2010-08-14 14:30:41 +02:00
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" >
< head >
< meta http-equiv = "Content-Type" content = "text/xhtml;charset=UTF-8" / >
< title > Snort AI preprocessor module: spp_ai.h Source File< / title >
< link href = "tabs.css" rel = "stylesheet" type = "text/css" / >
< link href = "search/search.css" rel = "stylesheet" type = "text/css" / >
< script type = "text/javaScript" src = "search/search.js" > < / script >
< link href = "doxygen.css" rel = "stylesheet" type = "text/css" / >
< / head >
< body onload = 'searchBox.OnSelectItem(0);' >
<!-- Generated by Doxygen 1.7.1 -->
< script type = "text/javascript" > < ! - -
var searchBox = new SearchBox("searchBox", "search",false,'Search');
-->< / script >
< div class = "navigation" id = "top" >
< div class = "tabs" >
< ul class = "tablist" >
< li > < a href = "index.html" > < span > Main Page< / span > < / a > < / li >
< li > < a href = "modules.html" > < span > Modules< / span > < / a > < / li >
< li > < a href = "annotated.html" > < span > Data Structures< / span > < / a > < / li >
< li class = "current" > < a href = "files.html" > < span > Files< / span > < / a > < / li >
< li id = "searchli" >
< div id = "MSearchBox" class = "MSearchBoxInactive" >
< span class = "left" >
< img id = "MSearchSelect" src = "search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
< input type = "text" id = "MSearchField" value = "Search" accesskey = "S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
< / span > < span class = "right" >
< a id = "MSearchClose" href = "javascript:searchBox.CloseResultsWindow()" > < img id = "MSearchCloseImg" border = "0" src = "search/close.png" alt = "" / > < / a >
< / span >
< / div >
< / li >
< / ul >
< / div >
< div class = "tabs2" >
< ul class = "tablist" >
< li > < a href = "files.html" > < span > File List< / span > < / a > < / li >
< li > < a href = "globals.html" > < span > Globals< / span > < / a > < / li >
< / ul >
< / div >
< div class = "header" >
< div class = "headertitle" >
< h1 > spp_ai.h< / h1 > < / div >
< / div >
< div class = "contents" >
< a href = "spp__ai_8h.html" > Go to the documentation of this file.< / a > < div class = "fragment" > < pre class = "fragment" > < a name = "l00001" > < / a > 00001 < span class = "comment" > /*< / span >
< a name = "l00002" > < / a > 00002 < span class = "comment" > * =====================================================================================< / span >
< a name = "l00003" > < / a > 00003 < span class = "comment" > *< / span >
< a name = "l00004" > < / a > 00004 < span class = "comment" > * Filename: spp_ai.h< / span >
< a name = "l00005" > < / a > 00005 < span class = "comment" > *< / span >
< a name = "l00006" > < / a > 00006 < span class = "comment" > * Description: Header file for the preprocessor< / span >
< a name = "l00007" > < / a > 00007 < span class = "comment" > *< / span >
< a name = "l00008" > < / a > 00008 < span class = "comment" > * Version: 1.0< / span >
< a name = "l00009" > < / a > 00009 < span class = "comment" > * Created: 30/07/2010 15:47:12< / span >
< a name = "l00010" > < / a > 00010 < span class = "comment" > * Revision: none< / span >
< a name = "l00011" > < / a > 00011 < span class = "comment" > * Compiler: gcc< / span >
< a name = "l00012" > < / a > 00012 < span class = "comment" > *< / span >
< a name = "l00013" > < / a > 00013 < span class = "comment" > * Author: BlackLight (http://0x00.ath.cx), < blacklight@autistici.org> < / span >
< a name = "l00014" > < / a > 00014 < span class = "comment" > * Licence: GNU GPL v.3< / span >
< a name = "l00015" > < / a > 00015 < span class = "comment" > * Company: DO WHAT YOU WANT CAUSE A PIRATE IS FREE, YOU ARE A PIRATE!< / span >
< a name = "l00016" > < / a > 00016 < span class = "comment" > *< / span >
< a name = "l00017" > < / a > 00017 < span class = "comment" > * =====================================================================================< / span >
< a name = "l00018" > < / a > 00018 < span class = "comment" > */< / span >
< a name = "l00019" > < / a > 00019
< a name = "l00020" > < / a > 00020 < span class = "preprocessor" > #ifndef _SPP_AI_H< / span >
< a name = "l00021" > < / a > 00021 < span class = "preprocessor" > < / span > < span class = "preprocessor" > #define _SPP_AI_H< / span >
< a name = "l00022" > < / a > 00022 < span class = "preprocessor" > < / span >
2010-08-16 22:09:34 +02:00
< a name = "l00023" > < / a > 00023 < span class = "preprocessor" > #include " sf_snort_packet.h" < / span >
< a name = "l00024" > < / a > 00024 < span class = "preprocessor" > #include " sf_dynamic_preprocessor.h" < / span >
< a name = "l00025" > < / a > 00025 < span class = "preprocessor" > #include " uthash.h" < / span >
< a name = "l00026" > < / a > 00026
< a name = "l00027" > < / a > < a class = "code" href = "spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8" > 00027< / a > < span class = "preprocessor" > #define PRIVATE static< / span >
< a name = "l00028" > < / a > 00028 < span class = "preprocessor" > < / span >
< a name = "l00029" > < / a > < a class = "code" href = "spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746" > 00029< / a > < span class = "preprocessor" > #define DEFAULT_HASH_CLEANUP_INTERVAL 300< / span >
< a name = "l00030" > < / a > < a class = "code" href = "spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031" > 00030< / a > < span class = "preprocessor" > < / span > < span class = "preprocessor" > #define DEFAULT_STREAM_EXPIRE_INTERVAL 300< / span >
< a name = "l00031" > < / a > < a class = "code" href = "spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e" > 00031< / a > < span class = "preprocessor" > < / span > < span class = "preprocessor" > #define DEFAULT_ALERT_CLUSTERING_INTERVAL 3600< / span >
< a name = "l00032" > < / a > < a class = "code" href = "spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a" > 00032< / a > < span class = "preprocessor" > < / span > < span class = "preprocessor" > #define DEFAULT_ALERT_LOG_FILE " /var/log/snort/alert" < / span >
< a name = "l00033" > < / a > < a class = "code" href = "spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d" > 00033< / a > < span class = "preprocessor" > < / span > < span class = "preprocessor" > #define DEFAULT_CLUSTER_LOG_FILE " /var/log/snort/cluster_alert" < / span >
< a name = "l00034" > < / a > 00034 < span class = "preprocessor" > < / span >
< a name = "l00035" > < / a > 00035 < span class = "keyword" > extern< / span > DynamicPreprocessorData < a class = "code" href = "sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c" > _dpd< / a > ;
< a name = "l00036" > < / a > < a class = "code" href = "spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5" > 00036< / a > < span class = "keyword" > typedef< / span > < span class = "keywordtype" > unsigned< / span > < span class = "keywordtype" > char< / span > uint8_t;
< a name = "l00037" > < / a > < a class = "code" href = "spp__ai_8h.html#a273cf69d639a59973b6019625df33e30" > 00037< / a > < span class = "keyword" > typedef< / span > < span class = "keywordtype" > unsigned< / span > < span class = "keywordtype" > short< / span > uint16_t;
< a name = "l00038" > < / a > < a class = "code" href = "spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62" > 00038< / a > < span class = "keyword" > typedef< / span > < span class = "keywordtype" > unsigned< / span > < span class = "keywordtype" > int< / span > uint32_t;
< a name = "l00039" > < / a > 00039
< a name = "l00040" > < / a > < a class = "code" href = "spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b" > 00040< / a > < span class = "keyword" > typedef< / span > < span class = "keyword" > enum< / span > { < span class = "keyword" > false< / span > , < span class = "keyword" > true< / span > } BOOL;
< a name = "l00041" > < / a > 00041
< a name = "l00042" > < / a > < a class = "code" href = "spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640" > 00042< / a > < span class = "keyword" > typedef< / span > < span class = "keyword" > enum< / span > {
< a name = "l00043" > < / a > < a class = "code" href = "spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b" > 00043< / a > none, src_addr, dst_addr, src_port, dst_port, < a class = "code" href = "spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451" > CLUSTER_TYPES< / a >
< a name = "l00044" > < / a > 00044 } cluster_type;
< a name = "l00045" > < / a > 00045
< a name = "l00046" > < / a > 00046 < span class = "comment" > /* Each stream in the hash table is identified by the couple (src_ip, dst_port) */< / span >
< a name = "l00047" > < / a > < a class = "code" href = "structpkt__key.html" > 00047< / a > < span class = "keyword" > struct < / span > < a class = "code" href = "structpkt__key.html" > pkt_key< / a >
< a name = "l00048" > < / a > 00048 {
< a name = "l00049" > < / a > < a class = "code" href = "structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb" > 00049< / a > < a class = "code" href = "spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62" > uint32_t< / a > < a class = "code" href = "structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb" > src_ip< / a > ;
< a name = "l00050" > < / a > < a class = "code" href = "structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" > 00050< / a > < a class = "code" href = "spp__ai_8h.html#a273cf69d639a59973b6019625df33e30" > uint16_t< / a > < a class = "code" href = "structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" > dst_port< / a > ;
< a name = "l00051" > < / a > 00051 };
< a name = "l00052" > < / a > 00052
< a name = "l00053" > < / a > 00053 < span class = "comment" > /* Identifier of a packet in a stream */< / span >
< a name = "l00054" > < / a > < a class = "code" href = "structpkt__info.html" > 00054< / a > < span class = "keyword" > struct < / span > < a class = "code" href = "structpkt__info.html" > pkt_info< / a >
< a name = "l00055" > < / a > 00055 {
< a name = "l00056" > < / a > < a class = "code" href = "structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" > 00056< / a > < span class = "keyword" > struct < / span > < a class = "code" href = "structpkt__key.html" > pkt_key< / a > < a class = "code" href = "structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" > key< / a > ; < span class = "comment" > /* Key of the packet (src_ip, dst_port) */< / span >
< a name = "l00057" > < / a > < a class = "code" href = "structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92" > 00057< / a > time_t < a class = "code" href = "structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92" > timestamp< / a > ; < span class = "comment" > /* Timestamp */< / span >
< a name = "l00058" > < / a > < a class = "code" href = "structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168" > 00058< / a > SFSnortPacket* < a class = "code" href = "structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168" > pkt< / a > ; < span class = "comment" > /* Reference to SFSnortPacket containing packet' s information */< / span >
< a name = "l00059" > < / a > < a class = "code" href = "structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168" > 00059< / a > < span class = "keyword" > struct < / span > < a class = "code" href = "structpkt__info.html" > pkt_info< / a > * < a class = "code" href = "structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168" > next< / a > ; < span class = "comment" > /* Pointer to the next packet in the stream */< / span >
< a name = "l00060" > < / a > < a class = "code" href = "structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9" > 00060< / a > < a class = "code" href = "spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd" > BOOL< / a > < a class = "code" href = "structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9" > observed< / a > ; < span class = "comment" > /* Flag set if the packet is observed, i.e. associated to a security alert */< / span >
< a name = "l00061" > < / a > < a class = "code" href = "structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" > 00061< / a > UT_hash_handle < a class = "code" href = "structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" > hh< / a > ; < span class = "comment" > /* Make the struct ' hashable' */< / span >
< a name = "l00062" > < / a > 00062 };
< a name = "l00063" > < / a > 00063
< a name = "l00064" > < / a > 00064 < span class = "comment" > /* Data type containing the configuration of the module */< / span >
< a name = "l00065" > < / a > < a class = "code" href = "structAI__config.html" > 00065< / a > < span class = "keyword" > typedef< / span > < span class = "keyword" > struct< / span >
< a name = "l00066" > < / a > 00066 {
< a name = "l00067" > < / a > < a class = "code" href = "structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4" > 00067< / a > < span class = "keywordtype" > unsigned< / span > < span class = "keywordtype" > long< / span > hashCleanupInterval;
< a name = "l00068" > < / a > < a class = "code" href = "structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b" > 00068< / a > < span class = "keywordtype" > unsigned< / span > < span class = "keywordtype" > long< / span > streamExpireInterval;
< a name = "l00069" > < / a > < a class = "code" href = "structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" > 00069< / a > < span class = "keywordtype" > unsigned< / span > < span class = "keywordtype" > long< / span > alertClusteringInterval;
< a name = "l00070" > < / a > < a class = "code" href = "structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" > 00070< / a > < span class = "keywordtype" > char< / span > alertfile[1024];
< a name = "l00071" > < / a > < a class = "code" href = "structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3" > 00071< / a > < span class = "keywordtype" > char< / span > clusterfile[1024];
< a name = "l00072" > < / a > 00072 } < a class = "code" href = "structAI__config.html" > AI_config< / a > ;
< a name = "l00073" > < / a > 00073
< a name = "l00074" > < / a > 00074 < span class = "comment" > /* Data type for hierarchies used for clustering */< / span >
< a name = "l00075" > < / a > < a class = "code" href = "struct__hierarchy__node.html" > 00075< / a > < span class = "keyword" > typedef< / span > < span class = "keyword" > struct < / span > < a class = "code" href = "struct__hierarchy__node.html" > _hierarchy_node< / a >
< a name = "l00076" > < / a > 00076 {
< a name = "l00077" > < / a > < a class = "code" href = "struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296" > 00077< / a > < a class = "code" href = "spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640" > cluster_type< / a > < a class = "code" href = "struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296" > type< / a > ;
< a name = "l00078" > < / a > < a class = "code" href = "struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a" > 00078< / a > < span class = "keywordtype" > char< / span > < a class = "code" href = "struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a" > label< / a > [256];
< a name = "l00079" > < / a > < a class = "code" href = "struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4" > 00079< / a > < span class = "keywordtype" > int< / span > < a class = "code" href = "struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4" > min_val< / a > ;
< a name = "l00080" > < / a > < a class = "code" href = "struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87" > 00080< / a > < span class = "keywordtype" > int< / span > < a class = "code" href = "struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87" > max_val< / a > ;
< a name = "l00081" > < / a > < a class = "code" href = "struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a" > 00081< / a > < span class = "keywordtype" > int< / span > < a class = "code" href = "struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a" > nchildren< / a > ;
< a name = "l00082" > < / a > < a class = "code" href = "struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe" > 00082< / a > < span class = "keyword" > struct < / span > < a class = "code" href = "struct__hierarchy__node.html" > _hierarchy_node< / a > *< a class = "code" href = "struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe" > parent< / a > ;
< a name = "l00083" > < / a > < a class = "code" href = "struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd" > 00083< / a > < span class = "keyword" > struct < / span > < a class = "code" href = "struct__hierarchy__node.html" > _hierarchy_node< / a > **< a class = "code" href = "struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd" > children< / a > ;
< a name = "l00084" > < / a > 00084 } < a class = "code" href = "struct__hierarchy__node.html" > hierarchy_node< / a > ;
< a name = "l00085" > < / a > 00085
< a name = "l00086" > < / a > 00086 < span class = "comment" > /* Data type for Snort alerts */< / span >
< a name = "l00087" > < / a > < a class = "code" href = "struct__AI__snort__alert.html" > 00087< / a > < span class = "keyword" > typedef< / span > < span class = "keyword" > struct < / span > < a class = "code" href = "struct__AI__snort__alert.html" > _AI_snort_alert< / a > {
< a name = "l00088" > < / a > 00088 < span class = "comment" > /* Identifiers of the alert */< / span >
< a name = "l00089" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" > 00089< / a > < span class = "keywordtype" > unsigned< / span > < span class = "keywordtype" > int< / span > < a class = "code" href = "struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" > gid< / a > ;
< a name = "l00090" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" > 00090< / a > < span class = "keywordtype" > unsigned< / span > < span class = "keywordtype" > int< / span > < a class = "code" href = "struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" > sid< / a > ;
< a name = "l00091" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37" > 00091< / a > < span class = "keywordtype" > unsigned< / span > < span class = "keywordtype" > int< / span > < a class = "code" href = "struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37" > rev< / a > ;
< a name = "l00092" > < / a > 00092
< a name = "l00093" > < / a > 00093 < span class = "comment" > /* Snort priority, description,< / span >
< a name = "l00094" > < / a > 00094 < span class = "comment" > * classification and timestamp< / span >
< a name = "l00095" > < / a > 00095 < span class = "comment" > * of the alert */< / span >
< a name = "l00096" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9" > 00096< / a > < span class = "keywordtype" > unsigned< / span > < span class = "keywordtype" > short< / span > < a class = "code" href = "struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9" > priority< / a > ;
< a name = "l00097" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135" > 00097< / a > < span class = "keywordtype" > char< / span > *< a class = "code" href = "struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135" > desc< / a > ;
< a name = "l00098" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f" > 00098< / a > < span class = "keywordtype" > char< / span > *< a class = "code" href = "struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f" > classification< / a > ;
< a name = "l00099" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19" > 00099< / a > time_t < a class = "code" href = "struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19" > timestamp< / a > ;
< a name = "l00100" > < / a > 00100
< a name = "l00101" > < / a > 00101 < span class = "comment" > /* IP header information */< / span >
< a name = "l00102" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93" > 00102< / a > < a class = "code" href = "spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5" > uint8_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93" > tos< / a > ;
< a name = "l00103" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78" > 00103< / a > < a class = "code" href = "spp__ai_8h.html#a273cf69d639a59973b6019625df33e30" > uint16_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78" > iplen< / a > ;
< a name = "l00104" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf" > 00104< / a > < a class = "code" href = "spp__ai_8h.html#a273cf69d639a59973b6019625df33e30" > uint16_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf" > id< / a > ;
< a name = "l00105" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2" > 00105< / a > < a class = "code" href = "spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5" > uint8_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2" > ttl< / a > ;
< a name = "l00106" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4" > 00106< / a > < a class = "code" href = "spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5" > uint8_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4" > ipproto< / a > ;
< a name = "l00107" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48" > 00107< / a > < a class = "code" href = "spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62" > uint32_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48" > src_addr< / a > ;
< a name = "l00108" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c" > 00108< / a > < a class = "code" href = "spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62" > uint32_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c" > dst_addr< / a > ;
< a name = "l00109" > < / a > 00109
< a name = "l00110" > < / a > 00110 < span class = "comment" > /* TCP header information */< / span >
< a name = "l00111" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3" > 00111< / a > < a class = "code" href = "spp__ai_8h.html#a273cf69d639a59973b6019625df33e30" > uint16_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3" > src_port< / a > ;
< a name = "l00112" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3" > 00112< / a > < a class = "code" href = "spp__ai_8h.html#a273cf69d639a59973b6019625df33e30" > uint16_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3" > dst_port< / a > ;
< a name = "l00113" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77" > 00113< / a > < a class = "code" href = "spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62" > uint32_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77" > sequence< / a > ;
< a name = "l00114" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37" > 00114< / a > < a class = "code" href = "spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62" > uint32_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37" > ack< / a > ;
< a name = "l00115" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507" > 00115< / a > < a class = "code" href = "spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5" > uint8_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507" > tcp_flags< / a > ;
< a name = "l00116" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1" > 00116< / a > < a class = "code" href = "spp__ai_8h.html#a273cf69d639a59973b6019625df33e30" > uint16_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1" > window< / a > ;
< a name = "l00117" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0" > 00117< / a > < a class = "code" href = "spp__ai_8h.html#a273cf69d639a59973b6019625df33e30" > uint16_t< / a > < a class = "code" href = "struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0" > tcplen< / a > ;
< a name = "l00118" > < / a > 00118
< a name = "l00119" > < / a > 00119 < span class = "comment" > /* Reference to the TCP stream< / span >
< a name = "l00120" > < / a > 00120 < span class = "comment" > * associated to the alert, if any */< / span >
< a name = "l00121" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" > 00121< / a > < span class = "keyword" > struct < / span > < a class = "code" href = "structpkt__info.html" > pkt_info< / a > *< a class = "code" href = "struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" > stream< / a > ;
< a name = "l00122" > < / a > 00122
< a name = "l00123" > < / a > 00123 < span class = "comment" > /* Pointer to the next alert in< / span >
< a name = "l00124" > < / a > 00124 < span class = "comment" > * the log, if any*/< / span >
< a name = "l00125" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173" > 00125< / a > < span class = "keyword" > struct < / span > < a class = "code" href = "struct__AI__snort__alert.html" > _AI_snort_alert< / a > *< a class = "code" href = "struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173" > next< / a > ;
< a name = "l00126" > < / a > 00126
< a name = "l00127" > < / a > 00127 < span class = "comment" > /* Hierarchies for addresses and ports,< / span >
< a name = "l00128" > < / a > 00128 < span class = "comment" > * if the clustering algorithm is used */< / span >
< a name = "l00129" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed" > 00129< / a > < a class = "code" href = "struct__hierarchy__node.html" > hierarchy_node< / a > *< a class = "code" href = "struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed" > h_node< / a > [CLUSTER_TYPES];
< a name = "l00130" > < / a > 00130
< a name = "l00131" > < / a > 00131 < span class = "comment" > /* If the clustering algorithm is used,< / span >
< a name = "l00132" > < / a > 00132 < span class = "comment" > * we also count how many alerts this< / span >
< a name = "l00133" > < / a > 00133 < span class = "comment" > * single alert groups */< / span >
< a name = "l00134" > < / a > < a class = "code" href = "struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53" > 00134< / a > < span class = "keywordtype" > unsigned< / span > < span class = "keywordtype" > int< / span > < a class = "code" href = "struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53" > grouped_alarms_count< / a > ;
< a name = "l00135" > < / a > 00135 } < a class = "code" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > ;
< a name = "l00136" > < / a > 00136
< a name = "l00137" > < / a > 00137 < span class = "keywordtype" > int< / span > < a class = "code" href = "regex_8c.html#a35f57c052a7de1ded54b67a1f7819791" title = "Check if a string matches a regular expression." > preg_match< / a > ( < span class = "keyword" > const< / span > < span class = "keywordtype" > char< / span > *, < span class = "keywordtype" > char< / span > *, < span class = "keywordtype" > char< / span > ***, < span class = "keywordtype" > int< / span > * );
< a name = "l00138" > < / a > 00138
< a name = "l00139" > < / a > 00139 < span class = "keywordtype" > void< / span > * < a class = "code" href = "spp__ai_8h.html#ad56f71be823eead743972274b99c82ff" title = "Thread called for cleaning up the hash table from the traffic streams older than a certain threshold..." > AI_hashcleanup_thread< / a > ( < span class = "keywordtype" > void< / span > * );
< a name = "l00140" > < / a > 00140 < span class = "keywordtype" > void< / span > * < a class = "code" href = "alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a" title = "Thread for parsing Snort&#39;s alert file." > AI_alertparser_thread< / a > ( < span class = "keywordtype" > void< / span > * );
< a name = "l00141" > < / a > 00141
< a name = "l00142" > < / a > 00142 < span class = "keywordtype" > void< / span > < a class = "code" href = "spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29" title = "Function called for appending a new packet to the hash table, creating a new stream or appending it t..." > AI_pkt_enqueue< / a > ( SFSnortPacket* );
< a name = "l00143" > < / a > 00143 < span class = "keywordtype" > void< / span > < a class = "code" href = "spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02" title = "Set the flag &quot;observed&quot; on a stream associated to a security alert, so that it won&#39;t be..." > AI_set_stream_observed< / a > ( < span class = "keyword" > struct< / span > < a class = "code" href = "structpkt__key.html" > pkt_key< / a > key );
< a name = "l00144" > < / a > 00144 < span class = "keywordtype" > void< / span > < a class = "code" href = "cluster_8c.html#a1445818b37483f78cc3fb2890155842c" title = "Build the clustering hierarchy trees." > AI_hierarchies_build< / a > ( < a class = "code" href = "structAI__config.html" > AI_config< / a > *, < a class = "code" href = "struct__hierarchy__node.html" > hierarchy_node< / a > **, < span class = "keywordtype" > int< / span > );
< a name = "l00145" > < / a > 00145
< a name = "l00146" > < / a > 00146 < span class = "keyword" > struct < / span > < a class = "code" href = "structpkt__info.html" > pkt_info< / a > * < a class = "code" href = "spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a" title = "Get a TCP stream by key." > AI_get_stream_by_key< / a > ( < span class = "keyword" > struct< / span > < a class = "code" href = "structpkt__key.html" > pkt_key< / a > );
< a name = "l00147" > < / a > 00147 < a class = "code" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > * < a class = "code" href = "alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f" title = "Return the alerts parsed so far as a linked list." > AI_get_alerts< / a > ( < span class = "keywordtype" > void< / span > );
< a name = "l00148" > < / a > 00148 < span class = "keywordtype" > void< / span > < a class = "code" href = "alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b" title = "Deallocate the memory of a log alert linked list." > AI_free_alerts< / a > ( < a class = "code" href = "struct__AI__snort__alert.html" > AI_snort_alert< / a > *node );
< a name = "l00149" > < / a > 00149
< a name = "l00150" > < / a > 00150 < span class = "preprocessor" > #endif < / span > < span class = "comment" > /* _SPP_AI_H */< / span >
< a name = "l00151" > < / a > 00151
2010-08-14 14:30:41 +02:00
< / pre > < / div > < / div >
< / div >
<!-- - window showing the filter options -->
< div id = "MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
< a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(0)" > < span class = "SelectionMark" > < / span > All< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(1)" > < span class = "SelectionMark" > < / span > Data Structures< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(2)" > < span class = "SelectionMark" > < / span > Files< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(3)" > < span class = "SelectionMark" > < / span > Functions< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(4)" > < span class = "SelectionMark" > < / span > Variables< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(5)" > < span class = "SelectionMark" > < / span > Typedefs< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(6)" > < span class = "SelectionMark" > < / span > Enumerations< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(7)" > < span class = "SelectionMark" > < / span > Enumerator< / a > < a class = "SelectItem" href = "javascript:void(0)" onclick = "searchBox.OnSelectItem(8)" > < span class = "SelectionMark" > < / span > Defines< / a > < / div >
<!-- iframe showing the search results (closed by default) -->
< div id = "MSearchResultsWindow" >
< iframe src = "" frameborder = "0"
name="MSearchResults" id="MSearchResults">
< / iframe >
< / div >
2010-08-16 22:09:34 +02:00
< hr class = "footer" / > < address class = "footer" > < small > Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by
2010-08-14 14:30:41 +02:00
< a href = "http://www.doxygen.org/index.html" >
< img class = "footer" src = "doxygen.png" alt = "doxygen" / > < / a > 1.7.1 < / small > < / address >
< / body >
< / html >