blacklight
/
Snort_AIPreproc
mirror of https://github.com/BlackLight/Snort_AIPreproc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Full support for MySQL (and any?) database alerts

This commit is contained in:
BlackLight 2010-09-04 21:33:53 +02:00
parent a1d157487c
commit 5cb91e3427
115 changed files with 5670 additions and 2909 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -1,3 +1,14 @@
2010-09-04 Fabio "BlackLight" Manganiello <blacklight@autistici.org>
* mysql.c: This file now only contains the functions for managing MySQL
connections in the database wrapper
* db.c: Renamed from 'mysql.c' to 'db.c', now it should be abstract
enough for allowing the support for any database alerts without any lines
of code should be changed
* db.c: Fixed a stupid malloc() mistake that randomly brought the module
to crash
* db.h: New file, including macros and typedefs for allowing the database
operations wrapping
2010-16-08 Fabio "BlackLight" Manganiello <blacklight@autistici.org>
* cluster.c: Finished clustering algorithm and clustering log management

8
Makefile
View File

@ -6,7 +6,7 @@ INCLUDES=-I. -I../../.. -I../include -I./uthash
DEFINES=-D_GNU_SOURCE -D_XOPEN_SOURCE -DDYNAMIC_PLUGIN -DSUP_IP6 -DENABLE_MYSQL -DHAVE_CONFIG_H
CMDLINE=-g -O2 -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector
LIBPATH=-L/usr/lib
LDLINKS=-lpthread
LDLINKS=-lpthread -lmysqlclient
LIBTOOL=./libtool --tag=CC
OUTPUT=libsf_ai_preproc.la
LDOPTIONS=-export-dynamic -rpath ${PREPROC_PATH}
@ -18,7 +18,9 @@ spp_ai.lo \
stream.lo \
alert_parser.lo \
regex.lo \
cluster.lo
cluster.lo \
db.lo \
mysql.lo
all:
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o sf_dynamic_preproc_lib.lo sf_dynamic_preproc_lib.c
@ -28,6 +30,8 @@ all:
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o stream.lo stream.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o spp_ai.lo spp_ai.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o cluster.lo cluster.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o db.lo db.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o mysql.lo mysql.c
/bin/sh ${LIBTOOL} --mode=link gcc ${CMDLINE} ${LDOPTIONS} ${LIBPATH} -o ${OUTPUT} ${OBJECTS} ${LDLINKS}
clean:

2
TODO
View File

@ -1,6 +1,4 @@
- Check cluster ranges are NEVER on the same ranges
- Managing clusters for addresses, timestamps (and more?)
- MySQL alert log parsing
- Dynamic cluster_min_size algorithm
- Alerts for port scan, grouped alerts, UDP and ICMP too

66
alert_parser.c
View File

@ -24,19 +24,22 @@
#include <time.h>
#include <sys/inotify.h>
#include <sys/stat.h>
#include <pthread.h>
PRIVATE AI_snort_alert *alerts = NULL;
PRIVATE FILE *alert_fp = NULL;
/** \defgroup alert_parser Parse the alert log into binary structures
* @{ */
/**
* FUNCTION: AI_alertparser_thread
* \brief Thread for parsing Snort's alert file
* \param arg void* pointer to module's configuration
*/
void*
AI_alertparser_thread ( void* arg )
AI_file_alertparser_thread ( void* arg )
{
struct logtime {
unsigned short day;
@ -68,8 +71,6 @@ AI_alertparser_thread ( void* arg )
while ( 1 )
{
FILE *fp = fopen ( "/home/blacklight/LOG", "a" );
if (( ifd = inotify_init() ) < 0 )
{
_dpd.fatalMsg ( "Could not initialize an inotify object on the alert log file" );
@ -101,6 +102,8 @@ AI_alertparser_thread ( void* arg )
fseek ( alert_fp, 0, SEEK_END );
read ( ifd, line, sizeof(line) );
inotify_rm_watch ( ifd, wd );
close ( ifd );
while ( !feof ( alert_fp ))
{
@ -117,10 +120,10 @@ AI_alertparser_thread ( void* arg )
{
if ( in_alert )
{
if ( alert->ipproto == IPPROTO_TCP )
if ( alert->ip_proto == IPPROTO_TCP )
{
key.src_ip = alert->src_addr;
key.dst_port = alert->dst_port;
key.src_ip = alert->ip_src_addr;
key.dst_port = alert->tcp_dst_port;
if (( info = AI_get_stream_by_key ( key ) ))
{
@ -211,10 +214,10 @@ AI_alertparser_thread ( void* arg )
strptime ( strtime, "%d/%m/%Y, %H:%M:%S", _tm );
alert->timestamp = mktime ( _tm );
alert->src_addr = inet_addr ( matches[5] );
alert->dst_addr = inet_addr ( matches[7] );
alert->src_port = htons ( atoi( matches[6] ));
alert->dst_port = htons ( atoi( matches[8] ));
alert->ip_src_addr = inet_addr ( matches[5] );
alert->ip_dst_addr = inet_addr ( matches[7] );
alert->tcp_src_port = htons ( atoi( matches[6] ));
alert->tcp_dst_port = htons ( atoi( matches[8] ));
for ( i=0; i < nmatches; i++ )
free ( matches[i] );
@ -240,8 +243,8 @@ AI_alertparser_thread ( void* arg )
strptime ( strtime, "%d/%m/%Y, %H:%M:%S", _tm );
alert->timestamp = mktime ( _tm );
alert->src_addr = inet_addr ( matches[5] );
alert->dst_addr = inet_addr ( matches[6] );
alert->ip_src_addr = inet_addr ( matches[5] );
alert->ip_dst_addr = inet_addr ( matches[6] );
for ( i=0; i < nmatches; i++ )
free ( matches[i] );
@ -251,26 +254,26 @@ AI_alertparser_thread ( void* arg )
} else if ( preg_match ( "^([^\\s+]+)\\s+TTL:\\s*([0-9]+)\\s+TOS:\\s*0x([0-9A-F]+)\\s+ID:\\s*([0-9]+)\\s+IpLen:\\s*([0-9]+)",
line, &matches, &nmatches ) > 0 ) {
if ( !strcasecmp ( matches[0], "tcp" ) ) {
alert->ipproto = IPPROTO_TCP;
alert->ip_proto = IPPROTO_TCP;
} else if ( !strcasecmp ( matches[0], "udp" ) ) {
alert->ipproto = IPPROTO_UDP;
alert->ip_proto = IPPROTO_UDP;
} else if ( !strcasecmp ( matches[0], "icmp" ) ) {
alert->ipproto = IPPROTO_ICMP;
alert->ip_proto = IPPROTO_ICMP;
} else {
alert->ipproto = IPPROTO_NONE;
alert->ip_proto = IPPROTO_NONE;
}
alert->ttl = htons ( (uint16_t) strtoul ( matches[1], NULL, 10 ));
alert->tos = htons ( (uint16_t) strtoul ( matches[2], NULL, 16 ));
alert->id = htons ( (uint16_t) strtoul ( matches[3], NULL, 10 ));
alert->iplen = htons ( (uint16_t) strtoul ( matches[4], NULL, 10 ));
alert->ip_ttl = htons ( (uint16_t) strtoul ( matches[1], NULL, 10 ));
alert->ip_tos = htons ( (uint16_t) strtoul ( matches[2], NULL, 16 ));
alert->ip_id = htons ( (uint16_t) strtoul ( matches[3], NULL, 10 ));
alert->ip_len = htons ( (uint16_t) strtoul ( matches[4], NULL, 10 ));
for ( i=0; i < nmatches; i++ )
free ( matches[i] );
free ( matches );
matches = NULL;
} else if ( preg_match ( "^([\\*UAPRSF]{8})\\s+Seq:\\s*0x([0-9A-F]+)\\s+Ack:\\s*0x([0-9A-F]+)\\s+Win:\\s*0x([0-9A-F]+)\\s+TcpLen:\\s*([0-9]+)",
} else if ( preg_match ( "^([\\*CEUAPRSF]{8})\\s+Seq:\\s*0x([0-9A-F]+)\\s+Ack:\\s*0x([0-9A-F]+)\\s+Win:\\s*0x([0-9A-F]+)\\s+TcpLen:\\s*([0-9]+)",
line, &matches, &nmatches ) > 0 ) {
alert->tcp_flags = 0;
alert->tcp_flags |= ( strstr ( matches[0], "C" ) ) ? TCPHEADER_RES1 : 0;
@ -282,10 +285,10 @@ AI_alertparser_thread ( void* arg )
alert->tcp_flags |= ( strstr ( matches[0], "S" ) ) ? TCPHEADER_SYN : 0;
alert->tcp_flags |= ( strstr ( matches[0], "F" ) ) ? TCPHEADER_FIN : 0;
alert->sequence = htonl ( strtoul ( matches[1], NULL, 16 ));
alert->ack = htonl ( strtoul ( matches[2], NULL, 16 ));
alert->window = htons ( (uint16_t) strtoul ( matches[3], NULL, 16 ));
alert->tcplen = htons ( (uint16_t) strtoul ( matches[4], NULL, 10 ));
alert->tcp_seq = htonl ( strtoul ( matches[1], NULL, 16 ));
alert->tcp_ack = htonl ( strtoul ( matches[2], NULL, 16 ));
alert->tcp_window = htons ( (uint16_t) strtoul ( matches[3], NULL, 16 ));
alert->tcp_len = htons ( (uint16_t) strtoul ( matches[4], NULL, 10 ));
for ( i=0; i < nmatches; i++ )
free ( matches[i] );
@ -294,17 +297,14 @@ AI_alertparser_thread ( void* arg )
matches = NULL;
}
}
fclose ( fp );
}
pthread_exit ((void*) 0 );
return (void*) 0;
} /* ----- end of function AI_alertparser_thread ----- */
} /* ----- end of function AI_file_alertparser_thread ----- */
/**
* FUNCTION: _AI_copy_alerts
* \brief Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only)
* \param node Starting node (used for the recursion)
* \return A copy of the alert log linked list
@ -336,7 +336,6 @@ _AI_copy_alerts ( AI_snort_alert *node )
/**
* FUNCTION: AI_get_alerts
* \brief Return the alerts parsed so far as a linked list
* \return An AI_snort_alert pointer identifying the list of alerts
*/
@ -348,7 +347,6 @@ AI_get_alerts ()
/**
* FUNCTION: AI_free_alerts
* \brief Deallocate the memory of a log alert linked list
* \param node Linked list to be freed
*/
@ -365,3 +363,5 @@ AI_free_alerts ( AI_snort_alert *node )
node = NULL;
} /* ----- end of function AI_free_alerts ----- */
/** @} */

64
cluster.c
View File

@ -5,7 +5,7 @@
*
* Description: Module for managing alarm clustering and cluter hierarchies
*
* Version: 1.0
* Version: 0.1
* Created: 12/08/2010 12:43:28
* Revision: none
* Compiler: gcc
@ -22,15 +22,18 @@
#include <stdio.h>
#include <unistd.h>
#include <limits.h>
#include <pthread.h>
#include <pthread.h>
/* Identifier key for a cluster attribute value */
/** \defgroup cluster Manage the clustering of alarms
* @{ */
/** Identifier key for a cluster attribute value */
typedef struct {
int min;
int max;
} attribute_key;
/* Representation of a cluster attribute value */
/** Representation of a cluster attribute value */
typedef struct {
attribute_key key;
cluster_type type;
@ -45,7 +48,6 @@ PRIVATE AI_snort_alert *alert_log = NULL;
/**
* FUNCTION: _heuristic_func
* \brief Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124)
* \param type Attribute type
* \return The heuristic coefficient for that attribute, -1 if no clustering information is available for that attribute
@ -113,7 +115,6 @@ _heuristic_func ( cluster_type type )
} /* ----- end of function _heuristic_func ----- */
/**
* FUNCTION: _hierarchy_node_new
* \brief Create a new clustering hierarchy node
* \param label Label for the node
* \param min_val Minimum value for the range represented by the node
@ -143,7 +144,6 @@ _hierarchy_node_new ( char *label, int min_val, int max_val )
/**
* FUNCTION: _hierarchy_node_append
* \brief Append a node to a clustering hierarchy node
* \param parent Parent node
* \param child Child node
@ -182,7 +182,6 @@ _hierarchy_node_append ( hierarchy_node *parent, hierarchy_node *child )
/**
* FUNCTION: _AI_get_min_hierarchy_node
* \brief Get the minimum node in a hierarchy tree that matches a certain value
* \param val Value to be matched in the range
* \param root Root of the hierarchy
@ -219,7 +218,6 @@ _AI_get_min_hierarchy_node ( int val, hierarchy_node *root )
} /* ----- end of function _AI_get_min_hierarchy_node ----- */
/**
* FUNCTION: _AI_equal_alarms
* \brief Check if two alerts are semantically equal
* \param a1 First alert
* \param a2 Second alert
@ -267,7 +265,6 @@ _AI_equal_alarms ( AI_snort_alert *a1, AI_snort_alert *a2 )
/**
* FUNCTION: _AI_merge_alerts
* \brief Merge the alerts marked as equal in the log
* \param log Alert log reference
* \return The number of merged couples
@ -309,7 +306,6 @@ _AI_merge_alerts ( AI_snort_alert **log )
/**
* FUNCTION: _AI_print_clustered_alerts
* \brief Print the clustered alerts to a log file
* \param log Log containing the alerts
* \param fp File pointer where the alerts will be printed
@ -335,34 +331,34 @@ _AI_print_clustered_alerts ( AI_snort_alert *log, FILE *fp )
timestamp[ strlen(timestamp)-1 ] = 0;
fprintf ( fp, "[Grouped alerts: %d] [Starting from: %s]\n", tmp->grouped_alarms_count, timestamp );
if ( h_root[src_addr] )
if ( h_root[src_addr] && tmp->h_node[src_addr] )
{
fprintf ( fp, "[%s]:", tmp->h_node[src_addr]->label );
fprintf ( fp, "[%s]:", (tmp->h_node[src_addr]->label) ? tmp->h_node[src_addr]->label : "no label" );
} else {
inet_ntop ( AF_INET, &(tmp->src_addr), ip, INET_ADDRSTRLEN );
inet_ntop ( AF_INET, &(tmp->ip_src_addr), ip, INET_ADDRSTRLEN );
fprintf ( fp, "%s:", ip );
}
if ( h_root[src_port] )
if ( h_root[src_port] && tmp->h_node[src_port] )
{
fprintf ( fp, "[%s] -> ", tmp->h_node[src_port]->label );
fprintf ( fp, "[%s] -> ", (tmp->h_node[src_port]->label) ? tmp->h_node[src_port]->label : "no label" );
} else {
fprintf ( fp, "%d -> ", htons ( tmp->src_port ));
fprintf ( fp, "%d -> ", htons ( tmp->tcp_src_port ));
}
if ( h_root[dst_addr] )
if ( h_root[dst_addr] && tmp->h_node[dst_addr] )
{
fprintf ( fp, "[%s]:", tmp->h_node[dst_addr]->label );
fprintf ( fp, "[%s]:", (tmp->h_node[dst_addr]->label) ? tmp->h_node[dst_addr]->label : "no label" );
} else {
inet_ntop ( AF_INET, &(tmp->dst_addr), ip, INET_ADDRSTRLEN );
inet_ntop ( AF_INET, &(tmp->ip_dst_addr), ip, INET_ADDRSTRLEN );
fprintf ( fp, "%s:", ip );
}
if ( h_root[dst_port] )
if ( h_root[dst_port] && tmp->h_node[dst_port] )
{
fprintf ( fp, "[%s]\n", tmp->h_node[dst_port]->label );
fprintf ( fp, "[%s]\n", (tmp->h_node[dst_port]->label) ? tmp->h_node[dst_port]->label : "no label" );
} else {
fprintf ( fp, "%d\n", htons ( tmp->dst_port ));
fprintf ( fp, "%d\n", htons ( tmp->tcp_dst_port ));
}
fprintf ( fp, "\n" );
@ -371,7 +367,6 @@ _AI_print_clustered_alerts ( AI_snort_alert *log, FILE *fp )
/**
* FUNCTION: _AI_cluster_thread
* \brief Thread for periodically clustering the log information
*/
PRIVATE void*
@ -400,7 +395,7 @@ _AI_cluster_thread ( void* arg )
/* Free the current alert log and get the latest one */
AI_free_alerts ( alert_log );
if ( !( alert_log = AI_get_alerts() ))
if ( !( alert_log = get_alerts() ))
{
continue;
}
@ -432,14 +427,14 @@ _AI_cluster_thread ( void* arg )
{
case src_addr:
case dst_addr:
netval = ( type == src_addr ) ? tmp->src_addr : tmp->dst_addr;
netval = ( type == src_addr ) ? tmp->ip_src_addr : tmp->ip_dst_addr;
hostval = ntohl ( netval );
inet_ntop ( AF_INET, &(netval), label, INET_ADDRSTRLEN );
break;
case src_port:
case dst_port:
netval = ( type == src_port ) ? tmp->src_port : tmp->dst_port;
netval = ( type == src_port ) ? tmp->tcp_src_port : tmp->tcp_dst_port;
hostval = ntohs ( netval );
snprintf ( label, sizeof(label), "%d", hostval );
break;
@ -489,9 +484,12 @@ _AI_cluster_thread ( void* arg )
/* For all the alerts, the corresponing clustering value is the parent of the current one in the hierarchy */
for ( tmp = alert_log; tmp; tmp = tmp->next )
{
if ( tmp->h_node[best_type]->parent )
if ( tmp->h_node[best_type] )
{
tmp->h_node[best_type] = tmp->h_node[best_type]->parent;
if ( tmp->h_node[best_type]->parent )
{
tmp->h_node[best_type] = tmp->h_node[best_type]->parent;
}
}
}
@ -503,6 +501,7 @@ _AI_cluster_thread ( void* arg )
if ( !( cluster_fp = fopen ( _config->clusterfile, "w" )) )
{
pthread_exit ((void*) 0 );
return (void*) 0;
}
@ -512,17 +511,18 @@ _AI_cluster_thread ( void* arg )
fclose ( fp );
}
pthread_exit ((void*) 0 );
return (void*) 0;
} /* ----- end of function AI_cluster_thread ----- */
/**
* FUNCTION: _AI_check_duplicate
* \brief Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy
* \param node Node to be checked
* \param root Clustering hierarchy
* \return True if 'node' is already in 'root', false otherwise
*/
PRIVATE BOOL
_AI_check_duplicate ( hierarchy_node *node, hierarchy_node *root )
{
@ -543,8 +543,8 @@ _AI_check_duplicate ( hierarchy_node *node, hierarchy_node *root )
return false;
} /* ----- end of function _AI_check_duplicate ----- */
/**
* FUNCTION: AI_hierarchies_build
* \brief Build the clustering hierarchy trees
* \param conf Reference to the configuration of the module
* \param nodes Nodes containing the information about the clustering ranges
@ -630,3 +630,5 @@ AI_hierarchies_build ( AI_config *conf, hierarchy_node **nodes, int n_nodes )
}
} /* ----- end of function AI_hierarchies_build ----- */
/** @} */

271
db.c Normal file
View File

@ -0,0 +1,271 @@
/*
* =====================================================================================
*
* Filename: mysql.c
*
* Description: Parse the alert log saved by Snort on a database
*
* Version: 0.1
* Created: 17/08/2010 17:29:36
* Revision: none
* Compiler: gcc
*
* Author: BlackLight (http://0x00.ath.cx), <blacklight@autistici.org>
* Licence: GNU GPL v.3
* Company: DO WHAT YOU WANT CAUSE A PIRATE IS FREE, YOU ARE A PIRATE!
*
* =====================================================================================
*/
#include "spp_ai.h"
#include "db.h"
#include <unistd.h>
#include <time.h>
#include <pthread.h>
/** \defgroup mysql Manage alerts on a MySQL database
* @{ */
PRIVATE AI_config *config;
PRIVATE AI_snort_alert *alerts = NULL;
/** pthread mutex for accessing database data */
PRIVATE pthread_mutex_t db_mutex = PTHREAD_MUTEX_INITIALIZER;
/**
* \brief Thread for parsing alerts from MySQL database
* \param arg void* pointer to the module configuration
*/
void*
AI_mysql_alertparser_thread ( void *arg )
{
char query[1024];
int rows = 0;
int latest_cid = 0;
time_t latest_time = time ( NULL );
DB_result res, res2;
DB_row row, row2;
struct pkt_key key;
struct pkt_info *info = NULL;
AI_snort_alert *alert = NULL;
AI_snort_alert *tmp = NULL;
if ( !arg )
{
pthread_exit ((void*) 0 );
return (void*) 0;
}
config = ( AI_config* ) arg;
pthread_mutex_lock ( &db_mutex );
if ( !DB_init ( config ))
{
_dpd.fatalMsg ( "AIPreproc: Unable to connect to the database '%s' @ '%s'\n",
config->dbname, config->dbhost );
}
pthread_mutex_unlock ( &db_mutex );
while ( 1 )
{
sleep ( config->databaseParsingInterval );
memset ( query, 0, sizeof ( query ));
snprintf ( query, sizeof (query), "select cid, unix_timestamp(timestamp), signature from event where cid > %d "
"and unix_timestamp(timestamp) > %ld order by cid", latest_cid, latest_time );
if ( !( res = (DB_result) DB_query ( query )))
{
DB_close();
_dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database "
"at %s:%d: '%s'\n", __FILE__, __LINE__, query );
}
if (( rows = DB_num_rows ( res )) < 0 )
{
DB_close();
_dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ );
} else if ( rows == 0 ) {
continue;
}
while (( row = (DB_row) DB_fetch_row ( res )))
{
if ( !( alert = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) ))
{
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ );
}
memset ( alert, 0, sizeof ( AI_snort_alert ));
latest_cid = (row[0]) ? strtol ( row[0], NULL, 10 ) : 0;
alert->timestamp = (row[1]) ? ( time_t ) strtol ( row[1], NULL, 10 ) : 0;
/* Parsing gid, sid, rev, name, timestamp and priority */
memset ( query, 0, sizeof ( query ));
snprintf ( query, sizeof ( query ), "select sig_gid, sig_sid, sig_rev, sig_name, sig_priority from signature "
"where sig_id='%ld'", strtol ( row[2], NULL, 0 ));
if ( !( res2 = (DB_result) DB_query ( query )))
{
DB_close();
_dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database "
"at %s:%d: '%s'\n", __FILE__, __LINE__, query );
}
if (( rows = DB_num_rows ( res2 )) < 0 ) {
DB_close();
_dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ );
} else if ( rows > 0 ) {
if (( row2 = (DB_row) DB_fetch_row ( res2 )))
{
alert->gid = (row2[0]) ? strtol ( row2[0], NULL, 10 ) : 0;
alert->sid = (row2[1]) ? strtol ( row2[1], NULL, 10 ) : 0;
alert->rev = (row2[2]) ? strtol ( row2[2], NULL, 10 ) : 0;
alert->desc = (row2[3]) ? strdup ( row2[3] ) : NULL;
alert->priority = (row2[4]) ? strtol ( row2[4], NULL, 10 ) : 0;
}
DB_free_result ( res2 );
}
/* Parsing IP header information */
memset ( query, 0, sizeof ( query ));
snprintf ( query, sizeof ( query ), "select ip_tos, ip_len, ip_id, ip_ttl, ip_proto, ip_src, ip_dst "
"from iphdr where cid='%d'", latest_cid);
if ( !( res2 = (DB_result) DB_query ( query )))
{
DB_close();
_dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database "
"at %s:%d: '%s'\n", __FILE__, __LINE__, query );
}
if (( rows = DB_num_rows ( res2 )) < 0 ) {
DB_close();
_dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ );
} else if ( rows > 0 ) {
if (( row2 = DB_fetch_row ( res2 )))
{
alert->ip_tos = (row2[0]) ? strtol ( row2[0], NULL, 10 ) : 0;
alert->ip_len = (row2[1]) ? htons ( strtol ( row2[1], NULL, 10 )) : 0;
alert->ip_id = (row2[2]) ? htons ( strtol ( row2[2], NULL, 10 )) : 0;
alert->ip_ttl = (row2[3]) ? strtol ( row2[3], NULL, 10 ) : 0;
alert->ip_proto = (row2[4]) ? strtol ( row2[4], NULL, 10 ) : 0;
alert->ip_src_addr = (row2[5]) ? htonl ( strtoul ( row2[5], NULL, 10 )) : 0;
alert->ip_dst_addr = (row2[6]) ? htonl ( strtoul ( row2[6], NULL, 10 )) : 0;
}
DB_free_result ( res2 );
}
/* Parsing TCP header information */
memset ( query, 0, sizeof ( query ));
snprintf ( query, sizeof ( query ), "select tcp_sport, tcp_dport, tcp_seq, tcp_ack, tcp_flags, tcp_win "
"from tcphdr where cid='%d'", latest_cid );
if ( !( res2 = (DB_result) DB_query ( query )))
{
DB_close();
_dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database "
"at %s:%d: '%s'\n", __FILE__, __LINE__, query );
}
if (( rows = DB_num_rows ( res2 )) < 0 ) {
DB_close();
_dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ );
} else if ( rows > 0 ) {
if (( row2 = DB_fetch_row ( res2 )))
{
alert->tcp_src_port = (row2[0]) ? htons ( strtol ( row2[0], NULL, 10 )) : 0;
alert->tcp_dst_port = (row2[1]) ? htons ( strtol ( row2[1], NULL, 10 )) : 0;
alert->tcp_seq = (row2[2]) ? htonl ( strtoul ( row2[2], NULL, 10 )) : 0;
alert->tcp_ack = (row2[3]) ? htonl ( strtoul ( row2[3], NULL, 10 )) : 0;
alert->tcp_flags = (row2[4]) ? strtol ( row2[4], NULL, 10 ) : 0;
alert->tcp_window = (row2[5]) ? htons ( strtol ( row2[5], NULL, 10 )) : 0;
}
DB_free_result ( res2 );
}
/* Finding the associated stream info, if any */
if ( alert->ip_proto == IPPROTO_TCP )
{
key.src_ip = alert->ip_src_addr;
key.dst_port = alert->tcp_dst_port;
if (( info = AI_get_stream_by_key ( key )))
{
AI_set_stream_observed ( key );
alert->stream = info;
}
}
/* Creating a new alert log if it doesn't exist, or appending the current alert to the log */
if ( !alerts )
{
alerts = alert;
alerts->next = NULL;
} else {
for ( tmp = alerts; tmp->next; tmp = tmp->next );
tmp->next = alert;
}
}
DB_free_result ( res );
latest_time = time ( NULL );
}
DB_close();
pthread_exit ((void*) 0 );
return (void*) 0;
} /* ----- end of function AI_mysql_alert_parse ----- */
/**
* \brief Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only)
* \param node Starting node (used for the recursion)
* \return A copy of the alert log linked list
*/
PRIVATE AI_snort_alert*
_AI_mysql_copy_alerts ( AI_snort_alert *node )
{
AI_snort_alert *current = NULL, *next = NULL;
if ( !node )
{
return NULL;
}
if ( node->next )
{
next = _AI_mysql_copy_alerts ( node->next );
}
if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) ))
{
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ );
}
memcpy ( current, node, sizeof ( AI_snort_alert ));
current->next = next;
return current;
} /* ----- end of function _AI_mysql_copy_alerts ----- */
/**
* \brief Return the alerts parsed so far as a linked list
* \return An AI_snort_alert pointer identifying the list of alerts
*/
AI_snort_alert*
AI_mysql_get_alerts ()
{
return _AI_mysql_copy_alerts ( alerts );
} /* ----- end of function AI_mysql_get_alerts ----- */
/** @} */

47
db.h Normal file
View File

@ -0,0 +1,47 @@
/*
* =====================================================================================
*
* Filename: db.h
*
* Description: Manages the interface to several DBMS's through macros
*
* Version: 0.1
* Created: 04/09/2010 20:21:06
* Revision: none
* Compiler: gcc
*
* Author: BlackLight (http://0x00.ath.cx), <blacklight@autistici.org>
* Licence: GNU GPL v.3
* Company: DO WHAT YOU WANT CAUSE A PIRATE IS FREE, YOU ARE A PIRATE!
*
* =====================================================================================
*/
#ifndef _AI_DB_H
#define _AI_DB_H
#ifdef ENABLE_MYSQL
#include <mysql/mysql.h>
typedef MYSQL_RES* DB_result;
typedef MYSQL_ROW DB_row;
#define DB_init mysql_do_init
#define DB_query mysql_do_query
#define DB_num_rows mysql_num_rows
#define DB_fetch_row mysql_fetch_row
#define DB_free_result mysql_free_result
#define DB_close mysql_do_close
#endif
/** Initializer for the database */
void* DB_init ( AI_config* );
/** Execute a query on the database and returns the result */
DB_result* DB_query ( const char* );
/** Close the database descriptor */
void DB_close();
#endif

126
doc/html/alert__parser_8c.html
View File

@ -59,127 +59,23 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<code>#include &lt;time.h&gt;</code><br/>
<code>#include &lt;sys/inotify.h&gt;</code><br/>
<code>#include &lt;sys/stat.h&gt;</code><br/>
<code>#include &lt;pthread.h&gt;</code><br/>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a">AI_alertparser_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing Snort's alert file. <a href="#ad68c45b5846743a54ad3fa92c8e48f8a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#a6c5014cae9155379fdc4db649b2c862d">_AI_copy_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only). <a href="#a6c5014cae9155379fdc4db649b2c862d"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f">AI_get_alerts</a> ()</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="#a99474495643197b3075ac22ec6f6c70f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b">AI_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Deallocate the memory of a log alert linked list. <a href="#a270e86669a0aa64a8da37bc16cda645b"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">AI_file_alertparser_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing Snort's alert file. <a href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga6c5014cae9155379fdc4db649b2c862d">_AI_copy_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only). <a href="group__alert__parser.html#ga6c5014cae9155379fdc4db649b2c862d"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">AI_get_alerts</a> ()</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">AI_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Deallocate the memory of a log alert linked list. <a href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE FILE *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6">alert_fp</a> = NULL</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a6c5014cae9155379fdc4db649b2c862d"></a><!-- doxytag: member="alert_parser.c::_AI_copy_alerts" ref="a6c5014cae9155379fdc4db649b2c862d" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* _AI_copy_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>node</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only). </p>
<p>FUNCTION: _AI_copy_alerts </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Starting node (used for the recursion) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A copy of the alert log linked list </dd></dl>
</div>
</div>
<a class="anchor" id="ad68c45b5846743a54ad3fa92c8e48f8a"></a><!-- doxytag: member="alert_parser.c::AI_alertparser_thread" ref="ad68c45b5846743a54ad3fa92c8e48f8a" args="(void *arg)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_alertparser_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for parsing Snort's alert file. </p>
<p>FUNCTION: AI_alertparser_thread </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>void* pointer to module's configuration </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a270e86669a0aa64a8da37bc16cda645b"></a><!-- doxytag: member="alert_parser.c::AI_free_alerts" ref="a270e86669a0aa64a8da37bc16cda645b" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_free_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>node</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Deallocate the memory of a log alert linked list. </p>
<p>FUNCTION: AI_free_alerts </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Linked list to be freed </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a99474495643197b3075ac22ec6f6c70f"></a><!-- doxytag: member="alert_parser.c::AI_get_alerts" ref="a99474495643197b3075ac22ec6f6c70f" args="()" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_get_alerts </td>
<td>(</td>
<td class="paramtype">void&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Return the alerts parsed so far as a linked list. </p>
<p>FUNCTION: AI_get_alerts </p>
<dl class="return"><dt><b>Returns:</b></dt><dd>An AI_snort_alert pointer identifying the list of alerts </dd></dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="abee2a33368912d9288c76b51160a9ed6"></a><!-- doxytag: member="alert_parser.c::alert_fp" ref="abee2a33368912d9288c76b51160a9ed6" args="" -->
<div class="memitem">
@ -199,7 +95,7 @@ Variables</h2></td></tr>
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="group__mysql.html#gae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td>
</tr>
</table>
</div>
@ -222,7 +118,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/annotated.html
View File

@ -75,7 +75,7 @@ Here are the data structures with brief descriptions:<table>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/classes.html
View File

@ -72,7 +72,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

443
doc/html/cluster_8c.html
View File

@ -66,427 +66,32 @@ Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__value.html">attribute_value</a></td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a81f5fa721719fdb281595a568eef2101">_heuristic_func</a> (<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> type)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). <a href="#a81f5fa721719fdb281595a568eef2101"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a2f1a22cfea64e4669da0467620c3e3b3">_hierarchy_node_new</a> (char *label, int min_val, int max_val)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Create a new clustering hierarchy node. <a href="#a2f1a22cfea64e4669da0467620c3e3b3"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a5601a1f603d9c870ef6e2df192e30c30">_hierarchy_node_append</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *parent, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *child)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Append a node to a clustering hierarchy node. <a href="#a5601a1f603d9c870ef6e2df192e30c30"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a6ddddcd505b1f763c339e81fc143e079">_AI_get_min_hierarchy_node</a> (int val, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get the minimum node in a hierarchy tree that matches a certain value. <a href="#a6ddddcd505b1f763c339e81fc143e079"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a0f91c8bfc37a3975f5c26b19fd6c5cba">_AI_equal_alarms</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a1, <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a2)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if two alerts are semantically equal. <a href="#a0f91c8bfc37a3975f5c26b19fd6c5cba"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a8ce8e5a5d8954672297fa2dedb380dcd">_AI_merge_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **log)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Merge the alerts marked as equal in the log. <a href="#a8ce8e5a5d8954672297fa2dedb380dcd"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a7d151880080470b542e99643dc0426a7">_AI_print_clustered_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *log, FILE *fp)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Print the clustered alerts to a log file. <a href="#a7d151880080470b542e99643dc0426a7"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a8a5eae61dc9fd0f13e0acdfa5f4478e2">_AI_cluster_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for periodically clustering the log information. <a href="#a8a5eae61dc9fd0f13e0acdfa5f4478e2"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a29c35cd6c56f54e27b5b190c6d6c487a">_AI_check_duplicate</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *node, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. <a href="#a29c35cd6c56f54e27b5b190c6d6c487a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *conf, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **nodes, int n_nodes)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="#a1445818b37483f78cc3fb2890155842c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga81f5fa721719fdb281595a568eef2101">_heuristic_func</a> (<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> type)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). <a href="group__cluster.html#ga81f5fa721719fdb281595a568eef2101"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3">_hierarchy_node_new</a> (char *label, int min_val, int max_val)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Create a new clustering hierarchy node. <a href="group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30">_hierarchy_node_append</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *parent, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *child)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Append a node to a clustering hierarchy node. <a href="group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079">_AI_get_min_hierarchy_node</a> (int val, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get the minimum node in a hierarchy tree that matches a certain value. <a href="group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba">_AI_equal_alarms</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a1, <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a2)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if two alerts are semantically equal. <a href="group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd">_AI_merge_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **log)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Merge the alerts marked as equal in the log. <a href="group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga7d151880080470b542e99643dc0426a7">_AI_print_clustered_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *log, FILE *fp)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Print the clustered alerts to a log file. <a href="group__cluster.html#ga7d151880080470b542e99643dc0426a7"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2">_AI_cluster_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for periodically clustering the log information. <a href="group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a">_AI_check_duplicate</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *node, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. <a href="group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *conf, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **nodes, int n_nodes)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82">h_root</a> [CLUSTER_TYPES] = { NULL }</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a91458e2d34595688e39fcb63ba418849">_config</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9">alert_log</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82">h_root</a> [CLUSTER_TYPES] = { NULL }</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga91458e2d34595688e39fcb63ba418849">_config</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9">alert_log</a> = NULL</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a29c35cd6c56f54e27b5b190c6d6c487a"></a><!-- doxytag: member="cluster.c::_AI_check_duplicate" ref="a29c35cd6c56f54e27b5b190c6d6c487a" args="(hierarchy_node *node, hierarchy_node *root)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> _AI_check_duplicate </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>node</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>root</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. </p>
<p>FUNCTION: _AI_check_duplicate </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Node to be checked </td></tr>
<tr><td valign="top"></td><td valign="top"><em>root</em>&nbsp;</td><td>Clustering hierarchy </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>True if 'node' is already in 'root', false otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="a8a5eae61dc9fd0f13e0acdfa5f4478e2"></a><!-- doxytag: member="cluster.c::_AI_cluster_thread" ref="a8a5eae61dc9fd0f13e0acdfa5f4478e2" args="(void *arg)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void* _AI_cluster_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for periodically clustering the log information. </p>
<p>FUNCTION: _AI_cluster_thread </p>
</div>
</div>
<a class="anchor" id="a0f91c8bfc37a3975f5c26b19fd6c5cba"></a><!-- doxytag: member="cluster.c::_AI_equal_alarms" ref="a0f91c8bfc37a3975f5c26b19fd6c5cba" args="(AI_snort_alert *a1, AI_snort_alert *a2)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> _AI_equal_alarms </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>a1</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>a2</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if two alerts are semantically equal. </p>
<p>FUNCTION: _AI_equal_alarms </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>a1</em>&nbsp;</td><td>First alert </td></tr>
<tr><td valign="top"></td><td valign="top"><em>a2</em>&nbsp;</td><td>Second alert </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>True if they are equal, false otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="a6ddddcd505b1f763c339e81fc143e079"></a><!-- doxytag: member="cluster.c::_AI_get_min_hierarchy_node" ref="a6ddddcd505b1f763c339e81fc143e079" args="(int val, hierarchy_node *root)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* _AI_get_min_hierarchy_node </td>
<td>(</td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>val</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>root</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Get the minimum node in a hierarchy tree that matches a certain value. </p>
<p>FUNCTION: _AI_get_min_hierarchy_node </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>val</em>&nbsp;</td><td>Value to be matched in the range </td></tr>
<tr><td valign="top"></td><td valign="top"><em>root</em>&nbsp;</td><td>Root of the hierarchy </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The minimum node that matches the value if any, NULL otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="a8ce8e5a5d8954672297fa2dedb380dcd"></a><!-- doxytag: member="cluster.c::_AI_merge_alerts" ref="a8ce8e5a5d8954672297fa2dedb380dcd" args="(AI_snort_alert **log)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE int _AI_merge_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **&nbsp;</td>
<td class="paramname"> <em>log</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Merge the alerts marked as equal in the log. </p>
<p>FUNCTION: _AI_merge_alerts </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>log</em>&nbsp;</td><td>Alert log reference </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The number of merged couples </dd></dl>
</div>
</div>
<a class="anchor" id="a7d151880080470b542e99643dc0426a7"></a><!-- doxytag: member="cluster.c::_AI_print_clustered_alerts" ref="a7d151880080470b542e99643dc0426a7" args="(AI_snort_alert *log, FILE *fp)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void _AI_print_clustered_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>log</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">FILE *&nbsp;</td>
<td class="paramname"> <em>fp</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Print the clustered alerts to a log file. </p>
<p>FUNCTION: _AI_print_clustered_alerts </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>log</em>&nbsp;</td><td>Log containing the alerts </td></tr>
<tr><td valign="top"></td><td valign="top"><em>fp</em>&nbsp;</td><td>File pointer where the alerts will be printed </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a81f5fa721719fdb281595a568eef2101"></a><!-- doxytag: member="cluster.c::_heuristic_func" ref="a81f5fa721719fdb281595a568eef2101" args="(cluster_type type)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE int _heuristic_func </td>
<td>(</td>
<td class="paramtype"><a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a>&nbsp;</td>
<td class="paramname"> <em>type</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). </p>
<p>FUNCTION: _heuristic_func </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>type</em>&nbsp;</td><td>Attribute type </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The heuristic coefficient for that attribute, -1 if no clustering information is available for that attribute </dd></dl>
</div>
</div>
<a class="anchor" id="a5601a1f603d9c870ef6e2df192e30c30"></a><!-- doxytag: member="cluster.c::_hierarchy_node_append" ref="a5601a1f603d9c870ef6e2df192e30c30" args="(hierarchy_node *parent, hierarchy_node *child)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void _hierarchy_node_append </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>parent</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>child</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Append a node to a clustering hierarchy node. </p>
<p>FUNCTION: _hierarchy_node_append </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>parent</em>&nbsp;</td><td>Parent node </td></tr>
<tr><td valign="top"></td><td valign="top"><em>child</em>&nbsp;</td><td>Child node </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a2f1a22cfea64e4669da0467620c3e3b3"></a><!-- doxytag: member="cluster.c::_hierarchy_node_new" ref="a2f1a22cfea64e4669da0467620c3e3b3" args="(char *label, int min_val, int max_val)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* _hierarchy_node_new </td>
<td>(</td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>label</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>min_val</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>max_val</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Create a new clustering hierarchy node. </p>
<p>FUNCTION: _hierarchy_node_new </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>label</em>&nbsp;</td><td>Label for the node </td></tr>
<tr><td valign="top"></td><td valign="top"><em>min_val</em>&nbsp;</td><td>Minimum value for the range represented by the node </td></tr>
<tr><td valign="top"></td><td valign="top"><em>max_val</em>&nbsp;</td><td>Maximum value for the range represented by the node </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The brand new node if the allocation was ok, otherwise abort the application </dd></dl>
</div>
</div>
<a class="anchor" id="a1445818b37483f78cc3fb2890155842c"></a><!-- doxytag: member="cluster.c::AI_hierarchies_build" ref="a1445818b37483f78cc3fb2890155842c" args="(AI_config *conf, hierarchy_node **nodes, int n_nodes)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_hierarchies_build </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td>
<td class="paramname"> <em>conf</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **&nbsp;</td>
<td class="paramname"> <em>nodes</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>n_nodes</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Build the clustering hierarchy trees. </p>
<p>FUNCTION: AI_hierarchies_build </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>conf</em>&nbsp;</td><td>Reference to the configuration of the module </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nodes</em>&nbsp;</td><td>Nodes containing the information about the clustering ranges </td></tr>
<tr><td valign="top"></td><td valign="top"><em>n_nodes</em>&nbsp;</td><td>Number of nodes </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="a91458e2d34595688e39fcb63ba418849"></a><!-- doxytag: member="cluster.c::_config" ref="a91458e2d34595688e39fcb63ba418849" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structAI__config.html">AI_config</a>* <a class="el" href="cluster_8c.html#a91458e2d34595688e39fcb63ba418849">_config</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="aaf4c19f60f48741b0890c6114dcff7d9"></a><!-- doxytag: member="cluster.c::alert_log" ref="aaf4c19f60f48741b0890c6114dcff7d9" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9">alert_log</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a97d35425cf5a0207fb50b64ee8cdda82"></a><!-- doxytag: member="cluster.c::h_root" ref="a97d35425cf5a0207fb50b64ee8cdda82" args="[CLUSTER_TYPES]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* <a class="el" href="cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82">h_root</a>[CLUSTER_TYPES] = { NULL }</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
@ -502,7 +107,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

95
doc/html/db_8c.html Normal file
View File

@ -0,0 +1,95 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: db.c File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File&nbsp;List</span></a></li>
<li><a href="globals.html"><span>Globals</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>db.c File Reference</h1> </div>
</div>
<div class="contents">
<code>#include &quot;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&quot;</code><br/>
<code>#include &quot;<a class="el" href="db_8h_source.html">db.h</a>&quot;</code><br/>
<code>#include &lt;unistd.h&gt;</code><br/>
<code>#include &lt;time.h&gt;</code><br/>
<code>#include &lt;pthread.h&gt;</code><br/>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#gadf275635641f88725930de208fb5523f">AI_mysql_alertparser_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing alerts from MySQL database. <a href="group__mysql.html#gadf275635641f88725930de208fb5523f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#gab14c269b1187da75d35d4af3eb70a302">_AI_mysql_copy_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only). <a href="group__mysql.html#gab14c269b1187da75d35d4af3eb70a302"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b">AI_mysql_get_alerts</a> ()</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74">config</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#gae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE pthread_mutex_t&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#ga40bb4c7d0679e36cc0ec4fa41d36d96c">db_mutex</a> = PTHREAD_MUTEX_INITIALIZER</td></tr>
</table>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

140
doc/html/db_8h.html Normal file
View File

@ -0,0 +1,140 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: db.h File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File&nbsp;List</span></a></li>
<li><a href="globals.html"><span>Globals</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#func-members">Functions</a> </div>
<div class="headertitle">
<h1>db.h File Reference</h1> </div>
</div>
<div class="contents">
<p><a href="db_8h_source.html">Go to the source code of this file.</a></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="db_8h.html#abfca7b59301511bf708eef53cb70b7ee">DB_init</a> (<a class="el" href="structAI__config.html">AI_config</a> *)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">DB_result *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="db_8h.html#a51b1f8be35b963f30fa732fc22a5760e">DB_query</a> (const char *)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="db_8h.html#a7f625d084ac92d12b665fa7d53414727">DB_close</a> ()</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a7f625d084ac92d12b665fa7d53414727"></a><!-- doxytag: member="db.h::DB_close" ref="a7f625d084ac92d12b665fa7d53414727" args="()" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void DB_close </td>
<td>(</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Close the database descriptor </p>
</div>
</div>
<a class="anchor" id="abfca7b59301511bf708eef53cb70b7ee"></a><!-- doxytag: member="db.h::DB_init" ref="abfca7b59301511bf708eef53cb70b7ee" args="(AI_config *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* DB_init </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Initializer for the database </p>
</div>
</div>
<a class="anchor" id="a51b1f8be35b963f30fa732fc22a5760e"></a><!-- doxytag: member="db.h::DB_query" ref="a51b1f8be35b963f30fa732fc22a5760e" args="(const char *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">DB_result* DB_query </td>
<td>(</td>
<td class="paramtype">const char *&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Execute a query on the database and returns the result </p>
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

116
doc/html/db_8h_source.html Normal file
View File

@ -0,0 +1,116 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: db.h Source File</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File&nbsp;List</span></a></li>
<li><a href="globals.html"><span>Globals</span></a></li>
</ul>
</div>
<div class="header">
<div class="headertitle">
<h1>db.h</h1> </div>
</div>
<div class="contents">
<a href="db_8h.html">Go to the documentation of this file.</a><div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 <span class="comment">/*</span>
<a name="l00002"></a>00002 <span class="comment"> * =====================================================================================</span>
<a name="l00003"></a>00003 <span class="comment"> *</span>
<a name="l00004"></a>00004 <span class="comment"> * Filename: db.h</span>
<a name="l00005"></a>00005 <span class="comment"> *</span>
<a name="l00006"></a>00006 <span class="comment"> * Description: Manages the interface to several DBMS&#39;s through macros</span>
<a name="l00007"></a>00007 <span class="comment"> *</span>
<a name="l00008"></a>00008 <span class="comment"> * Version: 0.1</span>
<a name="l00009"></a>00009 <span class="comment"> * Created: 04/09/2010 20:21:06</span>
<a name="l00010"></a>00010 <span class="comment"> * Revision: none</span>
<a name="l00011"></a>00011 <span class="comment"> * Compiler: gcc</span>
<a name="l00012"></a>00012 <span class="comment"> *</span>
<a name="l00013"></a>00013 <span class="comment"> * Author: BlackLight (http://0x00.ath.cx), &lt;blacklight@autistici.org&gt;</span>
<a name="l00014"></a>00014 <span class="comment"> * Licence: GNU GPL v.3</span>
<a name="l00015"></a>00015 <span class="comment"> * Company: DO WHAT YOU WANT CAUSE A PIRATE IS FREE, YOU ARE A PIRATE!</span>
<a name="l00016"></a>00016 <span class="comment"> *</span>
<a name="l00017"></a>00017 <span class="comment"> * =====================================================================================</span>
<a name="l00018"></a>00018 <span class="comment"> */</span>
<a name="l00019"></a>00019
<a name="l00020"></a>00020 <span class="preprocessor">#ifndef _AI_DB_H</span>
<a name="l00021"></a>00021 <span class="preprocessor"></span><span class="preprocessor">#define _AI_DB_H</span>
<a name="l00022"></a>00022 <span class="preprocessor"></span>
<a name="l00023"></a>00023 <span class="preprocessor">#ifdef ENABLE_MYSQL</span>
<a name="l00024"></a>00024 <span class="preprocessor"></span><span class="preprocessor"> #include &lt;mysql/mysql.h&gt;</span>
<a name="l00025"></a>00025
<a name="l00026"></a>00026 <span class="keyword">typedef</span> MYSQL_RES* DB_result;
<a name="l00027"></a>00027 <span class="keyword">typedef</span> MYSQL_ROW DB_row;
<a name="l00028"></a>00028
<a name="l00029"></a>00029 <span class="preprocessor"> #define DB_init mysql_do_init</span>
<a name="l00030"></a>00030 <span class="preprocessor"></span><span class="preprocessor"> #define DB_query mysql_do_query</span>
<a name="l00031"></a>00031 <span class="preprocessor"></span><span class="preprocessor"> #define DB_num_rows mysql_num_rows</span>
<a name="l00032"></a>00032 <span class="preprocessor"></span><span class="preprocessor"> #define DB_fetch_row mysql_fetch_row</span>
<a name="l00033"></a>00033 <span class="preprocessor"></span><span class="preprocessor"> #define DB_free_result mysql_free_result</span>
<a name="l00034"></a>00034 <span class="preprocessor"></span><span class="preprocessor"> #define DB_close mysql_do_close</span>
<a name="l00035"></a>00035 <span class="preprocessor"></span><span class="preprocessor">#endif</span>
<a name="l00036"></a>00036 <span class="preprocessor"></span>
<a name="l00038"></a>00038 <span class="keywordtype">void</span>* <a class="code" href="db_8h.html#abfca7b59301511bf708eef53cb70b7ee">DB_init</a> ( <a class="code" href="structAI__config.html">AI_config</a>* );
<a name="l00039"></a>00039
<a name="l00041"></a>00041 DB_result* <a class="code" href="db_8h.html#a51b1f8be35b963f30fa732fc22a5760e">DB_query</a> ( <span class="keyword">const</span> <span class="keywordtype">char</span>* );
<a name="l00042"></a>00042
<a name="l00044"></a>00044 <span class="keywordtype">void</span> <a class="code" href="db_8h.html#a7f625d084ac92d12b665fa7d53414727">DB_close</a>();
<a name="l00045"></a>00045
<a name="l00046"></a>00046 <span class="preprocessor">#endif</span>
<a name="l00047"></a>00047 <span class="preprocessor"></span>
</pre></div></div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

5
doc/html/files.html
View File

@ -53,6 +53,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
Here is a list of all files with brief descriptions:<table>
<tr><td class="indexkey"><a class="el" href="alert__parser_8c.html">alert_parser.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="cluster_8c.html">cluster.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="db_8c.html">db.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="db_8h.html">db.h</a> <a href="db_8h_source.html">[code]</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="mysql_8c.html">mysql.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="regex_8c.html">regex.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="sf__dynamic__preproc__lib_8c.html">sf_dynamic_preproc_lib.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="sf__preproc__info_8h.html">sf_preproc_info.h</a> <a href="sf__preproc__info_8h_source.html">[code]</a></td><td class="indexvalue"></td></tr>
@ -76,7 +79,7 @@ Here is a list of all files with brief descriptions:<table>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

94
doc/html/functions.html
View File

@ -68,7 +68,6 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li><a href="#index_r"><span>r</span></a></li>
<li><a href="#index_s"><span>s</span></a></li>
<li><a href="#index_t"><span>t</span></a></li>
<li><a href="#index_w"><span>w</span></a></li>
</ul>
</div>
</div>
@ -76,9 +75,6 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
Here is a list of all struct and union fields with links to the structures/unions they belong to:
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>ack
: <a class="el" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">_AI_snort_alert</a>
</li>
<li>alertClusteringInterval
: <a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">AI_config</a>
</li>
@ -105,15 +101,26 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_d"></a>- d -</h3><ul>
<li>databaseParsingInterval
: <a class="el" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">AI_config</a>
</li>
<li>dbhost
: <a class="el" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">AI_config</a>
</li>
<li>dbname
: <a class="el" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">AI_config</a>
</li>
<li>dbpass
: <a class="el" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">AI_config</a>
</li>
<li>dbuser
: <a class="el" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">AI_config</a>
</li>
<li>desc
: <a class="el" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">_AI_snort_alert</a>
</li>
<li>dst_addr
: <a class="el" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">_AI_snort_alert</a>
</li>
<li>dst_port
: <a class="el" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">pkt_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">_AI_snort_alert</a>
</li>
</ul>
@ -143,14 +150,26 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_i"></a>- i -</h3><ul>
<li>id
: <a class="el" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">_AI_snort_alert</a>
<li>ip_dst_addr
: <a class="el" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">_AI_snort_alert</a>
</li>
<li>iplen
: <a class="el" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">_AI_snort_alert</a>
<li>ip_id
: <a class="el" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">_AI_snort_alert</a>
</li>
<li>ipproto
: <a class="el" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">_AI_snort_alert</a>
<li>ip_len
: <a class="el" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">_AI_snort_alert</a>
</li>
<li>ip_proto
: <a class="el" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">_AI_snort_alert</a>
</li>
<li>ip_src_addr
: <a class="el" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">_AI_snort_alert</a>
</li>
<li>ip_tos
: <a class="el" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">_AI_snort_alert</a>
</li>
<li>ip_ttl
: <a class="el" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">_AI_snort_alert</a>
</li>
</ul>
@ -225,21 +244,12 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_s"></a>- s -</h3><ul>
<li>sequence
: <a class="el" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">_AI_snort_alert</a>
</li>
<li>sid
: <a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">_AI_snort_alert</a>
</li>
<li>src_addr
: <a class="el" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">_AI_snort_alert</a>
</li>
<li>src_ip
: <a class="el" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">pkt_key</a>
</li>
<li>src_port
: <a class="el" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">_AI_snort_alert</a>
</li>
<li>stream
: <a class="el" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">_AI_snort_alert</a>
</li>
@ -250,32 +260,34 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_t"></a>- t -</h3><ul>
<li>tcp_ack
: <a class="el" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">_AI_snort_alert</a>
</li>
<li>tcp_dst_port
: <a class="el" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">_AI_snort_alert</a>
</li>
<li>tcp_flags
: <a class="el" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">_AI_snort_alert</a>
</li>
<li>tcplen
: <a class="el" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">_AI_snort_alert</a>
<li>tcp_len
: <a class="el" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">_AI_snort_alert</a>
</li>
<li>tcp_seq
: <a class="el" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">_AI_snort_alert</a>
</li>
<li>tcp_src_port
: <a class="el" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">_AI_snort_alert</a>
</li>
<li>tcp_window
: <a class="el" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">_AI_snort_alert</a>
</li>
<li>timestamp
: <a class="el" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">_AI_snort_alert</a>
, <a class="el" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">pkt_info</a>
</li>
<li>tos
: <a class="el" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">_AI_snort_alert</a>
</li>
<li>ttl
: <a class="el" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">_AI_snort_alert</a>
</li>
<li>type
: <a class="el" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">_hierarchy_node</a>
, <a class="el" href="structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c">attribute_value</a>
</li>
</ul>
<h3><a class="anchor" id="index_w"></a>- w -</h3><ul>
<li>window
: <a class="el" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">_AI_snort_alert</a>
: <a class="el" href="structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c">attribute_value</a>
, <a class="el" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">_hierarchy_node</a>
</li>
</ul>
</div>
@ -293,7 +305,7 @@ Here is a list of all struct and union fields with links to the structures/union
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

94
doc/html/functions_vars.html
View File

@ -68,7 +68,6 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li><a href="#index_r"><span>r</span></a></li>
<li><a href="#index_s"><span>s</span></a></li>
<li><a href="#index_t"><span>t</span></a></li>
<li><a href="#index_w"><span>w</span></a></li>
</ul>
</div>
</div>
@ -76,9 +75,6 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
&nbsp;
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>ack
: <a class="el" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">_AI_snort_alert</a>
</li>
<li>alertClusteringInterval
: <a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">AI_config</a>
</li>
@ -105,15 +101,26 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_d"></a>- d -</h3><ul>
<li>databaseParsingInterval
: <a class="el" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">AI_config</a>
</li>
<li>dbhost
: <a class="el" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">AI_config</a>
</li>
<li>dbname
: <a class="el" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">AI_config</a>
</li>
<li>dbpass
: <a class="el" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">AI_config</a>
</li>
<li>dbuser
: <a class="el" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">AI_config</a>
</li>
<li>desc
: <a class="el" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">_AI_snort_alert</a>
</li>
<li>dst_addr
: <a class="el" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">_AI_snort_alert</a>
</li>
<li>dst_port
: <a class="el" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">pkt_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">_AI_snort_alert</a>
</li>
</ul>
@ -143,14 +150,26 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_i"></a>- i -</h3><ul>
<li>id
: <a class="el" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">_AI_snort_alert</a>
<li>ip_dst_addr
: <a class="el" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">_AI_snort_alert</a>
</li>
<li>iplen
: <a class="el" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">_AI_snort_alert</a>
<li>ip_id
: <a class="el" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">_AI_snort_alert</a>
</li>
<li>ipproto
: <a class="el" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">_AI_snort_alert</a>
<li>ip_len
: <a class="el" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">_AI_snort_alert</a>
</li>
<li>ip_proto
: <a class="el" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">_AI_snort_alert</a>
</li>
<li>ip_src_addr
: <a class="el" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">_AI_snort_alert</a>
</li>
<li>ip_tos
: <a class="el" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">_AI_snort_alert</a>
</li>
<li>ip_ttl
: <a class="el" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">_AI_snort_alert</a>
</li>
</ul>
@ -225,21 +244,12 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_s"></a>- s -</h3><ul>
<li>sequence
: <a class="el" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">_AI_snort_alert</a>
</li>
<li>sid
: <a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">_AI_snort_alert</a>
</li>
<li>src_addr
: <a class="el" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">_AI_snort_alert</a>
</li>
<li>src_ip
: <a class="el" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">pkt_key</a>
</li>
<li>src_port
: <a class="el" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">_AI_snort_alert</a>
</li>
<li>stream
: <a class="el" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">_AI_snort_alert</a>
</li>
@ -250,32 +260,34 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_t"></a>- t -</h3><ul>
<li>tcp_ack
: <a class="el" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">_AI_snort_alert</a>
</li>
<li>tcp_dst_port
: <a class="el" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">_AI_snort_alert</a>
</li>
<li>tcp_flags
: <a class="el" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">_AI_snort_alert</a>
</li>
<li>tcplen
: <a class="el" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">_AI_snort_alert</a>
<li>tcp_len
: <a class="el" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">_AI_snort_alert</a>
</li>
<li>tcp_seq
: <a class="el" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">_AI_snort_alert</a>
</li>
<li>tcp_src_port
: <a class="el" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">_AI_snort_alert</a>
</li>
<li>tcp_window
: <a class="el" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">_AI_snort_alert</a>
</li>
<li>timestamp
: <a class="el" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">_AI_snort_alert</a>
, <a class="el" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">pkt_info</a>
</li>
<li>tos
: <a class="el" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">_AI_snort_alert</a>
</li>
<li>ttl
: <a class="el" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">_AI_snort_alert</a>
</li>
<li>type
: <a class="el" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">_hierarchy_node</a>
, <a class="el" href="structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c">attribute_value</a>
</li>
</ul>
<h3><a class="anchor" id="index_w"></a>- w -</h3><ul>
<li>window
: <a class="el" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">_AI_snort_alert</a>
: <a class="el" href="structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c">attribute_value</a>
, <a class="el" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">_hierarchy_node</a>
</li>
</ul>
</div>
@ -293,7 +305,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

141
doc/html/globals.html
View File

@ -64,6 +64,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li><a href="#index_d"><span>d</span></a></li>
<li><a href="#index_e"><span>e</span></a></li>
<li><a href="#index_f"><span>f</span></a></li>
<li><a href="#index_g"><span>g</span></a></li>
<li><a href="#index_h"><span>h</span></a></li>
<li><a href="#index_i"><span>i</span></a></li>
<li><a href="#index_l"><span>l</span></a></li>
@ -82,93 +83,107 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<h3><a class="anchor" id="index__"></a>- _ -</h3><ul>
<li>_AI_check_duplicate()
: <a class="el" href="cluster_8c.html#a29c35cd6c56f54e27b5b190c6d6c487a">cluster.c</a>
: <a class="el" href="group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a">cluster.c</a>
</li>
<li>_AI_cluster_thread()
: <a class="el" href="cluster_8c.html#a8a5eae61dc9fd0f13e0acdfa5f4478e2">cluster.c</a>
: <a class="el" href="group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2">cluster.c</a>
</li>
<li>_AI_copy_alerts()
: <a class="el" href="alert__parser_8c.html#a6c5014cae9155379fdc4db649b2c862d">alert_parser.c</a>
: <a class="el" href="group__alert__parser.html#ga6c5014cae9155379fdc4db649b2c862d">alert_parser.c</a>
</li>
<li>_AI_equal_alarms()
: <a class="el" href="cluster_8c.html#a0f91c8bfc37a3975f5c26b19fd6c5cba">cluster.c</a>
: <a class="el" href="group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba">cluster.c</a>
</li>
<li>_AI_get_min_hierarchy_node()
: <a class="el" href="cluster_8c.html#a6ddddcd505b1f763c339e81fc143e079">cluster.c</a>
: <a class="el" href="group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079">cluster.c</a>
</li>
<li>_AI_merge_alerts()
: <a class="el" href="cluster_8c.html#a8ce8e5a5d8954672297fa2dedb380dcd">cluster.c</a>
: <a class="el" href="group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd">cluster.c</a>
</li>
<li>_AI_mysql_copy_alerts()
: <a class="el" href="group__mysql.html#gab14c269b1187da75d35d4af3eb70a302">db.c</a>
</li>
<li>_AI_print_clustered_alerts()
: <a class="el" href="cluster_8c.html#a7d151880080470b542e99643dc0426a7">cluster.c</a>
: <a class="el" href="group__cluster.html#ga7d151880080470b542e99643dc0426a7">cluster.c</a>
</li>
<li>_AI_stream_free()
: <a class="el" href="stream_8c.html#a80016adf701c717a6ebfb5b15b8a5749">stream.c</a>
: <a class="el" href="group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749">stream.c</a>
</li>
<li>_config
: <a class="el" href="cluster_8c.html#a91458e2d34595688e39fcb63ba418849">cluster.c</a>
: <a class="el" href="group__cluster.html#ga91458e2d34595688e39fcb63ba418849">cluster.c</a>
</li>
<li>_dpd
: <a class="el" href="sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c">sf_dynamic_preproc_lib.c</a>
, <a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">spp_ai.h</a>
</li>
<li>_heuristic_func()
: <a class="el" href="cluster_8c.html#a81f5fa721719fdb281595a568eef2101">cluster.c</a>
: <a class="el" href="group__cluster.html#ga81f5fa721719fdb281595a568eef2101">cluster.c</a>
</li>
<li>_hierarchy_node_append()
: <a class="el" href="cluster_8c.html#a5601a1f603d9c870ef6e2df192e30c30">cluster.c</a>
: <a class="el" href="group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30">cluster.c</a>
</li>
<li>_hierarchy_node_new()
: <a class="el" href="cluster_8c.html#a2f1a22cfea64e4669da0467620c3e3b3">cluster.c</a>
: <a class="el" href="group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3">cluster.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>AI_alertparser_thread()
: <a class="el" href="alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a">alert_parser.c</a>
, <a class="el" href="spp__ai_8h.html#a842a3204c6e067a9920990b573757181">spp_ai.h</a>
<li>AI_file_alertparser_thread()
: <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">alert_parser.c</a>
, <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">spp_ai.h</a>
</li>
<li>AI_free_alerts()
: <a class="el" href="spp__ai_8h.html#a270e86669a0aa64a8da37bc16cda645b">spp_ai.h</a>
, <a class="el" href="alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b">alert_parser.c</a>
: <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">spp_ai.h</a>
, <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">alert_parser.c</a>
</li>
<li>AI_get_alerts()
: <a class="el" href="alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f">alert_parser.c</a>
, <a class="el" href="spp__ai_8h.html#af19a28f7cbcdfeb2b66fb3b625b75076">spp_ai.h</a>
: <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">alert_parser.c</a>
, <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">spp_ai.h</a>
</li>
<li>AI_get_stream_by_key()
: <a class="el" href="stream_8c.html#a2efedcabbfd12c5345f0c93a3dd4735c">stream.c</a>
, <a class="el" href="spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a">spp_ai.h</a>
: <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">stream.c</a>
, <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">spp_ai.h</a>
</li>
<li>AI_hashcleanup_thread()
: <a class="el" href="spp__ai_8h.html#ad56f71be823eead743972274b99c82ff">spp_ai.h</a>
, <a class="el" href="stream_8c.html#a24b1131374e5059564b8a12380c4eb75">stream.c</a>
: <a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">spp_ai.h</a>
, <a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">stream.c</a>
</li>
<li>AI_hierarchies_build()
: <a class="el" href="cluster_8c.html#a1445818b37483f78cc3fb2890155842c">cluster.c</a>
, <a class="el" href="spp__ai_8h.html#a857348424b9db45c90f95631eb96fd7c">spp_ai.h</a>
: <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">cluster.c</a>
, <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">spp_ai.h</a>
</li>
<li>AI_init()
: <a class="el" href="spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242">spp_ai.c</a>
: <a class="el" href="group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242">spp_ai.c</a>
</li>
<li>AI_mysql_alertparser_thread()
: <a class="el" href="group__mysql.html#gadf275635641f88725930de208fb5523f">db.c</a>
, <a class="el" href="group__mysql.html#gadf275635641f88725930de208fb5523f">spp_ai.h</a>
</li>
<li>AI_mysql_free_alerts()
: <a class="el" href="spp__ai_8h.html#ad0d003c241328962df5757398329b809">spp_ai.h</a>
</li>
<li>AI_mysql_get_alerts()
: <a class="el" href="group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b">db.c</a>
, <a class="el" href="group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b">spp_ai.h</a>
</li>
<li>AI_parse()
: <a class="el" href="spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e">spp_ai.c</a>
: <a class="el" href="group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e">spp_ai.c</a>
</li>
<li>AI_pkt_enqueue()
: <a class="el" href="stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5">stream.c</a>
, <a class="el" href="spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29">spp_ai.h</a>
: <a class="el" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5">spp_ai.h</a>
, <a class="el" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5">stream.c</a>
</li>
<li>AI_process()
: <a class="el" href="spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1">spp_ai.c</a>
: <a class="el" href="group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1">spp_ai.c</a>
</li>
<li>AI_set_stream_observed()
: <a class="el" href="spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02">spp_ai.h</a>
, <a class="el" href="stream_8c.html#a8749989cee2ac05a7de058faac280c02">stream.c</a>
: <a class="el" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02">spp_ai.h</a>
, <a class="el" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02">stream.c</a>
</li>
<li>AI_setup()
: <a class="el" href="sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c">sf_preproc_info.h</a>
, <a class="el" href="spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570">spp_ai.c</a>
: <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">spp_ai.c</a>
, <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">sf_preproc_info.h</a>
</li>
<li>AI_snort_alert
: <a class="el" href="spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897">spp_ai.h</a>
@ -177,10 +192,14 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
: <a class="el" href="alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6">alert_parser.c</a>
</li>
<li>alert_log
: <a class="el" href="cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9">cluster.c</a>
: <a class="el" href="group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9">cluster.c</a>
</li>
<li>alertparser_thread
: <a class="el" href="group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0">spp_ai.c</a>
</li>
<li>alerts
: <a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alert_parser.c</a>
: <a class="el" href="group__mysql.html#gae837fc04e61c0eb052f997c54b4fd9fe">db.c</a>
, <a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alert_parser.c</a>
</li>
</ul>
@ -202,10 +221,28 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>CLUSTER_TYPES
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">spp_ai.h</a>
</li>
<li>config
: <a class="el" href="group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74">db.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_d"></a>- d -</h3><ul>
<li>db
: <a class="el" href="mysql_8c.html#aedbcc8d9f1bd3c64adf6ad8ccfcd48a4">mysql.c</a>
</li>
<li>DB_close()
: <a class="el" href="db_8h.html#a7f625d084ac92d12b665fa7d53414727">db.h</a>
</li>
<li>DB_init()
: <a class="el" href="db_8h.html#abfca7b59301511bf708eef53cb70b7ee">db.h</a>
</li>
<li>db_mutex
: <a class="el" href="group__mysql.html#ga40bb4c7d0679e36cc0ec4fa41d36d96c">db.c</a>
</li>
<li>DB_query()
: <a class="el" href="db_8h.html#a51b1f8be35b963f30fa732fc22a5760e">db.h</a>
</li>
<li>DEFAULT_ALERT_CLUSTERING_INTERVAL
: <a class="el" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">spp_ai.h</a>
</li>
@ -215,6 +252,9 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>DEFAULT_CLUSTER_LOG_FILE
: <a class="el" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">spp_ai.h</a>
</li>
<li>DEFAULT_DATABASE_INTERVAL
: <a class="el" href="spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310">spp_ai.h</a>
</li>
<li>DEFAULT_HASH_CLEANUP_INTERVAL
: <a class="el" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">spp_ai.h</a>
</li>
@ -238,7 +278,7 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<h3><a class="anchor" id="index_e"></a>- e -</h3><ul>
<li>ex_config
: <a class="el" href="spp__ai_8c.html#a3dd75596c540d148643fe6d1fdc02628">spp_ai.c</a>
: <a class="el" href="group__spp__ai.html#ga3dd75596c540d148643fe6d1fdc02628">spp_ai.c</a>
</li>
</ul>
@ -250,13 +290,23 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
</ul>
<h3><a class="anchor" id="index_g"></a>- g -</h3><ul>
<li>get_alerts
: <a class="el" href="spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7">spp_ai.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_h"></a>- h -</h3><ul>
<li>h_root
: <a class="el" href="cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82">cluster.c</a>
: <a class="el" href="group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82">cluster.c</a>
</li>
<li>hash
: <a class="el" href="stream_8c.html#a57e23cda853e9d11c37723a962ef2f68">stream.c</a>
</li>
<li>hash_mutex
: <a class="el" href="stream_8c.html#a4e01edd07102e71480b323db2b8f57c8">stream.c</a>
</li>
<li>hierarchy_node
: <a class="el" href="spp__ai_8h.html#a466391129919ef12366d311d501552fa">spp_ai.h</a>
</li>
@ -284,6 +334,15 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>MINOR_VERSION
: <a class="el" href="sf__preproc__info_8h.html#a320988aa2655ee094f3a34a52da10831">sf_preproc_info.h</a>
</li>
<li>mysql_do_close()
: <a class="el" href="mysql_8c.html#a55eb83ebfb4caefbc4d9cee8aa0095e3">mysql.c</a>
</li>
<li>mysql_do_init()
: <a class="el" href="mysql_8c.html#a3fba38c3da4a252a55d81088c6fe9078">mysql.c</a>
</li>
<li>mysql_do_query()
: <a class="el" href="mysql_8c.html#a90f2e6f4081c0c66f8da54b98aee2674">mysql.c</a>
</li>
</ul>
@ -299,8 +358,8 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
: <a class="el" href="sfPolicyUserData_8c.html#a0a415b8e70250b11e64a463134d00b4f">sfPolicyUserData.c</a>
</li>
<li>preg_match()
: <a class="el" href="regex_8c.html#a35f57c052a7de1ded54b67a1f7819791">regex.c</a>
, <a class="el" href="spp__ai_8h.html#a85c0852b05b60cbfe0130534160c9876">spp_ai.h</a>
: <a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">regex.c</a>
, <a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">spp_ai.h</a>
</li>
<li>PREPROC_NAME
: <a class="el" href="sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af">sf_preproc_info.h</a>
@ -379,7 +438,7 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

5
doc/html/globals_defs.html
View File

@ -70,6 +70,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>DEFAULT_CLUSTER_LOG_FILE
: <a class="el" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">spp_ai.h</a>
</li>
<li>DEFAULT_DATABASE_INTERVAL
: <a class="el" href="spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310">spp_ai.h</a>
</li>
<li>DEFAULT_HASH_CLEANUP_INTERVAL
: <a class="el" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">spp_ai.h</a>
</li>
@ -107,7 +110,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/globals_enum.html
View File

@ -80,7 +80,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/globals_eval.html
View File

@ -98,7 +98,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

109
doc/html/globals_func.html
View File

@ -62,6 +62,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li><a href="#index_d"><span>d</span></a></li>
<li><a href="#index_i"><span>i</span></a></li>
<li><a href="#index_l"><span>l</span></a></li>
<li><a href="#index_m"><span>m</span></a></li>
<li><a href="#index_p"><span>p</span></a></li>
<li><a href="#index_s"><span>s</span></a></li>
</ul>
@ -72,91 +73,114 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index__"></a>- _ -</h3><ul>
<li>_AI_check_duplicate()
: <a class="el" href="cluster_8c.html#a29c35cd6c56f54e27b5b190c6d6c487a">cluster.c</a>
: <a class="el" href="group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a">cluster.c</a>
</li>
<li>_AI_cluster_thread()
: <a class="el" href="cluster_8c.html#a8a5eae61dc9fd0f13e0acdfa5f4478e2">cluster.c</a>
: <a class="el" href="group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2">cluster.c</a>
</li>
<li>_AI_copy_alerts()
: <a class="el" href="alert__parser_8c.html#a6c5014cae9155379fdc4db649b2c862d">alert_parser.c</a>
: <a class="el" href="group__alert__parser.html#ga6c5014cae9155379fdc4db649b2c862d">alert_parser.c</a>
</li>
<li>_AI_equal_alarms()
: <a class="el" href="cluster_8c.html#a0f91c8bfc37a3975f5c26b19fd6c5cba">cluster.c</a>
: <a class="el" href="group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba">cluster.c</a>
</li>
<li>_AI_get_min_hierarchy_node()
: <a class="el" href="cluster_8c.html#a6ddddcd505b1f763c339e81fc143e079">cluster.c</a>
: <a class="el" href="group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079">cluster.c</a>
</li>
<li>_AI_merge_alerts()
: <a class="el" href="cluster_8c.html#a8ce8e5a5d8954672297fa2dedb380dcd">cluster.c</a>
: <a class="el" href="group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd">cluster.c</a>
</li>
<li>_AI_mysql_copy_alerts()
: <a class="el" href="group__mysql.html#gab14c269b1187da75d35d4af3eb70a302">db.c</a>
</li>
<li>_AI_print_clustered_alerts()
: <a class="el" href="cluster_8c.html#a7d151880080470b542e99643dc0426a7">cluster.c</a>
: <a class="el" href="group__cluster.html#ga7d151880080470b542e99643dc0426a7">cluster.c</a>
</li>
<li>_AI_stream_free()
: <a class="el" href="stream_8c.html#a80016adf701c717a6ebfb5b15b8a5749">stream.c</a>
: <a class="el" href="group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749">stream.c</a>
</li>
<li>_heuristic_func()
: <a class="el" href="cluster_8c.html#a81f5fa721719fdb281595a568eef2101">cluster.c</a>
: <a class="el" href="group__cluster.html#ga81f5fa721719fdb281595a568eef2101">cluster.c</a>
</li>
<li>_hierarchy_node_append()
: <a class="el" href="cluster_8c.html#a5601a1f603d9c870ef6e2df192e30c30">cluster.c</a>
: <a class="el" href="group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30">cluster.c</a>
</li>
<li>_hierarchy_node_new()
: <a class="el" href="cluster_8c.html#a2f1a22cfea64e4669da0467620c3e3b3">cluster.c</a>
: <a class="el" href="group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3">cluster.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>AI_alertparser_thread()
: <a class="el" href="alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a">alert_parser.c</a>
, <a class="el" href="spp__ai_8h.html#a842a3204c6e067a9920990b573757181">spp_ai.h</a>
<li>AI_file_alertparser_thread()
: <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">alert_parser.c</a>
, <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">spp_ai.h</a>
</li>
<li>AI_free_alerts()
: <a class="el" href="spp__ai_8h.html#a270e86669a0aa64a8da37bc16cda645b">spp_ai.h</a>
, <a class="el" href="alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b">alert_parser.c</a>
: <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">spp_ai.h</a>
, <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">alert_parser.c</a>
</li>
<li>AI_get_alerts()
: <a class="el" href="alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f">alert_parser.c</a>
, <a class="el" href="spp__ai_8h.html#af19a28f7cbcdfeb2b66fb3b625b75076">spp_ai.h</a>
: <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">alert_parser.c</a>
, <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">spp_ai.h</a>
</li>
<li>AI_get_stream_by_key()
: <a class="el" href="stream_8c.html#a2efedcabbfd12c5345f0c93a3dd4735c">stream.c</a>
, <a class="el" href="spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a">spp_ai.h</a>
: <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">stream.c</a>
, <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">spp_ai.h</a>
</li>
<li>AI_hashcleanup_thread()
: <a class="el" href="spp__ai_8h.html#ad56f71be823eead743972274b99c82ff">spp_ai.h</a>
, <a class="el" href="stream_8c.html#a24b1131374e5059564b8a12380c4eb75">stream.c</a>
: <a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">spp_ai.h</a>
, <a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">stream.c</a>
</li>
<li>AI_hierarchies_build()
: <a class="el" href="cluster_8c.html#a1445818b37483f78cc3fb2890155842c">cluster.c</a>
, <a class="el" href="spp__ai_8h.html#a857348424b9db45c90f95631eb96fd7c">spp_ai.h</a>
: <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">cluster.c</a>
, <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">spp_ai.h</a>
</li>
<li>AI_init()
: <a class="el" href="spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242">spp_ai.c</a>
: <a class="el" href="group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242">spp_ai.c</a>
</li>
<li>AI_mysql_alertparser_thread()
: <a class="el" href="group__mysql.html#gadf275635641f88725930de208fb5523f">spp_ai.h</a>
, <a class="el" href="group__mysql.html#gadf275635641f88725930de208fb5523f">db.c</a>
</li>
<li>AI_mysql_free_alerts()
: <a class="el" href="spp__ai_8h.html#ad0d003c241328962df5757398329b809">spp_ai.h</a>
</li>
<li>AI_mysql_get_alerts()
: <a class="el" href="group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b">db.c</a>
, <a class="el" href="group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b">spp_ai.h</a>
</li>
<li>AI_parse()
: <a class="el" href="spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e">spp_ai.c</a>
: <a class="el" href="group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e">spp_ai.c</a>
</li>
<li>AI_pkt_enqueue()
: <a class="el" href="stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5">stream.c</a>
, <a class="el" href="spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29">spp_ai.h</a>
: <a class="el" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5">stream.c</a>
, <a class="el" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5">spp_ai.h</a>
</li>
<li>AI_process()
: <a class="el" href="spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1">spp_ai.c</a>
: <a class="el" href="group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1">spp_ai.c</a>
</li>
<li>AI_set_stream_observed()
: <a class="el" href="stream_8c.html#a8749989cee2ac05a7de058faac280c02">stream.c</a>
, <a class="el" href="spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02">spp_ai.h</a>
: <a class="el" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02">spp_ai.h</a>
, <a class="el" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02">stream.c</a>
</li>
<li>AI_setup()
: <a class="el" href="sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c">sf_preproc_info.h</a>
, <a class="el" href="spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570">spp_ai.c</a>
: <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">sf_preproc_info.h</a>
, <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">spp_ai.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_d"></a>- d -</h3><ul>
<li>DB_close()
: <a class="el" href="db_8h.html#a7f625d084ac92d12b665fa7d53414727">db.h</a>
</li>
<li>DB_init()
: <a class="el" href="db_8h.html#abfca7b59301511bf708eef53cb70b7ee">db.h</a>
</li>
<li>DB_query()
: <a class="el" href="db_8h.html#a51b1f8be35b963f30fa732fc22a5760e">db.h</a>
</li>
<li>DynamicPreprocessorFatalMessage()
: <a class="el" href="sf__dynamic__preproc__lib_8c.html#a57c853c0f626bde2af6619cdeeb7471b">sf_dynamic_preproc_lib.c</a>
</li>
@ -177,10 +201,23 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</ul>
<h3><a class="anchor" id="index_m"></a>- m -</h3><ul>
<li>mysql_do_close()
: <a class="el" href="mysql_8c.html#a55eb83ebfb4caefbc4d9cee8aa0095e3">mysql.c</a>
</li>
<li>mysql_do_init()
: <a class="el" href="mysql_8c.html#a3fba38c3da4a252a55d81088c6fe9078">mysql.c</a>
</li>
<li>mysql_do_query()
: <a class="el" href="mysql_8c.html#a90f2e6f4081c0c66f8da54b98aee2674">mysql.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_p"></a>- p -</h3><ul>
<li>preg_match()
: <a class="el" href="regex_8c.html#a35f57c052a7de1ded54b67a1f7819791">regex.c</a>
, <a class="el" href="spp__ai_8h.html#a85c0852b05b60cbfe0130534160c9876">spp_ai.h</a>
: <a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">regex.c</a>
, <a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">spp_ai.h</a>
</li>
</ul>
@ -217,7 +254,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/globals_type.html
View File

@ -89,7 +89,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

29
doc/html/globals_vars.html
View File

@ -59,7 +59,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<div class="contents">
&nbsp;<ul>
<li>_config
: <a class="el" href="cluster_8c.html#a91458e2d34595688e39fcb63ba418849">cluster.c</a>
: <a class="el" href="group__cluster.html#ga91458e2d34595688e39fcb63ba418849">cluster.c</a>
</li>
<li>_dpd
: <a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">spp_ai.h</a>
@ -69,20 +69,39 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
: <a class="el" href="alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6">alert_parser.c</a>
</li>
<li>alert_log
: <a class="el" href="cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9">cluster.c</a>
: <a class="el" href="group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9">cluster.c</a>
</li>
<li>alertparser_thread
: <a class="el" href="group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0">spp_ai.c</a>
</li>
<li>alerts
: <a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alert_parser.c</a>
, <a class="el" href="group__mysql.html#gae837fc04e61c0eb052f997c54b4fd9fe">db.c</a>
</li>
<li>config
: <a class="el" href="group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74">db.c</a>
</li>
<li>db
: <a class="el" href="mysql_8c.html#aedbcc8d9f1bd3c64adf6ad8ccfcd48a4">mysql.c</a>
</li>
<li>db_mutex
: <a class="el" href="group__mysql.html#ga40bb4c7d0679e36cc0ec4fa41d36d96c">db.c</a>
</li>
<li>ex_config
: <a class="el" href="spp__ai_8c.html#a3dd75596c540d148643fe6d1fdc02628">spp_ai.c</a>
: <a class="el" href="group__spp__ai.html#ga3dd75596c540d148643fe6d1fdc02628">spp_ai.c</a>
</li>
<li>get_alerts
: <a class="el" href="spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7">spp_ai.h</a>
</li>
<li>h_root
: <a class="el" href="cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82">cluster.c</a>
: <a class="el" href="group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82">cluster.c</a>
</li>
<li>hash
: <a class="el" href="stream_8c.html#a57e23cda853e9d11c37723a962ef2f68">stream.c</a>
</li>
<li>hash_mutex
: <a class="el" href="stream_8c.html#a4e01edd07102e71480b323db2b8f57c8">stream.c</a>
</li>
<li>parserPolicyId
: <a class="el" href="sfPolicyUserData_8c.html#a0a415b8e70250b11e64a463134d00b4f">sfPolicyUserData.c</a>
</li>
@ -108,7 +127,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

181
doc/html/group__alert__parser.html Normal file
View File

@ -0,0 +1,181 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: Parse the alert log into binary structures</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#func-members">Functions</a> </div>
<div class="headertitle">
<h1>Parse the alert log into binary structures</h1> </div>
</div>
<div class="contents">
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">AI_file_alertparser_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing Snort's alert file. <a href="#ga5aab8d9bdf0e92a51731442fd787f61f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga6c5014cae9155379fdc4db649b2c862d">_AI_copy_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only). <a href="#ga6c5014cae9155379fdc4db649b2c862d"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">AI_get_alerts</a> ()</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="#ga99474495643197b3075ac22ec6f6c70f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">AI_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Deallocate the memory of a log alert linked list. <a href="#ga270e86669a0aa64a8da37bc16cda645b"></a><br/></td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="ga6c5014cae9155379fdc4db649b2c862d"></a><!-- doxytag: member="alert_parser.c::_AI_copy_alerts" ref="ga6c5014cae9155379fdc4db649b2c862d" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* _AI_copy_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>node</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only). </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Starting node (used for the recursion) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A copy of the alert log linked list </dd></dl>
</div>
</div>
<a class="anchor" id="ga5aab8d9bdf0e92a51731442fd787f61f"></a><!-- doxytag: member="alert_parser.c::AI_file_alertparser_thread" ref="ga5aab8d9bdf0e92a51731442fd787f61f" args="(void *arg)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_file_alertparser_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for parsing Snort's alert file. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>void* pointer to module's configuration </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga270e86669a0aa64a8da37bc16cda645b"></a><!-- doxytag: member="alert_parser.c::AI_free_alerts" ref="ga270e86669a0aa64a8da37bc16cda645b" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_free_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>node</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Deallocate the memory of a log alert linked list. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Linked list to be freed </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga99474495643197b3075ac22ec6f6c70f"></a><!-- doxytag: member="alert_parser.c::AI_get_alerts" ref="ga99474495643197b3075ac22ec6f6c70f" args="()" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_get_alerts </td>
<td>(</td>
<td class="paramtype">void&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Return the alerts parsed so far as a linked list. </p>
<dl class="return"><dt><b>Returns:</b></dt><dd>An AI_snort_alert pointer identifying the list of alerts </dd></dl>
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

488
doc/html/group__cluster.html Normal file
View File

@ -0,0 +1,488 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: Manage the clustering of alarms</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#nested-classes">Data Structures</a> &#124;
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>Manage the clustering of alarms</h1> </div>
</div>
<div class="contents">
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="nested-classes"></a>
Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__key.html">attribute_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__value.html">attribute_value</a></td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga81f5fa721719fdb281595a568eef2101">_heuristic_func</a> (<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> type)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). <a href="#ga81f5fa721719fdb281595a568eef2101"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3">_hierarchy_node_new</a> (char *label, int min_val, int max_val)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Create a new clustering hierarchy node. <a href="#ga2f1a22cfea64e4669da0467620c3e3b3"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30">_hierarchy_node_append</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *parent, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *child)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Append a node to a clustering hierarchy node. <a href="#ga5601a1f603d9c870ef6e2df192e30c30"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079">_AI_get_min_hierarchy_node</a> (int val, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get the minimum node in a hierarchy tree that matches a certain value. <a href="#ga6ddddcd505b1f763c339e81fc143e079"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba">_AI_equal_alarms</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a1, <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a2)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if two alerts are semantically equal. <a href="#ga0f91c8bfc37a3975f5c26b19fd6c5cba"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd">_AI_merge_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **log)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Merge the alerts marked as equal in the log. <a href="#ga8ce8e5a5d8954672297fa2dedb380dcd"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga7d151880080470b542e99643dc0426a7">_AI_print_clustered_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *log, FILE *fp)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Print the clustered alerts to a log file. <a href="#ga7d151880080470b542e99643dc0426a7"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2">_AI_cluster_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for periodically clustering the log information. <a href="#ga8a5eae61dc9fd0f13e0acdfa5f4478e2"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a">_AI_check_duplicate</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *node, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. <a href="#ga29c35cd6c56f54e27b5b190c6d6c487a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *conf, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **nodes, int n_nodes)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="#ga1445818b37483f78cc3fb2890155842c"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82">h_root</a> [CLUSTER_TYPES] = { NULL }</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga91458e2d34595688e39fcb63ba418849">_config</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9">alert_log</a> = NULL</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="ga29c35cd6c56f54e27b5b190c6d6c487a"></a><!-- doxytag: member="cluster.c::_AI_check_duplicate" ref="ga29c35cd6c56f54e27b5b190c6d6c487a" args="(hierarchy_node *node, hierarchy_node *root)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> _AI_check_duplicate </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>node</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>root</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Node to be checked </td></tr>
<tr><td valign="top"></td><td valign="top"><em>root</em>&nbsp;</td><td>Clustering hierarchy </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>True if 'node' is already in 'root', false otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="ga8a5eae61dc9fd0f13e0acdfa5f4478e2"></a><!-- doxytag: member="cluster.c::_AI_cluster_thread" ref="ga8a5eae61dc9fd0f13e0acdfa5f4478e2" args="(void *arg)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void* _AI_cluster_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for periodically clustering the log information. </p>
</div>
</div>
<a class="anchor" id="ga0f91c8bfc37a3975f5c26b19fd6c5cba"></a><!-- doxytag: member="cluster.c::_AI_equal_alarms" ref="ga0f91c8bfc37a3975f5c26b19fd6c5cba" args="(AI_snort_alert *a1, AI_snort_alert *a2)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> _AI_equal_alarms </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>a1</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>a2</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if two alerts are semantically equal. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>a1</em>&nbsp;</td><td>First alert </td></tr>
<tr><td valign="top"></td><td valign="top"><em>a2</em>&nbsp;</td><td>Second alert </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>True if they are equal, false otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="ga6ddddcd505b1f763c339e81fc143e079"></a><!-- doxytag: member="cluster.c::_AI_get_min_hierarchy_node" ref="ga6ddddcd505b1f763c339e81fc143e079" args="(int val, hierarchy_node *root)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* _AI_get_min_hierarchy_node </td>
<td>(</td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>val</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>root</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Get the minimum node in a hierarchy tree that matches a certain value. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>val</em>&nbsp;</td><td>Value to be matched in the range </td></tr>
<tr><td valign="top"></td><td valign="top"><em>root</em>&nbsp;</td><td>Root of the hierarchy </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The minimum node that matches the value if any, NULL otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="ga8ce8e5a5d8954672297fa2dedb380dcd"></a><!-- doxytag: member="cluster.c::_AI_merge_alerts" ref="ga8ce8e5a5d8954672297fa2dedb380dcd" args="(AI_snort_alert **log)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE int _AI_merge_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **&nbsp;</td>
<td class="paramname"> <em>log</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Merge the alerts marked as equal in the log. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>log</em>&nbsp;</td><td>Alert log reference </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The number of merged couples </dd></dl>
</div>
</div>
<a class="anchor" id="ga7d151880080470b542e99643dc0426a7"></a><!-- doxytag: member="cluster.c::_AI_print_clustered_alerts" ref="ga7d151880080470b542e99643dc0426a7" args="(AI_snort_alert *log, FILE *fp)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void _AI_print_clustered_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>log</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">FILE *&nbsp;</td>
<td class="paramname"> <em>fp</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Print the clustered alerts to a log file. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>log</em>&nbsp;</td><td>Log containing the alerts </td></tr>
<tr><td valign="top"></td><td valign="top"><em>fp</em>&nbsp;</td><td>File pointer where the alerts will be printed </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga81f5fa721719fdb281595a568eef2101"></a><!-- doxytag: member="cluster.c::_heuristic_func" ref="ga81f5fa721719fdb281595a568eef2101" args="(cluster_type type)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE int _heuristic_func </td>
<td>(</td>
<td class="paramtype"><a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a>&nbsp;</td>
<td class="paramname"> <em>type</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>type</em>&nbsp;</td><td>Attribute type </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The heuristic coefficient for that attribute, -1 if no clustering information is available for that attribute </dd></dl>
</div>
</div>
<a class="anchor" id="ga5601a1f603d9c870ef6e2df192e30c30"></a><!-- doxytag: member="cluster.c::_hierarchy_node_append" ref="ga5601a1f603d9c870ef6e2df192e30c30" args="(hierarchy_node *parent, hierarchy_node *child)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void _hierarchy_node_append </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>parent</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>child</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Append a node to a clustering hierarchy node. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>parent</em>&nbsp;</td><td>Parent node </td></tr>
<tr><td valign="top"></td><td valign="top"><em>child</em>&nbsp;</td><td>Child node </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga2f1a22cfea64e4669da0467620c3e3b3"></a><!-- doxytag: member="cluster.c::_hierarchy_node_new" ref="ga2f1a22cfea64e4669da0467620c3e3b3" args="(char *label, int min_val, int max_val)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* _hierarchy_node_new </td>
<td>(</td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>label</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>min_val</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>max_val</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Create a new clustering hierarchy node. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>label</em>&nbsp;</td><td>Label for the node </td></tr>
<tr><td valign="top"></td><td valign="top"><em>min_val</em>&nbsp;</td><td>Minimum value for the range represented by the node </td></tr>
<tr><td valign="top"></td><td valign="top"><em>max_val</em>&nbsp;</td><td>Maximum value for the range represented by the node </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The brand new node if the allocation was ok, otherwise abort the application </dd></dl>
</div>
</div>
<a class="anchor" id="ga1445818b37483f78cc3fb2890155842c"></a><!-- doxytag: member="cluster.c::AI_hierarchies_build" ref="ga1445818b37483f78cc3fb2890155842c" args="(AI_config *conf, hierarchy_node **nodes, int n_nodes)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_hierarchies_build </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td>
<td class="paramname"> <em>conf</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **&nbsp;</td>
<td class="paramname"> <em>nodes</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>n_nodes</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Build the clustering hierarchy trees. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>conf</em>&nbsp;</td><td>Reference to the configuration of the module </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nodes</em>&nbsp;</td><td>Nodes containing the information about the clustering ranges </td></tr>
<tr><td valign="top"></td><td valign="top"><em>n_nodes</em>&nbsp;</td><td>Number of nodes </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="ga91458e2d34595688e39fcb63ba418849"></a><!-- doxytag: member="cluster.c::_config" ref="ga91458e2d34595688e39fcb63ba418849" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structAI__config.html">AI_config</a>* <a class="el" href="group__cluster.html#ga91458e2d34595688e39fcb63ba418849">_config</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="gaaf4c19f60f48741b0890c6114dcff7d9"></a><!-- doxytag: member="cluster.c::alert_log" ref="gaaf4c19f60f48741b0890c6114dcff7d9" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9">alert_log</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ga97d35425cf5a0207fb50b64ee8cdda82"></a><!-- doxytag: member="cluster.c::h_root" ref="ga97d35425cf5a0207fb50b64ee8cdda82" args="[CLUSTER_TYPES]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* <a class="el" href="group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82">h_root</a>[CLUSTER_TYPES] = { NULL }</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

200
doc/html/group__mysql.html Normal file
View File

@ -0,0 +1,200 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: Manage alerts on a MySQL database</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>Manage alerts on a MySQL database</h1> </div>
</div>
<div class="contents">
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#gadf275635641f88725930de208fb5523f">AI_mysql_alertparser_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing alerts from MySQL database. <a href="#gadf275635641f88725930de208fb5523f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#gab14c269b1187da75d35d4af3eb70a302">_AI_mysql_copy_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only). <a href="#gab14c269b1187da75d35d4af3eb70a302"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b">AI_mysql_get_alerts</a> ()</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="#ga0ead3c1e46063e215168e76d7999d65b"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74">config</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#gae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE pthread_mutex_t&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#ga40bb4c7d0679e36cc0ec4fa41d36d96c">db_mutex</a> = PTHREAD_MUTEX_INITIALIZER</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="gab14c269b1187da75d35d4af3eb70a302"></a><!-- doxytag: member="db.c::_AI_mysql_copy_alerts" ref="gab14c269b1187da75d35d4af3eb70a302" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* _AI_mysql_copy_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>node</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only). </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Starting node (used for the recursion) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A copy of the alert log linked list </dd></dl>
</div>
</div>
<a class="anchor" id="gadf275635641f88725930de208fb5523f"></a><!-- doxytag: member="db.c::AI_mysql_alertparser_thread" ref="gadf275635641f88725930de208fb5523f" args="(void *arg)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_mysql_alertparser_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for parsing alerts from MySQL database. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>void* pointer to the module configuration </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga0ead3c1e46063e215168e76d7999d65b"></a><!-- doxytag: member="db.c::AI_mysql_get_alerts" ref="ga0ead3c1e46063e215168e76d7999d65b" args="()" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_mysql_get_alerts </td>
<td>(</td>
<td class="paramtype">void&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Return the alerts parsed so far as a linked list. </p>
<dl class="return"><dt><b>Returns:</b></dt><dd>An AI_snort_alert pointer identifying the list of alerts </dd></dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="gae837fc04e61c0eb052f997c54b4fd9fe"></a><!-- doxytag: member="db.c::alerts" ref="gae837fc04e61c0eb052f997c54b4fd9fe" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="group__mysql.html#gae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ga6439d32dccbbc77c9b2aad04897bfa74"></a><!-- doxytag: member="db.c::config" ref="ga6439d32dccbbc77c9b2aad04897bfa74" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structAI__config.html">AI_config</a>* <a class="el" href="group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74">config</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ga40bb4c7d0679e36cc0ec4fa41d36d96c"></a><!-- doxytag: member="db.c::db_mutex" ref="ga40bb4c7d0679e36cc0ec4fa41d36d96c" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE pthread_mutex_t <a class="el" href="group__mysql.html#ga40bb4c7d0679e36cc0ec4fa41d36d96c">db_mutex</a> = PTHREAD_MUTEX_INITIALIZER</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>pthread mutex for accessing database data </p>
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

126
doc/html/group__regex.html Normal file
View File

@ -0,0 +1,126 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: Regex management</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#func-members">Functions</a> </div>
<div class="headertitle">
<h1>Regex management</h1> </div>
</div>
<div class="contents">
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">preg_match</a> (const char *expr, char *str, char ***matches, int *nmatches)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="#ga35f57c052a7de1ded54b67a1f7819791"></a><br/></td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="ga35f57c052a7de1ded54b67a1f7819791"></a><!-- doxytag: member="regex.c::preg_match" ref="ga35f57c052a7de1ded54b67a1f7819791" args="(const char *expr, char *str, char ***matches, int *nmatches)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int preg_match </td>
<td>(</td>
<td class="paramtype">const char *&nbsp;</td>
<td class="paramname"> <em>expr</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>str</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char ***&nbsp;</td>
<td class="paramname"> <em>matches</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int *&nbsp;</td>
<td class="paramname"> <em>nmatches</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if a string matches a regular expression. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>expr</em>&nbsp;</td><td>Regular expression to be matched </td></tr>
<tr><td valign="top"></td><td valign="top"><em>str</em>&nbsp;</td><td>String to be checked </td></tr>
<tr><td valign="top"></td><td valign="top"><em>matches</em>&nbsp;</td><td>Reference to a char** that will contain the submatches (NULL if you don't need it) </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nmatches</em>&nbsp;</td><td>Reference to a int containing the number of submatches found (NULL if you don't need it) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>-1 if the regex is wrong, 0 if no match was found, 1 otherwise </dd></dl>
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

8
doc/html/group__sfPolicyConfig.html
View File

@ -51,9 +51,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">tSfPolicyUserContextId&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#gac62cd5838bee4a9d3f40561eae920cdd">sfPolicyConfigCreate</a> (void)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#ga189d09ed6d1203ebace6ea2c2aafc1b8">sfPolicyConfigDelete</a> (tSfPolicyUserContextId pContext)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#ga8e14fd83397b9bbb14568070183db80b">sfPolicyUserDataSet</a> (tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *config)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#ga8e14fd83397b9bbb14568070183db80b">sfPolicyUserDataSet</a> (tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *<a class="el" href="group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74">config</a>)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#gae8f2ae426b1f1a50eabfade6d22c2c85">sfPolicyUserDataClear</a> (tSfPolicyUserContextId pContext, tSfPolicyId policyId)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#ga3f3ab9314d29d2ee2a8285289b388f17">sfPolicyUserDataIterate</a> (tSfPolicyUserContextId pContext, int(*callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *config))</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#ga3f3ab9314d29d2ee2a8285289b388f17">sfPolicyUserDataIterate</a> (tSfPolicyUserContextId pContext, int(*callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *<a class="el" href="group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74">config</a>))</td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Create a user policy configuration context. A context provides facility for creating policy specific data instances. User can create as many policy instances as memory resources will allow. User can create/delete context, set/clear/get user date for a specific policy, default policy or current policy. User can also iterate over all instances user data.</p>
@ -145,7 +145,7 @@ Functions</h2></td></tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int(*)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *config)&nbsp;</td>
<td class="paramtype">int(*)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *<a class="el" href="group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74">config</a>)&nbsp;</td>
<td class="paramname"> <em>callback</em></td><td>&nbsp;</td>
</tr>
<tr>
@ -216,7 +216,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

222
doc/html/group__spp__ai.html Normal file
View File

@ -0,0 +1,222 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: Main file for spp_ai module</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>Main file for spp_ai module</h1> </div>
</div>
<div class="contents">
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242">AI_init</a> (char *args)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Initialize the preprocessor module. <a href="#ga3524cbdf8fddbcf38c4ed55241002242"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1">AI_process</a> (void *pkt, void *context)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function executed every time the module receives a packet to be processed. <a href="#ga57c05cda012c443cb4c358dc327cd3d1"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e">AI_parse</a> (char *args)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Parse the arguments passed to the module saving them to a valid configuration struct. <a href="#gae1c5c4b38ee2819d427848eb3046373e"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">AI_setup</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set up the preprocessor module. <a href="#ga1b9ebb5c719c7d9426ddfc1f3da36570"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">tSfPolicyUserContextId&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#ga3dd75596c540d148643fe6d1fdc02628">ex_config</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static void *(*&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0">alertparser_thread</a> )(void *) = NULL</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="ga3524cbdf8fddbcf38c4ed55241002242"></a><!-- doxytag: member="spp_ai.c::AI_init" ref="ga3524cbdf8fddbcf38c4ed55241002242" args="(char *args)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">static void AI_init </td>
<td>(</td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>args</em></td>
<td>&nbsp;)&nbsp;</td>
<td><code> [static]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Initialize the preprocessor module. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>args</em>&nbsp;</td><td>Configuration arguments passed to the module </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="gae1c5c4b38ee2819d427848eb3046373e"></a><!-- doxytag: member="spp_ai.c::AI_parse" ref="gae1c5c4b38ee2819d427848eb3046373e" args="(char *args)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">static <a class="el" href="structAI__config.html">AI_config</a> * AI_parse </td>
<td>(</td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>args</em></td>
<td>&nbsp;)&nbsp;</td>
<td><code> [static]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Parse the arguments passed to the module saving them to a valid configuration struct. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>args</em>&nbsp;</td><td>Arguments passed to the module </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>Pointer to <a class="el" href="structAI__config.html">AI_config</a> keeping the configuration for the module </dd></dl>
</div>
</div>
<a class="anchor" id="ga57c05cda012c443cb4c358dc327cd3d1"></a><!-- doxytag: member="spp_ai.c::AI_process" ref="ga57c05cda012c443cb4c358dc327cd3d1" args="(void *pkt, void *context)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_process </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>pkt</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>context</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td><code> [static]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Function executed every time the module receives a packet to be processed. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>pkt</em>&nbsp;</td><td>void* pointer to the packet data </td></tr>
<tr><td valign="top"></td><td valign="top"><em>context</em>&nbsp;</td><td>void* pointer to the context </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga1b9ebb5c719c7d9426ddfc1f3da36570"></a><!-- doxytag: member="spp_ai.c::AI_setup" ref="ga1b9ebb5c719c7d9426ddfc1f3da36570" args="(void)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_setup </td>
<td>(</td>
<td class="paramtype">void&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Set up the preprocessor module. </p>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="gaa3100e48acef5cf4370c3042ff548ed0"></a><!-- doxytag: member="spp_ai.c::alertparser_thread" ref="gaa3100e48acef5cf4370c3042ff548ed0" args=")(void *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void*(* <a class="el" href="group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0">alertparser_thread</a>)(void *) = NULL<code> [static]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ga3dd75596c540d148643fe6d1fdc02628"></a><!-- doxytag: member="spp_ai.c::ex_config" ref="ga3dd75596c540d148643fe6d1fdc02628" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">tSfPolicyUserContextId <a class="el" href="group__spp__ai.html#ga3dd75596c540d148643fe6d1fdc02628">ex_config</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

214
doc/html/group__stream.html Normal file
View File

@ -0,0 +1,214 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: Manage streams, sorting them into hash tables and linked lists</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#func-members">Functions</a> </div>
<div class="headertitle">
<h1>Manage streams, sorting them into hash tables and linked lists</h1> </div>
</div>
<div class="contents">
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749">_AI_stream_free</a> (struct <a class="el" href="structpkt__info.html">pkt_info</a> *stream)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Remove a stream from the hash table (private function). <a href="#ga80016adf701c717a6ebfb5b15b8a5749"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">AI_hashcleanup_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. <a href="#ga24b1131374e5059564b8a12380c4eb75"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5">AI_pkt_enqueue</a> (SFSnortPacket *pkt)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. <a href="#ga7d71c5645b9baff7b6c4b9a181bf80c5"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">AI_get_stream_by_key</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get a TCP stream by key. <a href="#ga2efedcabbfd12c5345f0c93a3dd4735c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02">AI_set_stream_observed</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. <a href="#ga8749989cee2ac05a7de058faac280c02"></a><br/></td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="ga80016adf701c717a6ebfb5b15b8a5749"></a><!-- doxytag: member="stream.c::_AI_stream_free" ref="ga80016adf701c717a6ebfb5b15b8a5749" args="(struct pkt_info *stream)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void _AI_stream_free </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td>
<td class="paramname"> <em>stream</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Remove a stream from the hash table (private function). </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>stream</em>&nbsp;</td><td>Stream to be removed </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga2efedcabbfd12c5345f0c93a3dd4735c"></a><!-- doxytag: member="stream.c::AI_get_stream_by_key" ref="ga2efedcabbfd12c5345f0c93a3dd4735c" args="(struct pkt_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">struct <a class="el" href="structpkt__info.html">pkt_info</a>* AI_get_stream_by_key </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td><code> [read]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Get a TCP stream by key. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be picked up (struct <a class="el" href="structpkt__key.html">pkt_key</a>) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A <a class="el" href="structpkt__info.html">pkt_info</a> pointer to the stream if found, NULL otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="ga24b1131374e5059564b8a12380c4eb75"></a><!-- doxytag: member="stream.c::AI_hashcleanup_thread" ref="ga24b1131374e5059564b8a12380c4eb75" args="(void *arg)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_hashcleanup_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>Pointer to the <a class="el" href="structAI__config.html">AI_config</a> struct </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga7d71c5645b9baff7b6c4b9a181bf80c5"></a><!-- doxytag: member="stream.c::AI_pkt_enqueue" ref="ga7d71c5645b9baff7b6c4b9a181bf80c5" args="(SFSnortPacket *pkt)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_pkt_enqueue </td>
<td>(</td>
<td class="paramtype">SFSnortPacket *&nbsp;</td>
<td class="paramname"> <em>pkt</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>pkt</em>&nbsp;</td><td>Packet to be appended </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ga8749989cee2ac05a7de058faac280c02"></a><!-- doxytag: member="stream.c::AI_set_stream_observed" ref="ga8749989cee2ac05a7de058faac280c02" args="(struct pkt_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_set_stream_observed </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be set as "observed" </td></tr>
</table>
</dd>
</dl>
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

2
doc/html/index.html
View File

@ -59,7 +59,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

8
doc/html/modules.html
View File

@ -45,7 +45,13 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</div>
<div class="contents">
Here is a list of all modules:<ul>
<li><a class="el" href="group__alert__parser.html">Parse the alert log into binary structures</a></li>
<li><a class="el" href="group__cluster.html">Manage the clustering of alarms</a></li>
<li><a class="el" href="group__mysql.html">Manage alerts on a MySQL database</a></li>
<li><a class="el" href="group__regex.html">Regex management</a></li>
<li><a class="el" href="group__sfPolicyConfig.html">Sourcefire policy configuration module</a></li>
<li><a class="el" href="group__spp__ai.html">Main file for spp_ai module</a></li>
<li><a class="el" href="group__stream.html">Manage streams, sorting them into hash tables and linked lists</a></li>
</ul>
</div>
<!--- window showing the filter options -->
@ -62,7 +68,7 @@ Here is a list of all modules:<ul>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

155
doc/html/mysql_8c.html Normal file
View File

@ -0,0 +1,155 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: mysql.c File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File&nbsp;List</span></a></li>
<li><a href="globals.html"><span>Globals</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>mysql.c File Reference</h1> </div>
</div>
<div class="contents">
<code>#include &quot;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&quot;</code><br/>
<code>#include &lt;mysql/mysql.h&gt;</code><br/>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="mysql_8c.html#a3fba38c3da4a252a55d81088c6fe9078">mysql_do_init</a> (<a class="el" href="structAI__config.html">AI_config</a> *<a class="el" href="group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74">config</a>)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">MYSQL_RES *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="mysql_8c.html#a90f2e6f4081c0c66f8da54b98aee2674">mysql_do_query</a> (const char *query)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="mysql_8c.html#a55eb83ebfb4caefbc4d9cee8aa0095e3">mysql_do_close</a> ()</td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE MYSQL *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="mysql_8c.html#aedbcc8d9f1bd3c64adf6ad8ccfcd48a4">db</a> = NULL</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a55eb83ebfb4caefbc4d9cee8aa0095e3"></a><!-- doxytag: member="mysql.c::mysql_do_close" ref="a55eb83ebfb4caefbc4d9cee8aa0095e3" args="()" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void mysql_do_close </td>
<td>(</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a3fba38c3da4a252a55d81088c6fe9078"></a><!-- doxytag: member="mysql.c::mysql_do_init" ref="a3fba38c3da4a252a55d81088c6fe9078" args="(AI_config *config)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* mysql_do_init </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td>
<td class="paramname"> <em>config</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a90f2e6f4081c0c66f8da54b98aee2674"></a><!-- doxytag: member="mysql.c::mysql_do_query" ref="a90f2e6f4081c0c66f8da54b98aee2674" args="(const char *query)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">MYSQL_RES* mysql_do_query </td>
<td>(</td>
<td class="paramtype">const char *&nbsp;</td>
<td class="paramname"> <em>query</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="aedbcc8d9f1bd3c64adf6ad8ccfcd48a4"></a><!-- doxytag: member="mysql.c::db" ref="aedbcc8d9f1bd3c64adf6ad8ccfcd48a4" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE MYSQL* <a class="el" href="mysql_8c.html#aedbcc8d9f1bd3c64adf6ad8ccfcd48a4">db</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

60
doc/html/regex_8c.html
View File

@ -55,66 +55,14 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<code>#include &lt;stdio.h&gt;</code><br/>
<code>#include &lt;stdlib.h&gt;</code><br/>
<code>#include &lt;string.h&gt;</code><br/>
<code>#include &lt;alloca.h&gt;</code><br/>
<code>#include &lt;regex.h&gt;</code><br/>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="regex_8c.html#a35f57c052a7de1ded54b67a1f7819791">preg_match</a> (const char *expr, char *str, char ***matches, int *nmatches)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="#a35f57c052a7de1ded54b67a1f7819791"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">preg_match</a> (const char *expr, char *str, char ***matches, int *nmatches)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791"></a><br/></td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a35f57c052a7de1ded54b67a1f7819791"></a><!-- doxytag: member="regex.c::preg_match" ref="a35f57c052a7de1ded54b67a1f7819791" args="(const char *expr, char *str, char ***matches, int *nmatches)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int preg_match </td>
<td>(</td>
<td class="paramtype">const char *&nbsp;</td>
<td class="paramname"> <em>expr</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>str</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char ***&nbsp;</td>
<td class="paramname"> <em>matches</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int *&nbsp;</td>
<td class="paramname"> <em>nmatches</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if a string matches a regular expression. </p>
<p>FUNCTION: preg_match </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>expr</em>&nbsp;</td><td>Regular expression to be matched </td></tr>
<tr><td valign="top"></td><td valign="top"><em>str</em>&nbsp;</td><td>String to be checked </td></tr>
<tr><td valign="top"></td><td valign="top"><em>matches</em>&nbsp;</td><td>Reference to a char** that will contain the submatches (NULL if you don't need it) </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nmatches</em>&nbsp;</td><td>Reference to a int containing the number of submatches found (NULL if you don't need it) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>-1 if the regex is wrong, 0 if no match was found, 1 otherwise </dd></dl>
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
@ -130,7 +78,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

40
doc/html/search/all_5f.html
View File

@ -9,92 +9,98 @@
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR__5fai_5fcheck_5fduplicate">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../cluster_8c.html#a29c35cd6c56f54e27b5b190c6d6c487a" target="_parent">_AI_check_duplicate</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a" target="_parent">_AI_check_duplicate</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcluster_5fthread">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../cluster_8c.html#a8a5eae61dc9fd0f13e0acdfa5f4478e2" target="_parent">_AI_cluster_thread</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2" target="_parent">_AI_cluster_thread</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcopy_5falerts">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../alert__parser_8c.html#a6c5014cae9155379fdc4db649b2c862d" target="_parent">_AI_copy_alerts</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../group__alert__parser.html#ga6c5014cae9155379fdc4db649b2c862d" target="_parent">_AI_copy_alerts</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fequal_5falarms">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../cluster_8c.html#a0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fget_5fmin_5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../cluster_8c.html#a6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmerge_5falerts">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../cluster_8c.html#a8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmysql_5fcopy_5falerts">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__mysql.html#gab14c269b1187da75d35d4af3eb70a302" target="_parent">_AI_mysql_copy_alerts</a>
<span class="SRScope">db.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fprint_5fclustered_5falerts">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../cluster_8c.html#a7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__cluster.html#ga7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fsnort_5falert">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../struct__AI__snort__alert.html" target="_parent">_AI_snort_alert</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../struct__AI__snort__alert.html" target="_parent">_AI_snort_alert</a>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fstream_5ffree">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../stream_8c.html#a80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fconfig">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../cluster_8c.html#a91458e2d34595688e39fcb63ba418849" target="_parent">_config</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__cluster.html#ga91458e2d34595688e39fcb63ba418849" target="_parent">_config</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fdpd">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="javascript:searchResults.Toggle('SR__5fdpd')">_dpd</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="javascript:searchResults.Toggle('SR__5fdpd')">_dpd</a>
<div class="SRChildren">
<a id="Item10_c0" onkeydown="return searchResults.NavChild(event,10,0)" onkeypress="return searchResults.NavChild(event,10,0)" onkeyup="return searchResults.NavChild(event,10,0)" class="SRScope" href="../sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
<a id="Item10_c1" onkeydown="return searchResults.NavChild(event,10,1)" onkeypress="return searchResults.NavChild(event,10,1)" onkeyup="return searchResults.NavChild(event,10,1)" class="SRScope" href="../spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
<a id="Item11_c0" onkeydown="return searchResults.NavChild(event,11,0)" onkeypress="return searchResults.NavChild(event,11,0)" onkeyup="return searchResults.NavChild(event,11,0)" class="SRScope" href="../sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
<a id="Item11_c1" onkeydown="return searchResults.NavChild(event,11,1)" onkeypress="return searchResults.NavChild(event,11,1)" onkeyup="return searchResults.NavChild(event,11,1)" class="SRScope" href="../spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR__5fheuristic_5ffunc">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../cluster_8c.html#a81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../group__cluster.html#ga81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../struct__hierarchy__node.html" target="_parent">_hierarchy_node</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../struct__hierarchy__node.html" target="_parent">_hierarchy_node</a>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fappend">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../cluster_8c.html#a5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fnew">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../cluster_8c.html#a2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<span class="SRScope">cluster.c</span>
</div>
</div>

133
doc/html/search/all_61.html
View File

@ -7,165 +7,192 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ack">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37" target="_parent">ack</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5falertparser_5fthread">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5falertparser_5fthread')">AI_alertparser_thread</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a" target="_parent">AI_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../spp__ai_8h.html#a842a3204c6e067a9920990b573757181" target="_parent">AI_alertparser_thread(void *):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fconfig">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structAI__config.html" target="_parent">AI_config</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__config.html" target="_parent">AI_config</a>
</div>
</div>
<div class="SRResult" id="SR_ai_5ffile_5falertparser_5fthread">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffile_5falertparser_5fthread')">AI_file_alertparser_thread</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5ffree_5falerts">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffree_5falerts')">AI_free_alerts</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffree_5falerts')">AI_free_alerts</a>
<div class="SRChildren">
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../spp__ai_8h.html#a270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5falerts">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5falerts')">AI_get_alerts</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5falerts')">AI_get_alerts</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../spp__ai_8h.html#af19a28f7cbcdfeb2b66fb3b625b75076" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5fstream_5fby_5fkey">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fstream_5fby_5fkey')">AI_get_stream_by_key</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fstream_5fby_5fkey')">AI_get_stream_by_key</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../stream_8c.html#a2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhashcleanup_5fthread">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<div class="SRChildren">
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../spp__ai_8h.html#ad56f71be823eead743972274b99c82ff" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../stream_8c.html#a24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhierarchies_5fbuild">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhierarchies_5fbuild')">AI_hierarchies_build</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhierarchies_5fbuild')">AI_hierarchies_build</a>
<div class="SRChildren">
<a id="Item7_c0" onkeydown="return searchResults.NavChild(event,7,0)" onkeypress="return searchResults.NavChild(event,7,0)" onkeyup="return searchResults.NavChild(event,7,0)" class="SRScope" href="../cluster_8c.html#a1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item7_c1" onkeydown="return searchResults.NavChild(event,7,1)" onkeypress="return searchResults.NavChild(event,7,1)" onkeyup="return searchResults.NavChild(event,7,1)" class="SRScope" href="../spp__ai_8h.html#a857348424b9db45c90f95631eb96fd7c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5finit">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fmysql_5falertparser_5fthread">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fmysql_5falertparser_5fthread')">AI_mysql_alertparser_thread</a>
<div class="SRChildren">
<a id="Item8_c0" onkeydown="return searchResults.NavChild(event,8,0)" onkeypress="return searchResults.NavChild(event,8,0)" onkeyup="return searchResults.NavChild(event,8,0)" class="SRScope" href="../group__mysql.html#gadf275635641f88725930de208fb5523f" target="_parent">AI_mysql_alertparser_thread(void *arg):&nbsp;db.c</a>
<a id="Item8_c1" onkeydown="return searchResults.NavChild(event,8,1)" onkeypress="return searchResults.NavChild(event,8,1)" onkeyup="return searchResults.NavChild(event,8,1)" class="SRScope" href="../group__mysql.html#gadf275635641f88725930de208fb5523f" target="_parent">AI_mysql_alertparser_thread(void *):&nbsp;db.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fmysql_5ffree_5falerts">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../spp__ai_8h.html#ad0d003c241328962df5757398329b809" target="_parent">AI_mysql_free_alerts</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fmysql_5fget_5falerts">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fmysql_5fget_5falerts')">AI_mysql_get_alerts</a>
<div class="SRChildren">
<a id="Item10_c0" onkeydown="return searchResults.NavChild(event,10,0)" onkeypress="return searchResults.NavChild(event,10,0)" onkeyup="return searchResults.NavChild(event,10,0)" class="SRScope" href="../group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b" target="_parent">AI_mysql_get_alerts():&nbsp;db.c</a>
<a id="Item10_c1" onkeydown="return searchResults.NavChild(event,10,1)" onkeypress="return searchResults.NavChild(event,10,1)" onkeyup="return searchResults.NavChild(event,10,1)" class="SRScope" href="../group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b" target="_parent">AI_mysql_get_alerts(void):&nbsp;db.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fparse">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fpkt_5fenqueue">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<div class="SRChildren">
<a id="Item10_c0" onkeydown="return searchResults.NavChild(event,10,0)" onkeypress="return searchResults.NavChild(event,10,0)" onkeyup="return searchResults.NavChild(event,10,0)" class="SRScope" href="../spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item10_c1" onkeydown="return searchResults.NavChild(event,10,1)" onkeypress="return searchResults.NavChild(event,10,1)" onkeyup="return searchResults.NavChild(event,10,1)" class="SRScope" href="../stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
<a id="Item12_c0" onkeydown="return searchResults.NavChild(event,12,0)" onkeypress="return searchResults.NavChild(event,12,0)" onkeyup="return searchResults.NavChild(event,12,0)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item12_c1" onkeydown="return searchResults.NavChild(event,12,1)" onkeypress="return searchResults.NavChild(event,12,1)" onkeyup="return searchResults.NavChild(event,12,1)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fprocess">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fset_5fstream_5fobserved">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<div class="SRChildren">
<a id="Item12_c0" onkeydown="return searchResults.NavChild(event,12,0)" onkeypress="return searchResults.NavChild(event,12,0)" onkeyup="return searchResults.NavChild(event,12,0)" class="SRScope" href="../spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item12_c1" onkeydown="return searchResults.NavChild(event,12,1)" onkeypress="return searchResults.NavChild(event,12,1)" onkeyup="return searchResults.NavChild(event,12,1)" class="SRScope" href="../stream_8c.html#a8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item14_c0" onkeydown="return searchResults.NavChild(event,14,0)" onkeypress="return searchResults.NavChild(event,14,0)" onkeyup="return searchResults.NavChild(event,14,0)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item14_c1" onkeydown="return searchResults.NavChild(event,14,1)" onkeypress="return searchResults.NavChild(event,14,1)" onkeyup="return searchResults.NavChild(event,14,1)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fsetup">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<div class="SRChildren">
<a id="Item13_c0" onkeydown="return searchResults.NavChild(event,13,0)" onkeypress="return searchResults.NavChild(event,13,0)" onkeyup="return searchResults.NavChild(event,13,0)" class="SRScope" href="../sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item13_c1" onkeydown="return searchResults.NavChild(event,13,1)" onkeypress="return searchResults.NavChild(event,13,1)" onkeyup="return searchResults.NavChild(event,13,1)" class="SRScope" href="../spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
<a id="Item15_c0" onkeydown="return searchResults.NavChild(event,15,0)" onkeypress="return searchResults.NavChild(event,15,0)" onkeyup="return searchResults.NavChild(event,15,0)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item15_c1" onkeydown="return searchResults.NavChild(event,15,1)" onkeypress="return searchResults.NavChild(event,15,1)" onkeyup="return searchResults.NavChild(event,15,1)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fsnort_5falert">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897" target="_parent">AI_snort_alert</a>
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897" target="_parent">AI_snort_alert</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5ffp">
<div class="SREntry">
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5flog">
<div class="SREntry">
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5fparser_2ec">
<div class="SREntry">
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../alert__parser_8c.html" target="_parent">alert_parser.c</a>
<a id="Item19" onkeydown="return searchResults.Nav(event,19)" onkeypress="return searchResults.Nav(event,19)" onkeyup="return searchResults.Nav(event,19)" class="SRSymbol" href="../alert__parser_8c.html" target="_parent">alert_parser.c</a>
</div>
</div>
<div class="SRResult" id="SR_alertclusteringinterval">
<div class="SREntry">
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<a id="Item20" onkeydown="return searchResults.Nav(event,20)" onkeypress="return searchResults.Nav(event,20)" onkeyup="return searchResults.Nav(event,20)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertfile">
<div class="SREntry">
<a id="Item19" onkeydown="return searchResults.Nav(event,19)" onkeypress="return searchResults.Nav(event,19)" onkeyup="return searchResults.Nav(event,19)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<a id="Item21" onkeydown="return searchResults.Nav(event,21)" onkeypress="return searchResults.Nav(event,21)" onkeyup="return searchResults.Nav(event,21)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertparser_5fthread">
<div class="SREntry">
<a id="Item22" onkeydown="return searchResults.Nav(event,22)" onkeypress="return searchResults.Nav(event,22)" onkeyup="return searchResults.Nav(event,22)" class="SRSymbol" href="../group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0" target="_parent">alertparser_thread</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_alerts">
<div class="SREntry">
<a id="Item20" onkeydown="return searchResults.Nav(event,20)" onkeypress="return searchResults.Nav(event,20)" onkeyup="return searchResults.Nav(event,20)" class="SRSymbol" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts</a>
<span class="SRScope">alert_parser.c</span>
<a id="Item23" onkeydown="return searchResults.Nav(event,23)" onkeypress="return searchResults.Nav(event,23)" onkeyup="return searchResults.Nav(event,23)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_alerts')">alerts</a>
<div class="SRChildren">
<a id="Item23_c0" onkeydown="return searchResults.NavChild(event,23,0)" onkeypress="return searchResults.NavChild(event,23,0)" onkeyup="return searchResults.NavChild(event,23,0)" class="SRScope" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts():&nbsp;alert_parser.c</a>
<a id="Item23_c1" onkeydown="return searchResults.NavChild(event,23,1)" onkeypress="return searchResults.NavChild(event,23,1)" onkeyup="return searchResults.NavChild(event,23,1)" class="SRScope" href="../group__mysql.html#gae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts():&nbsp;db.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fkey">
<div class="SREntry">
<a id="Item21" onkeydown="return searchResults.Nav(event,21)" onkeypress="return searchResults.Nav(event,21)" onkeyup="return searchResults.Nav(event,21)" class="SRSymbol" href="../structattribute__key.html" target="_parent">attribute_key</a>
<a id="Item24" onkeydown="return searchResults.Nav(event,24)" onkeypress="return searchResults.Nav(event,24)" onkeyup="return searchResults.Nav(event,24)" class="SRSymbol" href="../structattribute__key.html" target="_parent">attribute_key</a>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fvalue">
<div class="SREntry">
<a id="Item22" onkeydown="return searchResults.Nav(event,22)" onkeypress="return searchResults.Nav(event,22)" onkeyup="return searchResults.Nav(event,22)" class="SRSymbol" href="../structattribute__value.html" target="_parent">attribute_value</a>
<a id="Item25" onkeydown="return searchResults.Nav(event,25)" onkeypress="return searchResults.Nav(event,25)" onkeyup="return searchResults.Nav(event,25)" class="SRSymbol" href="../structattribute__value.html" target="_parent">attribute_value</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

8
doc/html/search/all_63.html
View File

@ -42,9 +42,15 @@
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_config">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74" target="_parent">config</a>
<span class="SRScope">db.c</span>
</div>
</div>
<div class="SRResult" id="SR_count">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<span class="SRScope">attribute_value</span>
</div>
</div>

106
doc/html/search/all_64.html
View File

@ -7,70 +7,142 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_databaseparsinginterval">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__config.html#ae6ca715cab1d90b70c3aad443133c263" target="_parent">databaseParsingInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_db">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../mysql_8c.html#aedbcc8d9f1bd3c64adf6ad8ccfcd48a4" target="_parent">db</a>
<span class="SRScope">mysql.c</span>
</div>
</div>
<div class="SRResult" id="SR_db_2ec">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../db_8c.html" target="_parent">db.c</a>
</div>
</div>
<div class="SRResult" id="SR_db_2eh">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../db_8h.html" target="_parent">db.h</a>
</div>
</div>
<div class="SRResult" id="SR_db_5fclose">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../db_8h.html#a7f625d084ac92d12b665fa7d53414727" target="_parent">DB_close</a>
<span class="SRScope">db.h</span>
</div>
</div>
<div class="SRResult" id="SR_db_5finit">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../db_8h.html#abfca7b59301511bf708eef53cb70b7ee" target="_parent">DB_init</a>
<span class="SRScope">db.h</span>
</div>
</div>
<div class="SRResult" id="SR_db_5fmutex">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__mysql.html#ga40bb4c7d0679e36cc0ec4fa41d36d96c" target="_parent">db_mutex</a>
<span class="SRScope">db.c</span>
</div>
</div>
<div class="SRResult" id="SR_db_5fquery">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../db_8h.html#a51b1f8be35b963f30fa732fc22a5760e" target="_parent">DB_query</a>
<span class="SRScope">db.h</span>
</div>
</div>
<div class="SRResult" id="SR_dbhost">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab" target="_parent">dbhost</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_dbname">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../structAI__config.html#ac8a93607f12106e2f5c9b43af27107da" target="_parent">dbname</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_dbpass">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d" target="_parent">dbpass</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_dbuser">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0" target="_parent">dbuser</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_default_5falert_5fclustering_5finterval">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e" target="_parent">DEFAULT_ALERT_CLUSTERING_INTERVAL</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e" target="_parent">DEFAULT_ALERT_CLUSTERING_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5falert_5flog_5ffile">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a" target="_parent">DEFAULT_ALERT_LOG_FILE</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a" target="_parent">DEFAULT_ALERT_LOG_FILE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fcluster_5flog_5ffile">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d" target="_parent">DEFAULT_CLUSTER_LOG_FILE</a>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d" target="_parent">DEFAULT_CLUSTER_LOG_FILE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fdatabase_5finterval">
<div class="SREntry">
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310" target="_parent">DEFAULT_DATABASE_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fhash_5fcleanup_5finterval">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746" target="_parent">DEFAULT_HASH_CLEANUP_INTERVAL</a>
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746" target="_parent">DEFAULT_HASH_CLEANUP_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fstream_5fexpire_5finterval">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031" target="_parent">DEFAULT_STREAM_EXPIRE_INTERVAL</a>
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031" target="_parent">DEFAULT_STREAM_EXPIRE_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_desc">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135" target="_parent">desc</a>
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135" target="_parent">desc</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5faddr">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_dst_5faddr')">dst_addr</a>
<div class="SRChildren">
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c" target="_parent">_AI_snort_alert::dst_addr()</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c" target="_parent">dst_addr():&nbsp;spp_ai.h</a>
</div>
<a id="Item19" onkeydown="return searchResults.Nav(event,19)" onkeypress="return searchResults.Nav(event,19)" onkeyup="return searchResults.Nav(event,19)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c" target="_parent">dst_addr</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5fport">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_dst_5fport')">dst_port</a>
<a id="Item20" onkeydown="return searchResults.Nav(event,20)" onkeypress="return searchResults.Nav(event,20)" onkeyup="return searchResults.Nav(event,20)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_dst_5fport')">dst_port</a>
<div class="SRChildren">
<a id="Item7_c0" onkeydown="return searchResults.NavChild(event,7,0)" onkeypress="return searchResults.NavChild(event,7,0)" onkeyup="return searchResults.NavChild(event,7,0)" class="SRScope" href="../structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" target="_parent">pkt_key::dst_port()</a>
<a id="Item7_c1" onkeydown="return searchResults.NavChild(event,7,1)" onkeypress="return searchResults.NavChild(event,7,1)" onkeyup="return searchResults.NavChild(event,7,1)" class="SRScope" href="../struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3" target="_parent">_AI_snort_alert::dst_port()</a>
<a id="Item7_c2" onkeydown="return searchResults.NavChild(event,7,2)" onkeypress="return searchResults.NavChild(event,7,2)" onkeyup="return searchResults.NavChild(event,7,2)" class="SRScope" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9" target="_parent">dst_port():&nbsp;spp_ai.h</a>
<a id="Item20_c0" onkeydown="return searchResults.NavChild(event,20,0)" onkeypress="return searchResults.NavChild(event,20,0)" onkeyup="return searchResults.NavChild(event,20,0)" class="SRScope" href="../structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" target="_parent">pkt_key::dst_port()</a>
<a id="Item20_c1" onkeydown="return searchResults.NavChild(event,20,1)" onkeypress="return searchResults.NavChild(event,20,1)" onkeyup="return searchResults.NavChild(event,20,1)" class="SRScope" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9" target="_parent">dst_port():&nbsp;spp_ai.h</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_dynamic_5fpreproc_5fsetup">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<a id="Item21" onkeydown="return searchResults.Nav(event,21)" onkeypress="return searchResults.Nav(event,21)" onkeyup="return searchResults.Nav(event,21)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>
<div class="SRResult" id="SR_dynamicpreprocessorfatalmessage">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a57c853c0f626bde2af6619cdeeb7471b" target="_parent">DynamicPreprocessorFatalMessage</a>
<a id="Item22" onkeydown="return searchResults.Nav(event,22)" onkeypress="return searchResults.Nav(event,22)" onkeyup="return searchResults.Nav(event,22)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a57c853c0f626bde2af6619cdeeb7471b" target="_parent">DynamicPreprocessorFatalMessage</a>
<span class="SRScope">sf_dynamic_preproc_lib.c</span>
</div>
</div>

2
doc/html/search/all_65.html
View File

@ -9,7 +9,7 @@
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ex_5fconfig">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8c.html#a3dd75596c540d148643fe6d1fdc02628" target="_parent">ex_config</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../group__spp__ai.html#ga3dd75596c540d148643fe6d1fdc02628" target="_parent">ex_config</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>

10
doc/html/search/all_67.html
View File

@ -7,15 +7,21 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_get_5falerts">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7" target="_parent">get_alerts</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_gid">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">gid</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">gid</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_grouped_5falarms_5fcount">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53" target="_parent">grouped_alarms_count</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53" target="_parent">grouped_alarms_count</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>

18
doc/html/search/all_68.html
View File

@ -15,7 +15,7 @@
</div>
<div class="SRResult" id="SR_h_5froot">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82" target="_parent">h_root</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82" target="_parent">h_root</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
@ -25,24 +25,30 @@
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_hash_5fmutex">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../stream_8c.html#a4e01edd07102e71480b323db2b8f57c8" target="_parent">hash_mutex</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_hashcleanupinterval">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4" target="_parent">hashCleanupInterval</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4" target="_parent">hashCleanupInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_hh">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_hh')">hh</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_hh')">hh</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc" target="_parent">attribute_value::hh()</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc" target="_parent">attribute_value::hh()</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_hierarchy_5fnode">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../spp__ai_8h.html#a466391129919ef12366d311d501552fa" target="_parent">hierarchy_node</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../spp__ai_8h.html#a466391129919ef12366d311d501552fa" target="_parent">hierarchy_node</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>

46
doc/html/search/all_69.html
View File

@ -7,27 +7,51 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_id">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf" target="_parent">id</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_initializepreprocessor">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a16439ea02cc5c66c842c21c5b537b1d9" target="_parent">InitializePreprocessor</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a16439ea02cc5c66c842c21c5b537b1d9" target="_parent">InitializePreprocessor</a>
<span class="SRScope">sf_dynamic_preproc_lib.c</span>
</div>
</div>
<div class="SRResult" id="SR_iplen">
<div class="SRResult" id="SR_ip_5fdst_5faddr">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78" target="_parent">iplen</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b" target="_parent">ip_dst_addr</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ipproto">
<div class="SRResult" id="SR_ip_5fid">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4" target="_parent">ipproto</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78" target="_parent">ip_id</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5flen">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1" target="_parent">ip_len</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5fproto">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536" target="_parent">ip_proto</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5fsrc_5faddr">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611" target="_parent">ip_src_addr</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5ftos">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416" target="_parent">ip_tos</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5fttl">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600" target="_parent">ip_ttl</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>

23
doc/html/search/all_6d.html
View File

@ -43,6 +43,29 @@
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>
<div class="SRResult" id="SR_mysql_2ec">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../mysql_8c.html" target="_parent">mysql.c</a>
</div>
</div>
<div class="SRResult" id="SR_mysql_5fdo_5fclose">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../mysql_8c.html#a55eb83ebfb4caefbc4d9cee8aa0095e3" target="_parent">mysql_do_close</a>
<span class="SRScope">mysql.c</span>
</div>
</div>
<div class="SRResult" id="SR_mysql_5fdo_5finit">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../mysql_8c.html#a3fba38c3da4a252a55d81088c6fe9078" target="_parent">mysql_do_init</a>
<span class="SRScope">mysql.c</span>
</div>
</div>
<div class="SRResult" id="SR_mysql_5fdo_5fquery">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../mysql_8c.html#a90f2e6f4081c0c66f8da54b98aee2674" target="_parent">mysql_do_query</a>
<span class="SRScope">mysql.c</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

4
doc/html/search/all_70.html
View File

@ -39,8 +39,8 @@
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_preg_5fmatch')">preg_match</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../regex_8c.html#a35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *expr, char *str, char ***matches, int *nmatches):&nbsp;regex.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../spp__ai_8h.html#a85c0852b05b60cbfe0130534160c9876" target="_parent">preg_match(const char *, char *, char ***, int *):&nbsp;regex.c</a>
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *expr, char *str, char ***matches, int *nmatches):&nbsp;regex.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *, char *, char ***, int *):&nbsp;regex.c</a>
</div>
</div>
</div>

52
doc/html/search/all_73.html
View File

@ -7,117 +7,105 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_sequence">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77" target="_parent">sequence</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_sf_5fdynamic_5fpreproc_5flib_2ec">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html" target="_parent">sf_dynamic_preproc_lib.c</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html" target="_parent">sf_dynamic_preproc_lib.c</a>
</div>
</div>
<div class="SRResult" id="SR_sf_5fpreproc_5finfo_2eh">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../sf__preproc__info_8h.html" target="_parent">sf_preproc_info.h</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sf__preproc__info_8h.html" target="_parent">sf_preproc_info.h</a>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyconfigcreate">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__sfPolicyConfig.html#gac62cd5838bee4a9d3f40561eae920cdd" target="_parent">sfPolicyConfigCreate</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../group__sfPolicyConfig.html#gac62cd5838bee4a9d3f40561eae920cdd" target="_parent">sfPolicyConfigCreate</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyconfigdelete">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga189d09ed6d1203ebace6ea2c2aafc1b8" target="_parent">sfPolicyConfigDelete</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga189d09ed6d1203ebace6ea2c2aafc1b8" target="_parent">sfPolicyConfigDelete</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyuserdata_2ec">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../sfPolicyUserData_8c.html" target="_parent">sfPolicyUserData.c</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../sfPolicyUserData_8c.html" target="_parent">sfPolicyUserData.c</a>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyuserdataclear">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__sfPolicyConfig.html#gae8f2ae426b1f1a50eabfade6d22c2c85" target="_parent">sfPolicyUserDataClear</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__sfPolicyConfig.html#gae8f2ae426b1f1a50eabfade6d22c2c85" target="_parent">sfPolicyUserDataClear</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyuserdataiterate">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga3f3ab9314d29d2ee2a8285289b388f17" target="_parent">sfPolicyUserDataIterate</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga3f3ab9314d29d2ee2a8285289b388f17" target="_parent">sfPolicyUserDataIterate</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyuserdataset">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga8e14fd83397b9bbb14568070183db80b" target="_parent">sfPolicyUserDataSet</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga8e14fd83397b9bbb14568070183db80b" target="_parent">sfPolicyUserDataSet</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sid">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">sid</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">sid</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_spp_5fai_2ec">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../spp__ai_8c.html" target="_parent">spp_ai.c</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../spp__ai_8c.html" target="_parent">spp_ai.c</a>
</div>
</div>
<div class="SRResult" id="SR_spp_5fai_2eh">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../spp__ai_8h.html" target="_parent">spp_ai.h</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../spp__ai_8h.html" target="_parent">spp_ai.h</a>
</div>
</div>
<div class="SRResult" id="SR_src_5faddr">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_src_5faddr')">src_addr</a>
<div class="SRChildren">
<a id="Item12_c0" onkeydown="return searchResults.NavChild(event,12,0)" onkeypress="return searchResults.NavChild(event,12,0)" onkeyup="return searchResults.NavChild(event,12,0)" class="SRScope" href="../struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48" target="_parent">_AI_snort_alert::src_addr()</a>
<a id="Item12_c1" onkeydown="return searchResults.NavChild(event,12,1)" onkeypress="return searchResults.NavChild(event,12,1)" onkeyup="return searchResults.NavChild(event,12,1)" class="SRScope" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f" target="_parent">src_addr():&nbsp;spp_ai.h</a>
</div>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f" target="_parent">src_addr</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_src_5fip">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb" target="_parent">src_ip</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb" target="_parent">src_ip</a>
<span class="SRScope">pkt_key</span>
</div>
</div>
<div class="SRResult" id="SR_src_5fport">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_src_5fport')">src_port</a>
<div class="SRChildren">
<a id="Item14_c0" onkeydown="return searchResults.NavChild(event,14,0)" onkeypress="return searchResults.NavChild(event,14,0)" onkeyup="return searchResults.NavChild(event,14,0)" class="SRScope" href="../struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3" target="_parent">_AI_snort_alert::src_port()</a>
<a id="Item14_c1" onkeydown="return searchResults.NavChild(event,14,1)" onkeypress="return searchResults.NavChild(event,14,1)" onkeyup="return searchResults.NavChild(event,14,1)" class="SRScope" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b" target="_parent">src_port():&nbsp;spp_ai.h</a>
</div>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b" target="_parent">src_port</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_start_5ftime">
<div class="SREntry">
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../stream_8c.html#a0597864b078ff448f28432db86950309" target="_parent">start_time</a>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../stream_8c.html#a0597864b078ff448f28432db86950309" target="_parent">start_time</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_stream">
<div class="SREntry">
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" target="_parent">stream</a>
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" target="_parent">stream</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_stream_2ec">
<div class="SREntry">
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../stream_8c.html" target="_parent">stream.c</a>
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../stream_8c.html" target="_parent">stream.c</a>
</div>
</div>
<div class="SRResult" id="SR_streamexpireinterval">
<div class="SREntry">
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b" target="_parent">streamExpireInterval</a>
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b" target="_parent">streamExpireInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>

64
doc/html/search/all_74.html
View File

@ -7,51 +7,69 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_tcp_5fflags">
<div class="SRResult" id="SR_tcp_5fack">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507" target="_parent">tcp_flags</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79" target="_parent">tcp_ack</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcplen">
<div class="SRResult" id="SR_tcp_5fdst_5fport">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0" target="_parent">tcplen</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4" target="_parent">tcp_dst_port</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fflags">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507" target="_parent">tcp_flags</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5flen">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857" target="_parent">tcp_len</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fseq">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b" target="_parent">tcp_seq</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fsrc_5fport">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7" target="_parent">tcp_src_port</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fwindow">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348" target="_parent">tcp_window</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_timestamp">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_timestamp')">timestamp</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_timestamp')">timestamp</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92" target="_parent">pkt_info::timestamp()</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19" target="_parent">_AI_snort_alert::timestamp()</a>
<a id="Item7_c0" onkeydown="return searchResults.NavChild(event,7,0)" onkeypress="return searchResults.NavChild(event,7,0)" onkeyup="return searchResults.NavChild(event,7,0)" class="SRScope" href="../structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92" target="_parent">pkt_info::timestamp()</a>
<a id="Item7_c1" onkeydown="return searchResults.NavChild(event,7,1)" onkeypress="return searchResults.NavChild(event,7,1)" onkeyup="return searchResults.NavChild(event,7,1)" class="SRScope" href="../struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19" target="_parent">_AI_snort_alert::timestamp()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_tos">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93" target="_parent">tos</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_true">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b" target="_parent">true</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b" target="_parent">true</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_ttl">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2" target="_parent">ttl</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_type">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_type')">type</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_type')">type</a>
<div class="SRChildren">
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c" target="_parent">attribute_value::type()</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296" target="_parent">_hierarchy_node::type()</a>
<a id="Item9_c0" onkeydown="return searchResults.NavChild(event,9,0)" onkeypress="return searchResults.NavChild(event,9,0)" onkeyup="return searchResults.NavChild(event,9,0)" class="SRScope" href="../structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c" target="_parent">attribute_value::type()</a>
<a id="Item9_c1" onkeydown="return searchResults.NavChild(event,9,1)" onkeypress="return searchResults.NavChild(event,9,1)" onkeyup="return searchResults.NavChild(event,9,1)" class="SRScope" href="../struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296" target="_parent">_hierarchy_node::type()</a>
</div>
</div>
</div>

12
doc/html/search/defines_64.html
View File

@ -25,21 +25,27 @@
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fdatabase_5finterval">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310" target="_parent">DEFAULT_DATABASE_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fhash_5fcleanup_5finterval">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746" target="_parent">DEFAULT_HASH_CLEANUP_INTERVAL</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746" target="_parent">DEFAULT_HASH_CLEANUP_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fstream_5fexpire_5finterval">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031" target="_parent">DEFAULT_STREAM_EXPIRE_INTERVAL</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031" target="_parent">DEFAULT_STREAM_EXPIRE_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_dynamic_5fpreproc_5fsetup">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>

30
doc/html/search/files_64.html Normal file
View File

@ -0,0 +1,30 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_db_2ec">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../db_8c.html" target="_parent">db.c</a>
</div>
</div>
<div class="SRResult" id="SR_db_2eh">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../db_8h.html" target="_parent">db.h</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

25
doc/html/search/files_6d.html Normal file
View File

@ -0,0 +1,25 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_mysql_2ec">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../mysql_8c.html" target="_parent">mysql.c</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

28
doc/html/search/functions_5f.html
View File

@ -9,67 +9,73 @@
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR__5fai_5fcheck_5fduplicate">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../cluster_8c.html#a29c35cd6c56f54e27b5b190c6d6c487a" target="_parent">_AI_check_duplicate</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a" target="_parent">_AI_check_duplicate</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcluster_5fthread">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../cluster_8c.html#a8a5eae61dc9fd0f13e0acdfa5f4478e2" target="_parent">_AI_cluster_thread</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2" target="_parent">_AI_cluster_thread</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcopy_5falerts">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../alert__parser_8c.html#a6c5014cae9155379fdc4db649b2c862d" target="_parent">_AI_copy_alerts</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../group__alert__parser.html#ga6c5014cae9155379fdc4db649b2c862d" target="_parent">_AI_copy_alerts</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fequal_5falarms">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../cluster_8c.html#a0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fget_5fmin_5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../cluster_8c.html#a6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmerge_5falerts">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../cluster_8c.html#a8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmysql_5fcopy_5falerts">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__mysql.html#gab14c269b1187da75d35d4af3eb70a302" target="_parent">_AI_mysql_copy_alerts</a>
<span class="SRScope">db.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fprint_5fclustered_5falerts">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../cluster_8c.html#a7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__cluster.html#ga7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fstream_5ffree">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../stream_8c.html#a80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fheuristic_5ffunc">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../cluster_8c.html#a81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__cluster.html#ga81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fappend">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../cluster_8c.html#a5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fnew">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../cluster_8c.html#a2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<span class="SRScope">cluster.c</span>
</div>
</div>

76
doc/html/search/functions_61.html
View File

@ -7,12 +7,12 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ai_5falertparser_5fthread">
<div class="SRResult" id="SR_ai_5ffile_5falertparser_5fthread">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5falertparser_5fthread')">AI_alertparser_thread</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffile_5falertparser_5fthread')">AI_file_alertparser_thread</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a" target="_parent">AI_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../spp__ai_8h.html#a842a3204c6e067a9920990b573757181" target="_parent">AI_alertparser_thread(void *):&nbsp;alert_parser.c</a>
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
@ -20,8 +20,8 @@
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffree_5falerts')">AI_free_alerts</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../spp__ai_8h.html#a270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
@ -29,8 +29,8 @@
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5falerts')">AI_get_alerts</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../spp__ai_8h.html#af19a28f7cbcdfeb2b66fb3b625b75076" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
@ -38,8 +38,8 @@
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fstream_5fby_5fkey')">AI_get_stream_by_key</a>
<div class="SRChildren">
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../stream_8c.html#a2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
@ -47,8 +47,8 @@
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../spp__ai_8h.html#ad56f71be823eead743972274b99c82ff" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../stream_8c.html#a24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
</div>
</div>
</div>
@ -56,53 +56,77 @@
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhierarchies_5fbuild')">AI_hierarchies_build</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../cluster_8c.html#a1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../spp__ai_8h.html#a857348424b9db45c90f95631eb96fd7c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5finit">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fmysql_5falertparser_5fthread">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fmysql_5falertparser_5fthread')">AI_mysql_alertparser_thread</a>
<div class="SRChildren">
<a id="Item7_c0" onkeydown="return searchResults.NavChild(event,7,0)" onkeypress="return searchResults.NavChild(event,7,0)" onkeyup="return searchResults.NavChild(event,7,0)" class="SRScope" href="../group__mysql.html#gadf275635641f88725930de208fb5523f" target="_parent">AI_mysql_alertparser_thread(void *arg):&nbsp;db.c</a>
<a id="Item7_c1" onkeydown="return searchResults.NavChild(event,7,1)" onkeypress="return searchResults.NavChild(event,7,1)" onkeyup="return searchResults.NavChild(event,7,1)" class="SRScope" href="../group__mysql.html#gadf275635641f88725930de208fb5523f" target="_parent">AI_mysql_alertparser_thread(void *):&nbsp;db.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fmysql_5ffree_5falerts">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../spp__ai_8h.html#ad0d003c241328962df5757398329b809" target="_parent">AI_mysql_free_alerts</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fmysql_5fget_5falerts">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fmysql_5fget_5falerts')">AI_mysql_get_alerts</a>
<div class="SRChildren">
<a id="Item9_c0" onkeydown="return searchResults.NavChild(event,9,0)" onkeypress="return searchResults.NavChild(event,9,0)" onkeyup="return searchResults.NavChild(event,9,0)" class="SRScope" href="../group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b" target="_parent">AI_mysql_get_alerts():&nbsp;db.c</a>
<a id="Item9_c1" onkeydown="return searchResults.NavChild(event,9,1)" onkeypress="return searchResults.NavChild(event,9,1)" onkeyup="return searchResults.NavChild(event,9,1)" class="SRScope" href="../group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b" target="_parent">AI_mysql_get_alerts(void):&nbsp;db.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fparse">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fpkt_5fenqueue">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<div class="SRChildren">
<a id="Item8_c0" onkeydown="return searchResults.NavChild(event,8,0)" onkeypress="return searchResults.NavChild(event,8,0)" onkeyup="return searchResults.NavChild(event,8,0)" class="SRScope" href="../spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item8_c1" onkeydown="return searchResults.NavChild(event,8,1)" onkeypress="return searchResults.NavChild(event,8,1)" onkeyup="return searchResults.NavChild(event,8,1)" class="SRScope" href="../stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
<a id="Item11_c0" onkeydown="return searchResults.NavChild(event,11,0)" onkeypress="return searchResults.NavChild(event,11,0)" onkeyup="return searchResults.NavChild(event,11,0)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item11_c1" onkeydown="return searchResults.NavChild(event,11,1)" onkeypress="return searchResults.NavChild(event,11,1)" onkeyup="return searchResults.NavChild(event,11,1)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fprocess">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fset_5fstream_5fobserved">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<div class="SRChildren">
<a id="Item10_c0" onkeydown="return searchResults.NavChild(event,10,0)" onkeypress="return searchResults.NavChild(event,10,0)" onkeyup="return searchResults.NavChild(event,10,0)" class="SRScope" href="../spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item10_c1" onkeydown="return searchResults.NavChild(event,10,1)" onkeypress="return searchResults.NavChild(event,10,1)" onkeyup="return searchResults.NavChild(event,10,1)" class="SRScope" href="../stream_8c.html#a8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item13_c0" onkeydown="return searchResults.NavChild(event,13,0)" onkeypress="return searchResults.NavChild(event,13,0)" onkeyup="return searchResults.NavChild(event,13,0)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item13_c1" onkeydown="return searchResults.NavChild(event,13,1)" onkeypress="return searchResults.NavChild(event,13,1)" onkeyup="return searchResults.NavChild(event,13,1)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fsetup">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<div class="SRChildren">
<a id="Item11_c0" onkeydown="return searchResults.NavChild(event,11,0)" onkeypress="return searchResults.NavChild(event,11,0)" onkeyup="return searchResults.NavChild(event,11,0)" class="SRScope" href="../sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item11_c1" onkeydown="return searchResults.NavChild(event,11,1)" onkeypress="return searchResults.NavChild(event,11,1)" onkeyup="return searchResults.NavChild(event,11,1)" class="SRScope" href="../spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
<a id="Item14_c0" onkeydown="return searchResults.NavChild(event,14,0)" onkeypress="return searchResults.NavChild(event,14,0)" onkeyup="return searchResults.NavChild(event,14,0)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item14_c1" onkeydown="return searchResults.NavChild(event,14,1)" onkeypress="return searchResults.NavChild(event,14,1)" onkeyup="return searchResults.NavChild(event,14,1)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
</div>
</div>
</div>

20
doc/html/search/functions_64.html
View File

@ -7,9 +7,27 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_db_5fclose">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../db_8h.html#a7f625d084ac92d12b665fa7d53414727" target="_parent">DB_close</a>
<span class="SRScope">db.h</span>
</div>
</div>
<div class="SRResult" id="SR_db_5finit">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../db_8h.html#abfca7b59301511bf708eef53cb70b7ee" target="_parent">DB_init</a>
<span class="SRScope">db.h</span>
</div>
</div>
<div class="SRResult" id="SR_db_5fquery">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../db_8h.html#a51b1f8be35b963f30fa732fc22a5760e" target="_parent">DB_query</a>
<span class="SRScope">db.h</span>
</div>
</div>
<div class="SRResult" id="SR_dynamicpreprocessorfatalmessage">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a57c853c0f626bde2af6619cdeeb7471b" target="_parent">DynamicPreprocessorFatalMessage</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a57c853c0f626bde2af6619cdeeb7471b" target="_parent">DynamicPreprocessorFatalMessage</a>
<span class="SRScope">sf_dynamic_preproc_lib.c</span>
</div>
</div>

38
doc/html/search/functions_6d.html Normal file
View File

@ -0,0 +1,38 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_mysql_5fdo_5fclose">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../mysql_8c.html#a55eb83ebfb4caefbc4d9cee8aa0095e3" target="_parent">mysql_do_close</a>
<span class="SRScope">mysql.c</span>
</div>
</div>
<div class="SRResult" id="SR_mysql_5fdo_5finit">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../mysql_8c.html#a3fba38c3da4a252a55d81088c6fe9078" target="_parent">mysql_do_init</a>
<span class="SRScope">mysql.c</span>
</div>
</div>
<div class="SRResult" id="SR_mysql_5fdo_5fquery">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../mysql_8c.html#a90f2e6f4081c0c66f8da54b98aee2674" target="_parent">mysql_do_query</a>
<span class="SRScope">mysql.c</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

4
doc/html/search/functions_70.html
View File

@ -11,8 +11,8 @@
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_preg_5fmatch')">preg_match</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../regex_8c.html#a35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *expr, char *str, char ***matches, int *nmatches):&nbsp;regex.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../spp__ai_8h.html#a85c0852b05b60cbfe0130534160c9876" target="_parent">preg_match(const char *, char *, char ***, int *):&nbsp;regex.c</a>
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *expr, char *str, char ***matches, int *nmatches):&nbsp;regex.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *, char *, char ***, int *):&nbsp;regex.c</a>
</div>
</div>
</div>

8
doc/html/search/search.js
View File

@ -7,11 +7,11 @@
var indexSectionsWithContent =
{
0: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111111111011111101111010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
0: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111111111011111101111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
1: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
2: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101000000000000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
3: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100100001001000100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101110111011111101110010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
2: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101100000000100001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
3: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100100001001100100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101110111011111101110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
5: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000010000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
6: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
7: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001101000000010000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",

2
doc/html/search/variables_5f.html
View File

@ -9,7 +9,7 @@
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR__5fconfig">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../cluster_8c.html#a91458e2d34595688e39fcb63ba418849" target="_parent">_config</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../group__cluster.html#ga91458e2d34595688e39fcb63ba418849" target="_parent">_config</a>
<span class="SRScope">cluster.c</span>
</div>
</div>

27
doc/html/search/variables_61.html
View File

@ -7,40 +7,43 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ack">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37" target="_parent">ack</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5ffp">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5flog">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR_alertclusteringinterval">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertfile">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertparser_5fthread">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0" target="_parent">alertparser_thread</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_alerts">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts</a>
<span class="SRScope">alert_parser.c</span>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_alerts')">alerts</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts():&nbsp;alert_parser.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../group__mysql.html#gae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts():&nbsp;db.c</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

8
doc/html/search/variables_63.html
View File

@ -25,9 +25,15 @@
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_config">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74" target="_parent">config</a>
<span class="SRScope">db.c</span>
</div>
</div>
<div class="SRResult" id="SR_count">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<span class="SRScope">attribute_value</span>
</div>
</div>

53
doc/html/search/variables_64.html
View File

@ -7,25 +7,58 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_desc">
<div class="SRResult" id="SR_databaseparsinginterval">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135" target="_parent">desc</a>
<span class="SRScope">_AI_snort_alert</span>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__config.html#ae6ca715cab1d90b70c3aad443133c263" target="_parent">databaseParsingInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5faddr">
<div class="SRResult" id="SR_db">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c" target="_parent">dst_addr</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../mysql_8c.html#aedbcc8d9f1bd3c64adf6ad8ccfcd48a4" target="_parent">db</a>
<span class="SRScope">mysql.c</span>
</div>
</div>
<div class="SRResult" id="SR_db_5fmutex">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../group__mysql.html#ga40bb4c7d0679e36cc0ec4fa41d36d96c" target="_parent">db_mutex</a>
<span class="SRScope">db.c</span>
</div>
</div>
<div class="SRResult" id="SR_dbhost">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab" target="_parent">dbhost</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_dbname">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structAI__config.html#ac8a93607f12106e2f5c9b43af27107da" target="_parent">dbname</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_dbpass">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d" target="_parent">dbpass</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_dbuser">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0" target="_parent">dbuser</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_desc">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135" target="_parent">desc</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5fport">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_dst_5fport')">dst_port</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" target="_parent">pkt_key::dst_port()</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3" target="_parent">_AI_snort_alert::dst_port()</a>
</div>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" target="_parent">dst_port</a>
<span class="SRScope">pkt_key</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

2
doc/html/search/variables_65.html
View File

@ -9,7 +9,7 @@
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ex_5fconfig">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8c.html#a3dd75596c540d148643fe6d1fdc02628" target="_parent">ex_config</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../group__spp__ai.html#ga3dd75596c540d148643fe6d1fdc02628" target="_parent">ex_config</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>

10
doc/html/search/variables_67.html
View File

@ -7,15 +7,21 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_get_5falerts">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7" target="_parent">get_alerts</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_gid">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">gid</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">gid</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_grouped_5falarms_5fcount">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53" target="_parent">grouped_alarms_count</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53" target="_parent">grouped_alarms_count</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>

16
doc/html/search/variables_68.html
View File

@ -15,7 +15,7 @@
</div>
<div class="SRResult" id="SR_h_5froot">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82" target="_parent">h_root</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82" target="_parent">h_root</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
@ -25,18 +25,24 @@
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_hash_5fmutex">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../stream_8c.html#a4e01edd07102e71480b323db2b8f57c8" target="_parent">hash_mutex</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_hashcleanupinterval">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4" target="_parent">hashCleanupInterval</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4" target="_parent">hashCleanupInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_hh">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_hh')">hh</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_hh')">hh</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc" target="_parent">attribute_value::hh()</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc" target="_parent">attribute_value::hh()</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
</div>
</div>
</div>

36
doc/html/search/variables_69.html
View File

@ -7,21 +7,45 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_id">
<div class="SRResult" id="SR_ip_5fdst_5faddr">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf" target="_parent">id</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b" target="_parent">ip_dst_addr</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_iplen">
<div class="SRResult" id="SR_ip_5fid">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78" target="_parent">iplen</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78" target="_parent">ip_id</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ipproto">
<div class="SRResult" id="SR_ip_5flen">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4" target="_parent">ipproto</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1" target="_parent">ip_len</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5fproto">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536" target="_parent">ip_proto</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5fsrc_5faddr">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611" target="_parent">ip_src_addr</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5ftos">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416" target="_parent">ip_tos</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5fttl">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600" target="_parent">ip_ttl</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>

28
doc/html/search/variables_73.html
View File

@ -7,51 +7,33 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_sequence">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77" target="_parent">sequence</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_sid">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">sid</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_src_5faddr">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48" target="_parent">src_addr</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">sid</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_src_5fip">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb" target="_parent">src_ip</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb" target="_parent">src_ip</a>
<span class="SRScope">pkt_key</span>
</div>
</div>
<div class="SRResult" id="SR_src_5fport">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3" target="_parent">src_port</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_start_5ftime">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../stream_8c.html#a0597864b078ff448f28432db86950309" target="_parent">start_time</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../stream_8c.html#a0597864b078ff448f28432db86950309" target="_parent">start_time</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_stream">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" target="_parent">stream</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" target="_parent">stream</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_streamexpireinterval">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b" target="_parent">streamExpireInterval</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b" target="_parent">streamExpireInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>

62
doc/html/search/variables_74.html
View File

@ -7,45 +7,63 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_tcp_5fflags">
<div class="SRResult" id="SR_tcp_5fack">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507" target="_parent">tcp_flags</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79" target="_parent">tcp_ack</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcplen">
<div class="SRResult" id="SR_tcp_5fdst_5fport">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0" target="_parent">tcplen</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4" target="_parent">tcp_dst_port</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fflags">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507" target="_parent">tcp_flags</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5flen">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857" target="_parent">tcp_len</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fseq">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b" target="_parent">tcp_seq</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fsrc_5fport">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7" target="_parent">tcp_src_port</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fwindow">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348" target="_parent">tcp_window</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_timestamp">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_timestamp')">timestamp</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_timestamp')">timestamp</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92" target="_parent">pkt_info::timestamp()</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19" target="_parent">_AI_snort_alert::timestamp()</a>
<a id="Item7_c0" onkeydown="return searchResults.NavChild(event,7,0)" onkeypress="return searchResults.NavChild(event,7,0)" onkeyup="return searchResults.NavChild(event,7,0)" class="SRScope" href="../structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92" target="_parent">pkt_info::timestamp()</a>
<a id="Item7_c1" onkeydown="return searchResults.NavChild(event,7,1)" onkeypress="return searchResults.NavChild(event,7,1)" onkeyup="return searchResults.NavChild(event,7,1)" class="SRScope" href="../struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19" target="_parent">_AI_snort_alert::timestamp()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_tos">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93" target="_parent">tos</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ttl">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2" target="_parent">ttl</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_type">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_type')">type</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_type')">type</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c" target="_parent">attribute_value::type()</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296" target="_parent">_hierarchy_node::type()</a>
<a id="Item8_c0" onkeydown="return searchResults.NavChild(event,8,0)" onkeypress="return searchResults.NavChild(event,8,0)" onkeyup="return searchResults.NavChild(event,8,0)" class="SRScope" href="../structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c" target="_parent">attribute_value::type()</a>
<a id="Item8_c1" onkeydown="return searchResults.NavChild(event,8,1)" onkeypress="return searchResults.NavChild(event,8,1)" onkeyup="return searchResults.NavChild(event,8,1)" class="SRScope" href="../struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296" target="_parent">_hierarchy_node::type()</a>
</div>
</div>
</div>

6
doc/html/sfPolicyUserData_8c.html
View File

@ -62,9 +62,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">tSfPolicyUserContextId&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#gac62cd5838bee4a9d3f40561eae920cdd">sfPolicyConfigCreate</a> (void)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#ga189d09ed6d1203ebace6ea2c2aafc1b8">sfPolicyConfigDelete</a> (tSfPolicyUserContextId pContext)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#ga8e14fd83397b9bbb14568070183db80b">sfPolicyUserDataSet</a> (tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *config)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#ga8e14fd83397b9bbb14568070183db80b">sfPolicyUserDataSet</a> (tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *<a class="el" href="group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74">config</a>)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#gae8f2ae426b1f1a50eabfade6d22c2c85">sfPolicyUserDataClear</a> (tSfPolicyUserContextId pContext, tSfPolicyId policyId)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#ga3f3ab9314d29d2ee2a8285289b388f17">sfPolicyUserDataIterate</a> (tSfPolicyUserContextId pContext, int(*callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *config))</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__sfPolicyConfig.html#ga3f3ab9314d29d2ee2a8285289b388f17">sfPolicyUserDataIterate</a> (tSfPolicyUserContextId pContext, int(*callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *<a class="el" href="group__mysql.html#ga6439d32dccbbc77c9b2aad04897bfa74">config</a>))</td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">tSfPolicyId&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="sfPolicyUserData_8c.html#a281b418c0dc978a74cd7ab5e46ee0fa4">runtimePolicyId</a> = 0</td></tr>
@ -112,7 +112,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/sf__dynamic__preproc__lib_8c.html
View File

@ -168,7 +168,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

28
doc/html/sf__preproc__info_8h.html
View File

@ -65,8 +65,8 @@ Defines</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44">DYNAMIC_PREPROC_SETUP</a>&nbsp;&nbsp;&nbsp;AI_setup</td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c">AI_setup</a> ()</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set up the preprocessor module. <a href="#ad81716bc3f0fec4df74198a7cbdbd43c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">AI_setup</a> ()</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set up the preprocessor module. <a href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570"></a><br/></td></tr>
</table>
<hr/><h2>Define Documentation</h2>
<a class="anchor" id="ad7a967dd260384e94010b31b1412a0b4"></a><!-- doxytag: member="sf_preproc_info.h::BUILD_VERSION" ref="ad7a967dd260384e94010b31b1412a0b4" args="" -->
@ -132,28 +132,6 @@ Functions</h2></td></tr>
</div>
<div class="memdoc">
</div>
</div>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="ad81716bc3f0fec4df74198a7cbdbd43c"></a><!-- doxytag: member="sf_preproc_info.h::AI_setup" ref="ad81716bc3f0fec4df74198a7cbdbd43c" args="()" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_setup </td>
<td>(</td>
<td class="paramtype">void&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Set up the preprocessor module. </p>
<p>FUNCTION: AI_setup </p>
</div>
</div>
</div>
@ -171,7 +149,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

4
doc/html/sf__preproc__info_8h_source.html
View File

@ -58,7 +58,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<a name="l00007"></a><a class="code" href="sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af">00007</a> <span class="preprocessor"></span><span class="preprocessor">#define PREPROC_NAME &quot;SF_AI&quot;</span>
<a name="l00008"></a>00008 <span class="preprocessor"></span>
<a name="l00009"></a><a class="code" href="sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44">00009</a> <span class="preprocessor">#define DYNAMIC_PREPROC_SETUP AI_setup</span>
<a name="l00010"></a>00010 <span class="preprocessor"></span><span class="keyword">extern</span> <span class="keywordtype">void</span> <a class="code" href="sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c" title="Set up the preprocessor module.">AI_setup</a>();
<a name="l00010"></a>00010 <span class="preprocessor"></span><span class="keyword">extern</span> <span class="keywordtype">void</span> <a class="code" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" title="Set up the preprocessor module.">AI_setup</a>();
<a name="l00011"></a>00011
<a name="l00012"></a>00012 <span class="preprocessor">#endif </span><span class="comment">/* SF_PREPROC_INFO_H_ */</span>
<a name="l00013"></a>00013
@ -78,7 +78,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

149
doc/html/spp__ai_8c.html
View File

@ -61,146 +61,19 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242">AI_init</a> (char *args)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Initialize the preprocessor module. <a href="#a3524cbdf8fddbcf38c4ed55241002242"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1">AI_process</a> (void *pkt, void *context)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function executed every time the module receives a packet to be processed. <a href="#a57c05cda012c443cb4c358dc327cd3d1"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e">AI_parse</a> (char *args)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Parse the arguments passed to the module saving them to a valid configuration struct. <a href="#ae1c5c4b38ee2819d427848eb3046373e"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570">AI_setup</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set up the preprocessor module. <a href="#a1b9ebb5c719c7d9426ddfc1f3da36570"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242">AI_init</a> (char *args)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Initialize the preprocessor module. <a href="group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1">AI_process</a> (void *pkt, void *context)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function executed every time the module receives a packet to be processed. <a href="group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e">AI_parse</a> (char *args)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Parse the arguments passed to the module saving them to a valid configuration struct. <a href="group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">AI_setup</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set up the preprocessor module. <a href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">tSfPolicyUserContextId&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a3dd75596c540d148643fe6d1fdc02628">ex_config</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">tSfPolicyUserContextId&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#ga3dd75596c540d148643fe6d1fdc02628">ex_config</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static void *(*&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0">alertparser_thread</a> )(void *) = NULL</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a3524cbdf8fddbcf38c4ed55241002242"></a><!-- doxytag: member="spp_ai.c::AI_init" ref="a3524cbdf8fddbcf38c4ed55241002242" args="(char *args)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">static void AI_init </td>
<td>(</td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>args</em></td>
<td>&nbsp;)&nbsp;</td>
<td><code> [static]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Initialize the preprocessor module. </p>
<p>FUNCTION: AI_init </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>args</em>&nbsp;</td><td>Configuration arguments passed to the module </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ae1c5c4b38ee2819d427848eb3046373e"></a><!-- doxytag: member="spp_ai.c::AI_parse" ref="ae1c5c4b38ee2819d427848eb3046373e" args="(char *args)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">static <a class="el" href="structAI__config.html">AI_config</a> * AI_parse </td>
<td>(</td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>args</em></td>
<td>&nbsp;)&nbsp;</td>
<td><code> [static]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Parse the arguments passed to the module saving them to a valid configuration struct. </p>
<p>FUNCTION: <a class="el" href="structAI__config.html">AI_config</a> </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>args</em>&nbsp;</td><td>Arguments passed to the module </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>Pointer to <a class="el" href="structAI__config.html">AI_config</a> keeping the configuration for the module </dd></dl>
</div>
</div>
<a class="anchor" id="a57c05cda012c443cb4c358dc327cd3d1"></a><!-- doxytag: member="spp_ai.c::AI_process" ref="a57c05cda012c443cb4c358dc327cd3d1" args="(void *pkt, void *context)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_process </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>pkt</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>context</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td><code> [static]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Function executed every time the module receives a packet to be processed. </p>
<p>FUNCTION: AI_process </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>pkt</em>&nbsp;</td><td>void* pointer to the packet data </td></tr>
<tr><td valign="top"></td><td valign="top"><em>context</em>&nbsp;</td><td>void* pointer to the context </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a1b9ebb5c719c7d9426ddfc1f3da36570"></a><!-- doxytag: member="spp_ai.c::AI_setup" ref="a1b9ebb5c719c7d9426ddfc1f3da36570" args="(void)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_setup </td>
<td>(</td>
<td class="paramtype">void&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Set up the preprocessor module. </p>
<p>FUNCTION: AI_setup </p>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="a3dd75596c540d148643fe6d1fdc02628"></a><!-- doxytag: member="spp_ai.c::ex_config" ref="a3dd75596c540d148643fe6d1fdc02628" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">tSfPolicyUserContextId <a class="el" href="spp__ai_8c.html#a3dd75596c540d148643fe6d1fdc02628">ex_config</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
@ -216,7 +89,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

347
doc/html/spp__ai_8h.html
View File

@ -75,6 +75,7 @@ Defines</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8">PRIVATE</a>&nbsp;&nbsp;&nbsp;static</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">DEFAULT_HASH_CLEANUP_INTERVAL</a>&nbsp;&nbsp;&nbsp;300</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">DEFAULT_STREAM_EXPIRE_INTERVAL</a>&nbsp;&nbsp;&nbsp;300</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310">DEFAULT_DATABASE_INTERVAL</a>&nbsp;&nbsp;&nbsp;30</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">DEFAULT_ALERT_CLUSTERING_INTERVAL</a>&nbsp;&nbsp;&nbsp;3600</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">DEFAULT_ALERT_LOG_FILE</a>&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/alert&quot;</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">DEFAULT_CLUSTER_LOG_FILE</a>&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/cluster_alert&quot;</td></tr>
@ -102,27 +103,33 @@ Enumerations</h2></td></tr>
}</td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a85c0852b05b60cbfe0130534160c9876">preg_match</a> (const char *, char *, char ***, int *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="#a85c0852b05b60cbfe0130534160c9876"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ad56f71be823eead743972274b99c82ff">AI_hashcleanup_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. <a href="#ad56f71be823eead743972274b99c82ff"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a842a3204c6e067a9920990b573757181">AI_alertparser_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing Snort's alert file. <a href="#a842a3204c6e067a9920990b573757181"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29">AI_pkt_enqueue</a> (SFSnortPacket *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. <a href="#af6f7d167c3623bbc669e8d31c2719b29"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02">AI_set_stream_observed</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. <a href="#a8749989cee2ac05a7de058faac280c02"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a857348424b9db45c90f95631eb96fd7c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **, int)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="#a857348424b9db45c90f95631eb96fd7c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a">AI_get_stream_by_key</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a>)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get a TCP stream by key. <a href="#a3054f06297a9caefd4d9b1283bb8b69a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#af19a28f7cbcdfeb2b66fb3b625b75076">AI_get_alerts</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="#af19a28f7cbcdfeb2b66fb3b625b75076"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a270e86669a0aa64a8da37bc16cda645b">AI_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Deallocate the memory of a log alert linked list. <a href="#a270e86669a0aa64a8da37bc16cda645b"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">preg_match</a> (const char *, char *, char ***, int *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">AI_hashcleanup_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. <a href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">AI_file_alertparser_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing Snort's alert file. <a href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#gadf275635641f88725930de208fb5523f">AI_mysql_alertparser_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing alerts from MySQL database. <a href="group__mysql.html#gadf275635641f88725930de208fb5523f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5">AI_pkt_enqueue</a> (SFSnortPacket *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. <a href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02">AI_set_stream_observed</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. <a href="group__stream.html#ga8749989cee2ac05a7de058faac280c02"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **, int)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">AI_get_stream_by_key</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a>)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get a TCP stream by key. <a href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">AI_get_alerts</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b">AI_mysql_get_alerts</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">AI_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Deallocate the memory of a log alert linked list. <a href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ad0d003c241328962df5757398329b809">AI_mysql_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">DynamicPreprocessorData&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *(*&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7">get_alerts</a> )(void)</td></tr>
</table>
<hr/><h2>Define Documentation</h2>
<a class="anchor" id="a0c4b6fce670e46083e33b9f53b78f39e"></a><!-- doxytag: member="spp_ai.h::DEFAULT_ALERT_CLUSTERING_INTERVAL" ref="a0c4b6fce670e46083e33b9f53b78f39e" args="" -->
@ -135,6 +142,7 @@ Variables</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Default interval in seconds for the thread clustering alerts </p>
</div>
</div>
@ -148,6 +156,7 @@ Variables</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Default path to Snort's log file </p>
</div>
</div>
@ -161,6 +170,21 @@ Variables</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Default path to Snort's clustered alerts file </p>
</div>
</div>
<a class="anchor" id="a3c4984a0ee515fbc091ac6e33b05e310"></a><!-- doxytag: member="spp_ai.h::DEFAULT_DATABASE_INTERVAL" ref="a3c4984a0ee515fbc091ac6e33b05e310" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_DATABASE_INTERVAL&nbsp;&nbsp;&nbsp;30</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Default interval in seconds for reading alerts from the alert database, if used </p>
</div>
</div>
@ -174,6 +198,7 @@ Variables</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Default interval in seconds for the thread cleaning up TCP streams </p>
</div>
</div>
@ -187,6 +212,7 @@ Variables</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Default interval in seconds before a stream without any packet is considered timed out </p>
</div>
</div>
@ -214,6 +240,7 @@ Variables</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Data type for Snort alerts </p>
</div>
</div>
@ -301,6 +328,7 @@ Variables</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Possible types of clustering attributes </p>
<dl><dt><b>Enumerator: </b></dt><dd><table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0"></a><!-- doxytag: member="none" ref="ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0" args="" -->none</em>&nbsp;</td><td>
</td></tr>
@ -321,39 +349,12 @@ Variables</h2></td></tr>
</div>
</div>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a842a3204c6e067a9920990b573757181"></a><!-- doxytag: member="spp_ai.h::AI_alertparser_thread" ref="a842a3204c6e067a9920990b573757181" args="(void *)" -->
<a class="anchor" id="ad0d003c241328962df5757398329b809"></a><!-- doxytag: member="spp_ai.h::AI_mysql_free_alerts" ref="ad0d003c241328962df5757398329b809" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_alertparser_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for parsing Snort's alert file. </p>
<p>FUNCTION: AI_alertparser_thread </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>void* pointer to module's configuration </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a270e86669a0aa64a8da37bc16cda645b"></a><!-- doxytag: member="spp_ai.h::AI_free_alerts" ref="a270e86669a0aa64a8da37bc16cda645b" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_free_alerts </td>
<td class="memname">void AI_mysql_free_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>node</em></td>
@ -364,242 +365,6 @@ Variables</h2></td></tr>
</div>
<div class="memdoc">
<p>Deallocate the memory of a log alert linked list. </p>
<p>FUNCTION: AI_free_alerts </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Linked list to be freed </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="af19a28f7cbcdfeb2b66fb3b625b75076"></a><!-- doxytag: member="spp_ai.h::AI_get_alerts" ref="af19a28f7cbcdfeb2b66fb3b625b75076" args="(void)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_get_alerts </td>
<td>(</td>
<td class="paramtype">void&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Return the alerts parsed so far as a linked list. </p>
<p>FUNCTION: AI_get_alerts </p>
<dl class="return"><dt><b>Returns:</b></dt><dd>An AI_snort_alert pointer identifying the list of alerts </dd></dl>
</div>
</div>
<a class="anchor" id="a3054f06297a9caefd4d9b1283bb8b69a"></a><!-- doxytag: member="spp_ai.h::AI_get_stream_by_key" ref="a3054f06297a9caefd4d9b1283bb8b69a" args="(struct pkt_key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">struct <a class="el" href="structpkt__info.html">pkt_info</a>* AI_get_stream_by_key </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td><code> [read]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Get a TCP stream by key. </p>
<p>FUNCTION: AI_get_stream_by_key </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be picked up (struct <a class="el" href="structpkt__key.html">pkt_key</a>) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A <a class="el" href="structpkt__info.html">pkt_info</a> pointer to the stream if found, NULL otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="ad56f71be823eead743972274b99c82ff"></a><!-- doxytag: member="spp_ai.h::AI_hashcleanup_thread" ref="ad56f71be823eead743972274b99c82ff" args="(void *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_hashcleanup_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. </p>
<p>FUNCTION: AI_hashcleanup_thread </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>Pointer to the <a class="el" href="structAI__config.html">AI_config</a> struct </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a857348424b9db45c90f95631eb96fd7c"></a><!-- doxytag: member="spp_ai.h::AI_hierarchies_build" ref="a857348424b9db45c90f95631eb96fd7c" args="(AI_config *, hierarchy_node **, int)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_hierarchies_build </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td>
<td class="paramname"> <em>conf</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **&nbsp;</td>
<td class="paramname"> <em>nodes</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>n_nodes</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Build the clustering hierarchy trees. </p>
<p>FUNCTION: AI_hierarchies_build </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>conf</em>&nbsp;</td><td>Reference to the configuration of the module </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nodes</em>&nbsp;</td><td>Nodes containing the information about the clustering ranges </td></tr>
<tr><td valign="top"></td><td valign="top"><em>n_nodes</em>&nbsp;</td><td>Number of nodes </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="af6f7d167c3623bbc669e8d31c2719b29"></a><!-- doxytag: member="spp_ai.h::AI_pkt_enqueue" ref="af6f7d167c3623bbc669e8d31c2719b29" args="(SFSnortPacket *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_pkt_enqueue </td>
<td>(</td>
<td class="paramtype">SFSnortPacket *&nbsp;</td>
<td class="paramname"> <em>pkt</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. </p>
<p>FUNCTION: AI_pkt_enqueue </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>pkt</em>&nbsp;</td><td>Packet to be appended </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a8749989cee2ac05a7de058faac280c02"></a><!-- doxytag: member="spp_ai.h::AI_set_stream_observed" ref="a8749989cee2ac05a7de058faac280c02" args="(struct pkt_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_set_stream_observed </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. </p>
<p>FUNCTION: AI_set_stream_observed </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be set as "observed" </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a85c0852b05b60cbfe0130534160c9876"></a><!-- doxytag: member="spp_ai.h::preg_match" ref="a85c0852b05b60cbfe0130534160c9876" args="(const char *, char *, char ***, int *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int preg_match </td>
<td>(</td>
<td class="paramtype">const char *&nbsp;</td>
<td class="paramname"> <em>expr</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>str</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char ***&nbsp;</td>
<td class="paramname"> <em>matches</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int *&nbsp;</td>
<td class="paramname"> <em>nmatches</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if a string matches a regular expression. </p>
<p>FUNCTION: preg_match </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>expr</em>&nbsp;</td><td>Regular expression to be matched </td></tr>
<tr><td valign="top"></td><td valign="top"><em>str</em>&nbsp;</td><td>String to be checked </td></tr>
<tr><td valign="top"></td><td valign="top"><em>matches</em>&nbsp;</td><td>Reference to a char** that will contain the submatches (NULL if you don't need it) </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nmatches</em>&nbsp;</td><td>Reference to a int containing the number of submatches found (NULL if you don't need it) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>-1 if the regex is wrong, 0 if no match was found, 1 otherwise </dd></dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
@ -614,6 +379,20 @@ Variables</h2></td></tr>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ab184b676360ce03035801284a2bd1ea7"></a><!-- doxytag: member="spp_ai.h::get_alerts" ref="ab184b676360ce03035801284a2bd1ea7" args=")(void)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>*(* <a class="el" href="spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7">get_alerts</a>)(void)</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Function pointer to the function used for getting the alert list (from log file, db, ...) </p>
</div>
</div>
</div>
@ -631,7 +410,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

275
doc/html/spp__ai_8h_source.html
View File

@ -77,129 +77,158 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<a name="l00026"></a>00026
<a name="l00027"></a><a class="code" href="spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8">00027</a> <span class="preprocessor">#define PRIVATE static</span>
<a name="l00028"></a>00028 <span class="preprocessor"></span>
<a name="l00029"></a><a class="code" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">00029</a> <span class="preprocessor">#define DEFAULT_HASH_CLEANUP_INTERVAL 300</span>
<a name="l00030"></a><a class="code" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">00030</a> <span class="preprocessor"></span><span class="preprocessor">#define DEFAULT_STREAM_EXPIRE_INTERVAL 300</span>
<a name="l00031"></a><a class="code" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">00031</a> <span class="preprocessor"></span><span class="preprocessor">#define DEFAULT_ALERT_CLUSTERING_INTERVAL 3600</span>
<a name="l00032"></a><a class="code" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">00032</a> <span class="preprocessor"></span><span class="preprocessor">#define DEFAULT_ALERT_LOG_FILE &quot;/var/log/snort/alert&quot;</span>
<a name="l00033"></a><a class="code" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">00033</a> <span class="preprocessor"></span><span class="preprocessor">#define DEFAULT_CLUSTER_LOG_FILE &quot;/var/log/snort/cluster_alert&quot;</span>
<a name="l00030"></a><a class="code" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">00030</a> <span class="preprocessor">#define DEFAULT_HASH_CLEANUP_INTERVAL 300</span>
<a name="l00031"></a>00031 <span class="preprocessor"></span>
<a name="l00033"></a><a class="code" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">00033</a> <span class="preprocessor">#define DEFAULT_STREAM_EXPIRE_INTERVAL 300</span>
<a name="l00034"></a>00034 <span class="preprocessor"></span>
<a name="l00035"></a>00035 <span class="keyword">extern</span> DynamicPreprocessorData <a class="code" href="sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a>;
<a name="l00036"></a><a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">00036</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> uint8_t;
<a name="l00037"></a><a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">00037</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> uint16_t;
<a name="l00038"></a><a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">00038</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> uint32_t;
<a name="l00039"></a>00039
<a name="l00040"></a><a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">00040</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> { <span class="keyword">false</span>, <span class="keyword">true</span> } BOOL;
<a name="l00041"></a>00041
<a name="l00042"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">00042</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> {
<a name="l00043"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">00043</a> none, src_addr, dst_addr, src_port, dst_port, <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">CLUSTER_TYPES</a>
<a name="l00044"></a>00044 } cluster_type;
<a name="l00045"></a>00045
<a name="l00046"></a>00046 <span class="comment">/* Each stream in the hash table is identified by the couple (src_ip, dst_port) */</span>
<a name="l00047"></a><a class="code" href="structpkt__key.html">00047</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a>
<a name="l00048"></a>00048 {
<a name="l00049"></a><a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">00049</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">src_ip</a>;
<a name="l00050"></a><a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">00050</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">dst_port</a>;
<a name="l00051"></a>00051 };
<a name="l00052"></a>00052
<a name="l00053"></a>00053 <span class="comment">/* Identifier of a packet in a stream */</span>
<a name="l00054"></a><a class="code" href="structpkt__info.html">00054</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>
<a name="l00055"></a>00055 {
<a name="l00056"></a><a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">00056</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a> <a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">key</a>; <span class="comment">/* Key of the packet (src_ip, dst_port) */</span>
<a name="l00057"></a><a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">00057</a> time_t <a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">timestamp</a>; <span class="comment">/* Timestamp */</span>
<a name="l00058"></a><a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">00058</a> SFSnortPacket* <a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt</a>; <span class="comment">/* Reference to SFSnortPacket containing packet&#39;s information */</span>
<a name="l00059"></a><a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">00059</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">next</a>; <span class="comment">/* Pointer to the next packet in the stream */</span>
<a name="l00060"></a><a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">00060</a> <a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">observed</a>; <span class="comment">/* Flag set if the packet is observed, i.e. associated to a security alert */</span>
<a name="l00061"></a><a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">00061</a> UT_hash_handle <a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">hh</a>; <span class="comment">/* Make the struct &#39;hashable&#39; */</span>
<a name="l00062"></a>00062 };
<a name="l00063"></a>00063
<a name="l00064"></a>00064 <span class="comment">/* Data type containing the configuration of the module */</span>
<a name="l00065"></a><a class="code" href="structAI__config.html">00065</a> <span class="keyword">typedef</span> <span class="keyword">struct</span>
<a name="l00066"></a>00066 {
<a name="l00067"></a><a class="code" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">00067</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> hashCleanupInterval;
<a name="l00068"></a><a class="code" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">00068</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> streamExpireInterval;
<a name="l00069"></a><a class="code" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">00069</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> alertClusteringInterval;
<a name="l00070"></a><a class="code" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">00070</a> <span class="keywordtype">char</span> alertfile[1024];
<a name="l00071"></a><a class="code" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">00071</a> <span class="keywordtype">char</span> clusterfile[1024];
<a name="l00072"></a>00072 } <a class="code" href="structAI__config.html">AI_config</a>;
<a name="l00073"></a>00073
<a name="l00074"></a>00074 <span class="comment">/* Data type for hierarchies used for clustering */</span>
<a name="l00075"></a><a class="code" href="struct__hierarchy__node.html">00075</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a>
<a name="l00076"></a>00076 {
<a name="l00077"></a><a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">00077</a> <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> <a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">type</a>;
<a name="l00078"></a><a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">00078</a> <span class="keywordtype">char</span> <a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">label</a>[256];
<a name="l00079"></a><a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">00079</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">min_val</a>;
<a name="l00080"></a><a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">00080</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">max_val</a>;
<a name="l00081"></a><a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">00081</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">nchildren</a>;
<a name="l00082"></a><a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">00082</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> *<a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">parent</a>;
<a name="l00083"></a><a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">00083</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> **<a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">children</a>;
<a name="l00084"></a>00084 } <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>;
<a name="l00085"></a>00085
<a name="l00086"></a>00086 <span class="comment">/* Data type for Snort alerts */</span>
<a name="l00087"></a><a class="code" href="struct__AI__snort__alert.html">00087</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> {
<a name="l00088"></a>00088 <span class="comment">/* Identifiers of the alert */</span>
<a name="l00089"></a><a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">00089</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">gid</a>;
<a name="l00090"></a><a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">00090</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">sid</a>;
<a name="l00091"></a><a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">00091</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">rev</a>;
<a name="l00092"></a>00092
<a name="l00093"></a>00093 <span class="comment">/* Snort priority, description,</span>
<a name="l00094"></a>00094 <span class="comment"> * classification and timestamp</span>
<a name="l00095"></a>00095 <span class="comment"> * of the alert */</span>
<a name="l00096"></a><a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">00096</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> <a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">priority</a>;
<a name="l00097"></a><a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">00097</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">desc</a>;
<a name="l00098"></a><a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">00098</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">classification</a>;
<a name="l00099"></a><a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">00099</a> time_t <a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">timestamp</a>;
<a name="l00100"></a>00100
<a name="l00101"></a>00101 <span class="comment">/* IP header information */</span>
<a name="l00102"></a><a class="code" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">00102</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">tos</a>;
<a name="l00103"></a><a class="code" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">00103</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">iplen</a>;
<a name="l00104"></a><a class="code" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">00104</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">id</a>;
<a name="l00105"></a><a class="code" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">00105</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">ttl</a>;
<a name="l00106"></a><a class="code" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">00106</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">ipproto</a>;
<a name="l00107"></a><a class="code" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">00107</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">src_addr</a>;
<a name="l00108"></a><a class="code" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">00108</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">dst_addr</a>;
<a name="l00109"></a>00109
<a name="l00110"></a>00110 <span class="comment">/* TCP header information */</span>
<a name="l00111"></a><a class="code" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">00111</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">src_port</a>;
<a name="l00112"></a><a class="code" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">00112</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">dst_port</a>;
<a name="l00113"></a><a class="code" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">00113</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">sequence</a>;
<a name="l00114"></a><a class="code" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">00114</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">ack</a>;
<a name="l00115"></a><a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">00115</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">tcp_flags</a>;
<a name="l00116"></a><a class="code" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">00116</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">window</a>;
<a name="l00117"></a><a class="code" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">00117</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">tcplen</a>;
<a name="l00118"></a>00118
<a name="l00119"></a>00119 <span class="comment">/* Reference to the TCP stream</span>
<a name="l00120"></a>00120 <span class="comment"> * associated to the alert, if any */</span>
<a name="l00121"></a><a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">00121</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a> *<a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">stream</a>;
<a name="l00122"></a>00122
<a name="l00123"></a>00123 <span class="comment">/* Pointer to the next alert in</span>
<a name="l00124"></a>00124 <span class="comment"> * the log, if any*/</span>
<a name="l00125"></a><a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">00125</a> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> *<a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">next</a>;
<a name="l00126"></a>00126
<a name="l00127"></a>00127 <span class="comment">/* Hierarchies for addresses and ports,</span>
<a name="l00128"></a>00128 <span class="comment"> * if the clustering algorithm is used */</span>
<a name="l00129"></a><a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">00129</a> <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a> *<a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">h_node</a>[CLUSTER_TYPES];
<a name="l00130"></a>00130
<a name="l00131"></a>00131 <span class="comment">/* If the clustering algorithm is used,</span>
<a name="l00132"></a>00132 <span class="comment"> * we also count how many alerts this</span>
<a name="l00133"></a>00133 <span class="comment"> * single alert groups */</span>
<a name="l00134"></a><a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">00134</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">grouped_alarms_count</a>;
<a name="l00135"></a>00135 } <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>;
<a name="l00136"></a>00136
<a name="l00137"></a>00137 <span class="keywordtype">int</span> <a class="code" href="regex_8c.html#a35f57c052a7de1ded54b67a1f7819791" title="Check if a string matches a regular expression.">preg_match</a> ( <span class="keyword">const</span> <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>***, <span class="keywordtype">int</span>* );
<a name="l00138"></a>00138
<a name="l00139"></a>00139 <span class="keywordtype">void</span>* <a class="code" href="spp__ai_8h.html#ad56f71be823eead743972274b99c82ff" title="Thread called for cleaning up the hash table from the traffic streams older than a certain threshold...">AI_hashcleanup_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00140"></a>00140 <span class="keywordtype">void</span>* <a class="code" href="alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a" title="Thread for parsing Snort&amp;#39;s alert file.">AI_alertparser_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00141"></a>00141
<a name="l00142"></a>00142 <span class="keywordtype">void</span> <a class="code" href="spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29" title="Function called for appending a new packet to the hash table, creating a new stream or appending it t...">AI_pkt_enqueue</a> ( SFSnortPacket* );
<a name="l00143"></a>00143 <span class="keywordtype">void</span> <a class="code" href="spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02" title="Set the flag &amp;quot;observed&amp;quot; on a stream associated to a security alert, so that it won&amp;#39;t be...">AI_set_stream_observed</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> key );
<a name="l00144"></a>00144 <span class="keywordtype">void</span> <a class="code" href="cluster_8c.html#a1445818b37483f78cc3fb2890155842c" title="Build the clustering hierarchy trees.">AI_hierarchies_build</a> ( <a class="code" href="structAI__config.html">AI_config</a>*, <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>**, <span class="keywordtype">int</span> );
<a name="l00145"></a>00145
<a name="l00146"></a>00146 <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a" title="Get a TCP stream by key.">AI_get_stream_by_key</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> );
<a name="l00147"></a>00147 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="code" href="alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f" title="Return the alerts parsed so far as a linked list.">AI_get_alerts</a> ( <span class="keywordtype">void</span> );
<a name="l00148"></a>00148 <span class="keywordtype">void</span> <a class="code" href="alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b" title="Deallocate the memory of a log alert linked list.">AI_free_alerts</a> ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00149"></a>00149
<a name="l00150"></a>00150 <span class="preprocessor">#endif </span><span class="comment">/* _SPP_AI_H */</span>
<a name="l00151"></a>00151
<a name="l00036"></a><a class="code" href="spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310">00036</a> <span class="preprocessor">#define DEFAULT_DATABASE_INTERVAL 30</span>
<a name="l00037"></a>00037 <span class="preprocessor"></span>
<a name="l00039"></a><a class="code" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">00039</a> <span class="preprocessor">#define DEFAULT_ALERT_CLUSTERING_INTERVAL 3600</span>
<a name="l00040"></a>00040 <span class="preprocessor"></span>
<a name="l00042"></a><a class="code" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">00042</a> <span class="preprocessor">#define DEFAULT_ALERT_LOG_FILE &quot;/var/log/snort/alert&quot;</span>
<a name="l00043"></a>00043 <span class="preprocessor"></span>
<a name="l00045"></a><a class="code" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">00045</a> <span class="preprocessor">#define DEFAULT_CLUSTER_LOG_FILE &quot;/var/log/snort/cluster_alert&quot;</span>
<a name="l00046"></a>00046 <span class="preprocessor"></span>
<a name="l00047"></a>00047 <span class="keyword">extern</span> DynamicPreprocessorData <a class="code" href="sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a>;
<a name="l00048"></a><a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">00048</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> uint8_t;
<a name="l00049"></a><a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">00049</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> uint16_t;
<a name="l00050"></a><a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">00050</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> uint32_t;
<a name="l00051"></a>00051
<a name="l00052"></a><a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">00052</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> { <span class="keyword">false</span>, <span class="keyword">true</span> } BOOL;
<a name="l00053"></a>00053
<a name="l00055"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">00055</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> {
<a name="l00056"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">00056</a> none, src_addr, dst_addr, src_port, dst_port, <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">CLUSTER_TYPES</a>
<a name="l00057"></a>00057 } cluster_type;
<a name="l00058"></a>00058
<a name="l00060"></a><a class="code" href="structpkt__key.html">00060</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a>
<a name="l00061"></a>00061 {
<a name="l00062"></a><a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">00062</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">src_ip</a>;
<a name="l00063"></a><a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">00063</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">dst_port</a>;
<a name="l00064"></a>00064 };
<a name="l00065"></a>00065
<a name="l00067"></a><a class="code" href="structpkt__info.html">00067</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>
<a name="l00068"></a>00068 {
<a name="l00070"></a><a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">00070</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a> <a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">key</a>;
<a name="l00071"></a>00071
<a name="l00073"></a><a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">00073</a> time_t <a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">timestamp</a>;
<a name="l00074"></a>00074
<a name="l00076"></a><a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">00076</a> SFSnortPacket* <a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt</a>;
<a name="l00077"></a>00077
<a name="l00079"></a><a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">00079</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">next</a>;
<a name="l00080"></a>00080
<a name="l00082"></a><a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">00082</a> <a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">observed</a>;
<a name="l00083"></a>00083
<a name="l00085"></a><a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">00085</a> UT_hash_handle <a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">hh</a>;
<a name="l00086"></a>00086 };
<a name="l00087"></a>00087
<a name="l00088"></a>00088 <span class="comment">/* Data type containing the configuration of the module */</span>
<a name="l00089"></a><a class="code" href="structAI__config.html">00089</a> <span class="keyword">typedef</span> <span class="keyword">struct</span>
<a name="l00090"></a>00090 {
<a name="l00092"></a><a class="code" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">00092</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> hashCleanupInterval;
<a name="l00093"></a>00093
<a name="l00095"></a><a class="code" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">00095</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> streamExpireInterval;
<a name="l00096"></a>00096
<a name="l00098"></a><a class="code" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">00098</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> alertClusteringInterval;
<a name="l00099"></a>00099
<a name="l00101"></a><a class="code" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">00101</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> databaseParsingInterval;
<a name="l00102"></a>00102
<a name="l00104"></a><a class="code" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">00104</a> <span class="keywordtype">char</span> alertfile[1024];
<a name="l00105"></a>00105
<a name="l00107"></a><a class="code" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">00107</a> <span class="keywordtype">char</span> clusterfile[1024];
<a name="l00108"></a>00108
<a name="l00110"></a><a class="code" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">00110</a> <span class="keywordtype">char</span> dbname[256];
<a name="l00111"></a>00111
<a name="l00113"></a><a class="code" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">00113</a> <span class="keywordtype">char</span> dbuser[256];
<a name="l00114"></a>00114
<a name="l00116"></a><a class="code" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">00116</a> <span class="keywordtype">char</span> dbpass[256];
<a name="l00117"></a>00117
<a name="l00119"></a><a class="code" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">00119</a> <span class="keywordtype">char</span> dbhost[256];
<a name="l00120"></a>00120 } <a class="code" href="structAI__config.html">AI_config</a>;
<a name="l00121"></a>00121
<a name="l00122"></a>00122 <span class="comment">/* Data type for hierarchies used for clustering */</span>
<a name="l00123"></a><a class="code" href="struct__hierarchy__node.html">00123</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a>
<a name="l00124"></a>00124 {
<a name="l00125"></a><a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">00125</a> <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> <a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">type</a>;
<a name="l00126"></a><a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">00126</a> <span class="keywordtype">char</span> <a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">label</a>[256];
<a name="l00127"></a><a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">00127</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">min_val</a>;
<a name="l00128"></a><a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">00128</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">max_val</a>;
<a name="l00129"></a><a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">00129</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">nchildren</a>;
<a name="l00130"></a><a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">00130</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> *<a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">parent</a>;
<a name="l00131"></a><a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">00131</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> **<a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">children</a>;
<a name="l00132"></a>00132 } <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>;
<a name="l00133"></a>00133
<a name="l00135"></a><a class="code" href="struct__AI__snort__alert.html">00135</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> {
<a name="l00136"></a>00136 <span class="comment">/* Identifiers of the alert */</span>
<a name="l00137"></a><a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">00137</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">gid</a>;
<a name="l00138"></a><a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">00138</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">sid</a>;
<a name="l00139"></a><a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">00139</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">rev</a>;
<a name="l00140"></a>00140
<a name="l00141"></a>00141 <span class="comment">/* Snort priority, description,</span>
<a name="l00142"></a>00142 <span class="comment"> * classification and timestamp</span>
<a name="l00143"></a>00143 <span class="comment"> * of the alert */</span>
<a name="l00144"></a><a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">00144</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> <a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">priority</a>;
<a name="l00145"></a><a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">00145</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">desc</a>;
<a name="l00146"></a><a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">00146</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">classification</a>;
<a name="l00147"></a><a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">00147</a> time_t <a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">timestamp</a>;
<a name="l00148"></a>00148
<a name="l00149"></a>00149 <span class="comment">/* IP header information */</span>
<a name="l00150"></a><a class="code" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">00150</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">ip_tos</a>;
<a name="l00151"></a><a class="code" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">00151</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">ip_len</a>;
<a name="l00152"></a><a class="code" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">00152</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">ip_id</a>;
<a name="l00153"></a><a class="code" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">00153</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">ip_ttl</a>;
<a name="l00154"></a><a class="code" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">00154</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">ip_proto</a>;
<a name="l00155"></a><a class="code" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">00155</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">ip_src_addr</a>;
<a name="l00156"></a><a class="code" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">00156</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">ip_dst_addr</a>;
<a name="l00157"></a>00157
<a name="l00158"></a>00158 <span class="comment">/* TCP header information */</span>
<a name="l00159"></a><a class="code" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">00159</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">tcp_src_port</a>;
<a name="l00160"></a><a class="code" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">00160</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">tcp_dst_port</a>;
<a name="l00161"></a><a class="code" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">00161</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">tcp_seq</a>;
<a name="l00162"></a><a class="code" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">00162</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">tcp_ack</a>;
<a name="l00163"></a><a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">00163</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">tcp_flags</a>;
<a name="l00164"></a><a class="code" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">00164</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">tcp_window</a>;
<a name="l00165"></a><a class="code" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">00165</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">tcp_len</a>;
<a name="l00166"></a>00166
<a name="l00167"></a>00167 <span class="comment">/* Reference to the TCP stream</span>
<a name="l00168"></a>00168 <span class="comment"> * associated to the alert, if any */</span>
<a name="l00169"></a><a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">00169</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a> *<a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">stream</a>;
<a name="l00170"></a>00170
<a name="l00171"></a>00171 <span class="comment">/* Pointer to the next alert in</span>
<a name="l00172"></a>00172 <span class="comment"> * the log, if any*/</span>
<a name="l00173"></a><a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">00173</a> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> *<a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">next</a>;
<a name="l00174"></a>00174
<a name="l00175"></a>00175 <span class="comment">/* Hierarchies for addresses and ports,</span>
<a name="l00176"></a>00176 <span class="comment"> * if the clustering algorithm is used */</span>
<a name="l00177"></a><a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">00177</a> <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a> *<a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">h_node</a>[CLUSTER_TYPES];
<a name="l00178"></a>00178
<a name="l00179"></a>00179 <span class="comment">/* If the clustering algorithm is used,</span>
<a name="l00180"></a>00180 <span class="comment"> * we also count how many alerts this</span>
<a name="l00181"></a>00181 <span class="comment"> * single alert groups */</span>
<a name="l00182"></a><a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">00182</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">grouped_alarms_count</a>;
<a name="l00183"></a>00183 } <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>;
<a name="l00184"></a>00184
<a name="l00185"></a>00185 <span class="keywordtype">int</span> <a class="code" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" title="Check if a string matches a regular expression.">preg_match</a> ( <span class="keyword">const</span> <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>***, <span class="keywordtype">int</span>* );
<a name="l00186"></a>00186
<a name="l00187"></a>00187 <span class="keywordtype">void</span>* <a class="code" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75" title="Thread called for cleaning up the hash table from the traffic streams older than a certain threshold...">AI_hashcleanup_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00188"></a>00188 <span class="keywordtype">void</span>* <a class="code" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" title="Thread for parsing Snort&amp;#39;s alert file.">AI_file_alertparser_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00189"></a>00189 <span class="keywordtype">void</span>* <a class="code" href="group__mysql.html#gadf275635641f88725930de208fb5523f" title="Thread for parsing alerts from MySQL database.">AI_mysql_alertparser_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00190"></a>00190
<a name="l00191"></a>00191 <span class="keywordtype">void</span> <a class="code" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" title="Function called for appending a new packet to the hash table, creating a new stream or appending it t...">AI_pkt_enqueue</a> ( SFSnortPacket* );
<a name="l00192"></a>00192 <span class="keywordtype">void</span> <a class="code" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02" title="Set the flag &amp;quot;observed&amp;quot; on a stream associated to a security alert, so that it won&amp;#39;t be...">AI_set_stream_observed</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> key );
<a name="l00193"></a>00193 <span class="keywordtype">void</span> <a class="code" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c" title="Build the clustering hierarchy trees.">AI_hierarchies_build</a> ( <a class="code" href="structAI__config.html">AI_config</a>*, <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>**, <span class="keywordtype">int</span> );
<a name="l00194"></a>00194
<a name="l00195"></a>00195 <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" title="Get a TCP stream by key.">AI_get_stream_by_key</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> );
<a name="l00196"></a>00196
<a name="l00197"></a>00197 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="code" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" title="Return the alerts parsed so far as a linked list.">AI_get_alerts</a> ( <span class="keywordtype">void</span> );
<a name="l00198"></a>00198 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="code" href="group__mysql.html#ga0ead3c1e46063e215168e76d7999d65b" title="Return the alerts parsed so far as a linked list.">AI_mysql_get_alerts</a> ( <span class="keywordtype">void</span> );
<a name="l00199"></a>00199
<a name="l00200"></a>00200 <span class="keywordtype">void</span> <a class="code" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" title="Deallocate the memory of a log alert linked list.">AI_free_alerts</a> ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00201"></a>00201 <span class="keywordtype">void</span> <a class="code" href="spp__ai_8h.html#ad0d003c241328962df5757398329b809">AI_mysql_free_alerts</a> ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00202"></a>00202
<a name="l00204"></a><a class="code" href="spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7">00204</a> <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* (*get_alerts)(void);
<a name="l00205"></a>00205
<a name="l00206"></a>00206 <span class="preprocessor">#endif </span><span class="comment">/* _SPP_AI_H */</span>
<a name="l00207"></a>00207
</pre></div></div>
</div>
<!--- window showing the filter options -->
@ -216,7 +245,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

175
doc/html/stream_8c.html
View File

@ -58,161 +58,26 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<code>#include &lt;stdlib.h&gt;</code><br/>
<code>#include &lt;time.h&gt;</code><br/>
<code>#include &lt;unistd.h&gt;</code><br/>
<code>#include &lt;pthread.h&gt;</code><br/>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a80016adf701c717a6ebfb5b15b8a5749">_AI_stream_free</a> (struct <a class="el" href="structpkt__info.html">pkt_info</a> *stream)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Remove a stream from the hash table (private function). <a href="#a80016adf701c717a6ebfb5b15b8a5749"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a24b1131374e5059564b8a12380c4eb75">AI_hashcleanup_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. <a href="#a24b1131374e5059564b8a12380c4eb75"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5">AI_pkt_enqueue</a> (SFSnortPacket *pkt)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. <a href="#a7d71c5645b9baff7b6c4b9a181bf80c5"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a2efedcabbfd12c5345f0c93a3dd4735c">AI_get_stream_by_key</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get a TCP stream by key. <a href="#a2efedcabbfd12c5345f0c93a3dd4735c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a8749989cee2ac05a7de058faac280c02">AI_set_stream_observed</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. <a href="#a8749989cee2ac05a7de058faac280c02"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749">_AI_stream_free</a> (struct <a class="el" href="structpkt__info.html">pkt_info</a> *stream)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Remove a stream from the hash table (private function). <a href="group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">AI_hashcleanup_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. <a href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5">AI_pkt_enqueue</a> (SFSnortPacket *pkt)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. <a href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">AI_get_stream_by_key</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get a TCP stream by key. <a href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02">AI_set_stream_observed</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. <a href="group__stream.html#ga8749989cee2ac05a7de058faac280c02"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a57e23cda853e9d11c37723a962ef2f68">hash</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE time_t&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a0597864b078ff448f28432db86950309">start_time</a> = 0</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE pthread_mutex_t&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a4e01edd07102e71480b323db2b8f57c8">hash_mutex</a> = PTHREAD_MUTEX_INITIALIZER</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a80016adf701c717a6ebfb5b15b8a5749"></a><!-- doxytag: member="stream.c::_AI_stream_free" ref="a80016adf701c717a6ebfb5b15b8a5749" args="(struct pkt_info *stream)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void _AI_stream_free </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td>
<td class="paramname"> <em>stream</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Remove a stream from the hash table (private function). </p>
<p>FUNCTION: _AI_stream_free </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>stream</em>&nbsp;</td><td>Stream to be removed </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a2efedcabbfd12c5345f0c93a3dd4735c"></a><!-- doxytag: member="stream.c::AI_get_stream_by_key" ref="a2efedcabbfd12c5345f0c93a3dd4735c" args="(struct pkt_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">struct <a class="el" href="structpkt__info.html">pkt_info</a>* AI_get_stream_by_key </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td><code> [read]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Get a TCP stream by key. </p>
<p>FUNCTION: AI_get_stream_by_key </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be picked up (struct <a class="el" href="structpkt__key.html">pkt_key</a>) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A <a class="el" href="structpkt__info.html">pkt_info</a> pointer to the stream if found, NULL otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="a24b1131374e5059564b8a12380c4eb75"></a><!-- doxytag: member="stream.c::AI_hashcleanup_thread" ref="a24b1131374e5059564b8a12380c4eb75" args="(void *arg)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_hashcleanup_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. </p>
<p>FUNCTION: AI_hashcleanup_thread </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>Pointer to the <a class="el" href="structAI__config.html">AI_config</a> struct </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a7d71c5645b9baff7b6c4b9a181bf80c5"></a><!-- doxytag: member="stream.c::AI_pkt_enqueue" ref="a7d71c5645b9baff7b6c4b9a181bf80c5" args="(SFSnortPacket *pkt)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_pkt_enqueue </td>
<td>(</td>
<td class="paramtype">SFSnortPacket *&nbsp;</td>
<td class="paramname"> <em>pkt</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. </p>
<p>FUNCTION: AI_pkt_enqueue </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>pkt</em>&nbsp;</td><td>Packet to be appended </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a8749989cee2ac05a7de058faac280c02"></a><!-- doxytag: member="stream.c::AI_set_stream_observed" ref="a8749989cee2ac05a7de058faac280c02" args="(struct pkt_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_set_stream_observed </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. </p>
<p>FUNCTION: AI_set_stream_observed </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be set as "observed" </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="a57e23cda853e9d11c37723a962ef2f68"></a><!-- doxytag: member="stream.c::hash" ref="a57e23cda853e9d11c37723a962ef2f68" args="" -->
<div class="memitem">
@ -225,6 +90,20 @@ Variables</h2></td></tr>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a4e01edd07102e71480b323db2b8f57c8"></a><!-- doxytag: member="stream.c::hash_mutex" ref="a4e01edd07102e71480b323db2b8f57c8" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE pthread_mutex_t <a class="el" href="stream_8c.html#a4e01edd07102e71480b323db2b8f57c8">hash_mutex</a> = PTHREAD_MUTEX_INITIALIZER</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>pthread mutex for managing the access of multiple readers/writers to the hash table </p>
</div>
</div>
<a class="anchor" id="a0597864b078ff448f28432db86950309"></a><!-- doxytag: member="stream.c::start_time" ref="a0597864b078ff448f28432db86950309" args="" -->
@ -255,7 +134,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

82
doc/html/structAI__config.html
View File

@ -61,8 +61,13 @@ Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">hashCleanupInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">streamExpireInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">alertClusteringInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">databaseParsingInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">alertfile</a> [1024]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">clusterfile</a> [1024]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">dbname</a> [256]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">dbuser</a> [256]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">dbpass</a> [256]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">dbhost</a> [256]</td></tr>
</table>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a7d0d098b8263aa3d8415b11d1ec7f93d"></a><!-- doxytag: member="AI_config::alertClusteringInterval" ref="a7d0d098b8263aa3d8415b11d1ec7f93d" args="" -->
@ -75,6 +80,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Interval in seconds for the alert clustering thread </p>
</div>
</div>
@ -88,6 +94,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Alert file </p>
</div>
</div>
@ -101,6 +108,77 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Clustered alerts file </p>
</div>
</div>
<a class="anchor" id="ae6ca715cab1d90b70c3aad443133c263"></a><!-- doxytag: member="AI_config::databaseParsingInterval" ref="ae6ca715cab1d90b70c3aad443133c263" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned long <a class="el" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">AI_config::databaseParsingInterval</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Interval in seconds for reading the alert database, if database logging is used </p>
</div>
</div>
<a class="anchor" id="a8e56f1a1b2095d3d329c8068ea0f3aab"></a><!-- doxytag: member="AI_config::dbhost" ref="a8e56f1a1b2095d3d329c8068ea0f3aab" args="[256]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char <a class="el" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">AI_config::dbhost</a>[256]</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Database host, if database logging is used </p>
</div>
</div>
<a class="anchor" id="ac8a93607f12106e2f5c9b43af27107da"></a><!-- doxytag: member="AI_config::dbname" ref="ac8a93607f12106e2f5c9b43af27107da" args="[256]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char <a class="el" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">AI_config::dbname</a>[256]</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Database name, if database logging is used </p>
</div>
</div>
<a class="anchor" id="aa1cda349763faf60b2ebdbf2d187ae7d"></a><!-- doxytag: member="AI_config::dbpass" ref="aa1cda349763faf60b2ebdbf2d187ae7d" args="[256]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char <a class="el" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">AI_config::dbpass</a>[256]</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Database password, if database logging is used </p>
</div>
</div>
<a class="anchor" id="aa004adebfdafb6d14092aecd7f4912b0"></a><!-- doxytag: member="AI_config::dbuser" ref="aa004adebfdafb6d14092aecd7f4912b0" args="[256]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char <a class="el" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">AI_config::dbuser</a>[256]</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Database user, if database logging is used </p>
</div>
</div>
@ -114,6 +192,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Interval in seconds for the stream cleanup thread </p>
</div>
</div>
@ -127,6 +206,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Interval in seconds for considering an idle stream timed out </p>
</div>
</div>
@ -148,7 +228,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

280
doc/html/struct__AI__snort__alert.html
View File

@ -65,39 +65,28 @@ Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">desc</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">classification</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">time_t&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">timestamp</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">tos</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">iplen</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">id</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">ttl</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">ipproto</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">src_addr</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">dst_addr</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">src_port</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">dst_port</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">sequence</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">ack</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">ip_tos</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">ip_len</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">ip_id</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">ip_ttl</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">ip_proto</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">ip_src_addr</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">ip_dst_addr</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">tcp_src_port</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">tcp_dst_port</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">tcp_seq</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">tcp_ack</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">tcp_flags</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">window</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">tcplen</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">tcp_window</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">tcp_len</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">stream</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">next</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">h_node</a> [CLUSTER_TYPES]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">grouped_alarms_count</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Data type for Snort alerts </p>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a2b185c678d3a7f1207b2119b0b567c37"></a><!-- doxytag: member="_AI_snort_alert::ack" ref="a2b185c678d3a7f1207b2119b0b567c37" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">_AI_snort_alert::ack</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="aa89585e14acb2c4e684a1552d322632f"></a><!-- doxytag: member="_AI_snort_alert::classification" ref="aa89585e14acb2c4e684a1552d322632f" args="" -->
<div class="memitem">
<div class="memproto">
@ -122,32 +111,6 @@ Data Fields</h2></td></tr>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a69cc2ba171c8c808a0b45caa9426cd8c"></a><!-- doxytag: member="_AI_snort_alert::dst_addr" ref="a69cc2ba171c8c808a0b45caa9426cd8c" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">_AI_snort_alert::dst_addr</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a6b323c07ae501d221e330e13646a96a3"></a><!-- doxytag: member="_AI_snort_alert::dst_port" ref="a6b323c07ae501d221e330e13646a96a3" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">_AI_snort_alert::dst_port</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="af8408be5da59cda853442dd13465c0f6"></a><!-- doxytag: member="_AI_snort_alert::gid" ref="af8408be5da59cda853442dd13465c0f6" args="" -->
@ -189,12 +152,12 @@ Data Fields</h2></td></tr>
</div>
</div>
<a class="anchor" id="a45e4acf90450a5f9efd4e0c290f84bcf"></a><!-- doxytag: member="_AI_snort_alert::id" ref="a45e4acf90450a5f9efd4e0c290f84bcf" args="" -->
<a class="anchor" id="a754ca683593c838e4032fa8c13b1512b"></a><!-- doxytag: member="_AI_snort_alert::ip_dst_addr" ref="a754ca683593c838e4032fa8c13b1512b" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">_AI_snort_alert::id</a></td>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">_AI_snort_alert::ip_dst_addr</a></td>
</tr>
</table>
</div>
@ -202,12 +165,12 @@ Data Fields</h2></td></tr>
</div>
</div>
<a class="anchor" id="a523ef8842d01a1bc4ea3c0bf27518e78"></a><!-- doxytag: member="_AI_snort_alert::iplen" ref="a523ef8842d01a1bc4ea3c0bf27518e78" args="" -->
<a class="anchor" id="a2fc673dec85a7b49dd16ac7c0bb1bb78"></a><!-- doxytag: member="_AI_snort_alert::ip_id" ref="a2fc673dec85a7b49dd16ac7c0bb1bb78" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">_AI_snort_alert::iplen</a></td>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">_AI_snort_alert::ip_id</a></td>
</tr>
</table>
</div>
@ -215,12 +178,64 @@ Data Fields</h2></td></tr>
</div>
</div>
<a class="anchor" id="a2a5f2741918c3c13890f2b617a7f23a4"></a><!-- doxytag: member="_AI_snort_alert::ipproto" ref="a2a5f2741918c3c13890f2b617a7f23a4" args="" -->
<a class="anchor" id="ad3ffe99036513d5f33b94d22fb84f8f1"></a><!-- doxytag: member="_AI_snort_alert::ip_len" ref="ad3ffe99036513d5f33b94d22fb84f8f1" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="el" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">_AI_snort_alert::ipproto</a></td>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">_AI_snort_alert::ip_len</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a5ea7b250ac1c472f3ab57565b6df2536"></a><!-- doxytag: member="_AI_snort_alert::ip_proto" ref="a5ea7b250ac1c472f3ab57565b6df2536" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="el" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">_AI_snort_alert::ip_proto</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a194117c57a52933d16a97838562bb611"></a><!-- doxytag: member="_AI_snort_alert::ip_src_addr" ref="a194117c57a52933d16a97838562bb611" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">_AI_snort_alert::ip_src_addr</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a3f3c47f9baf3229d067504a85873b416"></a><!-- doxytag: member="_AI_snort_alert::ip_tos" ref="a3f3c47f9baf3229d067504a85873b416" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="el" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">_AI_snort_alert::ip_tos</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a3c9bbe84ec696cd58668a45799a66600"></a><!-- doxytag: member="_AI_snort_alert::ip_ttl" ref="a3c9bbe84ec696cd58668a45799a66600" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="el" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">_AI_snort_alert::ip_ttl</a></td>
</tr>
</table>
</div>
@ -265,19 +280,6 @@ Data Fields</h2></td></tr>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="acb20c4c55149d5806d7523720786ab77"></a><!-- doxytag: member="_AI_snort_alert::sequence" ref="acb20c4c55149d5806d7523720786ab77" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">_AI_snort_alert::sequence</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a3349aa68d2234f8ffd897367c3a8a137"></a><!-- doxytag: member="_AI_snort_alert::sid" ref="a3349aa68d2234f8ffd897367c3a8a137" args="" -->
@ -291,32 +293,6 @@ Data Fields</h2></td></tr>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ab16a24f368020e4b40e65b53cae33b48"></a><!-- doxytag: member="_AI_snort_alert::src_addr" ref="ab16a24f368020e4b40e65b53cae33b48" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">_AI_snort_alert::src_addr</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a856cccd3eaabd38aa9974f26d3edc5e3"></a><!-- doxytag: member="_AI_snort_alert::src_port" ref="a856cccd3eaabd38aa9974f26d3edc5e3" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">_AI_snort_alert::src_port</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a09dfe0a841fd3912ec78060d4547cb31"></a><!-- doxytag: member="_AI_snort_alert::stream" ref="a09dfe0a841fd3912ec78060d4547cb31" args="" -->
@ -330,6 +306,32 @@ Data Fields</h2></td></tr>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a8aac577224a4325ec50511c6d79b4b79"></a><!-- doxytag: member="_AI_snort_alert::tcp_ack" ref="a8aac577224a4325ec50511c6d79b4b79" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">_AI_snort_alert::tcp_ack</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="aaca31cb67d48ffc3bfd1227686d5f5a4"></a><!-- doxytag: member="_AI_snort_alert::tcp_dst_port" ref="aaca31cb67d48ffc3bfd1227686d5f5a4" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">_AI_snort_alert::tcp_dst_port</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="aa643f11db93b70242b57f0a04775e507"></a><!-- doxytag: member="_AI_snort_alert::tcp_flags" ref="aa643f11db93b70242b57f0a04775e507" args="" -->
@ -345,12 +347,51 @@ Data Fields</h2></td></tr>
</div>
</div>
<a class="anchor" id="a519a103f5e8f1cb006c0c137b7c6a1c0"></a><!-- doxytag: member="_AI_snort_alert::tcplen" ref="a519a103f5e8f1cb006c0c137b7c6a1c0" args="" -->
<a class="anchor" id="ab7e0507050b8e475fea7a4b26c768857"></a><!-- doxytag: member="_AI_snort_alert::tcp_len" ref="ab7e0507050b8e475fea7a4b26c768857" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">_AI_snort_alert::tcplen</a></td>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">_AI_snort_alert::tcp_len</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ad6edf59fccea55bf5f940bf36117020b"></a><!-- doxytag: member="_AI_snort_alert::tcp_seq" ref="ad6edf59fccea55bf5f940bf36117020b" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">_AI_snort_alert::tcp_seq</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a4d4cbdbd9675f4c43545547f55174cb7"></a><!-- doxytag: member="_AI_snort_alert::tcp_src_port" ref="a4d4cbdbd9675f4c43545547f55174cb7" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">_AI_snort_alert::tcp_src_port</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a1687fccc26bb211591db8b36ffec5348"></a><!-- doxytag: member="_AI_snort_alert::tcp_window" ref="a1687fccc26bb211591db8b36ffec5348" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">_AI_snort_alert::tcp_window</a></td>
</tr>
</table>
</div>
@ -369,45 +410,6 @@ Data Fields</h2></td></tr>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a882ae6db43dc0fe08071947ccb044b93"></a><!-- doxytag: member="_AI_snort_alert::tos" ref="a882ae6db43dc0fe08071947ccb044b93" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="el" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">_AI_snort_alert::tos</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ab9b1ce8ee440a324af116403ac9c51a2"></a><!-- doxytag: member="_AI_snort_alert::ttl" ref="ab9b1ce8ee440a324af116403ac9c51a2" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="el" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">_AI_snort_alert::ttl</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a63e94be3d248cf4beb0d4d5ab75331b1"></a><!-- doxytag: member="_AI_snort_alert::window" ref="a63e94be3d248cf4beb0d4d5ab75331b1" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">_AI_snort_alert::window</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
@ -428,7 +430,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/struct__hierarchy__node.html
View File

@ -176,7 +176,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

9
doc/html/structattribute__key.html
View File

@ -50,7 +50,10 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>attribute_key Struct Reference</h1> </div>
<h1>attribute_key Struct Reference<br/>
<small>
[<a class="el" href="group__cluster.html">Manage the clustering of alarms</a>]</small>
</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="attribute_key" --><table class="memberdecls">
@ -59,6 +62,8 @@ Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__key.html#a4fdb3d7aabeac6b1052b59e05e3d8842">min</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__key.html#a82b7e5ac49820b816871a4ddf30c462d">max</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Identifier key for a cluster attribute value </p>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a82b7e5ac49820b816871a4ddf30c462d"></a><!-- doxytag: member="attribute_key::max" ref="a82b7e5ac49820b816871a4ddf30c462d" args="" -->
<div class="memitem">
@ -104,7 +109,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

9
doc/html/structattribute__value.html
View File

@ -50,7 +50,10 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>attribute_value Struct Reference</h1> </div>
<h1>attribute_value Struct Reference<br/>
<small>
[<a class="el" href="group__cluster.html">Manage the clustering of alarms</a>]</small>
</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="attribute_value" --><table class="memberdecls">
@ -61,6 +64,8 @@ Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__value.html#a5579c0304c2e9ab488ac94905b385045">count</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">UT_hash_handle&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">hh</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Representation of a cluster attribute value </p>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a5579c0304c2e9ab488ac94905b385045"></a><!-- doxytag: member="attribute_value::count" ref="a5579c0304c2e9ab488ac94905b385045" args="" -->
<div class="memitem">
@ -132,7 +137,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

10
doc/html/structpkt__info.html
View File

@ -65,6 +65,8 @@ Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">observed</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">UT_hash_handle&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">hh</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Identifier of a packet in a stream </p>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a264e90d4b5d490de040f38c1072e142f"></a><!-- doxytag: member="pkt_info::hh" ref="a264e90d4b5d490de040f38c1072e142f" args="" -->
<div class="memitem">
@ -76,6 +78,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Make the struct 'hashable' </p>
</div>
</div>
@ -89,6 +92,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Key of the packet (src_ip, dst_port) </p>
</div>
</div>
@ -102,6 +106,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Pointer to the next packet in the stream </p>
</div>
</div>
@ -115,6 +120,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Flag set if the packet is observed, i.e. associated to a security alert </p>
</div>
</div>
@ -128,6 +134,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Reference to SFSnortPacket containing packet's information </p>
</div>
</div>
@ -141,6 +148,7 @@ Data Fields</h2></td></tr>
</table>
</div>
<div class="memdoc">
<p>Timestamp </p>
</div>
</div>
@ -162,7 +170,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

4
doc/html/structpkt__key.html
View File

@ -61,6 +61,8 @@ Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">src_ip</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">dst_port</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Each stream in the hash table is identified by the couple (src_ip, dst_port) </p>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="af77f5eb1f4cd88b43fe99fd73553351d"></a><!-- doxytag: member="pkt_key::dst_port" ref="af77f5eb1f4cd88b43fe99fd73553351d" args="" -->
<div class="memitem">
@ -106,7 +108,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

79
doc/latex/alert__parser_8c.tex
View File

@ -8,16 +8,17 @@
{\ttfamily \#include $<$time.h$>$}\par
{\ttfamily \#include $<$sys/inotify.h$>$}\par
{\ttfamily \#include $<$sys/stat.h$>$}\par
{\ttfamily \#include $<$pthread.h$>$}\par
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
void $\ast$ \hyperlink{alert__parser_8c_ad68c45b5846743a54ad3fa92c8e48f8a}{AI\_\-alertparser\_\-thread} (void $\ast$arg)
void $\ast$ \hyperlink{group__alert__parser_ga5aab8d9bdf0e92a51731442fd787f61f}{AI\_\-file\_\-alertparser\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for parsing Snort's alert file. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{alert__parser_8c_a6c5014cae9155379fdc4db649b2c862d}{\_\-AI\_\-copy\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__alert__parser_ga6c5014cae9155379fdc4db649b2c862d}{\_\-AI\_\-copy\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-\/only). \item\end{DoxyCompactList}\item
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{alert__parser_8c_a99474495643197b3075ac22ec6f6c70f}{AI\_\-get\_\-alerts} ()
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__alert__parser_ga99474495643197b3075ac22ec6f6c70f}{AI\_\-get\_\-alerts} ()
\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\item
void \hyperlink{alert__parser_8c_a270e86669a0aa64a8da37bc16cda645b}{AI\_\-free\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
void \hyperlink{group__alert__parser_ga270e86669a0aa64a8da37bc16cda645b}{AI\_\-free\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Deallocate the memory of a log alert linked list. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
@ -28,76 +29,6 @@ PRIVATE FILE $\ast$ \hyperlink{alert__parser_8c_abee2a33368912d9288c76b51160a9ed
\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{alert__parser_8c_a6c5014cae9155379fdc4db649b2c862d}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!\_\-AI\_\-copy\_\-alerts@{\_\-AI\_\-copy\_\-alerts}}
\index{\_\-AI\_\-copy\_\-alerts@{\_\-AI\_\-copy\_\-alerts}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{\_\-AI\_\-copy\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ \_\-AI\_\-copy\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ node}
\end{DoxyParamCaption}
)}}
\label{alert__parser_8c_a6c5014cae9155379fdc4db649b2c862d}
Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-\/only).
FUNCTION: \_\-AI\_\-copy\_\-alerts
\begin{DoxyParams}{Parameters}
\item[{\em node}]Starting node (used for the recursion) \end{DoxyParams}
\begin{DoxyReturn}{Returns}
A copy of the alert log linked list
\end{DoxyReturn}
\hypertarget{alert__parser_8c_ad68c45b5846743a54ad3fa92c8e48f8a}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!AI\_\-alertparser\_\-thread@{AI\_\-alertparser\_\-thread}}
\index{AI\_\-alertparser\_\-thread@{AI\_\-alertparser\_\-thread}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{AI\_\-alertparser\_\-thread}]{\setlength{\rightskip}{0pt plus 5cm}void$\ast$ AI\_\-alertparser\_\-thread (
\begin{DoxyParamCaption}
\item[{void $\ast$}]{ arg}
\end{DoxyParamCaption}
)}}
\label{alert__parser_8c_ad68c45b5846743a54ad3fa92c8e48f8a}
Thread for parsing Snort's alert file.
FUNCTION: AI\_\-alertparser\_\-thread
\begin{DoxyParams}{Parameters}
\item[{\em arg}]void$\ast$ pointer to module's configuration \end{DoxyParams}
\hypertarget{alert__parser_8c_a270e86669a0aa64a8da37bc16cda645b}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!AI\_\-free\_\-alerts@{AI\_\-free\_\-alerts}}
\index{AI\_\-free\_\-alerts@{AI\_\-free\_\-alerts}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{AI\_\-free\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-free\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ node}
\end{DoxyParamCaption}
)}}
\label{alert__parser_8c_a270e86669a0aa64a8da37bc16cda645b}
Deallocate the memory of a log alert linked list.
FUNCTION: AI\_\-free\_\-alerts
\begin{DoxyParams}{Parameters}
\item[{\em node}]Linked list to be freed \end{DoxyParams}
\hypertarget{alert__parser_8c_a99474495643197b3075ac22ec6f6c70f}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!AI\_\-get\_\-alerts@{AI\_\-get\_\-alerts}}
\index{AI\_\-get\_\-alerts@{AI\_\-get\_\-alerts}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{AI\_\-get\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}{\bf AI\_\-snort\_\-alert}$\ast$ AI\_\-get\_\-alerts (
\begin{DoxyParamCaption}
\item[{void}]{}
\end{DoxyParamCaption}
)}}
\label{alert__parser_8c_a99474495643197b3075ac22ec6f6c70f}
Return the alerts parsed so far as a linked list.
FUNCTION: AI\_\-get\_\-alerts \begin{DoxyReturn}{Returns}
An AI\_\-snort\_\-alert pointer identifying the list of alerts
\end{DoxyReturn}
\subsection{Variable Documentation}
\hypertarget{alert__parser_8c_abee2a33368912d9288c76b51160a9ed6}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!alert\_\-fp@{alert\_\-fp}}

231
doc/latex/cluster_8c.tex
View File

@ -17,237 +17,32 @@ struct \hyperlink{structattribute__value}{attribute\_\-value}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
PRIVATE int \hyperlink{cluster_8c_a81f5fa721719fdb281595a568eef2101}{\_\-heuristic\_\-func} (\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}{cluster\_\-type} type)
PRIVATE int \hyperlink{group__cluster_ga81f5fa721719fdb281595a568eef2101}{\_\-heuristic\_\-func} (\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}{cluster\_\-type} type)
\begin{DoxyCompactList}\small\item\em Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{cluster_8c_a2f1a22cfea64e4669da0467620c3e3b3}{\_\-hierarchy\_\-node\_\-new} (char $\ast$label, int min\_\-val, int max\_\-val)
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga2f1a22cfea64e4669da0467620c3e3b3}{\_\-hierarchy\_\-node\_\-new} (char $\ast$label, int min\_\-val, int max\_\-val)
\begin{DoxyCompactList}\small\item\em Create a new clustering hierarchy node. \item\end{DoxyCompactList}\item
PRIVATE void \hyperlink{cluster_8c_a5601a1f603d9c870ef6e2df192e30c30}{\_\-hierarchy\_\-node\_\-append} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$parent, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$child)
PRIVATE void \hyperlink{group__cluster_ga5601a1f603d9c870ef6e2df192e30c30}{\_\-hierarchy\_\-node\_\-append} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$parent, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$child)
\begin{DoxyCompactList}\small\item\em Append a node to a clustering hierarchy node. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{cluster_8c_a6ddddcd505b1f763c339e81fc143e079}{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node} (int val, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga6ddddcd505b1f763c339e81fc143e079}{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node} (int val, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
\begin{DoxyCompactList}\small\item\em Get the minimum node in a hierarchy tree that matches a certain value. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{cluster_8c_a0f91c8bfc37a3975f5c26b19fd6c5cba}{\_\-AI\_\-equal\_\-alarms} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a1, \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a2)
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_ga0f91c8bfc37a3975f5c26b19fd6c5cba}{\_\-AI\_\-equal\_\-alarms} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a1, \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a2)
\begin{DoxyCompactList}\small\item\em Check if two alerts are semantically equal. \item\end{DoxyCompactList}\item
PRIVATE int \hyperlink{cluster_8c_a8ce8e5a5d8954672297fa2dedb380dcd}{\_\-AI\_\-merge\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$$\ast$log)
PRIVATE int \hyperlink{group__cluster_ga8ce8e5a5d8954672297fa2dedb380dcd}{\_\-AI\_\-merge\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$$\ast$log)
\begin{DoxyCompactList}\small\item\em Merge the alerts marked as equal in the log. \item\end{DoxyCompactList}\item
PRIVATE void \hyperlink{cluster_8c_a7d151880080470b542e99643dc0426a7}{\_\-AI\_\-print\_\-clustered\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$log, FILE $\ast$fp)
PRIVATE void \hyperlink{group__cluster_ga7d151880080470b542e99643dc0426a7}{\_\-AI\_\-print\_\-clustered\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$log, FILE $\ast$fp)
\begin{DoxyCompactList}\small\item\em Print the clustered alerts to a log file. \item\end{DoxyCompactList}\item
PRIVATE void $\ast$ \hyperlink{cluster_8c_a8a5eae61dc9fd0f13e0acdfa5f4478e2}{\_\-AI\_\-cluster\_\-thread} (void $\ast$arg)
PRIVATE void $\ast$ \hyperlink{group__cluster_ga8a5eae61dc9fd0f13e0acdfa5f4478e2}{\_\-AI\_\-cluster\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for periodically clustering the log information. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{cluster_8c_a29c35cd6c56f54e27b5b190c6d6c487a}{\_\-AI\_\-check\_\-duplicate} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$node, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_ga29c35cd6c56f54e27b5b190c6d6c487a}{\_\-AI\_\-check\_\-duplicate} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$node, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
\begin{DoxyCompactList}\small\item\em Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. \item\end{DoxyCompactList}\item
void \hyperlink{cluster_8c_a1445818b37483f78cc3fb2890155842c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$conf, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$nodes, int n\_\-nodes)
void \hyperlink{group__cluster_ga1445818b37483f78cc3fb2890155842c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$conf, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$nodes, int n\_\-nodes)
\begin{DoxyCompactList}\small\item\em Build the clustering hierarchy trees. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{cluster_8c_a97d35425cf5a0207fb50b64ee8cdda82}{h\_\-root} \mbox{[}CLUSTER\_\-TYPES\mbox{]} = \{ NULL \}
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga97d35425cf5a0207fb50b64ee8cdda82}{h\_\-root} \mbox{[}CLUSTER\_\-TYPES\mbox{]} = \{ NULL \}
\item
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{cluster_8c_a91458e2d34595688e39fcb63ba418849}{\_\-config} = NULL
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__cluster_ga91458e2d34595688e39fcb63ba418849}{\_\-config} = NULL
\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{cluster_8c_aaf4c19f60f48741b0890c6114dcff7d9}{alert\_\-log} = NULL
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_gaaf4c19f60f48741b0890c6114dcff7d9}{alert\_\-log} = NULL
\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{cluster_8c_a29c35cd6c56f54e27b5b190c6d6c487a}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-check\_\-duplicate@{\_\-AI\_\-check\_\-duplicate}}
\index{\_\-AI\_\-check\_\-duplicate@{\_\-AI\_\-check\_\-duplicate}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-check\_\-duplicate}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf BOOL} \_\-AI\_\-check\_\-duplicate (
\begin{DoxyParamCaption}
\item[{{\bf hierarchy\_\-node} $\ast$}]{ node, }
\item[{{\bf hierarchy\_\-node} $\ast$}]{ root}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a29c35cd6c56f54e27b5b190c6d6c487a}
Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy.
FUNCTION: \_\-AI\_\-check\_\-duplicate
\begin{DoxyParams}{Parameters}
\item[{\em node}]Node to be checked \item[{\em root}]Clustering hierarchy \end{DoxyParams}
\begin{DoxyReturn}{Returns}
True if 'node' is already in 'root', false otherwise
\end{DoxyReturn}
\hypertarget{cluster_8c_a8a5eae61dc9fd0f13e0acdfa5f4478e2}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-cluster\_\-thread@{\_\-AI\_\-cluster\_\-thread}}
\index{\_\-AI\_\-cluster\_\-thread@{\_\-AI\_\-cluster\_\-thread}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-cluster\_\-thread}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE void$\ast$ \_\-AI\_\-cluster\_\-thread (
\begin{DoxyParamCaption}
\item[{void $\ast$}]{ arg}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a8a5eae61dc9fd0f13e0acdfa5f4478e2}
Thread for periodically clustering the log information.
FUNCTION: \_\-AI\_\-cluster\_\-thread \hypertarget{cluster_8c_a0f91c8bfc37a3975f5c26b19fd6c5cba}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-equal\_\-alarms@{\_\-AI\_\-equal\_\-alarms}}
\index{\_\-AI\_\-equal\_\-alarms@{\_\-AI\_\-equal\_\-alarms}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-equal\_\-alarms}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf BOOL} \_\-AI\_\-equal\_\-alarms (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ a1, }
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ a2}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a0f91c8bfc37a3975f5c26b19fd6c5cba}
Check if two alerts are semantically equal.
FUNCTION: \_\-AI\_\-equal\_\-alarms
\begin{DoxyParams}{Parameters}
\item[{\em a1}]First alert \item[{\em a2}]Second alert \end{DoxyParams}
\begin{DoxyReturn}{Returns}
True if they are equal, false otherwise
\end{DoxyReturn}
\hypertarget{cluster_8c_a6ddddcd505b1f763c339e81fc143e079}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node@{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node}}
\index{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node@{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hierarchy\_\-node}$\ast$ \_\-AI\_\-get\_\-min\_\-hierarchy\_\-node (
\begin{DoxyParamCaption}
\item[{int}]{ val, }
\item[{{\bf hierarchy\_\-node} $\ast$}]{ root}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a6ddddcd505b1f763c339e81fc143e079}
Get the minimum node in a hierarchy tree that matches a certain value.
FUNCTION: \_\-AI\_\-get\_\-min\_\-hierarchy\_\-node
\begin{DoxyParams}{Parameters}
\item[{\em val}]Value to be matched in the range \item[{\em root}]Root of the hierarchy \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The minimum node that matches the value if any, NULL otherwise
\end{DoxyReturn}
\hypertarget{cluster_8c_a8ce8e5a5d8954672297fa2dedb380dcd}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-merge\_\-alerts@{\_\-AI\_\-merge\_\-alerts}}
\index{\_\-AI\_\-merge\_\-alerts@{\_\-AI\_\-merge\_\-alerts}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-merge\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE int \_\-AI\_\-merge\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$$\ast$}]{ log}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a8ce8e5a5d8954672297fa2dedb380dcd}
Merge the alerts marked as equal in the log.
FUNCTION: \_\-AI\_\-merge\_\-alerts
\begin{DoxyParams}{Parameters}
\item[{\em log}]Alert log reference \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The number of merged couples
\end{DoxyReturn}
\hypertarget{cluster_8c_a7d151880080470b542e99643dc0426a7}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-print\_\-clustered\_\-alerts@{\_\-AI\_\-print\_\-clustered\_\-alerts}}
\index{\_\-AI\_\-print\_\-clustered\_\-alerts@{\_\-AI\_\-print\_\-clustered\_\-alerts}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-print\_\-clustered\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE void \_\-AI\_\-print\_\-clustered\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ log, }
\item[{FILE $\ast$}]{ fp}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a7d151880080470b542e99643dc0426a7}
Print the clustered alerts to a log file.
FUNCTION: \_\-AI\_\-print\_\-clustered\_\-alerts
\begin{DoxyParams}{Parameters}
\item[{\em log}]Log containing the alerts \item[{\em fp}]File pointer where the alerts will be printed \end{DoxyParams}
\hypertarget{cluster_8c_a81f5fa721719fdb281595a568eef2101}{
\index{cluster.c@{cluster.c}!\_\-heuristic\_\-func@{\_\-heuristic\_\-func}}
\index{\_\-heuristic\_\-func@{\_\-heuristic\_\-func}!cluster.c@{cluster.c}}
\subsubsection[{\_\-heuristic\_\-func}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE int \_\-heuristic\_\-func (
\begin{DoxyParamCaption}
\item[{{\bf cluster\_\-type}}]{ type}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a81f5fa721719fdb281595a568eef2101}
Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124).
FUNCTION: \_\-heuristic\_\-func
\begin{DoxyParams}{Parameters}
\item[{\em type}]Attribute type \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The heuristic coefficient for that attribute, -\/1 if no clustering information is available for that attribute
\end{DoxyReturn}
\hypertarget{cluster_8c_a5601a1f603d9c870ef6e2df192e30c30}{
\index{cluster.c@{cluster.c}!\_\-hierarchy\_\-node\_\-append@{\_\-hierarchy\_\-node\_\-append}}
\index{\_\-hierarchy\_\-node\_\-append@{\_\-hierarchy\_\-node\_\-append}!cluster.c@{cluster.c}}
\subsubsection[{\_\-hierarchy\_\-node\_\-append}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE void \_\-hierarchy\_\-node\_\-append (
\begin{DoxyParamCaption}
\item[{{\bf hierarchy\_\-node} $\ast$}]{ parent, }
\item[{{\bf hierarchy\_\-node} $\ast$}]{ child}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a5601a1f603d9c870ef6e2df192e30c30}
Append a node to a clustering hierarchy node.
FUNCTION: \_\-hierarchy\_\-node\_\-append
\begin{DoxyParams}{Parameters}
\item[{\em parent}]Parent node \item[{\em child}]Child node \end{DoxyParams}
\hypertarget{cluster_8c_a2f1a22cfea64e4669da0467620c3e3b3}{
\index{cluster.c@{cluster.c}!\_\-hierarchy\_\-node\_\-new@{\_\-hierarchy\_\-node\_\-new}}
\index{\_\-hierarchy\_\-node\_\-new@{\_\-hierarchy\_\-node\_\-new}!cluster.c@{cluster.c}}
\subsubsection[{\_\-hierarchy\_\-node\_\-new}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hierarchy\_\-node}$\ast$ \_\-hierarchy\_\-node\_\-new (
\begin{DoxyParamCaption}
\item[{char $\ast$}]{ label, }
\item[{int}]{ min\_\-val, }
\item[{int}]{ max\_\-val}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a2f1a22cfea64e4669da0467620c3e3b3}
Create a new clustering hierarchy node.
FUNCTION: \_\-hierarchy\_\-node\_\-new
\begin{DoxyParams}{Parameters}
\item[{\em label}]Label for the node \item[{\em min\_\-val}]Minimum value for the range represented by the node \item[{\em max\_\-val}]Maximum value for the range represented by the node \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The brand new node if the allocation was ok, otherwise abort the application
\end{DoxyReturn}
\hypertarget{cluster_8c_a1445818b37483f78cc3fb2890155842c}{
\index{cluster.c@{cluster.c}!AI\_\-hierarchies\_\-build@{AI\_\-hierarchies\_\-build}}
\index{AI\_\-hierarchies\_\-build@{AI\_\-hierarchies\_\-build}!cluster.c@{cluster.c}}
\subsubsection[{AI\_\-hierarchies\_\-build}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-hierarchies\_\-build (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-config} $\ast$}]{ conf, }
\item[{{\bf hierarchy\_\-node} $\ast$$\ast$}]{ nodes, }
\item[{int}]{ n\_\-nodes}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a1445818b37483f78cc3fb2890155842c}
Build the clustering hierarchy trees.
FUNCTION: AI\_\-hierarchies\_\-build
\begin{DoxyParams}{Parameters}
\item[{\em conf}]Reference to the configuration of the module \item[{\em nodes}]Nodes containing the information about the clustering ranges \item[{\em n\_\-nodes}]Number of nodes \end{DoxyParams}
\subsection{Variable Documentation}
\hypertarget{cluster_8c_a91458e2d34595688e39fcb63ba418849}{
\index{cluster.c@{cluster.c}!\_\-config@{\_\-config}}
\index{\_\-config@{\_\-config}!cluster.c@{cluster.c}}
\subsubsection[{\_\-config}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-config}$\ast$ {\bf \_\-config} = NULL}}
\label{cluster_8c_a91458e2d34595688e39fcb63ba418849}
\hypertarget{cluster_8c_aaf4c19f60f48741b0890c6114dcff7d9}{
\index{cluster.c@{cluster.c}!alert\_\-log@{alert\_\-log}}
\index{alert\_\-log@{alert\_\-log}!cluster.c@{cluster.c}}
\subsubsection[{alert\_\-log}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ {\bf alert\_\-log} = NULL}}
\label{cluster_8c_aaf4c19f60f48741b0890c6114dcff7d9}
\hypertarget{cluster_8c_a97d35425cf5a0207fb50b64ee8cdda82}{
\index{cluster.c@{cluster.c}!h\_\-root@{h\_\-root}}
\index{h\_\-root@{h\_\-root}!cluster.c@{cluster.c}}
\subsubsection[{h\_\-root}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hierarchy\_\-node}$\ast$ {\bf h\_\-root}\mbox{[}CLUSTER\_\-TYPES\mbox{]} = \{ NULL \}}}
\label{cluster_8c_a97d35425cf5a0207fb50b64ee8cdda82}

27
doc/latex/db_8c.tex Normal file
View File

@ -0,0 +1,27 @@
\hypertarget{db_8c}{
\section{db.c File Reference}
\label{db_8c}\index{db.c@{db.c}}
}
{\ttfamily \#include \char`\"{}spp\_\-ai.h\char`\"{}}\par
{\ttfamily \#include \char`\"{}db.h\char`\"{}}\par
{\ttfamily \#include $<$unistd.h$>$}\par
{\ttfamily \#include $<$time.h$>$}\par
{\ttfamily \#include $<$pthread.h$>$}\par
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
void $\ast$ \hyperlink{group__mysql_gadf275635641f88725930de208fb5523f}{AI\_\-mysql\_\-alertparser\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for parsing alerts from MySQL database. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__mysql_gab14c269b1187da75d35d4af3eb70a302}{\_\-AI\_\-mysql\_\-copy\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-\/only). \item\end{DoxyCompactList}\item
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__mysql_ga0ead3c1e46063e215168e76d7999d65b}{AI\_\-mysql\_\-get\_\-alerts} ()
\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__mysql_ga6439d32dccbbc77c9b2aad04897bfa74}{config}
\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__mysql_gae837fc04e61c0eb052f997c54b4fd9fe}{alerts} = NULL
\item
PRIVATE pthread\_\-mutex\_\-t \hyperlink{group__mysql_ga40bb4c7d0679e36cc0ec4fa41d36d96c}{db\_\-mutex} = PTHREAD\_\-MUTEX\_\-INITIALIZER
\end{DoxyCompactItemize}

44
doc/latex/db_8h.tex Normal file
View File

@ -0,0 +1,44 @@
\hypertarget{db_8h}{
\section{db.h File Reference}
\label{db_8h}\index{db.h@{db.h}}
}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
void $\ast$ \hyperlink{db_8h_abfca7b59301511bf708eef53cb70b7ee}{DB\_\-init} (\hyperlink{structAI__config}{AI\_\-config} $\ast$)
\item
DB\_\-result $\ast$ \hyperlink{db_8h_a51b1f8be35b963f30fa732fc22a5760e}{DB\_\-query} (const char $\ast$)
\item
void \hyperlink{db_8h_a7f625d084ac92d12b665fa7d53414727}{DB\_\-close} ()
\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{db_8h_a7f625d084ac92d12b665fa7d53414727}{
\index{db.h@{db.h}!DB\_\-close@{DB\_\-close}}
\index{DB\_\-close@{DB\_\-close}!db.h@{db.h}}
\subsubsection[{DB\_\-close}]{\setlength{\rightskip}{0pt plus 5cm}void DB\_\-close (
\begin{DoxyParamCaption}
{}
\end{DoxyParamCaption}
)}}
\label{db_8h_a7f625d084ac92d12b665fa7d53414727}
Close the database descriptor \hypertarget{db_8h_abfca7b59301511bf708eef53cb70b7ee}{
\index{db.h@{db.h}!DB\_\-init@{DB\_\-init}}
\index{DB\_\-init@{DB\_\-init}!db.h@{db.h}}
\subsubsection[{DB\_\-init}]{\setlength{\rightskip}{0pt plus 5cm}void$\ast$ DB\_\-init (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-config} $\ast$}]{}
\end{DoxyParamCaption}
)}}
\label{db_8h_abfca7b59301511bf708eef53cb70b7ee}
Initializer for the database \hypertarget{db_8h_a51b1f8be35b963f30fa732fc22a5760e}{
\index{db.h@{db.h}!DB\_\-query@{DB\_\-query}}
\index{DB\_\-query@{DB\_\-query}!db.h@{db.h}}
\subsubsection[{DB\_\-query}]{\setlength{\rightskip}{0pt plus 5cm}DB\_\-result$\ast$ DB\_\-query (
\begin{DoxyParamCaption}
\item[{const char $\ast$}]{}
\end{DoxyParamCaption}
)}}
\label{db_8h_a51b1f8be35b963f30fa732fc22a5760e}
Execute a query on the database and returns the result

4
doc/latex/doxygen.sty
View File

@ -27,9 +27,9 @@
\fancyplain{}{\bfseries\thepage}%
}
\rfoot[\fancyplain{}{\bfseries\scriptsize%
Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by Doxygen }]{}
Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by Doxygen }]{}
\lfoot[]{\fancyplain{}{\bfseries\scriptsize%
Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by Doxygen }}
Generated on Sat Sep 4 2010 21:30:42 for Snort AI preprocessor module by Doxygen }}
\cfoot{}
%---------- Internal commands used in this style file ----------------

3
doc/latex/files.tex
View File

@ -2,6 +2,9 @@
Here is a list of all files with brief descriptions:\begin{DoxyCompactList}
\item\contentsline{section}{\hyperlink{alert__parser_8c}{alert\_\-parser.c} }{\pageref{alert__parser_8c}}{}
\item\contentsline{section}{\hyperlink{cluster_8c}{cluster.c} }{\pageref{cluster_8c}}{}
\item\contentsline{section}{\hyperlink{db_8c}{db.c} }{\pageref{db_8c}}{}
\item\contentsline{section}{\hyperlink{db_8h}{db.h} }{\pageref{db_8h}}{}
\item\contentsline{section}{\hyperlink{mysql_8c}{mysql.c} }{\pageref{mysql_8c}}{}
\item\contentsline{section}{\hyperlink{regex_8c}{regex.c} }{\pageref{regex_8c}}{}
\item\contentsline{section}{\hyperlink{sf__dynamic__preproc__lib_8c}{sf\_\-dynamic\_\-preproc\_\-lib.c} }{\pageref{sf__dynamic__preproc__lib_8c}}{}
\item\contentsline{section}{\hyperlink{sf__preproc__info_8h}{sf\_\-preproc\_\-info.h} }{\pageref{sf__preproc__info_8h}}{}

85
doc/latex/group__alert__parser.tex Normal file
View File

@ -0,0 +1,85 @@
\hypertarget{group__alert__parser}{
\section{Parse the alert log into binary structures}
\label{group__alert__parser}\index{Parse the alert log into binary structures@{Parse the alert log into binary structures}}
}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
void $\ast$ \hyperlink{group__alert__parser_ga5aab8d9bdf0e92a51731442fd787f61f}{AI\_\-file\_\-alertparser\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for parsing Snort's alert file. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__alert__parser_ga6c5014cae9155379fdc4db649b2c862d}{\_\-AI\_\-copy\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-\/only). \item\end{DoxyCompactList}\item
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__alert__parser_ga99474495643197b3075ac22ec6f6c70f}{AI\_\-get\_\-alerts} ()
\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\item
void \hyperlink{group__alert__parser_ga270e86669a0aa64a8da37bc16cda645b}{AI\_\-free\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Deallocate the memory of a log alert linked list. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{group__alert__parser_ga6c5014cae9155379fdc4db649b2c862d}{
\index{alert\_\-parser@{alert\_\-parser}!\_\-AI\_\-copy\_\-alerts@{\_\-AI\_\-copy\_\-alerts}}
\index{\_\-AI\_\-copy\_\-alerts@{\_\-AI\_\-copy\_\-alerts}!alert_parser@{alert\_\-parser}}
\subsubsection[{\_\-AI\_\-copy\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ \_\-AI\_\-copy\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ node}
\end{DoxyParamCaption}
)}}
\label{group__alert__parser_ga6c5014cae9155379fdc4db649b2c862d}
Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-\/only).
\begin{DoxyParams}{Parameters}
\item[{\em node}]Starting node (used for the recursion) \end{DoxyParams}
\begin{DoxyReturn}{Returns}
A copy of the alert log linked list
\end{DoxyReturn}
\hypertarget{group__alert__parser_ga5aab8d9bdf0e92a51731442fd787f61f}{
\index{alert\_\-parser@{alert\_\-parser}!AI\_\-file\_\-alertparser\_\-thread@{AI\_\-file\_\-alertparser\_\-thread}}
\index{AI\_\-file\_\-alertparser\_\-thread@{AI\_\-file\_\-alertparser\_\-thread}!alert_parser@{alert\_\-parser}}
\subsubsection[{AI\_\-file\_\-alertparser\_\-thread}]{\setlength{\rightskip}{0pt plus 5cm}void$\ast$ AI\_\-file\_\-alertparser\_\-thread (
\begin{DoxyParamCaption}
\item[{void $\ast$}]{ arg}
\end{DoxyParamCaption}
)}}
\label{group__alert__parser_ga5aab8d9bdf0e92a51731442fd787f61f}
Thread for parsing Snort's alert file.
\begin{DoxyParams}{Parameters}
\item[{\em arg}]void$\ast$ pointer to module's configuration \end{DoxyParams}
\hypertarget{group__alert__parser_ga270e86669a0aa64a8da37bc16cda645b}{
\index{alert\_\-parser@{alert\_\-parser}!AI\_\-free\_\-alerts@{AI\_\-free\_\-alerts}}
\index{AI\_\-free\_\-alerts@{AI\_\-free\_\-alerts}!alert_parser@{alert\_\-parser}}
\subsubsection[{AI\_\-free\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-free\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ node}
\end{DoxyParamCaption}
)}}
\label{group__alert__parser_ga270e86669a0aa64a8da37bc16cda645b}
Deallocate the memory of a log alert linked list.
\begin{DoxyParams}{Parameters}
\item[{\em node}]Linked list to be freed \end{DoxyParams}
\hypertarget{group__alert__parser_ga99474495643197b3075ac22ec6f6c70f}{
\index{alert\_\-parser@{alert\_\-parser}!AI\_\-get\_\-alerts@{AI\_\-get\_\-alerts}}
\index{AI\_\-get\_\-alerts@{AI\_\-get\_\-alerts}!alert_parser@{alert\_\-parser}}
\subsubsection[{AI\_\-get\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}{\bf AI\_\-snort\_\-alert}$\ast$ AI\_\-get\_\-alerts (
\begin{DoxyParamCaption}
\item[{void}]{}
\end{DoxyParamCaption}
)}}
\label{group__alert__parser_ga99474495643197b3075ac22ec6f6c70f}
Return the alerts parsed so far as a linked list.
\begin{DoxyReturn}{Returns}
An AI\_\-snort\_\-alert pointer identifying the list of alerts
\end{DoxyReturn}

248
doc/latex/group__cluster.tex Normal file
View File

@ -0,0 +1,248 @@
\hypertarget{group__cluster}{
\section{Manage the clustering of alarms}
\label{group__cluster}\index{Manage the clustering of alarms@{Manage the clustering of alarms}}
}
\subsection*{Data Structures}
\begin{DoxyCompactItemize}
\item
struct \hyperlink{structattribute__key}{attribute\_\-key}
\item
struct \hyperlink{structattribute__value}{attribute\_\-value}
\end{DoxyCompactItemize}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
PRIVATE int \hyperlink{group__cluster_ga81f5fa721719fdb281595a568eef2101}{\_\-heuristic\_\-func} (\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}{cluster\_\-type} type)
\begin{DoxyCompactList}\small\item\em Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga2f1a22cfea64e4669da0467620c3e3b3}{\_\-hierarchy\_\-node\_\-new} (char $\ast$label, int min\_\-val, int max\_\-val)
\begin{DoxyCompactList}\small\item\em Create a new clustering hierarchy node. \item\end{DoxyCompactList}\item
PRIVATE void \hyperlink{group__cluster_ga5601a1f603d9c870ef6e2df192e30c30}{\_\-hierarchy\_\-node\_\-append} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$parent, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$child)
\begin{DoxyCompactList}\small\item\em Append a node to a clustering hierarchy node. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga6ddddcd505b1f763c339e81fc143e079}{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node} (int val, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
\begin{DoxyCompactList}\small\item\em Get the minimum node in a hierarchy tree that matches a certain value. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_ga0f91c8bfc37a3975f5c26b19fd6c5cba}{\_\-AI\_\-equal\_\-alarms} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a1, \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a2)
\begin{DoxyCompactList}\small\item\em Check if two alerts are semantically equal. \item\end{DoxyCompactList}\item
PRIVATE int \hyperlink{group__cluster_ga8ce8e5a5d8954672297fa2dedb380dcd}{\_\-AI\_\-merge\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$$\ast$log)
\begin{DoxyCompactList}\small\item\em Merge the alerts marked as equal in the log. \item\end{DoxyCompactList}\item
PRIVATE void \hyperlink{group__cluster_ga7d151880080470b542e99643dc0426a7}{\_\-AI\_\-print\_\-clustered\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$log, FILE $\ast$fp)
\begin{DoxyCompactList}\small\item\em Print the clustered alerts to a log file. \item\end{DoxyCompactList}\item
PRIVATE void $\ast$ \hyperlink{group__cluster_ga8a5eae61dc9fd0f13e0acdfa5f4478e2}{\_\-AI\_\-cluster\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for periodically clustering the log information. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_ga29c35cd6c56f54e27b5b190c6d6c487a}{\_\-AI\_\-check\_\-duplicate} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$node, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
\begin{DoxyCompactList}\small\item\em Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. \item\end{DoxyCompactList}\item
void \hyperlink{group__cluster_ga1445818b37483f78cc3fb2890155842c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$conf, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$nodes, int n\_\-nodes)
\begin{DoxyCompactList}\small\item\em Build the clustering hierarchy trees. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{group__cluster_ga97d35425cf5a0207fb50b64ee8cdda82}{h\_\-root} \mbox{[}CLUSTER\_\-TYPES\mbox{]} = \{ NULL \}
\item
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__cluster_ga91458e2d34595688e39fcb63ba418849}{\_\-config} = NULL
\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_gaaf4c19f60f48741b0890c6114dcff7d9}{alert\_\-log} = NULL
\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{group__cluster_ga29c35cd6c56f54e27b5b190c6d6c487a}{
\index{cluster@{cluster}!\_\-AI\_\-check\_\-duplicate@{\_\-AI\_\-check\_\-duplicate}}
\index{\_\-AI\_\-check\_\-duplicate@{\_\-AI\_\-check\_\-duplicate}!cluster@{cluster}}
\subsubsection[{\_\-AI\_\-check\_\-duplicate}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf BOOL} \_\-AI\_\-check\_\-duplicate (
\begin{DoxyParamCaption}
\item[{{\bf hierarchy\_\-node} $\ast$}]{ node, }
\item[{{\bf hierarchy\_\-node} $\ast$}]{ root}
\end{DoxyParamCaption}
)}}
\label{group__cluster_ga29c35cd6c56f54e27b5b190c6d6c487a}
Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy.
\begin{DoxyParams}{Parameters}
\item[{\em node}]Node to be checked \item[{\em root}]Clustering hierarchy \end{DoxyParams}
\begin{DoxyReturn}{Returns}
True if 'node' is already in 'root', false otherwise
\end{DoxyReturn}
\hypertarget{group__cluster_ga8a5eae61dc9fd0f13e0acdfa5f4478e2}{
\index{cluster@{cluster}!\_\-AI\_\-cluster\_\-thread@{\_\-AI\_\-cluster\_\-thread}}
\index{\_\-AI\_\-cluster\_\-thread@{\_\-AI\_\-cluster\_\-thread}!cluster@{cluster}}
\subsubsection[{\_\-AI\_\-cluster\_\-thread}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE void$\ast$ \_\-AI\_\-cluster\_\-thread (
\begin{DoxyParamCaption}
\item[{void $\ast$}]{ arg}
\end{DoxyParamCaption}
)}}
\label{group__cluster_ga8a5eae61dc9fd0f13e0acdfa5f4478e2}
Thread for periodically clustering the log information.
\hypertarget{group__cluster_ga0f91c8bfc37a3975f5c26b19fd6c5cba}{
\index{cluster@{cluster}!\_\-AI\_\-equal\_\-alarms@{\_\-AI\_\-equal\_\-alarms}}
\index{\_\-AI\_\-equal\_\-alarms@{\_\-AI\_\-equal\_\-alarms}!cluster@{cluster}}
\subsubsection[{\_\-AI\_\-equal\_\-alarms}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf BOOL} \_\-AI\_\-equal\_\-alarms (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ a1, }
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ a2}
\end{DoxyParamCaption}
)}}
\label{group__cluster_ga0f91c8bfc37a3975f5c26b19fd6c5cba}
Check if two alerts are semantically equal.
\begin{DoxyParams}{Parameters}
\item[{\em a1}]First alert \item[{\em a2}]Second alert \end{DoxyParams}
\begin{DoxyReturn}{Returns}
True if they are equal, false otherwise
\end{DoxyReturn}
\hypertarget{group__cluster_ga6ddddcd505b1f763c339e81fc143e079}{
\index{cluster@{cluster}!\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node@{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node}}
\index{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node@{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node}!cluster@{cluster}}
\subsubsection[{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hierarchy\_\-node}$\ast$ \_\-AI\_\-get\_\-min\_\-hierarchy\_\-node (
\begin{DoxyParamCaption}
\item[{int}]{ val, }
\item[{{\bf hierarchy\_\-node} $\ast$}]{ root}
\end{DoxyParamCaption}
)}}
\label{group__cluster_ga6ddddcd505b1f763c339e81fc143e079}
Get the minimum node in a hierarchy tree that matches a certain value.
\begin{DoxyParams}{Parameters}
\item[{\em val}]Value to be matched in the range \item[{\em root}]Root of the hierarchy \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The minimum node that matches the value if any, NULL otherwise
\end{DoxyReturn}
\hypertarget{group__cluster_ga8ce8e5a5d8954672297fa2dedb380dcd}{
\index{cluster@{cluster}!\_\-AI\_\-merge\_\-alerts@{\_\-AI\_\-merge\_\-alerts}}
\index{\_\-AI\_\-merge\_\-alerts@{\_\-AI\_\-merge\_\-alerts}!cluster@{cluster}}
\subsubsection[{\_\-AI\_\-merge\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE int \_\-AI\_\-merge\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$$\ast$}]{ log}
\end{DoxyParamCaption}
)}}
\label{group__cluster_ga8ce8e5a5d8954672297fa2dedb380dcd}
Merge the alerts marked as equal in the log.
\begin{DoxyParams}{Parameters}
\item[{\em log}]Alert log reference \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The number of merged couples
\end{DoxyReturn}
\hypertarget{group__cluster_ga7d151880080470b542e99643dc0426a7}{
\index{cluster@{cluster}!\_\-AI\_\-print\_\-clustered\_\-alerts@{\_\-AI\_\-print\_\-clustered\_\-alerts}}
\index{\_\-AI\_\-print\_\-clustered\_\-alerts@{\_\-AI\_\-print\_\-clustered\_\-alerts}!cluster@{cluster}}
\subsubsection[{\_\-AI\_\-print\_\-clustered\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE void \_\-AI\_\-print\_\-clustered\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ log, }
\item[{FILE $\ast$}]{ fp}
\end{DoxyParamCaption}
)}}
\label{group__cluster_ga7d151880080470b542e99643dc0426a7}
Print the clustered alerts to a log file.
\begin{DoxyParams}{Parameters}
\item[{\em log}]Log containing the alerts \item[{\em fp}]File pointer where the alerts will be printed \end{DoxyParams}
\hypertarget{group__cluster_ga81f5fa721719fdb281595a568eef2101}{
\index{cluster@{cluster}!\_\-heuristic\_\-func@{\_\-heuristic\_\-func}}
\index{\_\-heuristic\_\-func@{\_\-heuristic\_\-func}!cluster@{cluster}}
\subsubsection[{\_\-heuristic\_\-func}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE int \_\-heuristic\_\-func (
\begin{DoxyParamCaption}
\item[{{\bf cluster\_\-type}}]{ type}
\end{DoxyParamCaption}
)}}
\label{group__cluster_ga81f5fa721719fdb281595a568eef2101}
Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124).
\begin{DoxyParams}{Parameters}
\item[{\em type}]Attribute type \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The heuristic coefficient for that attribute, -\/1 if no clustering information is available for that attribute
\end{DoxyReturn}
\hypertarget{group__cluster_ga5601a1f603d9c870ef6e2df192e30c30}{
\index{cluster@{cluster}!\_\-hierarchy\_\-node\_\-append@{\_\-hierarchy\_\-node\_\-append}}
\index{\_\-hierarchy\_\-node\_\-append@{\_\-hierarchy\_\-node\_\-append}!cluster@{cluster}}
\subsubsection[{\_\-hierarchy\_\-node\_\-append}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE void \_\-hierarchy\_\-node\_\-append (
\begin{DoxyParamCaption}
\item[{{\bf hierarchy\_\-node} $\ast$}]{ parent, }
\item[{{\bf hierarchy\_\-node} $\ast$}]{ child}
\end{DoxyParamCaption}
)}}
\label{group__cluster_ga5601a1f603d9c870ef6e2df192e30c30}
Append a node to a clustering hierarchy node.
\begin{DoxyParams}{Parameters}
\item[{\em parent}]Parent node \item[{\em child}]Child node \end{DoxyParams}
\hypertarget{group__cluster_ga2f1a22cfea64e4669da0467620c3e3b3}{
\index{cluster@{cluster}!\_\-hierarchy\_\-node\_\-new@{\_\-hierarchy\_\-node\_\-new}}
\index{\_\-hierarchy\_\-node\_\-new@{\_\-hierarchy\_\-node\_\-new}!cluster@{cluster}}
\subsubsection[{\_\-hierarchy\_\-node\_\-new}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hierarchy\_\-node}$\ast$ \_\-hierarchy\_\-node\_\-new (
\begin{DoxyParamCaption}
\item[{char $\ast$}]{ label, }
\item[{int}]{ min\_\-val, }
\item[{int}]{ max\_\-val}
\end{DoxyParamCaption}
)}}
\label{group__cluster_ga2f1a22cfea64e4669da0467620c3e3b3}
Create a new clustering hierarchy node.
\begin{DoxyParams}{Parameters}
\item[{\em label}]Label for the node \item[{\em min\_\-val}]Minimum value for the range represented by the node \item[{\em max\_\-val}]Maximum value for the range represented by the node \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The brand new node if the allocation was ok, otherwise abort the application
\end{DoxyReturn}
\hypertarget{group__cluster_ga1445818b37483f78cc3fb2890155842c}{
\index{cluster@{cluster}!AI\_\-hierarchies\_\-build@{AI\_\-hierarchies\_\-build}}
\index{AI\_\-hierarchies\_\-build@{AI\_\-hierarchies\_\-build}!cluster@{cluster}}
\subsubsection[{AI\_\-hierarchies\_\-build}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-hierarchies\_\-build (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-config} $\ast$}]{ conf, }
\item[{{\bf hierarchy\_\-node} $\ast$$\ast$}]{ nodes, }
\item[{int}]{ n\_\-nodes}
\end{DoxyParamCaption}
)}}
\label{group__cluster_ga1445818b37483f78cc3fb2890155842c}
Build the clustering hierarchy trees.
\begin{DoxyParams}{Parameters}
\item[{\em conf}]Reference to the configuration of the module \item[{\em nodes}]Nodes containing the information about the clustering ranges \item[{\em n\_\-nodes}]Number of nodes \end{DoxyParams}
\subsection{Variable Documentation}
\hypertarget{group__cluster_ga91458e2d34595688e39fcb63ba418849}{
\index{cluster@{cluster}!\_\-config@{\_\-config}}
\index{\_\-config@{\_\-config}!cluster@{cluster}}
\subsubsection[{\_\-config}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-config}$\ast$ {\bf \_\-config} = NULL}}
\label{group__cluster_ga91458e2d34595688e39fcb63ba418849}
\hypertarget{group__cluster_gaaf4c19f60f48741b0890c6114dcff7d9}{
\index{cluster@{cluster}!alert\_\-log@{alert\_\-log}}
\index{alert\_\-log@{alert\_\-log}!cluster@{cluster}}
\subsubsection[{alert\_\-log}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ {\bf alert\_\-log} = NULL}}
\label{group__cluster_gaaf4c19f60f48741b0890c6114dcff7d9}
\hypertarget{group__cluster_ga97d35425cf5a0207fb50b64ee8cdda82}{
\index{cluster@{cluster}!h\_\-root@{h\_\-root}}
\index{h\_\-root@{h\_\-root}!cluster@{cluster}}
\subsubsection[{h\_\-root}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hierarchy\_\-node}$\ast$ {\bf h\_\-root}\mbox{[}CLUSTER\_\-TYPES\mbox{]} = \{ NULL \}}}
\label{group__cluster_ga97d35425cf5a0207fb50b64ee8cdda82}

95
doc/latex/group__mysql.tex Normal file
View File

@ -0,0 +1,95 @@
\hypertarget{group__mysql}{
\section{Manage alerts on a MySQL database}
\label{group__mysql}\index{Manage alerts on a MySQL database@{Manage alerts on a MySQL database}}
}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
void $\ast$ \hyperlink{group__mysql_gadf275635641f88725930de208fb5523f}{AI\_\-mysql\_\-alertparser\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for parsing alerts from MySQL database. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__mysql_gab14c269b1187da75d35d4af3eb70a302}{\_\-AI\_\-mysql\_\-copy\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-\/only). \item\end{DoxyCompactList}\item
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__mysql_ga0ead3c1e46063e215168e76d7999d65b}{AI\_\-mysql\_\-get\_\-alerts} ()
\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__mysql_ga6439d32dccbbc77c9b2aad04897bfa74}{config}
\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__mysql_gae837fc04e61c0eb052f997c54b4fd9fe}{alerts} = NULL
\item
PRIVATE pthread\_\-mutex\_\-t \hyperlink{group__mysql_ga40bb4c7d0679e36cc0ec4fa41d36d96c}{db\_\-mutex} = PTHREAD\_\-MUTEX\_\-INITIALIZER
\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{group__mysql_gab14c269b1187da75d35d4af3eb70a302}{
\index{mysql@{mysql}!\_\-AI\_\-mysql\_\-copy\_\-alerts@{\_\-AI\_\-mysql\_\-copy\_\-alerts}}
\index{\_\-AI\_\-mysql\_\-copy\_\-alerts@{\_\-AI\_\-mysql\_\-copy\_\-alerts}!mysql@{mysql}}
\subsubsection[{\_\-AI\_\-mysql\_\-copy\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ \_\-AI\_\-mysql\_\-copy\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ node}
\end{DoxyParamCaption}
)}}
\label{group__mysql_gab14c269b1187da75d35d4af3eb70a302}
Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-\/only).
\begin{DoxyParams}{Parameters}
\item[{\em node}]Starting node (used for the recursion) \end{DoxyParams}
\begin{DoxyReturn}{Returns}
A copy of the alert log linked list
\end{DoxyReturn}
\hypertarget{group__mysql_gadf275635641f88725930de208fb5523f}{
\index{mysql@{mysql}!AI\_\-mysql\_\-alertparser\_\-thread@{AI\_\-mysql\_\-alertparser\_\-thread}}
\index{AI\_\-mysql\_\-alertparser\_\-thread@{AI\_\-mysql\_\-alertparser\_\-thread}!mysql@{mysql}}
\subsubsection[{AI\_\-mysql\_\-alertparser\_\-thread}]{\setlength{\rightskip}{0pt plus 5cm}void$\ast$ AI\_\-mysql\_\-alertparser\_\-thread (
\begin{DoxyParamCaption}
\item[{void $\ast$}]{ arg}
\end{DoxyParamCaption}
)}}
\label{group__mysql_gadf275635641f88725930de208fb5523f}
Thread for parsing alerts from MySQL database.
\begin{DoxyParams}{Parameters}
\item[{\em arg}]void$\ast$ pointer to the module configuration \end{DoxyParams}
\hypertarget{group__mysql_ga0ead3c1e46063e215168e76d7999d65b}{
\index{mysql@{mysql}!AI\_\-mysql\_\-get\_\-alerts@{AI\_\-mysql\_\-get\_\-alerts}}
\index{AI\_\-mysql\_\-get\_\-alerts@{AI\_\-mysql\_\-get\_\-alerts}!mysql@{mysql}}
\subsubsection[{AI\_\-mysql\_\-get\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}{\bf AI\_\-snort\_\-alert}$\ast$ AI\_\-mysql\_\-get\_\-alerts (
\begin{DoxyParamCaption}
\item[{void}]{}
\end{DoxyParamCaption}
)}}
\label{group__mysql_ga0ead3c1e46063e215168e76d7999d65b}
Return the alerts parsed so far as a linked list.
\begin{DoxyReturn}{Returns}
An AI\_\-snort\_\-alert pointer identifying the list of alerts
\end{DoxyReturn}
\subsection{Variable Documentation}
\hypertarget{group__mysql_gae837fc04e61c0eb052f997c54b4fd9fe}{
\index{mysql@{mysql}!alerts@{alerts}}
\index{alerts@{alerts}!mysql@{mysql}}
\subsubsection[{alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ {\bf alerts} = NULL}}
\label{group__mysql_gae837fc04e61c0eb052f997c54b4fd9fe}
\hypertarget{group__mysql_ga6439d32dccbbc77c9b2aad04897bfa74}{
\index{mysql@{mysql}!config@{config}}
\index{config@{config}!mysql@{mysql}}
\subsubsection[{config}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-config}$\ast$ {\bf config}}}
\label{group__mysql_ga6439d32dccbbc77c9b2aad04897bfa74}
\hypertarget{group__mysql_ga40bb4c7d0679e36cc0ec4fa41d36d96c}{
\index{mysql@{mysql}!db\_\-mutex@{db\_\-mutex}}
\index{db\_\-mutex@{db\_\-mutex}!mysql@{mysql}}
\subsubsection[{db\_\-mutex}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE pthread\_\-mutex\_\-t {\bf db\_\-mutex} = PTHREAD\_\-MUTEX\_\-INITIALIZER}}
\label{group__mysql_ga40bb4c7d0679e36cc0ec4fa41d36d96c}
pthread mutex for accessing database data

34
doc/latex/group__regex.tex Normal file
View File

@ -0,0 +1,34 @@
\hypertarget{group__regex}{
\section{Regex management}
\label{group__regex}\index{Regex management@{Regex management}}
}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
int \hyperlink{group__regex_ga35f57c052a7de1ded54b67a1f7819791}{preg\_\-match} (const char $\ast$expr, char $\ast$str, char $\ast$$\ast$$\ast$matches, int $\ast$nmatches)
\begin{DoxyCompactList}\small\item\em Check if a string matches a regular expression. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{group__regex_ga35f57c052a7de1ded54b67a1f7819791}{
\index{regex@{regex}!preg\_\-match@{preg\_\-match}}
\index{preg\_\-match@{preg\_\-match}!regex@{regex}}
\subsubsection[{preg\_\-match}]{\setlength{\rightskip}{0pt plus 5cm}int preg\_\-match (
\begin{DoxyParamCaption}
\item[{const char $\ast$}]{ expr, }
\item[{char $\ast$}]{ str, }
\item[{char $\ast$$\ast$$\ast$}]{ matches, }
\item[{int $\ast$}]{ nmatches}
\end{DoxyParamCaption}
)}}
\label{group__regex_ga35f57c052a7de1ded54b67a1f7819791}
Check if a string matches a regular expression.
\begin{DoxyParams}{Parameters}
\item[{\em expr}]Regular expression to be matched \item[{\em str}]String to be checked \item[{\em matches}]Reference to a char$\ast$$\ast$ that will contain the submatches (NULL if you don't need it) \item[{\em nmatches}]Reference to a int containing the number of submatches found (NULL if you don't need it) \end{DoxyParams}
\begin{DoxyReturn}{Returns}
-\/1 if the regex is wrong, 0 if no match was found, 1 otherwise
\end{DoxyReturn}

6
doc/latex/group__sfPolicyConfig.tex
View File

@ -9,11 +9,11 @@ tSfPolicyUserContextId \hyperlink{group__sfPolicyConfig_gac62cd5838bee4a9d3f4056
\item
void \hyperlink{group__sfPolicyConfig_ga189d09ed6d1203ebace6ea2c2aafc1b8}{sfPolicyConfigDelete} (tSfPolicyUserContextId pContext)
\item
int \hyperlink{group__sfPolicyConfig_ga8e14fd83397b9bbb14568070183db80b}{sfPolicyUserDataSet} (tSfPolicyUserContextId pContext, tSfPolicyId policyId, void $\ast$config)
int \hyperlink{group__sfPolicyConfig_ga8e14fd83397b9bbb14568070183db80b}{sfPolicyUserDataSet} (tSfPolicyUserContextId pContext, tSfPolicyId policyId, void $\ast$\hyperlink{group__mysql_ga6439d32dccbbc77c9b2aad04897bfa74}{config})
\item
void $\ast$ \hyperlink{group__sfPolicyConfig_gae8f2ae426b1f1a50eabfade6d22c2c85}{sfPolicyUserDataClear} (tSfPolicyUserContextId pContext, tSfPolicyId policyId)
\item
int \hyperlink{group__sfPolicyConfig_ga3f3ab9314d29d2ee2a8285289b388f17}{sfPolicyUserDataIterate} (tSfPolicyUserContextId pContext, int($\ast$callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void $\ast$config))
int \hyperlink{group__sfPolicyConfig_ga3f3ab9314d29d2ee2a8285289b388f17}{sfPolicyUserDataIterate} (tSfPolicyUserContextId pContext, int($\ast$callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void $\ast$\hyperlink{group__mysql_ga6439d32dccbbc77c9b2aad04897bfa74}{config}))
\end{DoxyCompactItemize}
@ -65,7 +65,7 @@ user is responsible for freeing any memory. \hypertarget{group__sfPolicyConfig_g
\subsubsection[{sfPolicyUserDataIterate}]{\setlength{\rightskip}{0pt plus 5cm}int sfPolicyUserDataIterate (
\begin{DoxyParamCaption}
\item[{tSfPolicyUserContextId}]{ pContext, }
\item[{int($\ast$)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void $\ast$config)}]{ callback}
\item[{int($\ast$)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void $\ast${\bf config})}]{ callback}
\end{DoxyParamCaption}
)}}
\label{group__sfPolicyConfig_ga3f3ab9314d29d2ee2a8285289b388f17}

103
doc/latex/group__spp__ai.tex Normal file
View File

@ -0,0 +1,103 @@
\hypertarget{group__spp__ai}{
\section{Main file for spp\_\-ai module}
\label{group__spp__ai}\index{Main file for spp\_\-ai module@{Main file for spp\_\-ai module}}
}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
static void \hyperlink{group__spp__ai_ga3524cbdf8fddbcf38c4ed55241002242}{AI\_\-init} (char $\ast$args)
\begin{DoxyCompactList}\small\item\em Initialize the preprocessor module. \item\end{DoxyCompactList}\item
static void \hyperlink{group__spp__ai_ga57c05cda012c443cb4c358dc327cd3d1}{AI\_\-process} (void $\ast$pkt, void $\ast$context)
\begin{DoxyCompactList}\small\item\em Function executed every time the module receives a packet to be processed. \item\end{DoxyCompactList}\item
static \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__spp__ai_gae1c5c4b38ee2819d427848eb3046373e}{AI\_\-parse} (char $\ast$args)
\begin{DoxyCompactList}\small\item\em Parse the arguments passed to the module saving them to a valid configuration struct. \item\end{DoxyCompactList}\item
void \hyperlink{group__spp__ai_ga1b9ebb5c719c7d9426ddfc1f3da36570}{AI\_\-setup} (void)
\begin{DoxyCompactList}\small\item\em Set up the preprocessor module. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
tSfPolicyUserContextId \hyperlink{group__spp__ai_ga3dd75596c540d148643fe6d1fdc02628}{ex\_\-config} = NULL
\item
static void $\ast$($\ast$ \hyperlink{group__spp__ai_gaa3100e48acef5cf4370c3042ff548ed0}{alertparser\_\-thread} )(void $\ast$) = NULL
\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{group__spp__ai_ga3524cbdf8fddbcf38c4ed55241002242}{
\index{spp\_\-ai@{spp\_\-ai}!AI\_\-init@{AI\_\-init}}
\index{AI\_\-init@{AI\_\-init}!spp_ai@{spp\_\-ai}}
\subsubsection[{AI\_\-init}]{\setlength{\rightskip}{0pt plus 5cm}static void AI\_\-init (
\begin{DoxyParamCaption}
\item[{char $\ast$}]{ args}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily \mbox{[}static\mbox{]}}}}
\label{group__spp__ai_ga3524cbdf8fddbcf38c4ed55241002242}
Initialize the preprocessor module.
\begin{DoxyParams}{Parameters}
\item[{\em args}]Configuration arguments passed to the module \end{DoxyParams}
\hypertarget{group__spp__ai_gae1c5c4b38ee2819d427848eb3046373e}{
\index{spp\_\-ai@{spp\_\-ai}!AI\_\-parse@{AI\_\-parse}}
\index{AI\_\-parse@{AI\_\-parse}!spp_ai@{spp\_\-ai}}
\subsubsection[{AI\_\-parse}]{\setlength{\rightskip}{0pt plus 5cm}static {\bf AI\_\-config} $\ast$ AI\_\-parse (
\begin{DoxyParamCaption}
\item[{char $\ast$}]{ args}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily \mbox{[}static\mbox{]}}}}
\label{group__spp__ai_gae1c5c4b38ee2819d427848eb3046373e}
Parse the arguments passed to the module saving them to a valid configuration struct.
\begin{DoxyParams}{Parameters}
\item[{\em args}]Arguments passed to the module \end{DoxyParams}
\begin{DoxyReturn}{Returns}
Pointer to \hyperlink{structAI__config}{AI\_\-config} keeping the configuration for the module
\end{DoxyReturn}
\hypertarget{group__spp__ai_ga57c05cda012c443cb4c358dc327cd3d1}{
\index{spp\_\-ai@{spp\_\-ai}!AI\_\-process@{AI\_\-process}}
\index{AI\_\-process@{AI\_\-process}!spp_ai@{spp\_\-ai}}
\subsubsection[{AI\_\-process}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-process (
\begin{DoxyParamCaption}
\item[{void $\ast$}]{ pkt, }
\item[{void $\ast$}]{ context}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily \mbox{[}static\mbox{]}}}}
\label{group__spp__ai_ga57c05cda012c443cb4c358dc327cd3d1}
Function executed every time the module receives a packet to be processed.
\begin{DoxyParams}{Parameters}
\item[{\em pkt}]void$\ast$ pointer to the packet data \item[{\em context}]void$\ast$ pointer to the context \end{DoxyParams}
\hypertarget{group__spp__ai_ga1b9ebb5c719c7d9426ddfc1f3da36570}{
\index{spp\_\-ai@{spp\_\-ai}!AI\_\-setup@{AI\_\-setup}}
\index{AI\_\-setup@{AI\_\-setup}!spp_ai@{spp\_\-ai}}
\subsubsection[{AI\_\-setup}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-setup (
\begin{DoxyParamCaption}
\item[{void}]{}
\end{DoxyParamCaption}
)}}
\label{group__spp__ai_ga1b9ebb5c719c7d9426ddfc1f3da36570}
Set up the preprocessor module.
\subsection{Variable Documentation}
\hypertarget{group__spp__ai_gaa3100e48acef5cf4370c3042ff548ed0}{
\index{spp\_\-ai@{spp\_\-ai}!alertparser\_\-thread@{alertparser\_\-thread}}
\index{alertparser\_\-thread@{alertparser\_\-thread}!spp_ai@{spp\_\-ai}}
\subsubsection[{alertparser\_\-thread}]{\setlength{\rightskip}{0pt plus 5cm}void$\ast$($\ast$ {\bf alertparser\_\-thread})(void $\ast$) = NULL\hspace{0.3cm}{\ttfamily \mbox{[}static\mbox{]}}}}
\label{group__spp__ai_gaa3100e48acef5cf4370c3042ff548ed0}
\hypertarget{group__spp__ai_ga3dd75596c540d148643fe6d1fdc02628}{
\index{spp\_\-ai@{spp\_\-ai}!ex\_\-config@{ex\_\-config}}
\index{ex\_\-config@{ex\_\-config}!spp_ai@{spp\_\-ai}}
\subsubsection[{ex\_\-config}]{\setlength{\rightskip}{0pt plus 5cm}tSfPolicyUserContextId {\bf ex\_\-config} = NULL}}
\label{group__spp__ai_ga3dd75596c540d148643fe6d1fdc02628}

103
doc/latex/group__stream.tex Normal file
View File

@ -0,0 +1,103 @@
\hypertarget{group__stream}{
\section{Manage streams, sorting them into hash tables and linked lists}
\label{group__stream}\index{Manage streams, sorting them into hash tables and linked lists@{Manage streams, sorting them into hash tables and linked lists}}
}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
PRIVATE void \hyperlink{group__stream_ga80016adf701c717a6ebfb5b15b8a5749}{\_\-AI\_\-stream\_\-free} (struct \hyperlink{structpkt__info}{pkt\_\-info} $\ast$stream)
\begin{DoxyCompactList}\small\item\em Remove a stream from the hash table (private function). \item\end{DoxyCompactList}\item
void $\ast$ \hyperlink{group__stream_ga24b1131374e5059564b8a12380c4eb75}{AI\_\-hashcleanup\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. \item\end{DoxyCompactList}\item
void \hyperlink{group__stream_ga7d71c5645b9baff7b6c4b9a181bf80c5}{AI\_\-pkt\_\-enqueue} (SFSnortPacket $\ast$pkt)
\begin{DoxyCompactList}\small\item\em Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. \item\end{DoxyCompactList}\item
struct \hyperlink{structpkt__info}{pkt\_\-info} $\ast$ \hyperlink{group__stream_ga2efedcabbfd12c5345f0c93a3dd4735c}{AI\_\-get\_\-stream\_\-by\_\-key} (struct \hyperlink{structpkt__key}{pkt\_\-key} key)
\begin{DoxyCompactList}\small\item\em Get a TCP stream by key. \item\end{DoxyCompactList}\item
void \hyperlink{group__stream_ga8749989cee2ac05a7de058faac280c02}{AI\_\-set\_\-stream\_\-observed} (struct \hyperlink{structpkt__key}{pkt\_\-key} key)
\begin{DoxyCompactList}\small\item\em Set the flag \char`\"{}observed\char`\"{} on a stream associated to a security alert, so that it won't be removed from the hash table. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{group__stream_ga80016adf701c717a6ebfb5b15b8a5749}{
\index{stream@{stream}!\_\-AI\_\-stream\_\-free@{\_\-AI\_\-stream\_\-free}}
\index{\_\-AI\_\-stream\_\-free@{\_\-AI\_\-stream\_\-free}!stream@{stream}}
\subsubsection[{\_\-AI\_\-stream\_\-free}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE void \_\-AI\_\-stream\_\-free (
\begin{DoxyParamCaption}
\item[{struct {\bf pkt\_\-info} $\ast$}]{ stream}
\end{DoxyParamCaption}
)}}
\label{group__stream_ga80016adf701c717a6ebfb5b15b8a5749}
Remove a stream from the hash table (private function).
\begin{DoxyParams}{Parameters}
\item[{\em stream}]Stream to be removed \end{DoxyParams}
\hypertarget{group__stream_ga2efedcabbfd12c5345f0c93a3dd4735c}{
\index{stream@{stream}!AI\_\-get\_\-stream\_\-by\_\-key@{AI\_\-get\_\-stream\_\-by\_\-key}}
\index{AI\_\-get\_\-stream\_\-by\_\-key@{AI\_\-get\_\-stream\_\-by\_\-key}!stream@{stream}}
\subsubsection[{AI\_\-get\_\-stream\_\-by\_\-key}]{\setlength{\rightskip}{0pt plus 5cm}struct {\bf pkt\_\-info}$\ast$ AI\_\-get\_\-stream\_\-by\_\-key (
\begin{DoxyParamCaption}
\item[{struct {\bf pkt\_\-key}}]{ key}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily \mbox{[}read\mbox{]}}}}
\label{group__stream_ga2efedcabbfd12c5345f0c93a3dd4735c}
Get a TCP stream by key.
\begin{DoxyParams}{Parameters}
\item[{\em key}]Key of the stream to be picked up (struct \hyperlink{structpkt__key}{pkt\_\-key}) \end{DoxyParams}
\begin{DoxyReturn}{Returns}
A \hyperlink{structpkt__info}{pkt\_\-info} pointer to the stream if found, NULL otherwise
\end{DoxyReturn}
\hypertarget{group__stream_ga24b1131374e5059564b8a12380c4eb75}{
\index{stream@{stream}!AI\_\-hashcleanup\_\-thread@{AI\_\-hashcleanup\_\-thread}}
\index{AI\_\-hashcleanup\_\-thread@{AI\_\-hashcleanup\_\-thread}!stream@{stream}}
\subsubsection[{AI\_\-hashcleanup\_\-thread}]{\setlength{\rightskip}{0pt plus 5cm}void$\ast$ AI\_\-hashcleanup\_\-thread (
\begin{DoxyParamCaption}
\item[{void $\ast$}]{ arg}
\end{DoxyParamCaption}
)}}
\label{group__stream_ga24b1131374e5059564b8a12380c4eb75}
Thread called for cleaning up the hash table from the traffic streams older than a certain threshold.
\begin{DoxyParams}{Parameters}
\item[{\em arg}]Pointer to the \hyperlink{structAI__config}{AI\_\-config} struct \end{DoxyParams}
\hypertarget{group__stream_ga7d71c5645b9baff7b6c4b9a181bf80c5}{
\index{stream@{stream}!AI\_\-pkt\_\-enqueue@{AI\_\-pkt\_\-enqueue}}
\index{AI\_\-pkt\_\-enqueue@{AI\_\-pkt\_\-enqueue}!stream@{stream}}
\subsubsection[{AI\_\-pkt\_\-enqueue}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-pkt\_\-enqueue (
\begin{DoxyParamCaption}
\item[{SFSnortPacket $\ast$}]{ pkt}
\end{DoxyParamCaption}
)}}
\label{group__stream_ga7d71c5645b9baff7b6c4b9a181bf80c5}
Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream.
\begin{DoxyParams}{Parameters}
\item[{\em pkt}]Packet to be appended \end{DoxyParams}
\hypertarget{group__stream_ga8749989cee2ac05a7de058faac280c02}{
\index{stream@{stream}!AI\_\-set\_\-stream\_\-observed@{AI\_\-set\_\-stream\_\-observed}}
\index{AI\_\-set\_\-stream\_\-observed@{AI\_\-set\_\-stream\_\-observed}!stream@{stream}}
\subsubsection[{AI\_\-set\_\-stream\_\-observed}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-set\_\-stream\_\-observed (
\begin{DoxyParamCaption}
\item[{struct {\bf pkt\_\-key}}]{ key}
\end{DoxyParamCaption}
)}}
\label{group__stream_ga8749989cee2ac05a7de058faac280c02}
Set the flag \char`\"{}observed\char`\"{} on a stream associated to a security alert, so that it won't be removed from the hash table.
\begin{DoxyParams}{Parameters}
\item[{\em key}]Key of the stream to be set as \char`\"{}observed\char`\"{} \end{DoxyParams}

6
doc/latex/modules.tex
View File

@ -1,4 +1,10 @@
\section{Modules}
Here is a list of all modules:\begin{DoxyCompactList}
\item \contentsline{section}{Parse the alert log into binary structures}{\pageref{group__alert__parser}}{}
\item \contentsline{section}{Manage the clustering of alarms}{\pageref{group__cluster}}{}
\item \contentsline{section}{Manage alerts on a MySQL database}{\pageref{group__mysql}}{}
\item \contentsline{section}{Regex management}{\pageref{group__regex}}{}
\item \contentsline{section}{Sourcefire policy configuration module}{\pageref{group__sfPolicyConfig}}{}
\item \contentsline{section}{Main file for spp\_\-ai module}{\pageref{group__spp__ai}}{}
\item \contentsline{section}{Manage streams, sorting them into hash tables and linked lists}{\pageref{group__stream}}{}
\end{DoxyCompactList}

58
doc/latex/mysql_8c.tex Normal file
View File

@ -0,0 +1,58 @@
\hypertarget{mysql_8c}{
\section{mysql.c File Reference}
\label{mysql_8c}\index{mysql.c@{mysql.c}}
}
{\ttfamily \#include \char`\"{}spp\_\-ai.h\char`\"{}}\par
{\ttfamily \#include $<$mysql/mysql.h$>$}\par
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
void $\ast$ \hyperlink{mysql_8c_a3fba38c3da4a252a55d81088c6fe9078}{mysql\_\-do\_\-init} (\hyperlink{structAI__config}{AI\_\-config} $\ast$\hyperlink{group__mysql_ga6439d32dccbbc77c9b2aad04897bfa74}{config})
\item
MYSQL\_\-RES $\ast$ \hyperlink{mysql_8c_a90f2e6f4081c0c66f8da54b98aee2674}{mysql\_\-do\_\-query} (const char $\ast$query)
\item
void \hyperlink{mysql_8c_a55eb83ebfb4caefbc4d9cee8aa0095e3}{mysql\_\-do\_\-close} ()
\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
PRIVATE MYSQL $\ast$ \hyperlink{mysql_8c_aedbcc8d9f1bd3c64adf6ad8ccfcd48a4}{db} = NULL
\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{mysql_8c_a55eb83ebfb4caefbc4d9cee8aa0095e3}{
\index{mysql.c@{mysql.c}!mysql\_\-do\_\-close@{mysql\_\-do\_\-close}}
\index{mysql\_\-do\_\-close@{mysql\_\-do\_\-close}!mysql.c@{mysql.c}}
\subsubsection[{mysql\_\-do\_\-close}]{\setlength{\rightskip}{0pt plus 5cm}void mysql\_\-do\_\-close (
\begin{DoxyParamCaption}
{}
\end{DoxyParamCaption}
)}}
\label{mysql_8c_a55eb83ebfb4caefbc4d9cee8aa0095e3}
\hypertarget{mysql_8c_a3fba38c3da4a252a55d81088c6fe9078}{
\index{mysql.c@{mysql.c}!mysql\_\-do\_\-init@{mysql\_\-do\_\-init}}
\index{mysql\_\-do\_\-init@{mysql\_\-do\_\-init}!mysql.c@{mysql.c}}
\subsubsection[{mysql\_\-do\_\-init}]{\setlength{\rightskip}{0pt plus 5cm}void$\ast$ mysql\_\-do\_\-init (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-config} $\ast$}]{ config}
\end{DoxyParamCaption}
)}}
\label{mysql_8c_a3fba38c3da4a252a55d81088c6fe9078}
\hypertarget{mysql_8c_a90f2e6f4081c0c66f8da54b98aee2674}{
\index{mysql.c@{mysql.c}!mysql\_\-do\_\-query@{mysql\_\-do\_\-query}}
\index{mysql\_\-do\_\-query@{mysql\_\-do\_\-query}!mysql.c@{mysql.c}}
\subsubsection[{mysql\_\-do\_\-query}]{\setlength{\rightskip}{0pt plus 5cm}MYSQL\_\-RES$\ast$ mysql\_\-do\_\-query (
\begin{DoxyParamCaption}
\item[{const char $\ast$}]{ query}
\end{DoxyParamCaption}
)}}
\label{mysql_8c_a90f2e6f4081c0c66f8da54b98aee2674}
\subsection{Variable Documentation}
\hypertarget{mysql_8c_aedbcc8d9f1bd3c64adf6ad8ccfcd48a4}{
\index{mysql.c@{mysql.c}!db@{db}}
\index{db@{db}!mysql.c@{mysql.c}}
\subsubsection[{db}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE MYSQL$\ast$ {\bf db} = NULL}}
\label{mysql_8c_aedbcc8d9f1bd3c64adf6ad8ccfcd48a4}

11
doc/latex/refman.tex
View File

@ -41,7 +41,7 @@
\vspace*{1cm}
{\large Generated by Doxygen 1.7.1}\\
\vspace*{0.5cm}
{\small Mon Aug 16 2010 22:05:38}\\
{\small Sat Sep 4 2010 21:30:42}\\
\end{center}
\end{titlepage}
\clearemptydoublepage
@ -57,7 +57,13 @@
\chapter{File Index}
\input{files}
\chapter{Module Documentation}
\input{group__alert__parser}
\input{group__cluster}
\input{group__mysql}
\input{group__regex}
\input{group__sfPolicyConfig}
\input{group__spp__ai}
\input{group__stream}
\chapter{Data Structure Documentation}
\input{struct__AI__snort__alert}
\input{struct__hierarchy__node}
@ -69,6 +75,9 @@
\chapter{File Documentation}
\input{alert__parser_8c}
\input{cluster_8c}
\input{db_8c}
\input{db_8h}
\input{mysql_8c}
\input{regex_8c}
\input{sf__dynamic__preproc__lib_8c}
\input{sf__preproc__info_8h}

28
doc/latex/regex_8c.tex
View File

@ -5,34 +5,10 @@
{\ttfamily \#include $<$stdio.h$>$}\par
{\ttfamily \#include $<$stdlib.h$>$}\par
{\ttfamily \#include $<$string.h$>$}\par
{\ttfamily \#include $<$alloca.h$>$}\par
{\ttfamily \#include $<$regex.h$>$}\par
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
int \hyperlink{regex_8c_a35f57c052a7de1ded54b67a1f7819791}{preg\_\-match} (const char $\ast$expr, char $\ast$str, char $\ast$$\ast$$\ast$matches, int $\ast$nmatches)
int \hyperlink{group__regex_ga35f57c052a7de1ded54b67a1f7819791}{preg\_\-match} (const char $\ast$expr, char $\ast$str, char $\ast$$\ast$$\ast$matches, int $\ast$nmatches)
\begin{DoxyCompactList}\small\item\em Check if a string matches a regular expression. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{regex_8c_a35f57c052a7de1ded54b67a1f7819791}{
\index{regex.c@{regex.c}!preg\_\-match@{preg\_\-match}}
\index{preg\_\-match@{preg\_\-match}!regex.c@{regex.c}}
\subsubsection[{preg\_\-match}]{\setlength{\rightskip}{0pt plus 5cm}int preg\_\-match (
\begin{DoxyParamCaption}
\item[{const char $\ast$}]{ expr, }
\item[{char $\ast$}]{ str, }
\item[{char $\ast$$\ast$$\ast$}]{ matches, }
\item[{int $\ast$}]{ nmatches}
\end{DoxyParamCaption}
)}}
\label{regex_8c_a35f57c052a7de1ded54b67a1f7819791}
Check if a string matches a regular expression.
FUNCTION: preg\_\-match
\begin{DoxyParams}{Parameters}
\item[{\em expr}]Regular expression to be matched \item[{\em str}]String to be checked \item[{\em matches}]Reference to a char$\ast$$\ast$ that will contain the submatches (NULL if you don't need it) \item[{\em nmatches}]Reference to a int containing the number of submatches found (NULL if you don't need it) \end{DoxyParams}
\begin{DoxyReturn}{Returns}
-\/1 if the regex is wrong, 0 if no match was found, 1 otherwise
\end{DoxyReturn}

4
doc/latex/sfPolicyUserData_8c.tex
View File

@ -13,11 +13,11 @@ tSfPolicyUserContextId \hyperlink{group__sfPolicyConfig_gac62cd5838bee4a9d3f4056
\item
void \hyperlink{group__sfPolicyConfig_ga189d09ed6d1203ebace6ea2c2aafc1b8}{sfPolicyConfigDelete} (tSfPolicyUserContextId pContext)
\item
int \hyperlink{group__sfPolicyConfig_ga8e14fd83397b9bbb14568070183db80b}{sfPolicyUserDataSet} (tSfPolicyUserContextId pContext, tSfPolicyId policyId, void $\ast$config)
int \hyperlink{group__sfPolicyConfig_ga8e14fd83397b9bbb14568070183db80b}{sfPolicyUserDataSet} (tSfPolicyUserContextId pContext, tSfPolicyId policyId, void $\ast$\hyperlink{group__mysql_ga6439d32dccbbc77c9b2aad04897bfa74}{config})
\item
void $\ast$ \hyperlink{group__sfPolicyConfig_gae8f2ae426b1f1a50eabfade6d22c2c85}{sfPolicyUserDataClear} (tSfPolicyUserContextId pContext, tSfPolicyId policyId)
\item
int \hyperlink{group__sfPolicyConfig_ga3f3ab9314d29d2ee2a8285289b388f17}{sfPolicyUserDataIterate} (tSfPolicyUserContextId pContext, int($\ast$callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void $\ast$config))
int \hyperlink{group__sfPolicyConfig_ga3f3ab9314d29d2ee2a8285289b388f17}{sfPolicyUserDataIterate} (tSfPolicyUserContextId pContext, int($\ast$callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void $\ast$\hyperlink{group__mysql_ga6439d32dccbbc77c9b2aad04897bfa74}{config}))
\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}

19
doc/latex/sf__preproc__info_8h.tex
View File

@ -18,7 +18,7 @@
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
void \hyperlink{sf__preproc__info_8h_ad81716bc3f0fec4df74198a7cbdbd43c}{AI\_\-setup} ()
void \hyperlink{group__spp__ai_ga1b9ebb5c719c7d9426ddfc1f3da36570}{AI\_\-setup} ()
\begin{DoxyCompactList}\small\item\em Set up the preprocessor module. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
@ -48,20 +48,3 @@ void \hyperlink{sf__preproc__info_8h_ad81716bc3f0fec4df74198a7cbdbd43c}{AI\_\-se
\index{PREPROC\_\-NAME@{PREPROC\_\-NAME}!sf_preproc_info.h@{sf\_\-preproc\_\-info.h}}
\subsubsection[{PREPROC\_\-NAME}]{\setlength{\rightskip}{0pt plus 5cm}\#define PREPROC\_\-NAME~\char`\"{}SF\_\-AI\char`\"{}}}
\label{sf__preproc__info_8h_af5d5329206253ca0c1a3b8d4a43195af}
\subsection{Function Documentation}
\hypertarget{sf__preproc__info_8h_ad81716bc3f0fec4df74198a7cbdbd43c}{
\index{sf\_\-preproc\_\-info.h@{sf\_\-preproc\_\-info.h}!AI\_\-setup@{AI\_\-setup}}
\index{AI\_\-setup@{AI\_\-setup}!sf_preproc_info.h@{sf\_\-preproc\_\-info.h}}
\subsubsection[{AI\_\-setup}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-setup (
\begin{DoxyParamCaption}
\item[{void}]{}
\end{DoxyParamCaption}
)}}
\label{sf__preproc__info_8h_ad81716bc3f0fec4df74198a7cbdbd43c}
Set up the preprocessor module.
FUNCTION: AI\_\-setup

Some files were not shown because too many files have changed in this diff Show More