SRC_SHUTDOWN_FLUSH }

enum	PacketDropReason { PKT_DROP_REASON_NOT_SET = 0, PKT_DROP_REASON_DECODE_ERROR, PKT_DROP_REASON_DEFRAG_ERROR, PKT_DROP_REASON_DEFRAG_MEMCAP, PKT_DROP_REASON_FLOW_MEMCAP, PKT_DROP_REASON_FLOW_DROP, PKT_DROP_REASON_APPLAYER_ERROR, PKT_DROP_REASON_APPLAYER_MEMCAP, PKT_DROP_REASON_RULES, PKT_DROP_REASON_RULES_THRESHOLD, PKT_DROP_REASON_STREAM_ERROR, PKT_DROP_REASON_STREAM_MEMCAP, PKT_DROP_REASON_STREAM_MIDSTREAM, PKT_DROP_REASON_STREAM_REASSEMBLY, PKT_DROP_REASON_NFQ_ERROR, PKT_DROP_REASON_INNER_PACKET, PKT_DROP_REASON_MAX }

enum	PacketTunnelType { PacketTunnelNone, PacketTunnelRoot, PacketTunnelChild }

enum	DecodeTunnelProto { DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_ERSPANII, DECODE_TUNNEL_ERSPANI, DECODE_TUNNEL_VLAN, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_IPV6_TEREDO, DECODE_TUNNEL_PPP, DECODE_TUNNEL_NSH, DECODE_TUNNEL_UNSET }

Functions
void	AppLayerDecoderEventsResetEvents (AppLayerDecoderEvents *events)

void	AppLayerDecoderEventsFreeEvents (AppLayerDecoderEvents **events)

PacketAlert *	PacketAlertCreate (void)
	Initialize PacketAlerts with dynamic alerts array size. More...

void	PacketAlertFree (PacketAlert *pa)

void	CaptureStatsUpdate (ThreadVars tv, const Packet p)

void	CaptureStatsSetup (ThreadVars *tv)

Packet *	PacketTunnelPktSetup (ThreadVars tv, DecodeThreadVars dtv, Packet parent, const uint8_t pkt, uint32_t len, enum DecodeTunnelProto proto)
	Setup a pseudo packet (tunnel) More...

Packet *	PacketDefragPktSetup (Packet parent, const uint8_t pkt, uint32_t len, uint8_t proto)
	Setup a pseudo packet (reassembled frags) More...

void	PacketDefragPktSetupParent (Packet *parent)
	inform defrag "parent" that a pseudo packet is now associated to it. More...

void	DecodeRegisterPerfCounters (DecodeThreadVars , ThreadVars )

Packet *	PacketGetFromQueueOrAlloc (void)
	Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packet that is free'd again after processing. More...

Packet *	PacketGetFromAlloc (void)
	Get a malloced packet. More...

void	PacketDecodeFinalize (ThreadVars tv, DecodeThreadVars dtv, Packet *p)
	Finalize decoding of a packet. More...

void	PacketUpdateEngineEventCounters (ThreadVars tv, DecodeThreadVars dtv, Packet *p)

void	PacketFree (Packet *p)
	Return a malloced packet. More...

void	PacketFreeOrRelease (Packet *p)
	Return a packet to where it was allocated. More...

int	PacketCallocExtPkt (Packet *p, int datalen)

int	PacketCopyData (Packet p, const uint8_t pktdata, uint32_t pktlen)
	Copy data to Packet payload and set packet length. More...

int	PacketSetData (Packet p, const uint8_t pktdata, uint32_t pktlen)
	Set data for Packet and set length when zero copy is used. More...

int	PacketCopyDataOffset (Packet p, uint32_t offset, const uint8_t data, uint32_t datalen)
	Copy data to Packet payload at given offset. More...

const char *	PktSrcToString (enum PktSrcEnum pkt_src)

void	PacketBypassCallback (Packet *p)

void	PacketSwap (Packet *p)
	switch direction of a packet More...

DecodeThreadVars *	DecodeThreadVarsAlloc (ThreadVars *)
	Alloc and setup DecodeThreadVars. More...

void	DecodeThreadVarsFree (ThreadVars , DecodeThreadVars )

void	DecodeUpdatePacketCounters (ThreadVars tv, const DecodeThreadVars dtv, const Packet *p)

const char *	PacketDropReasonToString (enum PacketDropReason r)

int	DecodeEthernet (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeSll (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodePPP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodePPPOESession (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Main decoding function for PPPOE Session packets. More...

int	DecodePPPOEDiscovery (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Main decoding function for PPPOE Discovery packets. More...

int	DecodeNull (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeRaw (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeIPV4 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t)

int	DecodeIPV6 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t)

int	DecodeICMPV4 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Main ICMPv4 decoding function. More...

int	DecodeICMPV6 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Decode ICMPV6 packets and fill the Packet with the decoded info. More...

int	DecodeTCP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t)

int	DecodeUDP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t)

int	DecodeSCTP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t)

int	DecodeESP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t)
	Function to decode IPSEC-ESP packets. More...

int	DecodeGRE (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Function to decode GRE packets. More...

int	DecodeVLAN (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeVNTag (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeIEEE8021ah (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeGeneve (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeVXLAN (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeMPLS (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeERSPAN (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	ERSPAN Type II. More...

int	DecodeERSPANTypeI (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	ERSPAN Type I. More...

int	DecodeCHDLC (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeTEMPLATE (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Function to decode TEMPLATE packets. More...

int	DecodeNSH (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Function to decode NSH packets. More...

void	DecodeIPV6FragHeader (Packet p, const uint8_t pkt, uint16_t hdrextlen, uint16_t plen, uint16_t prev_hdrextlen)

void	AddressDebugPrint (Address *)
	Debug print function for printing addresses. More...

void	DecodeGlobalConfig (void)

void	PacketAlertGetMaxConfig (void)

void	DecodeUnregisterCounters (void)

Variables
uint16_t	packet_alert_max

uint32_t	default_packet_size

uint8_t	decoder_max_layers

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file decode.h.

Macro Definition Documentation

◆ addr_data16

#define addr_data16 address.address_un_data16

Definition at line 128 of file decode.h.

◆ addr_data32

#define addr_data32 address.address_un_data32

Definition at line 127 of file decode.h.

◆ addr_data8

#define addr_data8 address.address_un_data8

Definition at line 129 of file decode.h.

◆ addr_in6addr

#define addr_in6addr address.address_un_in6

Definition at line 130 of file decode.h.

◆ CMP_ADDR

#define CMP_ADDR	(	a1,
		a2
	)

Value:

    (((a1)->addr_data32[3] == (a2)->addr_data32[3] && \
      (a1)->addr_data32[2] == (a2)->addr_data32[2] && \
      (a1)->addr_data32[1] == (a2)->addr_data32[1] && \
      (a1)->addr_data32[0] == (a2)->addr_data32[0]))

Definition at line 235 of file decode.h.

◆ CMP_PORT

#define CMP_PORT	(	p1,
		p2
	)	((p1) == (p2))

Definition at line 240 of file decode.h.

◆ COPY_ADDRESS

#define COPY_ADDRESS	(	a,
		b
	)

Value:

        do {                    \
        (b)->family = (a)->family;                 \
        (b)->addr_data32[0] = (a)->addr_data32[0]; \
        (b)->addr_data32[1] = (a)->addr_data32[1]; \
        (b)->addr_data32[2] = (a)->addr_data32[2]; \
        (b)->addr_data32[3] = (a)->addr_data32[3]; \
    } while (0)

Definition at line 132 of file decode.h.

◆ COPY_PORT

#define COPY_PORT	(	a,
		b
	)	((b) = (a))

Definition at line 233 of file decode.h.

◆ COUNTERS

#define COUNTERS

Definition at line 29 of file decode.h.

◆ DEFAULT_MTU

#define DEFAULT_MTU 1500

highest mtu of the interfaces we monitor

Definition at line 675 of file decode.h.

◆ DEFAULT_PACKET_SIZE

#define DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN)

Definition at line 678 of file decode.h.

◆ DLT_C_HDLC

#define DLT_C_HDLC 104

Definition at line 971 of file decode.h.

◆ DLT_EN10MB

#define DLT_EN10MB 1

Definition at line 967 of file decode.h.

◆ DLT_NULL

#define DLT_NULL 0

Definition at line 984 of file decode.h.

◆ DLT_RAW

#define DLT_RAW 12 /* raw IP */

Definition at line 979 of file decode.h.

◆ ENGINE_ISSET_EVENT

#define ENGINE_ISSET_EVENT	(	p,
		e
	)

Value:

    ({ \
    int r = 0; \
    uint8_t u; \
    for (u = 0; u < (p)->events.cnt; u++) { \
        if ((p)->events.events[u] == (e)) { \
            r = 1; \
            break; \
        } \
    } \
    r; \
})

Definition at line 920 of file decode.h.

◆ ENGINE_SET_EVENT

#define ENGINE_SET_EVENT	(	p,
		e
	)

Value:

    do { \
    SCLogDebug("p %p event %d", (p), e); \
    if ((p)->events.cnt < PACKET_ENGINE_EVENT_MAX) { \
        (p)->events.events[(p)->events.cnt] = e; \
        (p)->events.cnt++; \
    } \
} while(0)

Definition at line 905 of file decode.h.

◆ ENGINE_SET_INVALID_EVENT

#define ENGINE_SET_INVALID_EVENT	(	p,
		e
	)

Value:

    do { \
    p->flags |= PKT_IS_INVALID; \
    ENGINE_SET_EVENT(p, e); \
} while(0)

Definition at line 913 of file decode.h.

◆ GET_IPV4_DST_ADDR_PTR

#define GET_IPV4_DST_ADDR_PTR ( p ) ((p)->dst.addr_data32)

Definition at line 212 of file decode.h.

◆ GET_IPV4_DST_ADDR_U32

#define GET_IPV4_DST_ADDR_U32 ( p ) ((p)->dst.addr_data32[0])

Definition at line 210 of file decode.h.

◆ GET_IPV4_SRC_ADDR_PTR

#define GET_IPV4_SRC_ADDR_PTR ( p ) ((p)->src.addr_data32)

Definition at line 211 of file decode.h.

◆ GET_IPV4_SRC_ADDR_U32

#define GET_IPV4_SRC_ADDR_U32 ( p ) ((p)->src.addr_data32[0])

Definition at line 209 of file decode.h.

◆ GET_IPV6_DST_ADDR

#define GET_IPV6_DST_ADDR ( p ) ((p)->dst.addr_data32)

Definition at line 217 of file decode.h.

◆ GET_IPV6_DST_IN6ADDR

#define GET_IPV6_DST_IN6ADDR ( p ) ((p)->dst.addr_in6addr)

Definition at line 215 of file decode.h.

◆ GET_IPV6_SRC_ADDR

#define GET_IPV6_SRC_ADDR ( p ) ((p)->src.addr_data32)

Definition at line 216 of file decode.h.

◆ GET_IPV6_SRC_IN6ADDR

#define GET_IPV6_SRC_IN6ADDR ( p ) ((p)->src.addr_in6addr)

Definition at line 214 of file decode.h.

◆ GET_PKT_DATA

#define GET_PKT_DATA ( p ) (((p)->ext_pkt == NULL) ? GET_PKT_DIRECT_DATA(p) : (p)->ext_pkt)

Definition at line 222 of file decode.h.

◆ GET_PKT_DIRECT_DATA

#define GET_PKT_DIRECT_DATA ( p ) (p)->pkt_data

Definition at line 223 of file decode.h.

◆ GET_PKT_DIRECT_MAX_SIZE

#define GET_PKT_DIRECT_MAX_SIZE ( p ) (default_packet_size)

Definition at line 224 of file decode.h.

◆ GET_PKT_LEN

#define GET_PKT_LEN ( p ) (p)->pktlen

Definition at line 221 of file decode.h.

◆ GET_TCP_DST_PORT

#define GET_TCP_DST_PORT ( p ) ((p)->dp)

Definition at line 219 of file decode.h.

◆ GET_TCP_SRC_PORT

#define GET_TCP_SRC_PORT ( p ) ((p)->sp)

Definition at line 218 of file decode.h.

◆ icmpv4vars

#define icmpv4vars l4vars.icmpv4vars

Definition at line 565 of file decode.h.

◆ icmpv6vars

#define icmpv6vars l4vars.icmpv6vars

Definition at line 566 of file decode.h.

◆ IP_GET_IPPROTO

#define IP_GET_IPPROTO ( p )

Value:

(p->proto ? p->proto : \

(PKT_IS_IPV4((p))? IPV4_GET_IPPROTO((p)) : (PKT_IS_IPV6((p))? IPV6_GET_L4PROTO((p)) : 0)))

Definition at line 259 of file decode.h.

◆ IP_GET_RAW_VER

#define IP_GET_RAW_VER ( pkt ) ((((pkt)[0] & 0xf0) >> 4))

Definition at line 245 of file decode.h.

◆ IPH_IS_VALID

#define IPH_IS_VALID ( p ) (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p)))

Definition at line 256 of file decode.h.

◆ IPPROTO_DCCP

#define IPPROTO_DCCP 33

Definition at line 941 of file decode.h.

◆ IPPROTO_HIP

#define IPPROTO_HIP 139

Definition at line 958 of file decode.h.

◆ IPPROTO_IPIP

#define IPPROTO_IPIP 4

Definition at line 933 of file decode.h.

◆ IPPROTO_MH

#define IPPROTO_MH 135

Definition at line 953 of file decode.h.

◆ IPPROTO_SCTP

#define IPPROTO_SCTP 132

Definition at line 949 of file decode.h.

◆ IPPROTO_SHIM6

#define IPPROTO_SHIM6 140

Definition at line 962 of file decode.h.

◆ LINKTYPE_CISCO_HDLC

#define LINKTYPE_CISCO_HDLC DLT_C_HDLC

Definition at line 1000 of file decode.h.

◆ LINKTYPE_ETHERNET

#define LINKTYPE_ETHERNET DLT_EN10MB

Definition at line 990 of file decode.h.

◆ LINKTYPE_GRE_OVER_IP

#define LINKTYPE_GRE_OVER_IP 778

Definition at line 999 of file decode.h.

◆ LINKTYPE_IPV4

#define LINKTYPE_IPV4 228

Definition at line 997 of file decode.h.

◆ LINKTYPE_IPV6

#define LINKTYPE_IPV6 229

Definition at line 998 of file decode.h.

◆ LINKTYPE_LINUX_SLL

#define LINKTYPE_LINUX_SLL 113

Definition at line 991 of file decode.h.

◆ LINKTYPE_NULL

#define LINKTYPE_NULL DLT_NULL

libpcap shows us the way to linktype codes

Todo:: we need more & maybe put them in a separate file?

Definition at line 989 of file decode.h.

◆ LINKTYPE_PPP

#define LINKTYPE_PPP 9

Definition at line 992 of file decode.h.

◆ LINKTYPE_RAW

#define LINKTYPE_RAW DLT_RAW

Definition at line 993 of file decode.h.

◆ LINKTYPE_RAW2

#define LINKTYPE_RAW2 101

Definition at line 996 of file decode.h.

◆ MAX_PAYLOAD_SIZE

#define MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28)

Definition at line 680 of file decode.h.

◆ MINIMUM_MTU

#define MINIMUM_MTU 68

ipv4 minimum: rfc791

Definition at line 676 of file decode.h.

◆ PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW

#define PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW 0x1

Definition at line 275 of file decode.h.

◆ PACKET_ALERT_FLAG_FRAME

#define PACKET_ALERT_FLAG_FRAME 0x20

alert is in a frame, frame_id set

Definition at line 285 of file decode.h.

◆ PACKET_ALERT_FLAG_STATE_MATCH

#define PACKET_ALERT_FLAG_STATE_MATCH 0x02

alert was generated based on state

Definition at line 277 of file decode.h.

◆ PACKET_ALERT_FLAG_STREAM_MATCH

#define PACKET_ALERT_FLAG_STREAM_MATCH 0x04

alert was generated based on stream

Definition at line 279 of file decode.h.

◆ PACKET_ALERT_FLAG_TX

#define PACKET_ALERT_FLAG_TX 0x08

alert is in a tx, tx_id set

Definition at line 281 of file decode.h.

◆ PACKET_ALERT_MAX

#define PACKET_ALERT_MAX 15

Definition at line 288 of file decode.h.

◆ PACKET_ALERT_RATE_FILTER_MODIFIED

#define PACKET_ALERT_RATE_FILTER_MODIFIED 0x10

action was changed by rate_filter

Definition at line 283 of file decode.h.

◆ PACKET_CLEAR_L4VARS

#define PACKET_CLEAR_L4VARS ( p )

Value:

        do {                         \
        memset(&(p)->l4vars, 0x00, sizeof((p)->l4vars));    \
    } while (0)

Definition at line 777 of file decode.h.

◆ PACKET_ENGINE_EVENT_MAX

#define PACKET_ENGINE_EVENT_MAX 15

number of decoder events we support per packet. Power of 2 minus 1 for memory layout

Definition at line 306 of file decode.h.

◆ PACKET_FREE_EXTDATA

#define PACKET_FREE_EXTDATA ( p )

Value:

        do {                 \
        if ((p)->ext_pkt) {                         \
            if (!((p)->flags & PKT_ZERO_COPY)) {    \
                SCFree((p)->ext_pkt);               \
            }                                       \
            (p)->ext_pkt = NULL;                    \
        }                                           \
    } while(0)

Definition at line 790 of file decode.h.

◆ PACKET_RESET_CHECKSUMS

#define PACKET_RESET_CHECKSUMS ( p )

Value:

        do { \
        (p)->level3_comp_csum = -1;   \
        (p)->level4_comp_csum = -1;   \
    } while (0)

reset these to -1(indicates that the packet is fresh from the queue)

Definition at line 784 of file decode.h.

◆ PKT_DEFAULT_MAX_DECODED_LAYERS

#define PKT_DEFAULT_MAX_DECODED_LAYERS 16

Definition at line 1081 of file decode.h.

◆ PKT_DETECT_HAS_STREAMDATA

#define PKT_DETECT_HAS_STREAMDATA BIT_U32(26)

Set by Detect() if raw stream data is available.

Definition at line 1063 of file decode.h.

◆ PKT_FIRST_ALERTS

#define PKT_FIRST_ALERTS BIT_U32(29)

We had no alert on flow before this packet

Definition at line 1072 of file decode.h.

◆ PKT_FIRST_TAG

#define PKT_FIRST_TAG BIT_U32(30)

Definition at line 1073 of file decode.h.

◆ PKT_HAS_FLOW

#define PKT_HAS_FLOW BIT_U32(8)

Definition at line 1023 of file decode.h.

◆ PKT_HAS_TAG

#define PKT_HAS_TAG BIT_U32(4)

Packet has matched a tag

Definition at line 1016 of file decode.h.

◆ PKT_HOST_DST_LOOKED_UP

#define PKT_HOST_DST_LOOKED_UP BIT_U32(18)

Definition at line 1044 of file decode.h.

◆ PKT_HOST_SRC_LOOKED_UP

#define PKT_HOST_SRC_LOOKED_UP BIT_U32(17)

Definition at line 1043 of file decode.h.

◆ PKT_IGNORE_CHECKSUM

#define PKT_IGNORE_CHECKSUM BIT_U32(15)

Packet checksum is not computed (TX packet for example)

Definition at line 1039 of file decode.h.

◆ PKT_IS_FRAGMENT

#define PKT_IS_FRAGMENT BIT_U32(19)

Packet is a fragment

Definition at line 1047 of file decode.h.

◆ PKT_IS_ICMPV4

#define PKT_IS_ICMPV4 ( p ) (((p)->icmpv4h != NULL))

Definition at line 251 of file decode.h.

◆ PKT_IS_ICMPV6

#define PKT_IS_ICMPV6 ( p ) (((p)->icmpv6h != NULL))

Definition at line 252 of file decode.h.

◆ PKT_IS_INVALID

#define PKT_IS_INVALID BIT_U32(20)

Definition at line 1048 of file decode.h.

◆ PKT_IS_IPV4

#define PKT_IS_IPV4 ( p ) (((p)->ip4h != NULL))

Definition at line 247 of file decode.h.

◆ PKT_IS_IPV6

#define PKT_IS_IPV6 ( p ) (((p)->ip6h != NULL))

Definition at line 248 of file decode.h.

◆ PKT_IS_PSEUDOPKT

#define PKT_IS_PSEUDOPKT ( p ) ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH))

return 1 if the packet is a pseudo packet

Definition at line 1076 of file decode.h.

◆ PKT_IS_TCP

#define PKT_IS_TCP ( p ) (((p)->tcph != NULL))

Definition at line 249 of file decode.h.

◆ PKT_IS_TOCLIENT

#define PKT_IS_TOCLIENT ( p ) (((p)->flowflags & FLOW_PKT_TOCLIENT))

Definition at line 254 of file decode.h.

◆ PKT_IS_TOSERVER

#define PKT_IS_TOSERVER ( p ) (((p)->flowflags & FLOW_PKT_TOSERVER))

Definition at line 253 of file decode.h.

◆ PKT_IS_UDP

#define PKT_IS_UDP ( p ) (((p)->udph != NULL))

Definition at line 250 of file decode.h.

◆ PKT_NOPACKET_INSPECTION

#define PKT_NOPACKET_INSPECTION BIT_U32(0)

Flag to indicate that packet header or contents should not be inspected

Definition at line 1007 of file decode.h.

◆ PKT_NOPAYLOAD_INSPECTION

#define PKT_NOPAYLOAD_INSPECTION BIT_U32(2)

Flag to indicate that packet contents should not be inspected

Definition at line 1012 of file decode.h.

◆ PKT_PPP_VJ_UCOMP

#define PKT_PPP_VJ_UCOMP BIT_U32(1)

Packet has a PPP_VJ_UCOMP header

Definition at line 1009 of file decode.h.

◆ PKT_PROFILE

#define PKT_PROFILE BIT_U32(21)

Definition at line 1049 of file decode.h.

◆ PKT_PROTO_DETECT_TC_DONE

#define PKT_PROTO_DETECT_TC_DONE BIT_U32(24)

Definition at line 1057 of file decode.h.

◆ PKT_PROTO_DETECT_TS_DONE

#define PKT_PROTO_DETECT_TS_DONE BIT_U32(23)

protocol detection done

Definition at line 1056 of file decode.h.

◆ PKT_PSEUDO_DETECTLOG_FLUSH

#define PKT_PSEUDO_DETECTLOG_FLUSH BIT_U32(27)

Detect/log flush for protocol upgrade

Definition at line 1065 of file decode.h.

◆ PKT_PSEUDO_STREAM_END

#define PKT_PSEUDO_STREAM_END BIT_U32(9)

Pseudo packet to end the stream

Definition at line 1025 of file decode.h.

◆ PKT_REBUILT_FRAGMENT

#define PKT_REBUILT_FRAGMENT BIT_U32(25)

Packet is rebuilt from \ fragments.

Definition at line 1061 of file decode.h.

◆ PKT_SET_SRC

#define PKT_SET_SRC	(	p,
		src_val
	)	((p)->pkt_src = src_val)

Definition at line 1079 of file decode.h.

◆ PKT_STREAM_ADD

#define PKT_STREAM_ADD BIT_U32(5)

Packet payload was added to reassembled stream

Definition at line 1018 of file decode.h.

◆ PKT_STREAM_EOF

#define PKT_STREAM_EOF BIT_U32(7)

Stream is in eof state

Definition at line 1022 of file decode.h.

◆ PKT_STREAM_EST

#define PKT_STREAM_EST BIT_U32(6)

Packet is part of established stream

Definition at line 1020 of file decode.h.

◆ PKT_STREAM_MODIFIED

#define PKT_STREAM_MODIFIED BIT_U32(10)

Packet is modified by the stream engine, we need to recalc the csum and \ reinject/replace

Definition at line 1028 of file decode.h.

◆ PKT_STREAM_NO_EVENTS

#define PKT_STREAM_NO_EVENTS BIT_U32(28)

Packet is part of stream in known bad condition (loss, wrong thread), so flag it for not setting stream events

Definition at line 1069 of file decode.h.

◆ PKT_STREAM_NOPCAPLOG

#define PKT_STREAM_NOPCAPLOG BIT_U32(12)

Exclude packet from pcap logging as it's part of a stream that has reassembly \ depth reached.

Definition at line 1034 of file decode.h.

◆ PKT_WANTS_FLOW

#define PKT_WANTS_FLOW BIT_U32(22)

indication by decoder that it feels the packet should be handled by flow engine: Packet::flow_hash will be set

Definition at line 1053 of file decode.h.

◆ PKT_ZERO_COPY

#define PKT_ZERO_COPY BIT_U32(16)

Packet comes from zero copy (ext_pkt must not be freed)

Definition at line 1041 of file decode.h.

◆ PPP_OVER_GRE

#define PPP_OVER_GRE 11

Definition at line 1001 of file decode.h.

◆ SET_IPV4_DST_ADDR

#define SET_IPV4_DST_ADDR	(	p,
		a
	)

Value:

        do {                              \
        (a)->family = AF_INET;                                    \
        (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \
        (a)->addr_data32[1] = 0;                                  \
        (a)->addr_data32[2] = 0;                                  \
        (a)->addr_data32[3] = 0;                                  \
    } while (0)

Definition at line 153 of file decode.h.

◆ SET_IPV4_SRC_ADDR

#define SET_IPV4_SRC_ADDR	(	p,
		a
	)

Value:

        do {                              \
        (a)->family = AF_INET;                                    \
        (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \
        (a)->addr_data32[1] = 0;                                  \
        (a)->addr_data32[2] = 0;                                  \
        (a)->addr_data32[3] = 0;                                  \
    } while (0)

Definition at line 145 of file decode.h.

◆ SET_IPV6_DST_ADDR

#define SET_IPV6_DST_ADDR	(	p,
		a
	)

Value:

        do {                    \
        (a)->family = AF_INET6;                         \
        (a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0];  \
        (a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1];  \
        (a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2];  \
        (a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3];  \
    } while (0)

Definition at line 171 of file decode.h.

◆ SET_IPV6_SRC_ADDR

#define SET_IPV6_SRC_ADDR	(	p,
		a
	)

Value:

        do {                    \
        (a)->family = AF_INET6;                         \
        (a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0];  \
        (a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1];  \
        (a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2];  \
        (a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3];  \
    } while (0)

Definition at line 163 of file decode.h.

◆ SET_PKT_LEN

#define SET_PKT_LEN	(	p,
		len
	)

Value:

    do { \
    (p)->pktlen = (len); \
    } while (0)

Definition at line 226 of file decode.h.

◆ SET_PORT

#define SET_PORT	(	v,
		p
	)	((p) = (v))

Definition at line 232 of file decode.h.

◆ SET_SCTP_DST_PORT

#define SET_SCTP_DST_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(SCTP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 204 of file decode.h.

◆ SET_SCTP_SRC_PORT

#define SET_SCTP_SRC_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(SCTP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 200 of file decode.h.

◆ SET_TCP_DST_PORT

#define SET_TCP_DST_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(TCP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 185 of file decode.h.

◆ SET_TCP_SRC_PORT

#define SET_TCP_SRC_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(TCP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 181 of file decode.h.

◆ SET_UDP_DST_PORT

#define SET_UDP_DST_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(UDP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 194 of file decode.h.

◆ SET_UDP_SRC_PORT

#define SET_UDP_SRC_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(UDP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 191 of file decode.h.

◆ SIZE_OF_PACKET

#define SIZE_OF_PACKET (default_packet_size + sizeof(Packet))

Definition at line 682 of file decode.h.

◆ tcpvars

#define tcpvars l4vars.tcpvars

Definition at line 564 of file decode.h.

◆ TUNNEL_INCR_PKT_RTV_NOLOCK

#define TUNNEL_INCR_PKT_RTV_NOLOCK ( p )

Value:

        do {                                          \
        ((p)->root ? (p)->root->tunnel_rtv_cnt++ : (p)->tunnel_rtv_cnt++);          \
    } while (0)

Definition at line 799 of file decode.h.

◆ TUNNEL_PKT_RTV

#define TUNNEL_PKT_RTV ( p ) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)

Definition at line 811 of file decode.h.

◆ TUNNEL_PKT_TPR

#define TUNNEL_PKT_TPR ( p ) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)

Definition at line 812 of file decode.h.

◆ VLAN_OVER_GRE

#define VLAN_OVER_GRE 13

Definition at line 1002 of file decode.h.

Typedef Documentation

◆ Address

typedef struct Address_ Address

◆ AppLayerDecoderEvents

typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents

Definition at line 1 of file decode.h.

◆ AppLayerThreadCtx

typedef struct AppLayerThreadCtx_ AppLayerThreadCtx

Definition at line 1 of file decode.h.

◆ DecoderFunc

typedef int(* DecoderFunc) (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)

Definition at line 898 of file decode.h.

◆ DecodeThreadVars

typedef struct DecodeThreadVars_ DecodeThreadVars

Structure to hold thread specific data for all decode modules.

◆ Packet

typedef struct Packet_ Packet

◆ PacketAlert

typedef struct PacketAlert_ PacketAlert

◆ PacketAlerts

typedef struct PacketAlerts_ PacketAlerts

◆ PacketEngineEvents

typedef struct PacketEngineEvents_ PacketEngineEvents

data structure to store decoder, defrag and stream events

◆ PktProfiling

typedef struct PktProfiling_ PktProfiling

Per pkt stats storage.

◆ PktProfilingAppData

typedef struct PktProfilingAppData_ PktProfilingAppData

◆ PktProfilingData

typedef struct PktProfilingData_ PktProfilingData

◆ PktProfilingDetectData

typedef struct PktProfilingDetectData_ PktProfilingDetectData

◆ PktProfilingLoggerData

typedef struct PktProfilingLoggerData_ PktProfilingLoggerData

◆ PktProfilingPrefilterData

typedef struct PktProfilingPrefilterData_ PktProfilingPrefilterData

◆ PktProfilingPrefilterEngine

typedef struct PktProfilingPrefilterEngine_ PktProfilingPrefilterEngine

◆ PktProfilingTmmData

typedef struct PktProfilingTmmData_ PktProfilingTmmData

Per TMM stats storage.

◆ PktVar

typedef struct PktVar_ PktVar

◆ Port

typedef uint16_t Port

Definition at line 230 of file decode.h.

Enumeration Type Documentation

◆ ChecksumValidationMode

enum ChecksumValidationMode

Enumerator
CHECKSUM_VALIDATION_DISABLE
CHECKSUM_VALIDATION_ENABLE
CHECKSUM_VALIDATION_AUTO
CHECKSUM_VALIDATION_RXONLY
CHECKSUM_VALIDATION_KERNEL
CHECKSUM_VALIDATION_OFFLOAD

Definition at line 45 of file decode.h.

◆ DecodeTunnelProto

enum DecodeTunnelProto

Enumerator
DECODE_TUNNEL_ETHERNET
DECODE_TUNNEL_ERSPANII
DECODE_TUNNEL_ERSPANI
DECODE_TUNNEL_VLAN
DECODE_TUNNEL_IPV4
DECODE_TUNNEL_IPV6
DECODE_TUNNEL_IPV6_TEREDO	separate protocol for stricter error handling
DECODE_TUNNEL_PPP
DECODE_TUNNEL_NSH
DECODE_TUNNEL_UNSET

Definition at line 822 of file decode.h.

◆ PacketDropReason

enum PacketDropReason

Enumerator
PKT_DROP_REASON_NOT_SET
PKT_DROP_REASON_DECODE_ERROR
PKT_DROP_REASON_DEFRAG_ERROR
PKT_DROP_REASON_DEFRAG_MEMCAP
PKT_DROP_REASON_FLOW_MEMCAP
PKT_DROP_REASON_FLOW_DROP
PKT_DROP_REASON_APPLAYER_ERROR
PKT_DROP_REASON_APPLAYER_MEMCAP
PKT_DROP_REASON_RULES
PKT_DROP_REASON_RULES_THRESHOLD	detection_filter in action
PKT_DROP_REASON_STREAM_ERROR
PKT_DROP_REASON_STREAM_MEMCAP
PKT_DROP_REASON_STREAM_MIDSTREAM
PKT_DROP_REASON_STREAM_REASSEMBLY
PKT_DROP_REASON_NFQ_ERROR	no nfq verdict, must be error
PKT_DROP_REASON_INNER_PACKET	drop issued by inner (tunnel) packet
PKT_DROP_REASON_MAX

Definition at line 391 of file decode.h.

◆ PacketTunnelType

enum PacketTunnelType

Enumerator
PacketTunnelNone
PacketTunnelRoot
PacketTunnelChild

Definition at line 411 of file decode.h.

◆ PktSrcEnum

enum PktSrcEnum

Enumerator
PKT_SRC_WIRE
PKT_SRC_DECODER_GRE
PKT_SRC_DECODER_IPV4
PKT_SRC_DECODER_IPV6
PKT_SRC_DECODER_TEREDO
PKT_SRC_DEFRAG
PKT_SRC_FFR
PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH
PKT_SRC_DECODER_VXLAN
PKT_SRC_DETECT_RELOAD_FLUSH
PKT_SRC_CAPTURE_TIMEOUT
PKT_SRC_DECODER_GENEVE
PKT_SRC_SHUTDOWN_FLUSH

Definition at line 54 of file decode.h.

Function Documentation

◆ AppLayerDecoderEventsFreeEvents()

void AppLayerDecoderEventsFreeEvents ( AppLayerDecoderEvents ** events )

Definition at line 133 of file app-layer-events.c.

References SCFree.

Referenced by AppLayerParserStateFree(), and PacketDestructor().

Here is the caller graph for this function:

◆ AppLayerDecoderEventsResetEvents()

void AppLayerDecoderEventsResetEvents ( AppLayerDecoderEvents * events )

Definition at line 124 of file app-layer-events.c.

References AppLayerDecoderEvents_::cnt, and AppLayerDecoderEvents_::event_last_logged.

Referenced by PacketReinit().

Here is the caller graph for this function:

◆ DecodeCHDLC()

int DecodeCHDLC	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Definition at line 42 of file decode-chdlc.c.

References CHDLC_HEADER_LEN, CHDLC_PKT_TOO_SMALL, DecodeThreadVars_::counter_chdlc, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, StatsIncr(), TM_ECODE_FAILED, tv, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeERSPAN()

int DecodeERSPAN	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

ERSPAN Type II.

Definition at line 76 of file decode-erspan.c.

References DecodeThreadVars_::counter_erspan, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_EVENT, ERSPAN_HEADER_TOO_SMALL, len, StatsIncr(), TM_ECODE_FAILED, and tv.

Here is the call graph for this function:

◆ DecodeERSPANTypeI()

int DecodeERSPANTypeI	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

ERSPAN Type I.

Definition at line 65 of file decode-erspan.c.

References DecodeThreadVars_::counter_erspan, DecodeEthernet(), dtv, len, StatsIncr(), and tv.

Here is the call graph for this function:

◆ DecodeESP()

int DecodeESP	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint16_t	len
	)

Function to decode IPSEC-ESP packets.

Parameters

tv	thread vars
dtv	decoder thread vars
p	packet
pkt	raw packet data
len	length in bytes of pkt array

Return values

TM_ECODE_OK or TM_ECODE_FAILED on serious error

Definition at line 64 of file decode-esp.c.

References DecodeThreadVars_::counter_esp, DEBUG_VALIDATE_BUG_ON, dtv, StatsIncr(), and tv.

Here is the call graph for this function:

◆ DecodeEthernet()

int DecodeEthernet	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Definition at line 42 of file decode-ethernet.c.

References DecodeThreadVars_::counter_eth, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, ETHERNET_HEADER_LEN, ETHERNET_PKT_TOO_SMALL, len, StatsIncr(), TM_ECODE_FAILED, tv, and unlikely.

Referenced by DecodeErfDag(), DecodeERSPANTypeI(), DecodePfring(), NapatechDecode(), UTHBuildPacketFromEth(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeGeneve()

int DecodeGeneve	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len
	)

Parameters

pkt	payload data directly above UDP header
len	length in bytes of pkt

Definition at line 185 of file decode-geneve.c.

References DEBUG_VALIDATE_BUG_ON, DECODE_TUNNEL_UNSET, eth_type, and unlikely.

◆ DecodeGRE()

int DecodeGRE	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Function to decode GRE packets.

Todo:: We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.

Todo:: We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.

Definition at line 47 of file decode-gre.c.

References DecodeThreadVars_::counter_gre, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, GRE_HDR_LEN, GRE_PKT_TOO_SMALL, len, StatsIncr(), TM_ECODE_FAILED, and tv.

Here is the call graph for this function:

◆ DecodeICMPV4()

int DecodeICMPV4	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len
	)

Main ICMPv4 decoding function.

DecodeICMPV4

Definition at line 156 of file decode-icmpv4.c.

References ICMPV4Hdr_::code, DecodeThreadVars_::counter_icmpv4, dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ICMPV4Vars_::hlen, Packet_::icmp_d, ICMP_DEST_UNREACH, ICMP_ECHOREPLY, Packet_::icmp_s, ICMPV4_HEADER_LEN, ICMPV4_HEADER_PKT_OFFSET, ICMPV4_PKT_TOO_SMALL, ICMPV4_UNKNOWN_CODE, ICMPv4GetCounterpart(), Packet_::icmpv4h, Packet_::icmpv4vars, ICMPV4ExtHdr_::id, ICMPV4Vars_::id, len, NR_ICMP_UNREACH, Packet_::proto, SCLogDebug, ICMPV4ExtHdr_::seq, ICMPV4Vars_::seq, StatsIncr(), TM_ECODE_FAILED, tv, ICMPV4Hdr_::type, and unlikely.

Here is the call graph for this function:

◆ DecodeICMPV6()

int DecodeICMPV6	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len
	)

Decode ICMPV6 packets and fill the Packet with the decoded info.

Parameters

tv	Pointer to the thread variables
dtv	Pointer to the decode thread variables
p	Pointer to the packet we are filling
pkt	Pointer to the raw packet buffer
len	the len of the rest of the packet not processed yet