#include <decode.h>
Detailed Description
Field Documentation
◆ [union]
| union { ... } Packet_ |
◆ [union]
| union { ... } Packet_ |
◆ [union]
| union { ... } Packet_ |
◆ action
| uint8_t Packet_::action |
Definition at line 609 of file decode.h.
Referenced by DetectPreFlow(), DetectPreStream(), PacketCheckAction(), PacketDrop(), and TmqhOutputPacketpool().
◆ alerts
| PacketAlerts Packet_::alerts |
Definition at line 620 of file decode.h.
Referenced by AlertFastLogger(), AlertQueueAppend(), EveAddVerdict(), PacketAlertCheck(), PacketAlertFinalize(), PacketDestructor(), PacketInit(), and PacketReinit().
◆ app_layer_events
| AppLayerDecoderEvents* Packet_::app_layer_events |
Definition at line 632 of file decode.h.
Referenced by AppLayerHandleTCPData(), AppLayerHandleUdp(), PacketCreateMask(), PacketDestructor(), PacketReinit(), and StreamTcpReassembleHandleSegmentHandleData().
◆ app_update_direction
| uint8_t Packet_::app_update_direction |
Definition at line 535 of file decode.h.
Referenced by AppLayerHandleTCPData(), AppLayerHandleUdp(), PacketReinit(), and StreamTcpReassembleHandleSegmentHandleData().
◆ BypassPacketsFlow
| int(* Packet_::BypassPacketsFlow) (struct Packet_ *) |
The function triggering bypass the flow in the capture method. Return 1 for success and 0 on error
Definition at line 594 of file decode.h.
Referenced by PacketBypassCallback(), and PacketReinit().
◆ code
| uint8_t Packet_::code |
Definition at line 512 of file decode.h.
Referenced by AlertFastLogger(), CreateEveHeader(), DecodeICMPV4(), DecodeICMPV6(), and FlowInit().
◆ datalink
| int Packet_::datalink |
data linktype in host order
Definition at line 639 of file decode.h.
Referenced by DecodeErfDag(), EvePacket(), LLVMFuzzerTestOneInput(), PacketReinit(), PacketTunnelPktSetup(), and SCPacketSetDatalink().
◆ dp
| Port Packet_::dp |
Definition at line 516 of file decode.h.
Referenced by AlertFastLogger(), DecodeSCTP(), DecodeUDP(), FlowGetPacketDirection(), FlowInit(), IPOnlyMatchPacket(), JsonAddrInfoInit(), PacketReinit(), SigMatchSignaturesGetSgh(), TLSGetIPInformations(), and UTHBuildPacketIPV6Real().
◆ drop_reason
| uint8_t Packet_::drop_reason |
Definition at line 647 of file decode.h.
Referenced by CaptureStatsUpdate(), PacketDrop(), and PacketReinit().
◆ dst
| Address Packet_::dst |
Definition at line 506 of file decode.h.
Referenced by FlowGetIpPairProtoHash(), IPOnlyMatchPacket(), PacketReinit(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), and UTHBuildPacketOfFlows().
◆ events
| PacketEngineEvents Packet_::events |
Definition at line 630 of file decode.h.
Referenced by PacketCreateMask(), PacketReinit(), PacketUpdateEngineEventCounters(), and SigMatchSignaturesGetSgh().
◆ ext_pkt
| uint8_t* Packet_::ext_pkt |
Definition at line 615 of file decode.h.
Referenced by PacketCallocExtPkt(), PacketCopyDataOffset(), and PacketSetData().
◆ flags
| uint32_t Packet_::flags |
Definition at line 544 of file decode.h.
Referenced by CaptureStatsUpdate(), DecodeIPV4(), DetectFlowMatch(), DetectReplaceExecuteInternal(), FlowHandlePacket(), FlowHandlePacketUpdate(), FlowSetupPacket(), InjectPacketsForFlush(), IPOnlyMatchPacket(), PacketAlertFinalize(), PacketCreateMask(), PacketDecodeFinalize(), PacketReinit(), PacketSetData(), PacketTunnelPktSetup(), Prefilter(), SCProfileRuleStart(), StreamReassembleRaw(), StreamReassembleRawHasDataReady(), StreamTcp(), StreamTcpInlineSegmentReplacePacket(), StreamTcpPacket(), StreamTcpReassembleAppLayer(), StreamTcpReassembleHandleSegment(), TmqhOutputFlowHash(), TmThreadDisableReceiveThreads(), and UTHAssignFlow().
◆ flow
| struct Flow_* Packet_::flow |
Definition at line 546 of file decode.h.
Referenced by CreateEveHeader(), Detect(), DetectEngineInspectFrameBufferGeneric(), DetectEngineInspectPktBufferGeneric(), DetectEntropyDoMatch(), DetectFlowintMatch(), DetectFlowvarMatch(), DetectRunPrefilterTx(), ExceptionPolicyApply(), FlowHandlePacket(), JsonBuildFileInfoRecord(), OutputFiledataLogFfc(), OutputFileLogFfc(), PacketAlertFinalize(), PacketAlertThreshold(), PacketBypassCallback(), PacketReleaseRefs(), Prefilter(), RulesDumpMatchArray(), RulesDumpTxMatchArray(), SigMatchSignatures(), StreamTcp(), StreamTcpPacket(), StreamTcpReassembleAppLayer(), StreamTcpReassembleDepthReached(), StreamTcpReassembleHandleSegment(), StreamTcpSegmentForEach(), StreamTcpSegmentForSession(), StreamTcpSessionPktFree(), TagFlowAdd(), TagHandlePacket(), TmqhReleasePacketsToPacketPool(), TmThreadsProcessDecodePseudoPackets(), TmThreadsSlotVarRun(), TmThreadTimeoutLoop(), UTHAssignFlow(), and UTHBuildPacketOfFlows().
◆ flow_hash
| uint32_t Packet_::flow_hash |
Definition at line 550 of file decode.h.
Referenced by FlowGetFlowFromHash(), FlowSetupPacket(), and TmqhOutputFlowHash().
◆ flowflags
| uint8_t Packet_::flowflags |
Definition at line 532 of file decode.h.
Referenced by AppLayerHandleUdp(), DetectFlowMatch(), FlowHandlePacketUpdate(), JsonBuildFileInfoRecord(), PacketReinit(), PacketSwap(), SigMatchSignaturesGetSgh(), and StreamTcpReassembleDepthReached().
◆ host_dst
| struct Host_* Packet_::host_dst |
Definition at line 623 of file decode.h.
Referenced by PacketReleaseRefs().
◆ host_src
| struct Host_* Packet_::host_src |
Definition at line 622 of file decode.h.
Referenced by PacketReleaseRefs().
◆ [struct]
| struct { ... } Packet_::icmp_d |
Referenced by DecodeICMPV4(), and DecodeICMPV6().
◆ [struct]
| struct { ... } Packet_::icmp_s |
Referenced by AlertFastLogger(), CreateEveHeader(), DecodeICMPV4(), DecodeICMPV6(), and FlowInit().
◆ ipfw_v
| IPFWPacketVars Packet_::ipfw_v |
◆ l2
◆ l3
| struct PacketL3 Packet_::l3 |
Definition at line 600 of file decode.h.
Referenced by DecodeIPV6FragHeader(), and ReCalculateChecksum().
◆ l4
| struct PacketL4 Packet_::l4 |
Definition at line 601 of file decode.h.
Referenced by DecodeICMPV4(), DecodeICMPV6(), ReCalculateChecksum(), StreamTcpUTAddPayload(), StreamTcpUTAddSegmentWithByte(), and StreamTcpUTAddSegmentWithPayload().
◆ livedev
| struct LiveDevice_* Packet_::livedev |
Definition at line 618 of file decode.h.
Referenced by CreateEveHeader(), FlowInit(), PacketDefragPktSetup(), PacketInit(), PacketReinit(), PacketTunnelPktSetup(), and SCPacketSetLiveDevice().
◆ nb_decoded_layers
| uint8_t Packet_::nb_decoded_layers |
Definition at line 644 of file decode.h.
Referenced by PacketReinit(), and PacketTunnelPktSetup().
◆ next
| struct Packet_* Packet_::next |
Definition at line 635 of file decode.h.
Referenced by PacketPoolDestroy(), PacketPoolGetPacket(), PacketPoolReturnPacket(), and PacketReinit().
◆ nfq_v
| NFQPacketVars Packet_::nfq_v |
◆ payload
| uint8_t* Packet_::payload |
Definition at line 605 of file decode.h.
Referenced by AppLayerHandleUdp(), DecodeICMPV4(), DecodeICMPV6(), DecodeUDP(), DetectEngineInspectPacketPayload(), PacketReinit(), StreamTcpInlineSegmentCompare(), StreamTcpInlineSegmentReplacePacket(), StreamTcpReassembleHandleSegmentHandleData(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), and UTHBuildPacketIPV6Real().
◆ payload_len
| uint16_t Packet_::payload_len |
Definition at line 606 of file decode.h.
Referenced by AppLayerHandleUdp(), DecodeICMPV4(), DecodeICMPV6(), DecodeUDP(), DetectEngineInspectPacketPayload(), PacketCreateMask(), PacketReinit(), Prefilter(), ReCalculateChecksum(), StreamReassembleRawHasDataReady(), StreamTcpInlineSegmentCompare(), StreamTcpInlineSegmentReplacePacket(), StreamTcpReassembleHandleSegment(), StreamTcpReassembleHandleSegmentHandleData(), StreamTcpUTAddSegmentWithByte(), StreamTcpUTAddSegmentWithPayload(), and UTHBuildPacketIPV6Real().
◆ pcap_cnt
| uint64_t Packet_::pcap_cnt |
packet number in the pcap file, matches wireshark
Definition at line 626 of file decode.h.
Referenced by AlertFastLogger(), CreateEveHeader(), DetectEngineInspectFrameBufferGeneric(), DetectEngineInspectStream(), DetectPreFlow(), DetectPreStream(), DetectRunPrefilterFrame(), DetectRunPrefilterTx(), ExceptionPolicyApply(), FlowHandlePacketUpdate(), LLVMFuzzerTestOneInput(), PacketReinit(), SCProfilingPrintPacketProfile(), StreamReassembleRawUpdateProgress(), StreamTcp(), StreamTcpPacket(), StreamTcpReassembleHandleSegment(), and StreamTcpSackUpdatePacket().
◆ pcap_v
| PcapPacketVars Packet_::pcap_v |
◆ [struct]
| struct { ... } Packet_::persistent |
Referenced by PacketDestructor(), PacketInit(), and TmqhOutputPacketpool().
◆ pkt_data
| uint8_t Packet_::pkt_data[] |
flex array accessor to allocated packet data. Size of the additional data is default_packet_size. If this is insufficient, Packet::ext_pkt will be used instead.
◆ pkt_hooks
| uint16_t Packet_::pkt_hooks |
bit flags of SignatureHookPkt values this packet should trigger
Definition at line 541 of file decode.h.
Referenced by FlowHandlePacketUpdate(), PacketReinit(), and Prefilter().
◆ pkt_src
| uint8_t Packet_::pkt_src |
Definition at line 611 of file decode.h.
Referenced by CreateEveHeader(), LLVMFuzzerTestOneInput(), PacketDequeueNoLock(), PacketEnqueueNoLock(), PacketReinit(), SCPacketSetSource(), and StreamTcp().
◆ pktlen
◆ pktvar
| PktVar* Packet_::pktvar |
Definition at line 597 of file decode.h.
Referenced by EveAddMetadata(), PacketDestructor(), PacketReinit(), PktVarAdd(), PktVarAddKeyValue(), and PktVarGet().
◆ plugin_v
| uint8_t Packet_::plugin_v[PLUGIN_VAR_SIZE] |
◆ pool
| struct PktPool_* Packet_::pool |
Definition at line 670 of file decode.h.
Referenced by PacketFreeOrRelease(), PacketPoolGetPacket(), PacketPoolReturnPacket(), TmqhOutputPacketpool(), and TmqhOutputSimple().
◆ prev
| struct Packet_* Packet_::prev |
Definition at line 636 of file decode.h.
Referenced by PacketReinit().
◆ profile
| PktProfiling* Packet_::profile |
Definition at line 673 of file decode.h.
Referenced by SCProfileRuleStart(), SCProfilingAddPacket(), and SCProfilingPrintPacketProfile().
◆ proto
| uint8_t Packet_::proto |
Definition at line 523 of file decode.h.
Referenced by CreateEveHeader(), DecodeICMPV4(), DecodeICMPV6(), DecodeIPV4(), DecodeIPV6(), DetectEngineInspectFrameBufferGeneric(), DetectEngineInspectStream(), EveAddVerdict(), FlowGetIpPairProtoHash(), FlowGetPacketDirection(), FlowInit(), FrameJsonLogOneFrame(), FramesPrune(), IPOnlyMatchPacket(), JsonAddrInfoInit(), PacketReinit(), Prefilter(), SCProfilingAddPacket(), SCProfilingPrintPacketProfile(), SigMatchSignaturesGetSgh(), StreamSegmentForEach(), StreamSegmentForSession(), TcpSessionPacketSsnReuse(), and UTHBuildPacketIPV6Real().
◆ recursion_level
| uint8_t Packet_::recursion_level |
Definition at line 526 of file decode.h.
Referenced by FlowGetIpPairProtoHash(), FlowInit(), PacketDefragPktSetup(), PacketReinit(), and PacketTunnelPktSetup().
◆ ReleasePacket
| void(* Packet_::ReleasePacket) (struct Packet_ *) |
The release function for packet structure and data
Definition at line 591 of file decode.h.
Referenced by PacketFreeOrRelease(), PacketGetFromAlloc(), PacketGetFromQueueOrAlloc(), SCPacketSetReleasePacket(), and TmqhOutputPacketpool().
◆ root
| struct Packet_* Packet_::root |
Definition at line 653 of file decode.h.
Referenced by PacketCheckAction(), PacketDefragPktSetup(), PacketDrop(), PacketReinit(), PacketTunnelPktSetup(), TmqhOutputPacketpool(), and TmqhOutputSimple().
◆ sig_mask
| SignatureMask Packet_::sig_mask |
sig mask flags this packet has, used in signature matching
Definition at line 538 of file decode.h.
Referenced by PacketReinit().
◆ sp
| Port Packet_::sp |
Definition at line 508 of file decode.h.
Referenced by AlertFastLogger(), DecodeSCTP(), DecodeUDP(), FlowGetPacketDirection(), FlowInit(), IPOnlyMatchPacket(), JsonAddrInfoInit(), PacketReinit(), SigMatchSignaturesGetSgh(), TLSGetIPInformations(), and UTHBuildPacketIPV6Real().
◆ src
| Address Packet_::src |
Definition at line 505 of file decode.h.
Referenced by FlowGetIpPairProtoHash(), FlowGetPacketDirection(), IPOnlyMatchPacket(), PacketReinit(), TagHashAddTag(), TmqhOutputFlowIPPair(), UTHBuildPacketIPV6Real(), and UTHBuildPacketOfFlows().
◆ tenant_id
| uint32_t Packet_::tenant_id |
tenant id for this packet, if any. If 0 then no tenant was assigned.
Definition at line 665 of file decode.h.
Referenced by AlertJsonHeader(), Detect(), PacketDefragPktSetup(), PacketReinit(), and PacketTunnelPktSetup().
◆ ts
| SCTime_t Packet_::ts |
Definition at line 555 of file decode.h.
Referenced by AlertFastLogger(), CreateEveHeader(), DefragGetTrackerFromHash(), FlowGetFlowFromHash(), FlowHandlePacketUpdate(), FlowInit(), LLVMFuzzerTestOneInput(), PacketDefragPktSetup(), PacketReinit(), PacketTunnelPktSetup(), SCPacketSetTime(), and UTHBuildPacketIPV6Real().
◆ ttype
| enum PacketTunnelType Packet_::ttype |
Definition at line 553 of file decode.h.
Referenced by PacketDefragPktSetup(), PacketDefragPktSetupParent(), PacketReinit(), and PacketTunnelPktSetup().
◆ tunnel_lock
| SCSpinlock Packet_::tunnel_lock |
lock to protect access to:
- tunnel_rtv_cnt
- tunnel_tpr_cnt
- tunnel_verdicted
- nfq_v.mark (if p->ttype != PacketTunnelNone)
Definition at line 683 of file decode.h.
Referenced by PacketDestructor(), PacketInit(), and TmqhOutputPacketpool().
◆ tunnel_rtv_cnt
| uint16_t Packet_::tunnel_rtv_cnt |
Definition at line 660 of file decode.h.
Referenced by PacketReinit().
◆ tunnel_tpr_cnt
| uint16_t Packet_::tunnel_tpr_cnt |
Definition at line 662 of file decode.h.
Referenced by PacketReinit().
◆ tunnel_verdicted
| bool Packet_::tunnel_verdicted |
has verdict on this tunneled packet been issued?
Definition at line 650 of file decode.h.
Referenced by PacketReinit().
◆ type
| uint8_t Packet_::type |
Definition at line 511 of file decode.h.
Referenced by AlertFastLogger(), CreateEveHeader(), DecodeICMPV4(), DecodeICMPV6(), and FlowInit().
◆ vlan_id
| uint16_t Packet_::vlan_id[VLAN_MAX_LAYERS] |
Definition at line 528 of file decode.h.
Referenced by __attribute__(), CreateEveHeader(), DecodeERSPAN(), FlowGetIpPairProtoHash(), FlowInit(), PacketDefragPktSetup(), and PacketReinit().
◆ vlan_idx
| uint8_t Packet_::vlan_idx |
Definition at line 529 of file decode.h.
Referenced by __attribute__(), CreateEveHeader(), DecodeERSPAN(), FlowInit(), PacketDefragPktSetup(), and PacketReinit().
The documentation for this struct was generated from the following file:
- src/decode.h
