blacklight/Snort_AIPreproc
1
0
Fork 0
mirror of https://github.com/BlackLight/Snort_AIPreproc.git synced 2024-11-15 05:07:15 +01:00
Code Issues Projects Releases Packages Wiki Activity
Snort_AIPreproc/doc/html/spp__ai_8h.html
BlackLight a1d157487c 16 ago 2010 commit
2010-08-16 22:09:34 +02:00

638 lines
34 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>Snort AI preprocessor module: spp_ai.h File Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javaScript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
</head>
<body onload='searchBox.OnSelectItem(0);'>
<!-- Generated by Doxygen 1.7.1 -->
<script type="text/javascript"><!--
var searchBox = new SearchBox("searchBox", "search",false,'Search');
--></script>
<div class="navigation" id="top">
<div class="tabs">
<ul class="tablist">
<li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li class="current"><a href="files.html"><span>Files</span></a></li>
<li id="searchli">
<div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</li>
</ul>
</div>
<div class="tabs2">
<ul class="tablist">
<li><a href="files.html"><span>File&nbsp;List</span></a></li>
<li><a href="globals.html"><span>Globals</span></a></li>
</ul>
</div>
</div>
<div class="header">
<div class="summary">
<a href="#nested-classes">Data Structures</a> &#124;
<a href="#define-members">Defines</a> &#124;
<a href="#typedef-members">Typedefs</a> &#124;
<a href="#enum-members">Enumerations</a> &#124;
<a href="#func-members">Functions</a> &#124;
<a href="#var-members">Variables</a> </div>
<div class="headertitle">
<h1>spp_ai.h File Reference</h1> </div>
</div>
<div class="contents">
<code>#include &quot;sf_snort_packet.h&quot;</code><br/>
<code>#include &quot;sf_dynamic_preprocessor.h&quot;</code><br/>
<code>#include &quot;uthash.h&quot;</code><br/>
<p><a href="spp__ai_8h_source.html">Go to the source code of this file.</a></p>
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="nested-classes"></a>
Data Structures</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__key.html">pkt_key</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structpkt__info.html">pkt_info</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="structAI__config.html">AI_config</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a></td></tr>
<tr><td colspan="2"><h2><a name="define-members"></a>
Defines</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a5e151c615eda34903514212f05a5ccf8">PRIVATE</a>&nbsp;&nbsp;&nbsp;static</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a5f555c0ebd29ce2771a3e2dd4f526746">DEFAULT_HASH_CLEANUP_INTERVAL</a>&nbsp;&nbsp;&nbsp;300</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a0f6a189af15ef783fb46ed37c144e031">DEFAULT_STREAM_EXPIRE_INTERVAL</a>&nbsp;&nbsp;&nbsp;300</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a0c4b6fce670e46083e33b9f53b78f39e">DEFAULT_ALERT_CLUSTERING_INTERVAL</a>&nbsp;&nbsp;&nbsp;3600</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a6d9bf552c32371e0144dc6a6209c7e4a">DEFAULT_ALERT_LOG_FILE</a>&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/alert&quot;</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a803dc913297ccdace9e604dbfecda97d">DEFAULT_CLUSTER_LOG_FILE</a>&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/cluster_alert&quot;</td></tr>
<tr><td colspan="2"><h2><a name="typedef-members"></a>
Typedefs</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef unsigned char&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef unsigned short&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef unsigned int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a466391129919ef12366d311d501552fa">hierarchy_node</a></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">typedef struct <a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a>&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a982be90e72362e88d09f28336c9a1897">AI_snort_alert</a></td></tr>
<tr><td colspan="2"><h2><a name="enum-members"></a>
Enumerations</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">enum &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a> { <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c">false</a>,
<a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b">true</a>
}</td></tr>
<tr><td class="memItemLeft" align="right" valign="top">enum &nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a> { <br/>
&nbsp;&nbsp;<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0">none</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f">src_addr</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c">dst_addr</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b">src_port</a>,
<br/>
&nbsp;&nbsp;<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9">dst_port</a>,
<a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451">CLUSTER_TYPES</a>
<br/>
}</td></tr>
<tr><td colspan="2"><h2><a name="func-members"></a>
Functions</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">int&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a85c0852b05b60cbfe0130534160c9876">preg_match</a> (const char *, char *, char ***, int *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Check if a string matches a regular expression. <a href="#a85c0852b05b60cbfe0130534160c9876"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ad56f71be823eead743972274b99c82ff">AI_hashcleanup_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. <a href="#ad56f71be823eead743972274b99c82ff"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a842a3204c6e067a9920990b573757181">AI_alertparser_thread</a> (void *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Thread for parsing Snort's alert file. <a href="#a842a3204c6e067a9920990b573757181"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#af6f7d167c3623bbc669e8d31c2719b29">AI_pkt_enqueue</a> (SFSnortPacket *)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. <a href="#af6f7d167c3623bbc669e8d31c2719b29"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a8749989cee2ac05a7de058faac280c02">AI_set_stream_observed</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a> key)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. <a href="#a8749989cee2ac05a7de058faac280c02"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a857348424b9db45c90f95631eb96fd7c">AI_hierarchies_build</a> (<a class="el" href="structAI__config.html">AI_config</a> *, <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **, int)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Build the clustering hierarchy trees. <a href="#a857348424b9db45c90f95631eb96fd7c"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">struct <a class="el" href="structpkt__info.html">pkt_info</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a3054f06297a9caefd4d9b1283bb8b69a">AI_get_stream_by_key</a> (struct <a class="el" href="structpkt__key.html">pkt_key</a>)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Get a TCP stream by key. <a href="#a3054f06297a9caefd4d9b1283bb8b69a"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#af19a28f7cbcdfeb2b66fb3b625b75076">AI_get_alerts</a> (void)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Return the alerts parsed so far as a linked list. <a href="#af19a28f7cbcdfeb2b66fb3b625b75076"></a><br/></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">void&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#a270e86669a0aa64a8da37bc16cda645b">AI_free_alerts</a> (<a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *node)</td></tr>
<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">Deallocate the memory of a log alert linked list. <a href="#a270e86669a0aa64a8da37bc16cda645b"></a><br/></td></tr>
<tr><td colspan="2"><h2><a name="var-members"></a>
Variables</h2></td></tr>
<tr><td class="memItemLeft" align="right" valign="top">DynamicPreprocessorData&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td></tr>
</table>
<hr/><h2>Define Documentation</h2>
<a class="anchor" id="a0c4b6fce670e46083e33b9f53b78f39e"></a><!-- doxytag: member="spp_ai.h::DEFAULT_ALERT_CLUSTERING_INTERVAL" ref="a0c4b6fce670e46083e33b9f53b78f39e" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_ALERT_CLUSTERING_INTERVAL&nbsp;&nbsp;&nbsp;3600</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a6d9bf552c32371e0144dc6a6209c7e4a"></a><!-- doxytag: member="spp_ai.h::DEFAULT_ALERT_LOG_FILE" ref="a6d9bf552c32371e0144dc6a6209c7e4a" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_ALERT_LOG_FILE&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/alert&quot;</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a803dc913297ccdace9e604dbfecda97d"></a><!-- doxytag: member="spp_ai.h::DEFAULT_CLUSTER_LOG_FILE" ref="a803dc913297ccdace9e604dbfecda97d" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_CLUSTER_LOG_FILE&nbsp;&nbsp;&nbsp;&quot;/var/log/snort/cluster_alert&quot;</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a5f555c0ebd29ce2771a3e2dd4f526746"></a><!-- doxytag: member="spp_ai.h::DEFAULT_HASH_CLEANUP_INTERVAL" ref="a5f555c0ebd29ce2771a3e2dd4f526746" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_HASH_CLEANUP_INTERVAL&nbsp;&nbsp;&nbsp;300</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a0f6a189af15ef783fb46ed37c144e031"></a><!-- doxytag: member="spp_ai.h::DEFAULT_STREAM_EXPIRE_INTERVAL" ref="a0f6a189af15ef783fb46ed37c144e031" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define DEFAULT_STREAM_EXPIRE_INTERVAL&nbsp;&nbsp;&nbsp;300</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a5e151c615eda34903514212f05a5ccf8"></a><!-- doxytag: member="spp_ai.h::PRIVATE" ref="a5e151c615eda34903514212f05a5ccf8" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define PRIVATE&nbsp;&nbsp;&nbsp;static</td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/><h2>Typedef Documentation</h2>
<a class="anchor" id="a982be90e72362e88d09f28336c9a1897"></a><!-- doxytag: member="spp_ai.h::AI_snort_alert" ref="a982be90e72362e88d09f28336c9a1897" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef struct <a class="el" href="struct__AI__snort__alert.html">_AI_snort_alert</a> <a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a466391129919ef12366d311d501552fa"></a><!-- doxytag: member="spp_ai.h::hierarchy_node" ref="a466391129919ef12366d311d501552fa" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef struct <a class="el" href="struct__hierarchy__node.html">_hierarchy_node</a> <a class="el" href="struct__hierarchy__node.html">hierarchy_node</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a273cf69d639a59973b6019625df33e30"></a><!-- doxytag: member="spp_ai.h::uint16_t" ref="a273cf69d639a59973b6019625df33e30" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef unsigned short <a class="el" href="spp__ai_8h.html#a273cf69d639a59973b6019625df33e30">uint16_t</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="a435d1572bf3f880d55459d9805097f62"></a><!-- doxytag: member="spp_ai.h::uint32_t" ref="a435d1572bf3f880d55459d9805097f62" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef unsigned int <a class="el" href="spp__ai_8h.html#a435d1572bf3f880d55459d9805097f62">uint32_t</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<a class="anchor" id="aba7bc1797add20fe3efdf37ced1182c5"></a><!-- doxytag: member="spp_ai.h::uint8_t" ref="aba7bc1797add20fe3efdf37ced1182c5" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef unsigned char <a class="el" href="spp__ai_8h.html#aba7bc1797add20fe3efdf37ced1182c5">uint8_t</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
<hr/><h2>Enumeration Type Documentation</h2>
<a class="anchor" id="a3e5b8192e7d9ffaf3542f1210aec18dd"></a><!-- doxytag: member="spp_ai.h::BOOL" ref="a3e5b8192e7d9ffaf3542f1210aec18dd" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">enum <a class="el" href="spp__ai_8h.html#a3e5b8192e7d9ffaf3542f1210aec18dd">BOOL</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<dl><dt><b>Enumerator: </b></dt><dd><table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"><em><a class="anchor" id="a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c"></a><!-- doxytag: member="false" ref="a3e5b8192e7d9ffaf3542f1210aec18ddae9de385ef6fe9bf3360d1038396b884c" args="" -->false</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b"></a><!-- doxytag: member="true" ref="a3e5b8192e7d9ffaf3542f1210aec18dda08f175a5505a10b9ed657defeb050e4b" args="" -->true</em>&nbsp;</td><td>
</td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640"></a><!-- doxytag: member="spp_ai.h::cluster_type" ref="ae2ff3c6586aa2ab211a102abfde86640" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">enum <a class="el" href="spp__ai_8h.html#ae2ff3c6586aa2ab211a102abfde86640">cluster_type</a></td>
</tr>
</table>
</div>
<div class="memdoc">
<dl><dt><b>Enumerator: </b></dt><dd><table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0"></a><!-- doxytag: member="none" ref="ae2ff3c6586aa2ab211a102abfde86640ab7e4e0120a041dbe6528b050c04269e0" args="" -->none</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f"></a><!-- doxytag: member="src_addr" ref="ae2ff3c6586aa2ab211a102abfde86640abc900639df18f0f5f2f63a1f033fe42f" args="" -->src_addr</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c"></a><!-- doxytag: member="dst_addr" ref="ae2ff3c6586aa2ab211a102abfde86640aa000f955ef1374c60cdb16bf43a1593c" args="" -->dst_addr</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b"></a><!-- doxytag: member="src_port" ref="ae2ff3c6586aa2ab211a102abfde86640ac1335c508143eb06843af2ce5ff3027b" args="" -->src_port</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9"></a><!-- doxytag: member="dst_port" ref="ae2ff3c6586aa2ab211a102abfde86640abc4f89a184ada44073bd6f54d7fc11c9" args="" -->dst_port</em>&nbsp;</td><td>
</td></tr>
<tr><td valign="top"><em><a class="anchor" id="ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451"></a><!-- doxytag: member="CLUSTER_TYPES" ref="ae2ff3c6586aa2ab211a102abfde86640ab16bb5c4b330d5db02e2d852cd2ba451" args="" -->CLUSTER_TYPES</em>&nbsp;</td><td>
</td></tr>
</table>
</dd>
</dl>
</div>
</div>
<hr/><h2>Function Documentation</h2>
<a class="anchor" id="a842a3204c6e067a9920990b573757181"></a><!-- doxytag: member="spp_ai.h::AI_alertparser_thread" ref="a842a3204c6e067a9920990b573757181" args="(void *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_alertparser_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread for parsing Snort's alert file. </p>
<p>FUNCTION: AI_alertparser_thread </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>void* pointer to module's configuration </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a270e86669a0aa64a8da37bc16cda645b"></a><!-- doxytag: member="spp_ai.h::AI_free_alerts" ref="a270e86669a0aa64a8da37bc16cda645b" args="(AI_snort_alert *node)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_free_alerts </td>
<td>(</td>
<td class="paramtype"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a> *&nbsp;</td>
<td class="paramname"> <em>node</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Deallocate the memory of a log alert linked list. </p>
<p>FUNCTION: AI_free_alerts </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>node</em>&nbsp;</td><td>Linked list to be freed </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="af19a28f7cbcdfeb2b66fb3b625b75076"></a><!-- doxytag: member="spp_ai.h::AI_get_alerts" ref="af19a28f7cbcdfeb2b66fb3b625b75076" args="(void)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname"><a class="el" href="struct__AI__snort__alert.html">AI_snort_alert</a>* AI_get_alerts </td>
<td>(</td>
<td class="paramtype">void&nbsp;</td>
<td class="paramname"></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Return the alerts parsed so far as a linked list. </p>
<p>FUNCTION: AI_get_alerts </p>
<dl class="return"><dt><b>Returns:</b></dt><dd>An AI_snort_alert pointer identifying the list of alerts </dd></dl>
</div>
</div>
<a class="anchor" id="a3054f06297a9caefd4d9b1283bb8b69a"></a><!-- doxytag: member="spp_ai.h::AI_get_stream_by_key" ref="a3054f06297a9caefd4d9b1283bb8b69a" args="(struct pkt_key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">struct <a class="el" href="structpkt__info.html">pkt_info</a>* AI_get_stream_by_key </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td><code> [read]</code></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Get a TCP stream by key. </p>
<p>FUNCTION: AI_get_stream_by_key </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be picked up (struct <a class="el" href="structpkt__key.html">pkt_key</a>) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>A <a class="el" href="structpkt__info.html">pkt_info</a> pointer to the stream if found, NULL otherwise </dd></dl>
</div>
</div>
<a class="anchor" id="ad56f71be823eead743972274b99c82ff"></a><!-- doxytag: member="spp_ai.h::AI_hashcleanup_thread" ref="ad56f71be823eead743972274b99c82ff" args="(void *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void* AI_hashcleanup_thread </td>
<td>(</td>
<td class="paramtype">void *&nbsp;</td>
<td class="paramname"> <em>arg</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Thread called for cleaning up the hash table from the traffic streams older than a certain threshold. </p>
<p>FUNCTION: AI_hashcleanup_thread </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>arg</em>&nbsp;</td><td>Pointer to the <a class="el" href="structAI__config.html">AI_config</a> struct </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a857348424b9db45c90f95631eb96fd7c"></a><!-- doxytag: member="spp_ai.h::AI_hierarchies_build" ref="a857348424b9db45c90f95631eb96fd7c" args="(AI_config *, hierarchy_node **, int)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_hierarchies_build </td>
<td>(</td>
<td class="paramtype"><a class="el" href="structAI__config.html">AI_config</a> *&nbsp;</td>
<td class="paramname"> <em>conf</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="struct__hierarchy__node.html">hierarchy_node</a> **&nbsp;</td>
<td class="paramname"> <em>nodes</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int&nbsp;</td>
<td class="paramname"> <em>n_nodes</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Build the clustering hierarchy trees. </p>
<p>FUNCTION: AI_hierarchies_build </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>conf</em>&nbsp;</td><td>Reference to the configuration of the module </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nodes</em>&nbsp;</td><td>Nodes containing the information about the clustering ranges </td></tr>
<tr><td valign="top"></td><td valign="top"><em>n_nodes</em>&nbsp;</td><td>Number of nodes </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="af6f7d167c3623bbc669e8d31c2719b29"></a><!-- doxytag: member="spp_ai.h::AI_pkt_enqueue" ref="af6f7d167c3623bbc669e8d31c2719b29" args="(SFSnortPacket *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_pkt_enqueue </td>
<td>(</td>
<td class="paramtype">SFSnortPacket *&nbsp;</td>
<td class="paramname"> <em>pkt</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Function called for appending a new packet to the hash table, creating a new stream or appending it to an existing stream. </p>
<p>FUNCTION: AI_pkt_enqueue </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>pkt</em>&nbsp;</td><td>Packet to be appended </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a8749989cee2ac05a7de058faac280c02"></a><!-- doxytag: member="spp_ai.h::AI_set_stream_observed" ref="a8749989cee2ac05a7de058faac280c02" args="(struct pkt_key key)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void AI_set_stream_observed </td>
<td>(</td>
<td class="paramtype">struct <a class="el" href="structpkt__key.html">pkt_key</a>&nbsp;</td>
<td class="paramname"> <em>key</em></td>
<td>&nbsp;)&nbsp;</td>
<td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Set the flag "observed" on a stream associated to a security alert, so that it won't be removed from the hash table. </p>
<p>FUNCTION: AI_set_stream_observed </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>key</em>&nbsp;</td><td>Key of the stream to be set as "observed" </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a class="anchor" id="a85c0852b05b60cbfe0130534160c9876"></a><!-- doxytag: member="spp_ai.h::preg_match" ref="a85c0852b05b60cbfe0130534160c9876" args="(const char *, char *, char ***, int *)" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int preg_match </td>
<td>(</td>
<td class="paramtype">const char *&nbsp;</td>
<td class="paramname"> <em>expr</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char *&nbsp;</td>
<td class="paramname"> <em>str</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char ***&nbsp;</td>
<td class="paramname"> <em>matches</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">int *&nbsp;</td>
<td class="paramname"> <em>nmatches</em></td><td>&nbsp;</td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td><td></td>
</tr>
</table>
</div>
<div class="memdoc">
<p>Check if a string matches a regular expression. </p>
<p>FUNCTION: preg_match </p>
<dl><dt><b>Parameters:</b></dt><dd>
<table border="0" cellspacing="2" cellpadding="0">
<tr><td valign="top"></td><td valign="top"><em>expr</em>&nbsp;</td><td>Regular expression to be matched </td></tr>
<tr><td valign="top"></td><td valign="top"><em>str</em>&nbsp;</td><td>String to be checked </td></tr>
<tr><td valign="top"></td><td valign="top"><em>matches</em>&nbsp;</td><td>Reference to a char** that will contain the submatches (NULL if you don't need it) </td></tr>
<tr><td valign="top"></td><td valign="top"><em>nmatches</em>&nbsp;</td><td>Reference to a int containing the number of submatches found (NULL if you don't need it) </td></tr>
</table>
</dd>
</dl>
<dl class="return"><dt><b>Returns:</b></dt><dd>-1 if the regex is wrong, 0 if no match was found, 1 otherwise </dd></dl>
</div>
</div>
<hr/><h2>Variable Documentation</h2>
<a class="anchor" id="ab46420126c43c1aac5eabc5db266a71c"></a><!-- doxytag: member="spp_ai.h::_dpd" ref="ab46420126c43c1aac5eabc5db266a71c" args="" -->
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">DynamicPreprocessorData <a class="el" href="spp__ai_8h.html#ab46420126c43c1aac5eabc5db266a71c">_dpd</a></td>
</tr>
</table>
</div>
<div class="memdoc">
</div>
</div>
</div>
<!--- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&nbsp;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&nbsp;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&nbsp;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&nbsp;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&nbsp;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&nbsp;</span>Typedefs</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&nbsp;</span>Enumerations</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span class="SelectionMark">&nbsp;</span>Enumerator</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span class="SelectionMark">&nbsp;</span>Defines</a></div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<hr class="footer"/><address class="footer"><small>Generated on Mon Aug 16 2010 22:05:38 for Snort AI preprocessor module by&nbsp;
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.1 </small></address>
</body>
</html>
Reference in a new issue View git blame Copy permalink