suricata
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
decode.h File Reference
#include "suricata-common.h"
#include "threadvars.h"
#include "decode-events.h"
#include "flow-worker.h"
#include "util-napatech.h"
#include "source-nflog.h"
#include "source-nfq.h"
#include "source-ipfw.h"
#include "source-pcap.h"
#include "source-af-packet.h"
#include "source-netmap.h"
#include "source-windivert.h"
#include "action-globals.h"
#include "decode-erspan.h"
#include "decode-ethernet.h"
#include "decode-gre.h"
#include "decode-ppp.h"
#include "decode-pppoe.h"
#include "decode-sll.h"
#include "decode-ipv4.h"
#include "decode-ipv6.h"
#include "decode-icmpv4.h"
#include "decode-icmpv6.h"
#include "decode-tcp.h"
#include "decode-udp.h"
#include "decode-sctp.h"
#include "decode-raw.h"
#include "decode-null.h"
#include "decode-vlan.h"
#include "decode-vxlan.h"
#include "decode-mpls.h"
#include "detect-reference.h"
#include "app-layer-protos.h"
Include dependency graph for decode.h:

Go to the source code of this file.

Data Structures

struct  Address_
 
struct  PacketAlert_
 
struct  PacketAlerts_
 
struct  PacketEngineEvents_
 
struct  PktVar_
 
struct  PktProfilingTmmData_
 Per TMM stats storage. More...
 
struct  PktProfilingData_
 
struct  PktProfilingDetectData_
 
struct  PktProfilingAppData_
 
struct  PktProfilingLoggerData_
 
struct  PktProfilingPrefilterEngine_
 
struct  PktProfilingPrefilterData_
 
struct  PktProfiling_
 Per pkt stats storage. More...
 
struct  Packet_
 
struct  DecodeThreadVars_
 Structure to hold thread specific data for all decode modules. More...
 
struct  CaptureStats_
 

Macros

#define COUNTERS
 
#define addr_data32   address.address_un_data32
 
#define addr_data16   address.address_un_data16
 
#define addr_data8   address.address_un_data8
 
#define addr_in6addr   address.address_un_in6
 
#define COPY_ADDRESS(a, b)
 
#define SET_IPV4_SRC_ADDR(p, a)
 
#define SET_IPV4_DST_ADDR(p, a)
 
#define CLEAR_ADDR(a)
 
#define SET_IPV6_SRC_ADDR(p, a)
 
#define SET_IPV6_DST_ADDR(p, a)
 
#define SET_TCP_SRC_PORT(pkt, prt)
 
#define SET_TCP_DST_PORT(pkt, prt)
 
#define SET_UDP_SRC_PORT(pkt, prt)
 
#define SET_UDP_DST_PORT(pkt, prt)
 
#define SET_SCTP_SRC_PORT(pkt, prt)
 
#define SET_SCTP_DST_PORT(pkt, prt)
 
#define GET_IPV4_SRC_ADDR_U32(p)   ((p)->src.addr_data32[0])
 
#define GET_IPV4_DST_ADDR_U32(p)   ((p)->dst.addr_data32[0])
 
#define GET_IPV4_SRC_ADDR_PTR(p)   ((p)->src.addr_data32)
 
#define GET_IPV4_DST_ADDR_PTR(p)   ((p)->dst.addr_data32)
 
#define GET_IPV6_SRC_IN6ADDR(p)   ((p)->src.addr_in6addr)
 
#define GET_IPV6_DST_IN6ADDR(p)   ((p)->dst.addr_in6addr)
 
#define GET_IPV6_SRC_ADDR(p)   ((p)->src.addr_data32)
 
#define GET_IPV6_DST_ADDR(p)   ((p)->dst.addr_data32)
 
#define GET_TCP_SRC_PORT(p)   ((p)->sp)
 
#define GET_TCP_DST_PORT(p)   ((p)->dp)
 
#define GET_PKT_LEN(p)   ((p)->pktlen)
 
#define GET_PKT_DATA(p)   ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt)
 
#define GET_PKT_DIRECT_DATA(p)   (uint8_t *)((p) + 1)
 
#define GET_PKT_DIRECT_MAX_SIZE(p)   (default_packet_size)
 
#define SET_PKT_LEN(p, len)
 
#define SET_PORT(v, p)   ((p) = (v))
 
#define COPY_PORT(a, b)   ((b) = (a))
 
#define CMP_ADDR(a1, a2)
 
#define CMP_PORT(p1, p2)   ((p1) == (p2))
 
#define IP_GET_RAW_VER(pkt)   ((((pkt)[0] & 0xf0) >> 4))
 
#define PKT_IS_IPV4(p)   (((p)->ip4h != NULL))
 
#define PKT_IS_IPV6(p)   (((p)->ip6h != NULL))
 
#define PKT_IS_TCP(p)   (((p)->tcph != NULL))
 
#define PKT_IS_UDP(p)   (((p)->udph != NULL))
 
#define PKT_IS_ICMPV4(p)   (((p)->icmpv4h != NULL))
 
#define PKT_IS_ICMPV6(p)   (((p)->icmpv6h != NULL))
 
#define PKT_IS_TOSERVER(p)   (((p)->flowflags & FLOW_PKT_TOSERVER))
 
#define PKT_IS_TOCLIENT(p)   (((p)->flowflags & FLOW_PKT_TOCLIENT))
 
#define IPH_IS_VALID(p)   (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p)))
 
#define IP_GET_IPPROTO(p)
 
#define PACKET_ALERT_FLAG_DROP_FLOW   0x01
 
#define PACKET_ALERT_FLAG_STATE_MATCH   0x02
 
#define PACKET_ALERT_FLAG_STREAM_MATCH   0x04
 
#define PACKET_ALERT_FLAG_TX   0x08
 
#define PACKET_ALERT_RATE_FILTER_MODIFIED   0x10
 
#define PACKET_ALERT_MAX   15
 
#define PACKET_ENGINE_EVENT_MAX   15
 
#define tcpvars   l4vars.tcpvars
 
#define icmpv4vars   l4vars.icmpv4vars
 
#define icmpv6vars   l4vars.icmpv6vars
 
#define DEFAULT_MTU   1500
 
#define MINIMUM_MTU   68
 
#define DEFAULT_PACKET_SIZE   (DEFAULT_MTU + ETHERNET_HEADER_LEN)
 
#define MAX_PAYLOAD_SIZE   (IPV6_HEADER_LEN + 65536 + 28)
 
#define SIZE_OF_PACKET   (default_packet_size + sizeof(Packet))
 
#define PACKET_CLEAR_L4VARS(p)
 
#define PACKET_RESET_CHECKSUMS(p)
 reset these to -1(indicates that the packet is fresh from the queue) More...
 
#define PACKET_FREE_EXTDATA(p)
 
#define PACKET_INITIALIZE(p)
 Initialize a packet structure for use. More...
 
#define PACKET_RELEASE_REFS(p)
 
#define PACKET_REINIT(p)
 Recycle a packet structure for reuse. More...
 
#define PACKET_RECYCLE(p)
 
#define PACKET_DESTRUCTOR(p)
 Cleanup a packet so that we can free it. No memset needed.. More...
 
#define PACKET_SET_ACTION(p, a)
 
#define PACKET_ALERT(p)   PACKET_SET_ACTION(p, ACTION_ALERT)
 
#define PACKET_ACCEPT(p)   PACKET_SET_ACTION(p, ACTION_ACCEPT)
 
#define PACKET_DROP(p)   PACKET_SET_ACTION(p, ACTION_DROP)
 
#define PACKET_REJECT(p)   PACKET_SET_ACTION(p, (ACTION_REJECT|ACTION_DROP))
 
#define PACKET_REJECT_DST(p)   PACKET_SET_ACTION(p, (ACTION_REJECT_DST|ACTION_DROP))
 
#define PACKET_REJECT_BOTH(p)   PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH|ACTION_DROP))
 
#define PACKET_PASS(p)   PACKET_SET_ACTION(p, ACTION_PASS)
 
#define PACKET_TEST_ACTION(p, a)
 
#define PACKET_UPDATE_ACTION(p, a)
 
#define TUNNEL_INCR_PKT_RTV_NOLOCK(p)
 
#define TUNNEL_INCR_PKT_TPR(p)
 
#define TUNNEL_PKT_RTV(p)   ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)
 
#define TUNNEL_PKT_TPR(p)   ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)
 
#define IS_TUNNEL_PKT(p)   (((p)->flags & PKT_TUNNEL))
 
#define SET_TUNNEL_PKT(p)   ((p)->flags |= PKT_TUNNEL)
 
#define UNSET_TUNNEL_PKT(p)   ((p)->flags &= ~PKT_TUNNEL)
 
#define IS_TUNNEL_ROOT_PKT(p)   (IS_TUNNEL_PKT(p) && (p)->root == NULL)
 
#define IS_TUNNEL_PKT_VERDICTED(p)   (((p)->flags & PKT_TUNNEL_VERDICTED))
 
#define SET_TUNNEL_PKT_VERDICTED(p)   ((p)->flags |= PKT_TUNNEL_VERDICTED)
 
#define DecodeSetNoPayloadInspectionFlag(p)
 Set the No payload inspection Flag for the packet. More...
 
#define DecodeUnsetNoPayloadInspectionFlag(p)
 
#define DecodeSetNoPacketInspectionFlag(p)
 Set the No packet inspection Flag for the packet. More...
 
#define DecodeUnsetNoPacketInspectionFlag(p)
 
#define ENGINE_SET_EVENT(p, e)
 
#define ENGINE_SET_INVALID_EVENT(p, e)
 
#define ENGINE_ISSET_EVENT(p, e)
 
#define LINKTYPE_NULL   DLT_NULL
 
#define LINKTYPE_ETHERNET   DLT_EN10MB
 
#define LINKTYPE_LINUX_SLL   113
 
#define LINKTYPE_PPP   9
 
#define LINKTYPE_RAW   DLT_RAW
 
#define LINKTYPE_RAW2   101
 
#define LINKTYPE_IPV4   228
 
#define LINKTYPE_GRE_OVER_IP   778
 
#define PPP_OVER_GRE   11
 
#define VLAN_OVER_GRE   13
 
#define PKT_NOPACKET_INSPECTION   (1)
 
#define PKT_NOPAYLOAD_INSPECTION   (1<<2)
 
#define PKT_ALLOC   (1<<3)
 
#define PKT_HAS_TAG   (1<<4)
 
#define PKT_STREAM_ADD   (1<<5)
 
#define PKT_STREAM_EST   (1<<6)
 
#define PKT_STREAM_EOF   (1<<7)
 
#define PKT_HAS_FLOW   (1<<8)
 
#define PKT_PSEUDO_STREAM_END   (1<<9)
 
#define PKT_STREAM_MODIFIED   (1<<10)
 
#define PKT_MARK_MODIFIED   (1<<11)
 
#define PKT_STREAM_NOPCAPLOG   (1<<12)
 
#define PKT_TUNNEL   (1<<13)
 
#define PKT_TUNNEL_VERDICTED   (1<<14)
 
#define PKT_IGNORE_CHECKSUM   (1<<15)
 
#define PKT_ZERO_COPY   (1<<16)
 
#define PKT_HOST_SRC_LOOKED_UP   (1<<17)
 
#define PKT_HOST_DST_LOOKED_UP   (1<<18)
 
#define PKT_IS_FRAGMENT   (1<<19)
 
#define PKT_IS_INVALID   (1<<20)
 
#define PKT_PROFILE   (1<<21)
 
#define PKT_WANTS_FLOW   (1<<22)
 
#define PKT_PROTO_DETECT_TS_DONE   (1<<23)
 
#define PKT_PROTO_DETECT_TC_DONE   (1<<24)
 
#define PKT_REBUILT_FRAGMENT   (1<<25)
 
#define PKT_DETECT_HAS_STREAMDATA   (1<<26)
 
#define PKT_PSEUDO_DETECTLOG_FLUSH   (1<<27)
 
#define PKT_STREAM_NO_EVENTS   (1<<28)
 
#define PKT_IS_PSEUDOPKT(p)   ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH))
 return 1 if the packet is a pseudo packet More...
 
#define PKT_SET_SRC(p, src_val)   ((p)->pkt_src = src_val)
 

Typedefs

typedef struct AppLayerThreadCtx_ AppLayerThreadCtx
 
typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents
 
typedef struct Address_ Address
 
typedef uint16_t Port
 
typedef struct PacketAlert_ PacketAlert
 
typedef struct PacketAlerts_ PacketAlerts
 
typedef struct PacketEngineEvents_ PacketEngineEvents
 
typedef struct PktVar_ PktVar
 
typedef struct PktProfilingTmmData_ PktProfilingTmmData
 Per TMM stats storage. More...
 
typedef struct PktProfilingData_ PktProfilingData
 
typedef struct PktProfilingDetectData_ PktProfilingDetectData
 
typedef struct PktProfilingAppData_ PktProfilingAppData
 
typedef struct PktProfilingLoggerData_ PktProfilingLoggerData
 
typedef struct PktProfilingPrefilterEngine_ PktProfilingPrefilterEngine
 
typedef struct PktProfilingPrefilterData_ PktProfilingPrefilterData
 
typedef struct PktProfiling_ PktProfiling
 Per pkt stats storage. More...
 
typedef struct Packet_ Packet
 
typedef struct DecodeThreadVars_ DecodeThreadVars
 Structure to hold thread specific data for all decode modules. More...
 
typedef struct CaptureStats_ CaptureStats
 
typedef int(* DecoderFunc) (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
 

Enumerations

enum  ChecksumValidationMode {
  CHECKSUM_VALIDATION_DISABLE, CHECKSUM_VALIDATION_ENABLE, CHECKSUM_VALIDATION_AUTO, CHECKSUM_VALIDATION_RXONLY,
  CHECKSUM_VALIDATION_KERNEL
}
 
enum  PktSrcEnum {
  PKT_SRC_WIRE = 1, PKT_SRC_DECODER_GRE, PKT_SRC_DECODER_IPV4, PKT_SRC_DECODER_IPV6,
  PKT_SRC_DECODER_TEREDO, PKT_SRC_DEFRAG, PKT_SRC_FFR, PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH,
  PKT_SRC_DECODER_VXLAN, PKT_SRC_DETECT_RELOAD_FLUSH, PKT_SRC_CAPTURE_TIMEOUT
}
 
enum  DecodeTunnelProto {
  DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_ERSPANII, DECODE_TUNNEL_ERSPANI, DECODE_TUNNEL_VLAN,
  DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_IPV6_TEREDO, DECODE_TUNNEL_PPP
}
 

Functions

void AppLayerDecoderEventsResetEvents (AppLayerDecoderEvents *events)
 
void AppLayerDecoderEventsFreeEvents (AppLayerDecoderEvents **events)
 
void CaptureStatsUpdate (ThreadVars *tv, CaptureStats *s, const Packet *p)
 
void CaptureStatsSetup (ThreadVars *tv, CaptureStats *s)
 
PacketPacketTunnelPktSetup (ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent, const uint8_t *pkt, uint32_t len, enum DecodeTunnelProto proto)
 Setup a pseudo packet (tunnel) More...
 
PacketPacketDefragPktSetup (Packet *parent, const uint8_t *pkt, uint32_t len, uint8_t proto)
 Setup a pseudo packet (reassembled frags) More...
 
void PacketDefragPktSetupParent (Packet *parent)
 inform defrag "parent" that a pseudo packet is now associated to it. More...
 
void DecodeRegisterPerfCounters (DecodeThreadVars *, ThreadVars *)
 
PacketPacketGetFromQueueOrAlloc (void)
 Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packet that is free'd again after processing. More...
 
PacketPacketGetFromAlloc (void)
 Get a malloced packet. More...
 
void PacketDecodeFinalize (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
 Finalize decoding of a packet. More...
 
void PacketUpdateEngineEventCounters (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
 
void PacketFree (Packet *p)
 Return a malloced packet. More...
 
void PacketFreeOrRelease (Packet *p)
 Return a packet to where it was allocated. More...
 
int PacketCallocExtPkt (Packet *p, int datalen)
 
int PacketCopyData (Packet *p, const uint8_t *pktdata, uint32_t pktlen)
 Copy data to Packet payload and set packet length. More...
 
int PacketSetData (Packet *p, const uint8_t *pktdata, uint32_t pktlen)
 Set data for Packet and set length when zero copy is used. More...
 
int PacketCopyDataOffset (Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen)
 Copy data to Packet payload at given offset. More...
 
const char * PktSrcToString (enum PktSrcEnum pkt_src)
 
void PacketBypassCallback (Packet *p)
 
void PacketSwap (Packet *p)
 switch direction of a packet More...
 
DecodeThreadVarsDecodeThreadVarsAlloc (ThreadVars *)
 Alloc and setup DecodeThreadVars. More...
 
void DecodeThreadVarsFree (ThreadVars *, DecodeThreadVars *)
 
void DecodeUpdatePacketCounters (ThreadVars *tv, const DecodeThreadVars *dtv, const Packet *p)
 
int DecodeEthernet (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeSll (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodePPP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodePPPOESession (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Main decoding function for PPPOE Session packets. More...
 
int DecodePPPOEDiscovery (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Main decoding function for PPPOE Discovery packets. More...
 
int DecodeTunnel (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, enum DecodeTunnelProto) __attribute__((warn_unused_result))
 
int DecodeNull (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeRaw (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeIPV4 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t)
 
int DecodeIPV6 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t)
 
int DecodeICMPV4 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Main ICMPv4 decoding function. More...
 
int DecodeICMPV6 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Decode ICMPV6 packets and fill the Packet with the decoded info. More...
 
int DecodeTCP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t)
 
int DecodeUDP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t)
 
int DecodeSCTP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t)
 
int DecodeGRE (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Function to decode GRE packets. More...
 
int DecodeVLAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeVXLAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeMPLS (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeERSPAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 ERSPAN Type II. More...
 
int DecodeERSPANTypeI (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Functions to decode ERSPAN Type I and II packets. More...
 
int DecodeTEMPLATE (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Function to decode TEMPLATE packets. More...
 
void DecodeIPV6FragHeader (Packet *p, const uint8_t *pkt, uint16_t hdrextlen, uint16_t plen, uint16_t prev_hdrextlen)
 
void AddressDebugPrint (Address *)
 Debug print function for printing addresses. More...
 
void DecodeGlobalConfig (void)
 
void DecodeUnregisterCounters (void)
 

Variables

int g_default_mtu
 
uint32_t default_packet_size
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file decode.h.

Macro Definition Documentation

◆ addr_data16

#define addr_data16   address.address_un_data16

Definition at line 122 of file decode.h.

◆ addr_data32

#define addr_data32   address.address_un_data32

Definition at line 121 of file decode.h.

◆ addr_data8

#define addr_data8   address.address_un_data8

Definition at line 123 of file decode.h.

◆ addr_in6addr

#define addr_in6addr   address.address_un_in6

Definition at line 124 of file decode.h.

◆ CLEAR_ADDR

#define CLEAR_ADDR (   a)
Value:
do { \
(a)->family = 0; \
(a)->addr_data32[0] = 0; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
} while (0)

Definition at line 156 of file decode.h.

◆ CMP_ADDR

#define CMP_ADDR (   a1,
  a2 
)
Value:
(((a1)->addr_data32[3] == (a2)->addr_data32[3] && \
(a1)->addr_data32[2] == (a2)->addr_data32[2] && \
(a1)->addr_data32[1] == (a2)->addr_data32[1] && \
(a1)->addr_data32[0] == (a2)->addr_data32[0]))

Definition at line 240 of file decode.h.

◆ CMP_PORT

#define CMP_PORT (   p1,
  p2 
)    ((p1) == (p2))

Definition at line 245 of file decode.h.

◆ COPY_ADDRESS

#define COPY_ADDRESS (   a,
 
)
Value:
do { \
(b)->family = (a)->family; \
(b)->addr_data32[0] = (a)->addr_data32[0]; \
(b)->addr_data32[1] = (a)->addr_data32[1]; \
(b)->addr_data32[2] = (a)->addr_data32[2]; \
(b)->addr_data32[3] = (a)->addr_data32[3]; \
} while (0)

Definition at line 126 of file decode.h.

◆ COPY_PORT

#define COPY_PORT (   a,
 
)    ((b) = (a))

Definition at line 238 of file decode.h.

◆ COUNTERS

#define COUNTERS

Definition at line 28 of file decode.h.

◆ DecodeSetNoPacketInspectionFlag

#define DecodeSetNoPacketInspectionFlag (   p)
Value:
do { \
(p)->flags |= PKT_NOPACKET_INSPECTION; \
} while (0)

Set the No packet inspection Flag for the packet.

Parameters
pPacket to set the flag in

Definition at line 976 of file decode.h.

◆ DecodeSetNoPayloadInspectionFlag

#define DecodeSetNoPayloadInspectionFlag (   p)
Value:
do { \
(p)->flags |= PKT_NOPAYLOAD_INSPECTION; \
} while (0)

Set the No payload inspection Flag for the packet.

Parameters
pPacket to set the flag in

Definition at line 964 of file decode.h.

◆ DecodeUnsetNoPacketInspectionFlag

#define DecodeUnsetNoPacketInspectionFlag (   p)
Value:
do { \
(p)->flags &= ~PKT_NOPACKET_INSPECTION; \
} while (0)

Definition at line 979 of file decode.h.

◆ DecodeUnsetNoPayloadInspectionFlag

#define DecodeUnsetNoPayloadInspectionFlag (   p)
Value:
do { \
(p)->flags &= ~PKT_NOPAYLOAD_INSPECTION; \
} while (0)

Definition at line 968 of file decode.h.

◆ DEFAULT_MTU

#define DEFAULT_MTU   1500

Definition at line 612 of file decode.h.

◆ DEFAULT_PACKET_SIZE

#define DEFAULT_PACKET_SIZE   (DEFAULT_MTU + ETHERNET_HEADER_LEN)

Definition at line 615 of file decode.h.

◆ ENGINE_ISSET_EVENT

#define ENGINE_ISSET_EVENT (   p,
 
)
Value:
({ \
int r = 0; \
uint8_t u; \
for (u = 0; u < (p)->events.cnt; u++) { \
if ((p)->events.events[u] == (e)) { \
r = 1; \
break; \
} \
} \
r; \
})

Definition at line 999 of file decode.h.

◆ ENGINE_SET_EVENT

#define ENGINE_SET_EVENT (   p,
 
)
Value:
do { \
SCLogDebug("p %p event %d", (p), e); \
if ((p)->events.cnt < PACKET_ENGINE_EVENT_MAX) { \
(p)->events.events[(p)->events.cnt] = e; \
(p)->events.cnt++; \
} \
} while(0)

Definition at line 984 of file decode.h.

◆ ENGINE_SET_INVALID_EVENT

#define ENGINE_SET_INVALID_EVENT (   p,
 
)
Value:
do { \
p->flags |= PKT_IS_INVALID; \
ENGINE_SET_EVENT(p, e); \
} while(0)

Definition at line 992 of file decode.h.

◆ GET_IPV4_DST_ADDR_PTR

#define GET_IPV4_DST_ADDR_PTR (   p)    ((p)->dst.addr_data32)

Definition at line 216 of file decode.h.

◆ GET_IPV4_DST_ADDR_U32

#define GET_IPV4_DST_ADDR_U32 (   p)    ((p)->dst.addr_data32[0])

Definition at line 214 of file decode.h.

◆ GET_IPV4_SRC_ADDR_PTR

#define GET_IPV4_SRC_ADDR_PTR (   p)    ((p)->src.addr_data32)

Definition at line 215 of file decode.h.

◆ GET_IPV4_SRC_ADDR_U32

#define GET_IPV4_SRC_ADDR_U32 (   p)    ((p)->src.addr_data32[0])

Definition at line 213 of file decode.h.

◆ GET_IPV6_DST_ADDR

#define GET_IPV6_DST_ADDR (   p)    ((p)->dst.addr_data32)

Definition at line 221 of file decode.h.

◆ GET_IPV6_DST_IN6ADDR

#define GET_IPV6_DST_IN6ADDR (   p)    ((p)->dst.addr_in6addr)

Definition at line 219 of file decode.h.

◆ GET_IPV6_SRC_ADDR

#define GET_IPV6_SRC_ADDR (   p)    ((p)->src.addr_data32)

Definition at line 220 of file decode.h.

◆ GET_IPV6_SRC_IN6ADDR

#define GET_IPV6_SRC_IN6ADDR (   p)    ((p)->src.addr_in6addr)

Definition at line 218 of file decode.h.

◆ GET_PKT_DATA

#define GET_PKT_DATA (   p)    ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt)

Definition at line 226 of file decode.h.

◆ GET_PKT_DIRECT_DATA

#define GET_PKT_DIRECT_DATA (   p)    (uint8_t *)((p) + 1)

Definition at line 227 of file decode.h.

◆ GET_PKT_DIRECT_MAX_SIZE

#define GET_PKT_DIRECT_MAX_SIZE (   p)    (default_packet_size)

Definition at line 228 of file decode.h.

◆ GET_PKT_LEN

#define GET_PKT_LEN (   p)    ((p)->pktlen)

Definition at line 225 of file decode.h.

◆ GET_TCP_DST_PORT

#define GET_TCP_DST_PORT (   p)    ((p)->dp)

Definition at line 223 of file decode.h.

◆ GET_TCP_SRC_PORT

#define GET_TCP_SRC_PORT (   p)    ((p)->sp)

Definition at line 222 of file decode.h.

◆ icmpv4vars

#define icmpv4vars   l4vars.icmpv4vars

Definition at line 520 of file decode.h.

◆ icmpv6vars

#define icmpv6vars   l4vars.icmpv6vars

Definition at line 521 of file decode.h.

◆ IP_GET_IPPROTO

#define IP_GET_IPPROTO (   p)
Value:
(p->proto ? p->proto : \
(PKT_IS_IPV4((p))? IPV4_GET_IPPROTO((p)) : (PKT_IS_IPV6((p))? IPV6_GET_L4PROTO((p)) : 0)))

Definition at line 264 of file decode.h.

◆ IP_GET_RAW_VER

#define IP_GET_RAW_VER (   pkt)    ((((pkt)[0] & 0xf0) >> 4))

Definition at line 250 of file decode.h.

◆ IPH_IS_VALID

#define IPH_IS_VALID (   p)    (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p)))

Definition at line 261 of file decode.h.

◆ IS_TUNNEL_PKT

#define IS_TUNNEL_PKT (   p)    (((p)->flags & PKT_TUNNEL))

Definition at line 871 of file decode.h.

◆ IS_TUNNEL_PKT_VERDICTED

#define IS_TUNNEL_PKT_VERDICTED (   p)    (((p)->flags & PKT_TUNNEL_VERDICTED))

Definition at line 876 of file decode.h.

◆ IS_TUNNEL_ROOT_PKT

#define IS_TUNNEL_ROOT_PKT (   p)    (IS_TUNNEL_PKT(p) && (p)->root == NULL)

Definition at line 874 of file decode.h.

◆ LINKTYPE_ETHERNET

#define LINKTYPE_ETHERNET   DLT_EN10MB

Definition at line 1065 of file decode.h.

◆ LINKTYPE_GRE_OVER_IP

#define LINKTYPE_GRE_OVER_IP   778

Definition at line 1073 of file decode.h.

◆ LINKTYPE_IPV4

#define LINKTYPE_IPV4   228

Definition at line 1072 of file decode.h.

◆ LINKTYPE_LINUX_SLL

#define LINKTYPE_LINUX_SLL   113

Definition at line 1066 of file decode.h.

◆ LINKTYPE_NULL

#define LINKTYPE_NULL   DLT_NULL

libpcap shows us the way to linktype codes

Todo:
we need more & maybe put them in a separate file?

Definition at line 1064 of file decode.h.

◆ LINKTYPE_PPP

#define LINKTYPE_PPP   9

Definition at line 1067 of file decode.h.

◆ LINKTYPE_RAW

#define LINKTYPE_RAW   DLT_RAW

Definition at line 1068 of file decode.h.

◆ LINKTYPE_RAW2

#define LINKTYPE_RAW2   101

Definition at line 1071 of file decode.h.

◆ MAX_PAYLOAD_SIZE

#define MAX_PAYLOAD_SIZE   (IPV6_HEADER_LEN + 65536 + 28)

Definition at line 617 of file decode.h.

◆ MINIMUM_MTU

#define MINIMUM_MTU   68

ipv4 minimum: rfc791

Definition at line 613 of file decode.h.

◆ PACKET_ACCEPT

#define PACKET_ACCEPT (   p)    PACKET_SET_ACTION(p, ACTION_ACCEPT)

Definition at line 835 of file decode.h.

◆ PACKET_ALERT

#define PACKET_ALERT (   p)    PACKET_SET_ACTION(p, ACTION_ALERT)

Definition at line 833 of file decode.h.

◆ PACKET_ALERT_FLAG_DROP_FLOW

#define PACKET_ALERT_FLAG_DROP_FLOW   0x01

After processing an alert by the thresholding module, if at last it gets triggered, we might want to stick the drop action to the flow on IPS mode

Definition at line 281 of file decode.h.

◆ PACKET_ALERT_FLAG_STATE_MATCH

#define PACKET_ALERT_FLAG_STATE_MATCH   0x02

alert was generated based on state

Definition at line 283 of file decode.h.

◆ PACKET_ALERT_FLAG_STREAM_MATCH

#define PACKET_ALERT_FLAG_STREAM_MATCH   0x04

alert was generated based on stream

Definition at line 285 of file decode.h.

◆ PACKET_ALERT_FLAG_TX

#define PACKET_ALERT_FLAG_TX   0x08

alert is in a tx, tx_id set

Definition at line 287 of file decode.h.

◆ PACKET_ALERT_MAX

#define PACKET_ALERT_MAX   15

Definition at line 291 of file decode.h.

◆ PACKET_ALERT_RATE_FILTER_MODIFIED

#define PACKET_ALERT_RATE_FILTER_MODIFIED   0x10

action was changed by rate_filter

Definition at line 289 of file decode.h.

◆ PACKET_CLEAR_L4VARS

#define PACKET_CLEAR_L4VARS (   p)
Value:
do { \
memset(&(p)->l4vars, 0x00, sizeof((p)->l4vars)); \
} while (0)

Definition at line 696 of file decode.h.

◆ PACKET_DESTRUCTOR

#define PACKET_DESTRUCTOR (   p)
Value:
do { \
if ((p)->pktvar != NULL) { \
PktVarFree((p)->pktvar); \
} \
PACKET_FREE_EXTDATA((p)); \
SCMutexDestroy(&(p)->tunnel_mutex); \
AppLayerDecoderEventsFreeEvents(&(p)->app_layer_events); \
PACKET_PROFILING_RESET((p)); \
} while (0)

Cleanup a packet so that we can free it. No memset needed..

Definition at line 812 of file decode.h.

◆ PACKET_DROP

#define PACKET_DROP (   p)    PACKET_SET_ACTION(p, ACTION_DROP)

Definition at line 837 of file decode.h.

◆ PACKET_ENGINE_EVENT_MAX

#define PACKET_ENGINE_EVENT_MAX   15

number of decoder events we support per packet. Power of 2 minus 1 for memory layout

Definition at line 303 of file decode.h.

◆ PACKET_FREE_EXTDATA

#define PACKET_FREE_EXTDATA (   p)
Value:
do { \
if ((p)->ext_pkt) { \
if (!((p)->flags & PKT_ZERO_COPY)) { \
SCFree((p)->ext_pkt); \
} \
(p)->ext_pkt = NULL; \
} \
} while(0)

Definition at line 709 of file decode.h.

◆ PACKET_INITIALIZE

#define PACKET_INITIALIZE (   p)
Value:
{ \
SCMutexInit(&(p)->tunnel_mutex, NULL); \
PACKET_RESET_CHECKSUMS((p)); \
(p)->livedev = NULL; \
}

Initialize a packet structure for use.

Definition at line 721 of file decode.h.

◆ PACKET_PASS

#define PACKET_PASS (   p)    PACKET_SET_ACTION(p, ACTION_PASS)

Definition at line 845 of file decode.h.

◆ PACKET_RECYCLE

#define PACKET_RECYCLE (   p)
Value:
do { \
PACKET_RELEASE_REFS((p)); \
PACKET_REINIT((p)); \
} while (0)

Definition at line 804 of file decode.h.

◆ PACKET_REINIT

#define PACKET_REINIT (   p)

Recycle a packet structure for reuse.

Definition at line 736 of file decode.h.

◆ PACKET_REJECT

#define PACKET_REJECT (   p)    PACKET_SET_ACTION(p, (ACTION_REJECT|ACTION_DROP))

Definition at line 839 of file decode.h.

◆ PACKET_REJECT_BOTH

#define PACKET_REJECT_BOTH (   p)    PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH|ACTION_DROP))

Definition at line 843 of file decode.h.

◆ PACKET_REJECT_DST

#define PACKET_REJECT_DST (   p)    PACKET_SET_ACTION(p, (ACTION_REJECT_DST|ACTION_DROP))

Definition at line 841 of file decode.h.

◆ PACKET_RELEASE_REFS

#define PACKET_RELEASE_REFS (   p)
Value:
do { \
FlowDeReference(&((p)->flow)); \
HostDeReference(&((p)->host_src)); \
HostDeReference(&((p)->host_dst)); \
} while (0)

Definition at line 727 of file decode.h.

◆ PACKET_RESET_CHECKSUMS

#define PACKET_RESET_CHECKSUMS (   p)
Value:
do { \
(p)->level3_comp_csum = -1; \
(p)->level4_comp_csum = -1; \
} while (0)

reset these to -1(indicates that the packet is fresh from the queue)

Definition at line 703 of file decode.h.

◆ PACKET_SET_ACTION

#define PACKET_SET_ACTION (   p,
 
)
Value:
do { \
((p)->root ? \
((p)->root->action = a) : \
((p)->action = a)); \
} while (0)

Definition at line 827 of file decode.h.

◆ PACKET_TEST_ACTION

#define PACKET_TEST_ACTION (   p,
 
)
Value:
((p)->root ? \
((p)->root->action & a) : \
((p)->action & a))

Definition at line 847 of file decode.h.

◆ PACKET_UPDATE_ACTION

#define PACKET_UPDATE_ACTION (   p,
 
)
Value:
do { \
((p)->root ? \
((p)->root->action |= a) : \
((p)->action |= a)); \
} while (0)

Definition at line 852 of file decode.h.

◆ PKT_ALLOC

#define PKT_ALLOC   (1<<3)

Packet was alloc'd this run, needs to be freed

Definition at line 1080 of file decode.h.

◆ PKT_DETECT_HAS_STREAMDATA

#define PKT_DETECT_HAS_STREAMDATA   (1<<26)

Set by Detect() if raw stream data is available.

Definition at line 1114 of file decode.h.

◆ PKT_HAS_FLOW

#define PKT_HAS_FLOW   (1<<8)

Definition at line 1085 of file decode.h.

◆ PKT_HAS_TAG

#define PKT_HAS_TAG   (1<<4)

Packet has matched a tag

Definition at line 1081 of file decode.h.

◆ PKT_HOST_DST_LOOKED_UP

#define PKT_HOST_DST_LOOKED_UP   (1<<18)

Definition at line 1098 of file decode.h.

◆ PKT_HOST_SRC_LOOKED_UP

#define PKT_HOST_SRC_LOOKED_UP   (1<<17)

Definition at line 1097 of file decode.h.

◆ PKT_IGNORE_CHECKSUM

#define PKT_IGNORE_CHECKSUM   (1<<15)

Packet checksum is not computed (TX packet for example)

Definition at line 1094 of file decode.h.

◆ PKT_IS_FRAGMENT

#define PKT_IS_FRAGMENT   (1<<19)

Packet is a fragment

Definition at line 1100 of file decode.h.

◆ PKT_IS_ICMPV4

#define PKT_IS_ICMPV4 (   p)    (((p)->icmpv4h != NULL))

Definition at line 256 of file decode.h.

◆ PKT_IS_ICMPV6

#define PKT_IS_ICMPV6 (   p)    (((p)->icmpv6h != NULL))

Definition at line 257 of file decode.h.

◆ PKT_IS_INVALID

#define PKT_IS_INVALID   (1<<20)

Definition at line 1101 of file decode.h.

◆ PKT_IS_IPV4

#define PKT_IS_IPV4 (   p)    (((p)->ip4h != NULL))

Definition at line 252 of file decode.h.

◆ PKT_IS_IPV6

#define PKT_IS_IPV6 (   p)    (((p)->ip6h != NULL))

Definition at line 253 of file decode.h.

◆ PKT_IS_PSEUDOPKT

#define PKT_IS_PSEUDOPKT (   p)    ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH))

return 1 if the packet is a pseudo packet

Definition at line 1123 of file decode.h.

◆ PKT_IS_TCP

#define PKT_IS_TCP (   p)    (((p)->tcph != NULL))

Definition at line 254 of file decode.h.

◆ PKT_IS_TOCLIENT

#define PKT_IS_TOCLIENT (   p)    (((p)->flowflags & FLOW_PKT_TOCLIENT))

Definition at line 259 of file decode.h.

◆ PKT_IS_TOSERVER

#define PKT_IS_TOSERVER (   p)    (((p)->flowflags & FLOW_PKT_TOSERVER))

Definition at line 258 of file decode.h.

◆ PKT_IS_UDP

#define PKT_IS_UDP (   p)    (((p)->udph != NULL))

Definition at line 255 of file decode.h.

◆ PKT_MARK_MODIFIED

#define PKT_MARK_MODIFIED   (1<<11)

Packet mark is modified

Definition at line 1088 of file decode.h.

◆ PKT_NOPACKET_INSPECTION

#define PKT_NOPACKET_INSPECTION   (1)

Flag to indicate that packet header or contents should not be inspected

Definition at line 1078 of file decode.h.

◆ PKT_NOPAYLOAD_INSPECTION

#define PKT_NOPAYLOAD_INSPECTION   (1<<2)

Flag to indicate that packet contents should not be inspected

Definition at line 1079 of file decode.h.

◆ PKT_PROFILE

#define PKT_PROFILE   (1<<21)

Definition at line 1102 of file decode.h.

◆ PKT_PROTO_DETECT_TC_DONE

#define PKT_PROTO_DETECT_TC_DONE   (1<<24)

Definition at line 1110 of file decode.h.

◆ PKT_PROTO_DETECT_TS_DONE

#define PKT_PROTO_DETECT_TS_DONE   (1<<23)

protocol detection done

Definition at line 1109 of file decode.h.

◆ PKT_PSEUDO_DETECTLOG_FLUSH

#define PKT_PSEUDO_DETECTLOG_FLUSH   (1<<27)

Detect/log flush for protocol upgrade

Definition at line 1116 of file decode.h.

◆ PKT_PSEUDO_STREAM_END

#define PKT_PSEUDO_STREAM_END   (1<<9)

Pseudo packet to end the stream

Definition at line 1086 of file decode.h.

◆ PKT_REBUILT_FRAGMENT

#define PKT_REBUILT_FRAGMENT   (1<<25)

Packet is rebuilt from fragments.

Definition at line 1112 of file decode.h.

◆ PKT_SET_SRC

#define PKT_SET_SRC (   p,
  src_val 
)    ((p)->pkt_src = src_val)

Definition at line 1126 of file decode.h.

◆ PKT_STREAM_ADD

#define PKT_STREAM_ADD   (1<<5)

Packet payload was added to reassembled stream

Definition at line 1082 of file decode.h.

◆ PKT_STREAM_EOF

#define PKT_STREAM_EOF   (1<<7)

Stream is in eof state

Definition at line 1084 of file decode.h.

◆ PKT_STREAM_EST

#define PKT_STREAM_EST   (1<<6)

Packet is part of established stream

Definition at line 1083 of file decode.h.

◆ PKT_STREAM_MODIFIED

#define PKT_STREAM_MODIFIED   (1<<10)

Packet is modified by the stream engine, we need to recalc the csum and reinject/replace

Definition at line 1087 of file decode.h.

◆ PKT_STREAM_NO_EVENTS

#define PKT_STREAM_NO_EVENTS   (1<<28)

Packet is part of stream in known bad condition (loss, wrong thread), so flag it for not setting stream events

Definition at line 1120 of file decode.h.

◆ PKT_STREAM_NOPCAPLOG

#define PKT_STREAM_NOPCAPLOG   (1<<12)

Exclude packet from pcap logging as it's part of a stream that has reassembly depth reached.

Definition at line 1089 of file decode.h.

◆ PKT_TUNNEL

#define PKT_TUNNEL   (1<<13)

Definition at line 1091 of file decode.h.

◆ PKT_TUNNEL_VERDICTED

#define PKT_TUNNEL_VERDICTED   (1<<14)

Definition at line 1092 of file decode.h.

◆ PKT_WANTS_FLOW

#define PKT_WANTS_FLOW   (1<<22)

indication by decoder that it feels the packet should be handled by flow engine: Packet::flow_hash will be set

Definition at line 1106 of file decode.h.

◆ PKT_ZERO_COPY

#define PKT_ZERO_COPY   (1<<16)

Packet comes from zero copy (ext_pkt must not be freed)

Definition at line 1095 of file decode.h.

◆ PPP_OVER_GRE

#define PPP_OVER_GRE   11

Definition at line 1074 of file decode.h.

◆ SET_IPV4_DST_ADDR

#define SET_IPV4_DST_ADDR (   p,
 
)
Value:
do { \
(a)->family = AF_INET; \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
} while (0)

Definition at line 147 of file decode.h.

◆ SET_IPV4_SRC_ADDR

#define SET_IPV4_SRC_ADDR (   p,
 
)
Value:
do { \
(a)->family = AF_INET; \
(a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
} while (0)

Definition at line 139 of file decode.h.

◆ SET_IPV6_DST_ADDR

#define SET_IPV6_DST_ADDR (   p,
 
)
Value:
do { \
(a)->family = AF_INET6; \
(a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0]; \
(a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1]; \
(a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2]; \
(a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3]; \
} while (0)

Definition at line 174 of file decode.h.

◆ SET_IPV6_SRC_ADDR

#define SET_IPV6_SRC_ADDR (   p,
 
)
Value:
do { \
(a)->family = AF_INET6; \
(a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0]; \
(a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1]; \
(a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2]; \
(a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3]; \
} while (0)

Definition at line 166 of file decode.h.

◆ SET_PKT_LEN

#define SET_PKT_LEN (   p,
  len 
)
Value:
do { \
(p)->pktlen = (len); \
} while (0)

Definition at line 230 of file decode.h.

◆ SET_PORT

#define SET_PORT (   v,
 
)    ((p) = (v))

Definition at line 237 of file decode.h.

◆ SET_SCTP_DST_PORT

#define SET_SCTP_DST_PORT (   pkt,
  prt 
)
Value:
do { \
SET_PORT(SCTP_GET_DST_PORT((pkt)), *(prt)); \
} while (0)

Definition at line 207 of file decode.h.

◆ SET_SCTP_SRC_PORT

#define SET_SCTP_SRC_PORT (   pkt,
  prt 
)
Value:
do { \
SET_PORT(SCTP_GET_SRC_PORT((pkt)), *(prt)); \
} while (0)

Definition at line 203 of file decode.h.

◆ SET_TCP_DST_PORT

#define SET_TCP_DST_PORT (   pkt,
  prt 
)
Value:
do { \
SET_PORT(TCP_GET_DST_PORT((pkt)), *(prt)); \
} while (0)

Definition at line 188 of file decode.h.

◆ SET_TCP_SRC_PORT

#define SET_TCP_SRC_PORT (   pkt,
  prt 
)
Value:
do { \
SET_PORT(TCP_GET_SRC_PORT((pkt)), *(prt)); \
} while (0)

Definition at line 184 of file decode.h.

◆ SET_TUNNEL_PKT

#define SET_TUNNEL_PKT (   p)    ((p)->flags |= PKT_TUNNEL)

Definition at line 872 of file decode.h.

◆ SET_TUNNEL_PKT_VERDICTED

#define SET_TUNNEL_PKT_VERDICTED (   p)    ((p)->flags |= PKT_TUNNEL_VERDICTED)

Definition at line 877 of file decode.h.

◆ SET_UDP_DST_PORT

#define SET_UDP_DST_PORT (   pkt,
  prt 
)
Value:
do { \
SET_PORT(UDP_GET_DST_PORT((pkt)), *(prt)); \
} while (0)

Definition at line 197 of file decode.h.

◆ SET_UDP_SRC_PORT

#define SET_UDP_SRC_PORT (   pkt,
  prt 
)
Value:
do { \
SET_PORT(UDP_GET_SRC_PORT((pkt)), *(prt)); \
} while (0)

Definition at line 194 of file decode.h.

◆ SIZE_OF_PACKET

#define SIZE_OF_PACKET   (default_packet_size + sizeof(Packet))

Definition at line 619 of file decode.h.

◆ tcpvars

#define tcpvars   l4vars.tcpvars

Definition at line 519 of file decode.h.

◆ TUNNEL_INCR_PKT_RTV_NOLOCK

#define TUNNEL_INCR_PKT_RTV_NOLOCK (   p)
Value:
do { \
((p)->root ? (p)->root->tunnel_rtv_cnt++ : (p)->tunnel_rtv_cnt++); \
} while (0)

Definition at line 858 of file decode.h.

◆ TUNNEL_INCR_PKT_TPR

#define TUNNEL_INCR_PKT_TPR (   p)
Value:
do { \
SCMutexLock((p)->root ? &(p)->root->tunnel_mutex : &(p)->tunnel_mutex); \
((p)->root ? (p)->root->tunnel_tpr_cnt++ : (p)->tunnel_tpr_cnt++); \
SCMutexUnlock((p)->root ? &(p)->root->tunnel_mutex : &(p)->tunnel_mutex); \
} while (0)

Definition at line 862 of file decode.h.

◆ TUNNEL_PKT_RTV

#define TUNNEL_PKT_RTV (   p)    ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)

Definition at line 868 of file decode.h.

◆ TUNNEL_PKT_TPR

#define TUNNEL_PKT_TPR (   p)    ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)

Definition at line 869 of file decode.h.

◆ UNSET_TUNNEL_PKT

#define UNSET_TUNNEL_PKT (   p)    ((p)->flags &= ~PKT_TUNNEL)

Definition at line 873 of file decode.h.

◆ VLAN_OVER_GRE

#define VLAN_OVER_GRE   13

Definition at line 1075 of file decode.h.

Typedef Documentation

◆ Address

typedef struct Address_ Address

◆ AppLayerDecoderEvents

typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents

Definition at line 106 of file decode.h.

◆ AppLayerThreadCtx

typedef struct AppLayerThreadCtx_ AppLayerThreadCtx

Definition at line 100 of file decode.h.

◆ CaptureStats

typedef struct CaptureStats_ CaptureStats

◆ DecoderFunc

typedef int(* DecoderFunc) (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)

Definition at line 947 of file decode.h.

◆ DecodeThreadVars

typedef struct DecodeThreadVars_ DecodeThreadVars

Structure to hold thread specific data for all decode modules.

◆ Packet

typedef struct Packet_ Packet

◆ PacketAlert

typedef struct PacketAlert_ PacketAlert

◆ PacketAlerts

typedef struct PacketAlerts_ PacketAlerts

◆ PacketEngineEvents

typedef struct PacketEngineEvents_ PacketEngineEvents

data structure to store decoder, defrag and stream events

◆ PktProfiling

typedef struct PktProfiling_ PktProfiling

Per pkt stats storage.

◆ PktProfilingAppData

typedef struct PktProfilingAppData_ PktProfilingAppData

◆ PktProfilingData

typedef struct PktProfilingData_ PktProfilingData

◆ PktProfilingDetectData

typedef struct PktProfilingDetectData_ PktProfilingDetectData

◆ PktProfilingLoggerData

typedef struct PktProfilingLoggerData_ PktProfilingLoggerData

◆ PktProfilingPrefilterData

typedef struct PktProfilingPrefilterData_ PktProfilingPrefilterData

◆ PktProfilingPrefilterEngine

typedef struct PktProfilingPrefilterEngine_ PktProfilingPrefilterEngine

◆ PktProfilingTmmData

typedef struct PktProfilingTmmData_ PktProfilingTmmData

Per TMM stats storage.

◆ PktVar

typedef struct PktVar_ PktVar

◆ Port

typedef uint16_t Port

Definition at line 236 of file decode.h.

Enumeration Type Documentation

◆ ChecksumValidationMode

enum ChecksumValidationMode
Enumerator
CHECKSUM_VALIDATION_DISABLE 
CHECKSUM_VALIDATION_ENABLE 
CHECKSUM_VALIDATION_AUTO 
CHECKSUM_VALIDATION_RXONLY 
CHECKSUM_VALIDATION_KERNEL 

Definition at line 40 of file decode.h.

◆ DecodeTunnelProto

enum DecodeTunnelProto
Enumerator
DECODE_TUNNEL_ETHERNET 
DECODE_TUNNEL_ERSPANII 
DECODE_TUNNEL_ERSPANI 
DECODE_TUNNEL_VLAN 
DECODE_TUNNEL_IPV4 
DECODE_TUNNEL_IPV6 
DECODE_TUNNEL_IPV6_TEREDO 

separate protocol for stricter error handling

DECODE_TUNNEL_PPP 

Definition at line 879 of file decode.h.

◆ PktSrcEnum

enum PktSrcEnum
Enumerator
PKT_SRC_WIRE 
PKT_SRC_DECODER_GRE 
PKT_SRC_DECODER_IPV4 
PKT_SRC_DECODER_IPV6 
PKT_SRC_DECODER_TEREDO 
PKT_SRC_DEFRAG 
PKT_SRC_FFR 
PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH 
PKT_SRC_DECODER_VXLAN 
PKT_SRC_DETECT_RELOAD_FLUSH 
PKT_SRC_CAPTURE_TIMEOUT 

Definition at line 48 of file decode.h.

Function Documentation

◆ AppLayerDecoderEventsFreeEvents()

void AppLayerDecoderEventsFreeEvents ( AppLayerDecoderEvents **  events)

Definition at line 148 of file app-layer-events.c.

References SCFree.

Referenced by AppLayerParserStateFree(), and InitGlobal().

Here is the caller graph for this function:

◆ AppLayerDecoderEventsResetEvents()

void AppLayerDecoderEventsResetEvents ( AppLayerDecoderEvents events)

Definition at line 141 of file app-layer-events.c.

References AppLayerDecoderEvents_::cnt.

◆ DecodeERSPAN()

int DecodeERSPAN ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

ERSPAN Type II.

Definition at line 60 of file decode-erspan.c.

References DecodeThreadVars_::counter_erspan, DecodeEthernet(), ENGINE_SET_EVENT, ERSPAN_HEADER_TOO_SMALL, ERSPAN_TOO_MANY_VLAN_LAYERS, ERSPAN_UNSUPPORTED_VERSION, len, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, version, Packet_::vlan_id, and Packet_::vlan_idx.

Referenced by DecodeTunnel().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeERSPANTypeI()

int DecodeERSPANTypeI ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint32_t  len 
)

Functions to decode ERSPAN Type I and II packets.

ERSPAN Type I

Definition at line 49 of file decode-erspan.c.

References DecodeThreadVars_::counter_erspan, DecodeEthernet(), len, and StatsIncr().

Referenced by DecodeTunnel().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeEthernet()

int DecodeEthernet ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 41 of file decode-ethernet.c.

References DecodeThreadVars_::counter_eth, DCE_PKT_TOO_SMALL, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), ENGINE_SET_INVALID_EVENT, ETHERNET_DCE_HEADER_LEN, ETHERNET_HEADER_LEN, ETHERNET_PKT_TOO_SMALL, ETHERNET_TYPE_8021QINQ, ETHERNET_TYPE_DCE, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_MPLS_MULTICAST, ETHERNET_TYPE_MPLS_UNICAST, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, Packet_::ethh, len, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeErfDag(), DecodeERSPAN(), DecodeERSPANTypeI(), DecodeEthernet(), DecodeMPLS(), DecodePfring(), DecodeTunnel(), NapatechDecode(), UTHBuildPacketArrayFromEth(), UTHBuildPacketFromEth(), and ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeGRE()

int DecodeGRE ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Function to decode GRE packets.

Todo:
We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.
Todo:
We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.

Definition at line 46 of file decode-gre.c.

References DecodeThreadVars_::counter_gre, ThreadVars_::decode_pq, DECODE_TUNNEL_ERSPANI, DECODE_TUNNEL_ERSPANII, DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_PPP, DECODE_TUNNEL_VLAN, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_BRIDGE, ETHERNET_TYPE_ERSPAN, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, GRE_CHKSUM_LEN, GRE_FLAG_ISSET_CHKSUM, GRE_FLAG_ISSET_KY, GRE_FLAG_ISSET_RECUR, GRE_FLAG_ISSET_ROUTE, GRE_FLAG_ISSET_SQ, GRE_FLAG_ISSET_SSR, GRE_GET_PROTO, GRE_GET_VERSION, GRE_HDR_LEN, GRE_KEY_LEN, GRE_OFFSET_LEN, GRE_PKT_TOO_SMALL, GRE_PROTO_PPP, GRE_SEQ_LEN, GRE_SRE_HDR_LEN, GRE_VERSION0_FLAGS, GRE_VERSION0_HDR_TOO_BIG, GRE_VERSION0_MALFORMED_SRE_HDR, GRE_VERSION0_RECUR, GRE_VERSION1_CHKSUM, GRE_VERSION1_FLAGS, GRE_VERSION1_HDR_TOO_BIG, GRE_VERSION1_NO_KEY, GRE_VERSION1_RECUR, GRE_VERSION1_ROUTE, GRE_VERSION1_SSR, GRE_VERSION1_WRONG_PROTOCOL, GRE_VERSION_0, GRE_VERSION_1, GRE_WRONG_VERSION, Packet_::greh, GREV1_ACK_LEN, GREV1_FLAG_ISSET_ACK, GREV1_FLAG_ISSET_FLAGS, len, PacketEnqueueNoLock(), PacketTunnelPktSetup(), PKT_SET_SRC, PKT_SRC_DECODER_GRE, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, and TM_ECODE_OK.

Here is the call graph for this function:

◆ DecodeICMPV4()

int DecodeICMPV4 ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint32_t  len 
)

Main ICMPv4 decoding function.

DecodeICMPV4

Definition at line 155 of file decode-icmpv4.c.

References DecodeThreadVars_::counter_icmpv4, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, Packet_::icmp_d, Packet_::icmp_s, ICMPV4_HEADER_LEN, ICMPV4_HEADER_PKT_OFFSET, ICMPV4_PKT_TOO_SMALL, ICMPV4_UNKNOWN_CODE, ICMPv4GetCounterpart(), Packet_::icmpv4h, Packet_::icmpv4vars, ICMPV4ExtHdr_::id, ICMPV4Vars_::id, len, Packet_::payload, Packet_::payload_len, Packet_::proto, SCLogDebug, ICMPV4ExtHdr_::seq, ICMPV4Vars_::seq, StatsIncr(), and TM_ECODE_FAILED.

Here is the call graph for this function:

◆ DecodeICMPV6()

int DecodeICMPV6 ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint32_t  len 
)

Decode ICMPV6 packets and fill the Packet with the decoded info.

Parameters
tvPointer to the thread variables
dtvPointer to the decode thread variables
pPointer to the packet we are filling
pktPointer to the raw packet buffer
lenthe len of the rest of the packet not processed yet
Return values
voidNo return value

Definition at line 188 of file decode-icmpv6.c.

References ICMPV6Hdr_::code, DecodeThreadVars_::counter_icmpv6, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_REJECTROUTE, Packet_::icmp_d, Packet_::icmp_s, ICMPV6_GET_CODE, ICMPV6_GET_TYPE, ICMPV6_HEADER_LEN, ICMPV6_PKT_TOO_SMALL, ICMPV6_UNKNOWN_CODE, ICMPv6GetCounterpart(), Packet_::icmpv6h, len, Packet_::payload, Packet_::payload_len, Packet_::proto, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, ICMPV6Hdr_::type, and unlikely.

Here is the call graph for this function:

◆ DecodeIPV4()

int DecodeIPV4 ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint16_t   
)

Definition at line 517 of file decode-ipv4.c.

References DecodeThreadVars_::counter_ipv4, len, SCLogDebug, StatsIncr(), and unlikely.

Referenced by DecodeEthernet(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeIPV6()

int DecodeIPV6 ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint16_t   
)

Definition at line 580 of file decode-ipv6.c.

References DecodeThreadVars_::counter_ipv6, and StatsIncr().

Referenced by DecodeEthernet(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeIPV6FragHeader()

void DecodeIPV6FragHeader ( Packet p,
const uint8_t *  pkt,
uint16_t  hdrextlen,
uint16_t  plen,
uint16_t  prev_hdrextlen 
)

Definition at line 100 of file decode-ipv6.c.

References FALSE, IPV6ExtHdrs_::fh_data_len, IPV6ExtHdrs_::fh_data_offset, IPV6ExtHdrs_::fh_header_offset, IPV6ExtHdrs_::fh_id, IPV6ExtHdrs_::fh_more_frags_set, IPV6ExtHdrs_::fh_nh, IPV6ExtHdrs_::fh_offset, IPV6ExtHdrs_::fh_prev_hdr_offset, GET_PKT_DATA, Packet_::ip6eh, SCLogDebug, SCNtohl, and TRUE.

◆ DecodeMPLS()

int DecodeMPLS ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 47 of file decode-mpls.c.

References DecodeThreadVars_::counter_mpls, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, len, MPLS_BAD_LABEL_IMPLICIT_NULL, MPLS_BAD_LABEL_RESERVED, MPLS_BAD_LABEL_ROUTER_ALERT, MPLS_BOTTOM, MPLS_HEADER_LEN, MPLS_HEADER_TOO_SMALL, MPLS_LABEL, MPLS_LABEL_IPV4, MPLS_LABEL_IPV6, MPLS_LABEL_NULL, MPLS_LABEL_ROUTER_ALERT, MPLS_MAX_RESERVED_LABEL, MPLS_PKT_TOO_SMALL, MPLS_PROTO_ETHERNET_PW, MPLS_PROTO_IPV4, MPLS_PROTO_IPV6, MPLS_PW_LEN, MPLS_UNKNOWN_PAYLOAD_TYPE, StatsIncr(), TM_ECODE_FAILED, and TM_ECODE_OK.

Referenced by DecodeEthernet().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeNull()

int DecodeNull ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 48 of file decode-null.c.

References DecodeThreadVars_::counter_null, DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, HDR_SIZE, len, LTNULL_PKT_TOO_SMALL, LTNULL_UNSUPPORTED_TYPE, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, type, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodePPP()

int DecodePPP ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 43 of file decode-ppp.c.

References DecodeThreadVars_::counter_ppp, DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV6_HEADER_LEN, len, likely, PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HEADER_LEN, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_PKT_TOO_SMALL, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, Packet_::ppph, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPVJU_PKT_TOO_SMALL, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeTunnel(), and ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodePPPOEDiscovery()

int DecodePPPOEDiscovery ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Main decoding function for PPPOE Discovery packets.

Definition at line 50 of file decode-pppoe.c.

References DecodeThreadVars_::counter_pppoe, ENGINE_SET_INVALID_EVENT, len, PPPOE_CODE_PADI, PPPOE_CODE_PADO, PPPOE_CODE_PADR, PPPOE_CODE_PADS, PPPOE_CODE_PADT, PPPOE_DISCOVERY_HEADER_MIN_LEN, pppoe_length, PPPOE_MALFORMED_TAGS, PPPOE_PKT_TOO_SMALL, PPPOE_WRONG_CODE, Packet_::pppoedh, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, and TM_ECODE_OK.

Referenced by DecodeEthernet(), and DecodeVLAN().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodePPPOESession()

int DecodePPPOESession ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Main decoding function for PPPOE Session packets.

Definition at line 130 of file decode-pppoe.c.

References DecodeThreadVars_::counter_pppoe, DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV6_HEADER_LEN, len, PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPOESessionHdr_::pppoe_code, PPPOESessionHdr_::pppoe_length, PPPOE_PKT_TOO_SMALL, PPPOE_SESSION_GET_TYPE, PPPOE_SESSION_GET_VERSION, PPPOE_SESSION_HEADER_LEN, Packet_::pppoesh, PPPVJU_PKT_TOO_SMALL, PPPOESessionHdr_::protocol, SCLogDebug, SCNtohs, PPPOESessionHdr_::session_id, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeEthernet(), and DecodeVLAN().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeRaw()

int DecodeRaw ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 46 of file decode-raw.c.

References DecodeThreadVars_::counter_raw, DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, IP_GET_RAW_VER, IPRAW_INVALID_IPV, IPV4_HEADER_LEN, IPV4_PKT_TOO_SMALL, len, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeSCTP()

int DecodeSCTP ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint16_t   
)

Definition at line 62 of file decode-sctp.c.

References DecodeThreadVars_::counter_sctp, StatsIncr(), and unlikely.

Here is the call graph for this function:

◆ DecodeSll()

int DecodeSll ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 39 of file decode-sll.c.

References DecodeThreadVars_::counter_sll, DecodeIPV4(), DecodeIPV6(), DecodeVLAN(), ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, len, SCLogDebug, SCNtohs, SLL_HEADER_LEN, SLL_PKT_TOO_SMALL, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeTCP()

int DecodeTCP ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint16_t   
)

Definition at line 234 of file decode-tcp.c.

References DecodeThreadVars_::counter_tcp, StatsIncr(), and unlikely.

Here is the call graph for this function:

◆ DecodeTEMPLATE()

int DecodeTEMPLATE ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint32_t  len 
)

Function to decode TEMPLATE packets.

Parameters
tvthread vars
dtvdecoder thread vars
ppacket
pktraw packet data
lenlength in bytes of pkt array
Return values
TM_ECODE_OKor TM_ECODE_FAILED on serious error

Definition at line 49 of file decode-template.c.

References DecodeUDP(), len, TM_ECODE_FAILED, and TM_ECODE_OK.

Here is the call graph for this function:

◆ DecodeUDP()

int DecodeUDP ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint16_t   
)

Definition at line 74 of file decode-udp.c.

References DecodeThreadVars_::counter_udp, StatsIncr(), and unlikely.

Referenced by DecodeTEMPLATE().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeVLAN()

int DecodeVLAN ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 62 of file decode-vlan.c.

References DecodeThreadVars_::counter_vlan, DecodeThreadVars_::counter_vlan_qinq, DecodeIPV4(), DecodeIPV6(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_8021AD, ETHERNET_TYPE_8021AH, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, GET_VLAN_CFI, GET_VLAN_ID, GET_VLAN_PRIORITY, GET_VLAN_PROTO, len, proto, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, unlikely, VLAN_HEADER_LEN, VLAN_HEADER_TOO_MANY_LAYERS, VLAN_HEADER_TOO_SMALL, Packet_::vlan_id, and Packet_::vlan_idx.

Referenced by DecodeEthernet(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeVXLAN()

int DecodeVXLAN ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint32_t  len 
)
Parameters
pktpayload data directly above UDP header
lenlength in bytes of pkt

Definition at line 119 of file decode-vxlan.c.

References unlikely.

Variable Documentation

◆ g_default_mtu

int g_default_mtu

highest mtu of the interfaces we monitor

Definition at line 223 of file suricata.c.

len
uint8_t len
Definition: app-layer-dnp3.h:4
addr_data32
#define addr_data32
Definition: decode.h:121
UDP_GET_SRC_PORT
#define UDP_GET_SRC_PORT(p)
Definition: decode-udp.h:36
PKT_IS_IPV6
#define PKT_IS_IPV6(p)
Definition: decode.h:253
PKT_ZERO_COPY
#define PKT_ZERO_COPY
Definition: decode.h:1095
TCP_GET_DST_PORT
#define TCP_GET_DST_PORT(p)
Definition: decode-tcp.h:111
IPV6_GET_L4PROTO
#define IPV6_GET_L4PROTO(p)
Definition: decode-ipv6.h:93
SCTP_GET_SRC_PORT
#define SCTP_GET_SRC_PORT(p)
Definition: decode-sctp.h:34
PKT_NOPAYLOAD_INSPECTION
#define PKT_NOPAYLOAD_INSPECTION
Definition: decode.h:1079
IPV4_GET_IPPROTO
#define IPV4_GET_IPPROTO(p)
Definition: decode-ipv4.h:148
SCTP_GET_DST_PORT
#define SCTP_GET_DST_PORT(p)
Definition: decode-sctp.h:35
TCP_GET_SRC_PORT
#define TCP_GET_SRC_PORT(p)
Definition: decode-tcp.h:110
flags
uint16_t flags
Definition: app-layer-dns-common.h:3
UDP_GET_DST_PORT
#define UDP_GET_DST_PORT(p)
Definition: decode-udp.h:37
PACKET_ENGINE_EVENT_MAX
#define PACKET_ENGINE_EVENT_MAX
Definition: decode.h:303
PKT_NOPACKET_INSPECTION
#define PKT_NOPACKET_INSPECTION
Definition: decode.h:1078
PKT_IS_IPV4
#define PKT_IS_IPV4(p)
Definition: decode.h:252
PKT_IS_INVALID
#define PKT_IS_INVALID
Definition: decode.h:1101