0fe5b29423
The alignment column/field now also takes a number, specifying the length in bytes of the field described by the location
56 lines
1 KiB
Text
56 lines
1 KiB
Text
#
|
|
# Location definitions for packet matching
|
|
#
|
|
|
|
# name alignment offset mask
|
|
ip.version u8 net+0 0xF0
|
|
ip.hdrlen u8 net+0 0x0F
|
|
ip.diffserv u8 net+1
|
|
ip.length u16 net+2
|
|
ip.id u16 net+4
|
|
ip.df u8 net+6 0x40
|
|
ip.mf u8 net+6 0x20
|
|
ip.offset u16 net+6 0x1FFF
|
|
ip.ttl u8 net+8
|
|
ip.proto u8 net+9
|
|
ip.chksum u16 net+10
|
|
ip.src u32 net+12
|
|
ip.dst u32 net+16
|
|
|
|
#
|
|
# IP version 6
|
|
#
|
|
# name alignment offset mask
|
|
ip6.version u8 net+0 0xF0
|
|
ip6.tc u16 net+0 0xFF0
|
|
ip6.flowlabel u32 net+0 0xFFFFF
|
|
ip6.length u16 net+4
|
|
ip6.nexthdr u8 net+6
|
|
ip6.hoplimit u8 net+7
|
|
ip6.src 16 net+8
|
|
ip6.dst 16 net+24
|
|
|
|
#
|
|
# Transmission Control Protocol (TCP)
|
|
#
|
|
# name alignment offset mask
|
|
tcp.sport u16 tcp+0
|
|
tcp.dport u16 tcp+2
|
|
tcp.seq u32 tcp+4
|
|
tcp.ack u32 tcp+8
|
|
tcp.off u8 tcp+12 0xF0
|
|
tcp.reserved u8 tcp+12 0x0F
|
|
# FLAGS
|
|
tcp.win u16 tcp+14
|
|
tcp.csum u16 tcp+16
|
|
tcp.urg u16 tcp+18
|
|
tcp.opts u32 tcp+20
|
|
|
|
#
|
|
# User Datagram Protocol (UDP)
|
|
#
|
|
# name alignment offset mask
|
|
udp.sport u16 tcp+0
|
|
udp.dport u16 tcp+2
|
|
udp.length u16 tcp+4
|
|
udp.csum u16 tcp+6
|