suricata
Data Structures | Typedefs | Functions
defrag.h File Reference
#include "threads.h"
#include "util-pool.h"
#include "threadvars.h"
#include "decode.h"
Include dependency graph for defrag.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  DefragContext_
 
struct  Frag_
 
struct  DefragTracker_
 

Typedefs

typedef struct DefragContext_ DefragContext
 
typedef struct Frag_ Frag
 
typedef struct DefragTracker_ DefragTracker
 

Functions

int DefragRbFragCompare (struct Frag_ *a, struct Frag_ *b)
 
 RB_HEAD (IP_FRAGMENTS, Frag_)
 
 RB_PROTOTYPE (IP_FRAGMENTS, Frag_, rb, DefragRbFragCompare)
 
void DefragInit (void)
 
void DefragDestroy (void)
 
uint8_t DefragGetOsPolicy (Packet *)
 Get the defrag policy based on the destination address of the packet.
 
void DefragTrackerFreeFrags (DefragTracker *)
 Free all frags associated with a tracker.
 
PacketDefrag (ThreadVars *, DecodeThreadVars *, Packet *)
 Entry point for IPv4 and IPv6 fragments.
 
void DefragRegisterTests (void)
 

Detailed Description

Author
Endace Technology Limited, Jason Ish jason.nosp@m..ish.nosp@m.@enda.nosp@m.ce.c.nosp@m.om

Definition in file defrag.h.

Typedef Documentation

◆ DefragContext

typedef struct DefragContext_ DefragContext

A context for an instance of a fragmentation re-assembler, in case we ever need more than one.

◆ DefragTracker

typedef struct DefragTracker_ DefragTracker

A defragmentation tracker. Used to track fragments that make up a single packet.

◆ Frag

typedef struct Frag_ Frag

Storage for an individual fragment.

Function Documentation

◆ Defrag()

Packet * Defrag ( ThreadVars tv,
DecodeThreadVars dtv,
Packet p 
)

Entry point for IPv4 and IPv6 fragments.

Parameters
tvThreadVars for the calling decoder.
pThe packet fragment.
Return values
Anew Packet resembling the re-assembled packet if the most recent fragment allowed the packet to be re-assembled, otherwise NULL is returned.

Definition at line 1063 of file defrag.c.

References af, DecodeThreadVars_::counter_defrag_ipv4_fragments, DecodeThreadVars_::counter_defrag_ipv6_fragments, DecodeThreadVars_::counter_defrag_max_hit, DefragTrackerRelease(), dtv, IPV4_GET_RAW_FLAG_MF, IPV4_GET_RAW_FRAGOFFSET, IPV6_EXTHDR_GET_FH_FLAG, IPV6_EXTHDR_GET_FH_OFFSET, StatsIncr(), and tv.

Referenced by DecodeIPV4(), and DecodeIPV6().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DefragDestroy()

void DefragDestroy ( void  )

Definition at line 1129 of file defrag.c.

References DefragHashShutdown(), and DefragTreeDestroy().

Referenced by PostRunDeinit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DefragGetOsPolicy()

uint8_t DefragGetOsPolicy ( Packet p)

Get the defrag policy based on the destination address of the packet.

Parameters
pThe packet used to get the destination address.
Return values
Thedefrag policy to use.

Definition at line 985 of file defrag.c.

References DEFRAG_POLICY_BSD, DEFRAG_POLICY_BSD_RIGHT, DEFRAG_POLICY_FIRST, DEFRAG_POLICY_LAST, DEFRAG_POLICY_LINUX, DEFRAG_POLICY_SOLARIS, DEFRAG_POLICY_WINDOWS, GET_IPV4_DST_ADDR_PTR, GET_IPV6_DST_ADDR, OS_POLICY_BSD, OS_POLICY_BSD_RIGHT, OS_POLICY_FIRST, OS_POLICY_HPUX10, OS_POLICY_HPUX11, OS_POLICY_IRIX, OS_POLICY_LAST, OS_POLICY_LINUX, OS_POLICY_MACOS, OS_POLICY_OLD_LINUX, OS_POLICY_OLD_SOLARIS, OS_POLICY_SOLARIS, OS_POLICY_VISTA, OS_POLICY_WINDOWS, OS_POLICY_WINDOWS2K3, SCHInfoGetIPv4HostOSFlavour(), and SCHInfoGetIPv6HostOSFlavour().

Here is the call graph for this function:

◆ DefragInit()

void DefragInit ( void  )

Definition at line 1109 of file defrag.c.

References DEFAULT_DEFRAG_HASH_SIZE, DefragInitConfig(), DefragPolicyLoadFromConfig(), DefragSetDefaultTimeout(), FatalError, SCConfGetInt(), and DefragContext_::timeout.

Referenced by PreRunInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ DefragRbFragCompare()

int DefragRbFragCompare ( struct Frag_ a,
struct Frag_ b 
)

The RB_TREE compare function for fragments.

When it comes to adding fragments, we want subsequent ones with the same offset to be treated as greater than, so we don't have an equal return value here.

Definition at line 537 of file defrag.c.

References Frag_::offset.

◆ DefragRegisterTests()

void DefragRegisterTests ( void  )

Definition at line 3111 of file defrag.c.

References UtRegisterTest().

Here is the call graph for this function:

◆ DefragTrackerFreeFrags()

void DefragTrackerFreeFrags ( DefragTracker tracker)

Free all frags associated with a tracker.

Definition at line 132 of file defrag.c.

References DefragContext_::frag_pool, DefragContext_::frag_pool_lock, DefragTracker_::fragment_tree, PoolReturn(), RB_FOREACH_SAFE, RB_REMOVE, SCMutexLock, and SCMutexUnlock.

Referenced by DefragTrackerClearMemory().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ RB_HEAD()

RB_HEAD ( IP_FRAGMENTS  ,
Frag_   
)

◆ RB_PROTOTYPE()

RB_PROTOTYPE ( IP_FRAGMENTS  ,
Frag_  ,
rb  ,
DefragRbFragCompare   
)