Software Engineering Institute | Carnegie Mellon©
CERT NetSA Security Suite
Monitoring for Large-Scale Networks

YAF

Documentation

YAF

  • Documentation
  • Downloads
  • Main Page
  • Data Structures
  • Files
  • File List
  • Globals

CERT_IE.h

00001 /*
00002  *
00003  ** @file CERT_IE.h
00004  ** Definition of the CERT "standard" information elements extension to
00005  ** the IETF standard RFC 5102 information elements
00006  **
00007  ** ------------------------------------------------------------------------
00008  ** Copyright (C) 2009-2011 Carnegie Mellon University. All Rights Reserved.
00009  ** ------------------------------------------------------------------------
00010  ** Authors: Brian Trammell, Chris Inacio
00011  ** <netsa-yaf@cert.org>
00012  ** ------------------------------------------------------------------------
00013  ** @OPENSOURCE_HEADER_START@
00014  ** Use of the YAF system and related source code is subject to the terms 
00015  ** of the following licenses:
00016  ** 
00017  ** GNU Public License (GPL) Rights pursuant to Version 2, June 1991
00018  ** Government Purpose License Rights (GPLR) pursuant to DFARS 252.227.7013
00019  ** 
00020  ** NO WARRANTY
00021  ** 
00022  ** ANY INFORMATION, MATERIALS, SERVICES, INTELLECTUAL PROPERTY OR OTHER 
00023  ** PROPERTY OR RIGHTS GRANTED OR PROVIDED BY CARNEGIE MELLON UNIVERSITY 
00024  ** PURSUANT TO THIS LICENSE (HEREINAFTER THE "DELIVERABLES") ARE ON AN 
00025  ** "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY 
00026  ** KIND, EITHER EXPRESS OR IMPLIED AS TO ANY MATTER INCLUDING, BUT NOT 
00027  ** LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, 
00028  ** MERCHANTABILITY, INFORMATIONAL CONTENT, NONINFRINGEMENT, OR ERROR-FREE 
00029  ** OPERATION. CARNEGIE MELLON UNIVERSITY SHALL NOT BE LIABLE FOR INDIRECT, 
00030  ** SPECIAL OR CONSEQUENTIAL DAMAGES, SUCH AS LOSS OF PROFITS OR INABILITY 
00031  ** TO USE SAID INTELLECTUAL PROPERTY, UNDER THIS LICENSE, REGARDLESS OF 
00032  ** WHETHER SUCH PARTY WAS AWARE OF THE POSSIBILITY OF SUCH DAMAGES. 
00033  ** LICENSEE AGREES THAT IT WILL NOT MAKE ANY WARRANTY ON BEHALF OF 
00034  ** CARNEGIE MELLON UNIVERSITY, EXPRESS OR IMPLIED, TO ANY PERSON 
00035  ** CONCERNING THE APPLICATION OF OR THE RESULTS TO BE OBTAINED WITH THE 
00036  ** DELIVERABLES UNDER THIS LICENSE.
00037  ** 
00038  ** Licensee hereby agrees to defend, indemnify, and hold harmless Carnegie 
00039  ** Mellon University, its trustees, officers, employees, and agents from 
00040  ** all claims or demands made against them (and any related losses, 
00041  ** expenses, or attorney's fees) arising out of, or relating to Licensee's 
00042  ** and/or its sub licensees' negligent use or willful misuse of or 
00043  ** negligent conduct or willful misconduct regarding the Software, 
00044  ** facilities, or other rights or assistance granted by Carnegie Mellon 
00045  ** University under this License, including, but not limited to, any 
00046  ** claims of product liability, personal injury, death, damage to 
00047  ** property, or violation of any laws or regulations.
00048  ** 
00049  ** Carnegie Mellon University Software Engineering Institute authored 
00050  ** documents are sponsored by the U.S. Department of Defense under 
00051  ** Contract F19628-00-C-0003. Carnegie Mellon University retains 
00052  ** copyrights in all material produced under this contract. The U.S. 
00053  ** Government retains a non-exclusive, royalty-free license to publish or 
00054  ** reproduce these documents, or allow others to do so, for U.S. 
00055  ** Government purposes only pursuant to the copyright license under the 
00056  ** contract clause at 252.227.7013.
00057  ** 
00058  ** @OPENSOURCE_HEADER_END@
00059  ** ------------------------------------------------------------------------
00060  */
00061 
00062 
00063 #ifndef CERT_IE_H_
00064 #define CERT_IE_H_
00065 
00066 
00073 static fbInfoElement_t yaf_info_elements[] = {
00074     FB_IE_INIT("initialTCPFlags", CERT_PEN, 14, 1, FB_IE_F_ENDIAN | FB_IE_F_REVERSIBLE),
00075     FB_IE_INIT("unionTCPFlags", CERT_PEN, 15, 1, FB_IE_F_ENDIAN | FB_IE_F_REVERSIBLE),
00076     FB_IE_INIT("payload", CERT_PEN, 18, FB_IE_VARLEN, FB_IE_F_REVERSIBLE),
00077     FB_IE_INIT("reverseFlowDeltaMilliseconds", CERT_PEN, 21, 4, FB_IE_F_ENDIAN),
00078     FB_IE_INIT("silkAppLabel", CERT_PEN, 33, 2, FB_IE_F_ENDIAN),
00079     FB_IE_INIT("payloadEntropy", CERT_PEN, 35, 1, FB_IE_F_REVERSIBLE),
00080     FB_IE_INIT("osName", CERT_PEN, 36, FB_IE_VARLEN, FB_IE_F_REVERSIBLE),
00081     FB_IE_INIT("osVersion", CERT_PEN, 37, FB_IE_VARLEN, FB_IE_F_REVERSIBLE),
00082     FB_IE_INIT("firstPacketBanner", CERT_PEN, 38, FB_IE_VARLEN, FB_IE_F_REVERSIBLE),
00083     FB_IE_INIT("secondPacketBanner", CERT_PEN, 39, FB_IE_VARLEN, FB_IE_F_REVERSIBLE),
00084     FB_IE_INIT("osFingerPrint", CERT_PEN, 107, FB_IE_VARLEN, FB_IE_F_REVERSIBLE),
00085     FB_IE_NULL
00086 };
00087 
00088 
00089 
00090 #endif
© 2006-2011 Carnegie Mellon University