1 # 2 # Location definitions for packet matching 3 # 4 5 # name alignment offset mask shift 6 ip.version u8 net+0 0xF0 4 7 ip.hdrlen u8 net+0 0x0F 8 ip.diffserv u8 net+1 9 ip.length u16 net+2 10 ip.id u16 net+4 11 ip.flag.res u8 net+6 0xff 7 12 ip.df u8 net+6 0x40 6 13 ip.mf u8 net+6 0x20 5 14 ip.offset u16 net+6 0x1FFF 15 ip.ttl u8 net+8 16 ip.proto u8 net+9 17 ip.chksum u16 net+10 18 ip.src u32 net+12 19 ip.dst u32 net+16 20 21 # if ip.ihl > 5 22 ip.opts u32 net+20 23 24 25 # 26 # IP version 6 27 # 28 # name alignment offset mask shift 29 ip6.version u8 net+0 0xF0 4 30 ip6.tc u16 net+0 0xFF0 4 31 ip6.flowlabel u32 net+0 0xFFFFF 32 ip6.length u16 net+4 33 ip6.nexthdr u8 net+6 34 ip6.hoplimit u8 net+7 35 ip6.src 16 net+8 36 ip6.dst 16 net+24 37 38 # 39 # Transmission Control Protocol (TCP) 40 # 41 # name alignment offset mask shift 42 tcp.sport u16 tcp+0 43 tcp.dport u16 tcp+2 44 tcp.seq u32 tcp+4 45 tcp.ack u32 tcp+8 46 47 # Data offset (4 bits) 48 tcp.off u8 tcp+12 0xF0 4 49 50 # Reserved [0 0 0] (3 bits) 51 tcp.reserved u8 tcp+12 0x04 1 52 53 # ECN [N C E] (3 bits) 54 tcp.ecn u16 tcp+12 0x01C00 6 55 56 # Individual TCP flags (0|1) (6 bits in total) 57 tcp.flag.urg u8 tcp+13 0x20 5 58 tcp.flag.ack u8 tcp+13 0x10 4 59 tcp.flag.psh u8 tcp+13 0x08 3 60 tcp.flag.rst u8 tcp+13 0x04 2 61 tpc.flag.syn u8 tcp+13 0x02 1 62 tcp.flag.fin u8 tcp+13 0x01 63 64 tcp.win u16 tcp+14 65 tcp.csum u16 tcp+16 66 tcp.urg u16 tcp+18 67 tcp.opts u32 tcp+20 68 69 # 70 # User Datagram Protocol (UDP) 71 # 72 # name alignment offset mask shift 73 udp.sport u16 tcp+0 74 udp.dport u16 tcp+2 75 udp.length u16 tcp+4 76 udp.csum u16 tcp+6 77
