Blame | Last modification | View Log | RSS feed
## Location definitions for packet matching## name alignment offset mask shiftip.version u8 net+0 0xF0 4ip.hdrlen u8 net+0 0x0Fip.diffserv u8 net+1ip.length u16 net+2ip.id u16 net+4ip.flag.res u8 net+6 0xff 7ip.df u8 net+6 0x40 6ip.mf u8 net+6 0x20 5ip.offset u16 net+6 0x1FFFip.ttl u8 net+8ip.proto u8 net+9ip.chksum u16 net+10ip.src u32 net+12ip.dst u32 net+16# if ip.ihl > 5ip.opts u32 net+20## IP version 6## name alignment offset mask shiftip6.version u8 net+0 0xF0 4ip6.tc u16 net+0 0xFF0 4ip6.flowlabel u32 net+0 0xFFFFFip6.length u16 net+4ip6.nexthdr u8 net+6ip6.hoplimit u8 net+7ip6.src 16 net+8ip6.dst 16 net+24## Transmission Control Protocol (TCP)## name alignment offset mask shifttcp.sport u16 tcp+0tcp.dport u16 tcp+2tcp.seq u32 tcp+4tcp.ack u32 tcp+8# Data offset (4 bits)tcp.off u8 tcp+12 0xF0 4# Reserved [0 0 0] (3 bits)tcp.reserved u8 tcp+12 0x04 1# ECN [N C E] (3 bits)tcp.ecn u16 tcp+12 0x01C00 6# Individual TCP flags (0|1) (6 bits in total)tcp.flag.urg u8 tcp+13 0x20 5tcp.flag.ack u8 tcp+13 0x10 4tcp.flag.psh u8 tcp+13 0x08 3tcp.flag.rst u8 tcp+13 0x04 2tcp.flag.syn u8 tcp+13 0x02 1tcp.flag.fin u8 tcp+13 0x01tcp.win u16 tcp+14tcp.csum u16 tcp+16tcp.urg u16 tcp+18tcp.opts u32 tcp+20## User Datagram Protocol (UDP)## name alignment offset mask shiftudp.sport u16 tcp+0udp.dport u16 tcp+2udp.length u16 tcp+4udp.csum u16 tcp+6