#include "suricata-common.h"
#include "threadvars.h"
#include "decode-events.h"
#include "flow-worker.h"
#include "util-napatech.h"
#include "source-nflog.h"
#include "source-nfq.h"
#include "source-ipfw.h"
#include "source-pcap.h"
#include "source-af-packet.h"
#include "source-mpipe.h"
#include "source-netmap.h"
#include "source-windivert.h"
#include "action-globals.h"
#include "decode-erspan.h"
#include "decode-ethernet.h"
#include "decode-gre.h"
#include "decode-ppp.h"
#include "decode-pppoe.h"
#include "decode-sll.h"
#include "decode-ipv4.h"
#include "decode-ipv6.h"
#include "decode-icmpv4.h"
#include "decode-icmpv6.h"
#include "decode-tcp.h"
#include "decode-udp.h"
#include "decode-sctp.h"
#include "decode-raw.h"
#include "decode-null.h"
#include "decode-vlan.h"
#include "decode-mpls.h"
#include "detect-reference.h"
#include "app-layer-protos.h"

Include dependency graph for decode.h:

Data Structures
struct	Address_

struct	PacketAlert_

struct	PacketAlerts_

struct	PacketEngineEvents_

struct	PktVar_

struct	PktProfilingTmmData_
	Per TMM stats storage. More...

struct	PktProfilingData_

struct	PktProfilingDetectData_

struct	PktProfilingAppData_

struct	PktProfilingLoggerData_

struct	PktProfilingPrefilterEngine_

struct	PktProfilingPrefilterData_

struct	PktProfiling_
	Per pkt stats storage. More...

struct	Packet_

struct	PacketQueue_

struct	DecodeThreadVars_
	Structure to hold thread specific data for all decode modules. More...

struct	CaptureStats_

Macros
#define	COUNTERS

#define	addr_data32 address.address_un_data32

#define	addr_data16 address.address_un_data16

#define	addr_data8 address.address_un_data8

#define	addr_in6addr address.address_un_in6

#define	COPY_ADDRESS(a, b)

#define	SET_IPV4_SRC_ADDR(p, a)

#define	SET_IPV4_DST_ADDR(p, a)

#define	CLEAR_ADDR(a)

#define	SET_IPV6_SRC_ADDR(p, a)

#define	SET_IPV6_DST_ADDR(p, a)

#define	SET_TCP_SRC_PORT(pkt, prt)

#define	SET_TCP_DST_PORT(pkt, prt)

#define	SET_UDP_SRC_PORT(pkt, prt)

#define	SET_UDP_DST_PORT(pkt, prt)

#define	SET_SCTP_SRC_PORT(pkt, prt)

#define	SET_SCTP_DST_PORT(pkt, prt)

#define	GET_IPV4_SRC_ADDR_U32(p) ((p)->src.addr_data32[0])

#define	GET_IPV4_DST_ADDR_U32(p) ((p)->dst.addr_data32[0])

#define	GET_IPV4_SRC_ADDR_PTR(p) ((p)->src.addr_data32)

#define	GET_IPV4_DST_ADDR_PTR(p) ((p)->dst.addr_data32)

#define	GET_IPV6_SRC_IN6ADDR(p) ((p)->src.addr_in6addr)

#define	GET_IPV6_DST_IN6ADDR(p) ((p)->dst.addr_in6addr)

#define	GET_IPV6_SRC_ADDR(p) ((p)->src.addr_data32)

#define	GET_IPV6_DST_ADDR(p) ((p)->dst.addr_data32)

#define	GET_TCP_SRC_PORT(p) ((p)->sp)

#define	GET_TCP_DST_PORT(p) ((p)->dp)

#define	GET_PKT_LEN(p) ((p)->pktlen)

#define	GET_PKT_DATA(p) ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt)

#define	GET_PKT_DIRECT_DATA(p) (uint8_t *)((p) + 1)

#define	GET_PKT_DIRECT_MAX_SIZE(p) (default_packet_size)

#define	SET_PKT_LEN(p, len)

#define	SET_PORT(v, p) ((p) = (v))

#define	COPY_PORT(a, b) ((b) = (a))

#define	CMP_ADDR(a1, a2)

#define	CMP_PORT(p1, p2) ((p1) == (p2))

#define	IP_GET_RAW_VER(pkt) ((((pkt)[0] & 0xf0) >> 4))

#define	PKT_IS_IPV4(p) (((p)->ip4h != NULL))

#define	PKT_IS_IPV6(p) (((p)->ip6h != NULL))

#define	PKT_IS_TCP(p) (((p)->tcph != NULL))

#define	PKT_IS_UDP(p) (((p)->udph != NULL))

#define	PKT_IS_ICMPV4(p) (((p)->icmpv4h != NULL))

#define	PKT_IS_ICMPV6(p) (((p)->icmpv6h != NULL))

#define	PKT_IS_TOSERVER(p) (((p)->flowflags & FLOW_PKT_TOSERVER))

#define	PKT_IS_TOCLIENT(p) (((p)->flowflags & FLOW_PKT_TOCLIENT))

#define	IPH_IS_VALID(p) (PKT_IS_IPV4((p)) \|\| PKT_IS_IPV6((p)))

#define	IP_GET_IPPROTO(p)

#define	PACKET_ALERT_FLAG_DROP_FLOW 0x01

#define	PACKET_ALERT_FLAG_STATE_MATCH 0x02

#define	PACKET_ALERT_FLAG_STREAM_MATCH 0x04

#define	PACKET_ALERT_FLAG_TX 0x08

#define	PACKET_ALERT_RATE_FILTER_MODIFIED 0x10

#define	PACKET_ALERT_MAX 15

#define	PACKET_ENGINE_EVENT_MAX 15

#define	tcpvars l4vars.tcpvars

#define	icmpv4vars l4vars.icmpv4vars

#define	icmpv6vars l4vars.icmpv6vars

#define	DEFAULT_MTU 1500

#define	MINIMUM_MTU 68

#define	DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN)

#define	MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28)

#define	SIZE_OF_PACKET (default_packet_size + sizeof(Packet))

#define	PACKET_CLEAR_L4VARS(p)

#define	PACKET_RESET_CHECKSUMS(p)
	reset these to -1(indicates that the packet is fresh from the queue) More...

#define	PACKET_FREE_EXTDATA(p)

#define	PACKET_INITIALIZE(p)
	Initialize a packet structure for use. More...

#define	PACKET_RELEASE_REFS(p)

#define	PACKET_REINIT(p)
	Recycle a packet structure for reuse. More...

#define	PACKET_RECYCLE(p)

#define	PACKET_DESTRUCTOR(p)
	Cleanup a packet so that we can free it. No memset needed.. More...

#define	PACKET_SET_ACTION(p, a)

#define	PACKET_ALERT(p) PACKET_SET_ACTION(p, ACTION_ALERT)

#define	PACKET_ACCEPT(p) PACKET_SET_ACTION(p, ACTION_ACCEPT)

#define	PACKET_DROP(p) PACKET_SET_ACTION(p, ACTION_DROP)

#define	PACKET_REJECT(p) PACKET_SET_ACTION(p, (ACTION_REJECT\|ACTION_DROP))

#define	PACKET_REJECT_DST(p) PACKET_SET_ACTION(p, (ACTION_REJECT_DST\|ACTION_DROP))

#define	PACKET_REJECT_BOTH(p) PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH\|ACTION_DROP))

#define	PACKET_PASS(p) PACKET_SET_ACTION(p, ACTION_PASS)

#define	PACKET_TEST_ACTION(p, a)

#define	PACKET_UPDATE_ACTION(p, a)

#define	TUNNEL_INCR_PKT_RTV_NOLOCK(p)

#define	TUNNEL_INCR_PKT_TPR(p)

#define	TUNNEL_PKT_RTV(p) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)

#define	TUNNEL_PKT_TPR(p) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)

#define	IS_TUNNEL_PKT(p) (((p)->flags & PKT_TUNNEL))

#define	SET_TUNNEL_PKT(p) ((p)->flags \|= PKT_TUNNEL)

#define	UNSET_TUNNEL_PKT(p) ((p)->flags &= ~PKT_TUNNEL)

#define	IS_TUNNEL_ROOT_PKT(p) (IS_TUNNEL_PKT(p) && (p)->root == NULL)

#define	IS_TUNNEL_PKT_VERDICTED(p) (((p)->flags & PKT_TUNNEL_VERDICTED))

#define	SET_TUNNEL_PKT_VERDICTED(p) ((p)->flags \|= PKT_TUNNEL_VERDICTED)

#define	DecodeSetNoPayloadInspectionFlag(p)
	Set the No payload inspection Flag for the packet. More...

#define	DecodeUnsetNoPayloadInspectionFlag(p)

#define	DecodeSetNoPacketInspectionFlag(p)
	Set the No packet inspection Flag for the packet. More...

#define	DecodeUnsetNoPacketInspectionFlag(p)

#define	ENGINE_SET_EVENT(p, e)

#define	ENGINE_SET_INVALID_EVENT(p, e)

#define	ENGINE_ISSET_EVENT(p, e)

#define	LINKTYPE_NULL DLT_NULL

#define	LINKTYPE_ETHERNET DLT_EN10MB

#define	LINKTYPE_LINUX_SLL 113

#define	LINKTYPE_PPP 9

#define	LINKTYPE_RAW DLT_RAW

#define	LINKTYPE_RAW2 101

#define	LINKTYPE_IPV4 228

#define	LINKTYPE_GRE_OVER_IP 778

#define	PPP_OVER_GRE 11

#define	VLAN_OVER_GRE 13

#define	PKT_NOPACKET_INSPECTION (1)

#define	PKT_NOPAYLOAD_INSPECTION (1<<2)

#define	PKT_ALLOC (1<<3)

#define	PKT_HAS_TAG (1<<4)

#define	PKT_STREAM_ADD (1<<5)

#define	PKT_STREAM_EST (1<<6)

#define	PKT_STREAM_EOF (1<<7)

#define	PKT_HAS_FLOW (1<<8)

#define	PKT_PSEUDO_STREAM_END (1<<9)

#define	PKT_STREAM_MODIFIED (1<<10)

#define	PKT_MARK_MODIFIED (1<<11)

#define	PKT_STREAM_NOPCAPLOG (1<<12)

#define	PKT_TUNNEL (1<<13)

#define	PKT_TUNNEL_VERDICTED (1<<14)

#define	PKT_IGNORE_CHECKSUM (1<<15)

#define	PKT_ZERO_COPY (1<<16)

#define	PKT_HOST_SRC_LOOKED_UP (1<<17)

#define	PKT_HOST_DST_LOOKED_UP (1<<18)

#define	PKT_IS_FRAGMENT (1<<19)

#define	PKT_IS_INVALID (1<<20)

#define	PKT_PROFILE (1<<21)

#define	PKT_WANTS_FLOW (1<<22)

#define	PKT_PROTO_DETECT_TS_DONE (1<<23)

#define	PKT_PROTO_DETECT_TC_DONE (1<<24)

#define	PKT_REBUILT_FRAGMENT (1<<25)

#define	PKT_DETECT_HAS_STREAMDATA (1<<26)

#define	PKT_PSEUDO_DETECTLOG_FLUSH (1<<27)

#define	PKT_IS_PSEUDOPKT(p) ((p)->flags & (PKT_PSEUDO_STREAM_END\|PKT_PSEUDO_DETECTLOG_FLUSH))
	return 1 if the packet is a pseudo packet More...

#define	PKT_SET_SRC(p, src_val) ((p)->pkt_src = src_val)

Typedefs
typedef struct AppLayerThreadCtx_	AppLayerThreadCtx

typedef struct AppLayerDecoderEvents_	AppLayerDecoderEvents

typedef struct Address_	Address

typedef uint16_t	Port

typedef struct PacketAlert_	PacketAlert

typedef struct PacketAlerts_	PacketAlerts

typedef struct PacketEngineEvents_	PacketEngineEvents

typedef struct PktVar_	PktVar

typedef struct PktProfilingTmmData_	PktProfilingTmmData
	Per TMM stats storage. More...

typedef struct PktProfilingData_	PktProfilingData

typedef struct PktProfilingDetectData_	PktProfilingDetectData

typedef struct PktProfilingAppData_	PktProfilingAppData

typedef struct PktProfilingLoggerData_	PktProfilingLoggerData

typedef struct PktProfilingPrefilterEngine_	PktProfilingPrefilterEngine

typedef struct PktProfilingPrefilterData_	PktProfilingPrefilterData

typedef struct PktProfiling_	PktProfiling
	Per pkt stats storage. More...

typedef struct Packet_	Packet

typedef struct PacketQueue_	PacketQueue

typedef struct DecodeThreadVars_	DecodeThreadVars
	Structure to hold thread specific data for all decode modules. More...

typedef struct CaptureStats_	CaptureStats

Functions
void	AppLayerDecoderEventsResetEvents (AppLayerDecoderEvents *events)

void	AppLayerDecoderEventsFreeEvents (AppLayerDecoderEvents **events)

void	CaptureStatsUpdate (ThreadVars tv, CaptureStats s, const Packet *p)

void	CaptureStatsSetup (ThreadVars tv, CaptureStats s)

Packet *	PacketTunnelPktSetup (ThreadVars tv, DecodeThreadVars dtv, Packet parent, uint8_t pkt, uint32_t len, enum DecodeTunnelProto proto, PacketQueue *pq)
	Setup a pseudo packet (tunnel) More...

Packet *	PacketDefragPktSetup (Packet parent, uint8_t pkt, uint32_t len, uint8_t proto)
	Setup a pseudo packet (reassembled frags) More...

void	PacketDefragPktSetupParent (Packet *parent)
	inform defrag "parent" that a pseudo packet is now assosiated to it. More...

void	DecodeRegisterPerfCounters (DecodeThreadVars , ThreadVars )

Packet *	PacketGetFromQueueOrAlloc (void)
	Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packet that is free'd again after processing. More...

Packet *	PacketGetFromAlloc (void)
	Get a malloced packet. More...

void	PacketDecodeFinalize (ThreadVars tv, DecodeThreadVars dtv, Packet *p)
	Finalize decoding of a packet. More...

void	PacketUpdateEngineEventCounters (ThreadVars tv, DecodeThreadVars dtv, Packet *p)

void	PacketFree (Packet *p)
	Return a malloced packet. More...

void	PacketFreeOrRelease (Packet *p)
	Return a packet to where it was allocated. More...

int	PacketCallocExtPkt (Packet *p, int datalen)

int	PacketCopyData (Packet p, uint8_t pktdata, uint32_t pktlen)
	Copy data to Packet payload and set packet length. More...

int	PacketSetData (Packet p, uint8_t pktdata, uint32_t pktlen)
	Set data for Packet and set length when zeo copy is used. More...

int	PacketCopyDataOffset (Packet p, uint32_t offset, uint8_t data, uint32_t datalen)
	Copy data to Packet payload at given offset. More...

const char *	PktSrcToString (enum PktSrcEnum pkt_src)

void	PacketBypassCallback (Packet *p)

DecodeThreadVars *	DecodeThreadVarsAlloc (ThreadVars *)
	Alloc and setup DecodeThreadVars. More...

void	DecodeThreadVarsFree (ThreadVars , DecodeThreadVars )

void	DecodeUpdatePacketCounters (ThreadVars tv, const DecodeThreadVars dtv, const Packet *p)

int	DecodeEthernet (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)

int	DecodeSll (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)

int	DecodePPP (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)

int	DecodePPPOESession (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)
	Main decoding function for PPPOE Session packets. More...

int	DecodePPPOEDiscovery (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)
	Main decoding function for PPPOE Discovery packets. More...

int	DecodeTunnel (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *, enum DecodeTunnelProto) __attribute__((warn_unused_result))

int	DecodeNull (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)

int	DecodeRaw (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)

int	DecodeIPV4 (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint16_t, PacketQueue *)

int	DecodeIPV6 (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint16_t, PacketQueue *)

int	DecodeICMPV4 (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)
	Main ICMPv4 decoding function. More...

int	DecodeICMPV6 (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)
	Decode ICMPV6 packets and fill the Packet with the decoded info. More...

int	DecodeTCP (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint16_t, PacketQueue *)

int	DecodeUDP (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint16_t, PacketQueue *)

int	DecodeSCTP (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint16_t, PacketQueue *)

int	DecodeGRE (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)
	Function to decode GRE packets. More...

int	DecodeVLAN (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)

int	DecodeMPLS (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)

int	DecodeERSPAN (ThreadVars , DecodeThreadVars , Packet , uint8_t , uint32_t, PacketQueue *)
	Function to decode ERSPAN packets. More...

int	DecodeTEMPLATE (ThreadVars , DecodeThreadVars , Packet , const uint8_t , uint32_t, PacketQueue *)
	Function to decode TEMPLATE packets. More...

void	DecodeIPV6FragHeader (Packet p, uint8_t pkt, uint16_t hdrextlen, uint16_t plen, uint16_t prev_hdrextlen)

void	AddressDebugPrint (Address *)
	Debug print function for printing addresses. More...

void	DecodeGlobalConfig (void)

Variables
typedef	__attribute__

int	g_default_mtu

uint32_t	default_packet_size

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file decode.h.

Macro Definition Documentation

#define addr_data16 address.address_un_data16

Definition at line 120 of file decode.h.

#define addr_data32 address.address_un_data32

Definition at line 119 of file decode.h.

#define addr_data8 address.address_un_data8

Definition at line 121 of file decode.h.

#define addr_in6addr address.address_un_in6

Definition at line 122 of file decode.h.

#define CLEAR_ADDR ( a )

Value:

do {       \
        (a)->family = 0;         \
        (a)->addr_data32[0] = 0; \
        (a)->addr_data32[1] = 0; \
        (a)->addr_data32[2] = 0; \
        (a)->addr_data32[3] = 0; \
    } while (0)

Definition at line 154 of file decode.h.

#define CMP_ADDR	(	a1,
		a2
	)

Value:

(((a1)->addr_data32[3] == (a2)->addr_data32[3] && \
      (a1)->addr_data32[2] == (a2)->addr_data32[2] && \
      (a1)->addr_data32[1] == (a2)->addr_data32[1] && \
      (a1)->addr_data32[0] == (a2)->addr_data32[0]))

Definition at line 238 of file decode.h.

Referenced by DetectSameipRegister(), FlowGetPacketDirection(), and IPPairCleanup().

#define CMP_PORT	(	p1,
		p2
	)	((p1) == (p2))

Definition at line 243 of file decode.h.

Referenced by FlowGetPacketDirection().

#define COPY_ADDRESS	(	a,
		b
	)

Value:

do {                    \
        (b)->family = (a)->family;                 \
        (b)->addr_data32[0] = (a)->addr_data32[0]; \
        (b)->addr_data32[1] = (a)->addr_data32[1]; \
        (b)->addr_data32[2] = (a)->addr_data32[2]; \
        (b)->addr_data32[3] = (a)->addr_data32[3]; \
    } while (0)

Definition at line 124 of file decode.h.

Referenced by DetectAddressCopy(), DetectAddressJoinIPv6(), HostFree(), IPPairCleanup(), and IPPairFree().

#define COPY_PORT	(	a,
		b
	)	((b) = (a))

Definition at line 236 of file decode.h.

#define COUNTERS

Definition at line 28 of file decode.h.

#define DecodeSetNoPacketInspectionFlag ( p )

Value:

do { \
        (p)->flags |= PKT_NOPACKET_INSPECTION;  \
    } while (0)

Set the No packet inspection Flag for the packet.

Parameters

p	Packet to set the flag in

Definition at line 990 of file decode.h.

Referenced by FlowHandlePacketUpdate(), StreamTcpPacket(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define DecodeSetNoPayloadInspectionFlag ( p )

Value:

do { \
        (p)->flags |= PKT_NOPAYLOAD_INSPECTION;  \
    } while (0)

Set the No payload inspection Flag for the packet.

Parameters

p	Packet to set the flag in

Definition at line 978 of file decode.h.

Referenced by FlowHandlePacketUpdate(), PacketDefragPktSetupParent(), PacketTunnelPktSetup(), StreamTcpPacket(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define DecodeUnsetNoPacketInspectionFlag ( p )

Value:

do { \
        (p)->flags &= ~PKT_NOPACKET_INSPECTION;  \
    } while (0)

Definition at line 993 of file decode.h.

#define DecodeUnsetNoPayloadInspectionFlag ( p )

Value:

do { \
        (p)->flags &= ~PKT_NOPAYLOAD_INSPECTION;  \
    } while (0)

Definition at line 982 of file decode.h.

#define DEFAULT_MTU 1500

Definition at line 621 of file decode.h.

Referenced by PostRunDeinit().

#define DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN)

Definition at line 624 of file decode.h.

Referenced by PostRunDeinit(), and RunUnittests().

#define ENGINE_ISSET_EVENT	(	p,
		e
	)

Value:

({ \
    int r = 0; \
    uint8_t u; \
    for (u = 0; u < (p)->events.cnt; u++) { \
        if ((p)->events.events[u] == (e)) { \
            r = 1; \
            break; \
        } \
    } \
    r; \
})

Definition at line 1013 of file decode.h.

Referenced by __attribute__(), DecodeGRE(), DecodeICMPV6(), DecodeIPV6(), DecodeMPLS(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DetectEngineEventRegister(), and ICMPv4GetCounterpart().

#define ENGINE_SET_EVENT	(	p,
		e
	)

Value:

do { \
    SCLogDebug("p %p event %d", (p), e); \
    if ((p)->events.cnt < PACKET_ENGINE_EVENT_MAX) { \
        (p)->events.events[(p)->events.cnt] = e; \
        (p)->events.cnt++; \
    } \
} while(0)

Definition at line 998 of file decode.h.

Referenced by DecodeERSPAN(), DecodeICMPV4(), DecodeICMPV6(), DecodeIPV6(), DecodeIPV6FragHeader(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeVLAN(), DefragRbFragCompare(), and DetectEngineEventRegister().

#define ENGINE_SET_INVALID_EVENT	(	p,
		e
	)

Value:

do { \
    p->flags |= PKT_IS_INVALID; \
    ENGINE_SET_EVENT(p, e); \
} while(0)

Definition at line 1006 of file decode.h.

Referenced by __attribute__(), DecodeEthernet(), DecodeGRE(), DecodeICMPV4(), DecodeICMPV6(), DecodeIPV4(), DecodeIPV6FragHeader(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), and DecodeVLAN().

#define GET_IPV4_DST_ADDR_PTR ( p ) ((p)->dst.addr_data32)

Definition at line 214 of file decode.h.

Referenced by AlertFastLogger(), DecodeIPV4(), DefragGetOsPolicy(), DefragPolicyGetHostTimeout(), OutputJsonRegister(), SRepCIDRGetIPRepDst(), StreamTcpSetOSPolicy(), and TLSGetIPInformations().

#define GET_IPV4_DST_ADDR_U32 ( p ) ((p)->dst.addr_data32[0])

Definition at line 212 of file decode.h.

Referenced by AFPSetBPFFilter(), DetectGeoipRegister(), and IPOnlyMatchPacket().

#define GET_IPV4_SRC_ADDR_PTR ( p ) ((p)->src.addr_data32)

Definition at line 213 of file decode.h.

Referenced by AlertFastLogger(), DecodeIPV4(), OutputJsonRegister(), SRepCIDRGetIPRepSrc(), and TLSGetIPInformations().

#define GET_IPV4_SRC_ADDR_U32 ( p ) ((p)->src.addr_data32[0])

Definition at line 211 of file decode.h.

Referenced by AFPSetBPFFilter(), DetectGeoipRegister(), and IPOnlyMatchPacket().

#define GET_IPV6_DST_ADDR ( p ) ((p)->dst.addr_data32)

Definition at line 219 of file decode.h.

Referenced by AFPSetBPFFilter(), AlertFastLogger(), DecodeIPV6(), DefragGetOsPolicy(), DefragPolicyGetHostTimeout(), IPOnlyMatchPacket(), OutputJsonRegister(), SRepCIDRGetIPRepDst(), StreamTcpSetOSPolicy(), and TLSGetIPInformations().

#define GET_IPV6_DST_IN6ADDR ( p ) ((p)->dst.addr_in6addr)

Definition at line 217 of file decode.h.

#define GET_IPV6_SRC_ADDR ( p ) ((p)->src.addr_data32)

Definition at line 218 of file decode.h.

Referenced by AFPSetBPFFilter(), AlertFastLogger(), DecodeIPV6(), IPOnlyMatchPacket(), OutputJsonRegister(), SRepCIDRGetIPRepSrc(), and TLSGetIPInformations().

#define GET_IPV6_SRC_IN6ADDR ( p ) ((p)->src.addr_in6addr)

Definition at line 216 of file decode.h.

#define GET_PKT_DATA ( p ) ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt)

#define GET_PKT_DIRECT_DATA ( p ) (uint8_t *)((p) + 1)

Definition at line 225 of file decode.h.

Referenced by NoWinDivertSupportExit(), PacketCopyDataOffset(), and ReceivePfringLoop().

#define GET_PKT_DIRECT_MAX_SIZE ( p ) (default_packet_size)

Definition at line 226 of file decode.h.

Referenced by NoWinDivertSupportExit(), PacketCopyDataOffset(), ReceivePfringLoop(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define GET_PKT_LEN ( p ) ((p)->pktlen)

#define GET_TCP_DST_PORT ( p ) ((p)->dp)

Definition at line 221 of file decode.h.

Referenced by AFPSetBPFFilter(), and DecodeTCP().

#define GET_TCP_SRC_PORT ( p ) ((p)->sp)

Definition at line 220 of file decode.h.

Referenced by AFPSetBPFFilter(), and DecodeTCP().

#define icmpv4vars l4vars.icmpv4vars

Definition at line 522 of file decode.h.

#define icmpv6vars l4vars.icmpv6vars

Definition at line 523 of file decode.h.

#define IP_GET_IPPROTO ( p )

Value:

(p->proto ? p->proto : \

(PKT_IS_IPV4((p))? IPV4_GET_IPPROTO((p)) : (PKT_IS_IPV6((p))? IPV6_GET_L4PROTO((p)) : 0)))

IPV4_GET_IPPROTO

#define IPV4_GET_IPPROTO(p)

Definition: decode-ipv4.h:148

PKT_IS_IPV6

#define PKT_IS_IPV6(p)

Definition: decode.h:251

PKT_IS_IPV4

#define PKT_IS_IPV4(p)

Definition: decode.h:250

IPV6_GET_L4PROTO

#define IPV6_GET_L4PROTO(p)

Definition: decode-ipv6.h:92

Definition at line 262 of file decode.h.

Referenced by AlertFastLogger(), IPOnlyMatchPacket(), OutputJsonRegister(), and SigMatchSignaturesGetSgh().

#define IP_GET_RAW_VER ( pkt ) ((((pkt)[0] & 0xf0) >> 4))

Definition at line 248 of file decode.h.

Referenced by DecodeIPV6FragHeader(), DecodeRaw(), and DecodeTeredo().

#define IPH_IS_VALID ( p ) (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p)))

Definition at line 259 of file decode.h.

#define IS_TUNNEL_PKT ( p ) (((p)->flags & PKT_TUNNEL))

Definition at line 894 of file decode.h.

Referenced by AFPSetBPFFilter(), DetectMarkDataFree(), NoWinDivertSupportExit(), SCProfilingAddPacket(), TmModuleDecodePfringRegister(), TmqhOutputPacketpool(), VerdictIPFW(), and VerdictNFQ().

#define IS_TUNNEL_PKT_VERDICTED ( p ) (((p)->flags & PKT_TUNNEL_VERDICTED))

Definition at line 899 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define IS_TUNNEL_ROOT_PKT ( p ) (IS_TUNNEL_PKT(p) && (p)->root == NULL)

Definition at line 897 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define LINKTYPE_ETHERNET DLT_EN10MB

Definition at line 1079 of file decode.h.

Referenced by DecodeAFP(), DecodeErfDag(), DecodePcap(), NapatechDecode(), NapatechPacketLoopZC(), NoNetmapSupportExit(), ReceiveAFPLoop(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), RunModeIdsAFPRegister(), TmModuleDecodePfringRegister(), and ValidateLinkType().

#define LINKTYPE_GRE_OVER_IP 778

Definition at line 1087 of file decode.h.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

#define LINKTYPE_IPV4 228

Definition at line 1086 of file decode.h.

Referenced by ValidateLinkType().

#define LINKTYPE_LINUX_SLL 113

Definition at line 1080 of file decode.h.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

#define LINKTYPE_NULL DLT_NULL

libpcap shows us the way to linktype codes

Todo:: we need more & maybe put them in a separate file?

Definition at line 1078 of file decode.h.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

#define LINKTYPE_PPP 9

Definition at line 1081 of file decode.h.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

#define LINKTYPE_RAW DLT_RAW

Definition at line 1082 of file decode.h.

Referenced by AFPGetLinkType(), DecodeAFP(), DecodePcap(), ReceiveAFPLoop(), and ValidateLinkType().

#define LINKTYPE_RAW2 101

Definition at line 1085 of file decode.h.

Referenced by ValidateLinkType().

#define MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28)

Definition at line 626 of file decode.h.

Referenced by DefragTrackerFreeFrags(), NoWinDivertSupportExit(), and PacketCopyDataOffset().

#define MINIMUM_MTU 68

ipv4 minimum: rfc791

Definition at line 622 of file decode.h.

#define PACKET_ACCEPT ( p ) PACKET_SET_ACTION(p, ACTION_ACCEPT)

Definition at line 858 of file decode.h.

#define PACKET_ALERT ( p ) PACKET_SET_ACTION(p, ACTION_ALERT)

Definition at line 856 of file decode.h.

Referenced by ThresholdIPPairTimeoutCheck().

#define PACKET_ALERT_FLAG_DROP_FLOW 0x01

After processing an alert by the thresholding module, if at last it gets triggered, we might want to stick the drop action to the flow on IPS mode

Definition at line 279 of file decode.h.

Referenced by IPOnlyMatchPacket(), PacketAlertFinalize(), and SigMatchSignaturesGetSgh().

#define PACKET_ALERT_FLAG_STATE_MATCH 0x02

alert was generated based on state

Definition at line 281 of file decode.h.

Referenced by DetectSignatureApplyActions().

#define PACKET_ALERT_FLAG_STREAM_MATCH 0x04

alert was generated based on stream

Definition at line 283 of file decode.h.

Referenced by DetectSignatureApplyActions(), and SigMatchSignaturesGetSgh().

#define PACKET_ALERT_FLAG_TX 0x08

alert is in a tx, tx_id set

Definition at line 285 of file decode.h.

#define PACKET_ALERT_MAX 15

Definition at line 289 of file decode.h.

Referenced by PacketAlertAppend().

#define PACKET_ALERT_RATE_FILTER_MODIFIED 0x10

action was changed by rate_filter

Definition at line 287 of file decode.h.

Referenced by ThresholdIPPairTimeoutCheck().

#define PACKET_CLEAR_L4VARS ( p )

Value:

do {                         \
        memset(&(p)->l4vars, 0x00, sizeof((p)->l4vars));    \
    } while (0)

Definition at line 717 of file decode.h.

#define PACKET_DESTRUCTOR ( p )

Value:

do {                  \
        if ((p)->pktvar != NULL) {              \
            PktVarFree((p)->pktvar);            \
        }                                       \
        PACKET_FREE_EXTDATA((p));               \
        SCMutexDestroy(&(p)->tunnel_mutex);     \
        AppLayerDecoderEventsFreeEvents(&(p)->app_layer_events); \
        PACKET_PROFILING_RESET((p));            \
    } while (0)

Cleanup a packet so that we can free it. No memset needed..

Definition at line 835 of file decode.h.

Referenced by PacketFree().

#define PACKET_DROP ( p ) PACKET_SET_ACTION(p, ACTION_DROP)

Definition at line 860 of file decode.h.

Referenced by SigMatchSignaturesGetSgh(), StreamTcpPacket(), and ThresholdIPPairTimeoutCheck().

#define PACKET_ENGINE_EVENT_MAX 15

number of decoder events we support per packet. Power of 2 minus 1 for memory layout

Definition at line 301 of file decode.h.

#define PACKET_FREE_EXTDATA ( p )

Value:

do {                 \
        if ((p)->ext_pkt) {                         \
            if (!((p)->flags & PKT_ZERO_COPY)) {    \
                SCFree((p)->ext_pkt);               \
            }                                       \
            (p)->ext_pkt = NULL;                    \
        }                                           \
    } while(0)

Definition at line 730 of file decode.h.

#define PACKET_INITIALIZE ( p )

Value:

{         \
    SCMutexInit(&(p)->tunnel_mutex, NULL); \
    PACKET_RESET_CHECKSUMS((p)); \
    (p)->livedev = NULL; \
}

Initialize a packet structure for use.

Definition at line 742 of file decode.h.

Referenced by PacketGetFromAlloc().

#define PACKET_PASS ( p ) PACKET_SET_ACTION(p, ACTION_PASS)

Definition at line 868 of file decode.h.

Referenced by ThresholdIPPairTimeoutCheck().

#define PACKET_RECYCLE ( p )

Value:

do { \
        PACKET_RELEASE_REFS((p)); \
        PACKET_REINIT((p)); \
    } while (0)

Definition at line 827 of file decode.h.

Referenced by __attribute__(), DecodeICMPV6(), DecodeIPV4(), DecodeIPV6(), DecodeRaw(), DecodeTCP(), DetectFragBitsRegister(), DetectPortHashFree(), DetectReplaceFreeInternal(), DetectSetupParseRegexes(), SigParseApplyDsizeToContent(), and Unified2AlertInitCtx().

#define PACKET_REINIT ( p )

Recycle a packet structure for reuse.

Definition at line 757 of file decode.h.

Referenced by PacketPoolGetPacket().

#define PACKET_REJECT ( p ) PACKET_SET_ACTION(p, (ACTION_REJECT|ACTION_DROP))

Definition at line 862 of file decode.h.

Referenced by ThresholdIPPairTimeoutCheck().

#define PACKET_REJECT_BOTH ( p ) PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH|ACTION_DROP))

Definition at line 866 of file decode.h.

#define PACKET_REJECT_DST ( p ) PACKET_SET_ACTION(p, (ACTION_REJECT_DST|ACTION_DROP))

Definition at line 864 of file decode.h.

#define PACKET_RELEASE_REFS ( p )

Value:

do {              \
        FlowDeReference(&((p)->flow));          \
        HostDeReference(&((p)->host_src));      \
        HostDeReference(&((p)->host_dst));      \
    } while (0)

Definition at line 748 of file decode.h.

Referenced by PacketPoolReturnPacket(), and TmqhOutputPacketpool().

#define PACKET_RESET_CHECKSUMS ( p )

Value:

do { \
        (p)->level3_comp_csum = -1;   \
        (p)->level4_comp_csum = -1;   \
    } while (0)

reset these to -1(indicates that the packet is fresh from the queue)

Definition at line 724 of file decode.h.

#define PACKET_SET_ACTION	(	p,
		a
	)

Value:

do { \
    ((p)->root ? \
     ((p)->root->action = a) : \
     ((p)->action = a)); \
} while (0)

Definition at line 850 of file decode.h.

#define PACKET_TEST_ACTION	(	p,
		a
	)

Value:

((p)->root ? \
     ((p)->root->action & a) : \
     ((p)->action & a))

Definition at line 870 of file decode.h.

Referenced by CaptureStatsUpdate(), DetectDetectionFilterRegister(), DetectIPRepFree(), DetectSignatureApplyActions(), DetectThresholdRegister(), IPFWSetVerdict(), NFQSetVerdict(), NoNetmapSupportExit(), NoWinDivertSupportExit(), PacketAlertFinalize(), RejectSendIPv4ICMP(), RejectSendIPv4TCP(), RejectSendIPv6ICMP(), RejectSendIPv6TCP(), RespondRejectFunc(), SCThresholdConfParseFile(), and TmModuleDecodeAFPRegister().

#define PACKET_UPDATE_ACTION	(	p,
		a
	)

Value:

do { \
    ((p)->root ? \
     ((p)->root->action |= a) : \
     ((p)->action |= a)); \
} while (0)

Definition at line 875 of file decode.h.

Referenced by DetectSignatureApplyActions().

#define PKT_ALLOC (1<<3)

Packet was alloc'd this run, needs to be freed

Definition at line 1094 of file decode.h.

Referenced by PacketFreeOrRelease(), PacketGetFromAlloc(), PacketPoolWaitForN(), TmqhOutputPacketpool(), and TmqhOutputSimple().

#define PKT_DETECT_HAS_STREAMDATA (1<<26)

Set by Detect() if raw stream data is available.

Definition at line 1129 of file decode.h.

Referenced by PacketCreateMask(), Prefilter(), and SigMatchSignaturesGetSgh().

#define PKT_HAS_FLOW (1<<8)

Definition at line 1099 of file decode.h.

#define PKT_HAS_TAG (1<<4)

Packet has matched a tag

Definition at line 1095 of file decode.h.

Referenced by TagHashAddTag(), TagTimeoutCheck(), and Unified2Condition().

#define PKT_HOST_DST_LOOKED_UP (1<<18)

Definition at line 1112 of file decode.h.

Referenced by DetectIPRepRegister().

#define PKT_HOST_SRC_LOOKED_UP (1<<17)

Definition at line 1111 of file decode.h.

Referenced by DetectIPRepRegister().

#define PKT_IGNORE_CHECKSUM (1<<15)

Packet checksum is not computed (TX packet for example)

Definition at line 1108 of file decode.h.

Referenced by CleanupPcapFileFileVars(), DetectCsumRegister(), NoNetmapSupportExit(), StreamTcp(), StreamTcpPacket(), StreamTcpPseudoPacketCreateStreamEndPacket(), TmModuleDecodeAFPRegister(), TmModuleDecodePcapRegister(), and TmModuleDecodePfringRegister().

#define PKT_IS_FRAGMENT (1<<19)

Packet is a fragment

Definition at line 1114 of file decode.h.

Referenced by DecodeIPV4(), DecodeIPV6FragHeader(), IPOnlyMatchPacket(), and SigMatchSignaturesGetSgh().

#define PKT_IS_ICMPV4 ( p ) (((p)->icmpv4h != NULL))

Definition at line 254 of file decode.h.

Referenced by DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectICodeFree(), DetectITypeFree(), FlowGetPacketDirection(), FlowSetupPacket(), and SigMatchSignaturesGetSgh().

#define PKT_IS_ICMPV6 ( p ) (((p)->icmpv6h != NULL))

Definition at line 255 of file decode.h.

Referenced by DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectICodeFree(), and DetectITypeFree().

#define PKT_IS_INVALID (1<<20)

Definition at line 1115 of file decode.h.

Referenced by PacketDecodeFinalize().

#define PKT_IS_IPV4 ( p ) (((p)->ip4h != NULL))

#define PKT_IS_IPV6 ( p ) (((p)->ip6h != NULL))

#define PKT_IS_PSEUDOPKT ( p ) ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH))

#define PKT_IS_TCP ( p ) (((p)->tcph != NULL))

Definition at line 252 of file decode.h.

Referenced by AFPSetBPFFilter(), DetectAckRegister(), DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectRpcRegister(), DetectSeqRegister(), DetectStreamSizeRegister(), DetectWindowRegister(), LogHttpLogger(), PacketCreateMask(), ReCalculateChecksum(), RespondRejectFunc(), StreamTcp(), and TmModuleDecodePfringRegister().

#define PKT_IS_TOCLIENT ( p ) (((p)->flowflags & FLOW_PKT_TOCLIENT))

Definition at line 257 of file decode.h.

Referenced by OutputJsonRegister(), StreamTcpFreeConfig(), StreamTcpPacket(), StreamTcpPseudoPacketCreateStreamEndPacket(), and StreamTcpThreadDeinit().

#define PKT_IS_TOSERVER ( p ) (((p)->flowflags & FLOW_PKT_TOSERVER))

Definition at line 256 of file decode.h.

Referenced by OutputJsonRegister(), StreamReassembleRaw(), StreamReassembleRawHasDataReady(), StreamReassembleRawUpdateProgress(), StreamTcpDetectLogFlush(), StreamTcpFreeConfig(), StreamTcpPacket(), StreamTcpPseudoPacketCreateStreamEndPacket(), StreamTcpReassembleHandleSegmentHandleData(), StreamTcpThreadDeinit(), and TLSGetIPInformations().

#define PKT_IS_UDP ( p ) (((p)->udph != NULL))

Definition at line 253 of file decode.h.

Referenced by AFPSetBPFFilter(), DetectRpcRegister(), ReCalculateChecksum(), and TmModuleDecodePfringRegister().

#define PKT_MARK_MODIFIED (1<<11)

Packet mark is modified

Definition at line 1102 of file decode.h.

Referenced by DetectMarkDataFree(), NFQInitConfig(), and NFQSetVerdict().

#define PKT_NOPACKET_INSPECTION (1)

Flag to indicate that packet header or contents should not be inspected

Definition at line 1092 of file decode.h.

Referenced by DetectSignatureApplyActions(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define PKT_NOPAYLOAD_INSPECTION (1<<2)

Flag to indicate that packet contents should not be inspected

Definition at line 1093 of file decode.h.

Referenced by PacketCreateMask(), Prefilter(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define PKT_PROFILE (1<<21)

Definition at line 1116 of file decode.h.

Referenced by SCProfileRuleStart().

#define PKT_PROTO_DETECT_TC_DONE (1<<24)

Definition at line 1124 of file decode.h.

Referenced by AppLayerIncTxCounter(), and FlowHandlePacketUpdate().

#define PKT_PROTO_DETECT_TS_DONE (1<<23)

protocol detection done

Definition at line 1123 of file decode.h.

Referenced by AppLayerIncTxCounter(), and FlowHandlePacketUpdate().

#define PKT_PSEUDO_DETECTLOG_FLUSH (1<<27)

Detect/log flush for protocol upgrade

Definition at line 1131 of file decode.h.

Referenced by StreamTcpPseudoPacketCreateStreamEndPacket().

#define PKT_PSEUDO_STREAM_END (1<<9)

Pseudo packet to end the stream

Definition at line 1100 of file decode.h.

Referenced by DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeIPFW(), DecodePcap(), DecodePfring(), DetectEngineInspectBufferGeneric(), NapatechDecode(), NoNetmapSupportExit(), OutputRegisterFiledataLogger(), OutputRegisterFileLogger(), PacketAlertFinalize(), PcapFileGlobalInit(), StreamNeedsReassembly(), StreamReassembleRaw(), StreamTcp(), StreamTcpPacket(), StreamTcpPseudoPacketCreateStreamEndPacket(), StreamTcpReassembleAppLayer(), StreamTcpReassembleHandleSegment(), StreamTcpReassembleHandleSegmentHandleData(), and VerdictIPFW().

#define PKT_REBUILT_FRAGMENT (1<<25)

Packet is rebuilt from fragments.

Definition at line 1126 of file decode.h.

Referenced by DefragTrackerFreeFrags(), DetectFlowFree(), DetectFlowRegister(), and DetectMarkDataFree().

#define PKT_SET_SRC	(	p,
		src_val
	)	((p)->pkt_src = src_val)

Definition at line 1138 of file decode.h.

Referenced by CleanupPcapFileFileVars(), DecodeGRE(), DecodeIPV4(), DecodeTeredo(), DefragTrackerFreeFrags(), FlowForceReassemblyForFlow(), NoNetmapSupportExit(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), ReceiveIPFWLoop(), ReceivePfringLoop(), StreamTcpPseudoPacketCreateStreamEndPacket(), TmModuleDecodeAFPRegister(), and TmModuleDecodePcapRegister().

#define PKT_STREAM_ADD (1<<5)

Packet payload was added to reassembled stream

Definition at line 1096 of file decode.h.

Referenced by DetectEngineInspectStream(), SigMatchSignaturesGetSgh(), StreamReassembleRawHasDataReady(), StreamReassembleRawUpdateProgress(), and StreamTcpReassembleHandleSegment().

#define PKT_STREAM_EOF (1<<7)

Stream is in eof state

Definition at line 1098 of file decode.h.

Referenced by SigMatchSignaturesGetSgh(), and StreamTcpPseudoPacketCreateStreamEndPacket().

#define PKT_STREAM_EST (1<<6)

Packet is part of establised stream

Definition at line 1097 of file decode.h.

#define PKT_STREAM_MODIFIED (1<<10)

Packet is modified by the stream engine, we need to recalc the csum and reinject/replace

Definition at line 1101 of file decode.h.

Referenced by CaptureStatsUpdate(), DetectReplaceExecuteInternal(), NFQInitConfig(), NFQSetVerdict(), StreamTcpInlineSegmentReplacePacket(), and StreamTcpPacket().

#define PKT_STREAM_NOPCAPLOG (1<<12)

Exclude packet from pcap logging as it's part of a stream that has reassembly depth reached.

Definition at line 1103 of file decode.h.

Referenced by StreamTcpPacket().

#define PKT_TUNNEL (1<<13)

Definition at line 1105 of file decode.h.

#define PKT_TUNNEL_VERDICTED (1<<14)

Definition at line 1106 of file decode.h.

#define PKT_WANTS_FLOW (1<<22)

indication by decoder that it feels the packet should be handled by flow engine: Packet::flow_hash will be set

Definition at line 1120 of file decode.h.

Referenced by DecodeIPV4(), FlowSetupPacket(), and TmqhOutputFlowHash().

#define PKT_ZERO_COPY (1<<16)

Packet comes from zero copy (ext_pkt must not be freed)

Definition at line 1109 of file decode.h.

Referenced by PacketSetData().

#define PPP_OVER_GRE 11

Definition at line 1088 of file decode.h.

#define SET_IPV4_DST_ADDR	(	p,
		a
	)

Value:

do {                              \
        (a)->family = AF_INET;                                    \
        (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_dst.s_addr; \
        (a)->addr_data32[1] = 0;                                  \
        (a)->addr_data32[2] = 0;                                  \
        (a)->addr_data32[3] = 0;                                  \
    } while (0)

Definition at line 145 of file decode.h.

Referenced by StreamTcpPseudoSetup().

#define SET_IPV4_SRC_ADDR	(	p,
		a
	)

Value:

do {                              \
        (a)->family = AF_INET;                                    \
        (a)->addr_data32[0] = (uint32_t)(p)->ip4h->s_ip_src.s_addr; \
        (a)->addr_data32[1] = 0;                                  \
        (a)->addr_data32[2] = 0;                                  \
        (a)->addr_data32[3] = 0;                                  \
    } while (0)

Definition at line 137 of file decode.h.

Referenced by StreamTcpPseudoSetup().

#define SET_IPV6_DST_ADDR	(	p,
		a
	)

Value:

do {                    \
        (a)->family = AF_INET6;                         \
        (a)->addr_data32[0] = (p)->ip6h->s_ip6_dst[0];  \
        (a)->addr_data32[1] = (p)->ip6h->s_ip6_dst[1];  \
        (a)->addr_data32[2] = (p)->ip6h->s_ip6_dst[2];  \
        (a)->addr_data32[3] = (p)->ip6h->s_ip6_dst[3];  \
    } while (0)

Definition at line 172 of file decode.h.

Referenced by DecodeIPV6FragHeader(), and StreamTcpPseudoSetup().

#define SET_IPV6_SRC_ADDR	(	p,
		a
	)

Value:

do {                    \
        (a)->family = AF_INET6;                         \
        (a)->addr_data32[0] = (p)->ip6h->s_ip6_src[0];  \
        (a)->addr_data32[1] = (p)->ip6h->s_ip6_src[1];  \
        (a)->addr_data32[2] = (p)->ip6h->s_ip6_src[2];  \
        (a)->addr_data32[3] = (p)->ip6h->s_ip6_src[3];  \
    } while (0)

Definition at line 164 of file decode.h.

Referenced by DecodeIPV6FragHeader(), and StreamTcpPseudoSetup().

#define SET_PKT_LEN	(	p,
		len
	)

Value:

do { \
    (p)->pktlen = (len); \
    } while (0)

Definition at line 228 of file decode.h.

Referenced by DefragTrackerFreeFrags(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), PacketCallocExtPkt(), PacketCopyData(), PacketCopyDataOffset(), PacketSetData(), ReceiveErfDagLoop(), StreamTcpPseudoPacketCreateStreamEndPacket(), TmModuleDecodeAFPRegister(), TmModuleDecodePfringRegister(), Unified2AlertInitCtx(), UTHBuildPacketIPV6Real(), and UTHBuildPacketReal().

#define SET_PORT	(	v,
		p
	)	((p) = (v))

Definition at line 235 of file decode.h.

#define SET_SCTP_DST_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(SCTP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 205 of file decode.h.

Referenced by FlowInit().

#define SET_SCTP_SRC_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(SCTP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 201 of file decode.h.

Referenced by FlowInit().

#define SET_TCP_DST_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(TCP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 186 of file decode.h.

Referenced by FlowInit(), and StreamTcpPseudoSetup().

#define SET_TCP_SRC_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(TCP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 182 of file decode.h.

Referenced by FlowInit(), and StreamTcpPseudoSetup().

#define SET_TUNNEL_PKT ( p ) ((p)->flags |= PKT_TUNNEL)

Definition at line 895 of file decode.h.

Referenced by PacketDefragPktSetup(), PacketDefragPktSetupParent(), PacketTunnelPktSetup(), and StreamTcpPseudoSetup().

#define SET_TUNNEL_PKT_VERDICTED ( p ) ((p)->flags |= PKT_TUNNEL_VERDICTED)

Definition at line 900 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define SET_UDP_DST_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(UDP_GET_DST_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 195 of file decode.h.

Referenced by FlowInit().

#define SET_UDP_SRC_PORT	(	pkt,
		prt
	)

Value:

do {            \
        SET_PORT(UDP_GET_SRC_PORT((pkt)), *(prt)); \
    } while (0)

Definition at line 192 of file decode.h.

Referenced by FlowInit().

#define SIZE_OF_PACKET (default_packet_size + sizeof(Packet))

#define tcpvars l4vars.tcpvars

Definition at line 521 of file decode.h.

#define TUNNEL_INCR_PKT_RTV_NOLOCK ( p )

Value:

do {                                          \
        ((p)->root ? (p)->root->tunnel_rtv_cnt++ : (p)->tunnel_rtv_cnt++);          \
    } while (0)

Definition at line 881 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define TUNNEL_INCR_PKT_TPR ( p )

Value:

do {                                                 \
        SCMutexLock((p)->root ? &(p)->root->tunnel_mutex : &(p)->tunnel_mutex);     \
        ((p)->root ? (p)->root->tunnel_tpr_cnt++ : (p)->tunnel_tpr_cnt++);          \
        SCMutexUnlock((p)->root ? &(p)->root->tunnel_mutex : &(p)->tunnel_mutex);   \
    } while (0)

Definition at line 885 of file decode.h.

Referenced by PacketDefragPktSetupParent(), PacketTunnelPktSetup(), and StreamTcpPseudoSetup().

#define TUNNEL_PKT_RTV ( p ) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)

Definition at line 891 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define TUNNEL_PKT_TPR ( p ) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)

Definition at line 892 of file decode.h.

Referenced by TmqhOutputPacketpool().

#define UNSET_TUNNEL_PKT ( p ) ((p)->flags &= ~PKT_TUNNEL)

Definition at line 896 of file decode.h.

Referenced by DefragRbFragCompare(), and PacketTunnelPktSetup().

#define VLAN_OVER_GRE 13

Definition at line 1089 of file decode.h.

Typedef Documentation

typedef struct Address_ Address

typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents

Definition at line 104 of file decode.h.

typedef struct AppLayerThreadCtx_ AppLayerThreadCtx

Definition at line 98 of file decode.h.

typedef struct CaptureStats_ CaptureStats

typedef struct DecodeThreadVars_ DecodeThreadVars

Structure to hold thread specific data for all decode modules.

typedef struct Packet_ Packet

typedef struct PacketAlert_ PacketAlert

typedef struct PacketAlerts_ PacketAlerts

typedef struct PacketEngineEvents_ PacketEngineEvents

data structure to store decoder, defrag and stream events

typedef struct PacketQueue_ PacketQueue

typedef struct PktProfiling_ PktProfiling

Per pkt stats storage.

typedef struct PktProfilingAppData_ PktProfilingAppData

typedef struct PktProfilingData_ PktProfilingData

typedef struct PktProfilingDetectData_ PktProfilingDetectData

typedef struct PktProfilingLoggerData_ PktProfilingLoggerData

typedef struct PktProfilingPrefilterData_ PktProfilingPrefilterData

typedef struct PktProfilingPrefilterEngine_ PktProfilingPrefilterEngine

typedef struct PktProfilingTmmData_ PktProfilingTmmData

Per TMM stats storage.

typedef struct PktVar_ PktVar

typedef uint16_t Port

Definition at line 234 of file decode.h.

Enumeration Type Documentation

enum ChecksumValidationMode

Enumerator
CHECKSUM_VALIDATION_DISABLE
CHECKSUM_VALIDATION_ENABLE
CHECKSUM_VALIDATION_AUTO
CHECKSUM_VALIDATION_RXONLY
CHECKSUM_VALIDATION_KERNEL

Definition at line 40 of file decode.h.

enum DecodeTunnelProto

Enumerator
DECODE_TUNNEL_ETHERNET
DECODE_TUNNEL_ERSPAN
DECODE_TUNNEL_VLAN
DECODE_TUNNEL_IPV4
DECODE_TUNNEL_IPV6
DECODE_TUNNEL_PPP

Definition at line 902 of file decode.h.

enum PktSrcEnum

Enumerator
PKT_SRC_WIRE
PKT_SRC_DECODER_GRE
PKT_SRC_DECODER_IPV4
PKT_SRC_DECODER_IPV6
PKT_SRC_DECODER_TEREDO
PKT_SRC_DEFRAG
PKT_SRC_STREAM_TCP_STREAM_END_PSEUDO
PKT_SRC_FFR
PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH

Definition at line 48 of file decode.h.

Function Documentation

void AppLayerDecoderEventsFreeEvents ( AppLayerDecoderEvents ** events )

Definition at line 132 of file app-layer-events.c.

References SCFree.

Referenced by AppLayerParserStateFree(), DetectEngineThreadCtxInit(), DNSSetEvent(), main(), SMTPStateAlloc(), and SSLVersionToString().

Here is the caller graph for this function:

void AppLayerDecoderEventsResetEvents ( AppLayerDecoderEvents * events )

Definition at line 125 of file app-layer-events.c.

References AppLayerDecoderEvents_::cnt.

int DecodeERSPAN	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Function to decode ERSPAN packets.

Definition at line 46 of file decode-erspan.c.

References DecodeThreadVars_::counter_erspan, DecodeEthernet(), ENGINE_SET_EVENT, ERSPAN_HEADER_TOO_SMALL, ERSPAN_TOO_MANY_VLAN_LAYERS, ERSPAN_UNSUPPORTED_VERSION, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, version, DecodeThreadVars_::vlan_disabled, Packet_::vlan_id, and Packet_::vlan_idx.

Referenced by DecodeTunnel(), and RegisterAllModules().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeEthernet	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 41 of file decode-ethernet.c.

References DecodeThreadVars_::counter_eth, DCE_PKT_TOO_SMALL, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), ENGINE_SET_INVALID_EVENT, ETHERNET_DCE_HEADER_LEN, ETHERNET_HEADER_LEN, ETHERNET_PKT_TOO_SMALL, ETHERNET_TYPE_8021QINQ, ETHERNET_TYPE_DCE, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_MPLS_MULTICAST, ETHERNET_TYPE_MPLS_UNICAST, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, Packet_::ethh, SCFree, SCLogDebug, SCMalloc, SCNtohs, SIZE_OF_PACKET, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeERSPAN(), DecodeEthernet(), DecodeMPLS(), DecodePcap(), DecodePfring(), DecodeTunnel(), DetectFragBitsRegister(), DetectIPProtoRemoveAllSMs(), DetectReplaceFreeInternal(), DetectSetupParseRegexes(), NapatechDecode(), NoNetmapSupportExit(), RegisterAllModules(), Unified2AlertInitCtx(), UTHBuildPacketArrayFromEth(), UTHBuildPacketFromEth(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeGRE	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Function to decode GRE packets.

Todo:: We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.

Todo:: We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.

Definition at line 46 of file decode-gre.c.

References DecodeThreadVars_::counter_gre, DECODE_TUNNEL_ERSPAN, DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_PPP, DECODE_TUNNEL_VLAN, DecodeGRE(), ENGINE_ISSET_EVENT, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_BRIDGE, ETHERNET_TYPE_ERSPAN, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, GRE_CHKSUM_LEN, GRE_FLAG_ISSET_CHKSUM, GRE_FLAG_ISSET_KY, GRE_FLAG_ISSET_RECUR, GRE_FLAG_ISSET_ROUTE, GRE_FLAG_ISSET_SQ, GRE_FLAG_ISSET_SSR, GRE_GET_PROTO, GRE_GET_VERSION, GRE_HDR_LEN, GRE_KEY_LEN, GRE_OFFSET_LEN, GRE_PKT_TOO_SMALL, GRE_PROTO_PPP, GRE_SEQ_LEN, GRE_SRE_HDR_LEN, GRE_VERSION0_FLAGS, GRE_VERSION0_HDR_TOO_BIG, GRE_VERSION0_MALFORMED_SRE_HDR, GRE_VERSION0_RECUR, GRE_VERSION1_CHKSUM, GRE_VERSION1_FLAGS, GRE_VERSION1_HDR_TOO_BIG, GRE_VERSION1_NO_KEY, GRE_VERSION1_RECUR, GRE_VERSION1_ROUTE, GRE_VERSION1_SSR, GRE_VERSION1_WRONG_PROTOCOL, GRE_VERSION_0, GRE_VERSION_1, GRE_WRONG_VERSION, Packet_::greh, GREV1_ACK_LEN, GREV1_FLAG_ISSET_ACK, GREV1_FLAG_ISSET_FLAGS, PacketEnqueue(), PacketGetFromAlloc(), PacketTunnelPktSetup(), PKT_SET_SRC, PKT_SRC_DECODER_GRE, SCFree, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeGRE(), and DecodeIPV4().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeICMPV4	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		uint8_t *	pkt,
		uint32_t	len,
		PacketQueue *	pq
	)

Main ICMPv4 decoding function.

DecodeICMPV4

Definition at line 155 of file decode-icmpv4.c.

References DecodeThreadVars_::counter_icmpv4, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FlowSetupPacket(), Packet_::icmp_d, Packet_::icmp_s, ICMPV4_HEADER_LEN, ICMPV4_HEADER_PKT_OFFSET, ICMPV4_PKT_TOO_SMALL, ICMPV4_UNKNOWN_CODE, ICMPV4_UNKNOWN_TYPE, ICMPv4GetCounterpart(), Packet_::icmpv4h, Packet_::icmpv4vars, ICMPV4ExtHdr_::id, ICMPV4Vars_::id, Packet_::payload, Packet_::payload_len, Packet_::proto, SCLogDebug, ICMPV4ExtHdr_::seq, ICMPV4Vars_::seq, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeIPV4(), DetectIcmpIdFree(), and ICMPv4GetCounterpart().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeICMPV6	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		uint8_t *	pkt,
		uint32_t	len,
		PacketQueue *	pq
	)

Decode ICMPV6 packets and fill the Packet with the decoded info.

Parameters

tv	Pointer to the thread variables
dtv	Pointer to the decode thread variables
p	Pointer to the packet we are filling
pkt	Pointer to the raw packet buffer
len	the len of the rest of the packet not processed yet
pq	the packet queue were this packet go

Return values

void	No return value

Definition at line 189 of file decode-icmpv6.c.

References CERT_PATH_ADVERT, CERT_PATH_SOLICIT, ICMPV6Hdr_::code, DecodeThreadVars_::counter_icmpv6, DecodeIPV6(), DUPL_ADDR_CONFIRM, DUPL_ADDR_REQUEST, ICMPV6Vars_::emb_ip6_dst, ICMPV6Vars_::emb_ip6_src, ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ICMPV6Vars_::error_ptr, FAIL, FAIL_IF, FAIL_IF_NULL, FLOW_QUIET, FlowInitConfig(), FlowSetupPacket(), FlowShutdown(), FMIPV6_MSG, HOME_AGENT_AD_REPLY, HOME_AGENT_AD_REQUEST, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_REJECTROUTE, ICMP6_ECHO_REPLY, ICMP6_ECHO_REQUEST, ICMP6_MOBILE_EXPERIMENTAL, ICMP6_NI_QUERY, ICMP6_NI_REPLY, ICMP6_PACKET_TOO_BIG, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, ICMP6_RR, ICMP6_TIME_EXCEED_REASSEMBLY, ICMP6_TIME_EXCEEDED, Packet_::icmp_d, Packet_::icmp_s, ICMPV6_EXPERIMENTATION_TYPE, ICMPV6_GET_CODE, ICMPV6_GET_EMB_IPV6, ICMPV6_GET_EMB_PROTO, ICMPV6_GET_ERROR_PTR, ICMPV6_GET_ID, ICMPV6_GET_MTU, ICMPV6_GET_SEQ, ICMPV6_GET_TYPE, ICMPV6_HEADER_LEN, ICMPV6_IPV6_TRUNC_PKT, ICMPV6_IPV6_UNKNOWN_VER, ICMPV6_MLD_MESSAGE_WITH_INVALID_HL, ICMPV6_PKT_TOO_SMALL, ICMPV6_UNASSIGNED_TYPE, ICMPV6_UNKNOWN_CODE, ICMPV6_UNKNOWN_TYPE, ICMPV6Hdr_::icmpv6b, ICMPv6GetCounterpart(), Packet_::icmpv6h, ICMPV6Hdr_::icmpv6i, Packet_::icmpv6vars, ICMPV6Info_::id, ICMPV6Vars_::id, ip6h, Packet_::ip6h, IPV6_GET_HLIM, IPV6_GET_RAW_PLEN, IPV6_HEADER_LEN, LOCATOR_UDATE_MSG, MC_ROUTER_ADVERT, MC_ROUTER_SOLICIT, MC_ROUTER_TERMINATE, MLD_LISTENER_QUERY, MLD_LISTENER_REDUCTION, MLD_LISTENER_REPORT, MLD_V2_LIST_REPORT, MOBILE_PREFIX_ADVERT, MOBILE_PREFIX_SOLICIT, MPL_CONTROL_MSG, ICMPV6Vars_::mtu, ND_INVERSE_ADVERT, ND_INVERSE_SOLICIT, ND_NEIGHBOR_ADVERT, ND_NEIGHBOR_SOLICIT, ND_REDIRECT, ND_ROUTER_ADVERT, ND_ROUTER_SOLICIT, PACKET_RECYCLE, PASS, Packet_::payload, Packet_::payload_len, Packet_::proto, RPL_CONTROL_MSG, SCFree, SCLogDebug, SCMalloc, SCNtohs, ICMPV6Info_::seq, ICMPV6Vars_::seq, SIZE_OF_PACKET, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, ICMPV6Hdr_::type, and unlikely.

Referenced by DecodeIPV6(), and DecodeIPV6FragHeader().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeIPV4	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint16_t	,
		PacketQueue *
	)

Definition at line 533 of file decode-ipv4.c.

References DecodeThreadVars_::counter_ipv4, DECODE_TUNNEL_IPV6, DecodeGRE(), DecodeICMPV4(), DecodeIPV4(), DecodeSCTP(), DecodeTCP(), DecodeUDP(), Defrag(), DefragDestroy(), DefragInit(), ENGINE_SET_INVALID_EVENT, ETHERNET_HEADER_LEN, FAIL_IF, Packet_::flags, Packet_::flow_hash, FLOW_QUIET, FlowInitConfig(), FlowSetupPacket(), FlowShutdown(), GET_IPV4_DST_ADDR_PTR, GET_IPV4_SRC_ADDR_PTR, GET_PKT_DATA, GET_PKT_LEN, Packet_::ip4h, IPPROTO_GRE, IPV4_GET_DF, IPV4_GET_HLEN, IPV4_GET_IPID, IPV4_GET_IPLEN, IPV4_GET_IPOFFSET, IPV4_GET_IPPROTO, IPV4_GET_MF, IPV4_GET_RF, IPV4_OPT_CIPSO, IPV4_OPT_EOL, IPV4_OPT_LSRR, IPV4_OPT_NOP, IPV4_OPT_QS, IPV4_OPT_RR, IPV4_OPT_RTRALT, IPV4_OPT_SEC, IPV4_OPT_SID, IPV4_OPT_SSRR, IPV4_OPT_TS, IPV4_WITH_ICMPV6, IPV4Options_::o_cipso, IPV4Options_::o_lsrr, IPV4Options_::o_qs, IPV4Options_::o_rr, IPV4Options_::o_rtralt, IPV4Options_::o_sec, IPV4Options_::o_sid, IPV4Options_::o_ssrr, IPV4Options_::o_ts, PACKET_RECYCLE, PacketCopyData(), PacketDequeue(), PacketEnqueue(), PacketGetFromAlloc(), PacketTunnelPktSetup(), PASS, PKT_IS_FRAGMENT, PKT_SET_SRC, PKT_SRC_DECODER_IPV4, PKT_WANTS_FLOW, PPP_VJ_UCOMP, Packet_::ppph, PrintInet(), Packet_::proto, Packet_::recursion_level, SCFree, SCLogDebug, SCLogDebugEnabled(), SCNtohs, StatsIncr(), Packet_::tcph, TM_ECODE_FAILED, TM_ECODE_OK, IPV4Opt_::type, and unlikely.

Referenced by DecodeEthernet(), DecodeIPFW(), DecodeIPV4(), DecodeMPLS(), DecodeNFQ(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), DecodeVLAN(), DefragRbFragCompare(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), and RegisterAllModules().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeIPV6	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint16_t	,
		PacketQueue *
	)

Definition at line 584 of file decode-ipv6.c.

References DecodeThreadVars_::counter_ipv6, DecodeICMPV6(), DecodeIPV6(), DecodeSCTP(), DecodeTCP(), DecodeUDP(), Defrag(), DefragDestroy(), DefragInit(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, FAIL_IF, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), GET_IPV6_DST_ADDR, GET_IPV6_SRC_ADDR, GET_PKT_DATA, GET_PKT_LEN, Packet_::ip6eh, Packet_::ip6h, IPV6_EXTHDR_ISSET_FH, IPV6_EXTHDR_ISSET_RH, IPV6_GET_CLASS, IPV6_GET_FLOW, IPV6_GET_HLIM, IPV6_GET_L4PROTO, IPV6_GET_NH, IPV6_GET_PLEN, IPV6_HEADER_LEN, IPV6_HOPOPTS_UNKNOWN_OPT, IPV6_SET_L4PROTO, IPV6_UNKNOWN_NEXT_HEADER, IPV6_WITH_ICMPV4, PacketQueue_::len, PACKET_RECYCLE, PacketCopyData(), PacketDequeue(), PacketEnqueue(), PacketGetFromAlloc(), PASS, PrintInet(), Packet_::proto, IPV6ExtHdrs_::rh_type, SCFree, SCLogDebug, SCLogDebugEnabled(), StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeEthernet(), DecodeICMPV6(), DecodeIPFW(), DecodeIPV6(), DecodeMPLS(), DecodeNFQ(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), DecodeVLAN(), DefragRbFragCompare(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), RegisterAllModules(), and SigParseApplyDsizeToContent().

Here is the call graph for this function:

Here is the caller graph for this function:

void DecodeIPV6FragHeader	(	Packet *	p,
		uint8_t *	pkt,
		uint16_t	hdrextlen,
		uint16_t	plen,
		uint16_t	prev_hdrextlen
	)

Definition at line 107 of file decode-ipv6.c.

References DecodeICMPV6(), DecodeIPV6FragHeader(), DecodeSCTP(), DecodeTCP(), DecodeUDP(), Packet_::dst, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FALSE, IPV6ExtHdrs_::fh_data_len, IPV6ExtHdrs_::fh_data_offset, IPV6ExtHdrs_::fh_header_offset, IPV6ExtHdrs_::fh_id, IPV6ExtHdrs_::fh_more_frags_set, IPV6ExtHdrs_::fh_nh, IPV6ExtHdrs_::fh_offset, IPV6ExtHdrs_::fh_prev_hdr_offset, Packet_::flags, GET_PKT_DATA, Packet_::ip6eh, Packet_::ip6h, IPV6OptHAO_::ip6hao_hoa, IPV6OptHAO_::ip6hao_len, IPV6OptHAO_::ip6hao_type, IPV6OptJumbo_::ip6j_len, IPV6OptJumbo_::ip6j_payload_len, IPV6OptJumbo_::ip6j_type, IPV6OptRA_::ip6ra_len, IPV6OptRA_::ip6ra_type, IPV6OptRA_::ip6ra_value, ip6rh_type, IP_GET_RAW_VER, IPV6_DATA_AFTER_NONE_HEADER, IPV6_DSTOPTS_ONLY_PADDING, IPV6_DSTOPTS_UNKNOWN_OPT, IPV6_EXTHDR_AH_RES_NOT_NULL, IPV6_EXTHDR_DUPL_AH, IPV6_EXTHDR_DUPL_DH, IPV6_EXTHDR_DUPL_EH, IPV6_EXTHDR_DUPL_FH, IPV6_EXTHDR_DUPL_HH, IPV6_EXTHDR_DUPL_RH, IPV6_EXTHDR_INVALID_OPTLEN, IPV6_EXTHDR_ISSET_FH, IPV6_EXTHDR_RH_TYPE_0, IPV6_EXTHDR_SET_FH, IPV6_EXTHDR_SET_RH, IPV6_EXTHDR_USELESS_FH, IPV6_EXTHDR_ZERO_LEN_PADN, IPV6_FH_NON_ZERO_RES_FIELD, IPV6_GET_NH, IPV6_GET_PLEN, IPV6_HEADER_LEN, IPV6_HOPOPTS_ONLY_PADDING, IPV6_HOPOPTS_UNKNOWN_OPT, IPV6_SET_L4PROTO, IPV6_TRUNC_EXTHDR, IPV6_TRUNC_PKT, IPV6_UNKNOWN_NEXT_HEADER, IPV6_WITH_ICMPV4, IPV6_WRONG_IP_VER, IPV6OPT_HAO, IPV6OPT_JUMBO, IPV6OPT_PAD1, IPV6OPT_PADN, IPV6OPT_RA, len, offset, PKT_IS_FRAGMENT, IPV6ExtHdrs_::rh_type, SCEnter, SCLogDebug, SCNtohl, SCNtohs, SCReturn, SET_IPV6_DST_ADDR, SET_IPV6_SRC_ADDR, Packet_::src, TRUE, and unlikely.

Referenced by DecodeIPV6FragHeader().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeMPLS	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 47 of file decode-mpls.c.

References DecodeThreadVars_::counter_mpls, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, MPLS_BAD_LABEL_IMPLICIT_NULL, MPLS_BAD_LABEL_RESERVED, MPLS_BAD_LABEL_ROUTER_ALERT, MPLS_BOTTOM, MPLS_HEADER_LEN, MPLS_HEADER_TOO_SMALL, MPLS_LABEL, MPLS_LABEL_IPV4, MPLS_LABEL_IPV6, MPLS_LABEL_NULL, MPLS_LABEL_ROUTER_ALERT, MPLS_MAX_RESERVED_LABEL, MPLS_PROTO_ETHERNET_PW, MPLS_PROTO_IPV4, MPLS_PROTO_IPV6, MPLS_PW_LEN, MPLS_UNKNOWN_PAYLOAD_TYPE, SCFree, SCMalloc, SIZE_OF_PACKET, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeEthernet(), and DecodeMPLS().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeNull	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 48 of file decode-null.c.

References DecodeThreadVars_::counter_null, DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, HDR_SIZE, LTNULL_PKT_TOO_SMALL, LTNULL_UNSUPPORTED_TYPE, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, type, and unlikely.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodePPP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 43 of file decode-ppp.c.

References DecodeThreadVars_::counter_ppp, DecodeIPV4(), DecodeIPV6(), DecodePPP(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV4_TRUNC_PKT, IPV6_HEADER_LEN, likely, PacketGetFromAlloc(), PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HEADER_LEN, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_PKT_TOO_SMALL, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, Packet_::ppph, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPVJU_PKT_TOO_SMALL, SCFree, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeAFP(), DecodePcap(), DecodePPP(), DecodeTunnel(), RegisterAllModules(), Unified2AlertInitCtx(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodePPPOEDiscovery	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Main decoding function for PPPOE Discovery packets.

Definition at line 50 of file decode-pppoe.c.

References DecodeThreadVars_::counter_pppoe, ENGINE_SET_INVALID_EVENT, PPPOE_CODE_PADI, PPPOE_CODE_PADO, PPPOE_CODE_PADR, PPPOE_CODE_PADS, PPPOE_CODE_PADT, PPPOE_DISCOVERY_HEADER_MIN_LEN, pppoe_length, PPPOE_MALFORMED_TAGS, PPPOE_PKT_TOO_SMALL, PPPOE_WRONG_CODE, Packet_::pppoedh, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, and TM_ECODE_OK.

Referenced by DecodeEthernet(), DecodePPPOESession(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodePPPOESession	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Main decoding function for PPPOE Session packets.

Definition at line 129 of file decode-pppoe.c.

References DecodeThreadVars_::counter_pppoe, DecodeIPV4(), DecodeIPV6(), DecodePPPOEDiscovery(), DecodePPPOESession(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), ICMPV4_UNKNOWN_TYPE, IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV6_HEADER_LEN, PacketGetFromAlloc(), PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, Packet_::ppph, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPOESessionHdr_::pppoe_code, PPPOE_DISCOVERY_GET_TYPE, PPPOE_DISCOVERY_GET_VERSION, PPPOESessionHdr_::pppoe_length, PPPOE_MALFORMED_TAGS, PPPOE_PKT_TOO_SMALL, PPPOE_SESSION_GET_TYPE, PPPOE_SESSION_GET_VERSION, PPPOE_SESSION_HEADER_LEN, PPPOESessionHdr_::pppoe_version_type, PPPOE_WRONG_CODE, Packet_::pppoedh, Packet_::pppoesh, PPPVJU_PKT_TOO_SMALL, PPPOESessionHdr_::protocol, SCFree, SCLogDebug, SCNtohs, PPPOESessionHdr_::session_id, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeEthernet(), DecodePPPOESession(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeRaw	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 46 of file decode-raw.c.

References DecodeThreadVars_::counter_raw, DecodeIPV4(), DecodeIPV6(), DecodeRaw(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), GET_PKT_DATA, GET_PKT_LEN, Packet_::ip4h, Packet_::ip6h, IP_GET_RAW_VER, IPRAW_INVALID_IPV, IPV4_HEADER_LEN, IPV4_PKT_TOO_SMALL, PACKET_RECYCLE, PacketCopyData(), PacketGetFromAlloc(), SCFree, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeAFP(), DecodePcap(), DecodeRaw(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeSCTP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint16_t	,
		PacketQueue *
	)

Definition at line 62 of file decode-sctp.c.

References DecodeThreadVars_::counter_sctp, FlowSetupPacket(), SCLogDebug, SCTP_GET_DST_PORT, SCTP_GET_SRC_PORT, Packet_::sctph, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeIPV4(), DecodeIPV6(), and DecodeIPV6FragHeader().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeSll	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 39 of file decode-sll.c.

References DecodeThreadVars_::counter_sll, DecodeIPV4(), DecodeIPV6(), DecodeVLAN(), ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, SCLogDebug, SCNtohs, SLL_HEADER_LEN, SLL_PKT_TOO_SMALL, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeTCP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint16_t	,
		PacketQueue *
	)

Definition at line 200 of file decode-tcp.c.

References DecodeThreadVars_::counter_tcp, DecodeTCP(), Packet_::dst, FAIL_IF, Address_::family, FLOW_QUIET, FlowInitConfig(), FlowSetupPacket(), FlowShutdown(), GET_TCP_DST_PORT, GET_TCP_SRC_PORT, ip4h, Packet_::ip4h, PACKET_RECYCLE, PacketGetFromAlloc(), PASS, SCFree, SCLogDebug, Packet_::src, StatsIncr(), TCP_GET_HLEN, TCP_GET_SACK_CNT, TCP_GET_SACK_PTR, TCP_GET_WSCALE, TCP_HAS_MSS, TCP_HAS_SACK, TCP_HAS_SACKOK, TCP_HAS_TS, TCP_HAS_WSCALE, Packet_::tcph, TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.

Referenced by DecodeIPV4(), DecodeIPV6(), DecodeIPV6FragHeader(), and DecodeTCP().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeTEMPLATE	(	ThreadVars *	tv,
		DecodeThreadVars *	dtv,
		Packet *	p,
		const uint8_t *	pkt,
		uint32_t	len,
		PacketQueue *	pq
	)

Function to decode TEMPLATE packets.

Parameters

tv	thread vars
dtv	decoder thread vars
p	packet
pkt	raw packet data
len	length in bytes of pkt array

Return values

TM_ECODE_OK or TM_ECODE_FAILED on serious error

Definition at line 49 of file decode-template.c.

References DecodeUDP(), TM_ECODE_FAILED, and TM_ECODE_OK.

Here is the call graph for this function:

int DecodeUDP	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint16_t	,
		PacketQueue *
	)

Definition at line 73 of file decode-udp.c.

References DecodeThreadVars_::counter_udp, DecodeTeredo(), FAIL_IF, FlowSetupPacket(), PASS, Packet_::payload, Packet_::payload_len, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, UDP_GET_DST_PORT, UDP_GET_SRC_PORT, UDP_HEADER_LEN, Packet_::udph, and unlikely.

Referenced by DecodeIPV4(), DecodeIPV6(), DecodeIPV6FragHeader(), and DecodeTEMPLATE().

Here is the call graph for this function:

Here is the caller graph for this function:

int DecodeVLAN	(	ThreadVars *	,
		DecodeThreadVars *	,
		Packet *	,
		uint8_t *	,
		uint32_t	,
		PacketQueue *
	)

Definition at line 62 of file decode-vlan.c.

References DecodeThreadVars_::counter_vlan, DecodeThreadVars_::counter_vlan_qinq, DecodeIPV4(), DecodeIPV6(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_8021AD, ETHERNET_TYPE_8021AH, ETHERNET_TYPE_ARP, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, GET_VLAN_CFI, GET_VLAN_ID, GET_VLAN_PRIORITY, GET_VLAN_PROTO, proto, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, unlikely, DecodeThreadVars_::vlan_disabled, VLAN_HEADER_LEN, VLAN_HEADER_TOO_MANY_LAYERS, VLAN_HEADER_TOO_SMALL, Packet_::vlan_id, Packet_::vlan_idx, VLAN_UNKNOWN_TYPE, and Packet_::vlanh.

Referenced by __attribute__(), DecodeEthernet(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

typedef __attribute__

uint32_t default_packet_size

Definition at line 627 of file decode.h.

Referenced by AFPGetLinkType(), AFPSetBPFFilter(), NoNetmapSupportExit(), PacketCopyDataOffset(), PostRunDeinit(), ReceivePfringThreadInit(), and RunUnittests().

int g_default_mtu

highest mtu of the interfaces we monitor

Definition at line 224 of file suricata.c.

Referenced by PostRunDeinit().

Enumerations
enum	ChecksumValidationMode { CHECKSUM_VALIDATION_DISABLE, CHECKSUM_VALIDATION_ENABLE, CHECKSUM_VALIDATION_AUTO, CHECKSUM_VALIDATION_RXONLY, CHECKSUM_VALIDATION_KERNEL }

enum	PktSrcEnum { PKT_SRC_WIRE = 1, PKT_SRC_DECODER_GRE, PKT_SRC_DECODER_IPV4, PKT_SRC_DECODER_IPV6, PKT_SRC_DECODER_TEREDO, PKT_SRC_DEFRAG, PKT_SRC_STREAM_TCP_STREAM_END_PSEUDO, PKT_SRC_FFR, PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH }

enum	DecodeTunnelProto { DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_ERSPAN, DECODE_TUNNEL_VLAN, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_PPP }

Data Structures

Macros

Typedefs

Enumerations

Functions

Variables

Detailed Description

Macro Definition Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation

Variable Documentation