--- /dev/null
+2:1
+
+A tagged packet was logged.
+
+105:1
+
+(back_orifice) BO traffic detected
+
+105:2
+
+(back_orifice) BO client traffic detected
+
+105:3
+
+(back_orifice) BO server traffic detected
+
+105:4
+
+(back_orifice) BO Snort buffer attack
+
+106:1
+
+(rpc_decode) fragmented RPC records
+
+106:2
+
+(rpc_decode) multiple RPC records
+
+106:3
+
+(rpc_decode) large RPC record fragment
+
+106:4
+
+(rpc_decode) incomplete RPC segment
+
+106:5
+
+(rpc_decode) zero-length RPC fragment
+
+112:1
+
+(arp_spoof) unicast ARP request
+
+112:2
+
+(arp_spoof) ethernet/ARP mismatch request for source
+
+112:3
+
+(arp_spoof) ethernet/ARP mismatch request for destination
+
+112:4
+
+(arp_spoof) attempted ARP cache overwrite attack
+
+116:1
+
+(ipv4) not IPv4 datagram
+
+116:2
+
+(ipv4) IPv4 header length < minimum
+
+116:3
+
+(ipv4) IPv4 datagram length < header field
+
+116:4
+
+(ipv4) IPv4 options found with bad lengths
+
+116:5
+
+(ipv4) truncated IPv4 options
+
+116:6
+
+(ipv4) IPv4 datagram length > captured length
+
+116:45
+
+(tcp) TCP packet length is smaller than 20 bytes
+
+116:46
+
+(tcp) TCP data offset is less than 5
+
+116:47
+
+(tcp) TCP header length exceeds packet length
+
+116:54
+
+(tcp) TCP options found with bad lengths
+
+116:55
+
+(tcp) truncated TCP options
+
+116:56
+
+(tcp) T/TCP detected
+
+116:57
+
+(tcp) obsolete TCP options found
+
+116:58
+
+(tcp) experimental TCP options found
+
+116:59
+
+(tcp) TCP window scale option found with length > 14
+
+116:95
+
+(udp) truncated UDP header
+
+116:96
+
+(udp) invalid UDP header, length field < 8
+
+116:97
+
+(udp) short UDP packet, length field > payload length
+
+116:98
+
+(udp) long UDP packet, length field < payload length
+
+116:105
+
+(icmp4) ICMP header truncated
+
+116:106
+
+(icmp4) ICMP timestamp header truncated
+
+116:107
+
+(icmp4) ICMP address header truncated
+
+116:109
+
+(arp) truncated ARP
+
+116:110
+
+(eapol) truncated EAP header
+
+116:111
+
+(eapol) EAP key truncated
+
+116:112
+
+(eapol) EAP header truncated
+
+116:120
+
+(pppoe) bad PPPOE frame detected
+
+116:130
+
+(vlan) bad VLAN frame
+
+116:131
+
+(llc) bad LLC header
+
+116:132
+
+(llc) bad extra LLC info
+
+116:133
+
+(wlan) bad 802.11 LLC header
+
+116:134
+
+(wlan) bad 802.11 extra LLC info
+
+116:140
+
+(token_ring) bad Token Ring header
+
+116:141
+
+(token_ring) bad Token Ring ETHLLC header
+
+116:142
+
+(token_ring) bad Token Ring MRLEN header
+
+116:143
+
+(token_ring) bad Token Ring MR header
+
+116:150
+
+(decode) loopback IP
+
+116:151
+
+(decode) same src/dst IP
+
+116:160
+
+(gre) GRE header length > payload length
+
+116:161
+
+(gre) multiple encapsulations in packet
+
+116:162
+
+(gre) invalid GRE version
+
+116:163
+
+(gre) invalid GRE header
+
+116:164
+
+(gre) invalid GRE v.1 PPTP header
+
+116:165
+
+(gre) GRE trans header length > payload length
+
+116:170
+
+(mpls) bad MPLS frame
+
+116:171
+
+(mpls) MPLS label 0 appears in bottom header when not decoding as ip4
+
+116:172
+
+(mpls) MPLS label 1 appears in bottom header
+
+116:173
+
+(mpls) MPLS label 2 appears in bottom header when not decoding as ip6
+
+116:174
+
+(mpls) MPLS label 3 appears in header
+
+116:175
+
+(mpls) MPLS label 4, 5,.. or 15 appears in header
+
+116:176
+
+(mpls) too many MPLS headers
+
+116:180
+
+(geneve) insufficient room for geneve header
+
+116:181
+
+(geneve) invalid version
+
+116:182
+
+(geneve) invalid header
+
+116:183
+
+(geneve) invalid flags
+
+116:184
+
+(geneve) invalid options
+
+116:250
+
+(icmp4) ICMP original IP header truncated
+
+116:251
+
+(icmp4) ICMP version and original IP header versions differ
+
+116:252
+
+(icmp4) ICMP original datagram length < original IP header length
+
+116:253
+
+(icmp4) ICMP original IP payload < 64 bits
+
+116:254
+
+(icmp4) ICMP original IP payload > 576 bytes
+
+116:255
+
+(icmp4) ICMP original IP fragmented and offset not 0
+
+116:270
+
+(ipv6) IPv6 packet below TTL limit
+
+116:271
+
+(ipv6) IPv6 header claims to not be IPv6
+
+116:272
+
+(ipv6) IPv6 truncated extension header
+
+116:273
+
+(ipv6) IPv6 truncated header
+
+116:274
+
+(ipv6) IPv6 datagram length < header field
+
+116:275
+
+(ipv6) IPv6 datagram length > captured length
+
+116:276
+
+(ipv6) IPv6 packet with destination address ::0
+
+116:277
+
+(ipv6) IPv6 packet with multicast source address
+
+116:278
+
+(ipv6) IPv6 packet with reserved multicast destination address
+
+116:279
+
+(ipv6) IPv6 header includes an undefined option type
+
+116:280
+
+(ipv6) IPv6 address includes an unassigned multicast scope value
+
+116:281
+
+(ipv6) IPv6 header includes an invalid value for the 'next header' field
+
+116:282
+
+(ipv6) IPv6 header includes a routing extension header followed by a hop-by-hop header
+
+116:283
+
+(ipv6) IPv6 header includes two routing extension headers
+
+116:285
+
+(icmp6) ICMPv6 packet of type 2 (message too big) with MTU field < 1280
+
+116:286
+
+(icmp6) ICMPv6 packet of type 1 (destination unreachable) with non-RFC 2463 code
+
+116:287
+
+(icmp6) ICMPv6 router solicitation packet with a code not equal to 0
+
+116:288
+
+(icmp6) ICMPv6 router advertisement packet with a code not equal to 0
+
+116:289
+
+(icmp6) ICMPv6 router solicitation packet with the reserved field not equal to 0
+
+116:290
+
+(icmp6) ICMPv6 router advertisement packet with the reachable time field set > 1 hour
+
+116:291
+
+(ipv6) IPV6 tunneled over IPv4, IPv6 header truncated, possible Linux kernel attack
+
+116:292
+
+(ipv6) IPv6 header has destination options followed by a routing header
+
+116:293
+
+(decode) two or more IP (v4 and/or v6) encapsulation layers present
+
+116:294
+
+(esp) truncated encapsulated security payload header
+
+116:295
+
+(ipv6) IPv6 header includes an option which is too big for the containing header
+
+116:296
+
+(ipv6) IPv6 packet includes out-of-order extension headers
+
+116:297
+
+(gtp) two or more GTP encapsulation layers present
+
+116:298
+
+(gtp) GTP header length is invalid
+
+116:400
+
+(tcp) XMAS attack detected
+
+116:401
+
+(tcp) Nmap XMAS attack detected
+
+116:402
+
+(tcp) DOS NAPTHA vulnerability detected
+
+116:403
+
+(tcp) SYN to multicast address
+
+116:404
+
+(ipv4) IPv4 packet with zero TTL
+
+116:405
+
+(ipv4) IPv4 packet with bad frag bits (both MF and DF set)
+
+116:406
+
+(udp) invalid IPv6 UDP packet, checksum zero
+
+116:407
+
+(ipv4) IPv4 packet frag offset + length exceed maximum
+
+116:408
+
+(ipv4) IPv4 packet from 'current net' source address
+
+116:409
+
+(ipv4) IPv4 packet to 'current net' dest address
+
+116:410
+
+(ipv4) IPv4 packet from multicast source address
+
+116:411
+
+(ipv4) IPv4 packet from reserved source address
+
+116:412
+
+(ipv4) IPv4 packet to reserved dest address
+
+116:413
+
+(ipv4) IPv4 packet from broadcast source address
+
+116:414
+
+(ipv4) IPv4 packet to broadcast dest address
+
+116:415
+
+(icmp4) ICMP4 packet to multicast dest address
+
+116:416
+
+(icmp4) ICMP4 packet to broadcast dest address
+
+116:418
+
+(icmp4) ICMP4 type other
+
+116:419
+
+(tcp) TCP urgent pointer exceeds payload length or no payload
+
+116:420
+
+(tcp) TCP SYN with FIN
+
+116:421
+
+(tcp) TCP SYN with RST
+
+116:422
+
+(tcp) TCP PDU missing ack for established session
+
+116:423
+
+(tcp) TCP has no SYN, ACK, or RST
+
+116:424
+
+(eth) truncated ethernet header
+
+116:424
+
+(pbb) truncated ethernet header
+
+116:425
+
+(ipv4) truncated IPv4 header
+
+116:426
+
+(icmp4) truncated ICMP4 header
+
+116:427
+
+(icmp6) truncated ICMPv6 header
+
+116:428
+
+(ipv4) IPv4 packet below TTL limit
+
+116:429
+
+(ipv6) IPv6 packet has zero hop limit
+
+116:430
+
+(ipv4) IPv4 packet both DF and offset set
+
+116:431
+
+(icmp6) ICMPv6 type not decoded
+
+116:432
+
+(icmp6) ICMPv6 packet to multicast address
+
+116:433
+
+(tcp) DDOS shaft SYN flood
+
+116:434
+
+(icmp4) ICMP ping Nmap
+
+116:435
+
+(icmp4) ICMP icmpenum v1.1.1
+
+116:436
+
+(icmp4) ICMP redirect host
+
+116:437
+
+(icmp4) ICMP redirect net
+
+116:438
+
+(icmp4) ICMP traceroute ipopts
+
+116:439
+
+(icmp4) ICMP source quench
+
+116:440
+
+(icmp4) broadscan smurf scanner
+
+116:441
+
+(icmp4) ICMP destination unreachable communication administratively prohibited
+
+116:442
+
+(icmp4) ICMP destination unreachable communication with destination host is administratively prohibited
+
+116:443
+
+(icmp4) ICMP destination unreachable communication with destination network is administratively prohibited
+
+116:444
+
+(ipv4) IPv4 option set
+
+116:445
+
+(udp) large UDP packet (> 4000 bytes)
+
+116:446
+
+(tcp) TCP port 0 traffic
+
+116:447
+
+(udp) UDP port 0 traffic
+
+116:448
+
+(ipv4) IPv4 reserved bit set
+
+116:449
+
+(decode) unassigned/reserved IP protocol
+
+116:450
+
+(decode) bad IP protocol
+
+116:451
+
+(icmp4) ICMP path MTU denial of service attempt
+
+116:452
+
+(icmp4) Linux ICMP header DOS attempt
+
+116:453
+
+(ipv6) ISATAP-addressed IPv6 traffic spoofing attempt
+
+116:454
+
+(pgm) PGM nak list overflow attempt
+
+116:455
+
+(igmp) DOS IGMP IP options validation attempt
+
+116:456
+
+(ipv6) too many IPv6 extension headers
+
+116:457
+
+(icmp6) ICMPv6 packet of type 1 (destination unreachable) with non-RFC 4443 code
+
+116:458
+
+(ipv6) bogus fragmentation packet, possible BSD attack
+
+116:459
+
+(decode) fragment with zero length
+
+116:460
+
+(icmp6) ICMPv6 node info query/response packet with a code greater than 2
+
+116:461
+
+(ipv6) IPv6 routing type 0 extension header
+
+116:462
+
+(erspan2) ERSpan header version mismatch
+
+116:463
+
+(erspan2) captured length < ERSpan type2 header length
+
+116:464
+
+(erspan3) captured < ERSpan type3 header length
+
+116:465
+
+(auth) truncated authentication header
+
+116:466
+
+(auth) bad authentication header length
+
+116:467
+
+(fabricpath) truncated FabricPath header
+
+116:468
+
+(ciscometadata) truncated Cisco Metadata header
+
+116:469
+
+(ciscometadata) invalid Cisco Metadata option length
+
+116:470
+
+(ciscometadata) invalid Cisco Metadata option type
+
+116:471
+
+(ciscometadata) invalid Cisco Metadata security group tag
+
+116:472
+
+(decode) too many protocols present
+
+116:473
+
+(decode) ether type out of range
+
+116:474
+
+(icmp6) ICMPv6 not encapsulated in IPv6
+
+116:475
+
+(ipv6) IPv6 mobility header includes an invalid value for the 'payload protocol' field
+
+119:1
+
+(http_inspect) ascii encoding
+
+119:2
+
+(http_inspect) double decoding attack
+
+119:3
+
+(http_inspect) u encoding
+
+119:4
+
+(http_inspect) bare byte unicode encoding
+
+119:6
+
+(http_inspect) UTF-8 encoding
+
+119:7
+
+(http_inspect) unicode map code point encoding in URI
+
+119:8
+
+(http_inspect) multi_slash encoding
+
+119:9
+
+(http_inspect) backslash used in URI path
+
+119:10
+
+(http_inspect) self directory traversal
+
+119:11
+
+(http_inspect) directory traversal
+
+119:12
+
+(http_inspect) apache whitespace (tab)
+
+119:13
+
+(http_inspect) HTTP header line terminated by LF without a CR
+
+119:14
+
+(http_inspect) non-RFC defined char
+
+119:15
+
+(http_inspect) oversize request-uri directory
+
+119:16
+
+(http_inspect) oversize chunk encoding
+
+119:18
+
+(http_inspect) webroot directory traversal
+
+119:19
+
+(http_inspect) long header
+
+119:20
+
+(http_inspect) max header fields
+
+119:21
+
+(http_inspect) multiple content length
+
+119:24
+
+(http_inspect) Host header field appears more than once or has multiple values
+
+119:25
+
+(http_inspect) Host header value is too long
+
+119:28
+
+(http_inspect) POST or PUT w/o content-length or chunks
+
+119:31
+
+(http_inspect) unknown method
+
+119:32
+
+(http_inspect) simple request
+
+119:33
+
+(http_inspect) unescaped space in HTTP URI
+
+119:34
+
+(http_inspect) too many pipelined requests
+
+119:102
+
+(http_inspect) invalid status code in HTTP response
+
+119:104
+
+(http_inspect) HTTP response has UTF charset that failed to normalize
+
+119:105
+
+(http_inspect) HTTP response has UTF-7 charset
+
+119:109
+
+(http_inspect) javascript obfuscation levels exceeds 1
+
+119:110
+
+(http_inspect) javascript whitespaces exceeds max allowed
+
+119:111
+
+(http_inspect) multiple encodings within javascript obfuscated data
+
+119:112
+
+(http_inspect) SWF file zlib decompression failure
+
+119:113
+
+(http_inspect) SWF file LZMA decompression failure
+
+119:114
+
+(http_inspect) PDF file deflate decompression failure
+
+119:115
+
+(http_inspect) PDF file unsupported compression type
+
+119:116
+
+(http_inspect) PDF file cascaded compression
+
+119:117
+
+(http_inspect) PDF file parse failure
+
+119:201
+
+(http_inspect) not HTTP traffic
+
+119:202
+
+(http_inspect) chunk length has excessive leading zeros
+
+119:203
+
+(http_inspect) white space before or between messages
+
+119:204
+
+(http_inspect) request message without URI
+
+119:205
+
+(http_inspect) control character in reason phrase
+
+119:206
+
+(http_inspect) illegal extra whitespace in start line
+
+119:207
+
+(http_inspect) corrupted HTTP version
+
+119:208
+
+(http_inspect) unknown HTTP version
+
+119:209
+
+(http_inspect) format error in HTTP header
+
+119:210
+
+(http_inspect) chunk header options present
+
+119:211
+
+(http_inspect) URI badly formatted
+
+119:212
+
+(http_inspect) unrecognized type of percent encoding in URI
+
+119:213
+
+(http_inspect) HTTP chunk misformatted
+
+119:214
+
+(http_inspect) white space adjacent to chunk length
+
+119:215
+
+(http_inspect) white space within header name
+
+119:216
+
+(http_inspect) excessive gzip compression
+
+119:217
+
+(http_inspect) gzip decompression failed
+
+119:218
+
+(http_inspect) HTTP 0.9 requested followed by another request
+
+119:219
+
+(http_inspect) HTTP 0.9 request following a normal request
+
+119:220
+
+(http_inspect) message has both Content-Length and Transfer-Encoding
+
+119:221
+
+(http_inspect) status code implying no body combined with Transfer-Encoding or nonzero Content-Length
+
+119:222
+
+(http_inspect) Transfer-Encoding not ending with chunked
+
+119:223
+
+(http_inspect) Transfer-Encoding with encodings before chunked
+
+119:224
+
+(http_inspect) misformatted HTTP traffic
+
+119:225
+
+(http_inspect) unsupported Content-Encoding used
+
+119:226
+
+(http_inspect) unknown Content-Encoding used
+
+119:227
+
+(http_inspect) multiple Content-Encodings applied
+
+119:228
+
+(http_inspect) server response before client request
+
+119:229
+
+(http_inspect) PDF/SWF/ZIP decompression of server response too big
+
+119:230
+
+(http_inspect) nonprinting character in HTTP message header name
+
+119:231
+
+(http_inspect) bad Content-Length value in HTTP header
+
+119:232
+
+(http_inspect) HTTP header line wrapped
+
+119:233
+
+(http_inspect) HTTP header line terminated by CR without a LF
+
+119:234
+
+(http_inspect) chunk terminated by nonstandard separator
+
+119:235
+
+(http_inspect) chunk length terminated by LF without CR
+
+119:236
+
+(http_inspect) more than one response with 100 status code
+
+119:237
+
+(http_inspect) 100 status code not in response to Expect header
+
+119:238
+
+(http_inspect) 1XX status code other than 100 or 101
+
+119:239
+
+(http_inspect) Expect header sent without a message body
+
+119:240
+
+(http_inspect) HTTP 1.0 message with Transfer-Encoding header
+
+119:241
+
+(http_inspect) Content-Transfer-Encoding used as HTTP header
+
+119:242
+
+(http_inspect) illegal field in chunked message trailers
+
+119:243
+
+(http_inspect) header field inappropriately appears twice or has two values
+
+119:244
+
+(http_inspect) invalid value chunked in Content-Encoding header
+
+119:245
+
+(http_inspect) 206 response sent to a request without a Range header
+
+119:246
+
+(http_inspect) 'HTTP' in version field not all upper case
+
+119:247
+
+(http_inspect) white space embedded in critical header value
+
+119:248
+
+(http_inspect) gzip compressed data followed by unexpected non-gzip data
+
+119:249
+
+(http_inspect) excessive HTTP parameter key repeats
+
+119:250
+
+(http_inspect) HTTP/2 Transfer-Encoding header other than identity
+
+119:251
+
+(http_inspect) HTTP/2 message body overruns Content-Length header value
+
+119:252
+
+(http_inspect) HTTP/2 message body smaller than Content-Length header value
+
+119:253
+
+(http_inspect) HTTP CONNECT request with a message body
+
+119:254
+
+(http_inspect) HTTP client-to-server traffic after CONNECT request but before CONNECT response
+
+119:255
+
+(http_inspect) HTTP CONNECT 2XX response with Content-Length header
+
+119:256
+
+(http_inspect) HTTP CONNECT 2XX response with Transfer-Encoding header
+
+119:257
+
+(http_inspect) HTTP CONNECT response with 1XX status code
+
+119:258
+
+(http_inspect) HTTP CONNECT response before request message completed
+
+119:259
+
+(http_inspect) malformed HTTP Content-Disposition filename parameter
+
+119:260
+
+(http_inspect) HTTP Content-Length message body was truncated
+
+119:261
+
+(http_inspect) HTTP chunked message body was truncated
+
+119:262
+
+(http_inspect) HTTP URI scheme longer than 10 characters
+
+119:263
+
+(http_inspect) HTTP/1 client requested HTTP/2 upgrade
+
+119:264
+
+(http_inspect) HTTP/1 server granted HTTP/2 upgrade
+
+119:265
+
+(http_inspect) bad token in JavaScript
+
+119:266
+
+(http_inspect) unexpected script opening tag in JavaScript
+
+119:267
+
+(http_inspect) unexpected script closing tag in JavaScript
+
+119:268
+
+(http_inspect) JavaScript code under the external script tags
+
+119:269
+
+(http_inspect) script opening tag in a short form
+
+119:270
+
+(http_inspect) max number of unique JavaScript identifiers reached
+
+119:271
+
+(http_inspect) JavaScript template literal nesting is over capacity
+
+119:272
+
+(http_inspect) Consecutive commas in HTTP Accept-Encoding header
+
+121:1
+
+(http2_inspect) invalid flag set on HTTP/2 frame
+
+121:2
+
+(http2_inspect) HPACK integer value has leading zeros
+
+121:3
+
+(http2_inspect) HTTP/2 stream initiated with invalid stream id
+
+121:4
+
+(http2_inspect) missing HTTP/2 continuation frame
+
+121:5
+
+(http2_inspect) unexpected HTTP/2 continuation frame
+
+121:6
+
+(http2_inspect) misformatted HTTP/2 traffic
+
+121:7
+
+(http2_inspect) HTTP/2 connection preface does not match
+
+121:8
+
+(http2_inspect) HTTP/2 request missing required header field
+
+121:9
+
+(http2_inspect) HTTP/2 response has no status code
+
+121:10
+
+(http2_inspect) HTTP/2 CONNECT request with scheme or path
+
+121:11
+
+(http2_inspect) error in HTTP/2 settings frame
+
+121:12
+
+(http2_inspect) unknown parameter in HTTP/2 settings frame
+
+121:13
+
+(http2_inspect) invalid HTTP/2 frame sequence
+
+121:14
+
+(http2_inspect) HTTP/2 dynamic table size limit exceeded
+
+121:15
+
+(http2_inspect) HTTP/2 push promise frame with invalid promised stream id
+
+121:16
+
+(http2_inspect) HTTP/2 padding length is bigger than frame data size
+
+121:17
+
+(http2_inspect) HTTP/2 pseudo-header after regular header
+
+121:18
+
+(http2_inspect) HTTP/2 pseudo-header in trailers
+
+121:19
+
+(http2_inspect) invalid HTTP/2 pseudo-header
+
+121:20
+
+(http2_inspect) HTTP/2 trailers without END_STREAM bit
+
+121:21
+
+(http2_inspect) HTTP/2 push promise frame sent when prohibited by receiver
+
+121:22
+
+(http2_inspect) padding flag set on HTTP/2 frame with zero length
+
+121:23
+
+(http2_inspect) HTTP/2 push promise frame in c2s direction
+
+121:24
+
+(http2_inspect) invalid HTTP/2 push promise frame
+
+121:25
+
+(http2_inspect) HTTP/2 push promise frame sent at invalid time
+
+121:26
+
+(http2_inspect) invalid parameter value sent in HTTP/2 settings frame
+
+121:27
+
+(http2_inspect) excessive concurrent HTTP/2 streams
+
+121:28
+
+(http2_inspect) invalid HTTP/2 rst stream frame
+
+121:29
+
+(http2_inspect) HTTP/2 rst stream frame sent at invalid time
+
+121:30
+
+(http2_inspect) uppercase HTTP/2 header field name
+
+121:31
+
+(http2_inspect) invalid HTTP/2 window update frame
+
+121:32
+
+(http2_inspect) HTTP/2 window update frame with zero increment
+
+121:33
+
+(http2_inspect) HTTP/2 request without a method
+
+121:34
+
+(http2_inspect) HTTP/2 HPACK table size update not at the start of a header block
+
+121:35
+
+(http2_inspect) More than two HTTP/2 HPACK table size updates in a single header block
+
+121:36
+
+(http2_inspect) HTTP/2 HPACK table size update exceeds max value set by decoder in SETTINGS frame
+
+122:1
+
+(port_scan) TCP portscan
+
+122:2
+
+(port_scan) TCP decoy portscan
+
+122:3
+
+(port_scan) TCP portsweep
+
+122:4
+
+(port_scan) TCP distributed portscan
+
+122:5
+
+(port_scan) TCP filtered portscan
+
+122:6
+
+(port_scan) TCP filtered decoy portscan
+
+122:7
+
+(port_scan) TCP filtered portsweep
+
+122:8
+
+(port_scan) TCP filtered distributed portscan
+
+122:9
+
+(port_scan) IP protocol scan
+
+122:10
+
+(port_scan) IP decoy protocol scan
+
+122:11
+
+(port_scan) IP protocol sweep
+
+122:12
+
+(port_scan) IP distributed protocol scan
+
+122:13
+
+(port_scan) IP filtered protocol scan
+
+122:14
+
+(port_scan) IP filtered decoy protocol scan
+
+122:15
+
+(port_scan) IP filtered protocol sweep
+
+122:16
+
+(port_scan) IP filtered distributed protocol scan
+
+122:17
+
+(port_scan) UDP portscan
+
+122:18
+
+(port_scan) UDP decoy portscan
+
+122:19
+
+(port_scan) UDP portsweep
+
+122:20
+
+(port_scan) UDP distributed portscan
+
+122:21
+
+(port_scan) UDP filtered portscan
+
+122:22
+
+(port_scan) UDP filtered decoy portscan
+
+122:23
+
+(port_scan) UDP filtered portsweep
+
+122:24
+
+(port_scan) UDP filtered distributed portscan
+
+122:25
+
+(port_scan) ICMP sweep
+
+122:26
+
+(port_scan) ICMP filtered sweep
+
+122:27
+
+(port_scan) open port
+
+123:1
+
+(stream_ip) inconsistent IP options on fragmented packets
+
+123:2
+
+(stream_ip) teardrop attack
+
+123:3
+
+(stream_ip) short fragment, possible DOS attempt
+
+123:4
+
+(stream_ip) fragment packet ends after defragmented packet
+
+123:5
+
+(stream_ip) zero-byte fragment packet
+
+123:6
+
+(stream_ip) bad fragment size, packet size is negative
+
+123:7
+
+(stream_ip) bad fragment size, packet size is greater than 65536
+
+123:8
+
+(stream_ip) fragmentation overlap
+
+123:11
+
+(stream_ip) TTL value less than configured minimum, not using for reassembly
+
+123:12
+
+(stream_ip) excessive fragment overlap
+
+123:13
+
+(stream_ip) tiny fragment
+
+124:1
+
+(smtp) attempted command buffer overflow
+
+124:2
+
+(smtp) attempted data header buffer overflow
+
+124:3
+
+(smtp) attempted response buffer overflow
+
+124:4
+
+(smtp) attempted specific command buffer overflow
+
+124:5
+
+(smtp) unknown command
+
+124:6
+
+(smtp) illegal command
+
+124:7
+
+(smtp) attempted header name buffer overflow
+
+124:8
+
+(smtp) attempted X-Link2State command buffer overflow
+
+124:10
+
+(smtp) base64 decoding failed
+
+124:11
+
+(smtp) quoted-printable decoding failed
+
+124:13
+
+(smtp) Unix-to-Unix decoding failed
+
+124:14
+
+(smtp) Cyrus SASL authentication attack
+
+124:15
+
+(smtp) attempted authentication command buffer overflow
+
+124:16
+
+(smtp) file decompression failed
+
+125:1
+
+(ftp_server) TELNET cmd on FTP command channel
+
+125:2
+
+(ftp_server) invalid FTP command
+
+125:3
+
+(ftp_server) FTP command parameters were too long
+
+125:4
+
+(ftp_server) FTP command parameters were malformed
+
+125:5
+
+(ftp_server) FTP command parameters contained potential string format
+
+125:6
+
+(ftp_server) FTP response message was too long
+
+125:7
+
+(ftp_server) FTP traffic encrypted
+
+125:8
+
+(ftp_server) FTP bounce attempt
+
+125:9
+
+(ftp_server) evasive (incomplete) TELNET cmd on FTP command channel
+
+126:1
+
+(telnet) consecutive Telnet AYT commands beyond threshold
+
+126:2
+
+(telnet) Telnet traffic encrypted
+
+126:3
+
+(telnet) Telnet subnegotiation begin command without subnegotiation end
+
+128:1
+
+(ssh) challenge-response overflow exploit
+
+128:2
+
+(ssh) SSH1 CRC32 exploit
+
+128:3
+
+(ssh) server version string overflow
+
+128:5
+
+(ssh) bad message direction
+
+128:6
+
+(ssh) payload size incorrect for the given payload
+
+128:7
+
+(ssh) failed to detect SSH version string
+
+129:1
+
+(stream_tcp) SYN on established session
+
+129:2
+
+(stream_tcp) data on SYN packet
+
+129:3
+
+(stream_tcp) data sent on stream not accepting data
+
+129:4
+
+(stream_tcp) TCP timestamp is outside of PAWS window
+
+129:5
+
+(stream_tcp) bad segment, adjusted size <= 0 (deprecated)
+
+129:6
+
+(stream_tcp) window size (after scaling) larger than policy allows
+
+129:7
+
+(stream_tcp) limit on number of overlapping TCP packets reached
+
+129:8
+
+(stream_tcp) data sent on stream after TCP reset sent
+
+129:9
+
+(stream_tcp) TCP client possibly hijacked, different ethernet address
+
+129:10
+
+(stream_tcp) TCP server possibly hijacked, different ethernet address
+
+129:11
+
+(stream_tcp) TCP data with no TCP flags set
+
+129:12
+
+(stream_tcp) consecutive TCP small segments exceeding threshold
+
+129:13
+
+stream_tcp detected a 4-way handshake, which includes a TCP SYN (without ACK) in response to
+the initiating client SYN. stream_tcp.require_3whs = 0 should be set to ensure this can be
+detected in all cases.
+
+129:14
+
+(stream_tcp) TCP timestamp is missing
+
+129:15
+
+(stream_tcp) reset outside window
+
+129:16
+
+(stream_tcp) FIN number is greater than prior FIN
+
+129:17
+
+(stream_tcp) ACK number is greater than prior FIN
+
+129:18
+
+(stream_tcp) data sent on stream after TCP reset received
+
+129:19
+
+(stream_tcp) TCP window closed before receiving data
+
+129:20
+
+(stream_tcp) TCP session without 3-way handshake
+
+131:1
+
+(dns) obsolete DNS RR types
+
+131:2
+
+(dns) experimental DNS RR types
+
+131:3
+
+(dns) DNS client rdata txt overflow
+
+133:2
+
+(dce_smb) SMB - bad NetBIOS session service session type
+
+133:3
+
+(dce_smb) SMB - bad SMB message type
+
+133:4
+
+(dce_smb) SMB - bad SMB Id (not \xffSMB for SMB1 or not \xfeSMB for SMB2)
+
+133:5
+
+(dce_smb) SMB - bad word count or structure size
+
+133:6
+
+(dce_smb) SMB - bad byte count
+
+133:7
+
+(dce_smb) SMB - bad format type
+
+133:8
+
+(dce_smb) SMB - bad offset
+
+133:9
+
+(dce_smb) SMB - zero total data count
+
+133:10
+
+(dce_smb) SMB - NetBIOS data length less than SMB header length
+
+133:11
+
+(dce_smb) SMB - remaining NetBIOS data length less than command length
+
+133:12
+
+(dce_smb) SMB - remaining NetBIOS data length less than command byte count
+
+133:13
+
+(dce_smb) SMB - remaining NetBIOS data length less than command data size
+
+133:14
+
+(dce_smb) SMB - remaining total data count less than this command data size
+
+133:15
+
+(dce_smb) SMB - total data sent (STDu64) greater than command total data expected
+
+133:16
+
+(dce_smb) SMB - byte count less than command data size (STDu64)
+
+133:17
+
+(dce_smb) SMB - invalid command data size for byte count
+
+133:18
+
+(dce_smb) SMB - excessive tree connect requests with pending tree connect responses
+
+133:19
+
+(dce_smb) SMB - excessive read requests with pending read responses
+
+133:20
+
+(dce_smb) SMB - excessive command chaining
+
+133:21
+
+(dce_smb) SMB - Multiple chained login requests
+
+133:22
+
+(dce_smb) SMB - Multiple chained tree connect requests
+
+133:23
+
+(dce_smb) SMB - chained/compounded login followed by logoff
+
+133:24
+
+(dce_smb) SMB - chained/compounded tree connect followed by tree disconnect
+
+133:25
+
+(dce_smb) SMB - chained/compounded open pipe followed by close pipe
+
+133:26
+
+(dce_smb) SMB - invalid share access
+
+133:27
+
+(dce_tcp) connection oriented DCE/RPC - invalid major version
+
+133:28
+
+(dce_tcp) connection oriented DCE/RPC - invalid minor version
+
+133:29
+
+(dce_tcp) connection-oriented DCE/RPC - invalid PDU type
+
+133:30
+
+(dce_tcp) connection-oriented DCE/RPC - fragment length less than header size
+
+133:31
+
+(dce_tcp) connection-oriented DCE/RPC - remaining fragment length less than size needed
+
+133:32
+
+(dce_tcp) connection-oriented DCE/RPC - no context items specified
+
+133:33
+
+(dce_tcp) connection-oriented DCE/RPC -no transfer syntaxes specified
+
+133:34
+
+(dce_tcp) connection-oriented DCE/RPC - fragment length on non-last fragment less than maximum negotiated fragment transmit size for client
+
+133:35
+
+(dce_tcp) connection-oriented DCE/RPC - fragment length greater than maximum negotiated fragment transmit size
+
+133:36
+
+(dce_tcp) connection-oriented DCE/RPC - alter context byte order different from bind
+
+133:37
+
+(dce_tcp) connection-oriented DCE/RPC - call id of non first/last fragment different from call id established for fragmented request
+
+133:38
+
+(dce_tcp) connection-oriented DCE/RPC - opnum of non first/last fragment different from opnum established for fragmented request
+
+133:39
+
+(dce_tcp) connection-oriented DCE/RPC - context id of non first/last fragment different from context id established for fragmented request
+
+133:40
+
+(dce_udp) connection-less DCE/RPC - invalid major version
+
+133:41
+
+(dce_udp) connection-less DCE/RPC - invalid PDU type
+
+133:42
+
+(dce_udp) connection-less DCE/RPC - data length less than header size
+
+133:43
+
+(dce_udp) connection-less DCE/RPC - bad sequence number
+
+133:44
+
+(dce_smb) SMB - invalid SMB version 1 seen
+
+133:45
+
+(dce_smb) SMB - invalid SMB version 2 seen
+
+133:46
+
+(dce_smb) SMB - invalid user, tree connect, file binding
+
+133:47
+
+(dce_smb) SMB - excessive command compounding
+
+133:48
+
+(dce_smb) SMB - zero data count
+
+133:50
+
+(dce_smb) SMB - maximum number of outstanding requests exceeded
+
+133:51
+
+(dce_smb) SMB - outstanding requests with same MID
+
+133:52
+
+(dce_smb) SMB - deprecated dialect negotiated
+
+133:53
+
+(dce_smb) SMB - deprecated command used
+
+133:54
+
+(dce_smb) SMB - unusual command used
+
+133:55
+
+(dce_smb) SMB - invalid setup count for command
+
+133:56
+
+(dce_smb) SMB - client attempted multiple dialect negotiations on session
+
+133:57
+
+(dce_smb) SMB - client attempted to create or set a file's attributes to readonly/hidden/system
+
+133:58
+
+(dce_smb) SMB - file offset provided is greater than file size specified
+
+133:59
+
+(dce_smb) SMB - next command specified in SMB2 header is beyond payload boundary
+
+134:1
+
+(latency) rule tree suspended due to latency
+
+134:2
+
+(latency) rule tree re-enabled after suspend timeout
+
+134:3
+
+(latency) packet fastpathed due to latency
+
+135:1
+
+(stream) TCP SYN received
+
+135:2
+
+(stream) TCP session established
+
+135:3
+
+(stream) TCP session cleared
+
+136:1
+
+(reputation) packets blocked based on source
+
+136:2
+
+(reputation) packets trusted based on source
+
+136:3
+
+(reputation) packets monitored based on source
+
+136:4
+
+(reputation) packets blocked based on destination
+
+136:5
+
+(reputation) packets trusted based on destination
+
+136:6
+
+(reputation) packets monitored based on destination
+
+137:1
+
+(ssl) invalid client HELLO after server HELLO detected
+
+137:2
+
+(ssl) invalid server HELLO without client HELLO detected
+
+137:3
+
+(ssl) heartbeat read overrun attempt detected
+
+137:4
+
+(ssl) large heartbeat response detected
+
+140:2
+
+(sip) empty request URI
+
+140:3
+
+(sip) URI is too long
+
+140:4
+
+(sip) empty call-Id
+
+140:5
+
+(sip) Call-Id is too long
+
+140:6
+
+(sip) CSeq number is too large or negative
+
+140:7
+
+(sip) request name in CSeq is too long
+
+140:8
+
+(sip) empty From header
+
+140:9
+
+(sip) From header is too long
+
+140:10
+
+(sip) empty To header
+
+140:11
+
+(sip) To header is too long
+
+140:12
+
+(sip) empty Via header
+
+140:13
+
+(sip) Via header is too long
+
+140:14
+
+(sip) empty Contact
+
+140:15
+
+(sip) contact is too long
+
+140:16
+
+(sip) content length is too large or negative
+
+140:17
+
+(sip) multiple SIP messages in a packet
+
+140:18
+
+(sip) content length mismatch
+
+140:19
+
+(sip) request name is invalid
+
+140:20
+
+(sip) Invite replay attack
+
+140:21
+
+(sip) illegal session information modification
+
+140:22
+
+(sip) response status code is not a 3 digit number
+
+140:23
+
+(sip) empty Content-type header
+
+140:24
+
+(sip) SIP version is invalid
+
+140:25
+
+(sip) mismatch in METHOD of request and the CSEQ header
+
+140:26
+
+(sip) method is unknown
+
+140:27
+
+(sip) maximum dialogs within a session reached
+
+141:1
+
+(imap) unknown IMAP3 command
+
+141:2
+
+(imap) unknown IMAP3 response
+
+141:4
+
+(imap) base64 decoding failed
+
+141:5
+
+(imap) quoted-printable decoding failed
+
+141:7
+
+(imap) Unix-to-Unix decoding failed
+
+141:8
+
+(imap) file decompression failed
+
+142:1
+
+(pop) unknown POP3 command
+
+142:2
+
+(pop) unknown POP3 response
+
+142:4
+
+(pop) base64 decoding failed
+
+142:5
+
+(pop) quoted-printable decoding failed
+
+142:7
+
+(pop) Unix-to-Unix decoding failed
+
+142:8
+
+(pop) file decompression failed
+
+143:1
+
+(gtp_inspect) message length is invalid
+
+143:2
+
+(gtp_inspect) information element length is invalid
+
+143:3
+
+(gtp_inspect) information elements are out of order
+
+143:4
+
+(gtp_inspect) TEID is missing
+
+144:1
+
+(modbus) length in Modbus MBAP header does not match the length needed for the given function
+
+144:2
+
+(modbus) Modbus protocol ID is non-zero
+
+144:3
+
+(modbus) reserved Modbus function code in use
+
+145:1
+
+(dnp3) DNP3 link-layer frame contains bad CRC
+
+145:2
+
+(dnp3) DNP3 link-layer frame was dropped
+
+145:3
+
+(dnp3) DNP3 transport-layer segment was dropped during reassembly
+
+145:4
+
+(dnp3) DNP3 reassembly buffer was cleared without reassembling a complete message
+
+145:5
+
+(dnp3) DNP3 link-layer frame uses a reserved address
+
+145:6
+
+(dnp3) DNP3 application-layer fragment uses a reserved function code
+
+148:1
+
+(cip) CIP data is malformed
+
+148:2
+
+(cip) CIP data is non-conforming to ODVA standard
+
+148:3
+
+(cip) CIP connection limit exceeded. Least recently used connection removed
+
+148:4
+
+(cip) CIP unconnected request limit exceeded. Oldest request removed
+
+149:1
+
+(s7commplus) length in S7commplus MBAP header does not match the length needed for the given S7commplus function
+
+149:2
+
+(s7commplus) S7commplus protocol ID is non-zero
+
+149:3
+
+(s7commplus) reserved S7commplus function code in use
+
+150:1
+
+(file_id) file not processed due to per flow limit
+
+151:1
+
+(iec104) Length in IEC104 APCI header does not match the length needed for the given IEC104 ASDU type id
+
+151:2
+
+(iec104) IEC104 Start byte does not match 0x68
+
+151:3
+
+(iec104) Reserved IEC104 ASDU type id in use
+
+151:4
+
+(iec104) IEC104 APCI U Reserved field contains a non-default value
+
+151:5
+
+(iec104) IEC104 APCI U message type was set to an invalid value
+
+151:6
+
+(iec104) IEC104 APCI S Reserved field contains a non-default value
+
+151:7
+
+(iec104) IEC104 APCI I number of elements set to zero
+
+151:8
+
+(iec104) IEC104 APCI I SQ bit set on an ASDU that does not support the feature
+
+151:9
+
+(iec104) IEC104 APCI I number of elements set to greater than one on an ASDU that does not support the feature
+
+151:10
+
+(iec104) IEC104 APCI I Cause of Initialization set to a reserved value
+
+151:11
+
+(iec104) IEC104 APCI I Qualifier of Interrogation Command set to a reserved value
+
+151:12
+
+(iec104) IEC104 APCI I Qualifier of Counter Interrogation Command request parameter set to a reserved value
+
+151:13
+
+(iec104) IEC104 APCI I Qualifier of Parameter of Measured Values kind of parameter set to a reserved value
+
+151:14
+
+(iec104) IEC104 APCI I Qualifier of Parameter of Measured Values local parameter change set to a technically valid but unused value
+
+151:15
+
+(iec104) IEC104 APCI I Qualifier of Parameter of Measured Values parameter option set to a technically valid but unused value
+
+151:16
+
+(iec104) IEC104 APCI I Qualifier of Parameter Activation set to a reserved value
+
+151:17
+
+(iec104) IEC104 APCI I Qualifier of Command set to a reserved value
+
+151:18
+
+(iec104) IEC104 APCI I Qualifier of Reset Process set to a reserved value
+
+151:19
+
+(iec104) IEC104 APCI I File Ready Qualifier set to a reserved value
+
+151:20
+
+(iec104) IEC104 APCI I Section Ready Qualifier set to a reserved value
+
+151:21
+
+(iec104) IEC104 APCI I Select and Call Qualifier set to a reserved value
+
+151:22
+
+(iec104) IEC104 APCI I Last Section or Segment Qualifier set to a reserved value
+
+151:23
+
+(iec104) IEC104 APCI I Acknowledge File or Section Qualifier set to a reserved value
+
+151:24
+
+(iec104) IEC104 APCI I Structure Qualifier set on a message where it should have no effect
+
+151:25
+
+(iec104) IEC104 APCI I Single Point Information Reserved field contains a non-default value
+
+151:26
+
+(iec104) IEC104 APCI I Double Point Information Reserved field contains a non-default value
+
+151:27
+
+(iec104) IEC104 APCI I Cause of Transmission set to a reserved value
+
+151:28
+
+(iec104) IEC104 APCI I Cause of Transmission set to a value not allowed for the ASDU
+
+151:29
+
+(iec104) IEC104 APCI I invalid two octet common address value detected
+
+151:30
+
+(iec104) IEC104 APCI I Quality Descriptor Structure Reserved field contains a non-default value
+
+151:31
+
+(iec104) IEC104 APCI I Quality Descriptor for Events of Protection Equipment Structure Reserved field contains a non-default value
+
+151:32
+
+(iec104) IEC104 APCI I IEEE STD 754 value results in NaN
+
+151:33
+
+(iec104) IEC104 APCI I IEEE STD 754 value results in infinity
+
+151:34
+
+(iec104) IEC104 APCI I Single Event of Protection Equipment Structure Reserved field contains a non-default value
+
+151:35
+
+(iec104) IEC104 APCI I Start Event of Protection Equipment Structure Reserved field contains a non-default value
+
+151:36
+
+(iec104) IEC104 APCI I Output Circuit Information Structure Reserved field contains a non-default value
+
+151:37
+
+(iec104) IEC104 APCI I Abnormal Fixed Test Bit Pattern detected
+
+151:38
+
+(iec104) IEC104 APCI I Single Command Structure Reserved field contains a non-default value
+
+151:39
+
+(iec104) IEC104 APCI I Double Command Structure contains an invalid value
+
+151:40
+
+(iec104) IEC104 APCI I Regulating Step Command Structure Reserved field contains a non-default value
+
+151:41
+
+(iec104) IEC104 APCI I Time2a Millisecond set outside of the allowable range
+
+151:42
+
+(iec104) IEC104 APCI I Time2a Minute set outside of the allowable range
+
+151:43
+
+(iec104) IEC104 APCI I Time2a Minute Reserved field contains a non-default value
+
+151:44
+
+(iec104) IEC104 APCI I Time2a Hours set outside of the allowable range
+
+151:45
+
+(iec104) IEC104 APCI I Time2a Hours Reserved field contains a non-default value
+
+151:46
+
+(iec104) IEC104 APCI I Time2a Day of Month set outside of the allowable range
+
+151:47
+
+(iec104) IEC104 APCI I Time2a Month set outside of the allowable range
+
+151:48
+
+(iec104) IEC104 APCI I Time2a Month Reserved field contains a non-default value
+
+151:49
+
+(iec104) IEC104 APCI I Time2a Year set outside of the allowable range
+
+151:50
+
+(iec104) IEC104 APCI I Time2a Year Reserved field contains a non-default value
+
+151:51
+
+(iec104) IEC104 APCI I a null Length of Segment value has been detected
+
+151:52
+
+(iec104) IEC104 APCI I an invalid Length of Segment value has been detected
+
+151:53
+
+(iec104) IEC104 APCI I Status of File set to a reserved value
+
+151:54
+
+(iec104) IEC104 APCI I Qualifier of Set Point Command ql field set to a reserved value
+
+175:1
+
+(domain_filter) configured domain detected
+
+256:1
+
+(dpx) too much data sent to port
+
#define IEC104_RESERVED_SOF 53
#define IEC104_RESERVED_QOS 54
-#define IEC104_BAD_LENGTH_STR "(spp_iec104): Length in IEC104 APCI header does not match the length needed for the given IEC104 ASDU type id."
-#define IEC104_BAD_START_STR "(spp_iec104): IEC104 Start byte does not match 0x68."
-#define IEC104_RESERVED_ASDU_TYPE_STR "(spp_iec104): Reserved IEC104 ASDU type id in use."
-#define IEC104_APCIU_RESERVED_FIELD_IN_USE_STR "(spp_iec104): IEC104 APCI U Reserved field contains a non-default value."
-#define IEC104_APCIU_INVALID_MESSAGE_TYPE_STR "(spp_iec104): IEC104 APCI U message type was set to an invalid value."
-#define IEC104_APCIS_RESERVED_FIELD_IN_USE_STR "(spp_iec104): IEC104 APCI S Reserved field contains a non-default value."
-#define IEC104_APCII_NUM_ELEMENTS_SET_TO_ZERO_STR "(spp_iec104): IEC104 APCI I number of elements set to zero."
-#define IEC104_APCII_INVALID_SQ_VALUE_STR "(spp_iec104): IEC104 APCI I SQ bit set on an ASDU that does not support the feature."
-#define IEC104_APCII_INVALID_NUM_ELEMENTS_VALUE_STR "(spp_iec104): IEC104 APCI I number of elements set to greater than one on an ASDU that does not support the feature."
-#define IEC104_RESERVED_COI_STR "(spp_iec104): IEC104 APCI I Cause of Initialization set to a reserved value."
-#define IEC104_RESERVED_QOI_STR "(spp_iec104): IEC104 APCI I Qualifier of Interrogation Command set to a reserved value."
-#define IEC104_RESERVED_QCC_STR "(spp_iec104): IEC104 APCI I Qualifier of Counter Interrogation Command request parameter set to a reserved value."
-#define IEC104_RESERVED_QPM_KPA_STR "(spp_iec104): IEC104 APCI I Qualifier of Parameter of Measured Values kind of parameter set to a reserved value."
-#define IEC104_ABNORMAL_QPM_LPC_STR "(spp_iec104): IEC104 APCI I Qualifier of Parameter of Measured Values local parameter change set to a technically valid but unused value."
-#define IEC104_ABNORMAL_QPM_POP_STR "(spp_iec104): IEC104 APCI I Qualifier of Parameter of Measured Values parameter option set to a technically valid but unused value."
-#define IEC104_RESERVED_QPA_STR "(spp_iec104): IEC104 APCI I Qualifier of Parameter Activation set to a reserved value."
-#define IEC104_RESERVED_QOC_STR "(spp_iec104): IEC104 APCI I Qualifier of Command set to a reserved value."
-#define IEC104_RESERVED_QRP_STR "(spp_iec104): IEC104 APCI I Qualifier of Reset Process set to a reserved value."
-#define IEC104_RESERVED_FRQ_STR "(spp_iec104): IEC104 APCI I File Ready Qualifier set to a reserved value."
-#define IEC104_RESERVED_SRQ_STR "(spp_iec104): IEC104 APCI I Section Ready Qualifier set to a reserved value."
-#define IEC104_RESERVED_SCQ_STR "(spp_iec104): IEC104 APCI I Select and Call Qualifier set to a reserved value."
-#define IEC104_RESERVED_LSQ_STR "(spp_iec104): IEC104 APCI I Last Section or Segment Qualifier set to a reserved value."
-#define IEC104_RESERVED_AFQ_STR "(spp_iec104): IEC104 APCI I Acknowledge File or Section Qualifier set to a reserved value."
-#define IEC104_VSQ_ABNORMAL_SQ_STR "(spp_iec104): IEC104 APCI I Structure Qualifier set on a message where it should have no effect."
-#define IEC104_RESERVED_CAUSE_TX_STR "(spp_iec104): IEC104 APCI I Cause of Transmission set to a reserved value."
-#define IEC104_INVALID_CAUSE_TX_STR "(spp_iec104): IEC104 APCI I Cause of Transmission set to a value not allowed for the ASDU."
-#define IEC104_INVALID_COMMON_ADDRESS_STR "(spp_iec104): IEC104 APCI I invalid two octet common address value detected."
-#define IEC104_RESERVED_SIQ_STR "(spp_iec104): IEC104 APCI I Single Point Information Reserved field contains a non-default value."
-#define IEC104_RESERVED_DIQ_STR "(spp_iec104): IEC104 APCI I Double Point Information Reserved field contains a non-default value."
-#define IEC104_RESERVED_QDS_STR "(spp_iec104): IEC104 APCI I Quality Descriptor Structure Reserved field contains a non-default value."
-#define IEC104_RESERVED_QDP_STR "(spp_iec104): IEC104 APCI I Quality Descriptor for Events of Protection Equipment Structure Reserved field contains a non-default value."
-#define IEC104_RESERVED_IEEE_STD_754_NAN_STR "(spp_iec104): IEC104 APCI I IEEE STD 754 value results in NaN."
-#define IEC104_RESERVED_IEEE_STD_754_INFINITY_STR "(spp_iec104): IEC104 APCI I IEEE STD 754 value results in infinity."
-#define IEC104_RESERVED_SEP_STR "(spp_iec104): IEC104 APCI I Single Event of Protection Equipment Structure Reserved field contains a non-default value."
-#define IEC104_RESERVED_SPE_STR "(spp_iec104): IEC104 APCI I Start Event of Protection Equipment Structure Reserved field contains a non-default value."
-#define IEC104_RESERVED_OCI_STR "(spp_iec104): IEC104 APCI I Output Circuit Information Structure Reserved field contains a non-default value."
-#define IEC104_INVALID_FBP_STR "(spp_iec104): IEC104 APCI I Abnormal Fixed Test Bit Pattern detected."
-#define IEC104_RESERVED_SCO_STR "(spp_iec104): IEC104 APCI I Single Command Structure Reserved field contains a non-default value."
-#define IEC104_INVALID_DCO_STR "(spp_iec104): IEC104 APCI I Double Command Structure contains an invalid value."
-#define IEC104_RESERVED_RCO_STR "(spp_iec104): IEC104 APCI I Regulating Step Command Structure Reserved field contains a non-default value."
-#define IEC104_INVALID_MS_IN_MINUTE_STR "(spp_iec104): IEC104 APCI I Time2a Millisecond set outside of the allowable range."
-#define IEC104_INVALID_MINS_IN_HOUR_STR "(spp_iec104): IEC104 APCI I Time2a Minute set outside of the allowable range."
-#define IEC104_RESERVED_MINS_IN_HOUR_STR "(spp_iec104): IEC104 APCI I Time2a Minute Reserved field contains a non-default value."
-#define IEC104_INVALID_HOURS_IN_DAY_STR "(spp_iec104): IEC104 APCI I Time2a Hours set outside of the allowable range."
-#define IEC104_RESERVED_HOURS_IN_DAY_STR "(spp_iec104): IEC104 APCI I Time2a Hours Reserved field contains a non-default value."
-#define IEC104_INVALID_DAY_OF_MONTH_STR "(spp_iec104): IEC104 APCI I Time2a Day of Month set outside of the allowable range."
-#define IEC104_INVALID_MONTH_STR "(spp_iec104): IEC104 APCI I Time2a Month set outside of the allowable range."
-#define IEC104_RESERVED_MONTH_STR "(spp_iec104): IEC104 APCI I Time2a Month Reserved field contains a non-default value."
-#define IEC104_INVALID_YEAR_STR "(spp_iec104): IEC104 APCI I Time2a Year set outside of the allowable range."
-#define IEC104_NULL_LOS_VALUE_STR "(spp_iec104): IEC104 APCI I a null Length of Segment value has been detected."
-#define IEC104_INVALID_LOS_VALUE_STR "(spp_iec104): IEC104 APCI I an invalid Length of Segment value has been detected."
-#define IEC104_RESERVED_YEAR_STR "(spp_iec104): IEC104 APCI I Time2a Year Reserved field contains a non-default value."
-#define IEC104_RESERVED_SOF_STR "(spp_iec104): IEC104 APCI I Status of File set to a reserved value."
-#define IEC104_RESERVED_QOS_STR "(spp_iec104): IEC104 APCI I Qualifier of Set Point Command ql field set to a reserved value."
+#define IEC104_BAD_LENGTH_STR "Length in IEC104 APCI header does not match the length needed for the given IEC104 ASDU type id"
+#define IEC104_BAD_START_STR "IEC104 Start byte does not match 0x68"
+#define IEC104_RESERVED_ASDU_TYPE_STR "Reserved IEC104 ASDU type id in use"
+#define IEC104_APCIU_RESERVED_FIELD_IN_USE_STR "IEC104 APCI U Reserved field contains a non-default value"
+#define IEC104_APCIU_INVALID_MESSAGE_TYPE_STR "IEC104 APCI U message type was set to an invalid value"
+#define IEC104_APCIS_RESERVED_FIELD_IN_USE_STR "IEC104 APCI S Reserved field contains a non-default value"
+#define IEC104_APCII_NUM_ELEMENTS_SET_TO_ZERO_STR "IEC104 APCI I number of elements set to zero"
+#define IEC104_APCII_INVALID_SQ_VALUE_STR "IEC104 APCI I SQ bit set on an ASDU that does not support the feature"
+#define IEC104_APCII_INVALID_NUM_ELEMENTS_VALUE_STR "IEC104 APCI I number of elements set to greater than one on an ASDU that does not support the feature"
+#define IEC104_RESERVED_COI_STR "IEC104 APCI I Cause of Initialization set to a reserved value"
+#define IEC104_RESERVED_QOI_STR "IEC104 APCI I Qualifier of Interrogation Command set to a reserved value"
+#define IEC104_RESERVED_QCC_STR "IEC104 APCI I Qualifier of Counter Interrogation Command request parameter set to a reserved value"
+#define IEC104_RESERVED_QPM_KPA_STR "IEC104 APCI I Qualifier of Parameter of Measured Values kind of parameter set to a reserved value"
+#define IEC104_ABNORMAL_QPM_LPC_STR "IEC104 APCI I Qualifier of Parameter of Measured Values local parameter change set to a technically valid but unused value"
+#define IEC104_ABNORMAL_QPM_POP_STR "IEC104 APCI I Qualifier of Parameter of Measured Values parameter option set to a technically valid but unused value"
+#define IEC104_RESERVED_QPA_STR "IEC104 APCI I Qualifier of Parameter Activation set to a reserved value"
+#define IEC104_RESERVED_QOC_STR "IEC104 APCI I Qualifier of Command set to a reserved value"
+#define IEC104_RESERVED_QRP_STR "IEC104 APCI I Qualifier of Reset Process set to a reserved value"
+#define IEC104_RESERVED_FRQ_STR "IEC104 APCI I File Ready Qualifier set to a reserved value"
+#define IEC104_RESERVED_SRQ_STR "IEC104 APCI I Section Ready Qualifier set to a reserved value"
+#define IEC104_RESERVED_SCQ_STR "IEC104 APCI I Select and Call Qualifier set to a reserved value"
+#define IEC104_RESERVED_LSQ_STR "IEC104 APCI I Last Section or Segment Qualifier set to a reserved value"
+#define IEC104_RESERVED_AFQ_STR "IEC104 APCI I Acknowledge File or Section Qualifier set to a reserved value"
+#define IEC104_VSQ_ABNORMAL_SQ_STR "IEC104 APCI I Structure Qualifier set on a message where it should have no effect"
+#define IEC104_RESERVED_CAUSE_TX_STR "IEC104 APCI I Cause of Transmission set to a reserved value"
+#define IEC104_INVALID_CAUSE_TX_STR "IEC104 APCI I Cause of Transmission set to a value not allowed for the ASDU"
+#define IEC104_INVALID_COMMON_ADDRESS_STR "IEC104 APCI I invalid two octet common address value detected"
+#define IEC104_RESERVED_SIQ_STR "IEC104 APCI I Single Point Information Reserved field contains a non-default value"
+#define IEC104_RESERVED_DIQ_STR "IEC104 APCI I Double Point Information Reserved field contains a non-default value"
+#define IEC104_RESERVED_QDS_STR "IEC104 APCI I Quality Descriptor Structure Reserved field contains a non-default value"
+#define IEC104_RESERVED_QDP_STR "IEC104 APCI I Quality Descriptor for Events of Protection Equipment Structure Reserved field contains a non-default value"
+#define IEC104_RESERVED_IEEE_STD_754_NAN_STR "IEC104 APCI I IEEE STD 754 value results in NaN"
+#define IEC104_RESERVED_IEEE_STD_754_INFINITY_STR "IEC104 APCI I IEEE STD 754 value results in infinity"
+#define IEC104_RESERVED_SEP_STR "IEC104 APCI I Single Event of Protection Equipment Structure Reserved field contains a non-default value"
+#define IEC104_RESERVED_SPE_STR "IEC104 APCI I Start Event of Protection Equipment Structure Reserved field contains a non-default value"
+#define IEC104_RESERVED_OCI_STR "IEC104 APCI I Output Circuit Information Structure Reserved field contains a non-default value"
+#define IEC104_INVALID_FBP_STR "IEC104 APCI I Abnormal Fixed Test Bit Pattern detected"
+#define IEC104_RESERVED_SCO_STR "IEC104 APCI I Single Command Structure Reserved field contains a non-default value"
+#define IEC104_INVALID_DCO_STR "IEC104 APCI I Double Command Structure contains an invalid value"
+#define IEC104_RESERVED_RCO_STR "IEC104 APCI I Regulating Step Command Structure Reserved field contains a non-default value"
+#define IEC104_INVALID_MS_IN_MINUTE_STR "IEC104 APCI I Time2a Millisecond set outside of the allowable range"
+#define IEC104_INVALID_MINS_IN_HOUR_STR "IEC104 APCI I Time2a Minute set outside of the allowable range"
+#define IEC104_RESERVED_MINS_IN_HOUR_STR "IEC104 APCI I Time2a Minute Reserved field contains a non-default value"
+#define IEC104_INVALID_HOURS_IN_DAY_STR "IEC104 APCI I Time2a Hours set outside of the allowable range"
+#define IEC104_RESERVED_HOURS_IN_DAY_STR "IEC104 APCI I Time2a Hours Reserved field contains a non-default value"
+#define IEC104_INVALID_DAY_OF_MONTH_STR "IEC104 APCI I Time2a Day of Month set outside of the allowable range"
+#define IEC104_INVALID_MONTH_STR "IEC104 APCI I Time2a Month set outside of the allowable range"
+#define IEC104_RESERVED_MONTH_STR "IEC104 APCI I Time2a Month Reserved field contains a non-default value"
+#define IEC104_INVALID_YEAR_STR "IEC104 APCI I Time2a Year set outside of the allowable range"
+#define IEC104_NULL_LOS_VALUE_STR "IEC104 APCI I a null Length of Segment value has been detected"
+#define IEC104_INVALID_LOS_VALUE_STR "IEC104 APCI I an invalid Length of Segment value has been detected"
+#define IEC104_RESERVED_YEAR_STR "IEC104 APCI I Time2a Year Reserved field contains a non-default value"
+#define IEC104_RESERVED_SOF_STR "IEC104 APCI I Status of File set to a reserved value"
+#define IEC104_RESERVED_QOS_STR "IEC104 APCI I Qualifier of Set Point Command ql field set to a reserved value"
#endif
projects / thirdparty / snort3.git / commitdiff
