suricata
Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
decode.h File Reference
#include "suricata-common.h"
#include "suricata-plugin.h"
#include "threadvars.h"
#include "util-debug.h"
#include "decode-events.h"
#include "util-exception-policy-types.h"
#include "util-datalink.h"
#include "flow-worker.h"
#include "app-layer-protos.h"
#include "source-nflog.h"
#include "source-nfq.h"
#include "source-ipfw.h"
#include "source-pcap.h"
#include "source-af-packet.h"
#include "source-netmap.h"
#include "source-windivert.h"
#include "decode-ethernet.h"
#include "decode-gre.h"
#include "decode-ppp.h"
#include "decode-ipv4.h"
#include "decode-ipv6.h"
#include "decode-icmpv4.h"
#include "decode-icmpv6.h"
#include "decode-tcp.h"
#include "decode-udp.h"
#include "decode-sctp.h"
#include "decode-esp.h"
#include "decode-vlan.h"
#include "decode-mpls.h"
#include "decode-arp.h"
#include "util-validate.h"
Include dependency graph for decode.h:

Go to the source code of this file.

Data Structures

struct  Address_
 
struct  PacketContextData
 
struct  PacketAlert_
 
struct  PacketAlerts_
 
struct  PacketEngineEvents_
 
struct  PktVar_
 
struct  PktProfilingTmmData_
 Per TMM stats storage. More...
 
struct  PktProfilingData_
 
struct  PktProfilingDetectData_
 
struct  PktProfilingAppData_
 
struct  PktProfilingLoggerData_
 
struct  PktProfiling_
 Per pkt stats storage. More...
 
struct  PacketL2
 
union  PacketL2::L2Hdrs
 
struct  PacketL3
 
union  PacketL3::Hdrs
 
struct  PacketL4
 
union  PacketL4::L4Hdrs
 
union  PacketL4::L4Vars
 
struct  Packet_
 
struct  DecodeThreadVars_
 Structure to hold thread specific data for all decode modules. More...
 

Macros

#define COUNTERS
 
#define SignatureMask   uint8_t
 
#define addr_data32   address.address_un_data32
 
#define addr_data16   address.address_un_data16
 
#define addr_data8   address.address_un_data8
 
#define addr_in6addr   address.address_un_in6
 
#define COPY_ADDRESS(a, b)
 
#define SET_IPV4_SRC_ADDR(ip4h, a)
 
#define SET_IPV4_DST_ADDR(ip4h, a)
 
#define SET_IPV6_SRC_ADDR(ip6h, a)
 
#define SET_IPV6_DST_ADDR(ip6h, a)
 
#define SET_TCP_SRC_PORT(pkt, prt)
 
#define SET_TCP_DST_PORT(pkt, prt)
 
#define SET_UDP_SRC_PORT(pkt, prt)
 
#define SET_UDP_DST_PORT(pkt, prt)
 
#define GET_IPV4_SRC_ADDR_U32(p)   ((p)->src.addr_data32[0])
 
#define GET_IPV4_DST_ADDR_U32(p)   ((p)->dst.addr_data32[0])
 
#define GET_IPV4_SRC_ADDR_PTR(p)   ((p)->src.addr_data32)
 
#define GET_IPV4_DST_ADDR_PTR(p)   ((p)->dst.addr_data32)
 
#define GET_IPV6_SRC_IN6ADDR(p)   ((p)->src.addr_in6addr)
 
#define GET_IPV6_DST_IN6ADDR(p)   ((p)->dst.addr_in6addr)
 
#define GET_IPV6_SRC_ADDR(p)   ((p)->src.addr_data32)
 
#define GET_IPV6_DST_ADDR(p)   ((p)->dst.addr_data32)
 
#define GET_TCP_SRC_PORT(p)   ((p)->sp)
 
#define GET_TCP_DST_PORT(p)   ((p)->dp)
 
#define GET_PKT_LEN(p)   (p)->pktlen
 
#define GET_PKT_DATA(p)   (((p)->ext_pkt == NULL) ? GET_PKT_DIRECT_DATA(p) : (p)->ext_pkt)
 
#define GET_PKT_DIRECT_DATA(p)   (p)->pkt_data
 
#define GET_PKT_DIRECT_MAX_SIZE(p)   (default_packet_size)
 
#define SET_PKT_LEN(p, len)
 
#define SET_PORT(v, p)   ((p) = (v))
 
#define COPY_PORT(a, b)   ((b) = (a))
 
#define CMP_ADDR(a1, a2)
 
#define CMP_PORT(p1, p2)   ((p1) == (p2))
 
#define IP_GET_RAW_VER(pkt)   ((((pkt)[0] & 0xf0) >> 4))
 
#define PKT_IS_TCP(p)   (((p)->tcph != NULL))
 
#define PKT_IS_UDP(p)   (((p)->udph != NULL))
 
#define PKT_IS_ICMPV4(p)   (((p)->icmpv4h != NULL))
 
#define PKT_IS_ICMPV6(p)   (((p)->icmpv6h != NULL))
 
#define PKT_IS_TOSERVER(p)   (((p)->flowflags & FLOW_PKT_TOSERVER))
 
#define PKT_IS_TOCLIENT(p)   (((p)->flowflags & FLOW_PKT_TOCLIENT))
 
#define PACKET_ALERT_FLAG_APPLY_ACTION_TO_FLOW   BIT_U8(0)
 
#define PACKET_ALERT_FLAG_STATE_MATCH   BIT_U8(1)
 
#define PACKET_ALERT_FLAG_STREAM_MATCH   BIT_U8(2)
 
#define PACKET_ALERT_FLAG_TX   BIT_U8(3)
 
#define PACKET_ALERT_FLAG_RATE_FILTER_MODIFIED   BIT_U8(4)
 
#define PACKET_ALERT_FLAG_FRAME   BIT_U8(5)
 
#define PACKET_ALERT_FLAG_TX_GUESSED   BIT_U8(6)
 
#define PACKET_ALERT_FLAG_APPLY_ACTION_TO_PACKET   BIT_U8(7)
 
#define PACKET_ALERT_MAX   15
 
#define PACKET_ENGINE_EVENT_MAX   15
 
#define DEFAULT_MTU   1500
 
#define MINIMUM_MTU   68
 
#define DEFAULT_PACKET_SIZE   (DEFAULT_MTU + ETHERNET_HEADER_LEN)
 
#define MAX_PAYLOAD_SIZE   (IPV6_HEADER_LEN + 65536 + 28)
 
#define SIZE_OF_PACKET   (default_packet_size + sizeof(Packet))
 
#define PACKET_CLEAR_L4VARS(p)
 
#define PACKET_FREE_EXTDATA(p)
 
#define TUNNEL_INCR_PKT_RTV_NOLOCK(p)
 
#define TUNNEL_PKT_RTV(p)   ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)
 
#define TUNNEL_PKT_TPR(p)   ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)
 
#define ENGINE_SET_EVENT(p, e)
 
#define ENGINE_SET_INVALID_EVENT(p, e)
 
#define ENGINE_ISSET_EVENT(p, e)
 
#define IPPROTO_IPIP   4
 
#define IPPROTO_DCCP   33
 
#define IPPROTO_SCTP   132
 
#define IPPROTO_MH   135
 
#define IPPROTO_HIP   139
 
#define IPPROTO_SHIM6   140
 
#define PKT_NOPACKET_INSPECTION   BIT_U32(0)
 
#define PKT_PPP_VJ_UCOMP   BIT_U32(1)
 
#define PKT_NOPAYLOAD_INSPECTION   BIT_U32(2)
 
#define PKT_ALERT_CTX_USED   BIT_U32(3)
 
#define PKT_HAS_TAG   BIT_U32(4)
 
#define PKT_STREAM_ADD   BIT_U32(5)
 
#define PKT_STREAM_EST   BIT_U32(6)
 
#define PKT_HAS_FLOW   BIT_U32(8)
 
#define PKT_PSEUDO_STREAM_END   BIT_U32(9)
 
#define PKT_STREAM_MODIFIED   BIT_U32(10)
 
#define PKT_STREAM_NOPCAPLOG   BIT_U32(12)
 
#define PKT_IGNORE_CHECKSUM   BIT_U32(15)
 
#define PKT_ZERO_COPY   BIT_U32(16)
 
#define PKT_HOST_SRC_LOOKED_UP   BIT_U32(17)
 
#define PKT_HOST_DST_LOOKED_UP   BIT_U32(18)
 
#define PKT_IS_FRAGMENT   BIT_U32(19)
 
#define PKT_IS_INVALID   BIT_U32(20)
 
#define PKT_PROFILE   BIT_U32(21)
 
#define PKT_WANTS_FLOW   BIT_U32(22)
 
#define PKT_PROTO_DETECT_TS_DONE   BIT_U32(23)
 
#define PKT_PROTO_DETECT_TC_DONE   BIT_U32(24)
 
#define PKT_REBUILT_FRAGMENT   BIT_U32(25)
 
#define PKT_DETECT_HAS_STREAMDATA   BIT_U32(26)
 
#define PKT_PSEUDO_DETECTLOG_FLUSH   BIT_U32(27)
 
#define PKT_STREAM_NO_EVENTS   BIT_U32(28)
 
#define PKT_FIRST_ALERTS   BIT_U32(29)
 
#define PKT_FIRST_TAG   BIT_U32(30)
 
#define PKT_PSEUDO_LOG_FLUSH   BIT_U32(31)
 
#define PKT_IS_PSEUDOPKT(p)   ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH))
 return 1 if the packet is a pseudo packet More...
 
#define PKT_IS_FLUSHPKT(p)   ((p)->flags & (PKT_PSEUDO_LOG_FLUSH))
 
#define PKT_SET_SRC(p, src_val)   ((p)->pkt_src = src_val)
 
#define PKT_DEFAULT_MAX_DECODED_LAYERS   16
 

Typedefs

typedef struct AppLayerThreadCtx_ AppLayerThreadCtx
 
typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents
 
typedef struct Address_ Address
 
typedef uint16_t Port
 
typedef struct PacketAlert_ PacketAlert
 
typedef struct PacketAlerts_ PacketAlerts
 
typedef struct PacketEngineEvents_ PacketEngineEvents
 
typedef struct PktVar_ PktVar
 
typedef struct PktProfilingTmmData_ PktProfilingTmmData
 Per TMM stats storage. More...
 
typedef struct PktProfilingData_ PktProfilingData
 
typedef struct PktProfilingDetectData_ PktProfilingDetectData
 
typedef struct PktProfilingAppData_ PktProfilingAppData
 
typedef struct PktProfilingLoggerData_ PktProfilingLoggerData
 
typedef struct PktProfiling_ PktProfiling
 Per pkt stats storage. More...
 
typedef struct Packet_ Packet
 
typedef struct DecodeThreadVars_ DecodeThreadVars
 Structure to hold thread specific data for all decode modules. More...
 
typedef int(* DecoderFunc) (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
 

Enumerations

enum  ChecksumValidationMode {
  CHECKSUM_VALIDATION_DISABLE, CHECKSUM_VALIDATION_ENABLE, CHECKSUM_VALIDATION_AUTO, CHECKSUM_VALIDATION_RXONLY,
  CHECKSUM_VALIDATION_KERNEL, CHECKSUM_VALIDATION_OFFLOAD
}
 
enum  PktSrcEnum {
  PKT_SRC_WIRE = 1, PKT_SRC_DECODER_GRE, PKT_SRC_DECODER_IPV4, PKT_SRC_DECODER_IPV6,
  PKT_SRC_DECODER_TEREDO, PKT_SRC_DEFRAG, PKT_SRC_FFR, PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH,
  PKT_SRC_DECODER_VXLAN, PKT_SRC_DETECT_RELOAD_FLUSH, PKT_SRC_CAPTURE_TIMEOUT, PKT_SRC_DECODER_GENEVE,
  PKT_SRC_SHUTDOWN_FLUSH
}
 
enum  PacketDropReason {
  PKT_DROP_REASON_NOT_SET = 0, PKT_DROP_REASON_DECODE_ERROR, PKT_DROP_REASON_DEFRAG_ERROR, PKT_DROP_REASON_DEFRAG_MEMCAP,
  PKT_DROP_REASON_FLOW_MEMCAP, PKT_DROP_REASON_FLOW_DROP, PKT_DROP_REASON_APPLAYER_ERROR, PKT_DROP_REASON_APPLAYER_MEMCAP,
  PKT_DROP_REASON_RULES, PKT_DROP_REASON_RULES_THRESHOLD, PKT_DROP_REASON_STREAM_ERROR, PKT_DROP_REASON_STREAM_MEMCAP,
  PKT_DROP_REASON_STREAM_MIDSTREAM, PKT_DROP_REASON_STREAM_REASSEMBLY, PKT_DROP_REASON_STREAM_URG, PKT_DROP_REASON_NFQ_ERROR,
  PKT_DROP_REASON_INNER_PACKET, PKT_DROP_REASON_DEFAULT_PACKET_POLICY, PKT_DROP_REASON_DEFAULT_APP_POLICY, PKT_DROP_REASON_STREAM_PRE_HOOK,
  PKT_DROP_REASON_FLOW_PRE_HOOK, PKT_DROP_REASON_MAX
}
 
enum  PacketTunnelType { PacketTunnelNone, PacketTunnelRoot, PacketTunnelChild }
 
enum  PacketL2Types { PACKET_L2_UNKNOWN = 0, PACKET_L2_ETHERNET }
 
enum  PacketL3Types { PACKET_L3_UNKNOWN = 0, PACKET_L3_IPV4, PACKET_L3_IPV6, PACKET_L3_ARP }
 
enum  PacketL4Types {
  PACKET_L4_UNKNOWN = 0, PACKET_L4_TCP, PACKET_L4_UDP, PACKET_L4_ICMPV4,
  PACKET_L4_ICMPV6, PACKET_L4_SCTP, PACKET_L4_GRE, PACKET_L4_ESP
}
 
enum  DecodeTunnelProto {
  DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_ERSPANII, DECODE_TUNNEL_ERSPANI, DECODE_TUNNEL_VLAN,
  DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_IPV6_TEREDO, DECODE_TUNNEL_PPP,
  DECODE_TUNNEL_NSH, DECODE_TUNNEL_ARP, DECODE_TUNNEL_UNSET
}
 

Functions

PacketAlertPacketAlertCreate (void)
 Initialize PacketAlerts with dynamic alerts array size. More...
 
void PacketAlertRecycle (PacketAlert *pa_array, uint16_t cnt)
 
void PacketAlertFree (PacketAlert *pa)
 
void CaptureStatsUpdate (ThreadVars *tv, const Packet *p)
 
void CaptureStatsSetup (ThreadVars *tv)
 
PacketPacketTunnelPktSetup (ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent, const uint8_t *pkt, uint32_t len, enum DecodeTunnelProto proto)
 Setup a pseudo packet (tunnel) More...
 
PacketPacketDefragPktSetup (Packet *parent, const uint8_t *pkt, uint32_t len, uint8_t proto)
 Setup a pseudo packet (reassembled frags) More...
 
void PacketDefragPktSetupParent (Packet *parent)
 inform defrag "parent" that a pseudo packet is now associated to it. More...
 
void DecodeRegisterPerfCounters (DecodeThreadVars *, ThreadVars *)
 
PacketPacketGetFromQueueOrAlloc (void)
 Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packet that is free'd again after processing. More...
 
PacketPacketGetFromAlloc (void)
 Get a malloced packet. More...
 
void PacketDecodeFinalize (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
 Finalize decoding of a packet. More...
 
void PacketUpdateEngineEventCounters (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
 
void PacketFree (Packet *p)
 Return a malloced packet. More...
 
void PacketFreeOrRelease (Packet *p)
 Return a packet to where it was allocated. More...
 
int PacketCallocExtPkt (Packet *p, int datalen)
 
int PacketCopyData (Packet *p, const uint8_t *pktdata, uint32_t pktlen)
 Copy data to Packet payload and set packet length. More...
 
int PacketSetData (Packet *p, const uint8_t *pktdata, uint32_t pktlen)
 Set data for Packet and set length when zero copy is used. More...
 
int PacketCopyDataOffset (Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen)
 Copy data to Packet payload at given offset. More...
 
const char * PktSrcToString (enum PktSrcEnum pkt_src)
 
void PacketBypassCallback (Packet *p)
 
void PacketSwap (Packet *p)
 switch direction of a packet More...
 
DecodeThreadVarsDecodeThreadVarsAlloc (ThreadVars *)
 Alloc and setup DecodeThreadVars. More...
 
void DecodeThreadVarsFree (ThreadVars *, DecodeThreadVars *)
 
void DecodeUpdatePacketCounters (ThreadVars *tv, const DecodeThreadVars *dtv, const Packet *p)
 
const char * PacketDropReasonToString (enum PacketDropReason r)
 
int DecodeEthernet (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeSll (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeSll2 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodePPP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodePPPOESession (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Main decoding function for PPPOE Session packets. More...
 
int DecodePPPOEDiscovery (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Main decoding function for PPPOE Discovery packets. More...
 
int DecodeNull (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeRaw (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeIPV4 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t)
 
int DecodeIPV6 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t)
 
int DecodeICMPV4 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Main ICMPv4 decoding function. More...
 
int DecodeICMPV6 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Decode ICMPV6 packets and fill the Packet with the decoded info. More...
 
int DecodeTCP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t)
 
int DecodeUDP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t)
 
int DecodeSCTP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t)
 
int DecodeESP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t)
 Function to decode IPSEC-ESP packets. More...
 
int DecodeGRE (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Function to decode GRE packets. More...
 
int DecodeVLAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeVNTag (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeIEEE8021ah (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeGeneve (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeVXLAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeMPLS (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeERSPAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 ERSPAN Type II. More...
 
int DecodeERSPANTypeI (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 ERSPAN Type I. More...
 
int DecodeCHDLC (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
int DecodeTEMPLATE (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Function to decode TEMPLATE packets. More...
 
int DecodeNSH (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 Function to decode NSH packets. More...
 
int DecodeARP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t)
 
void DecodeIPV6FragHeader (Packet *p, const uint8_t *pkt, uint16_t hdrextlen, uint16_t plen, uint16_t prev_hdrextlen)
 
void AddressDebugPrint (Address *)
 Debug print function for printing addresses. More...
 
void DecodeGlobalConfig (void)
 
void PacketAlertGetMaxConfig (void)
 
void DecodeUnregisterCounters (void)
 

Variables

uint16_t packet_alert_max
 
uint32_t default_packet_size
 
uint8_t decoder_max_layers
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file decode.h.

Macro Definition Documentation

◆ addr_data16

#define addr_data16   address.address_un_data16

Definition at line 124 of file decode.h.

◆ addr_data32

#define addr_data32   address.address_un_data32

Definition at line 123 of file decode.h.

◆ addr_data8

#define addr_data8   address.address_un_data8

Definition at line 125 of file decode.h.

◆ addr_in6addr

#define addr_in6addr   address.address_un_in6

Definition at line 126 of file decode.h.

◆ CMP_ADDR

#define CMP_ADDR (   a1,
  a2 
)
Value:
(((a1)->addr_data32[3] == (a2)->addr_data32[3] && \
(a1)->addr_data32[2] == (a2)->addr_data32[2] && \
(a1)->addr_data32[1] == (a2)->addr_data32[1] && \
(a1)->addr_data32[0] == (a2)->addr_data32[0]))

Definition at line 223 of file decode.h.

◆ CMP_PORT

#define CMP_PORT (   p1,
  p2 
)    ((p1) == (p2))

Definition at line 228 of file decode.h.

◆ COPY_ADDRESS

#define COPY_ADDRESS (   a,
 
)
Value:
do { \
(b)->family = (a)->family; \
(b)->addr_data32[0] = (a)->addr_data32[0]; \
(b)->addr_data32[1] = (a)->addr_data32[1]; \
(b)->addr_data32[2] = (a)->addr_data32[2]; \
(b)->addr_data32[3] = (a)->addr_data32[3]; \
} while (0)

Definition at line 128 of file decode.h.

◆ COPY_PORT

#define COPY_PORT (   a,
 
)    ((b) = (a))

Definition at line 221 of file decode.h.

◆ COUNTERS

#define COUNTERS

Definition at line 29 of file decode.h.

◆ DEFAULT_MTU

#define DEFAULT_MTU   1500

highest mtu of the interfaces we monitor

Definition at line 697 of file decode.h.

◆ DEFAULT_PACKET_SIZE

#define DEFAULT_PACKET_SIZE   (DEFAULT_MTU + ETHERNET_HEADER_LEN)

Definition at line 700 of file decode.h.

◆ ENGINE_ISSET_EVENT

#define ENGINE_ISSET_EVENT (   p,
 
)
Value:
({ \
int r = 0; \
uint8_t u; \
for (u = 0; u < (p)->events.cnt; u++) { \
if ((p)->events.events[u] == (e)) { \
r = 1; \
break; \
} \
} \
r; \
})

Definition at line 1198 of file decode.h.

◆ ENGINE_SET_EVENT

#define ENGINE_SET_EVENT (   p,
 
)
Value:
do { \
SCLogDebug("p %p event %d", (p), e); \
if ((p)->events.cnt < PACKET_ENGINE_EVENT_MAX) { \
(p)->events.events[(p)->events.cnt] = e; \
(p)->events.cnt++; \
} \
} while(0)

Definition at line 1185 of file decode.h.

◆ ENGINE_SET_INVALID_EVENT

#define ENGINE_SET_INVALID_EVENT (   p,
 
)
Value:
do { \
p->flags |= PKT_IS_INVALID; \
ENGINE_SET_EVENT(p, e); \
} while(0)

Definition at line 1193 of file decode.h.

◆ GET_IPV4_DST_ADDR_PTR

#define GET_IPV4_DST_ADDR_PTR (   p)    ((p)->dst.addr_data32)

Definition at line 200 of file decode.h.

◆ GET_IPV4_DST_ADDR_U32

#define GET_IPV4_DST_ADDR_U32 (   p)    ((p)->dst.addr_data32[0])

Definition at line 198 of file decode.h.

◆ GET_IPV4_SRC_ADDR_PTR

#define GET_IPV4_SRC_ADDR_PTR (   p)    ((p)->src.addr_data32)

Definition at line 199 of file decode.h.

◆ GET_IPV4_SRC_ADDR_U32

#define GET_IPV4_SRC_ADDR_U32 (   p)    ((p)->src.addr_data32[0])

Definition at line 197 of file decode.h.

◆ GET_IPV6_DST_ADDR

#define GET_IPV6_DST_ADDR (   p)    ((p)->dst.addr_data32)

Definition at line 205 of file decode.h.

◆ GET_IPV6_DST_IN6ADDR

#define GET_IPV6_DST_IN6ADDR (   p)    ((p)->dst.addr_in6addr)

Definition at line 203 of file decode.h.

◆ GET_IPV6_SRC_ADDR

#define GET_IPV6_SRC_ADDR (   p)    ((p)->src.addr_data32)

Definition at line 204 of file decode.h.

◆ GET_IPV6_SRC_IN6ADDR

#define GET_IPV6_SRC_IN6ADDR (   p)    ((p)->src.addr_in6addr)

Definition at line 202 of file decode.h.

◆ GET_PKT_DATA

#define GET_PKT_DATA (   p)    (((p)->ext_pkt == NULL) ? GET_PKT_DIRECT_DATA(p) : (p)->ext_pkt)

Definition at line 210 of file decode.h.

◆ GET_PKT_DIRECT_DATA

#define GET_PKT_DIRECT_DATA (   p)    (p)->pkt_data

Definition at line 211 of file decode.h.

◆ GET_PKT_DIRECT_MAX_SIZE

#define GET_PKT_DIRECT_MAX_SIZE (   p)    (default_packet_size)

Definition at line 212 of file decode.h.

◆ GET_PKT_LEN

#define GET_PKT_LEN (   p)    (p)->pktlen

Definition at line 209 of file decode.h.

◆ GET_TCP_DST_PORT

#define GET_TCP_DST_PORT (   p)    ((p)->dp)

Definition at line 207 of file decode.h.

◆ GET_TCP_SRC_PORT

#define GET_TCP_SRC_PORT (   p)    ((p)->sp)

Definition at line 206 of file decode.h.

◆ IP_GET_RAW_VER

#define IP_GET_RAW_VER (   pkt)    ((((pkt)[0] & 0xf0) >> 4))

Definition at line 233 of file decode.h.

◆ IPPROTO_DCCP

#define IPPROTO_DCCP   33

Definition at line 1219 of file decode.h.

◆ IPPROTO_HIP

#define IPPROTO_HIP   139

Definition at line 1236 of file decode.h.

◆ IPPROTO_IPIP

#define IPPROTO_IPIP   4

Definition at line 1211 of file decode.h.

◆ IPPROTO_MH

#define IPPROTO_MH   135

Definition at line 1231 of file decode.h.

◆ IPPROTO_SCTP

#define IPPROTO_SCTP   132

Definition at line 1227 of file decode.h.

◆ IPPROTO_SHIM6

#define IPPROTO_SHIM6   140

Definition at line 1240 of file decode.h.

◆ MAX_PAYLOAD_SIZE

#define MAX_PAYLOAD_SIZE   (IPV6_HEADER_LEN + 65536 + 28)

Definition at line 702 of file decode.h.

◆ MINIMUM_MTU

#define MINIMUM_MTU   68

ipv4 minimum: rfc791

Definition at line 698 of file decode.h.

◆ PACKET_ALERT_MAX

#define PACKET_ALERT_MAX   15

Definition at line 285 of file decode.h.

◆ PACKET_CLEAR_L4VARS

#define PACKET_CLEAR_L4VARS (   p)
Value:
do { \
memset(&(p)->l4vars, 0x00, sizeof((p)->l4vars)); \
} while (0)

Definition at line 1062 of file decode.h.

◆ PACKET_ENGINE_EVENT_MAX

#define PACKET_ENGINE_EVENT_MAX   15

number of decoder events we support per packet. Power of 2 minus 1 for memory layout

Definition at line 304 of file decode.h.

◆ PACKET_FREE_EXTDATA

#define PACKET_FREE_EXTDATA (   p)
Value:
do { \
if ((p)->ext_pkt) { \
if (!((p)->flags & PKT_ZERO_COPY)) { \
SCFree((p)->ext_pkt); \
} \
(p)->ext_pkt = NULL; \
} \
} while(0)

Definition at line 1067 of file decode.h.

◆ PKT_ALERT_CTX_USED

#define PKT_ALERT_CTX_USED   BIT_U32(3)

set if PacketAlerts may contain json context data

Definition at line 1254 of file decode.h.

◆ PKT_DEFAULT_MAX_DECODED_LAYERS

#define PKT_DEFAULT_MAX_DECODED_LAYERS   16

Definition at line 1326 of file decode.h.

◆ PKT_DETECT_HAS_STREAMDATA

#define PKT_DETECT_HAS_STREAMDATA   BIT_U32(26)

Set by Detect() if raw stream data is available.

Definition at line 1305 of file decode.h.

◆ PKT_FIRST_ALERTS

#define PKT_FIRST_ALERTS   BIT_U32(29)

We had no alert on flow before this packet

Definition at line 1314 of file decode.h.

◆ PKT_FIRST_TAG

#define PKT_FIRST_TAG   BIT_U32(30)

Definition at line 1315 of file decode.h.

◆ PKT_HAS_FLOW

#define PKT_HAS_FLOW   BIT_U32(8)

Definition at line 1265 of file decode.h.

◆ PKT_HAS_TAG

#define PKT_HAS_TAG   BIT_U32(4)

Packet has matched a tag

Definition at line 1257 of file decode.h.

◆ PKT_HOST_DST_LOOKED_UP

#define PKT_HOST_DST_LOOKED_UP   BIT_U32(18)

Definition at line 1286 of file decode.h.

◆ PKT_HOST_SRC_LOOKED_UP

#define PKT_HOST_SRC_LOOKED_UP   BIT_U32(17)

Definition at line 1285 of file decode.h.

◆ PKT_IGNORE_CHECKSUM

#define PKT_IGNORE_CHECKSUM   BIT_U32(15)

Packet checksum is not computed (TX packet for example)

Definition at line 1281 of file decode.h.

◆ PKT_IS_FLUSHPKT

#define PKT_IS_FLUSHPKT (   p)    ((p)->flags & (PKT_PSEUDO_LOG_FLUSH))

Definition at line 1322 of file decode.h.

◆ PKT_IS_FRAGMENT

#define PKT_IS_FRAGMENT   BIT_U32(19)

Packet is a fragment

Definition at line 1289 of file decode.h.

◆ PKT_IS_ICMPV4

#define PKT_IS_ICMPV4 (   p)    (((p)->icmpv4h != NULL))

Definition at line 237 of file decode.h.

◆ PKT_IS_ICMPV6

#define PKT_IS_ICMPV6 (   p)    (((p)->icmpv6h != NULL))

Definition at line 238 of file decode.h.

◆ PKT_IS_INVALID

#define PKT_IS_INVALID   BIT_U32(20)

Definition at line 1290 of file decode.h.

◆ PKT_IS_PSEUDOPKT

#define PKT_IS_PSEUDOPKT (   p)    ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH))

return 1 if the packet is a pseudo packet

Definition at line 1320 of file decode.h.

◆ PKT_IS_TCP

#define PKT_IS_TCP (   p)    (((p)->tcph != NULL))

Definition at line 235 of file decode.h.

◆ PKT_IS_TOCLIENT

#define PKT_IS_TOCLIENT (   p)    (((p)->flowflags & FLOW_PKT_TOCLIENT))

Definition at line 240 of file decode.h.

◆ PKT_IS_TOSERVER

#define PKT_IS_TOSERVER (   p)    (((p)->flowflags & FLOW_PKT_TOSERVER))

Definition at line 239 of file decode.h.

◆ PKT_IS_UDP

#define PKT_IS_UDP (   p)    (((p)->udph != NULL))

Definition at line 236 of file decode.h.

◆ PKT_NOPACKET_INSPECTION

#define PKT_NOPACKET_INSPECTION   BIT_U32(0)

Flag to indicate that packet header or contents should not be inspected

Definition at line 1246 of file decode.h.

◆ PKT_NOPAYLOAD_INSPECTION

#define PKT_NOPAYLOAD_INSPECTION   BIT_U32(2)

Flag to indicate that packet contents should not be inspected

Definition at line 1251 of file decode.h.

◆ PKT_PPP_VJ_UCOMP

#define PKT_PPP_VJ_UCOMP   BIT_U32(1)

Packet has a PPP_VJ_UCOMP header

Definition at line 1248 of file decode.h.

◆ PKT_PROFILE

#define PKT_PROFILE   BIT_U32(21)

Definition at line 1291 of file decode.h.

◆ PKT_PROTO_DETECT_TC_DONE

#define PKT_PROTO_DETECT_TC_DONE   BIT_U32(24)

Definition at line 1299 of file decode.h.

◆ PKT_PROTO_DETECT_TS_DONE

#define PKT_PROTO_DETECT_TS_DONE   BIT_U32(23)

protocol detection done

Definition at line 1298 of file decode.h.

◆ PKT_PSEUDO_DETECTLOG_FLUSH

#define PKT_PSEUDO_DETECTLOG_FLUSH   BIT_U32(27)

Detect/log flush for protocol upgrade

Definition at line 1307 of file decode.h.

◆ PKT_PSEUDO_LOG_FLUSH

#define PKT_PSEUDO_LOG_FLUSH   BIT_U32(31)

Detect/log flush for protocol upgrade

Definition at line 1317 of file decode.h.

◆ PKT_PSEUDO_STREAM_END

#define PKT_PSEUDO_STREAM_END   BIT_U32(9)

Pseudo packet to end the stream

Definition at line 1267 of file decode.h.

◆ PKT_REBUILT_FRAGMENT

#define PKT_REBUILT_FRAGMENT   BIT_U32(25)

Packet is rebuilt from \ fragments.

Definition at line 1303 of file decode.h.

◆ PKT_SET_SRC

#define PKT_SET_SRC (   p,
  src_val 
)    ((p)->pkt_src = src_val)

Definition at line 1324 of file decode.h.

◆ PKT_STREAM_ADD

#define PKT_STREAM_ADD   BIT_U32(5)

Packet payload was added to reassembled stream

Definition at line 1259 of file decode.h.

◆ PKT_STREAM_EST

#define PKT_STREAM_EST   BIT_U32(6)

Packet is part of established stream

Definition at line 1261 of file decode.h.

◆ PKT_STREAM_MODIFIED

#define PKT_STREAM_MODIFIED   BIT_U32(10)

Packet is modified by the stream engine, we need to recalc the csum and \ reinject/replace

Definition at line 1270 of file decode.h.

◆ PKT_STREAM_NO_EVENTS

#define PKT_STREAM_NO_EVENTS   BIT_U32(28)

Packet is part of stream in known bad condition (loss, wrong thread), so flag it for not setting stream events

Definition at line 1311 of file decode.h.

◆ PKT_STREAM_NOPCAPLOG

#define PKT_STREAM_NOPCAPLOG   BIT_U32(12)

Exclude packet from pcap logging as it's part of a stream that has reassembly \ depth reached.

Definition at line 1276 of file decode.h.

◆ PKT_WANTS_FLOW

#define PKT_WANTS_FLOW   BIT_U32(22)

indication by decoder that it feels the packet should be handled by flow engine: Packet::flow_hash will be set

Definition at line 1295 of file decode.h.

◆ PKT_ZERO_COPY

#define PKT_ZERO_COPY   BIT_U32(16)

Packet comes from zero copy (ext_pkt must not be freed)

Definition at line 1283 of file decode.h.

◆ SET_IPV4_DST_ADDR

#define SET_IPV4_DST_ADDR (   ip4h,
 
)
Value:
do { \
(a)->family = AF_INET; \
(a)->addr_data32[0] = (uint32_t)(ip4h)->s_ip_dst.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
} while (0)

Definition at line 150 of file decode.h.

◆ SET_IPV4_SRC_ADDR

#define SET_IPV4_SRC_ADDR (   ip4h,
 
)
Value:
do { \
(a)->family = AF_INET; \
(a)->addr_data32[0] = (uint32_t)(ip4h)->s_ip_src.s_addr; \
(a)->addr_data32[1] = 0; \
(a)->addr_data32[2] = 0; \
(a)->addr_data32[3] = 0; \
} while (0)

Definition at line 141 of file decode.h.

◆ SET_IPV6_DST_ADDR

#define SET_IPV6_DST_ADDR (   ip6h,
 
)
Value:
do { \
(a)->family = AF_INET6; \
(a)->addr_data32[0] = (ip6h)->s_ip6_dst[0]; \
(a)->addr_data32[1] = (ip6h)->s_ip6_dst[1]; \
(a)->addr_data32[2] = (ip6h)->s_ip6_dst[2]; \
(a)->addr_data32[3] = (ip6h)->s_ip6_dst[3]; \
} while (0)

Definition at line 169 of file decode.h.

◆ SET_IPV6_SRC_ADDR

#define SET_IPV6_SRC_ADDR (   ip6h,
 
)
Value:
do { \
(a)->family = AF_INET6; \
(a)->addr_data32[0] = (ip6h)->s_ip6_src[0]; \
(a)->addr_data32[1] = (ip6h)->s_ip6_src[1]; \
(a)->addr_data32[2] = (ip6h)->s_ip6_src[2]; \
(a)->addr_data32[3] = (ip6h)->s_ip6_src[3]; \
} while (0)

Definition at line 160 of file decode.h.

◆ SET_PKT_LEN

#define SET_PKT_LEN (   p,
  len 
)
Value:
do { \
(p)->pktlen = (len); \
} while (0)

Definition at line 214 of file decode.h.

◆ SET_PORT

#define SET_PORT (   v,
 
)    ((p) = (v))

Definition at line 220 of file decode.h.

◆ SET_TCP_DST_PORT

#define SET_TCP_DST_PORT (   pkt,
  prt 
)
Value:
do { \
SET_PORT(TCP_GET_DST_PORT((pkt)), *(prt)); \
} while (0)

Definition at line 184 of file decode.h.

◆ SET_TCP_SRC_PORT

#define SET_TCP_SRC_PORT (   pkt,
  prt 
)
Value:
do { \
SET_PORT(TCP_GET_SRC_PORT((pkt)), *(prt)); \
} while (0)

Definition at line 180 of file decode.h.

◆ SET_UDP_DST_PORT

#define SET_UDP_DST_PORT (   pkt,
  prt 
)
Value:
do { \
SET_PORT(UDP_GET_DST_PORT((pkt)), *(prt)); \
} while (0)

Definition at line 193 of file decode.h.

◆ SET_UDP_SRC_PORT

#define SET_UDP_SRC_PORT (   pkt,
  prt 
)
Value:
do { \
SET_PORT(UDP_GET_SRC_PORT((pkt)), *(prt)); \
} while (0)

Definition at line 190 of file decode.h.

◆ SignatureMask

#define SignatureMask   uint8_t

Definition at line 100 of file decode.h.

◆ SIZE_OF_PACKET

#define SIZE_OF_PACKET   (default_packet_size + sizeof(Packet))

Definition at line 704 of file decode.h.

◆ TUNNEL_INCR_PKT_RTV_NOLOCK

#define TUNNEL_INCR_PKT_RTV_NOLOCK (   p)
Value:
do { \
((p)->root ? (p)->root->tunnel_rtv_cnt++ : (p)->tunnel_rtv_cnt++); \
} while (0)

Definition at line 1076 of file decode.h.

◆ TUNNEL_PKT_RTV

#define TUNNEL_PKT_RTV (   p)    ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt)

Definition at line 1088 of file decode.h.

◆ TUNNEL_PKT_TPR

#define TUNNEL_PKT_TPR (   p)    ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt)

Definition at line 1089 of file decode.h.

Typedef Documentation

◆ Address

typedef struct Address_ Address

◆ AppLayerDecoderEvents

typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents

Definition at line 1 of file decode.h.

◆ AppLayerThreadCtx

typedef struct AppLayerThreadCtx_ AppLayerThreadCtx

Definition at line 1 of file decode.h.

◆ DecoderFunc

typedef int(* DecoderFunc) (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)

Definition at line 1178 of file decode.h.

◆ DecodeThreadVars

typedef struct DecodeThreadVars_ DecodeThreadVars

Structure to hold thread specific data for all decode modules.

◆ Packet

typedef struct Packet_ Packet

◆ PacketAlert

typedef struct PacketAlert_ PacketAlert

◆ PacketAlerts

typedef struct PacketAlerts_ PacketAlerts

◆ PacketEngineEvents

typedef struct PacketEngineEvents_ PacketEngineEvents

data structure to store decoder, defrag and stream events

◆ PktProfiling

typedef struct PktProfiling_ PktProfiling

Per pkt stats storage.

◆ PktProfilingAppData

typedef struct PktProfilingAppData_ PktProfilingAppData

◆ PktProfilingData

typedef struct PktProfilingData_ PktProfilingData

◆ PktProfilingDetectData

typedef struct PktProfilingDetectData_ PktProfilingDetectData

◆ PktProfilingLoggerData

typedef struct PktProfilingLoggerData_ PktProfilingLoggerData

◆ PktProfilingTmmData

typedef struct PktProfilingTmmData_ PktProfilingTmmData

Per TMM stats storage.

◆ PktVar

typedef struct PktVar_ PktVar

◆ Port

typedef uint16_t Port

Definition at line 218 of file decode.h.

Enumeration Type Documentation

◆ ChecksumValidationMode

enum ChecksumValidationMode
Enumerator
CHECKSUM_VALIDATION_DISABLE 
CHECKSUM_VALIDATION_ENABLE 
CHECKSUM_VALIDATION_AUTO 
CHECKSUM_VALIDATION_RXONLY 
CHECKSUM_VALIDATION_KERNEL 
CHECKSUM_VALIDATION_OFFLOAD 

Definition at line 42 of file decode.h.

◆ DecodeTunnelProto

enum DecodeTunnelProto
Enumerator
DECODE_TUNNEL_ETHERNET 
DECODE_TUNNEL_ERSPANII 
DECODE_TUNNEL_ERSPANI 
DECODE_TUNNEL_VLAN 
DECODE_TUNNEL_IPV4 
DECODE_TUNNEL_IPV6 
DECODE_TUNNEL_IPV6_TEREDO 

separate protocol for stricter error handling

DECODE_TUNNEL_PPP 
DECODE_TUNNEL_NSH 
DECODE_TUNNEL_ARP 
DECODE_TUNNEL_UNSET 

Definition at line 1099 of file decode.h.

◆ PacketDropReason

enum PacketDropReason
Enumerator
PKT_DROP_REASON_NOT_SET 
PKT_DROP_REASON_DECODE_ERROR 
PKT_DROP_REASON_DEFRAG_ERROR 
PKT_DROP_REASON_DEFRAG_MEMCAP 
PKT_DROP_REASON_FLOW_MEMCAP 
PKT_DROP_REASON_FLOW_DROP 
PKT_DROP_REASON_APPLAYER_ERROR 
PKT_DROP_REASON_APPLAYER_MEMCAP 
PKT_DROP_REASON_RULES 
PKT_DROP_REASON_RULES_THRESHOLD 

detection_filter in action

PKT_DROP_REASON_STREAM_ERROR 
PKT_DROP_REASON_STREAM_MEMCAP 
PKT_DROP_REASON_STREAM_MIDSTREAM 
PKT_DROP_REASON_STREAM_REASSEMBLY 
PKT_DROP_REASON_STREAM_URG 
PKT_DROP_REASON_NFQ_ERROR 

no nfq verdict, must be error

PKT_DROP_REASON_INNER_PACKET 

drop issued by inner (tunnel) packet

PKT_DROP_REASON_DEFAULT_PACKET_POLICY 

drop issued by default packet policy

PKT_DROP_REASON_DEFAULT_APP_POLICY 

drop issued by default app policy

PKT_DROP_REASON_STREAM_PRE_HOOK 

drop issued in the pre_stream hook

PKT_DROP_REASON_FLOW_PRE_HOOK 

drop issued in the pre_flow hook

PKT_DROP_REASON_MAX 

Definition at line 380 of file decode.h.

◆ PacketL2Types

enum PacketL2Types
Enumerator
PACKET_L2_UNKNOWN 
PACKET_L2_ETHERNET 

Definition at line 414 of file decode.h.

◆ PacketL3Types

enum PacketL3Types
Enumerator
PACKET_L3_UNKNOWN 
PACKET_L3_IPV4 
PACKET_L3_IPV6 
PACKET_L3_ARP 

Definition at line 426 of file decode.h.

◆ PacketL4Types

enum PacketL4Types
Enumerator
PACKET_L4_UNKNOWN 
PACKET_L4_TCP 
PACKET_L4_UDP 
PACKET_L4_ICMPV4 
PACKET_L4_ICMPV6 
PACKET_L4_SCTP 
PACKET_L4_GRE 
PACKET_L4_ESP 

Definition at line 453 of file decode.h.

◆ PacketTunnelType

enum PacketTunnelType
Enumerator
PacketTunnelNone 
PacketTunnelRoot 
PacketTunnelChild 

Definition at line 405 of file decode.h.

◆ PktSrcEnum

enum PktSrcEnum
Enumerator
PKT_SRC_WIRE 
PKT_SRC_DECODER_GRE 
PKT_SRC_DECODER_IPV4 
PKT_SRC_DECODER_IPV6 
PKT_SRC_DECODER_TEREDO 
PKT_SRC_DEFRAG 
PKT_SRC_FFR 
PKT_SRC_STREAM_TCP_DETECTLOG_FLUSH 
PKT_SRC_DECODER_VXLAN 
PKT_SRC_DETECT_RELOAD_FLUSH 
PKT_SRC_CAPTURE_TIMEOUT 
PKT_SRC_DECODER_GENEVE 
PKT_SRC_SHUTDOWN_FLUSH 

Definition at line 51 of file decode.h.

Function Documentation

◆ DecodeARP()

int DecodeARP ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint32_t  len 
)
Author
Giuseppe Longo giuse.nosp@m.ppe@.nosp@m.glong.nosp@m.o.it

Definition at line 29 of file decode-arp.c.

References ARP_HEADER_MIN_LEN, ARP_PKT_TOO_SMALL, DecodeThreadVars_::counter_arp, dtv, ENGINE_SET_INVALID_EVENT, len, StatsIncr(), TM_ECODE_FAILED, tv, and unlikely.

Here is the call graph for this function:

◆ DecodeCHDLC()

int DecodeCHDLC ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 42 of file decode-chdlc.c.

References CHDLC_HEADER_LEN, CHDLC_PKT_TOO_SMALL, DecodeThreadVars_::counter_chdlc, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, StatsIncr(), TM_ECODE_FAILED, tv, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeERSPAN()

int DecodeERSPAN ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

ERSPAN Type II.

Definition at line 76 of file decode-erspan.c.

References DecodeThreadVars_::counter_erspan, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_EVENT, ERSPAN_HEADER_TOO_SMALL, len, StatsIncr(), TM_ECODE_FAILED, and tv.

Here is the call graph for this function:

◆ DecodeERSPANTypeI()

int DecodeERSPANTypeI ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

ERSPAN Type I.

Definition at line 65 of file decode-erspan.c.

References DecodeThreadVars_::counter_erspan, DecodeEthernet(), dtv, len, StatsIncr(), and tv.

Here is the call graph for this function:

◆ DecodeESP()

int DecodeESP ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint16_t  len 
)

Function to decode IPSEC-ESP packets.

Parameters
tvthread vars
dtvdecoder thread vars
ppacket
pktraw packet data
lenlength in bytes of pkt array
Return values
TM_ECODE_OKor TM_ECODE_FAILED on serious error

Definition at line 64 of file decode-esp.c.

References DecodeThreadVars_::counter_esp, DEBUG_VALIDATE_BUG_ON, dtv, StatsIncr(), and tv.

Here is the call graph for this function:

◆ DecodeEthernet()

int DecodeEthernet ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 42 of file decode-ethernet.c.

References DecodeThreadVars_::counter_eth, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, ETHERNET_HEADER_LEN, ETHERNET_PKT_TOO_SMALL, len, StatsIncr(), TM_ECODE_FAILED, tv, and unlikely.

Referenced by DecodeErfDag(), DecodeERSPANTypeI(), UTHBuildPacketFromEth(), and ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeGeneve()

int DecodeGeneve ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint32_t  len 
)
Parameters
pktpayload data directly above UDP header
lenlength in bytes of pkt

Definition at line 185 of file decode-geneve.c.

References DEBUG_VALIDATE_BUG_ON, DECODE_TUNNEL_UNSET, eth_type, and unlikely.

◆ DecodeGRE()

int DecodeGRE ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Function to decode GRE packets.

Todo:
We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.
Todo:
We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.

Definition at line 47 of file decode-gre.c.

References DecodeThreadVars_::counter_gre, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, GRE_HDR_LEN, GRE_PKT_TOO_SMALL, len, StatsIncr(), TM_ECODE_FAILED, and tv.

Here is the call graph for this function:

◆ DecodeICMPV4()

int DecodeICMPV4 ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint32_t  len 
)

Main ICMPv4 decoding function.

DecodeICMPV4

Definition at line 143 of file decode-icmpv4.c.

References DecodeThreadVars_::counter_icmpv4, dtv, ENGINE_SET_INVALID_EVENT, ICMPV4_HEADER_LEN, ICMPV4_PKT_TOO_SMALL, len, StatsIncr(), TM_ECODE_FAILED, and tv.

Here is the call graph for this function:

◆ DecodeICMPV6()

int DecodeICMPV6 ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint32_t  len 
)

Decode ICMPV6 packets and fill the Packet with the decoded info.

Parameters
tvPointer to the thread variables
dtvPointer to the decode thread variables
pPointer to the packet we are filling
pktPointer to the raw packet buffer
lenthe len of the rest of the packet not processed yet
Return values
voidNo return value

Definition at line 177 of file decode-icmpv6.c.

◆ DecodeIEEE8021ah()

int DecodeIEEE8021ah ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

◆ DecodeIPV4()

int DecodeIPV4 ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint16_t   
)

Definition at line 520 of file decode-ipv4.c.

References DecodeThreadVars_::counter_ipv4, dtv, len, SCLogDebug, StatsIncr(), and tv.

Referenced by DecodeNull(), DecodePPPOESession(), and DecodeRaw().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeIPV6()

int DecodeIPV6 ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint16_t   
)

Definition at line 560 of file decode-ipv6.c.

References DecodeThreadVars_::counter_ipv6, dtv, StatsIncr(), and tv.

Referenced by DecodeNull(), DecodePPPOESession(), and DecodeRaw().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeIPV6FragHeader()

void DecodeIPV6FragHeader ( Packet p,
const uint8_t *  pkt,
uint16_t  hdrextlen,
uint16_t  plen,
uint16_t  prev_hdrextlen 
)

Definition at line 92 of file decode-ipv6.c.

References GET_PKT_DATA, PacketL3::ip6, Packet_::l3, SCLogDebug, SCNtohl, and PacketL3::vars.

◆ DecodeMPLS()

int DecodeMPLS ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 49 of file decode-mpls.c.

References DecodeThreadVars_::counter_mpls, DEBUG_VALIDATE_BUG_ON, dtv, StatsIncr(), and tv.

Here is the call graph for this function:

◆ DecodeNSH()

int DecodeNSH ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Function to decode NSH packets.

Definition at line 46 of file decode-nsh.c.

References DecodeThreadVars_::counter_nsh, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, NSH_HEADER_TOO_SMALL, StatsIncr(), TM_ECODE_FAILED, and tv.

Here is the call graph for this function:

◆ DecodeNull()

int DecodeNull ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 51 of file decode-null.c.

References AF_INET6_BSD, AF_INET6_DARWIN, AF_INET6_FREEBSD, AF_INET6_LINUX, AF_INET6_SOLARIS, AF_INET6_WINSOCK, DecodeThreadVars_::counter_null, DEBUG_VALIDATE_BUG_ON, DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, HDR_SIZE, len, LTNULL_PKT_TOO_SMALL, LTNULL_UNSUPPORTED_TYPE, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, type, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodePPP()

int DecodePPP ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 174 of file decode-ppp.c.

References DecodeThreadVars_::counter_ppp, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, PPP_PKT_TOO_SMALL, proto_size, StatsIncr(), TM_ECODE_FAILED, tv, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodePPPOEDiscovery()

int DecodePPPOEDiscovery ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Main decoding function for PPPOE Discovery packets.

Definition at line 50 of file decode-pppoe.c.

References DecodeThreadVars_::counter_pppoe, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, PPPOE_CODE_PADI, PPPOE_CODE_PADO, PPPOE_CODE_PADR, PPPOE_CODE_PADS, PPPOE_CODE_PADT, PPPOE_DISCOVERY_HEADER_MIN_LEN, pppoe_length, PPPOE_MALFORMED_TAGS, PPPOE_PKT_TOO_SMALL, PPPOE_WRONG_CODE, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and tv.

Here is the call graph for this function:

◆ DecodePPPOESession()

int DecodePPPOESession ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Main decoding function for PPPOE Session packets.

Definition at line 124 of file decode-pppoe.c.

References DecodeThreadVars_::counter_pppoe, DEBUG_VALIDATE_BUG_ON, DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV6_HEADER_LEN, len, PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPOESessionHdr_::pppoe_code, PPPOESessionHdr_::pppoe_length, PPPOE_PKT_TOO_SMALL, PPPOE_SESSION_GET_TYPE, PPPOE_SESSION_GET_VERSION, PPPOE_SESSION_HEADER_MIN_LEN, PPPVJU_PKT_TOO_SMALL, PPPOESessionHdr_::protocol, SCLogDebug, SCNtohs, PPPOESessionHdr_::session_id, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.

Here is the call graph for this function:

◆ DecodeRaw()

int DecodeRaw ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 42 of file decode-raw.c.

References DecodeThreadVars_::counter_raw, DEBUG_VALIDATE_BUG_ON, DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, IP_GET_RAW_VER, IPRAW_INVALID_IPV, IPV4_HEADER_LEN, IPV4_PKT_TOO_SMALL, len, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeSCTP()

int DecodeSCTP ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint16_t   
)

Definition at line 62 of file decode-sctp.c.

References DecodeThreadVars_::counter_sctp, dtv, StatsIncr(), tv, and unlikely.

Here is the call graph for this function:

◆ DecodeSll()

int DecodeSll ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 41 of file decode-sll.c.

References DecodeThreadVars_::counter_sll, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, SLL_HEADER_LEN, SLL_PKT_TOO_SMALL, StatsIncr(), TM_ECODE_FAILED, tv, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeSll2()

int DecodeSll2 ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 40 of file decode-sll2.c.

References DecodeThreadVars_::counter_sll2, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, SLL2_HEADER_LEN, SLL2_PKT_TOO_SMALL, StatsIncr(), TM_ECODE_FAILED, tv, and unlikely.

Referenced by ValidateLinkType().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DecodeTCP()

int DecodeTCP ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint16_t   
)

Definition at line 273 of file decode-tcp.c.

References DecodeThreadVars_::counter_tcp, dtv, StatsIncr(), tv, and unlikely.

Here is the call graph for this function:

◆ DecodeTEMPLATE()

int DecodeTEMPLATE ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint32_t  len 
)

Function to decode TEMPLATE packets.

Parameters
tvthread vars
dtvdecoder thread vars
ppacket
pktraw packet data
lenlength in bytes of pkt array
Return values
TM_ECODE_OKor TM_ECODE_FAILED on serious error

Definition at line 51 of file decode-template.c.

References DEBUG_VALIDATE_BUG_ON, len, and TM_ECODE_FAILED.

◆ DecodeUDP()

int DecodeUDP ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint16_t   
)

Definition at line 75 of file decode-udp.c.

References DecodeThreadVars_::counter_udp, dtv, StatsIncr(), tv, and unlikely.

Here is the call graph for this function:

◆ DecodeVLAN()

int DecodeVLAN ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 54 of file decode-vlan.c.

References DecodeThreadVars_::counter_vlan, DecodeThreadVars_::counter_vlan_qinq, DecodeThreadVars_::counter_vlan_qinqinq, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, proto, StatsIncr(), TM_ECODE_FAILED, tv, VLAN_HEADER_LEN, VLAN_HEADER_TOO_SMALL, and Packet_::vlan_idx.

Here is the call graph for this function:

◆ DecodeVNTag()

int DecodeVNTag ( ThreadVars ,
DecodeThreadVars ,
Packet ,
const uint8_t *  ,
uint32_t   
)

Definition at line 52 of file decode-vntag.c.

References DecodeThreadVars_::counter_vntag, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, StatsIncr(), TM_ECODE_FAILED, tv, VNTAG_HEADER_LEN, and VNTAG_HEADER_TOO_SMALL.

Here is the call graph for this function:

◆ DecodeVXLAN()

int DecodeVXLAN ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p,
const uint8_t *  pkt,
uint32_t  len 
)
Parameters
pktpayload data directly above UDP header
lenlength in bytes of pkt

Definition at line 122 of file decode-vxlan.c.

References DEBUG_VALIDATE_BUG_ON, and unlikely.

s_ip_src
#define s_ip_src
Definition: decode-ipv4.h:91
len
uint8_t len
Definition: app-layer-dnp3.h:2
addr_data32
#define addr_data32
Definition: decode.h:122
UDP_GET_SRC_PORT
#define UDP_GET_SRC_PORT(p)
Definition: decode-udp.h:36
PKT_ZERO_COPY
#define PKT_ZERO_COPY
Definition: decode.h:1282
TCP_GET_DST_PORT
#define TCP_GET_DST_PORT(p)
Definition: decode-tcp.h:111
TCP_GET_SRC_PORT
#define TCP_GET_SRC_PORT(p)
Definition: decode-tcp.h:110
UDP_GET_DST_PORT
#define UDP_GET_DST_PORT(p)
Definition: decode-udp.h:37
flags
uint8_t flags
Definition: decode-gre.h:0
PACKET_ENGINE_EVENT_MAX
#define PACKET_ENGINE_EVENT_MAX
Definition: decode.h:303
s_ip_dst
#define s_ip_dst
Definition: decode-ipv4.h:92
PKT_IS_INVALID
#define PKT_IS_INVALID
Definition: decode.h:1289