• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#
2# Location definitions for packet matching
3#
4
5# name		alignment	offset		mask		shift
6ip.version	u8		net+0		0xF0		4
7ip.hdrlen	u8		net+0		0x0F
8ip.diffserv	u8		net+1
9ip.length	u16		net+2
10ip.id		u16		net+4
11ip.flag.res	u8		net+6		0xff		7
12ip.df		u8		net+6		0x40		6
13ip.mf		u8		net+6		0x20		5
14ip.offset	u16		net+6		0x1FFF
15ip.ttl		u8		net+8
16ip.proto	u8		net+9
17ip.chksum	u16		net+10
18ip.src		u32		net+12
19ip.dst		u32		net+16
20
21# if ip.ihl > 5
22ip.opts		u32		net+20
23
24
25#
26# IP version 6
27#
28# name		alignment	offset		mask		shift
29ip6.version	u8		net+0		0xF0		4
30ip6.tc		u16		net+0		0xFF0		4
31ip6.flowlabel	u32		net+0		0xFFFFF
32ip6.length	u16		net+4
33ip6.nexthdr	u8		net+6
34ip6.hoplimit	u8		net+7
35ip6.src		16		net+8
36ip6.dst		16		net+24
37
38#
39# Transmission Control Protocol (TCP)
40#
41# name		alignment	offset		mask		shift
42tcp.sport	u16		tcp+0
43tcp.dport	u16		tcp+2
44tcp.seq		u32		tcp+4
45tcp.ack		u32		tcp+8
46
47# Data offset (4 bits)
48tcp.off		u8		tcp+12		0xF0		4
49
50# Reserved [0 0 0] (3 bits)
51tcp.reserved	u8		tcp+12		0x04		1
52
53# ECN [N C E] (3 bits)
54tcp.ecn		u16		tcp+12		0x01C00		6
55
56# Individual TCP flags (0|1) (6 bits in total)
57tcp.flag.urg	u8		tcp+13		0x20		5
58tcp.flag.ack	u8		tcp+13		0x10		4
59tcp.flag.psh	u8		tcp+13		0x08		3
60tcp.flag.rst	u8		tcp+13		0x04		2
61tcp.flag.syn	u8		tcp+13		0x02		1
62tcp.flag.fin	u8		tcp+13		0x01
63
64tcp.win		u16		tcp+14
65tcp.csum	u16		tcp+16
66tcp.urg		u16		tcp+18
67tcp.opts	u32		tcp+20
68
69#
70# User Datagram Protocol (UDP)
71#
72# name		alignment	offset		mask		shift
73udp.sport	u16		tcp+0
74udp.dport	u16		tcp+2
75udp.length	u16		tcp+4
76udp.csum	u16		tcp+6
77