suricata
Data Fields
Packet_ Struct Reference

#include <decode.h>

Collaboration diagram for Packet_:
Collaboration graph
[legend]

Data Fields

Address src
 
Address dst
 
union {
   Port   sp
 
   struct {
      uint8_t   type
 
      uint8_t   code
 
   }   icmp_s
 
}; 
 
union {
   Port   dp
 
   struct {
      uint8_t   type
 
      uint8_t   code
 
   }   icmp_d
 
}; 
 
uint8_t proto
 
uint8_t recursion_level
 
uint16_t vlan_id [VLAN_MAX_LAYERS]
 
uint8_t vlan_idx
 
uint8_t flowflags
 
uint8_t app_update_direction
 
uint32_t flags
 
struct Flow_flow
 
uint32_t flow_hash
 
SCTime_t ts
 
union {
   NFQPacketVars   nfq_v
 
   IPFWPacketVars   ipfw_v
 
   NapatechPacketVars   ntpv
 
   uint8_t   plugin_v [PLUGIN_VAR_SIZE]
 
   PcapPacketVars   pcap_v
 
}; 
 
void(* ReleasePacket )(struct Packet_ *)
 
int(* BypassPacketsFlow )(struct Packet_ *)
 
PktVarpktvar
 
EthernetHdr * ethh
 
int32_t level3_comp_csum
 
int32_t level4_comp_csum
 
IPV4Hdrip4h
 
IPV6Hdrip6h
 
union {
   IPV4Vars   ip4vars
 
   struct {
      IPV6Vars   ip6vars
 
      IPV6ExtHdrs   ip6eh
 
   } 
 
}; 
 
union {
   TCPVars   tcpvars
 
   ICMPV4Vars   icmpv4vars
 
   ICMPV6Vars   icmpv6vars
 
l4vars
 
TCPHdr * tcph
 
UDPHdr * udph
 
SCTPHdr * sctph
 
ESPHdr * esph
 
ICMPV4Hdr * icmpv4h
 
ICMPV6Hdricmpv6h
 
PPPHdr * ppph
 
PPPOESessionHdrpppoesh
 
PPPOEDiscoveryHdr * pppoedh
 
GREHdr * greh
 
uint8_t * payload
 
uint16_t payload_len
 
uint8_t action
 
uint8_t pkt_src
 
uint32_t pktlen
 
uint8_t * ext_pkt
 
struct LiveDevice_livedev
 
PacketAlerts alerts
 
struct Host_host_src
 
struct Host_host_dst
 
uint64_t pcap_cnt
 
PacketEngineEvents events
 
AppLayerDecoderEventsapp_layer_events
 
struct Packet_next
 
struct Packet_prev
 
int datalink
 
uint8_t nb_decoded_layers
 
uint8_t drop_reason
 
struct Packet_root
 
uint16_t tunnel_rtv_cnt
 
uint16_t tunnel_tpr_cnt
 
uint32_t tenant_id
 
struct PktPool_pool
 
PktProfilingprofile
 
struct {
   SCSpinlock   tunnel_lock
 
persistent
 

Detailed Description

Definition at line 429 of file decode.h.

Field Documentation

◆ @32

union { ... }

◆ @34

union { ... }

◆ @36

union { ... }

◆ @38

union { ... }

◆ action

uint8_t Packet_::action

Definition at line 581 of file decode.h.

Referenced by PacketCheckAction(), PacketDrop(), and TmqhOutputPacketpool().

◆ alerts

PacketAlerts Packet_::alerts

Definition at line 592 of file decode.h.

Referenced by AlertFastLogCondition(), AlertFastLogger(), AlertQueueAppend(), EveAddVerdict(), PacketAlertCheck(), PacketDestructor(), PacketInit(), and PacketReinit().

◆ app_layer_events

AppLayerDecoderEvents* Packet_::app_layer_events

Definition at line 604 of file decode.h.

Referenced by PacketCreateMask(), PacketDestructor(), and PacketReinit().

◆ app_update_direction

uint8_t Packet_::app_update_direction

Definition at line 464 of file decode.h.

Referenced by PacketReinit().

◆ BypassPacketsFlow

int(* Packet_::BypassPacketsFlow) (struct Packet_ *)

The function triggering bypass the flow in the capture method. Return 1 for success and 0 on error

Definition at line 522 of file decode.h.

Referenced by PacketBypassCallback(), PacketReinit(), and ReceivePfringLoop().

◆ code

uint8_t Packet_::code

Definition at line 441 of file decode.h.

◆ datalink

int Packet_::datalink

data linktype in host order

Definition at line 611 of file decode.h.

Referenced by DecodeErfDag(), EvePacket(), NapatechDecode(), PacketDefragPktSetup(), PacketReinit(), and PacketTunnelPktSetup().

◆ dp

Port Packet_::dp

Definition at line 445 of file decode.h.

Referenced by AlertFastLogger(), FlowGetPacketDirection(), IPOnlyMatchPacket(), JsonAddrInfoInit(), PacketReinit(), TLSGetIPInformations(), and UTHBuildPacketIPV6Real().

◆ drop_reason

uint8_t Packet_::drop_reason

Definition at line 619 of file decode.h.

Referenced by CaptureStatsUpdate(), PacketDrop(), and PacketReinit().

◆ dst

Address Packet_::dst

Definition at line 435 of file decode.h.

Referenced by FlowGetIpPairProtoHash(), IPOnlyMatchPacket(), PacketReinit(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), and UTHBuildPacketOfFlows().

◆ esph

ESPHdr* Packet_::esph

Definition at line 563 of file decode.h.

Referenced by PacketReinit().

◆ ethh

EthernetHdr* Packet_::ethh

Definition at line 528 of file decode.h.

Referenced by PacketReinit().

◆ events

PacketEngineEvents Packet_::events

Definition at line 602 of file decode.h.

Referenced by PacketCreateMask(), PacketReinit(), PacketUpdateEngineEventCounters(), and SigMatchSignaturesGetSgh().

◆ ext_pkt

uint8_t* Packet_::ext_pkt

Definition at line 587 of file decode.h.

Referenced by PacketCallocExtPkt(), PacketCopyDataOffset(), and PacketSetData().

◆ flags

uint32_t Packet_::flags

Definition at line 467 of file decode.h.

Referenced by CaptureStatsUpdate(), DetectReplaceExecuteInternal(), FlowHandlePacket(), FlowSetupPacket(), IPOnlyMatchPacket(), PacketCreateMask(), PacketDecodeFinalize(), PacketReinit(), PacketSetData(), Prefilter(), SCProfileRuleStart(), StreamTcpInlineSegmentReplacePacket(), StreamTcpReassembleAppLayer(), StreamTcpReassembleHandleSegment(), TmqhOutputFlowHash(), and UTHAssignFlow().

◆ flow

struct Flow_* Packet_::flow

Definition at line 469 of file decode.h.

Referenced by CreateEveHeader(), DetectEngineInspectPktBufferGeneric(), DetectFlowintMatch(), DetectFlowvarMatch(), DetectRunPrefilterTx(), ExceptionPolicyParse(), FlowHandlePacket(), PacketBypassCallback(), Prefilter(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigMatchSignatures(), StreamTcp(), StreamTcpPacket(), StreamTcpReassembleAppLayer(), StreamTcpReassembleDepthReached(), StreamTcpReassembleHandleSegment(), StreamTcpSessionPktFree(), TagFlowAdd(), TagHandlePacket(), TmqhReleasePacketsToPacketPool(), TmThreadsProcessDecodePseudoPackets(), TmThreadsSlotVarRun(), UTHAssignFlow(), and UTHBuildPacketOfFlows().

◆ flow_hash

uint32_t Packet_::flow_hash

Definition at line 473 of file decode.h.

Referenced by FlowGetFlowFromHash(), FlowSetupPacket(), and TmqhOutputFlowHash().

◆ flowflags

uint8_t Packet_::flowflags

Definition at line 461 of file decode.h.

Referenced by AppLayerHandleUdp(), DetectFlowMatch(), FlowHandlePacketUpdate(), PacketReinit(), PacketSwap(), SigMatchSignaturesGetSgh(), and StreamTcpReassembleDepthReached().

◆ greh

GREHdr* Packet_::greh

Definition at line 573 of file decode.h.

Referenced by PacketReinit().

◆ host_dst

struct Host_* Packet_::host_dst

Definition at line 595 of file decode.h.

◆ host_src

struct Host_* Packet_::host_src

Definition at line 594 of file decode.h.

◆ icmp_d

struct { ... } Packet_::icmp_d

Referenced by DecodeICMPV4(), and DecodeICMPV6().

◆ icmp_s

struct { ... } Packet_::icmp_s

Referenced by AlertFastLogger(), DecodeICMPV4(), DecodeICMPV6(), and FlowInit().

◆ icmpv4h

ICMPV4Hdr* Packet_::icmpv4h

Definition at line 565 of file decode.h.

Referenced by DecodeICMPV4(), FlowInit(), and PacketReinit().

◆ icmpv4vars

ICMPV4Vars Packet_::icmpv4vars

Definition at line 550 of file decode.h.

Referenced by DecodeICMPV4().

◆ icmpv6h

ICMPV6Hdr* Packet_::icmpv6h

Definition at line 567 of file decode.h.

Referenced by DecodeICMPV6(), and PacketReinit().

◆ icmpv6vars

ICMPV6Vars Packet_::icmpv6vars

Definition at line 551 of file decode.h.

◆ ip4h

IPV4Hdr* Packet_::ip4h

Definition at line 535 of file decode.h.

Referenced by FlowGetIpPairProtoHash(), PacketReinit(), and UTHFreePacket().

◆ ip4vars

IPV4Vars Packet_::ip4vars

Definition at line 541 of file decode.h.

◆ ip6eh

IPV6ExtHdrs Packet_::ip6eh

Definition at line 544 of file decode.h.

Referenced by DecodeIPV6FragHeader().

◆ ip6h

IPV6Hdr* Packet_::ip6h

Definition at line 537 of file decode.h.

Referenced by FlowGetIpPairProtoHash(), PacketReinit(), and UTHBuildPacketIPV6Real().

◆ ip6vars

IPV6Vars Packet_::ip6vars

Definition at line 543 of file decode.h.

◆ ipfw_v

IPFWPacketVars Packet_::ipfw_v

Definition at line 486 of file decode.h.

◆ l4vars

union { ... } Packet_::l4vars

◆ level3_comp_csum

int32_t Packet_::level3_comp_csum

Definition at line 531 of file decode.h.

◆ level4_comp_csum

int32_t Packet_::level4_comp_csum

Definition at line 533 of file decode.h.

◆ livedev

struct LiveDevice_* Packet_::livedev

Definition at line 590 of file decode.h.

Referenced by FlowInit(), PacketDefragPktSetup(), PacketInit(), PacketReinit(), and PacketTunnelPktSetup().

◆ nb_decoded_layers

uint8_t Packet_::nb_decoded_layers

Definition at line 616 of file decode.h.

Referenced by PacketReinit(), and PacketTunnelPktSetup().

◆ next

struct Packet_* Packet_::next

Definition at line 607 of file decode.h.

Referenced by PacketReinit().

◆ nfq_v

NFQPacketVars Packet_::nfq_v

Definition at line 483 of file decode.h.

◆ ntpv

NapatechPacketVars Packet_::ntpv

Definition at line 506 of file decode.h.

◆ payload

uint8_t* Packet_::payload

Definition at line 577 of file decode.h.

Referenced by DecodeICMPV6(), DetectEngineInspectPacketPayload(), PacketReinit(), StreamTcpInlineSegmentCompare(), StreamTcpInlineSegmentReplacePacket(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), and UTHBuildPacketIPV6Real().

◆ payload_len

uint16_t Packet_::payload_len

Definition at line 578 of file decode.h.

Referenced by DecodeICMPV6(), DetectEngineInspectPacketPayload(), PacketCreateMask(), PacketReinit(), Prefilter(), StreamTcpInlineSegmentCompare(), StreamTcpInlineSegmentReplacePacket(), StreamTcpReassembleHandleSegment(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), and UTHBuildPacketIPV6Real().

◆ pcap_cnt

uint64_t Packet_::pcap_cnt

packet number in the pcap file, matches wireshark

Definition at line 598 of file decode.h.

Referenced by AlertFastLogger(), DetectRunPrefilterFrame(), DetectRunPrefilterTx(), ExceptionPolicyParse(), FlowHandlePacketUpdate(), PacketReinit(), StreamTcp(), StreamTcpPacket(), and StreamTcpSackUpdatePacket().

◆ pcap_v

PcapPacketVars Packet_::pcap_v

libpcap vars: shared by Pcap Live mode and Pcap File mode

Definition at line 515 of file decode.h.

◆ persistent

struct { ... } Packet_::persistent

Referenced by PacketDestructor(), PacketInit(), and TmqhOutputPacketpool().

◆ pkt_src

uint8_t Packet_::pkt_src

Definition at line 583 of file decode.h.

Referenced by PacketEnqueueNoLock(), PacketReinit(), and StreamTcp().

◆ pktlen

uint32_t Packet_::pktlen

Definition at line 586 of file decode.h.

◆ pktvar

PktVar* Packet_::pktvar

Definition at line 525 of file decode.h.

Referenced by EveAddMetadata(), PacketDestructor(), PacketReinit(), PktVarAdd(), PktVarAddKeyValue(), and PktVarGet().

◆ plugin_v

uint8_t Packet_::plugin_v[PLUGIN_VAR_SIZE]

Definition at line 512 of file decode.h.

◆ pool

struct PktPool_* Packet_::pool

Definition at line 639 of file decode.h.

Referenced by PacketFreeOrRelease(), TmqhOutputPacketpool(), and TmqhOutputSimple().

◆ ppph

PPPHdr* Packet_::ppph

Definition at line 569 of file decode.h.

Referenced by PacketReinit().

◆ pppoedh

PPPOEDiscoveryHdr* Packet_::pppoedh

Definition at line 571 of file decode.h.

Referenced by DecodePPPOEDiscovery(), and PacketReinit().

◆ pppoesh

PPPOESessionHdr* Packet_::pppoesh

Definition at line 570 of file decode.h.

Referenced by DecodePPPOESession(), and PacketReinit().

◆ prev

struct Packet_* Packet_::prev

Definition at line 608 of file decode.h.

Referenced by PacketReinit().

◆ profile

PktProfiling* Packet_::profile

Definition at line 642 of file decode.h.

Referenced by SCProfileRuleStart(), and SCProfilingAddPacket().

◆ proto

uint8_t Packet_::proto

Definition at line 452 of file decode.h.

Referenced by DecodeICMPV4(), DecodeICMPV6(), DetectEngineInspectFrameBufferGeneric(), DetectEngineInspectStream(), EveAddVerdict(), FlowGetIpPairProtoHash(), FlowGetPacketDirection(), FlowInit(), FrameJsonLogOneFrame(), FramesPrune(), IPOnlyMatchPacket(), JsonAddrInfoInit(), PacketReinit(), Prefilter(), SigMatchSignaturesGetSgh(), StreamSegmentForEach(), StreamSegmentForSession(), TcpSessionPacketSsnReuse(), UTHBuildPacketIPV6Real(), and UTHFreePacket().

◆ recursion_level

uint8_t Packet_::recursion_level

Definition at line 455 of file decode.h.

Referenced by FlowGetIpPairProtoHash(), FlowInit(), PacketDefragPktSetup(), PacketReinit(), and PacketTunnelPktSetup().

◆ ReleasePacket

void(* Packet_::ReleasePacket) (struct Packet_ *)

The release function for packet structure and data

Definition at line 519 of file decode.h.

Referenced by PacketFreeOrRelease(), PacketGetFromAlloc(), PacketGetFromQueueOrAlloc(), and TmqhOutputPacketpool().

◆ root

struct Packet_* Packet_::root

Definition at line 622 of file decode.h.

Referenced by PacketCheckAction(), PacketDefragPktSetup(), PacketDrop(), PacketReinit(), PacketTunnelPktSetup(), TmqhOutputPacketpool(), and TmqhOutputSimple().

◆ sctph

SCTPHdr* Packet_::sctph

Definition at line 561 of file decode.h.

Referenced by PacketReinit().

◆ sp

Port Packet_::sp

Definition at line 437 of file decode.h.

Referenced by AlertFastLogger(), FlowGetPacketDirection(), IPOnlyMatchPacket(), JsonAddrInfoInit(), PacketReinit(), TLSGetIPInformations(), and UTHBuildPacketIPV6Real().

◆ src

Address Packet_::src

Definition at line 434 of file decode.h.

Referenced by FlowGetIpPairProtoHash(), FlowGetPacketDirection(), IPOnlyMatchPacket(), PacketReinit(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), and UTHBuildPacketOfFlows().

◆ tcph

TCPHdr* Packet_::tcph

Definition at line 557 of file decode.h.

Referenced by FlowInit(), PacketCreateMask(), PacketReinit(), ReCalculateChecksum(), StreamTcpPacket(), StreamTcpReassembleHandleSegment(), StreamTcpUTAddPayload(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), TcpSessionPacketSsnReuse(), UTHBuildPacketIPV6Real(), and UTHFreePacket().

◆ tcpvars

TCPVars Packet_::tcpvars

Definition at line 549 of file decode.h.

◆ tenant_id

uint32_t Packet_::tenant_id

tenant id for this packet, if any. If 0 then no tenant was assigned.

Definition at line 634 of file decode.h.

Referenced by AlertJsonHeader(), Detect(), PacketDefragPktSetup(), PacketReinit(), and PacketTunnelPktSetup().

◆ ts

SCTime_t Packet_::ts

Definition at line 475 of file decode.h.

Referenced by AlertFastLogger(), CreateEveHeader(), FlowHandlePacketUpdate(), PacketDefragPktSetup(), PacketReinit(), PacketTunnelPktSetup(), and UTHBuildPacketIPV6Real().

◆ tunnel_lock

SCSpinlock Packet_::tunnel_lock

lock to protect access to:

  • tunnel_rtv_cnt
  • tunnel_tpr_cnt
  • nfq_v.mark
  • flags

Definition at line 652 of file decode.h.

Referenced by PacketDestructor(), PacketInit(), and TmqhOutputPacketpool().

◆ tunnel_rtv_cnt

uint16_t Packet_::tunnel_rtv_cnt

Definition at line 629 of file decode.h.

Referenced by PacketReinit().

◆ tunnel_tpr_cnt

uint16_t Packet_::tunnel_tpr_cnt

Definition at line 631 of file decode.h.

Referenced by PacketReinit().

◆ type

uint8_t Packet_::type

Definition at line 440 of file decode.h.

◆ udph

UDPHdr* Packet_::udph

Definition at line 559 of file decode.h.

Referenced by FlowInit(), PacketReinit(), and UTHFreePacket().

◆ vlan_id

uint16_t Packet_::vlan_id[VLAN_MAX_LAYERS]

Definition at line 457 of file decode.h.

Referenced by FlowGetIpPairProtoHash(), FlowInit(), PacketDefragPktSetup(), and PacketReinit().

◆ vlan_idx

uint8_t Packet_::vlan_idx

Definition at line 458 of file decode.h.

Referenced by DecodePfring(), DecodeVLAN(), FlowInit(), PacketDefragPktSetup(), and PacketReinit().

The documentation for this struct was generated from the following file: