#include "suricata-common.h"#include "suricata-plugin.h"#include "threadvars.h"#include "util-debug.h"#include "decode-events.h"#include "util-exception-policy-types.h"#include "util-datalink.h"#include "flow-worker.h"#include "app-layer-protos.h"#include "source-nflog.h"#include "source-nfq.h"#include "source-ipfw.h"#include "source-pcap.h"#include "source-af-packet.h"#include "source-netmap.h"#include "source-windivert.h"#include "decode-ethernet.h"#include "decode-gre.h"#include "decode-ppp.h"#include "decode-ipv4.h"#include "decode-ipv6.h"#include "decode-icmpv4.h"#include "decode-icmpv6.h"#include "decode-tcp.h"#include "decode-udp.h"#include "decode-sctp.h"#include "decode-esp.h"#include "decode-vlan.h"#include "decode-mpls.h"#include "decode-arp.h"#include "util-validate.h"
Go to the source code of this file.
Data Structures | |
| struct | Address_ |
| struct | PacketContextData |
| struct | PacketAlert_ |
| struct | PacketAlerts_ |
| struct | PacketEngineEvents_ |
| struct | PktVar_ |
| struct | PktProfilingTmmData_ |
| Per TMM stats storage. More... | |
| struct | PktProfilingData_ |
| struct | PktProfilingDetectData_ |
| struct | PktProfilingAppData_ |
| struct | PktProfilingLoggerData_ |
| struct | PktProfiling_ |
| Per pkt stats storage. More... | |
| struct | PacketL2 |
| union | PacketL2::L2Hdrs |
| struct | PacketL3 |
| union | PacketL3::Hdrs |
| struct | PacketL4 |
| union | PacketL4::L4Hdrs |
| union | PacketL4::L4Vars |
| struct | Packet_ |
| struct | DecodeThreadVars_ |
| Structure to hold thread specific data for all decode modules. More... | |
Typedefs | |
| typedef struct AppLayerThreadCtx_ | AppLayerThreadCtx |
| typedef struct AppLayerDecoderEvents_ | AppLayerDecoderEvents |
| typedef struct Address_ | Address |
| typedef uint16_t | Port |
| typedef struct PacketAlert_ | PacketAlert |
| typedef struct PacketAlerts_ | PacketAlerts |
| typedef struct PacketEngineEvents_ | PacketEngineEvents |
| typedef struct PktVar_ | PktVar |
| typedef struct PktProfilingTmmData_ | PktProfilingTmmData |
| Per TMM stats storage. | |
| typedef struct PktProfilingData_ | PktProfilingData |
| typedef struct PktProfilingDetectData_ | PktProfilingDetectData |
| typedef struct PktProfilingAppData_ | PktProfilingAppData |
| typedef struct PktProfilingLoggerData_ | PktProfilingLoggerData |
| typedef struct PktProfiling_ | PktProfiling |
| Per pkt stats storage. | |
| typedef struct Packet_ | Packet |
| typedef struct DecodeThreadVars_ | DecodeThreadVars |
| Structure to hold thread specific data for all decode modules. | |
| typedef int(* | DecoderFunc) (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len) |
Functions | |
| PacketAlert * | PacketAlertCreate (void) |
| Initialize PacketAlerts with dynamic alerts array size. | |
| void | PacketAlertRecycle (PacketAlert *pa_array, uint16_t cnt) |
| void | PacketAlertFree (PacketAlert *pa) |
| void | CaptureStatsUpdate (ThreadVars *tv, const Packet *p) |
| void | CaptureStatsSetup (ThreadVars *tv) |
| Packet * | PacketTunnelPktSetup (ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent, const uint8_t *pkt, uint32_t len, enum DecodeTunnelProto proto) |
| Setup a pseudo packet (tunnel) | |
| Packet * | PacketDefragPktSetup (Packet *parent, const uint8_t *pkt, uint32_t len, uint8_t proto) |
| Setup a pseudo packet (reassembled frags) | |
| void | PacketDefragPktSetupParent (Packet *parent) |
| inform defrag "parent" that a pseudo packet is now associated to it. | |
| void | DecodeRegisterPerfCounters (DecodeThreadVars *, ThreadVars *) |
| Packet * | PacketGetFromQueueOrAlloc (void) |
| Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packet that is free'd again after processing. | |
| Packet * | PacketGetFromAlloc (void) |
| Get a malloced packet. | |
| void | PacketDecodeFinalize (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p) |
| Finalize decoding of a packet. | |
| void | PacketUpdateEngineEventCounters (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p) |
| void | PacketFree (Packet *p) |
| Return a malloced packet. | |
| void | PacketFreeOrRelease (Packet *p) |
| Return a packet to where it was allocated. | |
| int | PacketCallocExtPkt (Packet *p, int datalen) |
| int | PacketCopyData (Packet *p, const uint8_t *pktdata, uint32_t pktlen) |
| Copy data to Packet payload and set packet length. | |
| int | PacketSetData (Packet *p, const uint8_t *pktdata, uint32_t pktlen) |
| Set data for Packet and set length when zero copy is used. | |
| int | PacketCopyDataOffset (Packet *p, uint32_t offset, const uint8_t *data, uint32_t datalen) |
| Copy data to Packet payload at given offset. | |
| const char * | PktSrcToString (enum PktSrcEnum pkt_src) |
| void | PacketBypassCallback (Packet *p) |
| void | PacketSwap (Packet *p) |
| switch direction of a packet | |
| DecodeThreadVars * | DecodeThreadVarsAlloc (ThreadVars *) |
| Alloc and setup DecodeThreadVars. | |
| void | DecodeThreadVarsFree (ThreadVars *, DecodeThreadVars *) |
| void | DecodeUpdatePacketCounters (ThreadVars *tv, const DecodeThreadVars *dtv, const Packet *p) |
| const char * | PacketDropReasonToString (enum PacketDropReason r) |
| int | DecodeEthernet (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodeSll (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodeSll2 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodePPP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodePPPOESession (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| Main decoding function for PPPOE Session packets. | |
| int | DecodePPPOEDiscovery (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| Main decoding function for PPPOE Discovery packets. | |
| int | DecodeNull (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodeRaw (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodeIPV4 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t) |
| int | DecodeIPV6 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t) |
| int | DecodeICMPV4 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| Main ICMPv4 decoding function. | |
| int | DecodeICMPV6 (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| Decode ICMPV6 packets and fill the Packet with the decoded info. | |
| int | DecodeTCP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t) |
| int | DecodeUDP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t) |
| int | DecodeSCTP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t) |
| int | DecodeESP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint16_t) |
| Function to decode IPSEC-ESP packets. | |
| int | DecodeGRE (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| Function to decode GRE packets. | |
| int | DecodeVLAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodeVNTag (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodeIEEE8021ah (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodeGeneve (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodeVXLAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodeMPLS (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodeERSPAN (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| ERSPAN Type II. | |
| int | DecodeERSPANTypeI (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| ERSPAN Type I. | |
| int | DecodeCHDLC (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| int | DecodeTEMPLATE (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| Function to decode TEMPLATE packets. | |
| int | DecodeNSH (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| Function to decode NSH packets. | |
| int | DecodeARP (ThreadVars *, DecodeThreadVars *, Packet *, const uint8_t *, uint32_t) |
| void | DecodeIPV6FragHeader (Packet *p, const uint8_t *pkt, uint16_t hdrextlen, uint16_t plen, uint16_t prev_hdrextlen) |
| void | AddressDebugPrint (Address *) |
| Debug print function for printing addresses. | |
| void | DecodeGlobalConfig (void) |
| void | PacketAlertGetMaxConfig (void) |
| void | DecodeUnregisterCounters (void) |
Variables | |
| uint16_t | packet_alert_max |
| uint32_t | default_packet_size |
| uint8_t | decoder_max_layers |
Detailed Description
Definition in file decode.h.
Macro Definition Documentation
◆ addr_data16
◆ addr_data32
◆ addr_data8
◆ addr_in6addr
◆ CMP_ADDR
| #define CMP_ADDR | ( | a1, | |
| a2 | |||
| ) |
◆ CMP_PORT
◆ COPY_ADDRESS
| #define COPY_ADDRESS | ( | a, | |
| b | |||
| ) |
◆ COPY_PORT
◆ COUNTERS
◆ DEFAULT_MTU
| #define DEFAULT_MTU 1500 |
◆ DEFAULT_PACKET_SIZE
| #define DEFAULT_PACKET_SIZE (DEFAULT_MTU + ETHERNET_HEADER_LEN) |
◆ ENGINE_ISSET_EVENT
| #define ENGINE_ISSET_EVENT | ( | p, | |
| e | |||
| ) |
◆ ENGINE_SET_EVENT
| #define ENGINE_SET_EVENT | ( | p, | |
| e | |||
| ) |
◆ ENGINE_SET_INVALID_EVENT
| #define ENGINE_SET_INVALID_EVENT | ( | p, | |
| e | |||
| ) |
◆ GET_IPV4_DST_ADDR_PTR
| #define GET_IPV4_DST_ADDR_PTR | ( | p | ) | ((p)->dst.addr_data32) |
◆ GET_IPV4_DST_ADDR_U32
| #define GET_IPV4_DST_ADDR_U32 | ( | p | ) | ((p)->dst.addr_data32[0]) |
◆ GET_IPV4_SRC_ADDR_PTR
| #define GET_IPV4_SRC_ADDR_PTR | ( | p | ) | ((p)->src.addr_data32) |
◆ GET_IPV4_SRC_ADDR_U32
| #define GET_IPV4_SRC_ADDR_U32 | ( | p | ) | ((p)->src.addr_data32[0]) |
◆ GET_IPV6_DST_ADDR
| #define GET_IPV6_DST_ADDR | ( | p | ) | ((p)->dst.addr_data32) |
◆ GET_IPV6_DST_IN6ADDR
| #define GET_IPV6_DST_IN6ADDR | ( | p | ) | ((p)->dst.addr_in6addr) |
◆ GET_IPV6_SRC_ADDR
| #define GET_IPV6_SRC_ADDR | ( | p | ) | ((p)->src.addr_data32) |
◆ GET_IPV6_SRC_IN6ADDR
| #define GET_IPV6_SRC_IN6ADDR | ( | p | ) | ((p)->src.addr_in6addr) |
◆ GET_PKT_DATA
| #define GET_PKT_DATA | ( | p | ) | (((p)->ext_pkt == NULL) ? GET_PKT_DIRECT_DATA(p) : (p)->ext_pkt) |
◆ GET_PKT_DIRECT_DATA
◆ GET_PKT_DIRECT_MAX_SIZE
| #define GET_PKT_DIRECT_MAX_SIZE | ( | p | ) | (default_packet_size) |
◆ GET_PKT_LEN
◆ GET_TCP_DST_PORT
◆ GET_TCP_SRC_PORT
◆ IP_GET_RAW_VER
◆ IPPROTO_DCCP
◆ IPPROTO_HIP
◆ IPPROTO_IPIP
◆ IPPROTO_MH
◆ IPPROTO_SCTP
◆ IPPROTO_SHIM6
◆ MAX_PAYLOAD_SIZE
| #define MAX_PAYLOAD_SIZE (IPV6_HEADER_LEN + 65536 + 28) |
◆ MINIMUM_MTU
◆ PACKET_ALERT_MAX
◆ PACKET_CLEAR_L4VARS
| #define PACKET_CLEAR_L4VARS | ( | p | ) |
◆ PACKET_ENGINE_EVENT_MAX
| #define PACKET_ENGINE_EVENT_MAX 15 |
◆ PACKET_FREE_EXTDATA
| #define PACKET_FREE_EXTDATA | ( | p | ) |
◆ PKT_ALERT_CTX_USED
| #define PKT_ALERT_CTX_USED BIT_U32(3) |
◆ PKT_DEFAULT_MAX_DECODED_LAYERS
◆ PKT_DETECT_HAS_STREAMDATA
| #define PKT_DETECT_HAS_STREAMDATA BIT_U32(26) |
◆ PKT_FIRST_ALERTS
| #define PKT_FIRST_ALERTS BIT_U32(29) |
◆ PKT_FIRST_TAG
◆ PKT_HAS_FLOW
◆ PKT_HAS_TAG
◆ PKT_HOST_DST_LOOKED_UP
◆ PKT_HOST_SRC_LOOKED_UP
◆ PKT_IGNORE_CHECKSUM
| #define PKT_IGNORE_CHECKSUM BIT_U32(15) |
◆ PKT_IS_FLUSHPKT
| #define PKT_IS_FLUSHPKT | ( | p | ) | ((p)->flags & (PKT_PSEUDO_LOG_FLUSH)) |
◆ PKT_IS_FRAGMENT
◆ PKT_IS_ICMPV4
◆ PKT_IS_ICMPV6
◆ PKT_IS_INVALID
◆ PKT_IS_PSEUDOPKT
| #define PKT_IS_PSEUDOPKT | ( | p | ) | ((p)->flags & (PKT_PSEUDO_STREAM_END|PKT_PSEUDO_DETECTLOG_FLUSH)) |
◆ PKT_IS_TCP
◆ PKT_IS_TOCLIENT
| #define PKT_IS_TOCLIENT | ( | p | ) | (((p)->flowflags & FLOW_PKT_TOCLIENT)) |
◆ PKT_IS_TOSERVER
| #define PKT_IS_TOSERVER | ( | p | ) | (((p)->flowflags & FLOW_PKT_TOSERVER)) |
◆ PKT_IS_UDP
◆ PKT_NOPACKET_INSPECTION
| #define PKT_NOPACKET_INSPECTION BIT_U32(0) |
◆ PKT_NOPAYLOAD_INSPECTION
| #define PKT_NOPAYLOAD_INSPECTION BIT_U32(2) |
◆ PKT_PPP_VJ_UCOMP
| #define PKT_PPP_VJ_UCOMP BIT_U32(1) |
◆ PKT_PROFILE
◆ PKT_PROTO_DETECT_TC_DONE
◆ PKT_PROTO_DETECT_TS_DONE
| #define PKT_PROTO_DETECT_TS_DONE BIT_U32(23) |
◆ PKT_PSEUDO_DETECTLOG_FLUSH
| #define PKT_PSEUDO_DETECTLOG_FLUSH BIT_U32(27) |
◆ PKT_PSEUDO_LOG_FLUSH
| #define PKT_PSEUDO_LOG_FLUSH BIT_U32(31) |
◆ PKT_PSEUDO_STREAM_END
| #define PKT_PSEUDO_STREAM_END BIT_U32(9) |
◆ PKT_REBUILT_FRAGMENT
| #define PKT_REBUILT_FRAGMENT BIT_U32(25) |
◆ PKT_SET_SRC
| #define PKT_SET_SRC | ( | p, | |
| src_val | |||
| ) | ((p)->pkt_src = src_val) |
◆ PKT_STREAM_ADD
| #define PKT_STREAM_ADD BIT_U32(5) |
◆ PKT_STREAM_EST
| #define PKT_STREAM_EST BIT_U32(6) |
◆ PKT_STREAM_MODIFIED
| #define PKT_STREAM_MODIFIED BIT_U32(10) |
◆ PKT_STREAM_NO_EVENTS
| #define PKT_STREAM_NO_EVENTS BIT_U32(28) |
◆ PKT_STREAM_NOPCAPLOG
| #define PKT_STREAM_NOPCAPLOG BIT_U32(12) |
◆ PKT_WANTS_FLOW
| #define PKT_WANTS_FLOW BIT_U32(22) |
indication by decoder that it feels the packet should be handled by flow engine: Packet::flow_hash will be set
◆ PKT_ZERO_COPY
| #define PKT_ZERO_COPY BIT_U32(16) |
◆ SET_IPV4_DST_ADDR
| #define SET_IPV4_DST_ADDR | ( | ip4h, | |
| a | |||
| ) |
◆ SET_IPV4_SRC_ADDR
| #define SET_IPV4_SRC_ADDR | ( | ip4h, | |
| a | |||
| ) |
◆ SET_IPV6_DST_ADDR
| #define SET_IPV6_DST_ADDR | ( | ip6h, | |
| a | |||
| ) |
◆ SET_IPV6_SRC_ADDR
| #define SET_IPV6_SRC_ADDR | ( | ip6h, | |
| a | |||
| ) |
◆ SET_PKT_LEN
| #define SET_PKT_LEN | ( | p, | |
| len | |||
| ) |
◆ SET_PORT
◆ SET_TCP_DST_PORT
| #define SET_TCP_DST_PORT | ( | pkt, | |
| prt | |||
| ) |
◆ SET_TCP_SRC_PORT
| #define SET_TCP_SRC_PORT | ( | pkt, | |
| prt | |||
| ) |
◆ SET_UDP_DST_PORT
| #define SET_UDP_DST_PORT | ( | pkt, | |
| prt | |||
| ) |
◆ SET_UDP_SRC_PORT
| #define SET_UDP_SRC_PORT | ( | pkt, | |
| prt | |||
| ) |
◆ SignatureMask
◆ SIZE_OF_PACKET
| #define SIZE_OF_PACKET (default_packet_size + sizeof(Packet)) |
◆ TUNNEL_INCR_PKT_RTV_NOLOCK
| #define TUNNEL_INCR_PKT_RTV_NOLOCK | ( | p | ) |
◆ TUNNEL_PKT_RTV
| #define TUNNEL_PKT_RTV | ( | p | ) | ((p)->root ? (p)->root->tunnel_rtv_cnt : (p)->tunnel_rtv_cnt) |
◆ TUNNEL_PKT_TPR
| #define TUNNEL_PKT_TPR | ( | p | ) | ((p)->root ? (p)->root->tunnel_tpr_cnt : (p)->tunnel_tpr_cnt) |
Typedef Documentation
◆ Address
◆ AppLayerDecoderEvents
| typedef struct AppLayerDecoderEvents_ AppLayerDecoderEvents |
◆ AppLayerThreadCtx
| typedef struct AppLayerThreadCtx_ AppLayerThreadCtx |
◆ DecoderFunc
| typedef int(* DecoderFunc) (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len) |
◆ DecodeThreadVars
| typedef struct DecodeThreadVars_ DecodeThreadVars |
Structure to hold thread specific data for all decode modules.
◆ Packet
◆ PacketAlert
| typedef struct PacketAlert_ PacketAlert |
◆ PacketAlerts
| typedef struct PacketAlerts_ PacketAlerts |
◆ PacketEngineEvents
| typedef struct PacketEngineEvents_ PacketEngineEvents |
data structure to store decoder, defrag and stream events
◆ PktProfiling
| typedef struct PktProfiling_ PktProfiling |
Per pkt stats storage.
◆ PktProfilingAppData
| typedef struct PktProfilingAppData_ PktProfilingAppData |
◆ PktProfilingData
| typedef struct PktProfilingData_ PktProfilingData |
◆ PktProfilingDetectData
| typedef struct PktProfilingDetectData_ PktProfilingDetectData |
◆ PktProfilingLoggerData
| typedef struct PktProfilingLoggerData_ PktProfilingLoggerData |
◆ PktProfilingTmmData
| typedef struct PktProfilingTmmData_ PktProfilingTmmData |
Per TMM stats storage.
◆ PktVar
◆ Port
Enumeration Type Documentation
◆ ChecksumValidationMode
◆ DecodeTunnelProto
| enum DecodeTunnelProto |
◆ PacketDropReason
| enum PacketDropReason |
◆ PacketL2Types
| enum PacketL2Types |
◆ PacketL3Types
| enum PacketL3Types |
◆ PacketL4Types
| enum PacketL4Types |
◆ PacketTunnelType
| enum PacketTunnelType |
◆ PktSrcEnum
| enum PktSrcEnum |
Function Documentation
◆ DecodeARP()
| int DecodeARP | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Definition at line 29 of file decode-arp.c.
References ARP_HEADER_LEN, ARP_HEADER_MIN_LEN, ARP_HW_SIZE, ARP_HW_TYPE_ETHERNET, ARP_INVALID_HARDWARE_SIZE, ARP_INVALID_PKT, ARP_INVALID_PROTOCOL_SIZE, ARP_PKT_TOO_SMALL, ARP_PROTO_SIZE, ARP_UNSUPPORTED_HARDWARE, ARP_UNSUPPORTED_OPCODE, ARP_UNSUPPORTED_PROTOCOL, DecodeThreadVars_::counter_arp, dtv, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_IP, len, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
◆ DecodeCHDLC()
| int DecodeCHDLC | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Definition at line 42 of file decode-chdlc.c.
References CHDLC_HEADER_LEN, CHDLC_PKT_TOO_SMALL, DecodeThreadVars_::counter_chdlc, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, CHDLCHdr_::protocol, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
Referenced by ValidateLinkType().
◆ DecodeERSPAN()
| int DecodeERSPAN | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
ERSPAN Type II.
Definition at line 76 of file decode-erspan.c.
References DecodeThreadVars_::counter_erspan, DEBUG_VALIDATE_BUG_ON, DecodeEthernet(), dtv, ENGINE_SET_EVENT, ERSPAN_HEADER_TOO_SMALL, ERSPAN_TOO_MANY_VLAN_LAYERS, ERSPAN_UNSUPPORTED_VERSION, len, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, tv, version, Packet_::vlan_id, Packet_::vlan_idx, and VLAN_MAX_LAYER_IDX.
◆ DecodeERSPANTypeI()
| int DecodeERSPANTypeI | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
ERSPAN Type I.
Definition at line 65 of file decode-erspan.c.
References DecodeThreadVars_::counter_erspan, DecodeEthernet(), dtv, len, StatsIncr(), and tv.
◆ DecodeESP()
| int DecodeESP | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint16_t | len | ||
| ) |
Function to decode IPSEC-ESP packets.
- Parameters
-
tv thread vars dtv decoder thread vars p packet pkt raw packet data len length in bytes of pkt array
- Return values
-
TM_ECODE_OK or TM_ECODE_FAILED on serious error
Definition at line 64 of file decode-esp.c.
References DecodeThreadVars_::counter_esp, DEBUG_VALIDATE_BUG_ON, dtv, ESP_GET_SEQUENCE, ESP_GET_SPI, FlowSetupPacket(), len, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
Referenced by DecodeIPV4().
◆ DecodeEthernet()
| int DecodeEthernet | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Definition at line 42 of file decode-ethernet.c.
References DecodeThreadVars_::counter_eth, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, ETHERNET_HEADER_LEN, ETHERNET_PKT_TOO_SMALL, len, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
Referenced by DecodeErfDag(), DecodeERSPAN(), DecodeERSPANTypeI(), DecodeMPLS(), DecodeNSH(), UTHBuildPacketFromEth(), and ValidateLinkType().
◆ DecodeGeneve()
| int DecodeGeneve | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
- Parameters
-
pkt payload data directly above UDP header len length in bytes of pkt
Definition at line 185 of file decode-geneve.c.
References DecodeThreadVars_::counter_geneve, DEBUG_VALIDATE_BUG_ON, ThreadVars_::decode_pq, DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_UNSET, dtv, ENGINE_SET_INVALID_EVENT, eth_type, GeneveHeader_::eth_type, ETHERNET_TYPE_ARP, ETHERNET_TYPE_BRIDGE, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, GENEVE_MIN_HEADER_LEN, GENEVE_RESERVED_FLAGS, GENEVE_TOTAL_HEADER_LEN, GENEVE_UNKNOWN_PAYLOAD_TYPE, len, PacketEnqueueNoLock(), PacketTunnelPktSetup(), PKT_SET_SRC, PKT_SRC_DECODER_GENEVE, GeneveHeader_::res, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, unlikely, and GeneveHeader_::vni.
Referenced by DecodeUDP().
◆ DecodeGRE()
| int DecodeGRE | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Function to decode GRE packets.
- Todo:
- We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.
- Todo:
- We need to make sure this does not allow bypassing inspection. A server may just ignore these and continue processing the packet, but we will not look further into it.
Definition at line 47 of file decode-gre.c.
References DecodeThreadVars_::counter_gre, DEBUG_VALIDATE_BUG_ON, ThreadVars_::decode_pq, DECODE_TUNNEL_ARP, DECODE_TUNNEL_ERSPANI, DECODE_TUNNEL_ERSPANII, DECODE_TUNNEL_ETHERNET, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_PPP, DECODE_TUNNEL_VLAN, dtv, ENGINE_SET_INVALID_EVENT, ETHERNET_TYPE_ARP, ETHERNET_TYPE_BRIDGE, ETHERNET_TYPE_ERSPAN, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, GRE_CHKSUM_LEN, GRE_FLAG_ISSET_CHKSUM, GRE_FLAG_ISSET_KY, GRE_FLAG_ISSET_RECUR, GRE_FLAG_ISSET_ROUTE, GRE_FLAG_ISSET_SQ, GRE_FLAG_ISSET_SSR, GRE_GET_PROTO, GRE_GET_VERSION, GRE_HDR_LEN, GRE_KEY_LEN, GRE_OFFSET_LEN, GRE_PKT_TOO_SMALL, GRE_PROTO_PPP, GRE_SEQ_LEN, GRE_SRE_HDR_LEN, GRE_VERSION0_FLAGS, GRE_VERSION0_HDR_TOO_BIG, GRE_VERSION0_MALFORMED_SRE_HDR, GRE_VERSION0_RECUR, GRE_VERSION1_CHKSUM, GRE_VERSION1_FLAGS, GRE_VERSION1_HDR_TOO_BIG, GRE_VERSION1_NO_KEY, GRE_VERSION1_RECUR, GRE_VERSION1_ROUTE, GRE_VERSION1_SSR, GRE_VERSION1_WRONG_PROTOCOL, GRE_VERSION_0, GRE_VERSION_1, GRE_WRONG_VERSION, greh, GREV1_ACK_LEN, GREV1_FLAG_ISSET_ACK, GREV1_FLAG_ISSET_FLAGS, len, PacketEnqueueNoLock(), PacketTunnelPktSetup(), PKT_SET_SRC, PKT_SRC_DECODER_GRE, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and tv.
Referenced by DecodeIPV4(), and DecodeIPV6().
◆ DecodeICMPV4()
| int DecodeICMPV4 | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Main ICMPv4 decoding function.
DecodeICMPV4
Definition at line 143 of file decode-icmpv4.c.
References ICMPV4Hdr_::code, Packet_::code, DecodeThreadVars_::counter_icmpv4, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FlowSetupPacket(), ICMPV4Vars_::hlen, ICMP_ADDRESS, ICMP_ADDRESSREPLY, Packet_::icmp_d, ICMP_DEST_UNREACH, ICMP_ECHO, ICMP_ECHOREPLY, ICMP_EXC_FRAGTIME, ICMP_INFO_REPLY, ICMP_INFO_REQUEST, ICMP_PARAMETERPROB, ICMP_REDIR_HOSTTOS, ICMP_REDIRECT, ICMP_ROUTERADVERT, Packet_::icmp_s, ICMP_SOURCE_QUENCH, ICMP_TIME_EXCEEDED, ICMP_TIMESTAMP, ICMP_TIMESTAMPREPLY, PacketL4::L4Vars::icmpv4, ICMPV4_HEADER_LEN, ICMPV4_HEADER_PKT_OFFSET, ICMPV4_IPV4_TRUNC_PKT, ICMPV4_PKT_TOO_SMALL, ICMPV4_UNKNOWN_CODE, ICMPV4_UNKNOWN_TYPE, ICMPv4GetCounterpart(), ICMPV4ExtHdr_::id, ICMPV4Vars_::id, Packet_::l4, len, NR_ICMP_UNREACH, Packet_::payload, Packet_::payload_len, Packet_::proto, SCLogDebug, ICMPV4ExtHdr_::seq, ICMPV4Vars_::seq, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, ICMPV4Hdr_::type, type, Packet_::type, unlikely, and PacketL4::vars.
Referenced by DecodeIPV4().
◆ DecodeICMPV6()
| int DecodeICMPV6 | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Decode ICMPV6 packets and fill the Packet with the decoded info.
- Parameters
-
tv Pointer to the thread variables dtv Pointer to the decode thread variables p Pointer to the packet we are filling pkt Pointer to the raw packet buffer len the len of the rest of the packet not processed yet
- Return values
-
void No return value
Definition at line 177 of file decode-icmpv6.c.
References CERT_PATH_ADVERT, CERT_PATH_SOLICIT, ICMPV6Hdr_::code, Packet_::code, DecodeThreadVars_::counter_icmpv6, DEBUG_VALIDATE_BUG_ON, dtv, DUPL_ADDR_CONFIRM, DUPL_ADDR_REQUEST, ENGINE_ISSET_EVENT, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, FlowSetupPacket(), FMIPV6_MSG, HOME_AGENT_AD_REPLY, HOME_AGENT_AD_REQUEST, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_REJECTROUTE, ICMP6_ECHO_REPLY, ICMP6_ECHO_REQUEST, ICMP6_MOBILE_EXPERIMENTAL, ICMP6_NI_QUERY, ICMP6_NI_REPLY, ICMP6_PACKET_TOO_BIG, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, ICMP6_RR, ICMP6_TIME_EXCEED_REASSEMBLY, ICMP6_TIME_EXCEEDED, Packet_::icmp_d, Packet_::icmp_s, PacketL4::L4Vars::icmpv6, ICMPV6_EXPERIMENTATION_TYPE, ICMPV6_GET_MTU, ICMPV6_HEADER_LEN, ICMPV6_MLD_MESSAGE_WITH_INVALID_HL, ICMPV6_PKT_TOO_SMALL, ICMPV6_UNASSIGNED_TYPE, ICMPV6_UNKNOWN_CODE, ICMPV6_UNKNOWN_TYPE, ICMPV6Hdr_::icmpv6b, ICMPv6GetCounterpart(), ICMPV6Hdr_::icmpv6i, ICMPV6Info_::id, ICMPV6Vars_::id, IPV6_GET_RAW_HLIM, Packet_::l4, len, LOCATOR_UDATE_MSG, MC_ROUTER_ADVERT, MC_ROUTER_SOLICIT, MC_ROUTER_TERMINATE, MLD_LISTENER_QUERY, MLD_LISTENER_REDUCTION, MLD_LISTENER_REPORT, MLD_V2_LIST_REPORT, MOBILE_PREFIX_ADVERT, MOBILE_PREFIX_SOLICIT, MPL_CONTROL_MSG, ICMPV6Vars_::mtu, ND_INVERSE_ADVERT, ND_INVERSE_SOLICIT, ND_NEIGHBOR_ADVERT, ND_NEIGHBOR_SOLICIT, ND_REDIRECT, ND_ROUTER_ADVERT, ND_ROUTER_SOLICIT, Packet_::payload, Packet_::payload_len, Packet_::proto, RPL_CONTROL_MSG, SCLogDebug, ICMPV6Info_::seq, ICMPV6Vars_::seq, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, ICMPV6Hdr_::type, type, Packet_::type, unlikely, and PacketL4::vars.
Referenced by DecodeIPV6().
◆ DecodeIEEE8021ah()
| int DecodeIEEE8021ah | ( | ThreadVars * | , |
| DecodeThreadVars * | , | ||
| Packet * | , | ||
| const uint8_t * | , | ||
| uint32_t | |||
| ) |
◆ DecodeIPV4()
| int DecodeIPV4 | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint16_t | len | ||
| ) |
Definition at line 520 of file decode-ipv4.c.
References DecodeThreadVars_::counter_ipv4, DecodeThreadVars_::counter_ipv4inipv4, DecodeThreadVars_::counter_ipv6inipv4, ThreadVars_::decode_pq, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DecodeESP(), DecodeGRE(), DecodeICMPV4(), DecodeSCTP(), DecodeTCP(), DecodeUDP(), Defrag(), dtv, ENGINE_SET_INVALID_EVENT, Packet_::flags, FlowSetupPacket(), GET_IPV4_DST_ADDR_PTR, GET_IPV4_SRC_ADDR_PTR, IPPROTO_GRE, IPPROTO_IPIP, IPPROTO_SCTP, IPV4_GET_RAW_FLAG_DF, IPV4_GET_RAW_FLAG_MF, IPV4_GET_RAW_FLAG_RF, IPV4_GET_RAW_FRAGOFFSET, IPV4_GET_RAW_HLEN, IPV4_GET_RAW_IPID, IPV4_GET_RAW_IPLEN, IPV4_GET_RAW_IPOFFSET, IPV4_GET_RAW_IPPROTO, IPV4_WITH_ICMPV6, len, PacketEnqueueNoLock(), PacketTunnelPktSetup(), PKT_IS_FRAGMENT, PKT_PPP_VJ_UCOMP, PKT_SET_SRC, PKT_SRC_DECODER_IPV4, PrintInet(), Packet_::proto, SCLogDebug, SCLogDebugEnabled(), StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
Referenced by DecodeMPLS(), DecodeNSH(), DecodeNull(), DecodePPPOESession(), and DecodeRaw().
◆ DecodeIPV6()
| int DecodeIPV6 | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint16_t | len | ||
| ) |
Definition at line 562 of file decode-ipv6.c.
References DecodeThreadVars_::counter_ipv6, ThreadVars_::decode_pq, DecodeGRE(), DecodeICMPV6(), DecodeSCTP(), DecodeTCP(), DecodeUDP(), Defrag(), dtv, ENGINE_SET_EVENT, GET_IPV6_DST_ADDR, GET_IPV6_SRC_ADDR, IPPROTO_GRE, IPPROTO_HIP, IPPROTO_IPIP, IPPROTO_MH, IPPROTO_SCTP, IPPROTO_SHIM6, IPV6_EXTHDR_ISSET_FH, IPV6_GET_L4PROTO, IPV6_GET_RAW_CLASS, IPV6_GET_RAW_FLOW, IPV6_GET_RAW_HLIM, IPV6_GET_RAW_NH, IPV6_GET_RAW_PLEN, IPV6_HEADER_LEN, IPV6_SET_L4PROTO, IPV6_UNKNOWN_NEXT_HEADER, IPV6_WITH_ICMPV4, len, PacketEnqueueNoLock(), PrintInet(), Packet_::proto, SCLogDebug, SCLogDebugEnabled(), StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
Referenced by DecodeMPLS(), DecodeNSH(), DecodeNull(), DecodePPPOESession(), and DecodeRaw().
◆ DecodeIPV6FragHeader()
| void DecodeIPV6FragHeader | ( | Packet * | p, |
| const uint8_t * | pkt, | ||
| uint16_t | hdrextlen, | ||
| uint16_t | plen, | ||
| uint16_t | prev_hdrextlen | ||
| ) |
Definition at line 94 of file decode-ipv6.c.
References PacketL3::eh, IPV6ExtHdrs_::fh_data_len, IPV6ExtHdrs_::fh_data_offset, IPV6ExtHdrs_::fh_header_offset, IPV6ExtHdrs_::fh_id, IPV6ExtHdrs_::fh_more_frags_set, IPV6ExtHdrs_::fh_nh, IPV6ExtHdrs_::fh_offset, IPV6ExtHdrs_::fh_prev_hdr_offset, GET_PKT_DATA, PacketL3::ip6, Packet_::l3, SCLogDebug, SCNtohl, and PacketL3::vars.
◆ DecodeMPLS()
| int DecodeMPLS | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Definition at line 49 of file decode-mpls.c.
References DecodeThreadVars_::counter_mpls, DEBUG_VALIDATE_BUG_ON, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, len, MPLS_BAD_LABEL_IMPLICIT_NULL, MPLS_BAD_LABEL_RESERVED, MPLS_BAD_LABEL_ROUTER_ALERT, MPLS_BOTTOM, MPLS_HEADER_LEN, MPLS_HEADER_TOO_SMALL, MPLS_LABEL, MPLS_LABEL_IPV4, MPLS_LABEL_IPV6, MPLS_LABEL_NULL, MPLS_LABEL_ROUTER_ALERT, MPLS_MAX_RESERVED_LABEL, MPLS_PKT_TOO_SMALL, MPLS_PROTO_ETHERNET_PW, MPLS_PROTO_IPV4, MPLS_PROTO_IPV6, MPLS_PW_LEN, MPLS_UNKNOWN_PAYLOAD_TYPE, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and tv.
Referenced by DecodeNSH().
◆ DecodeNSH()
| int DecodeNSH | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Function to decode NSH packets.
Definition at line 46 of file decode-nsh.c.
References DecodeThreadVars_::counter_nsh, DEBUG_VALIDATE_BUG_ON, DecodeEthernet(), DecodeIPV4(), DecodeIPV6(), DecodeMPLS(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, len, md_type, next_protocol, NSH_BAD_HEADER_LENGTH, NSH_HEADER_TOO_SMALL, NSH_NEXT_PROTO_ETHERNET, NSH_NEXT_PROTO_IPV4, NSH_NEXT_PROTO_IPV6, NSH_NEXT_PROTO_MPLS, NSH_NEXT_PROTO_NSH, NSH_RESERVED_TYPE, NSH_UNKNOWN_PAYLOAD, NSH_UNSUPPORTED_TYPE, NSH_UNSUPPORTED_VERSION, SCLogDebug, SCLogDebugEnabled(), SCNtohl, SCNtohs, spi, spi_si, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and version.
◆ DecodeNull()
| int DecodeNull | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Definition at line 51 of file decode-null.c.
References AF_INET6_BSD, AF_INET6_DARWIN, AF_INET6_FREEBSD, AF_INET6_LINUX, AF_INET6_SOLARIS, AF_INET6_WINSOCK, DecodeThreadVars_::counter_null, DEBUG_VALIDATE_BUG_ON, DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, HDR_SIZE, len, LTNULL_PKT_TOO_SMALL, LTNULL_UNSUPPORTED_TYPE, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, type, and unlikely.
Referenced by ValidateLinkType().
◆ DecodePPP()
| int DecodePPP | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Definition at line 174 of file decode-ppp.c.
References DecodeThreadVars_::counter_ppp, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, PPP_PKT_TOO_SMALL, proto, proto_size, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, tv, and unlikely.
Referenced by ValidateLinkType().
◆ DecodePPPOEDiscovery()
| int DecodePPPOEDiscovery | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Main decoding function for PPPOE Discovery packets.
Definition at line 50 of file decode-pppoe.c.
References DecodeThreadVars_::counter_pppoe, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, PPPOE_CODE_PADI, PPPOE_CODE_PADO, PPPOE_CODE_PADR, PPPOE_CODE_PADS, PPPOE_CODE_PADT, PPPOE_DISCOVERY_HEADER_MIN_LEN, pppoe_length, PPPOE_MALFORMED_TAGS, PPPOE_PKT_TOO_SMALL, PPPOE_WRONG_CODE, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, and tv.
◆ DecodePPPOESession()
| int DecodePPPOESession | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Main decoding function for PPPOE Session packets.
Definition at line 124 of file decode-pppoe.c.
References DecodeThreadVars_::counter_pppoe, DEBUG_VALIDATE_BUG_ON, DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, IPV4_GET_RAW_VER, IPV4_HEADER_LEN, IPV6_HEADER_LEN, len, PPP_APPLE, PPP_APPLECP, PPP_BRPDU, PPP_CHAP, PPP_DECNET, PPP_DECNETCP, PPP_HELLO, PPP_IP, PPP_IPCP, PPP_IPV6, PPP_IPV6CP, PPP_IPX, PPP_IPXCP, PPP_LCP, PPP_LQM, PPP_LUXCOM, PPP_MPLS_MCAST, PPP_MPLS_UCAST, PPP_MPLSCP, PPP_NS, PPP_NSCP, PPP_OSI, PPP_OSICP, PPP_PAP, PPP_SNS, PPP_STII, PPP_STIICP, PPP_UNSUP_PROTO, PPP_VINES, PPP_VINESCP, PPP_VJ_COMP, PPP_VJ_UCOMP, PPP_WRONG_TYPE, PPPIPV4_PKT_TOO_SMALL, PPPIPV6_PKT_TOO_SMALL, PPPOESessionHdr_::pppoe_code, PPPOESessionHdr_::pppoe_length, PPPOE_PKT_TOO_SMALL, PPPOE_SESSION_GET_TYPE, PPPOE_SESSION_GET_VERSION, PPPOE_SESSION_HEADER_MIN_LEN, PPPVJU_PKT_TOO_SMALL, PPPOESessionHdr_::protocol, SCLogDebug, SCNtohs, PPPOESessionHdr_::session_id, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
◆ DecodeRaw()
| int DecodeRaw | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Definition at line 42 of file decode-raw.c.
References DecodeThreadVars_::counter_raw, DEBUG_VALIDATE_BUG_ON, DecodeIPV4(), DecodeIPV6(), dtv, ENGINE_SET_EVENT, ENGINE_SET_INVALID_EVENT, GET_PKT_DATA, GET_PKT_LEN, IP_GET_RAW_VER, IPRAW_INVALID_IPV, IPV4_HEADER_LEN, IPV4_PKT_TOO_SMALL, len, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
Referenced by ValidateLinkType().
◆ DecodeSCTP()
| int DecodeSCTP | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint16_t | len | ||
| ) |
Definition at line 62 of file decode-sctp.c.
References DecodeThreadVars_::counter_sctp, Packet_::dp, dtv, FlowSetupPacket(), len, SCLogDebug, Packet_::sp, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
Referenced by DecodeIPV4(), and DecodeIPV6().
◆ DecodeSll()
| int DecodeSll | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Definition at line 41 of file decode-sll.c.
References DecodeThreadVars_::counter_sll, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, SCLogDebug, SCNtohs, SLL_HEADER_LEN, SLL_PKT_TOO_SMALL, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
Referenced by ValidateLinkType().
◆ DecodeSll2()
| int DecodeSll2 | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Definition at line 40 of file decode-sll2.c.
References DecodeThreadVars_::counter_sll2, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, len, SCLogDebug, SCNtohs, SLL2_HEADER_LEN, SLL2_PKT_TOO_SMALL, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
Referenced by ValidateLinkType().
◆ DecodeTCP()
| int DecodeTCP | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint16_t | len | ||
| ) |
Definition at line 273 of file decode-tcp.c.
References DecodeThreadVars_::counter_tcp, dtv, FlowSetupPacket(), len, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
Referenced by DecodeIPV4(), and DecodeIPV6().
◆ DecodeTEMPLATE()
| int DecodeTEMPLATE | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Function to decode TEMPLATE packets.
- Parameters
-
tv thread vars dtv decoder thread vars p packet pkt raw packet data len length in bytes of pkt array
- Return values
-
TM_ECODE_OK or TM_ECODE_FAILED on serious error
Definition at line 51 of file decode-template.c.
References DEBUG_VALIDATE_BUG_ON, DecodeUDP(), dtv, len, TM_ECODE_FAILED, TM_ECODE_OK, tv, and unlikely.
◆ DecodeUDP()
| int DecodeUDP | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint16_t | len | ||
| ) |
Definition at line 75 of file decode-udp.c.
References DecodeThreadVars_::counter_udp, DecodeGeneve(), DecodeGeneveEnabledForPort(), DecodeTeredo(), DecodeTeredoEnabledForPort(), DecodeVXLAN(), DecodeVXLANEnabledForPort(), Packet_::dp, dtv, FlowSetupPacket(), len, likely, Packet_::payload, Packet_::payload_len, SCLogDebug, Packet_::sp, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, UDP_HEADER_LEN, and unlikely.
Referenced by DecodeIPV4(), DecodeIPV6(), and DecodeTEMPLATE().
◆ DecodeVLAN()
| int DecodeVLAN | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Definition at line 54 of file decode-vlan.c.
◆ DecodeVNTag()
| int DecodeVNTag | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
Definition at line 52 of file decode-vntag.c.
References DecodeThreadVars_::counter_vntag, DEBUG_VALIDATE_BUG_ON, dtv, ENGINE_SET_INVALID_EVENT, GET_VNTAG_DEST, GET_VNTAG_DIR, GET_VNTAG_LOOPED, GET_VNTAG_PROTO, GET_VNTAG_PTR, GET_VNTAG_SRC, GET_VNTAG_VERSION, len, proto, SCLogDebug, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, VNTAG_HEADER_LEN, VNTAG_HEADER_TOO_SMALL, and VNTAG_UNKNOWN_TYPE.
◆ DecodeVXLAN()
| int DecodeVXLAN | ( | ThreadVars * | tv, |
| DecodeThreadVars * | dtv, | ||
| Packet * | p, | ||
| const uint8_t * | pkt, | ||
| uint32_t | len | ||
| ) |
- Parameters
-
pkt payload data directly above UDP header len length in bytes of pkt
Definition at line 122 of file decode-vxlan.c.
References DecodeThreadVars_::counter_vxlan, DEBUG_VALIDATE_BUG_ON, ThreadVars_::decode_pq, DECODE_TUNNEL_IPV4, DECODE_TUNNEL_IPV6, DECODE_TUNNEL_UNSET, DECODE_TUNNEL_VLAN, dtv, ENGINE_SET_INVALID_EVENT, eth_type, ETHERNET_HEADER_LEN, ETHERNET_TYPE_8021AD, ETHERNET_TYPE_8021QINQ, ETHERNET_TYPE_ARP, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_VLAN, VXLANHeader_::flags, len, PacketEnqueueNoLock(), PacketTunnelPktSetup(), PKT_SET_SRC, PKT_SRC_DECODER_VXLAN, VXLANHeader_::res, SCLogDebug, SCNtohs, StatsIncr(), TM_ECODE_FAILED, TM_ECODE_OK, tv, unlikely, VXLANHeader_::vni, VXLAN_HEADER_LEN, and VXLAN_UNKNOWN_PAYLOAD_TYPE.
Referenced by DecodeUDP().
