suricata
Data Fields
Packet_ Struct Reference

#include <decode.h>

Collaboration diagram for Packet_:
Collaboration graph
[legend]

Data Fields

Address src
 
Address dst
 
union {
   Port   sp
 
   struct {
      uint8_t   type
 
      uint8_t   code
 
   }   icmp_s
 
}; 
 
union {
   Port   dp
 
   struct {
      uint8_t   type
 
      uint8_t   code
 
   }   icmp_d
 
}; 
 
uint8_t proto
 
uint8_t recursion_level
 
uint16_t vlan_id [2]
 
uint8_t vlan_idx
 
uint8_t flowflags
 
uint32_t flags
 
struct Flow_flow
 
uint32_t flow_hash
 
struct timeval ts
 
union {
   NFQPacketVars   nfq_v
 
   IPFWPacketVars   ipfw_v
 
   uint8_t   plugin_v [PLUGIN_VAR_SIZE]
 
   PcapPacketVars   pcap_v
 
}; 
 
void(* ReleasePacket )(struct Packet_ *)
 
int(* BypassPacketsFlow )(struct Packet_ *)
 
PktVarpktvar
 
EthernetHdr * ethh
 
int32_t level3_comp_csum
 
int32_t level4_comp_csum
 
IPV4Hdrip4h
 
IPV6Hdrip6h
 
union {
   IPV4Vars   ip4vars
 
   struct {
      IPV6Vars   ip6vars
 
      IPV6ExtHdrs   ip6eh
 
   } 
 
}; 
 
union {
   TCPVars   tcpvars
 
   ICMPV4Vars   icmpv4vars
 
   ICMPV6Vars   icmpv6vars
 
l4vars
 
TCPHdr * tcph
 
UDPHdr * udph
 
SCTPHdr * sctph
 
ESPHdr * esph
 
ICMPV4Hdr * icmpv4h
 
ICMPV6Hdricmpv6h
 
PPPHdr * ppph
 
PPPOESessionHdrpppoesh
 
PPPOEDiscoveryHdr * pppoedh
 
GREHdr * greh
 
uint8_t * payload
 
uint16_t payload_len
 
uint8_t action
 
uint8_t pkt_src
 
uint32_t pktlen
 
uint8_t * ext_pkt
 
struct LiveDevice_livedev
 
PacketAlerts alerts
 
struct Host_host_src
 
struct Host_host_dst
 
uint64_t pcap_cnt
 
PacketEngineEvents events
 
AppLayerDecoderEventsapp_layer_events
 
struct Packet_next
 
struct Packet_prev
 
int datalink
 
struct Packet_root
 
SCMutex tunnel_mutex
 
uint16_t tunnel_rtv_cnt
 
uint16_t tunnel_tpr_cnt
 
uint32_t tenant_id
 
struct PktPool_pool
 
uint8_t nb_decoded_layers
 
PktProfilingprofile
 
NapatechPacketVars ntpv
 

Detailed Description

Definition at line 419 of file decode.h.

Field Documentation

◆ @34

union { ... }

◆ @36

union { ... }

◆ @38

union { ... }

◆ @40

union { ... }

◆ action

uint8_t Packet_::action

Definition at line 564 of file decode.h.

◆ alerts

PacketAlerts Packet_::alerts

Definition at line 575 of file decode.h.

Referenced by AlertFastLogCondition(), AlertFastLogger(), PacketAlertAppend(), PacketAlertCheck(), PacketAlertFinalize(), and PacketAlertRemove().

◆ app_layer_events

AppLayerDecoderEvents* Packet_::app_layer_events

Definition at line 587 of file decode.h.

Referenced by PacketCreateMask().

◆ BypassPacketsFlow

int(* Packet_::BypassPacketsFlow) (struct Packet_ *)

The function triggering bypass the flow in the capture method. Return 1 for success and 0 on error

Definition at line 505 of file decode.h.

Referenced by PacketBypassCallback(), and ReceivePfringLoop().

◆ code

uint8_t Packet_::code

Definition at line 431 of file decode.h.

◆ datalink

int Packet_::datalink

data linktype in host order

Definition at line 594 of file decode.h.

Referenced by DecodeErfDag(), EvePacket(), NapatechDecode(), PacketDefragPktSetup(), PacketTunnelPktSetup(), and StreamTcpPseudoSetup().

◆ dp

Port Packet_::dp

Definition at line 435 of file decode.h.

Referenced by AlertFastLogger(), FlowGetPacketDirection(), IPOnlyMatchPacket(), JsonAddrInfoInit(), TLSGetIPInformations(), and UTHBuildPacketIPV6Real().

◆ dst

Address Packet_::dst

Definition at line 425 of file decode.h.

Referenced by IPOnlyMatchPacket(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), and UTHBuildPacketOfFlows().

◆ esph

ESPHdr* Packet_::esph

Definition at line 546 of file decode.h.

◆ ethh

EthernetHdr* Packet_::ethh

Definition at line 511 of file decode.h.

◆ events

PacketEngineEvents Packet_::events

Definition at line 585 of file decode.h.

Referenced by PacketCreateMask(), PacketUpdateEngineEventCounters(), and SigMatchSignaturesGetSgh().

◆ ext_pkt

uint8_t* Packet_::ext_pkt

Definition at line 570 of file decode.h.

Referenced by PacketCallocExtPkt(), PacketCopyDataOffset(), and PacketSetData().

◆ flags

uint32_t Packet_::flags

Definition at line 455 of file decode.h.

Referenced by DetectReplaceExecuteInternal(), FlowHandlePacket(), FlowSetupPacket(), IPOnlyMatchPacket(), PacketCreateMask(), PacketDecodeFinalize(), PacketFreeOrRelease(), PacketGetFromAlloc(), PacketSetData(), Prefilter(), SCProfileRuleStart(), StreamTcp(), StreamTcpInlineSegmentReplacePacket(), StreamTcpReassembleAppLayer(), StreamTcpReassembleHandleSegment(), TmqhOutputFlowHash(), TmqhOutputPacketpool(), TmqhOutputSimple(), and UTHAssignFlow().

◆ flow

struct Flow_* Packet_::flow

Definition at line 457 of file decode.h.

Referenced by CreateEveHeader(), DetectEngineInspectFrameBufferGeneric(), DetectEngineInspectPktBufferGeneric(), DetectFlowintMatch(), DetectFlowvarMatch(), DetectFrame2InspectBuffer(), DetectRunPrefilterTx(), FlowHandlePacket(), JsonBuildFileInfoRecord(), PacketBypassCallback(), Prefilter(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigMatchSignatures(), StreamReassembleRawUpdateProgress(), StreamTcp(), StreamTcpPacket(), StreamTcpReassembleAppLayer(), StreamTcpReassembleDepthReached(), StreamTcpReassembleHandleSegment(), StreamTcpSessionPktFree(), TagFlowAdd(), TagHandlePacket(), UTHAssignFlow(), and UTHBuildPacketOfFlows().

◆ flow_hash

uint32_t Packet_::flow_hash

Definition at line 461 of file decode.h.

Referenced by FlowGetFlowFromHash(), FlowSetupPacket(), and TmqhOutputFlowHash().

◆ flowflags

uint8_t Packet_::flowflags

Definition at line 451 of file decode.h.

Referenced by AppLayerHandleUdp(), DetectFlowMatch(), FlowHandlePacketUpdate(), JsonBuildFileInfoRecord(), PacketSwap(), SigMatchSignaturesGetSgh(), and StreamTcpReassembleDepthReached().

◆ greh

GREHdr* Packet_::greh

Definition at line 556 of file decode.h.

◆ host_dst

struct Host_* Packet_::host_dst

Definition at line 578 of file decode.h.

◆ host_src

struct Host_* Packet_::host_src

Definition at line 577 of file decode.h.

◆ icmp_d

struct { ... } Packet_::icmp_d

Referenced by DecodeICMPV4(), and DecodeICMPV6().

◆ icmp_s

struct { ... } Packet_::icmp_s

Referenced by AlertFastLogger(), DecodeICMPV4(), DecodeICMPV6(), and FlowInit().

◆ icmpv4h

ICMPV4Hdr* Packet_::icmpv4h

Definition at line 548 of file decode.h.

Referenced by DecodeICMPV4(), and FlowInit().

◆ icmpv4vars

ICMPV4Vars Packet_::icmpv4vars

Definition at line 533 of file decode.h.

Referenced by DecodeICMPV4().

◆ icmpv6h

ICMPV6Hdr* Packet_::icmpv6h

Definition at line 550 of file decode.h.

Referenced by DecodeICMPV6().

◆ icmpv6vars

ICMPV6Vars Packet_::icmpv6vars

Definition at line 534 of file decode.h.

◆ ip4h

IPV4Hdr* Packet_::ip4h

Definition at line 518 of file decode.h.

Referenced by UTHFreePacket().

◆ ip4vars

IPV4Vars Packet_::ip4vars

Definition at line 524 of file decode.h.

◆ ip6eh

IPV6ExtHdrs Packet_::ip6eh

Definition at line 527 of file decode.h.

Referenced by DecodeIPV6FragHeader().

◆ ip6h

IPV6Hdr* Packet_::ip6h

Definition at line 520 of file decode.h.

Referenced by UTHBuildPacketIPV6Real().

◆ ip6vars

IPV6Vars Packet_::ip6vars

Definition at line 526 of file decode.h.

◆ ipfw_v

IPFWPacketVars Packet_::ipfw_v

Definition at line 474 of file decode.h.

◆ l4vars

union { ... } Packet_::l4vars

◆ level3_comp_csum

int32_t Packet_::level3_comp_csum

Definition at line 514 of file decode.h.

◆ level4_comp_csum

int32_t Packet_::level4_comp_csum

Definition at line 516 of file decode.h.

◆ livedev

struct LiveDevice_* Packet_::livedev

Definition at line 573 of file decode.h.

Referenced by FlowInit(), PacketDefragPktSetup(), and PacketTunnelPktSetup().

◆ nb_decoded_layers

uint8_t Packet_::nb_decoded_layers

Definition at line 624 of file decode.h.

◆ next

struct Packet_* Packet_::next

Definition at line 590 of file decode.h.

Referenced by TmThreadDumpThreads().

◆ nfq_v

NFQPacketVars Packet_::nfq_v

Definition at line 471 of file decode.h.

◆ ntpv

NapatechPacketVars Packet_::ntpv

Definition at line 630 of file decode.h.

◆ payload

uint8_t* Packet_::payload

Definition at line 560 of file decode.h.

Referenced by DecodeICMPV6(), DetectEngineInspectPacketPayload(), StreamTcpInlineSegmentCompare(), StreamTcpInlineSegmentReplacePacket(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), and UTHBuildPacketIPV6Real().

◆ payload_len

uint16_t Packet_::payload_len

Definition at line 561 of file decode.h.

Referenced by DecodeICMPV6(), DetectEngineInspectPacketPayload(), PacketCreateMask(), Prefilter(), StreamTcpInlineSegmentCompare(), StreamTcpInlineSegmentReplacePacket(), StreamTcpReassembleHandleSegment(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), and UTHBuildPacketIPV6Real().

◆ pcap_cnt

uint64_t Packet_::pcap_cnt

packet number in the pcap file, matches wireshark

Definition at line 581 of file decode.h.

Referenced by AlertFastLogger(), DetectFrame2InspectBuffer(), DetectRunPrefilterFrame(), DetectRunPrefilterTx(), FlowHandlePacketUpdate(), StreamReassembleRawUpdateProgress(), StreamTcp(), and StreamTcpPacket().

◆ pcap_v

PcapPacketVars Packet_::pcap_v

libpcap vars: shared by Pcap Live mode and Pcap File mode

Definition at line 498 of file decode.h.

◆ pkt_src

uint8_t Packet_::pkt_src

Definition at line 566 of file decode.h.

◆ pktlen

uint32_t Packet_::pktlen

Definition at line 569 of file decode.h.

◆ pktvar

PktVar* Packet_::pktvar

Definition at line 508 of file decode.h.

Referenced by EveAddMetadata(), PktVarAdd(), PktVarAddKeyValue(), and PktVarGet().

◆ plugin_v

uint8_t Packet_::plugin_v[PLUGIN_VAR_SIZE]

Definition at line 495 of file decode.h.

◆ pool

struct PktPool_* Packet_::pool

Definition at line 619 of file decode.h.

◆ ppph

PPPHdr* Packet_::ppph

Definition at line 552 of file decode.h.

◆ pppoedh

PPPOEDiscoveryHdr* Packet_::pppoedh

Definition at line 554 of file decode.h.

Referenced by DecodePPPOEDiscovery().

◆ pppoesh

PPPOESessionHdr* Packet_::pppoesh

Definition at line 553 of file decode.h.

Referenced by DecodePPPOESession().

◆ prev

struct Packet_* Packet_::prev

Definition at line 591 of file decode.h.

◆ profile

PktProfiling* Packet_::profile

Definition at line 627 of file decode.h.

Referenced by SCProfileRuleStart(), and SCProfilingAddPacket().

◆ proto

uint8_t Packet_::proto

Definition at line 442 of file decode.h.

Referenced by DecodeICMPV4(), DecodeICMPV6(), DetectEngineInspectStream(), FlowGetPacketDirection(), FlowInit(), IPOnlyMatchPacket(), JsonAddrInfoInit(), Prefilter(), SigMatchSignaturesGetSgh(), StreamSegmentForEach(), StreamTcpPseudoSetup(), TcpSessionPacketSsnReuse(), UTHBuildPacketIPV6Real(), and UTHFreePacket().

◆ recursion_level

uint8_t Packet_::recursion_level

Definition at line 445 of file decode.h.

Referenced by FlowInit(), PacketDefragPktSetup(), PacketTunnelPktSetup(), and StreamTcpPseudoSetup().

◆ ReleasePacket

void(* Packet_::ReleasePacket) (struct Packet_ *)

The release function for packet structure and data

Definition at line 502 of file decode.h.

Referenced by PacketFreeOrRelease(), PacketGetFromAlloc(), PacketGetFromQueueOrAlloc(), and TmqhOutputPacketpool().

◆ root

struct Packet_* Packet_::root

Definition at line 597 of file decode.h.

Referenced by PacketDefragPktSetup(), PacketTunnelPktSetup(), StreamTcpPseudoSetup(), TmqhOutputPacketpool(), and TmqhOutputSimple().

◆ sctph

SCTPHdr* Packet_::sctph

Definition at line 544 of file decode.h.

◆ sp

Port Packet_::sp

Definition at line 427 of file decode.h.

Referenced by AlertFastLogger(), FlowGetPacketDirection(), IPOnlyMatchPacket(), JsonAddrInfoInit(), TLSGetIPInformations(), and UTHBuildPacketIPV6Real().

◆ src

Address Packet_::src

Definition at line 424 of file decode.h.

Referenced by FlowGetPacketDirection(), IPOnlyMatchPacket(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), and UTHBuildPacketOfFlows().

◆ tcph

TCPHdr* Packet_::tcph

Definition at line 540 of file decode.h.

Referenced by FlowInit(), PacketCreateMask(), ReCalculateChecksum(), StreamTcpReassembleHandleSegment(), StreamTcpUTAddPayload(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), TcpSessionPacketSsnReuse(), UTHBuildPacketIPV6Real(), and UTHFreePacket().

◆ tcpvars

TCPVars Packet_::tcpvars

Definition at line 532 of file decode.h.

◆ tenant_id

uint32_t Packet_::tenant_id

tenant id for this packet, if any. If 0 then no tenant was assigned.

Definition at line 614 of file decode.h.

Referenced by Detect(), PacketDefragPktSetup(), and PacketTunnelPktSetup().

◆ ts

struct timeval Packet_::ts

Definition at line 461 of file decode.h.

Referenced by AlertFastLogger(), CreateEveHeader(), FlowHandlePacketUpdate(), PacketDefragPktSetup(), PacketTunnelPktSetup(), StreamTcpPseudoSetup(), and UTHBuildPacketIPV6Real().

◆ tunnel_mutex

SCMutex Packet_::tunnel_mutex

mutex to protect access to:

  • tunnel_rtv_cnt
  • tunnel_tpr_cnt

Definition at line 607 of file decode.h.

Referenced by TmqhOutputPacketpool().

◆ tunnel_rtv_cnt

uint16_t Packet_::tunnel_rtv_cnt

Definition at line 609 of file decode.h.

◆ tunnel_tpr_cnt

uint16_t Packet_::tunnel_tpr_cnt

Definition at line 611 of file decode.h.

◆ type

uint8_t Packet_::type

Definition at line 430 of file decode.h.

◆ udph

UDPHdr* Packet_::udph

Definition at line 542 of file decode.h.

Referenced by FlowInit(), and UTHFreePacket().

◆ vlan_id

uint16_t Packet_::vlan_id[2]

Definition at line 447 of file decode.h.

Referenced by DecodeVLANGetId(), FlowInit(), and PacketDefragPktSetup().

◆ vlan_idx

uint8_t Packet_::vlan_idx

Definition at line 448 of file decode.h.

Referenced by DecodePfring(), DecodeVLAN(), DecodeVLANGetId(), FlowInit(), and PacketDefragPktSetup().

The documentation for this struct was generated from the following file: