#include <decode.h>

Collaboration diagram for Packet_:

[legend]

Data Fields
Address	src

Address	dst

union {
Port sp

struct {
uint8_t type

uint8_t code

} icmp_s

};

union {
Port dp

struct {
uint8_t type

uint8_t code

} icmp_d

};

uint8_t	proto

uint8_t	recursion_level

uint16_t	vlan_id [VLAN_MAX_LAYERS]

uint8_t	vlan_idx

uint8_t	flowflags

uint8_t	app_update_direction

uint32_t	flags

struct Flow_ *	flow

uint32_t	flow_hash

enum PacketTunnelType	ttype

SCTime_t	ts

union {
NFQPacketVars nfq_v

IPFWPacketVars ipfw_v

uint8_t plugin_v [PLUGIN_VAR_SIZE]

PcapPacketVars pcap_v

};

void(*	ReleasePacket )(struct Packet_ *)

int(*	BypassPacketsFlow )(struct Packet_ *)

PktVar *	pktvar

struct PacketL2	l2

struct PacketL3	l3

struct PacketL4	l4

uint8_t *	payload

uint16_t	payload_len

uint8_t	action

uint8_t	pkt_src

uint32_t	pktlen

uint8_t *	ext_pkt

struct LiveDevice_ *	livedev

PacketAlerts	alerts

struct Host_ *	host_src

struct Host_ *	host_dst

uint64_t	pcap_cnt

PacketEngineEvents	events

AppLayerDecoderEvents *	app_layer_events

struct Packet_ *	next

struct Packet_ *	prev

int	datalink

uint8_t	nb_decoded_layers

uint8_t	drop_reason

bool	tunnel_verdicted

struct Packet_ *	root

uint16_t	tunnel_rtv_cnt

uint16_t	tunnel_tpr_cnt

uint32_t	tenant_id

struct PktPool_ *	pool

PktProfiling *	profile

struct {
SCSpinlock tunnel_lock

}	persistent

uint8_t	pkt_data []

Detailed Description

Definition at line 475 of file decode.h.

Field Documentation

◆ @30

union { ... }

◆ @32

union { ... }

◆ @34

union { ... }

◆ action

uint8_t Packet_::action

Definition at line 578 of file decode.h.

Referenced by PacketCheckAction(), and PacketDrop().

◆ alerts

PacketAlerts Packet_::alerts

Definition at line 589 of file decode.h.

Referenced by AlertQueueAppend(), EveAddVerdict(), PacketAlertCheck(), PacketDestructor(), and PacketInit().

◆ app_layer_events

AppLayerDecoderEvents* Packet_::app_layer_events

Definition at line 601 of file decode.h.

Referenced by AppLayerHandleUdp(), PacketCreateMask(), and PacketDestructor().

◆ app_update_direction

uint8_t Packet_::app_update_direction

Definition at line 510 of file decode.h.

Referenced by PacketReinit().

◆ BypassPacketsFlow

int(* Packet_::BypassPacketsFlow) (struct Packet_ *)

The function triggering bypass the flow in the capture method. Return 1 for success and 0 on error

Definition at line 563 of file decode.h.

Referenced by PacketBypassCallback().

◆ code

uint8_t Packet_::code

Definition at line 487 of file decode.h.

◆ datalink

int Packet_::datalink

data linktype in host order

Definition at line 608 of file decode.h.

Referenced by DecodeErfDag(), EvePacket(), PacketReinit(), and PacketTunnelPktSetup().

◆ dp

Port Packet_::dp

Definition at line 491 of file decode.h.

Referenced by FlowGetPacketDirection(), PacketReinit(), TLSGetIPInformations(), and UTHBuildPacketIPV6Real().

◆ drop_reason

uint8_t Packet_::drop_reason

Definition at line 616 of file decode.h.

Referenced by CaptureStatsUpdate(), PacketDrop(), and PacketReinit().

◆ dst

Address Packet_::dst

Definition at line 481 of file decode.h.

Referenced by IPOnlyMatchPacket(), PacketReinit(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), and UTHBuildPacketOfFlows().

◆ events

PacketEngineEvents Packet_::events

Definition at line 599 of file decode.h.

Referenced by PacketCreateMask(), PacketUpdateEngineEventCounters(), and SigMatchSignaturesGetSgh().

◆ ext_pkt

uint8_t* Packet_::ext_pkt

Definition at line 584 of file decode.h.

Referenced by PacketCallocExtPkt(), PacketCopyDataOffset(), and PacketSetData().

◆ flags

uint32_t Packet_::flags

Definition at line 513 of file decode.h.

Referenced by CaptureStatsUpdate(), DetectReplaceExecuteInternal(), FlowHandlePacket(), FlowSetupPacket(), PacketCreateMask(), PacketDecodeFinalize(), PacketReinit(), PacketSetData(), Prefilter(), SCProfileRuleStart(), StreamTcpReassembleAppLayer(), TmqhOutputFlowHash(), and UTHAssignFlow().

◆ flow

◆ flow_hash

uint32_t Packet_::flow_hash

Definition at line 519 of file decode.h.

Referenced by FlowGetFlowFromHash(), FlowSetupPacket(), and TmqhOutputFlowHash().

◆ flowflags

uint8_t Packet_::flowflags

Definition at line 507 of file decode.h.

Referenced by AppLayerHandleUdp(), DetectFlowMatch(), FlowHandlePacketUpdate(), PacketReinit(), PacketSwap(), and StreamTcpReassembleDepthReached().

◆ host_dst

struct Host_* Packet_::host_dst

Definition at line 592 of file decode.h.

◆ host_src

struct Host_* Packet_::host_src

Definition at line 591 of file decode.h.

◆ icmp_d

struct { ... } Packet_::icmp_d

◆ icmp_s

struct { ... } Packet_::icmp_s

◆ ipfw_v

IPFWPacketVars Packet_::ipfw_v

Definition at line 535 of file decode.h.

◆ l2

struct PacketL2 Packet_::l2

Definition at line 566 of file decode.h.

◆ l3

struct PacketL3 Packet_::l3

Definition at line 566 of file decode.h.

Referenced by DecodeIPV6FragHeader().

◆ l4

struct PacketL4 Packet_::l4

Definition at line 566 of file decode.h.

Referenced by StreamTcpUTAddPayload(), StreamTcpUTAddSegmentWithByte(), and StreamTcpUTAddSegmentWithPayload().

◆ livedev

struct LiveDevice_* Packet_::livedev

Definition at line 587 of file decode.h.

Referenced by FlowInit(), PacketDefragPktSetup(), PacketInit(), and PacketTunnelPktSetup().

◆ nb_decoded_layers

uint8_t Packet_::nb_decoded_layers

Definition at line 613 of file decode.h.

Referenced by PacketTunnelPktSetup().

◆ next

struct Packet_* Packet_::next

Definition at line 604 of file decode.h.

◆ nfq_v

NFQPacketVars Packet_::nfq_v

Definition at line 532 of file decode.h.

◆ payload

uint8_t* Packet_::payload

Definition at line 574 of file decode.h.

Referenced by AppLayerHandleUdp(), DetectEngineInspectPacketPayload(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), and UTHBuildPacketIPV6Real().

◆ payload_len

uint16_t Packet_::payload_len

Definition at line 575 of file decode.h.

Referenced by AppLayerHandleUdp(), DetectEngineInspectPacketPayload(), PacketCreateMask(), Prefilter(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), and UTHBuildPacketIPV6Real().

◆ pcap_cnt

uint64_t Packet_::pcap_cnt

packet number in the pcap file, matches wireshark

Definition at line 595 of file decode.h.

Referenced by DetectRunPrefilterFrame(), DetectRunPrefilterTx(), ExceptionPolicyParse(), FlowHandlePacketUpdate(), StreamTcp(), and StreamTcpPacket().

◆ pcap_v

PcapPacketVars Packet_::pcap_v

libpcap vars: shared by Pcap Live mode and Pcap File mode

Definition at line 556 of file decode.h.

◆ persistent

struct { ... } Packet_::persistent

Referenced by PacketDestructor(), and PacketInit().

◆ pkt_data

uint8_t Packet_::pkt_data[]

flex array accessor to allocated packet data. Size of the additional data is default_packet_size. If this is insufficient, Packet::ext_pkt will be used instead.

Definition at line 658 of file decode.h.

◆ pkt_src

uint8_t Packet_::pkt_src

Definition at line 580 of file decode.h.

Referenced by PacketEnqueueNoLock(), PacketReinit(), and StreamTcp().

◆ pktlen

uint32_t Packet_::pktlen

Definition at line 583 of file decode.h.

◆ pktvar

PktVar* Packet_::pktvar

Definition at line 566 of file decode.h.

Referenced by EveAddMetadata(), PacketDestructor(), PacketReinit(), PktVarAdd(), PktVarAddKeyValue(), and PktVarGet().

◆ plugin_v

uint8_t Packet_::plugin_v[PLUGIN_VAR_SIZE]

Definition at line 553 of file decode.h.

◆ pool

struct PktPool_* Packet_::pool

Definition at line 639 of file decode.h.

Referenced by PacketFreeOrRelease(), TmqhOutputPacketpool(), and TmqhOutputSimple().

◆ prev

struct Packet_* Packet_::prev

Definition at line 605 of file decode.h.

◆ profile

PktProfiling* Packet_::profile

Definition at line 642 of file decode.h.

Referenced by SCProfileRuleStart(), and SCProfilingAddPacket().

◆ proto

uint8_t Packet_::proto

Definition at line 498 of file decode.h.

Referenced by DetectEngineInspectFrameBufferGeneric(), DetectEngineInspectStream(), EveAddVerdict(), FlowGetPacketDirection(), FlowInit(), FrameJsonLogOneFrame(), FramesPrune(), PacketReinit(), Prefilter(), SigMatchSignaturesGetSgh(), StreamSegmentForEach(), StreamSegmentForSession(), TcpSessionPacketSsnReuse(), and UTHBuildPacketIPV6Real().

◆ recursion_level

uint8_t Packet_::recursion_level

Definition at line 501 of file decode.h.

Referenced by FlowInit(), PacketDefragPktSetup(), PacketReinit(), and PacketTunnelPktSetup().

◆ ReleasePacket

void(* Packet_::ReleasePacket) (struct Packet_ *)

The release function for packet structure and data

Definition at line 560 of file decode.h.

Referenced by PacketFreeOrRelease(), PacketGetFromAlloc(), and PacketGetFromQueueOrAlloc().

◆ root

struct Packet_* Packet_::root

Definition at line 622 of file decode.h.

Referenced by PacketCheckAction(), PacketDefragPktSetup(), PacketDrop(), PacketTunnelPktSetup(), TmqhOutputPacketpool(), and TmqhOutputSimple().

◆ sp

Port Packet_::sp

Definition at line 483 of file decode.h.

Referenced by FlowGetPacketDirection(), PacketReinit(), TLSGetIPInformations(), and UTHBuildPacketIPV6Real().

◆ src

Address Packet_::src

Definition at line 480 of file decode.h.

Referenced by FlowGetPacketDirection(), IPOnlyMatchPacket(), PacketReinit(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), and UTHBuildPacketOfFlows().

◆ tenant_id

uint32_t Packet_::tenant_id

tenant id for this packet, if any. If 0 then no tenant was assigned.

Definition at line 634 of file decode.h.

Referenced by AlertJsonHeader(), Detect(), PacketDefragPktSetup(), and PacketTunnelPktSetup().

◆ ts

SCTime_t Packet_::ts

Definition at line 524 of file decode.h.

Referenced by AlertFastLogger(), CreateEveHeader(), FlowHandlePacketUpdate(), PacketDefragPktSetup(), PacketReinit(), PacketTunnelPktSetup(), and UTHBuildPacketIPV6Real().

◆ ttype

enum PacketTunnelType Packet_::ttype

Definition at line 519 of file decode.h.

Referenced by PacketDefragPktSetup(), PacketDefragPktSetupParent(), PacketReinit(), and PacketTunnelPktSetup().

◆ tunnel_lock

SCSpinlock Packet_::tunnel_lock

lock to protect access to:

tunnel_rtv_cnt
tunnel_tpr_cnt
tunnel_verdicted
nfq_v.mark (if p->ttype != PacketTunnelNone)

Definition at line 652 of file decode.h.

Referenced by PacketDestructor(), and PacketInit().

◆ tunnel_rtv_cnt

uint16_t Packet_::tunnel_rtv_cnt

Definition at line 629 of file decode.h.

◆ tunnel_tpr_cnt

uint16_t Packet_::tunnel_tpr_cnt

Definition at line 631 of file decode.h.

◆ tunnel_verdicted

bool Packet_::tunnel_verdicted

has verdict on this tunneled packet been issued?

Definition at line 619 of file decode.h.

◆ type

uint8_t Packet_::type

Definition at line 486 of file decode.h.

◆ vlan_id

uint16_t Packet_::vlan_id[VLAN_MAX_LAYERS]

Definition at line 503 of file decode.h.

Referenced by FlowInit(), PacketDefragPktSetup(), and PacketReinit().

◆ vlan_idx

uint8_t Packet_::vlan_idx

Definition at line 504 of file decode.h.

Referenced by DecodeVLAN(), FlowInit(), PacketDefragPktSetup(), and PacketReinit().

The documentation for this struct was generated from the following file:

src/decode.h

Data Fields

Detailed Description

Field Documentation

◆ @30

◆ @32

◆ @34

◆ action

◆ alerts

◆ app_layer_events

◆ app_update_direction

◆ BypassPacketsFlow

◆ code

◆ datalink

◆ dp

◆ drop_reason

◆ dst

◆ events

◆ ext_pkt

◆ flags

◆ flow

◆ flow_hash

◆ flowflags

◆ host_dst

◆ host_src

◆ icmp_d

◆ icmp_s

◆ ipfw_v

◆ l2

◆ l3

◆ l4

◆ livedev

◆ nb_decoded_layers

◆ next

◆ nfq_v

◆ payload

◆ payload_len

◆ pcap_cnt

◆ pcap_v

◆ persistent

◆ pkt_data

◆ pkt_src

◆ pktlen

◆ pktvar

◆ plugin_v

◆ pool

◆ prev

◆ profile

◆ proto

◆ recursion_level

◆ ReleasePacket

◆ root

◆ sp

◆ src

◆ tenant_id

◆ ts

◆ ttype

◆ tunnel_lock

◆ tunnel_rtv_cnt

◆ tunnel_tpr_cnt

◆ tunnel_verdicted

◆ type

◆ vlan_id

◆ vlan_idx