1 /* $Id$ */
2 /****************************************************************************
3  *
4  * Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
5  * Copyright (C) 2005-2013 Sourcefire, Inc.
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License Version 2 as
9  * published by the Free Software Foundation.  You may not use, modify or
10  * distribute this program under any other version of the GNU General
11  * Public License.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
21  *
22  ****************************************************************************/
23 
24 #ifndef __SF_PROTOCOLS_H__
25 #define __SF_PROTOCOLS_H__
26 
27 typedef uint8_t IpProto;
28 
29 typedef enum {
30     PROTO_ETH,        /* DecodeEthPkt */
31     PROTO_FPATH,      /* FabricPath - handled by DecodeEthPkt */
32     PROTO_CISCO_META, /* Cisco Metadata - handled by DecodeEthPkt */
33 
34     PROTO_IP4,        /* DecodeIP */
35                       /* DecodeIPOptions - handled with IP4 */
36     PROTO_ICMP4,      /* DecodeICMP */
37     PROTO_ICMP_IP4,   /* DecodeICMPEmbeddedIP */
38 
39     PROTO_UDP,        /* DecodeUDP */
40     PROTO_TCP,        /* DecodeTCP */
41                       /* DecodeTCPOptions - handled with TCP */
42 
43     PROTO_IP6,        /* DecodeIPV6 */
44                       /* DecodeIPV6Extensions - nothing to do here, calls below */
45     PROTO_IP6_HOP_OPTS,  /* DecodeIPV6Options - ip6 hop, dst, rte, and frag exts */
46     PROTO_IP6_DST_OPTS,
47     PROTO_ICMP6,      /* DecodeICMP6 */
48     PROTO_ICMP_IP6,   /* DecodeICMPEmbeddedIP6 */
49     PROTO_VLAN,       /* DecodeVlan */
50 #ifdef GRE
51     PROTO_GRE,        /* DecodeGRE */
52                       /* DecodeTransBridging - basically same as DecodeEthPkt */
53     PROTO_ERSPAN,     /* DecodeERSPANType2 and DecodeERSPANType3 */
54 #endif
55     PROTO_PPPOE,      /* DecodePPPoEPkt */
56     PROTO_PPP_ENCAP,  /* DecodePppPktEncapsulated */
57     PROTO_MPLS,       /* DecodeMPLS - decoder changes pkth len/caplen! */
58                       /* DecodeEthOverMPLS - basically same as straight eth */
59     PROTO_ARP,        /* DecodeARP */
60     PROTO_GTP,        /* DecodeGTP */
61     PROTO_AH,         /* DecodeAH - Authentication Header (IPSec stuff) */
62 
63 #ifndef NO_NON_ETHER_DECODER
64     PROTO_TR,         /* DecodeTRPkt */
65     PROTO_FDDI,       /* DecodeFDDIPkt */
66     PROTO_LSLL,       /* DecodeLinuxSLLPkt sockaddr_ll for "any" device and  */
67                       /* certain misbehaving link layer encapsulations */
68     PROTO_80211,      /* DecodeIEEE80211Pkt */
69     PROTO_SLIP,       /* DecodeSlipPkt - actually, based on header size, this */
70                       /* must be CSLIP (TCP/IP header compression) but all it */
71                       /* does is skip over the presumed header w/o expanding */
72                       /* and then jumps into IP4 decoding only; also, the actual */
73                       /* esc/end sequences must already have been removed because */
74                       /* there is no attempt to do that. */
75     PROTO_L2I4,       /* DecodeI4LRawIPPkt - always skips 2 bytes and then does */
76                       /* IP4 decoding only */
77     PROTO_L2I4C,      /* DecodeI4LCiscoIPPkt -always skips 4 bytes and then does */
78                       /* IP4 decoding only */
79     PROTO_CHDLC,      /* DecodeChdlcPkt - skips 4 bytes and decodes IP4 only. */
80     PROTO_PFLOG,      /* DecodePflog */
81     PROTO_OLD_PFLOG,  /* DecodeOldPflog */
82     PROTO_PPP,        /* DecodePppPkt - weird - optionally skips addr and cntl */
83                       /* bytes; what about flag and protocol? */
84                       /* calls only DecodePppPktEncapsulated. */
85     PROTO_PPP_SERIAL, /* DecodePppSerialPkt - also weird - requires addr, cntl, */
86                       /* and proto (no flag) but optionally skips only 2 bytes */
87                       /* (presumably the trailer w/chksum is already stripped) */
88                       /* Calls either DecodePppPktEncapsulated or DecodeChdlcPkt. */
89     PROTO_ENC,        /* DecodeEncPkt - skips 12 bytes and decodes IP4 only. */
90                       /* (add family + "spi" + "flags" - don't know what this is) */
91     PROTO_EAP,        /* DecodeEAP */
92     PROTO_EAPOL,      /* DecodeEapol - leaf decoder */
93     PROTO_EAPOL_KEY,  /* DecodeEapolKey - leaf decoder */
94 #endif /* NO_NON_ETHER_DECODER */
95 
96     PROTO_MAX
97 } PROTO_ID;
98 
99                       /* DecodeIPX - just counts; no decoding */
100                       /* DecodeEthLoopback - same as ipx */
101                       /* DecodeRawPkt - jumps straight into IP4 decoding */
102                       /* there is nothing to do */
103                       /* DecodeNullPkt - same as DecodeRawPkt */
104 
105 typedef struct {
106     PROTO_ID proto;
107     uint16_t length;
108     uint8_t* start;
109 } Layer;
110 
111 #endif /* __PROTOCOLS_H__ */
112 
113