00001 /* 00002 * 00003 ** @file CERT_IE.h 00004 ** Definition of the CERT "standard" information elements extension to 00005 ** the IETF standard RFC 5102 information elements 00006 ** 00007 ** ------------------------------------------------------------------------ 00008 ** Copyright (C) 2009-2011 Carnegie Mellon University. All Rights Reserved. 00009 ** ------------------------------------------------------------------------ 00010 ** Authors: Brian Trammell, Chris Inacio 00011 ** <netsa-yaf@cert.org> 00012 ** ------------------------------------------------------------------------ 00013 ** @OPENSOURCE_HEADER_START@ 00014 ** Use of the YAF system and related source code is subject to the terms 00015 ** of the following licenses: 00016 ** 00017 ** GNU Public License (GPL) Rights pursuant to Version 2, June 1991 00018 ** Government Purpose License Rights (GPLR) pursuant to DFARS 252.227.7013 00019 ** 00020 ** NO WARRANTY 00021 ** 00022 ** ANY INFORMATION, MATERIALS, SERVICES, INTELLECTUAL PROPERTY OR OTHER 00023 ** PROPERTY OR RIGHTS GRANTED OR PROVIDED BY CARNEGIE MELLON UNIVERSITY 00024 ** PURSUANT TO THIS LICENSE (HEREINAFTER THE "DELIVERABLES") ARE ON AN 00025 ** "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY 00026 ** KIND, EITHER EXPRESS OR IMPLIED AS TO ANY MATTER INCLUDING, BUT NOT 00027 ** LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, 00028 ** MERCHANTABILITY, INFORMATIONAL CONTENT, NONINFRINGEMENT, OR ERROR-FREE 00029 ** OPERATION. CARNEGIE MELLON UNIVERSITY SHALL NOT BE LIABLE FOR INDIRECT, 00030 ** SPECIAL OR CONSEQUENTIAL DAMAGES, SUCH AS LOSS OF PROFITS OR INABILITY 00031 ** TO USE SAID INTELLECTUAL PROPERTY, UNDER THIS LICENSE, REGARDLESS OF 00032 ** WHETHER SUCH PARTY WAS AWARE OF THE POSSIBILITY OF SUCH DAMAGES. 00033 ** LICENSEE AGREES THAT IT WILL NOT MAKE ANY WARRANTY ON BEHALF OF 00034 ** CARNEGIE MELLON UNIVERSITY, EXPRESS OR IMPLIED, TO ANY PERSON 00035 ** CONCERNING THE APPLICATION OF OR THE RESULTS TO BE OBTAINED WITH THE 00036 ** DELIVERABLES UNDER THIS LICENSE. 00037 ** 00038 ** Licensee hereby agrees to defend, indemnify, and hold harmless Carnegie 00039 ** Mellon University, its trustees, officers, employees, and agents from 00040 ** all claims or demands made against them (and any related losses, 00041 ** expenses, or attorney's fees) arising out of, or relating to Licensee's 00042 ** and/or its sub licensees' negligent use or willful misuse of or 00043 ** negligent conduct or willful misconduct regarding the Software, 00044 ** facilities, or other rights or assistance granted by Carnegie Mellon 00045 ** University under this License, including, but not limited to, any 00046 ** claims of product liability, personal injury, death, damage to 00047 ** property, or violation of any laws or regulations. 00048 ** 00049 ** Carnegie Mellon University Software Engineering Institute authored 00050 ** documents are sponsored by the U.S. Department of Defense under 00051 ** Contract F19628-00-C-0003. Carnegie Mellon University retains 00052 ** copyrights in all material produced under this contract. The U.S. 00053 ** Government retains a non-exclusive, royalty-free license to publish or 00054 ** reproduce these documents, or allow others to do so, for U.S. 00055 ** Government purposes only pursuant to the copyright license under the 00056 ** contract clause at 252.227.7013. 00057 ** 00058 ** @OPENSOURCE_HEADER_END@ 00059 ** ------------------------------------------------------------------------ 00060 */ 00061 00062 00063 #ifndef CERT_IE_H_ 00064 #define CERT_IE_H_ 00065 00066 00073 static fbInfoElement_t yaf_info_elements[] = { 00074 FB_IE_INIT("initialTCPFlags", CERT_PEN, 14, 1, FB_IE_F_ENDIAN | FB_IE_F_REVERSIBLE), 00075 FB_IE_INIT("unionTCPFlags", CERT_PEN, 15, 1, FB_IE_F_ENDIAN | FB_IE_F_REVERSIBLE), 00076 FB_IE_INIT("payload", CERT_PEN, 18, FB_IE_VARLEN, FB_IE_F_REVERSIBLE), 00077 FB_IE_INIT("reverseFlowDeltaMilliseconds", CERT_PEN, 21, 4, FB_IE_F_ENDIAN), 00078 FB_IE_INIT("silkAppLabel", CERT_PEN, 33, 2, FB_IE_F_ENDIAN), 00079 FB_IE_INIT("payloadEntropy", CERT_PEN, 35, 1, FB_IE_F_REVERSIBLE), 00080 FB_IE_INIT("osName", CERT_PEN, 36, FB_IE_VARLEN, FB_IE_F_REVERSIBLE), 00081 FB_IE_INIT("osVersion", CERT_PEN, 37, FB_IE_VARLEN, FB_IE_F_REVERSIBLE), 00082 FB_IE_INIT("firstPacketBanner", CERT_PEN, 38, FB_IE_VARLEN, FB_IE_F_REVERSIBLE), 00083 FB_IE_INIT("secondPacketBanner", CERT_PEN, 39, FB_IE_VARLEN, FB_IE_F_REVERSIBLE), 00084 FB_IE_INIT("osFingerPrint", CERT_PEN, 107, FB_IE_VARLEN, FB_IE_F_REVERSIBLE), 00085 FB_IE_NULL 00086 }; 00087 00088 00089 00090 #endif