blacklight
/
Snort_AIPreproc
mirror of https://github.com/BlackLight/Snort_AIPreproc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

10 sept 2010 commit

This commit is contained in:
BlackLight 2010-09-11 02:12:39 +02:00
parent 2288d7dd13
commit e62d6e44bf
131 changed files with 11566 additions and 13770 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
2010-11-09 Fabio "BlackLight" Manganiello <blacklight@autistici.org>
* correlation.c: Most of the correlation thread is ready
* regex.c: Added method 'str_replace' and 'str_replace_all'
2010-09-09 Fabio "BlackLight" Manganiello <blacklight@autistici.org>
* Makefile.am: Complete support for make dist
2010-09-05 Fabio "BlackLight" Manganiello <blacklight@autistici.org>
* all: Using autotools now

6
Makefile.am
View File

@ -4,7 +4,7 @@ AUTOMAKE_OPTIONS=foreign no-dependencies
libdir = ${exec_prefix}/lib/snort_dynamicpreprocessor
lib_LTLIBRARIES = libsf_ai_preproc.la
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include ${LIBXML2_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -fstack-protector
libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic
BUILT_SOURCES = \
@ -18,6 +18,7 @@ include/sfPolicyUserData.c
libsf_ai_preproc_la_SOURCES = \
alert_parser.c \
cluster.c \
correlation.c \
db.c \
mysql.c \
regex.c \
@ -25,4 +26,7 @@ spp_ai.c \
stream.c
ACLOCAL_AMFLAGS = -I m4
EXTRA_DIST = README INSTALL ChangeLog AUTHORS COPYING Doxyfile NEWS TODO doc etc include uthash etc/corr_rules *.h
corr_rulesdir = ${CORR_RULES_PREFIX}
corr_rules_DATA = corr_rules/*

70
Makefile.in
View File

@ -15,6 +15,7 @@
@SET_MAKE@
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
@ -40,10 +41,7 @@ DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
$(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \
TODO config.guess config.sub install-sh ltmain.sh missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
@ -73,11 +71,12 @@ am__nobase_list = $(am__nobase_strip_setup); \
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(libdir)"
am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(corr_rulesdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
libsf_ai_preproc_la_LIBADD =
am_libsf_ai_preproc_la_OBJECTS = libsf_ai_preproc_la-alert_parser.lo \
libsf_ai_preproc_la-cluster.lo libsf_ai_preproc_la-db.lo \
libsf_ai_preproc_la-cluster.lo \
libsf_ai_preproc_la-correlation.lo libsf_ai_preproc_la-db.lo \
libsf_ai_preproc_la-mysql.lo libsf_ai_preproc_la-regex.lo \
libsf_ai_preproc_la-spp_ai.lo libsf_ai_preproc_la-stream.lo
nodist_libsf_ai_preproc_la_OBJECTS = \
@ -104,6 +103,7 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
SOURCES = $(libsf_ai_preproc_la_SOURCES) \
$(nodist_libsf_ai_preproc_la_SOURCES)
DIST_SOURCES = $(libsf_ai_preproc_la_SOURCES)
DATA = $(corr_rules_DATA)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@ -128,6 +128,7 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CORR_RULES_PREFIX = @CORR_RULES_PREFIX@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
@ -152,6 +153,7 @@ LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIBXML2_INCLUDES = @LIBXML2_INCLUDES@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
@ -233,7 +235,7 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AUTOMAKE_OPTIONS = foreign no-dependencies
lib_LTLIBRARIES = libsf_ai_preproc.la
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include ${LIBXML2_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -fstack-protector
libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic
BUILT_SOURCES = \
include/sf_dynamic_preproc_lib.c \
@ -246,6 +248,7 @@ include/sfPolicyUserData.c
libsf_ai_preproc_la_SOURCES = \
alert_parser.c \
cluster.c \
correlation.c \
db.c \
mysql.c \
regex.c \
@ -253,6 +256,9 @@ spp_ai.c \
stream.c
ACLOCAL_AMFLAGS = -I m4
EXTRA_DIST = README INSTALL ChangeLog AUTHORS COPYING Doxyfile NEWS TODO doc etc include uthash etc/corr_rules *.h
corr_rulesdir = ${CORR_RULES_PREFIX}
corr_rules_DATA = corr_rules/*
all: $(BUILT_SOURCES) config.h
$(MAKE) $(AM_MAKEFLAGS) all-am
@ -364,6 +370,9 @@ libsf_ai_preproc_la-alert_parser.lo: alert_parser.c
libsf_ai_preproc_la-cluster.lo: cluster.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cluster.lo `test -f 'cluster.c' || echo '$(srcdir)/'`cluster.c
libsf_ai_preproc_la-correlation.lo: correlation.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-correlation.lo `test -f 'correlation.c' || echo '$(srcdir)/'`correlation.c
libsf_ai_preproc_la-db.lo: db.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
@ -393,6 +402,26 @@ clean-libtool:
distclean-libtool:
-rm -f libtool config.lt
install-corr_rulesDATA: $(corr_rules_DATA)
@$(NORMAL_INSTALL)
test -z "$(corr_rulesdir)" || $(MKDIR_P) "$(DESTDIR)$(corr_rulesdir)"
@list='$(corr_rules_DATA)'; test -n "$(corr_rulesdir)" || list=; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(corr_rulesdir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(corr_rulesdir)" || exit $$?; \
done
uninstall-corr_rulesDATA:
@$(NORMAL_UNINSTALL)
@list='$(corr_rules_DATA)'; test -n "$(corr_rulesdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
test -n "$$files" || exit 0; \
echo " ( cd '$(DESTDIR)$(corr_rulesdir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(corr_rulesdir)" && rm -f $$files
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@ -596,9 +625,9 @@ distcleancheck: distclean
check-am: all-am
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-am
all-am: Makefile $(LTLIBRARIES) config.h
all-am: Makefile $(LTLIBRARIES) $(DATA) config.h
installdirs:
for dir in "$(DESTDIR)$(libdir)"; do \
for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(corr_rulesdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: $(BUILT_SOURCES)
@ -651,7 +680,7 @@ info: info-am
info-am:
install-data-am:
install-data-am: install-corr_rulesDATA
install-dvi: install-dvi-am
@ -698,7 +727,7 @@ ps: ps-am
ps-am:
uninstall-am: uninstall-libLTLIBRARIES
uninstall-am: uninstall-corr_rulesDATA uninstall-libLTLIBRARIES
.MAKE: all check install install-am install-strip
@ -709,15 +738,16 @@ uninstall-am: uninstall-libLTLIBRARIES
distclean-generic distclean-hdr distclean-libtool \
distclean-tags distcleancheck distdir distuninstallcheck dvi \
dvi-am html html-am info info-am install install-am \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-libLTLIBRARIES \
install-man install-pdf install-pdf-am install-ps \
install-ps-am install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
uninstall-am uninstall-libLTLIBRARIES
install-corr_rulesDATA install-data install-data-am \
install-dvi install-dvi-am install-exec install-exec-am \
install-html install-html-am install-info install-info-am \
install-libLTLIBRARIES install-man install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags uninstall uninstall-am uninstall-corr_rulesDATA \
uninstall-libLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.

45
Makefile.orig
View File

@ -1,45 +0,0 @@
# Path to your Snort preprocess directory (default: /usr/lib/snort_dynamicpreprocessor)
# CHANGE THIS LINE IF YOU INSTALLED SNORT SOMEWHERE ELSE!!!!!!!!!!
# /bin/sh ./libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I./uthash -I./include -DDYNAMIC_PLUGIN -DSUP_IP6 -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector -g -O2 -c -o alert_parser.lo alert_parser.c
# /bin/sh ./libtool --tag=CC --mode=link gcc -DDYNAMIC_PLUGIN -DSUP_IP6 -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector -g -O2 -module -export-dynamic -o libsf_ai_preproc.la -rpath /home/blacklight/local/snort/lib/snort_dynamicpreprocessor alert_parser.lo cluster.lo db.lo mysql.lo regex.lo spp_ai.lo stream.lo sf_dynamic_preproc_lib.lo sfPolicyUserData.lo -lpthread -lmysqlclient
PREPROC_PATH=/home/blacklight/local/snort/lib/snort_dynamicpreprocessor
INCLUDES=-I. -I../../.. -I../include -I./uthash
DEFINES=-D_GNU_SOURCE -D_XOPEN_SOURCE -DDYNAMIC_PLUGIN -DSUP_IP6 -DENABLE_MYSQL -DHAVE_CONFIG_H
CMDLINE=-g -O2 -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector
LIBPATH=-L/usr/lib
LDLINKS=-lpthread -lmysqlclient
LIBTOOL=./libtool --tag=CC
OUTPUT=libsf_ai_preproc.la
LDOPTIONS=-export-dynamic -rpath ${PREPROC_PATH}
OBJECTS=\
sf_dynamic_preproc_lib.lo \
sfPolicyUserData.lo \
spp_ai.lo \
stream.lo \
alert_parser.lo \
regex.lo \
cluster.lo \
db.lo \
mysql.lo
all:
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o sf_dynamic_preproc_lib.lo include/sf_dynamic_preproc_lib.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o sfPolicyUserData.lo include/sfPolicyUserData.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o alert_parser.lo alert_parser.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o regex.lo regex.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o stream.lo stream.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o spp_ai.lo spp_ai.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o cluster.lo cluster.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o db.lo db.c
/bin/sh ${LIBTOOL} --mode=compile gcc ${CMDLINE} ${INCLUDES} ${DEFINES} -c -o mysql.lo mysql.c
/bin/sh ${LIBTOOL} --mode=link gcc ${CMDLINE} ${LDOPTIONS} ${LIBPATH} -o ${OUTPUT} ${OBJECTS} ${LDLINKS}
clean:
rm -rf .libs _libs
test -z "${OUTPUT}" || rm -f ${OUTPUT}
rm -f "./so_locations"
rm -f *.o
rm -f *.lo

7971
aclocal.m4 vendored
View File

File diff suppressed because it is too large Load Diff

47
alert_parser.c
View File

@ -120,29 +120,32 @@ AI_file_alertparser_thread ( void* arg )
{
if ( in_alert )
{
if ( alert->ip_proto == IPPROTO_TCP )
if ( alert->ip_src_addr && ( alert->ip_proto == IPPROTO_TCP || alert->ip_proto == IPPROTO_UDP ))
{
key.src_ip = alert->ip_src_addr;
key.dst_port = alert->tcp_dst_port;
if (( info = AI_get_stream_by_key ( key ) ))
if ( alert->ip_proto == IPPROTO_TCP )
{
AI_set_stream_observed ( key );
alert->stream = info;
if ( alerts == NULL )
if (( info = AI_get_stream_by_key ( key ) ))
{
alerts = alert;
alerts->next = NULL;
} else {
for ( tmp = alerts; tmp->next; tmp = tmp->next );
tmp->next = alert;
AI_set_stream_observed ( key );
alert->stream = info;
}
/* TODO Do something!! */
}
}
if ( alerts == NULL )
{
alerts = alert;
alerts->next = NULL;
} else {
for ( tmp = alerts; tmp->next; tmp = tmp->next );
tmp->next = alert;
}
/* TODO Do something!! */
in_alert = false;
alert = NULL;
}
@ -156,7 +159,7 @@ AI_file_alertparser_thread ( void* arg )
{
in_alert = true;
if ( !( alert = ( AI_snort_alert* ) malloc ( sizeof(AI_snort_alert) )) )
if ( !( alert = ( AI_snort_alert* ) malloc ( sizeof( AI_snort_alert ))))
{
_dpd.fatalMsg ( "\nDynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ );
}
@ -353,12 +356,28 @@ AI_get_alerts ()
void
AI_free_alerts ( AI_snort_alert *node )
{
int i;
if ( !node )
return;
if ( node->next )
AI_free_alerts ( node->next );
if ( node->hyperalert )
{
for ( i=0; i < node->hyperalert->n_preconds; i++ )
free ( node->hyperalert->preconds[i] );
free ( node->hyperalert->preconds );
for ( i=0; i < node->hyperalert->n_postconds; i++ )
free ( node->hyperalert->postconds[i] );
free ( node->hyperalert->postconds );
free ( node->hyperalert );
node->hyperalert = NULL;
}
free ( node );
node = NULL;
} /* ----- end of function AI_free_alerts ----- */

86
autom4te.cache/output.1
View File

@ -743,6 +743,7 @@ ac_includes_default="\
# include <unistd.h>
#endif"
ac_default_prefix=/usr
ac_header_list=
ac_func_list=
ac_subst_vars='am__EXEEXT_FALSE
@ -750,6 +751,8 @@ am__EXEEXT_TRUE
LTLIBOBJS
LIB@&t@OBJS
ALLOCA
LIBXML2_INCLUDES
CORR_RULES_PREFIX
MYSQL
extra_incl
CPP
@ -7291,10 +7294,6 @@ _lt_linker_boilerplate=`cat conftest.err`
$RM -r conftest*
## CAVEAT EMPTOR:
## There is no encapsulation within the following macros, do not change
## the running order or otherwise move them around unless you know exactly
## what you are doing...
if test -n "$compiler"; then
lt_prog_compiler_no_builtin_flag=
@ -10527,6 +10526,9 @@ CC="$lt_save_CC"
test "$prefix" = "NONE" && prefix=/usr
case "$host" in
*-openbsd2.6|*-openbsd2.5|*-openbsd2.4|*-openbsd2.3*)
@ -11426,7 +11428,51 @@ fi
fi
#AC_CHECK_LIB([mysqlclient], [mysql_query])
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for xmlReaderForFile in -lxml2" >&5
$as_echo_n "checking for xmlReaderForFile in -lxml2... " >&6; }
if test "${ac_cv_lib_xml2_xmlReaderForFile+set}" = set; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lxml2 $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char xmlReaderForFile ();
int
main ()
{
return xmlReaderForFile ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_xml2_xmlReaderForFile=yes
else
ac_cv_lib_xml2_xmlReaderForFile=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xml2_xmlReaderForFile" >&5
$as_echo "$ac_cv_lib_xml2_xmlReaderForFile" >&6; }
if test "x$ac_cv_lib_xml2_xmlReaderForFile" = x""yes; then :
cat >>confdefs.h <<_ACEOF
@%:@define HAVE_LIBXML2 1
_ACEOF
LIBS="-lxml2 $LIBS"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_create in -lpthread" >&5
$as_echo_n "checking for pthread_create in -lpthread... " >&6; }
if test "${ac_cv_lib_pthread_pthread_create+set}" = set; then :
@ -11473,7 +11519,26 @@ _ACEOF
fi
if test "x$prefix" == x/usr; then :
CORR_RULES_PREFIX="/etc/snort/corr_rules"
else
CORR_RULES_PREFIX="${prefix}/etc/corr_rules"
fi
# Checks for header files.
if test ! -z "`pkg-config --cflags libxml-2.0 2> /dev/null`"; then :
LIBXML2_INCLUDES="$(pkg-config --cflags libxml-2.0 2> /dev/null)"
else
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "libxml2 not found, okr pkg-config not working
See \`config.log' for more details" "$LINENO" 5 ; }
fi
# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
# for constant arguments. Useless!
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working alloca.h" >&5
@ -11672,6 +11737,8 @@ if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
else
as_fn_error $? "At least one of the required headers was not found" "$LINENO" 5
fi
done
@ -12404,6 +12471,8 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
else
as_fn_error $? "At least one of the required functions was not found" "$LINENO" 5
fi
done
@ -12424,7 +12493,7 @@ $as_echo "@%:@define PACKAGE_NAME \"sf_ai_preprocessor\"" >>confdefs.h
$as_echo "@%:@define PACKAGE_STRING \"Snort AI preprocessor\"" >>confdefs.h
$as_echo "@%:@define PACKAGE_TARNAME \"sf_ai_preprocessor\"" >>confdefs.h
$as_echo "@%:@define PACKAGE_TARNAME \"snort_ai_preproc\"" >>confdefs.h
$as_echo "@%:@define PACKAGE_VERSION \"0.1.0\"" >>confdefs.h
@ -12437,6 +12506,11 @@ $as_echo "@%:@define SUP_IP6 /**/" >>confdefs.h
$as_echo "@%:@define HAVE_VISIBILITY 1" >>confdefs.h
cat >>confdefs.h <<_ACEOF
@%:@define PREFIX "${prefix}"
_ACEOF
ac_config_files="$ac_config_files Makefile"
cat >confcache <<\_ACEOF

326
autom4te.cache/requests
View File

@ -38,6 +38,271 @@
'm4/lt~obsolete.m4',
'configure.ac'
],
{
'AM_ENABLE_STATIC' => 1,
'AC_LIBTOOL_LANG_RC_CONFIG' => 1,
'_LT_AC_SHELL_INIT' => 1,
'AC_DEFUN' => 1,
'_LT_AC_LANG_CXX_CONFIG' => 1,
'AC_PROG_LIBTOOL' => 1,
'AM_PROG_MKDIR_P' => 1,
'AM_AUTOMAKE_VERSION' => 1,
'AM_SUBST_NOTMAKE' => 1,
'AM_MISSING_PROG' => 1,
'AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH' => 1,
'_LT_AC_LANG_C_CONFIG' => 1,
'AM_PROG_INSTALL_STRIP' => 1,
'_m4_warn' => 1,
'AC_LIBTOOL_OBJDIR' => 1,
'gl_FUNC_ARGZ' => 1,
'AM_SANITY_CHECK' => 1,
'LTOBSOLETE_VERSION' => 1,
'AC_LIBTOOL_LANG_GCJ_CONFIG' => 1,
'AC_LIBTOOL_PROG_COMPILER_PIC' => 1,
'LT_LIB_M' => 1,
'_LT_AC_CHECK_DLFCN' => 1,
'AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE' => 1,
'LTSUGAR_VERSION' => 1,
'_LT_PROG_LTMAIN' => 1,
'LT_SYS_SYMBOL_USCORE' => 1,
'_AM_PROG_TAR' => 1,
'AC_LIBTOOL_GCJ' => 1,
'LT_SYS_DLOPEN_DEPLIBS' => 1,
'LT_FUNC_DLSYM_USCORE' => 1,
'_LT_AC_LANG_F77' => 1,
'AC_LIBTOOL_CONFIG' => 1,
'AC_LTDL_DLLIB' => 1,
'_AM_SUBST_NOTMAKE' => 1,
'_AM_AUTOCONF_VERSION' => 1,
'AM_DISABLE_SHARED' => 1,
'_LTDL_SETUP' => 1,
'AM_PROG_LIBTOOL' => 1,
'_LT_AC_LANG_CXX' => 1,
'AM_PROG_LD' => 1,
'_LT_AC_FILE_LTDLL_C' => 1,
'AC_LIB_LTDL' => 1,
'AU_DEFUN' => 1,
'AC_PROG_NM' => 1,
'AC_LIBTOOL_DLOPEN' => 1,
'AC_PROG_LD' => 1,
'AC_PROG_LD_GNU' => 1,
'AC_ENABLE_FAST_INSTALL' => 1,
'AC_LIBTOOL_FC' => 1,
'LTDL_CONVENIENCE' => 1,
'_AM_SET_OPTION' => 1,
'AC_LTDL_PREOPEN' => 1,
'_LT_LINKER_BOILERPLATE' => 1,
'AC_LIBTOOL_LANG_CXX_CONFIG' => 1,
'AC_LIBTOOL_PROG_CC_C_O' => 1,
'gl_PREREQ_ARGZ' => 1,
'LT_SUPPORTED_TAG' => 1,
'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
'LT_PROG_RC' => 1,
'LT_SYS_MODULE_EXT' => 1,
'AC_DEFUN_ONCE' => 1,
'_LT_AC_LANG_GCJ' => 1,
'AC_LTDL_OBJDIR' => 1,
'_LT_PATH_TOOL_PREFIX' => 1,
'AC_LIBTOOL_RC' => 1,
'_LT_AC_PROG_ECHO_BACKSLASH' => 1,
'AC_DISABLE_FAST_INSTALL' => 1,
'AM_SILENT_RULES' => 1,
'include' => 1,
'_LT_AC_TRY_DLOPEN_SELF' => 1,
'_LT_AC_SYS_LIBPATH_AIX' => 1,
'LT_AC_PROG_SED' => 1,
'AM_ENABLE_SHARED' => 1,
'LTDL_INSTALLABLE' => 1,
'_LT_AC_LANG_GCJ_CONFIG' => 1,
'AC_ENABLE_SHARED' => 1,
'AC_LIBTOOL_SYS_HARD_LINK_LOCKS' => 1,
'AC_ENABLE_STATIC' => 1,
'_LT_AC_TAGVAR' => 1,
'AC_LIBTOOL_LANG_F77_CONFIG' => 1,
'AM_CONDITIONAL' => 1,
'LT_LIB_DLLOAD' => 1,
'LTVERSION_VERSION' => 1,
'LTDL_INIT' => 1,
'm4_include' => 1,
'AM_PROG_INSTALL_SH' => 1,
'AC_PROG_EGREP' => 1,
'AC_PATH_MAGIC' => 1,
'_AC_AM_CONFIG_HEADER_HOOK' => 1,
'AC_LTDL_SYSSEARCHPATH' => 1,
'AM_MAKE_INCLUDE' => 1,
'LT_CMD_MAX_LEN' => 1,
'_LT_AC_TAGCONFIG' => 1,
'm4_pattern_forbid' => 1,
'_LT_LINKER_OPTION' => 1,
'AC_LIBTOOL_COMPILER_OPTION' => 1,
'AC_DISABLE_SHARED' => 1,
'_LT_COMPILER_BOILERPLATE' => 1,
'AC_LIBTOOL_WIN32_DLL' => 1,
'AC_LIBTOOL_SETUP' => 1,
'AC_PROG_LD_RELOAD_FLAG' => 1,
'AC_LTDL_DLSYM_USCORE' => 1,
'AM_MISSING_HAS_RUN' => 1,
'LT_LANG' => 1,
'LT_SYS_DLSEARCH_PATH' => 1,
'LT_CONFIG_LTDL_DIR' => 1,
'AC_LIBTOOL_DLOPEN_SELF' => 1,
'LT_OUTPUT' => 1,
'AC_LIBTOOL_PROG_LD_SHLIBS' => 1,
'AC_WITH_LTDL' => 1,
'AC_LIBTOOL_LINKER_OPTION' => 1,
'LT_AC_PROG_RC' => 1,
'AC_LIBTOOL_CXX' => 1,
'LT_INIT' => 1,
'LT_AC_PROG_GCJ' => 1,
'LT_SYS_DLOPEN_SELF' => 1,
'AM_DEP_TRACK' => 1,
'AM_DISABLE_STATIC' => 1,
'_AC_PROG_LIBTOOL' => 1,
'_AM_IF_OPTION' => 1,
'AC_PATH_TOOL_PREFIX' => 1,
'm4_pattern_allow' => 1,
'AC_LIBTOOL_F77' => 1,
'AM_SET_LEADING_DOT' => 1,
'LT_AC_PROG_EGREP' => 1,
'_AM_DEPENDENCIES' => 1,
'AC_LIBTOOL_LANG_C_CONFIG' => 1,
'LTOPTIONS_VERSION' => 1,
'_LT_AC_SYS_COMPILER' => 1,
'AM_PROG_NM' => 1,
'AC_LIBLTDL_CONVENIENCE' => 1,
'AC_DEPLIBS_CHECK_METHOD' => 1,
'AC_LIBLTDL_INSTALLABLE' => 1,
'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
'AC_LTDL_ENABLE_INSTALL' => 1,
'LT_PROG_GCJ' => 1,
'AC_LIBTOOL_SYS_DYNAMIC_LINKER' => 1,
'AM_INIT_AUTOMAKE' => 1,
'AC_DISABLE_STATIC' => 1,
'LT_PATH_NM' => 1,
'AC_LTDL_SHLIBEXT' => 1,
'_LT_AC_LOCK' => 1,
'_LT_AC_LANG_RC_CONFIG' => 1,
'LT_SYS_MODULE_PATH' => 1,
'LT_WITH_LTDL' => 1,
'AC_LIBTOOL_POSTDEP_PREDEP' => 1,
'AC_LTDL_SHLIBPATH' => 1,
'AM_AUX_DIR_EXPAND' => 1,
'AC_LIBTOOL_PROG_COMPILER_NO_RTTI' => 1,
'_LT_AC_LANG_F77_CONFIG' => 1,
'_LT_COMPILER_OPTION' => 1,
'_AM_SET_OPTIONS' => 1,
'AM_RUN_LOG' => 1,
'_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
'AC_LTDL_SYS_DLOPEN_DEPLIBS' => 1,
'AC_LIBTOOL_SYS_OLD_ARCHIVE' => 1,
'AC_LIBTOOL_PICMODE' => 1,
'AC_CHECK_LIBM' => 1,
'LT_PATH_LD' => 1,
'AC_LIBTOOL_SYS_LIB_STRIP' => 1,
'_AM_MANGLE_OPTION' => 1,
'AC_LIBTOOL_SYS_MAX_CMD_LEN' => 1,
'AC_LTDL_SYMBOL_USCORE' => 1,
'AM_SET_DEPDIR' => 1,
'_LT_CC_BASENAME' => 1,
'_LT_LIBOBJ' => 1
}
], 'Autom4te::Request' ),
bless( [
'1',
1,
[
'/usr/share/autoconf'
],
[
'/usr/share/autoconf/autoconf/autoconf.m4f',
'aclocal.m4',
'configure.ac'
],
{
'_LT_AC_TAGCONFIG' => 1,
'AM_PROG_F77_C_O' => 1,
'AC_INIT' => 1,
'm4_pattern_forbid' => 1,
'AC_CANONICAL_TARGET' => 1,
'_AM_COND_IF' => 1,
'AC_CONFIG_LIBOBJ_DIR' => 1,
'AC_SUBST' => 1,
'AC_CANONICAL_HOST' => 1,
'AC_FC_SRCEXT' => 1,
'AC_PROG_LIBTOOL' => 1,
'AM_INIT_AUTOMAKE' => 1,
'AC_CONFIG_SUBDIRS' => 1,
'AM_AUTOMAKE_VERSION' => 1,
'LT_CONFIG_LTDL_DIR' => 1,
'AC_CONFIG_LINKS' => 1,
'AC_REQUIRE_AUX_FILE' => 1,
'm4_sinclude' => 1,
'LT_SUPPORTED_TAG' => 1,
'AM_MAINTAINER_MODE' => 1,
'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
'_m4_warn' => 1,
'AM_PROG_CXX_C_O' => 1,
'_AM_COND_ENDIF' => 1,
'AM_ENABLE_MULTILIB' => 1,
'AM_SILENT_RULES' => 1,
'AC_CONFIG_FILES' => 1,
'LT_INIT' => 1,
'include' => 1,
'AM_GNU_GETTEXT' => 1,
'AC_LIBSOURCE' => 1,
'AC_CANONICAL_BUILD' => 1,
'AM_PROG_FC_C_O' => 1,
'AC_FC_FREEFORM' => 1,
'AH_OUTPUT' => 1,
'AC_CONFIG_AUX_DIR' => 1,
'_AM_SUBST_NOTMAKE' => 1,
'AM_PROG_CC_C_O' => 1,
'sinclude' => 1,
'm4_pattern_allow' => 1,
'AM_CONDITIONAL' => 1,
'AC_CANONICAL_SYSTEM' => 1,
'AC_CONFIG_HEADERS' => 1,
'AC_DEFINE_TRACE_LITERAL' => 1,
'm4_include' => 1,
'_AM_COND_ELSE' => 1,
'AC_SUBST_TRACE' => 1
}
], 'Autom4te::Request' ),
bless( [
'2',
1,
[
'/usr/share/autoconf'
],
[
'/usr/share/autoconf/autoconf/autoconf.m4f',
'/usr/share/aclocal/argz.m4',
'/usr/share/aclocal/libtool.m4',
'/usr/share/aclocal/ltdl.m4',
'/usr/share/aclocal/ltoptions.m4',
'/usr/share/aclocal/ltsugar.m4',
'/usr/share/aclocal/ltversion.m4',
'/usr/share/aclocal/lt~obsolete.m4',
'/usr/share/aclocal-1.11/amversion.m4',
'/usr/share/aclocal-1.11/auxdir.m4',
'/usr/share/aclocal-1.11/cond.m4',
'/usr/share/aclocal-1.11/depend.m4',
'/usr/share/aclocal-1.11/depout.m4',
'/usr/share/aclocal-1.11/init.m4',
'/usr/share/aclocal-1.11/install-sh.m4',
'/usr/share/aclocal-1.11/lead-dot.m4',
'/usr/share/aclocal-1.11/make.m4',
'/usr/share/aclocal-1.11/missing.m4',
'/usr/share/aclocal-1.11/mkdirp.m4',
'/usr/share/aclocal-1.11/options.m4',
'/usr/share/aclocal-1.11/runlog.m4',
'/usr/share/aclocal-1.11/sanity.m4',
'/usr/share/aclocal-1.11/silent.m4',
'/usr/share/aclocal-1.11/strip.m4',
'/usr/share/aclocal-1.11/substnot.m4',
'/usr/share/aclocal-1.11/tar.m4',
'configure.ac'
],
{
'AM_ENABLE_STATIC' => 1,
'AC_LIBTOOL_LANG_RC_CONFIG' => 1,
@ -206,67 +471,6 @@
'_LT_CC_BASENAME' => 1,
'_LT_LIBOBJ' => 1
}
], 'Autom4te::Request' ),
bless( [
'1',
1,
[
'/usr/share/autoconf'
],
[
'/usr/share/autoconf/autoconf/autoconf.m4f',
'aclocal.m4',
'configure.ac'
],
{
'AM_PROG_F77_C_O' => 1,
'_LT_AC_TAGCONFIG' => 1,
'm4_pattern_forbid' => 1,
'AC_INIT' => 1,
'_AM_COND_IF' => 1,
'AC_CANONICAL_TARGET' => 1,
'AC_SUBST' => 1,
'AC_CONFIG_LIBOBJ_DIR' => 1,
'AC_FC_SRCEXT' => 1,
'AC_CANONICAL_HOST' => 1,
'AC_PROG_LIBTOOL' => 1,
'AM_INIT_AUTOMAKE' => 1,
'AC_CONFIG_SUBDIRS' => 1,
'AM_AUTOMAKE_VERSION' => 1,
'LT_CONFIG_LTDL_DIR' => 1,
'AC_REQUIRE_AUX_FILE' => 1,
'AC_CONFIG_LINKS' => 1,
'LT_SUPPORTED_TAG' => 1,
'm4_sinclude' => 1,
'AM_MAINTAINER_MODE' => 1,
'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
'_m4_warn' => 1,
'AM_PROG_CXX_C_O' => 1,
'_AM_COND_ENDIF' => 1,
'AM_ENABLE_MULTILIB' => 1,
'AM_SILENT_RULES' => 1,
'AC_CONFIG_FILES' => 1,
'LT_INIT' => 1,
'include' => 1,
'AM_GNU_GETTEXT' => 1,
'AC_LIBSOURCE' => 1,
'AM_PROG_FC_C_O' => 1,
'AC_CANONICAL_BUILD' => 1,
'AC_FC_FREEFORM' => 1,
'AH_OUTPUT' => 1,
'_AM_SUBST_NOTMAKE' => 1,
'AC_CONFIG_AUX_DIR' => 1,
'm4_pattern_allow' => 1,
'sinclude' => 1,
'AM_PROG_CC_C_O' => 1,
'AC_CANONICAL_SYSTEM' => 1,
'AM_CONDITIONAL' => 1,
'AC_CONFIG_HEADERS' => 1,
'AC_DEFINE_TRACE_LITERAL' => 1,
'm4_include' => 1,
'_AM_COND_ELSE' => 1,
'AC_SUBST_TRACE' => 1
}
], 'Autom4te::Request' )
);

646
autom4te.cache/traces.1
View File

@ -1,8 +1,3 @@
m4trace:aclocal.m4:952: -1- m4_include([m4/libtool.m4])
m4trace:aclocal.m4:953: -1- m4_include([m4/ltoptions.m4])
m4trace:aclocal.m4:954: -1- m4_include([m4/ltsugar.m4])
m4trace:aclocal.m4:955: -1- m4_include([m4/ltversion.m4])
m4trace:aclocal.m4:956: -1- m4_include([m4/lt~obsolete.m4])
m4trace:configure.ac:5: -1- AC_INIT([Snort_AI_preproc], [0.1], [blacklight@autistici.org])
m4trace:configure.ac:5: -1- m4_pattern_forbid([^_?A[CHUM]_])
m4trace:configure.ac:5: -1- m4_pattern_forbid([_AC_])
@ -443,419 +438,436 @@ m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you h
@%:@undef HAVE_UNISTD_H])
m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DLFCN_H])
m4trace:configure.ac:10: -1- m4_pattern_allow([^HAVE_DLFCN_H$])
m4trace:configure.ac:14: -1- AC_DEFINE_TRACE_LITERAL([OPENBSD])
m4trace:configure.ac:14: -1- m4_pattern_allow([^OPENBSD$])
m4trace:configure.ac:14: -1- AH_OUTPUT([OPENBSD], [/* Define if OpenBSD */
m4trace:configure.ac:17: -1- AC_DEFINE_TRACE_LITERAL([OPENBSD])
m4trace:configure.ac:17: -1- m4_pattern_allow([^OPENBSD$])
m4trace:configure.ac:17: -1- AH_OUTPUT([OPENBSD], [/* Define if OpenBSD */
@%:@undef OPENBSD])
m4trace:configure.ac:15: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SIOCGIFMTU])
m4trace:configure.ac:15: -1- m4_pattern_allow([^BROKEN_SIOCGIFMTU$])
m4trace:configure.ac:15: -1- AH_OUTPUT([BROKEN_SIOCGIFMTU], [/* Define if BROKEN_SIOCGIFMTU */
m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SIOCGIFMTU])
m4trace:configure.ac:18: -1- m4_pattern_allow([^BROKEN_SIOCGIFMTU$])
m4trace:configure.ac:18: -1- AH_OUTPUT([BROKEN_SIOCGIFMTU], [/* Define if BROKEN_SIOCGIFMTU */
@%:@undef BROKEN_SIOCGIFMTU])
m4trace:configure.ac:19: -1- AC_DEFINE_TRACE_LITERAL([OPENBSD])
m4trace:configure.ac:19: -1- m4_pattern_allow([^OPENBSD$])
m4trace:configure.ac:19: -1- AH_OUTPUT([OPENBSD], [/* Define if OpenBSD < 2.3 */
m4trace:configure.ac:22: -1- AC_DEFINE_TRACE_LITERAL([OPENBSD])
m4trace:configure.ac:22: -1- m4_pattern_allow([^OPENBSD$])
m4trace:configure.ac:22: -1- AH_OUTPUT([OPENBSD], [/* Define if OpenBSD < 2.3 */
@%:@undef OPENBSD])
m4trace:configure.ac:23: -1- AC_DEFINE_TRACE_LITERAL([IRIX])
m4trace:configure.ac:23: -1- m4_pattern_allow([^IRIX$])
m4trace:configure.ac:23: -1- AH_OUTPUT([IRIX], [/* Define if Irix 5 */
m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([IRIX])
m4trace:configure.ac:26: -1- m4_pattern_allow([^IRIX$])
m4trace:configure.ac:26: -1- AH_OUTPUT([IRIX], [/* Define if Irix 5 */
@%:@undef IRIX])
m4trace:configure.ac:33: -1- AC_DEFINE_TRACE_LITERAL([IRIX])
m4trace:configure.ac:33: -1- m4_pattern_allow([^IRIX$])
m4trace:configure.ac:33: -1- AH_OUTPUT([IRIX], [/* Define if Irix 6 */
m4trace:configure.ac:36: -1- AC_DEFINE_TRACE_LITERAL([IRIX])
m4trace:configure.ac:36: -1- m4_pattern_allow([^IRIX$])
m4trace:configure.ac:36: -1- AH_OUTPUT([IRIX], [/* Define if Irix 6 */
@%:@undef IRIX])
m4trace:configure.ac:43: -1- AC_DEFINE_TRACE_LITERAL([SOLARIS])
m4trace:configure.ac:43: -1- m4_pattern_allow([^SOLARIS$])
m4trace:configure.ac:43: -1- AH_OUTPUT([SOLARIS], [/* Define if Solaris */
m4trace:configure.ac:46: -1- AC_DEFINE_TRACE_LITERAL([SOLARIS])
m4trace:configure.ac:46: -1- m4_pattern_allow([^SOLARIS$])
m4trace:configure.ac:46: -1- AH_OUTPUT([SOLARIS], [/* Define if Solaris */
@%:@undef SOLARIS])
m4trace:configure.ac:48: -1- AC_DEFINE_TRACE_LITERAL([SUNOS])
m4trace:configure.ac:48: -1- m4_pattern_allow([^SUNOS$])
m4trace:configure.ac:48: -1- AH_OUTPUT([SUNOS], [/* Define if SunOS */
m4trace:configure.ac:51: -1- AC_DEFINE_TRACE_LITERAL([SUNOS])
m4trace:configure.ac:51: -1- m4_pattern_allow([^SUNOS$])
m4trace:configure.ac:51: -1- AH_OUTPUT([SUNOS], [/* Define if SunOS */
@%:@undef SUNOS])
m4trace:configure.ac:53: -1- AC_DEFINE_TRACE_LITERAL([LINUX])
m4trace:configure.ac:53: -1- m4_pattern_allow([^LINUX$])
m4trace:configure.ac:53: -1- AH_OUTPUT([LINUX], [/* Define if Linux */
m4trace:configure.ac:56: -1- AC_DEFINE_TRACE_LITERAL([LINUX])
m4trace:configure.ac:56: -1- m4_pattern_allow([^LINUX$])
m4trace:configure.ac:56: -1- AH_OUTPUT([LINUX], [/* Define if Linux */
@%:@undef LINUX])
m4trace:configure.ac:55: -1- AC_DEFINE_TRACE_LITERAL([PCAP_TIMEOUT_IGNORED])
m4trace:configure.ac:55: -1- m4_pattern_allow([^PCAP_TIMEOUT_IGNORED$])
m4trace:configure.ac:55: -1- AH_OUTPUT([PCAP_TIMEOUT_IGNORED], [/* Define if pcap timeout is ignored */
m4trace:configure.ac:58: -1- AC_DEFINE_TRACE_LITERAL([PCAP_TIMEOUT_IGNORED])
m4trace:configure.ac:58: -1- m4_pattern_allow([^PCAP_TIMEOUT_IGNORED$])
m4trace:configure.ac:58: -1- AH_OUTPUT([PCAP_TIMEOUT_IGNORED], [/* Define if pcap timeout is ignored */
@%:@undef PCAP_TIMEOUT_IGNORED])
m4trace:configure.ac:56: -1- AC_SUBST([extra_incl])
m4trace:configure.ac:56: -1- AC_SUBST_TRACE([extra_incl])
m4trace:configure.ac:56: -1- m4_pattern_allow([^extra_incl$])
m4trace:configure.ac:60: -1- AC_DEFINE_TRACE_LITERAL([HPUX])
m4trace:configure.ac:60: -1- m4_pattern_allow([^HPUX$])
m4trace:configure.ac:60: -1- AH_OUTPUT([HPUX], [/* Define if HP-UX 10 or 11 */
m4trace:configure.ac:59: -1- AC_SUBST([extra_incl])
m4trace:configure.ac:59: -1- AC_SUBST_TRACE([extra_incl])
m4trace:configure.ac:59: -1- m4_pattern_allow([^extra_incl$])
m4trace:configure.ac:63: -1- AC_DEFINE_TRACE_LITERAL([HPUX])
m4trace:configure.ac:63: -1- m4_pattern_allow([^HPUX$])
m4trace:configure.ac:63: -1- AH_OUTPUT([HPUX], [/* Define if HP-UX 10 or 11 */
@%:@undef HPUX])
m4trace:configure.ac:61: -1- AC_DEFINE_TRACE_LITERAL([WORDS_BIGENDIAN])
m4trace:configure.ac:61: -1- m4_pattern_allow([^WORDS_BIGENDIAN$])
m4trace:configure.ac:61: -1- AH_OUTPUT([WORDS_BIGENDIAN], [/* Define if words are big endian */
m4trace:configure.ac:64: -1- AC_DEFINE_TRACE_LITERAL([WORDS_BIGENDIAN])
m4trace:configure.ac:64: -1- m4_pattern_allow([^WORDS_BIGENDIAN$])
m4trace:configure.ac:64: -1- AH_OUTPUT([WORDS_BIGENDIAN], [/* Define if words are big endian */
@%:@undef WORDS_BIGENDIAN])
m4trace:configure.ac:62: -1- AC_SUBST([extra_incl])
m4trace:configure.ac:62: -1- AC_SUBST_TRACE([extra_incl])
m4trace:configure.ac:62: -1- m4_pattern_allow([^extra_incl$])
m4trace:configure.ac:67: -1- AC_DEFINE_TRACE_LITERAL([FREEBSD])
m4trace:configure.ac:67: -1- m4_pattern_allow([^FREEBSD$])
m4trace:configure.ac:67: -1- AH_OUTPUT([FREEBSD], [/* Define if FreeBSD */
m4trace:configure.ac:65: -1- AC_SUBST([extra_incl])
m4trace:configure.ac:65: -1- AC_SUBST_TRACE([extra_incl])
m4trace:configure.ac:65: -1- m4_pattern_allow([^extra_incl$])
m4trace:configure.ac:70: -1- AC_DEFINE_TRACE_LITERAL([FREEBSD])
m4trace:configure.ac:70: -1- m4_pattern_allow([^FREEBSD$])
m4trace:configure.ac:70: -1- AH_OUTPUT([FREEBSD], [/* Define if FreeBSD */
@%:@undef FREEBSD])
m4trace:configure.ac:71: -1- AC_DEFINE_TRACE_LITERAL([BSDI])
m4trace:configure.ac:71: -1- m4_pattern_allow([^BSDI$])
m4trace:configure.ac:71: -1- AH_OUTPUT([BSDI], [/* Define if BSDi */
m4trace:configure.ac:74: -1- AC_DEFINE_TRACE_LITERAL([BSDI])
m4trace:configure.ac:74: -1- m4_pattern_allow([^BSDI$])
m4trace:configure.ac:74: -1- AH_OUTPUT([BSDI], [/* Define if BSDi */
@%:@undef BSDI])
m4trace:configure.ac:74: -1- AC_DEFINE_TRACE_LITERAL([AIX])
m4trace:configure.ac:74: -1- m4_pattern_allow([^AIX$])
m4trace:configure.ac:74: -1- AH_OUTPUT([AIX], [/* Define if AIX */
m4trace:configure.ac:77: -1- AC_DEFINE_TRACE_LITERAL([AIX])
m4trace:configure.ac:77: -1- m4_pattern_allow([^AIX$])
m4trace:configure.ac:77: -1- AH_OUTPUT([AIX], [/* Define if AIX */
@%:@undef AIX])
m4trace:configure.ac:77: -1- AC_DEFINE_TRACE_LITERAL([OSF1])
m4trace:configure.ac:77: -1- m4_pattern_allow([^OSF1$])
m4trace:configure.ac:77: -1- AH_OUTPUT([OSF1], [/* Define if OSF-4 */
@%:@undef OSF1])
m4trace:configure.ac:80: -1- AC_DEFINE_TRACE_LITERAL([OSF1])
m4trace:configure.ac:80: -1- m4_pattern_allow([^OSF1$])
m4trace:configure.ac:80: -1- AH_OUTPUT([OSF1], [/* Define if OSF-5.1 */
m4trace:configure.ac:80: -1- AH_OUTPUT([OSF1], [/* Define if OSF-4 */
@%:@undef OSF1])
m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([OSF1])
m4trace:configure.ac:83: -1- m4_pattern_allow([^OSF1$])
m4trace:configure.ac:83: -1- AH_OUTPUT([OSF1], [/* Define if Tru64 */
m4trace:configure.ac:83: -1- AH_OUTPUT([OSF1], [/* Define if OSF-5.1 */
@%:@undef OSF1])
m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([MACOS])
m4trace:configure.ac:87: -1- m4_pattern_allow([^MACOS$])
m4trace:configure.ac:87: -1- AH_OUTPUT([MACOS], [/* Define if MacOS */
m4trace:configure.ac:86: -1- AC_DEFINE_TRACE_LITERAL([OSF1])
m4trace:configure.ac:86: -1- m4_pattern_allow([^OSF1$])
m4trace:configure.ac:86: -1- AH_OUTPUT([OSF1], [/* Define if Tru64 */
@%:@undef OSF1])
m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([MACOS])
m4trace:configure.ac:90: -1- m4_pattern_allow([^MACOS$])
m4trace:configure.ac:90: -1- AH_OUTPUT([MACOS], [/* Define if MacOS */
@%:@undef MACOS])
m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SIOCGIFMTU])
m4trace:configure.ac:88: -1- m4_pattern_allow([^BROKEN_SIOCGIFMTU$])
m4trace:configure.ac:88: -1- AH_OUTPUT([BROKEN_SIOCGIFMTU], [/* Define if broken SIOCGIFMTU */
m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SIOCGIFMTU])
m4trace:configure.ac:91: -1- m4_pattern_allow([^BROKEN_SIOCGIFMTU$])
m4trace:configure.ac:91: -1- AH_OUTPUT([BROKEN_SIOCGIFMTU], [/* Define if broken SIOCGIFMTU */
@%:@undef BROKEN_SIOCGIFMTU])
m4trace:configure.ac:94: -1- AC_SUBST([CC])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:94: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:94: -1- AC_SUBST([CFLAGS])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([CFLAGS])
m4trace:configure.ac:94: -1- m4_pattern_allow([^CFLAGS$])
m4trace:configure.ac:94: -1- AC_SUBST([LDFLAGS])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([LDFLAGS])
m4trace:configure.ac:94: -1- m4_pattern_allow([^LDFLAGS$])
m4trace:configure.ac:94: -1- AC_SUBST([LIBS])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([LIBS])
m4trace:configure.ac:94: -1- m4_pattern_allow([^LIBS$])
m4trace:configure.ac:94: -1- AC_SUBST([CPPFLAGS])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([CPPFLAGS])
m4trace:configure.ac:94: -1- m4_pattern_allow([^CPPFLAGS$])
m4trace:configure.ac:94: -1- AC_SUBST([CC])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:94: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:94: -1- AC_SUBST([CC])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:94: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:94: -1- AC_SUBST([CC])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:94: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:94: -1- AC_SUBST([CC])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:94: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:94: -1- AC_SUBST([ac_ct_CC])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([ac_ct_CC])
m4trace:configure.ac:94: -1- m4_pattern_allow([^ac_ct_CC$])
m4trace:configure.ac:94: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([CCDEPMODE])
m4trace:configure.ac:94: -1- m4_pattern_allow([^CCDEPMODE$])
m4trace:configure.ac:94: -1- AM_CONDITIONAL([am__fastdepCC], [
m4trace:configure.ac:97: -1- AC_SUBST([CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:97: -1- AC_SUBST([CFLAGS])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CFLAGS])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CFLAGS$])
m4trace:configure.ac:97: -1- AC_SUBST([LDFLAGS])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([LDFLAGS])
m4trace:configure.ac:97: -1- m4_pattern_allow([^LDFLAGS$])
m4trace:configure.ac:97: -1- AC_SUBST([LIBS])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([LIBS])
m4trace:configure.ac:97: -1- m4_pattern_allow([^LIBS$])
m4trace:configure.ac:97: -1- AC_SUBST([CPPFLAGS])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CPPFLAGS])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CPPFLAGS$])
m4trace:configure.ac:97: -1- AC_SUBST([CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:97: -1- AC_SUBST([CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:97: -1- AC_SUBST([CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:97: -1- AC_SUBST([CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:97: -1- AC_SUBST([ac_ct_CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([ac_ct_CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^ac_ct_CC$])
m4trace:configure.ac:97: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CCDEPMODE])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CCDEPMODE$])
m4trace:configure.ac:97: -1- AM_CONDITIONAL([am__fastdepCC], [
test "x$enable_dependency_tracking" != xno \
&& test "$am_cv_CC_dependencies_compiler_type" = gcc3])
m4trace:configure.ac:94: -1- AC_SUBST([am__fastdepCC_TRUE])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
m4trace:configure.ac:94: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
m4trace:configure.ac:94: -1- AC_SUBST([am__fastdepCC_FALSE])
m4trace:configure.ac:94: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
m4trace:configure.ac:94: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
m4trace:configure.ac:94: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
m4trace:configure.ac:94: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
m4trace:configure.ac:95: -1- AC_SUBST([LN_S], [$as_ln_s])
m4trace:configure.ac:95: -1- AC_SUBST_TRACE([LN_S])
m4trace:configure.ac:95: -1- m4_pattern_allow([^LN_S$])
m4trace:configure.ac:96: -1- AC_SUBST([SET_MAKE])
m4trace:configure.ac:96: -1- AC_SUBST_TRACE([SET_MAKE])
m4trace:configure.ac:96: -1- m4_pattern_allow([^SET_MAKE$])
m4trace:configure.ac:106: -1- AC_SUBST([MYSQL], ["-lmysqlclient"])
m4trace:configure.ac:106: -1- AC_SUBST_TRACE([MYSQL])
m4trace:configure.ac:106: -1- m4_pattern_allow([^MYSQL$])
m4trace:configure.ac:106: -1- AC_DEFINE_TRACE_LITERAL([ENABLE_MYSQL])
m4trace:configure.ac:106: -1- m4_pattern_allow([^ENABLE_MYSQL$])
m4trace:configure.ac:106: -1- AH_OUTPUT([ENABLE_MYSQL], [/* Define if you want to use MySQL */
m4trace:configure.ac:97: -1- AC_SUBST([am__fastdepCC_TRUE])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
m4trace:configure.ac:97: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
m4trace:configure.ac:97: -1- AC_SUBST([am__fastdepCC_FALSE])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
m4trace:configure.ac:97: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
m4trace:configure.ac:97: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
m4trace:configure.ac:97: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
m4trace:configure.ac:98: -1- AC_SUBST([LN_S], [$as_ln_s])
m4trace:configure.ac:98: -1- AC_SUBST_TRACE([LN_S])
m4trace:configure.ac:98: -1- m4_pattern_allow([^LN_S$])
m4trace:configure.ac:99: -1- AC_SUBST([SET_MAKE])
m4trace:configure.ac:99: -1- AC_SUBST_TRACE([SET_MAKE])
m4trace:configure.ac:99: -1- m4_pattern_allow([^SET_MAKE$])
m4trace:configure.ac:109: -1- AC_SUBST([MYSQL], ["-lmysqlclient"])
m4trace:configure.ac:109: -1- AC_SUBST_TRACE([MYSQL])
m4trace:configure.ac:109: -1- m4_pattern_allow([^MYSQL$])
m4trace:configure.ac:109: -1- AC_DEFINE_TRACE_LITERAL([ENABLE_MYSQL])
m4trace:configure.ac:109: -1- m4_pattern_allow([^ENABLE_MYSQL$])
m4trace:configure.ac:109: -1- AH_OUTPUT([ENABLE_MYSQL], [/* Define if you want to use MySQL */
@%:@undef ENABLE_MYSQL])
m4trace:configure.ac:106: -1- AC_DEFINE_TRACE_LITERAL([ENABLE_DB])
m4trace:configure.ac:106: -1- m4_pattern_allow([^ENABLE_DB$])
m4trace:configure.ac:106: -1- AH_OUTPUT([ENABLE_DB], [/* Define if you want to enable database support */
m4trace:configure.ac:109: -1- AC_DEFINE_TRACE_LITERAL([ENABLE_DB])
m4trace:configure.ac:109: -1- m4_pattern_allow([^ENABLE_DB$])
m4trace:configure.ac:109: -1- AH_OUTPUT([ENABLE_DB], [/* Define if you want to enable database support */
@%:@undef ENABLE_DB])
m4trace:configure.ac:118: -1- AH_OUTPUT([HAVE_LIBPTHREAD], [/* Define to 1 if you have the `pthread\' library (-lpthread). */
m4trace:configure.ac:120: -1- AH_OUTPUT([HAVE_LIBXML2], [/* Define to 1 if you have the `xml2\' library (-lxml2). */
@%:@undef HAVE_LIBXML2])
m4trace:configure.ac:120: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXML2])
m4trace:configure.ac:120: -1- m4_pattern_allow([^HAVE_LIBXML2$])
m4trace:configure.ac:121: -1- AH_OUTPUT([HAVE_LIBPTHREAD], [/* Define to 1 if you have the `pthread\' library (-lpthread). */
@%:@undef HAVE_LIBPTHREAD])
m4trace:configure.ac:118: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPTHREAD])
m4trace:configure.ac:118: -1- m4_pattern_allow([^HAVE_LIBPTHREAD$])
m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ALLOCA_H])
m4trace:configure.ac:121: -1- m4_pattern_allow([^HAVE_ALLOCA_H$])
m4trace:configure.ac:121: -1- AH_OUTPUT([HAVE_ALLOCA_H], [/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix).
m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPTHREAD])
m4trace:configure.ac:121: -1- m4_pattern_allow([^HAVE_LIBPTHREAD$])
m4trace:configure.ac:123: -1- AC_SUBST([CORR_RULES_PREFIX], ["/etc/snort/corr_rules"])
m4trace:configure.ac:123: -1- AC_SUBST_TRACE([CORR_RULES_PREFIX])
m4trace:configure.ac:123: -1- m4_pattern_allow([^CORR_RULES_PREFIX$])
m4trace:configure.ac:123: -1- AC_SUBST([CORR_RULES_PREFIX], ["${prefix}/etc/corr_rules"])
m4trace:configure.ac:123: -1- AC_SUBST_TRACE([CORR_RULES_PREFIX])
m4trace:configure.ac:123: -1- m4_pattern_allow([^CORR_RULES_PREFIX$])
m4trace:configure.ac:129: -1- AC_SUBST([LIBXML2_INCLUDES], ["$(pkg-config --cflags libxml-2.0 2> /dev/null)"])
m4trace:configure.ac:129: -1- AC_SUBST_TRACE([LIBXML2_INCLUDES])
m4trace:configure.ac:129: -1- m4_pattern_allow([^LIBXML2_INCLUDES$])
m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ALLOCA_H])
m4trace:configure.ac:133: -1- m4_pattern_allow([^HAVE_ALLOCA_H$])
m4trace:configure.ac:133: -1- AH_OUTPUT([HAVE_ALLOCA_H], [/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix).
*/
@%:@undef HAVE_ALLOCA_H])
m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ALLOCA])
m4trace:configure.ac:121: -1- m4_pattern_allow([^HAVE_ALLOCA$])
m4trace:configure.ac:121: -1- AH_OUTPUT([HAVE_ALLOCA], [/* Define to 1 if you have `alloca\', as a function or macro. */
m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ALLOCA])
m4trace:configure.ac:133: -1- m4_pattern_allow([^HAVE_ALLOCA$])
m4trace:configure.ac:133: -1- AH_OUTPUT([HAVE_ALLOCA], [/* Define to 1 if you have `alloca\', as a function or macro. */
@%:@undef HAVE_ALLOCA])
m4trace:configure.ac:121: -1- AC_LIBSOURCE([alloca.c])
m4trace:configure.ac:121: -1- AC_SUBST([ALLOCA], [\${LIBOBJDIR}alloca.$ac_objext])
m4trace:configure.ac:121: -1- AC_SUBST_TRACE([ALLOCA])
m4trace:configure.ac:121: -1- m4_pattern_allow([^ALLOCA$])
m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([C_ALLOCA])
m4trace:configure.ac:121: -1- m4_pattern_allow([^C_ALLOCA$])
m4trace:configure.ac:121: -1- AH_OUTPUT([C_ALLOCA], [/* Define to 1 if using `alloca.c\'. */
m4trace:configure.ac:133: -1- AC_LIBSOURCE([alloca.c])
m4trace:configure.ac:133: -1- AC_SUBST([ALLOCA], [\${LIBOBJDIR}alloca.$ac_objext])
m4trace:configure.ac:133: -1- AC_SUBST_TRACE([ALLOCA])
m4trace:configure.ac:133: -1- m4_pattern_allow([^ALLOCA$])
m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([C_ALLOCA])
m4trace:configure.ac:133: -1- m4_pattern_allow([^C_ALLOCA$])
m4trace:configure.ac:133: -1- AH_OUTPUT([C_ALLOCA], [/* Define to 1 if using `alloca.c\'. */
@%:@undef C_ALLOCA])
m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([CRAY_STACKSEG_END])
m4trace:configure.ac:121: -1- m4_pattern_allow([^CRAY_STACKSEG_END$])
m4trace:configure.ac:121: -1- AH_OUTPUT([CRAY_STACKSEG_END], [/* Define to one of `_getb67\', `GETB67\', `getb67\' for Cray-2 and Cray-YMP
m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([CRAY_STACKSEG_END])
m4trace:configure.ac:133: -1- m4_pattern_allow([^CRAY_STACKSEG_END$])
m4trace:configure.ac:133: -1- AH_OUTPUT([CRAY_STACKSEG_END], [/* Define to one of `_getb67\', `GETB67\', `getb67\' for Cray-2 and Cray-YMP
systems. This function is required for `alloca.c\' support on those systems.
*/
@%:@undef CRAY_STACKSEG_END])
m4trace:configure.ac:121: -1- AH_OUTPUT([STACK_DIRECTION], [/* If using the C implementation of alloca, define if you know the
m4trace:configure.ac:133: -1- AH_OUTPUT([STACK_DIRECTION], [/* If using the C implementation of alloca, define if you know the
direction of stack growth for your system; otherwise it will be
automatically deduced at runtime.
STACK_DIRECTION > 0 => grows toward higher addresses
STACK_DIRECTION < 0 => grows toward lower addresses
STACK_DIRECTION = 0 => direction of growth unknown */
@%:@undef STACK_DIRECTION])
m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([STACK_DIRECTION])
m4trace:configure.ac:121: -1- m4_pattern_allow([^STACK_DIRECTION$])
m4trace:configure.ac:122: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([STACK_DIRECTION])
m4trace:configure.ac:133: -1- m4_pattern_allow([^STACK_DIRECTION$])
m4trace:configure.ac:134: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
@%:@undef HAVE_INTTYPES_H])
m4trace:configure.ac:122: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
m4trace:configure.ac:134: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
@%:@undef HAVE_LIMITS_H])
m4trace:configure.ac:122: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
m4trace:configure.ac:134: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
@%:@undef HAVE_STDDEF_H])
m4trace:configure.ac:122: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
m4trace:configure.ac:134: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:122: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
m4trace:configure.ac:134: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
@%:@undef HAVE_STRING_H])
m4trace:configure.ac:122: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
m4trace:configure.ac:134: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
@%:@undef HAVE_UNISTD_H])
m4trace:configure.ac:122: -1- AH_OUTPUT([HAVE_WCHAR_H], [/* Define to 1 if you have the <wchar.h> header file. */
m4trace:configure.ac:134: -1- AH_OUTPUT([HAVE_WCHAR_H], [/* Define to 1 if you have the <wchar.h> header file. */
@%:@undef HAVE_WCHAR_H])
m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT8_T])
m4trace:configure.ac:125: -1- m4_pattern_allow([^HAVE_U_INT8_T$])
m4trace:configure.ac:125: -1- AH_OUTPUT([HAVE_U_INT8_T], [/* Define to 1 if the system has the type `u_int8_t\'. */
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT8_T])
m4trace:configure.ac:137: -1- m4_pattern_allow([^HAVE_U_INT8_T$])
m4trace:configure.ac:137: -1- AH_OUTPUT([HAVE_U_INT8_T], [/* Define to 1 if the system has the type `u_int8_t\'. */
@%:@undef HAVE_U_INT8_T])
m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT16_T])
m4trace:configure.ac:125: -1- m4_pattern_allow([^HAVE_U_INT16_T$])
m4trace:configure.ac:125: -1- AH_OUTPUT([HAVE_U_INT16_T], [/* Define to 1 if the system has the type `u_int16_t\'. */
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT16_T])
m4trace:configure.ac:137: -1- m4_pattern_allow([^HAVE_U_INT16_T$])
m4trace:configure.ac:137: -1- AH_OUTPUT([HAVE_U_INT16_T], [/* Define to 1 if the system has the type `u_int16_t\'. */
@%:@undef HAVE_U_INT16_T])
m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT32_T])
m4trace:configure.ac:125: -1- m4_pattern_allow([^HAVE_U_INT32_T$])
m4trace:configure.ac:125: -1- AH_OUTPUT([HAVE_U_INT32_T], [/* Define to 1 if the system has the type `u_int32_t\'. */
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT32_T])
m4trace:configure.ac:137: -1- m4_pattern_allow([^HAVE_U_INT32_T$])
m4trace:configure.ac:137: -1- AH_OUTPUT([HAVE_U_INT32_T], [/* Define to 1 if the system has the type `u_int32_t\'. */
@%:@undef HAVE_U_INT32_T])
m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
m4trace:configure.ac:125: -1- m4_pattern_allow([^HAVE_U_INT64_T$])
m4trace:configure.ac:125: -1- AH_OUTPUT([HAVE_U_INT64_T], [/* Define to 1 if the system has the type `u_int64_t\'. */
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
m4trace:configure.ac:137: -1- m4_pattern_allow([^HAVE_U_INT64_T$])
m4trace:configure.ac:137: -1- AH_OUTPUT([HAVE_U_INT64_T], [/* Define to 1 if the system has the type `u_int64_t\'. */
@%:@undef HAVE_U_INT64_T])
m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT8_T])
m4trace:configure.ac:125: -1- m4_pattern_allow([^HAVE_UINT8_T$])
m4trace:configure.ac:125: -1- AH_OUTPUT([HAVE_UINT8_T], [/* Define to 1 if the system has the type `uint8_t\'. */
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT8_T])
m4trace:configure.ac:137: -1- m4_pattern_allow([^HAVE_UINT8_T$])
m4trace:configure.ac:137: -1- AH_OUTPUT([HAVE_UINT8_T], [/* Define to 1 if the system has the type `uint8_t\'. */
@%:@undef HAVE_UINT8_T])
m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT16_T])
m4trace:configure.ac:125: -1- m4_pattern_allow([^HAVE_UINT16_T$])
m4trace:configure.ac:125: -1- AH_OUTPUT([HAVE_UINT16_T], [/* Define to 1 if the system has the type `uint16_t\'. */
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT16_T])
m4trace:configure.ac:137: -1- m4_pattern_allow([^HAVE_UINT16_T$])
m4trace:configure.ac:137: -1- AH_OUTPUT([HAVE_UINT16_T], [/* Define to 1 if the system has the type `uint16_t\'. */
@%:@undef HAVE_UINT16_T])
m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT32_T])
m4trace:configure.ac:125: -1- m4_pattern_allow([^HAVE_UINT32_T$])
m4trace:configure.ac:125: -1- AH_OUTPUT([HAVE_UINT32_T], [/* Define to 1 if the system has the type `uint32_t\'. */
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT32_T])
m4trace:configure.ac:137: -1- m4_pattern_allow([^HAVE_UINT32_T$])
m4trace:configure.ac:137: -1- AH_OUTPUT([HAVE_UINT32_T], [/* Define to 1 if the system has the type `uint32_t\'. */
@%:@undef HAVE_UINT32_T])
m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT64_T])
m4trace:configure.ac:125: -1- m4_pattern_allow([^HAVE_UINT64_T$])
m4trace:configure.ac:125: -1- AH_OUTPUT([HAVE_UINT64_T], [/* Define to 1 if the system has the type `uint64_t\'. */
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT64_T])
m4trace:configure.ac:137: -1- m4_pattern_allow([^HAVE_UINT64_T$])
m4trace:configure.ac:137: -1- AH_OUTPUT([HAVE_UINT64_T], [/* Define to 1 if the system has the type `uint64_t\'. */
@%:@undef HAVE_UINT64_T])
m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT8_T])
m4trace:configure.ac:126: -1- m4_pattern_allow([^HAVE_INT8_T$])
m4trace:configure.ac:126: -1- AH_OUTPUT([HAVE_INT8_T], [/* Define to 1 if the system has the type `int8_t\'. */
m4trace:configure.ac:138: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT8_T])
m4trace:configure.ac:138: -1- m4_pattern_allow([^HAVE_INT8_T$])
m4trace:configure.ac:138: -1- AH_OUTPUT([HAVE_INT8_T], [/* Define to 1 if the system has the type `int8_t\'. */
@%:@undef HAVE_INT8_T])
m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT16_T])
m4trace:configure.ac:126: -1- m4_pattern_allow([^HAVE_INT16_T$])
m4trace:configure.ac:126: -1- AH_OUTPUT([HAVE_INT16_T], [/* Define to 1 if the system has the type `int16_t\'. */
m4trace:configure.ac:138: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT16_T])
m4trace:configure.ac:138: -1- m4_pattern_allow([^HAVE_INT16_T$])
m4trace:configure.ac:138: -1- AH_OUTPUT([HAVE_INT16_T], [/* Define to 1 if the system has the type `int16_t\'. */
@%:@undef HAVE_INT16_T])
m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT32_T])
m4trace:configure.ac:126: -1- m4_pattern_allow([^HAVE_INT32_T$])
m4trace:configure.ac:126: -1- AH_OUTPUT([HAVE_INT32_T], [/* Define to 1 if the system has the type `int32_t\'. */
m4trace:configure.ac:138: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT32_T])
m4trace:configure.ac:138: -1- m4_pattern_allow([^HAVE_INT32_T$])
m4trace:configure.ac:138: -1- AH_OUTPUT([HAVE_INT32_T], [/* Define to 1 if the system has the type `int32_t\'. */
@%:@undef HAVE_INT32_T])
m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
m4trace:configure.ac:126: -1- m4_pattern_allow([^HAVE_INT64_T$])
m4trace:configure.ac:126: -1- AH_OUTPUT([HAVE_INT64_T], [/* Define to 1 if the system has the type `int64_t\'. */
m4trace:configure.ac:138: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
m4trace:configure.ac:138: -1- m4_pattern_allow([^HAVE_INT64_T$])
m4trace:configure.ac:138: -1- AH_OUTPUT([HAVE_INT64_T], [/* Define to 1 if the system has the type `int64_t\'. */
@%:@undef HAVE_INT64_T])
m4trace:configure.ac:129: -1- AC_DEFINE_TRACE_LITERAL([HAVE__BOOL])
m4trace:configure.ac:129: -1- m4_pattern_allow([^HAVE__BOOL$])
m4trace:configure.ac:129: -1- AH_OUTPUT([HAVE__BOOL], [/* Define to 1 if the system has the type `_Bool\'. */
m4trace:configure.ac:141: -1- AC_DEFINE_TRACE_LITERAL([HAVE__BOOL])
m4trace:configure.ac:141: -1- m4_pattern_allow([^HAVE__BOOL$])
m4trace:configure.ac:141: -1- AH_OUTPUT([HAVE__BOOL], [/* Define to 1 if the system has the type `_Bool\'. */
@%:@undef HAVE__BOOL])
m4trace:configure.ac:129: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDBOOL_H])
m4trace:configure.ac:129: -1- m4_pattern_allow([^HAVE_STDBOOL_H$])
m4trace:configure.ac:129: -1- AH_OUTPUT([HAVE_STDBOOL_H], [/* Define to 1 if stdbool.h conforms to C99. */
m4trace:configure.ac:141: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDBOOL_H])
m4trace:configure.ac:141: -1- m4_pattern_allow([^HAVE_STDBOOL_H$])
m4trace:configure.ac:141: -1- AH_OUTPUT([HAVE_STDBOOL_H], [/* Define to 1 if stdbool.h conforms to C99. */
@%:@undef HAVE_STDBOOL_H])
m4trace:configure.ac:130: -1- AC_DEFINE_TRACE_LITERAL([size_t])
m4trace:configure.ac:130: -1- m4_pattern_allow([^size_t$])
m4trace:configure.ac:130: -1- AH_OUTPUT([size_t], [/* Define to `unsigned int\' if <sys/types.h> does not define. */
m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([size_t])
m4trace:configure.ac:142: -1- m4_pattern_allow([^size_t$])
m4trace:configure.ac:142: -1- AH_OUTPUT([size_t], [/* Define to `unsigned int\' if <sys/types.h> does not define. */
@%:@undef size_t])
m4trace:configure.ac:131: -1- AC_DEFINE_TRACE_LITERAL([uint16_t])
m4trace:configure.ac:131: -1- m4_pattern_allow([^uint16_t$])
m4trace:configure.ac:131: -1- AH_OUTPUT([uint16_t], [/* Define to the type of an unsigned integer type of width exactly 16 bits if
m4trace:configure.ac:143: -1- AC_DEFINE_TRACE_LITERAL([uint16_t])
m4trace:configure.ac:143: -1- m4_pattern_allow([^uint16_t$])
m4trace:configure.ac:143: -1- AH_OUTPUT([uint16_t], [/* Define to the type of an unsigned integer type of width exactly 16 bits if
such a type exists and the standard includes do not define it. */
@%:@undef uint16_t])
m4trace:configure.ac:132: -1- AC_DEFINE_TRACE_LITERAL([_UINT32_T])
m4trace:configure.ac:132: -1- m4_pattern_allow([^_UINT32_T$])
m4trace:configure.ac:132: -1- AH_OUTPUT([_UINT32_T], [/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
m4trace:configure.ac:144: -1- AC_DEFINE_TRACE_LITERAL([_UINT32_T])
m4trace:configure.ac:144: -1- m4_pattern_allow([^_UINT32_T$])
m4trace:configure.ac:144: -1- AH_OUTPUT([_UINT32_T], [/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
@%:@define below would cause a syntax error. */
@%:@undef _UINT32_T])
m4trace:configure.ac:132: -1- AC_DEFINE_TRACE_LITERAL([uint32_t])
m4trace:configure.ac:132: -1- m4_pattern_allow([^uint32_t$])
m4trace:configure.ac:132: -1- AH_OUTPUT([uint32_t], [/* Define to the type of an unsigned integer type of width exactly 32 bits if
m4trace:configure.ac:144: -1- AC_DEFINE_TRACE_LITERAL([uint32_t])
m4trace:configure.ac:144: -1- m4_pattern_allow([^uint32_t$])
m4trace:configure.ac:144: -1- AH_OUTPUT([uint32_t], [/* Define to the type of an unsigned integer type of width exactly 32 bits if
such a type exists and the standard includes do not define it. */
@%:@undef uint32_t])
m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([_UINT8_T])
m4trace:configure.ac:133: -1- m4_pattern_allow([^_UINT8_T$])
m4trace:configure.ac:133: -1- AH_OUTPUT([_UINT8_T], [/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
m4trace:configure.ac:145: -1- AC_DEFINE_TRACE_LITERAL([_UINT8_T])
m4trace:configure.ac:145: -1- m4_pattern_allow([^_UINT8_T$])
m4trace:configure.ac:145: -1- AH_OUTPUT([_UINT8_T], [/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
@%:@define below would cause a syntax error. */
@%:@undef _UINT8_T])
m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([uint8_t])
m4trace:configure.ac:133: -1- m4_pattern_allow([^uint8_t$])
m4trace:configure.ac:133: -1- AH_OUTPUT([uint8_t], [/* Define to the type of an unsigned integer type of width exactly 8 bits if
m4trace:configure.ac:145: -1- AC_DEFINE_TRACE_LITERAL([uint8_t])
m4trace:configure.ac:145: -1- m4_pattern_allow([^uint8_t$])
m4trace:configure.ac:145: -1- AH_OUTPUT([uint8_t], [/* Define to the type of an unsigned integer type of width exactly 8 bits if
such a type exists and the standard includes do not define it. */
@%:@undef uint8_t])
m4trace:configure.ac:134: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PTRDIFF_T])
m4trace:configure.ac:134: -1- m4_pattern_allow([^HAVE_PTRDIFF_T$])
m4trace:configure.ac:134: -1- AH_OUTPUT([HAVE_PTRDIFF_T], [/* Define to 1 if the system has the type `ptrdiff_t\'. */
m4trace:configure.ac:146: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PTRDIFF_T])
m4trace:configure.ac:146: -1- m4_pattern_allow([^HAVE_PTRDIFF_T$])
m4trace:configure.ac:146: -1- AH_OUTPUT([HAVE_PTRDIFF_T], [/* Define to 1 if the system has the type `ptrdiff_t\'. */
@%:@undef HAVE_PTRDIFF_T])
m4trace:configure.ac:137: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
m4trace:configure.ac:149: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDLIB_H])
m4trace:configure.ac:137: -1- m4_pattern_allow([^HAVE_STDLIB_H$])
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MALLOC])
m4trace:configure.ac:137: -1- m4_pattern_allow([^HAVE_MALLOC$])
m4trace:configure.ac:137: -1- AH_OUTPUT([HAVE_MALLOC], [/* Define to 1 if your system has a GNU libc compatible `malloc\' function, and
m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDLIB_H])
m4trace:configure.ac:149: -1- m4_pattern_allow([^HAVE_STDLIB_H$])
m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MALLOC])
m4trace:configure.ac:149: -1- m4_pattern_allow([^HAVE_MALLOC$])
m4trace:configure.ac:149: -1- AH_OUTPUT([HAVE_MALLOC], [/* Define to 1 if your system has a GNU libc compatible `malloc\' function, and
to 0 otherwise. */
@%:@undef HAVE_MALLOC])
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MALLOC])
m4trace:configure.ac:137: -1- m4_pattern_allow([^HAVE_MALLOC$])
m4trace:configure.ac:137: -1- AC_LIBSOURCE([malloc.c])
m4trace:configure.ac:137: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS malloc.$ac_objext"])
m4trace:configure.ac:137: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:137: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([malloc])
m4trace:configure.ac:137: -1- m4_pattern_allow([^malloc$])
m4trace:configure.ac:137: -1- AH_OUTPUT([malloc], [/* Define to rpl_malloc if the replacement function should be used. */
m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MALLOC])
m4trace:configure.ac:149: -1- m4_pattern_allow([^HAVE_MALLOC$])
m4trace:configure.ac:149: -1- AC_LIBSOURCE([malloc.c])
m4trace:configure.ac:149: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS malloc.$ac_objext"])
m4trace:configure.ac:149: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:149: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([malloc])
m4trace:configure.ac:149: -1- m4_pattern_allow([^malloc$])
m4trace:configure.ac:149: -1- AH_OUTPUT([malloc], [/* Define to rpl_malloc if the replacement function should be used. */
@%:@undef malloc])
m4trace:configure.ac:138: -1- AC_DEFINE_TRACE_LITERAL([TIME_WITH_SYS_TIME])
m4trace:configure.ac:138: -1- m4_pattern_allow([^TIME_WITH_SYS_TIME$])
m4trace:configure.ac:138: -1- AH_OUTPUT([TIME_WITH_SYS_TIME], [/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
m4trace:configure.ac:150: -1- AC_DEFINE_TRACE_LITERAL([TIME_WITH_SYS_TIME])
m4trace:configure.ac:150: -1- m4_pattern_allow([^TIME_WITH_SYS_TIME$])
m4trace:configure.ac:150: -1- AH_OUTPUT([TIME_WITH_SYS_TIME], [/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
@%:@undef TIME_WITH_SYS_TIME])
m4trace:configure.ac:138: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
m4trace:configure.ac:150: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
@%:@undef HAVE_SYS_TIME_H])
m4trace:configure.ac:138: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
m4trace:configure.ac:150: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
@%:@undef HAVE_UNISTD_H])
m4trace:configure.ac:138: -1- AH_OUTPUT([HAVE_ALARM], [/* Define to 1 if you have the `alarm\' function. */
m4trace:configure.ac:150: -1- AH_OUTPUT([HAVE_ALARM], [/* Define to 1 if you have the `alarm\' function. */
@%:@undef HAVE_ALARM])
m4trace:configure.ac:138: -1- AC_LIBSOURCE([mktime.c])
m4trace:configure.ac:138: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS mktime.$ac_objext"])
m4trace:configure.ac:138: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:138: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:139: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
m4trace:configure.ac:150: -1- AC_LIBSOURCE([mktime.c])
m4trace:configure.ac:150: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS mktime.$ac_objext"])
m4trace:configure.ac:150: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:150: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:151: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDLIB_H])
m4trace:configure.ac:139: -1- m4_pattern_allow([^HAVE_STDLIB_H$])
m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOC])
m4trace:configure.ac:139: -1- m4_pattern_allow([^HAVE_REALLOC$])
m4trace:configure.ac:139: -1- AH_OUTPUT([HAVE_REALLOC], [/* Define to 1 if your system has a GNU libc compatible `realloc\' function,
m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDLIB_H])
m4trace:configure.ac:151: -1- m4_pattern_allow([^HAVE_STDLIB_H$])
m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOC])
m4trace:configure.ac:151: -1- m4_pattern_allow([^HAVE_REALLOC$])
m4trace:configure.ac:151: -1- AH_OUTPUT([HAVE_REALLOC], [/* Define to 1 if your system has a GNU libc compatible `realloc\' function,
and to 0 otherwise. */
@%:@undef HAVE_REALLOC])
m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOC])
m4trace:configure.ac:139: -1- m4_pattern_allow([^HAVE_REALLOC$])
m4trace:configure.ac:139: -1- AC_LIBSOURCE([realloc.c])
m4trace:configure.ac:139: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS realloc.$ac_objext"])
m4trace:configure.ac:139: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:139: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([realloc])
m4trace:configure.ac:139: -1- m4_pattern_allow([^realloc$])
m4trace:configure.ac:139: -1- AH_OUTPUT([realloc], [/* Define to rpl_realloc if the replacement function should be used. */
m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOC])
m4trace:configure.ac:151: -1- m4_pattern_allow([^HAVE_REALLOC$])
m4trace:configure.ac:151: -1- AC_LIBSOURCE([realloc.c])
m4trace:configure.ac:151: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS realloc.$ac_objext"])
m4trace:configure.ac:151: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:151: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([realloc])
m4trace:configure.ac:151: -1- m4_pattern_allow([^realloc$])
m4trace:configure.ac:151: -1- AH_OUTPUT([realloc], [/* Define to rpl_realloc if the replacement function should be used. */
@%:@undef realloc])
m4trace:configure.ac:140: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the `memmove\' function. */
m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the `memmove\' function. */
@%:@undef HAVE_MEMMOVE])
m4trace:configure.ac:140: -1- AH_OUTPUT([HAVE_MEMSET], [/* Define to 1 if you have the `memset\' function. */
m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_MEMSET], [/* Define to 1 if you have the `memset\' function. */
@%:@undef HAVE_MEMSET])
m4trace:configure.ac:140: -1- AH_OUTPUT([HAVE_REGCOMP], [/* Define to 1 if you have the `regcomp\' function. */
m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_REGCOMP], [/* Define to 1 if you have the `regcomp\' function. */
@%:@undef HAVE_REGCOMP])
m4trace:configure.ac:140: -1- AH_OUTPUT([HAVE_STRCASECMP], [/* Define to 1 if you have the `strcasecmp\' function. */
m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_STRCASECMP], [/* Define to 1 if you have the `strcasecmp\' function. */
@%:@undef HAVE_STRCASECMP])
m4trace:configure.ac:140: -1- AH_OUTPUT([HAVE_STRDUP], [/* Define to 1 if you have the `strdup\' function. */
m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_STRDUP], [/* Define to 1 if you have the `strdup\' function. */
@%:@undef HAVE_STRDUP])
m4trace:configure.ac:140: -1- AH_OUTPUT([HAVE_STRSTR], [/* Define to 1 if you have the `strstr\' function. */
m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_STRSTR], [/* Define to 1 if you have the `strstr\' function. */
@%:@undef HAVE_STRSTR])
m4trace:configure.ac:140: -1- AH_OUTPUT([HAVE_STRTOL], [/* Define to 1 if you have the `strtol\' function. */
m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_STRTOL], [/* Define to 1 if you have the `strtol\' function. */
@%:@undef HAVE_STRTOL])
m4trace:configure.ac:140: -1- AH_OUTPUT([HAVE_STRTOUL], [/* Define to 1 if you have the `strtoul\' function. */
m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_STRTOUL], [/* Define to 1 if you have the `strtoul\' function. */
@%:@undef HAVE_STRTOUL])
m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([VERSION])
m4trace:configure.ac:142: -1- m4_pattern_allow([^VERSION$])
m4trace:configure.ac:142: -1- AH_OUTPUT([VERSION], [/* Module version */
m4trace:configure.ac:154: -1- AC_DEFINE_TRACE_LITERAL([VERSION])
m4trace:configure.ac:154: -1- m4_pattern_allow([^VERSION$])
m4trace:configure.ac:154: -1- AH_OUTPUT([VERSION], [/* Module version */
@%:@undef VERSION])
m4trace:configure.ac:143: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE])
m4trace:configure.ac:143: -1- m4_pattern_allow([^PACKAGE$])
m4trace:configure.ac:143: -1- AH_OUTPUT([PACKAGE], [/* Package name */
m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE])
m4trace:configure.ac:155: -1- m4_pattern_allow([^PACKAGE$])
m4trace:configure.ac:155: -1- AH_OUTPUT([PACKAGE], [/* Package name */
@%:@undef PACKAGE])
m4trace:configure.ac:144: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
m4trace:configure.ac:144: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
m4trace:configure.ac:144: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Bug report address */
m4trace:configure.ac:156: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
m4trace:configure.ac:156: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
m4trace:configure.ac:156: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Bug report address */
@%:@undef PACKAGE_BUGREPORT])
m4trace:configure.ac:145: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
m4trace:configure.ac:145: -1- m4_pattern_allow([^PACKAGE_NAME$])
m4trace:configure.ac:145: -1- AH_OUTPUT([PACKAGE_NAME], [/* Package full name */
m4trace:configure.ac:157: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
m4trace:configure.ac:157: -1- m4_pattern_allow([^PACKAGE_NAME$])
m4trace:configure.ac:157: -1- AH_OUTPUT([PACKAGE_NAME], [/* Package full name */
@%:@undef PACKAGE_NAME])
m4trace:configure.ac:146: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
m4trace:configure.ac:146: -1- m4_pattern_allow([^PACKAGE_STRING$])
m4trace:configure.ac:146: -1- AH_OUTPUT([PACKAGE_STRING], [/* Package string */
m4trace:configure.ac:158: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
m4trace:configure.ac:158: -1- m4_pattern_allow([^PACKAGE_STRING$])
m4trace:configure.ac:158: -1- AH_OUTPUT([PACKAGE_STRING], [/* Package string */
@%:@undef PACKAGE_STRING])
m4trace:configure.ac:147: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
m4trace:configure.ac:147: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
m4trace:configure.ac:147: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Package tarname */
m4trace:configure.ac:159: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
m4trace:configure.ac:159: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
m4trace:configure.ac:159: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Package tarname */
@%:@undef PACKAGE_TARNAME])
m4trace:configure.ac:148: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
m4trace:configure.ac:148: -1- m4_pattern_allow([^PACKAGE_VERSION$])
m4trace:configure.ac:148: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Package version */
m4trace:configure.ac:160: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
m4trace:configure.ac:160: -1- m4_pattern_allow([^PACKAGE_VERSION$])
m4trace:configure.ac:160: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Package version */
@%:@undef PACKAGE_VERSION])
m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([SUP_IP6])
m4trace:configure.ac:149: -1- m4_pattern_allow([^SUP_IP6$])
m4trace:configure.ac:149: -1- AH_OUTPUT([SUP_IP6], [/* Use SUP_IP6 */
m4trace:configure.ac:161: -1- AC_DEFINE_TRACE_LITERAL([SUP_IP6])
m4trace:configure.ac:161: -1- m4_pattern_allow([^SUP_IP6$])
m4trace:configure.ac:161: -1- AH_OUTPUT([SUP_IP6], [/* Use SUP_IP6 */
@%:@undef SUP_IP6])
m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([HAVE_VISIBILITY])
m4trace:configure.ac:151: -1- m4_pattern_allow([^HAVE_VISIBILITY$])
m4trace:configure.ac:151: -1- AH_OUTPUT([HAVE_VISIBILITY], [/* Check if the compiler supports visibility */
m4trace:configure.ac:163: -1- AC_DEFINE_TRACE_LITERAL([HAVE_VISIBILITY])
m4trace:configure.ac:163: -1- m4_pattern_allow([^HAVE_VISIBILITY$])
m4trace:configure.ac:163: -1- AH_OUTPUT([HAVE_VISIBILITY], [/* Check if the compiler supports visibility */
@%:@undef HAVE_VISIBILITY])
m4trace:configure.ac:153: -1- AC_CONFIG_FILES([Makefile])
m4trace:configure.ac:154: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:154: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:154: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([LTLIBOBJS])
m4trace:configure.ac:154: -1- m4_pattern_allow([^LTLIBOBJS$])
m4trace:configure.ac:154: -1- AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])
m4trace:configure.ac:154: -1- AC_SUBST([am__EXEEXT_TRUE])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([am__EXEEXT_TRUE])
m4trace:configure.ac:154: -1- m4_pattern_allow([^am__EXEEXT_TRUE$])
m4trace:configure.ac:154: -1- AC_SUBST([am__EXEEXT_FALSE])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([am__EXEEXT_FALSE])
m4trace:configure.ac:154: -1- m4_pattern_allow([^am__EXEEXT_FALSE$])
m4trace:configure.ac:154: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_TRUE])
m4trace:configure.ac:154: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_FALSE])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([top_builddir])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([top_build_prefix])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([srcdir])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([abs_srcdir])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([top_srcdir])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([abs_top_srcdir])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([builddir])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([abs_builddir])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([abs_top_builddir])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([INSTALL])
m4trace:configure.ac:154: -1- AC_SUBST_TRACE([MKDIR_P])
m4trace:configure.ac:154: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
m4trace:configure.ac:164: -1- AC_DEFINE_TRACE_LITERAL([PREFIX])
m4trace:configure.ac:164: -1- m4_pattern_allow([^PREFIX$])
m4trace:configure.ac:164: -1- AH_OUTPUT([PREFIX], [/* Installation prefix */
@%:@undef PREFIX])
m4trace:configure.ac:166: -1- AC_CONFIG_FILES([Makefile])
m4trace:configure.ac:167: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:167: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:167: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([LTLIBOBJS])
m4trace:configure.ac:167: -1- m4_pattern_allow([^LTLIBOBJS$])
m4trace:configure.ac:167: -1- AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])
m4trace:configure.ac:167: -1- AC_SUBST([am__EXEEXT_TRUE])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([am__EXEEXT_TRUE])
m4trace:configure.ac:167: -1- m4_pattern_allow([^am__EXEEXT_TRUE$])
m4trace:configure.ac:167: -1- AC_SUBST([am__EXEEXT_FALSE])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([am__EXEEXT_FALSE])
m4trace:configure.ac:167: -1- m4_pattern_allow([^am__EXEEXT_FALSE$])
m4trace:configure.ac:167: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_TRUE])
m4trace:configure.ac:167: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_FALSE])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([top_builddir])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([top_build_prefix])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([srcdir])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([abs_srcdir])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([top_srcdir])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([abs_top_srcdir])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([builddir])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([abs_builddir])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([abs_top_builddir])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([INSTALL])
m4trace:configure.ac:167: -1- AC_SUBST_TRACE([MKDIR_P])
m4trace:configure.ac:167: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])

77
cluster.c
View File

@ -162,25 +162,6 @@ _hierarchy_node_append ( hierarchy_node *parent, hierarchy_node *child )
} /* ----- end of function _hierarchy_node_append ----- */
/* PRIVATE void */
/* _hierarchy_node_free ( hierarchy_node *n ) */
/* { */
/* int i; */
/* */
/* if ( !n ) */
/* return; */
/* */
/* for ( i=0; i < n->nchildren; i++ ) */
/* { */
/* if ( n->children[i] ) */
/* _hierarchy_node_free ( n->children[i] ); */
/* } */
/* */
/* free ( n ); */
/* n = NULL; */
/* } */
/**
* \brief Get the minimum node in a hierarchy tree that matches a certain value
* \param val Value to be matched in the range
@ -400,7 +381,6 @@ _AI_cluster_thread ( void* arg )
continue;
}
FILE *fp = fopen ( "/home/blacklight/LOG", "a" );
has_small_clusters = true;
for ( tmp = alert_log, alert_count=0; tmp; tmp = tmp->next, alert_count++ )
@ -440,6 +420,7 @@ _AI_cluster_thread ( void* arg )
break;
default:
pthread_exit (( void* ) 0 );
return (void*) 0;
}
@ -462,7 +443,8 @@ _AI_cluster_thread ( void* arg )
alert_count -= _AI_merge_alerts ( &alert_log );
while ( has_small_clusters && alert_count > cluster_min_size )
/* while ( has_small_clusters && alert_count > cluster_min_size ) */
do
{
old_alert_count = alert_count;
minval = INT_MAX;
@ -484,7 +466,7 @@ _AI_cluster_thread ( void* arg )
/* For all the alerts, the corresponing clustering value is the parent of the current one in the hierarchy */
for ( tmp = alert_log; tmp; tmp = tmp->next )
{
if ( tmp->h_node[best_type] )
if ( tmp->grouped_alarms_count < cluster_min_size && tmp->h_node[best_type] )
{
if ( tmp->h_node[best_type]->parent )
{
@ -495,9 +477,9 @@ _AI_cluster_thread ( void* arg )
alert_count -= _AI_merge_alerts ( &alert_log );
if ( old_alert_count == alert_count )
break;
}
/* if ( old_alert_count == alert_count ) */
/* break; */
} while ( old_alert_count != alert_count );
if ( !( cluster_fp = fopen ( _config->clusterfile, "w" )) )
{
@ -507,8 +489,6 @@ _AI_cluster_thread ( void* arg )
_AI_print_clustered_alerts ( alert_log, cluster_fp );
fclose ( cluster_fp );
fclose ( fp );
}
pthread_exit ((void*) 0 );
@ -630,5 +610,48 @@ AI_hierarchies_build ( AI_config *conf, hierarchy_node **nodes, int n_nodes )
}
} /* ----- end of function AI_hierarchies_build ----- */
/**
* \brief Return a copy of the clustered alerts
* \return An AI_snort_alert pointer identifying the list of clustered alerts
*/
PRIVATE AI_snort_alert*
_AI_copy_clustered_alerts ( AI_snort_alert *node )
{
AI_snort_alert *current = NULL, *next = NULL;
if ( !node )
{
return NULL;
}
if ( node->next )
{
next = _AI_copy_clustered_alerts ( node->next );
}
if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) ))
{
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ );
}
memcpy ( current, node, sizeof ( AI_snort_alert ));
current->next = next;
return current;
} /* ----- end of function _AI_copy_clustered_alerts ----- */
/**
* \brief Return the alerts parsed so far as a linked list
* \return An AI_snort_alert pointer identifying the list of clustered alerts
*/
AI_snort_alert*
AI_get_clustered_alerts ()
{
return _AI_copy_clustered_alerts ( alert_log );
} /* ----- end of function AI_get_clustered_alerts ----- */
/** @} */

6
config.h.in
View File

@ -57,6 +57,9 @@
/* Define to 1 if you have the `pthread' library (-lpthread). */
#undef HAVE_LIBPTHREAD
/* Define to 1 if you have the `xml2' library (-lxml2). */
#undef HAVE_LIBXML2
/* Define to 1 if you have the <limits.h> header file. */
#undef HAVE_LIMITS_H
@ -207,6 +210,9 @@
/* Define if pcap timeout is ignored */
#undef PCAP_TIMEOUT_IGNORED
/* Installation prefix */
#undef PREFIX
/* Define if Solaris */
#undef SOLARIS

2091
config.status
View File

File diff suppressed because it is too large Load Diff

114
configure vendored
View File

@ -743,6 +743,7 @@ ac_includes_default="\
# include <unistd.h>
#endif"
ac_default_prefix=/usr
ac_header_list=
ac_func_list=
ac_subst_vars='am__EXEEXT_FALSE
@ -750,6 +751,8 @@ am__EXEEXT_TRUE
LTLIBOBJS
LIBOBJS
ALLOCA
LIBXML2_INCLUDES
CORR_RULES_PREFIX
MYSQL
extra_incl
CPP
@ -4579,13 +4582,13 @@ if test "${lt_cv_nm_interface+set}" = set; then :
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
(eval echo "\"\$as_me:4582: $ac_compile\"" >&5)
(eval echo "\"\$as_me:4585: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
(eval echo "\"\$as_me:4585: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval echo "\"\$as_me:4588: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
(eval echo "\"\$as_me:4588: output\"" >&5)
(eval echo "\"\$as_me:4591: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
@ -5791,7 +5794,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
echo '#line 5794 "configure"' > conftest.$ac_ext
echo '#line 5797 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
@ -7291,10 +7294,6 @@ _lt_linker_boilerplate=`cat conftest.err`
$RM -r conftest*
## CAVEAT EMPTOR:
## There is no encapsulation within the following macros, do not change
## the running order or otherwise move them around unless you know exactly
## what you are doing...
if test -n "$compiler"; then
lt_prog_compiler_no_builtin_flag=
@ -7320,11 +7319,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7323: $lt_compile\"" >&5)
(eval echo "\"\$as_me:7322: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:7327: \$? = $ac_status" >&5
echo "$as_me:7326: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@ -7659,11 +7658,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7662: $lt_compile\"" >&5)
(eval echo "\"\$as_me:7661: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:7666: \$? = $ac_status" >&5
echo "$as_me:7665: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@ -7764,11 +7763,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7767: $lt_compile\"" >&5)
(eval echo "\"\$as_me:7766: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:7771: \$? = $ac_status" >&5
echo "$as_me:7770: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@ -7819,11 +7818,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7822: $lt_compile\"" >&5)
(eval echo "\"\$as_me:7821: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:7826: \$? = $ac_status" >&5
echo "$as_me:7825: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@ -10203,7 +10202,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
#line 10206 "configure"
#line 10205 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@ -10299,7 +10298,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
#line 10302 "configure"
#line 10301 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@ -10527,6 +10526,9 @@ CC="$lt_save_CC"
test "$prefix" = "NONE" && prefix=/usr
case "$host" in
*-openbsd2.6|*-openbsd2.5|*-openbsd2.4|*-openbsd2.3*)
@ -11426,7 +11428,51 @@ fi
fi
#AC_CHECK_LIB([mysqlclient], [mysql_query])
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for xmlReaderForFile in -lxml2" >&5
$as_echo_n "checking for xmlReaderForFile in -lxml2... " >&6; }
if test "${ac_cv_lib_xml2_xmlReaderForFile+set}" = set; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lxml2 $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char xmlReaderForFile ();
int
main ()
{
return xmlReaderForFile ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_xml2_xmlReaderForFile=yes
else
ac_cv_lib_xml2_xmlReaderForFile=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xml2_xmlReaderForFile" >&5
$as_echo "$ac_cv_lib_xml2_xmlReaderForFile" >&6; }
if test "x$ac_cv_lib_xml2_xmlReaderForFile" = x""yes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_LIBXML2 1
_ACEOF
LIBS="-lxml2 $LIBS"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_create in -lpthread" >&5
$as_echo_n "checking for pthread_create in -lpthread... " >&6; }
if test "${ac_cv_lib_pthread_pthread_create+set}" = set; then :
@ -11473,7 +11519,26 @@ _ACEOF
fi
if test "x$prefix" == x/usr; then :
CORR_RULES_PREFIX="/etc/snort/corr_rules"
else
CORR_RULES_PREFIX="${prefix}/etc/corr_rules"
fi
# Checks for header files.
if test ! -z "`pkg-config --cflags libxml-2.0 2> /dev/null`"; then :
LIBXML2_INCLUDES="$(pkg-config --cflags libxml-2.0 2> /dev/null)"
else
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "libxml2 not found, okr pkg-config not working
See \`config.log' for more details" "$LINENO" 5 ; }
fi
# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
# for constant arguments. Useless!
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working alloca.h" >&5
@ -11672,6 +11737,8 @@ if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
else
as_fn_error $? "At least one of the required headers was not found" "$LINENO" 5
fi
done
@ -12404,6 +12471,8 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
else
as_fn_error $? "At least one of the required functions was not found" "$LINENO" 5
fi
done
@ -12424,7 +12493,7 @@ $as_echo "#define PACKAGE_NAME \"sf_ai_preprocessor\"" >>confdefs.h
$as_echo "#define PACKAGE_STRING \"Snort AI preprocessor\"" >>confdefs.h
$as_echo "#define PACKAGE_TARNAME \"sf_ai_preprocessor\"" >>confdefs.h
$as_echo "#define PACKAGE_TARNAME \"snort_ai_preproc\"" >>confdefs.h
$as_echo "#define PACKAGE_VERSION \"0.1.0\"" >>confdefs.h
@ -12437,6 +12506,11 @@ $as_echo "#define SUP_IP6 /**/" >>confdefs.h
$as_echo "#define HAVE_VISIBILITY 1" >>confdefs.h
cat >>confdefs.h <<_ACEOF
#define PREFIX "${prefix}"
_ACEOF
ac_config_files="$ac_config_files Makefile"
cat >confcache <<\_ACEOF

21
configure.ac
View File

@ -9,6 +9,9 @@ AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
LT_INIT
AC_PREFIX_DEFAULT(/usr)
test "$prefix" = "NONE" && prefix=/usr
case "$host" in
*-openbsd2.6|*-openbsd2.5|*-openbsd2.4|*-openbsd2.3*)
AC_DEFINE([OPENBSD],[1],[Define if OpenBSD])
@ -114,12 +117,21 @@ AS_IF([test "x$with_mysql" != xno],
fi],
-lmysqlclient)])
#AC_CHECK_LIB([mysqlclient], [mysql_query])
AC_CHECK_LIB([xml2], [xmlReaderForFile])
AC_CHECK_LIB([pthread], [pthread_create])
AS_IF([test "x$prefix" == x/usr],
[AC_SUBST([CORR_RULES_PREFIX], ["/etc/snort/corr_rules"])],
[AC_SUBST([CORR_RULES_PREFIX], ["${prefix}/etc/corr_rules"])])
# Checks for header files.
AS_IF([test ! -z "`pkg-config --cflags libxml-2.0 2> /dev/null`"],
[AC_SUBST([LIBXML2_INCLUDES], ["$(pkg-config --cflags libxml-2.0 2> /dev/null)"])],
[AC_MSG_FAILURE([libxml2 not found, okr pkg-config not working])])
AC_FUNC_ALLOCA
AC_CHECK_HEADERS([inttypes.h limits.h stddef.h stdlib.h string.h unistd.h wchar.h])
AC_CHECK_HEADERS([inttypes.h limits.h stddef.h stdlib.h string.h unistd.h wchar.h],,AC_MSG_ERROR(At least one of the required headers was not found))
# Check for int types
AC_CHECK_TYPES([u_int8_t,u_int16_t,u_int32_t,u_int64_t,uint8_t,uint16_t,uint32_t,uint64_t])
@ -137,18 +149,19 @@ AC_CHECK_TYPES([ptrdiff_t])
AC_FUNC_MALLOC
AC_FUNC_MKTIME
AC_FUNC_REALLOC
AC_CHECK_FUNCS([memmove memset regcomp strcasecmp strdup strstr strtol strtoul])
AC_CHECK_FUNCS([memmove memset regcomp strcasecmp strdup strstr strtol strtoul],,AC_MSG_ERROR(At least one of the required functions was not found))
AC_DEFINE([VERSION], ["0.1.0"], [Module version])
AC_DEFINE([PACKAGE], ["sf_ai_preprocessor"], [Package name])
AC_DEFINE([PACKAGE_BUGREPORT], ["blacklight@autistici.org"], [Bug report address])
AC_DEFINE([PACKAGE_NAME], ["sf_ai_preprocessor"], [Package full name])
AC_DEFINE([PACKAGE_STRING], ["Snort AI preprocessor"], [Package string])
AC_DEFINE([PACKAGE_TARNAME], ["sf_ai_preprocessor"], [Package tarname])
AC_DEFINE([PACKAGE_TARNAME], ["snort_ai_preproc"], [Package tarname])
AC_DEFINE([PACKAGE_VERSION], ["0.1.0"], [Package version])
AC_DEFINE([SUP_IP6], [], [Use SUP_IP6])
AC_DEFINE([HAVE_VISIBILITY], [1], [Check if the compiler supports visibility])
AC_DEFINE_UNQUOTED([PREFIX], "${prefix}", [Installation prefix])
AC_CONFIG_FILES([Makefile])
AC_OUTPUT

8
corr_rules/1-469-4.xml Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hyperalert PUBLIC "-//blacklighth//DTD HYPERALERT SNORT MODEL//EN" "http://devio.us/~blacklight/hyperalert.dtd">
<hyperalert>
<snort-id>1.469.4</snort-id>
<post>HostExists(+DST_ADDR+)</post>
</hyperalert>

9
corr_rules/122-1-0.xml Normal file
View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hyperalert PUBLIC "-//blacklighth//DTD HYPERALERT SNORT MODEL//EN" "http://devio.us/~blacklight/hyperalert.dtd">
<hyperalert>
<snort-id>122.1.0</snort-id>
<pre>HostExists(+DST_ADDR+)</pre>
<post>HasVulnService(+DST_ADDR+, +ANY_PORT+)</post>
</hyperalert>

8
corr_rules/hyperalert.dtd Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hyperalert[
<!ELEMENT hyperalert (snort-id, pre, post)>
<!ELEMENT snort-id (#PCDATA)>
<!ELEMENT pre (#PCDATA)>
<!ELEMENT post (#PCDATA)>
]>

378
correlation.c Normal file
View File

@ -0,0 +1,378 @@
/*
* =====================================================================================
*
* Filename: correlation.c
*
* Description: Runs the correlation algorithm of the alerts
*
* Version: 0.1
* Created: 07/09/2010 22:04:27
* Revision: none
* Compiler: gcc
*
* Author: BlackLight (http://0x00.ath.cx), <blacklight@autistici.org>
* Licence: GNU GPL v.3
* Company: DO WHAT YOU WANT CAUSE A PIRATE IS FREE, YOU ARE A PIRATE!
*
* =====================================================================================
*/
#include "spp_ai.h"
#include <unistd.h>
#include <sys/stat.h>
#include <pthread.h>
#include <libxml/xmlreader.h>
/** \defgroup correlation Module for the correlation of hyperalerts
* @{ */
#ifndef LIBXML_READER_ENABLED
#error "libxml reader not enabled\n"
#endif
/** Enumeration for the types of XML tags */
enum { inHyperAlert, inSnortIdTag, inPreTag, inPostTag, TAG_NUM };
PRIVATE AI_hyperalert_info *hyperalerts = NULL;
PRIVATE AI_config *conf = NULL;
PRIVATE AI_snort_alert *alerts = NULL;
/**
* \brief Substitute the macros in hyperalert pre-conditions and post-conditions with their associated values
* \param alert Reference to the hyperalert to work on
*/
void
_AI_macro_subst ( AI_snort_alert **alert )
{
/*
* Recognized macros:
* +SRC_ADDR+, +DST_ADDR+, +SRC_PORT+, +DST_PORT+, +ANY_ADDR+, +ANY_PORT+
*/
int i;
char src_addr[INET_ADDRSTRLEN], dst_addr[INET_ADDRSTRLEN];
char src_port[10], dst_port[10];
char *tmp;
for ( i=0; i < (*alert)->hyperalert->n_preconds; i++ )
{
tmp = (*alert)->hyperalert->preconds[i];
(*alert)->hyperalert->preconds[i] = str_replace_all ( (*alert)->hyperalert->preconds[i], " ", "" );
free ( tmp );
if ( strstr ( (*alert)->hyperalert->preconds[i], "+SRC_ADDR+" ))
{
inet_ntop ( AF_INET, &((*alert)->ip_src_addr), src_addr, INET_ADDRSTRLEN );
tmp = (*alert)->hyperalert->preconds[i];
(*alert)->hyperalert->preconds[i] = str_replace ( (*alert)->hyperalert->preconds[i], "+SRC_ADDR+", src_addr );
free ( tmp );
}
if ( strstr ( (*alert)->hyperalert->preconds[i], "+DST_ADDR+" )) {
inet_ntop ( AF_INET, &((*alert)->ip_dst_addr), dst_addr, INET_ADDRSTRLEN );
tmp = (*alert)->hyperalert->preconds[i];
(*alert)->hyperalert->preconds[i] = str_replace ( (*alert)->hyperalert->preconds[i], "+DST_ADDR+", dst_addr );
free ( tmp );
}
if ( strstr ( (*alert)->hyperalert->preconds[i], "+ANY_ADDR+" )) {
tmp = (*alert)->hyperalert->preconds[i];
(*alert)->hyperalert->preconds[i] = str_replace ( (*alert)->hyperalert->preconds[i], "+ANY_ADDR+", "0.0.0.0" );
free ( tmp );
}
if ( strstr ( (*alert)->hyperalert->preconds[i], "+SRC_PORT+" )) {
snprintf ( src_port, sizeof ( src_port ), "%d", ntohs ((*alert)->tcp_src_port) );
tmp = (*alert)->hyperalert->preconds[i];
(*alert)->hyperalert->preconds[i] = str_replace ( (*alert)->hyperalert->preconds[i], "+SRC_PORT+", src_port );
free ( tmp );
}
if ( strstr ( (*alert)->hyperalert->preconds[i], "+DST_PORT+" )) {
snprintf ( dst_port, sizeof ( dst_port ), "%d", ntohs ((*alert)->tcp_dst_port) );
tmp = (*alert)->hyperalert->preconds[i];
(*alert)->hyperalert->preconds[i] = str_replace ( (*alert)->hyperalert->preconds[i], "+DST_PORT+", dst_port );
free ( tmp );
}
if ( strstr ( (*alert)->hyperalert->preconds[i], "+ANY_PORT+" )) {
tmp = (*alert)->hyperalert->preconds[i];
(*alert)->hyperalert->preconds[i] = str_replace ( (*alert)->hyperalert->preconds[i], "+ANY_PORT+", "0" );
free ( tmp );
}
}
for ( i=0; i < (*alert)->hyperalert->n_postconds; i++ )
{
tmp = (*alert)->hyperalert->postconds[i];
(*alert)->hyperalert->postconds[i] = str_replace_all ( (*alert)->hyperalert->postconds[i], " ", "" );
free ( tmp );
if ( strstr ( (*alert)->hyperalert->postconds[i], "+SRC_ADDR+" ))
{
inet_ntop ( AF_INET, &((*alert)->ip_src_addr), src_addr, INET_ADDRSTRLEN );
tmp = (*alert)->hyperalert->postconds[i];
(*alert)->hyperalert->postconds[i] = str_replace ( (*alert)->hyperalert->postconds[i], "+SRC_ADDR+", src_addr );
free ( tmp );
}
if ( strstr ( (*alert)->hyperalert->postconds[i], "+DST_ADDR+" )) {
inet_ntop ( AF_INET, &((*alert)->ip_dst_addr), dst_addr, INET_ADDRSTRLEN );
tmp = (*alert)->hyperalert->postconds[i];
(*alert)->hyperalert->postconds[i] = str_replace ( (*alert)->hyperalert->postconds[i], "+DST_ADDR+", dst_addr );
free ( tmp );
}
if ( strstr ( (*alert)->hyperalert->postconds[i], "+ANY_ADDR+" )) {
tmp = (*alert)->hyperalert->postconds[i];
(*alert)->hyperalert->postconds[i] = str_replace ( (*alert)->hyperalert->postconds[i], "+ANY_ADDR+", "0.0.0.0" );
free ( tmp );
}
if ( strstr ( (*alert)->hyperalert->postconds[i], "+SRC_PORT+" )) {
snprintf ( src_port, sizeof ( src_port ), "%d", ntohs ((*alert)->tcp_src_port) );
tmp = (*alert)->hyperalert->postconds[i];
(*alert)->hyperalert->postconds[i] = str_replace ( (*alert)->hyperalert->postconds[i], "+SRC_PORT+", src_port );
free ( tmp );
}
if ( strstr ( (*alert)->hyperalert->postconds[i], "+DST_PORT+" )) {
snprintf ( dst_port, sizeof ( dst_port ), "%d", ntohs ((*alert)->tcp_dst_port) );
tmp = (*alert)->hyperalert->postconds[i];
(*alert)->hyperalert->postconds[i] = str_replace ( (*alert)->hyperalert->postconds[i], "+DST_PORT+", dst_port );
free ( tmp );
}
if ( strstr ( (*alert)->hyperalert->postconds[i], "+ANY_PORT+" )) {
tmp = (*alert)->hyperalert->postconds[i];
(*alert)->hyperalert->postconds[i] = str_replace ( (*alert)->hyperalert->postconds[i], "+ANY_PORT+", "0" );
free ( tmp );
}
}
} /* ----- end of function _AI_macro_subst ----- */
/**
* \brief Parse info about a hyperalert from a correlation XML file, if it exists
* \param key Key (gid, sid, rev) identifying the alert
* \return A hyperalert structure containing the info about the current alert, if the XML file was found
*/
PRIVATE AI_hyperalert_info*
_AI_hyperalert_from_XML ( AI_hyperalert_key key )
{
char hyperalert_file[1024] = {0};
char snort_id[1024] = {0};
BOOL xmlFlags[TAG_NUM] = { false };
struct stat st;
xmlTextReaderPtr xml;
const xmlChar *tagname, *tagvalue;
AI_hyperalert_info *hyp;
if ( !( hyp = ( AI_hyperalert_info* ) malloc ( sizeof ( AI_hyperalert_info ))))
{
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ );
}
memset ( hyp, 0, sizeof ( AI_hyperalert_info ));
memset ( hyperalert_file, 0, sizeof ( hyperalert_file ));
hyp->key = key;
snprintf ( hyperalert_file, sizeof ( hyperalert_file ), "%s/%d-%d-%d.xml",
conf->corr_rules_dir, key.gid, key.sid, key.rev );
if ( stat ( hyperalert_file, &st ) < 0 )
return NULL;
LIBXML_TEST_VERSION
if ( !( xml = xmlReaderForFile ( hyperalert_file, NULL, 0 )))
return NULL;
while ( xmlTextReaderRead ( xml ))
{
if ( !( tagname = xmlTextReaderConstName ( xml )))
continue;
if ( xmlTextReaderNodeType ( xml ) == XML_READER_TYPE_ELEMENT )
{
if ( !strcasecmp ((const char*) tagname, "hyperalert" ))
{
if ( xmlFlags[inHyperAlert] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': the hyperalert tag was opened twice\n", hyperalert_file );
else
xmlFlags[inHyperAlert] = true;
} else if ( !strcasecmp ((const char*) tagname, "snort-id" )) {
if ( xmlFlags[inSnortIdTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'snort-id' tag open inside of another 'snort-id' tag\n", hyperalert_file );
else if ( !xmlFlags[inHyperAlert] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'snort-id' tag open outside of 'hyperalert' tag\n", hyperalert_file );
else
xmlFlags[inSnortIdTag] = true;
} else if ( !strcasecmp ((const char*) tagname, "pre" )) {
if ( xmlFlags[inPreTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'pre' tag open inside of another 'pre' tag\n", hyperalert_file );
else if ( !xmlFlags[inHyperAlert] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'pre' tag open outside of 'hyperalert' tag\n", hyperalert_file );
else
xmlFlags[inPreTag] = true;
} else if ( !strcasecmp ((const char*) tagname, "post" )) {
if ( xmlFlags[inPostTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'post' tag open inside of another 'post' tag\n", hyperalert_file );
else if ( !xmlFlags[inHyperAlert] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'post' tag open outside of 'hyperalert' tag\n", hyperalert_file );
else
xmlFlags[inPostTag] = true;
} else {
_dpd.fatalMsg ( "AIPreproc: Unrecognized tag '%s' in XML file '%s'\n", tagname, hyperalert_file );
}
} else if ( xmlTextReaderNodeType ( xml ) == XML_READER_TYPE_END_ELEMENT ) {
if ( !strcasecmp ((const char*) tagname, "hyperalert" ))
{
if ( !xmlFlags[inHyperAlert] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': hyperalert tag closed but never opend\n", hyperalert_file );
else
xmlFlags[inHyperAlert] = false;
} else if ( !strcasecmp ((const char*) tagname, "snort-id" )) {
if ( !xmlFlags[inSnortIdTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': snort-id tag closed but never opend\n", hyperalert_file );
else
xmlFlags[inSnortIdTag] = false;
} else if ( !strcasecmp ((const char*) tagname, "pre" )) {
if ( !xmlFlags[inPreTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': pre tag closed but never opend\n", hyperalert_file );
else
xmlFlags[inPreTag] = false;
} else if ( !strcasecmp ((const char*) tagname, "post" )) {
if ( !xmlFlags[inPostTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': post tag closed but never opend\n", hyperalert_file );
else
xmlFlags[inPostTag] = false;
} else {
_dpd.fatalMsg ( "AIPreproc: Unrecognized tag '%s' in XML file '%s'\n", tagname, hyperalert_file );
}
} else if ( xmlTextReaderNodeType ( xml ) == XML_READER_TYPE_TEXT ) {
if ( !( tagvalue = xmlTextReaderConstValue ( xml )))
continue;
if ( xmlFlags[inSnortIdTag] )
{
snprintf ( snort_id, sizeof ( snort_id ), "%d.%d.%d",
key.gid, key.sid, key.rev );
if ( strcmp ( snort_id, (const char*) tagvalue ))
{
_dpd.errMsg ( "AIPreproc: Found the file associated to hyperalert: '%s', "
"but the 'snort-id' field in there has a different value\n",
hyperalert_file );
return NULL;
}
} else if ( xmlFlags[inPreTag] ) {
if ( !( hyp->preconds = (char**) realloc ( hyp->preconds, (++hyp->n_preconds)*sizeof(char*) )))
_dpd.fatalMsg ( "AIPreproc: Fatal allocation memory error at %s:%d\n",
__FILE__, __LINE__ );
hyp->preconds[hyp->n_preconds-1] = strdup ((const char*) tagvalue );
} else if ( xmlFlags[inPostTag] ) {
if ( !( hyp->postconds = (char**) realloc ( hyp->postconds, (++hyp->n_postconds)*sizeof(char*) )))
_dpd.fatalMsg ( "AIPreproc: Fatal allocation memory error at %s:%d\n",
__FILE__, __LINE__ );
hyp->postconds[hyp->n_postconds-1] = strdup ((const char*) tagvalue );
}
}
}
xmlFreeTextReader ( xml );
xmlCleanupParser();
return hyp;
} /* ----- end of function _AI_hyperalert_from_XML ----- */
/**
* \brief Thread for correlating clustered alerts
* \param arg Void pointer to module's configuration
*/
void*
AI_alert_correlation_thread ( void *arg )
{
int i;
struct stat st;
AI_hyperalert_key key;
AI_hyperalert_info *hyp = NULL;
AI_snort_alert *tmp = NULL;
FILE *fp;
conf = (AI_config*) arg;
while ( 1 )
{
sleep ( conf->correlationGraphInterval );
if ( stat ( conf->corr_rules_dir, &st ) < 0 )
{
_dpd.errMsg ( "AIPreproc: Correlation rules directory '%s' not found, the correlation thread won't be active\n",
conf->corr_rules_dir );
pthread_exit (( void* ) 0 );
return ( void* ) 0;
}
if ( !( alerts = AI_get_clustered_alerts() ))
continue;
for ( tmp = alerts; tmp; tmp = tmp->next )
{
/* Check if my hash table of hyperalerts already contains info about this alert */
key.gid = tmp->gid;
key.sid = tmp->sid;
key.rev = tmp->rev;
HASH_FIND ( hh, hyperalerts, &key, sizeof ( AI_hyperalert_key ), hyp );
/* If not, try to read info from the XML file, if it exists */
if ( !hyp )
{
/* If there is no hyperalert knowledge on XML for this alert, ignore it and get the next one */
if ( !( hyp = _AI_hyperalert_from_XML ( key )))
continue;
/* If the XML file exists and it's valid, add the hypertalert to the hash table */
HASH_ADD ( hh, hyperalerts, key, sizeof ( AI_hyperalert_key ), hyp );
}
/* Fill the hyper alert info for the current alert */
if ( !( tmp->hyperalert = ( AI_hyperalert_info* ) malloc ( sizeof ( AI_hyperalert_info ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ );
tmp->hyperalert->key = hyp->key;
tmp->hyperalert->n_preconds = hyp->n_preconds;
tmp->hyperalert->n_postconds = hyp->n_postconds;
if ( !( tmp->hyperalert->preconds = ( char** ) malloc ( tmp->hyperalert->n_preconds * sizeof ( char* ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ );
for ( i=0; i < tmp->hyperalert->n_preconds; i++ )
tmp->hyperalert->preconds[i] = strdup ( hyp->preconds[i] );
if ( !( tmp->hyperalert->postconds = ( char** ) malloc ( tmp->hyperalert->n_postconds * sizeof ( char* ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ );
for ( i=0; i < tmp->hyperalert->n_postconds; i++ )
tmp->hyperalert->postconds[i] = strdup ( hyp->postconds[i] );
_AI_macro_subst ( &tmp );
fp = fopen ( "/home/blacklight/LOG", "a" );
fprintf ( fp, "pre: %s\n", (tmp->hyperalert->n_preconds > 0) ? tmp->hyperalert->preconds[0] : "()" );
fprintf ( fp, "post: %s\n", (tmp->hyperalert->n_postconds > 0) ? tmp->hyperalert->postconds[0] : "()" );
fclose ( fp );
}
AI_free_alerts ( alerts );
}
pthread_exit (( void* ) 0 );
return (void*) 0;
} /* ----- end of function AI_alert_correlation_thread ----- */
/** @} */

2
db.c
View File

@ -17,9 +17,9 @@
* =====================================================================================
*/
#include "spp_ai.h"
#ifdef ENABLE_DB
#include "spp_ai.h"
#include "db.h"
#include <unistd.h>

2
doc/html/alert__parser_8c.html
View File

@ -118,7 +118,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

4
doc/html/annotated.html
View File

@ -57,6 +57,8 @@ Here are the data structures with brief descriptions:<table>
<tr><td class="indexkey"><a class="el" href="structAI__config.html">AI_config</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structattribute__key.html">attribute_key</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structattribute__value.html">attribute_value</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structhyperalert.html">hyperalert</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structhyperalert__key.html">hyperalert_key</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structpkt__info.html">pkt_info</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="structpkt__key.html">pkt_key</a></td><td class="indexvalue"></td></tr>
</table>
@ -75,7 +77,7 @@ Here are the data structures with brief descriptions:<table>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

11
doc/html/classes.html
View File

@ -51,12 +51,13 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h1>Data Structure Index</h1> </div>
</div>
<div class="contents">
<div class="qindex"><a class="qindex" href="#letter_A">A</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
<div class="qindex"><a class="qindex" href="#letter_A">A</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_H">H</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
<table align="center" width="95%" border="0" cellspacing="0" cellpadding="0">
<tr><td><a name="letter_A"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;A&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="structattribute__key.html">attribute_key</a>&nbsp;&nbsp;&nbsp;</td><td><a name="letter_P"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;P&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a>&nbsp;&nbsp;&nbsp;</td></tr><tr><td><a class="el" href="structAI__config.html">AI_config</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structattribute__value.html">attribute_value</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structpkt__info.html">pkt_info</a>&nbsp;&nbsp;&nbsp;</td><td><a name="letter__"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;_&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a>&nbsp;&nbsp;&nbsp;</td></tr></table><div class="qindex"><a class="qindex" href="#letter_A">A</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
</td><td><a class="el" href="structattribute__value.html">attribute_value</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structhyperalert__key.html">hyperalert_key</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a>&nbsp;&nbsp;&nbsp;</td></tr><tr><td><a class="el" href="structAI__config.html">AI_config</a>&nbsp;&nbsp;&nbsp;</td><td><a name="letter_H"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;H&nbsp;&nbsp;</div></td></tr></table>
</td><td><a name="letter_P"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;P&nbsp;&nbsp;</div></td></tr></table>
</td><td><a name="letter__"></a><table border="0" cellspacing="0" cellpadding="0"><tr><td><div class="ah">&nbsp;&nbsp;_&nbsp;&nbsp;</div></td></tr></table>
</td><td><a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a>&nbsp;&nbsp;&nbsp;</td></tr><tr><td><a class="el" href="structattribute__key.html">attribute_key</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structhyperalert.html">hyperalert</a>&nbsp;&nbsp;&nbsp;</td><td><a class="el" href="structpkt__info.html">pkt_info</a>&nbsp;&nbsp;&nbsp;</td></tr></table><div class="qindex"><a class="qindex" href="#letter_A">A</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_H">H</a>&nbsp;|&nbsp;<a class="qindex" href="#letter_P">P</a>&nbsp;|&nbsp;<a class="qindex" href="#letter__">_</a></div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
@ -72,7 +73,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

8
doc/html/cluster_8c.html
View File

@ -84,8 +84,12 @@ Functions</h2></td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for periodically clustering the log information. <a href="group__cluster.html#ga8a5eae61dc9fd0f13e0acdfa5f4478e2"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a">_AI_check_duplicate</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *node, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. <a href="group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *conf, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **nodes, int n_nodes)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *<a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">conf</a>, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **nodes, int n_nodes)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#gab4c8ab92691e85a6f0ac4abb122712fd">_AI_copy_clustered_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return a copy of the clustered alerts. <a href="group__cluster.html#gab4c8ab92691e85a6f0ac4abb122712fd"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4">AI_get_clustered_alerts</a> ()</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82">h_root</a> [CLUSTER_TYPES] = { NULL }</td></tr>
@ -107,7 +111,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

109
doc/html/correlation_8c.html Normal file
View File

@ -0,0 +1,109 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: correlation.c File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File&nbsp;List</span></a></li>
<li><a href="globals.html"><span>Globals</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#nested-classes">Data Structures</a> &#124;
<a href="#enum-members">Enumerations</a> &#124;
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>correlation.c File Reference</h1> </div>
</div>
<div class="contents">
<code>#include &quot;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&quot;</code><br/>
<code>#include &lt;unistd.h&gt;</code><br/>
<code>#include &lt;sys/stat.h&gt;</code><br/>
<code>#include &lt;pthread.h&gt;</code><br/>
<code>#include &lt;libxml/xmlreader.h&gt;</code><br/>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="nested-classes"></a>
Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert__key.html">hyperalert_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert.html">hyperalert</a></td></tr>
<tr><td colspan="2"><h2><a name="enum-members"></a>
Enumerations</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">enum &nbsp;</td><td class="memItemRight" valign="bottom">{ <br/>
&nbsp;&nbsp;<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8">inHyperAlert</a>,
<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d">inSnortIdTag</a>,
<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f">inPreTag</a>,
<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f">inPostTag</a>,
<br/>
&nbsp;&nbsp;<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67">TAG_NUM</a>
<br/>
}</td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850">_AI_hyperalert_from_XML</a> (<a class="el" href="structhyperalert__key.html">hyperalert_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Parse info about a hyperalert from a correlation XML file, if it exists. <a href="group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be">AI_alert_correlation_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for correlating clustered alerts. <a href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6">hyperalerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">conf</a> = NULL</td></tr>
</table>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

3
doc/html/db_8c.html
View File

@ -50,6 +50,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h1>db.c File Reference</h1> </div>
</div>
<div class="contents">
<code>#include &quot;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&quot;</code><br/>
<table class="memberdecls">
</table>
</div>
@ -67,7 +68,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/db_8h.html
View File

@ -69,7 +69,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/db_8h_source.html
View File

@ -111,7 +111,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

4
doc/html/files.html
View File

@ -53,7 +53,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
Here is a list of all files with brief descriptions:<table>
<tr><td class="indexkey"><a class="el" href="alert__parser_8c.html">alert_parser.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="cluster_8c.html">cluster.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="config_8h.html">config.h</a> <a href="config_8h_source.html">[code]</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="correlation_8c.html">correlation.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="db_8c.html">db.c</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="db_8h.html">db.h</a> <a href="db_8h_source.html">[code]</a></td><td class="indexvalue"></td></tr>
<tr><td class="indexkey"><a class="el" href="mysql_8c.html">mysql.c</a></td><td class="indexvalue"></td></tr>
@ -78,7 +78,7 @@ Here is a list of all files with brief descriptions:<table>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

37
doc/html/functions.html
View File

@ -94,6 +94,12 @@ Here is a list of all struct and union fields with links to the structures/union
<li>clusterfile
: <a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">AI_config</a>
</li>
<li>corr_rules_dir
: <a class="el" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">AI_config</a>
</li>
<li>correlationGraphInterval
: <a class="el" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">AI_config</a>
</li>
<li>count
: <a class="el" href="structattribute__value.html#a5579c0304c2e9ab488ac94905b385045">attribute_value</a>
</li>
@ -127,7 +133,8 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_g"></a>- g -</h3><ul>
<li>gid
: <a class="el" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">_AI_snort_alert</a>
: <a class="el" href="structhyperalert__key.html#aac0e30a21653be11b357e3030aafd7e4">hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">_AI_snort_alert</a>
</li>
<li>grouped_alarms_count
: <a class="el" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">_AI_snort_alert</a>
@ -143,7 +150,8 @@ Here is a list of all struct and union fields with links to the structures/union
: <a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">AI_config</a>
</li>
<li>hh
: <a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">attribute_value</a>
: <a class="el" href="structhyperalert.html#aa2993f19f3cc95627cfdaf4f47f78b04">hyperalert</a>
, <a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">attribute_value</a>
, <a class="el" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">pkt_info</a>
</li>
</ul>
@ -178,6 +186,7 @@ Here is a list of all struct and union fields with links to the structures/union
<li>key
: <a class="el" href="structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d">attribute_value</a>
, <a class="el" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">pkt_info</a>
, <a class="el" href="structhyperalert.html#a592c41f4772230c065ce352ec6c6cf0d">hyperalert</a>
</li>
</ul>
@ -206,12 +215,18 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_n"></a>- n -</h3><ul>
<li>n_postconds
: <a class="el" href="structhyperalert.html#a16c46535e62397b5ef394b014943f58a">hyperalert</a>
</li>
<li>n_preconds
: <a class="el" href="structhyperalert.html#a84181558bdbb98e49087d4ce7353bf70">hyperalert</a>
</li>
<li>nchildren
: <a class="el" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">_hierarchy_node</a>
</li>
<li>next
: <a class="el" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">_AI_snort_alert</a>
, <a class="el" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">pkt_info</a>
: <a class="el" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">pkt_info</a>
, <a class="el" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">_AI_snort_alert</a>
</li>
</ul>
@ -230,6 +245,12 @@ Here is a list of all struct and union fields with links to the structures/union
<li>pkt
: <a class="el" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt_info</a>
</li>
<li>postconds
: <a class="el" href="structhyperalert.html#a69e0ed6e53e6fe23d3de2ec1f5d13863">hyperalert</a>
</li>
<li>preconds
: <a class="el" href="structhyperalert.html#afa2862b9a574be52e5dc4a4cc0178d66">hyperalert</a>
</li>
<li>priority
: <a class="el" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">_AI_snort_alert</a>
</li>
@ -238,14 +259,16 @@ Here is a list of all struct and union fields with links to the structures/union
<h3><a class="anchor" id="index_r"></a>- r -</h3><ul>
<li>rev
: <a class="el" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">_AI_snort_alert</a>
: <a class="el" href="structhyperalert__key.html#a7e4a23f87bb69765c5afdb2e602aff87">hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_s"></a>- s -</h3><ul>
<li>sid
: <a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">_AI_snort_alert</a>
: <a class="el" href="structhyperalert__key.html#ab3cb68a4bf46fab57f0dd0be007a91bc">hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">_AI_snort_alert</a>
</li>
<li>src_ip
: <a class="el" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">pkt_key</a>
@ -305,7 +328,7 @@ Here is a list of all struct and union fields with links to the structures/union
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

37
doc/html/functions_vars.html
View File

@ -94,6 +94,12 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>clusterfile
: <a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">AI_config</a>
</li>
<li>corr_rules_dir
: <a class="el" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">AI_config</a>
</li>
<li>correlationGraphInterval
: <a class="el" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">AI_config</a>
</li>
<li>count
: <a class="el" href="structattribute__value.html#a5579c0304c2e9ab488ac94905b385045">attribute_value</a>
</li>
@ -127,7 +133,8 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_g"></a>- g -</h3><ul>
<li>gid
: <a class="el" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">_AI_snort_alert</a>
: <a class="el" href="structhyperalert__key.html#aac0e30a21653be11b357e3030aafd7e4">hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">_AI_snort_alert</a>
</li>
<li>grouped_alarms_count
: <a class="el" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">_AI_snort_alert</a>
@ -143,7 +150,8 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
: <a class="el" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">AI_config</a>
</li>
<li>hh
: <a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">attribute_value</a>
: <a class="el" href="structhyperalert.html#aa2993f19f3cc95627cfdaf4f47f78b04">hyperalert</a>
, <a class="el" href="structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc">attribute_value</a>
, <a class="el" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">pkt_info</a>
</li>
</ul>
@ -178,6 +186,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>key
: <a class="el" href="structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d">attribute_value</a>
, <a class="el" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">pkt_info</a>
, <a class="el" href="structhyperalert.html#a592c41f4772230c065ce352ec6c6cf0d">hyperalert</a>
</li>
</ul>
@ -206,12 +215,18 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_n"></a>- n -</h3><ul>
<li>n_postconds
: <a class="el" href="structhyperalert.html#a16c46535e62397b5ef394b014943f58a">hyperalert</a>
</li>
<li>n_preconds
: <a class="el" href="structhyperalert.html#a84181558bdbb98e49087d4ce7353bf70">hyperalert</a>
</li>
<li>nchildren
: <a class="el" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">_hierarchy_node</a>
</li>
<li>next
: <a class="el" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">_AI_snort_alert</a>
, <a class="el" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">pkt_info</a>
: <a class="el" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">pkt_info</a>
, <a class="el" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">_AI_snort_alert</a>
</li>
</ul>
@ -230,6 +245,12 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>pkt
: <a class="el" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt_info</a>
</li>
<li>postconds
: <a class="el" href="structhyperalert.html#a69e0ed6e53e6fe23d3de2ec1f5d13863">hyperalert</a>
</li>
<li>preconds
: <a class="el" href="structhyperalert.html#afa2862b9a574be52e5dc4a4cc0178d66">hyperalert</a>
</li>
<li>priority
: <a class="el" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">_AI_snort_alert</a>
</li>
@ -238,14 +259,16 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_r"></a>- r -</h3><ul>
<li>rev
: <a class="el" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">_AI_snort_alert</a>
: <a class="el" href="structhyperalert__key.html#a7e4a23f87bb69765c5afdb2e602aff87">hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">_AI_snort_alert</a>
</li>
</ul>
<h3><a class="anchor" id="index_s"></a>- s -</h3><ul>
<li>sid
: <a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">_AI_snort_alert</a>
: <a class="el" href="structhyperalert__key.html#ab3cb68a4bf46fab57f0dd0be007a91bc">hyperalert_key</a>
, <a class="el" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">_AI_snort_alert</a>
</li>
<li>src_ip
: <a class="el" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">pkt_key</a>
@ -305,7 +328,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

244
doc/html/globals.html
View File

@ -66,14 +66,13 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li><a href="#index_f"><span>f</span></a></li>
<li><a href="#index_g"><span>g</span></a></li>
<li><a href="#index_h"><span>h</span></a></li>
<li><a href="#index_l"><span>l</span></a></li>
<li><a href="#index_i"><span>i</span></a></li>
<li><a href="#index_m"><span>m</span></a></li>
<li><a href="#index_n"><span>n</span></a></li>
<li><a href="#index_p"><span>p</span></a></li>
<li><a href="#index_s"><span>s</span></a></li>
<li><a href="#index_t"><span>t</span></a></li>
<li><a href="#index_u"><span>u</span></a></li>
<li><a href="#index_v"><span>v</span></a></li>
</ul>
</div>
</div>
@ -90,12 +89,18 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>_AI_copy_alerts()
: <a class="el" href="group__alert__parser.html#ga6c5014cae9155379fdc4db649b2c862d">alert_parser.c</a>
</li>
<li>_AI_copy_clustered_alerts()
: <a class="el" href="group__cluster.html#gab4c8ab92691e85a6f0ac4abb122712fd">cluster.c</a>
</li>
<li>_AI_equal_alarms()
: <a class="el" href="group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba">cluster.c</a>
</li>
<li>_AI_get_min_hierarchy_node()
: <a class="el" href="group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079">cluster.c</a>
</li>
<li>_AI_hyperalert_from_XML()
: <a class="el" href="group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850">correlation.c</a>
</li>
<li>_AI_merge_alerts()
: <a class="el" href="group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd">cluster.c</a>
</li>
@ -124,29 +129,37 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>AI_alert_correlation_thread()
: <a class="el" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be">correlation.c</a>
, <a class="el" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be">spp_ai.h</a>
</li>
<li>AI_file_alertparser_thread()
: <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">alert_parser.c</a>
, <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">spp_ai.h</a>
: <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">spp_ai.h</a>
, <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">alert_parser.c</a>
</li>
<li>AI_free_alerts()
: <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">spp_ai.h</a>
, <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">alert_parser.c</a>
: <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">alert_parser.c</a>
, <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">spp_ai.h</a>
</li>
<li>AI_get_alerts()
: <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">alert_parser.c</a>
, <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">spp_ai.h</a>
: <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">spp_ai.h</a>
, <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">alert_parser.c</a>
</li>
<li>AI_get_clustered_alerts()
: <a class="el" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4">cluster.c</a>
, <a class="el" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4">spp_ai.h</a>
</li>
<li>AI_get_stream_by_key()
: <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">stream.c</a>
, <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">spp_ai.h</a>
: <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">spp_ai.h</a>
, <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">stream.c</a>
</li>
<li>AI_hashcleanup_thread()
: <a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">spp_ai.h</a>
, <a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">stream.c</a>
</li>
<li>AI_hierarchies_build()
: <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">cluster.c</a>
, <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">spp_ai.h</a>
: <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">spp_ai.h</a>
, <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">cluster.c</a>
</li>
<li>AI_init()
: <a class="el" href="group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242">spp_ai.c</a>
@ -204,6 +217,9 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>CLUSTER_TYPES
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">spp_ai.h</a>
</li>
<li>conf
: <a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">correlation.c</a>
</li>
</ul>
@ -211,12 +227,18 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>DEFAULT_ALERT_CLUSTERING_INTERVAL
: <a class="el" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">spp_ai.h</a>
</li>
<li>DEFAULT_ALERT_CORRELATION_INTERVAL
: <a class="el" href="spp__ai_8h.html#af0edda6cc018d9674b6822f6df4abe74">spp_ai.h</a>
</li>
<li>DEFAULT_ALERT_LOG_FILE
: <a class="el" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">spp_ai.h</a>
</li>
<li>DEFAULT_CLUSTER_LOG_FILE
: <a class="el" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">spp_ai.h</a>
</li>
<li>DEFAULT_CORR_RULES_DIR
: <a class="el" href="spp__ai_8h.html#a89448386cad5d5533992ae7ee84f4f1d">spp_ai.h</a>
</li>
<li>DEFAULT_DATABASE_INTERVAL
: <a class="el" href="spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310">spp_ai.h</a>
</li>
@ -269,150 +291,27 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>hash_mutex
: <a class="el" href="stream_8c.html#a4e01edd07102e71480b323db2b8f57c8">stream.c</a>
</li>
<li>HAVE__BOOL
: <a class="el" href="config_8h.html#a862ffdbac7ac8323712310a418b7d9a3">config.h</a>
</li>
<li>HAVE_ALARM
: <a class="el" href="config_8h.html#a777e1baef81548a6bd84c0da28443435">config.h</a>
</li>
<li>HAVE_ALLOCA
: <a class="el" href="config_8h.html#aaf5250164f8a3c52b7820317aee7d9ce">config.h</a>
</li>
<li>HAVE_ALLOCA_H
: <a class="el" href="config_8h.html#a277c3d138498b9267fe43589b6b7d91e">config.h</a>
</li>
<li>HAVE_DLFCN_H
: <a class="el" href="config_8h.html#a0ee1617ff2f6885ef384a3dd46f9b9d7">config.h</a>
</li>
<li>HAVE_INT16_T
: <a class="el" href="config_8h.html#a5794b2513fe3e4fb751b3bdf78959491">config.h</a>
</li>
<li>HAVE_INT32_T
: <a class="el" href="config_8h.html#a1823dcbe683c8eaa908e5b34dac836dc">config.h</a>
</li>
<li>HAVE_INT64_T
: <a class="el" href="config_8h.html#a6795893687257a3c233fdbb7be5312af">config.h</a>
</li>
<li>HAVE_INT8_T
: <a class="el" href="config_8h.html#ac61ffbb3a0b80edd118298b2045be170">config.h</a>
</li>
<li>HAVE_INTTYPES_H
: <a class="el" href="config_8h.html#ab90a030ff2790ebdc176660a6dd2a478">config.h</a>
</li>
<li>HAVE_LIBPTHREAD
: <a class="el" href="config_8h.html#a1e55aaa6b69400645b6b23359e860751">config.h</a>
</li>
<li>HAVE_LIMITS_H
: <a class="el" href="config_8h.html#ac70f0930238c8d095d7cc2ee8b522c77">config.h</a>
</li>
<li>HAVE_MALLOC
: <a class="el" href="config_8h.html#a14503280ca0cb757db915eea09282bfc">config.h</a>
</li>
<li>HAVE_MEMMOVE
: <a class="el" href="config_8h.html#a7b300f836d3d79d0d9b0039a6b842ded">config.h</a>
</li>
<li>HAVE_MEMORY_H
: <a class="el" href="config_8h.html#ae93a78f9d076138897af441c9f86f285">config.h</a>
</li>
<li>HAVE_MEMSET
: <a class="el" href="config_8h.html#a3df52e9809253860c385be6f3a160607">config.h</a>
</li>
<li>HAVE_PTRDIFF_T
: <a class="el" href="config_8h.html#a4e62300203d0b0f776e7f2d56f63000e">config.h</a>
</li>
<li>HAVE_REALLOC
: <a class="el" href="config_8h.html#a0302094a0ee567c610a36c63104ebda5">config.h</a>
</li>
<li>HAVE_REGCOMP
: <a class="el" href="config_8h.html#a4524e47c3ee7837bfe9b2d11c9e0087f">config.h</a>
</li>
<li>HAVE_STDBOOL_H
: <a class="el" href="config_8h.html#a8c3fa1b2f1be8c6f6929548c548cf50a">config.h</a>
</li>
<li>HAVE_STDDEF_H
: <a class="el" href="config_8h.html#a0e6b9a04ae66b7846715e51a0a2dccff">config.h</a>
</li>
<li>HAVE_STDINT_H
: <a class="el" href="config_8h.html#ab6cd6d1c63c1e26ea2d4537b77148354">config.h</a>
</li>
<li>HAVE_STDLIB_H
: <a class="el" href="config_8h.html#a9e0e434ec1a6ddbd97db12b5a32905e0">config.h</a>
</li>
<li>HAVE_STRCASECMP
: <a class="el" href="config_8h.html#a1569275063253ce85180e755a82e536d">config.h</a>
</li>
<li>HAVE_STRDUP
: <a class="el" href="config_8h.html#a41b838eb3b86a0ebbd0981e92a759c0f">config.h</a>
</li>
<li>HAVE_STRING_H
: <a class="el" href="config_8h.html#ad4c234dd1625255dc626a15886306e7d">config.h</a>
</li>
<li>HAVE_STRINGS_H
: <a class="el" href="config_8h.html#a405d10d46190bcb0320524c54eafc850">config.h</a>
</li>
<li>HAVE_STRSTR
: <a class="el" href="config_8h.html#a348655482f599e61eeead7304ad0d52d">config.h</a>
</li>
<li>HAVE_STRTOL
: <a class="el" href="config_8h.html#adca0e8e7c3827189abcd6ceae6f60c32">config.h</a>
</li>
<li>HAVE_STRTOUL
: <a class="el" href="config_8h.html#a0f08977476bc5b181092cf8b3ddaf368">config.h</a>
</li>
<li>HAVE_SYS_STAT_H
: <a class="el" href="config_8h.html#ace156430ba007d19b4348a950d0c692b">config.h</a>
</li>
<li>HAVE_SYS_TIME_H
: <a class="el" href="config_8h.html#a2aae46056558e9d6fef6380f9678ffe3">config.h</a>
</li>
<li>HAVE_SYS_TYPES_H
: <a class="el" href="config_8h.html#a69dc70bea5d1f8bd2be9740e974fa666">config.h</a>
</li>
<li>HAVE_U_INT16_T
: <a class="el" href="config_8h.html#a0869d466ddab46e5420ae22728f6b6eb">config.h</a>
</li>
<li>HAVE_U_INT32_T
: <a class="el" href="config_8h.html#a7d0770a801b850407689c3f008b5a9f2">config.h</a>
</li>
<li>HAVE_U_INT64_T
: <a class="el" href="config_8h.html#a0690b52f145f45ddac92d2b6d2603abf">config.h</a>
</li>
<li>HAVE_U_INT8_T
: <a class="el" href="config_8h.html#a5c801f5197bad37d7b7aa6823672d32c">config.h</a>
</li>
<li>HAVE_UINT16_T
: <a class="el" href="config_8h.html#a7b9e7aa8721dfe7262b8ec7d47bb05c6">config.h</a>
</li>
<li>HAVE_UINT32_T
: <a class="el" href="config_8h.html#a2820937e1b8eb3be7f75f725a56fe2e0">config.h</a>
</li>
<li>HAVE_UINT64_T
: <a class="el" href="config_8h.html#a7182a632cd1d349a7300635865886059">config.h</a>
</li>
<li>HAVE_UINT8_T
: <a class="el" href="config_8h.html#af61ed9e29a43fc0ea89ed607e5364965">config.h</a>
</li>
<li>HAVE_UNISTD_H
: <a class="el" href="config_8h.html#a219b06937831d0da94d801ab13987639">config.h</a>
</li>
<li>HAVE_VISIBILITY
: <a class="el" href="config_8h.html#a9c06915a067793441b23b2961cf6a722">config.h</a>
</li>
<li>HAVE_WCHAR_H
: <a class="el" href="config_8h.html#a711b6ab6efcaffc5b8f2d274e6a483ff">config.h</a>
</li>
<li>hierarchy_node
: <a class="el" href="spp__ai_8h.html#a466391129919ef12366d311d501552fa">spp_ai.h</a>
</li>
<li>hyperalerts
: <a class="el" href="group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6">correlation.c</a>
</li>
</ul>
<h3><a class="anchor" id="index_l"></a>- l -</h3><ul>
<li>LINUX
: <a class="el" href="config_8h.html#a157a956e14c5c44b3f73ef23a4776f64">config.h</a>
<h3><a class="anchor" id="index_i"></a>- i -</h3><ul>
<li>inHyperAlert
: <a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8">correlation.c</a>
</li>
<li>LT_OBJDIR
: <a class="el" href="config_8h.html#ac2d5925d76379847dd9fc4747b061659">config.h</a>
<li>inPostTag
: <a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f">correlation.c</a>
</li>
<li>inPreTag
: <a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f">correlation.c</a>
</li>
<li>inSnortIdTag
: <a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d">correlation.c</a>
</li>
</ul>
@ -435,33 +334,9 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<h3><a class="anchor" id="index_p"></a>- p -</h3><ul>
<li>PACKAGE
: <a class="el" href="config_8h.html#aca8570fb706c81df371b7f9bc454ae03">config.h</a>
</li>
<li>PACKAGE_BUGREPORT
: <a class="el" href="config_8h.html#a1d1d2d7f8d2f95b376954d649ab03233">config.h</a>
</li>
<li>PACKAGE_NAME
: <a class="el" href="config_8h.html#a1c0439e4355794c09b64274849eb0279">config.h</a>
</li>
<li>PACKAGE_STRING
: <a class="el" href="config_8h.html#ac73e6f903c16eca7710f92e36e1c6fbf">config.h</a>
</li>
<li>PACKAGE_TARNAME
: <a class="el" href="config_8h.html#af415af6bfede0e8d5453708afe68651c">config.h</a>
</li>
<li>PACKAGE_URL
: <a class="el" href="config_8h.html#a5c93853116d5a50307b6744f147840aa">config.h</a>
</li>
<li>PACKAGE_VERSION
: <a class="el" href="config_8h.html#aa326a05d5e30f9e9a4bb0b4469d5d0c0">config.h</a>
</li>
<li>PCAP_TIMEOUT_IGNORED
: <a class="el" href="config_8h.html#acd8fb346fb286b091cbcc99e3eb76039">config.h</a>
</li>
<li>preg_match()
: <a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">spp_ai.h</a>
, <a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">regex.c</a>
: <a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">regex.c</a>
, <a class="el" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791">spp_ai.h</a>
</li>
<li>PREPROC_NAME
: <a class="el" href="sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af">sf_preproc_info.h</a>
@ -482,18 +357,12 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
<li>start_time
: <a class="el" href="stream_8c.html#a0597864b078ff448f28432db86950309">stream.c</a>
</li>
<li>STDC_HEADERS
: <a class="el" href="config_8h.html#a550e5c272cc3cf3814651721167dcd23">config.h</a>
</li>
<li>SUP_IP6
: <a class="el" href="config_8h.html#a2b4574dbb2776d26768967604bb26f1b">config.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_t"></a>- t -</h3><ul>
<li>TIME_WITH_SYS_TIME
: <a class="el" href="config_8h.html#a2b44ef64cf38e064ef11e11f35271380">config.h</a>
<li>TAG_NUM
: <a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67">correlation.c</a>
</li>
<li>true
: <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">spp_ai.h</a>
@ -512,13 +381,6 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
: <a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">spp_ai.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_v"></a>- v -</h3><ul>
<li>VERSION
: <a class="el" href="config_8h.html#a1c6d5de492ac61ad29aec7aa9a436bbf">config.h</a>
</li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
@ -534,7 +396,7 @@ Here is a list of all functions, variables, defines, enums, and typedefs with li
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

231
doc/html/globals_defs.html
View File

@ -55,40 +55,27 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li class="current"><a href="globals_defs.html"><span>Defines</span></a></li>
</ul>
</div>
<div class="tabs3">
<ul class="tablist">
<li><a href="#index_b"><span>b</span></a></li>
<li><a href="#index_d"><span>d</span></a></li>
<li><a href="#index_h"><span>h</span></a></li>
<li><a href="#index_l"><span>l</span></a></li>
<li><a href="#index_m"><span>m</span></a></li>
<li><a href="#index_p"><span>p</span></a></li>
<li><a href="#index_s"><span>s</span></a></li>
<li><a href="#index_t"><span>t</span></a></li>
<li><a href="#index_v"><span>v</span></a></li>
</ul>
</div>
</div>
<div class="contents">
&nbsp;
<h3><a class="anchor" id="index_b"></a>- b -</h3><ul>
&nbsp;<ul>
<li>BUILD_VERSION
: <a class="el" href="sf__preproc__info_8h.html#ad7a967dd260384e94010b31b1412a0b4">sf_preproc_info.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_d"></a>- d -</h3><ul>
<li>DEFAULT_ALERT_CLUSTERING_INTERVAL
: <a class="el" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">spp_ai.h</a>
</li>
<li>DEFAULT_ALERT_CORRELATION_INTERVAL
: <a class="el" href="spp__ai_8h.html#af0edda6cc018d9674b6822f6df4abe74">spp_ai.h</a>
</li>
<li>DEFAULT_ALERT_LOG_FILE
: <a class="el" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">spp_ai.h</a>
</li>
<li>DEFAULT_CLUSTER_LOG_FILE
: <a class="el" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">spp_ai.h</a>
</li>
<li>DEFAULT_CORR_RULES_DIR
: <a class="el" href="spp__ai_8h.html#a89448386cad5d5533992ae7ee84f4f1d">spp_ai.h</a>
</li>
<li>DEFAULT_DATABASE_INTERVAL
: <a class="el" href="spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310">spp_ai.h</a>
</li>
@ -101,190 +88,12 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>DYNAMIC_PREPROC_SETUP
: <a class="el" href="sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44">sf_preproc_info.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_h"></a>- h -</h3><ul>
<li>HAVE__BOOL
: <a class="el" href="config_8h.html#a862ffdbac7ac8323712310a418b7d9a3">config.h</a>
</li>
<li>HAVE_ALARM
: <a class="el" href="config_8h.html#a777e1baef81548a6bd84c0da28443435">config.h</a>
</li>
<li>HAVE_ALLOCA
: <a class="el" href="config_8h.html#aaf5250164f8a3c52b7820317aee7d9ce">config.h</a>
</li>
<li>HAVE_ALLOCA_H
: <a class="el" href="config_8h.html#a277c3d138498b9267fe43589b6b7d91e">config.h</a>
</li>
<li>HAVE_DLFCN_H
: <a class="el" href="config_8h.html#a0ee1617ff2f6885ef384a3dd46f9b9d7">config.h</a>
</li>
<li>HAVE_INT16_T
: <a class="el" href="config_8h.html#a5794b2513fe3e4fb751b3bdf78959491">config.h</a>
</li>
<li>HAVE_INT32_T
: <a class="el" href="config_8h.html#a1823dcbe683c8eaa908e5b34dac836dc">config.h</a>
</li>
<li>HAVE_INT64_T
: <a class="el" href="config_8h.html#a6795893687257a3c233fdbb7be5312af">config.h</a>
</li>
<li>HAVE_INT8_T
: <a class="el" href="config_8h.html#ac61ffbb3a0b80edd118298b2045be170">config.h</a>
</li>
<li>HAVE_INTTYPES_H
: <a class="el" href="config_8h.html#ab90a030ff2790ebdc176660a6dd2a478">config.h</a>
</li>
<li>HAVE_LIBPTHREAD
: <a class="el" href="config_8h.html#a1e55aaa6b69400645b6b23359e860751">config.h</a>
</li>
<li>HAVE_LIMITS_H
: <a class="el" href="config_8h.html#ac70f0930238c8d095d7cc2ee8b522c77">config.h</a>
</li>
<li>HAVE_MALLOC
: <a class="el" href="config_8h.html#a14503280ca0cb757db915eea09282bfc">config.h</a>
</li>
<li>HAVE_MEMMOVE
: <a class="el" href="config_8h.html#a7b300f836d3d79d0d9b0039a6b842ded">config.h</a>
</li>
<li>HAVE_MEMORY_H
: <a class="el" href="config_8h.html#ae93a78f9d076138897af441c9f86f285">config.h</a>
</li>
<li>HAVE_MEMSET
: <a class="el" href="config_8h.html#a3df52e9809253860c385be6f3a160607">config.h</a>
</li>
<li>HAVE_PTRDIFF_T
: <a class="el" href="config_8h.html#a4e62300203d0b0f776e7f2d56f63000e">config.h</a>
</li>
<li>HAVE_REALLOC
: <a class="el" href="config_8h.html#a0302094a0ee567c610a36c63104ebda5">config.h</a>
</li>
<li>HAVE_REGCOMP
: <a class="el" href="config_8h.html#a4524e47c3ee7837bfe9b2d11c9e0087f">config.h</a>
</li>
<li>HAVE_STDBOOL_H
: <a class="el" href="config_8h.html#a8c3fa1b2f1be8c6f6929548c548cf50a">config.h</a>
</li>
<li>HAVE_STDDEF_H
: <a class="el" href="config_8h.html#a0e6b9a04ae66b7846715e51a0a2dccff">config.h</a>
</li>
<li>HAVE_STDINT_H
: <a class="el" href="config_8h.html#ab6cd6d1c63c1e26ea2d4537b77148354">config.h</a>
</li>
<li>HAVE_STDLIB_H
: <a class="el" href="config_8h.html#a9e0e434ec1a6ddbd97db12b5a32905e0">config.h</a>
</li>
<li>HAVE_STRCASECMP
: <a class="el" href="config_8h.html#a1569275063253ce85180e755a82e536d">config.h</a>
</li>
<li>HAVE_STRDUP
: <a class="el" href="config_8h.html#a41b838eb3b86a0ebbd0981e92a759c0f">config.h</a>
</li>
<li>HAVE_STRING_H
: <a class="el" href="config_8h.html#ad4c234dd1625255dc626a15886306e7d">config.h</a>
</li>
<li>HAVE_STRINGS_H
: <a class="el" href="config_8h.html#a405d10d46190bcb0320524c54eafc850">config.h</a>
</li>
<li>HAVE_STRSTR
: <a class="el" href="config_8h.html#a348655482f599e61eeead7304ad0d52d">config.h</a>
</li>
<li>HAVE_STRTOL
: <a class="el" href="config_8h.html#adca0e8e7c3827189abcd6ceae6f60c32">config.h</a>
</li>
<li>HAVE_STRTOUL
: <a class="el" href="config_8h.html#a0f08977476bc5b181092cf8b3ddaf368">config.h</a>
</li>
<li>HAVE_SYS_STAT_H
: <a class="el" href="config_8h.html#ace156430ba007d19b4348a950d0c692b">config.h</a>
</li>
<li>HAVE_SYS_TIME_H
: <a class="el" href="config_8h.html#a2aae46056558e9d6fef6380f9678ffe3">config.h</a>
</li>
<li>HAVE_SYS_TYPES_H
: <a class="el" href="config_8h.html#a69dc70bea5d1f8bd2be9740e974fa666">config.h</a>
</li>
<li>HAVE_U_INT16_T
: <a class="el" href="config_8h.html#a0869d466ddab46e5420ae22728f6b6eb">config.h</a>
</li>
<li>HAVE_U_INT32_T
: <a class="el" href="config_8h.html#a7d0770a801b850407689c3f008b5a9f2">config.h</a>
</li>
<li>HAVE_U_INT64_T
: <a class="el" href="config_8h.html#a0690b52f145f45ddac92d2b6d2603abf">config.h</a>
</li>
<li>HAVE_U_INT8_T
: <a class="el" href="config_8h.html#a5c801f5197bad37d7b7aa6823672d32c">config.h</a>
</li>
<li>HAVE_UINT16_T
: <a class="el" href="config_8h.html#a7b9e7aa8721dfe7262b8ec7d47bb05c6">config.h</a>
</li>
<li>HAVE_UINT32_T
: <a class="el" href="config_8h.html#a2820937e1b8eb3be7f75f725a56fe2e0">config.h</a>
</li>
<li>HAVE_UINT64_T
: <a class="el" href="config_8h.html#a7182a632cd1d349a7300635865886059">config.h</a>
</li>
<li>HAVE_UINT8_T
: <a class="el" href="config_8h.html#af61ed9e29a43fc0ea89ed607e5364965">config.h</a>
</li>
<li>HAVE_UNISTD_H
: <a class="el" href="config_8h.html#a219b06937831d0da94d801ab13987639">config.h</a>
</li>
<li>HAVE_VISIBILITY
: <a class="el" href="config_8h.html#a9c06915a067793441b23b2961cf6a722">config.h</a>
</li>
<li>HAVE_WCHAR_H
: <a class="el" href="config_8h.html#a711b6ab6efcaffc5b8f2d274e6a483ff">config.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_l"></a>- l -</h3><ul>
<li>LINUX
: <a class="el" href="config_8h.html#a157a956e14c5c44b3f73ef23a4776f64">config.h</a>
</li>
<li>LT_OBJDIR
: <a class="el" href="config_8h.html#ac2d5925d76379847dd9fc4747b061659">config.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_m"></a>- m -</h3><ul>
<li>MAJOR_VERSION
: <a class="el" href="sf__preproc__info_8h.html#aa9e8f3bb466bb421d13913df7aeaa20c">sf_preproc_info.h</a>
</li>
<li>MINOR_VERSION
: <a class="el" href="sf__preproc__info_8h.html#a320988aa2655ee094f3a34a52da10831">sf_preproc_info.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_p"></a>- p -</h3><ul>
<li>PACKAGE
: <a class="el" href="config_8h.html#aca8570fb706c81df371b7f9bc454ae03">config.h</a>
</li>
<li>PACKAGE_BUGREPORT
: <a class="el" href="config_8h.html#a1d1d2d7f8d2f95b376954d649ab03233">config.h</a>
</li>
<li>PACKAGE_NAME
: <a class="el" href="config_8h.html#a1c0439e4355794c09b64274849eb0279">config.h</a>
</li>
<li>PACKAGE_STRING
: <a class="el" href="config_8h.html#ac73e6f903c16eca7710f92e36e1c6fbf">config.h</a>
</li>
<li>PACKAGE_TARNAME
: <a class="el" href="config_8h.html#af415af6bfede0e8d5453708afe68651c">config.h</a>
</li>
<li>PACKAGE_URL
: <a class="el" href="config_8h.html#a5c93853116d5a50307b6744f147840aa">config.h</a>
</li>
<li>PACKAGE_VERSION
: <a class="el" href="config_8h.html#aa326a05d5e30f9e9a4bb0b4469d5d0c0">config.h</a>
</li>
<li>PCAP_TIMEOUT_IGNORED
: <a class="el" href="config_8h.html#acd8fb346fb286b091cbcc99e3eb76039">config.h</a>
</li>
<li>PREPROC_NAME
: <a class="el" href="sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af">sf_preproc_info.h</a>
</li>
@ -292,30 +101,6 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
: <a class="el" href="spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8">spp_ai.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_s"></a>- s -</h3><ul>
<li>STDC_HEADERS
: <a class="el" href="config_8h.html#a550e5c272cc3cf3814651721167dcd23">config.h</a>
</li>
<li>SUP_IP6
: <a class="el" href="config_8h.html#a2b4574dbb2776d26768967604bb26f1b">config.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_t"></a>- t -</h3><ul>
<li>TIME_WITH_SYS_TIME
: <a class="el" href="config_8h.html#a2b44ef64cf38e064ef11e11f35271380">config.h</a>
</li>
</ul>
<h3><a class="anchor" id="index_v"></a>- v -</h3><ul>
<li>VERSION
: <a class="el" href="config_8h.html#a1c6d5de492ac61ad29aec7aa9a436bbf">config.h</a>
</li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
@ -331,7 +116,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/globals_enum.html
View File

@ -80,7 +80,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

17
doc/html/globals_eval.html
View File

@ -70,6 +70,18 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>false
: <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c">spp_ai.h</a>
</li>
<li>inHyperAlert
: <a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8">correlation.c</a>
</li>
<li>inPostTag
: <a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f">correlation.c</a>
</li>
<li>inPreTag
: <a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f">correlation.c</a>
</li>
<li>inSnortIdTag
: <a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d">correlation.c</a>
</li>
<li>none
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0">spp_ai.h</a>
</li>
@ -79,6 +91,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>src_port
: <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">spp_ai.h</a>
</li>
<li>TAG_NUM
: <a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67">correlation.c</a>
</li>
<li>true
: <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">spp_ai.h</a>
</li>
@ -98,7 +113,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

40
doc/html/globals_func.html
View File

@ -76,12 +76,18 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>_AI_copy_alerts()
: <a class="el" href="group__alert__parser.html#ga6c5014cae9155379fdc4db649b2c862d">alert_parser.c</a>
</li>
<li>_AI_copy_clustered_alerts()
: <a class="el" href="group__cluster.html#gab4c8ab92691e85a6f0ac4abb122712fd">cluster.c</a>
</li>
<li>_AI_equal_alarms()
: <a class="el" href="group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba">cluster.c</a>
</li>
<li>_AI_get_min_hierarchy_node()
: <a class="el" href="group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079">cluster.c</a>
</li>
<li>_AI_hyperalert_from_XML()
: <a class="el" href="group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850">correlation.c</a>
</li>
<li>_AI_merge_alerts()
: <a class="el" href="group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd">cluster.c</a>
</li>
@ -104,29 +110,37 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h3><a class="anchor" id="index_a"></a>- a -</h3><ul>
<li>AI_alert_correlation_thread()
: <a class="el" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be">correlation.c</a>
, <a class="el" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be">spp_ai.h</a>
</li>
<li>AI_file_alertparser_thread()
: <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">alert_parser.c</a>
, <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">spp_ai.h</a>
: <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">spp_ai.h</a>
, <a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">alert_parser.c</a>
</li>
<li>AI_free_alerts()
: <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">spp_ai.h</a>
, <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">alert_parser.c</a>
: <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">alert_parser.c</a>
, <a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">spp_ai.h</a>
</li>
<li>AI_get_alerts()
: <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">alert_parser.c</a>
, <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">spp_ai.h</a>
: <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">spp_ai.h</a>
, <a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">alert_parser.c</a>
</li>
<li>AI_get_clustered_alerts()
: <a class="el" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4">cluster.c</a>
, <a class="el" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4">spp_ai.h</a>
</li>
<li>AI_get_stream_by_key()
: <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">stream.c</a>
, <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">spp_ai.h</a>
: <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">spp_ai.h</a>
, <a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">stream.c</a>
</li>
<li>AI_hashcleanup_thread()
: <a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">spp_ai.h</a>
, <a class="el" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75">stream.c</a>
</li>
<li>AI_hierarchies_build()
: <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">cluster.c</a>
, <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">spp_ai.h</a>
: <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">spp_ai.h</a>
, <a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">cluster.c</a>
</li>
<li>AI_init()
: <a class="el" href="group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242">spp_ai.c</a>
@ -146,8 +160,8 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
, <a class="el" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02">spp_ai.h</a>
</li>
<li>AI_setup()
: <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">sf_preproc_info.h</a>
, <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">spp_ai.c</a>
: <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">spp_ai.c</a>
, <a class="el" href="group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570">sf_preproc_info.h</a>
</li>
</ul>
@ -173,7 +187,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/globals_type.html
View File

@ -89,7 +89,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

8
doc/html/globals_vars.html
View File

@ -76,6 +76,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>alerts
: <a class="el" href="alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe">alert_parser.c</a>
</li>
<li>conf
: <a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">correlation.c</a>
</li>
<li>ex_config
: <a class="el" href="group__spp__ai.html#ga3dd75596c540d148643fe6d1fdc02628">spp_ai.c</a>
</li>
@ -91,6 +94,9 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<li>hash_mutex
: <a class="el" href="stream_8c.html#a4e01edd07102e71480b323db2b8f57c8">stream.c</a>
</li>
<li>hyperalerts
: <a class="el" href="group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6">correlation.c</a>
</li>
<li>start_time
: <a class="el" href="stream_8c.html#a0597864b078ff448f28432db86950309">stream.c</a>
</li>
@ -110,7 +116,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/group__alert__parser.html
View File

@ -174,7 +174,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

50
doc/html/group__cluster.html
View File

@ -73,8 +73,12 @@ Functions</h2></td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for periodically clustering the log information. <a href="#ga8a5eae61dc9fd0f13e0acdfa5f4478e2"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga29c35cd6c56f54e27b5b190c6d6c487a">_AI_check_duplicate</a> (<a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *node, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *root)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. <a href="#ga29c35cd6c56f54e27b5b190c6d6c487a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *conf, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **nodes, int n_nodes)</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *<a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">conf</a>, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **nodes, int n_nodes)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="#ga1445818b37483f78cc3fb2890155842c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#gab4c8ab92691e85a6f0ac4abb122712fd">_AI_copy_clustered_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return a copy of the clustered alerts. <a href="#gab4c8ab92691e85a6f0ac4abb122712fd"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4">AI_get_clustered_alerts</a> ()</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="#ga2553c678eeb83282c230d649a0e8fcd4"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga97d35425cf5a0207fb50b64ee8cdda82">h_root</a> [CLUSTER_TYPES] = { NULL }</td></tr>
@ -137,6 +141,27 @@ Variables</h2></td></tr>
<p>Thread for periodically clustering the log information. </p>
</div>
</div>
<a class="anchor" id="gab4c8ab92691e85a6f0ac4abb122712fd"></a><!-- doxytag: member="cluster.c::_AI_copy_clustered_alerts" ref="gab4c8ab92691e85a6f0ac4abb122712fd" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* _AI_copy_clustered_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>node</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Return a copy of the clustered alerts. </p>
<dl class="return"><dt><b>Returns:</b></dt><dd>An AI_snort_alert pointer identifying the list of clustered alerts </dd></dl>
</div>
</div>
<a class="anchor" id="ga0f91c8bfc37a3975f5c26b19fd6c5cba"></a><!-- doxytag: member="cluster.c::_AI_equal_alarms" ref="ga0f91c8bfc37a3975f5c26b19fd6c5cba" args="(AI_snort_alert *a1, AI_snort_alert *a2)" -->
@ -381,6 +406,27 @@ Variables</h2></td></tr>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>The brand new node if the allocation was ok, otherwise abort the application </dd></dl>
</div>
</div>
<a class="anchor" id="ga2553c678eeb83282c230d649a0e8fcd4"></a><!-- doxytag: member="cluster.c::AI_get_clustered_alerts" ref="ga2553c678eeb83282c230d649a0e8fcd4" args="()" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_get_clustered_alerts </td>
<td>(</td>
<td class="paramtype">void&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Return the alerts parsed so far as a linked list. </p>
<dl class="return"><dt><b>Returns:</b></dt><dd>An AI_snort_alert pointer identifying the list of clustered alerts </dd></dl>
</div>
</div>
<a class="anchor" id="ga1445818b37483f78cc3fb2890155842c"></a><!-- doxytag: member="cluster.c::AI_hierarchies_build" ref="ga1445818b37483f78cc3fb2890155842c" args="(AI_config *conf, hierarchy_node **nodes, int n_nodes)" -->
@ -481,7 +527,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

209
doc/html/group__correlation.html Normal file
View File

@ -0,0 +1,209 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: Module for the correlation of hyperalerts</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#nested-classes">Data Structures</a> &#124;
<a href="#enum-members">Enumerations</a> &#124;
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>Module for the correlation of hyperalerts</h1> </div>
</div>
<div class="contents">
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="nested-classes"></a>
Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert__key.html">hyperalert_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert.html">hyperalert</a></td></tr>
<tr><td colspan="2"><h2><a name="enum-members"></a>
Enumerations</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">enum &nbsp;</td><td class="memItemRight" valign="bottom">{ <br/>
&nbsp;&nbsp;<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8">inHyperAlert</a>,
<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d">inSnortIdTag</a>,
<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f">inPreTag</a>,
<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f">inPostTag</a>,
<br/>
&nbsp;&nbsp;<a class="el" href="group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67">TAG_NUM</a>
<br/>
}</td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850">_AI_hyperalert_from_XML</a> (<a class="el" href="structhyperalert__key.html">hyperalert_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Parse info about a hyperalert from a correlation XML file, if it exists. <a href="#gacb46174cec5a2cce0a9bb1ca2b0f6850"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be">AI_alert_correlation_thread</a> (void *arg)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for correlating clustered alerts. <a href="#ga939353a4e15de7a8f4145ab986f584be"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6">hyperalerts</a> = NULL</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">PRIVATE <a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">conf</a> = NULL</td></tr>
</table>
<hr/><h2>Enumeration Type Documentation</h2>
<a class="anchor" id="ga06fc87d81c62e9abb8790b6e5713c55b"></a><!-- doxytag: member="correlation.c::@0" ref="ga06fc87d81c62e9abb8790b6e5713c55b" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">anonymous enum</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Enumeration for the types of XML tags </p>
<dl><dt><b>Enumerator: </b></dt><dd><table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"><em><a class="anchor" id="gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8"></a><!-- doxytag: member="inHyperAlert" ref="gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8" args="" -->inHyperAlert</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d"></a><!-- doxytag: member="inSnortIdTag" ref="gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d" args="" -->inSnortIdTag</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f"></a><!-- doxytag: member="inPreTag" ref="gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f" args="" -->inPreTag</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f"></a><!-- doxytag: member="inPostTag" ref="gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f" args="" -->inPostTag</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67"></a><!-- doxytag: member="TAG_NUM" ref="gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67" args="" -->TAG_NUM</em>&nbsp;</td><td>
</td></tr>
</table>
</dd>
</dl>
</div>
</div>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="gacb46174cec5a2cce0a9bb1ca2b0f6850"></a><!-- doxytag: member="correlation.c::_AI_hyperalert_from_XML" ref="gacb46174cec5a2cce0a9bb1ca2b0f6850" args="(hyperalert_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a>* _AI_hyperalert_from_XML </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structhyperalert__key.html">hyperalert_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Parse info about a hyperalert from a correlation XML file, if it exists. </p>
<p>FUNCTION: _AI_hyperalert_from_XML </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key (gid, sid, rev) identifying the alert </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A hyperalert structure containing the info about the current alert, if the XML file was found </dd></dl>
</div>
</div>
<a class="anchor" id="ga939353a4e15de7a8f4145ab986f584be"></a><!-- doxytag: member="correlation.c::AI_alert_correlation_thread" ref="ga939353a4e15de7a8f4145ab986f584be" args="(void *arg)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_alert_correlation_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for correlating clustered alerts. </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>Void pointer to module's configuration </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="gaad7a982b6016390e7cd1164bd7db8bca"></a><!-- doxytag: member="correlation.c::conf" ref="gaad7a982b6016390e7cd1164bd7db8bca" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structAI__config.html">AI_config</a>* <a class="el" href="group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca">conf</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ga343192ed5e938536f3dc150e51f8acf6"></a><!-- doxytag: member="correlation.c::hyperalerts" ref="ga343192ed5e938536f3dc150e51f8acf6" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">PRIVATE <a class="el" href="structhyperalert.html">hyperalert</a>* <a class="el" href="group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6">hyperalerts</a> = NULL</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

2
doc/html/group__regex.html
View File

@ -119,7 +119,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/group__spp__ai.html
View File

@ -215,7 +215,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/group__stream.html
View File

@ -207,7 +207,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/index.html
View File

@ -59,7 +59,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

3
doc/html/modules.html
View File

@ -47,6 +47,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
Here is a list of all modules:<ul>
<li><a class="el" href="group__alert__parser.html">Parse the alert log into binary structures</a></li>
<li><a class="el" href="group__cluster.html">Manage the clustering of alarms</a></li>
<li><a class="el" href="group__correlation.html">Module for the correlation of hyperalerts</a></li>
<li><a class="el" href="group__regex.html">Regex management</a></li>
<li><a class="el" href="group__spp__ai.html">Main file for spp_ai module</a></li>
<li><a class="el" href="group__stream.html">Manage streams, sorting them into hash tables and linked lists</a></li>
@ -66,7 +67,7 @@ Here is a list of all modules:<ul>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

3
doc/html/mysql_8c.html
View File

@ -50,6 +50,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<h1>mysql.c File Reference</h1> </div>
</div>
<div class="contents">
<code>#include &quot;<a class="el" href="spp__ai_8h_source.html">spp_ai.h</a>&quot;</code><br/>
<table class="memberdecls">
</table>
</div>
@ -67,7 +68,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/regex_8c.html
View File

@ -78,7 +78,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

36
doc/html/search/all_5f.html
View File

@ -25,73 +25,85 @@
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcopy_5fclustered_5falerts">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__cluster.html#gab4c8ab92691e85a6f0ac4abb122712fd" target="_parent">_AI_copy_clustered_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fequal_5falarms">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fget_5fmin_5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fhyperalert_5ffrom_5fxml">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850" target="_parent">_AI_hyperalert_from_XML</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmerge_5falerts">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fprint_5fclustered_5falerts">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__cluster.html#ga7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__cluster.html#ga7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fsnort_5falert">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../struct__AI__snort__alert.html" target="_parent">_AI_snort_alert</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../struct__AI__snort__alert.html" target="_parent">_AI_snort_alert</a>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fstream_5ffree">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fconfig">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__cluster.html#ga91458e2d34595688e39fcb63ba418849" target="_parent">_config</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../group__cluster.html#ga91458e2d34595688e39fcb63ba418849" target="_parent">_config</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fdpd">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c" target="_parent">_dpd</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR__5fheuristic_5ffunc">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../group__cluster.html#ga81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../group__cluster.html#ga81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../struct__hierarchy__node.html" target="_parent">_hierarchy_node</a>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../struct__hierarchy__node.html" target="_parent">_hierarchy_node</a>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fappend">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fnew">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<span class="SRScope">cluster.c</span>
</div>
</div>

100
doc/html/search/all_61.html
View File

@ -7,165 +7,183 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ai_5falert_5fcorrelation_5fthread">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5falert_5fcorrelation_5fthread')">AI_alert_correlation_thread</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" target="_parent">AI_alert_correlation_thread(void *arg):&nbsp;correlation.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" target="_parent">AI_alert_correlation_thread(void *):&nbsp;correlation.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fconfig">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structAI__config.html" target="_parent">AI_config</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structAI__config.html" target="_parent">AI_config</a>
</div>
</div>
<div class="SRResult" id="SR_ai_5ffile_5falertparser_5fthread">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffile_5falertparser_5fthread')">AI_file_alertparser_thread</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffile_5falertparser_5fthread')">AI_file_alertparser_thread</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *):&nbsp;alert_parser.c</a>
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5ffree_5falerts">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffree_5falerts')">AI_free_alerts</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffree_5falerts')">AI_free_alerts</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5falerts">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5falerts')">AI_get_alerts</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5falerts')">AI_get_alerts</a>
<div class="SRChildren">
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5fclustered_5falerts">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fclustered_5falerts')">AI_get_clustered_alerts</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" target="_parent">AI_get_clustered_alerts():&nbsp;cluster.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" target="_parent">AI_get_clustered_alerts(void):&nbsp;cluster.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5fstream_5fby_5fkey">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fstream_5fby_5fkey')">AI_get_stream_by_key</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fstream_5fby_5fkey')">AI_get_stream_by_key</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhashcleanup_5fthread">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
<a id="Item7_c0" onkeydown="return searchResults.NavChild(event,7,0)" onkeypress="return searchResults.NavChild(event,7,0)" onkeyup="return searchResults.NavChild(event,7,0)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item7_c1" onkeydown="return searchResults.NavChild(event,7,1)" onkeypress="return searchResults.NavChild(event,7,1)" onkeyup="return searchResults.NavChild(event,7,1)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhierarchies_5fbuild">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhierarchies_5fbuild')">AI_hierarchies_build</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhierarchies_5fbuild')">AI_hierarchies_build</a>
<div class="SRChildren">
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
<a id="Item8_c0" onkeydown="return searchResults.NavChild(event,8,0)" onkeypress="return searchResults.NavChild(event,8,0)" onkeyup="return searchResults.NavChild(event,8,0)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item8_c1" onkeydown="return searchResults.NavChild(event,8,1)" onkeypress="return searchResults.NavChild(event,8,1)" onkeyup="return searchResults.NavChild(event,8,1)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5finit">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fparse">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fpkt_5fenqueue">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<div class="SRChildren">
<a id="Item9_c0" onkeydown="return searchResults.NavChild(event,9,0)" onkeypress="return searchResults.NavChild(event,9,0)" onkeyup="return searchResults.NavChild(event,9,0)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item9_c1" onkeydown="return searchResults.NavChild(event,9,1)" onkeypress="return searchResults.NavChild(event,9,1)" onkeyup="return searchResults.NavChild(event,9,1)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
<a id="Item11_c0" onkeydown="return searchResults.NavChild(event,11,0)" onkeypress="return searchResults.NavChild(event,11,0)" onkeyup="return searchResults.NavChild(event,11,0)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item11_c1" onkeydown="return searchResults.NavChild(event,11,1)" onkeypress="return searchResults.NavChild(event,11,1)" onkeyup="return searchResults.NavChild(event,11,1)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fprocess">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fset_5fstream_5fobserved">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<div class="SRChildren">
<a id="Item11_c0" onkeydown="return searchResults.NavChild(event,11,0)" onkeypress="return searchResults.NavChild(event,11,0)" onkeyup="return searchResults.NavChild(event,11,0)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item11_c1" onkeydown="return searchResults.NavChild(event,11,1)" onkeypress="return searchResults.NavChild(event,11,1)" onkeyup="return searchResults.NavChild(event,11,1)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item13_c0" onkeydown="return searchResults.NavChild(event,13,0)" onkeypress="return searchResults.NavChild(event,13,0)" onkeyup="return searchResults.NavChild(event,13,0)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item13_c1" onkeydown="return searchResults.NavChild(event,13,1)" onkeypress="return searchResults.NavChild(event,13,1)" onkeyup="return searchResults.NavChild(event,13,1)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fsetup">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<div class="SRChildren">
<a id="Item12_c0" onkeydown="return searchResults.NavChild(event,12,0)" onkeypress="return searchResults.NavChild(event,12,0)" onkeyup="return searchResults.NavChild(event,12,0)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item12_c1" onkeydown="return searchResults.NavChild(event,12,1)" onkeypress="return searchResults.NavChild(event,12,1)" onkeyup="return searchResults.NavChild(event,12,1)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
<a id="Item14_c0" onkeydown="return searchResults.NavChild(event,14,0)" onkeypress="return searchResults.NavChild(event,14,0)" onkeyup="return searchResults.NavChild(event,14,0)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item14_c1" onkeydown="return searchResults.NavChild(event,14,1)" onkeypress="return searchResults.NavChild(event,14,1)" onkeyup="return searchResults.NavChild(event,14,1)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fsnort_5falert">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897" target="_parent">AI_snort_alert</a>
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897" target="_parent">AI_snort_alert</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5ffp">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../alert__parser_8c.html#abee2a33368912d9288c76b51160a9ed6" target="_parent">alert_fp</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5flog">
<div class="SREntry">
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../group__cluster.html#gaaf4c19f60f48741b0890c6114dcff7d9" target="_parent">alert_log</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR_alert_5fparser_2ec">
<div class="SREntry">
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../alert__parser_8c.html" target="_parent">alert_parser.c</a>
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../alert__parser_8c.html" target="_parent">alert_parser.c</a>
</div>
</div>
<div class="SRResult" id="SR_alertclusteringinterval">
<div class="SREntry">
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<a id="Item19" onkeydown="return searchResults.Nav(event,19)" onkeypress="return searchResults.Nav(event,19)" onkeyup="return searchResults.Nav(event,19)" class="SRSymbol" href="../structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d" target="_parent">alertClusteringInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertfile">
<div class="SREntry">
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<a id="Item20" onkeydown="return searchResults.Nav(event,20)" onkeypress="return searchResults.Nav(event,20)" onkeyup="return searchResults.Nav(event,20)" class="SRSymbol" href="../structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca" target="_parent">alertfile</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_alertparser_5fthread">
<div class="SREntry">
<a id="Item19" onkeydown="return searchResults.Nav(event,19)" onkeypress="return searchResults.Nav(event,19)" onkeyup="return searchResults.Nav(event,19)" class="SRSymbol" href="../group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0" target="_parent">alertparser_thread</a>
<a id="Item21" onkeydown="return searchResults.Nav(event,21)" onkeypress="return searchResults.Nav(event,21)" onkeyup="return searchResults.Nav(event,21)" class="SRSymbol" href="../group__spp__ai.html#gaa3100e48acef5cf4370c3042ff548ed0" target="_parent">alertparser_thread</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_alerts">
<div class="SREntry">
<a id="Item20" onkeydown="return searchResults.Nav(event,20)" onkeypress="return searchResults.Nav(event,20)" onkeyup="return searchResults.Nav(event,20)" class="SRSymbol" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts</a>
<a id="Item22" onkeydown="return searchResults.Nav(event,22)" onkeypress="return searchResults.Nav(event,22)" onkeyup="return searchResults.Nav(event,22)" class="SRSymbol" href="../alert__parser_8c.html#ae837fc04e61c0eb052f997c54b4fd9fe" target="_parent">alerts</a>
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fkey">
<div class="SREntry">
<a id="Item21" onkeydown="return searchResults.Nav(event,21)" onkeypress="return searchResults.Nav(event,21)" onkeyup="return searchResults.Nav(event,21)" class="SRSymbol" href="../structattribute__key.html" target="_parent">attribute_key</a>
<a id="Item23" onkeydown="return searchResults.Nav(event,23)" onkeypress="return searchResults.Nav(event,23)" onkeyup="return searchResults.Nav(event,23)" class="SRSymbol" href="../structattribute__key.html" target="_parent">attribute_key</a>
</div>
</div>
<div class="SRResult" id="SR_attribute_5fvalue">
<div class="SREntry">
<a id="Item22" onkeydown="return searchResults.Nav(event,22)" onkeypress="return searchResults.Nav(event,22)" onkeyup="return searchResults.Nav(event,22)" class="SRSymbol" href="../structattribute__value.html" target="_parent">attribute_value</a>
<a id="Item24" onkeydown="return searchResults.Nav(event,24)" onkeypress="return searchResults.Nav(event,24)" onkeyup="return searchResults.Nav(event,24)" class="SRSymbol" href="../structattribute__value.html" target="_parent">attribute_value</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

24
doc/html/search/all_63.html
View File

@ -42,14 +42,32 @@
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_config_2eh">
<div class="SRResult" id="SR_conf">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../config_8h.html" target="_parent">config.h</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca" target="_parent">conf</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_corr_5frules_5fdir">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc" target="_parent">corr_rules_dir</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_correlation_2ec">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../correlation_8c.html" target="_parent">correlation.c</a>
</div>
</div>
<div class="SRResult" id="SR_correlationgraphinterval">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../structAI__config.html#aa736375e57a59936e2e782b7cd200e41" target="_parent">correlationGraphInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_count">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<span class="SRScope">attribute_value</span>
</div>
</div>

34
doc/html/search/all_64.html
View File

@ -53,60 +53,72 @@
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5falert_5fcorrelation_5finterval">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../spp__ai_8h.html#af0edda6cc018d9674b6822f6df4abe74" target="_parent">DEFAULT_ALERT_CORRELATION_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5falert_5flog_5ffile">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a" target="_parent">DEFAULT_ALERT_LOG_FILE</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a" target="_parent">DEFAULT_ALERT_LOG_FILE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fcluster_5flog_5ffile">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d" target="_parent">DEFAULT_CLUSTER_LOG_FILE</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d" target="_parent">DEFAULT_CLUSTER_LOG_FILE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fcorr_5frules_5fdir">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../spp__ai_8h.html#a89448386cad5d5533992ae7ee84f4f1d" target="_parent">DEFAULT_CORR_RULES_DIR</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fdatabase_5finterval">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310" target="_parent">DEFAULT_DATABASE_INTERVAL</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310" target="_parent">DEFAULT_DATABASE_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fhash_5fcleanup_5finterval">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746" target="_parent">DEFAULT_HASH_CLEANUP_INTERVAL</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746" target="_parent">DEFAULT_HASH_CLEANUP_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fstream_5fexpire_5finterval">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031" target="_parent">DEFAULT_STREAM_EXPIRE_INTERVAL</a>
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031" target="_parent">DEFAULT_STREAM_EXPIRE_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_desc">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135" target="_parent">desc</a>
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135" target="_parent">desc</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5faddr">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c" target="_parent">dst_addr</a>
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c" target="_parent">dst_addr</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_dst_5fport">
<div class="SREntry">
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_dst_5fport')">dst_port</a>
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_dst_5fport')">dst_port</a>
<div class="SRChildren">
<a id="Item15_c0" onkeydown="return searchResults.NavChild(event,15,0)" onkeypress="return searchResults.NavChild(event,15,0)" onkeyup="return searchResults.NavChild(event,15,0)" class="SRScope" href="../structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" target="_parent">pkt_key::dst_port()</a>
<a id="Item15_c1" onkeydown="return searchResults.NavChild(event,15,1)" onkeypress="return searchResults.NavChild(event,15,1)" onkeyup="return searchResults.NavChild(event,15,1)" class="SRScope" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9" target="_parent">dst_port():&nbsp;spp_ai.h</a>
<a id="Item17_c0" onkeydown="return searchResults.NavChild(event,17,0)" onkeypress="return searchResults.NavChild(event,17,0)" onkeyup="return searchResults.NavChild(event,17,0)" class="SRScope" href="../structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d" target="_parent">pkt_key::dst_port()</a>
<a id="Item17_c1" onkeydown="return searchResults.NavChild(event,17,1)" onkeypress="return searchResults.NavChild(event,17,1)" onkeyup="return searchResults.NavChild(event,17,1)" class="SRScope" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9" target="_parent">dst_port():&nbsp;spp_ai.h</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_dynamic_5fpreproc_5fsetup">
<div class="SREntry">
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>

7
doc/html/search/all_67.html
View File

@ -15,8 +15,11 @@
</div>
<div class="SRResult" id="SR_gid">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">gid</a>
<span class="SRScope">_AI_snort_alert</span>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_gid')">gid</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structhyperalert__key.html#aac0e30a21653be11b357e3030aafd7e4" target="_parent">hyperalert_key::gid()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">_AI_snort_alert::gid()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_grouped_5falarms_5fcount">

289
doc/html/search/all_68.html
View File

@ -37,285 +37,38 @@
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_have_5f_5fbool">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../config_8h.html#a862ffdbac7ac8323712310a418b7d9a3" target="_parent">HAVE__BOOL</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5falarm">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../config_8h.html#a777e1baef81548a6bd84c0da28443435" target="_parent">HAVE_ALARM</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5falloca">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../config_8h.html#aaf5250164f8a3c52b7820317aee7d9ce" target="_parent">HAVE_ALLOCA</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5falloca_5fh">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../config_8h.html#a277c3d138498b9267fe43589b6b7d91e" target="_parent">HAVE_ALLOCA_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fdlfcn_5fh">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../config_8h.html#a0ee1617ff2f6885ef384a3dd46f9b9d7" target="_parent">HAVE_DLFCN_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fint16_5ft">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../config_8h.html#a5794b2513fe3e4fb751b3bdf78959491" target="_parent">HAVE_INT16_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fint32_5ft">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../config_8h.html#a1823dcbe683c8eaa908e5b34dac836dc" target="_parent">HAVE_INT32_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fint64_5ft">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../config_8h.html#a6795893687257a3c233fdbb7be5312af" target="_parent">HAVE_INT64_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fint8_5ft">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../config_8h.html#ac61ffbb3a0b80edd118298b2045be170" target="_parent">HAVE_INT8_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5finttypes_5fh">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../config_8h.html#ab90a030ff2790ebdc176660a6dd2a478" target="_parent">HAVE_INTTYPES_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5flibpthread">
<div class="SREntry">
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../config_8h.html#a1e55aaa6b69400645b6b23359e860751" target="_parent">HAVE_LIBPTHREAD</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5flimits_5fh">
<div class="SREntry">
<a id="Item16" onkeydown="return searchResults.Nav(event,16)" onkeypress="return searchResults.Nav(event,16)" onkeyup="return searchResults.Nav(event,16)" class="SRSymbol" href="../config_8h.html#ac70f0930238c8d095d7cc2ee8b522c77" target="_parent">HAVE_LIMITS_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fmalloc">
<div class="SREntry">
<a id="Item17" onkeydown="return searchResults.Nav(event,17)" onkeypress="return searchResults.Nav(event,17)" onkeyup="return searchResults.Nav(event,17)" class="SRSymbol" href="../config_8h.html#a14503280ca0cb757db915eea09282bfc" target="_parent">HAVE_MALLOC</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fmemmove">
<div class="SREntry">
<a id="Item18" onkeydown="return searchResults.Nav(event,18)" onkeypress="return searchResults.Nav(event,18)" onkeyup="return searchResults.Nav(event,18)" class="SRSymbol" href="../config_8h.html#a7b300f836d3d79d0d9b0039a6b842ded" target="_parent">HAVE_MEMMOVE</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fmemory_5fh">
<div class="SREntry">
<a id="Item19" onkeydown="return searchResults.Nav(event,19)" onkeypress="return searchResults.Nav(event,19)" onkeyup="return searchResults.Nav(event,19)" class="SRSymbol" href="../config_8h.html#ae93a78f9d076138897af441c9f86f285" target="_parent">HAVE_MEMORY_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fmemset">
<div class="SREntry">
<a id="Item20" onkeydown="return searchResults.Nav(event,20)" onkeypress="return searchResults.Nav(event,20)" onkeyup="return searchResults.Nav(event,20)" class="SRSymbol" href="../config_8h.html#a3df52e9809253860c385be6f3a160607" target="_parent">HAVE_MEMSET</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fptrdiff_5ft">
<div class="SREntry">
<a id="Item21" onkeydown="return searchResults.Nav(event,21)" onkeypress="return searchResults.Nav(event,21)" onkeyup="return searchResults.Nav(event,21)" class="SRSymbol" href="../config_8h.html#a4e62300203d0b0f776e7f2d56f63000e" target="_parent">HAVE_PTRDIFF_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5frealloc">
<div class="SREntry">
<a id="Item22" onkeydown="return searchResults.Nav(event,22)" onkeypress="return searchResults.Nav(event,22)" onkeyup="return searchResults.Nav(event,22)" class="SRSymbol" href="../config_8h.html#a0302094a0ee567c610a36c63104ebda5" target="_parent">HAVE_REALLOC</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fregcomp">
<div class="SREntry">
<a id="Item23" onkeydown="return searchResults.Nav(event,23)" onkeypress="return searchResults.Nav(event,23)" onkeyup="return searchResults.Nav(event,23)" class="SRSymbol" href="../config_8h.html#a4524e47c3ee7837bfe9b2d11c9e0087f" target="_parent">HAVE_REGCOMP</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fstdbool_5fh">
<div class="SREntry">
<a id="Item24" onkeydown="return searchResults.Nav(event,24)" onkeypress="return searchResults.Nav(event,24)" onkeyup="return searchResults.Nav(event,24)" class="SRSymbol" href="../config_8h.html#a8c3fa1b2f1be8c6f6929548c548cf50a" target="_parent">HAVE_STDBOOL_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fstddef_5fh">
<div class="SREntry">
<a id="Item25" onkeydown="return searchResults.Nav(event,25)" onkeypress="return searchResults.Nav(event,25)" onkeyup="return searchResults.Nav(event,25)" class="SRSymbol" href="../config_8h.html#a0e6b9a04ae66b7846715e51a0a2dccff" target="_parent">HAVE_STDDEF_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fstdint_5fh">
<div class="SREntry">
<a id="Item26" onkeydown="return searchResults.Nav(event,26)" onkeypress="return searchResults.Nav(event,26)" onkeyup="return searchResults.Nav(event,26)" class="SRSymbol" href="../config_8h.html#ab6cd6d1c63c1e26ea2d4537b77148354" target="_parent">HAVE_STDINT_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fstdlib_5fh">
<div class="SREntry">
<a id="Item27" onkeydown="return searchResults.Nav(event,27)" onkeypress="return searchResults.Nav(event,27)" onkeyup="return searchResults.Nav(event,27)" class="SRSymbol" href="../config_8h.html#a9e0e434ec1a6ddbd97db12b5a32905e0" target="_parent">HAVE_STDLIB_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fstrcasecmp">
<div class="SREntry">
<a id="Item28" onkeydown="return searchResults.Nav(event,28)" onkeypress="return searchResults.Nav(event,28)" onkeyup="return searchResults.Nav(event,28)" class="SRSymbol" href="../config_8h.html#a1569275063253ce85180e755a82e536d" target="_parent">HAVE_STRCASECMP</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fstrdup">
<div class="SREntry">
<a id="Item29" onkeydown="return searchResults.Nav(event,29)" onkeypress="return searchResults.Nav(event,29)" onkeyup="return searchResults.Nav(event,29)" class="SRSymbol" href="../config_8h.html#a41b838eb3b86a0ebbd0981e92a759c0f" target="_parent">HAVE_STRDUP</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fstring_5fh">
<div class="SREntry">
<a id="Item30" onkeydown="return searchResults.Nav(event,30)" onkeypress="return searchResults.Nav(event,30)" onkeyup="return searchResults.Nav(event,30)" class="SRSymbol" href="../config_8h.html#ad4c234dd1625255dc626a15886306e7d" target="_parent">HAVE_STRING_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fstrings_5fh">
<div class="SREntry">
<a id="Item31" onkeydown="return searchResults.Nav(event,31)" onkeypress="return searchResults.Nav(event,31)" onkeyup="return searchResults.Nav(event,31)" class="SRSymbol" href="../config_8h.html#a405d10d46190bcb0320524c54eafc850" target="_parent">HAVE_STRINGS_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fstrstr">
<div class="SREntry">
<a id="Item32" onkeydown="return searchResults.Nav(event,32)" onkeypress="return searchResults.Nav(event,32)" onkeyup="return searchResults.Nav(event,32)" class="SRSymbol" href="../config_8h.html#a348655482f599e61eeead7304ad0d52d" target="_parent">HAVE_STRSTR</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fstrtol">
<div class="SREntry">
<a id="Item33" onkeydown="return searchResults.Nav(event,33)" onkeypress="return searchResults.Nav(event,33)" onkeyup="return searchResults.Nav(event,33)" class="SRSymbol" href="../config_8h.html#adca0e8e7c3827189abcd6ceae6f60c32" target="_parent">HAVE_STRTOL</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fstrtoul">
<div class="SREntry">
<a id="Item34" onkeydown="return searchResults.Nav(event,34)" onkeypress="return searchResults.Nav(event,34)" onkeyup="return searchResults.Nav(event,34)" class="SRSymbol" href="../config_8h.html#a0f08977476bc5b181092cf8b3ddaf368" target="_parent">HAVE_STRTOUL</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fsys_5fstat_5fh">
<div class="SREntry">
<a id="Item35" onkeydown="return searchResults.Nav(event,35)" onkeypress="return searchResults.Nav(event,35)" onkeyup="return searchResults.Nav(event,35)" class="SRSymbol" href="../config_8h.html#ace156430ba007d19b4348a950d0c692b" target="_parent">HAVE_SYS_STAT_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fsys_5ftime_5fh">
<div class="SREntry">
<a id="Item36" onkeydown="return searchResults.Nav(event,36)" onkeypress="return searchResults.Nav(event,36)" onkeyup="return searchResults.Nav(event,36)" class="SRSymbol" href="../config_8h.html#a2aae46056558e9d6fef6380f9678ffe3" target="_parent">HAVE_SYS_TIME_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fsys_5ftypes_5fh">
<div class="SREntry">
<a id="Item37" onkeydown="return searchResults.Nav(event,37)" onkeypress="return searchResults.Nav(event,37)" onkeyup="return searchResults.Nav(event,37)" class="SRSymbol" href="../config_8h.html#a69dc70bea5d1f8bd2be9740e974fa666" target="_parent">HAVE_SYS_TYPES_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fu_5fint16_5ft">
<div class="SREntry">
<a id="Item38" onkeydown="return searchResults.Nav(event,38)" onkeypress="return searchResults.Nav(event,38)" onkeyup="return searchResults.Nav(event,38)" class="SRSymbol" href="../config_8h.html#a0869d466ddab46e5420ae22728f6b6eb" target="_parent">HAVE_U_INT16_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fu_5fint32_5ft">
<div class="SREntry">
<a id="Item39" onkeydown="return searchResults.Nav(event,39)" onkeypress="return searchResults.Nav(event,39)" onkeyup="return searchResults.Nav(event,39)" class="SRSymbol" href="../config_8h.html#a7d0770a801b850407689c3f008b5a9f2" target="_parent">HAVE_U_INT32_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fu_5fint64_5ft">
<div class="SREntry">
<a id="Item40" onkeydown="return searchResults.Nav(event,40)" onkeypress="return searchResults.Nav(event,40)" onkeyup="return searchResults.Nav(event,40)" class="SRSymbol" href="../config_8h.html#a0690b52f145f45ddac92d2b6d2603abf" target="_parent">HAVE_U_INT64_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fu_5fint8_5ft">
<div class="SREntry">
<a id="Item41" onkeydown="return searchResults.Nav(event,41)" onkeypress="return searchResults.Nav(event,41)" onkeyup="return searchResults.Nav(event,41)" class="SRSymbol" href="../config_8h.html#a5c801f5197bad37d7b7aa6823672d32c" target="_parent">HAVE_U_INT8_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fuint16_5ft">
<div class="SREntry">
<a id="Item42" onkeydown="return searchResults.Nav(event,42)" onkeypress="return searchResults.Nav(event,42)" onkeyup="return searchResults.Nav(event,42)" class="SRSymbol" href="../config_8h.html#a7b9e7aa8721dfe7262b8ec7d47bb05c6" target="_parent">HAVE_UINT16_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fuint32_5ft">
<div class="SREntry">
<a id="Item43" onkeydown="return searchResults.Nav(event,43)" onkeypress="return searchResults.Nav(event,43)" onkeyup="return searchResults.Nav(event,43)" class="SRSymbol" href="../config_8h.html#a2820937e1b8eb3be7f75f725a56fe2e0" target="_parent">HAVE_UINT32_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fuint64_5ft">
<div class="SREntry">
<a id="Item44" onkeydown="return searchResults.Nav(event,44)" onkeypress="return searchResults.Nav(event,44)" onkeyup="return searchResults.Nav(event,44)" class="SRSymbol" href="../config_8h.html#a7182a632cd1d349a7300635865886059" target="_parent">HAVE_UINT64_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fuint8_5ft">
<div class="SREntry">
<a id="Item45" onkeydown="return searchResults.Nav(event,45)" onkeypress="return searchResults.Nav(event,45)" onkeyup="return searchResults.Nav(event,45)" class="SRSymbol" href="../config_8h.html#af61ed9e29a43fc0ea89ed607e5364965" target="_parent">HAVE_UINT8_T</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5funistd_5fh">
<div class="SREntry">
<a id="Item46" onkeydown="return searchResults.Nav(event,46)" onkeypress="return searchResults.Nav(event,46)" onkeyup="return searchResults.Nav(event,46)" class="SRSymbol" href="../config_8h.html#a219b06937831d0da94d801ab13987639" target="_parent">HAVE_UNISTD_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fvisibility">
<div class="SREntry">
<a id="Item47" onkeydown="return searchResults.Nav(event,47)" onkeypress="return searchResults.Nav(event,47)" onkeyup="return searchResults.Nav(event,47)" class="SRSymbol" href="../config_8h.html#a9c06915a067793441b23b2961cf6a722" target="_parent">HAVE_VISIBILITY</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_have_5fwchar_5fh">
<div class="SREntry">
<a id="Item48" onkeydown="return searchResults.Nav(event,48)" onkeypress="return searchResults.Nav(event,48)" onkeyup="return searchResults.Nav(event,48)" class="SRSymbol" href="../config_8h.html#a711b6ab6efcaffc5b8f2d274e6a483ff" target="_parent">HAVE_WCHAR_H</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_hh">
<div class="SREntry">
<a id="Item49" onkeydown="return searchResults.Nav(event,49)" onkeypress="return searchResults.Nav(event,49)" onkeyup="return searchResults.Nav(event,49)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_hh')">hh</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_hh')">hh</a>
<div class="SRChildren">
<a id="Item49_c0" onkeydown="return searchResults.NavChild(event,49,0)" onkeypress="return searchResults.NavChild(event,49,0)" onkeyup="return searchResults.NavChild(event,49,0)" class="SRScope" href="../structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc" target="_parent">attribute_value::hh()</a>
<a id="Item49_c1" onkeydown="return searchResults.NavChild(event,49,1)" onkeypress="return searchResults.NavChild(event,49,1)" onkeyup="return searchResults.NavChild(event,49,1)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc" target="_parent">attribute_value::hh()</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../structhyperalert.html#aa2993f19f3cc95627cfdaf4f47f78b04" target="_parent">hyperalert::hh()</a>
<a id="Item5_c2" onkeydown="return searchResults.NavChild(event,5,2)" onkeypress="return searchResults.NavChild(event,5,2)" onkeyup="return searchResults.NavChild(event,5,2)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_hierarchy_5fnode">
<div class="SREntry">
<a id="Item50" onkeydown="return searchResults.Nav(event,50)" onkeypress="return searchResults.Nav(event,50)" onkeyup="return searchResults.Nav(event,50)" class="SRSymbol" href="../spp__ai_8h.html#a466391129919ef12366d311d501552fa" target="_parent">hierarchy_node</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../spp__ai_8h.html#a466391129919ef12366d311d501552fa" target="_parent">hierarchy_node</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_hyperalert">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../structhyperalert.html" target="_parent">hyperalert</a>
</div>
</div>
<div class="SRResult" id="SR_hyperalert_5fkey">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../structhyperalert__key.html" target="_parent">hyperalert_key</a>
</div>
</div>
<div class="SRResult" id="SR_hyperalerts">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6" target="_parent">hyperalerts</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

38
doc/html/search/all_69.html
View File

@ -7,45 +7,69 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_inhyperalert">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8" target="_parent">inHyperAlert</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_inposttag">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f" target="_parent">inPostTag</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_inpretag">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f" target="_parent">inPreTag</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_insnortidtag">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d" target="_parent">inSnortIdTag</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5fdst_5faddr">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b" target="_parent">ip_dst_addr</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b" target="_parent">ip_dst_addr</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5fid">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78" target="_parent">ip_id</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78" target="_parent">ip_id</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5flen">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1" target="_parent">ip_len</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1" target="_parent">ip_len</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5fproto">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536" target="_parent">ip_proto</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536" target="_parent">ip_proto</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5fsrc_5faddr">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611" target="_parent">ip_src_addr</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611" target="_parent">ip_src_addr</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5ftos">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416" target="_parent">ip_tos</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416" target="_parent">ip_tos</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_ip_5fttl">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600" target="_parent">ip_ttl</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600" target="_parent">ip_ttl</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>

3
doc/html/search/all_6b.html
View File

@ -12,7 +12,8 @@
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_key')">key</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d" target="_parent">attribute_value::key()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">pkt_info::key()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../structhyperalert.html#a592c41f4772230c065ce352ec6c6cf0d" target="_parent">hyperalert::key()</a>
<a id="Item0_c2" onkeydown="return searchResults.NavChild(event,0,2)" onkeypress="return searchResults.NavChild(event,0,2)" onkeyup="return searchResults.NavChild(event,0,2)" class="SRScope" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">pkt_info::key()</a>
</div>
</div>
</div>

12
doc/html/search/all_6c.html
View File

@ -13,18 +13,6 @@
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_linux">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../config_8h.html#a157a956e14c5c44b3f73ef23a4776f64" target="_parent">LINUX</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_lt_5fobjdir">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../config_8h.html#ac2d5925d76379847dd9fc4747b061659" target="_parent">LT_OBJDIR</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

22
doc/html/search/all_6e.html
View File

@ -7,24 +7,36 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_n_5fpostconds">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structhyperalert.html#a16c46535e62397b5ef394b014943f58a" target="_parent">n_postconds</a>
<span class="SRScope">hyperalert</span>
</div>
</div>
<div class="SRResult" id="SR_n_5fpreconds">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structhyperalert.html#a84181558bdbb98e49087d4ce7353bf70" target="_parent">n_preconds</a>
<span class="SRScope">hyperalert</span>
</div>
</div>
<div class="SRResult" id="SR_nchildren">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a" target="_parent">nchildren</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a" target="_parent">nchildren</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_next">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_next')">next</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_next')">next</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168" target="_parent">pkt_info::next()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173" target="_parent">_AI_snort_alert::next()</a>
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168" target="_parent">pkt_info::next()</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173" target="_parent">_AI_snort_alert::next()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_none">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0" target="_parent">none</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0" target="_parent">none</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>

80
doc/html/search/all_70.html
View File

@ -7,100 +7,64 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_package">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../config_8h.html#aca8570fb706c81df371b7f9bc454ae03" target="_parent">PACKAGE</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5fbugreport">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../config_8h.html#a1d1d2d7f8d2f95b376954d649ab03233" target="_parent">PACKAGE_BUGREPORT</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5fname">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../config_8h.html#a1c0439e4355794c09b64274849eb0279" target="_parent">PACKAGE_NAME</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5fstring">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../config_8h.html#ac73e6f903c16eca7710f92e36e1c6fbf" target="_parent">PACKAGE_STRING</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5ftarname">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../config_8h.html#af415af6bfede0e8d5453708afe68651c" target="_parent">PACKAGE_TARNAME</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5furl">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../config_8h.html#a5c93853116d5a50307b6744f147840aa" target="_parent">PACKAGE_URL</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5fversion">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../config_8h.html#aa326a05d5e30f9e9a4bb0b4469d5d0c0" target="_parent">PACKAGE_VERSION</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_parent">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe" target="_parent">parent</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe" target="_parent">parent</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_pcap_5ftimeout_5fignored">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../config_8h.html#acd8fb346fb286b091cbcc99e3eb76039" target="_parent">PCAP_TIMEOUT_IGNORED</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_pkt">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168" target="_parent">pkt</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168" target="_parent">pkt</a>
<span class="SRScope">pkt_info</span>
</div>
</div>
<div class="SRResult" id="SR_pkt_5finfo">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../structpkt__info.html" target="_parent">pkt_info</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structpkt__info.html" target="_parent">pkt_info</a>
</div>
</div>
<div class="SRResult" id="SR_pkt_5fkey">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../structpkt__key.html" target="_parent">pkt_key</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structpkt__key.html" target="_parent">pkt_key</a>
</div>
</div>
<div class="SRResult" id="SR_postconds">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structhyperalert.html#a69e0ed6e53e6fe23d3de2ec1f5d13863" target="_parent">postconds</a>
<span class="SRScope">hyperalert</span>
</div>
</div>
<div class="SRResult" id="SR_preconds">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../structhyperalert.html#afa2862b9a574be52e5dc4a4cc0178d66" target="_parent">preconds</a>
<span class="SRScope">hyperalert</span>
</div>
</div>
<div class="SRResult" id="SR_preg_5fmatch">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_preg_5fmatch')">preg_match</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_preg_5fmatch')">preg_match</a>
<div class="SRChildren">
<a id="Item12_c0" onkeydown="return searchResults.NavChild(event,12,0)" onkeypress="return searchResults.NavChild(event,12,0)" onkeyup="return searchResults.NavChild(event,12,0)" class="SRScope" href="../group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *expr, char *str, char ***matches, int *nmatches):&nbsp;regex.c</a>
<a id="Item12_c1" onkeydown="return searchResults.NavChild(event,12,1)" onkeypress="return searchResults.NavChild(event,12,1)" onkeyup="return searchResults.NavChild(event,12,1)" class="SRScope" href="../group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *, char *, char ***, int *):&nbsp;regex.c</a>
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *expr, char *str, char ***matches, int *nmatches):&nbsp;regex.c</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" target="_parent">preg_match(const char *, char *, char ***, int *):&nbsp;regex.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_preproc_5fname">
<div class="SREntry">
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="../sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af" target="_parent">PREPROC_NAME</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af" target="_parent">PREPROC_NAME</a>
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>
<div class="SRResult" id="SR_priority">
<div class="SREntry">
<a id="Item14" onkeydown="return searchResults.Nav(event,14)" onkeypress="return searchResults.Nav(event,14)" onkeyup="return searchResults.Nav(event,14)" class="SRSymbol" href="../struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9" target="_parent">priority</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9" target="_parent">priority</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_private">
<div class="SREntry">
<a id="Item15" onkeydown="return searchResults.Nav(event,15)" onkeypress="return searchResults.Nav(event,15)" onkeyup="return searchResults.Nav(event,15)" class="SRSymbol" href="../spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8" target="_parent">PRIVATE</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8" target="_parent">PRIVATE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>

7
doc/html/search/all_72.html
View File

@ -14,8 +14,11 @@
</div>
<div class="SRResult" id="SR_rev">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37" target="_parent">rev</a>
<span class="SRScope">_AI_snort_alert</span>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_rev')">rev</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structhyperalert__key.html#a7e4a23f87bb69765c5afdb2e602aff87" target="_parent">hyperalert_key::rev()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37" target="_parent">_AI_snort_alert::rev()</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

25
doc/html/search/all_73.html
View File

@ -14,8 +14,11 @@
</div>
<div class="SRResult" id="SR_sid">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">sid</a>
<span class="SRScope">_AI_snort_alert</span>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_sid')">sid</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structhyperalert__key.html#ab3cb68a4bf46fab57f0dd0be007a91bc" target="_parent">hyperalert_key::sid()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">_AI_snort_alert::sid()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_spp_5fai_2ec">
@ -52,35 +55,23 @@
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR_stdc_5fheaders">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../config_8h.html#a550e5c272cc3cf3814651721167dcd23" target="_parent">STDC_HEADERS</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_stream">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" target="_parent">stream</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31" target="_parent">stream</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_stream_2ec">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../stream_8c.html" target="_parent">stream.c</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../stream_8c.html" target="_parent">stream.c</a>
</div>
</div>
<div class="SRResult" id="SR_streamexpireinterval">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b" target="_parent">streamExpireInterval</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b" target="_parent">streamExpireInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_sup_5fip6">
<div class="SREntry">
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../config_8h.html#a2b4574dbb2776d26768967604bb26f1b" target="_parent">SUP_IP6</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

26
doc/html/search/all_74.html
View File

@ -7,54 +7,54 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_tag_5fnum">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67" target="_parent">TAG_NUM</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fack">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79" target="_parent">tcp_ack</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79" target="_parent">tcp_ack</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fdst_5fport">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4" target="_parent">tcp_dst_port</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4" target="_parent">tcp_dst_port</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fflags">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507" target="_parent">tcp_flags</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507" target="_parent">tcp_flags</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5flen">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857" target="_parent">tcp_len</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857" target="_parent">tcp_len</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fseq">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b" target="_parent">tcp_seq</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b" target="_parent">tcp_seq</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fsrc_5fport">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7" target="_parent">tcp_src_port</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7" target="_parent">tcp_src_port</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_tcp_5fwindow">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348" target="_parent">tcp_window</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348" target="_parent">tcp_window</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>
<div class="SRResult" id="SR_time_5fwith_5fsys_5ftime">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../config_8h.html#a2b44ef64cf38e064ef11e11f35271380" target="_parent">TIME_WITH_SYS_TIME</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_timestamp">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_timestamp')">timestamp</a>

30
doc/html/search/classes_68.html Normal file
View File

@ -0,0 +1,30 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_hyperalert">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structhyperalert.html" target="_parent">hyperalert</a>
</div>
</div>
<div class="SRResult" id="SR_hyperalert_5fkey">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structhyperalert__key.html" target="_parent">hyperalert_key</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

24
doc/html/search/defines_64.html
View File

@ -13,39 +13,51 @@
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5falert_5fcorrelation_5finterval">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#af0edda6cc018d9674b6822f6df4abe74" target="_parent">DEFAULT_ALERT_CORRELATION_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5falert_5flog_5ffile">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a" target="_parent">DEFAULT_ALERT_LOG_FILE</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a" target="_parent">DEFAULT_ALERT_LOG_FILE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fcluster_5flog_5ffile">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d" target="_parent">DEFAULT_CLUSTER_LOG_FILE</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d" target="_parent">DEFAULT_CLUSTER_LOG_FILE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fcorr_5frules_5fdir">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8h.html#a89448386cad5d5533992ae7ee84f4f1d" target="_parent">DEFAULT_CORR_RULES_DIR</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fdatabase_5finterval">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310" target="_parent">DEFAULT_DATABASE_INTERVAL</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310" target="_parent">DEFAULT_DATABASE_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fhash_5fcleanup_5finterval">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746" target="_parent">DEFAULT_HASH_CLEANUP_INTERVAL</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746" target="_parent">DEFAULT_HASH_CLEANUP_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_default_5fstream_5fexpire_5finterval">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031" target="_parent">DEFAULT_STREAM_EXPIRE_INTERVAL</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031" target="_parent">DEFAULT_STREAM_EXPIRE_INTERVAL</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>
<div class="SRResult" id="SR_dynamic_5fpreproc_5fsetup">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../sf__preproc__info_8h.html#aba4c0d0af324a3861e662ed4650aae44" target="_parent">DYNAMIC_PREPROC_SETUP</a>
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>

52
doc/html/search/defines_70.html
View File

@ -7,63 +7,15 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_package">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../config_8h.html#aca8570fb706c81df371b7f9bc454ae03" target="_parent">PACKAGE</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5fbugreport">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../config_8h.html#a1d1d2d7f8d2f95b376954d649ab03233" target="_parent">PACKAGE_BUGREPORT</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5fname">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../config_8h.html#a1c0439e4355794c09b64274849eb0279" target="_parent">PACKAGE_NAME</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5fstring">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../config_8h.html#ac73e6f903c16eca7710f92e36e1c6fbf" target="_parent">PACKAGE_STRING</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5ftarname">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../config_8h.html#af415af6bfede0e8d5453708afe68651c" target="_parent">PACKAGE_TARNAME</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5furl">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../config_8h.html#a5c93853116d5a50307b6744f147840aa" target="_parent">PACKAGE_URL</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_package_5fversion">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../config_8h.html#aa326a05d5e30f9e9a4bb0b4469d5d0c0" target="_parent">PACKAGE_VERSION</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_pcap_5ftimeout_5fignored">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../config_8h.html#acd8fb346fb286b091cbcc99e3eb76039" target="_parent">PCAP_TIMEOUT_IGNORED</a>
<span class="SRScope">config.h</span>
</div>
</div>
<div class="SRResult" id="SR_preproc_5fname">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af" target="_parent">PREPROC_NAME</a>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../sf__preproc__info_8h.html#af5d5329206253ca0c1a3b8d4a43195af" target="_parent">PREPROC_NAME</a>
<span class="SRScope">sf_preproc_info.h</span>
</div>
</div>
<div class="SRResult" id="SR_private">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8" target="_parent">PRIVATE</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8" target="_parent">PRIVATE</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>

44
doc/html/search/enumvalues_69.html Normal file
View File

@ -0,0 +1,44 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><title></title>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="search.css"/>
<script type="text/javascript" src="search.js"></script>
</head>
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_inhyperalert">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8" target="_parent">inHyperAlert</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_inposttag">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f" target="_parent">inPostTag</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_inpretag">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f" target="_parent">inPreTag</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_insnortidtag">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d" target="_parent">inSnortIdTag</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--
document.getElementById("Loading").style.display="none";
document.getElementById("NoMatches").style.display="none";
var searchResults = new SearchResults("searchResults");
searchResults.Search();
--></script>
</div>
</body>
</html>

8
doc/html/search/enumvalues_74.html
View File

@ -7,9 +7,15 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_tag_5fnum">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../group__correlation.html#gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67" target="_parent">TAG_NUM</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_true">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b" target="_parent">true</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b" target="_parent">true</a>
<span class="SRScope">spp_ai.h</span>
</div>
</div>

4
doc/html/search/files_63.html
View File

@ -12,9 +12,9 @@
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../cluster_8c.html" target="_parent">cluster.c</a>
</div>
</div>
<div class="SRResult" id="SR_config_2eh">
<div class="SRResult" id="SR_correlation_2ec">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../config_8h.html" target="_parent">config.h</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../correlation_8c.html" target="_parent">correlation.c</a>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

28
doc/html/search/functions_5f.html
View File

@ -25,51 +25,63 @@
<span class="SRScope">alert_parser.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fcopy_5fclustered_5falerts">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__cluster.html#gab4c8ab92691e85a6f0ac4abb122712fd" target="_parent">_AI_copy_clustered_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fequal_5falarms">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__cluster.html#ga0f91c8bfc37a3975f5c26b19fd6c5cba" target="_parent">_AI_equal_alarms</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fget_5fmin_5fhierarchy_5fnode">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__cluster.html#ga6ddddcd505b1f763c339e81fc143e079" target="_parent">_AI_get_min_hierarchy_node</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fhyperalert_5ffrom_5fxml">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__correlation.html#gacb46174cec5a2cce0a9bb1ca2b0f6850" target="_parent">_AI_hyperalert_from_XML</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fmerge_5falerts">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__cluster.html#ga8ce8e5a5d8954672297fa2dedb380dcd" target="_parent">_AI_merge_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fprint_5fclustered_5falerts">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__cluster.html#ga7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__cluster.html#ga7d151880080470b542e99643dc0426a7" target="_parent">_AI_print_clustered_alerts</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fai_5fstream_5ffree">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__stream.html#ga80016adf701c717a6ebfb5b15b8a5749" target="_parent">_AI_stream_free</a>
<span class="SRScope">stream.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fheuristic_5ffunc">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__cluster.html#ga81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__cluster.html#ga81f5fa721719fdb281595a568eef2101" target="_parent">_heuristic_func</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fappend">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../group__cluster.html#ga5601a1f603d9c870ef6e2df192e30c30" target="_parent">_hierarchy_node_append</a>
<span class="SRScope">cluster.c</span>
</div>
</div>
<div class="SRResult" id="SR__5fhierarchy_5fnode_5fnew">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="../group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="../group__cluster.html#ga2f1a22cfea64e4669da0467620c3e3b3" target="_parent">_hierarchy_node_new</a>
<span class="SRScope">cluster.c</span>
</div>
</div>

78
doc/html/search/functions_61.html
View File

@ -7,102 +7,120 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_ai_5falert_5fcorrelation_5fthread">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5falert_5fcorrelation_5fthread')">AI_alert_correlation_thread</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" target="_parent">AI_alert_correlation_thread(void *arg):&nbsp;correlation.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" target="_parent">AI_alert_correlation_thread(void *):&nbsp;correlation.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5ffile_5falertparser_5fthread">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffile_5falertparser_5fthread')">AI_file_alertparser_thread</a>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffile_5falertparser_5fthread')">AI_file_alertparser_thread</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *):&nbsp;alert_parser.c</a>
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *arg):&nbsp;alert_parser.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" target="_parent">AI_file_alertparser_thread(void *):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5ffree_5falerts">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffree_5falerts')">AI_free_alerts</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5ffree_5falerts')">AI_free_alerts</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" target="_parent">AI_free_alerts(AI_snort_alert *node):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5falerts">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5falerts')">AI_get_alerts</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5falerts')">AI_get_alerts</a>
<div class="SRChildren">
<a id="Item2_c0" onkeydown="return searchResults.NavChild(event,2,0)" onkeypress="return searchResults.NavChild(event,2,0)" onkeyup="return searchResults.NavChild(event,2,0)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item2_c1" onkeydown="return searchResults.NavChild(event,2,1)" onkeypress="return searchResults.NavChild(event,2,1)" onkeyup="return searchResults.NavChild(event,2,1)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts():&nbsp;alert_parser.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" target="_parent">AI_get_alerts(void):&nbsp;alert_parser.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5fclustered_5falerts">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fclustered_5falerts')">AI_get_clustered_alerts</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" target="_parent">AI_get_clustered_alerts():&nbsp;cluster.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" target="_parent">AI_get_clustered_alerts(void):&nbsp;cluster.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fget_5fstream_5fby_5fkey">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fstream_5fby_5fkey')">AI_get_stream_by_key</a>
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fget_5fstream_5fby_5fkey')">AI_get_stream_by_key</a>
<div class="SRChildren">
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key):&nbsp;stream.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" target="_parent">AI_get_stream_by_key(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhashcleanup_5fthread">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhashcleanup_5fthread')">AI_hashcleanup_thread</a>
<div class="SRChildren">
<a id="Item4_c0" onkeydown="return searchResults.NavChild(event,4,0)" onkeypress="return searchResults.NavChild(event,4,0)" onkeyup="return searchResults.NavChild(event,4,0)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item4_c1" onkeydown="return searchResults.NavChild(event,4,1)" onkeypress="return searchResults.NavChild(event,4,1)" onkeyup="return searchResults.NavChild(event,4,1)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
<a id="Item6_c0" onkeydown="return searchResults.NavChild(event,6,0)" onkeypress="return searchResults.NavChild(event,6,0)" onkeyup="return searchResults.NavChild(event,6,0)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *):&nbsp;stream.c</a>
<a id="Item6_c1" onkeydown="return searchResults.NavChild(event,6,1)" onkeypress="return searchResults.NavChild(event,6,1)" onkeyup="return searchResults.NavChild(event,6,1)" class="SRScope" href="../group__stream.html#ga24b1131374e5059564b8a12380c4eb75" target="_parent">AI_hashcleanup_thread(void *arg):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fhierarchies_5fbuild">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhierarchies_5fbuild')">AI_hierarchies_build</a>
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fhierarchies_5fbuild')">AI_hierarchies_build</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
<a id="Item7_c0" onkeydown="return searchResults.NavChild(event,7,0)" onkeypress="return searchResults.NavChild(event,7,0)" onkeyup="return searchResults.NavChild(event,7,0)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *conf, hierarchy_node **nodes, int n_nodes):&nbsp;cluster.c</a>
<a id="Item7_c1" onkeydown="return searchResults.NavChild(event,7,1)" onkeypress="return searchResults.NavChild(event,7,1)" onkeyup="return searchResults.NavChild(event,7,1)" class="SRScope" href="../group__cluster.html#ga1445818b37483f78cc3fb2890155842c" target="_parent">AI_hierarchies_build(AI_config *, hierarchy_node **, int):&nbsp;cluster.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5finit">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="../group__spp__ai.html#ga3524cbdf8fddbcf38c4ed55241002242" target="_parent">AI_init</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fparse">
<div class="SREntry">
<a id="Item7" onkeydown="return searchResults.Nav(event,7)" onkeypress="return searchResults.Nav(event,7)" onkeyup="return searchResults.Nav(event,7)" class="SRSymbol" href="../group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__spp__ai.html#gae1c5c4b38ee2819d427848eb3046373e" target="_parent">AI_parse</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fpkt_5fenqueue">
<div class="SREntry">
<a id="Item8" onkeydown="return searchResults.Nav(event,8)" onkeypress="return searchResults.Nav(event,8)" onkeyup="return searchResults.Nav(event,8)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fpkt_5fenqueue')">AI_pkt_enqueue</a>
<div class="SRChildren">
<a id="Item8_c0" onkeydown="return searchResults.NavChild(event,8,0)" onkeypress="return searchResults.NavChild(event,8,0)" onkeyup="return searchResults.NavChild(event,8,0)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item8_c1" onkeydown="return searchResults.NavChild(event,8,1)" onkeypress="return searchResults.NavChild(event,8,1)" onkeyup="return searchResults.NavChild(event,8,1)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
<a id="Item10_c0" onkeydown="return searchResults.NavChild(event,10,0)" onkeypress="return searchResults.NavChild(event,10,0)" onkeyup="return searchResults.NavChild(event,10,0)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *):&nbsp;stream.c</a>
<a id="Item10_c1" onkeydown="return searchResults.NavChild(event,10,1)" onkeypress="return searchResults.NavChild(event,10,1)" onkeyup="return searchResults.NavChild(event,10,1)" class="SRScope" href="../group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" target="_parent">AI_pkt_enqueue(SFSnortPacket *pkt):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fprocess">
<div class="SREntry">
<a id="Item9" onkeydown="return searchResults.Nav(event,9)" onkeypress="return searchResults.Nav(event,9)" onkeyup="return searchResults.Nav(event,9)" class="SRSymbol" href="../group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="../group__spp__ai.html#ga57c05cda012c443cb4c358dc327cd3d1" target="_parent">AI_process</a>
<span class="SRScope">spp_ai.c</span>
</div>
</div>
<div class="SRResult" id="SR_ai_5fset_5fstream_5fobserved">
<div class="SREntry">
<a id="Item10" onkeydown="return searchResults.Nav(event,10)" onkeypress="return searchResults.Nav(event,10)" onkeyup="return searchResults.Nav(event,10)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<a id="Item12" onkeydown="return searchResults.Nav(event,12)" onkeypress="return searchResults.Nav(event,12)" onkeyup="return searchResults.Nav(event,12)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fset_5fstream_5fobserved')">AI_set_stream_observed</a>
<div class="SRChildren">
<a id="Item10_c0" onkeydown="return searchResults.NavChild(event,10,0)" onkeypress="return searchResults.NavChild(event,10,0)" onkeyup="return searchResults.NavChild(event,10,0)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item10_c1" onkeydown="return searchResults.NavChild(event,10,1)" onkeypress="return searchResults.NavChild(event,10,1)" onkeyup="return searchResults.NavChild(event,10,1)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item12_c0" onkeydown="return searchResults.NavChild(event,12,0)" onkeypress="return searchResults.NavChild(event,12,0)" onkeyup="return searchResults.NavChild(event,12,0)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
<a id="Item12_c1" onkeydown="return searchResults.NavChild(event,12,1)" onkeypress="return searchResults.NavChild(event,12,1)" onkeyup="return searchResults.NavChild(event,12,1)" class="SRScope" href="../group__stream.html#ga8749989cee2ac05a7de058faac280c02" target="_parent">AI_set_stream_observed(struct pkt_key key):&nbsp;stream.c</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_ai_5fsetup">
<div class="SREntry">
<a id="Item11" onkeydown="return searchResults.Nav(event,11)" onkeypress="return searchResults.Nav(event,11)" onkeyup="return searchResults.Nav(event,11)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<a id="Item13" onkeydown="return searchResults.Nav(event,13)" onkeypress="return searchResults.Nav(event,13)" onkeyup="return searchResults.Nav(event,13)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_ai_5fsetup')">AI_setup</a>
<div class="SRChildren">
<a id="Item11_c0" onkeydown="return searchResults.NavChild(event,11,0)" onkeypress="return searchResults.NavChild(event,11,0)" onkeyup="return searchResults.NavChild(event,11,0)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item11_c1" onkeydown="return searchResults.NavChild(event,11,1)" onkeypress="return searchResults.NavChild(event,11,1)" onkeyup="return searchResults.NavChild(event,11,1)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
<a id="Item13_c0" onkeydown="return searchResults.NavChild(event,13,0)" onkeypress="return searchResults.NavChild(event,13,0)" onkeyup="return searchResults.NavChild(event,13,0)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup():&nbsp;spp_ai.c</a>
<a id="Item13_c1" onkeydown="return searchResults.NavChild(event,13,1)" onkeypress="return searchResults.NavChild(event,13,1)" onkeyup="return searchResults.NavChild(event,13,1)" class="SRScope" href="../group__spp__ai.html#ga1b9ebb5c719c7d9426ddfc1f3da36570" target="_parent">AI_setup(void):&nbsp;spp_ai.c</a>
</div>
</div>
</div>

8
doc/html/search/search.js
View File

@ -7,15 +7,15 @@
var indexSectionsWithContent =
{
0: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111111111011111101111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
1: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
0: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111111111011111101111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
1: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000010000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
2: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101100000000100001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
3: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
4: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101110111011111101110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
5: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000010000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
6: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
7: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001101000000010000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
8: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100010001100100110100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
7: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001101001000010000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
8: "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100000000100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
};
var indexSectionNames =

20
doc/html/search/variables_63.html
View File

@ -25,9 +25,27 @@
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_conf">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../group__correlation.html#gaad7a982b6016390e7cd1164bd7db8bca" target="_parent">conf</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRResult" id="SR_corr_5frules_5fdir">
<div class="SREntry">
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc" target="_parent">corr_rules_dir</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_correlationgraphinterval">
<div class="SREntry">
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="../structAI__config.html#aa736375e57a59936e2e782b7cd200e41" target="_parent">correlationGraphInterval</a>
<span class="SRScope">AI_config</span>
</div>
</div>
<div class="SRResult" id="SR_count">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../structattribute__value.html#a5579c0304c2e9ab488ac94905b385045" target="_parent">count</a>
<span class="SRScope">attribute_value</span>
</div>
</div>

7
doc/html/search/variables_67.html
View File

@ -15,8 +15,11 @@
</div>
<div class="SRResult" id="SR_gid">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">gid</a>
<span class="SRScope">_AI_snort_alert</span>
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_gid')">gid</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structhyperalert__key.html#aac0e30a21653be11b357e3030aafd7e4" target="_parent">hyperalert_key::gid()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6" target="_parent">_AI_snort_alert::gid()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_grouped_5falarms_5fcount">

9
doc/html/search/variables_68.html
View File

@ -42,10 +42,17 @@
<a id="Item5" onkeydown="return searchResults.Nav(event,5)" onkeypress="return searchResults.Nav(event,5)" onkeyup="return searchResults.Nav(event,5)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_hh')">hh</a>
<div class="SRChildren">
<a id="Item5_c0" onkeydown="return searchResults.NavChild(event,5,0)" onkeypress="return searchResults.NavChild(event,5,0)" onkeyup="return searchResults.NavChild(event,5,0)" class="SRScope" href="../structattribute__value.html#a9abf5d1758ee0cc4803e3b40fc4481cc" target="_parent">attribute_value::hh()</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
<a id="Item5_c1" onkeydown="return searchResults.NavChild(event,5,1)" onkeypress="return searchResults.NavChild(event,5,1)" onkeyup="return searchResults.NavChild(event,5,1)" class="SRScope" href="../structhyperalert.html#aa2993f19f3cc95627cfdaf4f47f78b04" target="_parent">hyperalert::hh()</a>
<a id="Item5_c2" onkeydown="return searchResults.NavChild(event,5,2)" onkeypress="return searchResults.NavChild(event,5,2)" onkeyup="return searchResults.NavChild(event,5,2)" class="SRScope" href="../structpkt__info.html#a264e90d4b5d490de040f38c1072e142f" target="_parent">pkt_info::hh()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_hyperalerts">
<div class="SREntry">
<a id="Item6" onkeydown="return searchResults.Nav(event,6)" onkeypress="return searchResults.Nav(event,6)" onkeyup="return searchResults.Nav(event,6)" class="SRSymbol" href="../group__correlation.html#ga343192ed5e938536f3dc150e51f8acf6" target="_parent">hyperalerts</a>
<span class="SRScope">correlation.c</span>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
<script type="text/javascript"><!--

3
doc/html/search/variables_6b.html
View File

@ -12,7 +12,8 @@
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_key')">key</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structattribute__value.html#aa8b5ae41c150e4fefb800d3b1924278d" target="_parent">attribute_value::key()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">pkt_info::key()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../structhyperalert.html#a592c41f4772230c065ce352ec6c6cf0d" target="_parent">hyperalert::key()</a>
<a id="Item0_c2" onkeydown="return searchResults.NavChild(event,0,2)" onkeypress="return searchResults.NavChild(event,0,2)" onkeyup="return searchResults.NavChild(event,0,2)" class="SRScope" href="../structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339" target="_parent">pkt_info::key()</a>
</div>
</div>
</div>

20
doc/html/search/variables_6e.html
View File

@ -7,18 +7,30 @@
<body class="SRPage">
<div id="SRIndex">
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_n_5fpostconds">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../structhyperalert.html#a16c46535e62397b5ef394b014943f58a" target="_parent">n_postconds</a>
<span class="SRScope">hyperalert</span>
</div>
</div>
<div class="SRResult" id="SR_n_5fpreconds">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="../structhyperalert.html#a84181558bdbb98e49087d4ce7353bf70" target="_parent">n_preconds</a>
<span class="SRScope">hyperalert</span>
</div>
</div>
<div class="SRResult" id="SR_nchildren">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a" target="_parent">nchildren</a>
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a" target="_parent">nchildren</a>
<span class="SRScope">_hierarchy_node</span>
</div>
</div>
<div class="SRResult" id="SR_next">
<div class="SREntry">
<a id="Item1" onkeydown="return searchResults.Nav(event,1)" onkeypress="return searchResults.Nav(event,1)" onkeyup="return searchResults.Nav(event,1)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_next')">next</a>
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_next')">next</a>
<div class="SRChildren">
<a id="Item1_c0" onkeydown="return searchResults.NavChild(event,1,0)" onkeypress="return searchResults.NavChild(event,1,0)" onkeyup="return searchResults.NavChild(event,1,0)" class="SRScope" href="../structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168" target="_parent">pkt_info::next()</a>
<a id="Item1_c1" onkeydown="return searchResults.NavChild(event,1,1)" onkeypress="return searchResults.NavChild(event,1,1)" onkeyup="return searchResults.NavChild(event,1,1)" class="SRScope" href="../struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173" target="_parent">_AI_snort_alert::next()</a>
<a id="Item3_c0" onkeydown="return searchResults.NavChild(event,3,0)" onkeypress="return searchResults.NavChild(event,3,0)" onkeyup="return searchResults.NavChild(event,3,0)" class="SRScope" href="../structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168" target="_parent">pkt_info::next()</a>
<a id="Item3_c1" onkeydown="return searchResults.NavChild(event,3,1)" onkeypress="return searchResults.NavChild(event,3,1)" onkeyup="return searchResults.NavChild(event,3,1)" class="SRScope" href="../struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173" target="_parent">_AI_snort_alert::next()</a>
</div>
</div>
</div>

14
doc/html/search/variables_70.html
View File

@ -19,9 +19,21 @@
<span class="SRScope">pkt_info</span>
</div>
</div>
<div class="SRResult" id="SR_postconds">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../structhyperalert.html#a69e0ed6e53e6fe23d3de2ec1f5d13863" target="_parent">postconds</a>
<span class="SRScope">hyperalert</span>
</div>
</div>
<div class="SRResult" id="SR_preconds">
<div class="SREntry">
<a id="Item3" onkeydown="return searchResults.Nav(event,3)" onkeypress="return searchResults.Nav(event,3)" onkeyup="return searchResults.Nav(event,3)" class="SRSymbol" href="../structhyperalert.html#afa2862b9a574be52e5dc4a4cc0178d66" target="_parent">preconds</a>
<span class="SRScope">hyperalert</span>
</div>
</div>
<div class="SRResult" id="SR_priority">
<div class="SREntry">
<a id="Item2" onkeydown="return searchResults.Nav(event,2)" onkeypress="return searchResults.Nav(event,2)" onkeyup="return searchResults.Nav(event,2)" class="SRSymbol" href="../struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9" target="_parent">priority</a>
<a id="Item4" onkeydown="return searchResults.Nav(event,4)" onkeypress="return searchResults.Nav(event,4)" onkeyup="return searchResults.Nav(event,4)" class="SRSymbol" href="../struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9" target="_parent">priority</a>
<span class="SRScope">_AI_snort_alert</span>
</div>
</div>

7
doc/html/search/variables_72.html
View File

@ -9,8 +9,11 @@
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_rev">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37" target="_parent">rev</a>
<span class="SRScope">_AI_snort_alert</span>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_rev')">rev</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structhyperalert__key.html#a7e4a23f87bb69765c5afdb2e602aff87" target="_parent">hyperalert_key::rev()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37" target="_parent">_AI_snort_alert::rev()</a>
</div>
</div>
</div>
<div class="SRStatus" id="Searching">Searching...</div>

7
doc/html/search/variables_73.html
View File

@ -9,8 +9,11 @@
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRResult" id="SR_sid">
<div class="SREntry">
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">sid</a>
<span class="SRScope">_AI_snort_alert</span>
<a id="Item0" onkeydown="return searchResults.Nav(event,0)" onkeypress="return searchResults.Nav(event,0)" onkeyup="return searchResults.Nav(event,0)" class="SRSymbol" href="javascript:searchResults.Toggle('SR_sid')">sid</a>
<div class="SRChildren">
<a id="Item0_c0" onkeydown="return searchResults.NavChild(event,0,0)" onkeypress="return searchResults.NavChild(event,0,0)" onkeyup="return searchResults.NavChild(event,0,0)" class="SRScope" href="../structhyperalert__key.html#ab3cb68a4bf46fab57f0dd0be007a91bc" target="_parent">hyperalert_key::sid()</a>
<a id="Item0_c1" onkeydown="return searchResults.NavChild(event,0,1)" onkeypress="return searchResults.NavChild(event,0,1)" onkeyup="return searchResults.NavChild(event,0,1)" class="SRScope" href="../struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137" target="_parent">_AI_snort_alert::sid()</a>
</div>
</div>
</div>
<div class="SRResult" id="SR_src_5fip">

2
doc/html/sf__preproc__info_8h.html
View File

@ -149,7 +149,7 @@ Functions</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/sf__preproc__info_8h_source.html
View File

@ -79,7 +79,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/spp__ai_8c.html
View File

@ -89,7 +89,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

40
doc/html/spp__ai_8h.html
View File

@ -77,8 +77,10 @@ Defines</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">DEFAULT_STREAM_EXPIRE_INTERVAL</a>&nbsp;&nbsp;&nbsp;300</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310">DEFAULT_DATABASE_INTERVAL</a>&nbsp;&nbsp;&nbsp;30</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">DEFAULT_ALERT_CLUSTERING_INTERVAL</a>&nbsp;&nbsp;&nbsp;3600</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#af0edda6cc018d9674b6822f6df4abe74">DEFAULT_ALERT_CORRELATION_INTERVAL</a>&nbsp;&nbsp;&nbsp;300</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">DEFAULT_ALERT_LOG_FILE</a>&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/alert&quot;</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">DEFAULT_CLUSTER_LOG_FILE</a>&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/cluster_alert&quot;</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a89448386cad5d5533992ae7ee84f4f1d">DEFAULT_CORR_RULES_DIR</a>&nbsp;&nbsp;&nbsp;&quot;/etc/snort/corr_rules&quot;</td></tr>
<tr><td colspan="2"><h2><a name="typedef-members"></a>
Typedefs</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef unsigned char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a></td></tr>
@ -109,18 +111,22 @@ Functions</h2></td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. <a href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f">AI_file_alertparser_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing Snort's alert file. <a href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be">AI_alert_correlation_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for correlating clustered alerts. <a href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5">AI_pkt_enqueue</a> (SFSnortPacket *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. <a href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02">AI_set_stream_observed</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. <a href="group__stream.html#ga8749989cee2ac05a7de058faac280c02"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **, int)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">AI_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Deallocate the memory of a log alert linked list. <a href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c">AI_get_stream_by_key</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a>)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get a TCP stream by key. <a href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f">AI_get_alerts</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b">AI_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Deallocate the memory of a log alert linked list. <a href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4">AI_get_clustered_alerts</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">DynamicPreprocessorData&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td></tr>
@ -139,6 +145,20 @@ Variables</h2></td></tr>
<div class="memdoc">
<p>Default interval in seconds for the thread clustering alerts </p>
</div>
</div>
<a class="anchor" id="af0edda6cc018d9674b6822f6df4abe74"></a><!-- doxytag: member="spp_ai.h::DEFAULT_ALERT_CORRELATION_INTERVAL" ref="af0edda6cc018d9674b6822f6df4abe74" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_ALERT_CORRELATION_INTERVAL&nbsp;&nbsp;&nbsp;300</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Default interval in seconds for running the graph correlation thread </p>
</div>
</div>
<a class="anchor" id="a6d9bf552c32371e0144dc6a6209c7e4a"></a><!-- doxytag: member="spp_ai.h::DEFAULT_ALERT_LOG_FILE" ref="a6d9bf552c32371e0144dc6a6209c7e4a" args="" -->
@ -167,6 +187,20 @@ Variables</h2></td></tr>
<div class="memdoc">
<p>Default path to Snort's clustered alerts file </p>
</div>
</div>
<a class="anchor" id="a89448386cad5d5533992ae7ee84f4f1d"></a><!-- doxytag: member="spp_ai.h::DEFAULT_CORR_RULES_DIR" ref="a89448386cad5d5533992ae7ee84f4f1d" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_CORR_RULES_DIR&nbsp;&nbsp;&nbsp;&quot;/etc/snort/corr_rules&quot;</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Default path to alert correlation rules directory </p>
</div>
</div>
<a class="anchor" id="a3c4984a0ee515fbc091ac6e33b05e310"></a><!-- doxytag: member="spp_ai.h::DEFAULT_DATABASE_INTERVAL" ref="a3c4984a0ee515fbc091ac6e33b05e310" args="" -->
@ -386,7 +420,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

326
doc/html/spp__ai_8h_source.html
View File

@ -71,167 +71,179 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
<a name="l00020"></a>00020 <span class="preprocessor">#ifndef _SPP_AI_H</span>
<a name="l00021"></a>00021 <span class="preprocessor"></span><span class="preprocessor">#define _SPP_AI_H</span>
<a name="l00022"></a>00022 <span class="preprocessor"></span>
<a name="l00023"></a>00023 <span class="preprocessor">#include &quot;sf_snort_packet.h&quot;</span>
<a name="l00024"></a>00024 <span class="preprocessor">#include &quot;sf_dynamic_preprocessor.h&quot;</span>
<a name="l00025"></a>00025 <span class="preprocessor">#include &quot;uthash.h&quot;</span>
<a name="l00026"></a>00026
<a name="l00027"></a><a class="code" href="spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8">00027</a> <span class="preprocessor">#define PRIVATE static</span>
<a name="l00028"></a>00028 <span class="preprocessor"></span>
<a name="l00030"></a><a class="code" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">00030</a> <span class="preprocessor">#define DEFAULT_HASH_CLEANUP_INTERVAL 300</span>
<a name="l00031"></a>00031 <span class="preprocessor"></span>
<a name="l00033"></a><a class="code" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">00033</a> <span class="preprocessor">#define DEFAULT_STREAM_EXPIRE_INTERVAL 300</span>
<a name="l00034"></a>00034 <span class="preprocessor"></span>
<a name="l00036"></a><a class="code" href="spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310">00036</a> <span class="preprocessor">#define DEFAULT_DATABASE_INTERVAL 30</span>
<a name="l00037"></a>00037 <span class="preprocessor"></span>
<a name="l00039"></a><a class="code" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">00039</a> <span class="preprocessor">#define DEFAULT_ALERT_CLUSTERING_INTERVAL 3600</span>
<a name="l00040"></a>00040 <span class="preprocessor"></span>
<a name="l00042"></a><a class="code" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">00042</a> <span class="preprocessor">#define DEFAULT_ALERT_LOG_FILE &quot;/var/log/snort/alert&quot;</span>
<a name="l00043"></a>00043 <span class="preprocessor"></span>
<a name="l00045"></a><a class="code" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">00045</a> <span class="preprocessor">#define DEFAULT_CLUSTER_LOG_FILE &quot;/var/log/snort/cluster_alert&quot;</span>
<a name="l00046"></a>00046 <span class="preprocessor"></span>
<a name="l00047"></a>00047 <span class="keyword">extern</span> DynamicPreprocessorData <a class="code" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a>;
<a name="l00048"></a><a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">00048</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> uint8_t;
<a name="l00049"></a><a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">00049</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> uint16_t;
<a name="l00050"></a><a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">00050</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> uint32_t;
<a name="l00051"></a>00051
<a name="l00052"></a><a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">00052</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> { <span class="keyword">false</span>, <span class="keyword">true</span> } BOOL;
<a name="l00053"></a>00053
<a name="l00055"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">00055</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> {
<a name="l00056"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">00056</a> none, src_addr, dst_addr, src_port, dst_port, <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">CLUSTER_TYPES</a>
<a name="l00057"></a>00057 } cluster_type;
<a name="l00058"></a>00058
<a name="l00060"></a><a class="code" href="structpkt__key.html">00060</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a>
<a name="l00061"></a>00061 {
<a name="l00062"></a><a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">00062</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">src_ip</a>;
<a name="l00063"></a><a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">00063</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">dst_port</a>;
<a name="l00064"></a>00064 };
<a name="l00065"></a>00065
<a name="l00067"></a><a class="code" href="structpkt__info.html">00067</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>
<a name="l00068"></a>00068 {
<a name="l00070"></a><a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">00070</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a> <a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">key</a>;
<a name="l00071"></a>00071
<a name="l00073"></a><a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">00073</a> time_t <a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">timestamp</a>;
<a name="l00074"></a>00074
<a name="l00076"></a><a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">00076</a> SFSnortPacket* <a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt</a>;
<a name="l00077"></a>00077
<a name="l00079"></a><a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">00079</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">next</a>;
<a name="l00080"></a>00080
<a name="l00082"></a><a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">00082</a> <a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">observed</a>;
<a name="l00083"></a>00083
<a name="l00085"></a><a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">00085</a> UT_hash_handle <a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">hh</a>;
<a name="l00086"></a>00086 };
<a name="l00023"></a>00023 <span class="preprocessor">#ifdef HAVE_CONFIG_H</span>
<a name="l00024"></a>00024 <span class="preprocessor"></span><span class="preprocessor">#include &quot;config.h&quot;</span>
<a name="l00025"></a>00025 <span class="preprocessor">#endif</span>
<a name="l00026"></a>00026 <span class="preprocessor"></span>
<a name="l00027"></a>00027 <span class="preprocessor">#include &quot;sf_snort_packet.h&quot;</span>
<a name="l00028"></a>00028 <span class="preprocessor">#include &quot;sf_dynamic_preprocessor.h&quot;</span>
<a name="l00029"></a>00029 <span class="preprocessor">#include &quot;uthash.h&quot;</span>
<a name="l00030"></a>00030
<a name="l00031"></a><a class="code" href="spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8">00031</a> <span class="preprocessor">#define PRIVATE static</span>
<a name="l00032"></a>00032 <span class="preprocessor"></span>
<a name="l00034"></a><a class="code" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">00034</a> <span class="preprocessor">#define DEFAULT_HASH_CLEANUP_INTERVAL 300</span>
<a name="l00035"></a>00035 <span class="preprocessor"></span>
<a name="l00037"></a><a class="code" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">00037</a> <span class="preprocessor">#define DEFAULT_STREAM_EXPIRE_INTERVAL 300</span>
<a name="l00038"></a>00038 <span class="preprocessor"></span>
<a name="l00040"></a><a class="code" href="spp__ai_8h.html#a3c4984a0ee515fbc091ac6e33b05e310">00040</a> <span class="preprocessor">#define DEFAULT_DATABASE_INTERVAL 30</span>
<a name="l00041"></a>00041 <span class="preprocessor"></span>
<a name="l00043"></a><a class="code" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">00043</a> <span class="preprocessor">#define DEFAULT_ALERT_CLUSTERING_INTERVAL 3600</span>
<a name="l00044"></a>00044 <span class="preprocessor"></span>
<a name="l00046"></a><a class="code" href="spp__ai_8h.html#af0edda6cc018d9674b6822f6df4abe74">00046</a> <span class="preprocessor">#define DEFAULT_ALERT_CORRELATION_INTERVAL 300</span>
<a name="l00047"></a>00047 <span class="preprocessor"></span>
<a name="l00049"></a><a class="code" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">00049</a> <span class="preprocessor">#define DEFAULT_ALERT_LOG_FILE &quot;/var/log/snort/alert&quot;</span>
<a name="l00050"></a>00050 <span class="preprocessor"></span>
<a name="l00052"></a><a class="code" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">00052</a> <span class="preprocessor">#define DEFAULT_CLUSTER_LOG_FILE &quot;/var/log/snort/cluster_alert&quot;</span>
<a name="l00053"></a>00053 <span class="preprocessor"></span>
<a name="l00055"></a><a class="code" href="spp__ai_8h.html#a89448386cad5d5533992ae7ee84f4f1d">00055</a> <span class="preprocessor">#define DEFAULT_CORR_RULES_DIR &quot;/etc/snort/corr_rules&quot;</span>
<a name="l00056"></a>00056 <span class="preprocessor"></span>
<a name="l00057"></a>00057 <span class="keyword">extern</span> DynamicPreprocessorData <a class="code" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a>;
<a name="l00058"></a><a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">00058</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> uint8_t;
<a name="l00059"></a><a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">00059</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> uint16_t;
<a name="l00060"></a><a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">00060</a> <span class="keyword">typedef</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> uint32_t;
<a name="l00061"></a>00061
<a name="l00062"></a><a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">00062</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> { <span class="keyword">false</span>, <span class="keyword">true</span> } BOOL;
<a name="l00063"></a>00063
<a name="l00065"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">00065</a> <span class="keyword">typedef</span> <span class="keyword">enum</span> {
<a name="l00066"></a><a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">00066</a> none, src_addr, dst_addr, src_port, dst_port, <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">CLUSTER_TYPES</a>
<a name="l00067"></a>00067 } cluster_type;
<a name="l00068"></a>00068
<a name="l00070"></a><a class="code" href="structpkt__key.html">00070</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a>
<a name="l00071"></a>00071 {
<a name="l00072"></a><a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">00072</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="structpkt__key.html#a3a091c20dafb8b3f689db00c5b2f8ddb">src_ip</a>;
<a name="l00073"></a><a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">00073</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="structpkt__key.html#af77f5eb1f4cd88b43fe99fd73553351d">dst_port</a>;
<a name="l00074"></a>00074 };
<a name="l00075"></a>00075
<a name="l00077"></a><a class="code" href="structpkt__info.html">00077</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>
<a name="l00078"></a>00078 {
<a name="l00080"></a><a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">00080</a> <span class="keyword">struct </span><a class="code" href="structpkt__key.html">pkt_key</a> <a class="code" href="structpkt__info.html#a231d4734d3c62292b06eb9ea4b49c339">key</a>;
<a name="l00081"></a>00081
<a name="l00083"></a><a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">00083</a> time_t <a class="code" href="structpkt__info.html#a7f5090443f21e6290f0439f1bb872e92">timestamp</a>;
<a name="l00084"></a>00084
<a name="l00086"></a><a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">00086</a> SFSnortPacket* <a class="code" href="structpkt__info.html#a8d5ebd04a32067b05387e5c5056fe168">pkt</a>;
<a name="l00087"></a>00087
<a name="l00088"></a>00088 <span class="comment">/* Data type containing the configuration of the module */</span>
<a name="l00089"></a><a class="code" href="structAI__config.html">00089</a> <span class="keyword">typedef</span> <span class="keyword">struct</span>
<a name="l00090"></a>00090 {
<a name="l00092"></a><a class="code" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">00092</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> hashCleanupInterval;
<a name="l00089"></a><a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">00089</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="structpkt__info.html#a5ee3c51f2ca5768b94819182641ef168">next</a>;
<a name="l00090"></a>00090
<a name="l00092"></a><a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">00092</a> <a class="code" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> <a class="code" href="structpkt__info.html#ac7ff78ea5faf333fc91f92e3085ea7c9">observed</a>;
<a name="l00093"></a>00093
<a name="l00095"></a><a class="code" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">00095</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> streamExpireInterval;
<a name="l00096"></a>00096
<a name="l00098"></a><a class="code" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">00098</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> alertClusteringInterval;
<a name="l00099"></a>00099
<a name="l00101"></a><a class="code" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">00101</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> databaseParsingInterval;
<a name="l00102"></a>00102
<a name="l00104"></a><a class="code" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">00104</a> <span class="keywordtype">char</span> alertfile[1024];
<a name="l00105"></a>00105
<a name="l00107"></a><a class="code" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">00107</a> <span class="keywordtype">char</span> clusterfile[1024];
<a name="l00108"></a>00108
<a name="l00110"></a><a class="code" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">00110</a> <span class="keywordtype">char</span> dbname[256];
<a name="l00111"></a>00111
<a name="l00113"></a><a class="code" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">00113</a> <span class="keywordtype">char</span> dbuser[256];
<a name="l00114"></a>00114
<a name="l00116"></a><a class="code" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">00116</a> <span class="keywordtype">char</span> dbpass[256];
<a name="l00117"></a>00117
<a name="l00119"></a><a class="code" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">00119</a> <span class="keywordtype">char</span> dbhost[256];
<a name="l00120"></a>00120 } <a class="code" href="structAI__config.html">AI_config</a>;
<a name="l00095"></a><a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">00095</a> UT_hash_handle <a class="code" href="structpkt__info.html#a264e90d4b5d490de040f38c1072e142f">hh</a>;
<a name="l00096"></a>00096 };
<a name="l00097"></a>00097
<a name="l00098"></a>00098 <span class="comment">/* Data type containing the configuration of the module */</span>
<a name="l00099"></a><a class="code" href="structAI__config.html">00099</a> <span class="keyword">typedef</span> <span class="keyword">struct</span>
<a name="l00100"></a>00100 {
<a name="l00102"></a><a class="code" href="structAI__config.html#a9f7680615027d4fb74b4aa144a7028a4">00102</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> hashCleanupInterval;
<a name="l00103"></a>00103
<a name="l00105"></a><a class="code" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">00105</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> streamExpireInterval;
<a name="l00106"></a>00106
<a name="l00108"></a><a class="code" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">00108</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> alertClusteringInterval;
<a name="l00109"></a>00109
<a name="l00111"></a><a class="code" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">00111</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> databaseParsingInterval;
<a name="l00112"></a>00112
<a name="l00114"></a><a class="code" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">00114</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">long</span> correlationGraphInterval;
<a name="l00115"></a>00115
<a name="l00117"></a><a class="code" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">00117</a> <span class="keywordtype">char</span> alertfile[1024];
<a name="l00118"></a>00118
<a name="l00120"></a><a class="code" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">00120</a> <span class="keywordtype">char</span> clusterfile[1024];
<a name="l00121"></a>00121
<a name="l00122"></a>00122 <span class="comment">/* Data type for hierarchies used for clustering */</span>
<a name="l00123"></a><a class="code" href="struct__hierarchy__node.html">00123</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a>
<a name="l00124"></a>00124 {
<a name="l00125"></a><a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">00125</a> <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> <a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">type</a>;
<a name="l00126"></a><a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">00126</a> <span class="keywordtype">char</span> <a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">label</a>[256];
<a name="l00127"></a><a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">00127</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">min_val</a>;
<a name="l00128"></a><a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">00128</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">max_val</a>;
<a name="l00129"></a><a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">00129</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">nchildren</a>;
<a name="l00130"></a><a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">00130</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> *<a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">parent</a>;
<a name="l00131"></a><a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">00131</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> **<a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">children</a>;
<a name="l00132"></a>00132 } <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>;
<a name="l00123"></a><a class="code" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">00123</a> <span class="keywordtype">char</span> corr_rules_dir[1024];
<a name="l00124"></a>00124
<a name="l00126"></a><a class="code" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">00126</a> <span class="keywordtype">char</span> dbname[256];
<a name="l00127"></a>00127
<a name="l00129"></a><a class="code" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">00129</a> <span class="keywordtype">char</span> dbuser[256];
<a name="l00130"></a>00130
<a name="l00132"></a><a class="code" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">00132</a> <span class="keywordtype">char</span> dbpass[256];
<a name="l00133"></a>00133
<a name="l00135"></a><a class="code" href="struct__AI__snort__alert.html">00135</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> {
<a name="l00136"></a>00136 <span class="comment">/* Identifiers of the alert */</span>
<a name="l00137"></a><a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">00137</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">gid</a>;
<a name="l00138"></a><a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">00138</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">sid</a>;
<a name="l00139"></a><a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">00139</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">rev</a>;
<a name="l00140"></a>00140
<a name="l00141"></a>00141 <span class="comment">/* Snort priority, description,</span>
<a name="l00142"></a>00142 <span class="comment"> * classification and timestamp</span>
<a name="l00143"></a>00143 <span class="comment"> * of the alert */</span>
<a name="l00144"></a><a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">00144</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> <a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">priority</a>;
<a name="l00145"></a><a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">00145</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">desc</a>;
<a name="l00146"></a><a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">00146</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">classification</a>;
<a name="l00147"></a><a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">00147</a> time_t <a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">timestamp</a>;
<a name="l00148"></a>00148
<a name="l00149"></a>00149 <span class="comment">/* IP header information */</span>
<a name="l00150"></a><a class="code" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">00150</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">ip_tos</a>;
<a name="l00151"></a><a class="code" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">00151</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">ip_len</a>;
<a name="l00152"></a><a class="code" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">00152</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">ip_id</a>;
<a name="l00153"></a><a class="code" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">00153</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">ip_ttl</a>;
<a name="l00154"></a><a class="code" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">00154</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">ip_proto</a>;
<a name="l00155"></a><a class="code" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">00155</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">ip_src_addr</a>;
<a name="l00156"></a><a class="code" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">00156</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">ip_dst_addr</a>;
<a name="l00157"></a>00157
<a name="l00158"></a>00158 <span class="comment">/* TCP header information */</span>
<a name="l00159"></a><a class="code" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">00159</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">tcp_src_port</a>;
<a name="l00160"></a><a class="code" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">00160</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">tcp_dst_port</a>;
<a name="l00161"></a><a class="code" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">00161</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">tcp_seq</a>;
<a name="l00162"></a><a class="code" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">00162</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">tcp_ack</a>;
<a name="l00163"></a><a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">00163</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">tcp_flags</a>;
<a name="l00164"></a><a class="code" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">00164</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">tcp_window</a>;
<a name="l00165"></a><a class="code" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">00165</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">tcp_len</a>;
<a name="l00166"></a>00166
<a name="l00167"></a>00167 <span class="comment">/* Reference to the TCP stream</span>
<a name="l00168"></a>00168 <span class="comment"> * associated to the alert, if any */</span>
<a name="l00169"></a><a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">00169</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a> *<a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">stream</a>;
<a name="l00170"></a>00170
<a name="l00171"></a>00171 <span class="comment">/* Pointer to the next alert in</span>
<a name="l00172"></a>00172 <span class="comment"> * the log, if any*/</span>
<a name="l00173"></a><a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">00173</a> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> *<a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">next</a>;
<a name="l00174"></a>00174
<a name="l00175"></a>00175 <span class="comment">/* Hierarchies for addresses and ports,</span>
<a name="l00176"></a>00176 <span class="comment"> * if the clustering algorithm is used */</span>
<a name="l00177"></a><a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">00177</a> <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a> *<a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">h_node</a>[CLUSTER_TYPES];
<a name="l00178"></a>00178
<a name="l00179"></a>00179 <span class="comment">/* If the clustering algorithm is used,</span>
<a name="l00180"></a>00180 <span class="comment"> * we also count how many alerts this</span>
<a name="l00181"></a>00181 <span class="comment"> * single alert groups */</span>
<a name="l00182"></a><a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">00182</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">grouped_alarms_count</a>;
<a name="l00183"></a>00183 } <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>;
<a name="l00184"></a>00184
<a name="l00185"></a>00185 <span class="keywordtype">int</span> <a class="code" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" title="Check if a string matches a regular expression.">preg_match</a> ( <span class="keyword">const</span> <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>***, <span class="keywordtype">int</span>* );
<a name="l00135"></a><a class="code" href="structAI__config.html#a8e56f1a1b2095d3d329c8068ea0f3aab">00135</a> <span class="keywordtype">char</span> dbhost[256];
<a name="l00136"></a>00136 } <a class="code" href="structAI__config.html">AI_config</a>;
<a name="l00137"></a>00137
<a name="l00138"></a>00138 <span class="comment">/* Data type for hierarchies used for clustering */</span>
<a name="l00139"></a><a class="code" href="struct__hierarchy__node.html">00139</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a>
<a name="l00140"></a>00140 {
<a name="l00141"></a><a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">00141</a> <a class="code" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> <a class="code" href="struct__hierarchy__node.html#a3b18e3ddfa2212c5e4ff9c0b4bde4296">type</a>;
<a name="l00142"></a><a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">00142</a> <span class="keywordtype">char</span> <a class="code" href="struct__hierarchy__node.html#ae498f6fd14ca058a3ae0a95d5425451a">label</a>[256];
<a name="l00143"></a><a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">00143</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a13ceebd7b435b9ef347fb90d9e6bbfe4">min_val</a>;
<a name="l00144"></a><a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">00144</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a79ea88029938dc30ab8f159405d12c87">max_val</a>;
<a name="l00145"></a><a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">00145</a> <span class="keywordtype">int</span> <a class="code" href="struct__hierarchy__node.html#a849256ce1039e2cefaaf64d91171be0a">nchildren</a>;
<a name="l00146"></a><a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">00146</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> *<a class="code" href="struct__hierarchy__node.html#a5c94c89d7e2aea393f1c550afb766bbe">parent</a>;
<a name="l00147"></a><a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">00147</a> <span class="keyword">struct </span><a class="code" href="struct__hierarchy__node.html">_hierarchy_node</a> **<a class="code" href="struct__hierarchy__node.html#afc23d4fe6426873164cdaab2f3d4f0cd">children</a>;
<a name="l00148"></a>00148 } <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>;
<a name="l00149"></a>00149
<a name="l00151"></a><a class="code" href="struct__AI__snort__alert.html">00151</a> <span class="keyword">typedef</span> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> {
<a name="l00152"></a>00152 <span class="comment">/* Identifiers of the alert */</span>
<a name="l00153"></a><a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">00153</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#af8408be5da59cda853442dd13465c0f6">gid</a>;
<a name="l00154"></a><a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">00154</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a3349aa68d2234f8ffd897367c3a8a137">sid</a>;
<a name="l00155"></a><a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">00155</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a864d3baa48586d6a31639f4cd27d9d37">rev</a>;
<a name="l00156"></a>00156
<a name="l00157"></a>00157 <span class="comment">/* Snort priority, description,</span>
<a name="l00158"></a>00158 <span class="comment"> * classification and timestamp</span>
<a name="l00159"></a>00159 <span class="comment"> * of the alert */</span>
<a name="l00160"></a><a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">00160</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">short</span> <a class="code" href="struct__AI__snort__alert.html#a25661fa4e212c5e30af5e6a892985ec9">priority</a>;
<a name="l00161"></a><a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">00161</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#ac0902d7c756ec675fb06347ce4706135">desc</a>;
<a name="l00162"></a><a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">00162</a> <span class="keywordtype">char</span> *<a class="code" href="struct__AI__snort__alert.html#aa89585e14acb2c4e684a1552d322632f">classification</a>;
<a name="l00163"></a><a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">00163</a> time_t <a class="code" href="struct__AI__snort__alert.html#a10a67f60ca3da339a2104849a0b2ac19">timestamp</a>;
<a name="l00164"></a>00164
<a name="l00165"></a>00165 <span class="comment">/* IP header information */</span>
<a name="l00166"></a><a class="code" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">00166</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a3f3c47f9baf3229d067504a85873b416">ip_tos</a>;
<a name="l00167"></a><a class="code" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">00167</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#ad3ffe99036513d5f33b94d22fb84f8f1">ip_len</a>;
<a name="l00168"></a><a class="code" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">00168</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a2fc673dec85a7b49dd16ac7c0bb1bb78">ip_id</a>;
<a name="l00169"></a><a class="code" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">00169</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a3c9bbe84ec696cd58668a45799a66600">ip_ttl</a>;
<a name="l00170"></a><a class="code" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">00170</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#a5ea7b250ac1c472f3ab57565b6df2536">ip_proto</a>;
<a name="l00171"></a><a class="code" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">00171</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a194117c57a52933d16a97838562bb611">ip_src_addr</a>;
<a name="l00172"></a><a class="code" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">00172</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a754ca683593c838e4032fa8c13b1512b">ip_dst_addr</a>;
<a name="l00173"></a>00173
<a name="l00174"></a>00174 <span class="comment">/* TCP header information */</span>
<a name="l00175"></a><a class="code" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">00175</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a4d4cbdbd9675f4c43545547f55174cb7">tcp_src_port</a>;
<a name="l00176"></a><a class="code" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">00176</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#aaca31cb67d48ffc3bfd1227686d5f5a4">tcp_dst_port</a>;
<a name="l00177"></a><a class="code" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">00177</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#ad6edf59fccea55bf5f940bf36117020b">tcp_seq</a>;
<a name="l00178"></a><a class="code" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">00178</a> <a class="code" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a> <a class="code" href="struct__AI__snort__alert.html#a8aac577224a4325ec50511c6d79b4b79">tcp_ack</a>;
<a name="l00179"></a><a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">00179</a> <a class="code" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a> <a class="code" href="struct__AI__snort__alert.html#aa643f11db93b70242b57f0a04775e507">tcp_flags</a>;
<a name="l00180"></a><a class="code" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">00180</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#a1687fccc26bb211591db8b36ffec5348">tcp_window</a>;
<a name="l00181"></a><a class="code" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">00181</a> <a class="code" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a> <a class="code" href="struct__AI__snort__alert.html#ab7e0507050b8e475fea7a4b26c768857">tcp_len</a>;
<a name="l00182"></a>00182
<a name="l00183"></a>00183 <span class="comment">/* Reference to the TCP stream</span>
<a name="l00184"></a>00184 <span class="comment"> * associated to the alert, if any */</span>
<a name="l00185"></a><a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">00185</a> <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a> *<a class="code" href="struct__AI__snort__alert.html#a09dfe0a841fd3912ec78060d4547cb31">stream</a>;
<a name="l00186"></a>00186
<a name="l00187"></a>00187 <span class="keywordtype">void</span>* <a class="code" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75" title="Thread called for cleaning up the hash table from the traffic streams older than a certain threshold...">AI_hashcleanup_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00188"></a>00188 <span class="keywordtype">void</span>* <a class="code" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" title="Thread for parsing Snort&amp;#39;s alert file.">AI_file_alertparser_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00189"></a>00189
<a name="l00190"></a>00190 <span class="preprocessor">#ifdef ENABLE_DB</span>
<a name="l00191"></a>00191 <span class="preprocessor"></span><span class="keywordtype">void</span>* AI_db_alertparser_thread ( <span class="keywordtype">void</span>* );
<a name="l00192"></a>00192 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_db_get_alerts ( <span class="keywordtype">void</span> );
<a name="l00193"></a>00193 <span class="keywordtype">void</span> AI_db_free_alerts ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00194"></a>00194 <span class="preprocessor">#endif</span>
<a name="l00195"></a>00195 <span class="preprocessor"></span>
<a name="l00196"></a>00196 <span class="keywordtype">void</span> <a class="code" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" title="Function called for appending a new packet to the hash table, creating a new stream or appending it t...">AI_pkt_enqueue</a> ( SFSnortPacket* );
<a name="l00197"></a>00197 <span class="keywordtype">void</span> <a class="code" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02" title="Set the flag &amp;quot;observed&amp;quot; on a stream associated to a security alert, so that it won&amp;#39;t be...">AI_set_stream_observed</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> key );
<a name="l00198"></a>00198 <span class="keywordtype">void</span> <a class="code" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c" title="Build the clustering hierarchy trees.">AI_hierarchies_build</a> ( <a class="code" href="structAI__config.html">AI_config</a>*, <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>**, <span class="keywordtype">int</span> );
<a name="l00199"></a>00199
<a name="l00200"></a>00200 <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" title="Get a TCP stream by key.">AI_get_stream_by_key</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> );
<a name="l00201"></a>00201
<a name="l00202"></a>00202 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="code" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" title="Return the alerts parsed so far as a linked list.">AI_get_alerts</a> ( <span class="keywordtype">void</span> );
<a name="l00203"></a>00203
<a name="l00204"></a>00204 <span class="keywordtype">void</span> <a class="code" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" title="Deallocate the memory of a log alert linked list.">AI_free_alerts</a> ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00205"></a>00205
<a name="l00207"></a><a class="code" href="spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7">00207</a> <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* (*get_alerts)(void);
<a name="l00208"></a>00208
<a name="l00209"></a>00209 <span class="preprocessor">#endif </span><span class="comment">/* _SPP_AI_H */</span>
<a name="l00210"></a>00210
<a name="l00187"></a>00187 <span class="comment">/* Pointer to the next alert in</span>
<a name="l00188"></a>00188 <span class="comment"> * the log, if any*/</span>
<a name="l00189"></a><a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">00189</a> <span class="keyword">struct </span><a class="code" href="struct__AI__snort__alert.html">_AI_snort_alert</a> *<a class="code" href="struct__AI__snort__alert.html#aa8336d4b3359015ed8ea312ca1fd1173">next</a>;
<a name="l00190"></a>00190
<a name="l00191"></a>00191 <span class="comment">/* Hierarchies for addresses and ports,</span>
<a name="l00192"></a>00192 <span class="comment"> * if the clustering algorithm is used */</span>
<a name="l00193"></a><a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">00193</a> <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a> *<a class="code" href="struct__AI__snort__alert.html#ac53765584296ead1328eabfaba8a3aed">h_node</a>[CLUSTER_TYPES];
<a name="l00194"></a>00194
<a name="l00195"></a>00195 <span class="comment">/* If the clustering algorithm is used,</span>
<a name="l00196"></a>00196 <span class="comment"> * we also count how many alerts this</span>
<a name="l00197"></a>00197 <span class="comment"> * single alert groups */</span>
<a name="l00198"></a><a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">00198</a> <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct__AI__snort__alert.html#a285aff12d6bac03c316ccc5305d28e53">grouped_alarms_count</a>;
<a name="l00199"></a>00199 } <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>;
<a name="l00200"></a>00200
<a name="l00201"></a>00201 <span class="keywordtype">int</span> <a class="code" href="group__regex.html#ga35f57c052a7de1ded54b67a1f7819791" title="Check if a string matches a regular expression.">preg_match</a> ( <span class="keyword">const</span> <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>*, <span class="keywordtype">char</span>***, <span class="keywordtype">int</span>* );
<a name="l00202"></a>00202
<a name="l00203"></a>00203 <span class="keywordtype">void</span>* <a class="code" href="group__stream.html#ga24b1131374e5059564b8a12380c4eb75" title="Thread called for cleaning up the hash table from the traffic streams older than a certain threshold...">AI_hashcleanup_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00204"></a>00204 <span class="keywordtype">void</span>* <a class="code" href="group__alert__parser.html#ga5aab8d9bdf0e92a51731442fd787f61f" title="Thread for parsing Snort&amp;#39;s alert file.">AI_file_alertparser_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00205"></a>00205 <span class="keywordtype">void</span>* <a class="code" href="group__correlation.html#ga939353a4e15de7a8f4145ab986f584be" title="Thread for correlating clustered alerts.">AI_alert_correlation_thread</a> ( <span class="keywordtype">void</span>* );
<a name="l00206"></a>00206
<a name="l00207"></a>00207 <span class="preprocessor">#ifdef ENABLE_DB</span>
<a name="l00208"></a>00208 <span class="preprocessor"></span><a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_db_get_alerts ( <span class="keywordtype">void</span> );
<a name="l00209"></a>00209 <span class="keywordtype">void</span> AI_db_free_alerts ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00210"></a>00210 <span class="keywordtype">void</span>* AI_db_alertparser_thread ( <span class="keywordtype">void</span>* );
<a name="l00211"></a>00211 <span class="preprocessor">#endif</span>
<a name="l00212"></a>00212 <span class="preprocessor"></span>
<a name="l00213"></a>00213 <span class="keywordtype">void</span> <a class="code" href="group__stream.html#ga7d71c5645b9baff7b6c4b9a181bf80c5" title="Function called for appending a new packet to the hash table, creating a new stream or appending it t...">AI_pkt_enqueue</a> ( SFSnortPacket* );
<a name="l00214"></a>00214 <span class="keywordtype">void</span> <a class="code" href="group__stream.html#ga8749989cee2ac05a7de058faac280c02" title="Set the flag &amp;quot;observed&amp;quot; on a stream associated to a security alert, so that it won&amp;#39;t be...">AI_set_stream_observed</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> key );
<a name="l00215"></a>00215 <span class="keywordtype">void</span> <a class="code" href="group__cluster.html#ga1445818b37483f78cc3fb2890155842c" title="Build the clustering hierarchy trees.">AI_hierarchies_build</a> ( <a class="code" href="structAI__config.html">AI_config</a>*, <a class="code" href="struct__hierarchy__node.html">hierarchy_node</a>**, <span class="keywordtype">int</span> );
<a name="l00216"></a>00216 <span class="keywordtype">void</span> <a class="code" href="group__alert__parser.html#ga270e86669a0aa64a8da37bc16cda645b" title="Deallocate the memory of a log alert linked list.">AI_free_alerts</a> ( <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node );
<a name="l00217"></a>00217
<a name="l00218"></a>00218 <span class="keyword">struct </span><a class="code" href="structpkt__info.html">pkt_info</a>* <a class="code" href="group__stream.html#ga2efedcabbfd12c5345f0c93a3dd4735c" title="Get a TCP stream by key.">AI_get_stream_by_key</a> ( <span class="keyword">struct</span> <a class="code" href="structpkt__key.html">pkt_key</a> );
<a name="l00219"></a>00219 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="code" href="group__alert__parser.html#ga99474495643197b3075ac22ec6f6c70f" title="Return the alerts parsed so far as a linked list.">AI_get_alerts</a> ( <span class="keywordtype">void</span> );
<a name="l00220"></a>00220 <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* <a class="code" href="group__cluster.html#ga2553c678eeb83282c230d649a0e8fcd4" title="Return the alerts parsed so far as a linked list.">AI_get_clustered_alerts</a> ( <span class="keywordtype">void</span> );
<a name="l00221"></a>00221
<a name="l00223"></a><a class="code" href="spp__ai_8h.html#ab184b676360ce03035801284a2bd1ea7">00223</a> <a class="code" href="struct__AI__snort__alert.html">AI_snort_alert</a>* (*get_alerts)(void);
<a name="l00224"></a>00224
<a name="l00225"></a>00225 <span class="preprocessor">#endif </span><span class="comment">/* _SPP_AI_H */</span>
<a name="l00226"></a>00226
</pre></div></div>
</div>
<!--- window showing the filter options -->
@ -248,7 +260,7 @@ var searchBox = new SearchBox("searchBox", "search",false,'Search');
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/stream_8c.html
View File

@ -134,7 +134,7 @@ Variables</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

32
doc/html/structAI__config.html
View File

@ -62,8 +62,10 @@ Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#abbe77d5f94b8c5164bea47acba09c98b">streamExpireInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a7d0d098b8263aa3d8415b11d1ec7f93d">alertClusteringInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ae6ca715cab1d90b70c3aad443133c263">databaseParsingInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned long&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">correlationGraphInterval</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a2efa9590d7eea6dce8b5dd9aa76ed8ca">alertfile</a> [1024]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#a6da02a3f7116fd3810a41b738e8883a3">clusterfile</a> [1024]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">corr_rules_dir</a> [1024]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#ac8a93607f12106e2f5c9b43af27107da">dbname</a> [256]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#aa004adebfdafb6d14092aecd7f4912b0">dbuser</a> [256]</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html#aa1cda349763faf60b2ebdbf2d187ae7d">dbpass</a> [256]</td></tr>
@ -110,6 +112,34 @@ Data Fields</h2></td></tr>
<div class="memdoc">
<p>Clustered alerts file </p>
</div>
</div>
<a class="anchor" id="ab7ea93bbe72b85c4019b4f5656ad62fc"></a><!-- doxytag: member="AI_config::corr_rules_dir" ref="ab7ea93bbe72b85c4019b4f5656ad62fc" args="[1024]" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char <a class="el" href="structAI__config.html#ab7ea93bbe72b85c4019b4f5656ad62fc">AI_config::corr_rules_dir</a>[1024]</td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Correlation rules path </p>
</div>
</div>
<a class="anchor" id="aa736375e57a59936e2e782b7cd200e41"></a><!-- doxytag: member="AI_config::correlationGraphInterval" ref="aa736375e57a59936e2e782b7cd200e41" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned long <a class="el" href="structAI__config.html#aa736375e57a59936e2e782b7cd200e41">AI_config::correlationGraphInterval</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Interval in seconds for running the thread for building alert correlation graphs </p>
</div>
</div>
<a class="anchor" id="ae6ca715cab1d90b70c3aad443133c263"></a><!-- doxytag: member="AI_config::databaseParsingInterval" ref="ae6ca715cab1d90b70c3aad443133c263" args="" -->
@ -228,7 +258,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/struct__AI__snort__alert.html
View File

@ -430,7 +430,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/struct__hierarchy__node.html
View File

@ -176,7 +176,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/structattribute__key.html
View File

@ -109,7 +109,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/structattribute__value.html
View File

@ -137,7 +137,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

178
doc/html/structhyperalert.html Normal file
View File

@ -0,0 +1,178 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: hyperalert Struct Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li class="current"><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="classes.html"><span>Data&nbsp;Structure&nbsp;Index</span></a></li>
<li><a href="functions.html"><span>Data&nbsp;Fields</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>hyperalert Struct Reference<br/>
<small>
[<a class="el" href="group__correlation.html">Module for the correlation of hyperalerts</a>]</small>
</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="hyperalert" --><table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="structhyperalert__key.html">hyperalert_key</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert.html#a592c41f4772230c065ce352ec6c6cf0d">key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char **&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert.html#afa2862b9a574be52e5dc4a4cc0178d66">preconds</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert.html#a84181558bdbb98e49087d4ce7353bf70">n_preconds</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">char **&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert.html#a69e0ed6e53e6fe23d3de2ec1f5d13863">postconds</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert.html#a16c46535e62397b5ef394b014943f58a">n_postconds</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">UT_hash_handle&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert.html#aa2993f19f3cc95627cfdaf4f47f78b04">hh</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Hyperalert hash table </p>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="aa2993f19f3cc95627cfdaf4f47f78b04"></a><!-- doxytag: member="hyperalert::hh" ref="aa2993f19f3cc95627cfdaf4f47f78b04" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">UT_hash_handle <a class="el" href="structhyperalert.html#aa2993f19f3cc95627cfdaf4f47f78b04">hyperalert::hh</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Make the struct 'hashable' </p>
</div>
</div>
<a class="anchor" id="a592c41f4772230c065ce352ec6c6cf0d"></a><!-- doxytag: member="hyperalert::key" ref="a592c41f4772230c065ce352ec6c6cf0d" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="structhyperalert__key.html">hyperalert_key</a> <a class="el" href="structhyperalert.html#a592c41f4772230c065ce352ec6c6cf0d">hyperalert::key</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Hyperalert key </p>
</div>
</div>
<a class="anchor" id="a16c46535e62397b5ef394b014943f58a"></a><!-- doxytag: member="hyperalert::n_postconds" ref="a16c46535e62397b5ef394b014943f58a" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="structhyperalert.html#a16c46535e62397b5ef394b014943f58a">hyperalert::n_postconds</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Number of post-conditions </p>
</div>
</div>
<a class="anchor" id="a84181558bdbb98e49087d4ce7353bf70"></a><!-- doxytag: member="hyperalert::n_preconds" ref="a84181558bdbb98e49087d4ce7353bf70" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="structhyperalert.html#a84181558bdbb98e49087d4ce7353bf70">hyperalert::n_preconds</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Number of pre-conditions </p>
</div>
</div>
<a class="anchor" id="a69e0ed6e53e6fe23d3de2ec1f5d13863"></a><!-- doxytag: member="hyperalert::postconds" ref="a69e0ed6e53e6fe23d3de2ec1f5d13863" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char** <a class="el" href="structhyperalert.html#a69e0ed6e53e6fe23d3de2ec1f5d13863">hyperalert::postconds</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Post-conditions, as array of strings </p>
</div>
</div>
<a class="anchor" id="afa2862b9a574be52e5dc4a4cc0178d66"></a><!-- doxytag: member="hyperalert::preconds" ref="afa2862b9a574be52e5dc4a4cc0178d66" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">char** <a class="el" href="structhyperalert.html#afa2862b9a574be52e5dc4a4cc0178d66">hyperalert::preconds</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Pre-conditions, as array of strings </p>
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="correlation_8c.html">correlation.c</a></li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

130
doc/html/structhyperalert__key.html Normal file
View File

@ -0,0 +1,130 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: hyperalert_key Struct Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li class="current"><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="classes.html"><span>Data&nbsp;Structure&nbsp;Index</span></a></li>
<li><a href="functions.html"><span>Data&nbsp;Fields</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#pub-attribs">Data Fields</a> </div>
<div class="headertitle">
<h1>hyperalert_key Struct Reference<br/>
<small>
[<a class="el" href="group__correlation.html">Module for the correlation of hyperalerts</a>]</small>
</h1> </div>
</div>
<div class="contents">
<!-- doxytag: class="hyperalert_key" --><table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-attribs"></a>
Data Fields</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert__key.html#aac0e30a21653be11b357e3030aafd7e4">gid</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert__key.html#ab3cb68a4bf46fab57f0dd0be007a91bc">sid</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structhyperalert__key.html#a7e4a23f87bb69765c5afdb2e602aff87">rev</a></td></tr>
</table>
<hr/><a name="_details"></a><h2>Detailed Description</h2>
<p>Key for the hyperalert hash table </p>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="aac0e30a21653be11b357e3030aafd7e4"></a><!-- doxytag: member="hyperalert_key::gid" ref="aac0e30a21653be11b357e3030aafd7e4" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="structhyperalert__key.html#aac0e30a21653be11b357e3030aafd7e4">hyperalert_key::gid</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a7e4a23f87bb69765c5afdb2e602aff87"></a><!-- doxytag: member="hyperalert_key::rev" ref="a7e4a23f87bb69765c5afdb2e602aff87" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="structhyperalert__key.html#a7e4a23f87bb69765c5afdb2e602aff87">hyperalert_key::rev</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="ab3cb68a4bf46fab57f0dd0be007a91bc"></a><!-- doxytag: member="hyperalert_key::sid" ref="ab3cb68a4bf46fab57f0dd0be007a91bc" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">unsigned int <a class="el" href="structhyperalert__key.html#ab3cb68a4bf46fab57f0dd0be007a91bc">hyperalert_key::sid</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/>The documentation for this struct was generated from the following file:<ul>
<li><a class="el" href="correlation_8c.html">correlation.c</a></li>
</ul>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>

2
doc/html/structpkt__info.html
View File

@ -170,7 +170,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/html/structpkt__key.html
View File

@ -108,7 +108,7 @@ Data Fields</h2></td></tr>
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by&nbsp;
<hr class="footer"/><address class="footer"><small>Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>

2
doc/latex/annotated.tex
View File

@ -5,6 +5,8 @@ Here are the data structures with brief descriptions:\begin{DoxyCompactList}
\item\contentsline{section}{\hyperlink{structAI__config}{AI\_\-config} }{\pageref{structAI__config}}{}
\item\contentsline{section}{\hyperlink{structattribute__key}{attribute\_\-key} }{\pageref{structattribute__key}}{}
\item\contentsline{section}{\hyperlink{structattribute__value}{attribute\_\-value} }{\pageref{structattribute__value}}{}
\item\contentsline{section}{\hyperlink{structhyperalert}{hyperalert} }{\pageref{structhyperalert}}{}
\item\contentsline{section}{\hyperlink{structhyperalert__key}{hyperalert\_\-key} }{\pageref{structhyperalert__key}}{}
\item\contentsline{section}{\hyperlink{structpkt__info}{pkt\_\-info} }{\pageref{structpkt__info}}{}
\item\contentsline{section}{\hyperlink{structpkt__key}{pkt\_\-key} }{\pageref{structpkt__key}}{}
\end{DoxyCompactList}

8
doc/latex/cluster_8c.tex
View File

@ -35,8 +35,12 @@ PRIVATE void $\ast$ \hyperlink{group__cluster_ga8a5eae61dc9fd0f13e0acdfa5f4478e2
\begin{DoxyCompactList}\small\item\em Thread for periodically clustering the log information. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_ga29c35cd6c56f54e27b5b190c6d6c487a}{\_\-AI\_\-check\_\-duplicate} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$node, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
\begin{DoxyCompactList}\small\item\em Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. \item\end{DoxyCompactList}\item
void \hyperlink{group__cluster_ga1445818b37483f78cc3fb2890155842c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$conf, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$nodes, int n\_\-nodes)
\begin{DoxyCompactList}\small\item\em Build the clustering hierarchy trees. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
void \hyperlink{group__cluster_ga1445818b37483f78cc3fb2890155842c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$\hyperlink{group__correlation_gaad7a982b6016390e7cd1164bd7db8bca}{conf}, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$nodes, int n\_\-nodes)
\begin{DoxyCompactList}\small\item\em Build the clustering hierarchy trees. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_gab4c8ab92691e85a6f0ac4abb122712fd}{\_\-AI\_\-copy\_\-clustered\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Return a copy of the clustered alerts. \item\end{DoxyCompactList}\item
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_ga2553c678eeb83282c230d649a0e8fcd4}{AI\_\-get\_\-clustered\_\-alerts} ()
\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item

42
doc/latex/correlation_8c.tex Normal file
View File

@ -0,0 +1,42 @@
\hypertarget{correlation_8c}{
\section{correlation.c File Reference}
\label{correlation_8c}\index{correlation.c@{correlation.c}}
}
{\ttfamily \#include \char`\"{}spp\_\-ai.h\char`\"{}}\par
{\ttfamily \#include $<$unistd.h$>$}\par
{\ttfamily \#include $<$sys/stat.h$>$}\par
{\ttfamily \#include $<$pthread.h$>$}\par
{\ttfamily \#include $<$libxml/xmlreader.h$>$}\par
\subsection*{Data Structures}
\begin{DoxyCompactItemize}
\item
struct \hyperlink{structhyperalert__key}{hyperalert\_\-key}
\item
struct \hyperlink{structhyperalert}{hyperalert}
\end{DoxyCompactItemize}
\subsection*{Enumerations}
\begin{DoxyCompactItemize}
\item
enum \{ \par
\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba0b3b5f651ab0c6355666ff7b1c778af8}{inHyperAlert},
\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba52d913c46f650f89a5da3ff4bfb7a45d}{inSnortIdTag},
\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba828f2ec4acb20bae9b9c9fb0c5e0881f}{inPreTag},
\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55baf6430d8e5b9791cca74ec3b325a8339f}{inPostTag},
\par
\hyperlink{group__correlation_gga06fc87d81c62e9abb8790b6e5713c55ba551d1861515058fbfe34955d4170ae67}{TAG\_\-NUM}
\}
\end{DoxyCompactItemize}
\subsection*{Functions}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{structhyperalert}{hyperalert} $\ast$ \hyperlink{group__correlation_gacb46174cec5a2cce0a9bb1ca2b0f6850}{\_\-AI\_\-hyperalert\_\-from\_\-XML} (\hyperlink{structhyperalert__key}{hyperalert\_\-key} key)
\begin{DoxyCompactList}\small\item\em Parse info about a hyperalert from a correlation XML file, if it exists. \item\end{DoxyCompactList}\item
void $\ast$ \hyperlink{group__correlation_ga939353a4e15de7a8f4145ab986f584be}{AI\_\-alert\_\-correlation\_\-thread} (void $\ast$arg)
\begin{DoxyCompactList}\small\item\em Thread for correlating clustered alerts. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
PRIVATE \hyperlink{structhyperalert}{hyperalert} $\ast$ \hyperlink{group__correlation_ga343192ed5e938536f3dc150e51f8acf6}{hyperalerts} = NULL
\item
PRIVATE \hyperlink{structAI__config}{AI\_\-config} $\ast$ \hyperlink{group__correlation_gaad7a982b6016390e7cd1164bd7db8bca}{conf} = NULL
\end{DoxyCompactItemize}

1
doc/latex/db_8c.tex
View File

@ -2,3 +2,4 @@
\section{db.c File Reference}
\label{db_8c}\index{db.c@{db.c}}
}
{\ttfamily \#include \char`\"{}spp\_\-ai.h\char`\"{}}\par

4
doc/latex/doxygen.sty
View File

@ -27,9 +27,9 @@
\fancyplain{}{\bfseries\thepage}%
}
\rfoot[\fancyplain{}{\bfseries\scriptsize%
Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by Doxygen }]{}
Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by Doxygen }]{}
\lfoot[]{\fancyplain{}{\bfseries\scriptsize%
Generated on Sun Sep 5 2010 23:53:47 for Snort AI preprocessor module by Doxygen }}
Generated on Fri Sep 10 2010 02:56:16 for Snort AI preprocessor module by Doxygen }}
\cfoot{}
%---------- Internal commands used in this style file ----------------

2
doc/latex/files.tex
View File

@ -2,7 +2,7 @@
Here is a list of all files with brief descriptions:\begin{DoxyCompactList}
\item\contentsline{section}{\hyperlink{alert__parser_8c}{alert\_\-parser.c} }{\pageref{alert__parser_8c}}{}
\item\contentsline{section}{\hyperlink{cluster_8c}{cluster.c} }{\pageref{cluster_8c}}{}
\item\contentsline{section}{\hyperlink{config_8h}{config.h} }{\pageref{config_8h}}{}
\item\contentsline{section}{\hyperlink{correlation_8c}{correlation.c} }{\pageref{correlation_8c}}{}
\item\contentsline{section}{\hyperlink{db_8c}{db.c} }{\pageref{db_8c}}{}
\item\contentsline{section}{\hyperlink{db_8h}{db.h} }{\pageref{db_8h}}{}
\item\contentsline{section}{\hyperlink{mysql_8c}{mysql.c} }{\pageref{mysql_8c}}{}

40
doc/latex/group__cluster.tex
View File

@ -30,8 +30,12 @@ PRIVATE void $\ast$ \hyperlink{group__cluster_ga8a5eae61dc9fd0f13e0acdfa5f4478e2
\begin{DoxyCompactList}\small\item\em Thread for periodically clustering the log information. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{spp__ai_8h_a3e5b8192e7d9ffaf3542f1210aec18dd}{BOOL} \hyperlink{group__cluster_ga29c35cd6c56f54e27b5b190c6d6c487a}{\_\-AI\_\-check\_\-duplicate} (\hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$node, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$root)
\begin{DoxyCompactList}\small\item\em Check if a certain node's range (minimum and maximum value) are already present in a clustering hierarchy. \item\end{DoxyCompactList}\item
void \hyperlink{group__cluster_ga1445818b37483f78cc3fb2890155842c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$conf, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$nodes, int n\_\-nodes)
\begin{DoxyCompactList}\small\item\em Build the clustering hierarchy trees. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
void \hyperlink{group__cluster_ga1445818b37483f78cc3fb2890155842c}{AI\_\-hierarchies\_\-build} (\hyperlink{structAI__config}{AI\_\-config} $\ast$\hyperlink{group__correlation_gaad7a982b6016390e7cd1164bd7db8bca}{conf}, \hyperlink{struct__hierarchy__node}{hierarchy\_\-node} $\ast$$\ast$nodes, int n\_\-nodes)
\begin{DoxyCompactList}\small\item\em Build the clustering hierarchy trees. \item\end{DoxyCompactList}\item
PRIVATE \hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_gab4c8ab92691e85a6f0ac4abb122712fd}{\_\-AI\_\-copy\_\-clustered\_\-alerts} (\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$node)
\begin{DoxyCompactList}\small\item\em Return a copy of the clustered alerts. \item\end{DoxyCompactList}\item
\hyperlink{struct__AI__snort__alert}{AI\_\-snort\_\-alert} $\ast$ \hyperlink{group__cluster_ga2553c678eeb83282c230d649a0e8fcd4}{AI\_\-get\_\-clustered\_\-alerts} ()
\begin{DoxyCompactList}\small\item\em Return the alerts parsed so far as a linked list. \item\end{DoxyCompactList}\end{DoxyCompactItemize}
\subsection*{Variables}
\begin{DoxyCompactItemize}
\item
@ -77,6 +81,22 @@ True if 'node' is already in 'root', false otherwise
Thread for periodically clustering the log information.
\hypertarget{group__cluster_gab4c8ab92691e85a6f0ac4abb122712fd}{
\index{cluster@{cluster}!\_\-AI\_\-copy\_\-clustered\_\-alerts@{\_\-AI\_\-copy\_\-clustered\_\-alerts}}
\index{\_\-AI\_\-copy\_\-clustered\_\-alerts@{\_\-AI\_\-copy\_\-clustered\_\-alerts}!cluster@{cluster}}
\subsubsection[{\_\-AI\_\-copy\_\-clustered\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}PRIVATE {\bf AI\_\-snort\_\-alert}$\ast$ \_\-AI\_\-copy\_\-clustered\_\-alerts (
\begin{DoxyParamCaption}
\item[{{\bf AI\_\-snort\_\-alert} $\ast$}]{ node}
\end{DoxyParamCaption}
)}}
\label{group__cluster_gab4c8ab92691e85a6f0ac4abb122712fd}
Return a copy of the clustered alerts.
\begin{DoxyReturn}{Returns}
An AI\_\-snort\_\-alert pointer identifying the list of clustered alerts
\end{DoxyReturn}
\hypertarget{group__cluster_ga0f91c8bfc37a3975f5c26b19fd6c5cba}{
\index{cluster@{cluster}!\_\-AI\_\-equal\_\-alarms@{\_\-AI\_\-equal\_\-alarms}}
\index{\_\-AI\_\-equal\_\-alarms@{\_\-AI\_\-equal\_\-alarms}!cluster@{cluster}}
@ -210,6 +230,22 @@ Create a new clustering hierarchy node.
\begin{DoxyReturn}{Returns}
The brand new node if the allocation was ok, otherwise abort the application
\end{DoxyReturn}
\hypertarget{group__cluster_ga2553c678eeb83282c230d649a0e8fcd4}{
\index{cluster@{cluster}!AI\_\-get\_\-clustered\_\-alerts@{AI\_\-get\_\-clustered\_\-alerts}}
\index{AI\_\-get\_\-clustered\_\-alerts@{AI\_\-get\_\-clustered\_\-alerts}!cluster@{cluster}}
\subsubsection[{AI\_\-get\_\-clustered\_\-alerts}]{\setlength{\rightskip}{0pt plus 5cm}{\bf AI\_\-snort\_\-alert}$\ast$ AI\_\-get\_\-clustered\_\-alerts (
\begin{DoxyParamCaption}
\item[{void}]{}
\end{DoxyParamCaption}
)}}
\label{group__cluster_ga2553c678eeb83282c230d649a0e8fcd4}
Return the alerts parsed so far as a linked list.
\begin{DoxyReturn}{Returns}
An AI\_\-snort\_\-alert pointer identifying the list of clustered alerts
\end{DoxyReturn}
\hypertarget{group__cluster_ga1445818b37483f78cc3fb2890155842c}{
\index{cluster@{cluster}!AI\_\-hierarchies\_\-build@{AI\_\-hierarchies\_\-build}}
\index{AI\_\-hierarchies\_\-build@{AI\_\-hierarchies\_\-build}!cluster@{cluster}}

Some files were not shown because too many files have changed in this diff Show More