本文整理汇总了C++中PKT_IS_IPV6函数的典型用法代码示例。如果您正苦于以下问题:C++ PKT_IS_IPV6函数的具体用法?C++ PKT_IS_IPV6怎么用?C++ PKT_IS_IPV6使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了PKT_IS_IPV6函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: SCEnter
/**
* \brief Search for a threshold data into threshold hash table
*
* \param de_ctx Dectection Context
* \param tsh_ptr Threshold element
* \param p Packet structure
*
* \retval lookup_tsh Return the threshold element
*/
DetectThresholdEntry *ThresholdHashSearch(DetectEngineCtx *de_ctx, DetectThresholdEntry *tsh_ptr, Packet *p)
{
SCEnter();
DetectThresholdEntry *lookup_tsh = NULL;
SCLogDebug("tsh_ptr->track %u", tsh_ptr->track);
if (tsh_ptr->track == TRACK_DST) {
if (PKT_IS_IPV4(p)) {
SCLogDebug("ipv4 dst");
lookup_tsh = HashListTableLookup(de_ctx->ths_ctx.threshold_hash_table_dst, tsh_ptr, sizeof(DetectThresholdEntry));
} else if (PKT_IS_IPV6(p)) {
lookup_tsh = HashListTableLookup(de_ctx->ths_ctx.threshold_hash_table_dst_ipv6, tsh_ptr, sizeof(DetectThresholdEntry));
}
} else if (tsh_ptr->track == TRACK_SRC) {
if (PKT_IS_IPV4(p)) {
SCLogDebug("ipv4 src");
lookup_tsh = HashListTableLookup(de_ctx->ths_ctx.threshold_hash_table_src, tsh_ptr, sizeof(DetectThresholdEntry));
} else if (PKT_IS_IPV6(p))
lookup_tsh = HashListTableLookup(de_ctx->ths_ctx.threshold_hash_table_src_ipv6, tsh_ptr, sizeof(DetectThresholdEntry));
} else {
SCLogDebug("no track, weird");
}
SCReturnPtr(lookup_tsh, "DetectThresholdEntry");
}
开发者ID:58698301,项目名称:suricata,代码行数:36,代码来源:detect-engine-threshold.c
示例2: DetectTemplateMatch
/**
* \brief This function is used to match TEMPLATE rule option on a packet
*
* \param t pointer to thread vars
* \param det_ctx pointer to the pattern matcher thread
* \param p pointer to the current packet
* \param m pointer to the sigmatch with context that we will cast into DetectTemplateData
*
* \retval 0 no match
* \retval 1 match
*/
static int DetectTemplateMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p,
Signature *s, const SigMatchCtx *ctx)
{
int ret = 0;
const DetectTemplateData *templated = (const DetectTemplateData *) ctx;
#if 0
if (PKT_IS_PSEUDOPKT(p)) {
/* fake pkt */
}
if (PKT_IS_IPV4(p)) {
/* ipv4 pkt */
} else if (PKT_IS_IPV6(p)) {
/* ipv6 pkt */
} else {
SCLogDebug("packet is of not IPv4 or IPv6");
return ret;
}
#endif
/* packet payload access */
if (p->payload != NULL && p->payload_len > 0) {
if (templated->arg1 == p->payload[0] &&
templated->arg2 == p->payload[p->payload_len - 1])
{
ret = 1;
}
}
return ret;
}
开发者ID:HedgeMage,项目名称:suricata,代码行数:41,代码来源:detect-template.c
示例3: ReCalculateChecksum
int ReCalculateChecksum(Packet *p)
{
if (PKT_IS_IPV4(p)) {
if (PKT_IS_TCP(p)) {
/* TCP */
p->tcph->th_sum = 0;
p->tcph->th_sum = TCPChecksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)), 0);
} else if (PKT_IS_UDP(p)) {
p->udph->uh_sum = 0;
p->udph->uh_sum = UDPV4Checksum(p->ip4h->s_ip_addrs,
(uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN), 0);
}
/* IPV4 */
p->ip4h->ip_csum = 0;
p->ip4h->ip_csum = IPV4Checksum((uint16_t *)p->ip4h,
IPV4_GET_RAW_HLEN(p->ip4h), 0);
} else if (PKT_IS_IPV6(p)) {
/* just TCP for IPV6 */
if (PKT_IS_TCP(p)) {
p->tcph->th_sum = 0;
p->tcph->th_sum = TCPV6Checksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->tcph, (p->payload_len + TCP_GET_HLEN(p)), 0);
} else if (PKT_IS_UDP(p)) {
p->udph->uh_sum = 0;
p->udph->uh_sum = UDPV6Checksum(p->ip6h->s_ip6_addrs,
(uint16_t *)p->udph, (p->payload_len + UDP_HEADER_LEN), 0);
}
}
return 0;
}
开发者ID:bmeeks8,项目名称:suricata,代码行数:32,代码来源:util-checksum.c
示例4: DetectTtlMatch
/**
* \brief This function is used to match TTL rule option on a packet with those passed via ttl:
*
* \param t pointer to thread vars
* \param det_ctx pointer to the pattern matcher thread
* \param p pointer to the current packet
* \param m pointer to the sigmatch that we will cast into DetectTtlData
*
* \retval 0 no match
* \retval 1 match
*/
int DetectTtlMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, SigMatch *m) {
int ret = 0;
uint8_t pttl;
DetectTtlData *ttld = (DetectTtlData *) m->ctx;
if (PKT_IS_PSEUDOPKT(p))
return 0;
if (PKT_IS_IPV4(p)) {
pttl = IPV4_GET_IPTTL(p);
} else if (PKT_IS_IPV6(p)) {
pttl = IPV6_GET_HLIM(p);
} else {
SCLogDebug("Packet is of not IPv4 or IPv6");
return ret;
}
if (ttld->mode == DETECT_TTL_EQ && pttl == ttld->ttl1)
ret = 1;
else if (ttld->mode == DETECT_TTL_LT && pttl < ttld->ttl1)
ret = 1;
else if (ttld->mode == DETECT_TTL_GT && pttl > ttld->ttl1)
ret = 1;
else if (ttld->mode == DETECT_TTL_RA && (pttl > ttld->ttl1 && pttl < ttld->ttl2))
ret = 1;
return ret;
}
开发者ID:Hyperwise,项目名称:suricata,代码行数:40,代码来源:detect-ttl.c
示例5: LogFilestoreLogger
static int LogFilestoreLogger(ThreadVars *tv, void *thread_data, const Packet *p, const File *ff, const FileData *ffd, uint8_t flags)
{
SCEnter();
LogFilestoreLogThread *aft = (LogFilestoreLogThread *)thread_data;
char filename[PATH_MAX] = "";
int file_fd = -1;
int ipver = -1;
/* no flow, no htp state */
if (p->flow == NULL) {
SCReturnInt(TM_ECODE_OK);
}
if (PKT_IS_IPV4(p)) {
ipver = AF_INET;
} else if (PKT_IS_IPV6(p)) {
ipver = AF_INET6;
} else {
return 0;
}
SCLogDebug("ff %p, ffd %p", ff, ffd);
snprintf(filename, sizeof(filename), "%s/file.%u",
g_logfile_base_dir, ff->file_id);
if (flags & OUTPUT_FILEDATA_FLAG_OPEN) {
aft->file_cnt++;
/* create a .meta file that contains time, src/dst/sp/dp/proto */
LogFilestoreLogCreateMetaFile(p, ff, filename, ipver);
file_fd = open(filename, O_CREAT | O_TRUNC | O_NOFOLLOW | O_WRONLY, 0644);
if (file_fd == -1) {
SCLogDebug("failed to create file");
return -1;
}
/* we can get called with a NULL ffd when we need to close */
} else if (ffd != NULL) {
file_fd = open(filename, O_APPEND | O_NOFOLLOW | O_WRONLY);
if (file_fd == -1) {
SCLogDebug("failed to open file %s: %s", filename, strerror(errno));
return -1;
}
}
if (file_fd != -1) {
ssize_t r = write(file_fd, (const void *)ffd->data, (size_t)ffd->len);
if (r == -1) {
SCLogDebug("write failed: %s", strerror(errno));
}
close(file_fd);
}
if (flags & OUTPUT_FILEDATA_FLAG_CLOSE) {
LogFilestoreLogCloseMetaFile(ff);
}
return 0;
}
开发者ID:Zopieux,项目名称:suricata,代码行数:60,代码来源:log-filestore.c
示例6: StreamTcpInlineRecalcCsum
/**
* \brief Recalculate the csum for a modified packet
*
* \param p packet to inspect
*/
void StreamTcpInlineRecalcCsum(Packet *p) {
if (!(p->flags & PKT_STREAM_MODIFIED)) {
SCReturn;
}
if (!(PKT_IS_TCP(p))) {
SCReturn;
}
if (PKT_IS_IPV4(p)) {
/* TCP */
p->tcph->th_sum = 0;
p->tcph->th_sum = TCPCalculateChecksum((uint16_t *)&(p->ip4h->ip_src),
(uint16_t *)p->tcph, (p->payload_len + p->tcpvars.hlen));
/* IPV4 */
p->ip4h->ip_csum = 0;
p->ip4h->ip_csum = IPV4CalculateChecksum((uint16_t *)p->ip4h,
IPV4_GET_RAW_HLEN(p->ip4h));
} else if (PKT_IS_IPV6(p)) {
/* just TCP for IPV6 */
p->tcph->th_sum = 0;
p->tcph->th_sum = TCPV6CalculateChecksum((uint16_t *)&(p->ip6h->ip6_src),
(uint16_t *)p->tcph, (p->payload_len + p->tcpvars.hlen));
}
SCReturn;
}
开发者ID:58698301,项目名称:suricata,代码行数:32,代码来源:stream-tcp-inline.c
示例7: PrefilterPacketFragOffsetMatch
static void
PrefilterPacketFragOffsetMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
{
if (PKT_IS_PSEUDOPKT(p))
return;
uint16_t frag;
if (PKT_IS_IPV4(p)) {
frag = IPV4_GET_IPOFFSET(p);
} else if (PKT_IS_IPV6(p)) {
if (IPV6_EXTHDR_ISSET_FH(p)) {
frag = IPV6_EXTHDR_GET_FH_OFFSET(p);
} else {
return;
}
} else {
SCLogDebug("No IPv4 or IPv6 packet");
return;
}
const PrefilterPacketHeaderCtx *ctx = pectx;
if (FragOffsetMatch(frag, ctx->v1.u8[0], ctx->v1.u16[1]))
{
PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);
}
}
开发者ID:P1sec,项目名称:suricata,代码行数:27,代码来源:detect-fragoffset.c
示例8: DetectFragOffsetMatch
/**
* \brief This function is used to match fragoffset rule option set on a packet
*
* \param t pointer to thread vars
* \param det_ctx pointer to the pattern matcher thread
* \param p pointer to the current packet
* \param m pointer to the sigmatch that we will cast into DetectFragOffsetData
*
* \retval 0 no match or frag is not set
* \retval 1 match
*
*/
int DetectFragOffsetMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, const SigMatchCtx *ctx)
{
uint16_t frag = 0;
const DetectFragOffsetData *fragoff = (const DetectFragOffsetData *)ctx;
if (PKT_IS_PSEUDOPKT(p))
return 0;
if (PKT_IS_IPV4(p)) {
frag = IPV4_GET_IPOFFSET(p);
} else if (PKT_IS_IPV6(p)) {
if(IPV6_EXTHDR_FH(p)) {
frag = IPV6_EXTHDR_GET_FH_OFFSET(p);
} else {
return 0;
}
} else {
SCLogDebug("No IPv4 or IPv6 packet");
return 0;
}
switch (fragoff->mode) {
case FRAG_LESS:
if (frag < fragoff->frag_off) return 1;
break;
case FRAG_MORE:
if (frag > fragoff->frag_off) return 1;
break;
default:
if (frag == fragoff->frag_off) return 1;
}
return 0;
}
开发者ID:EmergingThreats,项目名称:suricata,代码行数:46,代码来源:detect-fragoffset.c
示例9: PacketAlertHandle
/**
* \brief Handle a packet and check if needs a threshold logic
*
* \param de_ctx Detection Context
* \param sig Signature pointer
* \param p Packet structure
*
* \retval 1 alert is not suppressed
* \retval 0 alert is suppressed
*/
static int PacketAlertHandle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, Packet *p, uint16_t pos)
{
SCEnter();
int ret = 1;
DetectThresholdData *td = NULL;
SigMatch *sm = NULL;
if (!(PKT_IS_IPV4(p) || PKT_IS_IPV6(p))) {
SCReturnInt(1);
}
do {
td = SigGetThresholdTypeIter(s, p, &sm);
if (td != NULL) {
SCLogDebug("td %p", td);
ret = PacketAlertThreshold(de_ctx, det_ctx, td, p, s);
if (ret == 0) {
/* It doesn't match threshold, remove it */
PacketAlertRemove(p, pos);
break;
}
}
} while (sm != NULL);
SCReturnInt(ret);
}
开发者ID:ethiojazz,项目名称:suricata,代码行数:37,代码来源:detect-engine-alert.c
示例10: PacketAlertHandle
/**
* \brief Handle a packet and check if needs a threshold logic
* Also apply rule action if necessary.
*
* \param de_ctx Detection Context
* \param sig Signature pointer
* \param p Packet structure
*
* \retval 1 alert is not suppressed
* \retval 0 alert is suppressed
*/
static int PacketAlertHandle(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
Signature *s, Packet *p, uint16_t pos)
{
SCEnter();
int ret = 1;
DetectThresholdData *td = NULL;
SigMatch *sm = NULL;
if (!(PKT_IS_IPV4(p) || PKT_IS_IPV6(p))) {
SCReturnInt(1);
}
do {
td = SigGetThresholdTypeIter(s, p, &sm);
if (td != NULL) {
SCLogDebug("td %p", td);
/* PacketAlertThreshold returns 2 if the alert is suppressed but
* we do need to apply rule actions to the packet. */
ret = PacketAlertThreshold(de_ctx, det_ctx, td, p, s);
if (ret == 0 || ret == 2) {
/* It doesn't match threshold, remove it */
SCReturnInt(ret);
}
}
} while (sm != NULL);
SCReturnInt(1);
}
开发者ID:decanio,项目名称:suricata-tilera,代码行数:40,代码来源:detect-engine-alert.c
示例11: PrefilterPacketTtlMatch
static void
PrefilterPacketTtlMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
{
if (PKT_IS_PSEUDOPKT(p)) {
SCReturn;
}
uint8_t pttl;
if (PKT_IS_IPV4(p)) {
pttl = IPV4_GET_IPTTL(p);
} else if (PKT_IS_IPV6(p)) {
pttl = IPV6_GET_HLIM(p);
} else {
SCLogDebug("Packet is of not IPv4 or IPv6");
return;
}
const PrefilterPacketHeaderCtx *ctx = pectx;
if (PrefilterPacketHeaderExtraMatch(ctx, p) == FALSE)
return;
if (TtlMatch(pttl, ctx->v1.u8[0], ctx->v1.u8[1], ctx->v1.u8[2]))
{
SCLogDebug("packet matches ttl/hl %u", pttl);
PrefilterAddSids(&det_ctx->pmq, ctx->sigs_array, ctx->sigs_cnt);
}
}
开发者ID:thus,项目名称:suricata,代码行数:27,代码来源:detect-ttl.c
示例12: AlertDebugLogLogger
static int AlertDebugLogLogger(ThreadVars *tv, void *thread_data, const Packet *p)
{
if (PKT_IS_IPV4(p) || PKT_IS_IPV6(p)) {
return AlertDebugLogger(tv, p, thread_data);
} else if (p->events.cnt > 0) {
return AlertDebugLogDecoderEvent(tv, p, thread_data);
}
return TM_ECODE_OK;
}
开发者ID:norg,项目名称:suricata,代码行数:9,代码来源:alert-debuglog.c
示例13: SCProfilingPrintPacketProfile
void SCProfilingPrintPacketProfile(Packet *p)
{
if (profiling_packets_csv_enabled == 0 || p == NULL || packet_profile_csv_fp == NULL || p->profile == NULL) {
return;
}
uint64_t delta = p->profile->ticks_end - p->profile->ticks_start;
fprintf(packet_profile_csv_fp, "%"PRIu64",%c,%"PRIu8",%"PRIu64",",
p->pcap_cnt, PKT_IS_IPV4(p) ? '4' : (PKT_IS_IPV6(p) ? '6' : '?'), p->proto,
delta);
int i;
uint64_t tmm_total = 0;
uint64_t tmm_streamtcp_tcp = 0;
for (i = 0; i < TMM_SIZE; i++) {
PktProfilingTmmData *pdt = &p->profile->tmm[i];
uint64_t tmm_delta = pdt->ticks_end - pdt->ticks_start;
fprintf(packet_profile_csv_fp, "%"PRIu64",", tmm_delta);
tmm_total += tmm_delta;
if (p->proto == IPPROTO_TCP && i == TMM_STREAMTCP) {
tmm_streamtcp_tcp = tmm_delta;
}
}
fprintf(packet_profile_csv_fp, "%"PRIu64",", delta - tmm_total);
uint64_t app_total = 0;
for (i = 0; i < ALPROTO_MAX; i++) {
PktProfilingAppData *pdt = &p->profile->app[i];
fprintf(packet_profile_csv_fp,"%"PRIu64",", pdt->ticks_spent);
if (p->proto == IPPROTO_TCP) {
app_total += pdt->ticks_spent;
}
}
uint64_t real_tcp = 0;
if (tmm_streamtcp_tcp > app_total)
real_tcp = tmm_streamtcp_tcp - app_total;
fprintf(packet_profile_csv_fp, "%"PRIu64",", real_tcp);
fprintf(packet_profile_csv_fp, "%"PRIu64",", p->profile->proto_detect);
for (i = 0; i < PROF_DETECT_SIZE; i++) {
PktProfilingDetectData *pdt = &p->profile->detect[i];
fprintf(packet_profile_csv_fp,"%"PRIu64",", pdt->ticks_spent);
}
fprintf(packet_profile_csv_fp,"\n");
}
开发者ID:chenglong7997,项目名称:suricata,代码行数:55,代码来源:util-profiling.c
示例14: JsonAlertLogger
static int JsonAlertLogger(ThreadVars *tv, void *thread_data, const Packet *p)
{
JsonAlertLogThread *aft = thread_data;
if (PKT_IS_IPV4(p) || PKT_IS_IPV6(p)) {
return AlertJson(tv, aft, p);
} else if (p->alerts.cnt > 0) {
return AlertJsonDecoderEvent(tv, aft, p);
}
return 0;
}
开发者ID:P1sec,项目名称:suricata,代码行数:11,代码来源:output-json-alert.c
示例15: AlertFastLog
TmEcode AlertFastLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
{
if (PKT_IS_IPV4(p)) {
return AlertFastLogIPv4(tv, p, data, pq, postpq);
} else if (PKT_IS_IPV6(p)) {
return AlertFastLogIPv6(tv, p, data, pq, postpq);
} else if (p->events.cnt > 0) {
return AlertFastLogDecoderEvent(tv, p, data, pq, postpq);
}
return TM_ECODE_OK;
}
开发者ID:decanio,项目名称:suricata-tilera,代码行数:12,代码来源:alert-fastlog.c
示例16: FlowInit
/* initialize the flow from the first packet
* we see from it. */
void FlowInit(Flow *f, const Packet *p)
{
SCEnter();
SCLogDebug("flow %p", f);
f->proto = p->proto;
f->recursion_level = p->recursion_level;
f->vlan_id[0] = p->vlan_id[0];
f->vlan_id[1] = p->vlan_id[1];
if (PKT_IS_IPV4(p)) {
FLOW_SET_IPV4_SRC_ADDR_FROM_PACKET(p, &f->src);
FLOW_SET_IPV4_DST_ADDR_FROM_PACKET(p, &f->dst);
f->flags |= FLOW_IPV4;
} else if (PKT_IS_IPV6(p)) {
FLOW_SET_IPV6_SRC_ADDR_FROM_PACKET(p, &f->src);
FLOW_SET_IPV6_DST_ADDR_FROM_PACKET(p, &f->dst);
f->flags |= FLOW_IPV6;
}
#ifdef DEBUG
/* XXX handle default */
else {
printf("FIXME: %s:%s:%" PRId32 "\n", __FILE__, __FUNCTION__, __LINE__);
}
#endif
if (p->tcph != NULL) { /* XXX MACRO */
SET_TCP_SRC_PORT(p,&f->sp);
SET_TCP_DST_PORT(p,&f->dp);
} else if (p->udph != NULL) { /* XXX MACRO */
SET_UDP_SRC_PORT(p,&f->sp);
SET_UDP_DST_PORT(p,&f->dp);
} else if (p->icmpv4h != NULL) {
f->type = p->type;
f->code = p->code;
} else if (p->icmpv6h != NULL) {
f->type = p->type;
f->code = p->code;
} else if (p->sctph != NULL) { /* XXX MACRO */
SET_SCTP_SRC_PORT(p,&f->sp);
SET_SCTP_DST_PORT(p,&f->dp);
} /* XXX handle default */
#ifdef DEBUG
else {
printf("FIXME: %s:%s:%" PRId32 "\n", __FILE__, __FUNCTION__, __LINE__);
}
#endif
COPY_TIMESTAMP(&p->ts, &f->startts);
f->protomap = FlowGetProtoMapping(f->proto);
SCReturn;
}
开发者ID:AmesianX,项目名称:suricata,代码行数:55,代码来源:flow-util.c
示例17: LuaCallbackTuplePushToStackFromPacket
/** \internal
* \brief fill lua stack with header info
* \param luastate the lua state
* \param p packet
* \retval cnt number of data items placed on the stack
*
* Places: ipver (number), src ip (string), dst ip (string), protocol (number),
* sp or icmp type (number), dp or icmp code (number).
*/
static int LuaCallbackTuplePushToStackFromPacket(lua_State *luastate, const Packet *p)
{
int ipver = 0;
if (PKT_IS_IPV4(p)) {
ipver = 4;
} else if (PKT_IS_IPV6(p)) {
ipver = 6;
}
lua_pushnumber (luastate, ipver);
if (ipver == 0)
return 1;
char srcip[46] = "", dstip[46] = "";
if (PKT_IS_IPV4(p)) {
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
} else if (PKT_IS_IPV6(p)) {
PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
}
lua_pushstring (luastate, srcip);
lua_pushstring (luastate, dstip);
/* proto and ports (or type/code) */
lua_pushnumber (luastate, p->proto);
if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) {
lua_pushnumber (luastate, p->sp);
lua_pushnumber (luastate, p->dp);
} else if (p->proto == IPPROTO_ICMP || p->proto == IPPROTO_ICMPV6) {
lua_pushnumber (luastate, p->type);
lua_pushnumber (luastate, p->code);
} else {
lua_pushnumber (luastate, 0);
lua_pushnumber (luastate, 0);
}
return 6;
}
开发者ID:decanio,项目名称:suricata-np,代码行数:49,代码来源:util-lua-common.c
示例18: PacketToData
/**
* \brief Convert IP packet to an IDMEF alert (RFC 4765).
* This function stores the alert SID (description and reference),
* the payload of the packet, and pre-processed data.
*
* \return 0 if ok
*/
static int PacketToData(Packet *p, PacketAlert *pa, idmef_alert_t *alert, AlertPreludeCtx *ctx)
{
SCEnter();
if ( ! p )
SCReturnInt(0);
AddIntData(alert, "snort_rule_sid", pa->s->id);
AddIntData(alert, "snort_rule_rev", pa->s->rev);
if (ctx->log_packet_header) {
if ( PKT_IS_IPV4(p) )
PacketToDataV4(p, pa, alert);
else if ( PKT_IS_IPV6(p) )
PacketToDataV6(p, pa, alert);
if ( PKT_IS_TCP(p) ) {
AddIntData(alert, "tcp_seq", ntohl(p->tcph->th_seq));
AddIntData(alert, "tcp_ack", ntohl(p->tcph->th_ack));
AddIntData(alert, "tcp_off", TCP_GET_RAW_OFFSET(p->tcph));
AddIntData(alert, "tcp_res", TCP_GET_RAW_X2(p->tcph));
AddIntData(alert, "tcp_flags", p->tcph->th_flags);
AddIntData(alert, "tcp_win", ntohs(p->tcph->th_win));
AddIntData(alert, "tcp_sum", ntohs(p->tcph->th_sum));
AddIntData(alert, "tcp_urp", ntohs(p->tcph->th_urp));
}
else if ( PKT_IS_UDP(p) ) {
AddIntData(alert, "udp_len", ntohs(p->udph->uh_len));
AddIntData(alert, "udp_sum", ntohs(p->udph->uh_sum));
}
else if ( PKT_IS_ICMPV4(p) ) {
AddIntData(alert, "icmp_type", p->icmpv4h->type);
AddIntData(alert, "icmp_code", p->icmpv4h->code);
AddIntData(alert, "icmp_sum", ntohs(p->icmpv4h->checksum));
}
}
if (ctx->log_packet_content)
AddByteData(alert, "payload", p->payload, p->payload_len);
SCReturnInt(0);
}
开发者ID:2help,项目名称:suricata,代码行数:56,代码来源:alert-prelude.c
示例19: LogHttpLogger
int LogHttpLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
{
SCEnter();
if (!(PKT_IS_TCP(p))) {
SCReturnInt(TM_ECODE_OK);
}
int r = 0;
if (PKT_IS_IPV4(p)) {
r = LogHttpLogIPWrapper(tv, thread_data, p, f, (HtpState *)state, (htp_tx_t *)tx, tx_id, AF_INET);
} else if (PKT_IS_IPV6(p)) {
r = LogHttpLogIPWrapper(tv, thread_data, p, f, (HtpState *)state, (htp_tx_t *)tx, tx_id, AF_INET6);
}
SCReturnInt(r);
}
开发者ID:EmergingThreats,项目名称:suricata,代码行数:17,代码来源:log-httplog.c
示例20: DetectTtlMatch
/**
* \brief This function is used to match TTL rule option on a packet with those passed via ttl:
*
* \param t pointer to thread vars
* \param det_ctx pointer to the pattern matcher thread
* \param p pointer to the current packet
* \param m pointer to the sigmatch that we will cast into DetectTtlData
*
* \retval 0 no match
* \retval 1 match
*/
int DetectTtlMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Packet *p, Signature *s, const SigMatchCtx *ctx)
{
if (PKT_IS_PSEUDOPKT(p))
return 0;
uint8_t pttl;
if (PKT_IS_IPV4(p)) {
pttl = IPV4_GET_IPTTL(p);
} else if (PKT_IS_IPV6(p)) {
pttl = IPV6_GET_HLIM(p);
} else {
SCLogDebug("Packet is of not IPv4 or IPv6");
return 0;
}
const DetectTtlData *ttld = (const DetectTtlData *)ctx;
return TtlMatch(pttl, ttld->mode, ttld->ttl1, ttld->ttl2);
}
开发者ID:thus,项目名称:suricata,代码行数:30,代码来源:detect-ttl.c
注:本文中的PKT_IS_IPV6函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论