You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

77 lines
1.5 KiB
Plaintext

7 years ago
#
# Location definitions for packet matching
#
# name alignment offset mask shift
ip.version u8 net+0 0xF0 4
ip.hdrlen u8 net+0 0x0F
ip.diffserv u8 net+1
ip.length u16 net+2
ip.id u16 net+4
ip.flag.res u8 net+6 0xff 7
ip.df u8 net+6 0x40 6
ip.mf u8 net+6 0x20 5
ip.offset u16 net+6 0x1FFF
ip.ttl u8 net+8
ip.proto u8 net+9
ip.chksum u16 net+10
ip.src u32 net+12
ip.dst u32 net+16
# if ip.ihl > 5
ip.opts u32 net+20
#
# IP version 6
#
# name alignment offset mask shift
ip6.version u8 net+0 0xF0 4
ip6.tc u16 net+0 0xFF0 4
ip6.flowlabel u32 net+0 0xFFFFF
ip6.length u16 net+4
ip6.nexthdr u8 net+6
ip6.hoplimit u8 net+7
ip6.src 16 net+8
ip6.dst 16 net+24
#
# Transmission Control Protocol (TCP)
#
# name alignment offset mask shift
tcp.sport u16 tcp+0
tcp.dport u16 tcp+2
tcp.seq u32 tcp+4
tcp.ack u32 tcp+8
# Data offset (4 bits)
tcp.off u8 tcp+12 0xF0 4
# Reserved [0 0 0] (3 bits)
tcp.reserved u8 tcp+12 0x04 1
# ECN [N C E] (3 bits)
tcp.ecn u16 tcp+12 0x01C00 6
# Individual TCP flags (0|1) (6 bits in total)
tcp.flag.urg u8 tcp+13 0x20 5
tcp.flag.ack u8 tcp+13 0x10 4
tcp.flag.psh u8 tcp+13 0x08 3
tcp.flag.rst u8 tcp+13 0x04 2
tcp.flag.syn u8 tcp+13 0x02 1
tcp.flag.fin u8 tcp+13 0x01
tcp.win u16 tcp+14
tcp.csum u16 tcp+16
tcp.urg u16 tcp+18
tcp.opts u32 tcp+20
#
# User Datagram Protocol (UDP)
#
# name alignment offset mask shift
udp.sport u16 tcp+0
udp.dport u16 tcp+2
udp.length u16 tcp+4
udp.csum u16 tcp+6