📄 op_decode.h
字号:
/*** Copyright (C) 1998-2001 Martin Roesch <roesch@clark.net>** Portions Copyright(C) 2002 Andrew R. Baker <andrewb@snort.org>**** This program is distributed under the terms of version 1.0 of the ** Q Public License. See LICENSE.QPL for further details.**** This program is distributed in the hope that it will be useful,** but WITHOUT ANY WARRANTY; without even the implied warranty of** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.***//* $Id: op_decode.h,v 1.6 2004/04/03 19:57:32 andrewbaker Exp $ */#ifndef __OP_DECODE_H__#define __OP_DECODE_H__/* I N C L U D E S **********************************************************/#include "config.h"#include <sys/types.h>#include <netinet/in.h>#include "barnyard.h"/* D E F I N E S ************************************************************//* how big can an ethernet frame be? */#define ETHERNET_MTU 1500/* ethernet ether_types */#define ETHERNET_TYPE_IP 0x0800#define ETHERNET_TYPE_ARP 0x0806#define ETHERNET_TYPE_REVARP 0x8035#define ETHERNET_TYPE_IPV6 0x86dd#define ETHERNET_TYPE_IPX 0x8137#define ETHERNET_TYPE_PPPoE_DISC 0x8863 /* discovery stage */#define ETHERNET_TYPE_PPPoE_SESS 0x8864 /* session stage */#define ETHERNET_TYPE_8021Q 0x8100#define ETH_DSAP_SNA 0x08 /* SNA */#define ETH_SSAP_SNA 0x00 /* SNA */#define ETH_DSAP_STP 0x42 /* Spanning Tree Protocol */#define ETH_SSAP_STP 0x42 /* Spanning Tree Protocol */#define ETH_DSAP_IP 0xaa /* IP */#define ETH_SSAP_IP 0xaa /* IP */#define ETH_ORG_CODE_ETHR 0x000000 /* Encapsulated Ethernet */#define ETH_ORG_CODE_CDP 0x00000c /* Cisco Discovery Proto */#define ETHERNET_HEADER_LEN 14#define MINIMAL_TOKENRING_HEADER_LEN 22#define TR_HLEN MINIMAL_TOKENRING_HEADER_LEN#define TOKENRING_LLC_LEN 8#define SLIP_HEADER_LEN 16#define PPP_IP 0x0021 /* Internet Protocol */#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */#define PPP_IPX 0x002b /* Novell IPX Protocol *//* otherwise defined in /usr/include/ppp_defs.h */#ifndef PPP_MTU #define PPP_MTU 1500#endif/* NULL aka LoopBack interfaces */#define NULL_HDRLEN 4/* otherwise defined in /usr/include/ppp_defs.h */#define IP_HEADER_LEN 20#define TCP_HEADER_LEN 20#define UDP_HEADER_LEN 8#define ICMP_HEADER_LEN 4#define TH_FIN 0x01#define TH_SYN 0x02#define TH_RST 0x04#define TH_PUSH 0x08#define TH_ACK 0x10#define TH_URG 0x20#define TH_RES2 0x40#define TH_RES1 0x80/* * tcp options stuff. used to be in <netinet/tcp.h> but it breaks * things on AIX */#define TCPOPT_EOL 0#define TCPOPT_NOP 1#define TCPOPT_MAXSEG 2#define TCPOLEN_MAXSEG 4#define TCPOPT_WINDOW 3#define TCPOLEN_WINDOW 3#define TCPOPT_SACK_PERMITTED 4 /* Experimental */#define TCPOLEN_SACK_PERMITTED 2#define TCPOPT_SACK 5 /* Experimental */#define TCPOPT_TIMESTAMP 8#define TCPOLEN_TIMESTAMP 10#define TCPOLEN_TSTAMP_APPA (TCPOLEN_TIMESTAMP+2) /* appendix A */#define TCPOPT_TSTAMP_HDR \ (TCPOPT_NOP<<24|TCPOPT_NOP<<16|TCPOPT_TIMESTAMP<<8|TCPOLEN_TIMESTAMP)/* * Default maximum segment size for TCP. * With an IP MSS of 576, this is 536, * but 512 is probably more convenient. * This should be defined as MIN(512, IP_MSS - sizeof (struct tcpiphdr)). */#ifndef TCP_MSS #define TCP_MSS 512#endif#ifndef TCP_MAXWIN #define TCP_MAXWIN 65535 /* largest value for (unscaled) window */#endif#ifndef TCP_MAX_WINSHIFT #define TCP_MAX_WINSHIFT 14 /* maximum window shift */#endif/* * User-settable options (used with setsockopt). */#ifndef TCP_NODELAY #define TCP_NODELAY 0x01 /* don't delay send to coalesce packets */#endif#ifndef TCP_MAXSEG #define TCP_MAXSEG 0x02 /* set maximum segment size */#endif#define SOL_TCP 6 /* TCP level */#define L2TP_PORT 1701#define DHCP_CLIENT_PORT 68#define DHCP_SERVER_PORT 67/* IRIX 6.2 hack! */#ifndef IRIX #define SNAPLEN 1514#else #define SNAPLEN 1500#endif#define MIN_SNAPLEN 68#define PROMISC 1#define READ_TIMEOUT 500/* Start Token Ring */#ifndef WIN32 #define TR_ALEN 6 /* octets in an Ethernet header */ #define IPARP_SAP 0xaa #define AC 0x10 #define LLC_FRAME 0x40 #define TRMTU 2000 /* 2000 bytes */ #define TR_RII 0x80 #define TR_RCF_DIR_BIT 0x80 #define TR_RCF_LEN_MASK 0x1f00 #define TR_RCF_BROADCAST 0x8000 /* all-routes broadcast */ #define TR_RCF_LIMITED_BROADCAST 0xC000 /* single-route broadcast */ #define TR_RCF_FRAME2K 0x20 #define TR_RCF_BROADCAST_MASK 0xC000#endif /* WIN32 *//* End Token Ring *//* Start FDDI */#define FDDI_ALLC_LEN 13#define FDDI_ALEN 6#define FDDI_MIN_HLEN FDDI_ALLC_LEN + 3#define FDDI_DSAP_SNA 0x08 /* SNA */#define FDDI_SSAP_SNA 0x00 /* SNA */#define FDDI_DSAP_STP 0x42 /* Spanning Tree Protocol */#define FDDI_SSAP_STP 0x42 /* Spanning Tree Protocol */#define FDDI_DSAP_IP 0xaa /* IP */#define FDDI_SSAP_IP 0xaa /* IP */#define FDDI_ORG_CODE_ETHR 0x000000 /* Encapsulated Ethernet */#define FDDI_ORG_CODE_CDP 0x00000c /* Cisco Discovery Proto(?) */#define ETHERNET_TYPE_CDP 0x2000 /* Cisco Discovery Protocol *//* End FDDI */#define ARPOP_REQUEST 1 /* ARP request */#define ARPOP_REPLY 2 /* ARP reply */#define ARPOP_RREQUEST 3 /* RARP request */#define ARPOP_RREPLY 4 /* RARP reply *//* PPPoE types */#define PPPoE_CODE_SESS 0x00 /* PPPoE session */#define PPPoE_CODE_PADI 0x09 /* PPPoE Active Discovery Initiation */#define PPPoE_CODE_PADO 0x07 /* PPPoE Active Discovery Offer */#define PPPoE_CODE_PADR 0x19 /* PPPoE Active Discovery Request */#define PPPoE_CODE_PADS 0x65 /* PPPoE Active Discovery Session-confirmation */#define PPPoE_CODE_PADT 0xa7 /* PPPoE Active Discovery Terminate *//* PPPoE tag types */#define PPPoE_TAG_END_OF_LIST 0x0000#define PPPoE_TAG_SERVICE_NAME 0x0101#define PPPoE_TAG_AC_NAME 0x0102#define PPPoE_TAG_HOST_UNIQ 0x0103#define PPPoE_TAG_AC_COOKIE 0x0104#define PPPoE_TAG_VENDOR_SPECIFIC 0x0105#define PPPoE_TAG_RELAY_SESSION_ID 0x0110#define PPPoE_TAG_SERVICE_NAME_ERROR 0x0201#define PPPoE_TAG_AC_SYSTEM_ERROR 0x0202#define PPPoE_TAG_GENERIC_ERROR 0x0203#define ICMP_ECHOREPLY 0 /* Echo Reply */#define ICMP_DEST_UNREACH 3 /* Destination Unreachable */#define ICMP_SOURCE_QUENCH 4 /* Source Quench */#define ICMP_REDIRECT 5 /* Redirect (change route) */#define ICMP_ECHO 8 /* Echo Request */#define ICMP_TIME_EXCEEDED 11 /* Time Exceeded */#define ICMP_PARAMETERPROB 12 /* Parameter Problem */#define ICMP_TIMESTAMP 13 /* Timestamp Request */#define ICMP_TIMESTAMPREPLY 14 /* Timestamp Reply */#define ICMP_INFO_REQUEST 15 /* Information Request */#define ICMP_INFO_REPLY 16 /* Information Reply */#define ICMP_ADDRESS 17 /* Address Mask Request */#define ICMP_ADDRESSREPLY 18 /* Address Mask Reply */#define NR_ICMP_TYPES 18/* Codes for ICMP UNREACHABLES */#define ICMP_NET_UNREACH 0 /* Network Unreachable */#define ICMP_HOST_UNREACH 1 /* Host Unreachable */#define ICMP_PROT_UNREACH 2 /* Protocol Unreachable */#define ICMP_PORT_UNREACH 3 /* Port Unreachable */#define ICMP_FRAG_NEEDED 4 /* Fragmentation Needed/DF set */#define ICMP_SR_FAILED 5 /* Source Route failed */#define ICMP_NET_UNKNOWN 6#define ICMP_HOST_UNKNOWN 7#define ICMP_HOST_ISOLATED 8#define ICMP_NET_ANO 9#define ICMP_HOST_ANO 10#define ICMP_NET_UNR_TOS 11#define ICMP_HOST_UNR_TOS 12#define ICMP_PKT_FILTERED 13 /* Packet filtered */#define ICMP_PREC_VIOLATION 14 /* Precedence violation */#define ICMP_PREC_CUTOFF 15 /* Precedence cut off */#define NR_ICMP_UNREACH 15 /* instead of hardcoding immediate * value *//* ip option type codes */#ifndef IPOPT_EOL #define IPOPT_EOL 0x00#endif#ifndef IPOPT_NOP #define IPOPT_NOP 0x01#endif#ifndef IPOPT_RR #define IPOPT_RR 0x07#endif#ifndef IPOPT_RTRALT #define IPOPT_RTRALT 0x14#endif#ifndef IPOPT_TS #define IPOPT_TS 0x44#endif#ifndef IPOPT_SECURITY #define IPOPT_SECURITY 0x82#endif#ifndef IPOPT_LSRR #define IPOPT_LSRR 0x83#endif#ifndef IPOPT_LSRR_E #define IPOPT_LSRR_E 0x84#endif#ifndef IPOPT_SATID #define IPOPT_SATID 0x88#endif#ifndef IPOPT_SSRR #define IPOPT_SSRR 0x89#endif/* tcp option codes */#define TOPT_EOL 0x00#define TOPT_NOP 0x01#define TOPT_MSS 0x02#define TOPT_WS 0x03#define TOPT_TS 0x08#ifndef TCPOPT_WSCALE #define TCPOPT_WSCALE 3 /* window scale factor (rfc1072) */#endif#ifndef TCPOPT_SACKOK #define TCPOPT_SACKOK 4 /* selective ack ok (rfc1072) */#endif#ifndef TCPOPT_SACK #define TCPOPT_SACK 5 /* selective ack (rfc1072) */#endif#ifndef TCPOPT_ECHO #define TCPOPT_ECHO 6 /* echo (rfc1072) */#endif#ifndef TCPOPT_ECHOREPLY #define TCPOPT_ECHOREPLY 7 /* echo (rfc1072) */#endif#ifndef TCPOPT_TIMESTAMP #define TCPOPT_TIMESTAMP 8 /* timestamps (rfc1323) */#endif#ifndef TCPOPT_CC #define TCPOPT_CC 11 /* T/TCP CC options (rfc1644) */#endif#ifndef TCPOPT_CCNEW #define TCPOPT_CCNEW 12 /* T/TCP CC options (rfc1644) */#endif#ifndef TCPOPT_CCECHO #define TCPOPT_CCECHO 13 /* T/TCP CC options (rfc1644) */#endif#define EXTRACT_16BITS(p) ((u_short) ntohs (*(u_short *)(p)))#ifdef WORDS_MUSTALIGN/* force word-aligned ntohl parameter */ #define EXTRACT_32BITS(p) ({ u_int32_t __tmp; memmove(&__tmp, (p), sizeof(u_int32_t)); (u_int32_t) ntohl(__tmp);})#else/* allows unaligned ntohl parameter - dies w/SIGBUS on SPARCs */ #define EXTRACT_32BITS(p) ((u_int32_t) ntohl (*(u_int32_t *)(p)))#endif /* WORDS_MUSTALIGN */#define PACKET_REBUILT_FRAG 0x00000001#define PACKET_REBUILT_STREAM 0x00000002/* D A T A S T R U C T U R E S *********************************************//* START Token Ring Data Structures */#ifndef WIN32/* LLC structure */typedef struct _Trh_llc{ u_int8_t dsap; u_int8_t ssap; u_int8_t protid[3]; u_int16_t ethertype;} Trh_llc;/* RIF structure * Linux/tcpdump patch defines tokenring header in dump way, since not * every tokenring header with have RIF data... we define it separately, and * a bit more split up */typedef struct _Trh_mr{#if defined(WORDS_BIGENDIAN) u_int16_t bcast:3, len:5, dir:1, lf:3, res:4;#else u_int16_t len:5, /* length of RIF field, including RC itself * (bytes) */ bcast:3, /* broadcast indicator */ res:4, /* reserved */ lf:3, /* largest frame size */ dir:1; /* direction */#endif u_int16_t rseg[8];} Trh_mr;typedef struct _Trh_hdr{ u_int8_t ac; /* access control field */ u_int8_t fc; /* frame control field */ u_int8_t daddr[TR_ALEN]; /* src address */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -