aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd7958f7983'
${ noResults }
suricata/src/detect-decode-event.h

87 lines
3.5 KiB
C
Raw Normal View History Unescape Escape

Decode event rule
16 years ago
/** Copyright (c) 2009 Open Information Security Foundation
*
* \author Breno Silva <breno.silva@gmail.com>
*/
#ifndef __DETECT_DECODE_EVENT_H__
#define __DETECT_DECODE_EVENT_H__
64 bit cleanup part2
16 years ago
#include "decode-events.h"
Decode event rule
16 years ago
typedef struct DetectDecodeEventData_ {
64 bit cleanup part2
16 years ago
uint8_t event;
Decode event rule
16 years ago
} DetectDecodeEventData;
/* prototypes */
void DetectDecodeEventRegister (void);
64 bit cleanup part2
16 years ago
/* supported decoder events */
Decode event rule
16 years ago
64 bit cleanup part2
16 years ago
#ifdef DETECT_EVENTS
Decode event rule
16 years ago
struct DetectDecodeEvents_ {
char *event_name;
64 bit cleanup part2
16 years ago
uint8_t code;
Decode event rule
16 years ago
} DEvents[] = {
Fix decode event compiler warning.
16 years ago
{ "ipv4.pkt_too_small", IPV4_PKT_TOO_SMALL, },
{ "ipv4.hlen_too_small", IPV4_HLEN_TOO_SMALL, },
{ "ipv4.iplen_smaller_than_hlen", IPV4_IPLEN_SMALLER_THAN_HLEN, },
Fix short IPv4 packets not getting detected in the decoder. Set decode event on short ipv6 packets.
16 years ago
{ "ipv4.trunc_pkt", IPV4_TRUNC_PKT, },
Decode IPv4 options.
16 years ago
{ "ipv4.opt_invalid", IPV4_OPT_INVALID, },
{ "ipv4.opt_invalid_len", IPV4_OPT_INVALID_LEN, },
{ "ipv4.opt_malformed", IPV4_OPT_MALFORMED, },
{ "ipv4.opt_pad_required", IPV4_OPT_PAD_REQUIRED, },
{ "ipv4.opt_eol_required", IPV4_OPT_EOL_REQUIRED, },
{ "ipv4.opt_duplicate", IPV4_OPT_DUPLICATE, },
{ "ipv4.opt_unknown", IPV4_OPT_UNKNOWN, },
Fix decode event compiler warning.
16 years ago
{ "ipv6.pkt_too_small", IPV6_PKT_TOO_SMALL, },
Fix short IPv4 packets not getting detected in the decoder. Set decode event on short ipv6 packets.
16 years ago
{ "ipv6.trunc_pkt", IPV6_TRUNC_PKT, },
Fix decode event compiler warning.
16 years ago
{ "ipv6.trunc_exthdr", IPV6_TRUNC_EXTHDR, },
{ "ipv6.exthdr_dupl_fh", IPV6_EXTHDR_DUPL_FH, },
{ "ipv6.exthdr_dupl_rh", IPV6_EXTHDR_DUPL_RH, },
{ "ipv6.exthdr_dupl_hh", IPV6_EXTHDR_DUPL_HH, },
{ "ipv6.exthdr_dupl_dh", IPV6_EXTHDR_DUPL_DH, },
{ "ipv6.exthdr_dupl_ah", IPV6_EXTHDR_DUPL_AH, },
{ "ipv6.exthdr_dupl_eh", IPV6_EXTHDR_DUPL_EH, },
{ "ipv6.exthdr_invalid_optlen", IPV6_EXTHDR_INVALID_OPTLEN, },
ICMPv6 Decoder and unittests
16 years ago
{ "icmpv6.unknown_type", ICMPV6_UNKNOWN_TYPE,},
{ "icmpv6.unknown_code", ICMPV6_UNKNOWN_CODE,},
{ "icmpv6.pkt_too_small", ICMPV6_PKT_TOO_SMALL,},
{ "icmpv6.ipv6_unknown_version", ICMPV6_IPV6_UNKNOWN_VER,},
{ "icmpv6.ipv6_trunc_pkt", ICMPV6_IPV6_TRUNC_PKT,},
Fix decode event compiler warning.
16 years ago
{ "tcp.pkt_too_small", TCP_PKT_TOO_SMALL, },
{ "tcp.hlen_too_small", TCP_HLEN_TOO_SMALL, },
{ "tcp.invalid_optlen", TCP_INVALID_OPTLEN, },
{ "tcp.opt_invalid_len", TCP_OPT_INVALID_LEN, },
{ "tcp.opt_duplicate", TCP_OPT_DUPLICATE, },
{ "udp.pkt_too_small", UDP_PKT_TOO_SMALL, },
{ "udp.hlen_too_small", UDP_HLEN_TOO_SMALL, },
{ "udp.hlen_invalid", UDP_HLEN_INVALID, },
{ "sll.pkt_too_small", SLL_PKT_TOO_SMALL, },
{ "ethernet.pkt_too_small", ETHERNET_PKT_TOO_SMALL, },
{ "ppp.pkt_too_small", PPP_PKT_TOO_SMALL, },
{ "ppp.ju_pkt_too_small", PPPVJU_PKT_TOO_SMALL, },
{ "ppp.ip4_pkt_too_small", PPPIPV4_PKT_TOO_SMALL, },
{ "ppp.ip6_pkt_too_small", PPPIPV6_PKT_TOO_SMALL, },
Fix short IPv4 packets not getting detected in the decoder. Set decode event on short ipv6 packets.
16 years ago
{ "ppp.wrong_type", PPP_WRONG_TYPE, }, /** unknown & invalid protocol */
{ "ppp.unsup_proto", PPP_UNSUP_PROTO, }, /** unsupported but valid protocol */
GRE support
16 years ago
{ "gre.pkt_too_small", GRE_PKT_TOO_SMALL, },
{ "gre.wrong_version", GRE_WRONG_VERSION, },
{ "gre.version0_recur", GRE_VERSION0_RECUR, },
{ "gre.version0_flags", GRE_VERSION0_FLAGS, },
{ "gre.version0_hdr_too_big", GRE_VERSION0_HDR_TOO_BIG, },
{ "gre.version1_chksum", GRE_VERSION1_CHKSUM, },
{ "gre.version1_route", GRE_VERSION1_ROUTE, },
{ "gre.version1_ssr", GRE_VERSION1_SSR, },
{ "gre.version1_recur", GRE_VERSION1_RECUR, },
{ "gre.version1_flags", GRE_VERSION1_FLAGS, },
{ "gre.version1_no_key", GRE_VERSION1_NO_KEY, },
{ "gre.version1_wrong_protocol", GRE_VERSION1_WRONG_PROTOCOL, },
{ "gre.version1_malformed_sre_hdr", GRE_VERSION1_MALFORMED_SRE_HDR, },
{ "gre.version1_hdr_too_big", GRE_VERSION1_HDR_TOO_BIG, },
Fix decode event compiler warning.
16 years ago
{ NULL, 0 },
Decode event rule
16 years ago
};
64 bit cleanup part2
16 years ago
#endif /* DETECT_EVENTS */
Decode event rule
16 years ago
#endif /*__DETECT_DECODE_EVENT_H__ */