#include "suricata-common.h"
#include "threadvars.h"
#include "decode-events.h"
#include "flow-worker.h"
#include "util-napatech.h"
#include "source-nflog.h"
#include "source-nfq.h"
#include "source-ipfw.h"
#include "source-pcap.h"
#include "source-af-packet.h"
#include "source-netmap.h"
#include "source-windivert.h"
#include "action-globals.h"
#include "decode-erspan.h"
#include "decode-ethernet.h"
#include "decode-gre.h"
#include "decode-ppp.h"
#include "decode-pppoe.h"
#include "decode-sll.h"
#include "decode-ipv4.h"
#include "decode-ipv6.h"
#include "decode-icmpv4.h"
#include "decode-icmpv6.h"
#include "decode-tcp.h"
#include "decode-udp.h"
#include "decode-sctp.h"
#include "decode-raw.h"
#include "decode-null.h"
#include "decode-vlan.h"
#include "decode-vxlan.h"
#include "decode-mpls.h"
#include "detect-reference.h"
#include "app-layer-protos.h"

Include dependency graph for decode.h:

Data Structures
struct	Address_

struct	PacketAlert_

struct	PacketAlerts_

struct	PacketEngineEvents_

struct	PktVar_

struct	PktProfilingTmmData_
	Per TMM stats storage. More...

struct	PktProfilingData_

struct	PktProfilingDetectData_

struct	PktProfilingAppData_

struct	PktProfilingLoggerData_

struct	PktProfilingPrefilterEngine_

struct	PktProfilingPrefilterData_

struct	PktProfiling_
	Per pkt stats storage. More...

struct	Packet_

struct	DecodeThreadVars_
	Structure to hold thread specific data for all decode modules. More...

struct	CaptureStats_

Macros
#define	COUNTERS

#define	addr_data32 address.address_un_data32

#define	addr_data16 address.address_un_data16

#define	addr_data8 address.address_un_data8

#define	addr_in6addr address.address_un_in6

#define	COPY_ADDRESS(a, b)

#define	SET_IPV4_SRC_ADDR(p, a)

#define	SET_IPV4_DST_ADDR(p, a)

#define	CLEAR_ADDR(a)

#define	SET_IPV6_SRC_ADDR(p, a)

#define	SET_IPV6_DST_ADDR(p, a)

#define	SET_TCP_SRC_PORT(pkt, prt)

#define	SET_TCP_DST_PORT(pkt, prt)

#define	SET_UDP_SRC_PORT(pkt, prt)

#define	SET_UDP_DST_PORT(pkt, prt)

#define	SET_SCTP_SRC_PORT(pkt, prt)

#define	SET_SCTP_DST_PORT(pkt, prt)

#define	GET_IPV4_SRC_ADDR_U32(p) ((p)->src.addr_data32[0])

#define	GET_IPV4_DST_ADDR_U32(p) ((p)->dst.addr_data32[0])

#define	GET_IPV4_SRC_ADDR_PTR(p) ((p)->src.addr_data32)

#define	GET_IPV4_DST_ADDR_PTR(p) ((p)->dst.addr_data32)

#define	GET_IPV6_SRC_IN6ADDR(p) ((p)->src.addr_in6addr)

#define	GET_IPV6_DST_IN6ADDR(p) ((p)->dst.addr_in6addr)

#define	GET_IPV6_SRC_ADDR(p) ((p)->src.addr_data32)

#define	GET_IPV6_DST_ADDR(p) ((p)->dst.addr_data32)

#define	GET_TCP_SRC_PORT(p) ((p)->sp)

#define	GET_TCP_DST_PORT(p) ((p)->dp)

#define	GET_PKT_LEN(p) ((p)->pktlen)

#define	GET_PKT_DATA(p) ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt)

#define	GET_PKT_DIRECT_DATA(p) (uint8_t *)((p) + 1)

#define	GET_PKT_DIRECT_MAX_SIZE(p) (default_packet_size)

#define	SET_PKT_LEN(p, len)

#define	SET_PORT(v, p) ((p) = (v))

#define	COPY_PORT(a, b) ((b) = (a))

#define	CMP_ADDR(a1, a2)

#define	CMP_PORT(p1, p2) ((p1) == (p2))

#define	IP_GET_RAW_VER(pkt) ((((pkt)[0] & 0xf0) >> 4))

#define	PKT_IS_IPV4(p) (((p)->ip4h != NULL))

#define	PKT_IS_IPV6(p) (((p)->ip6h != NULL))

#define	PKT_IS_TCP(p) (((p)->tcph != NULL))

#define	PKT_IS_UDP(p) (((p)->udph != NULL))

#define	PKT_IS_ICMPV4(p) (((p)->icmpv4h != NULL))

#define	PKT_IS_ICMPV6(p) (((p)->icmpv6h != NULL))

#define	PKT_IS_TOSERVER(p) (((p)->flowflags & FLOW_PKT_TOSERVER))

#define	PKT_IS_TOCLIENT(p) (((p)->flowflags & FLOW_PKT_TOCLIENT))

#define	IPH_IS_VALID(p) (PKT_IS_IPV4((p)) \|\| PKT_IS_IPV6((p)))

#define	IP_GET_IPPROTO(p)

#define	PACKET_ALERT_FLAG_DROP_FLOW 0x01

#define	PACKET_ALERT_FLAG_STATE_MATCH 0x02

#define	PACKET_ALERT_FLAG_STREAM_MATCH 0x04

#define	PACKET_ALERT_FLAG_TX 0x08

#define	PACKET_ALERT_RATE_FILTER_MODIFIED 0x10

#define	PACKET_ALERT_MAX 15

#define	PACKET_ENGINE_EVENT_MAX 15

#define	tcpvars l4vars.tcpvars

#define	icmpv4vars l4vars.icmpv4vars

#define	icmpv6vars l4vars.icmpv6vars

#define	DEFAULT_MTU 1500

#define	MINIMUM_MTU 68

#define	DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN)

#define	MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28)

#define	SIZE_OF_PACKET (default_packet_size + sizeof(Packet))

#define	PACKET_CLEAR_L4VARS(p)

#define	PACKET_RESET_CHECKSUMS(p)
	reset these to -1(indicates that the packet is fresh from the queue) More...

#define	PACKET_FREE_EXTDATA(p)

#define	PACKET_INITIALIZE(p)
	Initialize a packet structure for use. More...

#define	PACKET_RELEASE_REFS(p)

#define	PACKET_REINIT(p)
	Recycle a packet structure for reuse. More...

#define	PACKET_RECYCLE(p)

#define	PACKET_DESTRUCTOR(p)
	Cleanup a packet so that we can free it. No memset needed.. More...

#define	PACKET_SET_ACTION(p, a)

#define	PACKET_ALERT(p) PACKET_SET_ACTION(p, ACTION_ALERT)

#define	PACKET_ACCEPT(p) PACKET_SET_ACTION(p, ACTION_ACCEPT)

#define	PACKET_DROP(p) PACKET_SET_ACTION(p, ACTION_DROP)

#define	PACKET_REJECT(p) PACKET_SET_ACTION(p, (ACTION_REJECT\|ACTION_DROP))

#define	PACKET_REJECT_DST(p) PACKET_SET_ACTION(p, (ACTION_REJECT_DST\|ACTION_DROP))

#define	PACKET_REJECT_BOTH(p) PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH\|ACTION_DROP))

#define	PACKET_PASS(p) PACKET_SET_ACTION(p, ACTION_PASS)

#define	PACKET_TEST_ACTION(p, a)

#define	PACKET_UPDATE_ACTION(p, a)

#define	TUNNEL_INCR_PKT_RTV_NOLOCK(p)

#define	TUNNEL_INCR_PKT_TPR(p)

#define	TUNNEL_PKT_RTV(p) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)

#define	TUNNEL_PKT_TPR(p) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)

#define	IS_TUNNEL_PKT(p) (((p)->flags & PKT_TUNNEL))

#define	SET_TUNNEL_PKT(p) ((p)->flags \|= PKT_TUNNEL)

#define	UNSET_TUNNEL_PKT(p) ((p)->flags &= ~PKT_TUNNEL)

#define	IS_TUNNEL_ROOT_PKT(p) (IS_TUNNEL_PKT(p) && (p)->root == NULL)

#define	IS_TUNNEL_PKT_VERDICTED(p) (((p)->flags & PKT_TUNNEL_VERDICTED))

#define	SET_TUNNEL_PKT_VERDICTED(p) ((p)->flags \|= PKT_TUNNEL_VERDICTED)

#define	DecodeSetNoPayloadInspectionFlag(p)
	Set the No payload inspection Flag for the packet. More...

#define	DecodeUnsetNoPayloadInspectionFlag(p)

#define	DecodeSetNoPacketInspectionFlag(p)
	Set the No packet inspection Flag for the packet. More...

#define	DecodeUnsetNoPacketInspectionFlag(p)

#define	ENGINE_SET_EVENT(p, e)

#define	ENGINE_SET_INVALID_EVENT(p, e)

#define	ENGINE_ISSET_EVENT(p, e)

#define	LINKTYPE_NULL DLT_NULL

#define	LINKTYPE_ETHERNET DLT_EN10MB

#define	LINKTYPE_LINUX_SLL 113

#define	LINKTYPE_PPP 9

#define	LINKTYPE_RAW DLT_RAW

#define	LINKTYPE_RAW2 101

#define	LINKTYPE_IPV4 228

#define	LINKTYPE_GRE_OVER_IP 778

#define	PPP_OVER_GRE 11

#define	VLAN_OVER_GRE 13

#define	PKT_NOPACKET_INSPECTION (1)

#define	PKT_NOPAYLOAD_INSPECTION (1<<2)

#define	PKT_ALLOC (1<<3)

#define	PKT_HAS_TAG (1<<4)

#define	PKT_STREAM_ADD (1<<5)

#define	PKT_STREAM_EST (1<<6)

#define	PKT_STREAM_EOF (1<<7)

#define	PKT_HAS_FLOW (1<<8)

#define	PKT_PSEUDO_STREAM_END (1<<9)

#define	PKT_STREAM_MODIFIED (1<<10)

#define	PKT_MARK_MODIFIED (1<<11)

#define	PKT_STREAM_NOPCAPLOG (1<<12)

#define	PKT_TUNNEL (1<<13)

#define	PKT_TUNNEL_VERDICTED (1<<14)

#define	PKT_IGNORE_CHECKSUM (1<<15)

#define	PKT_ZERO_COPY (1<<16)

#define	PKT_HOST_SRC_LOOKED_UP (1<<17)

#define	PKT_HOST_DST_LOOKED_UP (1<<18)

#define	PKT_IS_FRAGMENT (1<<19)

#define	PKT_IS_INVALID (1<<20)

#define	PKT_PROFILE (1<<21)

#define	PKT_WANTS_FLOW (1<<22)

#define	PKT_PROTO_DETECT_TS_DONE (1<<23)

#define	PKT_PROTO_DETECT_TC_DONE (1<<24)

#define	PKT_REBUILT_FRAGMENT (1<<25)

#define	PKT_DETECT_HAS_STREAMDATA (1<<26)

#define	PKT_PSEUDO_DETECTLOG_FLUSH (1<<27)

#define	PKT_STREAM_NO_EVENTS (1<<28)

#define	PKT_IS_PSEUDOPKT(p) ((p)->flags & (PKT_PSEUDO_STREAM_END\|PKT_PSEUDO_DETECTLOG_FLUSH))
	return 1 if the packet is a pseudo packet More...

#define	PKT_SET_SRC(p, src_val) ((p)->pkt_src = src_val)

Typedefs
typedef struct AppLayerThreadCtx_	AppLayerThreadCtx

typedef struct AppLayerDecoderEvents_	AppLayerDecoderEvents

typedef struct Address_	Address

typedef uint16_t	Port

typedef struct PacketAlert_	PacketAlert

typedef struct PacketAlerts_	PacketAlerts

typedef struct PacketEngineEvents_	PacketEngineEvents

typedef struct PktVar_	PktVar

typedef struct PktProfilingTmmData_	PktProfilingTmmData
	Per TMM stats storage. More...

typedef struct PktProfilingData_	PktProfilingData

typedef struct PktProfilingDetectData_	PktProfilingDetectData

typedef struct PktProfilingAppData_	PktProfilingAppData

typedef struct PktProfilingLoggerData_	PktProfilingLoggerData

typedef struct PktProfilingPrefilterEngine_	PktProfilingPrefilterEngine

typedef struct PktProfilingPrefilterData_	PktProfilingPrefilterData

typedef struct PktProfiling_	PktProfiling
	Per pkt stats storage. More...

typedef struct Packet_	Packet

typedef struct DecodeThreadVars_	DecodeThreadVars
	Structure to hold thread specific data for all decode modules. More...

typedef struct CaptureStats_	CaptureStats

typedef int(*	DecoderFunc) (ThreadVars tv, DecodeThreadVars dtv, Packet p, const uint8_t pkt, uint32_t len)

Functions
void	AppLayerDecoderEventsResetEvents (AppLayerDecoderEvents *events)

void	AppLayerDecoderEventsFreeEvents (AppLayerDecoderEvents **events)

void	CaptureStatsUpdate (ThreadVars tv, CaptureStats s, const Packet *p)

void	CaptureStatsSetup (ThreadVars tv, CaptureStats s)

Packet *	PacketTunnelPktSetup (ThreadVars tv, DecodeThreadVars dtv, Packet parent, const uint8_t pkt, uint32_t len, enum DecodeTunnelProto proto)
	Setup a pseudo packet (tunnel) More...

Packet *	PacketDefragPktSetup (Packet parent, const uint8_t pkt, uint32_t len, uint8_t proto)
	Setup a pseudo packet (reassembled frags) More...

void	PacketDefragPktSetupParent (Packet *parent)
	inform defrag "parent" that a pseudo packet is now associated to it. More...

void	DecodeRegisterPerfCounters (DecodeThreadVars , ThreadVars )

Packet *	PacketGetFromQueueOrAlloc (void)
	Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packet that is free'd again after processing. More...

Packet *	PacketGetFromAlloc (void)
	Get a malloced packet. More...

void	PacketDecodeFinalize (ThreadVars tv, DecodeThreadVars dtv, Packet *p)
	Finalize decoding of a packet. More...

void	PacketUpdateEngineEventCounters (ThreadVars tv, DecodeThreadVars dtv, Packet *p)

void	PacketFree (Packet *p)
	Return a malloced packet. More...

void	PacketFreeOrRelease (Packet *p)
	Return a packet to where it was allocated. More...

int	PacketCallocExtPkt (Packet *p, int datalen)

int	PacketCopyData (Packet p, const uint8_t pktdata, uint32_t pktlen)
	Copy data to Packet payload and set packet length. More...

int	PacketSetData (Packet p, const uint8_t pktdata, uint32_t pktlen)
	Set data for Packet and set length when zero copy is used. More...

int	PacketCopyDataOffset (Packet p, uint32_t offset, const uint8_t data, uint32_t datalen)
	Copy data to Packet payload at given offset. More...

const char *	PktSrcToString (enum PktSrcEnum pkt_src)

void	PacketBypassCallback (Packet *p)

void	PacketSwap (Packet *p)
	switch direction of a packet More...

DecodeThreadVars *	DecodeThreadVarsAlloc (ThreadVars *)
	Alloc and setup DecodeThreadVars. More...

void	DecodeThreadVarsFree (ThreadVars , DecodeThreadVars )

void	DecodeUpdatePacketCounters (ThreadVars tv, const DecodeThreadVars dtv, const Packet *p)

int	DecodeEthernet (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeSll (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodePPP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodePPPOESession (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Main decoding function for PPPOE Session packets. More...

int	DecodePPPOEDiscovery (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Main decoding function for PPPOE Discovery packets. More...

int	DecodeTunnel (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, enum DecodeTunnelProto) __attribute__((warn_unused_result))

int	DecodeNull (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeRaw (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeIPV4 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t)

int	DecodeIPV6 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t)

int	DecodeICMPV4 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Main ICMPv4 decoding function. More...

int	DecodeICMPV6 (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Decode ICMPV6 packets and fill the Packet with the decoded info. More...

int	DecodeTCP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t)

int	DecodeUDP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t)

int	DecodeSCTP (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint16_t)

int	DecodeGRE (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Function to decode GRE packets. More...

int	DecodeVLAN (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeVXLAN (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeMPLS (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)

int	DecodeERSPAN (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	ERSPAN Type II. More...

int	DecodeERSPANTypeI (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Functions to decode ERSPAN Type I and II packets. More...

int	DecodeTEMPLATE (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t)
	Function to decode TEMPLATE packets. More...

void	DecodeIPV6FragHeader (Packet p, const uint8_t pkt, uint16_t hdrextlen, uint16_t plen, uint16_t prev_hdrextlen)

void	AddressDebugPrint (Address *)
	Debug print function for printing addresses. More...

void	DecodeGlobalConfig (void)

void	DecodeUnregisterCounters (void)

Variables
int	g_default_mtu

uint32_t	default_packet_size

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file decode.h.

Macro Definition Documentation

◆ addr_data16

#define addr_data16 address.address_un_data16

Definition at line 122 of file decode.h.

◆ addr_data32

#define addr_data32 address.address_un_data32

Definition at line 121 of file decode.h.

◆ addr_data8

#define addr_data8 address.address_un_data8

Definition at line 123 of file decode.h.

◆ addr_in6addr

#define addr_in6addr address.address_un_in6

Definition at line 124 of file decode.h.

◆ CLEAR_ADDR

#define CLEAR_ADDR ( a )

Value:

        do {       \
        (a)->family = 0;         \
        (a)->addr_data32[0] = 0; \
        (a)->addr_data32[1] = 0; \
        (a)->addr_data32[2] = 0; \
        (a)->addr_data32[3] = 0; \
    } while (0)

Definition at line 156 of file decode.h.

◆ CMP_ADDR

#define CMP_ADDR	(	a1,
		a2
	)

Value:

    (((a1)->addr_data32[3] == (a2)->addr_data32[3] && \
      (a1)->addr_data32[2] == (a2)->addr_data32[2] && \
      (a1)->addr_data32[1] == (a2)->addr_data32[1] && \
      (a1)->addr_data32[0] == (a2)->addr_data32[0]))

Definition at line 240 of file decode.h.

◆ CMP_PORT

#define CMP_PORT	(	p1,
		p2
	)	((p1) == (p2))

Definition at line 245 of file decode.h.

◆ COPY_ADDRESS

#define COPY_ADDRESS	(	a,
		b
	)

Value:

        do {                    \
        (b)->family = (a)->family;                 \
        (b)->addr_data32[0] = (a)->addr_data32[0]; \
        (b)->addr_data32[1] = (a)->addr_data32[1]; \
        (b)->addr_data32[2] = (a)->addr_data32[2]; \
        (b)->addr_data32[3] = (a)->addr_data32[3]; \
    } while (0)

Definition at line 126 of file decode.h.

◆ COPY_PORT

#define COPY_PORT	(	a,
		b
	)	((b) = (a))

Definition at line 238 of file decode.h.

◆ COUNTERS

#define COUNTERS

Definition at line 28 of file decode.h.

◆ DecodeSetNoPacketInspectionFlag

#define DecodeSetNoPacketInspectionFlag ( p )

Value:

        do { \
        (p)->flags |= PKT_NOPACKET_INSPECTION;  \
    } while (0)

Set the No packet inspection Flag for the packet.

Parameters

p	Packet to set the flag in

Definition at line 968 of file decode.h.

◆ DecodeSetNoPayloadInspectionFlag

#define DecodeSetNoPayloadInspectionFlag ( p )

Value:

        do { \
        (p)->flags |= PKT_NOPAYLOAD_INSPECTION;  \
    } while (0)

Set the No payload inspection Flag for the packet.

Parameters

p	Packet to set the flag in

Definition at line 956 of file decode.h.

◆ DecodeUnsetNoPacketInspectionFlag

#define DecodeUnsetNoPacketInspectionFlag ( p )

Value:

        do { \
        (p)->flags &= ~PKT_NOPACKET_INSPECTION;  \
    } while (0)

Definition at line 971 of file decode.h.

◆ DecodeUnsetNoPayloadInspectionFlag

#define DecodeUnsetNoPayloadInspectionFlag ( p )

Value:

        do { \
        (p)->flags &= ~PKT_NOPAYLOAD_INSPECTION;  \
    } while (0)

Definition at line 960 of file decode.h.

◆ DEFAULT_MTU

#define DEFAULT_MTU 1500

Definition at line 612 of file decode.h.

◆ DEFAULT_PACKET_SIZE

#define DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN)

Definition at line 615 of file decode.h.

◆ ENGINE_ISSET_EVENT

#define ENGINE_ISSET_EVENT	(	p,
		e
	)

Value:

    ({ \
    int r = 0; \
    uint8_t u; \
    for (u = 0; u < (p)->events.cnt; u++) { \
        if ((p)->events.events[u] == (e)) { \
            r = 1; \
            break; \
        } \
    } \
    r; \
})

Definition at line 991 of file decode.h.

◆ ENGINE_SET_EVENT

#define ENGINE_SET_EVENT	(	p,
		e
	)

Value:

    do { \
    SCLogDebug("p %p event %d", (p), e); \
    if ((p)->events.cnt < PACKET_ENGINE_EVENT_MAX) { \
        (p)->events.events[(p)->events.cnt] = e; \
        (p)->events.cnt++; \
    } \
} while(0)

Definition at line 976 of file decode.h.

◆ ENGINE_SET_INVALID_EVENT

#define ENGINE_SET_INVALID_EVENT	(	p,
		e
	)

Value:

    do { \
    p->flags |= PKT_IS_INVALID; \
    ENGINE_SET_EVENT(p, e); \
} while(0)

Definition at line 984 of file decode.h.

◆ GET_IPV4_DST_ADDR_PTR

#define GET_IPV4_DST_ADDR_PTR ( p ) ((p)->dst.addr_data32)

Definition at line 216 of file decode.h.

◆ GET_IPV4_DST_ADDR_U32

#define GET_IPV4_DST_ADDR_U32 ( p ) ((p)->dst.addr_data32[0])

Definition at line 214 of file decode.h.

◆ GET_IPV4_SRC_ADDR_PTR

#define GET_IPV4_SRC_ADDR_PTR ( p ) ((p)->src.addr_data32)

Definition at line 215 of file decode.h.

◆ GET_IPV4_SRC_ADDR_U32

#define GET_IPV4_SRC_ADDR_U32 ( p ) ((p)->src.addr_data32[0])

Definition at line 213 of file decode.h.

◆ GET_IPV6_DST_ADDR

#define GET_IPV6_DST_ADDR ( p ) ((p)->dst.addr_data32)

Definition at line 221 of file decode.h.

◆ GET_IPV6_DST_IN6ADDR

#define GET_IPV6_DST_IN6ADDR ( p ) ((p)->dst.addr_in6addr)

Definition at line 219 of file decode.h.

◆ GET_IPV6_SRC_ADDR

#define GET_IPV6_SRC_ADDR ( p ) ((p)->src.addr_data32)

Definition at line 220 of file decode.h.

◆ GET_IPV6_SRC_IN6ADDR

#define GET_IPV6_SRC_IN6ADDR ( p ) ((p)->src.addr_in6addr)

Definition at line 218 of file decode.h.

◆ GET_PKT_DATA

#define GET_PKT_DATA ( p ) ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt)

Definition at line 226 of file decode.h.

◆ GET_PKT_DIRECT_DATA

#define GET_PKT_DIRECT_DATA ( p ) (uint8_t *)((p) + 1)

Definition at line 227 of file decode.h.

◆ GET_PKT_DIRECT_MAX_SIZE

#define GET_PKT_DIRECT_MAX_SIZE ( p ) (default_packet_size)

Definition at line 228 of file decode.h.

◆ GET_PKT_LEN

#define GET_PKT_LEN ( p ) ((p)->pktlen)

Definition at line 225 of file decode.h.

◆ GET_TCP_DST_PORT

#define GET_TCP_DST_PORT ( p ) ((p)->dp)

Definition at line 223 of file decode.h.

◆ GET_TCP_SRC_PORT

#define GET_TCP_SRC_PORT ( p ) ((p)->sp)

Definition at line 222 of file decode.h.

◆ icmpv4vars

#define icmpv4vars l4vars.icmpv4vars

Definition at line 520 of file decode.h.

◆ icmpv6vars

#define icmpv6vars l4vars.icmpv6vars

Definition at line 521 of file decode.h.

◆ IP_GET_IPPROTO

#define IP_GET_IPPROTO ( p )

Value:

(p->proto ? p->proto : \

(PKT_IS_IPV4((p))? IPV4_GET_IPPROTO((p)) : (PKT_IS_IPV6((p))? IPV6_GET_L4PROTO((p)) : 0)))

Definition at line 264 of file decode.h.

◆ IP_GET_RAW_VER

#define IP_GET_RAW_VER ( pkt ) ((((pkt)[0] & 0xf0) >> 4))

Definition at line 250 of file decode.h.

◆ IPH_IS_VALID

#define IPH_IS_VALID ( p ) (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p)))

Definition at line 261 of file decode.h.

◆ IS_TUNNEL_PKT

#define IS_TUNNEL_PKT ( p ) (((p)->flags & PKT_TUNNEL))

Definition at line 871 of file decode.h.

◆ IS_TUNNEL_PKT_VERDICTED

#define IS_TUNNEL_PKT_VERDICTED ( p ) (((p)->flags & PKT_TUNNEL_VERDICTED))

Definition at line 876 of file decode.h.

◆ IS_TUNNEL_ROOT_PKT

#define IS_TUNNEL_ROOT_PKT ( p ) (IS_TUNNEL_PKT(p) && (p)->root == NULL)

Definition at line 874 of file decode.h.

◆ LINKTYPE_ETHERNET

#define LINKTYPE_ETHERNET DLT_EN10MB

Definition at line 1057 of file decode.h.

◆ LINKTYPE_GRE_OVER_IP

#define LINKTYPE_GRE_OVER_IP 778

Definition at line 1065 of file decode.h.

◆ LINKTYPE_IPV4

#define LINKTYPE_IPV4 228

Definition at line 1064 of file decode.h.

◆ LINKTYPE_LINUX_SLL

#define LINKTYPE_LINUX_SLL 113

Definition at line 1058 of file decode.h.

◆ LINKTYPE_NULL

#define LINKTYPE_NULL DLT_NULL

libpcap shows us the way to linktype codes

Todo:: we need more & maybe put them in a separate file?

Definition at line 1056 of file decode.h.

◆ LINKTYPE_PPP

#define LINKTYPE_PPP 9

Definition at line 1059 of file decode.h.

◆ LINKTYPE_RAW

#define LINKTYPE_RAW DLT_RAW

Definition at line 1060 of file decode.h.

◆ LINKTYPE_RAW2

#define LINKTYPE_RAW2 101

Definition at line 1063 of file decode.h.

◆ MAX_PAYLOAD_SIZE

#define MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28)

Definition at line 617 of file decode.h.

◆ MINIMUM_MTU

#define MINIMUM_MTU 68

ipv4 minimum: rfc791

Definition at line 613 of file decode.h.

◆ PACKET_ACCEPT

#define PACKET_ACCEPT ( p ) PACKET_SET_ACTION(p, ACTION_ACCEPT)

Definition at line 835 of file decode.h.

◆ PACKET_ALERT

#define PACKET_ALERT ( p ) PACKET_SET_ACTION(p, ACTION_ALERT)

Definition at line 833 of file decode.h.

◆ PACKET_ALERT_FLAG_DROP_FLOW

#define PACKET_ALERT_FLAG_DROP_FLOW 0x01

After processing an alert by the thresholding module, if at last it gets triggered, we might want to stick the drop action to the flow on IPS mode

Definition at line 281 of file decode.h.

◆ PACKET_ALERT_FLAG_STATE_MATCH

#define PACKET_ALERT_FLAG_STATE_MATCH 0x02

alert was generated based on state

Definition at line 283 of file decode.h.

◆ PACKET_ALERT_FLAG_STREAM_MATCH

#define PACKET_ALERT_FLAG_STREAM_MATCH 0x04

alert was generated based on stream

Definition at line 285 of file decode.h.

◆ PACKET_ALERT_FLAG_TX

#define PACKET_ALERT_FLAG_TX 0x08

alert is in a tx, tx_id set

Definition at line 287 of file decode.h.

◆ PACKET_ALERT_MAX

#define PACKET_ALERT_MAX 15

Definition at line 291 of file decode.h.

◆ PACKET_ALERT_RATE_FILTER_MODIFIED

#define PACKET_ALERT_RATE_FILTER_MODIFIED 0x10

action was changed by rate_filter

Definition at line 289 of file decode.h.

◆ PACKET_CLEAR_L4VARS

#define PACKET_CLEAR_L4VARS ( p )

Value:

        do {                         \
        memset(&(p)->l4vars, 0x00, sizeof((p)->l4vars));    \
    } while (0)

Definition at line 696 of file decode.h.

◆ PACKET_DESTRUCTOR

#define PACKET_DESTRUCTOR ( p )

Value:

        do {                  \
        if ((p)->pktvar != NULL) {              \
            PktVarFree((p)->pktvar);            \
        }                                       \
        PACKET_FREE_EXTDATA((p));               \
        SCMutexDestroy(&(p)->tunnel_mutex);     \
        AppLayerDecoderEventsFreeEvents(&(p)->app_layer_events); \
        PACKET_PROFILING_RESET((p));            \
    } while (0)

Cleanup a packet so that we can free it. No memset needed..

Definition at line 812 of file decode.h.

◆ PACKET_DROP

#define PACKET_DROP ( p ) PACKET_SET_ACTION(p, ACTION_DROP)

Definition at line 837 of file decode.h.

◆ PACKET_ENGINE_EVENT_MAX

#define PACKET_ENGINE_EVENT_MAX 15

number of decoder events we support per packet. Power of 2 minus 1 for memory layout

Definition at line 303 of file decode.h.

◆ PACKET_FREE_EXTDATA

#define PACKET_FREE_EXTDATA ( p )

Value:

        do {                 \
        if ((p)->ext_pkt) {                         \
            if (!((p)->flags & PKT_ZERO_COPY)) {    \
                SCFree((p)->ext_pkt);               \
            }                                       \
            (p)->ext_pkt = NULL;                    \
        }                                           \
    } while(0)

Definition at line 709 of file decode.h.

◆ PACKET_INITIALIZE

#define PACKET_INITIALIZE ( p )

Value:

    {         \
    SCMutexInit(&(p)->tunnel_mutex, NULL); \
    PACKET_RESET_CHECKSUMS((p)); \
    (p)->livedev = NULL; \
}

Initialize a packet structure for use.

Definition at line 721 of file decode.h.

◆ PACKET_PASS

#define PACKET_PASS ( p ) PACKET_SET_ACTION(p, ACTION_PASS)

Definition at line 845 of file decode.h.

◆ PACKET_RECYCLE

#define PACKET_RECYCLE ( p )

Value:

        do { \
        PACKET_RELEASE_REFS((p)); \
        PACKET_REINIT((p)); \
    } while (0)

Definition at line 804 of file decode.h.

◆ PACKET_REINIT

#define PACKET_REINIT ( p )

Recycle a packet structure for reuse.

Definition at line 736 of file decode.h.

◆ PACKET_REJECT

#define PACKET_REJECT ( p ) PACKET_SET_ACTION(p, (ACTION_REJECT|ACTION_DROP))

Definition at line 839 of file decode.h.

◆ PACKET_REJECT_BOTH

#define PACKET_REJECT_BOTH ( p ) PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH|ACTION_DROP))

Definition at line 843 of file decode.h.

◆ PACKET_REJECT_DST

#define PACKET_REJECT_DST ( p ) PACKET_SET_ACTION(p, (ACTION_REJECT_DST|ACTION_DROP))

Definition at line 841 of file decode.h.

◆ PACKET_RELEASE_REFS

#define PACKET_RELEASE_REFS ( p )

Value:

        do {              \
        FlowDeReference(&((p)->flow));          \
        HostDeReference(&((p)->host_src));      \
        HostDeReference(&((p)->host_dst));      \
    } while (0)

Definition at line 727 of file decode.h.

◆ PACKET_RESET_CHECKSUMS

#define PACKET_RESET_CHECKSUMS ( p )

Value:

        do { \
        (p)->level3_comp_csum = -1;   \
        (p)->level4_comp_csum = -1;   \
    } while (0)

reset these to -1(indicates that the packet is fresh from the queue)

Definition at line 703 of file decode.h.

◆ PACKET_SET_ACTION

#define PACKET_SET_ACTION	(	p,
		a
	)

Value:

    do { \
    ((p)->root ? \
     ((p)->root->action = a) : \
     ((p)->action = a)); \
} while (0)

Definition at line 827 of file decode.h.

◆ PACKET_TEST_ACTION

#define PACKET_TEST_ACTION	(	p,
		a
	)

Value:

    ((p)->root ? \
     ((p)->root->action & a) : \
     ((p)->action & a))

Definition at line 847 of file decode.h.

◆ PACKET_UPDATE_ACTION

#define PACKET_UPDATE_ACTION	(	p,
		a
	)

Value:

    do { \
    ((p)->root ? \
     ((p)->root->action |= a) : \
     ((p)->action |= a)); \
} while (0)

Definition at line 852 of file decode.h.

◆ PKT_ALLOC

#define PKT_ALLOC (1<<3)

Packet was alloc'd this run, needs to be freed

Definition at line 1072 of file decode.h.

◆ PKT_DETECT_HAS_STREAMDATA

#define PKT_DETECT_HAS_STREAMDATA (1<<26)

Set by Detect() if raw stream data is available.

Definition at line 1106 of file decode.h.

◆ PKT_HAS_FLOW

#define PKT_HAS_FLOW (1<<8)

Definition at line 1077 of file decode.h.

◆ PKT_HAS_TAG

#define PKT_HAS_TAG (1<<4)

Packet has matched a tag

Definition at line 1073 of file decode.h.

◆ PKT_HOST_DST_LOOKED_UP

#define PKT_HOST_DST_LOOKED_UP (1<<18)

Definition at line 1090 of file decode.h.

◆ PKT_HOST_SRC_LOOKED_UP

#define PKT_HOST_SRC_LOOKED_UP (1<<17)

Definition at line 1089 of file decode.h.

◆ PKT_IGNORE_CHECKSUM

#define PKT_IGNORE_CHECKSUM (1<<15)

Packet checksum is not computed (TX packet for example)

Definition at line 1086 of file decode.h.

◆ PKT_IS_FRAGMENT

#define PKT_IS_FRAGMENT (1<<19)

Packet is a fragment

Definition at line 1092 of file decode.h.

◆ PKT_IS_ICMPV4

#define PKT_IS_ICMPV4 ( p ) (((p)->icmpv4h != NULL))

Definition at line 256 of file decode.h.

◆ PKT_IS_ICMPV6

#define PKT_IS_ICMPV6 ( p ) (((p)->icmpv6h != NULL))

Definition at line 257 of file decode.h.

◆ PKT_IS_INVALID

#define PKT_IS_INVALID (1<<20)

Definition at line 1093 of file decode.h.

◆ PKT_IS_IPV4

#define PKT_IS_IPV4 ( p ) (((p)->ip4h != NULL))

Definition at line 252 of file decode.h.

◆ PKT_IS_IPV6

#define PKT_IS_IPV6 ( p ) (((p)->ip6h != NULL))

Definition at line 253 of file decode.h.

◆ PKT_IS_PSEUDOPKT

#define PKT_IS_PSEUDOPKT ( p ) ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH))

return 1 if the packet is a pseudo packet

Definition at line 1115 of file decode.h.

◆ PKT_IS_TCP

#define PKT_IS_TCP ( p ) (((p)->tcph != NULL))

Definition at line 254 of file decode.h.

◆ PKT_IS_TOCLIENT

#define PKT_IS_TOCLIENT ( p ) (((p)->flowflags & FLOW_PKT_TOCLIENT))

Definition at line 259 of file decode.h.

◆ PKT_IS_TOSERVER

#define PKT_IS_TOSERVER ( p ) (((p)->flowflags & FLOW_PKT_TOSERVER))

Definition at line 258 of file decode.h.

◆ PKT_IS_UDP

#define PKT_IS_UDP ( p ) (((p)->udph != NULL))

Definition at line 255 of file decode.h.

◆ PKT_MARK_MODIFIED

#define PKT_MARK_MODIFIED (1<<11)

Packet mark is modified

Definition at line 1080 of file decode.h.

◆ PKT_NOPACKET_INSPECTION

#define PKT_NOPACKET_INSPECTION (1)

Flag to indicate that packet header or contents should not be inspected

Definition at line 1070 of file decode.h.

◆ PKT_NOPAYLOAD_INSPECTION

#define PKT_NOPAYLOAD_INSPECTION (1<<2)

Flag to indicate that packet contents should not be inspected

Definition at line 1071 of file decode.h.

◆ PKT_PROFILE

#define PKT_PROFILE (1<<21)

Definition at line 1094 of file decode.h.

◆ PKT_PROTO_DETECT_TC_DONE

#define PKT_PROTO_DETECT_TC_DONE (1<<24)

Definition at line 1102 of file decode.h.

◆ PKT_PROTO_DETECT_TS_DONE

#define PKT_PROTO_DETECT_TS_DONE (1<<23)

protocol detection done

Definition at line 1101 of file decode.h.

◆ PKT_PSEUDO_DETECTLOG_FLUSH

#define PKT_PSEUDO_DETECTLOG_FLUSH (1<<27)

Detect/log flush for protocol upgrade

Definition at line 1108 of file decode.h.

◆ PKT_PSEUDO_STREAM_END

#define PKT_PSEUDO_STREAM_END (1<<9)

Pseudo packet to end the stream

Definition at line 1078 of file decode.h.

◆ PKT_REBUILT_FRAGMENT

#define PKT_REBUILT_FRAGMENT (1<<25)

Packet is rebuilt from fragments.

Definition at line 1104 of file decode.h.

◆ PKT_SET_SRC

#define PKT_SET_SRC	(	p,
		src_val
	)	((p)->pkt_src = src_val)

Definition at line 1118 of file decode.h.

◆ PKT_STREAM_ADD

#define PKT_STREAM_ADD (1<<5)

Packet payload was added to reassembled stream

Definition at line 1074 of file decode.h.

◆ PKT_STREAM_EOF

#define PKT_STREAM_EOF (1<<7)

Stream is in eof state

Definition at line 1076 of file decode.h.

◆ PKT_STREAM_EST

#define PKT_STREAM_EST (1<<6)

Packet is part of established stream

Definition at line 1075 of file decode.h.

◆ PKT_STREAM_MODIFIED

#define PKT_STREAM_MODIFIED (1<<10)

Packet is modified by the stream engine, we need to recalc the csum and reinject/replace

Definition at line 1079 of file decode.h.

◆ PKT_STREAM_NO_EVENTS

#define PKT_STREAM_NO_EVENTS (1<<28)

Packet is part of stream in known bad condition (loss, wrong thread), so flag it for not setting stream events

Definition at line 1112 of file decode.h.

◆ PKT_STREAM_NOPCAPLOG

#define PKT_STREAM_NOPCAPLOG (1<<12)

Exclude packet from pcap logging as it's part of a stream that has reassembly depth reached.

Definition at line 1081 of file decode.h.

◆ PKT_TUNNEL

#define PKT_TUNNEL (1<<13)

Definition at line 1083 of file decode.h.

◆ PKT_TUNNEL_VERDICTED

#define PKT_TUNNEL_VERDICTED (1<<14)

Definition at line 1084 of file decode.h.

◆ PKT_WANTS_FLOW

#define PKT_WANTS_FLOW (1<<22)

indication by decoder that it feels the packet should be handled by flow engine: Packet::flow_hash will be set

Definition at line 1098 of file decode.h.

◆ PKT_ZERO_COPY

#define PKT_ZERO_COPY (1<<16)

Packet comes from zero copy (ext_pkt must not be freed)

Definition at line 1087 of file decode.h.

◆ PPP_OVER_GRE

#define PPP_OVER_GRE 11

Definition at line 1066 of file decode.h.

◆ SET_IPV4_DST_ADDR

#define SET_IPV4_DST_ADDR	(	p,
		a
	)

Value:

        do {                              \
        (a)->family = AF_INET;                                    \
        (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \
        (a)->addr_data32[1] = 0;                                  \
        (a)->addr_data32[2] = 0;                                  \
        (a)->addr_data32[3] = 0;                                  \
    } while (0)

Definition at line 147 of file decode.h.

◆ SET_IPV4_SRC_ADDR

#define SET_IPV4_SRC_ADDR	(	p,
		a
	)

Value:

        do {                              \
        (a)->family = AF_INET;                                    \
        (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \
        (a)->addr_data32[1] = 0;                                  \
        (a)->addr_data32[2] = 0;                                  \
        (a)->addr_data32[3] = 0;                                  \
    } while (0)

Definition at line 139 of file decode.h.

◆ SET_IPV6_DST_ADDR

#define SET_IPV6_DST_ADDR	(	p,
		a
	)

Value:

        do {                    \
        (a)->family = AF_INET6;                         \
        (a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0];  \
        (a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1];  \
        (a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2];  \
        (a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3];  \
    } while (0)

Definition at line 174 of file decode.h.

◆ SET_IPV6_SRC_ADDR

#define SET_IPV6_SRC_ADDR	(	p,
		a
	)

Value:

        do {                    \
        (a)->family = AF_INET6;                         \
        (a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0];  \
        (a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1];  \
        (a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2];  \
        (a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3];  \
    } while (0)

Definition at line 166 of file decode.h.

◆ SET_PKT_LEN

#define SET_PKT_LEN	(	p,
		len
	)

Value:

    do { \
    (p)->pktlen = (len); \
    } while (0)

Definition at line 230 of file decode.h.

◆ SET_PORT

#define SET_PORT	(	v,
		p
	)	((p) = (v))

Definition at line 237 of file decode.h.

◆ SET_SCTP_DST_PORT

#define SET_SCTP_DST_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(SCTP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 207 of file decode.h.

◆ SET_SCTP_SRC_PORT

#define SET_SCTP_SRC_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(SCTP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 203 of file decode.h.

◆ SET_TCP_DST_PORT

#define SET_TCP_DST_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(TCP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 188 of file decode.h.

◆ SET_TCP_SRC_PORT

#define SET_TCP_SRC_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(TCP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 184 of file decode.h.

◆ SET_TUNNEL_PKT

#define SET_TUNNEL_PKT ( p ) ((p)->flags |= PKT_TUNNEL)

Definition at line 872 of file decode.h.

◆ SET_TUNNEL_PKT_VERDICTED

#define SET_TUNNEL_PKT_VERDICTED ( p ) ((p)->flags |= PKT_TUNNEL_VERDICTED)

Definition at line 877 of file decode.h.

◆ SET_UDP_DST_PORT

#define SET_UDP_DST_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(UDP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 197 of file decode.h.

◆ SET_UDP_SRC_PORT

#define SET_UDP_SRC_PORT	(	pkt,
		prt
	)

Value:

        do {            \
        SET_PORT(UDP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 194 of file decode.h.

◆ SIZE_OF_PACKET

#define SIZE_OF_PACKET (default_packet_size + sizeof(Packet))

Definition at line 619 of file decode.h.

◆ tcpvars

#define tcpvars l4vars.tcpvars

Definition at line 519 of file decode.h.

◆ TUNNEL_INCR_PKT_RTV_NOLOCK

#define TUNNEL_INCR_PKT_RTV_NOLOCK ( p )

Value:

        do {                                          \
        ((p)->root ? (p)->root->tunnel_rtv_cnt++ : (p)->tunnel_rtv_cnt++);          \
    } while (0)

Definition at line 858 of file decode.h.

◆ TUNNEL_INCR_PKT_TPR

#define TUNNEL_INCR_PKT_TPR ( p )

Value:

        do {                                                 \
        SCMutexLock((p)->root ? &(p)->root->tunnel_mutex : &(p)->tunnel_mutex);     \
        ((p)->root ? (p)->root->tunnel_tpr_cnt++ : (p)->tunnel_tpr_cnt++);          \
        SCMutexUnlock((p)->root ? &(p)->root->tunnel_mutex : &(p)->tunnel_mutex);   \
    } while (0)

Definition at line 862 of file decode.h.

◆ TUNNEL_PKT_RTV

#define TUNNEL_PKT_RTV ( p ) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)

Definition at line 868 of file decode.h.

◆ TUNNEL_PKT_TPR

#define TUNNEL_PKT_TPR ( p ) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)

Definition at line 869 of file decode.h.

◆ UNSET_TUNNEL_PKT

#define UNSET_TUNNEL_PKT ( p ) ((p)->flags &= ~PKT_TUNNEL)

Definition at line 873 of file decode.h.

◆ VLAN_OVER_GRE

#define VLAN_OVER_GRE 13

Definition at line 1067 of file decode.h.

Typedef Documentation

◆ Address

typedef struct Address_ Address

◆ AppLayerDecoderEvents

typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents

Definition at line 106 of file decode.h.

◆ AppLayerThreadCtx

typedef struct AppLayerThreadCtx_ AppLayerThreadCtx

Definition at line 100 of file decode.h.

◆ CaptureStats

typedef struct CaptureStats_ CaptureStats

◆ DecoderFunc

typedef int(* DecoderFunc) (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)

Definition at line 947 of file decode.h.

◆ DecodeThreadVars

typedef struct DecodeThreadVars_ DecodeThreadVars

Structure to hold thread specific data for all decode modules.

◆ Packet

typedef struct Packet_ Packet

◆ PacketAlert

typedef struct PacketAlert_ PacketAlert

◆ PacketAlerts

typedef struct PacketAlerts_ PacketAlerts

◆ PacketEngineEvents

typedef struct PacketEngineEvents_ PacketEngineEvents

data structure to store decoder, defrag and stream events

◆ PktProfiling

typedef struct PktProfiling_ PktProfiling

Per pkt stats storage.

◆ PktProfilingAppData

typedef struct PktProfilingAppData_ PktProfilingAppData

◆ PktProfilingData

typedef struct PktProfilingData_ PktProfilingData

◆ PktProfilingDetectData

typedef struct PktProfilingDetectData_ PktProfilingDetectData

◆ PktProfilingLoggerData

typedef struct PktProfilingLoggerData_ PktProfilingLoggerData

◆ PktProfilingPrefilterData

typedef struct PktProfilingPrefilterData_ PktProfilingPrefilterData

◆ PktProfilingPrefilterEngine

typedef struct PktProfilingPrefilterEngine_ PktProfilingPrefilterEngine

◆ PktProfilingTmmData

typedef struct PktProfilingTmmData_ PktProfilingTmmData

Per TMM stats storage.

◆ PktVar

typedef struct PktVar_ PktVar

◆ Port

typedef uint16_t Port

Definition at line 236 of file decode.h.

Enumeration Type Documentation

◆ ChecksumValidationMode

enum ChecksumValidationMode

Enumerator
CHECKSUM_VALIDATION_DISABLE
CHECKSUM_VALIDATION_ENABLE
CHECKSUM_VALIDATION_AUTO
CHECKSUM_VALIDATION_RXONLY
CHECKSUM_VALIDATION_KERNEL

Definition at line 40 of file decode.h.

◆ DecodeTunnelProto

enum DecodeTunnelProto

Enumerator
DECODE_TUNNEL_ETHERNET
DECODE_TUNNEL_ERSPANII
DECODE_TUNNEL_ERSPANI
DECODE_TUNNEL_VLAN
DECODE_TUNNEL_IPV4
DECODE_TUNNEL_IPV6
DECODE_TUNNEL_IPV6_TEREDO	separate protocol for stricter error handling
DECODE_TUNNEL_PPP

Definition at line 879 of file decode.h.

◆ PktSrcEnum

enum PktSrcEnum

Enumerator
PKT_SRC_WIRE
PKT_SRC_DECODER_GRE
PKT_SRC_DECODER_IPV4
PKT_SRC_DECODER_IPV6
PKT_SRC_DECODER_TEREDO
PKT_SRC_DEFRAG
PKT_SRC_FFR
PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH
PKT_SRC_DECODER_VXLAN
PKT_SRC_DETECT_RELOAD_FLUSH
PKT_SRC_CAPTURE_TIMEOUT

Definition at line 48 of file decode.h.

Function Documentation

◆ AppLayerDecoderEventsFreeEvents()

void AppLayerDecoderEventsFreeEvents ( AppLayerDecoderEvents ** events )

Definition at line 148 of file app-layer-events.c.

References SCFree.

Referenced by AppLayerParserStateFree(), and InitGlobal().

Here is the caller graph for this function:

◆ AppLayerDecoderEventsResetEvents()

void AppLayerDecoderEventsResetEvents ( AppLayerDecoderEvents * events )

Definition at line 141 of file app-layer-events.c.

References AppLayerDecoderEvents_::cnt.

◆ DecodeERSPAN()

int DecodeERSPAN	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

ERSPAN Type II.

Definition at line 60 of file decode-erspan.c.

References DecodeThreadVars_::counter_erspan, DecodeEthernet(), dtv, ENGINE_SET_EVENT, ERSPAN_HEADER_TOO_SMALL, ERSPAN_TOO_MANY_VLAN_LAYERS, ERSPAN_UNSUPPORTED_VERSION, len, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, tv, version, Packet_::vlan_id, and Packet_::vlan_idx.

Referenced by DecodeTunnel().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeERSPANTypeI()

int DecodeERSPANTypeI	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len
	)

Functions to decode ERSPAN Type I and II packets.

ERSPAN Type I

Definition at line 49 of file decode-erspan.c.

References DecodeThreadVars_::counter_erspan, DecodeEthernet(), dtv, len, StatsIncr(), and tv.

Referenced by DecodeTunnel().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeEthernet()

int DecodeEthernet	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Definition at line 41 of file decode-ethernet.c.

References DecodeThreadVars_::counter_eth, DCE_PKT_TOO_SMALL, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), dtv, ENGINE_SET_INVALID_EVENT, ETHERNET_DCE_HEADER_LEN, ETHERNET_HEADER_LEN, ETHERNET_PKT_TOO_SMALL, ETHERNET_TYPE_8021QINQ, ETHERNET_TYPE_DCE, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_MPLS_MULTICAST, ETHERNET_TYPE_MPLS_UNICAST, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, Packet_::ethh, len, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.

Referenced by DecodeErfDag(), DecodeERSPAN(), DecodeERSPANTypeI(), DecodeEthernet(), DecodeMPLS(), DecodePfring(), DecodeTunnel(), NapatechDecode(), UTHBuildPacketArrayFromEth(), UTHBuildPacketFromEth(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeGRE()

int DecodeGRE	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Function to decode GRE packets.

Todo:: We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.

Todo:: We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.

Definition at line 46 of file decode-gre.c.

References DecodeThreadVars_::counter_gre, ThreadVars_::decode_pq, DECODE_TUNNEL_ERSPANI, DECODE_TUNNEL_ERSPANII, DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_PPP, DECODE_TUNNEL_VLAN, dtv, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_BRIDGE, ETHERNET_TYPE_ERSPAN, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, GRE_CHKSUM_LEN, GRE_FLAG_ISSET_CHKSUM, GRE_FLAG_ISSET_KY, GRE_FLAG_ISSET_RECUR, GRE_FLAG_ISSET_ROUTE, GRE_FLAG_ISSET_SQ, GRE_FLAG_ISSET_SSR, GRE_GET_PROTO, GRE_GET_VERSION, GRE_HDR_LEN, GRE_KEY_LEN, GRE_OFFSET_LEN, GRE_PKT_TOO_SMALL, GRE_PROTO_PPP, GRE_SEQ_LEN, GRE_SRE_HDR_LEN, GRE_VERSION0_FLAGS, GRE_VERSION0_HDR_TOO_BIG, GRE_VERSION0_MALFORMED_SRE_HDR, GRE_VERSION0_RECUR, GRE_VERSION1_CHKSUM, GRE_VERSION1_FLAGS, GRE_VERSION1_HDR_TOO_BIG, GRE_VERSION1_NO_KEY, GRE_VERSION1_RECUR, GRE_VERSION1_ROUTE, GRE_VERSION1_SSR, GRE_VERSION1_WRONG_PROTOCOL, GRE_VERSION_0, GRE_VERSION_1, GRE_WRONG_VERSION, Packet_::greh, GREV1_ACK_LEN, GREV1_FLAG_ISSET_ACK, GREV1_FLAG_ISSET_FLAGS, len, PacketEnqueueNoLock(), PacketTunnelPktSetup(), PKT_SET_SRC, PKT_SRC_DECODER_GRE, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and tv.

Here is the call graph for this function:

◆ DecodeICMPV4()

int DecodeICMPV4	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len
	)

Main ICMPv4 decoding function.

DecodeICMPV4

Definition at line 155 of file decode-icmpv4.c.

References DecodeThreadVars_::counter_icmpv4, dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, Packet_::icmp_d, Packet_::icmp_s, ICMPV4_HEADER_LEN, ICMPV4_HEADER_PKT_OFFSET, ICMPV4_PKT_TOO_SMALL, ICMPV4_UNKNOWN_CODE, ICMPv4GetCounterpart(), Packet_::icmpv4h, Packet_::icmpv4vars, ICMPV4ExtHdr_::id, ICMPV4Vars_::id, len, Packet_::payload, Packet_::payload_len, Packet_::proto, SCLogDebug, ICMPV4ExtHdr_::seq, ICMPV4Vars_::seq, StatsIncr(), TM_ECODE_FAILED, and tv.

Here is the call graph for this function:

◆ DecodeICMPV6()

int DecodeICMPV6	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len
	)

Decode ICMPV6 packets and fill the Packet with the decoded info.

Parameters

tv	Pointer to the thread variables
dtv	Pointer to the decode thread variables
p	Pointer to the packet we are filling
pkt	Pointer to the raw packet buffer
len	the len of the rest of the packet not processed yet

Return values

void	No return value

Definition at line 188 of file decode-icmpv6.c.

References ICMPV6Hdr_::code, DecodeThreadVars_::counter_icmpv6, dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_REJECTROUTE, Packet_::icmp_d, Packet_::icmp_s, ICMPV6_GET_CODE, ICMPV6_GET_TYPE, ICMPV6_HEADER_LEN, ICMPV6_PKT_TOO_SMALL, ICMPV6_UNKNOWN_CODE, ICMPv6GetCounterpart(), Packet_::icmpv6h, len, Packet_::payload, Packet_::payload_len, Packet_::proto, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, tv, ICMPV6Hdr_::type, and unlikely.

Here is the call graph for this function:

◆ DecodeIPV4()

int DecodeIPV4	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint16_t
	)

Definition at line 517 of file decode-ipv4.c.

References DecodeThreadVars_::counter_ipv4, dtv, len, SCLogDebug, StatsIncr(), tv, and unlikely.

Referenced by DecodeEthernet(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeIPV6()

int DecodeIPV6	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint16_t
	)

Definition at line 580 of file decode-ipv6.c.

References DecodeThreadVars_::counter_ipv6, dtv, StatsIncr(), and tv.

Referenced by DecodeEthernet(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeIPV6FragHeader()

void DecodeIPV6FragHeader	(	Packet *	p,
		const uint8_t *	pkt,
		uint16_t	hdrextlen,
		uint16_t	plen,
		uint16_t	prev_hdrextlen
	)

Definition at line 100 of file decode-ipv6.c.

References FALSE, IPV6ExtHdrs_::fh_data_len, IPV6ExtHdrs_::fh_data_offset, IPV6ExtHdrs_::fh_header_offset, IPV6ExtHdrs_::fh_id, IPV6ExtHdrs_::fh_more_frags_set, IPV6ExtHdrs_::fh_nh, IPV6ExtHdrs_::fh_offset, IPV6ExtHdrs_::fh_prev_hdr_offset, GET_PKT_DATA, Packet_::ip6eh, SCLogDebug, SCNtohl, and TRUE.

◆ DecodeMPLS()

int DecodeMPLS	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Definition at line 47 of file decode-mpls.c.

References DecodeThreadVars_::counter_mpls, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, len, MPLS_BAD_LABEL_IMPLICIT_NULL, MPLS_BAD_LABEL_RESERVED, MPLS_BAD_LABEL_ROUTER_ALERT, MPLS_BOTTOM, MPLS_HEADER_LEN, MPLS_HEADER_TOO_SMALL, MPLS_LABEL, MPLS_LABEL_IPV4, MPLS_LABEL_IPV6, MPLS_LABEL_NULL, MPLS_LABEL_ROUTER_ALERT, MPLS_MAX_RESERVED_LABEL, MPLS_PKT_TOO_SMALL, MPLS_PROTO_ETHERNET_PW, MPLS_PROTO_IPV4, MPLS_PROTO_IPV6, MPLS_PW_LEN, MPLS_UNKNOWN_PAYLOAD_TYPE, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and tv.

Referenced by DecodeEthernet().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeNull()

int DecodeNull	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Definition at line 48 of file decode-null.c.

References DecodeThreadVars_::counter_null, DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, HDR_SIZE, len, LTNULL_PKT_TOO_SMALL, LTNULL_UNSUPPORTED_TYPE, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, type, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodePPP()

int DecodePPP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Definition at line 43 of file decode-ppp.c.

References DecodeThreadVars_::counter_ppp, DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV6_HEADER_LEN, len, likely, PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HEADER_LEN, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_PKT_TOO_SMALL, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, Packet_::ppph, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPVJU_PKT_TOO_SMALL, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.

Referenced by DecodeTunnel(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodePPPOEDiscovery()

int DecodePPPOEDiscovery	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Main decoding function for PPPOE Discovery packets.

Definition at line 50 of file decode-pppoe.c.

References DecodeThreadVars_::counter_pppoe, dtv, ENGINE_SET_INVALID_EVENT, len, PPPOE_CODE_PADI, PPPOE_CODE_PADO, PPPOE_CODE_PADR, PPPOE_CODE_PADS, PPPOE_CODE_PADT, PPPOE_DISCOVERY_HEADER_MIN_LEN, pppoe_length, PPPOE_MALFORMED_TAGS, PPPOE_PKT_TOO_SMALL, PPPOE_WRONG_CODE, Packet_::pppoedh, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and tv.

Referenced by DecodeEthernet(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodePPPOESession()

int DecodePPPOESession	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Main decoding function for PPPOE Session packets.

Definition at line 130 of file decode-pppoe.c.

References DecodeThreadVars_::counter_pppoe, DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV6_HEADER_LEN, len, PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPOESessionHdr_::pppoe_code, PPPOESessionHdr_::pppoe_length, PPPOE_PKT_TOO_SMALL, PPPOE_SESSION_GET_TYPE, PPPOE_SESSION_GET_VERSION, PPPOE_SESSION_HEADER_LEN, Packet_::pppoesh, PPPVJU_PKT_TOO_SMALL, PPPOESessionHdr_::protocol, SCLogDebug, SCNtohs, PPPOESessionHdr_::session_id, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.

Referenced by DecodeEthernet(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeRaw()

int DecodeRaw	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Definition at line 46 of file decode-raw.c.

References DecodeThreadVars_::counter_raw, DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, IP_GET_RAW_VER, IPRAW_INVALID_IPV, IPV4_HEADER_LEN, IPV4_PKT_TOO_SMALL, len, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeSCTP()

int DecodeSCTP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint16_t
	)

Definition at line 62 of file decode-sctp.c.

References DecodeThreadVars_::counter_sctp, dtv, StatsIncr(), tv, and unlikely.

Here is the call graph for this function:

◆ DecodeSll()

int DecodeSll	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Definition at line 39 of file decode-sll.c.

References DecodeThreadVars_::counter_sll, DecodeIPV4(), DecodeIPV6(), DecodeVLAN(), dtv, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, len, SCLogDebug, SCNtohs, SLL_HEADER_LEN, SLL_PKT_TOO_SMALL, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeTCP()

int DecodeTCP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint16_t
	)

Definition at line 234 of file decode-tcp.c.

References DecodeThreadVars_::counter_tcp, dtv, StatsIncr(), tv, and unlikely.

Here is the call graph for this function:

◆ DecodeTEMPLATE()

int DecodeTEMPLATE	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len
	)

Function to decode TEMPLATE packets.

Parameters

tv	thread vars
dtv	decoder thread vars
p	packet
pkt	raw packet data
len	length in bytes of pkt array

Return values

TM_ECODE_OK or TM_ECODE_FAILED on serious error

Definition at line 49 of file decode-template.c.

References DecodeUDP(), dtv, len, TM_ECODE_FAILED, TM_ECODE_OK, and tv.

Here is the call graph for this function:

◆ DecodeUDP()

int DecodeUDP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint16_t
	)

Definition at line 74 of file decode-udp.c.

References DecodeThreadVars_::counter_udp, dtv, StatsIncr(), tv, and unlikely.

Referenced by DecodeTEMPLATE().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeVLAN()

int DecodeVLAN	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		const uint8_t *	,
		uint32_t
	)

Definition at line 62 of file decode-vlan.c.

References DecodeThreadVars_::counter_vlan, DecodeThreadVars_::counter_vlan_qinq, DecodeIPV4(), DecodeIPV6(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_8021AD, ETHERNET_TYPE_8021AH, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, GET_VLAN_CFI, GET_VLAN_ID, GET_VLAN_PRIORITY, GET_VLAN_PROTO, len, proto, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, unlikely, VLAN_HEADER_LEN, VLAN_HEADER_TOO_MANY_LAYERS, VLAN_HEADER_TOO_SMALL, Packet_::vlan_id, and Packet_::vlan_idx.

Referenced by DecodeEthernet(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ DecodeVXLAN()

int DecodeVXLAN	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len
	)

Parameters

pkt	payload data directly above UDP header
len	length in bytes of pkt

Definition at line 119 of file decode-vxlan.c.

References unlikely.

Variable Documentation

◆ g_default_mtu

int g_default_mtu

highest mtu of the interfaces we monitor

Definition at line 221 of file suricata.c.

Enumerations
enum	ChecksumValidationMode { CHECKSUM_VALIDATION_DISABLE, CHECKSUM_VALIDATION_ENABLE, CHECKSUM_VALIDATION_AUTO, CHECKSUM_VALIDATION_RXONLY, CHECKSUM_VALIDATION_KERNEL }

enum	PktSrcEnum { PKT_SRC_WIRE = 1, PKT_SRC_DECODER_GRE, PKT_SRC_DECODER_IPV4, PKT_SRC_DECODER_IPV6, PKT_SRC_DECODER_TEREDO, PKT_SRC_DEFRAG, PKT_SRC_FFR, PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH, PKT_SRC_DECODER_VXLAN, PKT_SRC_DETECT_RELOAD_FLUSH, PKT_SRC_CAPTURE_TIMEOUT }

enum	DecodeTunnelProto { DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_ERSPANII, DECODE_TUNNEL_ERSPANI, DECODE_TUNNEL_VLAN, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_IPV6_TEREDO, DECODE_TUNNEL_PPP }

Data Structures

Macros

Typedefs

Enumerations

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ addr_data16

◆ addr_data32

◆ addr_data8

◆ addr_in6addr

◆ CLEAR_ADDR

◆ CMP_ADDR

◆ CMP_PORT

◆ COPY_ADDRESS

◆ COPY_PORT

◆ COUNTERS

◆ DecodeSetNoPacketInspectionFlag

◆ DecodeSetNoPayloadInspectionFlag

◆ DecodeUnsetNoPacketInspectionFlag

◆ DecodeUnsetNoPayloadInspectionFlag

◆ DEFAULT_MTU

◆ DEFAULT_PACKET_SIZE

◆ ENGINE_ISSET_EVENT

◆ ENGINE_SET_EVENT

◆ ENGINE_SET_INVALID_EVENT

◆ GET_IPV4_DST_ADDR_PTR

◆ GET_IPV4_DST_ADDR_U32

◆ GET_IPV4_SRC_ADDR_PTR

◆ GET_IPV4_SRC_ADDR_U32

◆ GET_IPV6_DST_ADDR

◆ GET_IPV6_DST_IN6ADDR

◆ GET_IPV6_SRC_ADDR

◆ GET_IPV6_SRC_IN6ADDR

◆ GET_PKT_DATA

◆ GET_PKT_DIRECT_DATA

◆ GET_PKT_DIRECT_MAX_SIZE

◆ GET_PKT_LEN

◆ GET_TCP_DST_PORT

◆ GET_TCP_SRC_PORT

◆ icmpv4vars

◆ icmpv6vars

◆ IP_GET_IPPROTO

◆ IP_GET_RAW_VER

◆ IPH_IS_VALID

◆ IS_TUNNEL_PKT

◆ IS_TUNNEL_PKT_VERDICTED

◆ IS_TUNNEL_ROOT_PKT

◆ LINKTYPE_ETHERNET

◆ LINKTYPE_GRE_OVER_IP

◆ LINKTYPE_IPV4

◆ LINKTYPE_LINUX_SLL

◆ LINKTYPE_NULL

◆ LINKTYPE_PPP

◆ LINKTYPE_RAW

◆ LINKTYPE_RAW2

◆ MAX_PAYLOAD_SIZE

◆ MINIMUM_MTU

◆ PACKET_ACCEPT

◆ PACKET_ALERT

◆ PACKET_ALERT_FLAG_DROP_FLOW

◆ PACKET_ALERT_FLAG_STATE_MATCH

◆ PACKET_ALERT_FLAG_STREAM_MATCH

◆ PACKET_ALERT_FLAG_TX

◆ PACKET_ALERT_MAX

◆ PACKET_ALERT_RATE_FILTER_MODIFIED

◆ PACKET_CLEAR_L4VARS

◆ PACKET_DESTRUCTOR

◆ PACKET_DROP

◆ PACKET_ENGINE_EVENT_MAX

◆ PACKET_FREE_EXTDATA

◆ PACKET_INITIALIZE

◆ PACKET_PASS

◆ PACKET_RECYCLE

◆ PACKET_REINIT

◆ PACKET_REJECT

◆ PACKET_REJECT_BOTH

◆ PACKET_REJECT_DST

◆ PACKET_RELEASE_REFS