|
|
|
|
/* Copyright (c) 2008 Victor Julien <victor@inliniac.net> */
|
|
|
|
|
|
|
|
|
|
/* Decode the raw packet */
|
|
|
|
|
|
|
|
|
|
#include "suricata-common.h"
|
|
|
|
|
#include "decode.h"
|
|
|
|
|
#include "util-debug.h"
|
|
|
|
|
|
|
|
|
|
void DecodeTunnel(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
|
|
|
|
|
{
|
|
|
|
|
switch (p->tunnel_proto) {
|
|
|
|
|
case PPP_OVER_GRE:
|
|
|
|
|
return DecodePPP(tv, dtv, p, pkt, len, pq);
|
|
|
|
|
break;
|
|
|
|
|
case IPPROTO_IP:
|
|
|
|
|
return DecodeIPV4(tv, dtv, p, pkt, len, pq);
|
|
|
|
|
case IPPROTO_IPV6:
|
|
|
|
|
return DecodeIPV6(tv, dtv, p, pkt, len, pq);
|
|
|
|
|
default:
|
|
|
|
|
SCLogInfo("FIXME: DecodeTunnel: protocol %" PRIu32 " not supported.", p->tunnel_proto);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** \brief Set the No payload inspection Flag for the packet.
|
|
|
|
|
*
|
|
|
|
|
* \param p Packet to set the flag in
|
|
|
|
|
*/
|
|
|
|
|
inline void DecodeSetNoPayloadInspectionFlag(Packet *p) {
|
|
|
|
|
SCEnter();
|
|
|
|
|
p->flags |= PKT_NOPAYLOAD_INSPECTION;
|
|
|
|
|
SCReturn;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** \brief Set the No packet inspection Flag for the packet.
|
|
|
|
|
*
|
|
|
|
|
* \param p Packet to set the flag in
|
|
|
|
|
*/
|
|
|
|
|
inline void DecodeSetNoPacketInspectionFlag(Packet *p) {
|
|
|
|
|
SCEnter();
|
|
|
|
|
p->flags |= PKT_NOPACKET_INSPECTION;
|
|
|
|
|
SCReturn;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
|
|
|
|
|
{
|
|
|
|
|
/* register counters */
|
|
|
|
|
dtv->counter_pkts = SCPerfTVRegisterCounter("decoder.pkts", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_pkts_per_sec = SCPerfTVRegisterIntervalCounter("decoder.pkts_per_sec",
|
|
|
|
|
tv, SC_PERF_TYPE_DOUBLE,
|
|
|
|
|
"NULL", "1s");
|
|
|
|
|
dtv->counter_bytes = SCPerfTVRegisterCounter("decoder.bytes", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_bytes_per_sec = SCPerfTVRegisterIntervalCounter("decoder.bytes_per_sec",
|
|
|
|
|
tv, SC_PERF_TYPE_DOUBLE,
|
|
|
|
|
"NULL", "1s");
|
|
|
|
|
dtv->counter_mbit_per_sec = SCPerfTVRegisterIntervalCounter("decoder.mbit_per_sec",
|
|
|
|
|
tv, SC_PERF_TYPE_DOUBLE,
|
|
|
|
|
"NULL", "1s");
|
|
|
|
|
dtv->counter_ipv4 = SCPerfTVRegisterCounter("decoder.ipv4", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_ipv6 = SCPerfTVRegisterCounter("decoder.ipv6", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_eth = SCPerfTVRegisterCounter("decoder.ethernet", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_raw = SCPerfTVRegisterCounter("decoder.raw", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_sll = SCPerfTVRegisterCounter("decoder.sll", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_tcp = SCPerfTVRegisterCounter("decoder.tcp", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_udp = SCPerfTVRegisterCounter("decoder.udp", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_icmpv4 = SCPerfTVRegisterCounter("decoder.icmpv4", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_icmpv6 = SCPerfTVRegisterCounter("decoder.icmpv6", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_ppp = SCPerfTVRegisterCounter("decoder.ppp", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_pppoe = SCPerfTVRegisterCounter("decoder.pppoe", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_gre = SCPerfTVRegisterCounter("decoder.gre", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
dtv->counter_avg_pkt_size = SCPerfTVRegisterAvgCounter("decoder.avg_pkt_size", tv,
|
|
|
|
|
SC_PERF_TYPE_DOUBLE, "NULL");
|
|
|
|
|
dtv->counter_max_pkt_size = SCPerfTVRegisterMaxCounter("decoder.max_pkt_size", tv,
|
|
|
|
|
SC_PERF_TYPE_UINT64, "NULL");
|
|
|
|
|
|
|
|
|
|
tv->sc_perf_pca = SCPerfGetAllCountersArray(&tv->sc_perf_pctx);
|
|
|
|
|
SCPerfAddToClubbedTMTable(tv->name, &tv->sc_perf_pctx);
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
