自学教程：C++ GET_PKT_LEN函数代码示例

int DecodeRaw(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint32_t len, PacketQueue *pq){    StatsIncr(tv, dtv->counter_raw);    /* If it is ipv4 or ipv6 it should at least be the size of ipv4 */    if (unlikely(len < IPV4_HEADER_LEN)) {        ENGINE_SET_INVALID_EVENT(p, IPV4_PKT_TOO_SMALL);        return TM_ECODE_FAILED;    }    if (IP_GET_RAW_VER(pkt) == 4) {        if (unlikely(GET_PKT_LEN(p) > USHRT_MAX)) {            return TM_ECODE_FAILED;        }        SCLogDebug("IPV4 Packet");        DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else if (IP_GET_RAW_VER(pkt) == 6) {        if (unlikely(GET_PKT_LEN(p) > USHRT_MAX)) {            return TM_ECODE_FAILED;        }        SCLogDebug("IPV6 Packet");        DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else {        SCLogDebug("Unknown ip version %" PRIu8 "", IP_GET_RAW_VER(pkt));        ENGINE_SET_EVENT(p,IPRAW_INVALID_IPV);    }    return TM_ECODE_OK;}

/** * /brief Decode a packet coming from NFQ */TmEcode DecodeNFQ(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq){    IPV4Hdr *ip4h = (IPV4Hdr *)GET_PKT_DATA(p);    IPV6Hdr *ip6h = (IPV6Hdr *)GET_PKT_DATA(p);    DecodeThreadVars *dtv = (DecodeThreadVars *)data;    /* XXX HACK: flow timeout can call us for injected pseudo packets     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */    if (PKT_IS_PSEUDOPKT(p))        return TM_ECODE_OK;    DecodeUpdatePacketCounters(tv, dtv, p);    if (IPV4_GET_RAW_VER(ip4h) == 4) {        SCLogDebug("IPv4 packet");        DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else if(IPV6_GET_RAW_VER(ip6h) == 6) {        SCLogDebug("IPv6 packet");        DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else {        SCLogDebug("packet unsupported by NFQ, first byte: %02x", *GET_PKT_DATA(p));    }    PacketDecodeFinalize(tv, dtv, p);    return TM_ECODE_OK;}

/** * /brief   This function passes off to link type decoders. * * NapatechDecode reads packets from the PacketQueue and passes * them off to the proper link type decoder. * * /param t pointer to ThreadVars * /param p pointer to the current packet * /param data pointer that gets cast into PcapThreadVars for ptv * /param pq pointer to the current PacketQueue */TmEcode NapatechDecode(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,        PacketQueue *postpq){    SCEnter();    DecodeThreadVars *dtv = (DecodeThreadVars *)data;    /* XXX HACK: flow timeout can call us for injected pseudo packets     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */    if (p->flags & PKT_PSEUDO_STREAM_END)        return TM_ECODE_OK;    /* update counters */    SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);//    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));    switch (p->datalink) {        case LINKTYPE_ETHERNET:            DecodeEthernet(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);            break;        default:            SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED,                    "Error: datalink type %" PRId32 " not yet supported in module NapatechDecode",                    p->datalink);            break;    }    PacketDecodeFinalize(tv, dtv, p);    SCReturnInt(TM_ECODE_OK);}

/** * /brief This function passes off to link type decoders. * /todo Unit tests are needed for this module. * * DecodeIPFW reads packets from the PacketQueue and passes * them off to the proper link type decoder. * * /param tv pointer to ThreadVars * /param p pointer to the current packet * /param data pointer that gets cast into IPFWThreadVars for ptv * /param pq pointer to the PacketQueue */TmEcode DecodeIPFW(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq){    IPV4Hdr *ip4h = (IPV4Hdr *)GET_PKT_DATA(p);    IPV6Hdr *ip6h = (IPV6Hdr *)GET_PKT_DATA(p);    DecodeThreadVars *dtv = (DecodeThreadVars *)data;    SCEnter();    /* update counters */    SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));    /* Process IP packets */    if (IPV4_GET_RAW_VER(ip4h) == 4) {        SCLogDebug("DecodeIPFW ip4 processing");        DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else if(IPV6_GET_RAW_VER(ip6h) == 6) {        SCLogDebug("DecodeIPFW ip6 processing");        DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else {        /* We don't support anything besides IP packets for now, bridged packets? */        SCLogInfo("IPFW unknown protocol support %02x", *GET_PKT_DATA(p));       SCReturnInt(TM_ECODE_FAILED);    }    SCReturnInt(TM_ECODE_OK);}

/** * /brief   This function passes off to link type decoders. * * DecodeNapatech reads packets from the PacketQueue and passes * them off to the proper link type decoder. * * /param t pointer to ThreadVars * /param p pointer to the current packet * /param data pointer that gets cast into PcapThreadVars for ptv * /param pq pointer to the current PacketQueue */TmEcode NapatechDecode(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,                       PacketQueue *postpq){    SCEnter();    DecodeThreadVars *dtv = (DecodeThreadVars *)data;    /* update counters */    SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));//    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));//    SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,//            (GET_PKT_LEN(p) * 8)/1000000.0);    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));    switch (p->datalink) {    case LINKTYPE_ETHERNET:        DecodeEthernet(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);        break;    default:        SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED,                   "Error: datalink type %" PRId32 " not yet supported in module DecodeNapatech",                   p->datalink);        break;    }    SCReturnInt(TM_ECODE_OK);}

/** * /brief This function passes off to link type decoders. * /todo Unit tests are needed for this module. * * DecodeIPFW reads packets from the PacketQueue and passes * them off to the proper link type decoder. * * /param tv pointer to ThreadVars * /param p pointer to the current packet * /param data pointer that gets cast into IPFWThreadVars for ptv * /param pq pointer to the PacketQueue */TmEcode DecodeIPFW(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq){    IPV4Hdr *ip4h = (IPV4Hdr *)GET_PKT_DATA(p);    IPV6Hdr *ip6h = (IPV6Hdr *)GET_PKT_DATA(p);    DecodeThreadVars *dtv = (DecodeThreadVars *)data;    SCEnter();    /* XXX HACK: flow timeout can call us for injected pseudo packets     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */    if (p->flags & PKT_PSEUDO_STREAM_END)        return TM_ECODE_OK;    /* update counters */    DecodeUpdatePacketCounters(tv, dtv, p);    /* Process IP packets */    if (IPV4_GET_RAW_VER(ip4h) == 4) {        SCLogDebug("DecodeIPFW ip4 processing");        DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else if(IPV6_GET_RAW_VER(ip6h) == 6) {        SCLogDebug("DecodeIPFW ip6 processing");        DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else {        /* We don't support anything besides IP packets for now, bridged packets? */        SCLogInfo("IPFW unknown protocol support %02x", *GET_PKT_DATA(p));       SCReturnInt(TM_ECODE_FAILED);    }    PacketDecodeFinalize(tv, dtv, p);    SCReturnInt(TM_ECODE_OK);}

static TmEcode AlertDebugLogDecoderEvent(ThreadVars *tv, const Packet *p, void *thread_data){    AlertDebugLogThread *aft = (AlertDebugLogThread *)thread_data;    int i;    char timebuf[64];    const char *pkt_src_str = NULL;    if (p->alerts.cnt == 0)        return TM_ECODE_OK;    MemBufferReset(aft->buffer);    CreateTimeString(&p->ts, timebuf, sizeof(timebuf));    MemBufferWriteString(aft->buffer,                         "+================/n"                         "TIME:              %s/n", timebuf);    if (p->pcap_cnt > 0) {        MemBufferWriteString(aft->buffer,                             "PCAP PKT NUM:      %"PRIu64"/n", p->pcap_cnt);    }    pkt_src_str = PktSrcToString(p->pkt_src);    MemBufferWriteString(aft->buffer, "PKT SRC:           %s/n", pkt_src_str);    MemBufferWriteString(aft->buffer,                         "ALERT CNT:         %" PRIu32 "/n", p->alerts.cnt);    for (i = 0; i < p->alerts.cnt; i++) {        const PacketAlert *pa = &p->alerts.alerts[i];        if (unlikely(pa->s == NULL)) {            continue;        }        MemBufferWriteString(aft->buffer,                             "ALERT MSG [%02d]:    %s/n"                             "ALERT GID [%02d]:    %" PRIu32 "/n"                             "ALERT SID [%02d]:    %" PRIu32 "/n"                             "ALERT REV [%02d]:    %" PRIu32 "/n"                             "ALERT CLASS [%02d]:  %s/n"                             "ALERT PRIO [%02d]:   %" PRIu32 "/n",                             i, pa->s->msg,                             i, pa->s->gid,                             i, pa->s->id,                             i, pa->s->rev,                             i, pa->s->class_msg,                             i, pa->s->prio);    }    MemBufferWriteString(aft->buffer,                         "PACKET LEN:        %" PRIu32 "/n"                         "PACKET:/n",                         GET_PKT_LEN(p));    PrintRawDataToBuffer(aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,                         GET_PKT_DATA(p), GET_PKT_LEN(p));    aft->file_ctx->Write((const char *)MEMBUFFER_BUFFER(aft->buffer),        MEMBUFFER_OFFSET(aft->buffer), aft->file_ctx);    return TM_ECODE_OK;}

TmEcode AlertDebugLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq){    AlertDebugLogThread *aft = (AlertDebugLogThread *)data;    int i;    char timebuf[64];    if (p->alerts.cnt == 0)        return TM_ECODE_OK;    MemBufferReset(aft->buffer);    CreateTimeString(&p->ts, timebuf, sizeof(timebuf));    MemBufferWriteString(aft->buffer,                         "+================/n"                         "TIME:              %s/n", timebuf);    if (p->pcap_cnt > 0) {        MemBufferWriteString(aft->buffer,                             "PCAP PKT NUM:      %"PRIu64"/n", p->pcap_cnt);    }    MemBufferWriteString(aft->buffer,                         "ALERT CNT:         %" PRIu32 "/n", p->alerts.cnt);    for (i = 0; i < p->alerts.cnt; i++) {        PacketAlert *pa = &p->alerts.alerts[i];        if (unlikely(pa->s == NULL)) {            continue;        }        MemBufferWriteString(aft->buffer,                             "ALERT MSG [%02d]:    %s/n"                             "ALERT GID [%02d]:    %" PRIu32 "/n"                             "ALERT SID [%02d]:    %" PRIu32 "/n"                             "ALERT REV [%02d]:    %" PRIu32 "/n"                             "ALERT CLASS [%02d]:  %s/n"                             "ALERT PRIO [%02d]:   %" PRIu32 "/n",                             i, pa->s->msg,                             i, pa->s->gid,                             i, pa->s->id,                             i, pa->s->rev,                             i, pa->s->class_msg,                             i, pa->s->prio);    }    MemBufferWriteString(aft->buffer,                         "PACKET LEN:        %" PRIu32 "/n"                         "PACKET:/n",                         GET_PKT_LEN(p));    PrintRawDataToBuffer(aft->buffer->buffer, &aft->buffer->offset, aft->buffer->size,                         GET_PKT_DATA(p), GET_PKT_LEN(p));    SCMutexLock(&aft->file_ctx->fp_mutex);    (void)MemBufferPrintToFPAsString(aft->buffer, aft->file_ctx->fp);    fflush(aft->file_ctx->fp);    aft->file_ctx->alerts += p->alerts.cnt;    SCMutexUnlock(&aft->file_ctx->fp_mutex);    return TM_ECODE_OK;}

/** /test full overlap */static int StreamTcpInlineTest01(void) {    SCEnter();    uint8_t payload1[] = "AAC"; /* packet */    uint8_t payload2[] = "ABC"; /* segment */    int result = 0;    TcpSegment *t = NULL;    Packet *p = UTHBuildPacketSrcDstPorts(payload1, sizeof(payload1)-1, IPPROTO_TCP, 1024, 80);    if (p == NULL || p->tcph == NULL) {        printf("generating test packet failed: ");        goto end;    }    p->tcph->th_seq = htonl(10000000UL);    t = SCMalloc(sizeof(TcpSegment));    if (t == NULL) {        printf("alloc TcpSegment failed: ");        goto end;    }    memset(t, 0x00, sizeof(TcpSegment));    t->payload = payload2;    t->payload_len = sizeof(payload2)-1;    t->seq = 10000000UL;    StreamTcpInlineSegmentReplacePacket(p, t);    if (!(p->flags & PKT_STREAM_MODIFIED)) {        printf("PKT_STREAM_MODIFIED pkt flag not set: ");        goto end;    }    if (memcmp(p->payload, t->payload, p->payload_len) != 0) {        printf("Packet:/n");        PrintRawDataFp(stdout,p->payload,p->payload_len);        printf("Segment:/n");        PrintRawDataFp(stdout,t->payload,t->payload_len);        printf("payloads didn't match: ");        goto end;    }    uint8_t *pkt = GET_PKT_DATA(p)+(GET_PKT_LEN(p)-sizeof(payload1)+1);    if (memcmp(pkt,payload2,sizeof(payload2)-1) != 0) {        PrintRawDataFp(stdout,pkt,3);        PrintRawDataFp(stdout,GET_PKT_DATA(p),GET_PKT_LEN(p));        goto end;    }    result = 1;end:    if (p != NULL) {        UTHFreePacket(p);    }    if (t != NULL) {        SCFree(t);    }    SCReturnInt(result);}

void DecodeUpdatePacketCounters(ThreadVars *tv,                                const DecodeThreadVars *dtv, const Packet *p){    StatsIncr(tv, dtv->counter_pkts);    //StatsIncr(tv, dtv->counter_pkts_per_sec);    StatsAddUI64(tv, dtv->counter_bytes, GET_PKT_LEN(p));    StatsAddUI64(tv, dtv->counter_avg_pkt_size, GET_PKT_LEN(p));    StatsSetUI64(tv, dtv->counter_max_pkt_size, GET_PKT_LEN(p));}

static int NFQCallBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,                       struct nfq_data *nfa, void *data){    NFQThreadVars *ntv = (NFQThreadVars *)data;    ThreadVars *tv = ntv->tv;    int ret;    /* grab a packet */    Packet *p = PacketGetFromQueueOrAlloc();    if (p == NULL) {        return -1;    }    PKT_SET_SRC(p, PKT_SRC_WIRE);    p->nfq_v.nfq_index = ntv->nfq_index;    /* if bypass mask is set then we may want to bypass so set pointer */    if (nfq_config.bypass_mask) {        p->BypassPacketsFlow = NFQBypassCallback;    }    ret = NFQSetupPkt(p, qh, (void *)nfa);    if (ret == -1) {#ifdef COUNTERS        NFQQueueVars *q = NFQGetQueue(ntv->nfq_index);        q->errs++;        q->pkts++;        q->bytes += GET_PKT_LEN(p);#endif /* COUNTERS */        (void) SC_ATOMIC_ADD(ntv->livedev->pkts, 1);        /* NFQSetupPkt is issuing a verdict           so we only recycle Packet and leave */        TmqhOutputPacketpool(tv, p);        return 0;    }    p->ReleasePacket = NFQReleasePacket;#ifdef COUNTERS    NFQQueueVars *q = NFQGetQueue(ntv->nfq_index);    q->pkts++;    q->bytes += GET_PKT_LEN(p);#endif /* COUNTERS */    (void) SC_ATOMIC_ADD(ntv->livedev->pkts, 1);    if (ntv->slot) {        if (TmThreadsSlotProcessPkt(tv, ntv->slot, p) != TM_ECODE_OK) {            TmqhOutputPacketpool(ntv->tv, p);            return -1;        }    } else {        /* pass on... */        tv->tmqh_out(tv, p);    }    return 0;}

/** * /brief   Process a DAG record into a TM packet buffer. * /param   prec pointer to a DAG record. * /param */TmEcode ProcessErfDagRecord(ErfDagThreadVars *ewtn, char *prec, Packet *p){    SCEnter();    int wlen = 0;    dag_record_t  *dr = (dag_record_t*)prec;    erf_payload_t *pload;    assert(prec);    assert(p);    if (p == NULL) SCReturnInt(TM_ECODE_OK);    /* Only support ethernet at this time. */    if (dr->type != TYPE_ETH &&	    dr->type != TYPE_DSM_COLOR_ETH &&	    dr->type != TYPE_COLOR_ETH &&	    dr->type != TYPE_COLOR_HASH_ETH) {        SCLogError(SC_ERR_UNIMPLEMENTED,                   "Processing of DAG record type: %d not implemented.", dr->type);        SCReturnInt(TM_ECODE_FAILED);    }    wlen = ntohs(dr->wlen);    pload = &(dr->rec);    SET_PKT_LEN(p, wlen - 4);   /* Trim the FCS... */    p->datalink = LINKTYPE_ETHERNET;    /* Take into account for link type Ethernet ETH frame starts     * after ther ERF header + pad.     */    PacketCopyData(p, pload->eth.dst, GET_PKT_LEN(p));    SCLogDebug("pktlen: %" PRIu32 " (pkt %02x, pkt data %02x)",               GET_PKT_LEN(p), *p, *GET_PKT_DATA(p));    /* Convert ERF time to timeval - from libpcap. */    uint64_t ts = dr->ts;    p->ts.tv_sec = ts >> 32;    ts = (ts & 0xffffffffULL) * 1000000;    ts += 0x80000000; /* rounding */    p->ts.tv_usec = ts >> 32;    if (p->ts.tv_usec >= 1000000) {        p->ts.tv_usec -= 1000000;        p->ts.tv_sec++;    }    ewtn->pkts++;    ewtn->bytes += wlen;    SCReturnInt(TM_ECODE_OK);}

/** * /brief   This function passes off to link type decoders. * * DecodeErfDag reads packets from the PacketQueue and passes * them off to the proper link type decoder. * * /param t pointer to ThreadVars * /param p pointer to the current packet * /param data pointer that gets cast into PcapThreadVars for ptv * /param pq pointer to the current PacketQueue */TmEcodeDecodeErfDag(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq,    PacketQueue *postpq){    SCEnter();    DecodeThreadVars *dtv = (DecodeThreadVars *)data;    /* XXX HACK: flow timeout can call us for injected pseudo packets     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */    if (p->flags & PKT_PSEUDO_STREAM_END)        return TM_ECODE_OK;    /* update counters */    DecodeUpdatePacketCounters(tv, dtv, p);        /* call the decoder */    switch(p->datalink) {        case LINKTYPE_ETHERNET:            DecodeEthernet(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);            break;        default:            SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED,                "Error: datalink type %" PRId32                " not yet supported in module DecodeErfDag",                p->datalink);            break;    }    PacketDecodeFinalize(tv, dtv, p);    SCReturnInt(TM_ECODE_OK);}

TmEcode DecodePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq){    SCEnter();    DecodeThreadVars *dtv = (DecodeThreadVars *)data;    /* XXX HACK: flow timeout can call us for injected pseudo packets     *           see bug: https://redmine.openinfosecfoundation.org/issues/1107 */    if (p->flags & PKT_PSEUDO_STREAM_END)        return TM_ECODE_OK;    /* update counters */    DecodeUpdatePacketCounters(tv, dtv, p);    double curr_ts = p->ts.tv_sec + p->ts.tv_usec / 1000.0;    if (curr_ts < prev_signaled_ts || (curr_ts - prev_signaled_ts) > 60.0) {        prev_signaled_ts = curr_ts;        FlowWakeupFlowManagerThread();    }    /* update the engine time representation based on the timestamp     * of the packet. */    TimeSet(&p->ts);    /* call the decoder */    pcap_g.Decoder(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);#ifdef DEBUG    BUG_ON(p->pkt_src != PKT_SRC_WIRE && p->pkt_src != PKT_SRC_FFR);#endif    PacketDecodeFinalize(tv, dtv, p);    SCReturnInt(TM_ECODE_OK);}

static void AlertJsonPacket(const Packet *p, json_t *js){    unsigned long len = GET_PKT_LEN(p) * 2;    uint8_t encoded_packet[len];    Base64Encode((unsigned char*) GET_PKT_DATA(p), GET_PKT_LEN(p),        encoded_packet, &len);    json_object_set_new(js, "packet", json_string((char *)encoded_packet));    /* Create packet info. */    json_t *packetinfo_js = json_object();    if (unlikely(packetinfo_js == NULL)) {        return;    }    json_object_set_new(packetinfo_js, "linktype", json_integer(p->datalink));    json_object_set_new(js, "packet_info", packetinfo_js);}

/** * /test HOP header decode */static int DecodeIPV6HopTest01 (void){    uint8_t raw_pkt1[] = {        0x60,0x00,0x00,0x00,0x00,0x20,0x00,0x01,0xfe,0x80,0x00,0x00,0x00,0x00,0x00,0x00,        0x02,0x0f,0xfe,0xff,0xfe,0x98,0x3d,0x01,0xff,0x02,0x00,0x00,0x00,0x00,0x00,0x00,        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x3a,0x00,0xff, /* 0xff is a nonsene opt */        0x02,0x00,0x00,0x00,0x00,        0x82,0x00,0x1c,0x6f,0x27,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00    };    Packet *p1 = PacketGetFromAlloc();    FAIL_IF(unlikely(p1 == NULL));    ThreadVars tv;    DecodeThreadVars dtv;    PacketQueue pq;    FlowInitConfig(FLOW_QUIET);    memset(&pq, 0, sizeof(PacketQueue));    memset(&tv, 0, sizeof(ThreadVars));    memset(&dtv, 0, sizeof(DecodeThreadVars));    PacketCopyData(p1, raw_pkt1, sizeof(raw_pkt1));    DecodeIPV6(&tv, &dtv, p1, GET_PKT_DATA(p1), GET_PKT_LEN(p1), &pq);    FAIL_IF (!(ENGINE_ISSET_EVENT(p1, IPV6_HOPOPTS_UNKNOWN_OPT)));    PACKET_RECYCLE(p1);    SCFree(p1);    FlowShutdown();    PASS;}

/** * /brief Checks if the packet sent as the argument, has a valid or invalid *        icmpv6 checksum, based on whether icmpv6-csum option for this rule *        has been supplied with "valid" or "invalid" argument * * /param t       Pointer to the tv for this detection module instance * /param det_ctx Pointer to the detection engine thread context * /param p       Pointer to the Packet currently being matched * /param s       Pointer to the Signature, the packet is being currently *                matched with * /param m       Pointer to the keyword_structure(SigMatch) from the above *                Signature, the Packet is being currently matched with * * /retval 1 if the Packet contents match the keyword option; 0 otherwise */static int DetectICMPV6CsumMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,        Packet *p, const Signature *s, const SigMatchCtx *ctx){    const DetectCsumData *cd = (const DetectCsumData *)ctx;    if (p->ip6h == NULL || p->icmpv6h == NULL || p->proto != IPPROTO_ICMPV6 || PKT_IS_PSEUDOPKT(p) ||        (GET_PKT_LEN(p) - ((uint8_t *)p->icmpv6h - GET_PKT_DATA(p))) <= 0) {        return 0;    }    if (p->flags & PKT_IGNORE_CHECKSUM) {        return cd->valid;    }    if (p->level4_comp_csum == -1) {        uint16_t len = IPV6_GET_RAW_PLEN(p->ip6h) -            ((uint8_t *)p->icmpv6h - (uint8_t *)p->ip6h - IPV6_HEADER_LEN);        p->level4_comp_csum = ICMPV6CalculateChecksum(p->ip6h->s_ip6_addrs,                                                      (uint16_t *)p->icmpv6h,                                                      len);    }    if (p->level4_comp_csum == p->icmpv6h->csum && cd->valid == 1)        return 1;    else if (p->level4_comp_csum != p->icmpv6h->csum && cd->valid == 0)        return 1;    else        return 0;}

static int NFQCallBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,                       struct nfq_data *nfa, void *data){    NFQThreadVars *ntv = (NFQThreadVars *)data;    ThreadVars *tv = ntv->tv;    int ret;    /* grab a packet */    Packet *p = PacketGetFromQueueOrAlloc();    if (p == NULL) {        return -1;    }    PKT_SET_SRC(p, PKT_SRC_WIRE);    p->nfq_v.nfq_index = ntv->nfq_index;    ret = NFQSetupPkt(p, qh, (void *)nfa);    if (ret == -1) {#ifdef COUNTERS        NFQQueueVars *nfq_q = NFQGetQueue(ntv->nfq_index);        nfq_q->errs++;        nfq_q->pkts++;        nfq_q->bytes += GET_PKT_LEN(p);#endif /* COUNTERS */        /* recycle Packet and leave */        TmqhOutputPacketpool(tv, p);        return 0;    }#ifdef COUNTERS    NFQQueueVars *nfq_q = NFQGetQueue(ntv->nfq_index);    nfq_q->pkts++;    nfq_q->bytes += GET_PKT_LEN(p);#endif /* COUNTERS */    if (ntv->slot) {        if (TmThreadsSlotProcessPkt(tv, ntv->slot, p) != TM_ECODE_OK) {            TmqhOutputPacketpool(ntv->tv, p);            return -1;        }    } else {        /* pass on... */        tv->tmqh_out(tv, p);    }    return 0;}

TmEcode AlertFastLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq){    AlertFastLogThread *aft = (AlertFastLogThread *)data;    int i;    char timebuf[64];    char *action = "";    extern uint8_t engine_mode;    if (p->alerts.cnt == 0)        return TM_ECODE_OK;    CreateTimeString(&p->ts, timebuf, sizeof(timebuf));    for (i = 0; i < p->alerts.cnt; i++) {        PacketAlert *pa = &p->alerts.alerts[i];        if (unlikely(pa->s == NULL)) {            continue;        }        if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {            action = "[Drop] ";        } else if (pa->action & ACTION_DROP) {            action = "[wDrop] ";        }        SCMutexLock(&aft->file_ctx->fp_mutex);        fprintf(aft->file_ctx->fp, "%s  %s[**] [%" PRIu32 ":%" PRIu32                ":%" PRIu32 "] %s [**] [Classification: %s] [Priority: "                "%" PRIu32 "] [**] [Raw pkt: ", timebuf, action, pa->s->gid,                pa->s->id, pa->s->rev, pa->s->msg, pa->s->class_msg, pa->s->prio);        PrintRawLineHexFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p) < 32 ? GET_PKT_LEN(p) : 32);        if (p->pcap_cnt != 0) {            fprintf(aft->file_ctx->fp, "] [pcap file packet: %"PRIu64"]/n", p->pcap_cnt);        } else {            fprintf(aft->file_ctx->fp, "]/n");        }        fflush(aft->file_ctx->fp);        aft->file_ctx->alerts++;        SCMutexUnlock(&aft->file_ctx->fp_mutex);    }    return TM_ECODE_OK;}

/** * /brief Decode a packet coming from NFQ */TmEcode DecodeNFQ(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq){    IPV4Hdr *ip4h = (IPV4Hdr *)GET_PKT_DATA(p);    IPV6Hdr *ip6h = (IPV6Hdr *)GET_PKT_DATA(p);    DecodeThreadVars *dtv = (DecodeThreadVars *)data;    SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));#if 0    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));    SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,                           (GET_PKT_LEN(p) * 8)/1000000.0);#endif    if (IPV4_GET_RAW_VER(ip4h) == 4) {        SCLogDebug("IPv4 packet");        DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else if(IPV6_GET_RAW_VER(ip6h) == 6) {        SCLogDebug("IPv6 packet");        DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else {        SCLogDebug("packet unsupported by NFQ, first byte: %02x", *GET_PKT_DATA(p));    }    return TM_ECODE_OK;}

static inline TmEcode ReadErfRecord(ThreadVars *tv, Packet *p, void *data){    SCEnter();    ErfFileThreadVars *etv = (ErfFileThreadVars *)data;    DagRecord dr;    int r = fread(&dr, sizeof(DagRecord), 1, etv->erf);    if (r < 1) {        if (feof(etv->erf)) {            SCLogInfo("End of ERF file reached");        }        else {            SCLogInfo("Error reading ERF record");        }        SCReturnInt(TM_ECODE_FAILED);    }    int rlen = ntohs(dr.rlen);    int wlen = ntohs(dr.wlen);    r = fread(GET_PKT_DATA(p), rlen - sizeof(DagRecord), 1, etv->erf);    if (r < 1) {        if (feof(etv->erf)) {            SCLogInfo("End of ERF file reached");        }        else {            SCLogInfo("Error reading ERF record");        }        SCReturnInt(TM_ECODE_FAILED);    }    /* Only support ethernet at this time. */    if (dr.type != DAG_TYPE_ETH) {        SCLogError(SC_ERR_UNIMPLEMENTED,            "DAG record type %d not implemented.", dr.type);        SCReturnInt(TM_ECODE_FAILED);    }    GET_PKT_LEN(p) = wlen;    p->datalink = LINKTYPE_ETHERNET;    /* Convert ERF time to timeval - from libpcap. */    uint64_t ts = dr.ts;    p->ts.tv_sec = ts >> 32;    ts = (ts & 0xffffffffULL) * 1000000;    ts += 0x80000000; /* rounding */    p->ts.tv_usec = ts >> 32;    if (p->ts.tv_usec >= 1000000) {        p->ts.tv_usec -= 1000000;        p->ts.tv_sec++;    }    etv->pkts++;    etv->bytes += wlen;    SCReturnInt(TM_ECODE_OK);}

void Decode(mbuf_t *m){    LOGDBG(SEC_DECODE_DBG_BIT, "==========>enter decode()/n");	if( DECODE_OK != DecodeEthernet(m, GET_PKT_DATA(m), GET_PKT_LEN(m)))    {        output_drop_proc(m);    }	return;}

/** *  /brief Setup a pseudo packet (tunnel) * *  /param parent parent packet for this pseudo pkt *  /param pkt raw packet data *  /param len packet data length *  /param proto protocol of the tunneled packet * *  /retval p the pseudo packet or NULL if out of memory */Packet *PacketTunnelPktSetup(ThreadVars *tv, DecodeThreadVars *dtv, Packet *parent,                             uint8_t *pkt, uint16_t len, enum DecodeTunnelProto proto,                             PacketQueue *pq){    int ret;    SCEnter();    /* get us a packet */    Packet *p = PacketGetFromQueueOrAlloc();    if (unlikely(p == NULL)) {        SCReturnPtr(NULL, "Packet");    }    /* copy packet and set lenght, proto */    PacketCopyData(p, pkt, len);    p->recursion_level = parent->recursion_level + 1;    p->ts.tv_sec = parent->ts.tv_sec;    p->ts.tv_usec = parent->ts.tv_usec;    p->datalink = DLT_RAW;    p->tenant_id = parent->tenant_id;    /* set the root ptr to the lowest layer */    if (parent->root != NULL)        p->root = parent->root;    else        p->root = parent;    /* tell new packet it's part of a tunnel */    SET_TUNNEL_PKT(p);    ret = DecodeTunnel(tv, dtv, p, GET_PKT_DATA(p),                       GET_PKT_LEN(p), pq, proto);    if (unlikely(ret != TM_ECODE_OK)) {        /* Not a tunnel packet, just a pseudo packet */        p->root = NULL;        UNSET_TUNNEL_PKT(p);        TmqhOutputPacketpool(tv, p);        SCReturnPtr(NULL, "Packet");    }    /* tell parent packet it's part of a tunnel */    SET_TUNNEL_PKT(parent);    /* increment tunnel packet refcnt in the root packet */    TUNNEL_INCR_PKT_TPR(p);    /* disable payload (not packet) inspection on the parent, as the payload     * is the packet we will now run through the system separately. We do     * check it against the ip/port/other header checks though */    DecodeSetNoPayloadInspectionFlag(parent);    SCReturnPtr(p, "Packet");}

TmEcode AlertDebugLogDecoderEvent(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq){    AlertDebugLogThread *aft = (AlertDebugLogThread *)data;    int i;    char timebuf[64];    if (p->alerts.cnt == 0)        return TM_ECODE_OK;    CreateTimeString(&p->ts, timebuf, sizeof(timebuf));    SCMutexLock(&aft->file_ctx->fp_mutex);    fprintf(aft->file_ctx->fp, "+================/n");    fprintf(aft->file_ctx->fp, "TIME:              %s/n", timebuf);    if (p->pcap_cnt > 0) {        fprintf(aft->file_ctx->fp, "PCAP PKT NUM:      %"PRIu64"/n", p->pcap_cnt);    }    fprintf(aft->file_ctx->fp, "ALERT CNT:         %" PRIu32 "/n", p->alerts.cnt);    for (i = 0; i < p->alerts.cnt; i++) {        PacketAlert *pa = &p->alerts.alerts[i];        fprintf(aft->file_ctx->fp, "ALERT MSG [%02d]:    %s/n", i, pa->msg);        fprintf(aft->file_ctx->fp, "ALERT GID [%02d]:    %" PRIu32 "/n", i, pa->gid);        fprintf(aft->file_ctx->fp, "ALERT SID [%02d]:    %" PRIu32 "/n", i, pa->sid);        fprintf(aft->file_ctx->fp, "ALERT REV [%02d]:    %" PRIu32 "/n", i, pa->rev);        fprintf(aft->file_ctx->fp, "ALERT CLASS [%02d]:  %s/n", i, pa->class_msg);        fprintf(aft->file_ctx->fp, "ALERT PRIO [%02d]:   %" PRIu32 "/n", i, pa->prio);    }    aft->file_ctx->alerts += p->alerts.cnt;    fprintf(aft->file_ctx->fp, "PACKET LEN:        %" PRIu32 "/n", GET_PKT_LEN(p));    fprintf(aft->file_ctx->fp, "PACKET:/n");    PrintRawDataFp(aft->file_ctx->fp, GET_PKT_DATA(p), GET_PKT_LEN(p));    fflush(aft->file_ctx->fp);    SCMutexUnlock(&aft->file_ctx->fp_mutex);    return TM_ECODE_OK;}

/** * /test routing header decode */static int DecodeIPV6RouteTest01 (void)   {    uint8_t raw_pkt1[] = {        0x60, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x2b, 0x40,        0x20, 0x01, 0xaa, 0xaa, 0x00, 0x01, 0x00, 0x00,        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,        0x20, 0x01, 0xaa, 0xaa, 0x00, 0x01, 0x00, 0x00,        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,        0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,        0xb2, 0xed, 0x00, 0x50, 0x1b, 0xc7, 0x6a, 0xdf,        0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x20, 0x00,        0xfa, 0x87, 0x00, 0x00,    };    Packet *p1 = SCMalloc(SIZE_OF_PACKET);    if (p1 == NULL)        return 0;    ThreadVars tv;    DecodeThreadVars dtv;    int result = 0;    PacketQueue pq;    FlowInitConfig(FLOW_QUIET);    memset(&pq, 0, sizeof(PacketQueue));    memset(&tv, 0, sizeof(ThreadVars));    memset(p1, 0, SIZE_OF_PACKET);    p1->pkt = (uint8_t *)(p1 + 1);    memset(&dtv, 0, sizeof(DecodeThreadVars));    PACKET_INITIALIZE(p1);    PacketCopyData(p1, raw_pkt1, sizeof(raw_pkt1));    DecodeIPV6(&tv, &dtv, p1, GET_PKT_DATA(p1), GET_PKT_LEN(p1), &pq);    if (!(IPV6_EXTHDR_ISSET_RH(p1))) {        printf("ipv6 routing header not detected: ");        goto end;    }    if (p1->ip6eh.ip6_exthdrs[0].len != 8) {        printf("ipv6 routing length incorrect: ");        goto end;    }    result = 1;end:    PACKET_CLEANUP(p1);    SCFree(p1);    FlowShutdown();    return result;}

/** * /brief   Function which is called to print the decode alerts to the syslog * * /param tv    Pointer to the threadvars * /param p     Pointer to the packet * /param data  pointer to the AlertSyslogThread * /param pq    pointer the to packet queue * /param postpq pointer to the post processed packet queue * * /return On succes return TM_ECODE_OK */static TmEcode AlertSyslogDecoderEvent(ThreadVars *tv, const Packet *p, void *data){    AlertSyslogThread *ast = (AlertSyslogThread *)data;    int i;    char *action = "";    if (p->alerts.cnt == 0)        return TM_ECODE_OK;    SCMutexLock(&ast->file_ctx->fp_mutex);    ast->file_ctx->alerts += p->alerts.cnt;    char temp_buf_hdr[512];    char temp_buf_pkt[65] = "";    char temp_buf_tail[32];    char alert[2048] = "";    for (i = 0; i < p->alerts.cnt; i++) {        const PacketAlert *pa = &p->alerts.alerts[i];        if (unlikely(pa->s == NULL)) {            continue;        }        if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {            action = "[Drop] ";        } else if (pa->action & ACTION_DROP) {            action = "[wDrop] ";        }        snprintf(temp_buf_hdr, sizeof(temp_buf_hdr), "%s[%" PRIu32 ":%" PRIu32                ":%" PRIu32 "] %s [Classification: %s] [Priority: %" PRIu32                "] [**] [Raw pkt: ", action, pa->s->gid, pa->s->id, pa->s->rev, pa->s->msg,                pa->s->class_msg, pa->s->prio);        strlcpy(alert, temp_buf_hdr, sizeof(alert));        PrintRawLineHexBuf(temp_buf_pkt, sizeof(temp_buf_pkt), GET_PKT_DATA(p), GET_PKT_LEN(p) < 32 ? GET_PKT_LEN(p) : 32);        strlcat(alert, temp_buf_pkt, sizeof(alert));        if (p->pcap_cnt != 0) {            snprintf(temp_buf_tail, sizeof(temp_buf_tail), "] [pcap file packet: %"PRIu64"]",                    p->pcap_cnt);        } else {            temp_buf_tail[0] = ']';            temp_buf_tail[1] = '/0';        }        strlcat(alert, temp_buf_tail, sizeof(alert));        syslog(alert_syslog_level, "%s", alert);    }    SCMutexUnlock(&ast->file_ctx->fp_mutex);    return TM_ECODE_OK;}

TmEcode DecodePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq){    SCEnter();    DecodeThreadVars *dtv = (DecodeThreadVars *)data;    /* update counters */    SCPerfCounterIncr(dtv->counter_pkts, tv->sc_perf_pca);    SCPerfCounterIncr(dtv->counter_pkts_per_sec, tv->sc_perf_pca);    SCPerfCounterAddUI64(dtv->counter_bytes, tv->sc_perf_pca, GET_PKT_LEN(p));#if 0    SCPerfCounterAddDouble(dtv->counter_bytes_per_sec, tv->sc_perf_pca, GET_PKT_LEN(p));    SCPerfCounterAddDouble(dtv->counter_mbit_per_sec, tv->sc_perf_pca,                           (GET_PKT_LEN(p) * 8)/1000000.0 );#endif    SCPerfCounterAddUI64(dtv->counter_avg_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));    SCPerfCounterSetUI64(dtv->counter_max_pkt_size, tv->sc_perf_pca, GET_PKT_LEN(p));    double curr_ts = p->ts.tv_sec + p->ts.tv_usec / 1000.0;    if (curr_ts < prev_signaled_ts || (curr_ts - prev_signaled_ts) > 60.0) {        prev_signaled_ts = curr_ts;        FlowWakeupFlowManagerThread();    }    /* update the engine time representation based on the timestamp     * of the packet. */    TimeSet(&p->ts);    /* call the decoder */    pcap_g.Decoder(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    SCReturnInt(TM_ECODE_OK);}

void DecodeRaw(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq){    SCPerfCounterIncr(dtv->counter_raw, tv->sc_perf_pca);    /* If it is ipv4 or ipv6 it should at least be the size of ipv4 */    if (len < IPV4_HEADER_LEN) {        ENGINE_SET_EVENT(p,IPV4_PKT_TOO_SMALL);        return;    }    if (IP_GET_RAW_VER(pkt) == 4) {        SCLogDebug("IPV4 Packet");        DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else if (IP_GET_RAW_VER(pkt) == 6) {        SCLogDebug("IPV6 Packet");        DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);    } else {        SCLogDebug("Unknown ip version %" PRIu8 "", IP_GET_RAW_VER(pkt));        ENGINE_SET_EVENT(p,IPRAW_INVALID_IPV);    }    return;}

/** * /test HOP header decode */static int DecodeIPV6HopTest01 (void){    uint8_t raw_pkt1[] = {        0x60,0x00,0x00,0x00,0x00,0x20,0x00,0x01,0xfe,0x80,0x00,0x00,0x00,0x00,0x00,0x00,        0x02,0x0f,0xfe,0xff,0xfe,0x98,0x3d,0x01,0xff,0x02,0x00,0x00,0x00,0x00,0x00,0x00,        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x3a,0x00,0x05,0x02,0x00,0x00,0x00,0x00,        0x82,0x00,0x1c,0x6f,0x27,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00    };    Packet *p1 = PacketGetFromAlloc();    if (unlikely(p1 == NULL))        return 0;    ThreadVars tv;    DecodeThreadVars dtv;    int result = 0;    PacketQueue pq;    FlowInitConfig(FLOW_QUIET);    memset(&pq, 0, sizeof(PacketQueue));    memset(&tv, 0, sizeof(ThreadVars));    memset(&dtv, 0, sizeof(DecodeThreadVars));    PacketCopyData(p1, raw_pkt1, sizeof(raw_pkt1));    DecodeIPV6(&tv, &dtv, p1, GET_PKT_DATA(p1), GET_PKT_LEN(p1), &pq);    if (!(IPV6_EXTHDR_ISSET_HH(p1))) {        printf("ipv6 routing header not detected: ");        goto end;    }    if (p1->ip6eh.ip6_exthdrs[0].len != 8) {        printf("ipv6 routing length incorrect: ");        goto end;    }    if (ENGINE_ISSET_EVENT(p1, IPV6_HOPOPTS_UNKNOWN_OPT)) {        printf("engine event IPV6_HOPOPTS_UNKNOWN_OPT set: ");        goto end;    }    result = 1;end:    PACKET_RECYCLE(p1);    SCFree(p1);    FlowShutdown();    return result;}

/** DecodeRawtest01 *  /brief Valid Raw packet *  /retval 0 Expected test value */static int DecodeRawTest01 (void)   {    /* IPV6/TCP/no eth header */    uint8_t raw_ip[] = {        0x60, 0x00, 0x00, 0x00, 0x00, 0x28, 0x06, 0x40,        0x20, 0x01, 0x06, 0x18, 0x04, 0x00, 0x00, 0x00,        0x00, 0x00, 0x00, 0x00, 0x51, 0x99, 0xcc, 0x70,        0x20, 0x01, 0x06, 0x18, 0x00, 0x01, 0x80, 0x00,        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,        0x8c, 0x9b, 0x00, 0x50, 0x6a, 0xe7, 0x07, 0x36,        0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0x16, 0x30,        0x29, 0x9c, 0x00, 0x00, 0x02, 0x04, 0x05, 0x8c,        0x04, 0x02, 0x08, 0x0a, 0x00, 0xdd, 0x1a, 0x39,        0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x02 };    Packet *p = SCMalloc(SIZE_OF_PACKET);    if (unlikely(p == NULL))    return 0;    ThreadVars tv;    DecodeThreadVars dtv;    memset(&dtv, 0, sizeof(DecodeThreadVars));    memset(&tv,  0, sizeof(ThreadVars));    memset(p, 0, SIZE_OF_PACKET);    p->pkt = (uint8_t *)(p + 1);    if (PacketCopyData(p, raw_ip, sizeof(raw_ip)) == -1) {    SCFree(p);    return 1;    }    FlowInitConfig(FLOW_QUIET);    DecodeRaw(&tv, &dtv, p, raw_ip, GET_PKT_LEN(p), NULL);    if (p->ip6h == NULL) {        printf("expected a valid ipv6 header but it was NULL: ");        FlowShutdown();        SCFree(p);        return 1;    }    FlowShutdown();    SCFree(p);    return 0;}