Rlp_FragbitsAttribute_t Struct Reference

This rule inspects the fragment and reserved bits in the IP header. More...

#include <rlp.h>

Data Fields
Rlp_FlagType_t	RB
Rlp_FlagType_t	MF
Rlp_FlagType_t	DF

---

Detailed Description

This rule inspects the fragment and reserved bits in the IP header.

There are three bits that can be checked, the Reserved Bit (RB), More Fragments (MF) bit, and the Don't Fragment (DF) bit.

This rule inspects the fragment and reserved bits in the IP header. There are three bits that can be checked, the Reserved Bit (RB), More Fragments (MF) bit, and the Don't Fragment (DF) bit.

These bits can be checked in a variety of combinations. Use the following values to indicate specific bits:

• R: Reserved Bit
• D: DF bit
• M: MF bit

You can also use modifiers to indicate logical match criteria for the specified bits:

  + ALL flag, match on specified bits plus any others

ANY flag, match if any of the specified bits are set 
  ! NOT flag, match if the specified bits are not set

  alert tcp !$HOME_NET any -> $HOME_NET any (fragbits: R+; msg: "Reserved bit set!";)
  

Definition at line 556 of file rlp.h.

---

Field Documentation

Rlp_FlagType_t Rlp_FragbitsAttribute_t::RB

Definition at line 558 of file rlp.h.

Rlp_FlagType_t Rlp_FragbitsAttribute_t::MF

Definition at line 559 of file rlp.h.

Rlp_FlagType_t Rlp_FragbitsAttribute_t::DF

Definition at line 560 of file rlp.h.