16 ago 2010 commit

This commit is contained in:
BlackLight 2010-08-16 22:09:34 +02:00
parent 48d63be028
commit a1d157487c
111 changed files with 6555 additions and 638 deletions

6
ChangeLog Normal file
View file

@ -0,0 +1,6 @@
2010-16-08 Fabio "BlackLight" Manganiello <blacklight@autistici.org>
* cluster.c: Finished clustering algorithm and clustering log management
2010-26-07 Fabio "BlackLight" Manganiello <blacklight@autistici.org>
* all: First version

4
TODO
View file

@ -1,2 +1,6 @@
- Check cluster ranges are NEVER on the same ranges
- Managing clusters for addresses, timestamps (and more?)
- MySQL alert log parsing
- Dynamic cluster_min_size algorithm
- Alerts for port scan, grouped alerts, UDP and ICMP too

View file

@ -302,6 +302,39 @@ AI_alertparser_thread ( void* arg )
} /* ----- end of function AI_alertparser_thread ----- */
/**
* FUNCTION: _AI_copy_alerts
* \brief Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only)
* \param node Starting node (used for the recursion)
* \return A copy of the alert log linked list
*/
PRIVATE AI_snort_alert*
_AI_copy_alerts ( AI_snort_alert *node )
{
AI_snort_alert *current = NULL, *next = NULL;
if ( !node )
{
return NULL;
}
if ( node->next )
{
next = _AI_copy_alerts ( node->next );
}
if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) ))
{
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ );
}
memcpy ( current, node, sizeof ( AI_snort_alert ));
current->next = next;
return current;
} /* ----- end of function _AI_copy_alerts ----- */
/**
* FUNCTION: AI_get_alerts
* \brief Return the alerts parsed so far as a linked list
@ -310,6 +343,25 @@ AI_alertparser_thread ( void* arg )
AI_snort_alert*
AI_get_alerts ()
{
return alerts;
return _AI_copy_alerts ( alerts );
} /* ----- end of function AI_get_alerts ----- */
/**
* FUNCTION: AI_free_alerts
* \brief Deallocate the memory of a log alert linked list
* \param node Linked list to be freed
*/
void
AI_free_alerts ( AI_snort_alert *node )
{
if ( !node )
return;
if ( node->next )
AI_free_alerts ( node->next );
free ( node );
node = NULL;
} /* ----- end of function AI_free_alerts ----- */

477
cluster.c
View file

@ -18,18 +18,100 @@
*/
#include "spp_ai.h"
#include <stdio.h>
#include <unistd.h>
#include <limits.h>
#include <pthread.h>
PRIVATE hierarchy_node *src_port_root = NULL;
PRIVATE hierarchy_node *src_addr_root = NULL;
PRIVATE hierarchy_node *dst_port_root = NULL;
PRIVATE hierarchy_node *dst_addr_root = NULL;
/* Identifier key for a cluster attribute value */
typedef struct {
int min;
int max;
} attribute_key;
/* Representation of a cluster attribute value */
typedef struct {
attribute_key key;
cluster_type type;
unsigned int count;
UT_hash_handle hh;
} attribute_value;
PRIVATE hierarchy_node *h_root[CLUSTER_TYPES] = { NULL };
PRIVATE AI_config *_config = NULL;
PRIVATE AI_snort_alert *alert_log = NULL;
/**
* FUNCTION: _heuristic_func
* \brief Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124)
* \param type Attribute type
* \return The heuristic coefficient for that attribute, -1 if no clustering information is available for that attribute
*/
PRIVATE int
_heuristic_func ( cluster_type type )
{
AI_snort_alert *alert_iterator;
attribute_key key;
attribute_value *values = NULL;
attribute_value *value = NULL;
attribute_value *found = NULL;
int max = 0;
if ( type == none || !alert_log || !h_root[type] )
return -1;
for ( alert_iterator = alert_log; alert_iterator; alert_iterator = alert_iterator->next )
{
if ( !alert_iterator->h_node[type] )
continue;
key.min = alert_iterator->h_node[type]->min_val;
key.max = alert_iterator->h_node[type]->max_val;
if ( values )
{
HASH_FIND ( hh, values, &key, sizeof ( attribute_key ), found );
}
if ( !found )
{
if ( !( value = ( attribute_value* ) malloc ( sizeof ( attribute_value )) ))
{
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ );
}
memset ( value, 0, sizeof ( attribute_value ));
value->key = key;
value->type = type;
value->count = 1;
HASH_ADD ( hh, values, key, sizeof ( attribute_key ), value );
} else {
found->count++;
}
}
for ( value = values; value; value = ( attribute_value* ) value->hh.next )
{
if ( value->count > max )
{
max = value->count;
}
}
while ( values )
{
value = values;
HASH_DEL ( values, value );
free ( value );
}
return max;
} /* ----- end of function _heuristic_func ----- */
/**
* FUNCTION: _hierarchy_node_new
* \brief Create a new clustering hierarchy node
@ -136,6 +218,158 @@ _AI_get_min_hierarchy_node ( int val, hierarchy_node *root )
return _AI_get_min_hierarchy_node ( val, next );
} /* ----- end of function _AI_get_min_hierarchy_node ----- */
/**
* FUNCTION: _AI_equal_alarms
* \brief Check if two alerts are semantically equal
* \param a1 First alert
* \param a2 Second alert
* \return True if they are equal, false otherwise
*/
PRIVATE BOOL
_AI_equal_alarms ( AI_snort_alert *a1, AI_snort_alert *a2 )
{
if ( a1->gid != a2->gid || a1->sid != a2->sid || a1->rev != a2->rev )
{
return false;
}
if ( a1->h_node[src_addr] && a2->h_node[src_addr] )
{
if ( a1->h_node[src_addr]->min_val != a2->h_node[src_addr]->min_val ||
a1->h_node[src_addr]->max_val != a2->h_node[src_addr]->max_val )
return false;
}
if ( a1->h_node[dst_addr] && a2->h_node[dst_addr] )
{
if ( a1->h_node[dst_addr]->min_val != a2->h_node[dst_addr]->min_val ||
a1->h_node[dst_addr]->max_val != a2->h_node[dst_addr]->max_val )
return false;
}
if ( a1->h_node[src_port] && a2->h_node[src_port] )
{
if ( a1->h_node[src_port]->min_val != a2->h_node[src_port]->min_val ||
a1->h_node[src_port]->max_val != a2->h_node[src_port]->max_val )
return false;
}
if ( a1->h_node[dst_port] && a2->h_node[dst_port] )
{
if ( a1->h_node[dst_port]->min_val != a2->h_node[dst_port]->min_val ||
a1->h_node[dst_port]->max_val != a2->h_node[dst_port]->max_val )
return false;
}
return true;
} /* ----- end of function _AI_equal_alarms ----- */
/**
* FUNCTION: _AI_merge_alerts
* \brief Merge the alerts marked as equal in the log
* \param log Alert log reference
* \return The number of merged couples
*/
PRIVATE int
_AI_merge_alerts ( AI_snort_alert **log )
{
AI_snort_alert *tmp, *tmp2, *tmp3;
int count = 0;
for ( tmp = *log; tmp; tmp = tmp->next )
{
for ( tmp2 = *log; tmp2; )
{
if ( tmp2->next )
{
if ( tmp != tmp2->next )
{
if ( _AI_equal_alarms ( tmp, tmp2->next ))
{
tmp3 = tmp2->next->next;
free ( tmp2->next );
tmp2->next = tmp3;
tmp->grouped_alarms_count++;
count++;
}
}
tmp2 = tmp2->next;
} else
break;
}
}
return count;
} /* ----- end of function _AI_merge_alerts ----- */
/**
* FUNCTION: _AI_print_clustered_alerts
* \brief Print the clustered alerts to a log file
* \param log Log containing the alerts
* \param fp File pointer where the alerts will be printed
*/
PRIVATE void
_AI_print_clustered_alerts ( AI_snort_alert *log, FILE *fp )
{
AI_snort_alert *tmp;
char ip[INET_ADDRSTRLEN];
char *timestamp;
for ( tmp = log; tmp; tmp = tmp->next )
{
fprintf ( fp, "[**] [%d:%d:%d] %s [**]\n", tmp->gid, tmp->sid, tmp->rev, tmp->desc );
if ( tmp->classification )
fprintf ( fp, "[Classification: %s] ", tmp->classification );
fprintf ( fp, "[Priority: %d]\n", tmp->priority );
timestamp = ctime ( &tmp->timestamp );
timestamp[ strlen(timestamp)-1 ] = 0;
fprintf ( fp, "[Grouped alerts: %d] [Starting from: %s]\n", tmp->grouped_alarms_count, timestamp );
if ( h_root[src_addr] )
{
fprintf ( fp, "[%s]:", tmp->h_node[src_addr]->label );
} else {
inet_ntop ( AF_INET, &(tmp->src_addr), ip, INET_ADDRSTRLEN );
fprintf ( fp, "%s:", ip );
}
if ( h_root[src_port] )
{
fprintf ( fp, "[%s] -> ", tmp->h_node[src_port]->label );
} else {
fprintf ( fp, "%d -> ", htons ( tmp->src_port ));
}
if ( h_root[dst_addr] )
{
fprintf ( fp, "[%s]:", tmp->h_node[dst_addr]->label );
} else {
inet_ntop ( AF_INET, &(tmp->dst_addr), ip, INET_ADDRSTRLEN );
fprintf ( fp, "%s:", ip );
}
if ( h_root[dst_port] )
{
fprintf ( fp, "[%s]\n", tmp->h_node[dst_port]->label );
} else {
fprintf ( fp, "%d\n", htons ( tmp->dst_port ));
}
fprintf ( fp, "\n" );
}
} /* ----- end of function _AI_print_clustered_alerts ----- */
/**
* FUNCTION: _AI_cluster_thread
* \brief Thread for periodically clustering the log information
@ -145,97 +379,135 @@ _AI_cluster_thread ( void* arg )
{
AI_snort_alert *tmp;
hierarchy_node *node, *child;
cluster_type type;
cluster_type best_type;
BOOL has_small_clusters = true;
FILE *cluster_fp;
char label[256];
int hostval;
int netval;
int minval;
int heuristic_val;
int cluster_min_size = 2;
int alert_count = 0;
int old_alert_count = 0;
while ( 1 )
{
/* Between an execution of the thread and the next one, sleep for alert_clustering_interval seconds */
sleep ( _config->alertClusteringInterval );
/* Free the current alert log and get the latest one */
AI_free_alerts ( alert_log );
if ( !( alert_log = AI_get_alerts() ))
{
continue;
}
FILE *fp = fopen ( "/home/blacklight/LOG", "a" );
has_small_clusters = true;
for ( tmp = alert_log, alert_count=0; tmp; tmp = tmp->next, alert_count++ )
{
/* If an alert has an unitialized "grouped alarms count", set its counter to 1 (it only groupes the current alert) */
if ( tmp->grouped_alarms_count == 0 )
{
tmp->grouped_alarms_count = 1;
}
/* If the current alarm already group at least min_size alarms, then no need to do further clusterization */
if ( tmp->grouped_alarms_count >= cluster_min_size )
{
has_small_clusters = false;
}
/* Initialize the clustering hierarchies in the current alert */
for ( type=0; type < CLUSTER_TYPES; type++ )
{
/* If "type" is a valid clustering hierarchy but the corresponding node in the alert is not initialized, initialize it */
if ( h_root[type] && !tmp->h_node[type] )
{
switch ( type )
{
case src_addr:
case dst_addr:
netval = ( type == src_addr ) ? tmp->src_addr : tmp->dst_addr;
hostval = ntohl ( netval );
inet_ntop ( AF_INET, &(netval), label, INET_ADDRSTRLEN );
break;
case src_port:
case dst_port:
netval = ( type == src_port ) ? tmp->src_port : tmp->dst_port;
hostval = ntohs ( netval );
snprintf ( label, sizeof(label), "%d", hostval );
break;
default:
return (void*) 0;
}
node = _AI_get_min_hierarchy_node ( hostval, h_root[type] );
if ( node )
{
if ( node->min_val < node->max_val )
{
child = _hierarchy_node_new ( label, hostval, hostval);
_hierarchy_node_append ( node, child );
node = child;
}
tmp->h_node[type] = node;
}
}
}
}
alert_count -= _AI_merge_alerts ( &alert_log );
while ( has_small_clusters && alert_count > cluster_min_size )
{
old_alert_count = alert_count;
minval = INT_MAX;
best_type = none;
/* Choose the best attribute to cluster using the heuristic function */
for ( type = 0; type < CLUSTER_TYPES; type++ )
{
if ( type != none && h_root[type] )
{
if (( heuristic_val = _heuristic_func ( type )) > 0 && heuristic_val < minval )
{
minval = heuristic_val;
best_type = type;
}
}
}
/* For all the alerts, the corresponing clustering value is the parent of the current one in the hierarchy */
for ( tmp = alert_log; tmp; tmp = tmp->next )
{
if ( src_addr_root && !tmp->src_addr_node )
if ( tmp->h_node[best_type]->parent )
{
node = _AI_get_min_hierarchy_node ( ntohl ( tmp->src_addr ), src_addr_root );
if ( node )
{
if ( node->min_val < node->max_val )
{
inet_ntop ( AF_INET, &(tmp->src_addr), label, INET_ADDRSTRLEN );
child = _hierarchy_node_new ( label, ntohl ( tmp->src_addr ), ntohl ( tmp->src_addr ));
_hierarchy_node_append ( node, child );
node = child;
}
tmp->src_addr_node = node;
fprintf ( fp, "minimum range holding %s: %s (prev: %s)\n", label, tmp->src_addr_node->label, tmp->src_addr_node->parent->label );
tmp->h_node[best_type] = tmp->h_node[best_type]->parent;
}
}
if ( dst_addr_root && !tmp->dst_addr_node )
{
node = _AI_get_min_hierarchy_node ( ntohl ( tmp->dst_addr ), dst_addr_root );
alert_count -= _AI_merge_alerts ( &alert_log );
if ( node )
{
if ( node->min_val < node->max_val )
{
/* snprintf ( label, sizeof(label), "%d", ntohl ( tmp->dst_addr )); */
inet_ntop ( AF_INET, &(tmp->src_addr), label, INET_ADDRSTRLEN );
child = _hierarchy_node_new ( label, ntohl ( tmp->dst_addr ), ntohl ( tmp->dst_addr ));
_hierarchy_node_append ( node, child );
node = child;
if ( old_alert_count == alert_count )
break;
}
tmp->dst_addr_node = node;
}
if ( !( cluster_fp = fopen ( _config->clusterfile, "w" )) )
{
return (void*) 0;
}
if ( src_port_root && !tmp->src_port_node )
{
node = _AI_get_min_hierarchy_node ( ntohs ( tmp->src_port ), src_port_root );
if ( node )
{
if ( node->min_val < node->max_val )
{
snprintf ( label, sizeof(label), "%d", ntohs ( tmp->src_port ));
child = _hierarchy_node_new ( label, ntohs ( tmp->src_port ), ntohs ( tmp->src_port ));
_hierarchy_node_append ( node, child );
node = child;
}
tmp->src_port_node = node;
fprintf ( fp, "minimum range holding %d: %s (prev: %s)\n", ntohs(tmp->src_port), tmp->src_port_node->label, tmp->src_port_node->parent->label );
}
}
if ( dst_port_root && !tmp->dst_port_node )
{
node = _AI_get_min_hierarchy_node ( ntohs ( tmp->dst_port ), dst_port_root );
if ( node )
{
if ( node->min_val < node->max_val )
{
snprintf ( label, sizeof(label), "%d", ntohs ( tmp->dst_port ));
child = _hierarchy_node_new ( label, ntohs ( tmp->dst_port ), ntohs ( tmp->dst_port ));
_hierarchy_node_append ( node, child );
node = child;
}
tmp->dst_port_node = node;
fprintf ( fp, "minimum range holding %d: %s (prev: %s)\n", ntohs(tmp->dst_port), tmp->dst_port_node->label, tmp->dst_port_node->parent->label );
}
}
}
_AI_print_clustered_alerts ( alert_log, cluster_fp );
fclose ( cluster_fp );
fclose ( fp );
}
@ -244,6 +516,33 @@ _AI_cluster_thread ( void* arg )
} /* ----- end of function AI_cluster_thread ----- */
/**
* FUNCTION: _AI_check_duplicate
* \brief Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy
* \param node Node to be checked
* \param root Clustering hierarchy
* \return True if 'node' is already in 'root', false otherwise
*/
PRIVATE BOOL
_AI_check_duplicate ( hierarchy_node *node, hierarchy_node *root )
{
int i;
if ( !node || !root )
return false;
if ( root->min_val == node->min_val && root->max_val == node->max_val )
return true;
for ( i=0; i < root->nchildren; i++ )
{
if ( _AI_check_duplicate ( node, root->children[i] ))
return true;
}
return false;
} /* ----- end of function _AI_check_duplicate ----- */
/**
* FUNCTION: AI_hierarchies_build
* \brief Build the clustering hierarchy trees
@ -267,46 +566,34 @@ AI_hierarchies_build ( AI_config *conf, hierarchy_node **nodes, int n_nodes )
switch ( nodes[i]->type )
{
case src_port:
if ( !src_port_root )
src_port_root = _hierarchy_node_new ( "1-65535", 1, 65535 );
root = src_port_root;
min_range = 65534;
break;
case dst_port:
if ( !dst_port_root )
dst_port_root = _hierarchy_node_new ( "1-65535", 1, 65535 );
if ( !h_root[ nodes[i]->type ] )
h_root[ nodes[i]->type ] = _hierarchy_node_new ( "1-65535", 1, 65535 );
root = dst_port_root;
min_range = 65534;
break;
case src_addr:
if ( !src_addr_root )
src_addr_root = _hierarchy_node_new ( "0.0.0.0/0",
0x0, 0xffffffff );
root = src_addr_root;
min_range = 0xffffffff;
break;
case dst_addr:
if ( !dst_addr_root )
dst_addr_root = _hierarchy_node_new ( "0.0.0.0/0",
0x0, 0xffffffff );
if ( !h_root[ nodes[i]->type ] )
h_root[ nodes[i]->type ] = _hierarchy_node_new ( "0.0.0.0/0", 0x0, 0xffffffff );
root = dst_addr_root;
min_range = 0xffffffff;
break;
/* TODO Manage range for timestamps (and something more?) */
/* TODO Manage ranges for timestamps (and something more?) */
default:
break;
return;
}
root = h_root[ nodes[i]->type ];
cover = NULL;
if ( _AI_check_duplicate ( nodes[i], root ))
{
_dpd.fatalMsg ( "AIPreproc: Parse error: duplicate cluster range '%d-%d' in configuration\n", nodes[i]->min_val, nodes[i]->max_val );
}
for ( j=0; j < n_nodes; j++ )
{
if ( i != j )

View file

@ -0,0 +1,229 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: alert_parser.c File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File&nbsp;List</span></a></li>
<li><a href="globals.html"><span>Globals</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>alert_parser.c File Reference</h1> </div>
</div>
<div class="contents">
<code>#include &quot;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&quot;</code><br/>
<code>#include &lt;stdio.h&gt;</code><br/>
<code>#include &lt;unistd.h&gt;</code><br/>
<code>#include &lt;time.h&gt;</code><br/>
<code>#include &lt;sys/inotify.h&gt;</code><br/>
<code>#include &lt;sys/stat.h&gt;</code><br/>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a">AI_alertparser_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing Snort's alert file. <a href="#ad68c45b5846743a54ad3fa92c8e48f8a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#a6c5014cae9155379fdc4db649b2c862d">_AI_copy_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only). <a href="#a6c5014cae9155379fdc4db649b2c862d"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f">AI_get_alerts</a> ()</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="#a99474495643197b3075ac22ec6f6c70f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b">AI_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Deallocate the memory of a log alert linked list. <a href="#a270e86669a0aa64a8da37bc16cda645b"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE FILE *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6">alert_fp</a> = NULL</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a6c5014cae9155379fdc4db649b2c862d"></a><!-- doxytag: member="alert_parser.c::_AI_copy_alerts" ref="a6c5014cae9155379fdc4db649b2c862d" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* _AI_copy_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>node</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-only). </p>
<p>FUNCTION: _AI_copy_alerts </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Starting node (used for the recursion) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A copy of the alert log linked list </dd></dl>
</div>
</div>
<a class="anchor" id="ad68c45b5846743a54ad3fa92c8e48f8a"></a><!-- doxytag: member="alert_parser.c::AI_alertparser_thread" ref="ad68c45b5846743a54ad3fa92c8e48f8a" args="(void *arg)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_alertparser_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for parsing Snort's alert file. </p>
<p>FUNCTION: AI_alertparser_thread </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>void* pointer to module's configuration </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a270e86669a0aa64a8da37bc16cda645b"></a><!-- doxytag: member="alert_parser.c::AI_free_alerts" ref="a270e86669a0aa64a8da37bc16cda645b" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_free_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>node</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Deallocate the memory of a log alert linked list. </p>
<p>FUNCTION: AI_free_alerts </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Linked list to be freed </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a99474495643197b3075ac22ec6f6c70f"></a><!-- doxytag: member="alert_parser.c::AI_get_alerts" ref="a99474495643197b3075ac22ec6f6c70f" args="()" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_get_alerts </td>
<td>(</td>
<td class="paramtype">void&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Return the alerts parsed so far as a linked list. </p>
<p>FUNCTION: AI_get_alerts </p>
<dl class="return"><dt><b>Returns:</b></dt><dd>An AI_snort_alert pointer identifying the list of alerts </dd></dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="abee2a33368912d9288c76b51160a9ed6"></a><!-- doxytag: member="alert_parser.c::alert_fp" ref="abee2a33368912d9288c76b51160a9ed6" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE FILE* <a class="el" href="alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6">alert_fp</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ae837fc04e61c0eb052f997c54b4fd9fe"></a><!-- doxytag: member="alert_parser.c::alerts" ref="ae837fc04e61c0eb052f997c54b4fd9fe" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alerts</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

View file

@ -52,7 +52,11 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</div>
<div class="contents">
Here are the data structures with brief descriptions:<table>
<tr><td class="indexkey"><a class="el" href="struct__AI__config.html">_AI_config</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structAI__config.html">AI_config</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structattribute__key.html">attribute_key</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structattribute__value.html">attribute_value</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structpkt__info.html">pkt_info</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structpkt__key.html">pkt_key</a></td><td class="indexvalue"></td></tr>
</table>
@ -71,7 +75,7 @@ Here are the data structures with brief descriptions:<table>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -51,11 +51,12 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h1>Data Structure Index</h1> </div>
</div>
<div class="contents">
<div class="qindex"><a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
<div class="qindex"><a class="qindex" href="#letter_A">A</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
<table align="center" width="95%" border="0" cellspacing="0" cellpadding="0">
<tr><td><a name="letter_P"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;P&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="structpkt__info.html">pkt_info</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;&nbsp;&nbsp;</td><td><a name="letter__"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;_&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="struct__AI__config.html">_AI_config</a>&nbsp;&nbsp;&nbsp;</td></tr></table><div class="qindex"><a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
<tr><td><a name="letter_A"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;A&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="structattribute__key.html">attribute_key</a>&nbsp;&nbsp;&nbsp;</td><td><a name="letter_P"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;P&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a>&nbsp;&nbsp;&nbsp;</td></tr><tr><td><a class="el" href="structAI__config.html">AI_config</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structattribute__value.html">attribute_value</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structpkt__info.html">pkt_info</a>&nbsp;&nbsp;&nbsp;</td><td><a name="letter__"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;_&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a>&nbsp;&nbsp;&nbsp;</td></tr></table><div class="qindex"><a class="qindex" href="#letter_A">A</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
@ -71,7 +72,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

509
doc/html/cluster_8c.html Normal file
View file

@ -0,0 +1,509 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: cluster.c File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File&nbsp;List</span></a></li>
<li><a href="globals.html"><span>Globals</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#nested-classes">Data Structures</a> &#124;
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>cluster.c File Reference</h1> </div>
</div>
<div class="contents">
<code>#include &quot;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&quot;</code><br/>
<code>#include &lt;stdio.h&gt;</code><br/>
<code>#include &lt;unistd.h&gt;</code><br/>
<code>#include &lt;limits.h&gt;</code><br/>
<code>#include &lt;pthread.h&gt;</code><br/>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="nested-classes"></a>
Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__key.html">attribute_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__value.html">attribute_value</a></td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a81f5fa721719fdb281595a568eef2101">_heuristic_func</a> (<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> type)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). <a href="#a81f5fa721719fdb281595a568eef2101"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a2f1a22cfea64e4669da0467620c3e3b3">_hierarchy_node_new</a> (char *label, int min_val, int max_val)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Create a new clustering hierarchy node. <a href="#a2f1a22cfea64e4669da0467620c3e3b3"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a5601a1f603d9c870ef6e2df192e30c30">_hierarchy_node_append</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *parent, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *child)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Append a node to a clustering hierarchy node. <a href="#a5601a1f603d9c870ef6e2df192e30c30"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a6ddddcd505b1f763c339e81fc143e079">_AI_get_min_hierarchy_node</a> (int val, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get the minimum node in a hierarchy tree that matches a certain value. <a href="#a6ddddcd505b1f763c339e81fc143e079"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a0f91c8bfc37a3975f5c26b19fd6c5cba">_AI_equal_alarms</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a1, <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *a2)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if two alerts are semantically equal. <a href="#a0f91c8bfc37a3975f5c26b19fd6c5cba"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a8ce8e5a5d8954672297fa2dedb380dcd">_AI_merge_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **log)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Merge the alerts marked as equal in the log. <a href="#a8ce8e5a5d8954672297fa2dedb380dcd"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a7d151880080470b542e99643dc0426a7">_AI_print_clustered_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *log, FILE *fp)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Print the clustered alerts to a log file. <a href="#a7d151880080470b542e99643dc0426a7"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a8a5eae61dc9fd0f13e0acdfa5f4478e2">_AI_cluster_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for periodically clustering the log information. <a href="#a8a5eae61dc9fd0f13e0acdfa5f4478e2"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a29c35cd6c56f54e27b5b190c6d6c487a">_AI_check_duplicate</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *node, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. <a href="#a29c35cd6c56f54e27b5b190c6d6c487a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *conf, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **nodes, int n_nodes)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="#a1445818b37483f78cc3fb2890155842c"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82">h_root</a> [CLUSTER_TYPES] = { NULL }</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#a91458e2d34595688e39fcb63ba418849">_config</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9">alert_log</a> = NULL</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a29c35cd6c56f54e27b5b190c6d6c487a"></a><!-- doxytag: member="cluster.c::_AI_check_duplicate" ref="a29c35cd6c56f54e27b5b190c6d6c487a" args="(hierarchy_node *node, hierarchy_node *root)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> _AI_check_duplicate </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>node</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>root</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. </p>
<p>FUNCTION: _AI_check_duplicate </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Node to be checked </td></tr>
<tr><td valign="top"></td><td valign="top"><em>root</em>&nbsp;</td><td>Clustering hierarchy </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>True if 'node' is already in 'root', false otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="a8a5eae61dc9fd0f13e0acdfa5f4478e2"></a><!-- doxytag: member="cluster.c::_AI_cluster_thread" ref="a8a5eae61dc9fd0f13e0acdfa5f4478e2" args="(void *arg)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void* _AI_cluster_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for periodically clustering the log information. </p>
<p>FUNCTION: _AI_cluster_thread </p>
</div>
</div>
<a class="anchor" id="a0f91c8bfc37a3975f5c26b19fd6c5cba"></a><!-- doxytag: member="cluster.c::_AI_equal_alarms" ref="a0f91c8bfc37a3975f5c26b19fd6c5cba" args="(AI_snort_alert *a1, AI_snort_alert *a2)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> _AI_equal_alarms </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>a1</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>a2</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if two alerts are semantically equal. </p>
<p>FUNCTION: _AI_equal_alarms </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>a1</em>&nbsp;</td><td>First alert </td></tr>
<tr><td valign="top"></td><td valign="top"><em>a2</em>&nbsp;</td><td>Second alert </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>True if they are equal, false otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="a6ddddcd505b1f763c339e81fc143e079"></a><!-- doxytag: member="cluster.c::_AI_get_min_hierarchy_node" ref="a6ddddcd505b1f763c339e81fc143e079" args="(int val, hierarchy_node *root)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* _AI_get_min_hierarchy_node </td>
<td>(</td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>val</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>root</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Get the minimum node in a hierarchy tree that matches a certain value. </p>
<p>FUNCTION: _AI_get_min_hierarchy_node </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>val</em>&nbsp;</td><td>Value to be matched in the range </td></tr>
<tr><td valign="top"></td><td valign="top"><em>root</em>&nbsp;</td><td>Root of the hierarchy </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The minimum node that matches the value if any, NULL otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="a8ce8e5a5d8954672297fa2dedb380dcd"></a><!-- doxytag: member="cluster.c::_AI_merge_alerts" ref="a8ce8e5a5d8954672297fa2dedb380dcd" args="(AI_snort_alert **log)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE int _AI_merge_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> **&nbsp;</td>
<td class="paramname"> <em>log</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Merge the alerts marked as equal in the log. </p>
<p>FUNCTION: _AI_merge_alerts </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>log</em>&nbsp;</td><td>Alert log reference </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The number of merged couples </dd></dl>
</div>
</div>
<a class="anchor" id="a7d151880080470b542e99643dc0426a7"></a><!-- doxytag: member="cluster.c::_AI_print_clustered_alerts" ref="a7d151880080470b542e99643dc0426a7" args="(AI_snort_alert *log, FILE *fp)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void _AI_print_clustered_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>log</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">FILE *&nbsp;</td>
<td class="paramname"> <em>fp</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Print the clustered alerts to a log file. </p>
<p>FUNCTION: _AI_print_clustered_alerts </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>log</em>&nbsp;</td><td>Log containing the alerts </td></tr>
<tr><td valign="top"></td><td valign="top"><em>fp</em>&nbsp;</td><td>File pointer where the alerts will be printed </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a81f5fa721719fdb281595a568eef2101"></a><!-- doxytag: member="cluster.c::_heuristic_func" ref="a81f5fa721719fdb281595a568eef2101" args="(cluster_type type)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE int _heuristic_func </td>
<td>(</td>
<td class="paramtype"><a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a>&nbsp;</td>
<td class="paramname"> <em>type</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). </p>
<p>FUNCTION: _heuristic_func </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>type</em>&nbsp;</td><td>Attribute type </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The heuristic coefficient for that attribute, -1 if no clustering information is available for that attribute </dd></dl>
</div>
</div>
<a class="anchor" id="a5601a1f603d9c870ef6e2df192e30c30"></a><!-- doxytag: member="cluster.c::_hierarchy_node_append" ref="a5601a1f603d9c870ef6e2df192e30c30" args="(hierarchy_node *parent, hierarchy_node *child)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE void _hierarchy_node_append </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>parent</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td>
<td class="paramname"> <em>child</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Append a node to a clustering hierarchy node. </p>
<p>FUNCTION: _hierarchy_node_append </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>parent</em>&nbsp;</td><td>Parent node </td></tr>
<tr><td valign="top"></td><td valign="top"><em>child</em>&nbsp;</td><td>Child node </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a2f1a22cfea64e4669da0467620c3e3b3"></a><!-- doxytag: member="cluster.c::_hierarchy_node_new" ref="a2f1a22cfea64e4669da0467620c3e3b3" args="(char *label, int min_val, int max_val)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* _hierarchy_node_new </td>
<td>(</td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>label</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>min_val</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>max_val</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Create a new clustering hierarchy node. </p>
<p>FUNCTION: _hierarchy_node_new </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>label</em>&nbsp;</td><td>Label for the node </td></tr>
<tr><td valign="top"></td><td valign="top"><em>min_val</em>&nbsp;</td><td>Minimum value for the range represented by the node </td></tr>
<tr><td valign="top"></td><td valign="top"><em>max_val</em>&nbsp;</td><td>Maximum value for the range represented by the node </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The brand new node if the allocation was ok, otherwise abort the application </dd></dl>
</div>
</div>
<a class="anchor" id="a1445818b37483f78cc3fb2890155842c"></a><!-- doxytag: member="cluster.c::AI_hierarchies_build" ref="a1445818b37483f78cc3fb2890155842c" args="(AI_config *conf, hierarchy_node **nodes, int n_nodes)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_hierarchies_build </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td>
<td class="paramname"> <em>conf</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **&nbsp;</td>
<td class="paramname"> <em>nodes</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>n_nodes</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Build the clustering hierarchy trees. </p>
<p>FUNCTION: AI_hierarchies_build </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>conf</em>&nbsp;</td><td>Reference to the configuration of the module </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nodes</em>&nbsp;</td><td>Nodes containing the information about the clustering ranges </td></tr>
<tr><td valign="top"></td><td valign="top"><em>n_nodes</em>&nbsp;</td><td>Number of nodes </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="a91458e2d34595688e39fcb63ba418849"></a><!-- doxytag: member="cluster.c::_config" ref="a91458e2d34595688e39fcb63ba418849" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structAI__config.html">AI_config</a>* <a class="el" href="cluster_8c.html#a91458e2d34595688e39fcb63ba418849">_config</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="aaf4c19f60f48741b0890c6114dcff7d9"></a><!-- doxytag: member="cluster.c::alert_log" ref="aaf4c19f60f48741b0890c6114dcff7d9" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="el" href="cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9">alert_log</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a97d35425cf5a0207fb50b64ee8cdda82"></a><!-- doxytag: member="cluster.c::h_root" ref="a97d35425cf5a0207fb50b64ee8cdda82" args="[CLUSTER_TYPES]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* <a class="el" href="cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82">h_root</a>[CLUSTER_TYPES] = { NULL }</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

View file

@ -51,6 +51,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</div>
<div class="contents">
Here is a list of all files with brief descriptions:<table>
<tr><td class="indexkey"><a class="el" href="alert__parser_8c.html">alert_parser.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="cluster_8c.html">cluster.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="regex_8c.html">regex.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="sf__dynamic__preproc__lib_8c.html">sf_dynamic_preproc_lib.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="sf__preproc__info_8h.html">sf_preproc_info.h</a> <a href="sf__preproc__info_8h_source.html">[code]</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="sfPolicyUserData_8c.html">sfPolicyUserData.c</a></td><td class="indexvalue"></td></tr>
@ -73,7 +76,7 @@ Here is a list of all files with brief descriptions:<table>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -51,38 +51,231 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li><a href="functions_vars.html"><span>Variables</span></a></li>
</ul>
</div>
<div class="tabs3">
<ul class="tablist">
<li><a href="#index_a"><span>a</span></a></li>
<li><a href="#index_c"><span>c</span></a></li>
<li><a href="#index_d"><span>d</span></a></li>
<li><a href="#index_g"><span>g</span></a></li>
<li><a href="#index_h"><span>h</span></a></li>
<li><a href="#index_i"><span>i</span></a></li>
<li><a href="#index_k"><span>k</span></a></li>
<li><a href="#index_l"><span>l</span></a></li>
<li><a href="#index_m"><span>m</span></a></li>
<li><a href="#index_n"><span>n</span></a></li>
<li><a href="#index_o"><span>o</span></a></li>
<li><a href="#index_p"><span>p</span></a></li>
<li><a href="#index_r"><span>r</span></a></li>
<li><a href="#index_s"><span>s</span></a></li>
<li><a href="#index_t"><span>t</span></a></li>
<li><a href="#index_w"><span>w</span></a></li>
</ul>
</div>
</div>
<div class="contents">
Here is a list of all struct and union fields with links to the structures/unions they belong to:<ul>
Here is a list of all struct and union fields with links to the structures/unions they belong to:
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>ack
: <a class="el" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">_AI_snort_alert</a>
</li>
<li>alertClusteringInterval
: <a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">AI_config</a>
</li>
<li>alertfile
: <a class="el" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">AI_config</a>
</li>
</ul>
<h3><a class="anchor" id="index_c"></a>- c -</h3><ul>
<li>children
: <a class="el" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">_hierarchy_node</a>
</li>
<li>classification
: <a class="el" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">_AI_snort_alert</a>
</li>
<li>clusterfile
: <a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">AI_config</a>
</li>
<li>count
: <a class="el" href="structattribute__value.html#a5579c0304c2e9ab488ac94905b385045">attribute_value</a>
</li>
</ul>
<h3><a class="anchor" id="index_d"></a>- d -</h3><ul>
<li>desc
: <a class="el" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">_AI_snort_alert</a>
</li>
<li>dst_addr
: <a class="el" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">_AI_snort_alert</a>
</li>
<li>dst_port
: <a class="el" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">pkt_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_g"></a>- g -</h3><ul>
<li>gid
: <a class="el" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">_AI_snort_alert</a>
</li>
<li>grouped_alarms_count
: <a class="el" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_h"></a>- h -</h3><ul>
<li>h_node
: <a class="el" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">_AI_snort_alert</a>
</li>
<li>hashCleanupInterval
: <a class="el" href="struct__AI__config.html#a890e6756dc637e9d41b7051a4d1ddc93">_AI_config</a>
: <a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">AI_config</a>
</li>
<li>hh
: <a class="el" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">pkt_info</a>
: <a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">attribute_value</a>
, <a class="el" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">pkt_info</a>
</li>
</ul>
<h3><a class="anchor" id="index_i"></a>- i -</h3><ul>
<li>id
: <a class="el" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">_AI_snort_alert</a>
</li>
<li>iplen
: <a class="el" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">_AI_snort_alert</a>
</li>
<li>ipproto
: <a class="el" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_k"></a>- k -</h3><ul>
<li>key
: <a class="el" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">pkt_info</a>
: <a class="el" href="structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d">attribute_value</a>
, <a class="el" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">pkt_info</a>
</li>
</ul>
<h3><a class="anchor" id="index_l"></a>- l -</h3><ul>
<li>label
: <a class="el" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">_hierarchy_node</a>
</li>
</ul>
<h3><a class="anchor" id="index_m"></a>- m -</h3><ul>
<li>max
: <a class="el" href="structattribute__key.html#a82b7e5ac49820b816871a4ddf30c462d">attribute_key</a>
</li>
<li>max_val
: <a class="el" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">_hierarchy_node</a>
</li>
<li>min
: <a class="el" href="structattribute__key.html#a4fdb3d7aabeac6b1052b59e05e3d8842">attribute_key</a>
</li>
<li>min_val
: <a class="el" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">_hierarchy_node</a>
</li>
</ul>
<h3><a class="anchor" id="index_n"></a>- n -</h3><ul>
<li>nchildren
: <a class="el" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">_hierarchy_node</a>
</li>
<li>next
: <a class="el" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">pkt_info</a>
: <a class="el" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">_AI_snort_alert</a>
, <a class="el" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">pkt_info</a>
</li>
</ul>
<h3><a class="anchor" id="index_o"></a>- o -</h3><ul>
<li>observed
: <a class="el" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">pkt_info</a>
</li>
</ul>
<h3><a class="anchor" id="index_p"></a>- p -</h3><ul>
<li>parent
: <a class="el" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">_hierarchy_node</a>
</li>
<li>pkt
: <a class="el" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt_info</a>
</li>
<li>portToCheck
: <a class="el" href="struct__AI__config.html#ab22e082ad6637f6280134e882bf53b0d">_AI_config</a>
<li>priority
: <a class="el" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_r"></a>- r -</h3><ul>
<li>rev
: <a class="el" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_s"></a>- s -</h3><ul>
<li>sequence
: <a class="el" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">_AI_snort_alert</a>
</li>
<li>sid
: <a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">_AI_snort_alert</a>
</li>
<li>src_addr
: <a class="el" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">_AI_snort_alert</a>
</li>
<li>src_ip
: <a class="el" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">pkt_key</a>
</li>
<li>src_port
: <a class="el" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">_AI_snort_alert</a>
</li>
<li>stream
: <a class="el" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">_AI_snort_alert</a>
</li>
<li>streamExpireInterval
: <a class="el" href="struct__AI__config.html#a338358f23bf15f567a015a99d892c8e7">_AI_config</a>
: <a class="el" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">AI_config</a>
</li>
</ul>
<h3><a class="anchor" id="index_t"></a>- t -</h3><ul>
<li>tcp_flags
: <a class="el" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">_AI_snort_alert</a>
</li>
<li>tcplen
: <a class="el" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">_AI_snort_alert</a>
</li>
<li>timestamp
: <a class="el" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">pkt_info</a>
: <a class="el" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">_AI_snort_alert</a>
, <a class="el" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">pkt_info</a>
</li>
<li>tos
: <a class="el" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">_AI_snort_alert</a>
</li>
<li>ttl
: <a class="el" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">_AI_snort_alert</a>
</li>
<li>type
: <a class="el" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">_hierarchy_node</a>
, <a class="el" href="structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c">attribute_value</a>
</li>
</ul>
<h3><a class="anchor" id="index_w"></a>- w -</h3><ul>
<li>window
: <a class="el" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">_AI_snort_alert</a>
</li>
</ul>
</div>
@ -100,7 +293,7 @@ Here is a list of all struct and union fields with links to the structures/union
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -51,38 +51,231 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li class="current"><a href="functions_vars.html"><span>Variables</span></a></li>
</ul>
</div>
<div class="tabs3">
<ul class="tablist">
<li><a href="#index_a"><span>a</span></a></li>
<li><a href="#index_c"><span>c</span></a></li>
<li><a href="#index_d"><span>d</span></a></li>
<li><a href="#index_g"><span>g</span></a></li>
<li><a href="#index_h"><span>h</span></a></li>
<li><a href="#index_i"><span>i</span></a></li>
<li><a href="#index_k"><span>k</span></a></li>
<li><a href="#index_l"><span>l</span></a></li>
<li><a href="#index_m"><span>m</span></a></li>
<li><a href="#index_n"><span>n</span></a></li>
<li><a href="#index_o"><span>o</span></a></li>
<li><a href="#index_p"><span>p</span></a></li>
<li><a href="#index_r"><span>r</span></a></li>
<li><a href="#index_s"><span>s</span></a></li>
<li><a href="#index_t"><span>t</span></a></li>
<li><a href="#index_w"><span>w</span></a></li>
</ul>
</div>
</div>
<div class="contents">
&nbsp;<ul>
&nbsp;
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>ack
: <a class="el" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">_AI_snort_alert</a>
</li>
<li>alertClusteringInterval
: <a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">AI_config</a>
</li>
<li>alertfile
: <a class="el" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">AI_config</a>
</li>
</ul>
<h3><a class="anchor" id="index_c"></a>- c -</h3><ul>
<li>children
: <a class="el" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">_hierarchy_node</a>
</li>
<li>classification
: <a class="el" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">_AI_snort_alert</a>
</li>
<li>clusterfile
: <a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">AI_config</a>
</li>
<li>count
: <a class="el" href="structattribute__value.html#a5579c0304c2e9ab488ac94905b385045">attribute_value</a>
</li>
</ul>
<h3><a class="anchor" id="index_d"></a>- d -</h3><ul>
<li>desc
: <a class="el" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">_AI_snort_alert</a>
</li>
<li>dst_addr
: <a class="el" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">_AI_snort_alert</a>
</li>
<li>dst_port
: <a class="el" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">pkt_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_g"></a>- g -</h3><ul>
<li>gid
: <a class="el" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">_AI_snort_alert</a>
</li>
<li>grouped_alarms_count
: <a class="el" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_h"></a>- h -</h3><ul>
<li>h_node
: <a class="el" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">_AI_snort_alert</a>
</li>
<li>hashCleanupInterval
: <a class="el" href="struct__AI__config.html#a890e6756dc637e9d41b7051a4d1ddc93">_AI_config</a>
: <a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">AI_config</a>
</li>
<li>hh
: <a class="el" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">pkt_info</a>
: <a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">attribute_value</a>
, <a class="el" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">pkt_info</a>
</li>
</ul>
<h3><a class="anchor" id="index_i"></a>- i -</h3><ul>
<li>id
: <a class="el" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">_AI_snort_alert</a>
</li>
<li>iplen
: <a class="el" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">_AI_snort_alert</a>
</li>
<li>ipproto
: <a class="el" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_k"></a>- k -</h3><ul>
<li>key
: <a class="el" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">pkt_info</a>
: <a class="el" href="structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d">attribute_value</a>
, <a class="el" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">pkt_info</a>
</li>
</ul>
<h3><a class="anchor" id="index_l"></a>- l -</h3><ul>
<li>label
: <a class="el" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">_hierarchy_node</a>
</li>
</ul>
<h3><a class="anchor" id="index_m"></a>- m -</h3><ul>
<li>max
: <a class="el" href="structattribute__key.html#a82b7e5ac49820b816871a4ddf30c462d">attribute_key</a>
</li>
<li>max_val
: <a class="el" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">_hierarchy_node</a>
</li>
<li>min
: <a class="el" href="structattribute__key.html#a4fdb3d7aabeac6b1052b59e05e3d8842">attribute_key</a>
</li>
<li>min_val
: <a class="el" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">_hierarchy_node</a>
</li>
</ul>
<h3><a class="anchor" id="index_n"></a>- n -</h3><ul>
<li>nchildren
: <a class="el" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">_hierarchy_node</a>
</li>
<li>next
: <a class="el" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">pkt_info</a>
: <a class="el" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">_AI_snort_alert</a>
, <a class="el" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">pkt_info</a>
</li>
</ul>
<h3><a class="anchor" id="index_o"></a>- o -</h3><ul>
<li>observed
: <a class="el" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">pkt_info</a>
</li>
</ul>
<h3><a class="anchor" id="index_p"></a>- p -</h3><ul>
<li>parent
: <a class="el" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">_hierarchy_node</a>
</li>
<li>pkt
: <a class="el" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt_info</a>
</li>
<li>portToCheck
: <a class="el" href="struct__AI__config.html#ab22e082ad6637f6280134e882bf53b0d">_AI_config</a>
<li>priority
: <a class="el" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_r"></a>- r -</h3><ul>
<li>rev
: <a class="el" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_s"></a>- s -</h3><ul>
<li>sequence
: <a class="el" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">_AI_snort_alert</a>
</li>
<li>sid
: <a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">_AI_snort_alert</a>
</li>
<li>src_addr
: <a class="el" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">_AI_snort_alert</a>
</li>
<li>src_ip
: <a class="el" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">pkt_key</a>
</li>
<li>src_port
: <a class="el" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">_AI_snort_alert</a>
</li>
<li>stream
: <a class="el" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">_AI_snort_alert</a>
</li>
<li>streamExpireInterval
: <a class="el" href="struct__AI__config.html#a338358f23bf15f567a015a99d892c8e7">_AI_config</a>
: <a class="el" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">AI_config</a>
</li>
</ul>
<h3><a class="anchor" id="index_t"></a>- t -</h3><ul>
<li>tcp_flags
: <a class="el" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">_AI_snort_alert</a>
</li>
<li>tcplen
: <a class="el" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">_AI_snort_alert</a>
</li>
<li>timestamp
: <a class="el" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">pkt_info</a>
: <a class="el" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">_AI_snort_alert</a>
, <a class="el" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">pkt_info</a>
</li>
<li>tos
: <a class="el" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">_AI_snort_alert</a>
</li>
<li>ttl
: <a class="el" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">_AI_snort_alert</a>
</li>
<li>type
: <a class="el" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">_hierarchy_node</a>
, <a class="el" href="structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c">attribute_value</a>
</li>
</ul>
<h3><a class="anchor" id="index_w"></a>- w -</h3><ul>
<li>window
: <a class="el" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">_AI_snort_alert</a>
</li>
</ul>
</div>
@ -100,7 +293,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -60,14 +60,15 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li><a href="#index__"><span>_</span></a></li>
<li><a href="#index_a"><span>a</span></a></li>
<li><a href="#index_b"><span>b</span></a></li>
<li><a href="#index_c"><span>c</span></a></li>
<li><a href="#index_d"><span>d</span></a></li>
<li><a href="#index_e"><span>e</span></a></li>
<li><a href="#index_f"><span>f</span></a></li>
<li><a href="#index_g"><span>g</span></a></li>
<li><a href="#index_h"><span>h</span></a></li>
<li><a href="#index_i"><span>i</span></a></li>
<li><a href="#index_l"><span>l</span></a></li>
<li><a href="#index_m"><span>m</span></a></li>
<li><a href="#index_n"><span>n</span></a></li>
<li><a href="#index_p"><span>p</span></a></li>
<li><a href="#index_r"><span>r</span></a></li>
<li><a href="#index_s"><span>s</span></a></li>
@ -80,24 +81,74 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
Here is a list of all functions, variables, defines, enums, and typedefs with links to the files they belong to:
<h3><a class="anchor" id="index__"></a>- _ -</h3><ul>
<li>_AI_check_duplicate()
: <a class="el" href="cluster_8c.html#a29c35cd6c56f54e27b5b190c6d6c487a">cluster.c</a>
</li>
<li>_AI_cluster_thread()
: <a class="el" href="cluster_8c.html#a8a5eae61dc9fd0f13e0acdfa5f4478e2">cluster.c</a>
</li>
<li>_AI_copy_alerts()
: <a class="el" href="alert__parser_8c.html#a6c5014cae9155379fdc4db649b2c862d">alert_parser.c</a>
</li>
<li>_AI_equal_alarms()
: <a class="el" href="cluster_8c.html#a0f91c8bfc37a3975f5c26b19fd6c5cba">cluster.c</a>
</li>
<li>_AI_get_min_hierarchy_node()
: <a class="el" href="cluster_8c.html#a6ddddcd505b1f763c339e81fc143e079">cluster.c</a>
</li>
<li>_AI_merge_alerts()
: <a class="el" href="cluster_8c.html#a8ce8e5a5d8954672297fa2dedb380dcd">cluster.c</a>
</li>
<li>_AI_print_clustered_alerts()
: <a class="el" href="cluster_8c.html#a7d151880080470b542e99643dc0426a7">cluster.c</a>
</li>
<li>_AI_stream_free()
: <a class="el" href="stream_8c.html#a2a0c295a6828df716311977538cabd4a">stream.c</a>
: <a class="el" href="stream_8c.html#a80016adf701c717a6ebfb5b15b8a5749">stream.c</a>
</li>
<li>_config
: <a class="el" href="cluster_8c.html#a91458e2d34595688e39fcb63ba418849">cluster.c</a>
</li>
<li>_dpd
: <a class="el" href="spp__ai_8c.html#ab46420126c43c1aac5eabc5db266a71c">spp_ai.c</a>
, <a class="el" href="sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c">sf_dynamic_preproc_lib.c</a>
: <a class="el" href="sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c">sf_dynamic_preproc_lib.c</a>
, <a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">spp_ai.h</a>
</li>
<li>_heuristic_func()
: <a class="el" href="cluster_8c.html#a81f5fa721719fdb281595a568eef2101">cluster.c</a>
</li>
<li>_hierarchy_node_append()
: <a class="el" href="cluster_8c.html#a5601a1f603d9c870ef6e2df192e30c30">cluster.c</a>
</li>
<li>_hierarchy_node_new()
: <a class="el" href="cluster_8c.html#a2f1a22cfea64e4669da0467620c3e3b3">cluster.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>AI_config
: <a class="el" href="spp__ai_8h.html#a3fc526e5a55f5d137402b1bbd1b6072c">spp_ai.h</a>
<li>AI_alertparser_thread()
: <a class="el" href="alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a">alert_parser.c</a>
, <a class="el" href="spp__ai_8h.html#a842a3204c6e067a9920990b573757181">spp_ai.h</a>
</li>
<li>AI_free_alerts()
: <a class="el" href="spp__ai_8h.html#a270e86669a0aa64a8da37bc16cda645b">spp_ai.h</a>
, <a class="el" href="alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b">alert_parser.c</a>
</li>
<li>AI_get_alerts()
: <a class="el" href="alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f">alert_parser.c</a>
, <a class="el" href="spp__ai_8h.html#af19a28f7cbcdfeb2b66fb3b625b75076">spp_ai.h</a>
</li>
<li>AI_get_stream_by_key()
: <a class="el" href="stream_8c.html#a2efedcabbfd12c5345f0c93a3dd4735c">stream.c</a>
, <a class="el" href="spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a">spp_ai.h</a>
</li>
<li>AI_hashcleanup_thread()
: <a class="el" href="spp__ai_8h.html#ad56f71be823eead743972274b99c82ff">spp_ai.h</a>
, <a class="el" href="stream_8c.html#a24b1131374e5059564b8a12380c4eb75">stream.c</a>
</li>
<li>AI_hierarchies_build()
: <a class="el" href="cluster_8c.html#a1445818b37483f78cc3fb2890155842c">cluster.c</a>
, <a class="el" href="spp__ai_8h.html#a857348424b9db45c90f95631eb96fd7c">spp_ai.h</a>
</li>
<li>AI_init()
: <a class="el" href="spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242">spp_ai.c</a>
</li>
@ -111,9 +162,25 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>AI_process()
: <a class="el" href="spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1">spp_ai.c</a>
</li>
<li>AI_set_stream_observed()
: <a class="el" href="spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02">spp_ai.h</a>
, <a class="el" href="stream_8c.html#a8749989cee2ac05a7de058faac280c02">stream.c</a>
</li>
<li>AI_setup()
: <a class="el" href="spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570">spp_ai.c</a>
, <a class="el" href="sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c">sf_preproc_info.h</a>
: <a class="el" href="sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c">sf_preproc_info.h</a>
, <a class="el" href="spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570">spp_ai.c</a>
</li>
<li>AI_snort_alert
: <a class="el" href="spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897">spp_ai.h</a>
</li>
<li>alert_fp
: <a class="el" href="alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6">alert_parser.c</a>
</li>
<li>alert_log
: <a class="el" href="cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9">cluster.c</a>
</li>
<li>alerts
: <a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alert_parser.c</a>
</li>
</ul>
@ -128,12 +195,37 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
</ul>
<h3><a class="anchor" id="index_d"></a>- d -</h3><ul>
<li>DST_PORT_MATCH
: <a class="el" href="spp__ai_8c.html#a8ab13e8ad1dfd19b9237a99ae6130146">spp_ai.c</a>
<h3><a class="anchor" id="index_c"></a>- c -</h3><ul>
<li>cluster_type
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">spp_ai.h</a>
</li>
<li>DST_PORT_MATCH_STR
: <a class="el" href="spp__ai_8c.html#a1f3521b9bcf5daf99190be58473a4110">spp_ai.c</a>
<li>CLUSTER_TYPES
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">spp_ai.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_d"></a>- d -</h3><ul>
<li>DEFAULT_ALERT_CLUSTERING_INTERVAL
: <a class="el" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">spp_ai.h</a>
</li>
<li>DEFAULT_ALERT_LOG_FILE
: <a class="el" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">spp_ai.h</a>
</li>
<li>DEFAULT_CLUSTER_LOG_FILE
: <a class="el" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">spp_ai.h</a>
</li>
<li>DEFAULT_HASH_CLEANUP_INTERVAL
: <a class="el" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">spp_ai.h</a>
</li>
<li>DEFAULT_STREAM_EXPIRE_INTERVAL
: <a class="el" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">spp_ai.h</a>
</li>
<li>dst_addr
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c">spp_ai.h</a>
</li>
<li>dst_port
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9">spp_ai.h</a>
</li>
<li>DYNAMIC_PREPROC_SETUP
: <a class="el" href="sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44">sf_preproc_info.h</a>
@ -158,16 +250,15 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
</ul>
<h3><a class="anchor" id="index_g"></a>- g -</h3><ul>
<li>GENERATOR_EXAMPLE
: <a class="el" href="spp__ai_8c.html#a9e7d446fc8b40be2cfbb5c69c3e132ca">spp_ai.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_h"></a>- h -</h3><ul>
<li>h_root
: <a class="el" href="cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82">cluster.c</a>
</li>
<li>hash
: <a class="el" href="stream_8c.html#a96fbc549c67e0d852ced3cb72980e923">stream.c</a>
: <a class="el" href="stream_8c.html#a57e23cda853e9d11c37723a962ef2f68">stream.c</a>
</li>
<li>hierarchy_node
: <a class="el" href="spp__ai_8h.html#a466391129919ef12366d311d501552fa">spp_ai.h</a>
</li>
</ul>
@ -196,13 +287,27 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
</ul>
<h3><a class="anchor" id="index_n"></a>- n -</h3><ul>
<li>none
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0">spp_ai.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_p"></a>- p -</h3><ul>
<li>parserPolicyId
: <a class="el" href="sfPolicyUserData_8c.html#a0a415b8e70250b11e64a463134d00b4f">sfPolicyUserData.c</a>
</li>
<li>preg_match()
: <a class="el" href="regex_8c.html#a35f57c052a7de1ded54b67a1f7819791">regex.c</a>
, <a class="el" href="spp__ai_8h.html#a85c0852b05b60cbfe0130534160c9876">spp_ai.h</a>
</li>
<li>PREPROC_NAME
: <a class="el" href="sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af">sf_preproc_info.h</a>
</li>
<li>PRIVATE
: <a class="el" href="spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8">spp_ai.h</a>
</li>
</ul>
@ -229,11 +334,14 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>sfPolicyUserDataSet()
: <a class="el" href="group__sfPolicyConfig.html#ga8e14fd83397b9bbb14568070183db80b">sfPolicyUserData.c</a>
</li>
<li>SRC_PORT_MATCH
: <a class="el" href="spp__ai_8c.html#af4c767ae0346026264c851108f42be63">spp_ai.c</a>
<li>src_addr
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f">spp_ai.h</a>
</li>
<li>SRC_PORT_MATCH_STR
: <a class="el" href="spp__ai_8c.html#a3ec4dd8f1ebed73c13175d9b9c820e2e">spp_ai.c</a>
<li>src_port
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">spp_ai.h</a>
</li>
<li>start_time
: <a class="el" href="stream_8c.html#a0597864b078ff448f28432db86950309">stream.c</a>
</li>
</ul>
@ -252,6 +360,9 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>uint32_t
: <a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">spp_ai.h</a>
</li>
<li>uint8_t
: <a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">spp_ai.h</a>
</li>
</ul>
</div>
<!--- window showing the filter options -->
@ -268,7 +379,7 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -61,18 +61,24 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>BUILD_VERSION
: <a class="el" href="sf__preproc__info_8h.html#ad7a967dd260384e94010b31b1412a0b4">sf_preproc_info.h</a>
</li>
<li>DST_PORT_MATCH
: <a class="el" href="spp__ai_8c.html#a8ab13e8ad1dfd19b9237a99ae6130146">spp_ai.c</a>
<li>DEFAULT_ALERT_CLUSTERING_INTERVAL
: <a class="el" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">spp_ai.h</a>
</li>
<li>DST_PORT_MATCH_STR
: <a class="el" href="spp__ai_8c.html#a1f3521b9bcf5daf99190be58473a4110">spp_ai.c</a>
<li>DEFAULT_ALERT_LOG_FILE
: <a class="el" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">spp_ai.h</a>
</li>
<li>DEFAULT_CLUSTER_LOG_FILE
: <a class="el" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">spp_ai.h</a>
</li>
<li>DEFAULT_HASH_CLEANUP_INTERVAL
: <a class="el" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">spp_ai.h</a>
</li>
<li>DEFAULT_STREAM_EXPIRE_INTERVAL
: <a class="el" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">spp_ai.h</a>
</li>
<li>DYNAMIC_PREPROC_SETUP
: <a class="el" href="sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44">sf_preproc_info.h</a>
</li>
<li>GENERATOR_EXAMPLE
: <a class="el" href="spp__ai_8c.html#a9e7d446fc8b40be2cfbb5c69c3e132ca">spp_ai.c</a>
</li>
<li>MAJOR_VERSION
: <a class="el" href="sf__preproc__info_8h.html#aa9e8f3bb466bb421d13913df7aeaa20c">sf_preproc_info.h</a>
</li>
@ -82,11 +88,8 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>PREPROC_NAME
: <a class="el" href="sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af">sf_preproc_info.h</a>
</li>
<li>SRC_PORT_MATCH
: <a class="el" href="spp__ai_8c.html#af4c767ae0346026264c851108f42be63">spp_ai.c</a>
</li>
<li>SRC_PORT_MATCH_STR
: <a class="el" href="spp__ai_8c.html#a3ec4dd8f1ebed73c13175d9b9c820e2e">spp_ai.c</a>
<li>PRIVATE
: <a class="el" href="spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8">spp_ai.h</a>
</li>
</ul>
</div>
@ -104,7 +107,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -61,6 +61,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>BOOL
: <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">spp_ai.h</a>
</li>
<li>cluster_type
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">spp_ai.h</a>
</li>
</ul>
</div>
<!--- window showing the filter options -->
@ -77,7 +80,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -58,9 +58,27 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</div>
<div class="contents">
&nbsp;<ul>
<li>CLUSTER_TYPES
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">spp_ai.h</a>
</li>
<li>dst_addr
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c">spp_ai.h</a>
</li>
<li>dst_port
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9">spp_ai.h</a>
</li>
<li>false
: <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c">spp_ai.h</a>
</li>
<li>none
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0">spp_ai.h</a>
</li>
<li>src_addr
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f">spp_ai.h</a>
</li>
<li>src_port
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">spp_ai.h</a>
</li>
<li>true
: <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">spp_ai.h</a>
</li>
@ -80,7 +98,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -55,16 +55,83 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li><a href="globals_defs.html"><span>Defines</span></a></li>
</ul>
</div>
<div class="tabs3">
<ul class="tablist">
<li><a href="#index__"><span>_</span></a></li>
<li><a href="#index_a"><span>a</span></a></li>
<li><a href="#index_d"><span>d</span></a></li>
<li><a href="#index_i"><span>i</span></a></li>
<li><a href="#index_l"><span>l</span></a></li>
<li><a href="#index_p"><span>p</span></a></li>
<li><a href="#index_s"><span>s</span></a></li>
</ul>
</div>
</div>
<div class="contents">
&nbsp;<ul>
&nbsp;
<h3><a class="anchor" id="index__"></a>- _ -</h3><ul>
<li>_AI_check_duplicate()
: <a class="el" href="cluster_8c.html#a29c35cd6c56f54e27b5b190c6d6c487a">cluster.c</a>
</li>
<li>_AI_cluster_thread()
: <a class="el" href="cluster_8c.html#a8a5eae61dc9fd0f13e0acdfa5f4478e2">cluster.c</a>
</li>
<li>_AI_copy_alerts()
: <a class="el" href="alert__parser_8c.html#a6c5014cae9155379fdc4db649b2c862d">alert_parser.c</a>
</li>
<li>_AI_equal_alarms()
: <a class="el" href="cluster_8c.html#a0f91c8bfc37a3975f5c26b19fd6c5cba">cluster.c</a>
</li>
<li>_AI_get_min_hierarchy_node()
: <a class="el" href="cluster_8c.html#a6ddddcd505b1f763c339e81fc143e079">cluster.c</a>
</li>
<li>_AI_merge_alerts()
: <a class="el" href="cluster_8c.html#a8ce8e5a5d8954672297fa2dedb380dcd">cluster.c</a>
</li>
<li>_AI_print_clustered_alerts()
: <a class="el" href="cluster_8c.html#a7d151880080470b542e99643dc0426a7">cluster.c</a>
</li>
<li>_AI_stream_free()
: <a class="el" href="stream_8c.html#a2a0c295a6828df716311977538cabd4a">stream.c</a>
: <a class="el" href="stream_8c.html#a80016adf701c717a6ebfb5b15b8a5749">stream.c</a>
</li>
<li>_heuristic_func()
: <a class="el" href="cluster_8c.html#a81f5fa721719fdb281595a568eef2101">cluster.c</a>
</li>
<li>_hierarchy_node_append()
: <a class="el" href="cluster_8c.html#a5601a1f603d9c870ef6e2df192e30c30">cluster.c</a>
</li>
<li>_hierarchy_node_new()
: <a class="el" href="cluster_8c.html#a2f1a22cfea64e4669da0467620c3e3b3">cluster.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>AI_alertparser_thread()
: <a class="el" href="alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a">alert_parser.c</a>
, <a class="el" href="spp__ai_8h.html#a842a3204c6e067a9920990b573757181">spp_ai.h</a>
</li>
<li>AI_free_alerts()
: <a class="el" href="spp__ai_8h.html#a270e86669a0aa64a8da37bc16cda645b">spp_ai.h</a>
, <a class="el" href="alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b">alert_parser.c</a>
</li>
<li>AI_get_alerts()
: <a class="el" href="alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f">alert_parser.c</a>
, <a class="el" href="spp__ai_8h.html#af19a28f7cbcdfeb2b66fb3b625b75076">spp_ai.h</a>
</li>
<li>AI_get_stream_by_key()
: <a class="el" href="stream_8c.html#a2efedcabbfd12c5345f0c93a3dd4735c">stream.c</a>
, <a class="el" href="spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a">spp_ai.h</a>
</li>
<li>AI_hashcleanup_thread()
: <a class="el" href="spp__ai_8h.html#ad56f71be823eead743972274b99c82ff">spp_ai.h</a>
, <a class="el" href="stream_8c.html#a24b1131374e5059564b8a12380c4eb75">stream.c</a>
</li>
<li>AI_hierarchies_build()
: <a class="el" href="cluster_8c.html#a1445818b37483f78cc3fb2890155842c">cluster.c</a>
, <a class="el" href="spp__ai_8h.html#a857348424b9db45c90f95631eb96fd7c">spp_ai.h</a>
</li>
<li>AI_init()
: <a class="el" href="spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242">spp_ai.c</a>
</li>
@ -72,25 +139,53 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
: <a class="el" href="spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e">spp_ai.c</a>
</li>
<li>AI_pkt_enqueue()
: <a class="el" href="spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29">spp_ai.h</a>
, <a class="el" href="stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5">stream.c</a>
: <a class="el" href="stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5">stream.c</a>
, <a class="el" href="spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29">spp_ai.h</a>
</li>
<li>AI_process()
: <a class="el" href="spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1">spp_ai.c</a>
</li>
<li>AI_set_stream_observed()
: <a class="el" href="stream_8c.html#a8749989cee2ac05a7de058faac280c02">stream.c</a>
, <a class="el" href="spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02">spp_ai.h</a>
</li>
<li>AI_setup()
: <a class="el" href="sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c">sf_preproc_info.h</a>
, <a class="el" href="spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570">spp_ai.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_d"></a>- d -</h3><ul>
<li>DynamicPreprocessorFatalMessage()
: <a class="el" href="sf__dynamic__preproc__lib_8c.html#a57c853c0f626bde2af6619cdeeb7471b">sf_dynamic_preproc_lib.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_i"></a>- i -</h3><ul>
<li>InitializePreprocessor()
: <a class="el" href="sf__dynamic__preproc__lib_8c.html#a16439ea02cc5c66c842c21c5b537b1d9">sf_dynamic_preproc_lib.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_l"></a>- l -</h3><ul>
<li>LibVersion()
: <a class="el" href="sf__dynamic__preproc__lib_8c.html#a06d857402af54fb10872f43051e86494">sf_dynamic_preproc_lib.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_p"></a>- p -</h3><ul>
<li>preg_match()
: <a class="el" href="regex_8c.html#a35f57c052a7de1ded54b67a1f7819791">regex.c</a>
, <a class="el" href="spp__ai_8h.html#a85c0852b05b60cbfe0130534160c9876">spp_ai.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_s"></a>- s -</h3><ul>
<li>sfPolicyConfigCreate()
: <a class="el" href="group__sfPolicyConfig.html#gac62cd5838bee4a9d3f40561eae920cdd">sfPolicyUserData.c</a>
</li>
@ -122,7 +217,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -58,8 +58,11 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</div>
<div class="contents">
&nbsp;<ul>
<li>AI_config
: <a class="el" href="spp__ai_8h.html#a3fc526e5a55f5d137402b1bbd1b6072c">spp_ai.h</a>
<li>AI_snort_alert
: <a class="el" href="spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897">spp_ai.h</a>
</li>
<li>hierarchy_node
: <a class="el" href="spp__ai_8h.html#a466391129919ef12366d311d501552fa">spp_ai.h</a>
</li>
<li>uint16_t
: <a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">spp_ai.h</a>
@ -67,6 +70,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>uint32_t
: <a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">spp_ai.h</a>
</li>
<li>uint8_t
: <a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">spp_ai.h</a>
</li>
</ul>
</div>
<!--- window showing the filter options -->
@ -83,7 +89,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -58,15 +58,30 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</div>
<div class="contents">
&nbsp;<ul>
<li>_config
: <a class="el" href="cluster_8c.html#a91458e2d34595688e39fcb63ba418849">cluster.c</a>
</li>
<li>_dpd
: <a class="el" href="sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c">sf_dynamic_preproc_lib.c</a>
, <a class="el" href="spp__ai_8c.html#ab46420126c43c1aac5eabc5db266a71c">spp_ai.c</a>
: <a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">spp_ai.h</a>
, <a class="el" href="sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c">sf_dynamic_preproc_lib.c</a>
</li>
<li>alert_fp
: <a class="el" href="alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6">alert_parser.c</a>
</li>
<li>alert_log
: <a class="el" href="cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9">cluster.c</a>
</li>
<li>alerts
: <a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alert_parser.c</a>
</li>
<li>ex_config
: <a class="el" href="spp__ai_8c.html#a3dd75596c540d148643fe6d1fdc02628">spp_ai.c</a>
</li>
<li>h_root
: <a class="el" href="cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82">cluster.c</a>
</li>
<li>hash
: <a class="el" href="stream_8c.html#a96fbc549c67e0d852ced3cb72980e923">stream.c</a>
: <a class="el" href="stream_8c.html#a57e23cda853e9d11c37723a962ef2f68">stream.c</a>
</li>
<li>parserPolicyId
: <a class="el" href="sfPolicyUserData_8c.html#a0a415b8e70250b11e64a463134d00b4f">sfPolicyUserData.c</a>
@ -74,6 +89,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>runtimePolicyId
: <a class="el" href="sfPolicyUserData_8c.html#a281b418c0dc978a74cd7ab5e46ee0fa4">sfPolicyUserData.c</a>
</li>
<li>start_time
: <a class="el" href="stream_8c.html#a0597864b078ff448f28432db86950309">stream.c</a>
</li>
</ul>
</div>
<!--- window showing the filter options -->
@ -90,7 +108,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -216,7 +216,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -59,7 +59,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -62,7 +62,7 @@ Here is a list of all modules:<ul>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

137
doc/html/regex_8c.html Normal file
View file

@ -0,0 +1,137 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: regex.c File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File&nbsp;List</span></a></li>
<li><a href="globals.html"><span>Globals</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#func-members">Functions</a> </div>
<div class="headertitle">
<h1>regex.c File Reference</h1> </div>
</div>
<div class="contents">
<code>#include &lt;stdio.h&gt;</code><br/>
<code>#include &lt;stdlib.h&gt;</code><br/>
<code>#include &lt;string.h&gt;</code><br/>
<code>#include &lt;regex.h&gt;</code><br/>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="regex_8c.html#a35f57c052a7de1ded54b67a1f7819791">preg_match</a> (const char *expr, char *str, char ***matches, int *nmatches)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="#a35f57c052a7de1ded54b67a1f7819791"></a><br/></td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a35f57c052a7de1ded54b67a1f7819791"></a><!-- doxytag: member="regex.c::preg_match" ref="a35f57c052a7de1ded54b67a1f7819791" args="(const char *expr, char *str, char ***matches, int *nmatches)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int preg_match </td>
<td>(</td>
<td class="paramtype">const char *&nbsp;</td>
<td class="paramname"> <em>expr</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>str</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char ***&nbsp;</td>
<td class="paramname"> <em>matches</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int *&nbsp;</td>
<td class="paramname"> <em>nmatches</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if a string matches a regular expression. </p>
<p>FUNCTION: preg_match </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>expr</em>&nbsp;</td><td>Regular expression to be matched </td></tr>
<tr><td valign="top"></td><td valign="top"><em>str</em>&nbsp;</td><td>String to be checked </td></tr>
<tr><td valign="top"></td><td valign="top"><em>matches</em>&nbsp;</td><td>Reference to a char** that will contain the submatches (NULL if you don't need it) </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nmatches</em>&nbsp;</td><td>Reference to a int containing the number of submatches found (NULL if you don't need it) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>-1 if the regex is wrong, 0 if no match was found, 1 otherwise </dd></dl>
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

View file

@ -7,26 +7,97 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR__5fai_5fconfig">
<div class="SRResult" id="SR__5fai_5fcheck_5fduplicate">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__config.html" target="_parent">_AI_config</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../cluster_8c.html#a29c35cd6c56f54e27b5b190c6d6c487a" target="_parent">_AI_check_duplicate</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcluster_5fthread">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../cluster_8c.html#a8a5eae61dc9fd0f13e0acdfa5f4478e2" target="_parent">_AI_cluster_thread</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcopy_5falerts">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../alert__parser_8c.html#a6c5014cae9155379fdc4db649b2c862d" target="_parent">_AI_copy_alerts</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fequal_5falarms">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../cluster_8c.html#a0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fget_5fmin_5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../cluster_8c.html#a6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmerge_5falerts">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../cluster_8c.html#a8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fprint_5fclustered_5falerts">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../cluster_8c.html#a7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fsnort_5falert">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../struct__AI__snort__alert.html" target="_parent">_AI_snort_alert</a>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fstream_5ffree">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../stream_8c.html#a2a0c295a6828df716311977538cabd4a" target="_parent">_AI_stream_free</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../stream_8c.html#a80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fconfig">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../cluster_8c.html#a91458e2d34595688e39fcb63ba418849" target="_parent">_config</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fdpd">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR__5fdpd')">_dpd</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="javascript:searchResults.Toggle('SR__5fdpd')">_dpd</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../spp__ai_8c.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
<a id="Item10_c0" onkeydown="return searchResults.NavChild(event,10,0)" onkeypress="return searchResults.NavChild(event,10,0)" onkeyup="return searchResults.NavChild(event,10,0)" class="SRScope" href="../sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
<a id="Item10_c1" onkeydown="return searchResults.NavChild(event,10,1)" onkeypress="return searchResults.NavChild(event,10,1)" onkeyup="return searchResults.NavChild(event,10,1)" class="SRScope" href="../spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR__5fheuristic_5ffunc">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../cluster_8c.html#a81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../struct__hierarchy__node.html" target="_parent">_hierarchy_node</a>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fappend">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../cluster_8c.html#a5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fnew">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../cluster_8c.html#a2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

View file

@ -7,57 +7,167 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ack">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37" target="_parent">ack</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5falertparser_5fthread">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5falertparser_5fthread')">AI_alertparser_thread</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a" target="_parent">AI_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../spp__ai_8h.html#a842a3204c6e067a9920990b573757181" target="_parent">AI_alertparser_thread(void *):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fconfig">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#a3fc526e5a55f5d137402b1bbd1b6072c" target="_parent">AI_config</a>
<span class="SRScope">spp_ai.h</span>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structAI__config.html" target="_parent">AI_config</a>
</div>
</div>
<div class="SRResult" id="SR_ai_5ffree_5falerts">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffree_5falerts')">AI_free_alerts</a>
<div class="SRChildren">
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../spp__ai_8h.html#a270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5falerts">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5falerts')">AI_get_alerts</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../spp__ai_8h.html#af19a28f7cbcdfeb2b66fb3b625b75076" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5fstream_5fby_5fkey">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fstream_5fby_5fkey')">AI_get_stream_by_key</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../stream_8c.html#a2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhashcleanup_5fthread">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../spp__ai_8h.html#ad56f71be823eead743972274b99c82ff" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../stream_8c.html#a24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../spp__ai_8h.html#ad56f71be823eead743972274b99c82ff" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../stream_8c.html#a24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhierarchies_5fbuild">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhierarchies_5fbuild')">AI_hierarchies_build</a>
<div class="SRChildren">
<a id="Item7_c0" onkeydown="return searchResults.NavChild(event,7,0)" onkeypress="return searchResults.NavChild(event,7,0)" onkeyup="return searchResults.NavChild(event,7,0)" class="SRScope" href="../cluster_8c.html#a1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item7_c1" onkeydown="return searchResults.NavChild(event,7,1)" onkeypress="return searchResults.NavChild(event,7,1)" onkeyup="return searchResults.NavChild(event,7,1)" class="SRScope" href="../spp__ai_8h.html#a857348424b9db45c90f95631eb96fd7c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5finit">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fparse">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fpkt_5fenqueue">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
<a id="Item10_c0" onkeydown="return searchResults.NavChild(event,10,0)" onkeypress="return searchResults.NavChild(event,10,0)" onkeyup="return searchResults.NavChild(event,10,0)" class="SRScope" href="../spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item10_c1" onkeydown="return searchResults.NavChild(event,10,1)" onkeypress="return searchResults.NavChild(event,10,1)" onkeyup="return searchResults.NavChild(event,10,1)" class="SRScope" href="../stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fprocess">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fset_5fstream_5fobserved">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<div class="SRChildren">
<a id="Item12_c0" onkeydown="return searchResults.NavChild(event,12,0)" onkeypress="return searchResults.NavChild(event,12,0)" onkeyup="return searchResults.NavChild(event,12,0)" class="SRScope" href="../spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item12_c1" onkeydown="return searchResults.NavChild(event,12,1)" onkeypress="return searchResults.NavChild(event,12,1)" onkeyup="return searchResults.NavChild(event,12,1)" class="SRScope" href="../stream_8c.html#a8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fsetup">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<div class="SRChildren">
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
<a id="Item13_c0" onkeydown="return searchResults.NavChild(event,13,0)" onkeypress="return searchResults.NavChild(event,13,0)" onkeyup="return searchResults.NavChild(event,13,0)" class="SRScope" href="../sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item13_c1" onkeydown="return searchResults.NavChild(event,13,1)" onkeypress="return searchResults.NavChild(event,13,1)" onkeyup="return searchResults.NavChild(event,13,1)" class="SRScope" href="../spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fsnort_5falert">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897" target="_parent">AI_snort_alert</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5ffp">
<div class="SREntry">
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5flog">
<div class="SREntry">
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5fparser_2ec">
<div class="SREntry">
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../alert__parser_8c.html" target="_parent">alert_parser.c</a>
</div>
</div>
<div class="SRResult" id="SR_alertclusteringinterval">
<div class="SREntry">
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertfile">
<div class="SREntry">
<a id="Item19" onkeydown="return searchResults.Nav(event,19)" onkeypress="return searchResults.Nav(event,19)" onkeyup="return searchResults.Nav(event,19)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alerts">
<div class="SREntry">
<a id="Item20" onkeydown="return searchResults.Nav(event,20)" onkeypress="return searchResults.Nav(event,20)" onkeyup="return searchResults.Nav(event,20)" class="SRSymbol" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fkey">
<div class="SREntry">
<a id="Item21" onkeydown="return searchResults.Nav(event,21)" onkeypress="return searchResults.Nav(event,21)" onkeyup="return searchResults.Nav(event,21)" class="SRSymbol" href="../structattribute__key.html" target="_parent">attribute_key</a>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fvalue">
<div class="SREntry">
<a id="Item22" onkeydown="return searchResults.Nav(event,22)" onkeypress="return searchResults.Nav(event,22)" onkeyup="return searchResults.Nav(event,22)" class="SRSymbol" href="../structattribute__value.html" target="_parent">attribute_value</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

View file

@ -0,0 +1,61 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_children">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd" target="_parent">children</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_classification">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f" target="_parent">classification</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_cluster_2ec">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../cluster_8c.html" target="_parent">cluster.c</a>
</div>
</div>
<div class="SRResult" id="SR_cluster_5ftype">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640" target="_parent">cluster_type</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_cluster_5ftypes">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451" target="_parent">CLUSTER_TYPES</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_clusterfile">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3" target="_parent">clusterfile</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_count">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<span class="SRScope">attribute_value</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -7,33 +7,70 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_default_5falert_5fclustering_5finterval">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e" target="_parent">DEFAULT_ALERT_CLUSTERING_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5falert_5flog_5ffile">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a" target="_parent">DEFAULT_ALERT_LOG_FILE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fcluster_5flog_5ffile">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d" target="_parent">DEFAULT_CLUSTER_LOG_FILE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fhash_5fcleanup_5finterval">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746" target="_parent">DEFAULT_HASH_CLEANUP_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fstream_5fexpire_5finterval">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031" target="_parent">DEFAULT_STREAM_EXPIRE_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_desc">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135" target="_parent">desc</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5faddr">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_dst_5faddr')">dst_addr</a>
<div class="SRChildren">
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c" target="_parent">_AI_snort_alert::dst_addr()</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c" target="_parent">dst_addr():&nbsp;spp_ai.h</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_dst_5fport">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" target="_parent">dst_port</a>
<span class="SRScope">pkt_key</span>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_dst_5fport')">dst_port</a>
<div class="SRChildren">
<a id="Item7_c0" onkeydown="return searchResults.NavChild(event,7,0)" onkeypress="return searchResults.NavChild(event,7,0)" onkeyup="return searchResults.NavChild(event,7,0)" class="SRScope" href="../structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" target="_parent">pkt_key::dst_port()</a>
<a id="Item7_c1" onkeydown="return searchResults.NavChild(event,7,1)" onkeypress="return searchResults.NavChild(event,7,1)" onkeyup="return searchResults.NavChild(event,7,1)" class="SRScope" href="../struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3" target="_parent">_AI_snort_alert::dst_port()</a>
<a id="Item7_c2" onkeydown="return searchResults.NavChild(event,7,2)" onkeypress="return searchResults.NavChild(event,7,2)" onkeyup="return searchResults.NavChild(event,7,2)" class="SRScope" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9" target="_parent">dst_port():&nbsp;spp_ai.h</a>
</div>
</div>
<div class="SRResult" id="SR_dst_5fport_5fmatch">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8c.html#a8ab13e8ad1dfd19b9237a99ae6130146" target="_parent">DST_PORT_MATCH</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5fport_5fmatch_5fstr">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8c.html#a1f3521b9bcf5daf99190be58473a4110" target="_parent">DST_PORT_MATCH_STR</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_dynamic_5fpreproc_5fsetup">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>
<div class="SRResult" id="SR_dynamicpreprocessorfatalmessage">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a57c853c0f626bde2af6619cdeeb7471b" target="_parent">DynamicPreprocessorFatalMessage</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a57c853c0f626bde2af6619cdeeb7471b" target="_parent">DynamicPreprocessorFatalMessage</a>
<span class="SRScope">sf_dynamic_preproc_lib.c</span>
</div>
</div>

View file

@ -7,10 +7,16 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_generator_5fexample">
<div class="SRResult" id="SR_gid">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8c.html#a9e7d446fc8b40be2cfbb5c69c3e132ca" target="_parent">GENERATOR_EXAMPLE</a>
<span class="SRScope">spp_ai.c</span>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">gid</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_grouped_5falarms_5fcount">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53" target="_parent">grouped_alarms_count</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -7,22 +7,43 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_h_5fnode">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed" target="_parent">h_node</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_h_5froot">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82" target="_parent">h_root</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR_hash">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../stream_8c.html#a96fbc549c67e0d852ced3cb72980e923" target="_parent">hash</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../stream_8c.html#a57e23cda853e9d11c37723a962ef2f68" target="_parent">hash</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_hashcleanupinterval">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__config.html#a890e6756dc637e9d41b7051a4d1ddc93" target="_parent">hashCleanupInterval</a>
<span class="SRScope">_AI_config</span>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4" target="_parent">hashCleanupInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_hh">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">hh</a>
<span class="SRScope">pkt_info</span>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_hh')">hh</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc" target="_parent">attribute_value::hh()</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_hierarchy_5fnode">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../spp__ai_8h.html#a466391129919ef12366d311d501552fa" target="_parent">hierarchy_node</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -7,12 +7,30 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_id">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf" target="_parent">id</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_initializepreprocessor">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a16439ea02cc5c66c842c21c5b537b1d9" target="_parent">InitializePreprocessor</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a16439ea02cc5c66c842c21c5b537b1d9" target="_parent">InitializePreprocessor</a>
<span class="SRScope">sf_dynamic_preproc_lib.c</span>
</div>
</div>
<div class="SRResult" id="SR_iplen">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78" target="_parent">iplen</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ipproto">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4" target="_parent">ipproto</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

View file

@ -9,8 +9,11 @@
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_key">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">key</a>
<span class="SRScope">pkt_info</span>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_key')">key</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d" target="_parent">attribute_value::key()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">pkt_info::key()</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -7,9 +7,15 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_label">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a" target="_parent">label</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_libversion">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a06d857402af54fb10872f43051e86494" target="_parent">LibVersion</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html#a06d857402af54fb10872f43051e86494" target="_parent">LibVersion</a>
<span class="SRScope">sf_dynamic_preproc_lib.c</span>
</div>
</div>

View file

@ -13,9 +13,33 @@
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>
<div class="SRResult" id="SR_max">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structattribute__key.html#a82b7e5ac49820b816871a4ddf30c462d" target="_parent">max</a>
<span class="SRScope">attribute_key</span>
</div>
</div>
<div class="SRResult" id="SR_max_5fval">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87" target="_parent">max_val</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_min">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structattribute__key.html#a4fdb3d7aabeac6b1052b59e05e3d8842" target="_parent">min</a>
<span class="SRScope">attribute_key</span>
</div>
</div>
<div class="SRResult" id="SR_min_5fval">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4" target="_parent">min_val</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_minor_5fversion">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sf__preproc__info_8h.html#a320988aa2655ee094f3a34a52da10831" target="_parent">MINOR_VERSION</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../sf__preproc__info_8h.html#a320988aa2655ee094f3a34a52da10831" target="_parent">MINOR_VERSION</a>
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>

View file

@ -7,10 +7,25 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_nchildren">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a" target="_parent">nchildren</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_next">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168" target="_parent">next</a>
<span class="SRScope">pkt_info</span>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_next')">next</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168" target="_parent">pkt_info::next()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173" target="_parent">_AI_snort_alert::next()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_none">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0" target="_parent">none</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -0,0 +1,26 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_observed">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9" target="_parent">observed</a>
<span class="SRScope">pkt_info</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -7,40 +7,61 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_parent">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe" target="_parent">parent</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_parserpolicyid">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../sfPolicyUserData_8c.html#a0a415b8e70250b11e64a463134d00b4f" target="_parent">parserPolicyId</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sfPolicyUserData_8c.html#a0a415b8e70250b11e64a463134d00b4f" target="_parent">parserPolicyId</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_pkt">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168" target="_parent">pkt</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168" target="_parent">pkt</a>
<span class="SRScope">pkt_info</span>
</div>
</div>
<div class="SRResult" id="SR_pkt_5finfo">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structpkt__info.html" target="_parent">pkt_info</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structpkt__info.html" target="_parent">pkt_info</a>
</div>
</div>
<div class="SRResult" id="SR_pkt_5fkey">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structpkt__key.html" target="_parent">pkt_key</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structpkt__key.html" target="_parent">pkt_key</a>
</div>
</div>
<div class="SRResult" id="SR_porttocheck">
<div class="SRResult" id="SR_preg_5fmatch">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__config.html#ab22e082ad6637f6280134e882bf53b0d" target="_parent">portToCheck</a>
<span class="SRScope">_AI_config</span>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_preg_5fmatch')">preg_match</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../regex_8c.html#a35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *expr, char *str, char ***matches, int *nmatches):&nbsp;regex.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../spp__ai_8h.html#a85c0852b05b60cbfe0130534160c9876" target="_parent">preg_match(const char *, char *, char ***, int *):&nbsp;regex.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_preproc_5fname">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af" target="_parent">PREPROC_NAME</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af" target="_parent">PREPROC_NAME</a>
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>
<div class="SRResult" id="SR_priority">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9" target="_parent">priority</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_private">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8" target="_parent">PRIVATE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

View file

@ -7,9 +7,20 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_regex_2ec">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../regex_8c.html" target="_parent">regex.c</a>
</div>
</div>
<div class="SRResult" id="SR_rev">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37" target="_parent">rev</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_runtimepolicyid">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../sfPolicyUserData_8c.html#a281b418c0dc978a74cd7ab5e46ee0fa4" target="_parent">runtimePolicyId</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../sfPolicyUserData_8c.html#a281b418c0dc978a74cd7ab5e46ee0fa4" target="_parent">runtimePolicyId</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>

View file

@ -7,88 +7,118 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_sequence">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77" target="_parent">sequence</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_sf_5fdynamic_5fpreproc_5flib_2ec">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html" target="_parent">sf_dynamic_preproc_lib.c</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sf__dynamic__preproc__lib_8c.html" target="_parent">sf_dynamic_preproc_lib.c</a>
</div>
</div>
<div class="SRResult" id="SR_sf_5fpreproc_5finfo_2eh">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sf__preproc__info_8h.html" target="_parent">sf_preproc_info.h</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../sf__preproc__info_8h.html" target="_parent">sf_preproc_info.h</a>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyconfigcreate">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../group__sfPolicyConfig.html#gac62cd5838bee4a9d3f40561eae920cdd" target="_parent">sfPolicyConfigCreate</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__sfPolicyConfig.html#gac62cd5838bee4a9d3f40561eae920cdd" target="_parent">sfPolicyConfigCreate</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyconfigdelete">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga189d09ed6d1203ebace6ea2c2aafc1b8" target="_parent">sfPolicyConfigDelete</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga189d09ed6d1203ebace6ea2c2aafc1b8" target="_parent">sfPolicyConfigDelete</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyuserdata_2ec">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../sfPolicyUserData_8c.html" target="_parent">sfPolicyUserData.c</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../sfPolicyUserData_8c.html" target="_parent">sfPolicyUserData.c</a>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyuserdataclear">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__sfPolicyConfig.html#gae8f2ae426b1f1a50eabfade6d22c2c85" target="_parent">sfPolicyUserDataClear</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__sfPolicyConfig.html#gae8f2ae426b1f1a50eabfade6d22c2c85" target="_parent">sfPolicyUserDataClear</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyuserdataiterate">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga3f3ab9314d29d2ee2a8285289b388f17" target="_parent">sfPolicyUserDataIterate</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga3f3ab9314d29d2ee2a8285289b388f17" target="_parent">sfPolicyUserDataIterate</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sfpolicyuserdataset">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga8e14fd83397b9bbb14568070183db80b" target="_parent">sfPolicyUserDataSet</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__sfPolicyConfig.html#ga8e14fd83397b9bbb14568070183db80b" target="_parent">sfPolicyUserDataSet</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_sid">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">sid</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_spp_5fai_2ec">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../spp__ai_8c.html" target="_parent">spp_ai.c</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../spp__ai_8c.html" target="_parent">spp_ai.c</a>
</div>
</div>
<div class="SRResult" id="SR_spp_5fai_2eh">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../spp__ai_8h.html" target="_parent">spp_ai.h</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../spp__ai_8h.html" target="_parent">spp_ai.h</a>
</div>
</div>
<div class="SRResult" id="SR_src_5faddr">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_src_5faddr')">src_addr</a>
<div class="SRChildren">
<a id="Item12_c0" onkeydown="return searchResults.NavChild(event,12,0)" onkeypress="return searchResults.NavChild(event,12,0)" onkeyup="return searchResults.NavChild(event,12,0)" class="SRScope" href="../struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48" target="_parent">_AI_snort_alert::src_addr()</a>
<a id="Item12_c1" onkeydown="return searchResults.NavChild(event,12,1)" onkeypress="return searchResults.NavChild(event,12,1)" onkeyup="return searchResults.NavChild(event,12,1)" class="SRScope" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f" target="_parent">src_addr():&nbsp;spp_ai.h</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_src_5fip">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb" target="_parent">src_ip</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb" target="_parent">src_ip</a>
<span class="SRScope">pkt_key</span>
</div>
</div>
<div class="SRResult" id="SR_src_5fport_5fmatch">
<div class="SRResult" id="SR_src_5fport">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../spp__ai_8c.html#af4c767ae0346026264c851108f42be63" target="_parent">SRC_PORT_MATCH</a>
<span class="SRScope">spp_ai.c</span>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_src_5fport')">src_port</a>
<div class="SRChildren">
<a id="Item14_c0" onkeydown="return searchResults.NavChild(event,14,0)" onkeypress="return searchResults.NavChild(event,14,0)" onkeyup="return searchResults.NavChild(event,14,0)" class="SRScope" href="../struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3" target="_parent">_AI_snort_alert::src_port()</a>
<a id="Item14_c1" onkeydown="return searchResults.NavChild(event,14,1)" onkeypress="return searchResults.NavChild(event,14,1)" onkeyup="return searchResults.NavChild(event,14,1)" class="SRScope" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b" target="_parent">src_port():&nbsp;spp_ai.h</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_src_5fport_5fmatch_5fstr">
<div class="SRResult" id="SR_start_5ftime">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../spp__ai_8c.html#a3ec4dd8f1ebed73c13175d9b9c820e2e" target="_parent">SRC_PORT_MATCH_STR</a>
<span class="SRScope">spp_ai.c</span>
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../stream_8c.html#a0597864b078ff448f28432db86950309" target="_parent">start_time</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_stream">
<div class="SREntry">
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" target="_parent">stream</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_stream_2ec">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../stream_8c.html" target="_parent">stream.c</a>
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../stream_8c.html" target="_parent">stream.c</a>
</div>
</div>
<div class="SRResult" id="SR_streamexpireinterval">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../struct__AI__config.html#a338358f23bf15f567a015a99d892c8e7" target="_parent">streamExpireInterval</a>
<span class="SRScope">_AI_config</span>
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b" target="_parent">streamExpireInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -7,18 +7,54 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_tcp_5fflags">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507" target="_parent">tcp_flags</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcplen">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0" target="_parent">tcplen</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_timestamp">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92" target="_parent">timestamp</a>
<span class="SRScope">pkt_info</span>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_timestamp')">timestamp</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92" target="_parent">pkt_info::timestamp()</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19" target="_parent">_AI_snort_alert::timestamp()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_tos">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93" target="_parent">tos</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_true">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b" target="_parent">true</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b" target="_parent">true</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_ttl">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2" target="_parent">ttl</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_type">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_type')">type</a>
<div class="SRChildren">
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c" target="_parent">attribute_value::type()</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296" target="_parent">_hierarchy_node::type()</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

View file

@ -19,6 +19,12 @@
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_uint8_5ft">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5" target="_parent">uint8_t</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

View file

@ -0,0 +1,26 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_window">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1" target="_parent">window</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -7,9 +7,14 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR__5fai_5fconfig">
<div class="SRResult" id="SR__5fai_5fsnort_5falert">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__config.html" target="_parent">_AI_config</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html" target="_parent">_AI_snort_alert</a>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__hierarchy__node.html" target="_parent">_hierarchy_node</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -0,0 +1,35 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ai_5fconfig">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__config.html" target="_parent">AI_config</a>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fkey">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structattribute__key.html" target="_parent">attribute_key</a>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fvalue">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structattribute__value.html" target="_parent">attribute_value</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -7,21 +7,39 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_dst_5fport_5fmatch">
<div class="SRResult" id="SR_default_5falert_5fclustering_5finterval">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8c.html#a8ab13e8ad1dfd19b9237a99ae6130146" target="_parent">DST_PORT_MATCH</a>
<span class="SRScope">spp_ai.c</span>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e" target="_parent">DEFAULT_ALERT_CLUSTERING_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5fport_5fmatch_5fstr">
<div class="SRResult" id="SR_default_5falert_5flog_5ffile">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8c.html#a1f3521b9bcf5daf99190be58473a4110" target="_parent">DST_PORT_MATCH_STR</a>
<span class="SRScope">spp_ai.c</span>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a" target="_parent">DEFAULT_ALERT_LOG_FILE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fcluster_5flog_5ffile">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d" target="_parent">DEFAULT_CLUSTER_LOG_FILE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fhash_5fcleanup_5finterval">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746" target="_parent">DEFAULT_HASH_CLEANUP_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fstream_5fexpire_5finterval">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031" target="_parent">DEFAULT_STREAM_EXPIRE_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_dynamic_5fpreproc_5fsetup">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>

View file

@ -13,6 +13,12 @@
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>
<div class="SRResult" id="SR_private">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8" target="_parent">PRIVATE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

View file

@ -0,0 +1,26 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_cluster_5ftype">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640" target="_parent">cluster_type</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -0,0 +1,26 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_cluster_5ftypes">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451" target="_parent">CLUSTER_TYPES</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -0,0 +1,32 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_dst_5faddr">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c" target="_parent">dst_addr</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5fport">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9" target="_parent">dst_port</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -0,0 +1,26 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_none">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0" target="_parent">none</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -0,0 +1,32 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_src_5faddr">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f" target="_parent">src_addr</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_src_5fport">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b" target="_parent">src_port</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -0,0 +1,25 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_alert_5fparser_2ec">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../alert__parser_8c.html" target="_parent">alert_parser.c</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -0,0 +1,25 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_cluster_2ec">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../cluster_8c.html" target="_parent">cluster.c</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -0,0 +1,25 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_regex_2ec">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../regex_8c.html" target="_parent">regex.c</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -7,12 +7,72 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR__5fai_5fcheck_5fduplicate">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../cluster_8c.html#a29c35cd6c56f54e27b5b190c6d6c487a" target="_parent">_AI_check_duplicate</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcluster_5fthread">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../cluster_8c.html#a8a5eae61dc9fd0f13e0acdfa5f4478e2" target="_parent">_AI_cluster_thread</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcopy_5falerts">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../alert__parser_8c.html#a6c5014cae9155379fdc4db649b2c862d" target="_parent">_AI_copy_alerts</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fequal_5falarms">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../cluster_8c.html#a0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fget_5fmin_5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../cluster_8c.html#a6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmerge_5falerts">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../cluster_8c.html#a8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fprint_5fclustered_5falerts">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../cluster_8c.html#a7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fstream_5ffree">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../stream_8c.html#a2a0c295a6828df716311977538cabd4a" target="_parent">_AI_stream_free</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../stream_8c.html#a80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fheuristic_5ffunc">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../cluster_8c.html#a81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fappend">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../cluster_8c.html#a5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fnew">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../cluster_8c.html#a2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

View file

@ -7,48 +7,102 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ai_5falertparser_5fthread">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5falertparser_5fthread')">AI_alertparser_thread</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a" target="_parent">AI_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../spp__ai_8h.html#a842a3204c6e067a9920990b573757181" target="_parent">AI_alertparser_thread(void *):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5ffree_5falerts">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffree_5falerts')">AI_free_alerts</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../spp__ai_8h.html#a270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5falerts">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5falerts')">AI_get_alerts</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../spp__ai_8h.html#af19a28f7cbcdfeb2b66fb3b625b75076" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5fstream_5fby_5fkey">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fstream_5fby_5fkey')">AI_get_stream_by_key</a>
<div class="SRChildren">
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../stream_8c.html#a2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhashcleanup_5fthread">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../spp__ai_8h.html#ad56f71be823eead743972274b99c82ff" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../stream_8c.html#a24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../spp__ai_8h.html#ad56f71be823eead743972274b99c82ff" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../stream_8c.html#a24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhierarchies_5fbuild">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhierarchies_5fbuild')">AI_hierarchies_build</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../cluster_8c.html#a1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../spp__ai_8h.html#a857348424b9db45c90f95631eb96fd7c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5finit">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fparse">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fpkt_5fenqueue">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<div class="SRChildren">
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
<a id="Item8_c0" onkeydown="return searchResults.NavChild(event,8,0)" onkeypress="return searchResults.NavChild(event,8,0)" onkeyup="return searchResults.NavChild(event,8,0)" class="SRScope" href="../spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item8_c1" onkeydown="return searchResults.NavChild(event,8,1)" onkeypress="return searchResults.NavChild(event,8,1)" onkeyup="return searchResults.NavChild(event,8,1)" class="SRScope" href="../stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fprocess">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fset_5fstream_5fobserved">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<div class="SRChildren">
<a id="Item10_c0" onkeydown="return searchResults.NavChild(event,10,0)" onkeypress="return searchResults.NavChild(event,10,0)" onkeyup="return searchResults.NavChild(event,10,0)" class="SRScope" href="../spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item10_c1" onkeydown="return searchResults.NavChild(event,10,1)" onkeypress="return searchResults.NavChild(event,10,1)" onkeyup="return searchResults.NavChild(event,10,1)" class="SRScope" href="../stream_8c.html#a8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fsetup">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
<a id="Item11_c0" onkeydown="return searchResults.NavChild(event,11,0)" onkeypress="return searchResults.NavChild(event,11,0)" onkeyup="return searchResults.NavChild(event,11,0)" class="SRScope" href="../sf__preproc__info_8h.html#ad81716bc3f0fec4df74198a7cbdbd43c" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item11_c1" onkeydown="return searchResults.NavChild(event,11,1)" onkeypress="return searchResults.NavChild(event,11,1)" onkeyup="return searchResults.NavChild(event,11,1)" class="SRScope" href="../spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
</div>
</div>
</div>

View file

@ -0,0 +1,29 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_preg_5fmatch">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_preg_5fmatch')">preg_match</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../regex_8c.html#a35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *expr, char *str, char ***matches, int *nmatches):&nbsp;regex.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../spp__ai_8h.html#a85c0852b05b60cbfe0130534160c9876" target="_parent">preg_match(const char *, char *, char ***, int *):&nbsp;regex.c</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -7,15 +7,15 @@
var indexSectionsWithContent =
{
0: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010110111111011110101111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
1: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
2: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
3: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100100001001000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000110010010010101110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
5: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
6: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
7: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
8: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100100000100100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
0: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111111111011111101111010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
1: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
2: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101000000000000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
3: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100100001001000100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101110111011111101110010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
5: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000010000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
6: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
7: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001101000000010000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
8: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
};
var indexSectionNames =

View file

@ -7,9 +7,9 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ai_5fconfig">
<div class="SRResult" id="SR_ai_5fsnort_5falert">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#a3fc526e5a55f5d137402b1bbd1b6072c" target="_parent">AI_config</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897" target="_parent">AI_snort_alert</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>

View file

@ -0,0 +1,26 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_hierarchy_5fnode">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#a466391129919ef12366d311d501552fa" target="_parent">hierarchy_node</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -19,6 +19,12 @@
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_uint8_5ft">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5" target="_parent">uint8_t</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

View file

@ -7,12 +7,18 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR__5fconfig">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../cluster_8c.html#a91458e2d34595688e39fcb63ba418849" target="_parent">_config</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fdpd">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR__5fdpd')">_dpd</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR__5fdpd')">_dpd</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../spp__ai_8c.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd():&nbsp;sf_dynamic_preproc_lib.c</a>
</div>
</div>
</div>

View file

@ -0,0 +1,56 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ack">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37" target="_parent">ack</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5ffp">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5flog">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../cluster_8c.html#aaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR_alertclusteringinterval">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertfile">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alerts">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -0,0 +1,44 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_children">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd" target="_parent">children</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_classification">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f" target="_parent">classification</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_clusterfile">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3" target="_parent">clusterfile</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_count">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<span class="SRScope">attribute_value</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -7,10 +7,25 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_desc">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135" target="_parent">desc</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5faddr">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c" target="_parent">dst_addr</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5fport">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" target="_parent">dst_port</a>
<span class="SRScope">pkt_key</span>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_dst_5fport')">dst_port</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" target="_parent">pkt_key::dst_port()</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3" target="_parent">_AI_snort_alert::dst_port()</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -0,0 +1,32 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_gid">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">gid</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_grouped_5falarms_5fcount">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53" target="_parent">grouped_alarms_count</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -7,22 +7,37 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_h_5fnode">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed" target="_parent">h_node</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_h_5froot">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../cluster_8c.html#a97d35425cf5a0207fb50b64ee8cdda82" target="_parent">h_root</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR_hash">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../stream_8c.html#a96fbc549c67e0d852ced3cb72980e923" target="_parent">hash</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../stream_8c.html#a57e23cda853e9d11c37723a962ef2f68" target="_parent">hash</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_hashcleanupinterval">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__config.html#a890e6756dc637e9d41b7051a4d1ddc93" target="_parent">hashCleanupInterval</a>
<span class="SRScope">_AI_config</span>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4" target="_parent">hashCleanupInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_hh">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">hh</a>
<span class="SRScope">pkt_info</span>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_hh')">hh</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc" target="_parent">attribute_value::hh()</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -0,0 +1,38 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_id">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf" target="_parent">id</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_iplen">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78" target="_parent">iplen</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ipproto">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4" target="_parent">ipproto</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -9,8 +9,11 @@
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_key">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">key</a>
<span class="SRScope">pkt_info</span>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_key')">key</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d" target="_parent">attribute_value::key()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">pkt_info::key()</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -0,0 +1,26 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_label">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a" target="_parent">label</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -0,0 +1,44 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_max">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structattribute__key.html#a82b7e5ac49820b816871a4ddf30c462d" target="_parent">max</a>
<span class="SRScope">attribute_key</span>
</div>
</div>
<div class="SRResult" id="SR_max_5fval">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87" target="_parent">max_val</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_min">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structattribute__key.html#a4fdb3d7aabeac6b1052b59e05e3d8842" target="_parent">min</a>
<span class="SRScope">attribute_key</span>
</div>
</div>
<div class="SRResult" id="SR_min_5fval">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4" target="_parent">min_val</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -7,10 +7,19 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_nchildren">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a" target="_parent">nchildren</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_next">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168" target="_parent">next</a>
<span class="SRScope">pkt_info</span>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_next')">next</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168" target="_parent">pkt_info::next()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173" target="_parent">_AI_snort_alert::next()</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -0,0 +1,26 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_observed">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9" target="_parent">observed</a>
<span class="SRScope">pkt_info</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -7,22 +7,28 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_parent">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe" target="_parent">parent</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_parserpolicyid">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../sfPolicyUserData_8c.html#a0a415b8e70250b11e64a463134d00b4f" target="_parent">parserPolicyId</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sfPolicyUserData_8c.html#a0a415b8e70250b11e64a463134d00b4f" target="_parent">parserPolicyId</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>
<div class="SRResult" id="SR_pkt">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168" target="_parent">pkt</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168" target="_parent">pkt</a>
<span class="SRScope">pkt_info</span>
</div>
</div>
<div class="SRResult" id="SR_porttocheck">
<div class="SRResult" id="SR_priority">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__config.html#ab22e082ad6637f6280134e882bf53b0d" target="_parent">portToCheck</a>
<span class="SRScope">_AI_config</span>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9" target="_parent">priority</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -7,9 +7,15 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_rev">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37" target="_parent">rev</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_runtimepolicyid">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../sfPolicyUserData_8c.html#a281b418c0dc978a74cd7ab5e46ee0fa4" target="_parent">runtimePolicyId</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../sfPolicyUserData_8c.html#a281b418c0dc978a74cd7ab5e46ee0fa4" target="_parent">runtimePolicyId</a>
<span class="SRScope">sfPolicyUserData.c</span>
</div>
</div>

View file

@ -7,16 +7,52 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_sequence">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77" target="_parent">sequence</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_sid">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">sid</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_src_5faddr">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48" target="_parent">src_addr</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_src_5fip">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb" target="_parent">src_ip</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb" target="_parent">src_ip</a>
<span class="SRScope">pkt_key</span>
</div>
</div>
<div class="SRResult" id="SR_src_5fport">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3" target="_parent">src_port</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_start_5ftime">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../stream_8c.html#a0597864b078ff448f28432db86950309" target="_parent">start_time</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_stream">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" target="_parent">stream</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_streamexpireinterval">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__config.html#a338358f23bf15f567a015a99d892c8e7" target="_parent">streamExpireInterval</a>
<span class="SRScope">_AI_config</span>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b" target="_parent">streamExpireInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -7,10 +7,46 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_tcp_5fflags">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507" target="_parent">tcp_flags</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcplen">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0" target="_parent">tcplen</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_timestamp">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92" target="_parent">timestamp</a>
<span class="SRScope">pkt_info</span>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_timestamp')">timestamp</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92" target="_parent">pkt_info::timestamp()</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19" target="_parent">_AI_snort_alert::timestamp()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_tos">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93" target="_parent">tos</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ttl">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2" target="_parent">ttl</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_type">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_type')">type</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c" target="_parent">attribute_value::type()</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296" target="_parent">_hierarchy_node::type()</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

View file

@ -0,0 +1,26 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_window">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1" target="_parent">window</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

View file

@ -112,7 +112,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -145,7 +145,7 @@ Variables</h2></td></tr>
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">DynamicPreprocessorData <a class="el" href="spp__ai_8c.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td>
<td class="memname">DynamicPreprocessorData <a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td>
</tr>
</table>
</div>
@ -168,7 +168,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -171,7 +171,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -78,7 +78,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -47,7 +47,6 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</div>
<div class="header">
<div class="summary">
<a href="#define-members">Defines</a> &#124;
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
@ -55,106 +54,25 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</div>
<div class="contents">
<code>#include &quot;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&quot;</code><br/>
<code>#include &quot;preprocids.h&quot;</code><br/>
<code>#include &quot;sf_dynamic_preproc_lib.h&quot;</code><br/>
<code>#include &quot;sf_dynamic_preprocessor.h&quot;</code><br/>
<code>#include &quot;debug.h&quot;</code><br/>
<code>#include &quot;sfPolicy.h&quot;</code><br/>
<code>#include &quot;sfPolicyUserData.h&quot;</code><br/>
<code>#include &lt;sys/types.h&gt;</code><br/>
<code>#include &lt;stdlib.h&gt;</code><br/>
<code>#include &lt;ctype.h&gt;</code><br/>
<code>#include &lt;string.h&gt;</code><br/>
<code>#include &lt;pthread.h&gt;</code><br/>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="define-members"></a>
Defines</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a9e7d446fc8b40be2cfbb5c69c3e132ca">GENERATOR_EXAMPLE</a>&nbsp;&nbsp;&nbsp;256</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#af4c767ae0346026264c851108f42be63">SRC_PORT_MATCH</a>&nbsp;&nbsp;&nbsp;1</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a3ec4dd8f1ebed73c13175d9b9c820e2e">SRC_PORT_MATCH_STR</a>&nbsp;&nbsp;&nbsp;&quot;example_preprocessor: src port match&quot;</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a8ab13e8ad1dfd19b9237a99ae6130146">DST_PORT_MATCH</a>&nbsp;&nbsp;&nbsp;2</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a1f3521b9bcf5daf99190be58473a4110">DST_PORT_MATCH_STR</a>&nbsp;&nbsp;&nbsp;&quot;example_preprocessor: dest port match&quot;</td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a3524cbdf8fddbcf38c4ed55241002242">AI_init</a> (char *args)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Initialize the preprocessor module. <a href="#a3524cbdf8fddbcf38c4ed55241002242"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a57c05cda012c443cb4c358dc327cd3d1">AI_process</a> (void *pkt, void *context)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function executed every time the module receives a packet to be processed. <a href="#a57c05cda012c443cb4c358dc327cd3d1"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static <a class="el" href="struct__AI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e">AI_parse</a> (char *args)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#ae1c5c4b38ee2819d427848eb3046373e">AI_parse</a> (char *args)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Parse the arguments passed to the module saving them to a valid configuration struct. <a href="#ae1c5c4b38ee2819d427848eb3046373e"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a1b9ebb5c719c7d9426ddfc1f3da36570">AI_setup</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set up the preprocessor module. <a href="#a1b9ebb5c719c7d9426ddfc1f3da36570"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">tSfPolicyUserContextId&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#a3dd75596c540d148643fe6d1fdc02628">ex_config</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">DynamicPreprocessorData&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8c.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td></tr>
</table>
<hr/><h2>Define Documentation</h2>
<a class="anchor" id="a8ab13e8ad1dfd19b9237a99ae6130146"></a><!-- doxytag: member="spp_ai.c::DST_PORT_MATCH" ref="a8ab13e8ad1dfd19b9237a99ae6130146" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DST_PORT_MATCH&nbsp;&nbsp;&nbsp;2</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a1f3521b9bcf5daf99190be58473a4110"></a><!-- doxytag: member="spp_ai.c::DST_PORT_MATCH_STR" ref="a1f3521b9bcf5daf99190be58473a4110" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DST_PORT_MATCH_STR&nbsp;&nbsp;&nbsp;&quot;example_preprocessor: dest port match&quot;</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a9e7d446fc8b40be2cfbb5c69c3e132ca"></a><!-- doxytag: member="spp_ai.c::GENERATOR_EXAMPLE" ref="a9e7d446fc8b40be2cfbb5c69c3e132ca" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define GENERATOR_EXAMPLE&nbsp;&nbsp;&nbsp;256</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="af4c767ae0346026264c851108f42be63"></a><!-- doxytag: member="spp_ai.c::SRC_PORT_MATCH" ref="af4c767ae0346026264c851108f42be63" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define SRC_PORT_MATCH&nbsp;&nbsp;&nbsp;1</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a3ec4dd8f1ebed73c13175d9b9c820e2e"></a><!-- doxytag: member="spp_ai.c::SRC_PORT_MATCH_STR" ref="a3ec4dd8f1ebed73c13175d9b9c820e2e" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define SRC_PORT_MATCH_STR&nbsp;&nbsp;&nbsp;&quot;example_preprocessor: src port match&quot;</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a3524cbdf8fddbcf38c4ed55241002242"></a><!-- doxytag: member="spp_ai.c::AI_init" ref="a3524cbdf8fddbcf38c4ed55241002242" args="(char *args)" -->
<div class="memitem">
@ -188,7 +106,7 @@ Variables</h2></td></tr>
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">static <a class="el" href="struct__AI__config.html">AI_config</a> * AI_parse </td>
<td class="memname">static <a class="el" href="structAI__config.html">AI_config</a> * AI_parse </td>
<td>(</td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>args</em></td>
@ -200,14 +118,14 @@ Variables</h2></td></tr>
<div class="memdoc">
<p>Parse the arguments passed to the module saving them to a valid configuration struct. </p>
<p>FUNCTION: AI_config </p>
<p>FUNCTION: <a class="el" href="structAI__config.html">AI_config</a> </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>args</em>&nbsp;</td><td>Arguments passed to the module </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>Pointer to AI_config keeping the configuration for the module </dd></dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>Pointer to <a class="el" href="structAI__config.html">AI_config</a> keeping the configuration for the module </dd></dl>
</div>
</div>
@ -270,19 +188,6 @@ Variables</h2></td></tr>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="ab46420126c43c1aac5eabc5db266a71c"></a><!-- doxytag: member="spp_ai.c::_dpd" ref="ab46420126c43c1aac5eabc5db266a71c" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">DynamicPreprocessorData <a class="el" href="spp__ai_8c.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a3dd75596c540d148643fe6d1fdc02628"></a><!-- doxytag: member="spp_ai.c::ex_config" ref="a3dd75596c540d148643fe6d1fdc02628" args="" -->
<div class="memitem">
<div class="memproto">
@ -311,7 +216,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -48,44 +48,181 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<div class="header">
<div class="summary">
<a href="#nested-classes">Data Structures</a> &#124;
<a href="#define-members">Defines</a> &#124;
<a href="#typedef-members">Typedefs</a> &#124;
<a href="#enum-members">Enumerations</a> &#124;
<a href="#func-members">Functions</a> </div>
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>spp_ai.h File Reference</h1> </div>
</div>
<div class="contents">
<code>#include &quot;sf_snort_packet.h&quot;</code><br/>
<code>#include &quot;sf_dynamic_preprocessor.h&quot;</code><br/>
<code>#include &quot;uthash.h&quot;</code><br/>
<p><a href="spp__ai_8h_source.html">Go to the source code of this file.</a></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="nested-classes"></a>
Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__config.html">_AI_config</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__key.html">pkt_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html">pkt_info</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html">AI_config</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a></td></tr>
<tr><td colspan="2"><h2><a name="define-members"></a>
Defines</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8">PRIVATE</a>&nbsp;&nbsp;&nbsp;static</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">DEFAULT_HASH_CLEANUP_INTERVAL</a>&nbsp;&nbsp;&nbsp;300</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">DEFAULT_STREAM_EXPIRE_INTERVAL</a>&nbsp;&nbsp;&nbsp;300</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">DEFAULT_ALERT_CLUSTERING_INTERVAL</a>&nbsp;&nbsp;&nbsp;3600</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">DEFAULT_ALERT_LOG_FILE</a>&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/alert&quot;</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">DEFAULT_CLUSTER_LOG_FILE</a>&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/cluster_alert&quot;</td></tr>
<tr><td colspan="2"><h2><a name="typedef-members"></a>
Typedefs</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef unsigned char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef unsigned short&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef struct <a class="el" href="struct__AI__config.html">_AI_config</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a3fc526e5a55f5d137402b1bbd1b6072c">AI_config</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a466391129919ef12366d311d501552fa">hierarchy_node</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef struct <a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897">AI_snort_alert</a></td></tr>
<tr><td colspan="2"><h2><a name="enum-members"></a>
Enumerations</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">enum &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> { <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c">false</a>,
<a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">true</a>
}</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">enum &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> { <br/>
&nbsp;&nbsp;<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0">none</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f">src_addr</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c">dst_addr</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">src_port</a>,
<br/>
&nbsp;&nbsp;<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9">dst_port</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">CLUSTER_TYPES</a>
<br/>
}</td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29">AI_pkt_enqueue</a> (SFSnortPacket *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. <a href="#af6f7d167c3623bbc669e8d31c2719b29"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a85c0852b05b60cbfe0130534160c9876">preg_match</a> (const char *, char *, char ***, int *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="#a85c0852b05b60cbfe0130534160c9876"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ad56f71be823eead743972274b99c82ff">AI_hashcleanup_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. <a href="#ad56f71be823eead743972274b99c82ff"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a842a3204c6e067a9920990b573757181">AI_alertparser_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing Snort's alert file. <a href="#a842a3204c6e067a9920990b573757181"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29">AI_pkt_enqueue</a> (SFSnortPacket *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. <a href="#af6f7d167c3623bbc669e8d31c2719b29"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02">AI_set_stream_observed</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. <a href="#a8749989cee2ac05a7de058faac280c02"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a857348424b9db45c90f95631eb96fd7c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **, int)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="#a857348424b9db45c90f95631eb96fd7c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a">AI_get_stream_by_key</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a>)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get a TCP stream by key. <a href="#a3054f06297a9caefd4d9b1283bb8b69a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#af19a28f7cbcdfeb2b66fb3b625b75076">AI_get_alerts</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="#af19a28f7cbcdfeb2b66fb3b625b75076"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a270e86669a0aa64a8da37bc16cda645b">AI_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Deallocate the memory of a log alert linked list. <a href="#a270e86669a0aa64a8da37bc16cda645b"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">DynamicPreprocessorData&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td></tr>
</table>
<hr/><h2>Typedef Documentation</h2>
<a class="anchor" id="a3fc526e5a55f5d137402b1bbd1b6072c"></a><!-- doxytag: member="spp_ai.h::AI_config" ref="a3fc526e5a55f5d137402b1bbd1b6072c" args="" -->
<hr/><h2>Define Documentation</h2>
<a class="anchor" id="a0c4b6fce670e46083e33b9f53b78f39e"></a><!-- doxytag: member="spp_ai.h::DEFAULT_ALERT_CLUSTERING_INTERVAL" ref="a0c4b6fce670e46083e33b9f53b78f39e" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef struct <a class="el" href="struct__AI__config.html">_AI_config</a> <a class="el" href="struct__AI__config.html">AI_config</a></td>
<td class="memname">#define DEFAULT_ALERT_CLUSTERING_INTERVAL&nbsp;&nbsp;&nbsp;3600</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a6d9bf552c32371e0144dc6a6209c7e4a"></a><!-- doxytag: member="spp_ai.h::DEFAULT_ALERT_LOG_FILE" ref="a6d9bf552c32371e0144dc6a6209c7e4a" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_ALERT_LOG_FILE&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/alert&quot;</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a803dc913297ccdace9e604dbfecda97d"></a><!-- doxytag: member="spp_ai.h::DEFAULT_CLUSTER_LOG_FILE" ref="a803dc913297ccdace9e604dbfecda97d" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_CLUSTER_LOG_FILE&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/cluster_alert&quot;</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a5f555c0ebd29ce2771a3e2dd4f526746"></a><!-- doxytag: member="spp_ai.h::DEFAULT_HASH_CLEANUP_INTERVAL" ref="a5f555c0ebd29ce2771a3e2dd4f526746" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_HASH_CLEANUP_INTERVAL&nbsp;&nbsp;&nbsp;300</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a0f6a189af15ef783fb46ed37c144e031"></a><!-- doxytag: member="spp_ai.h::DEFAULT_STREAM_EXPIRE_INTERVAL" ref="a0f6a189af15ef783fb46ed37c144e031" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_STREAM_EXPIRE_INTERVAL&nbsp;&nbsp;&nbsp;300</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a5e151c615eda34903514212f05a5ccf8"></a><!-- doxytag: member="spp_ai.h::PRIVATE" ref="a5e151c615eda34903514212f05a5ccf8" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define PRIVATE&nbsp;&nbsp;&nbsp;static</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/><h2>Typedef Documentation</h2>
<a class="anchor" id="a982be90e72362e88d09f28336c9a1897"></a><!-- doxytag: member="spp_ai.h::AI_snort_alert" ref="a982be90e72362e88d09f28336c9a1897" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef struct <a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a> <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a466391129919ef12366d311d501552fa"></a><!-- doxytag: member="spp_ai.h::hierarchy_node" ref="a466391129919ef12366d311d501552fa" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a> <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a></td>
</tr>
</table>
</div>
@ -117,6 +254,19 @@ Functions</h2></td></tr>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="aba7bc1797add20fe3efdf37ced1182c5"></a><!-- doxytag: member="spp_ai.h::uint8_t" ref="aba7bc1797add20fe3efdf37ced1182c5" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef unsigned char <a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/><h2>Enumeration Type Documentation</h2>
@ -139,9 +289,142 @@ Functions</h2></td></tr>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640"></a><!-- doxytag: member="spp_ai.h::cluster_type" ref="ae2ff3c6586aa2ab211a102abfde86640" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">enum <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<dl><dt><b>Enumerator: </b></dt><dd><table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0"></a><!-- doxytag: member="none" ref="ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0" args="" -->none</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f"></a><!-- doxytag: member="src_addr" ref="ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f" args="" -->src_addr</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c"></a><!-- doxytag: member="dst_addr" ref="ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c" args="" -->dst_addr</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b"></a><!-- doxytag: member="src_port" ref="ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b" args="" -->src_port</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9"></a><!-- doxytag: member="dst_port" ref="ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9" args="" -->dst_port</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451"></a><!-- doxytag: member="CLUSTER_TYPES" ref="ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451" args="" -->CLUSTER_TYPES</em>&nbsp;</td><td>
</td></tr>
</table>
</dd>
</dl>
</div>
</div>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a842a3204c6e067a9920990b573757181"></a><!-- doxytag: member="spp_ai.h::AI_alertparser_thread" ref="a842a3204c6e067a9920990b573757181" args="(void *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_alertparser_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for parsing Snort's alert file. </p>
<p>FUNCTION: AI_alertparser_thread </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>void* pointer to module's configuration </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a270e86669a0aa64a8da37bc16cda645b"></a><!-- doxytag: member="spp_ai.h::AI_free_alerts" ref="a270e86669a0aa64a8da37bc16cda645b" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_free_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>node</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Deallocate the memory of a log alert linked list. </p>
<p>FUNCTION: AI_free_alerts </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Linked list to be freed </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="af19a28f7cbcdfeb2b66fb3b625b75076"></a><!-- doxytag: member="spp_ai.h::AI_get_alerts" ref="af19a28f7cbcdfeb2b66fb3b625b75076" args="(void)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_get_alerts </td>
<td>(</td>
<td class="paramtype">void&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Return the alerts parsed so far as a linked list. </p>
<p>FUNCTION: AI_get_alerts </p>
<dl class="return"><dt><b>Returns:</b></dt><dd>An AI_snort_alert pointer identifying the list of alerts </dd></dl>
</div>
</div>
<a class="anchor" id="a3054f06297a9caefd4d9b1283bb8b69a"></a><!-- doxytag: member="spp_ai.h::AI_get_stream_by_key" ref="a3054f06297a9caefd4d9b1283bb8b69a" args="(struct pkt_key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">struct <a class="el" href="structpkt__info.html">pkt_info</a>* AI_get_stream_by_key </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td><code> [read]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Get a TCP stream by key. </p>
<p>FUNCTION: AI_get_stream_by_key </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be picked up (struct <a class="el" href="structpkt__key.html">pkt_key</a>) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A <a class="el" href="structpkt__info.html">pkt_info</a> pointer to the stream if found, NULL otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="ad56f71be823eead743972274b99c82ff"></a><!-- doxytag: member="spp_ai.h::AI_hashcleanup_thread" ref="ad56f71be823eead743972274b99c82ff" args="(void *)" -->
<div class="memitem">
<div class="memproto">
@ -162,7 +445,51 @@ Functions</h2></td></tr>
<p>FUNCTION: AI_hashcleanup_thread </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>Pointer to the AI_config struct </td></tr>
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>Pointer to the <a class="el" href="structAI__config.html">AI_config</a> struct </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a857348424b9db45c90f95631eb96fd7c"></a><!-- doxytag: member="spp_ai.h::AI_hierarchies_build" ref="a857348424b9db45c90f95631eb96fd7c" args="(AI_config *, hierarchy_node **, int)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_hierarchies_build </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td>
<td class="paramname"> <em>conf</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **&nbsp;</td>
<td class="paramname"> <em>nodes</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>n_nodes</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Build the clustering hierarchy trees. </p>
<p>FUNCTION: AI_hierarchies_build </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>conf</em>&nbsp;</td><td>Reference to the configuration of the module </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nodes</em>&nbsp;</td><td>Nodes containing the information about the clustering ranges </td></tr>
<tr><td valign="top"></td><td valign="top"><em>n_nodes</em>&nbsp;</td><td>Number of nodes </td></tr>
</table>
</dd>
</dl>
@ -194,6 +521,99 @@ Functions</h2></td></tr>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a8749989cee2ac05a7de058faac280c02"></a><!-- doxytag: member="spp_ai.h::AI_set_stream_observed" ref="a8749989cee2ac05a7de058faac280c02" args="(struct pkt_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_set_stream_observed </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. </p>
<p>FUNCTION: AI_set_stream_observed </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be set as "observed" </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a85c0852b05b60cbfe0130534160c9876"></a><!-- doxytag: member="spp_ai.h::preg_match" ref="a85c0852b05b60cbfe0130534160c9876" args="(const char *, char *, char ***, int *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int preg_match </td>
<td>(</td>
<td class="paramtype">const char *&nbsp;</td>
<td class="paramname"> <em>expr</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>str</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char ***&nbsp;</td>
<td class="paramname"> <em>matches</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int *&nbsp;</td>
<td class="paramname"> <em>nmatches</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if a string matches a regular expression. </p>
<p>FUNCTION: preg_match </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>expr</em>&nbsp;</td><td>Regular expression to be matched </td></tr>
<tr><td valign="top"></td><td valign="top"><em>str</em>&nbsp;</td><td>String to be checked </td></tr>
<tr><td valign="top"></td><td valign="top"><em>matches</em>&nbsp;</td><td>Reference to a char** that will contain the submatches (NULL if you don't need it) </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nmatches</em>&nbsp;</td><td>Reference to a int containing the number of submatches found (NULL if you don't need it) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>-1 if the regex is wrong, 0 if no match was found, 1 otherwise </dd></dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="ab46420126c43c1aac5eabc5db266a71c"></a><!-- doxytag: member="spp_ai.h::_dpd" ref="ab46420126c43c1aac5eabc5db266a71c" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">DynamicPreprocessorData <a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
@ -211,7 +631,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -72,25 +72,134 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<a name="l00021"></a>00021 <span class="preprocessor"></span><span class="preprocessor">#define _SPP_AI_H</span>
<a name="l00022"></a>00022 <span class="preprocessor"></span>
<a name="l00023"></a>00023 <span class="preprocessor">#include &quot;sf_snort_packet.h&quot;</span>
<a name="l00024"></a>00024
<a name="l00025"></a><a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">00025</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> uint32_t;
<a name="l00026"></a><a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">00026</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> uint16_t;
<a name="l00027"></a>00027
<a name="l00028"></a><a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">00028</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> { <span class="keyword">false</span>, <span class="keyword">true</span> } BOOL;
<a name="l00029"></a>00029
<a name="l00030"></a><a class="code" href="struct__AI__config.html">00030</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__AI__config.html">_AI_config</a>
<a name="l00031"></a>00031 {
<a name="l00032"></a><a class="code" href="struct__AI__config.html#ab22e082ad6637f6280134e882bf53b0d">00032</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__config.html#ab22e082ad6637f6280134e882bf53b0d">portToCheck</a>;
<a name="l00033"></a><a class="code" href="struct__AI__config.html#a890e6756dc637e9d41b7051a4d1ddc93">00033</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> <a class="code" href="struct__AI__config.html#a890e6756dc637e9d41b7051a4d1ddc93">hashCleanupInterval</a>;
<a name="l00034"></a><a class="code" href="struct__AI__config.html#a338358f23bf15f567a015a99d892c8e7">00034</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> <a class="code" href="struct__AI__config.html#a338358f23bf15f567a015a99d892c8e7">streamExpireInterval</a>;
<a name="l00035"></a>00035
<a name="l00036"></a>00036 } <a class="code" href="struct__AI__config.html">AI_config</a>;
<a name="l00037"></a>00037
<a name="l00038"></a>00038 <span class="keywordtype">void</span> <a class="code" href="spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29" title="Function called for appending a new packet to the hash table, creating a new stream or appending it t...">AI_pkt_enqueue</a> ( SFSnortPacket* );
<a name="l00039"></a>00039 <span class="keywordtype">void</span>* <a class="code" href="spp__ai_8h.html#ad56f71be823eead743972274b99c82ff" title="Thread called for cleaning up the hash table from the traffic streams older than a certain threshold...">AI_hashcleanup_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00040"></a>00040
<a name="l00041"></a>00041 <span class="preprocessor">#endif </span><span class="comment">/* _SPP_AI_H */</span>
<a name="l00042"></a>00042
<a name="l00024"></a>00024 <span class="preprocessor">#include &quot;sf_dynamic_preprocessor.h&quot;</span>
<a name="l00025"></a>00025 <span class="preprocessor">#include &quot;uthash.h&quot;</span>
<a name="l00026"></a>00026
<a name="l00027"></a><a class="code" href="spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8">00027</a> <span class="preprocessor">#define PRIVATE static</span>
<a name="l00028"></a>00028 <span class="preprocessor"></span>
<a name="l00029"></a><a class="code" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">00029</a> <span class="preprocessor">#define DEFAULT_HASH_CLEANUP_INTERVAL 300</span>
<a name="l00030"></a><a class="code" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">00030</a> <span class="preprocessor"></span><span class="preprocessor">#define DEFAULT_STREAM_EXPIRE_INTERVAL 300</span>
<a name="l00031"></a><a class="code" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">00031</a> <span class="preprocessor"></span><span class="preprocessor">#define DEFAULT_ALERT_CLUSTERING_INTERVAL 3600</span>
<a name="l00032"></a><a class="code" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">00032</a> <span class="preprocessor"></span><span class="preprocessor">#define DEFAULT_ALERT_LOG_FILE &quot;/var/log/snort/alert&quot;</span>
<a name="l00033"></a><a class="code" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">00033</a> <span class="preprocessor"></span><span class="preprocessor">#define DEFAULT_CLUSTER_LOG_FILE &quot;/var/log/snort/cluster_alert&quot;</span>
<a name="l00034"></a>00034 <span class="preprocessor"></span>
<a name="l00035"></a>00035 <span class="keyword">extern</span> DynamicPreprocessorData <a class="code" href="sf__dynamic__preproc__lib_8c.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a>;
<a name="l00036"></a><a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">00036</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> uint8_t;
<a name="l00037"></a><a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">00037</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> uint16_t;
<a name="l00038"></a><a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">00038</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> uint32_t;
<a name="l00039"></a>00039
<a name="l00040"></a><a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">00040</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> { <span class="keyword">false</span>, <span class="keyword">true</span> } BOOL;
<a name="l00041"></a>00041
<a name="l00042"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">00042</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> {
<a name="l00043"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">00043</a> none, src_addr, dst_addr, src_port, dst_port, <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">CLUSTER_TYPES</a>
<a name="l00044"></a>00044 } cluster_type;
<a name="l00045"></a>00045
<a name="l00046"></a>00046 <span class="comment">/* Each stream in the hash table is identified by the couple (src_ip, dst_port) */</span>
<a name="l00047"></a><a class="code" href="structpkt__key.html">00047</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a>
<a name="l00048"></a>00048 {
<a name="l00049"></a><a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">00049</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">src_ip</a>;
<a name="l00050"></a><a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">00050</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">dst_port</a>;
<a name="l00051"></a>00051 };
<a name="l00052"></a>00052
<a name="l00053"></a>00053 <span class="comment">/* Identifier of a packet in a stream */</span>
<a name="l00054"></a><a class="code" href="structpkt__info.html">00054</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>
<a name="l00055"></a>00055 {
<a name="l00056"></a><a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">00056</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a> <a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">key</a>; <span class="comment">/* Key of the packet (src_ip, dst_port) */</span>
<a name="l00057"></a><a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">00057</a> time_t <a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">timestamp</a>; <span class="comment">/* Timestamp */</span>
<a name="l00058"></a><a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">00058</a> SFSnortPacket* <a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt</a>; <span class="comment">/* Reference to SFSnortPacket containing packet&#39;s information */</span>
<a name="l00059"></a><a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">00059</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">next</a>; <span class="comment">/* Pointer to the next packet in the stream */</span>
<a name="l00060"></a><a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">00060</a> <a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">observed</a>; <span class="comment">/* Flag set if the packet is observed, i.e. associated to a security alert */</span>
<a name="l00061"></a><a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">00061</a> UT_hash_handle <a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">hh</a>; <span class="comment">/* Make the struct &#39;hashable&#39; */</span>
<a name="l00062"></a>00062 };
<a name="l00063"></a>00063
<a name="l00064"></a>00064 <span class="comment">/* Data type containing the configuration of the module */</span>
<a name="l00065"></a><a class="code" href="structAI__config.html">00065</a> <span class="keyword">typedef</span> <span class="keyword">struct</span>
<a name="l00066"></a>00066 {
<a name="l00067"></a><a class="code" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">00067</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> hashCleanupInterval;
<a name="l00068"></a><a class="code" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">00068</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> streamExpireInterval;
<a name="l00069"></a><a class="code" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">00069</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> alertClusteringInterval;
<a name="l00070"></a><a class="code" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">00070</a> <span class="keywordtype">char</span> alertfile[1024];
<a name="l00071"></a><a class="code" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">00071</a> <span class="keywordtype">char</span> clusterfile[1024];
<a name="l00072"></a>00072 } <a class="code" href="structAI__config.html">AI_config</a>;
<a name="l00073"></a>00073
<a name="l00074"></a>00074 <span class="comment">/* Data type for hierarchies used for clustering */</span>
<a name="l00075"></a><a class="code" href="struct__hierarchy__node.html">00075</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a>
<a name="l00076"></a>00076 {
<a name="l00077"></a><a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">00077</a> <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> <a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">type</a>;
<a name="l00078"></a><a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">00078</a> <span class="keywordtype">char</span> <a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">label</a>[256];
<a name="l00079"></a><a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">00079</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">min_val</a>;
<a name="l00080"></a><a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">00080</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">max_val</a>;
<a name="l00081"></a><a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">00081</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">nchildren</a>;
<a name="l00082"></a><a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">00082</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> *<a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">parent</a>;
<a name="l00083"></a><a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">00083</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> **<a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">children</a>;
<a name="l00084"></a>00084 } <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>;
<a name="l00085"></a>00085
<a name="l00086"></a>00086 <span class="comment">/* Data type for Snort alerts */</span>
<a name="l00087"></a><a class="code" href="struct__AI__snort__alert.html">00087</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> {
<a name="l00088"></a>00088 <span class="comment">/* Identifiers of the alert */</span>
<a name="l00089"></a><a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">00089</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">gid</a>;
<a name="l00090"></a><a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">00090</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">sid</a>;
<a name="l00091"></a><a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">00091</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">rev</a>;
<a name="l00092"></a>00092
<a name="l00093"></a>00093 <span class="comment">/* Snort priority, description,</span>
<a name="l00094"></a>00094 <span class="comment"> * classification and timestamp</span>
<a name="l00095"></a>00095 <span class="comment"> * of the alert */</span>
<a name="l00096"></a><a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">00096</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> <a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">priority</a>;
<a name="l00097"></a><a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">00097</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">desc</a>;
<a name="l00098"></a><a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">00098</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">classification</a>;
<a name="l00099"></a><a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">00099</a> time_t <a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">timestamp</a>;
<a name="l00100"></a>00100
<a name="l00101"></a>00101 <span class="comment">/* IP header information */</span>
<a name="l00102"></a><a class="code" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">00102</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">tos</a>;
<a name="l00103"></a><a class="code" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">00103</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">iplen</a>;
<a name="l00104"></a><a class="code" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">00104</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">id</a>;
<a name="l00105"></a><a class="code" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">00105</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">ttl</a>;
<a name="l00106"></a><a class="code" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">00106</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">ipproto</a>;
<a name="l00107"></a><a class="code" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">00107</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">src_addr</a>;
<a name="l00108"></a><a class="code" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">00108</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">dst_addr</a>;
<a name="l00109"></a>00109
<a name="l00110"></a>00110 <span class="comment">/* TCP header information */</span>
<a name="l00111"></a><a class="code" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">00111</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">src_port</a>;
<a name="l00112"></a><a class="code" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">00112</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">dst_port</a>;
<a name="l00113"></a><a class="code" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">00113</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">sequence</a>;
<a name="l00114"></a><a class="code" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">00114</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">ack</a>;
<a name="l00115"></a><a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">00115</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">tcp_flags</a>;
<a name="l00116"></a><a class="code" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">00116</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">window</a>;
<a name="l00117"></a><a class="code" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">00117</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">tcplen</a>;
<a name="l00118"></a>00118
<a name="l00119"></a>00119 <span class="comment">/* Reference to the TCP stream</span>
<a name="l00120"></a>00120 <span class="comment"> * associated to the alert, if any */</span>
<a name="l00121"></a><a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">00121</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a> *<a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">stream</a>;
<a name="l00122"></a>00122
<a name="l00123"></a>00123 <span class="comment">/* Pointer to the next alert in</span>
<a name="l00124"></a>00124 <span class="comment"> * the log, if any*/</span>
<a name="l00125"></a><a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">00125</a> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> *<a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">next</a>;
<a name="l00126"></a>00126
<a name="l00127"></a>00127 <span class="comment">/* Hierarchies for addresses and ports,</span>
<a name="l00128"></a>00128 <span class="comment"> * if the clustering algorithm is used */</span>
<a name="l00129"></a><a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">00129</a> <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a> *<a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">h_node</a>[CLUSTER_TYPES];
<a name="l00130"></a>00130
<a name="l00131"></a>00131 <span class="comment">/* If the clustering algorithm is used,</span>
<a name="l00132"></a>00132 <span class="comment"> * we also count how many alerts this</span>
<a name="l00133"></a>00133 <span class="comment"> * single alert groups */</span>
<a name="l00134"></a><a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">00134</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">grouped_alarms_count</a>;
<a name="l00135"></a>00135 } <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>;
<a name="l00136"></a>00136
<a name="l00137"></a>00137 <span class="keywordtype">int</span> <a class="code" href="regex_8c.html#a35f57c052a7de1ded54b67a1f7819791" title="Check if a string matches a regular expression.">preg_match</a> ( <span class="keyword">const</span> <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>***, <span class="keywordtype">int</span>* );
<a name="l00138"></a>00138
<a name="l00139"></a>00139 <span class="keywordtype">void</span>* <a class="code" href="spp__ai_8h.html#ad56f71be823eead743972274b99c82ff" title="Thread called for cleaning up the hash table from the traffic streams older than a certain threshold...">AI_hashcleanup_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00140"></a>00140 <span class="keywordtype">void</span>* <a class="code" href="alert__parser_8c.html#ad68c45b5846743a54ad3fa92c8e48f8a" title="Thread for parsing Snort&amp;#39;s alert file.">AI_alertparser_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00141"></a>00141
<a name="l00142"></a>00142 <span class="keywordtype">void</span> <a class="code" href="spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29" title="Function called for appending a new packet to the hash table, creating a new stream or appending it t...">AI_pkt_enqueue</a> ( SFSnortPacket* );
<a name="l00143"></a>00143 <span class="keywordtype">void</span> <a class="code" href="spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02" title="Set the flag &amp;quot;observed&amp;quot; on a stream associated to a security alert, so that it won&amp;#39;t be...">AI_set_stream_observed</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> key );
<a name="l00144"></a>00144 <span class="keywordtype">void</span> <a class="code" href="cluster_8c.html#a1445818b37483f78cc3fb2890155842c" title="Build the clustering hierarchy trees.">AI_hierarchies_build</a> ( <a class="code" href="structAI__config.html">AI_config</a>*, <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>**, <span class="keywordtype">int</span> );
<a name="l00145"></a>00145
<a name="l00146"></a>00146 <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a" title="Get a TCP stream by key.">AI_get_stream_by_key</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> );
<a name="l00147"></a>00147 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="code" href="alert__parser_8c.html#a99474495643197b3075ac22ec6f6c70f" title="Return the alerts parsed so far as a linked list.">AI_get_alerts</a> ( <span class="keywordtype">void</span> );
<a name="l00148"></a>00148 <span class="keywordtype">void</span> <a class="code" href="alert__parser_8c.html#a270e86669a0aa64a8da37bc16cda645b" title="Deallocate the memory of a log alert linked list.">AI_free_alerts</a> ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00149"></a>00149
<a name="l00150"></a>00150 <span class="preprocessor">#endif </span><span class="comment">/* _SPP_AI_H */</span>
<a name="l00151"></a>00151
</pre></div></div>
</div>
<!--- window showing the filter options -->
@ -107,7 +216,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -47,7 +47,6 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</div>
<div class="header">
<div class="summary">
<a href="#nested-classes">Data Structures</a> &#124;
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
@ -55,42 +54,40 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</div>
<div class="contents">
<code>#include &quot;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&quot;</code><br/>
<code>#include &quot;uthash.h&quot;</code><br/>
<code>#include &lt;stdio.h&gt;</code><br/>
<code>#include &lt;stdlib.h&gt;</code><br/>
<code>#include &lt;string.h&gt;</code><br/>
<code>#include &lt;time.h&gt;</code><br/>
<code>#include &lt;unistd.h&gt;</code><br/>
<code>#include &lt;arpa/inet.h&gt;</code><br/>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="nested-classes"></a>
Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__key.html">pkt_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html">pkt_info</a></td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a2a0c295a6828df716311977538cabd4a">_AI_stream_free</a> (struct <a class="el" href="structpkt__info.html">pkt_info</a> *stream)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Remove a stream from the hash table (private function). <a href="#a2a0c295a6828df716311977538cabd4a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a80016adf701c717a6ebfb5b15b8a5749">_AI_stream_free</a> (struct <a class="el" href="structpkt__info.html">pkt_info</a> *stream)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Remove a stream from the hash table (private function). <a href="#a80016adf701c717a6ebfb5b15b8a5749"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a24b1131374e5059564b8a12380c4eb75">AI_hashcleanup_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. <a href="#a24b1131374e5059564b8a12380c4eb75"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a7d71c5645b9baff7b6c4b9a181bf80c5">AI_pkt_enqueue</a> (SFSnortPacket *pkt)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. <a href="#a7d71c5645b9baff7b6c4b9a181bf80c5"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a2efedcabbfd12c5345f0c93a3dd4735c">AI_get_stream_by_key</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get a TCP stream by key. <a href="#a2efedcabbfd12c5345f0c93a3dd4735c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a8749989cee2ac05a7de058faac280c02">AI_set_stream_observed</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. <a href="#a8749989cee2ac05a7de058faac280c02"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">static struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a96fbc549c67e0d852ced3cb72980e923">hash</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a57e23cda853e9d11c37723a962ef2f68">hash</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE time_t&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="stream_8c.html#a0597864b078ff448f28432db86950309">start_time</a> = 0</td></tr>
</table>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a2a0c295a6828df716311977538cabd4a"></a><!-- doxytag: member="stream.c::_AI_stream_free" ref="a2a0c295a6828df716311977538cabd4a" args="(struct pkt_info *stream)" -->
<a class="anchor" id="a80016adf701c717a6ebfb5b15b8a5749"></a><!-- doxytag: member="stream.c::_AI_stream_free" ref="a80016adf701c717a6ebfb5b15b8a5749" args="(struct pkt_info *stream)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">static void _AI_stream_free </td>
<td class="memname">PRIVATE void _AI_stream_free </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td>
<td class="paramname"> <em>stream</em></td>
<td>&nbsp;)&nbsp;</td>
<td><code> [static]</code></td>
<td></td>
</tr>
</table>
</div>
@ -105,6 +102,34 @@ Variables</h2></td></tr>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a2efedcabbfd12c5345f0c93a3dd4735c"></a><!-- doxytag: member="stream.c::AI_get_stream_by_key" ref="a2efedcabbfd12c5345f0c93a3dd4735c" args="(struct pkt_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">struct <a class="el" href="structpkt__info.html">pkt_info</a>* AI_get_stream_by_key </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td><code> [read]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Get a TCP stream by key. </p>
<p>FUNCTION: AI_get_stream_by_key </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be picked up (struct <a class="el" href="structpkt__key.html">pkt_key</a>) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A <a class="el" href="structpkt__info.html">pkt_info</a> pointer to the stream if found, NULL otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="a24b1131374e5059564b8a12380c4eb75"></a><!-- doxytag: member="stream.c::AI_hashcleanup_thread" ref="a24b1131374e5059564b8a12380c4eb75" args="(void *arg)" -->
@ -127,7 +152,7 @@ Variables</h2></td></tr>
<p>FUNCTION: AI_hashcleanup_thread </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>Pointer to the AI_config struct </td></tr>
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>Pointer to the <a class="el" href="structAI__config.html">AI_config</a> struct </td></tr>
</table>
</dd>
</dl>
@ -161,13 +186,53 @@ Variables</h2></td></tr>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="a96fbc549c67e0d852ced3cb72980e923"></a><!-- doxytag: member="stream.c::hash" ref="a96fbc549c67e0d852ced3cb72980e923" args="" -->
<a class="anchor" id="a8749989cee2ac05a7de058faac280c02"></a><!-- doxytag: member="stream.c::AI_set_stream_observed" ref="a8749989cee2ac05a7de058faac280c02" args="(struct pkt_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">struct <a class="el" href="structpkt__info.html">pkt_info</a>* <a class="el" href="stream_8c.html#a96fbc549c67e0d852ced3cb72980e923">hash</a> = NULL<code> [static]</code></td>
<td class="memname">void AI_set_stream_observed </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. </p>
<p>FUNCTION: AI_set_stream_observed </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be set as "observed" </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="a57e23cda853e9d11c37723a962ef2f68"></a><!-- doxytag: member="stream.c::hash" ref="a57e23cda853e9d11c37723a962ef2f68" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE struct <a class="el" href="structpkt__info.html">pkt_info</a>* <a class="el" href="stream_8c.html#a57e23cda853e9d11c37723a962ef2f68">hash</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a0597864b078ff448f28432db86950309"></a><!-- doxytag: member="stream.c::start_time" ref="a0597864b078ff448f28432db86950309" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE time_t <a class="el" href="stream_8c.html#a0597864b078ff448f28432db86950309">start_time</a> = 0</td>
</tr>
</table>
</div>
@ -190,7 +255,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -0,0 +1,155 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: AI_config Struct Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li class="current"><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="classes.html"><span>Data&nbsp;Structure&nbsp;Index</span></a></li>
<li><a href="functions.html"><span>Data&nbsp;Fields</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>AI_config Struct Reference</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="AI_config" -->
<p><code>#include &lt;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&gt;</code></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">hashCleanupInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">streamExpireInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">alertClusteringInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">alertfile</a> [1024]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">clusterfile</a> [1024]</td></tr>
</table>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a7d0d098b8263aa3d8415b11d1ec7f93d"></a><!-- doxytag: member="AI_config::alertClusteringInterval" ref="a7d0d098b8263aa3d8415b11d1ec7f93d" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned long <a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">AI_config::alertClusteringInterval</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a2efa9590d7eea6dce8b5dd9aa76ed8ca"></a><!-- doxytag: member="AI_config::alertfile" ref="a2efa9590d7eea6dce8b5dd9aa76ed8ca" args="[1024]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char <a class="el" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">AI_config::alertfile</a>[1024]</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a6da02a3f7116fd3810a41b738e8883a3"></a><!-- doxytag: member="AI_config::clusterfile" ref="a6da02a3f7116fd3810a41b738e8883a3" args="[1024]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char <a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">AI_config::clusterfile</a>[1024]</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a9f7680615027d4fb74b4aa144a7028a4"></a><!-- doxytag: member="AI_config::hashCleanupInterval" ref="a9f7680615027d4fb74b4aa144a7028a4" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned long <a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">AI_config::hashCleanupInterval</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="abbe77d5f94b8c5164bea47acba09c98b"></a><!-- doxytag: member="AI_config::streamExpireInterval" ref="abbe77d5f94b8c5164bea47acba09c98b" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned long <a class="el" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">AI_config::streamExpireInterval</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="spp__ai_8h_source.html">spp_ai.h</a></li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

View file

@ -0,0 +1,435 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: _AI_snort_alert Struct Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li class="current"><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="classes.html"><span>Data&nbsp;Structure&nbsp;Index</span></a></li>
<li><a href="functions.html"><span>Data&nbsp;Fields</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>_AI_snort_alert Struct Reference</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="_AI_snort_alert" -->
<p><code>#include &lt;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&gt;</code></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">gid</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">sid</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">rev</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned short&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">priority</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">desc</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">classification</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">time_t&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">timestamp</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">tos</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">iplen</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">id</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">ttl</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">ipproto</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">src_addr</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">dst_addr</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">src_port</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">dst_port</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">sequence</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">ack</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">tcp_flags</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">window</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">tcplen</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">stream</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">next</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">h_node</a> [CLUSTER_TYPES]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">grouped_alarms_count</a></td></tr>
</table>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a2b185c678d3a7f1207b2119b0b567c37"></a><!-- doxytag: member="_AI_snort_alert::ack" ref="a2b185c678d3a7f1207b2119b0b567c37" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#a2b185c678d3a7f1207b2119b0b567c37">_AI_snort_alert::ack</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="aa89585e14acb2c4e684a1552d322632f"></a><!-- doxytag: member="_AI_snort_alert::classification" ref="aa89585e14acb2c4e684a1552d322632f" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char* <a class="el" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">_AI_snort_alert::classification</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ac0902d7c756ec675fb06347ce4706135"></a><!-- doxytag: member="_AI_snort_alert::desc" ref="ac0902d7c756ec675fb06347ce4706135" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char* <a class="el" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">_AI_snort_alert::desc</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a69cc2ba171c8c808a0b45caa9426cd8c"></a><!-- doxytag: member="_AI_snort_alert::dst_addr" ref="a69cc2ba171c8c808a0b45caa9426cd8c" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#a69cc2ba171c8c808a0b45caa9426cd8c">_AI_snort_alert::dst_addr</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a6b323c07ae501d221e330e13646a96a3"></a><!-- doxytag: member="_AI_snort_alert::dst_port" ref="a6b323c07ae501d221e330e13646a96a3" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a6b323c07ae501d221e330e13646a96a3">_AI_snort_alert::dst_port</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="af8408be5da59cda853442dd13465c0f6"></a><!-- doxytag: member="_AI_snort_alert::gid" ref="af8408be5da59cda853442dd13465c0f6" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">_AI_snort_alert::gid</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a285aff12d6bac03c316ccc5305d28e53"></a><!-- doxytag: member="_AI_snort_alert::grouped_alarms_count" ref="a285aff12d6bac03c316ccc5305d28e53" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">_AI_snort_alert::grouped_alarms_count</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ac53765584296ead1328eabfaba8a3aed"></a><!-- doxytag: member="_AI_snort_alert::h_node" ref="ac53765584296ead1328eabfaba8a3aed" args="[CLUSTER_TYPES]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a>* <a class="el" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">_AI_snort_alert::h_node</a>[CLUSTER_TYPES]</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a45e4acf90450a5f9efd4e0c290f84bcf"></a><!-- doxytag: member="_AI_snort_alert::id" ref="a45e4acf90450a5f9efd4e0c290f84bcf" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a45e4acf90450a5f9efd4e0c290f84bcf">_AI_snort_alert::id</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a523ef8842d01a1bc4ea3c0bf27518e78"></a><!-- doxytag: member="_AI_snort_alert::iplen" ref="a523ef8842d01a1bc4ea3c0bf27518e78" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a523ef8842d01a1bc4ea3c0bf27518e78">_AI_snort_alert::iplen</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a2a5f2741918c3c13890f2b617a7f23a4"></a><!-- doxytag: member="_AI_snort_alert::ipproto" ref="a2a5f2741918c3c13890f2b617a7f23a4" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="el" href="struct__AI__snort__alert.html#a2a5f2741918c3c13890f2b617a7f23a4">_AI_snort_alert::ipproto</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="aa8336d4b3359015ed8ea312ca1fd1173"></a><!-- doxytag: member="_AI_snort_alert::next" ref="aa8336d4b3359015ed8ea312ca1fd1173" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">struct <a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a>* <a class="el" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">_AI_snort_alert::next</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a25661fa4e212c5e30af5e6a892985ec9"></a><!-- doxytag: member="_AI_snort_alert::priority" ref="a25661fa4e212c5e30af5e6a892985ec9" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned short <a class="el" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">_AI_snort_alert::priority</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a864d3baa48586d6a31639f4cd27d9d37"></a><!-- doxytag: member="_AI_snort_alert::rev" ref="a864d3baa48586d6a31639f4cd27d9d37" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">_AI_snort_alert::rev</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="acb20c4c55149d5806d7523720786ab77"></a><!-- doxytag: member="_AI_snort_alert::sequence" ref="acb20c4c55149d5806d7523720786ab77" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#acb20c4c55149d5806d7523720786ab77">_AI_snort_alert::sequence</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a3349aa68d2234f8ffd897367c3a8a137"></a><!-- doxytag: member="_AI_snort_alert::sid" ref="a3349aa68d2234f8ffd897367c3a8a137" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">_AI_snort_alert::sid</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ab16a24f368020e4b40e65b53cae33b48"></a><!-- doxytag: member="_AI_snort_alert::src_addr" ref="ab16a24f368020e4b40e65b53cae33b48" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="el" href="struct__AI__snort__alert.html#ab16a24f368020e4b40e65b53cae33b48">_AI_snort_alert::src_addr</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a856cccd3eaabd38aa9974f26d3edc5e3"></a><!-- doxytag: member="_AI_snort_alert::src_port" ref="a856cccd3eaabd38aa9974f26d3edc5e3" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a856cccd3eaabd38aa9974f26d3edc5e3">_AI_snort_alert::src_port</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a09dfe0a841fd3912ec78060d4547cb31"></a><!-- doxytag: member="_AI_snort_alert::stream" ref="a09dfe0a841fd3912ec78060d4547cb31" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">struct <a class="el" href="structpkt__info.html">pkt_info</a>* <a class="el" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">_AI_snort_alert::stream</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="aa643f11db93b70242b57f0a04775e507"></a><!-- doxytag: member="_AI_snort_alert::tcp_flags" ref="aa643f11db93b70242b57f0a04775e507" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="el" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">_AI_snort_alert::tcp_flags</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a519a103f5e8f1cb006c0c137b7c6a1c0"></a><!-- doxytag: member="_AI_snort_alert::tcplen" ref="a519a103f5e8f1cb006c0c137b7c6a1c0" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a519a103f5e8f1cb006c0c137b7c6a1c0">_AI_snort_alert::tcplen</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a10a67f60ca3da339a2104849a0b2ac19"></a><!-- doxytag: member="_AI_snort_alert::timestamp" ref="a10a67f60ca3da339a2104849a0b2ac19" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">time_t <a class="el" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">_AI_snort_alert::timestamp</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a882ae6db43dc0fe08071947ccb044b93"></a><!-- doxytag: member="_AI_snort_alert::tos" ref="a882ae6db43dc0fe08071947ccb044b93" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="el" href="struct__AI__snort__alert.html#a882ae6db43dc0fe08071947ccb044b93">_AI_snort_alert::tos</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ab9b1ce8ee440a324af116403ac9c51a2"></a><!-- doxytag: member="_AI_snort_alert::ttl" ref="ab9b1ce8ee440a324af116403ac9c51a2" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="el" href="struct__AI__snort__alert.html#ab9b1ce8ee440a324af116403ac9c51a2">_AI_snort_alert::ttl</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a63e94be3d248cf4beb0d4d5ab75331b1"></a><!-- doxytag: member="_AI_snort_alert::window" ref="a63e94be3d248cf4beb0d4d5ab75331b1" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="el" href="struct__AI__snort__alert.html#a63e94be3d248cf4beb0d4d5ab75331b1">_AI_snort_alert::window</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="spp__ai_8h_source.html">spp_ai.h</a></li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

View file

@ -0,0 +1,183 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: _hierarchy_node Struct Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li class="current"><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="classes.html"><span>Data&nbsp;Structure&nbsp;Index</span></a></li>
<li><a href="functions.html"><span>Data&nbsp;Fields</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>_hierarchy_node Struct Reference</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="_hierarchy_node" -->
<p><code>#include &lt;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&gt;</code></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">type</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">label</a> [256]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">min_val</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">max_val</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">nchildren</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">parent</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a> **&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">children</a></td></tr>
</table>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="afc23d4fe6426873164cdaab2f3d4f0cd"></a><!-- doxytag: member="_hierarchy_node::children" ref="afc23d4fe6426873164cdaab2f3d4f0cd" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a>** <a class="el" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">_hierarchy_node::children</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ae498f6fd14ca058a3ae0a95d5425451a"></a><!-- doxytag: member="_hierarchy_node::label" ref="ae498f6fd14ca058a3ae0a95d5425451a" args="[256]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char <a class="el" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">_hierarchy_node::label</a>[256]</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a79ea88029938dc30ab8f159405d12c87"></a><!-- doxytag: member="_hierarchy_node::max_val" ref="a79ea88029938dc30ab8f159405d12c87" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int <a class="el" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">_hierarchy_node::max_val</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a13ceebd7b435b9ef347fb90d9e6bbfe4"></a><!-- doxytag: member="_hierarchy_node::min_val" ref="a13ceebd7b435b9ef347fb90d9e6bbfe4" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int <a class="el" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">_hierarchy_node::min_val</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a849256ce1039e2cefaaf64d91171be0a"></a><!-- doxytag: member="_hierarchy_node::nchildren" ref="a849256ce1039e2cefaaf64d91171be0a" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int <a class="el" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">_hierarchy_node::nchildren</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a5c94c89d7e2aea393f1c550afb766bbe"></a><!-- doxytag: member="_hierarchy_node::parent" ref="a5c94c89d7e2aea393f1c550afb766bbe" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a>* <a class="el" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">_hierarchy_node::parent</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a3b18e3ddfa2212c5e4ff9c0b4bde4296"></a><!-- doxytag: member="_hierarchy_node::type" ref="a3b18e3ddfa2212c5e4ff9c0b4bde4296" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> <a class="el" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">_hierarchy_node::type</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="spp__ai_8h_source.html">spp_ai.h</a></li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

View file

@ -0,0 +1,111 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: attribute_key Struct Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li class="current"><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="classes.html"><span>Data&nbsp;Structure&nbsp;Index</span></a></li>
<li><a href="functions.html"><span>Data&nbsp;Fields</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>attribute_key Struct Reference</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="attribute_key" --><table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__key.html#a4fdb3d7aabeac6b1052b59e05e3d8842">min</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__key.html#a82b7e5ac49820b816871a4ddf30c462d">max</a></td></tr>
</table>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a82b7e5ac49820b816871a4ddf30c462d"></a><!-- doxytag: member="attribute_key::max" ref="a82b7e5ac49820b816871a4ddf30c462d" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int <a class="el" href="structattribute__key.html#a82b7e5ac49820b816871a4ddf30c462d">attribute_key::max</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a4fdb3d7aabeac6b1052b59e05e3d8842"></a><!-- doxytag: member="attribute_key::min" ref="a4fdb3d7aabeac6b1052b59e05e3d8842" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int <a class="el" href="structattribute__key.html#a4fdb3d7aabeac6b1052b59e05e3d8842">attribute_key::min</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="cluster_8c.html">cluster.c</a></li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

View file

@ -0,0 +1,139 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: attribute_value Struct Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li class="current"><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="classes.html"><span>Data&nbsp;Structure&nbsp;Index</span></a></li>
<li><a href="functions.html"><span>Data&nbsp;Fields</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>attribute_value Struct Reference</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="attribute_value" --><table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="structattribute__key.html">attribute_key</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d">key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c">type</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__value.html#a5579c0304c2e9ab488ac94905b385045">count</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">UT_hash_handle&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">hh</a></td></tr>
</table>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a5579c0304c2e9ab488ac94905b385045"></a><!-- doxytag: member="attribute_value::count" ref="a5579c0304c2e9ab488ac94905b385045" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="structattribute__value.html#a5579c0304c2e9ab488ac94905b385045">attribute_value::count</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a9abf5d1758ee0cc4803e3b40fc4481cc"></a><!-- doxytag: member="attribute_value::hh" ref="a9abf5d1758ee0cc4803e3b40fc4481cc" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">UT_hash_handle <a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">attribute_value::hh</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="aa8b5ae41c150e4fefb800d3b1924278d"></a><!-- doxytag: member="attribute_value::key" ref="aa8b5ae41c150e4fefb800d3b1924278d" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="structattribute__key.html">attribute_key</a> <a class="el" href="structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d">attribute_value::key</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a5322c4edde771a7ee0d9fc5f5e45484c"></a><!-- doxytag: member="attribute_value::type" ref="a5322c4edde771a7ee0d9fc5f5e45484c" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> <a class="el" href="structattribute__value.html#a5322c4edde771a7ee0d9fc5f5e45484c">attribute_value::type</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="cluster_8c.html">cluster.c</a></li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

View file

@ -53,13 +53,16 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h1>pkt_info Struct Reference</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="pkt_info" --><table class="memberdecls">
<!-- doxytag: class="pkt_info" -->
<p><code>#include &lt;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&gt;</code></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">time_t&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">timestamp</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">SFSnortPacket *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">next</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">observed</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">UT_hash_handle&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">hh</a></td></tr>
</table>
<hr/><h2>Field Documentation</h2>
@ -100,6 +103,19 @@ Data Fields</h2></td></tr>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ac7ff78ea5faf333fc91f92e3085ea7c9"></a><!-- doxytag: member="pkt_info::observed" ref="ac7ff78ea5faf333fc91f92e3085ea7c9" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="el" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">pkt_info::observed</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a8d5ebd04a32067b05387e5c5056fe168"></a><!-- doxytag: member="pkt_info::pkt" ref="a8d5ebd04a32067b05387e5c5056fe168" args="" -->
@ -129,7 +145,7 @@ Data Fields</h2></td></tr>
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="stream_8c.html">stream.c</a></li>
<li><a class="el" href="spp__ai_8h_source.html">spp_ai.h</a></li>
</ul>
</div>
<!--- window showing the filter options -->
@ -146,7 +162,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -53,7 +53,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h1>pkt_key Struct Reference</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="pkt_key" --><table class="memberdecls">
<!-- doxytag: class="pkt_key" -->
<p><code>#include &lt;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&gt;</code></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">src_ip</a></td></tr>
@ -87,7 +89,7 @@ Data Fields</h2></td></tr>
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="stream_8c.html">stream.c</a></li>
<li><a class="el" href="spp__ai_8h_source.html">spp_ai.h</a></li>
</ul>
</div>
<!--- window showing the filter options -->
@ -104,7 +106,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

View file

@ -0,0 +1,111 @@
\hypertarget{alert__parser_8c}{
\section{alert\_\-parser.c File Reference}
\label{alert__parser_8c}\index{alert\_\-parser.c@{alert\_\-parser.c}}
}
{\ttfamily \#include \char`\"{}spp\_\-ai.h\char`\"{}}\par
{\ttfamily \#include $<$stdio.h$>$}\par
{\ttfamily \#include $<$unistd.h$>$}\par
{\ttfamily \#include $<$time.h$>$}\par
{\ttfamily \#include $<$sys/inotify.h$>$}\par
{\ttfamily \#include $<$sys/stat.h$>$}\par
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
void $\ast$ \hyperlink{alert__parser_8c_ad68c45b5846743a54ad3fa92c8e48f8a}{AI\_\-alertparser\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for parsing Snort's alert file. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{alert__parser_8c_a6c5014cae9155379fdc4db649b2c862d}{\_\-AI\_\-copy\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-\/only). \item\end{DoxyCompactList}\item
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{alert__parser_8c_a99474495643197b3075ac22ec6f6c70f}{AI\_\-get\_\-alerts} ()
\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\item
void \hyperlink{alert__parser_8c_a270e86669a0aa64a8da37bc16cda645b}{AI\_\-free\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Deallocate the memory of a log alert linked list. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{alert__parser_8c_ae837fc04e61c0eb052f997c54b4fd9fe}{alerts} = NULL
\item
PRIVATE FILE $\ast$ \hyperlink{alert__parser_8c_abee2a33368912d9288c76b51160a9ed6}{alert\_\-fp} = NULL
\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{alert__parser_8c_a6c5014cae9155379fdc4db649b2c862d}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!\_\-AI\_\-copy\_\-alerts@{\_\-AI\_\-copy\_\-alerts}}
\index{\_\-AI\_\-copy\_\-alerts@{\_\-AI\_\-copy\_\-alerts}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{\_\-AI\_\-copy\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ \_\-AI\_\-copy\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ node}
\end{DoxyParamCaption}
)}}
\label{alert__parser_8c_a6c5014cae9155379fdc4db649b2c862d}
Create a copy of the alert log struct (this is done for leaving the alert log structure in this file as read-\/only).
FUNCTION: \_\-AI\_\-copy\_\-alerts
\begin{DoxyParams}{Parameters}
\item[{\em node}]Starting node (used for the recursion) \end{DoxyParams}
\begin{DoxyReturn}{Returns}
A copy of the alert log linked list
\end{DoxyReturn}
\hypertarget{alert__parser_8c_ad68c45b5846743a54ad3fa92c8e48f8a}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!AI\_\-alertparser\_\-thread@{AI\_\-alertparser\_\-thread}}
\index{AI\_\-alertparser\_\-thread@{AI\_\-alertparser\_\-thread}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{AI\_\-alertparser\_\-thread}]{\setlength{\rightskip}{0pt plus 5cm}void$\ast$ AI\_\-alertparser\_\-thread (
\begin{DoxyParamCaption}
\item[{void $\ast$}]{ arg}
\end{DoxyParamCaption}
)}}
\label{alert__parser_8c_ad68c45b5846743a54ad3fa92c8e48f8a}
Thread for parsing Snort's alert file.
FUNCTION: AI\_\-alertparser\_\-thread
\begin{DoxyParams}{Parameters}
\item[{\em arg}]void$\ast$ pointer to module's configuration \end{DoxyParams}
\hypertarget{alert__parser_8c_a270e86669a0aa64a8da37bc16cda645b}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!AI\_\-free\_\-alerts@{AI\_\-free\_\-alerts}}
\index{AI\_\-free\_\-alerts@{AI\_\-free\_\-alerts}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{AI\_\-free\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-free\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ node}
\end{DoxyParamCaption}
)}}
\label{alert__parser_8c_a270e86669a0aa64a8da37bc16cda645b}
Deallocate the memory of a log alert linked list.
FUNCTION: AI\_\-free\_\-alerts
\begin{DoxyParams}{Parameters}
\item[{\em node}]Linked list to be freed \end{DoxyParams}
\hypertarget{alert__parser_8c_a99474495643197b3075ac22ec6f6c70f}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!AI\_\-get\_\-alerts@{AI\_\-get\_\-alerts}}
\index{AI\_\-get\_\-alerts@{AI\_\-get\_\-alerts}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{AI\_\-get\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}{\bf AI\_\-snort\_\-alert}$\ast$ AI\_\-get\_\-alerts (
\begin{DoxyParamCaption}
\item[{void}]{}
\end{DoxyParamCaption}
)}}
\label{alert__parser_8c_a99474495643197b3075ac22ec6f6c70f}
Return the alerts parsed so far as a linked list.
FUNCTION: AI\_\-get\_\-alerts \begin{DoxyReturn}{Returns}
An AI\_\-snort\_\-alert pointer identifying the list of alerts
\end{DoxyReturn}
\subsection{Variable Documentation}
\hypertarget{alert__parser_8c_abee2a33368912d9288c76b51160a9ed6}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!alert\_\-fp@{alert\_\-fp}}
\index{alert\_\-fp@{alert\_\-fp}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{alert\_\-fp}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE FILE$\ast$ {\bf alert\_\-fp} = NULL}}
\label{alert__parser_8c_abee2a33368912d9288c76b51160a9ed6}
\hypertarget{alert__parser_8c_ae837fc04e61c0eb052f997c54b4fd9fe}{
\index{alert\_\-parser.c@{alert\_\-parser.c}!alerts@{alerts}}
\index{alerts@{alerts}!alert_parser.c@{alert\_\-parser.c}}
\subsubsection[{alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ {\bf alerts} = NULL}}
\label{alert__parser_8c_ae837fc04e61c0eb052f997c54b4fd9fe}

View file

@ -1,6 +1,10 @@
\section{Data Structures}
Here are the data structures with brief descriptions:\begin{DoxyCompactList}
\item\contentsline{section}{\hyperlink{struct__AI__config}{\_\-AI\_\-config} }{\pageref{struct__AI__config}}{}
\item\contentsline{section}{\hyperlink{struct__AI__snort__alert}{\_\-AI\_\-snort\_\-alert} }{\pageref{struct__AI__snort__alert}}{}
\item\contentsline{section}{\hyperlink{struct__hierarchy__node}{\_\-hierarchy\_\-node} }{\pageref{struct__hierarchy__node}}{}
\item\contentsline{section}{\hyperlink{structAI__config}{AI\_\-config} }{\pageref{structAI__config}}{}
\item\contentsline{section}{\hyperlink{structattribute__key}{attribute\_\-key} }{\pageref{structattribute__key}}{}
\item\contentsline{section}{\hyperlink{structattribute__value}{attribute\_\-value} }{\pageref{structattribute__value}}{}
\item\contentsline{section}{\hyperlink{structpkt__info}{pkt\_\-info} }{\pageref{structpkt__info}}{}
\item\contentsline{section}{\hyperlink{structpkt__key}{pkt\_\-key} }{\pageref{structpkt__key}}{}
\end{DoxyCompactList}

253
doc/latex/cluster_8c.tex Normal file
View file

@ -0,0 +1,253 @@
\hypertarget{cluster_8c}{
\section{cluster.c File Reference}
\label{cluster_8c}\index{cluster.c@{cluster.c}}
}
{\ttfamily \#include \char`\"{}spp\_\-ai.h\char`\"{}}\par
{\ttfamily \#include $<$stdio.h$>$}\par
{\ttfamily \#include $<$unistd.h$>$}\par
{\ttfamily \#include $<$limits.h$>$}\par
{\ttfamily \#include $<$pthread.h$>$}\par
\subsection*{Data Structures}
\begin{DoxyCompactItemize}
\item
struct \hyperlink{structattribute__key}{attribute\_\-key}
\item
struct \hyperlink{structattribute__value}{attribute\_\-value}
\end{DoxyCompactItemize}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
PRIVATE int \hyperlink{cluster_8c_a81f5fa721719fdb281595a568eef2101}{\_\-heuristic\_\-func} (\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}{cluster\_\-type} type)
\begin{DoxyCompactList}\small\item\em Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124). \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{cluster_8c_a2f1a22cfea64e4669da0467620c3e3b3}{\_\-hierarchy\_\-node\_\-new} (char $\ast$label, int min\_\-val, int max\_\-val)
\begin{DoxyCompactList}\small\item\em Create a new clustering hierarchy node. \item\end{DoxyCompactList}\item
PRIVATE void \hyperlink{cluster_8c_a5601a1f603d9c870ef6e2df192e30c30}{\_\-hierarchy\_\-node\_\-append} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$parent, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$child)
\begin{DoxyCompactList}\small\item\em Append a node to a clustering hierarchy node. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{cluster_8c_a6ddddcd505b1f763c339e81fc143e079}{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node} (int val, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
\begin{DoxyCompactList}\small\item\em Get the minimum node in a hierarchy tree that matches a certain value. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{cluster_8c_a0f91c8bfc37a3975f5c26b19fd6c5cba}{\_\-AI\_\-equal\_\-alarms} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a1, \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$a2)
\begin{DoxyCompactList}\small\item\em Check if two alerts are semantically equal. \item\end{DoxyCompactList}\item
PRIVATE int \hyperlink{cluster_8c_a8ce8e5a5d8954672297fa2dedb380dcd}{\_\-AI\_\-merge\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$$\ast$log)
\begin{DoxyCompactList}\small\item\em Merge the alerts marked as equal in the log. \item\end{DoxyCompactList}\item
PRIVATE void \hyperlink{cluster_8c_a7d151880080470b542e99643dc0426a7}{\_\-AI\_\-print\_\-clustered\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$log, FILE $\ast$fp)
\begin{DoxyCompactList}\small\item\em Print the clustered alerts to a log file. \item\end{DoxyCompactList}\item
PRIVATE void $\ast$ \hyperlink{cluster_8c_a8a5eae61dc9fd0f13e0acdfa5f4478e2}{\_\-AI\_\-cluster\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for periodically clustering the log information. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{cluster_8c_a29c35cd6c56f54e27b5b190c6d6c487a}{\_\-AI\_\-check\_\-duplicate} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$node, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
\begin{DoxyCompactList}\small\item\em Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. \item\end{DoxyCompactList}\item
void \hyperlink{cluster_8c_a1445818b37483f78cc3fb2890155842c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$conf, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$nodes, int n\_\-nodes)
\begin{DoxyCompactList}\small\item\em Build the clustering hierarchy trees. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$ \hyperlink{cluster_8c_a97d35425cf5a0207fb50b64ee8cdda82}{h\_\-root} \mbox{[}CLUSTER\_\-TYPES\mbox{]} = \{ NULL \}
\item
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{cluster_8c_a91458e2d34595688e39fcb63ba418849}{\_\-config} = NULL
\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{cluster_8c_aaf4c19f60f48741b0890c6114dcff7d9}{alert\_\-log} = NULL
\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{cluster_8c_a29c35cd6c56f54e27b5b190c6d6c487a}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-check\_\-duplicate@{\_\-AI\_\-check\_\-duplicate}}
\index{\_\-AI\_\-check\_\-duplicate@{\_\-AI\_\-check\_\-duplicate}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-check\_\-duplicate}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf BOOL} \_\-AI\_\-check\_\-duplicate (
\begin{DoxyParamCaption}
\item[{{\bf hierarchy\_\-node} $\ast$}]{ node, }
\item[{{\bf hierarchy\_\-node} $\ast$}]{ root}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a29c35cd6c56f54e27b5b190c6d6c487a}
Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy.
FUNCTION: \_\-AI\_\-check\_\-duplicate
\begin{DoxyParams}{Parameters}
\item[{\em node}]Node to be checked \item[{\em root}]Clustering hierarchy \end{DoxyParams}
\begin{DoxyReturn}{Returns}
True if 'node' is already in 'root', false otherwise
\end{DoxyReturn}
\hypertarget{cluster_8c_a8a5eae61dc9fd0f13e0acdfa5f4478e2}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-cluster\_\-thread@{\_\-AI\_\-cluster\_\-thread}}
\index{\_\-AI\_\-cluster\_\-thread@{\_\-AI\_\-cluster\_\-thread}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-cluster\_\-thread}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE void$\ast$ \_\-AI\_\-cluster\_\-thread (
\begin{DoxyParamCaption}
\item[{void $\ast$}]{ arg}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a8a5eae61dc9fd0f13e0acdfa5f4478e2}
Thread for periodically clustering the log information.
FUNCTION: \_\-AI\_\-cluster\_\-thread \hypertarget{cluster_8c_a0f91c8bfc37a3975f5c26b19fd6c5cba}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-equal\_\-alarms@{\_\-AI\_\-equal\_\-alarms}}
\index{\_\-AI\_\-equal\_\-alarms@{\_\-AI\_\-equal\_\-alarms}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-equal\_\-alarms}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf BOOL} \_\-AI\_\-equal\_\-alarms (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ a1, }
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ a2}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a0f91c8bfc37a3975f5c26b19fd6c5cba}
Check if two alerts are semantically equal.
FUNCTION: \_\-AI\_\-equal\_\-alarms
\begin{DoxyParams}{Parameters}
\item[{\em a1}]First alert \item[{\em a2}]Second alert \end{DoxyParams}
\begin{DoxyReturn}{Returns}
True if they are equal, false otherwise
\end{DoxyReturn}
\hypertarget{cluster_8c_a6ddddcd505b1f763c339e81fc143e079}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node@{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node}}
\index{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node@{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-get\_\-min\_\-hierarchy\_\-node}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hierarchy\_\-node}$\ast$ \_\-AI\_\-get\_\-min\_\-hierarchy\_\-node (
\begin{DoxyParamCaption}
\item[{int}]{ val, }
\item[{{\bf hierarchy\_\-node} $\ast$}]{ root}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a6ddddcd505b1f763c339e81fc143e079}
Get the minimum node in a hierarchy tree that matches a certain value.
FUNCTION: \_\-AI\_\-get\_\-min\_\-hierarchy\_\-node
\begin{DoxyParams}{Parameters}
\item[{\em val}]Value to be matched in the range \item[{\em root}]Root of the hierarchy \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The minimum node that matches the value if any, NULL otherwise
\end{DoxyReturn}
\hypertarget{cluster_8c_a8ce8e5a5d8954672297fa2dedb380dcd}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-merge\_\-alerts@{\_\-AI\_\-merge\_\-alerts}}
\index{\_\-AI\_\-merge\_\-alerts@{\_\-AI\_\-merge\_\-alerts}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-merge\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE int \_\-AI\_\-merge\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$$\ast$}]{ log}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a8ce8e5a5d8954672297fa2dedb380dcd}
Merge the alerts marked as equal in the log.
FUNCTION: \_\-AI\_\-merge\_\-alerts
\begin{DoxyParams}{Parameters}
\item[{\em log}]Alert log reference \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The number of merged couples
\end{DoxyReturn}
\hypertarget{cluster_8c_a7d151880080470b542e99643dc0426a7}{
\index{cluster.c@{cluster.c}!\_\-AI\_\-print\_\-clustered\_\-alerts@{\_\-AI\_\-print\_\-clustered\_\-alerts}}
\index{\_\-AI\_\-print\_\-clustered\_\-alerts@{\_\-AI\_\-print\_\-clustered\_\-alerts}!cluster.c@{cluster.c}}
\subsubsection[{\_\-AI\_\-print\_\-clustered\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE void \_\-AI\_\-print\_\-clustered\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ log, }
\item[{FILE $\ast$}]{ fp}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a7d151880080470b542e99643dc0426a7}
Print the clustered alerts to a log file.
FUNCTION: \_\-AI\_\-print\_\-clustered\_\-alerts
\begin{DoxyParams}{Parameters}
\item[{\em log}]Log containing the alerts \item[{\em fp}]File pointer where the alerts will be printed \end{DoxyParams}
\hypertarget{cluster_8c_a81f5fa721719fdb281595a568eef2101}{
\index{cluster.c@{cluster.c}!\_\-heuristic\_\-func@{\_\-heuristic\_\-func}}
\index{\_\-heuristic\_\-func@{\_\-heuristic\_\-func}!cluster.c@{cluster.c}}
\subsubsection[{\_\-heuristic\_\-func}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE int \_\-heuristic\_\-func (
\begin{DoxyParamCaption}
\item[{{\bf cluster\_\-type}}]{ type}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a81f5fa721719fdb281595a568eef2101}
Function that picks up the heuristic value for a clustering attribute in according to Julisch's heuristic (ACM, Vol.2, No.3, 09 2002, pag.124).
FUNCTION: \_\-heuristic\_\-func
\begin{DoxyParams}{Parameters}
\item[{\em type}]Attribute type \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The heuristic coefficient for that attribute, -\/1 if no clustering information is available for that attribute
\end{DoxyReturn}
\hypertarget{cluster_8c_a5601a1f603d9c870ef6e2df192e30c30}{
\index{cluster.c@{cluster.c}!\_\-hierarchy\_\-node\_\-append@{\_\-hierarchy\_\-node\_\-append}}
\index{\_\-hierarchy\_\-node\_\-append@{\_\-hierarchy\_\-node\_\-append}!cluster.c@{cluster.c}}
\subsubsection[{\_\-hierarchy\_\-node\_\-append}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE void \_\-hierarchy\_\-node\_\-append (
\begin{DoxyParamCaption}
\item[{{\bf hierarchy\_\-node} $\ast$}]{ parent, }
\item[{{\bf hierarchy\_\-node} $\ast$}]{ child}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a5601a1f603d9c870ef6e2df192e30c30}
Append a node to a clustering hierarchy node.
FUNCTION: \_\-hierarchy\_\-node\_\-append
\begin{DoxyParams}{Parameters}
\item[{\em parent}]Parent node \item[{\em child}]Child node \end{DoxyParams}
\hypertarget{cluster_8c_a2f1a22cfea64e4669da0467620c3e3b3}{
\index{cluster.c@{cluster.c}!\_\-hierarchy\_\-node\_\-new@{\_\-hierarchy\_\-node\_\-new}}
\index{\_\-hierarchy\_\-node\_\-new@{\_\-hierarchy\_\-node\_\-new}!cluster.c@{cluster.c}}
\subsubsection[{\_\-hierarchy\_\-node\_\-new}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hierarchy\_\-node}$\ast$ \_\-hierarchy\_\-node\_\-new (
\begin{DoxyParamCaption}
\item[{char $\ast$}]{ label, }
\item[{int}]{ min\_\-val, }
\item[{int}]{ max\_\-val}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a2f1a22cfea64e4669da0467620c3e3b3}
Create a new clustering hierarchy node.
FUNCTION: \_\-hierarchy\_\-node\_\-new
\begin{DoxyParams}{Parameters}
\item[{\em label}]Label for the node \item[{\em min\_\-val}]Minimum value for the range represented by the node \item[{\em max\_\-val}]Maximum value for the range represented by the node \end{DoxyParams}
\begin{DoxyReturn}{Returns}
The brand new node if the allocation was ok, otherwise abort the application
\end{DoxyReturn}
\hypertarget{cluster_8c_a1445818b37483f78cc3fb2890155842c}{
\index{cluster.c@{cluster.c}!AI\_\-hierarchies\_\-build@{AI\_\-hierarchies\_\-build}}
\index{AI\_\-hierarchies\_\-build@{AI\_\-hierarchies\_\-build}!cluster.c@{cluster.c}}
\subsubsection[{AI\_\-hierarchies\_\-build}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-hierarchies\_\-build (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-config} $\ast$}]{ conf, }
\item[{{\bf hierarchy\_\-node} $\ast$$\ast$}]{ nodes, }
\item[{int}]{ n\_\-nodes}
\end{DoxyParamCaption}
)}}
\label{cluster_8c_a1445818b37483f78cc3fb2890155842c}
Build the clustering hierarchy trees.
FUNCTION: AI\_\-hierarchies\_\-build
\begin{DoxyParams}{Parameters}
\item[{\em conf}]Reference to the configuration of the module \item[{\em nodes}]Nodes containing the information about the clustering ranges \item[{\em n\_\-nodes}]Number of nodes \end{DoxyParams}
\subsection{Variable Documentation}
\hypertarget{cluster_8c_a91458e2d34595688e39fcb63ba418849}{
\index{cluster.c@{cluster.c}!\_\-config@{\_\-config}}
\index{\_\-config@{\_\-config}!cluster.c@{cluster.c}}
\subsubsection[{\_\-config}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-config}$\ast$ {\bf \_\-config} = NULL}}
\label{cluster_8c_a91458e2d34595688e39fcb63ba418849}
\hypertarget{cluster_8c_aaf4c19f60f48741b0890c6114dcff7d9}{
\index{cluster.c@{cluster.c}!alert\_\-log@{alert\_\-log}}
\index{alert\_\-log@{alert\_\-log}!cluster.c@{cluster.c}}
\subsubsection[{alert\_\-log}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ {\bf alert\_\-log} = NULL}}
\label{cluster_8c_aaf4c19f60f48741b0890c6114dcff7d9}
\hypertarget{cluster_8c_a97d35425cf5a0207fb50b64ee8cdda82}{
\index{cluster.c@{cluster.c}!h\_\-root@{h\_\-root}}
\index{h\_\-root@{h\_\-root}!cluster.c@{cluster.c}}
\subsubsection[{h\_\-root}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf hierarchy\_\-node}$\ast$ {\bf h\_\-root}\mbox{[}CLUSTER\_\-TYPES\mbox{]} = \{ NULL \}}}
\label{cluster_8c_a97d35425cf5a0207fb50b64ee8cdda82}

View file

@ -27,9 +27,9 @@
\fancyplain{}{\bfseries\thepage}%
}
\rfoot[\fancyplain{}{\bfseries\scriptsize%
Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by Doxygen }]{}
Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by Doxygen }]{}
\lfoot[]{\fancyplain{}{\bfseries\scriptsize%
Generated on Wed Aug 4 2010 11:30:57 for Snort AI preprocessor module by Doxygen }}
Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by Doxygen }}
\cfoot{}
%---------- Internal commands used in this style file ----------------

View file

@ -1,5 +1,8 @@
\section{File List}
Here is a list of all files with brief descriptions:\begin{DoxyCompactList}
\item\contentsline{section}{\hyperlink{alert__parser_8c}{alert\_\-parser.c} }{\pageref{alert__parser_8c}}{}
\item\contentsline{section}{\hyperlink{cluster_8c}{cluster.c} }{\pageref{cluster_8c}}{}
\item\contentsline{section}{\hyperlink{regex_8c}{regex.c} }{\pageref{regex_8c}}{}
\item\contentsline{section}{\hyperlink{sf__dynamic__preproc__lib_8c}{sf\_\-dynamic\_\-preproc\_\-lib.c} }{\pageref{sf__dynamic__preproc__lib_8c}}{}
\item\contentsline{section}{\hyperlink{sf__preproc__info_8h}{sf\_\-preproc\_\-info.h} }{\pageref{sf__preproc__info_8h}}{}
\item\contentsline{section}{\hyperlink{sfPolicyUserData_8c}{sfPolicyUserData.c} }{\pageref{sfPolicyUserData_8c}}{}

View file

@ -41,7 +41,7 @@
\vspace*{1cm}
{\large Generated by Doxygen 1.7.1}\\
\vspace*{0.5cm}
{\small Wed Aug 4 2010 11:30:57}\\
{\small Mon Aug 16 2010 22:05:38}\\
\end{center}
\end{titlepage}
\clearemptydoublepage
@ -59,10 +59,17 @@
\chapter{Module Documentation}
\input{group__sfPolicyConfig}
\chapter{Data Structure Documentation}
\input{struct__AI__config}
\input{struct__AI__snort__alert}
\input{struct__hierarchy__node}
\input{structAI__config}
\input{structattribute__key}
\input{structattribute__value}
\input{structpkt__info}
\input{structpkt__key}
\chapter{File Documentation}
\input{alert__parser_8c}
\input{cluster_8c}
\input{regex_8c}
\input{sf__dynamic__preproc__lib_8c}
\input{sf__preproc__info_8h}
\input{sfPolicyUserData_8c}

38
doc/latex/regex_8c.tex Normal file
View file

@ -0,0 +1,38 @@
\hypertarget{regex_8c}{
\section{regex.c File Reference}
\label{regex_8c}\index{regex.c@{regex.c}}
}
{\ttfamily \#include $<$stdio.h$>$}\par
{\ttfamily \#include $<$stdlib.h$>$}\par
{\ttfamily \#include $<$string.h$>$}\par
{\ttfamily \#include $<$regex.h$>$}\par
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
int \hyperlink{regex_8c_a35f57c052a7de1ded54b67a1f7819791}{preg\_\-match} (const char $\ast$expr, char $\ast$str, char $\ast$$\ast$$\ast$matches, int $\ast$nmatches)
\begin{DoxyCompactList}\small\item\em Check if a string matches a regular expression. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection{Function Documentation}
\hypertarget{regex_8c_a35f57c052a7de1ded54b67a1f7819791}{
\index{regex.c@{regex.c}!preg\_\-match@{preg\_\-match}}
\index{preg\_\-match@{preg\_\-match}!regex.c@{regex.c}}
\subsubsection[{preg\_\-match}]{\setlength{\rightskip}{0pt plus 5cm}int preg\_\-match (
\begin{DoxyParamCaption}
\item[{const char $\ast$}]{ expr, }
\item[{char $\ast$}]{ str, }
\item[{char $\ast$$\ast$$\ast$}]{ matches, }
\item[{int $\ast$}]{ nmatches}
\end{DoxyParamCaption}
)}}
\label{regex_8c_a35f57c052a7de1ded54b67a1f7819791}
Check if a string matches a regular expression.
FUNCTION: preg\_\-match
\begin{DoxyParams}{Parameters}
\item[{\em expr}]Regular expression to be matched \item[{\em str}]String to be checked \item[{\em matches}]Reference to a char$\ast$$\ast$ that will contain the submatches (NULL if you don't need it) \item[{\em nmatches}]Reference to a int containing the number of submatches found (NULL if you don't need it) \end{DoxyParams}
\begin{DoxyReturn}{Returns}
-\/1 if the regex is wrong, 0 if no match was found, 1 otherwise
\end{DoxyReturn}

View file

@ -3,30 +3,10 @@
\label{spp__ai_8c}\index{spp\_\-ai.c@{spp\_\-ai.c}}
}
{\ttfamily \#include \char`\"{}spp\_\-ai.h\char`\"{}}\par
{\ttfamily \#include \char`\"{}preprocids.h\char`\"{}}\par
{\ttfamily \#include \char`\"{}sf\_\-dynamic\_\-preproc\_\-lib.h\char`\"{}}\par
{\ttfamily \#include \char`\"{}sf\_\-dynamic\_\-preprocessor.h\char`\"{}}\par
{\ttfamily \#include \char`\"{}debug.h\char`\"{}}\par
{\ttfamily \#include \char`\"{}sfPolicy.h\char`\"{}}\par
{\ttfamily \#include \char`\"{}sfPolicyUserData.h\char`\"{}}\par
{\ttfamily \#include $<$sys/types.h$>$}\par
{\ttfamily \#include $<$stdlib.h$>$}\par
{\ttfamily \#include $<$ctype.h$>$}\par
{\ttfamily \#include $<$string.h$>$}\par
{\ttfamily \#include $<$pthread.h$>$}\par
\subsection*{Defines}
\begin{DoxyCompactItemize}
\item
\#define \hyperlink{spp__ai_8c_a9e7d446fc8b40be2cfbb5c69c3e132ca}{GENERATOR\_\-EXAMPLE}~256
\item
\#define \hyperlink{spp__ai_8c_af4c767ae0346026264c851108f42be63}{SRC\_\-PORT\_\-MATCH}~1
\item
\#define \hyperlink{spp__ai_8c_a3ec4dd8f1ebed73c13175d9b9c820e2e}{SRC\_\-PORT\_\-MATCH\_\-STR}~\char`\"{}example\_\-preprocessor: src port match\char`\"{}
\item
\#define \hyperlink{spp__ai_8c_a8ab13e8ad1dfd19b9237a99ae6130146}{DST\_\-PORT\_\-MATCH}~2
\item
\#define \hyperlink{spp__ai_8c_a1f3521b9bcf5daf99190be58473a4110}{DST\_\-PORT\_\-MATCH\_\-STR}~\char`\"{}example\_\-preprocessor: dest port match\char`\"{}
\end{DoxyCompactItemize}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
@ -34,7 +14,7 @@ static void \hyperlink{spp__ai_8c_a3524cbdf8fddbcf38c4ed55241002242}{AI\_\-init}
\begin{DoxyCompactList}\small\item\em Initialize the preprocessor module. \item\end{DoxyCompactList}\item
static void \hyperlink{spp__ai_8c_a57c05cda012c443cb4c358dc327cd3d1}{AI\_\-process} (void $\ast$pkt, void $\ast$context)
\begin{DoxyCompactList}\small\item\em Function executed every time the module receives a packet to be processed. \item\end{DoxyCompactList}\item
static \hyperlink{struct__AI__config}{AI\_\-config} $\ast$ \hyperlink{spp__ai_8c_ae1c5c4b38ee2819d427848eb3046373e}{AI\_\-parse} (char $\ast$args)
static \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{spp__ai_8c_ae1c5c4b38ee2819d427848eb3046373e}{AI\_\-parse} (char $\ast$args)
\begin{DoxyCompactList}\small\item\em Parse the arguments passed to the module saving them to a valid configuration struct. \item\end{DoxyCompactList}\item
void \hyperlink{spp__ai_8c_a1b9ebb5c719c7d9426ddfc1f3da36570}{AI\_\-setup} (void)
\begin{DoxyCompactList}\small\item\em Set up the preprocessor module. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
@ -42,39 +22,9 @@ void \hyperlink{spp__ai_8c_a1b9ebb5c719c7d9426ddfc1f3da36570}{AI\_\-setup} (void
\begin{DoxyCompactItemize}
\item
tSfPolicyUserContextId \hyperlink{spp__ai_8c_a3dd75596c540d148643fe6d1fdc02628}{ex\_\-config} = NULL
\item
DynamicPreprocessorData \hyperlink{spp__ai_8c_ab46420126c43c1aac5eabc5db266a71c}{\_\-dpd}
\end{DoxyCompactItemize}
\subsection{Define Documentation}
\hypertarget{spp__ai_8c_a8ab13e8ad1dfd19b9237a99ae6130146}{
\index{spp\_\-ai.c@{spp\_\-ai.c}!DST\_\-PORT\_\-MATCH@{DST\_\-PORT\_\-MATCH}}
\index{DST\_\-PORT\_\-MATCH@{DST\_\-PORT\_\-MATCH}!spp_ai.c@{spp\_\-ai.c}}
\subsubsection[{DST\_\-PORT\_\-MATCH}]{\setlength{\rightskip}{0pt plus 5cm}\#define DST\_\-PORT\_\-MATCH~2}}
\label{spp__ai_8c_a8ab13e8ad1dfd19b9237a99ae6130146}
\hypertarget{spp__ai_8c_a1f3521b9bcf5daf99190be58473a4110}{
\index{spp\_\-ai.c@{spp\_\-ai.c}!DST\_\-PORT\_\-MATCH\_\-STR@{DST\_\-PORT\_\-MATCH\_\-STR}}
\index{DST\_\-PORT\_\-MATCH\_\-STR@{DST\_\-PORT\_\-MATCH\_\-STR}!spp_ai.c@{spp\_\-ai.c}}
\subsubsection[{DST\_\-PORT\_\-MATCH\_\-STR}]{\setlength{\rightskip}{0pt plus 5cm}\#define DST\_\-PORT\_\-MATCH\_\-STR~\char`\"{}example\_\-preprocessor: dest port match\char`\"{}}}
\label{spp__ai_8c_a1f3521b9bcf5daf99190be58473a4110}
\hypertarget{spp__ai_8c_a9e7d446fc8b40be2cfbb5c69c3e132ca}{
\index{spp\_\-ai.c@{spp\_\-ai.c}!GENERATOR\_\-EXAMPLE@{GENERATOR\_\-EXAMPLE}}
\index{GENERATOR\_\-EXAMPLE@{GENERATOR\_\-EXAMPLE}!spp_ai.c@{spp\_\-ai.c}}
\subsubsection[{GENERATOR\_\-EXAMPLE}]{\setlength{\rightskip}{0pt plus 5cm}\#define GENERATOR\_\-EXAMPLE~256}}
\label{spp__ai_8c_a9e7d446fc8b40be2cfbb5c69c3e132ca}
\hypertarget{spp__ai_8c_af4c767ae0346026264c851108f42be63}{
\index{spp\_\-ai.c@{spp\_\-ai.c}!SRC\_\-PORT\_\-MATCH@{SRC\_\-PORT\_\-MATCH}}
\index{SRC\_\-PORT\_\-MATCH@{SRC\_\-PORT\_\-MATCH}!spp_ai.c@{spp\_\-ai.c}}
\subsubsection[{SRC\_\-PORT\_\-MATCH}]{\setlength{\rightskip}{0pt plus 5cm}\#define SRC\_\-PORT\_\-MATCH~1}}
\label{spp__ai_8c_af4c767ae0346026264c851108f42be63}
\hypertarget{spp__ai_8c_a3ec4dd8f1ebed73c13175d9b9c820e2e}{
\index{spp\_\-ai.c@{spp\_\-ai.c}!SRC\_\-PORT\_\-MATCH\_\-STR@{SRC\_\-PORT\_\-MATCH\_\-STR}}
\index{SRC\_\-PORT\_\-MATCH\_\-STR@{SRC\_\-PORT\_\-MATCH\_\-STR}!spp_ai.c@{spp\_\-ai.c}}
\subsubsection[{SRC\_\-PORT\_\-MATCH\_\-STR}]{\setlength{\rightskip}{0pt plus 5cm}\#define SRC\_\-PORT\_\-MATCH\_\-STR~\char`\"{}example\_\-preprocessor: src port match\char`\"{}}}
\label{spp__ai_8c_a3ec4dd8f1ebed73c13175d9b9c820e2e}
\subsection{Function Documentation}
\hypertarget{spp__ai_8c_a3524cbdf8fddbcf38c4ed55241002242}{
\index{spp\_\-ai.c@{spp\_\-ai.c}!AI\_\-init@{AI\_\-init}}
@ -105,11 +55,11 @@ FUNCTION: AI\_\-init
Parse the arguments passed to the module saving them to a valid configuration struct.
FUNCTION: AI\_\-config
FUNCTION: \hyperlink{structAI__config}{AI\_\-config}
\begin{DoxyParams}{Parameters}
\item[{\em args}]Arguments passed to the module \end{DoxyParams}
\begin{DoxyReturn}{Returns}
Pointer to AI\_\-config keeping the configuration for the module
Pointer to \hyperlink{structAI__config}{AI\_\-config} keeping the configuration for the module
\end{DoxyReturn}
\hypertarget{spp__ai_8c_a57c05cda012c443cb4c358dc327cd3d1}{
\index{spp\_\-ai.c@{spp\_\-ai.c}!AI\_\-process@{AI\_\-process}}
@ -144,11 +94,6 @@ Set up the preprocessor module.
FUNCTION: AI\_\-setup
\subsection{Variable Documentation}
\hypertarget{spp__ai_8c_ab46420126c43c1aac5eabc5db266a71c}{
\index{spp\_\-ai.c@{spp\_\-ai.c}!\_\-dpd@{\_\-dpd}}
\index{\_\-dpd@{\_\-dpd}!spp_ai.c@{spp\_\-ai.c}}
\subsubsection[{\_\-dpd}]{\setlength{\rightskip}{0pt plus 5cm}DynamicPreprocessorData {\bf \_\-dpd}}}
\label{spp__ai_8c_ab46420126c43c1aac5eabc5db266a71c}
\hypertarget{spp__ai_8c_a3dd75596c540d148643fe6d1fdc02628}{
\index{spp\_\-ai.c@{spp\_\-ai.c}!ex\_\-config@{ex\_\-config}}
\index{ex\_\-config@{ex\_\-config}!spp_ai.c@{spp\_\-ai.c}}

View file

@ -3,19 +3,48 @@
\label{spp__ai_8h}\index{spp\_\-ai.h@{spp\_\-ai.h}}
}
{\ttfamily \#include \char`\"{}sf\_\-snort\_\-packet.h\char`\"{}}\par
{\ttfamily \#include \char`\"{}sf\_\-dynamic\_\-preprocessor.h\char`\"{}}\par
{\ttfamily \#include \char`\"{}uthash.h\char`\"{}}\par
\subsection*{Data Structures}
\begin{DoxyCompactItemize}
\item
struct \hyperlink{struct__AI__config}{\_\-AI\_\-config}
struct \hyperlink{structpkt__key}{pkt\_\-key}
\item
struct \hyperlink{structpkt__info}{pkt\_\-info}
\item
struct \hyperlink{structAI__config}{AI\_\-config}
\item
struct \hyperlink{struct__hierarchy__node}{\_\-hierarchy\_\-node}
\item
struct \hyperlink{struct__AI__snort__alert}{\_\-AI\_\-snort\_\-alert}
\end{DoxyCompactItemize}
\subsection*{Defines}
\begin{DoxyCompactItemize}
\item
\#define \hyperlink{spp__ai_8h_a5e151c615eda34903514212f05a5ccf8}{PRIVATE}~static
\item
\#define \hyperlink{spp__ai_8h_a5f555c0ebd29ce2771a3e2dd4f526746}{DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL}~300
\item
\#define \hyperlink{spp__ai_8h_a0f6a189af15ef783fb46ed37c144e031}{DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL}~300
\item
\#define \hyperlink{spp__ai_8h_a0c4b6fce670e46083e33b9f53b78f39e}{DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL}~3600
\item
\#define \hyperlink{spp__ai_8h_a6d9bf552c32371e0144dc6a6209c7e4a}{DEFAULT\_\-ALERT\_\-LOG\_\-FILE}~\char`\"{}/var/log/snort/alert\char`\"{}
\item
\#define \hyperlink{spp__ai_8h_a803dc913297ccdace9e604dbfecda97d}{DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE}~\char`\"{}/var/log/snort/cluster\_\-alert\char`\"{}
\end{DoxyCompactItemize}
\subsection*{Typedefs}
\begin{DoxyCompactItemize}
\item
typedef unsigned int \hyperlink{spp__ai_8h_a435d1572bf3f880d55459d9805097f62}{uint32\_\-t}
typedef unsigned char \hyperlink{spp__ai_8h_aba7bc1797add20fe3efdf37ced1182c5}{uint8\_\-t}
\item
typedef unsigned short \hyperlink{spp__ai_8h_a273cf69d639a59973b6019625df33e30}{uint16\_\-t}
\item
typedef struct \hyperlink{struct__AI__config}{\_\-AI\_\-config} \hyperlink{spp__ai_8h_a3fc526e5a55f5d137402b1bbd1b6072c}{AI\_\-config}
typedef unsigned int \hyperlink{spp__ai_8h_a435d1572bf3f880d55459d9805097f62}{uint32\_\-t}
\item
typedef struct \hyperlink{struct__hierarchy__node}{\_\-hierarchy\_\-node} \hyperlink{spp__ai_8h_a466391129919ef12366d311d501552fa}{hierarchy\_\-node}
\item
typedef struct \hyperlink{struct__AI__snort__alert}{\_\-AI\_\-snort\_\-alert} \hyperlink{spp__ai_8h_a982be90e72362e88d09f28336c9a1897}{AI\_\-snort\_\-alert}
\end{DoxyCompactItemize}
\subsection*{Enumerations}
\begin{DoxyCompactItemize}
@ -23,22 +52,89 @@ typedef struct \hyperlink{struct__AI__config}{\_\-AI\_\-config} \hyperlink{spp__
enum \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \{ \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c}{false},
\hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b}{true}
\}
\item
enum \hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}{cluster\_\-type} \{ \par
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0}{none},
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f}{src\_\-addr},
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c}{dst\_\-addr},
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b}{src\_\-port},
\par
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9}{dst\_\-port},
\hyperlink{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451}{CLUSTER\_\-TYPES}
\}
\end{DoxyCompactItemize}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
int \hyperlink{spp__ai_8h_a85c0852b05b60cbfe0130534160c9876}{preg\_\-match} (const char $\ast$, char $\ast$, char $\ast$$\ast$$\ast$, int $\ast$)
\begin{DoxyCompactList}\small\item\em Check if a string matches a regular expression. \item\end{DoxyCompactList}\item
void $\ast$ \hyperlink{spp__ai_8h_ad56f71be823eead743972274b99c82ff}{AI\_\-hashcleanup\_\-thread} (void $\ast$)
\begin{DoxyCompactList}\small\item\em Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. \item\end{DoxyCompactList}\item
void $\ast$ \hyperlink{spp__ai_8h_a842a3204c6e067a9920990b573757181}{AI\_\-alertparser\_\-thread} (void $\ast$)
\begin{DoxyCompactList}\small\item\em Thread for parsing Snort's alert file. \item\end{DoxyCompactList}\item
void \hyperlink{spp__ai_8h_af6f7d167c3623bbc669e8d31c2719b29}{AI\_\-pkt\_\-enqueue} (SFSnortPacket $\ast$)
\begin{DoxyCompactList}\small\item\em Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. \item\end{DoxyCompactList}\item
void $\ast$ \hyperlink{spp__ai_8h_ad56f71be823eead743972274b99c82ff}{AI\_\-hashcleanup\_\-thread} (void $\ast$)
\begin{DoxyCompactList}\small\item\em Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
void \hyperlink{spp__ai_8h_a8749989cee2ac05a7de058faac280c02}{AI\_\-set\_\-stream\_\-observed} (struct \hyperlink{structpkt__key}{pkt\_\-key} key)
\begin{DoxyCompactList}\small\item\em Set the flag \char`\"{}observed\char`\"{} on a stream associated to a security alert, so that it won't be removed from the hash table. \item\end{DoxyCompactList}\item
void \hyperlink{spp__ai_8h_a857348424b9db45c90f95631eb96fd7c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$, int)
\begin{DoxyCompactList}\small\item\em Build the clustering hierarchy trees. \item\end{DoxyCompactList}\item
struct \hyperlink{structpkt__info}{pkt\_\-info} $\ast$ \hyperlink{spp__ai_8h_a3054f06297a9caefd4d9b1283bb8b69a}{AI\_\-get\_\-stream\_\-by\_\-key} (struct \hyperlink{structpkt__key}{pkt\_\-key})
\begin{DoxyCompactList}\small\item\em Get a TCP stream by key. \item\end{DoxyCompactList}\item
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{spp__ai_8h_af19a28f7cbcdfeb2b66fb3b625b75076}{AI\_\-get\_\-alerts} (void)
\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\item
void \hyperlink{spp__ai_8h_a270e86669a0aa64a8da37bc16cda645b}{AI\_\-free\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Deallocate the memory of a log alert linked list. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
DynamicPreprocessorData \hyperlink{spp__ai_8h_ab46420126c43c1aac5eabc5db266a71c}{\_\-dpd}
\end{DoxyCompactItemize}
\subsection{Define Documentation}
\hypertarget{spp__ai_8h_a0c4b6fce670e46083e33b9f53b78f39e}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL@{DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL}}
\index{DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL@{DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-ALERT\_\-CLUSTERING\_\-INTERVAL~3600}}
\label{spp__ai_8h_a0c4b6fce670e46083e33b9f53b78f39e}
\hypertarget{spp__ai_8h_a6d9bf552c32371e0144dc6a6209c7e4a}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-ALERT\_\-LOG\_\-FILE@{DEFAULT\_\-ALERT\_\-LOG\_\-FILE}}
\index{DEFAULT\_\-ALERT\_\-LOG\_\-FILE@{DEFAULT\_\-ALERT\_\-LOG\_\-FILE}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-ALERT\_\-LOG\_\-FILE}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-ALERT\_\-LOG\_\-FILE~\char`\"{}/var/log/snort/alert\char`\"{}}}
\label{spp__ai_8h_a6d9bf552c32371e0144dc6a6209c7e4a}
\hypertarget{spp__ai_8h_a803dc913297ccdace9e604dbfecda97d}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE@{DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE}}
\index{DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE@{DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-CLUSTER\_\-LOG\_\-FILE~\char`\"{}/var/log/snort/cluster\_\-alert\char`\"{}}}
\label{spp__ai_8h_a803dc913297ccdace9e604dbfecda97d}
\hypertarget{spp__ai_8h_a5f555c0ebd29ce2771a3e2dd4f526746}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL@{DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL}}
\index{DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL@{DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-HASH\_\-CLEANUP\_\-INTERVAL~300}}
\label{spp__ai_8h_a5f555c0ebd29ce2771a3e2dd4f526746}
\hypertarget{spp__ai_8h_a0f6a189af15ef783fb46ed37c144e031}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL@{DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL}}
\index{DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL@{DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL}]{\setlength{\rightskip}{0pt plus 5cm}\#define DEFAULT\_\-STREAM\_\-EXPIRE\_\-INTERVAL~300}}
\label{spp__ai_8h_a0f6a189af15ef783fb46ed37c144e031}
\hypertarget{spp__ai_8h_a5e151c615eda34903514212f05a5ccf8}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!PRIVATE@{PRIVATE}}
\index{PRIVATE@{PRIVATE}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{PRIVATE}]{\setlength{\rightskip}{0pt plus 5cm}\#define PRIVATE~static}}
\label{spp__ai_8h_a5e151c615eda34903514212f05a5ccf8}
\subsection{Typedef Documentation}
\hypertarget{spp__ai_8h_a3fc526e5a55f5d137402b1bbd1b6072c}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!AI\_\-config@{AI\_\-config}}
\index{AI\_\-config@{AI\_\-config}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{AI\_\-config}]{\setlength{\rightskip}{0pt plus 5cm}typedef struct {\bf \_\-AI\_\-config} {\bf AI\_\-config}}}
\label{spp__ai_8h_a3fc526e5a55f5d137402b1bbd1b6072c}
\hypertarget{spp__ai_8h_a982be90e72362e88d09f28336c9a1897}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!AI\_\-snort\_\-alert@{AI\_\-snort\_\-alert}}
\index{AI\_\-snort\_\-alert@{AI\_\-snort\_\-alert}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{AI\_\-snort\_\-alert}]{\setlength{\rightskip}{0pt plus 5cm}typedef struct {\bf \_\-AI\_\-snort\_\-alert} {\bf AI\_\-snort\_\-alert}}}
\label{spp__ai_8h_a982be90e72362e88d09f28336c9a1897}
\hypertarget{spp__ai_8h_a466391129919ef12366d311d501552fa}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!hierarchy\_\-node@{hierarchy\_\-node}}
\index{hierarchy\_\-node@{hierarchy\_\-node}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{hierarchy\_\-node}]{\setlength{\rightskip}{0pt plus 5cm}typedef struct {\bf \_\-hierarchy\_\-node} {\bf hierarchy\_\-node}}}
\label{spp__ai_8h_a466391129919ef12366d311d501552fa}
\hypertarget{spp__ai_8h_a273cf69d639a59973b6019625df33e30}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!uint16\_\-t@{uint16\_\-t}}
\index{uint16\_\-t@{uint16\_\-t}!spp_ai.h@{spp\_\-ai.h}}
@ -49,6 +145,11 @@ void $\ast$ \hyperlink{spp__ai_8h_ad56f71be823eead743972274b99c82ff}{AI\_\-hashc
\index{uint32\_\-t@{uint32\_\-t}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{uint32\_\-t}]{\setlength{\rightskip}{0pt plus 5cm}typedef unsigned int {\bf uint32\_\-t}}}
\label{spp__ai_8h_a435d1572bf3f880d55459d9805097f62}
\hypertarget{spp__ai_8h_aba7bc1797add20fe3efdf37ced1182c5}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!uint8\_\-t@{uint8\_\-t}}
\index{uint8\_\-t@{uint8\_\-t}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{uint8\_\-t}]{\setlength{\rightskip}{0pt plus 5cm}typedef unsigned char {\bf uint8\_\-t}}}
\label{spp__ai_8h_aba7bc1797add20fe3efdf37ced1182c5}
\subsection{Enumeration Type Documentation}
@ -71,9 +172,111 @@ true}
}]\end{description}
\end{Desc}
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!cluster\_\-type@{cluster\_\-type}}
\index{cluster\_\-type@{cluster\_\-type}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{cluster\_\-type}]{\setlength{\rightskip}{0pt plus 5cm}enum {\bf cluster\_\-type}}}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640}
\begin{Desc}
\item[Enumerator: ]\par
\begin{description}
\index{none@{none}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!none@{none}}\item[{\em
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0}{
none}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0}
}]\index{src\_\-addr@{src\_\-addr}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!src\_\-addr@{src\_\-addr}}\item[{\em
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f}{
src\_\-addr}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f}
}]\index{dst\_\-addr@{dst\_\-addr}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!dst\_\-addr@{dst\_\-addr}}\item[{\em
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c}{
dst\_\-addr}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c}
}]\index{src\_\-port@{src\_\-port}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!src\_\-port@{src\_\-port}}\item[{\em
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b}{
src\_\-port}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b}
}]\index{dst\_\-port@{dst\_\-port}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!dst\_\-port@{dst\_\-port}}\item[{\em
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9}{
dst\_\-port}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9}
}]\index{CLUSTER\_\-TYPES@{CLUSTER\_\-TYPES}!spp\_\-ai.h@{spp\_\-ai.h}}\index{spp\_\-ai.h@{spp\_\-ai.h}!CLUSTER\_\-TYPES@{CLUSTER\_\-TYPES}}\item[{\em
\hypertarget{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451}{
CLUSTER\_\-TYPES}
\label{spp__ai_8h_ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451}
}]\end{description}
\end{Desc}
\subsection{Function Documentation}
\hypertarget{spp__ai_8h_a842a3204c6e067a9920990b573757181}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!AI\_\-alertparser\_\-thread@{AI\_\-alertparser\_\-thread}}
\index{AI\_\-alertparser\_\-thread@{AI\_\-alertparser\_\-thread}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{AI\_\-alertparser\_\-thread}]{\setlength{\rightskip}{0pt plus 5cm}void$\ast$ AI\_\-alertparser\_\-thread (
\begin{DoxyParamCaption}
\item[{void $\ast$}]{ arg}
\end{DoxyParamCaption}
)}}
\label{spp__ai_8h_a842a3204c6e067a9920990b573757181}
Thread for parsing Snort's alert file.
FUNCTION: AI\_\-alertparser\_\-thread
\begin{DoxyParams}{Parameters}
\item[{\em arg}]void$\ast$ pointer to module's configuration \end{DoxyParams}
\hypertarget{spp__ai_8h_a270e86669a0aa64a8da37bc16cda645b}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!AI\_\-free\_\-alerts@{AI\_\-free\_\-alerts}}
\index{AI\_\-free\_\-alerts@{AI\_\-free\_\-alerts}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{AI\_\-free\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-free\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ node}
\end{DoxyParamCaption}
)}}
\label{spp__ai_8h_a270e86669a0aa64a8da37bc16cda645b}
Deallocate the memory of a log alert linked list.
FUNCTION: AI\_\-free\_\-alerts
\begin{DoxyParams}{Parameters}
\item[{\em node}]Linked list to be freed \end{DoxyParams}
\hypertarget{spp__ai_8h_af19a28f7cbcdfeb2b66fb3b625b75076}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!AI\_\-get\_\-alerts@{AI\_\-get\_\-alerts}}
\index{AI\_\-get\_\-alerts@{AI\_\-get\_\-alerts}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{AI\_\-get\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}{\bf AI\_\-snort\_\-alert}$\ast$ AI\_\-get\_\-alerts (
\begin{DoxyParamCaption}
\item[{void}]{}
\end{DoxyParamCaption}
)}}
\label{spp__ai_8h_af19a28f7cbcdfeb2b66fb3b625b75076}
Return the alerts parsed so far as a linked list.
FUNCTION: AI\_\-get\_\-alerts \begin{DoxyReturn}{Returns}
An AI\_\-snort\_\-alert pointer identifying the list of alerts
\end{DoxyReturn}
\hypertarget{spp__ai_8h_a3054f06297a9caefd4d9b1283bb8b69a}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!AI\_\-get\_\-stream\_\-by\_\-key@{AI\_\-get\_\-stream\_\-by\_\-key}}
\index{AI\_\-get\_\-stream\_\-by\_\-key@{AI\_\-get\_\-stream\_\-by\_\-key}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{AI\_\-get\_\-stream\_\-by\_\-key}]{\setlength{\rightskip}{0pt plus 5cm}struct {\bf pkt\_\-info}$\ast$ AI\_\-get\_\-stream\_\-by\_\-key (
\begin{DoxyParamCaption}
\item[{struct {\bf pkt\_\-key}}]{ key}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily \mbox{[}read\mbox{]}}}}
\label{spp__ai_8h_a3054f06297a9caefd4d9b1283bb8b69a}
Get a TCP stream by key.
FUNCTION: AI\_\-get\_\-stream\_\-by\_\-key
\begin{DoxyParams}{Parameters}
\item[{\em key}]Key of the stream to be picked up (struct \hyperlink{structpkt__key}{pkt\_\-key}) \end{DoxyParams}
\begin{DoxyReturn}{Returns}
A \hyperlink{structpkt__info}{pkt\_\-info} pointer to the stream if found, NULL otherwise
\end{DoxyReturn}
\hypertarget{spp__ai_8h_ad56f71be823eead743972274b99c82ff}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!AI\_\-hashcleanup\_\-thread@{AI\_\-hashcleanup\_\-thread}}
\index{AI\_\-hashcleanup\_\-thread@{AI\_\-hashcleanup\_\-thread}!spp_ai.h@{spp\_\-ai.h}}
@ -89,7 +292,25 @@ Thread called for cleaning up the hash table from the traffic streams older than
FUNCTION: AI\_\-hashcleanup\_\-thread
\begin{DoxyParams}{Parameters}
\item[{\em arg}]Pointer to the AI\_\-config struct \end{DoxyParams}
\item[{\em arg}]Pointer to the \hyperlink{structAI__config}{AI\_\-config} struct \end{DoxyParams}
\hypertarget{spp__ai_8h_a857348424b9db45c90f95631eb96fd7c}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!AI\_\-hierarchies\_\-build@{AI\_\-hierarchies\_\-build}}
\index{AI\_\-hierarchies\_\-build@{AI\_\-hierarchies\_\-build}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{AI\_\-hierarchies\_\-build}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-hierarchies\_\-build (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-config} $\ast$}]{ conf, }
\item[{{\bf hierarchy\_\-node} $\ast$$\ast$}]{ nodes, }
\item[{int}]{ n\_\-nodes}
\end{DoxyParamCaption}
)}}
\label{spp__ai_8h_a857348424b9db45c90f95631eb96fd7c}
Build the clustering hierarchy trees.
FUNCTION: AI\_\-hierarchies\_\-build
\begin{DoxyParams}{Parameters}
\item[{\em conf}]Reference to the configuration of the module \item[{\em nodes}]Nodes containing the information about the clustering ranges \item[{\em n\_\-nodes}]Number of nodes \end{DoxyParams}
\hypertarget{spp__ai_8h_af6f7d167c3623bbc669e8d31c2719b29}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!AI\_\-pkt\_\-enqueue@{AI\_\-pkt\_\-enqueue}}
\index{AI\_\-pkt\_\-enqueue@{AI\_\-pkt\_\-enqueue}!spp_ai.h@{spp\_\-ai.h}}
@ -106,3 +327,49 @@ Function called for appending a new packet to the hash table, creating a new str
FUNCTION: AI\_\-pkt\_\-enqueue
\begin{DoxyParams}{Parameters}
\item[{\em pkt}]Packet to be appended \end{DoxyParams}
\hypertarget{spp__ai_8h_a8749989cee2ac05a7de058faac280c02}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!AI\_\-set\_\-stream\_\-observed@{AI\_\-set\_\-stream\_\-observed}}
\index{AI\_\-set\_\-stream\_\-observed@{AI\_\-set\_\-stream\_\-observed}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{AI\_\-set\_\-stream\_\-observed}]{\setlength{\rightskip}{0pt plus 5cm}void AI\_\-set\_\-stream\_\-observed (
\begin{DoxyParamCaption}
\item[{struct {\bf pkt\_\-key}}]{ key}
\end{DoxyParamCaption}
)}}
\label{spp__ai_8h_a8749989cee2ac05a7de058faac280c02}
Set the flag \char`\"{}observed\char`\"{} on a stream associated to a security alert, so that it won't be removed from the hash table.
FUNCTION: AI\_\-set\_\-stream\_\-observed
\begin{DoxyParams}{Parameters}
\item[{\em key}]Key of the stream to be set as \char`\"{}observed\char`\"{} \end{DoxyParams}
\hypertarget{spp__ai_8h_a85c0852b05b60cbfe0130534160c9876}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!preg\_\-match@{preg\_\-match}}
\index{preg\_\-match@{preg\_\-match}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{preg\_\-match}]{\setlength{\rightskip}{0pt plus 5cm}int preg\_\-match (
\begin{DoxyParamCaption}
\item[{const char $\ast$}]{ expr, }
\item[{char $\ast$}]{ str, }
\item[{char $\ast$$\ast$$\ast$}]{ matches, }
\item[{int $\ast$}]{ nmatches}
\end{DoxyParamCaption}
)}}
\label{spp__ai_8h_a85c0852b05b60cbfe0130534160c9876}
Check if a string matches a regular expression.
FUNCTION: preg\_\-match
\begin{DoxyParams}{Parameters}
\item[{\em expr}]Regular expression to be matched \item[{\em str}]String to be checked \item[{\em matches}]Reference to a char$\ast$$\ast$ that will contain the submatches (NULL if you don't need it) \item[{\em nmatches}]Reference to a int containing the number of submatches found (NULL if you don't need it) \end{DoxyParams}
\begin{DoxyReturn}{Returns}
-\/1 if the regex is wrong, 0 if no match was found, 1 otherwise
\end{DoxyReturn}
\subsection{Variable Documentation}
\hypertarget{spp__ai_8h_ab46420126c43c1aac5eabc5db266a71c}{
\index{spp\_\-ai.h@{spp\_\-ai.h}!\_\-dpd@{\_\-dpd}}
\index{\_\-dpd@{\_\-dpd}!spp_ai.h@{spp\_\-ai.h}}
\subsubsection[{\_\-dpd}]{\setlength{\rightskip}{0pt plus 5cm}DynamicPreprocessorData {\bf \_\-dpd}}}
\label{spp__ai_8h_ab46420126c43c1aac5eabc5db266a71c}

Some files were not shown because too many files have changed in this diff Show more