YAF Core Library
libyaf 0.8.0 API documentation

decode.h

Go to the documentation of this file.
00001 /*
00002  ** decode.h
00003  ** YAF Layer 2 and Layer 3 decode routines
00004  **
00005  ** ------------------------------------------------------------------------
00006  ** Copyright (C) 2007 Carnegie Mellon University. All Rights Reserved.
00007  ** ------------------------------------------------------------------------
00008  ** Authors: Brian Trammell <bht@cert.org>
00009  ** ------------------------------------------------------------------------
00010  ** GNU General Public License (GPL) Rights pursuant to Version 2, June 1991
00011  ** Government Purpose License Rights (GPLR) pursuant to DFARS 252.225-7013
00012  ** ------------------------------------------------------------------------
00013  */
00014 
00033 #ifndef _YAF_DECODE_H_
00034 #define _YAF_DECODE_H_
00035 
00036 #include <yaf/autoinc.h>
00037 #include <yaf/yafcore.h>
00038 
00041 #define YF_MPLS_LABEL_COUNT_MAX     10
00042 
00044 typedef struct yfL2Info_st {
00046     uint8_t         smac[6];
00048     uint8_t         dmac[6];
00050     uint16_t        vlan_tag;
00052     uint32_t        mpls_count;
00054     uint32_t        mpls_label[YF_MPLS_LABEL_COUNT_MAX];
00055 } yfL2Info_t;
00056 
00058 typedef struct yfIPFragInfo_st {
00060     uint32_t        ipid;
00062     uint16_t        offset;
00064     uint16_t        iphlen;
00069     uint16_t        l4hlen;
00074     uint8_t         frag;
00078     uint8_t         more;
00079 } yfIPFragInfo_t;
00080 
00082 typedef struct yfTCPInfo_st {
00084     uint32_t        seq;
00086     uint8_t         flags;
00087 } yfTCPInfo_t;
00088 
00090 #define YF_TYPE_IPv4    0x0800
00091 
00092 #define YF_TYPE_IPv6    0x86DD
00093 
00097 #define YF_TYPE_IPANY   0x0000
00098 
00100 #define YF_PROTO_IP6_HOP    0
00101 
00102 #define YF_PROTO_ICMP       1
00103 
00104 #define YF_PROTO_TCP        6
00105 
00106 #define YF_PROTO_UDP        17
00107 
00108 #define YF_PROTO_IP6_ROUTE  43
00109 
00110 #define YF_PROTO_IP6_FRAG   44
00111 
00112 #define YF_PROTO_GRE        47
00113 
00114 #define YF_PROTO_ICMP6      58
00115 
00116 #define YF_PROTO_IP6_DOPT   60
00117 
00119 #define YF_TF_FIN   0x01
00120 
00121 #define YF_TF_SYN   0x02
00122 
00123 #define YF_TF_RST   0x04
00124 
00125 #define YF_TF_PSH   0x08
00126 
00127 #define YF_TF_ACK   0x10
00128 
00129 #define YF_TF_URG   0x20
00130 
00131 #define YF_TF_ECE   0x40
00132 
00133 #define YF_TF_CWR   0x80
00134 
00189 gboolean yfDecodePkt(
00190     int                     datalink,
00191     uint16_t                reqtype,
00192     const struct timeval    *ptime,
00193     size_t                  *caplen,
00194     const uint8_t           *pkt,
00195     yfFlowKey_t             *key,
00196     uint16_t                *iplen,
00197     yfTCPInfo_t             *tcpinfo,
00198     yfIPFragInfo_t          *fraginfo,
00199     yfL2Info_t              *l2info,
00200     const uint8_t           **payload);
00201 
00206 void yfDecodeDumpStats();
00207 
00208 /* end idem */
00209 #endif
This library is part of the NetSA Security Suite, developed by the CERT NetSA group
at the Software Engineering Institute at Carnegie Mellon University.

© 2006-2008 Carnegie Mellon University