Packet_ Struct Reference

#include <decode.h>

Collaboration diagram for Packet_:

Data Fields
Address	src
Address	dst
union {
Port   sp
struct {
uint8_t   type
uint8_t   code
}   icmp_s
};
union {
Port   dp
struct {
uint8_t   type
uint8_t   code
}   icmp_d
};
uint8_t	proto
uint8_t	recursion_level
uint16_t	vlan_id [VLAN_MAX_LAYERS]
uint8_t	vlan_idx
uint8_t	flowflags
uint8_t	app_update_direction
SignatureMask	sig_mask
uint16_t	pkt_hooks
uint32_t	flags
struct Flow_ *	flow
uint32_t	flow_hash
enum PacketTunnelType	ttype
SCTime_t	ts
union {
NFQPacketVars   nfq_v
IPFWPacketVars   ipfw_v
uint8_t   plugin_v [PLUGIN_VAR_SIZE]
PcapPacketVars   pcap_v
};
void(*	ReleasePacket )(struct Packet_ *)
int(*	BypassPacketsFlow )(struct Packet_ *)
PktVar *	pktvar
struct PacketL2	l2
struct PacketL3	l3
struct PacketL4	l4
uint8_t *	payload
uint16_t	payload_len
uint8_t	action
uint8_t	pkt_src
uint32_t	pktlen
uint8_t *	ext_pkt
struct LiveDevice_ *	livedev
PacketAlerts	alerts
struct Host_ *	host_src
struct Host_ *	host_dst
uint64_t	pcap_cnt
PacketEngineEvents	events
AppLayerDecoderEvents *	app_layer_events
struct Packet_ *	next
struct Packet_ *	prev
int	datalink
uint8_t	nb_decoded_layers
uint8_t	drop_reason
bool	tunnel_verdicted
struct Packet_ *	root
uint16_t	tunnel_rtv_cnt
uint16_t	tunnel_tpr_cnt
uint32_t	tenant_id
struct PktPool_ *	pool
PktProfiling *	profile
struct {
SCSpinlock   tunnel_lock
}	persistent
uint8_t	pkt_data []

Detailed Description

Definition at line 491 of file decode.h.

Field Documentation

@24

union { ... }

@26

union { ... }

@28

union { ... }

action

uint8_t Packet_::action

Definition at line 600 of file decode.h.

Referenced by PacketCheckAction(), and PacketDrop().

alerts

PacketAlerts Packet_::alerts

Definition at line 611 of file decode.h.

Referenced by AlertQueueAppend(), EveAddVerdict(), PacketAlertCheck(), PacketDestructor(), and PacketInit().

app_layer_events

AppLayerDecoderEvents* Packet_::app_layer_events

Definition at line 623 of file decode.h.

Referenced by AppLayerHandleUdp(), PacketCreateMask(), and PacketDestructor().

app_update_direction

uint8_t Packet_::app_update_direction

Definition at line 526 of file decode.h.

Referenced by PacketReinit().

BypassPacketsFlow

int(* Packet_::BypassPacketsFlow) (struct Packet_ *)

The function triggering bypass the flow in the capture method. Return 1 for success and 0 on error

Definition at line 585 of file decode.h.

Referenced by PacketBypassCallback().

code

uint8_t Packet_::code

Definition at line 503 of file decode.h.

datalink

int Packet_::datalink

data linktype in host order

Definition at line 630 of file decode.h.

Referenced by DecodeErfDag(), EvePacket(), PacketReinit(), PacketTunnelPktSetup(), and SCPacketSetDatalink().

dp

Port Packet_::dp

Definition at line 507 of file decode.h.

Referenced by FlowGetPacketDirection(), PacketReinit(), TLSGetIPInformations(), and UTHBuildPacketIPV6Real().

drop_reason

uint8_t Packet_::drop_reason

Definition at line 638 of file decode.h.

Referenced by CaptureStatsUpdate(), PacketDrop(), and PacketReinit().

dst

Address Packet_::dst

Definition at line 497 of file decode.h.

Referenced by IPOnlyMatchPacket(), PacketReinit(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), and UTHBuildPacketOfFlows().

events

PacketEngineEvents Packet_::events

Definition at line 621 of file decode.h.

Referenced by PacketCreateMask(), PacketUpdateEngineEventCounters(), and SigMatchSignaturesGetSgh().

ext_pkt

uint8_t* Packet_::ext_pkt

Definition at line 606 of file decode.h.

Referenced by PacketCallocExtPkt(), PacketCopyDataOffset(), and PacketSetData().

flags

uint32_t Packet_::flags

Definition at line 535 of file decode.h.

Referenced by CaptureStatsUpdate(), DetectReplaceExecuteInternal(), FlowHandlePacket(), FlowSetupPacket(), InjectPacketsForFlush(), PacketCreateMask(), PacketDecodeFinalize(), PacketReinit(), PacketSetData(), Prefilter(), SCProfileRuleStart(), StreamTcpReassembleAppLayer(), TmqhOutputFlowHash(), and UTHAssignFlow().

flow

struct Flow_* Packet_::flow

Definition at line 537 of file decode.h.

Referenced by CreateEveHeader(), DetectEngineInspectPktBufferGeneric(), DetectFlowintMatch(), DetectFlowvarMatch(), DetectRunPrefilterTx(), ExceptionPolicyParse(), FlowHandlePacket(), PacketBypassCallback(), Prefilter(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigMatchSignatures(), StreamTcp(), StreamTcpPacket(), StreamTcpReassembleDepthReached(), StreamTcpSegmentForEach(), StreamTcpSegmentForSession(), StreamTcpSessionPktFree(), TagFlowAdd(), TagHandlePacket(), TmqhReleasePacketsToPacketPool(), TmThreadsProcessDecodePseudoPackets(), TmThreadsSlotVarRun(), TmThreadTimeoutLoop(), UTHAssignFlow(), and UTHBuildPacketOfFlows().

flow_hash

uint32_t Packet_::flow_hash

Definition at line 541 of file decode.h.

Referenced by FlowGetFlowFromHash(), FlowSetupPacket(), and TmqhOutputFlowHash().

flowflags

uint8_t Packet_::flowflags

Definition at line 523 of file decode.h.

Referenced by AppLayerHandleUdp(), DetectFlowMatch(), PacketReinit(), PacketSwap(), and StreamTcpReassembleDepthReached().

host_dst

struct Host_* Packet_::host_dst

Definition at line 614 of file decode.h.

host_src

struct Host_* Packet_::host_src

Definition at line 613 of file decode.h.

icmp_d

struct { ... } Packet_::icmp_d

icmp_s

struct { ... } Packet_::icmp_s

ipfw_v

IPFWPacketVars Packet_::ipfw_v

Definition at line 557 of file decode.h.

l2

struct PacketL2 Packet_::l2

Definition at line 588 of file decode.h.

l3

struct PacketL3 Packet_::l3

Definition at line 588 of file decode.h.

Referenced by DecodeIPV6FragHeader().

l4

struct PacketL4 Packet_::l4

Definition at line 588 of file decode.h.

Referenced by StreamTcpUTAddPayload(), StreamTcpUTAddSegmentWithByte(), and StreamTcpUTAddSegmentWithPayload().

livedev

struct LiveDevice_* Packet_::livedev

Definition at line 609 of file decode.h.

Referenced by FlowInit(), PacketDefragPktSetup(), PacketInit(), PacketTunnelPktSetup(), and SCPacketSetLiveDevice().

nb_decoded_layers

uint8_t Packet_::nb_decoded_layers

Definition at line 635 of file decode.h.

Referenced by PacketTunnelPktSetup().

next

struct Packet_* Packet_::next

Definition at line 626 of file decode.h.

nfq_v

NFQPacketVars Packet_::nfq_v

Definition at line 554 of file decode.h.

payload

uint8_t* Packet_::payload

Definition at line 596 of file decode.h.

Referenced by AppLayerHandleUdp(), DetectEngineInspectPacketPayload(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), and UTHBuildPacketIPV6Real().

payload_len

uint16_t Packet_::payload_len

Definition at line 597 of file decode.h.

Referenced by AppLayerHandleUdp(), DetectEngineInspectPacketPayload(), PacketCreateMask(), Prefilter(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), and UTHBuildPacketIPV6Real().

pcap_cnt

uint64_t Packet_::pcap_cnt

packet number in the pcap file, matches wireshark

Definition at line 617 of file decode.h.

Referenced by DetectRunPrefilterFrame(), DetectRunPrefilterTx(), ExceptionPolicyParse(), FlowHandlePacketUpdate(), StreamTcp(), and StreamTcpPacket().

pcap_v

PcapPacketVars Packet_::pcap_v

libpcap vars: shared by Pcap Live mode and Pcap File mode

Definition at line 578 of file decode.h.

persistent

struct { ... } Packet_::persistent

Referenced by PacketDestructor(), and PacketInit().

pkt_data

uint8_t Packet_::pkt_data[]

flex array accessor to allocated packet data. Size of the additional data is default_packet_size. If this is insufficient, Packet::ext_pkt will be used instead.

Definition at line 680 of file decode.h.

pkt_hooks

uint16_t Packet_::pkt_hooks

bit flags of SignatureHookPkt values this packet should trigger

Definition at line 532 of file decode.h.

Referenced by PacketReinit(), and Prefilter().

pkt_src

uint8_t Packet_::pkt_src

Definition at line 602 of file decode.h.

Referenced by PacketEnqueueNoLock(), PacketReinit(), SCPacketSetSource(), and StreamTcp().

pktlen

uint32_t Packet_::pktlen

Definition at line 605 of file decode.h.

pktvar

PktVar* Packet_::pktvar

Definition at line 588 of file decode.h.

Referenced by EveAddMetadata(), PacketDestructor(), PacketReinit(), PktVarAdd(), PktVarAddKeyValue(), and PktVarGet().

plugin_v

uint8_t Packet_::plugin_v[PLUGIN_VAR_SIZE]

Definition at line 575 of file decode.h.

pool

struct PktPool_* Packet_::pool

Definition at line 661 of file decode.h.

Referenced by PacketFreeOrRelease(), TmqhOutputPacketpool(), and TmqhOutputSimple().

prev

struct Packet_* Packet_::prev

Definition at line 627 of file decode.h.

profile

PktProfiling* Packet_::profile

Definition at line 664 of file decode.h.

Referenced by SCProfileRuleStart(), and SCProfilingAddPacket().

proto

uint8_t Packet_::proto

Definition at line 514 of file decode.h.

Referenced by DetectEngineInspectFrameBufferGeneric(), DetectEngineInspectStream(), EveAddVerdict(), FlowGetPacketDirection(), FlowInit(), FrameJsonLogOneFrame(), FramesPrune(), PacketReinit(), Prefilter(), SigMatchSignaturesGetSgh(), StreamSegmentForEach(), StreamSegmentForSession(), TcpSessionPacketSsnReuse(), and UTHBuildPacketIPV6Real().

recursion_level

uint8_t Packet_::recursion_level

Definition at line 517 of file decode.h.

Referenced by FlowInit(), PacketDefragPktSetup(), PacketReinit(), and PacketTunnelPktSetup().

ReleasePacket

void(* Packet_::ReleasePacket) (struct Packet_ *)

The release function for packet structure and data

Definition at line 582 of file decode.h.

Referenced by PacketFreeOrRelease(), PacketGetFromAlloc(), and PacketGetFromQueueOrAlloc().

root

struct Packet_* Packet_::root

Definition at line 644 of file decode.h.

Referenced by PacketCheckAction(), PacketDefragPktSetup(), PacketDrop(), PacketTunnelPktSetup(), TmqhOutputPacketpool(), and TmqhOutputSimple().

sig_mask

SignatureMask Packet_::sig_mask

sig mask flags this packet has, used in signature matching

Definition at line 529 of file decode.h.

Referenced by PacketReinit().

sp

Port Packet_::sp

Definition at line 499 of file decode.h.

Referenced by FlowGetPacketDirection(), PacketReinit(), TLSGetIPInformations(), and UTHBuildPacketIPV6Real().

src

Address Packet_::src

Definition at line 496 of file decode.h.

Referenced by FlowGetPacketDirection(), IPOnlyMatchPacket(), PacketReinit(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), and UTHBuildPacketOfFlows().

tenant_id

uint32_t Packet_::tenant_id

tenant id for this packet, if any. If 0 then no tenant was assigned.

Definition at line 656 of file decode.h.

Referenced by AlertJsonHeader(), Detect(), PacketDefragPktSetup(), and PacketTunnelPktSetup().

ts

SCTime_t Packet_::ts

Definition at line 546 of file decode.h.

Referenced by AlertFastLogger(), CreateEveHeader(), FlowHandlePacketUpdate(), PacketDefragPktSetup(), PacketReinit(), PacketTunnelPktSetup(), SCPacketSetTime(), and UTHBuildPacketIPV6Real().

ttype

enum PacketTunnelType Packet_::ttype

Definition at line 541 of file decode.h.

Referenced by PacketDefragPktSetup(), PacketDefragPktSetupParent(), PacketReinit(), and PacketTunnelPktSetup().

tunnel_lock

SCSpinlock Packet_::tunnel_lock

lock to protect access to:

• tunnel_rtv_cnt
• tunnel_tpr_cnt
• tunnel_verdicted
• nfq_v.mark (if p->ttype != PacketTunnelNone)

Definition at line 674 of file decode.h.

Referenced by PacketDestructor(), and PacketInit().

tunnel_rtv_cnt

uint16_t Packet_::tunnel_rtv_cnt

Definition at line 651 of file decode.h.

tunnel_tpr_cnt

uint16_t Packet_::tunnel_tpr_cnt

Definition at line 653 of file decode.h.

tunnel_verdicted

bool Packet_::tunnel_verdicted

has verdict on this tunneled packet been issued?

Definition at line 641 of file decode.h.

type

uint8_t Packet_::type

Definition at line 502 of file decode.h.

vlan_id

uint16_t Packet_::vlan_id[VLAN_MAX_LAYERS]

Definition at line 519 of file decode.h.

Referenced by FlowInit(), PacketDefragPktSetup(), and PacketReinit().

vlan_idx

uint8_t Packet_::vlan_idx

Definition at line 520 of file decode.h.

Referenced by DecodeVLAN(), FlowInit(), PacketDefragPktSetup(), and PacketReinit().

---

The documentation for this struct was generated from the following file:

• src/decode.h