#include <decode.h>

Collaboration diagram for Packet_:

[legend]

Data Fields
Address	src

Address	dst

union {
Port sp

struct {
uint8_t type

uint8_t code

} icmp_s

};

union {
Port dp

struct {
uint8_t type

uint8_t code

} icmp_d

};

uint8_t	proto

uint8_t	recursion_level

uint16_t	vlan_id [VLAN_MAX_LAYERS]

uint8_t	vlan_idx

uint8_t	flowflags

uint8_t	app_update_direction

SignatureMask	sig_mask

uint16_t	pkt_hooks

uint8_t	ttype

uint32_t	flags

struct Flow_ *	flow

uint32_t	flow_hash

SCTime_t	ts

union {
NFQPacketVars nfq_v

IPFWPacketVars ipfw_v

uint8_t plugin_v [PLUGIN_VAR_SIZE]

PcapPacketVars pcap_v

};

void(*	ReleasePacket )(struct Packet_ *)

int(*	BypassPacketsFlow )(struct Packet_ *)

PktVar *	pktvar

struct PacketL2	l2

struct PacketL3	l3

struct PacketL4	l4

uint8_t *	payload

uint16_t	payload_len

uint8_t	action

uint8_t	pkt_src

uint32_t	pktlen

uint8_t *	ext_pkt

uint16_t	livedev_id

uint16_t	livedev_dst_id

PacketAlerts	alerts

struct Host_ *	host_src

struct Host_ *	host_dst

PacketEngineEvents	events

AppLayerDecoderEvents *	app_layer_events

struct Packet_ *	next

struct Packet_ *	prev

int	datalink

uint8_t	nb_decoded_layers

uint8_t	drop_reason

bool	tunnel_verdicted

struct Packet_ *	root

uint16_t	tunnel_rtv_cnt

uint16_t	tunnel_tpr_cnt

uint32_t	tenant_id

struct PktPool_ *	pool

PktProfiling *	profile

struct {
SCSpinlock tunnel_lock

}	persistent

uint8_t	pkt_data []

Detailed Description

Definition at line 514 of file decode.h.

Field Documentation

◆ @33

union { ... }

◆ @35

union { ... }

◆ @37

union { ... }

◆ action

uint8_t Packet_::action

Definition at line 623 of file decode.h.

Referenced by DetectFirewallPolicyToString(), PacketCheckAction(), PacketDrop(), and PacketGetAction().

◆ alerts

PacketAlerts Packet_::alerts

Definition at line 636 of file decode.h.

Referenced by AlertQueueAppend(), PacketAlertCheck(), PacketDestructor(), and PacketInit().

◆ app_layer_events

AppLayerDecoderEvents* Packet_::app_layer_events

Definition at line 644 of file decode.h.

Referenced by AppLayerHandleUdp(), PacketCreateMask(), and PacketDestructor().

◆ app_update_direction

uint8_t Packet_::app_update_direction

Definition at line 549 of file decode.h.

Referenced by PacketReinit().

◆ BypassPacketsFlow

int(* Packet_::BypassPacketsFlow) (struct Packet_ *)

The function triggering bypass the flow in the capture method. Return 1 for success and 0 on error

Definition at line 608 of file decode.h.

Referenced by PacketBypassCallback().

◆ code

uint8_t Packet_::code

Definition at line 526 of file decode.h.

◆ datalink

int Packet_::datalink

data linktype in host order

Definition at line 651 of file decode.h.

Referenced by DecodeErfDag(), EvePacket(), PacketReinit(), PacketTunnelPktSetup(), and SCPacketSetDatalink().

◆ dp

Port Packet_::dp

Definition at line 530 of file decode.h.

Referenced by FlowGetPacketDirection(), PacketReinit(), UTHBuildPacketIPV6Real(), and UTHBuildPacketReal().

◆ drop_reason

uint8_t Packet_::drop_reason

Definition at line 659 of file decode.h.

Referenced by PacketDrop(), and PacketReinit().

◆ dst

Address Packet_::dst

Definition at line 520 of file decode.h.

Referenced by IPOnlyMatchPacket(), PacketReinit(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), UTHBuildPacketOfFlows(), and UTHBuildPacketReal().

◆ events

PacketEngineEvents Packet_::events

Definition at line 642 of file decode.h.

Referenced by PacketCreateMask(), and PacketUpdateEngineEventCounters().

◆ ext_pkt

uint8_t* Packet_::ext_pkt

Definition at line 629 of file decode.h.

Referenced by PacketCallocExtPkt(), PacketCopyDataOffset(), and PacketSetData().

◆ flags

uint32_t Packet_::flags

Definition at line 561 of file decode.h.

Referenced by DetectReplaceExecuteInternal(), DumpPatterns(), FlowHandlePacket(), FlowSetupPacket(), PacketCreateMask(), PacketDecodeFinalize(), PacketReinit(), PacketSetData(), Prefilter(), SCProfileRuleStart(), StreamTcpReassembleAppLayer(), TmqhOutputFlowHash(), and UTHAssignFlow().

◆ flow

◆ flow_hash

uint32_t Packet_::flow_hash

Definition at line 567 of file decode.h.

Referenced by FlowGetFlowFromHash(), FlowSetupPacket(), and TmqhOutputFlowHash().

◆ flowflags

uint8_t Packet_::flowflags

Definition at line 546 of file decode.h.

Referenced by AppLayerHandleUdp(), DetectFlowMatch(), JsonBuildFileInfoRecord(), PacketReinit(), PacketSwap(), and StreamTcpReassembleDepthReached().

◆ host_dst

struct Host_* Packet_::host_dst

Definition at line 639 of file decode.h.

◆ host_src

struct Host_* Packet_::host_src

Definition at line 638 of file decode.h.

◆ icmp_d

struct { ... } Packet_::icmp_d

◆ icmp_s

struct { ... } Packet_::icmp_s

◆ ipfw_v

IPFWPacketVars Packet_::ipfw_v

Definition at line 580 of file decode.h.

◆ l2

struct PacketL2 Packet_::l2

Definition at line 611 of file decode.h.

◆ l3

struct PacketL3 Packet_::l3

Definition at line 611 of file decode.h.

Referenced by DecodeIPV6FragHeader(), and UTHFreePacket().

◆ l4

struct PacketL4 Packet_::l4

Definition at line 611 of file decode.h.

Referenced by StreamTcpUTAddPayload(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), and UTHFreePacket().

◆ livedev_dst_id

uint16_t Packet_::livedev_dst_id

Definition at line 634 of file decode.h.

Referenced by PacketInit().

◆ livedev_id

uint16_t Packet_::livedev_id

Definition at line 632 of file decode.h.

Referenced by FlowInit(), PacketInit(), PacketTunnelPktSetup(), and SCPacketSetLiveDevice().

◆ nb_decoded_layers

uint8_t Packet_::nb_decoded_layers

Definition at line 656 of file decode.h.

Referenced by PacketTunnelPktSetup().

◆ next

struct Packet_* Packet_::next

Definition at line 647 of file decode.h.

Referenced by DetectPortLookupGroup().

◆ nfq_v

NFQPacketVars Packet_::nfq_v

Definition at line 577 of file decode.h.

◆ payload

uint8_t* Packet_::payload

Definition at line 619 of file decode.h.

Referenced by AppLayerHandleUdp(), DetectEngineInspectPacketPayload(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), UTHBuildPacketIPV6Real(), and UTHBuildPacketReal().

◆ payload_len

uint16_t Packet_::payload_len

Definition at line 620 of file decode.h.

Referenced by AppLayerHandleUdp(), DetectEngineInspectPacketPayload(), PacketCreateMask(), Prefilter(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), UTHBuildPacketIPV6Real(), and UTHBuildPacketReal().

◆ pcap_v

PcapPacketVars Packet_::pcap_v

libpcap vars: shared by Pcap Live mode and Pcap File mode

Definition at line 601 of file decode.h.

Referenced by PcapFileReleasePseudoPacket().

◆ persistent

struct { ... } Packet_::persistent

Referenced by PacketDestructor(), and PacketInit().

◆ pkt_data

uint8_t Packet_::pkt_data[]

flex array accessor to allocated packet data. Size of the additional data is default_packet_size. If this is insufficient, Packet::ext_pkt will be used instead.

Definition at line 701 of file decode.h.

◆ pkt_hooks

uint16_t Packet_::pkt_hooks

bit flags of SignatureHookPkt values this packet should trigger

Definition at line 555 of file decode.h.

Referenced by PacketReinit(), and Prefilter().

◆ pkt_src

uint8_t Packet_::pkt_src

Definition at line 625 of file decode.h.

Referenced by PacketEnqueueNoLock(), PacketReinit(), SCPacketSetSource(), and StreamTcp().

◆ pktlen

uint32_t Packet_::pktlen

Definition at line 628 of file decode.h.

◆ pktvar

PktVar* Packet_::pktvar

Definition at line 611 of file decode.h.

Referenced by EveAddMetadata(), PacketDestructor(), PacketReinit(), PktVarAdd(), PktVarAddKeyValue(), and PktVarGet().

◆ plugin_v

uint8_t Packet_::plugin_v[PLUGIN_VAR_SIZE]

Definition at line 598 of file decode.h.

◆ pool

struct PktPool_* Packet_::pool

Definition at line 682 of file decode.h.

Referenced by PacketFreeOrRelease(), TmqhOutputPacketpool(), and TmqhOutputSimple().

◆ prev

struct Packet_* Packet_::prev

Definition at line 648 of file decode.h.

◆ profile

PktProfiling* Packet_::profile

Definition at line 685 of file decode.h.

Referenced by SCProfileRuleStart(), and SCProfilingAddPacket().

◆ proto

uint8_t Packet_::proto

Definition at line 537 of file decode.h.

Referenced by DetectEngineInspectFrameBufferGeneric(), DetectEngineInspectStream(), EveAddVerdict(), FlowGetPacketDirection(), FlowInit(), FrameJsonLogOneFrame(), FramesPrune(), PacketReinit(), Prefilter(), StreamSegmentForEach(), StreamSegmentForSession(), TcpSessionPacketSsnReuse(), UTHBuildPacketIPV6Real(), and UTHBuildPacketReal().

◆ recursion_level

uint8_t Packet_::recursion_level

Definition at line 540 of file decode.h.

Referenced by FlowInit(), PacketReinit(), and PacketTunnelPktSetup().

◆ ReleasePacket

void(* Packet_::ReleasePacket) (struct Packet_ *)

The release function for packet structure and data

Definition at line 605 of file decode.h.

Referenced by PacketFreeOrRelease(), PacketGetFromAlloc(), and PacketGetFromQueueOrAlloc().

◆ root

struct Packet_* Packet_::root

Definition at line 665 of file decode.h.

Referenced by PacketCheckAction(), PacketDefragPktSetup(), PacketDrop(), PacketGetAction(), PacketTunnelPktSetup(), TmqhOutputPacketpool(), and TmqhOutputSimple().

◆ sig_mask

SignatureMask Packet_::sig_mask

sig mask flags this packet has, used in signature matching

Definition at line 552 of file decode.h.

Referenced by PacketReinit().

◆ sp

Port Packet_::sp

Definition at line 522 of file decode.h.

Referenced by FlowGetPacketDirection(), PacketReinit(), UTHBuildPacketIPV6Real(), and UTHBuildPacketReal().

◆ src

Address Packet_::src

Definition at line 519 of file decode.h.

Referenced by FlowGetPacketDirection(), IPOnlyMatchPacket(), PacketReinit(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), UTHBuildPacketOfFlows(), and UTHBuildPacketReal().

◆ tenant_id

uint32_t Packet_::tenant_id

tenant id for this packet, if any. If 0 then no tenant was assigned.

Definition at line 677 of file decode.h.

Referenced by AlertJsonHeader(), Detect(), and PacketTunnelPktSetup().

◆ ts

SCTime_t Packet_::ts

Definition at line 569 of file decode.h.

Referenced by AlertFastLogger(), CreateEveHeader(), FlowHandlePacketUpdate(), PacketReinit(), PacketTunnelPktSetup(), SCPacketSetTime(), UTHBuildPacketIPV6Real(), and UTHBuildPacketReal().

◆ ttype

uint8_t Packet_::ttype

Definition at line 558 of file decode.h.

Referenced by PacketDefragPktSetupParent(), and PacketReinit().

◆ tunnel_lock

SCSpinlock Packet_::tunnel_lock

lock to protect access to:

tunnel_rtv_cnt
tunnel_tpr_cnt
tunnel_verdicted
nfq_v.mark (if p->ttype != PacketTunnelNone)

Definition at line 695 of file decode.h.

Referenced by PacketDestructor(), and PacketInit().

◆ tunnel_rtv_cnt

uint16_t Packet_::tunnel_rtv_cnt

Definition at line 672 of file decode.h.

◆ tunnel_tpr_cnt

uint16_t Packet_::tunnel_tpr_cnt

Definition at line 674 of file decode.h.

◆ tunnel_verdicted

bool Packet_::tunnel_verdicted

has verdict on this tunneled packet been issued?

Definition at line 662 of file decode.h.

◆ type

uint8_t Packet_::type

Definition at line 525 of file decode.h.

◆ vlan_id

uint16_t Packet_::vlan_id[VLAN_MAX_LAYERS]

Definition at line 542 of file decode.h.

Referenced by FlowInit(), and PacketReinit().

◆ vlan_idx

uint8_t Packet_::vlan_idx

Definition at line 543 of file decode.h.

Referenced by DecodeVLAN(), FlowInit(), and PacketReinit().

The documentation for this struct was generated from the following file:

src/decode.h

Data Fields

Detailed Description

Field Documentation

◆ @33

◆ @35

◆ @37

◆ action

◆ alerts

◆ app_layer_events

◆ app_update_direction

◆ BypassPacketsFlow

◆ code

◆ datalink

◆ dp

◆ drop_reason

◆ dst

◆ events

◆ ext_pkt

◆ flags

◆ flow

◆ flow_hash

◆ flowflags

◆ host_dst

◆ host_src

◆ icmp_d

◆ icmp_s

◆ ipfw_v

◆ l2

◆ l3

◆ l4

◆ livedev_dst_id

◆ livedev_id

◆ nb_decoded_layers

◆ next

◆ nfq_v

◆ payload

◆ payload_len

◆ pcap_v

◆ persistent

◆ pkt_data

◆ pkt_hooks

◆ pkt_src

◆ pktlen

◆ pktvar

◆ plugin_v

◆ pool

◆ prev

◆ profile

◆ proto

◆ recursion_level

◆ ReleasePacket

◆ root

◆ sig_mask

◆ sp

◆ src

◆ tenant_id

◆ ts

◆ ttype

◆ tunnel_lock

◆ tunnel_rtv_cnt

◆ tunnel_tpr_cnt

◆ tunnel_verdicted

◆ type

◆ vlan_id

◆ vlan_idx