|
suricata
|
|
suricata
|
#include "suricata-common.h"#include "threadvars.h"#include "decode-events.h"#include "flow-worker.h"#include "util-napatech.h"#include "source-nflog.h"#include "source-nfq.h"#include "source-ipfw.h"#include "source-pcap.h"#include "source-af-packet.h"#include "source-netmap.h"#include "source-windivert.h"#include "action-globals.h"#include "decode-erspan.h"#include "decode-ethernet.h"#include "decode-gre.h"#include "decode-ppp.h"#include "decode-pppoe.h"#include "decode-sll.h"#include "decode-ipv4.h"#include "decode-ipv6.h"#include "decode-icmpv4.h"#include "decode-icmpv6.h"#include "decode-tcp.h"#include "decode-udp.h"#include "decode-sctp.h"#include "decode-raw.h"#include "decode-null.h"#include "decode-vlan.h"#include "decode-vxlan.h"#include "decode-mpls.h"#include "detect-reference.h"#include "app-layer-protos.h"
Go to the source code of this file.
Data Structures | |
| struct | Address_ |
| struct | PacketAlert_ |
| struct | PacketAlerts_ |
| struct | PacketEngineEvents_ |
| struct | PktVar_ |
| struct | PktProfilingTmmData_ |
| Per TMM stats storage. More... | |
| struct | PktProfilingData_ |
| struct | PktProfilingDetectData_ |
| struct | PktProfilingAppData_ |
| struct | PktProfilingLoggerData_ |
| struct | PktProfilingPrefilterEngine_ |
| struct | PktProfilingPrefilterData_ |
| struct | PktProfiling_ |
| Per pkt stats storage. More... | |
| struct | Packet_ |
| struct | PacketQueue_ |
| struct | DecodeThreadVars_ |
| Structure to hold thread specific data for all decode modules. More... | |
| struct | CaptureStats_ |
Macros | |
| #define | COUNTERS |
| #define | addr_data32 address.address_un_data32 |
| #define | addr_data16 address.address_un_data16 |
| #define | addr_data8 address.address_un_data8 |
| #define | addr_in6addr address.address_un_in6 |
| #define | COPY_ADDRESS(a, b) |
| #define | SET_IPV4_SRC_ADDR(p, a) |
| #define | SET_IPV4_DST_ADDR(p, a) |
| #define | CLEAR_ADDR(a) |
| #define | SET_IPV6_SRC_ADDR(p, a) |
| #define | SET_IPV6_DST_ADDR(p, a) |
| #define | SET_TCP_SRC_PORT(pkt, prt) |
| #define | SET_TCP_DST_PORT(pkt, prt) |
| #define | SET_UDP_SRC_PORT(pkt, prt) |
| #define | SET_UDP_DST_PORT(pkt, prt) |
| #define | SET_SCTP_SRC_PORT(pkt, prt) |
| #define | SET_SCTP_DST_PORT(pkt, prt) |
| #define | GET_IPV4_SRC_ADDR_U32(p) ((p)->src.addr_data32[0]) |
| #define | GET_IPV4_DST_ADDR_U32(p) ((p)->dst.addr_data32[0]) |
| #define | GET_IPV4_SRC_ADDR_PTR(p) ((p)->src.addr_data32) |
| #define | GET_IPV4_DST_ADDR_PTR(p) ((p)->dst.addr_data32) |
| #define | GET_IPV6_SRC_IN6ADDR(p) ((p)->src.addr_in6addr) |
| #define | GET_IPV6_DST_IN6ADDR(p) ((p)->dst.addr_in6addr) |
| #define | GET_IPV6_SRC_ADDR(p) ((p)->src.addr_data32) |
| #define | GET_IPV6_DST_ADDR(p) ((p)->dst.addr_data32) |
| #define | GET_TCP_SRC_PORT(p) ((p)->sp) |
| #define | GET_TCP_DST_PORT(p) ((p)->dp) |
| #define | GET_PKT_LEN(p) ((p)->pktlen) |
| #define | GET_PKT_DATA(p) ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt) |
| #define | GET_PKT_DIRECT_DATA(p) (uint8_t *)((p) + 1) |
| #define | GET_PKT_DIRECT_MAX_SIZE(p) (default_packet_size) |
| #define | SET_PKT_LEN(p, len) |
| #define | SET_PORT(v, p) ((p) = (v)) |
| #define | COPY_PORT(a, b) ((b) = (a)) |
| #define | CMP_ADDR(a1, a2) |
| #define | CMP_PORT(p1, p2) ((p1) == (p2)) |
| #define | IP_GET_RAW_VER(pkt) ((((pkt)[0] & 0xf0) >> 4)) |
| #define | PKT_IS_IPV4(p) (((p)->ip4h != NULL)) |
| #define | PKT_IS_IPV6(p) (((p)->ip6h != NULL)) |
| #define | PKT_IS_TCP(p) (((p)->tcph != NULL)) |
| #define | PKT_IS_UDP(p) (((p)->udph != NULL)) |
| #define | PKT_IS_ICMPV4(p) (((p)->icmpv4h != NULL)) |
| #define | PKT_IS_ICMPV6(p) (((p)->icmpv6h != NULL)) |
| #define | PKT_IS_TOSERVER(p) (((p)->flowflags & FLOW_PKT_TOSERVER)) |
| #define | PKT_IS_TOCLIENT(p) (((p)->flowflags & FLOW_PKT_TOCLIENT)) |
| #define | IPH_IS_VALID(p) (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p))) |
| #define | IP_GET_IPPROTO(p) |
| #define | PACKET_ALERT_FLAG_DROP_FLOW 0x01 |
| #define | PACKET_ALERT_FLAG_STATE_MATCH 0x02 |
| #define | PACKET_ALERT_FLAG_STREAM_MATCH 0x04 |
| #define | PACKET_ALERT_FLAG_TX 0x08 |
| #define | PACKET_ALERT_RATE_FILTER_MODIFIED 0x10 |
| #define | PACKET_ALERT_MAX 15 |
| #define | PACKET_ENGINE_EVENT_MAX 15 |
| #define | tcpvars l4vars.tcpvars |
| #define | icmpv4vars l4vars.icmpv4vars |
| #define | icmpv6vars l4vars.icmpv6vars |
| #define | DEFAULT_MTU 1500 |
| #define | MINIMUM_MTU 68 |
| #define | DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN) |
| #define | MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28) |
| #define | SIZE_OF_PACKET (default_packet_size + sizeof(Packet)) |
| #define | PACKET_CLEAR_L4VARS(p) |
| #define | PACKET_RESET_CHECKSUMS(p) |
| reset these to -1(indicates that the packet is fresh from the queue) More... | |
| #define | PACKET_FREE_EXTDATA(p) |
| #define | PACKET_INITIALIZE(p) |
| Initialize a packet structure for use. More... | |
| #define | PACKET_RELEASE_REFS(p) |
| #define | PACKET_REINIT(p) |
| Recycle a packet structure for reuse. More... | |
| #define | PACKET_RECYCLE(p) |
| #define | PACKET_DESTRUCTOR(p) |
| Cleanup a packet so that we can free it. No memset needed.. More... | |
| #define | PACKET_SET_ACTION(p, a) |
| #define | PACKET_ALERT(p) PACKET_SET_ACTION(p, ACTION_ALERT) |
| #define | PACKET_ACCEPT(p) PACKET_SET_ACTION(p, ACTION_ACCEPT) |
| #define | PACKET_DROP(p) PACKET_SET_ACTION(p, ACTION_DROP) |
| #define | PACKET_REJECT(p) PACKET_SET_ACTION(p, (ACTION_REJECT|ACTION_DROP)) |
| #define | PACKET_REJECT_DST(p) PACKET_SET_ACTION(p, (ACTION_REJECT_DST|ACTION_DROP)) |
| #define | PACKET_REJECT_BOTH(p) PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH|ACTION_DROP)) |
| #define | PACKET_PASS(p) PACKET_SET_ACTION(p, ACTION_PASS) |
| #define | PACKET_TEST_ACTION(p, a) |
| #define | PACKET_UPDATE_ACTION(p, a) |
| #define | TUNNEL_INCR_PKT_RTV_NOLOCK(p) |
| #define | TUNNEL_INCR_PKT_TPR(p) |
| #define | TUNNEL_PKT_RTV(p) ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt) |
| #define | TUNNEL_PKT_TPR(p) ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt) |
| #define | IS_TUNNEL_PKT(p) (((p)->flags & PKT_TUNNEL)) |
| #define | SET_TUNNEL_PKT(p) ((p)->flags |= PKT_TUNNEL) |
| #define | UNSET_TUNNEL_PKT(p) ((p)->flags &= ~PKT_TUNNEL) |
| #define | IS_TUNNEL_ROOT_PKT(p) (IS_TUNNEL_PKT(p) && (p)->root == NULL) |
| #define | IS_TUNNEL_PKT_VERDICTED(p) (((p)->flags & PKT_TUNNEL_VERDICTED)) |
| #define | SET_TUNNEL_PKT_VERDICTED(p) ((p)->flags |= PKT_TUNNEL_VERDICTED) |
| #define | DecodeSetNoPayloadInspectionFlag(p) |
| Set the No payload inspection Flag for the packet. More... | |
| #define | DecodeUnsetNoPayloadInspectionFlag(p) |
| #define | DecodeSetNoPacketInspectionFlag(p) |
| Set the No packet inspection Flag for the packet. More... | |
| #define | DecodeUnsetNoPacketInspectionFlag(p) |
| #define | ENGINE_SET_EVENT(p, e) |
| #define | ENGINE_SET_INVALID_EVENT(p, e) |
| #define | ENGINE_ISSET_EVENT(p, e) |
| #define | LINKTYPE_NULL DLT_NULL |
| #define | LINKTYPE_ETHERNET DLT_EN10MB |
| #define | LINKTYPE_LINUX_SLL 113 |
| #define | LINKTYPE_PPP 9 |
| #define | LINKTYPE_RAW DLT_RAW |
| #define | LINKTYPE_RAW2 101 |
| #define | LINKTYPE_IPV4 228 |
| #define | LINKTYPE_GRE_OVER_IP 778 |
| #define | PPP_OVER_GRE 11 |
| #define | VLAN_OVER_GRE 13 |
| #define | PKT_NOPACKET_INSPECTION (1) |
| #define | PKT_NOPAYLOAD_INSPECTION (1<<2) |
| #define | PKT_ALLOC (1<<3) |
| #define | PKT_HAS_TAG (1<<4) |
| #define | PKT_STREAM_ADD (1<<5) |
| #define | PKT_STREAM_EST (1<<6) |
| #define | PKT_STREAM_EOF (1<<7) |
| #define | PKT_HAS_FLOW (1<<8) |
| #define | PKT_PSEUDO_STREAM_END (1<<9) |
| #define | PKT_STREAM_MODIFIED (1<<10) |
| #define | PKT_MARK_MODIFIED (1<<11) |
| #define | PKT_STREAM_NOPCAPLOG (1<<12) |
| #define | PKT_TUNNEL (1<<13) |
| #define | PKT_TUNNEL_VERDICTED (1<<14) |
| #define | PKT_IGNORE_CHECKSUM (1<<15) |
| #define | PKT_ZERO_COPY (1<<16) |
| #define | PKT_HOST_SRC_LOOKED_UP (1<<17) |
| #define | PKT_HOST_DST_LOOKED_UP (1<<18) |
| #define | PKT_IS_FRAGMENT (1<<19) |
| #define | PKT_IS_INVALID (1<<20) |
| #define | PKT_PROFILE (1<<21) |
| #define | PKT_WANTS_FLOW (1<<22) |
| #define | PKT_PROTO_DETECT_TS_DONE (1<<23) |
| #define | PKT_PROTO_DETECT_TC_DONE (1<<24) |
| #define | PKT_REBUILT_FRAGMENT (1<<25) |
| #define | PKT_DETECT_HAS_STREAMDATA (1<<26) |
| #define | PKT_PSEUDO_DETECTLOG_FLUSH (1<<27) |
| #define | PKT_STREAM_NO_EVENTS (1<<28) |
| #define | PKT_IS_PSEUDOPKT(p) ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH)) |
| return 1 if the packet is a pseudo packet More... | |
| #define | PKT_SET_SRC(p, src_val) ((p)->pkt_src = src_val) |
Functions | |
| void | AppLayerDecoderEventsResetEvents (AppLayerDecoderEvents *events) |
| void | AppLayerDecoderEventsFreeEvents (AppLayerDecoderEvents **events) |
| void | CaptureStatsUpdate (ThreadVars *tv, CaptureStats *s, const Packet *p) |
| void | CaptureStatsSetup (ThreadVars *tv, CaptureStats *s) |
| Packet * | PacketTunnelPktSetup (ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent, const uint8_t *pkt, uint32_t len, enum DecodeTunnelProto proto, PacketQueue *pq) |
| Setup a pseudo packet (tunnel) More... | |
| Packet * | PacketDefragPktSetup (Packet *parent, const uint8_t *pkt, uint32_t len, uint8_t proto) |
| Setup a pseudo packet (reassembled frags) More... | |
| void | PacketDefragPktSetupParent (Packet *parent) |
| inform defrag "parent" that a pseudo packet is now assosiated to it. More... | |
| void | DecodeRegisterPerfCounters (DecodeThreadVars *, ThreadVars *) |
| Packet * | PacketGetFromQueueOrAlloc (void) |
| Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packet that is free'd again after processing. More... | |
| Packet * | PacketGetFromAlloc (void) |
| Get a malloced packet. More... | |
| void | PacketDecodeFinalize (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p) |
| Finalize decoding of a packet. More... | |
| void | PacketUpdateEngineEventCounters (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p) |
| void | PacketFree (Packet *p) |
| Return a malloced packet. More... | |
| void | PacketFreeOrRelease (Packet *p) |
| Return a packet to where it was allocated. More... | |
| int | PacketCallocExtPkt (Packet *p, int datalen) |
| int | PacketCopyData (Packet *p, const uint8_t *pktdata, uint32_t pktlen) |
| Copy data to Packet payload and set packet length. More... | |
| int | PacketSetData (Packet *p, const uint8_t *pktdata, uint32_t pktlen) |
| Set data for Packet and set length when zeo copy is used. More... | |
| int | PacketCopyDataOffset (Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen) |
| Copy data to Packet payload at given offset. More... | |
| const char * | PktSrcToString (enum PktSrcEnum pkt_src) |
| void | PacketBypassCallback (Packet *p) |
| void | PacketSwap (Packet *p) |
| switch direction of a packet More... | |
| DecodeThreadVars * | DecodeThreadVarsAlloc (ThreadVars *) |
| Alloc and setup DecodeThreadVars. More... | |
| void | DecodeThreadVarsFree (ThreadVars *, DecodeThreadVars *) |
| void | DecodeUpdatePacketCounters (ThreadVars *tv, const DecodeThreadVars *dtv, const Packet *p) |
| int | DecodeEthernet (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| int | DecodeSll (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| int | DecodePPP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| int | DecodePPPOESession (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| Main decoding function for PPPOE Session packets. More... | |
| int | DecodePPPOEDiscovery (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| Main decoding function for PPPOE Discovery packets. More... | |
| int | DecodeTunnel (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *, enum DecodeTunnelProto) __attribute__((warn_unused_result)) |
| int | DecodeNull (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| int | DecodeRaw (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| int | DecodeIPV4 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeIPV6 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeICMPV4 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| Main ICMPv4 decoding function. More... | |
| int | DecodeICMPV6 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| Decode ICMPV6 packets and fill the Packet with the decoded info. More... | |
| int | DecodeTCP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeUDP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeSCTP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t, PacketQueue *) |
| int | DecodeGRE (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| Function to decode GRE packets. More... | |
| int | DecodeVLAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| int | DecodeVXLAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| int | DecodeMPLS (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| int | DecodeERSPAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| Function to decode ERSPAN packets. More... | |
| int | DecodeTEMPLATE (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t, PacketQueue *) |
| Function to decode TEMPLATE packets. More... | |
| void | DecodeIPV6FragHeader (Packet *p, const uint8_t *pkt, uint16_t hdrextlen, uint16_t plen, uint16_t prev_hdrextlen) |
| void | AddressDebugPrint (Address *) |
| Debug print function for printing addresses. More... | |
| void | DecodeGlobalConfig (void) |
| void | DecodeUnregisterCounters (void) |
Variables | |
| int | g_default_mtu |
| uint32_t | default_packet_size |
Definition in file decode.h.
| #define CLEAR_ADDR | ( | a | ) |
| #define CMP_ADDR | ( | a1, | |
| a2 | |||
| ) |
Definition at line 240 of file decode.h.
Referenced by DetectSameipRegister(), FlowGetPacketDirection(), and IPPairCleanup().
| #define CMP_PORT | ( | p1, | |
| p2 | |||
| ) | ((p1) == (p2)) |
Definition at line 245 of file decode.h.
Referenced by FlowGetPacketDirection().
| #define COPY_ADDRESS | ( | a, | |
| b | |||
| ) |
Definition at line 126 of file decode.h.
Referenced by DetectAddressCopy(), DetectAddressJoinIPv6(), HostFree(), IPPairCleanup(), and IPPairFree().
| #define DecodeSetNoPacketInspectionFlag | ( | p | ) |
Set the No packet inspection Flag for the packet.
| p | Packet to set the flag in |
Definition at line 985 of file decode.h.
Referenced by FlowHandlePacketUpdate(), StreamTcpPacket(), and StreamTcpPseudoSetup().
| #define DecodeSetNoPayloadInspectionFlag | ( | p | ) |
Set the No payload inspection Flag for the packet.
| p | Packet to set the flag in |
Definition at line 973 of file decode.h.
Referenced by FlowHandlePacketUpdate(), PacketDefragPktSetupParent(), PacketTunnelPktSetup(), StreamTcpPacket(), and StreamTcpPseudoSetup().
| #define DecodeUnsetNoPacketInspectionFlag | ( | p | ) |
| #define DecodeUnsetNoPayloadInspectionFlag | ( | p | ) |
| #define DEFAULT_MTU 1500 |
Definition at line 612 of file decode.h.
Referenced by PostRunDeinit().
| #define DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN) |
Definition at line 615 of file decode.h.
Referenced by PostRunDeinit(), and RunUnittests().
| #define ENGINE_ISSET_EVENT | ( | p, | |
| e | |||
| ) |
Definition at line 1008 of file decode.h.
Referenced by __attribute__(), DecodeEthernet(), DecodeGRE(), DecodeICMPV6(), DecodeIPV6(), DecodeMPLS(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DetectEngineEventRegister(), and ICMPv4GetCounterpart().
| #define ENGINE_SET_EVENT | ( | p, | |
| e | |||
| ) |
Definition at line 993 of file decode.h.
Referenced by DecodeERSPAN(), DecodeICMPV4(), DecodeICMPV6(), DecodeIPV6(), DecodeIPV6FragHeader(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeVLAN(), DefragRbFragCompare(), and DetectEngineEventRegister().
| #define ENGINE_SET_INVALID_EVENT | ( | p, | |
| e | |||
| ) |
Definition at line 1001 of file decode.h.
Referenced by __attribute__(), DecodeEthernet(), DecodeGRE(), DecodeICMPV4(), DecodeICMPV6(), DecodeIPV4(), DecodeIPV6FragHeader(), DecodeMPLS(), DecodeNull(), DecodePPP(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), and DecodeVLAN().
| #define GET_IPV4_DST_ADDR_PTR | ( | p | ) | ((p)->dst.addr_data32) |
Definition at line 216 of file decode.h.
Referenced by AlertFastLogger(), DecodeIPV4(), DefragGetOsPolicy(), DefragPolicyGetHostTimeout(), JsonFiveTuple(), SRepCIDRGetIPRepDst(), StreamTcpSetOSPolicy(), and TLSGetIPInformations().
| #define GET_IPV4_DST_ADDR_U32 | ( | p | ) | ((p)->dst.addr_data32[0]) |
Definition at line 214 of file decode.h.
Referenced by AFPSetBPFFilter(), DetectGeoipRegister(), and IPOnlyMatchPacket().
| #define GET_IPV4_SRC_ADDR_PTR | ( | p | ) | ((p)->src.addr_data32) |
Definition at line 215 of file decode.h.
Referenced by AlertFastLogger(), DecodeIPV4(), JsonFiveTuple(), SRepCIDRGetIPRepSrc(), and TLSGetIPInformations().
| #define GET_IPV4_SRC_ADDR_U32 | ( | p | ) | ((p)->src.addr_data32[0]) |
Definition at line 213 of file decode.h.
Referenced by AFPSetBPFFilter(), DetectGeoipRegister(), and IPOnlyMatchPacket().
| #define GET_IPV6_DST_ADDR | ( | p | ) | ((p)->dst.addr_data32) |
Definition at line 221 of file decode.h.
Referenced by AFPSetBPFFilter(), AlertFastLogger(), DecodeIPV6(), DefragGetOsPolicy(), DefragPolicyGetHostTimeout(), IPOnlyMatchPacket(), JsonFiveTuple(), SRepCIDRGetIPRepDst(), StreamTcpSetOSPolicy(), and TLSGetIPInformations().
| #define GET_IPV6_DST_IN6ADDR | ( | p | ) | ((p)->dst.addr_in6addr) |
| #define GET_IPV6_SRC_ADDR | ( | p | ) | ((p)->src.addr_data32) |
Definition at line 220 of file decode.h.
Referenced by AFPSetBPFFilter(), AlertFastLogger(), DecodeIPV6(), IPOnlyMatchPacket(), JsonFiveTuple(), SRepCIDRGetIPRepSrc(), and TLSGetIPInformations().
| #define GET_IPV6_SRC_IN6ADDR | ( | p | ) | ((p)->src.addr_in6addr) |
| #define GET_PKT_DATA | ( | p | ) | ((((p)->ext_pkt) == NULL ) ? (uint8_t *)((p) + 1) : (p)->ext_pkt) |
Definition at line 226 of file decode.h.
Referenced by AlertFastLogger(), DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeIPFW(), DecodeIPV4(), DecodeIPV6(), DecodeIPV6FragHeader(), DecodeNFQ(), DecodeNull(), DecodePcap(), DecodePfring(), DecodeRaw(), DefragRbFragCompare(), DefragTrackerFreeFrags(), DetectCsumRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectLuaRegister(), DetectReplaceFreeInternal(), DetectTcphdrRegister(), DetectUdphdrRegister(), IPFWSetVerdict(), JsonPacket(), NapatechDecode(), NFQSetVerdict(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), PacketTunnelPktSetup(), PcapFileGlobalInit(), ReceiveErfFileLoop(), ReceiveIPFWLoop(), StreamTcpPseudoSetup(), TmModuleDecodeAFPRegister(), TmModuleDecodeNetmapRegister(), and UTHBuildPacketReal().
| #define GET_PKT_DIRECT_DATA | ( | p | ) | (uint8_t *)((p) + 1) |
Definition at line 227 of file decode.h.
Referenced by NoWinDivertSupportExit(), PacketCopyDataOffset(), and ReceivePfringLoop().
| #define GET_PKT_DIRECT_MAX_SIZE | ( | p | ) | (default_packet_size) |
Definition at line 228 of file decode.h.
Referenced by NoWinDivertSupportExit(), PacketCopyDataOffset(), ReceivePfringLoop(), and StreamTcpPseudoSetup().
| #define GET_PKT_LEN | ( | p | ) | ((p)->pktlen) |
Definition at line 225 of file decode.h.
Referenced by AlertFastLogger(), DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeIPFW(), DecodeIPV4(), DecodeIPV6(), DecodeNFQ(), DecodeNull(), DecodePcap(), DecodePfring(), DecodeRaw(), DecodeUpdatePacketCounters(), DefragRbFragCompare(), DetectCsumRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectLuaRegister(), DetectReplaceFreeInternal(), DetectTcphdrRegister(), DetectUdphdrRegister(), FlowHandlePacketUpdate(), IPFWSetVerdict(), JsonPacket(), NapatechDecode(), NFQSetVerdict(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), PacketTunnelPktSetup(), PcapFileGlobalInit(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), ReceiveIPFWLoop(), TagHashAddTag(), TmModuleDecodeAFPRegister(), and TmModuleDecodeNetmapRegister().
| #define GET_TCP_DST_PORT | ( | p | ) | ((p)->dp) |
Definition at line 223 of file decode.h.
Referenced by AFPSetBPFFilter(), and DecodeTCP().
| #define GET_TCP_SRC_PORT | ( | p | ) | ((p)->sp) |
Definition at line 222 of file decode.h.
Referenced by AFPSetBPFFilter(), and DecodeTCP().
| #define IP_GET_IPPROTO | ( | p | ) |
Definition at line 264 of file decode.h.
Referenced by AlertFastLogger(), IPOnlyMatchPacket(), JsonFiveTuple(), and SigMatchSignaturesGetSgh().
| #define IP_GET_RAW_VER | ( | pkt | ) | ((((pkt)[0] & 0xf0) >> 4)) |
Definition at line 250 of file decode.h.
Referenced by DecodeIPV6FragHeader(), DecodeRaw(), and DecodeTeredo().
| #define IPH_IS_VALID | ( | p | ) | (PKT_IS_IPV4((p)) || PKT_IS_IPV6((p))) |
| #define IS_TUNNEL_PKT | ( | p | ) | (((p)->flags & PKT_TUNNEL)) |
Definition at line 882 of file decode.h.
Referenced by AFPSetBPFFilter(), AlertJsonHeader(), DetectMarkDataFree(), NoWinDivertSupportExit(), SCProfilingAddPacket(), TmModuleDecodePfringRegister(), TmqhOutputPacketpool(), VerdictIPFW(), and VerdictNFQ().
| #define IS_TUNNEL_PKT_VERDICTED | ( | p | ) | (((p)->flags & PKT_TUNNEL_VERDICTED)) |
Definition at line 887 of file decode.h.
Referenced by TmqhOutputPacketpool().
| #define IS_TUNNEL_ROOT_PKT | ( | p | ) | (IS_TUNNEL_PKT(p) && (p)->root == NULL) |
Definition at line 885 of file decode.h.
Referenced by TmqhOutputPacketpool().
| #define LINKTYPE_ETHERNET DLT_EN10MB |
Definition at line 1074 of file decode.h.
Referenced by DecodeAFP(), DecodeErfDag(), DecodePcap(), NapatechDecode(), NapatechPacketLoopZC(), ReceiveAFPLoop(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), RunModeIdsAFPRegister(), TmModuleDecodeNetmapRegister(), TmModuleDecodePfringRegister(), and ValidateLinkType().
| #define LINKTYPE_GRE_OVER_IP 778 |
Definition at line 1082 of file decode.h.
Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().
| #define LINKTYPE_IPV4 228 |
Definition at line 1081 of file decode.h.
Referenced by ValidateLinkType().
| #define LINKTYPE_LINUX_SLL 113 |
Definition at line 1075 of file decode.h.
Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().
| #define LINKTYPE_NULL DLT_NULL |
libpcap shows us the way to linktype codes
Definition at line 1073 of file decode.h.
Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().
| #define LINKTYPE_PPP 9 |
Definition at line 1076 of file decode.h.
Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().
| #define LINKTYPE_RAW DLT_RAW |
Definition at line 1077 of file decode.h.
Referenced by AFPGetLinkType(), DecodeAFP(), DecodePcap(), ReceiveAFPLoop(), and ValidateLinkType().
| #define LINKTYPE_RAW2 101 |
Definition at line 1080 of file decode.h.
Referenced by ValidateLinkType().
| #define MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28) |
Definition at line 617 of file decode.h.
Referenced by DefragTrackerFreeFrags(), NoWinDivertSupportExit(), and PacketCopyDataOffset().
| #define PACKET_ACCEPT | ( | p | ) | PACKET_SET_ACTION(p, ACTION_ACCEPT) |
| #define PACKET_ALERT | ( | p | ) | PACKET_SET_ACTION(p, ACTION_ALERT) |
Definition at line 844 of file decode.h.
Referenced by ThresholdIPPairTimeoutCheck().
| #define PACKET_ALERT_FLAG_DROP_FLOW 0x01 |
After processing an alert by the thresholding module, if at last it gets triggered, we might want to stick the drop action to the flow on IPS mode
Definition at line 281 of file decode.h.
Referenced by DetectBufferTypeGetByIdTransforms(), IPOnlyMatchPacket(), and PacketAlertFinalize().
| #define PACKET_ALERT_FLAG_STATE_MATCH 0x02 |
alert was generated based on state
Definition at line 283 of file decode.h.
Referenced by AlertJsonHeader(), and DetectSignatureApplyActions().
| #define PACKET_ALERT_FLAG_STREAM_MATCH 0x04 |
alert was generated based on stream
Definition at line 285 of file decode.h.
Referenced by AlertJsonHeader(), DetectBufferTypeGetByIdTransforms(), and DetectSignatureApplyActions().
| #define PACKET_ALERT_FLAG_TX 0x08 |
alert is in a tx, tx_id set
Definition at line 287 of file decode.h.
Referenced by AlertJsonHeader().
| #define PACKET_ALERT_MAX 15 |
Definition at line 291 of file decode.h.
Referenced by PacketAlertAppend().
| #define PACKET_ALERT_RATE_FILTER_MODIFIED 0x10 |
action was changed by rate_filter
Definition at line 289 of file decode.h.
Referenced by AlertJsonHeader(), and ThresholdIPPairTimeoutCheck().
| #define PACKET_CLEAR_L4VARS | ( | p | ) |
| #define PACKET_DESTRUCTOR | ( | p | ) |
Cleanup a packet so that we can free it. No memset needed..
Definition at line 823 of file decode.h.
Referenced by PacketFree().
| #define PACKET_DROP | ( | p | ) | PACKET_SET_ACTION(p, ACTION_DROP) |
Definition at line 848 of file decode.h.
Referenced by SigMatchSignaturesGetSgh(), StreamTcpPacket(), and ThresholdIPPairTimeoutCheck().
| #define PACKET_ENGINE_EVENT_MAX 15 |
| #define PACKET_FREE_EXTDATA | ( | p | ) |
| #define PACKET_INITIALIZE | ( | p | ) |
Initialize a packet structure for use.
Definition at line 732 of file decode.h.
Referenced by PacketGetFromAlloc().
| #define PACKET_PASS | ( | p | ) | PACKET_SET_ACTION(p, ACTION_PASS) |
Definition at line 856 of file decode.h.
Referenced by ThresholdIPPairTimeoutCheck().
| #define PACKET_RECYCLE | ( | p | ) |
Definition at line 815 of file decode.h.
Referenced by __attribute__(), DecodeICMPV6(), DecodeIPV4(), DecodeIPV6(), DecodeRaw(), DecodeTCP(), DetectFragBitsRegister(), DetectPortHashFree(), DetectReplaceFreeInternal(), DetectSetupParseRegexes(), SigParseApplyDsizeToContent(), and Unified2AlertInitCtx().
| #define PACKET_REINIT | ( | p | ) |
Recycle a packet structure for reuse.
Definition at line 747 of file decode.h.
Referenced by PacketPoolGetPacket().
| #define PACKET_REJECT | ( | p | ) | PACKET_SET_ACTION(p, (ACTION_REJECT|ACTION_DROP)) |
Definition at line 850 of file decode.h.
Referenced by ThresholdIPPairTimeoutCheck().
| #define PACKET_REJECT_BOTH | ( | p | ) | PACKET_SET_ACTION(p, (ACTION_REJECT_BOTH|ACTION_DROP)) |
| #define PACKET_REJECT_DST | ( | p | ) | PACKET_SET_ACTION(p, (ACTION_REJECT_DST|ACTION_DROP)) |
| #define PACKET_RELEASE_REFS | ( | p | ) |
Definition at line 738 of file decode.h.
Referenced by PacketPoolReturnPacket(), and TmqhOutputPacketpool().
| #define PACKET_RESET_CHECKSUMS | ( | p | ) |
| #define PACKET_SET_ACTION | ( | p, | |
| a | |||
| ) |
| #define PACKET_TEST_ACTION | ( | p, | |
| a | |||
| ) |
Definition at line 858 of file decode.h.
Referenced by AlertJsonHeader(), CaptureStatsUpdate(), DetectDetectionFilterRegister(), DetectIPRepFree(), DetectSignatureApplyActions(), DetectThresholdRegister(), IPFWSetVerdict(), NoWinDivertSupportExit(), PacketAlertFinalize(), ReceiveNFQThreadExitStats(), RejectSendIPv4ICMP(), RejectSendIPv4TCP(), RejectSendIPv6ICMP(), RejectSendIPv6TCP(), RespondRejectFunc(), SCThresholdConfParseFile(), TmModuleDecodeAFPRegister(), and TmModuleDecodeNetmapRegister().
| #define PACKET_UPDATE_ACTION | ( | p, | |
| a | |||
| ) |
Definition at line 863 of file decode.h.
Referenced by DetectSignatureApplyActions().
| #define PKT_ALLOC (1<<3) |
Packet was alloc'd this run, needs to be freed
Definition at line 1089 of file decode.h.
Referenced by PacketFreeOrRelease(), PacketGetFromAlloc(), PacketPoolWaitForN(), TmqhOutputPacketpool(), and TmqhOutputSimple().
| #define PKT_DETECT_HAS_STREAMDATA (1<<26) |
Set by Detect() if raw stream data is available.
Definition at line 1124 of file decode.h.
Referenced by DetectBufferTypeGetByIdTransforms(), PacketCreateMask(), Prefilter(), and SigMatchSignaturesGetSgh().
| #define PKT_HAS_FLOW (1<<8) |
Definition at line 1094 of file decode.h.
Referenced by DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHostbitFree(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectProtoContainsProto(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), FlowHandlePacket(), HtpConfigRestoreBackup(), IPOnlyAddSignature(), PacketCreateMask(), RegisterModbusParsers(), SCSigSignatureOrderingModuleCleanup(), SigMatchSignaturesGetSgh(), SMTPParserCleanup(), StreamTcpPseudoSetup(), and UTHAssignFlow().
| #define PKT_HAS_TAG (1<<4) |
Packet has matched a tag
Definition at line 1090 of file decode.h.
Referenced by AlertJsonHeader(), TagHashAddTag(), TagTimeoutCheck(), and Unified2Condition().
| #define PKT_HOST_DST_LOOKED_UP (1<<18) |
Definition at line 1107 of file decode.h.
Referenced by DetectIPRepRegister().
| #define PKT_HOST_SRC_LOOKED_UP (1<<17) |
Definition at line 1106 of file decode.h.
Referenced by DetectIPRepRegister().
| #define PKT_IGNORE_CHECKSUM (1<<15) |
Packet checksum is not computed (TX packet for example)
Definition at line 1103 of file decode.h.
Referenced by CleanupPcapFileFileVars(), DetectCsumRegister(), StreamTcp(), StreamTcpPacket(), StreamTcpPseudoSetup(), TmModuleDecodeAFPRegister(), TmModuleDecodePcapRegister(), and TmModuleDecodePfringRegister().
| #define PKT_IS_FRAGMENT (1<<19) |
Packet is a fragment
Definition at line 1109 of file decode.h.
Referenced by DecodeIPV4(), DecodeIPV6FragHeader(), IPOnlyMatchPacket(), and SigMatchSignaturesGetSgh().
| #define PKT_IS_ICMPV4 | ( | p | ) | (((p)->icmpv4h != NULL)) |
Definition at line 256 of file decode.h.
Referenced by DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectICodeFree(), DetectITypeFree(), FlowGetPacketDirection(), FlowSetupPacket(), and SigMatchSignaturesGetSgh().
| #define PKT_IS_ICMPV6 | ( | p | ) | (((p)->icmpv6h != NULL)) |
Definition at line 257 of file decode.h.
Referenced by DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectICodeFree(), and DetectITypeFree().
| #define PKT_IS_INVALID (1<<20) |
Definition at line 1110 of file decode.h.
Referenced by DecodeIPV4(), PacketDecodeFinalize(), and PacketTunnelPktSetup().
| #define PKT_IS_IPV4 | ( | p | ) | (((p)->ip4h != NULL)) |
Definition at line 252 of file decode.h.
Referenced by AFPSetBPFFilter(), AlertFastLogger(), AlertJsonHeader(), Defrag(), DefragGetOsPolicy(), DefragPolicyGetHostTimeout(), DetectFragBitsRegister(), DetectFragOffsetFree(), DetectFragOffsetRegister(), DetectGeoipRegister(), DetectIdFree(), DetectIdRegister(), DetectTemplate2Free(), DetectTemplate2Register(), DetectTemplateRegister(), DetectTosRegister(), DetectTtlFree(), DetectTtlRegister(), FlowHandlePacketUpdate(), FlowInit(), IPOnlyMatchPacket(), JsonFiveTuple(), LogHttpLogger(), PacketAlertGetTag(), ReCalculateChecksum(), RespondRejectFunc(), SCProfilingAddPacket(), SCProfilingPrintPacketProfile(), SigMatchSignaturesGetSgh(), SRepCIDRGetIPRepDst(), SRepCIDRGetIPRepSrc(), StreamTcpPacket(), StreamTcpSetOSPolicy(), TLSGetIPInformations(), and Unified2Logger().
| #define PKT_IS_IPV6 | ( | p | ) | (((p)->ip6h != NULL)) |
Definition at line 253 of file decode.h.
Referenced by AFPSetBPFFilter(), AlertFastLogger(), AlertJsonHeader(), Defrag(), DefragGetOsPolicy(), DefragPolicyGetHostTimeout(), DetectFragOffsetFree(), DetectFragOffsetRegister(), DetectTemplate2Free(), DetectTemplate2Register(), DetectTemplateRegister(), DetectTtlFree(), DetectTtlRegister(), FlowHandlePacketUpdate(), FlowInit(), IPOnlyMatchPacket(), JsonFiveTuple(), LogHttpLogger(), PacketAlertGetTag(), ReCalculateChecksum(), RespondRejectFunc(), SCProfilingAddPacket(), SigMatchSignaturesGetSgh(), SRepCIDRGetIPRepDst(), SRepCIDRGetIPRepSrc(), StreamTcpPacket(), StreamTcpSetOSPolicy(), and Unified2Logger().
| #define PKT_IS_PSEUDOPKT | ( | p | ) | ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH)) |
return 1 if the packet is a pseudo packet
Definition at line 1133 of file decode.h.
Referenced by DecodeNFQ(), DetectAckRegister(), DetectCsumRegister(), DetectDsizeRegister(), DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFragBitsRegister(), DetectFragOffsetFree(), DetectFragOffsetRegister(), DetectGeoipRegister(), DetectIcmpIdRegister(), DetectIcmpSeqRegister(), DetectICodeFree(), DetectIdFree(), DetectIdRegister(), DetectITypeFree(), DetectSeqRegister(), DetectTcpmssFree(), DetectTcpmssRegister(), DetectTemplate2Free(), DetectTemplate2Register(), DetectTemplateRegister(), DetectTosRegister(), DetectTtlFree(), DetectTtlRegister(), DetectWindowRegister(), NFQSetVerdict(), NoWinDivertSupportExit(), PacketCreateMask(), StreamTcpFreeConfig(), TmModuleDecodeAFPRegister(), and TmModuleDecodeNetmapRegister().
| #define PKT_IS_TCP | ( | p | ) | (((p)->tcph != NULL)) |
Definition at line 254 of file decode.h.
Referenced by AFPSetBPFFilter(), DetectAckRegister(), DetectFlagsRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectRpcRegister(), DetectSeqRegister(), DetectStreamSizeRegister(), DetectTcpmssFree(), DetectTcpmssRegister(), DetectWindowRegister(), LogHttpLogger(), PacketCreateMask(), ReCalculateChecksum(), RespondRejectFunc(), StreamTcp(), and TmModuleDecodePfringRegister().
| #define PKT_IS_TOCLIENT | ( | p | ) | (((p)->flowflags & FLOW_PKT_TOCLIENT)) |
Definition at line 259 of file decode.h.
Referenced by JsonFiveTuple(), StreamTcpFreeConfig(), StreamTcpPacket(), and StreamTcpThreadDeinit().
| #define PKT_IS_TOSERVER | ( | p | ) | (((p)->flowflags & FLOW_PKT_TOSERVER)) |
Definition at line 258 of file decode.h.
Referenced by JsonFiveTuple(), PacketSwap(), StreamReassembleRaw(), StreamReassembleRawHasDataReady(), StreamReassembleRawUpdateProgress(), StreamTcpDetectLogFlush(), StreamTcpFreeConfig(), StreamTcpPacket(), StreamTcpReassembleHandleSegmentHandleData(), StreamTcpThreadDeinit(), and TLSGetIPInformations().
| #define PKT_IS_UDP | ( | p | ) | (((p)->udph != NULL)) |
Definition at line 255 of file decode.h.
Referenced by AFPSetBPFFilter(), DetectRpcRegister(), ReCalculateChecksum(), and TmModuleDecodePfringRegister().
| #define PKT_MARK_MODIFIED (1<<11) |
Packet mark is modified
Definition at line 1097 of file decode.h.
Referenced by DetectMarkDataFree(), NFQInitConfig(), and NFQSetVerdict().
| #define PKT_NOPACKET_INSPECTION (1) |
Flag to indicate that packet header or contents should not be inspected
Definition at line 1087 of file decode.h.
Referenced by DetectSignatureApplyActions().
| #define PKT_NOPAYLOAD_INSPECTION (1<<2) |
Flag to indicate that packet contents should not be inspected
Definition at line 1088 of file decode.h.
Referenced by PacketCreateMask(), and Prefilter().
| #define PKT_PROFILE (1<<21) |
Definition at line 1111 of file decode.h.
Referenced by SCProfileRuleStart().
| #define PKT_PROTO_DETECT_TC_DONE (1<<24) |
Definition at line 1119 of file decode.h.
Referenced by AppLayerIncTxCounter(), and FlowHandlePacketUpdate().
| #define PKT_PROTO_DETECT_TS_DONE (1<<23) |
protocol detection done
Definition at line 1118 of file decode.h.
Referenced by AppLayerIncTxCounter(), and FlowHandlePacketUpdate().
| #define PKT_PSEUDO_DETECTLOG_FLUSH (1<<27) |
Detect/log flush for protocol upgrade
Definition at line 1126 of file decode.h.
Referenced by StreamTcpPseudoSetup().
| #define PKT_PSEUDO_STREAM_END (1<<9) |
Pseudo packet to end the stream
Definition at line 1095 of file decode.h.
Referenced by DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeIPFW(), DecodePcap(), DecodePfring(), DetectEngineInspectPktBufferGeneric(), NapatechDecode(), OutputRegisterFiledataLogger(), OutputRegisterFileLogger(), PacketAlertFinalize(), PcapFileGlobalInit(), StreamNeedsReassembly(), StreamReassembleRaw(), StreamTcp(), StreamTcpPacket(), StreamTcpReassembleAppLayer(), StreamTcpReassembleHandleSegment(), StreamTcpReassembleHandleSegmentHandleData(), TmModuleDecodeNetmapRegister(), and VerdictIPFW().
| #define PKT_REBUILT_FRAGMENT (1<<25) |
Packet is rebuilt from fragments.
Definition at line 1121 of file decode.h.
Referenced by DefragTrackerFreeFrags(), DetectFlowFree(), DetectFlowRegister(), and DetectMarkDataFree().
| #define PKT_SET_SRC | ( | p, | |
| src_val | |||
| ) | ((p)->pkt_src = src_val) |
Definition at line 1136 of file decode.h.
Referenced by CleanupPcapFileFileVars(), DecodeGRE(), DecodeIPV4(), DecodeTeredo(), DecodeVXLAN(), DefragTrackerFreeFrags(), DetectEngineInspectPktBufferGeneric(), FlowForceReassemblyForFlow(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), ReceiveIPFWLoop(), ReceivePfringLoop(), StreamTcpPseudoSetup(), TmModuleDecodeAFPRegister(), TmModuleDecodeNetmapRegister(), and TmModuleDecodePcapRegister().
| #define PKT_STREAM_ADD (1<<5) |
Packet payload was added to reassembled stream
Definition at line 1091 of file decode.h.
Referenced by DetectBufferTypeGetByIdTransforms(), DetectEngineInspectStream(), SigMatchSignaturesGetSgh(), StreamReassembleRawHasDataReady(), StreamReassembleRawUpdateProgress(), and StreamTcpReassembleHandleSegment().
| #define PKT_STREAM_EOF (1<<7) |
Stream is in eof state
Definition at line 1093 of file decode.h.
Referenced by SigMatchSignaturesGetSgh().
| #define PKT_STREAM_EST (1<<6) |
Packet is part of establised stream
Definition at line 1092 of file decode.h.
Referenced by DetectBypassRegister(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsQueryRegister(), DetectEngineInspectENIP(), DetectEngineInspectModbus(), DetectEngineStateResetTxs(), DetectFtpbounceRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectLuaRegister(), DetectPcrePayloadMatch(), DetectSshSoftwareVersionRegister(), DetectSshVersionRegister(), DetectTemplateRustBufferRegister(), DetectUricontentRegister(), DetectUrilenValidateContent(), HtpConfigRestoreBackup(), RegisterModbusParsers(), SCSigSignatureOrderingModuleCleanup(), SigMatchSignaturesGetSgh(), SMTPParserCleanup(), StreamTcpPacket(), and StreamTcpPseudoSetup().
| #define PKT_STREAM_MODIFIED (1<<10) |
Packet is modified by the stream engine, we need to recalc the csum and reinject/replace
Definition at line 1096 of file decode.h.
Referenced by CaptureStatsUpdate(), DetectReplaceExecuteInternal(), NFQInitConfig(), NFQSetVerdict(), ReceiveNFQThreadExitStats(), StreamTcpInlineSegmentReplacePacket(), and StreamTcpPacket().
| #define PKT_STREAM_NO_EVENTS (1<<28) |
Packet is part of stream in known bad condition (loss, wrong thread), so flag it for not setting stream events
Definition at line 1130 of file decode.h.
Referenced by StreamTcpPacket().
| #define PKT_STREAM_NOPCAPLOG (1<<12) |
Exclude packet from pcap logging as it's part of a stream that has reassembly depth reached.
Definition at line 1098 of file decode.h.
Referenced by StreamTcpPacket().
| #define PKT_WANTS_FLOW (1<<22) |
indication by decoder that it feels the packet should be handled by flow engine: Packet::flow_hash will be set
Definition at line 1115 of file decode.h.
Referenced by DecodeIPV4(), FlowSetupPacket(), and TmqhOutputFlowHash().
| #define PKT_ZERO_COPY (1<<16) |
Packet comes from zero copy (ext_pkt must not be freed)
Definition at line 1104 of file decode.h.
Referenced by PacketSetData().
| #define SET_IPV4_DST_ADDR | ( | p, | |
| a | |||
| ) |
| #define SET_IPV4_SRC_ADDR | ( | p, | |
| a | |||
| ) |
| #define SET_IPV6_DST_ADDR | ( | p, | |
| a | |||
| ) |
Definition at line 174 of file decode.h.
Referenced by DecodeIPV6FragHeader().
| #define SET_IPV6_SRC_ADDR | ( | p, | |
| a | |||
| ) |
Definition at line 166 of file decode.h.
Referenced by DecodeIPV6FragHeader().
| #define SET_PKT_LEN | ( | p, | |
| len | |||
| ) |
Definition at line 230 of file decode.h.
Referenced by DefragTrackerFreeFrags(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), PacketCallocExtPkt(), PacketCopyData(), PacketCopyDataOffset(), PacketSetData(), ReceiveErfDagLoop(), StreamTcpPseudoSetup(), TmModuleDecodeAFPRegister(), TmModuleDecodePfringRegister(), Unified2AlertInitCtx(), UTHBuildPacketIPV6Real(), and UTHBuildPacketReal().
| #define SET_SCTP_DST_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 207 of file decode.h.
Referenced by FlowInit().
| #define SET_SCTP_SRC_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 203 of file decode.h.
Referenced by FlowInit().
| #define SET_TCP_DST_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 188 of file decode.h.
Referenced by FlowInit().
| #define SET_TCP_SRC_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 184 of file decode.h.
Referenced by FlowInit().
| #define SET_TUNNEL_PKT | ( | p | ) | ((p)->flags |= PKT_TUNNEL) |
Definition at line 883 of file decode.h.
Referenced by PacketDefragPktSetup(), PacketDefragPktSetupParent(), PacketTunnelPktSetup(), and StreamTcpPseudoSetup().
| #define SET_TUNNEL_PKT_VERDICTED | ( | p | ) | ((p)->flags |= PKT_TUNNEL_VERDICTED) |
Definition at line 888 of file decode.h.
Referenced by TmqhOutputPacketpool().
| #define SET_UDP_DST_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 197 of file decode.h.
Referenced by FlowInit().
| #define SET_UDP_SRC_PORT | ( | pkt, | |
| prt | |||
| ) |
Definition at line 194 of file decode.h.
Referenced by FlowInit().
| #define SIZE_OF_PACKET (default_packet_size + sizeof(Packet)) |
Definition at line 619 of file decode.h.
Referenced by DecodeEthernet(), DecodeICMPV6(), DecodeIPV4(), DecodeMPLS(), DecodeVXLAN(), DetectEngineEventRegister(), DetectFlagsSignatureNeedsSynOnlyPackets(), DetectFragBitsRegister(), DetectFragOffsetFree(), DetectFtpbounceRegister(), DetectHostbitFree(), DetectIpOptsFree(), DetectIPProtoRemoveAllSMs(), DetectSetupParseRegexes(), DetectXbitFree(), ICMPv4GetCounterpart(), PacketGetFromAlloc(), PacketPoolInit(), and SigParseApplyDsizeToContent().
| #define TUNNEL_INCR_PKT_RTV_NOLOCK | ( | p | ) |
Definition at line 869 of file decode.h.
Referenced by TmqhOutputPacketpool().
| #define TUNNEL_INCR_PKT_TPR | ( | p | ) |
Definition at line 873 of file decode.h.
Referenced by PacketDefragPktSetupParent(), PacketTunnelPktSetup(), and StreamTcpPseudoSetup().
| #define TUNNEL_PKT_RTV | ( | p | ) | ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt) |
Definition at line 879 of file decode.h.
Referenced by TmqhOutputPacketpool().
| #define TUNNEL_PKT_TPR | ( | p | ) | ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt) |
Definition at line 880 of file decode.h.
Referenced by TmqhOutputPacketpool().
| #define UNSET_TUNNEL_PKT | ( | p | ) | ((p)->flags &= ~PKT_TUNNEL) |
Definition at line 884 of file decode.h.
Referenced by DefragRbFragCompare(), and PacketTunnelPktSetup().
| typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents |
| typedef struct AppLayerThreadCtx_ AppLayerThreadCtx |
| typedef struct CaptureStats_ CaptureStats |
| typedef int(* DecoderFunc) (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len, PacketQueue *pq) |
| typedef struct DecodeThreadVars_ DecodeThreadVars |
Structure to hold thread specific data for all decode modules.
| typedef struct PacketAlert_ PacketAlert |
| typedef struct PacketAlerts_ PacketAlerts |
| typedef struct PacketEngineEvents_ PacketEngineEvents |
data structure to store decoder, defrag and stream events
| typedef struct PacketQueue_ PacketQueue |
| typedef struct PktProfiling_ PktProfiling |
Per pkt stats storage.
| typedef struct PktProfilingAppData_ PktProfilingAppData |
| typedef struct PktProfilingData_ PktProfilingData |
| typedef struct PktProfilingDetectData_ PktProfilingDetectData |
| typedef struct PktProfilingLoggerData_ PktProfilingLoggerData |
| typedef struct PktProfilingPrefilterData_ PktProfilingPrefilterData |
| typedef struct PktProfilingPrefilterEngine_ PktProfilingPrefilterEngine |
| typedef struct PktProfilingTmmData_ PktProfilingTmmData |
Per TMM stats storage.
| enum DecodeTunnelProto |
| enum PktSrcEnum |
| void AppLayerDecoderEventsFreeEvents | ( | AppLayerDecoderEvents ** | events | ) |
Definition at line 148 of file app-layer-events.c.
References SCFree.
Referenced by AppLayerParserStateFree(), DetectEngineThreadCtxInit(), main(), SMTPStateAlloc(), and SSLVersionToString().
| void AppLayerDecoderEventsResetEvents | ( | AppLayerDecoderEvents * | events | ) |
Definition at line 141 of file app-layer-events.c.
References AppLayerDecoderEvents_::cnt.
| int DecodeERSPAN | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | , | ||
| PacketQueue * | |||
| ) |
Function to decode ERSPAN packets.
Definition at line 46 of file decode-erspan.c.
References DecodeThreadVars_::counter_erspan, DecodeEthernet(), ENGINE_SET_EVENT, ERSPAN_HEADER_TOO_SMALL, ERSPAN_TOO_MANY_VLAN_LAYERS, ERSPAN_UNSUPPORTED_VERSION, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, version, Packet_::vlan_id, and Packet_::vlan_idx.
Referenced by DecodeTunnel(), and GetProgramVersion().
| int DecodeEthernet | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 41 of file decode-ethernet.c.
References DecodeThreadVars_::counter_eth, DCE_PKT_TOO_SMALL, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), ENGINE_ISSET_EVENT, ENGINE_SET_INVALID_EVENT, ETHERNET_DCE_HEADER_LEN, ETHERNET_HEADER_LEN, ETHERNET_PKT_TOO_SMALL, ETHERNET_TYPE_8021QINQ, ETHERNET_TYPE_DCE, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_MPLS_MULTICAST, ETHERNET_TYPE_MPLS_UNICAST, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, Packet_::ethh, FAIL_IF_NOT, FAIL_IF_NULL, PASS, SCFree, SCLogDebug, SCMalloc, SCNtohs, SIZE_OF_PACKET, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeAFP(), DecodeErfDag(), DecodeErfFile(), DecodeERSPAN(), DecodeEthernet(), DecodeIPV4(), DecodeMPLS(), DecodePcap(), DecodePfring(), DecodeTunnel(), DetectFragBitsRegister(), DetectIPProtoRemoveAllSMs(), DetectReplaceFreeInternal(), DetectSetupParseRegexes(), GetProgramVersion(), NapatechDecode(), TmModuleDecodeNetmapRegister(), Unified2AlertInitCtx(), UTHBuildPacketArrayFromEth(), UTHBuildPacketFromEth(), and ValidateLinkType().
| int DecodeGRE | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | , | ||
| PacketQueue * | |||
| ) |
Function to decode GRE packets.
Definition at line 46 of file decode-gre.c.
References DecodeThreadVars_::counter_gre, DECODE_TUNNEL_ERSPAN, DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_PPP, DECODE_TUNNEL_VLAN, DecodeGRE(), ENGINE_ISSET_EVENT, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_BRIDGE, ETHERNET_TYPE_ERSPAN, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, GRE_CHKSUM_LEN, GRE_FLAG_ISSET_CHKSUM, GRE_FLAG_ISSET_KY, GRE_FLAG_ISSET_RECUR, GRE_FLAG_ISSET_ROUTE, GRE_FLAG_ISSET_SQ, GRE_FLAG_ISSET_SSR, GRE_GET_PROTO, GRE_GET_VERSION, GRE_HDR_LEN, GRE_KEY_LEN, GRE_OFFSET_LEN, GRE_PKT_TOO_SMALL, GRE_PROTO_PPP, GRE_SEQ_LEN, GRE_SRE_HDR_LEN, GRE_VERSION0_FLAGS, GRE_VERSION0_HDR_TOO_BIG, GRE_VERSION0_MALFORMED_SRE_HDR, GRE_VERSION0_RECUR, GRE_VERSION1_CHKSUM, GRE_VERSION1_FLAGS, GRE_VERSION1_HDR_TOO_BIG, GRE_VERSION1_NO_KEY, GRE_VERSION1_RECUR, GRE_VERSION1_ROUTE, GRE_VERSION1_SSR, GRE_VERSION1_WRONG_PROTOCOL, GRE_VERSION_0, GRE_VERSION_1, GRE_WRONG_VERSION, Packet_::greh, GREV1_ACK_LEN, GREV1_FLAG_ISSET_ACK, GREV1_FLAG_ISSET_FLAGS, PacketEnqueue(), PacketGetFromAlloc(), PacketTunnelPktSetup(), PKT_SET_SRC, PKT_SRC_DECODER_GRE, SCFree, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeGRE(), DecodeIPV4(), and DecodeIPV6().
| int DecodeICMPV4 | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len, | ||
| PacketQueue * | pq | ||
| ) |
Main ICMPv4 decoding function.
DecodeICMPV4
Definition at line 155 of file decode-icmpv4.c.
References DecodeThreadVars_::counter_icmpv4, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FlowSetupPacket(), Packet_::icmp_d, Packet_::icmp_s, ICMPV4_HEADER_LEN, ICMPV4_HEADER_PKT_OFFSET, ICMPV4_PKT_TOO_SMALL, ICMPV4_UNKNOWN_CODE, ICMPV4_UNKNOWN_TYPE, ICMPv4GetCounterpart(), Packet_::icmpv4h, Packet_::icmpv4vars, ICMPV4ExtHdr_::id, ICMPV4Vars_::id, Packet_::payload, Packet_::payload_len, Packet_::proto, SCLogDebug, ICMPV4ExtHdr_::seq, ICMPV4Vars_::seq, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeIPV4(), DetectIcmpIdFree(), and ICMPv4GetCounterpart().
| int DecodeICMPV6 | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len, | ||
| PacketQueue * | pq | ||
| ) |
Decode ICMPV6 packets and fill the Packet with the decoded info.
| tv | Pointer to the thread variables |
| dtv | Pointer to the decode thread variables |
| p | Pointer to the packet we are filling |
| pkt | Pointer to the raw packet buffer |
| len | the len of the rest of the packet not processed yet |
| pq | the packet queue were this packet go |
| void | No return value |
Definition at line 189 of file decode-icmpv6.c.
References CERT_PATH_ADVERT, CERT_PATH_SOLICIT, ICMPV6Hdr_::code, DecodeThreadVars_::counter_icmpv6, DecodeIPV6(), DUPL_ADDR_CONFIRM, DUPL_ADDR_REQUEST, ICMPV6Vars_::emb_ip6_dst, ICMPV6Vars_::emb_ip6_src, ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ICMPV6Vars_::error_ptr, FAIL, FAIL_IF, FAIL_IF_NULL, FLOW_QUIET, FlowInitConfig(), FlowSetupPacket(), FlowShutdown(), FMIPV6_MSG, HOME_AGENT_AD_REPLY, HOME_AGENT_AD_REQUEST, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_REJECTROUTE, ICMP6_ECHO_REPLY, ICMP6_ECHO_REQUEST, ICMP6_MOBILE_EXPERIMENTAL, ICMP6_NI_QUERY, ICMP6_NI_REPLY, ICMP6_PACKET_TOO_BIG, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, ICMP6_RR, ICMP6_TIME_EXCEED_REASSEMBLY, ICMP6_TIME_EXCEEDED, Packet_::icmp_d, Packet_::icmp_s, ICMPV6_EXPERIMENTATION_TYPE, ICMPV6_GET_CODE, ICMPV6_GET_EMB_IPV6, ICMPV6_GET_EMB_PROTO, ICMPV6_GET_ERROR_PTR, ICMPV6_GET_ID, ICMPV6_GET_MTU, ICMPV6_GET_SEQ, ICMPV6_GET_TYPE, ICMPV6_HEADER_LEN, ICMPV6_IPV6_TRUNC_PKT, ICMPV6_IPV6_UNKNOWN_VER, ICMPV6_MLD_MESSAGE_WITH_INVALID_HL, ICMPV6_PKT_TOO_SMALL, ICMPV6_UNASSIGNED_TYPE, ICMPV6_UNKNOWN_CODE, ICMPV6_UNKNOWN_TYPE, ICMPV6Hdr_::icmpv6b, ICMPv6GetCounterpart(), Packet_::icmpv6h, ICMPV6Hdr_::icmpv6i, Packet_::icmpv6vars, ICMPV6Info_::id, ICMPV6Vars_::id, Packet_::ip6h, IPV6_GET_HLIM, IPV6_GET_RAW_PLEN, IPV6_HEADER_LEN, LOCATOR_UDATE_MSG, MC_ROUTER_ADVERT, MC_ROUTER_SOLICIT, MC_ROUTER_TERMINATE, MLD_LISTENER_QUERY, MLD_LISTENER_REDUCTION, MLD_LISTENER_REPORT, MLD_V2_LIST_REPORT, MOBILE_PREFIX_ADVERT, MOBILE_PREFIX_SOLICIT, MPL_CONTROL_MSG, ICMPV6Vars_::mtu, ND_INVERSE_ADVERT, ND_INVERSE_SOLICIT, ND_NEIGHBOR_ADVERT, ND_NEIGHBOR_SOLICIT, ND_REDIRECT, ND_ROUTER_ADVERT, ND_ROUTER_SOLICIT, PACKET_RECYCLE, PASS, Packet_::payload, Packet_::payload_len, Packet_::proto, RPL_CONTROL_MSG, SCFree, SCLogDebug, SCMalloc, SCNtohs, ICMPV6Info_::seq, ICMPV6Vars_::seq, SIZE_OF_PACKET, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, ICMPV6Hdr_::type, and unlikely.
Referenced by DecodeIPV6(), and DecodeIPV6FragHeader().
| int DecodeIPV4 | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 517 of file decode-ipv4.c.
References DecodeThreadVars_::counter_ipv4, DECODE_TUNNEL_IPV6, DecodeEthernet(), DecodeGRE(), DecodeICMPV4(), DecodeIPV4(), DecodeSCTP(), DecodeTCP(), DecodeUDP(), Defrag(), DefragDestroy(), DefragInit(), ENGINE_SET_INVALID_EVENT, ETHERNET_HEADER_LEN, FAIL_IF, FAIL_IF_NULL, Packet_::flags, Packet_::flow_hash, FLOW_QUIET, FlowInitConfig(), FlowSetupPacket(), FlowShutdown(), GET_IPV4_DST_ADDR_PTR, GET_IPV4_SRC_ADDR_PTR, GET_PKT_DATA, GET_PKT_LEN, Packet_::ip4h, IPPROTO_GRE, IPV4_GET_DF, IPV4_GET_HLEN, IPV4_GET_IPID, IPV4_GET_IPLEN, IPV4_GET_IPOFFSET, IPV4_GET_IPPROTO, IPV4_GET_MF, IPV4_GET_RF, IPV4_OPT_CIPSO, IPV4_OPT_EOL, IPV4_OPT_LSRR, IPV4_OPT_NOP, IPV4_OPT_QS, IPV4_OPT_RR, IPV4_OPT_RTRALT, IPV4_OPT_SEC, IPV4_OPT_SID, IPV4_OPT_SSRR, IPV4_OPT_TS, IPV4_WITH_ICMPV6, IPV4Options_::o_cipso, IPV4Options_::o_lsrr, IPV4Options_::o_qs, IPV4Options_::o_rr, IPV4Options_::o_rtralt, IPV4Options_::o_sec, IPV4Options_::o_sid, IPV4Options_::o_ssrr, IPV4Options_::o_ts, PACKET_RECYCLE, PacketCopyData(), PacketDequeue(), PacketEnqueue(), PacketGetFromAlloc(), PacketTunnelPktSetup(), PASS, PKT_IS_FRAGMENT, PKT_IS_INVALID, PKT_SET_SRC, PKT_SRC_DECODER_IPV4, PKT_WANTS_FLOW, PPP_VJ_UCOMP, Packet_::ppph, PrintInet(), Packet_::proto, Packet_::recursion_level, SCFree, SCLogDebug, SCLogDebugEnabled(), SCMalloc, SCNtohs, SIZE_OF_PACKET, StatsIncr(), Packet_::tcph, TM_ECODE_FAILED, TM_ECODE_OK, IPV4Opt_::type, and unlikely.
Referenced by DecodeEthernet(), DecodeIPFW(), DecodeIPV4(), DecodeMPLS(), DecodeNFQ(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), DecodeVLAN(), DefragRbFragCompare(), NoNFLOGSupportExit(), and NoWinDivertSupportExit().
| int DecodeIPV6 | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 585 of file decode-ipv6.c.
References DecodeThreadVars_::counter_ipv6, DecodeGRE(), DecodeICMPV6(), DecodeIPV6(), DecodeSCTP(), DecodeTCP(), DecodeUDP(), Defrag(), DefragDestroy(), DefragInit(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, FAIL_IF, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), GET_IPV6_DST_ADDR, GET_IPV6_SRC_ADDR, GET_PKT_DATA, GET_PKT_LEN, Packet_::ip6eh, Packet_::ip6h, IPPROTO_GRE, IPV6_EXTHDR_ISSET_FH, IPV6_EXTHDR_ISSET_RH, IPV6_GET_CLASS, IPV6_GET_FLOW, IPV6_GET_HLIM, IPV6_GET_L4PROTO, IPV6_GET_NH, IPV6_GET_PLEN, IPV6_HEADER_LEN, IPV6_HOPOPTS_UNKNOWN_OPT, IPV6_SET_L4PROTO, IPV6_UNKNOWN_NEXT_HEADER, IPV6_WITH_ICMPV4, PacketQueue_::len, PACKET_RECYCLE, PacketCopyData(), PacketDequeue(), PacketEnqueue(), PacketGetFromAlloc(), PASS, PrintInet(), Packet_::proto, IPV6ExtHdrs_::rh_type, SCFree, SCLogDebug, SCLogDebugEnabled(), StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeEthernet(), DecodeICMPV6(), DecodeIPFW(), DecodeIPV6(), DecodeMPLS(), DecodeNFQ(), DecodeNull(), DecodePPP(), DecodePPPOESession(), DecodeRaw(), DecodeSll(), DecodeTunnel(), DecodeVLAN(), DefragRbFragCompare(), NoNFLOGSupportExit(), NoWinDivertSupportExit(), and SigParseApplyDsizeToContent().
| void DecodeIPV6FragHeader | ( | Packet * | p, |
| const uint8_t * | pkt, | ||
| uint16_t | hdrextlen, | ||
| uint16_t | plen, | ||
| uint16_t | prev_hdrextlen | ||
| ) |
Definition at line 105 of file decode-ipv6.c.
References DecodeICMPV6(), DecodeIPV6FragHeader(), DecodeSCTP(), DecodeTCP(), DecodeUDP(), Packet_::dst, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FALSE, IPV6ExtHdrs_::fh_data_len, IPV6ExtHdrs_::fh_data_offset, IPV6ExtHdrs_::fh_header_offset, IPV6ExtHdrs_::fh_id, IPV6ExtHdrs_::fh_more_frags_set, IPV6ExtHdrs_::fh_nh, IPV6ExtHdrs_::fh_offset, IPV6ExtHdrs_::fh_prev_hdr_offset, Packet_::flags, GET_PKT_DATA, Packet_::ip6eh, Packet_::ip6h, IPV6OptHAO_::ip6hao_hoa, IPV6OptHAO_::ip6hao_len, IPV6OptHAO_::ip6hao_type, IPV6OptJumbo_::ip6j_len, IPV6OptJumbo_::ip6j_payload_len, IPV6OptJumbo_::ip6j_type, IPV6OptRA_::ip6ra_len, IPV6OptRA_::ip6ra_type, IPV6OptRA_::ip6ra_value, ip6rh_type, IP_GET_RAW_VER, IPV6_DATA_AFTER_NONE_HEADER, IPV6_DSTOPTS_ONLY_PADDING, IPV6_DSTOPTS_UNKNOWN_OPT, IPV6_EXTHDR_AH_RES_NOT_NULL, IPV6_EXTHDR_DUPL_AH, IPV6_EXTHDR_DUPL_DH, IPV6_EXTHDR_DUPL_EH, IPV6_EXTHDR_DUPL_FH, IPV6_EXTHDR_DUPL_HH, IPV6_EXTHDR_DUPL_RH, IPV6_EXTHDR_INVALID_OPTLEN, IPV6_EXTHDR_ISSET_FH, IPV6_EXTHDR_RH_TYPE_0, IPV6_EXTHDR_SET_FH, IPV6_EXTHDR_SET_RH, IPV6_EXTHDR_USELESS_FH, IPV6_EXTHDR_ZERO_LEN_PADN, IPV6_FH_NON_ZERO_RES_FIELD, IPV6_GET_NH, IPV6_GET_PLEN, IPV6_HEADER_LEN, IPV6_HOPOPTS_ONLY_PADDING, IPV6_HOPOPTS_UNKNOWN_OPT, IPV6_SET_EXTHDRS_LEN, IPV6_SET_L4PROTO, IPV6_TRUNC_EXTHDR, IPV6_TRUNC_PKT, IPV6_UNKNOWN_NEXT_HEADER, IPV6_WITH_ICMPV4, IPV6_WRONG_IP_VER, IPV6OPT_HAO, IPV6OPT_JUMBO, IPV6OPT_PAD1, IPV6OPT_PADN, IPV6OPT_RA, len, offset, PKT_IS_FRAGMENT, IPV6ExtHdrs_::rh_type, SCEnter, SCLogDebug, SCNtohl, SCNtohs, SCReturn, SET_IPV6_DST_ADDR, SET_IPV6_SRC_ADDR, Packet_::src, TRUE, and unlikely.
Referenced by DecodeIPV6FragHeader().
| int DecodeMPLS | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 47 of file decode-mpls.c.
References DecodeThreadVars_::counter_mpls, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FAIL_IF, FAIL_IF_NOT, FAIL_IF_NULL, MPLS_BAD_LABEL_IMPLICIT_NULL, MPLS_BAD_LABEL_RESERVED, MPLS_BAD_LABEL_ROUTER_ALERT, MPLS_BOTTOM, MPLS_HEADER_LEN, MPLS_HEADER_TOO_SMALL, MPLS_LABEL, MPLS_LABEL_IPV4, MPLS_LABEL_IPV6, MPLS_LABEL_NULL, MPLS_LABEL_ROUTER_ALERT, MPLS_MAX_RESERVED_LABEL, MPLS_PKT_TOO_SMALL, MPLS_PROTO_ETHERNET_PW, MPLS_PROTO_IPV4, MPLS_PROTO_IPV6, MPLS_PW_LEN, MPLS_UNKNOWN_PAYLOAD_TYPE, PASS, SCCalloc, SCFree, SCMalloc, SIZE_OF_PACKET, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeEthernet(), DecodeMPLS(), and DecodeVLAN().
| int DecodeNull | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 48 of file decode-null.c.
References DecodeThreadVars_::counter_null, DecodeIPV4(), DecodeIPV6(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, HDR_SIZE, LTNULL_PKT_TOO_SMALL, LTNULL_UNSUPPORTED_TYPE, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, type, and unlikely.
Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().
| int DecodePPP | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 43 of file decode-ppp.c.
References DecodeThreadVars_::counter_ppp, DecodeIPV4(), DecodeIPV6(), DecodePPP(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV4_TRUNC_PKT, IPV6_HEADER_LEN, likely, PacketGetFromAlloc(), PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HEADER_LEN, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_PKT_TOO_SMALL, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, Packet_::ppph, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPVJU_PKT_TOO_SMALL, SCFree, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeAFP(), DecodePcap(), DecodePPP(), DecodeTunnel(), GetProgramVersion(), Unified2AlertInitCtx(), and ValidateLinkType().
| int DecodePPPOEDiscovery | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | , | ||
| PacketQueue * | |||
| ) |
Main decoding function for PPPOE Discovery packets.
Definition at line 50 of file decode-pppoe.c.
References DecodeThreadVars_::counter_pppoe, ENGINE_SET_INVALID_EVENT, PPPOE_CODE_PADI, PPPOE_CODE_PADO, PPPOE_CODE_PADR, PPPOE_CODE_PADS, PPPOE_CODE_PADT, PPPOE_DISCOVERY_HEADER_MIN_LEN, pppoe_length, PPPOE_MALFORMED_TAGS, PPPOE_PKT_TOO_SMALL, PPPOE_WRONG_CODE, Packet_::pppoedh, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, and TM_ECODE_OK.
Referenced by DecodeEthernet(), DecodePPPOESession(), and DecodeVLAN().
| int DecodePPPOESession | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | , | ||
| PacketQueue * | |||
| ) |
Main decoding function for PPPOE Session packets.
Definition at line 130 of file decode-pppoe.c.
References DecodeThreadVars_::counter_pppoe, DecodeIPV4(), DecodeIPV6(), DecodePPPOEDiscovery(), DecodePPPOESession(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), ICMPV4_UNKNOWN_TYPE, IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV6_HEADER_LEN, PacketGetFromAlloc(), PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPOESessionHdr_::pppoe_code, PPPOE_DISCOVERY_GET_TYPE, PPPOE_DISCOVERY_GET_VERSION, PPPOESessionHdr_::pppoe_length, PPPOE_MALFORMED_TAGS, PPPOE_PKT_TOO_SMALL, PPPOE_SESSION_GET_TYPE, PPPOE_SESSION_GET_VERSION, PPPOE_SESSION_HEADER_LEN, PPPOESessionHdr_::pppoe_version_type, PPPOE_WRONG_CODE, Packet_::pppoedh, Packet_::pppoesh, PPPVJU_PKT_TOO_SMALL, PPPOESessionHdr_::protocol, SCFree, SCLogDebug, SCNtohs, PPPOESessionHdr_::session_id, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeEthernet(), DecodePPPOESession(), and DecodeVLAN().
| int DecodeRaw | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 46 of file decode-raw.c.
References DecodeThreadVars_::counter_raw, DecodeIPV4(), DecodeIPV6(), DecodeRaw(), ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), GET_PKT_DATA, GET_PKT_LEN, Packet_::ip4h, Packet_::ip6h, IP_GET_RAW_VER, IPRAW_INVALID_IPV, IPV4_HEADER_LEN, IPV4_PKT_TOO_SMALL, PACKET_RECYCLE, PacketCopyData(), PacketGetFromAlloc(), SCFree, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeAFP(), DecodePcap(), DecodeRaw(), and ValidateLinkType().
| int DecodeSCTP | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 62 of file decode-sctp.c.
References DecodeThreadVars_::counter_sctp, FlowSetupPacket(), SCLogDebug, SCTP_GET_DST_PORT, SCTP_GET_SRC_PORT, Packet_::sctph, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeIPV4(), DecodeIPV6(), and DecodeIPV6FragHeader().
| int DecodeSll | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 39 of file decode-sll.c.
References DecodeThreadVars_::counter_sll, DecodeIPV4(), DecodeIPV6(), DecodeVLAN(), ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, SCLogDebug, SCNtohs, SLL_HEADER_LEN, SLL_PKT_TOO_SMALL, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeAFP(), DecodePcap(), and ValidateLinkType().
| int DecodeTCP | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 234 of file decode-tcp.c.
References DecodeThreadVars_::counter_tcp, DecodeTCP(), Packet_::dst, FAIL_IF, Address_::family, FLOW_QUIET, FlowInitConfig(), FlowSetupPacket(), FlowShutdown(), GET_TCP_DST_PORT, GET_TCP_SRC_PORT, Packet_::ip4h, PACKET_RECYCLE, PacketGetFromAlloc(), PASS, SCFree, SCLogDebug, Packet_::src, StatsIncr(), TCP_GET_HLEN, TCP_GET_SACK_CNT, TCP_GET_SACK_PTR, TCP_GET_WSCALE, TCP_HAS_MSS, TCP_HAS_SACK, TCP_HAS_SACKOK, TCP_HAS_TFO, TCP_HAS_TS, TCP_HAS_WSCALE, Packet_::tcph, TM_ECODE_FAILED, TM_ECODE_OK, and unlikely.
Referenced by DecodeIPV4(), DecodeIPV6(), DecodeIPV6FragHeader(), and DecodeTCP().
| int DecodeTEMPLATE | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len, | ||
| PacketQueue * | pq | ||
| ) |
Function to decode TEMPLATE packets.
| tv | thread vars |
| dtv | decoder thread vars |
| p | packet |
| pkt | raw packet data |
| len | length in bytes of pkt array |
| TM_ECODE_OK | or TM_ECODE_FAILED on serious error |
Definition at line 49 of file decode-template.c.
References DecodeUDP(), TM_ECODE_FAILED, and TM_ECODE_OK.
| int DecodeUDP | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint16_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 74 of file decode-udp.c.
References DecodeThreadVars_::counter_udp, DecodeTeredo(), DecodeVXLAN(), DecodeVXLANEnabledForPort(), Packet_::dp, FAIL_IF, FlowSetupPacket(), PASS, Packet_::payload, Packet_::payload_len, SCLogDebug, Packet_::sp, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, UDP_GET_DST_PORT, UDP_GET_SRC_PORT, UDP_HEADER_LEN, Packet_::udph, and unlikely.
Referenced by DecodeIPV4(), DecodeIPV6(), DecodeIPV6FragHeader(), DecodeTEMPLATE(), and DecodeVXLAN().
| int DecodeVLAN | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | , | ||
| PacketQueue * | |||
| ) |
Definition at line 62 of file decode-vlan.c.
References DecodeThreadVars_::counter_vlan, DecodeThreadVars_::counter_vlan_qinq, DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), DecodePPPOEDiscovery(), DecodePPPOESession(), DecodeVLAN(), ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_8021AD, ETHERNET_TYPE_8021AH, ETHERNET_TYPE_ARP, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_MPLS_MULTICAST, ETHERNET_TYPE_MPLS_UNICAST, ETHERNET_TYPE_PPPOE_DISC, ETHERNET_TYPE_PPPOE_SESS, ETHERNET_TYPE_VLAN, GET_VLAN_CFI, GET_VLAN_ID, GET_VLAN_PRIORITY, GET_VLAN_PROTO, proto, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, unlikely, VLAN_HEADER_LEN, VLAN_HEADER_TOO_MANY_LAYERS, VLAN_HEADER_TOO_SMALL, Packet_::vlan_id, Packet_::vlan_idx, and VLAN_UNKNOWN_TYPE.
Referenced by __attribute__(), DecodeEthernet(), DecodeSll(), DecodeTunnel(), and DecodeVLAN().
| int DecodeVXLAN | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len, | ||
| PacketQueue * | pq | ||
| ) |
| pkt | payload data directly above UDP header |
| len | length in bytes of pkt |
Definition at line 119 of file decode-vxlan.c.
References DecodeThreadVars_::counter_vxlan, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DecodeUDP(), ETHERNET_HEADER_LEN, ETHERNET_TYPE_ARP, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, FAIL_IF, FAIL_IF_NOT, FAIL_IF_NULL, VXLANHeader_::flags, FLOW_QUIET, FlowInitConfig(), FlowShutdown(), PacketDequeue(), PacketEnqueue(), PacketFree(), PacketGetFromAlloc(), PacketTunnelPktSetup(), PASS, PKT_SET_SRC, PKT_SRC_DECODER_VXLAN, VXLANHeader_::res, SCLogDebug, SCNtohs, SIZE_OF_PACKET, Packet_::sp, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, PacketQueue_::top, Packet_::udph, unlikely, VXLANHeader_::vni, and VXLAN_HEADER_LEN.
Referenced by DecodeUDP().
| uint32_t default_packet_size |
Definition at line 618 of file decode.h.
Referenced by AFPGetLinkType(), AFPSetBPFFilter(), PacketCopyDataOffset(), PostRunDeinit(), ReceivePfringThreadInit(), RunUnittests(), and TmModuleDecodeNetmapRegister().
| int g_default_mtu |
highest mtu of the interfaces we monitor
Definition at line 224 of file suricata.c.
Referenced by PostRunDeinit().
1.8.11