decode.c File Reference

#include <string.h>
#include <stdlib.h>
#include "decode.h"
#include "snort.h"
#include "debug.h"
#include "util.h"
#include "detect.h"
#include "checksum.h"
#include "log.h"
#include "generators.h"
#include "event_queue.h"
#include "inline.h"

Go to the source code of this file.

Functions
void	DecodeEthPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodeIEEE80211Pkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodeVlan (u_int8_t *pkt, const u_int32_t len, Packet *p)
void	DecodeNullPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodeTRPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodeFDDIPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodeOldPflog (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodePflog (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodePPPoEPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodePppPktEncapsulated (Packet *p, const u_int32_t len, u_int8_t *pkt)
void	DecodePppPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodePppSerialPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodeSlipPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodeRawPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodeI4LRawIPPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodeI4LCiscoIPPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	DecodeChdlcPkt (Packet *p, struct pcap_pkthdr *pkthdr, u_int8_t *pkt)
void	IPHdrTests (IPHdr *p)
void	DecodeIP (u_int8_t *pkt, const u_int32_t len, Packet *p)
int	DecodeIPOnly (u_int8_t *pkt, const u_int32_t len, Packet *p)
void	DecodeTCP (u_int8_t *pkt, const u_int32_t len, Packet *p)
void	DecodeUDP (u_int8_t *pkt, const u_int32_t len, Packet *p)
void	DecodeICMP (u_int8_t *pkt, const u_int32_t len, Packet *p)
void	DecodeARP (u_int8_t *pkt, u_int32_t len, Packet *p)
void	DecodeEapol (u_int8_t *pkt, u_int32_t len, Packet *p)
void	DecodeEapolKey (u_int8_t *pkt, u_int32_t len, Packet *p)
void	DecodeEAP (u_int8_t *pkt, const u_int32_t len, Packet *p)
void	DecodeIPV6 (u_int8_t *pkt, u_int32_t len)
void	DecodeEthLoopback (u_int8_t *pkt, u_int32_t len)
void	DecodeIPX (u_int8_t *pkt, u_int32_t len)
static int	OptLenValidate (u_int8_t *option_ptr, u_int8_t *end, u_int8_t *len_ptr, int expected_len, Options *tcpopt, u_int8_t *byte_skip)
void	DecodeTCPOptions (u_int8_t *start, u_int32_t o_len, Packet *p)
void	DecodeIPOptions (u_int8_t *start, u_int32_t o_len, Packet *p)
void	InitDecoderFlags (void)
Variables
HttpUri	UriBufs [URI_COUNT]
u_int8_t	DecodeBuffer [DECODE_BLEN]

---

Function Documentation

void DecodeARP (  u_int8_t *  pkt, u_int32_t  len, Packet *  p )

Definition at line 3051 of file decode.c. References _Packet::ah, _PacketCount::arp, DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_ARP_TRUNCATED, DECODE_ARP_TRUNCATED_STR, DECODE_CLASS, _progvars::decoder_flags, _PacketCount::discards, _DecoderFlags::drop_alerts, ErrorMessage(), GENERATOR_SNORT_DECODE, InlineDrop(), InlineMode(), MODE_IDS, pc, pv, runMode, SnortEventqAdd(), and _progvars::verbose_flag. Referenced by DecodeEthPkt(), DecodeIEEE80211Pkt(), and DecodeVlan().

void DecodeChdlcPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 1872 of file decode.c. References bzero, CHDLC_ADDR_MULTICAST, CHDLC_ADDR_UNICAST, CHDLC_HEADER_LEN, DEBUG_DECODE, DEBUG_WRAP, DecodeIP(), ErrorMessage(), ETHERNET_TYPE_IP, _PacketCount::other, pc, pv, and _progvars::verbose_flag. Referenced by DecodePppSerialPkt(), and SetPktProcessor().

void DecodeEAP (  u_int8_t *  pkt, const u_int32_t  len, Packet *  p )

Definition at line 3173 of file decode.c. References _EAPHdr::code, DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_CLASS, DECODE_EAP_TRUNCATED, DECODE_EAP_TRUNCATED_STR, _progvars::decoder_flags, _PacketCount::discards, _DecoderFlags::drop_alerts, EAP_CODE_REQUEST, EAP_CODE_RESPONSE, _Packet::eaph, _Packet::eaptype, GENERATOR_SNORT_DECODE, InlineDrop(), InlineMode(), MODE_IDS, pc, pv, runMode, SnortEventqAdd(), and _progvars::verbose_flag. Referenced by DecodeEapol().

void DecodeEapol (  u_int8_t *  pkt, u_int32_t  len, Packet *  p )

Definition at line 3091 of file decode.c. References DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_CLASS, DECODE_EAPOL_TRUNCATED, DECODE_EAPOL_TRUNCATED_STR, DecodeEAP(), DecodeEapolKey(), _progvars::decoder_flags, _PacketCount::discards, _DecoderFlags::drop_alerts, _PacketCount::eapol, EAPOL_TYPE_EAP, EAPOL_TYPE_KEY, _EtherEapol::eaptype, _Packet::eplh, ErrorMessage(), GENERATOR_SNORT_DECODE, InlineDrop(), InlineMode(), MODE_IDS, pc, pv, runMode, SnortEventqAdd(), and _progvars::verbose_flag. Referenced by DecodeIEEE80211Pkt().

void DecodeEapolKey (  u_int8_t *  pkt, u_int32_t  len, Packet *  p )

Definition at line 3135 of file decode.c. References DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_CLASS, DECODE_EAPKEY_TRUNCATED, DECODE_EAPKEY_TRUNCATED_STR, _progvars::decoder_flags, _PacketCount::discards, _DecoderFlags::drop_alerts, _Packet::eapolk, GENERATOR_SNORT_DECODE, InlineDrop(), InlineMode(), MODE_IDS, pc, pv, runMode, SnortEventqAdd(), and _progvars::verbose_flag. Referenced by DecodeEapol().

void DecodeEthLoopback (  u_int8_t *  pkt, u_int32_t  len )

Definition at line 3232 of file decode.c. References DEBUG_DECODE, DEBUG_WRAP, _PacketCount::ethloopback, and pc. Referenced by DecodeEthPkt().

void DecodeEthPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 60 of file decode.c. References bzero, pcap_pkthdr::caplen, DEBUG_DECODE, DEBUG_WRAP, DecodeARP(), DecodeEthLoopback(), DecodeIP(), DecodeIPV6(), DecodeIPX(), DecodePPPoEPkt(), DecodeVlan(), ErrorMessage(), ETHERNET_HEADER_LEN, ETHERNET_TYPE_8021Q, ETHERNET_TYPE_ARP, ETHERNET_TYPE_IP, ETHERNET_TYPE_IPV6, ETHERNET_TYPE_IPX, ETHERNET_TYPE_LOOP, ETHERNET_TYPE_PPPoE_DISC, ETHERNET_TYPE_PPPoE_SESS, ETHERNET_TYPE_REVARP, pcap_pkthdr::len, _PacketCount::other, pc, pv, snaplen, and _progvars::verbose_flag. Referenced by SetPktProcessor().

void DecodeFDDIPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 836 of file decode.c. References _PacketCount::arp, bzero, pcap_pkthdr::caplen, DEBUG_DECODE, DEBUG_WRAP, DecodeIP(), DecodeVlan(), ErrorMessage(), ETHERNET_TYPE_8021Q, ETHERNET_TYPE_ARP, ETHERNET_TYPE_IP, ETHERNET_TYPE_REVARP, FDDI_DSAP_IP, FDDI_DSAP_SNA, FDDI_SSAP_IP, FDDI_SSAP_SNA, pcap_pkthdr::len, _PacketCount::other, pc, pv, snaplen, and _progvars::verbose_flag. Referenced by SetPktProcessor().

void DecodeI4LCiscoIPPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 1837 of file decode.c. References bzero, DEBUG_DECODE, DEBUG_WRAP, DecodeIP(), _PacketCount::other, and pc. Referenced by SetPktProcessor().

void DecodeI4LRawIPPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 1800 of file decode.c. References bzero, DEBUG_DECODE, DEBUG_WRAP, DecodeIP(), _PacketCount::other, and pc. Referenced by SetPktProcessor().

void DecodeICMP (  u_int8_t *  pkt, const u_int32_t  len, Packet *  p )

Definition at line 2788 of file decode.c. References _progvars::checksums_mode, _ICMPHdr::code, CSE_ICMP, _Packet::csum_flags, _Packet::data, DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_CLASS, DECODE_ICMP_DGRAM_LT_ADDRHDR, DECODE_ICMP_DGRAM_LT_ADDRHDR_STR, DECODE_ICMP_DGRAM_LT_ICMPHDR, DECODE_ICMP_DGRAM_LT_ICMPHDR_STR, DECODE_ICMP_DGRAM_LT_TIMESTAMPHDR, DECODE_ICMP_DGRAM_LT_TIMESTAMPHDR_STR, DECODE_IPV4_DGRAM_UNKNOWN, DECODE_IPV4_DGRAM_UNKNOWN_STR, DecodeIPOnly(), _progvars::decoder_flags, _PacketCount::discards, DO_ICMP_CHECKSUMS, _DecoderFlags::drop_alerts, _Packet::dsize, ErrorMessage(), GENERATOR_SNORT_DECODE, ICMP_ADDRESS, ICMP_ADDRESSREPLY, ICMP_DEST_UNREACH, ICMP_ECHO, ICMP_ECHOREPLY, ICMP_HEADER_LEN, ICMP_INFO_REPLY, ICMP_INFO_REQUEST, ICMP_PARAMETERPROB, ICMP_REDIRECT, ICMP_ROUTER_ADVERTISE, ICMP_ROUTER_SOLICIT, ICMP_SOURCE_QUENCH, ICMP_TIME_EXCEEDED, ICMP_TIMESTAMP, ICMP_TIMESTAMPREPLY, _Packet::icmph, in_chksum_icmp(), InlineDrop(), InlineMode(), MODE_IDS, NULL, pc, pv, runMode, SnortEventqAdd(), _ICMPHdr::type, and _progvars::verbose_flag. Referenced by DecodeIP().

void DecodeIEEE80211Pkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 169 of file decode.c. References bzero, pcap_pkthdr::caplen, ClearDumpBuf(), DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_BAD_80211_ETHLLC, DECODE_BAD_80211_ETHLLC_STR, DECODE_CLASS, DecodeARP(), DecodeEapol(), DecodeIP(), _progvars::decoder_flags, DecodeVlan(), _DecoderFlags::drop_alerts, ErrorMessage(), ETH_DSAP_IP, ETH_SSAP_IP, ETHERNET_TYPE_8021Q, ETHERNET_TYPE_ARP, ETHERNET_TYPE_EAPOL, ETHERNET_TYPE_IP, ETHERNET_TYPE_REVARP, GENERATOR_SNORT_DECODE, IEEE802_11_DATA_HDR_LEN, InlineDrop(), InlineMode(), pcap_pkthdr::len, MINIMAL_IEEE80211_HEADER_LEN, MODE_IDS, _PacketCount::other, pc, PrintNetData(), pv, runMode, snaplen, SnortEventqAdd(), _progvars::verbose_flag, _PacketCount::wifi_control, _PacketCount::wifi_data, _PacketCount::wifi_mgmt, WLAN_TYPE_CONT_ACK, WLAN_TYPE_CONT_CFACK, WLAN_TYPE_CONT_CFE, WLAN_TYPE_CONT_CTS, WLAN_TYPE_CONT_PS, WLAN_TYPE_CONT_RTS, WLAN_TYPE_DATA_ACKPL, WLAN_TYPE_DATA_CFACK, WLAN_TYPE_DATA_CFPL, WLAN_TYPE_DATA_DATA, WLAN_TYPE_DATA_DTACKPL, WLAN_TYPE_DATA_DTCFACK, WLAN_TYPE_DATA_DTCFPL, WLAN_TYPE_DATA_NULL, WLAN_TYPE_MGMT_ASREQ, WLAN_TYPE_MGMT_ASRES, WLAN_TYPE_MGMT_ATIM, WLAN_TYPE_MGMT_AUTH, WLAN_TYPE_MGMT_BEACON, WLAN_TYPE_MGMT_DEAUTH, WLAN_TYPE_MGMT_DIS, WLAN_TYPE_MGMT_PRREQ, WLAN_TYPE_MGMT_PRRES, WLAN_TYPE_MGMT_REREQ, and WLAN_TYPE_MGMT_RERES. Referenced by SetPktProcessor().

void DecodeIP (  u_int8_t *  pkt, const u_int32_t  len, Packet *  p )

Definition at line 2005 of file decode.c. References _Packet::actual_ip_len, _progvars::checksums_mode, ClearDumpBuf(), CSE_IP, _Packet::csum_flags, _Packet::data, DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_CLASS, DECODE_IPV4_DGRAM_LT_IPHDR, DECODE_IPV4_DGRAM_LT_IPHDR_STR, DECODE_IPV4_INVALID_HEADER_LEN, DECODE_IPV4_INVALID_HEADER_LEN_STR, DECODE_NOT_IPV4_DGRAM, DECODE_NOT_IPV4_DGRAM_STR, DecodeICMP(), DecodeIPOptions(), _progvars::decoder_flags, DecodeTCP(), DecodeUDP(), _Packet::df, _PacketCount::discards, DO_IP_CHECKSUMS, _DecoderFlags::drop_alerts, _Packet::dsize, ErrorMessage(), _Packet::frag_flag, _Packet::frag_offset, _PacketCount::frags, GENERATOR_SNORT_DECODE, _PacketCount::icmp, in_chksum_ip(), InlineDrop(), InlineMode(), IP_HEADER_LEN, IP_HLEN, _IPHdr::ip_len, _IPHdr::ip_off, _Packet::ip_option_count, _Packet::ip_options_data, _Packet::ip_options_len, _IPHdr::ip_proto, IP_VER, _Packet::iph, IPHdrTests(), _Packet::mf, MODE_IDS, NULL, _PacketCount::other, pc, pv, _Packet::rf, runMode, SnortEventqAdd(), _PacketCount::tcp, _PacketCount::udp, and _progvars::verbose_flag. Referenced by DecodeChdlcPkt(), DecodeEthPkt(), DecodeFDDIPkt(), DecodeI4LCiscoIPPkt(), DecodeI4LRawIPPkt(), DecodeIEEE80211Pkt(), DecodeNullPkt(), DecodeOldPflog(), DecodePflog(), DecodePppPktEncapsulated(), DecodeRawPkt(), DecodeSlipPkt(), DecodeTRPkt(), and DecodeVlan().

int DecodeIPOnly (  u_int8_t *  pkt, const u_int32_t  len, Packet *  p )

Definition at line 2277 of file decode.c. References _Packet::data, DEBUG_DECODE, DEBUG_WRAP, _Packet::df, _Packet::dsize, ErrorMessage(), _Packet::frag_flag, _Packet::frag_offset, IP_HEADER_LEN, IP_HLEN, _IPHdr::ip_len, _IPHdr::ip_off, _Packet::ip_option_count, _IPHdr::ip_proto, IP_VER, _Packet::mf, NULL, _Packet::orig_dp, _Packet::orig_icmph, _Packet::orig_iph, _Packet::orig_sp, _Packet::orig_tcph, _Packet::orig_udph, pv, _Packet::rf, _TCPHdr::th_dport, _TCPHdr::th_sport, _UDPHdr::uh_dport, _UDPHdr::uh_sport, and _progvars::verbose_flag. Referenced by DecodeICMP().

void DecodeIPOptions (  u_int8_t *  start, u_int32_t  o_len, Packet *  p )

Definition at line 3606 of file decode.c. References _Options::code, _Options::data, DEBUG_DECODE, DEBUG_WRAP, DECODE_CLASS, DECODE_IPV4OPT_BADLEN, DECODE_IPV4OPT_BADLEN_STR, DECODE_IPV4OPT_TRUNCATED, DECODE_IPV4OPT_TRUNCATED_STR, _progvars::decoder_flags, _DecoderFlags::drop_ipopt_decode, GENERATOR_SNORT_DECODE, InlineDrop(), InlineMode(), _Packet::ip_option_count, _Packet::ip_options, _DecoderFlags::ipopt_decode, IPOPT_EOL, IPOPT_NOP, IPOPT_RTRALT, _Options::len, MODE_IDS, NULL, opt_count, OptLenValidate(), pv, runMode, SnortEventqAdd(), TCP_OPT_BADLEN, and TCP_OPT_TRUNC. Referenced by DecodeIP().

void DecodeIPV6 (  u_int8_t *  pkt, u_int32_t  len )

Definition at line 3214 of file decode.c. References DEBUG_DECODE, DEBUG_WRAP, _PacketCount::ipv6, and pc. Referenced by DecodeEthPkt(), DecodeOldPflog(), and DecodePflog().

void DecodeIPX (  u_int8_t *  pkt, u_int32_t  len )

Definition at line 3251 of file decode.c. References DEBUG_DECODE, DEBUG_WRAP, _PacketCount::ipx, and pc. Referenced by DecodeEthPkt(), and DecodePppPktEncapsulated().

void DecodeNullPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 576 of file decode.c. References bzero, pcap_pkthdr::caplen, DEBUG_DECODE, DEBUG_WRAP, DecodeIP(), ErrorMessage(), pcap_pkthdr::len, NULL_HDRLEN, pv, and _progvars::verbose_flag. Referenced by SetPktProcessor().

void DecodeOldPflog (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 1098 of file decode.c. References bzero, pcap_pkthdr::caplen, DEBUG_DECODE, DEBUG_WRAP, DecodeIP(), DecodeIPV6(), ErrorMessage(), pcap_pkthdr::len, OLDPFLOG_HDRLEN, _PacketCount::other, pc, pv, snaplen, and _progvars::verbose_flag. Referenced by SetPktProcessor().

void DecodePflog (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 1171 of file decode.c. References bzero, pcap_pkthdr::caplen, DEBUG_DECODE, DEBUG_WRAP, DecodeIP(), DecodeIPV6(), ErrorMessage(), pcap_pkthdr::len, _PacketCount::other, pc, PFLOG_HDRLEN, pv, snaplen, and _progvars::verbose_flag. Referenced by SetPktProcessor().

void DecodePPPoEPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 1249 of file decode.c. References pcap_pkthdr::caplen, _PPPoEHdr::code, DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_BAD_PPPOE, DECODE_BAD_PPPOE_STR, DECODE_CLASS, DecodePppPktEncapsulated(), _progvars::decoder_flags, _DecoderFlags::drop_alerts, _Packet::eh, ErrorMessage(), _EtherHdr::ether_dst, _EtherHdr::ether_src, _EtherHdr::ether_type, ETHERNET_TYPE_PPPoE_DISC, ETHERNET_TYPE_PPPoE_SESS, GENERATOR_SNORT_DECODE, InlineDrop(), InlineMode(), pcap_pkthdr::len, memcpy, MODE_IDS, _Packet::pkth, PPPoE_CODE_PADI, PPPoE_CODE_PADO, PPPoE_CODE_PADR, PPPoE_CODE_PADS, PPPoE_CODE_PADT, PPPoE_CODE_SESS, PPPOE_HEADER_LEN, PPPoE_TAG_AC_COOKIE, PPPoE_TAG_AC_NAME, PPPoE_TAG_AC_SYSTEM_ERROR, PPPoE_TAG_END_OF_LIST, PPPoE_TAG_GENERIC_ERROR, PPPoE_TAG_HOST_UNIQ, PPPoE_TAG_RELAY_SESSION_ID, PPPoE_TAG_SERVICE_NAME, PPPoE_TAG_SERVICE_NAME_ERROR, PPPoE_TAG_VENDOR_SPECIFIC, _Packet::pppoeh, pv, runMode, snaplen, SnortEventqAdd(), strlcpy, and _progvars::verbose_flag. Referenced by DecodeEthPkt().

void DecodePppPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 1638 of file decode.c. References bzero, CHDLC_ADDR_BROADCAST, CHDLC_CTRL_UNNUMBERED, DEBUG_DECODE, DEBUG_WRAP, DecodePppPktEncapsulated(), ErrorMessage(), pv, and _progvars::verbose_flag. Referenced by SetPktProcessor().

void DecodePppPktEncapsulated (  Packet *  p, const u_int32_t  len, u_int8_t *  pkt )

Definition at line 1552 of file decode.c. References DEBUG_DECODE, DEBUG_WRAP, DecodeIP(), DecodeIPX(), ErrorMessage(), IP_HEADER_LEN, PPP_IP, PPP_IPX, PPP_VJ_COMP, PPP_VJ_UCOMP, pv, and _progvars::verbose_flag. Referenced by DecodePPPoEPkt(), DecodePppPkt(), and DecodePppSerialPkt().

void DecodePppSerialPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 1686 of file decode.c. References bzero, CHDLC_ADDR_BROADCAST, CHDLC_CTRL_UNNUMBERED, DEBUG_DECODE, DEBUG_WRAP, DecodeChdlcPkt(), DecodePppPktEncapsulated(), ErrorMessage(), PPP_HDRLEN, pv, and _progvars::verbose_flag. Referenced by SetPktProcessor().

void DecodeRawPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 1770 of file decode.c. References bzero, DEBUG_DECODE, DEBUG_WRAP, and DecodeIP(). Referenced by SetPktProcessor().

void DecodeSlipPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 1728 of file decode.c. References bzero, pcap_pkthdr::caplen, DEBUG_DECODE, DEBUG_WRAP, DecodeIP(), ErrorMessage(), pcap_pkthdr::len, and SLIP_HEADER_LEN. Referenced by SetPktProcessor().

void DecodeTCP (  u_int8_t *  pkt, const u_int32_t  len, Packet *  p )

Definition at line 2425 of file decode.c. References _progvars::checksums_mode, CSE_TCP, _Packet::csum_flags, _Packet::data, DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_CLASS, DECODE_TCP_DGRAM_LT_TCPHDR, DECODE_TCP_DGRAM_LT_TCPHDR_STR, DECODE_TCP_INVALID_OFFSET, DECODE_TCP_INVALID_OFFSET_STR, DECODE_TCP_LARGE_OFFSET, DECODE_TCP_LARGE_OFFSET_STR, _progvars::decoder_flags, DecodeTCPOptions(), _PacketCount::discards, DO_TCP_CHECKSUMS, _Packet::dp, _DecoderFlags::drop_alerts, _Packet::dsize, ErrorMessage(), GENERATOR_SNORT_DECODE, _progvars::ignore_ports, in_chksum_tcp(), InlineDrop(), InlineMode(), _IPHdr::ip_dst, _IPHdr::ip_proto, _IPHdr::ip_src, _Packet::iph, MODE_IDS, NULL, _Packet::packet_flags, pc, PKT_IGNORE_PORT, pv, runMode, SnortEventqAdd(), _Packet::sp, TCP_OFFSET, _Packet::tcp_option_count, _Packet::tcp_options_data, _Packet::tcp_options_len, _Packet::tcph, _TCPHdr::th_dport, _TCPHdr::th_sport, _TCPHdr::th_sum, and _progvars::verbose_flag. Referenced by DecodeIP().

void DecodeTCPOptions (  u_int8_t *  start, u_int32_t  o_len, Packet *  p )

Definition at line 3385 of file decode.c. References _Options::code, _Options::data, DEBUG_DECODE, DEBUG_WRAP, DECODE_CLASS, DECODE_TCPOPT_BADLEN, DECODE_TCPOPT_BADLEN_STR, DECODE_TCPOPT_EXPERIMENT, DECODE_TCPOPT_EXPERIMENT_STR, DECODE_TCPOPT_OBSOLETE, DECODE_TCPOPT_OBSOLETE_STR, DECODE_TCPOPT_TRUNCATED, DECODE_TCPOPT_TRUNCATED_STR, DECODE_TCPOPT_TTCP, DECODE_TCPOPT_TTCP_STR, _progvars::decoder_flags, _DecoderFlags::drop_tcpopt_decode, _DecoderFlags::drop_tcpopt_experiment, _DecoderFlags::drop_tcpopt_obsolete, _DecoderFlags::drop_tcpopt_ttcp, GENERATOR_SNORT_DECODE, InlineDrop(), InlineMode(), _Options::len, MODE_IDS, NULL, opt_count, OptLenValidate(), pv, runMode, SnortEventqAdd(), TCP_OPT_BADLEN, TCP_OPT_TRUNC, _Packet::tcp_option_count, _Packet::tcp_options, TCP_OPTLENMAX, _Packet::tcph, TCPOLEN_CC, TCPOLEN_ECHO, TCPOLEN_MAXSEG, TCPOLEN_MD5SIG, TCPOLEN_SACKOK, TCPOLEN_TIMESTAMP, TCPOLEN_TRAILER_CSUM, TCPOLEN_WSCALE, TCPOPT_ALTCSUM, TCPOPT_BUBBA, TCPOPT_CC, TCPOPT_CC_ECHO, TCPOPT_CC_NEW, TCPOPT_CORRUPTION, _DecoderFlags::tcpopt_decode, TCPOPT_ECHO, TCPOPT_ECHOREPLY, TCPOPT_EOL, _DecoderFlags::tcpopt_experiment, TCPOPT_MAXSEG, TCPOPT_MD5SIG, TCPOPT_NOP, _DecoderFlags::tcpopt_obsolete, TCPOPT_PARTIAL_PERM, TCPOPT_PARTIAL_SVC, TCPOPT_RECORDBOUND, TCPOPT_SACK, TCPOPT_SACKOK, TCPOPT_SCPS, TCPOPT_SELNEGACK, TCPOPT_SKEETER, TCPOPT_SNAP, TCPOPT_TIMESTAMP, TCPOPT_TRAILER_CSUM, _DecoderFlags::tcpopt_ttcp, TCPOPT_UNASSIGNED, and TCPOPT_WSCALE. Referenced by DecodeTCP().

void DecodeTRPkt (  Packet *  p, struct pcap_pkthdr *  pkthdr, u_int8_t *  pkt )

Definition at line 618 of file decode.c. References _PacketCount::arp, bzero, pcap_pkthdr::caplen, DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_BAD_TR_ETHLLC, DECODE_BAD_TR_ETHLLC_STR, DECODE_BAD_TR_MR_LEN, DECODE_BAD_TR_MR_LEN_STR, DECODE_BAD_TRH, DECODE_BAD_TRH_STR, DECODE_BAD_TRHMR, DECODE_BAD_TRHMR_STR, DECODE_CLASS, DecodeIP(), _progvars::decoder_flags, DecodeVlan(), _DecoderFlags::drop_alerts, ErrorMessage(), ETHERNET_TYPE_8021Q, ETHERNET_TYPE_ARP, ETHERNET_TYPE_IP, ETHERNET_TYPE_REVARP, GENERATOR_SNORT_DECODE, InlineDrop(), InlineMode(), IPARP_SAP, pcap_pkthdr::len, MODE_IDS, NULL, _PacketCount::other, pc, pv, runMode, snaplen, SnortEventqAdd(), TR_HLEN, TRH_MR_LEN, and _progvars::verbose_flag. Referenced by SetPktProcessor().

void DecodeUDP (  u_int8_t *  pkt, const u_int32_t  len, Packet *  p )

Definition at line 2612 of file decode.c. References _progvars::checksums_mode, CSE_UDP, _Packet::csum_flags, _Packet::data, DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_CLASS, DECODE_UDP_DGRAM_INVALID_LENGTH, DECODE_UDP_DGRAM_INVALID_LENGTH_STR, DECODE_UDP_DGRAM_LT_UDPHDR, DECODE_UDP_DGRAM_LT_UDPHDR_STR, DECODE_UDP_DGRAM_SHORT_PACKET, DECODE_UDP_DGRAM_SHORT_PACKET_STR, _progvars::decoder_flags, _PacketCount::discards, DO_UDP_CHECKSUMS, _Packet::dp, _DecoderFlags::drop_alerts, _Packet::dsize, ErrorMessage(), _Packet::frag_flag, GENERATOR_SNORT_DECODE, _progvars::ignore_ports, in_chksum_udp(), InlineDrop(), InlineMode(), _IPHdr::ip_dst, IP_HLEN, _IPHdr::ip_len, _IPHdr::ip_proto, _IPHdr::ip_src, _Packet::iph, MODE_IDS, NULL, _Packet::packet_flags, pc, PKT_IGNORE_PORT, pv, runMode, SnortEventqAdd(), _Packet::sp, UDP_HEADER_LEN, _Packet::udph, _UDPHdr::uh_chk, _UDPHdr::uh_dport, _UDPHdr::uh_len, _UDPHdr::uh_sport, and _progvars::verbose_flag. Referenced by DecodeIP().

void DecodeVlan (  u_int8_t *  pkt, const u_int32_t  len, Packet *  p )

Definition at line 359 of file decode.c. References _EthLlcOther::ctrl, DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_BAD_VLAN, DECODE_BAD_VLAN_ETHLLC, DECODE_BAD_VLAN_ETHLLC_STR, DECODE_BAD_VLAN_OTHER, DECODE_BAD_VLAN_OTHER_STR, DECODE_BAD_VLAN_STR, DECODE_CLASS, DecodeARP(), DecodeIP(), _progvars::decoder_flags, _DecoderFlags::drop_alerts, _EthLlc::dsap, _Packet::ehllc, _Packet::ehllcother, ErrorMessage(), ETH_DSAP_IP, ETH_SSAP_IP, ETHERNET_MAX_LEN_ENCAP, ETHERNET_TYPE_ARP, ETHERNET_TYPE_IP, ETHERNET_TYPE_REVARP, GENERATOR_SNORT_DECODE, InlineDrop(), InlineMode(), MODE_IDS, _EthLlcOther::org_code, _PacketCount::other, pc, _Packet::pkt, _EthLlcOther::proto_id, pv, runMode, SnortEventqAdd(), _EthLlc::ssap, _progvars::verbose_flag, _Packet::vh, VTH_CFI, VTH_PRIORITY, _VlanTagHdr::vth_proto, and VTH_VLAN. Referenced by DecodeEthPkt(), DecodeFDDIPkt(), DecodeIEEE80211Pkt(), and DecodeTRPkt().

void InitDecoderFlags (  void   )

Setup all the flags for the decoder alerts Definition at line 3702 of file decode.c. References _DecoderFlags::decode_alerts, _progvars::decoder_flags, _DecoderFlags::drop_alerts, _DecoderFlags::drop_ipopt_decode, _DecoderFlags::drop_tcpopt_decode, _DecoderFlags::drop_tcpopt_experiment, _DecoderFlags::drop_tcpopt_obsolete, _DecoderFlags::drop_tcpopt_ttcp, _DecoderFlags::ipopt_decode, pv, _DecoderFlags::tcpopt_decode, _DecoderFlags::tcpopt_experiment, _DecoderFlags::tcpopt_obsolete, and _DecoderFlags::tcpopt_ttcp. Referenced by SnortMain().

void IPHdrTests (  IPHdr *  p  )

Definition at line 1909 of file decode.c. References DEBUG_DECODE, DEBUG_WRAP, _DecoderFlags::decode_alerts, DECODE_BAD_TRAFFIC_LOOPBACK, DECODE_BAD_TRAFFIC_LOOPBACK_STR, DECODE_BAD_TRAFFIC_SAME_SRCDST, DECODE_BAD_TRAFFIC_SAME_SRCDST_STR, DECODE_CLASS, _progvars::decoder_flags, _DecoderFlags::drop_alerts, GENERATOR_SNORT_DECODE, InlineDrop(), InlineMode(), _IPHdr::ip_dst, _IPHdr::ip_src, MODE_IDS, pv, runMode, and SnortEventqAdd(). Referenced by DecodeIP().

static int OptLenValidate (  u_int8_t *  option_ptr, u_int8_t *  end, u_int8_t *  len_ptr, int  expected_len, Options *  tcpopt, u_int8_t *  byte_skip )  [inline, static]

Validate that the length is an expected length AND that it's in bounds EOL and NOP are handled separately Parameters: option_ptr  current location end  the byte past the end of the decode list len_ptr  the pointer to the length field expected_len  the number of bytes we expect to see per rfc KIND+LEN+DATA, -1 means dynamic. tcpopt  options structure to populate byte_skip  distance to move upon completion Returns: returns 0 on success, < 0 on error Definition at line 3274 of file decode.c. References _Options::data, _Options::len, NULL, TCP_OPT_BADLEN, and TCP_OPT_TRUNC. Referenced by DecodeIPOptions(), and DecodeTCPOptions().

---

Variable Documentation

u_int8_t DecodeBuffer[DECODE_BLEN]

Definition at line 45 of file decode.c. Referenced by ByteJump(), ByteTest(), CheckANDPatternMatch(), CheckORPatternMatch(), fpEvalHeaderSW(), FTPBounce(), IsDataAt(), NormalizeTelnet(), and SnortPcre().

HttpUri UriBufs[URI_COUNT]

Definition at line 44 of file decode.c. Referenced by fpEvalHeaderSW(), SnortHttpInspect(), and SnortPcre().

---