aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Pass the DecodeThreadVars to all Decoder functions properly. Improve the error handling.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 16 years ago
parent 63bc68ee90
commit 57f71f7e4b
16 changed files with 198 additions and 281 deletions
Show Stats Download Patch File Download Diff File

16
src/decode-ethernet.c
Unescape Escape View File

@ -4,12 +4,9 @@
#include "decode-ethernet.h"
#include "decode-events.h"
void DecodeEthernet(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
PacketQueue *pq, void *data)
void DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
PerfCounterIncr(dtv->counter_eth, t->pca);
PerfCounterIncr(dtv->counter_eth, tv->pca);
if (len < ETHERNET_HEADER_LEN) {
DECODER_SET_EVENT(p,ETHERNET_PKT_TOO_SMALL);
@ -26,16 +23,13 @@ void DecodeEthernet(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
if (ntohs(ethh->eth_type) == ETHERNET_TYPE_IP) {
//printf("DecodeEthernet ip4\n");
DecodeIPV4(t, p, pkt + ETHERNET_HEADER_LEN, len - ETHERNET_HEADER_LEN,
pq, data);
DecodeIPV4(tv, dtv, p, pkt + ETHERNET_HEADER_LEN, len - ETHERNET_HEADER_LEN, pq);
} else if(ntohs(ethh->eth_type) == ETHERNET_TYPE_IPV6) {
//printf("DecodeEthernet ip6\n");
DecodeIPV6(t, p, pkt + ETHERNET_HEADER_LEN, len - ETHERNET_HEADER_LEN,
data);
DecodeIPV6(tv, dtv, p, pkt + ETHERNET_HEADER_LEN, len - ETHERNET_HEADER_LEN, pq);
} else if(ntohs(ethh->eth_type) == ETHERNET_TYPE_PPPoE_SESS) {
//printf("DecodeEthernet PPPoE\n");
DecodePPPoE(t, p, pkt + ETHERNET_HEADER_LEN, len - ETHERNET_HEADER_LEN,
pq, data);
DecodePPPoE(tv, dtv, p, pkt + ETHERNET_HEADER_LEN, len - ETHERNET_HEADER_LEN, pq);
}
return;

20
src/decode-icmpv4.c
Unescape Escape View File

@ -8,19 +8,17 @@
/** DecodeICMPV4
* \brief Main ICMPv4 decoding function
*/
void DecodeICMPV4(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
void *data)
void DecodeICMPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
PerfCounterIncr(dtv->counter_icmpv4, t->pca);
p->icmpv4h = (ICMPV4Hdr *)pkt;
PerfCounterIncr(dtv->counter_icmpv4, tv->pca);
if (len < ICMPV4_HEADER_LEN) {
/** \todo decode event */
return;
}
p->icmpv4h = (ICMPV4Hdr *)pkt;
#ifdef DEBUG
printf("ICMPV4 TYPE %" PRIu32 " CODE %" PRIu32 "\n", p->icmpv4h->type, p->icmpv4h->code);
#endif
@ -52,7 +50,7 @@ static int DecodeICMPV4test01(void) {
memset(&p, 0, sizeof(Packet));
memset(&dtv, 0, sizeof(DecodeThreadVars));
DecodeICMPV4(&tv, &p, raw_icmpv4, sizeof(raw_icmpv4), &dtv);
DecodeICMPV4(&tv, &dtv, &p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
return 0;
}
@ -77,7 +75,7 @@ static int DecodeICMPV4test02(void) {
memset(&p, 0, sizeof(Packet));
memset(&dtv, 0, sizeof(DecodeThreadVars));
DecodeICMPV4(&tv, &p, raw_icmpv4, sizeof(raw_icmpv4), &dtv);
DecodeICMPV4(&tv, &dtv, &p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
return 0;
}
@ -100,7 +98,7 @@ static int DecodeICMPV4test03(void) {
memset(&p, 0, sizeof(Packet));
memset(&dtv, 0, sizeof(DecodeThreadVars));
DecodeICMPV4(&tv, &p, raw_icmpv4, sizeof(raw_icmpv4), &dtv);
DecodeICMPV4(&tv, &dtv, &p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
return 0;
}
@ -125,7 +123,7 @@ static int DecodeICMPV4test04(void) {
memset(&p, 0, sizeof(Packet));
memset(&dtv, 0, sizeof(DecodeThreadVars));
DecodeICMPV4(&tv, &p, raw_icmpv4, sizeof(raw_icmpv4), &dtv);
DecodeICMPV4(&tv, &dtv, &p, raw_icmpv4, sizeof(raw_icmpv4), NULL);
return 0;
}

12
src/decode-icmpv6.c
Unescape Escape View File

@ -4,19 +4,17 @@
#include "decode.h"
#include "decode-icmpv6.h"
void DecodeICMPV6(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
void *data)
void DecodeICMPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
PerfCounterIncr(dtv->counter_icmpv6, t->pca);
p->icmpv6h = (ICMPV6Hdr *)pkt;
PerfCounterIncr(dtv->counter_icmpv6, tv->pca);
if (len < ICMPV6_HEADER_LEN) {
/** \todo decode event */
return;
}
p->icmpv6h = (ICMPV6Hdr *)pkt;
#ifdef DEBUG
printf("ICMPV6 TYPE %" PRIu32 " CODE %" PRIu32 "\n", p->icmpv6h->type, p->icmpv6h->code);
#endif

40
src/decode-ipv4.c
Unescape Escape View File

@ -7,25 +7,25 @@
#include "decode-events.h"
/* XXX */
static int DecodeIPV4Options(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
static int DecodeIPV4Options(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
{
printf("*pkt %" PRIu32 "\n", *pkt);
return 0;
}
static int DecodeIPV4Packet(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
static int DecodeIPV4Packet(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
{
#ifdef DEBUG
printf("DecodeIPV4Packet\n");
#endif
p->ip4h = (IPV4Hdr *)pkt;
if (len < IPV4_HEADER_LEN) {
DECODER_SET_EVENT(p,IPV4_PKT_TOO_SMALL);
return -1;
}
p->ip4h = (IPV4Hdr *)pkt;
if (IPV4_GET_HLEN(p) < IPV4_HEADER_LEN) {
DECODER_SET_EVENT(p,IPV4_HLEN_TOO_SMALL);
return -1;
@ -44,23 +44,20 @@ static int DecodeIPV4Packet(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len
/* save the options len */
p->ip4vars.ip_opts_len = IPV4_GET_HLEN(p) - IPV4_HEADER_LEN;
if (p->ip4vars.ip_opts_len > 0) {
DecodeIPV4Options(t, p, pkt + IPV4_GET_HLEN(p), p->ip4vars.ip_opts_len);
DecodeIPV4Options(tv, p, pkt + IPV4_GET_HLEN(p), p->ip4vars.ip_opts_len);
}
/* set the address struct */
SET_IPV4_SRC_ADDR(p,&p->src);
SET_IPV4_DST_ADDR(p,&p->dst);
return 0;
}
void DecodeIPV4(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
PacketQueue *pq, void *data)
void DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
int ret;
PerfCounterIncr(dtv->counter_ipv4, t->pca);
PerfCounterIncr(dtv->counter_ipv4, tv->pca);
/* reset the decoder cache flags */
IPV4_CACHE_INIT(p);
@ -70,11 +67,12 @@ void DecodeIPV4(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
#endif
/* do the actual decoding */
ret = DecodeIPV4Packet (t, p, pkt, len);
ret = DecodeIPV4Packet (tv, p, pkt, len);
if (ret < 0) {
#ifdef DEBUG
printf("DecodeIPV4 failed!\n");
#endif
p->ip4h = NULL;
return;
}
@ -95,23 +93,23 @@ void DecodeIPV4(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
case IPPROTO_IP:
/* check PPP VJ uncompressed packets and decode tcp dummy */
if(p->ppph != NULL && ntohs(p->ppph->protocol) == PPP_VJ_UCOMP) {
return(DecodeTCP(t, p, pkt + IPV4_GET_HLEN(p),
IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), data));
return(DecodeTCP(tv, dtv, p, pkt + IPV4_GET_HLEN(p),
IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), pq));
}
break;
case IPPROTO_TCP:
return(DecodeTCP(t, p, pkt + IPV4_GET_HLEN(p),
IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), data));
return(DecodeTCP(tv, dtv, p, pkt + IPV4_GET_HLEN(p),
IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), pq));
break;
case IPPROTO_UDP:
//printf("DecodeIPV4: next layer is UDP\n");
return(DecodeUDP(t, p, pkt + IPV4_GET_HLEN(p),
IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), data));
return(DecodeUDP(tv, dtv, p, pkt + IPV4_GET_HLEN(p),
IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), pq));
break;
case IPPROTO_ICMP:
//printf("DecodeIPV4: next layer is ICMP\n");
return(DecodeICMPV4(t, p, pkt + IPV4_GET_HLEN(p),
IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), data));
return(DecodeICMPV4(tv, dtv, p, pkt + IPV4_GET_HLEN(p),
IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), pq));
break;
case IPPROTO_IPV6:
{
@ -120,11 +118,11 @@ void DecodeIPV4(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
//printf("DecodeIPV4: we are p %p\n", p);
/* spawn off tunnel packet */
Packet *tp = TunnelPktSetup(t, p, pkt + IPV4_GET_HLEN(p), IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), IPV4_GET_IPPROTO(p));
Packet *tp = TunnelPktSetup(tv, dtv, p, pkt + IPV4_GET_HLEN(p), IPV4_GET_IPLEN(p) - IPV4_GET_HLEN(p), IPV4_GET_IPPROTO(p));
//printf("DecodeIPV4: tunnel is tp %p\n", tp);
/* send that to the Tunnel decoder */
DecodeTunnel(t, tp, tp->pkt, tp->pktlen, pq, data);
DecodeTunnel(tv, dtv, tp, tp->pkt, tp->pktlen, pq);
/* add the tp to the packet queue. */
PacketEnqueue(pq,tp);

41
src/decode-ipv6.c
Unescape Escape View File

@ -10,8 +10,7 @@
#define IPV6_EH_CNT ip6eh.ip6_exthdrs_cnt
static void
DecodeIPV6ExtHdrs(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
void *data)
DecodeIPV6ExtHdrs(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
uint8_t *orig_pkt = pkt;
uint8_t nh;
@ -32,17 +31,17 @@ DecodeIPV6ExtHdrs(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
{
case IPPROTO_TCP:
IPV6_SET_L4PROTO(p,nh);
DecodeTCP(t, p, pkt, plen, data);
DecodeTCP(tv, dtv, p, pkt, plen, pq);
return;
case IPPROTO_UDP:
IPV6_SET_L4PROTO(p,nh);
DecodeUDP(t, p, pkt, plen, data);
DecodeUDP(tv, dtv, p, pkt, plen, pq);
return;
case IPPROTO_ICMPV6:
IPV6_SET_L4PROTO(p,nh);
DecodeICMPV6(t, p, pkt, plen, data);
DecodeICMPV6(tv, dtv, p, pkt, plen, pq);
return;
case IPPROTO_ROUTING:
@ -341,14 +340,14 @@ DecodeIPV6ExtHdrs(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
return;
}
static int DecodeIPV6Packet (ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
static int DecodeIPV6Packet (ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len)
{
p->ip6h = (IPV6Hdr *)pkt;
if (len < IPV6_HEADER_LEN) {
return -1;
}
p->ip6h = (IPV6Hdr *)pkt;
if (len < (IPV6_HEADER_LEN + IPV6_GET_PLEN(p)))
{
DECODER_SET_EVENT(p,IPV6_TRUNC_PKT);
@ -361,20 +360,20 @@ static int DecodeIPV6Packet (ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t le
return 0;
}
void DecodeIPV6(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
void *data)
void DecodeIPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
int ret;
PerfCounterIncr(dtv->counter_ipv6, t->pca);
PerfCounterIncr(dtv->counter_ipv6, tv->pca);
IPV6_CACHE_INIT(p);
/* do the actual decoding */
ret = DecodeIPV6Packet (t, p, pkt, len);
if (ret < 0)
ret = DecodeIPV6Packet (tv, dtv, p, pkt, len);
if (ret < 0) {
p->ip6h = NULL;
return;
}
#ifdef DEBUG
/* debug print */
@ -389,17 +388,12 @@ void DecodeIPV6(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
/* now process the Ext headers and/or the L4 Layer */
switch(IPV6_GET_NH(p)) {
case IPPROTO_TCP:
return(DecodeTCP(t, p, pkt + IPV6_HEADER_LEN, IPV6_GET_PLEN(p),
data));
break;
return DecodeTCP(tv, dtv, p, pkt + IPV6_HEADER_LEN, IPV6_GET_PLEN(p), pq);
case IPPROTO_UDP:
return(DecodeUDP(t, p, pkt + IPV6_HEADER_LEN, IPV6_GET_PLEN(p),
data));
return DecodeUDP(tv, dtv, p, pkt + IPV6_HEADER_LEN, IPV6_GET_PLEN(p), pq);
break;
case IPPROTO_ICMPV6:
return(DecodeICMPV6(t, p, pkt + IPV6_HEADER_LEN, IPV6_GET_PLEN(p),
data));
break;
return DecodeICMPV6(tv, dtv, p, pkt + IPV6_HEADER_LEN, IPV6_GET_PLEN(p), pq);
case IPPROTO_FRAGMENT:
case IPPROTO_HOPOPTS:
case IPPROTO_ROUTING:
@ -407,8 +401,7 @@ void DecodeIPV6(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
case IPPROTO_DSTOPTS:
case IPPROTO_AH:
case IPPROTO_ESP:
DecodeIPV6ExtHdrs(t, p, pkt + IPV6_HEADER_LEN, IPV6_GET_PLEN(p),
data);
DecodeIPV6ExtHdrs(tv, dtv, p, pkt + IPV6_HEADER_LEN, IPV6_GET_PLEN(p), pq);
break;
}

23
src/decode-ppp.c
Unescape Escape View File

@ -11,12 +11,9 @@
#include "util-unittest.h"
void DecodePPP(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
PacketQueue *pq, void *data)
void DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
PerfCounterIncr(dtv->counter_ppp, t->pca);
PerfCounterIncr(dtv->counter_ppp, tv->pca);
if(len < PPP_HEADER_LEN) {
DECODER_SET_EVENT(p,PPP_PKT_TOO_SMALL);
@ -72,8 +69,7 @@ void DecodePPP(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
}
if(IPV4_GET_RAW_VER((IPV4Hdr *)(pkt + PPP_HEADER_LEN)) == 4) {
DecodeIPV4(t, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq,
data);
DecodeIPV4(tv, dtv, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq);
}
break;
@ -83,8 +79,7 @@ void DecodePPP(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
return;
}
DecodeIPV4(t, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq,
data);
DecodeIPV4(tv, dtv, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq);
break;
/* PPP IPv6 was not tested */
@ -94,7 +89,7 @@ void DecodePPP(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
return;
}
DecodeIPV6(t, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, data);
DecodeIPV6(tv, dtv, p, pkt + PPP_HEADER_LEN, len - PPP_HEADER_LEN, pq);
break;
default:
@ -124,7 +119,7 @@ static int DecodePPPtest01 (void) {
memset(&p, 0, sizeof(Packet));
memset(&dtv, 0, sizeof(DecodeThreadVars));
DecodePPP(&tv, &p, raw_ppp, sizeof(raw_ppp), NULL, &dtv);
DecodePPP(&tv, &dtv, &p, raw_ppp, sizeof(raw_ppp), NULL);
/* Function my returns here with expected value */
@ -153,7 +148,7 @@ static int DecodePPPtest02 (void) {
memset(&p, 0, sizeof(Packet));
memset(&dtv, 0, sizeof(DecodeThreadVars));
DecodePPP(&tv, &p, raw_ppp, sizeof(raw_ppp), NULL, &dtv);
DecodePPP(&tv, &dtv, &p, raw_ppp, sizeof(raw_ppp), NULL);
/* Function must returns here */
@ -186,7 +181,7 @@ static int DecodePPPtest03 (void) {
FlowInitConfig(FLOW_QUIET);
DecodePPP(&tv, &p, raw_ppp, sizeof(raw_ppp), NULL, &dtv);
DecodePPP(&tv, &dtv, &p, raw_ppp, sizeof(raw_ppp), NULL);
FlowShutdown();
@ -236,7 +231,7 @@ static int DecodePPPtest04 (void) {
FlowInitConfig(FLOW_QUIET);
DecodePPP(&tv, &p, raw_ppp, sizeof(raw_ppp), NULL, &dtv);
DecodePPP(&tv, &dtv, &p, raw_ppp, sizeof(raw_ppp), NULL);
FlowShutdown();

14
src/decode-pppoe.c
Unescape Escape View File

@ -19,12 +19,9 @@
/**
* \brief Main decoding function for PPPoE packets
*/
void DecodePPPoE(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len,
PacketQueue *pq, void *data)
void DecodePPPoE(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
PerfCounterIncr(dtv->counter_pppoe, t->pca);
PerfCounterIncr(dtv->counter_pppoe, tv->pca);
if (len < PPPOE_HEADER_LEN) {
DECODER_SET_EVENT(p, PPPOE_PKT_TOO_SMALL);
@ -42,8 +39,7 @@ void DecodePPPoE(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len,
if (ntohs(p->pppoeh->pppoe_length) > 0) {
/* decode contained PPP packet */
DecodePPP(t, p, pkt + PPPOE_HEADER_LEN, len - PPPOE_HEADER_LEN, pq,
data);
DecodePPP(tv, dtv, p, pkt + PPPOE_HEADER_LEN, len - PPPOE_HEADER_LEN, pq);
}
}
@ -66,7 +62,7 @@ static int DecodePPPoEtest01 (void) {
memset(&p, 0, sizeof(Packet));
memset(&dtv, 0, sizeof(DecodeThreadVars));
DecodePPPoE(&tv, &p, raw_pppoe, sizeof(raw_pppoe), NULL, &dtv);
DecodePPPoE(&tv, &dtv, &p, raw_pppoe, sizeof(raw_pppoe), NULL);
if(DECODER_ISSET_EVENT(&p,PPPOE_PKT_TOO_SMALL)) {
return 1;
@ -106,7 +102,7 @@ static int DecodePPPoEtest02 (void) {
memset(&p, 0, sizeof(Packet));
memset(&dtv, 0, sizeof(DecodeThreadVars));
DecodePPPoE(&tv, &p, raw_pppoe, sizeof(raw_pppoe), NULL, &dtv);
DecodePPPoE(&tv, &dtv, &p, raw_pppoe, sizeof(raw_pppoe), NULL);
if(DECODER_ISSET_EVENT(&p,PPPOE_PKT_TOO_SMALL)) {
return 1;

11
src/decode-sll.c
Unescape Escape View File

@ -4,12 +4,9 @@
#include "decode-sll.h"
#include "decode-events.h"
void DecodeSll(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
PacketQueue *pq, void *data)
void DecodeSll(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
PerfCounterIncr(dtv->counter_sll, t->pca);
PerfCounterIncr(dtv->counter_sll, tv->pca);
if (len < SLL_HEADER_LEN) {
DECODER_SET_EVENT(p,SLL_PKT_TOO_SMALL);
@ -26,10 +23,10 @@ void DecodeSll(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
if (ntohs(sllh->sll_protocol) == ETHERNET_TYPE_IP) {
//printf("DecodeSll ip4\n");
DecodeIPV4(t, p, pkt + SLL_HEADER_LEN, len - SLL_HEADER_LEN, pq, data);
DecodeIPV4(tv, dtv, p, pkt + SLL_HEADER_LEN, len - SLL_HEADER_LEN, pq);
} else if(ntohs(sllh->sll_protocol) == ETHERNET_TYPE_IPV6) {
//printf("DecodeSll ip6\n");
DecodeIPV6(t, p, pkt + SLL_HEADER_LEN, len - SLL_HEADER_LEN, data);
DecodeIPV6(tv, dtv, p, pkt + SLL_HEADER_LEN, len - SLL_HEADER_LEN, pq);
}
}

25
src/decode-tcp.c
Unescape Escape View File

@ -7,7 +7,7 @@
#include "flow.h"
static int DecodeTCPOptions(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
static int DecodeTCPOptions(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
{
uint16_t plen = len;
while (plen)
@ -95,19 +95,19 @@ static int DecodeTCPOptions(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len
plen -= (p->TCP_OPTS[p->TCP_OPTS_CNT].len);
p->TCP_OPTS_CNT++;
}
}
}
return 0;
}
static int DecodeTCPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
static int DecodeTCPPacket(ThreadVars *tv, Packet *p, uint8_t *pkt, uint16_t len)
{
p->tcph = (TCPHdr *)pkt;
if (len < TCP_HEADER_LEN) {
DECODER_SET_EVENT(p, TCP_PKT_TOO_SMALL);
return -1;
}
p->tcph = (TCPHdr *)pkt;
p->tcpvars.hlen = TCP_GET_HLEN(p);
if (len < p->tcpvars.hlen) {
DECODER_SET_EVENT(p, TCP_HLEN_TOO_SMALL);
@ -124,7 +124,7 @@ static int DecodeTCPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
}
if (p->tcpvars.tcp_opt_len > 0) {
DecodeTCPOptions(t, p, pkt + TCP_HEADER_LEN, p->tcpvars.tcp_opt_len);
DecodeTCPOptions(tv, p, pkt + TCP_HEADER_LEN, p->tcpvars.tcp_opt_len);
}
p->payload = pkt + p->tcpvars.hlen;
@ -135,15 +135,14 @@ static int DecodeTCPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
return 0;
}
void DecodeTCP(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
void *data)
void DecodeTCP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
PerfCounterIncr(dtv->counter_tcp, t->pca);
PerfCounterIncr(dtv->counter_tcp, tv->pca);
if (DecodeTCPPacket(t, p,pkt,len) < 0)
if (DecodeTCPPacket(tv, p,pkt,len) < 0) {
p->tcph = NULL;
return;
}
#ifdef DEBUG
printf("TCP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 " %s%s%s%s\n",
@ -155,7 +154,7 @@ void DecodeTCP(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
#endif
/* Flow is an integral part of us */
FlowHandlePacket(t, p);
FlowHandlePacket(tv, p);
return;
}

28
src/decode-udp.c
Unescape Escape View File

@ -9,6 +9,11 @@
static int DecodeUDPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
{
if (len < UDP_HEADER_LEN) {
DECODER_SET_EVENT(p, UDP_HLEN_TOO_SMALL);
return -1;
}
p->udph = (UDPHdr *)pkt;
if (len < UDP_GET_LEN(p)) {
@ -16,11 +21,6 @@ static int DecodeUDPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
return -1;
}
if (len < UDP_HEADER_LEN) {
DECODER_SET_EVENT(p, UDP_HLEN_TOO_SMALL);
return -1;
}
if (len != UDP_GET_LEN(p)) {
DECODER_SET_EVENT(p, UDP_HLEN_INVALID);
return -1;
@ -37,26 +37,22 @@ static int DecodeUDPPacket(ThreadVars *t, Packet *p, uint8_t *pkt, uint16_t len)
return 0;
}
void DecodeUDP(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
void *data)
void DecodeUDP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
PerfCounterIncr(dtv->counter_udp, tv->pca);
PerfCounterIncr(dtv->counter_udp, t->pca);
if (DecodeUDPPacket(t, p,pkt,len) < 0)
if (DecodeUDPPacket(tv, p,pkt,len) < 0) {
p->udph = NULL;
return;
}
#ifdef DEBUG
/** \todo XXX This has only 4 args for 5 formatters??? */
#if 0
printf("UDP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 " TEST: %" PRIu32 "\n",
printf("UDP sp: %" PRIu32 " -> dp: %" PRIu32 " - HLEN: %" PRIu32 " LEN: %" PRIu32 "\n",
UDP_GET_SRC_PORT(p), UDP_GET_DST_PORT(p), UDP_HEADER_LEN, p->payload_len);
#endif
#endif
/* Flow is an integral part of us */
FlowHandlePacket(t, p);
FlowHandlePacket(tv, p);
return;
}

12
src/decode.c
Unescape Escape View File

@ -5,19 +5,13 @@
#include "eidps-common.h"
#include "decode.h"
void DecodeTunnel(ThreadVars *t, Packet *p, u_int8_t *pkt, u_int16_t len,
PacketQueue *pq, void *data)
void DecodeTunnel(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
switch (p->tunnel_proto) {
case IPPROTO_IP:
return DecodeIPV4(t, p, pkt, len, pq, data);
break;
return DecodeIPV4(tv, dtv, p, pkt, len, pq);
case IPPROTO_IPV6:
//printf("DecodeTunnel: IPv6 packet\n");
return DecodeIPV6(t, p, pkt, len, data);
break;
return DecodeIPV6(tv, dtv, p, pkt, len, pq);
default:
printf("FIXME: DecodeTunnel: protocol %" PRIu32 " not supported.\n", p->tunnel_proto);
break;

65
src/decode.h
Unescape Escape View File

@ -299,26 +299,24 @@ typedef struct PacketQueue_ {
#endif /* DBG_PERF */
} PacketQueue;
/* Generic structure to hold user data for all decode modules */
/** \brief Structure to hold thread specific data for all decode modules */
typedef struct DecodeThreadVars_
{
/* counters */
u_int64_t counter_pkts;
u_int64_t counter_bytes;
u_int64_t counter_ipv4;
u_int64_t counter_ipv6;
u_int64_t counter_eth;
u_int64_t counter_sll;
u_int64_t counter_tcp;
u_int64_t counter_udp;
u_int64_t counter_icmpv4;
u_int64_t counter_icmpv6;
u_int64_t counter_ppp;
u_int64_t counter_pppoe;
u_int64_t counter_avg_pkt_size;
u_int64_t counter_max_pkt_size;
ThreadVars *tv;
/** stats/counters */
uint16_t counter_pkts;
uint16_t counter_bytes;
uint16_t counter_ipv4;
uint16_t counter_ipv6;
uint16_t counter_eth;
uint16_t counter_sll;
uint16_t counter_tcp;
uint16_t counter_udp;
uint16_t counter_icmpv4;
uint16_t counter_icmpv6;
uint16_t counter_ppp;
uint16_t counter_pppoe;
uint16_t counter_avg_pkt_size;
uint16_t counter_max_pkt_size;
} DecodeThreadVars;
/* clear key vars so we don't need to call the expensive
@ -397,27 +395,20 @@ typedef struct DecodeThreadVars_
/* decoder functions */
void DecodeEthernet(ThreadVars *, Packet *, u_int8_t *, u_int16_t,
PacketQueue *, void *);
void DecodeSll(ThreadVars *, Packet *, u_int8_t *, u_int16_t, PacketQueue *,
void *);
void DecodePPP(ThreadVars *, Packet *, u_int8_t *, u_int16_t, PacketQueue *,
void *);
void DecodePPPoE(ThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *,
void *);
void DecodeTunnel(ThreadVars *, Packet *, u_int8_t *, u_int16_t, PacketQueue *,
void *);
void DecodeIPV4(ThreadVars *, Packet *, u_int8_t *, u_int16_t, PacketQueue *,
void *);
void DecodeIPV6(ThreadVars *, Packet *, u_int8_t *, u_int16_t, void *);
void DecodeICMPV4(ThreadVars *, Packet *, u_int8_t *, u_int16_t, void *);
void DecodeICMPV6(ThreadVars *, Packet *, u_int8_t *, u_int16_t, void *);
void DecodeTCP(ThreadVars *, Packet *, u_int8_t *, u_int16_t, void *);
void DecodeUDP(ThreadVars *, Packet *, u_int8_t *, u_int16_t, void *);
void DecodeHTTP(ThreadVars *, Packet *, u_int8_t *, u_int16_t);
void DecodeEthernet(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
void DecodeSll(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
void DecodePPP(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
void DecodePPPoE(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
void DecodeTunnel(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
void DecodeIPV4(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
void DecodeIPV6(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
void DecodeICMPV4(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
void DecodeICMPV6(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
void DecodeTCP(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
void DecodeUDP(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
Packet *SetupPkt (void);
Packet *TunnelPktSetup(ThreadVars *, Packet *, uint8_t *, uint16_t, uint8_t);
Packet *TunnelPktSetup(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, uint8_t);
#define DECODER_SET_EVENT(p, e) ((p)->events[(e/8)] |= (1<<(e%8)))
#define DECODER_ISSET_EVENT(p, e) ((p)->events[(e/8)] & (1<<(e%8)))

2
src/eidps.c
Unescape Escape View File

@ -154,7 +154,7 @@ Packet *SetupPkt (void)
return p;
}
Packet *TunnelPktSetup(ThreadVars *t, Packet *parent, uint8_t *pkt, uint16_t len, uint8_t proto)
Packet *TunnelPktSetup(ThreadVars *t, DecodeThreadVars *dtv, Packet *parent, uint8_t *pkt, uint16_t len, uint8_t proto)
{
//printf("TunnelPktSetup: pkt %p, len %" PRIu32 ", proto %" PRIu32 "\n", pkt, len, proto);

55
src/source-nfq.c
Unescape Escape View File

@ -453,26 +453,27 @@ int VerdictNFQ(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq) {
*
*
*/
int DecodeNFQ(ThreadVars *t, Packet *p, void *data, PacketQueue *pq)
int DecodeNFQ(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
IPV4Hdr *ip4h = (IPV4Hdr *)p->pkt;
IPV6Hdr *ip6h = (IPV6Hdr *)p->pkt;
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
#ifdef DEBUG
printf("DecodeNFQ\n");
#endif
PerfCounterIncr(dtv->counter_pkts, t->pca);
PerfCounterAddUI64(dtv->counter_bytes, t->pca, p->pktlen);
PerfCounterIncr(dtv->counter_pkts, tv->pca);
PerfCounterAddUI64(dtv->counter_bytes, tv->pca, p->pktlen);
PerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->pca, p->pktlen);
PerfCounterSetUI64(dtv->counter_max_pkt_size, tv->pca, p->pktlen);
if (IPV4_GET_RAW_VER(ip4h) == 4) {
printf("DecodeNFQ ip4\n");
DecodeIPV4(t, p, p->pkt, p->pktlen, pq, data);
DecodeIPV4(tv, dtv, p, p->pkt, p->pktlen, pq);
} else if(IPV6_GET_RAW_VER(ip6h) == 6) {
printf("DecodeNFQ ip6\n");
DecodeIPV6(t, p, p->pkt, p->pktlen, data);
DecodeIPV6(tv, dtv, p, p->pkt, p->pktlen, pq);
} else {
printf("DecodeNFQ %02x\n", *p->pkt);
}
@ -490,31 +491,23 @@ int DecodeNFQThreadInit(ThreadVars *tv, void *initdata, void **data)
}
memset(dtv, 0, sizeof(DecodeThreadVars));
dtv->tv = tv;
/* register counters */
dtv->counter_pkts = PerfTVRegisterCounter("decoder.pkts", tv,
TYPE_UINT64, "NULL");
dtv->counter_bytes = PerfTVRegisterCounter("decoder.bytes", tv,
TYPE_UINT64, "NULL");
dtv->counter_ipv4 = PerfTVRegisterCounter("decoder.ipv4", tv,
TYPE_UINT64, "NULL");
dtv->counter_ipv6 = PerfTVRegisterCounter("decoder.ipv6", tv,
TYPE_UINT64, "NULL");
dtv->counter_eth = PerfTVRegisterCounter("decoder.ethernet", tv,
TYPE_UINT64, "NULL");
dtv->counter_sll = PerfTVRegisterCounter("decoder.sll", tv,
TYPE_UINT64, "NULL");
dtv->counter_tcp = PerfTVRegisterCounter("decoder.tcp", tv,
TYPE_UINT64, "NULL");
dtv->counter_udp = PerfTVRegisterCounter("decoder.udp", tv,
TYPE_UINT64, "NULL");
dtv->counter_icmpv4 = PerfTVRegisterCounter("decoder.icmpv4", tv,
TYPE_UINT64, "NULL");
dtv->counter_icmpv6 = PerfTVRegisterCounter("decoder.icmpv6", tv,
TYPE_UINT64, "NULL");
dtv->counter_ppp = PerfTVRegisterCounter("decoder.ppp", tv,
TYPE_UINT64, "NULL");
dtv->counter_pkts = PerfTVRegisterCounter("decoder.pkts", tv, TYPE_UINT64, "NULL");
dtv->counter_bytes = PerfTVRegisterCounter("decoder.bytes", tv, TYPE_UINT64, "NULL");
dtv->counter_ipv4 = PerfTVRegisterCounter("decoder.ipv4", tv, TYPE_UINT64, "NULL");
dtv->counter_ipv6 = PerfTVRegisterCounter("decoder.ipv6", tv, TYPE_UINT64, "NULL");
dtv->counter_eth = PerfTVRegisterCounter("decoder.ethernet", tv, TYPE_UINT64, "NULL");
dtv->counter_sll = PerfTVRegisterCounter("decoder.sll", tv, TYPE_UINT64, "NULL");
dtv->counter_tcp = PerfTVRegisterCounter("decoder.tcp", tv, TYPE_UINT64, "NULL");
dtv->counter_udp = PerfTVRegisterCounter("decoder.udp", tv, TYPE_UINT64, "NULL");
dtv->counter_icmpv4 = PerfTVRegisterCounter("decoder.icmpv4", tv, TYPE_UINT64, "NULL");
dtv->counter_icmpv6 = PerfTVRegisterCounter("decoder.icmpv6", tv, TYPE_UINT64, "NULL");
dtv->counter_ppp = PerfTVRegisterCounter("decoder.ppp", tv, TYPE_UINT64, "NULL");
dtv->counter_pppoe = PerfTVRegisterCounter("decoder.pppoe", tv, TYPE_UINT64, "NULL");
dtv->counter_avg_pkt_size = PerfTVRegisterAvgCounter("decoder.avg_pkt_size", tv,
TYPE_DOUBLE, "NULL");
dtv->counter_max_pkt_size = PerfTVRegisterMaxCounter("decoder.max_pkt_size", tv,
TYPE_UINT64, "NULL");
tv->pca = PerfGetAllCountersArray(&tv->pctx);

56
src/source-pcap-file.c
Unescape Escape View File

@ -33,8 +33,7 @@
typedef struct PcapFileGlobalVars_ {
pcap_t *pcap_handle;
void (*Decoder)(ThreadVars *, Packet *, u_int8_t *, u_int16_t,
PacketQueue *, void *);
void (*Decoder)(ThreadVars *, DecodeThreadVars *, Packet *, u_int8_t *, u_int16_t, PacketQueue *);
} PcapFileGlobalVars;
typedef struct PcapFileThreadVars_
@ -170,15 +169,18 @@ int ReceivePcapFileThreadDeinit(ThreadVars *tv, void *data) {
return 0;
}
int DecodePcapFile(ThreadVars *t, Packet *p, void *data, PacketQueue *pq)
int DecodePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
PerfCounterIncr(dtv->counter_pkts, t->pca);
PerfCounterAddUI64(dtv->counter_bytes, t->pca, p->pktlen);
/* update counters */
PerfCounterIncr(dtv->counter_pkts, tv->pca);
PerfCounterAddUI64(dtv->counter_bytes, tv->pca, p->pktlen);
PerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->pca, p->pktlen);
PerfCounterSetUI64(dtv->counter_max_pkt_size, tv->pca, p->pktlen);
/* call the decoder */
pcap_g.Decoder(t, p, p->pkt, p->pktlen, pq, data);
pcap_g.Decoder(tv, dtv, p, p->pkt, p->pktlen, pq);
return 0;
}
@ -193,38 +195,28 @@ int DecodePcapFileThreadInit(ThreadVars *tv, void *initdata, void **data)
}
memset(dtv, 0, sizeof(DecodeThreadVars));
dtv->tv = tv;
/* register counters */
dtv->counter_pkts = PerfTVRegisterCounter("decoder.pkts", tv,
TYPE_UINT64, "NULL");
dtv->counter_bytes = PerfTVRegisterCounter("decoder.bytes", tv,
TYPE_UINT64, "NULL");
dtv->counter_ipv4 = PerfTVRegisterCounter("decoder.ipv4", tv,
TYPE_UINT64, "NULL");
dtv->counter_ipv6 = PerfTVRegisterCounter("decoder.ipv6", tv,
TYPE_UINT64, "NULL");
dtv->counter_eth = PerfTVRegisterCounter("decoder.ethernet", tv,
TYPE_UINT64, "NULL");
dtv->counter_sll = PerfTVRegisterCounter("decoder.sll", tv,
TYPE_UINT64, "NULL");
dtv->counter_tcp = PerfTVRegisterCounter("decoder.tcp", tv,
TYPE_UINT64, "NULL");
dtv->counter_udp = PerfTVRegisterCounter("decoder.udp", tv,
TYPE_UINT64, "NULL");
dtv->counter_icmpv4 = PerfTVRegisterCounter("decoder.icmpv4", tv,
TYPE_UINT64, "NULL");
dtv->counter_icmpv6 = PerfTVRegisterCounter("decoder.icmpv6", tv,
TYPE_UINT64, "NULL");
dtv->counter_ppp = PerfTVRegisterCounter("decoder.ppp", tv,
TYPE_UINT64, "NULL");
dtv->counter_pkts = PerfTVRegisterCounter("decoder.pkts", tv, TYPE_UINT64, "NULL");
dtv->counter_bytes = PerfTVRegisterCounter("decoder.bytes", tv, TYPE_UINT64, "NULL");
dtv->counter_ipv4 = PerfTVRegisterCounter("decoder.ipv4", tv, TYPE_UINT64, "NULL");
dtv->counter_ipv6 = PerfTVRegisterCounter("decoder.ipv6", tv, TYPE_UINT64, "NULL");
dtv->counter_eth = PerfTVRegisterCounter("decoder.ethernet", tv, TYPE_UINT64, "NULL");
dtv->counter_sll = PerfTVRegisterCounter("decoder.sll", tv, TYPE_UINT64, "NULL");
dtv->counter_tcp = PerfTVRegisterCounter("decoder.tcp", tv, TYPE_UINT64, "NULL");
dtv->counter_udp = PerfTVRegisterCounter("decoder.udp", tv, TYPE_UINT64, "NULL");
dtv->counter_icmpv4 = PerfTVRegisterCounter("decoder.icmpv4", tv, TYPE_UINT64, "NULL");
dtv->counter_icmpv6 = PerfTVRegisterCounter("decoder.icmpv6", tv, TYPE_UINT64, "NULL");
dtv->counter_ppp = PerfTVRegisterCounter("decoder.ppp", tv, TYPE_UINT64, "NULL");
dtv->counter_pppoe = PerfTVRegisterCounter("decoder.pppoe", tv, TYPE_UINT64, "NULL");
dtv->counter_avg_pkt_size = PerfTVRegisterAvgCounter("decoder.avg_pkt_size", tv,
TYPE_DOUBLE, "NULL");
dtv->counter_max_pkt_size = PerfTVRegisterMaxCounter("decoder.max_pkt_size", tv,
TYPE_UINT64, "NULL");
tv->pca = PerfGetAllCountersArray(&tv->pctx);
PerfAddToClubbedTMTable(tv->name, &tv->pctx);
*data = (void *)dtv;
return 0;
}

59
src/source-pcap.c
Unescape Escape View File

@ -289,26 +289,26 @@ int ReceivePcapThreadDeinit(ThreadVars *tv, void *data) {
* \param data pointer that gets cast into PcapThreadVars for ptv
* \param pq pointer to the current PacketQueue
*/
int DecodePcap(ThreadVars *t, Packet *p, void *data, PacketQueue *pq)
int DecodePcap(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
{
DecodeThreadVars *dtv = (DecodeThreadVars *)data;
PerfCounterIncr(dtv->counter_pkts, t->pca);
PerfCounterAddUI64(dtv->counter_bytes, t->pca, p->pktlen);
PerfCounterAddUI64(dtv->counter_avg_pkt_size, t->pca, p->pktlen);
PerfCounterSetUI64(dtv->counter_max_pkt_size, t->pca, p->pktlen);
/* update counters */
PerfCounterIncr(dtv->counter_pkts, tv->pca);
PerfCounterAddUI64(dtv->counter_bytes, tv->pca, p->pktlen);
PerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->pca, p->pktlen);
PerfCounterSetUI64(dtv->counter_max_pkt_size, tv->pca, p->pktlen);
/* call the decoder */
switch(p->pcap_v.datalink) {
case LINKTYPE_LINUX_SLL:
DecodeSll(t, p, p->pkt, p->pktlen, pq, data);
DecodeSll(tv, dtv, p, p->pkt, p->pktlen, pq);
break;
case LINKTYPE_ETHERNET:
DecodeEthernet(t, p,p->pkt, p->pktlen, pq, data);
DecodeEthernet(tv, dtv, p,p->pkt, p->pktlen, pq);
break;
case LINKTYPE_PPP:
DecodePPP(t, p, p->pkt, p->pktlen, pq, data);
DecodePPP(tv, dtv, p, p->pkt, p->pktlen, pq);
break;
default:
printf("Error: datalink type %" PRId32 " not yet supported in module DecodePcap.\n", p->pcap_v.datalink);
@ -328,47 +328,30 @@ int DecodePcapThreadInit(ThreadVars *tv, void *initdata, void **data)
}
memset(dtv, 0, sizeof(DecodeThreadVars));
dtv->tv = tv;
/* register counters */
dtv->counter_pkts = PerfTVRegisterCounter("decoder.pkts", tv,
TYPE_UINT64, "NULL");
dtv->counter_bytes = PerfTVRegisterCounter("decoder.bytes", tv,
TYPE_UINT64, "NULL");
dtv->counter_ipv4 = PerfTVRegisterCounter("decoder.ipv4", tv,
TYPE_UINT64, "NULL");
dtv->counter_ipv6 = PerfTVRegisterCounter("decoder.ipv6", tv,
TYPE_UINT64, "NULL");
dtv->counter_eth = PerfTVRegisterCounter("decoder.ethernet", tv,
TYPE_UINT64, "NULL");
dtv->counter_sll = PerfTVRegisterCounter("decoder.sll", tv,
TYPE_UINT64, "NULL");
dtv->counter_tcp = PerfTVRegisterCounter("decoder.tcp", tv,
TYPE_UINT64, "NULL");
dtv->counter_udp = PerfTVRegisterCounter("decoder.udp", tv,
TYPE_UINT64, "NULL");
dtv->counter_icmpv4 = PerfTVRegisterCounter("decoder.icmpv4", tv,
TYPE_UINT64, "NULL");
dtv->counter_icmpv6 = PerfTVRegisterCounter("decoder.icmpv6", tv,
TYPE_UINT64, "NULL");
dtv->counter_ppp = PerfTVRegisterCounter("decoder.ppp", tv,
TYPE_UINT64, "NULL");
dtv->counter_pkts = PerfTVRegisterCounter("decoder.pkts", tv, TYPE_UINT64, "NULL");
dtv->counter_bytes = PerfTVRegisterCounter("decoder.bytes", tv, TYPE_UINT64, "NULL");
dtv->counter_ipv4 = PerfTVRegisterCounter("decoder.ipv4", tv, TYPE_UINT64, "NULL");
dtv->counter_ipv6 = PerfTVRegisterCounter("decoder.ipv6", tv, TYPE_UINT64, "NULL");
dtv->counter_eth = PerfTVRegisterCounter("decoder.ethernet", tv, TYPE_UINT64, "NULL");
dtv->counter_sll = PerfTVRegisterCounter("decoder.sll", tv, TYPE_UINT64, "NULL");
dtv->counter_tcp = PerfTVRegisterCounter("decoder.tcp", tv, TYPE_UINT64, "NULL");
dtv->counter_udp = PerfTVRegisterCounter("decoder.udp", tv, TYPE_UINT64, "NULL");
dtv->counter_icmpv4 = PerfTVRegisterCounter("decoder.icmpv4", tv, TYPE_UINT64, "NULL");
dtv->counter_icmpv6 = PerfTVRegisterCounter("decoder.icmpv6", tv, TYPE_UINT64, "NULL");
dtv->counter_ppp = PerfTVRegisterCounter("decoder.ppp", tv, TYPE_UINT64, "NULL");
dtv->counter_pppoe = PerfTVRegisterCounter("decoder.pppoe", tv, TYPE_UINT64, "NULL");
dtv->counter_avg_pkt_size = PerfTVRegisterAvgCounter("decoder.avg_pkt_size", tv,
TYPE_DOUBLE, "NULL");
dtv->counter_max_pkt_size = PerfTVRegisterMaxCounter("decoder.max_pkt_size", tv,
TYPE_UINT64, "NULL");
dtv->counter_pppoe = PerfTVRegisterCounter("decoder.pppoe", tv, TYPE_UINT64,
"NULL");
tv->pca = PerfGetAllCountersArray(&tv->pctx);
PerfAddToClubbedTMTable(tv->name, &tv->pctx);
*data = (void *)dtv;
return 0;
}
/* eof */

Write Preview
Loading…
Cancel
Save