| # |
| # Location definitions for packet matching |
| # |
| |
| # name alignment offset mask shift |
| ip.version u8 net+0 0xF0 4 |
| ip.hdrlen u8 net+0 0x0F |
| ip.diffserv u8 net+1 |
| ip.length u16 net+2 |
| ip.id u16 net+4 |
| ip.flag.res u8 net+6 0xff 7 |
| ip.df u8 net+6 0x40 6 |
| ip.mf u8 net+6 0x20 5 |
| ip.offset u16 net+6 0x1FFF |
| ip.ttl u8 net+8 |
| ip.proto u8 net+9 |
| ip.chksum u16 net+10 |
| ip.src u32 net+12 |
| ip.dst u32 net+16 |
| |
| # if ip.ihl > 5 |
| ip.opts u32 net+20 |
| |
| |
| # |
| # IP version 6 |
| # |
| # name alignment offset mask shift |
| ip6.version u8 net+0 0xF0 4 |
| ip6.tc u16 net+0 0xFF0 4 |
| ip6.flowlabel u32 net+0 0xFFFFF |
| ip6.length u16 net+4 |
| ip6.nexthdr u8 net+6 |
| ip6.hoplimit u8 net+7 |
| ip6.src 16 net+8 |
| ip6.dst 16 net+24 |
| |
| # |
| # Transmission Control Protocol (TCP) |
| # |
| # name alignment offset mask shift |
| tcp.sport u16 tcp+0 |
| tcp.dport u16 tcp+2 |
| tcp.seq u32 tcp+4 |
| tcp.ack u32 tcp+8 |
| |
| # Data offset (4 bits) |
| tcp.off u8 tcp+12 0xF0 4 |
| |
| # Reserved [0 0 0] (3 bits) |
| tcp.reserved u8 tcp+12 0x04 1 |
| |
| # ECN [N C E] (3 bits) |
| tcp.ecn u16 tcp+12 0x01C00 6 |
| |
| # Individual TCP flags (0|1) (6 bits in total) |
| tcp.flag.urg u8 tcp+13 0x20 5 |
| tcp.flag.ack u8 tcp+13 0x10 4 |
| tcp.flag.psh u8 tcp+13 0x08 3 |
| tcp.flag.rst u8 tcp+13 0x04 2 |
| tcp.flag.syn u8 tcp+13 0x02 1 |
| tcp.flag.fin u8 tcp+13 0x01 |
| |
| tcp.win u16 tcp+14 |
| tcp.csum u16 tcp+16 |
| tcp.urg u16 tcp+18 |
| tcp.opts u32 tcp+20 |
| |
| # |
| # User Datagram Protocol (UDP) |
| # |
| # name alignment offset mask shift |
| udp.sport u16 tcp+0 |
| udp.dport u16 tcp+2 |
| udp.length u16 tcp+4 |
| udp.csum u16 tcp+6 |