#
|
# Location definitions for packet matching
|
#
|
|
# name alignment offset mask shift
|
ip.version u8 net+0 0xF0 4
|
ip.hdrlen u8 net+0 0x0F
|
ip.diffserv u8 net+1
|
ip.length u16 net+2
|
ip.id u16 net+4
|
ip.flag.res u8 net+6 0xff 7
|
ip.df u8 net+6 0x40 6
|
ip.mf u8 net+6 0x20 5
|
ip.offset u16 net+6 0x1FFF
|
ip.ttl u8 net+8
|
ip.proto u8 net+9
|
ip.chksum u16 net+10
|
ip.src u32 net+12
|
ip.dst u32 net+16
|
|
# if ip.ihl > 5
|
ip.opts u32 net+20
|
|
|
#
|
# IP version 6
|
#
|
# name alignment offset mask shift
|
ip6.version u8 net+0 0xF0 4
|
ip6.tc u16 net+0 0xFF0 4
|
ip6.flowlabel u32 net+0 0xFFFFF
|
ip6.length u16 net+4
|
ip6.nexthdr u8 net+6
|
ip6.hoplimit u8 net+7
|
ip6.src 16 net+8
|
ip6.dst 16 net+24
|
|
#
|
# Transmission Control Protocol (TCP)
|
#
|
# name alignment offset mask shift
|
tcp.sport u16 tcp+0
|
tcp.dport u16 tcp+2
|
tcp.seq u32 tcp+4
|
tcp.ack u32 tcp+8
|
|
# Data offset (4 bits)
|
tcp.off u8 tcp+12 0xF0 4
|
|
# Reserved [0 0 0] (3 bits)
|
tcp.reserved u8 tcp+12 0x04 1
|
|
# ECN [N C E] (3 bits)
|
tcp.ecn u16 tcp+12 0x01C00 6
|
|
# Individual TCP flags (0|1) (6 bits in total)
|
tcp.flag.urg u8 tcp+13 0x20 5
|
tcp.flag.ack u8 tcp+13 0x10 4
|
tcp.flag.psh u8 tcp+13 0x08 3
|
tcp.flag.rst u8 tcp+13 0x04 2
|
tpc.flag.syn u8 tcp+13 0x02 1
|
tcp.flag.fin u8 tcp+13 0x01
|
|
tcp.win u16 tcp+14
|
tcp.csum u16 tcp+16
|
tcp.urg u16 tcp+18
|
tcp.opts u32 tcp+20
|
|
#
|
# User Datagram Protocol (UDP)
|
#
|
# name alignment offset mask shift
|
udp.sport u16 tcp+0
|
udp.dport u16 tcp+2
|
udp.length u16 tcp+4
|
udp.csum u16 tcp+6
|
