Snort_AIPreproc/doc/latex/spp__ai_8h.tex

\hypertarget{spp__ai_8h}{
\section{spp\_\-ai.h File Reference}
\label{spp__ai_8h}\index{spp\_\-ai.h@{spp\_\-ai.h}}
}
{\ttfamily \#include \char`\"{}sf\_\-snort\_\-packet.h\char`\"{}}\par
{\ttfamily \#include \char`\"{}sf\_\-dynamic\_\-preprocessor.h\char`\"{}}\par
{\ttfamily \#include \char`\"{}uthash.h\char`\"{}}\par
\subsection*{Data Structures}
\begin{DoxyCompactItemize}
\item 
struct \hyperlink{structpkt__key}{pkt\_\-key}
\item 
struct \hyperlink{structpkt__info}{pkt\_\-info}
\item 
struct \hyperlink{structAI__config}{AI\_\-config}
\item 
struct \hyperlink{struct__hierarchy__node}{\_\-hierarchy\_\-node}
\item 
struct \hyperlink{structAI__hyperalert__key}{AI\_\-hyperalert\_\-key}
\item 
struct \hyperlink{structAI__hyperalert__info}{AI\_\-hyperalert\_\-info}
\item 
struct \hyperlink{struct__AI__snort__alert}{\_\-AI\_\-snort\_\-alert}
\end{DoxyCompactItemize}
\subsection*{Defines}
\begin{DoxyCompactItemize}
\item 
\#define \hyperlink{spp__ai_8h_a5e151c615eda34903514212f05a5ccf8}{PRIVATE}~static
\item 
\#define \hyperlink{spp__ai_8h_a5f555c0ebd29ce2771a3e2dd4f526746}{DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL}~300
\item 
\#define \hyperlink{spp__ai_8h_a0f6a189af15ef783fb46ed37c144e031}{DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL}~300
\item 
\#define \hyperlink{spp__ai_8h_a3c4984a0ee515fbc091ac6e33b05e310}{DEFAULT\_\-DATABASE\_\-INTERVAL}~30
\item 
\#define \hyperlink{spp__ai_8h_a0c4b6fce670e46083e33b9f53b78f39e}{DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL}~3600
\item 
\#define \hyperlink{spp__ai_8h_af0edda6cc018d9674b6822f6df4abe74}{DEFAULT\_\-ALERT\_\-CORRELATION\_\-INTERVAL}~300
\item 
\#define \hyperlink{spp__ai_8h_a6d9bf552c32371e0144dc6a6209c7e4a}{DEFAULT\_\-ALERT\_\-LOG\_\-FILE}~\char`\"{}/var/log/snort/alert\char`\"{}
\item 
\#define \hyperlink{spp__ai_8h_a803dc913297ccdace9e604dbfecda97d}{DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE}~\char`\"{}/var/log/snort/cluster\_\-alert\char`\"{}
\item 
\#define \hyperlink{spp__ai_8h_a89448386cad5d5533992ae7ee84f4f1d}{DEFAULT\_\-CORR\_\-RULES\_\-DIR}~\char`\"{}/etc/snort/corr\_\-rules\char`\"{}
\item 
\#define \hyperlink{spp__ai_8h_a7bbeccba60012abcc98db33d39294829}{DEFAULT\_\-CORR\_\-ALERTS\_\-DIR}~\char`\"{}/var/log/snort/correlated\_\-alerts\char`\"{}
\item 
\#define \hyperlink{spp__ai_8h_aaedb0b7dc2bdf8d44d3fee2189a55a19}{DEFAULT\_\-CORR\_\-THRESHOLD}~0.5
\end{DoxyCompactItemize}
\subsection*{Typedefs}
\begin{DoxyCompactItemize}
\item 
typedef unsigned char \hyperlink{spp__ai_8h_aba7bc1797add20fe3efdf37ced1182c5}{uint8\_\-t}
\item 
typedef unsigned short \hyperlink{spp__ai_8h_a273cf69d639a59973b6019625df33e30}{uint16\_\-t}
\item 
typedef unsigned int \hyperlink{spp__ai_8h_a435d1572bf3f880d55459d9805097f62}{uint32\_\-t}
\item 
typedef struct \hyperlink{struct__hierarchy__node}{\_\-hierarchy\_\-node} \hyperlink{spp__ai_8h_a466391129919ef12366d311d501552fa}{hierarchy\_\-node}
\item 
typedef struct \hyperlink{struct__AI__snort__alert}{\_\-AI\_\-snort\_\-alert} \hyperlink{spp__ai_8h_a982be90e72362e88d09f28336c9a1897}{AI\_\-snort\_\-alert}
\end{DoxyCompactItemize}
\subsection*{Enumerations}
\begin{DoxyCompactItemize}
\item 
enum \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \{ \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c}{false}, 
\hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b}{true}
 \}
\item 
enum \hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}{cluster\_\-type} \{ \par
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0}{none}, 
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f}{src\_\-addr}, 
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c}{dst\_\-addr}, 
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b}{src\_\-port}, 
\par
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9}{dst\_\-port}, 
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451}{CLUSTER\_\-TYPES}
 \}
\end{DoxyCompactItemize}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item 
int \hyperlink{group__regex_ga35f57c052a7de1ded54b67a1f7819791}{preg\_\-match} (const char $\ast$, char $\ast$, char $\ast$$\ast$$\ast$, int $\ast$)
\begin{DoxyCompactList}\small\item\em Check if a string matches a regular expression. \item\end{DoxyCompactList}\item 
char $\ast$ \hyperlink{group__regex_ga736ba1abdc4938cbb1bf5861e7dbfd50}{str\_\-replace} (char $\ast$str, char $\ast$orig, char $\ast$rep)
\begin{DoxyCompactList}\small\item\em Replace the content of 'orig' in 'str' with 'rep'. \item\end{DoxyCompactList}\item 
char $\ast$ \hyperlink{group__regex_gaff6c55cd04fc08dd582e244590dc25a4}{str\_\-replace\_\-all} (char $\ast$str, char $\ast$orig, char $\ast$rep)
\begin{DoxyCompactList}\small\item\em Replace all of the occurrences of 'orig' in 'str' with 'rep'. \item\end{DoxyCompactList}\item 
void $\ast$ \hyperlink{group__stream_ga24b1131374e5059564b8a12380c4eb75}{AI\_\-hashcleanup\_\-thread} (void $\ast$)
\begin{DoxyCompactList}\small\item\em Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. \item\end{DoxyCompactList}\item 
void $\ast$ \hyperlink{group__alert__parser_ga5aab8d9bdf0e92a51731442fd787f61f}{AI\_\-file\_\-alertparser\_\-thread} (void $\ast$)
\begin{DoxyCompactList}\small\item\em Thread for parsing Snort's alert file. \item\end{DoxyCompactList}\item 
void $\ast$ \hyperlink{group__correlation_ga939353a4e15de7a8f4145ab986f584be}{AI\_\-alert\_\-correlation\_\-thread} (void $\ast$)
\begin{DoxyCompactList}\small\item\em Thread for correlating clustered alerts. \item\end{DoxyCompactList}\item 
void \hyperlink{group__stream_ga7d71c5645b9baff7b6c4b9a181bf80c5}{AI\_\-pkt\_\-enqueue} (SFSnortPacket $\ast$)
\begin{DoxyCompactList}\small\item\em Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. \item\end{DoxyCompactList}\item 
void \hyperlink{group__stream_ga8749989cee2ac05a7de058faac280c02}{AI\_\-set\_\-stream\_\-observed} (struct \hyperlink{structpkt__key}{pkt\_\-key} key)
\begin{DoxyCompactList}\small\item\em Set the flag \char`\"{}observed\char`\"{} on a stream associated to a security alert, so that it won't be removed from the hash table. \item\end{DoxyCompactList}\item 
void \hyperlink{group__cluster_ga1445818b37483f78cc3fb2890155842c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$, int)
\begin{DoxyCompactList}\small\item\em Build the clustering hierarchy trees. \item\end{DoxyCompactList}\item 
void \hyperlink{group__alert__parser_ga270e86669a0aa64a8da37bc16cda645b}{AI\_\-free\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Deallocate the memory of a log alert linked list. \item\end{DoxyCompactList}\item 
struct \hyperlink{structpkt__info}{pkt\_\-info} $\ast$ \hyperlink{group__stream_ga2efedcabbfd12c5345f0c93a3dd4735c}{AI\_\-get\_\-stream\_\-by\_\-key} (struct \hyperlink{structpkt__key}{pkt\_\-key})
\begin{DoxyCompactList}\small\item\em Get a TCP stream by key. \item\end{DoxyCompactList}\item 
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__alert__parser_ga99474495643197b3075ac22ec6f6c70f}{AI\_\-get\_\-alerts} (void)
\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\item 
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_ga2553c678eeb83282c230d649a0e8fcd4}{AI\_\-get\_\-clustered\_\-alerts} (void)
\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item 
DynamicPreprocessorData \hyperlink{spp__ai_8h_ab46420126c43c1aac5eabc5db266a71c}{\_\-dpd}
\item 
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$($\ast$ \hyperlink{spp__ai_8h_ab184b676360ce03035801284a2bd1ea7}{get\_\-alerts} )(void)
\end{DoxyCompactItemize}


\subsection{Define Documentation}
\hypertarget{spp__ai_8h_a0c4b6fce670e46083e33b9f53b78f39e}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL@{DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL}}
\index{DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL@{DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL~3600}}
\label{spp__ai_8h_a0c4b6fce670e46083e33b9f53b78f39e}
Default interval in seconds for the thread clustering alerts \hypertarget{spp__ai_8h_af0edda6cc018d9674b6822f6df4abe74}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-ALERT\_\-CORRELATION\_\-INTERVAL@{DEFAULT\_\-ALERT\_\-CORRELATION\_\-INTERVAL}}
\index{DEFAULT\_\-ALERT\_\-CORRELATION\_\-INTERVAL@{DEFAULT\_\-ALERT\_\-CORRELATION\_\-INTERVAL}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-ALERT\_\-CORRELATION\_\-INTERVAL}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-ALERT\_\-CORRELATION\_\-INTERVAL~300}}
\label{spp__ai_8h_af0edda6cc018d9674b6822f6df4abe74}
Default interval in seconds for running the graph correlation thread \hypertarget{spp__ai_8h_a6d9bf552c32371e0144dc6a6209c7e4a}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-ALERT\_\-LOG\_\-FILE@{DEFAULT\_\-ALERT\_\-LOG\_\-FILE}}
\index{DEFAULT\_\-ALERT\_\-LOG\_\-FILE@{DEFAULT\_\-ALERT\_\-LOG\_\-FILE}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-ALERT\_\-LOG\_\-FILE}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-ALERT\_\-LOG\_\-FILE~\char`\"{}/var/log/snort/alert\char`\"{}}}
\label{spp__ai_8h_a6d9bf552c32371e0144dc6a6209c7e4a}
Default path to Snort's log file \hypertarget{spp__ai_8h_a803dc913297ccdace9e604dbfecda97d}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE@{DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE}}
\index{DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE@{DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE~\char`\"{}/var/log/snort/cluster\_\-alert\char`\"{}}}
\label{spp__ai_8h_a803dc913297ccdace9e604dbfecda97d}
Default path to Snort's clustered alerts file \hypertarget{spp__ai_8h_a7bbeccba60012abcc98db33d39294829}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-CORR\_\-ALERTS\_\-DIR@{DEFAULT\_\-CORR\_\-ALERTS\_\-DIR}}
\index{DEFAULT\_\-CORR\_\-ALERTS\_\-DIR@{DEFAULT\_\-CORR\_\-ALERTS\_\-DIR}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-CORR\_\-ALERTS\_\-DIR}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-CORR\_\-ALERTS\_\-DIR~\char`\"{}/var/log/snort/correlated\_\-alerts\char`\"{}}}
\label{spp__ai_8h_a7bbeccba60012abcc98db33d39294829}
Default directory for placing correlated alerts information (.dot and possibly .png files) \hypertarget{spp__ai_8h_a89448386cad5d5533992ae7ee84f4f1d}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-CORR\_\-RULES\_\-DIR@{DEFAULT\_\-CORR\_\-RULES\_\-DIR}}
\index{DEFAULT\_\-CORR\_\-RULES\_\-DIR@{DEFAULT\_\-CORR\_\-RULES\_\-DIR}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-CORR\_\-RULES\_\-DIR}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-CORR\_\-RULES\_\-DIR~\char`\"{}/etc/snort/corr\_\-rules\char`\"{}}}
\label{spp__ai_8h_a89448386cad5d5533992ae7ee84f4f1d}
Default path to alert correlation rules directory \hypertarget{spp__ai_8h_aaedb0b7dc2bdf8d44d3fee2189a55a19}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-CORR\_\-THRESHOLD@{DEFAULT\_\-CORR\_\-THRESHOLD}}
\index{DEFAULT\_\-CORR\_\-THRESHOLD@{DEFAULT\_\-CORR\_\-THRESHOLD}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-CORR\_\-THRESHOLD}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-CORR\_\-THRESHOLD~0.5}}
\label{spp__ai_8h_aaedb0b7dc2bdf8d44d3fee2189a55a19}
Default correlation threshold coefficient for correlating two hyperalerts \hypertarget{spp__ai_8h_a3c4984a0ee515fbc091ac6e33b05e310}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-DATABASE\_\-INTERVAL@{DEFAULT\_\-DATABASE\_\-INTERVAL}}
\index{DEFAULT\_\-DATABASE\_\-INTERVAL@{DEFAULT\_\-DATABASE\_\-INTERVAL}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-DATABASE\_\-INTERVAL}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-DATABASE\_\-INTERVAL~30}}
\label{spp__ai_8h_a3c4984a0ee515fbc091ac6e33b05e310}
Default interval in seconds for reading alerts from the alert database, if used \hypertarget{spp__ai_8h_a5f555c0ebd29ce2771a3e2dd4f526746}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL@{DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL}}
\index{DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL@{DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL~300}}
\label{spp__ai_8h_a5f555c0ebd29ce2771a3e2dd4f526746}
Default interval in seconds for the thread cleaning up TCP streams \hypertarget{spp__ai_8h_a0f6a189af15ef783fb46ed37c144e031}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL@{DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL}}
\index{DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL@{DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL~300}}
\label{spp__ai_8h_a0f6a189af15ef783fb46ed37c144e031}
Default interval in seconds before a stream without any packet is considered timed out \hypertarget{spp__ai_8h_a5e151c615eda34903514212f05a5ccf8}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!PRIVATE@{PRIVATE}}
\index{PRIVATE@{PRIVATE}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{PRIVATE}]{\setlength{\rightskip}{0pt plus 5cm}\#define PRIVATE~static}}
\label{spp__ai_8h_a5e151c615eda34903514212f05a5ccf8}


\subsection{Typedef Documentation}
\hypertarget{spp__ai_8h_a982be90e72362e88d09f28336c9a1897}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!AI\_\-snort\_\-alert@{AI\_\-snort\_\-alert}}
\index{AI\_\-snort\_\-alert@{AI\_\-snort\_\-alert}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{AI\_\-snort\_\-alert}]{\setlength{\rightskip}{0pt plus 5cm}typedef struct {\bf \_\-AI\_\-snort\_\-alert}  {\bf AI\_\-snort\_\-alert}}}
\label{spp__ai_8h_a982be90e72362e88d09f28336c9a1897}
Data type for Snort alerts \hypertarget{spp__ai_8h_a466391129919ef12366d311d501552fa}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!hierarchy\_\-node@{hierarchy\_\-node}}
\index{hierarchy\_\-node@{hierarchy\_\-node}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{hierarchy\_\-node}]{\setlength{\rightskip}{0pt plus 5cm}typedef struct {\bf \_\-hierarchy\_\-node}  {\bf hierarchy\_\-node}}}
\label{spp__ai_8h_a466391129919ef12366d311d501552fa}
Data type for hierarchies used for clustering \hypertarget{spp__ai_8h_a273cf69d639a59973b6019625df33e30}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!uint16\_\-t@{uint16\_\-t}}
\index{uint16\_\-t@{uint16\_\-t}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{uint16\_\-t}]{\setlength{\rightskip}{0pt plus 5cm}typedef unsigned short {\bf uint16\_\-t}}}
\label{spp__ai_8h_a273cf69d639a59973b6019625df33e30}
\hypertarget{spp__ai_8h_a435d1572bf3f880d55459d9805097f62}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!uint32\_\-t@{uint32\_\-t}}
\index{uint32\_\-t@{uint32\_\-t}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{uint32\_\-t}]{\setlength{\rightskip}{0pt plus 5cm}typedef unsigned int {\bf uint32\_\-t}}}
\label{spp__ai_8h_a435d1572bf3f880d55459d9805097f62}
\hypertarget{spp__ai_8h_aba7bc1797add20fe3efdf37ced1182c5}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!uint8\_\-t@{uint8\_\-t}}
\index{uint8\_\-t@{uint8\_\-t}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{uint8\_\-t}]{\setlength{\rightskip}{0pt plus 5cm}typedef unsigned char {\bf uint8\_\-t}}}
\label{spp__ai_8h_aba7bc1797add20fe3efdf37ced1182c5}


\subsection{Enumeration Type Documentation}
\hypertarget{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!BOOL@{BOOL}}
\index{BOOL@{BOOL}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{BOOL}]{\setlength{\rightskip}{0pt plus 5cm}enum {\bf BOOL}}}
\label{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}
\begin{Desc}
\item[Enumerator: ]\par
\begin{description}
\index{false@{false}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!false@{false}}\item[{\em 
\hypertarget{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c}{
false}
\label{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c}
}]\index{true@{true}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!true@{true}}\item[{\em 
\hypertarget{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b}{
true}
\label{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b}
}]\end{description}
\end{Desc}

\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!cluster\_\-type@{cluster\_\-type}}
\index{cluster\_\-type@{cluster\_\-type}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{cluster\_\-type}]{\setlength{\rightskip}{0pt plus 5cm}enum {\bf cluster\_\-type}}}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}
Possible types of clustering attributes \begin{Desc}
\item[Enumerator: ]\par
\begin{description}
\index{none@{none}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!none@{none}}\item[{\em 
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0}{
none}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0}
}]\index{src\_\-addr@{src\_\-addr}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!src\_\-addr@{src\_\-addr}}\item[{\em 
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f}{
src\_\-addr}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f}
}]\index{dst\_\-addr@{dst\_\-addr}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!dst\_\-addr@{dst\_\-addr}}\item[{\em 
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c}{
dst\_\-addr}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c}
}]\index{src\_\-port@{src\_\-port}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!src\_\-port@{src\_\-port}}\item[{\em 
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b}{
src\_\-port}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b}
}]\index{dst\_\-port@{dst\_\-port}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!dst\_\-port@{dst\_\-port}}\item[{\em 
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9}{
dst\_\-port}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9}
}]\index{CLUSTER\_\-TYPES@{CLUSTER\_\-TYPES}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!CLUSTER\_\-TYPES@{CLUSTER\_\-TYPES}}\item[{\em 
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451}{
CLUSTER\_\-TYPES}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451}
}]\end{description}
\end{Desc}



\subsection{Variable Documentation}
\hypertarget{spp__ai_8h_ab46420126c43c1aac5eabc5db266a71c}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!\_\-dpd@{\_\-dpd}}
\index{\_\-dpd@{\_\-dpd}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{\_\-dpd}]{\setlength{\rightskip}{0pt plus 5cm}DynamicPreprocessorData {\bf \_\-dpd}}}
\label{spp__ai_8h_ab46420126c43c1aac5eabc5db266a71c}
\hypertarget{spp__ai_8h_ab184b676360ce03035801284a2bd1ea7}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!get\_\-alerts@{get\_\-alerts}}
\index{get\_\-alerts@{get\_\-alerts}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{get\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}{\bf AI\_\-snort\_\-alert}$\ast$($\ast$ {\bf get\_\-alerts})(void)}}
\label{spp__ai_8h_ab184b676360ce03035801284a2bd1ea7}
Function pointer to the function used for getting the alert list (from log file, db, ...)