Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src

sfthreshold.c File Reference

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "mstring.h"
#include "util.h"
#include "parser.h"
#include "sfthd.h"
#include "sfthreshold.h"
#include "snort.h"
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>

Go to the source code of this file.

Defines

#define PRINT_GLOBAL   0
#define PRINT_LOCAL   1
#define PRINT_SUPPRESS   2

Functions

static unsigned xatou (char *s, char *etext)
void ParseThreshold2 (THDX_STRUCT *thdx, char *s)
void ProcessThresholdOptions (char *options)
void ParseSFThreshold (FILE *fp, char *rule)
static void parseCIDR (THDX_STRUCT *thdx, char *s)
void ParseSFSuppress (FILE *fp, char *rule)
int sfthreshold_init ()
void print_netip (unsigned long ip)
void print_thdx (THDX_STRUCT *thdx)
static void ntoa (char *buff, int blen, unsigned ip)
int print_thd_node (THD_NODE *p, int type)
int print_thd_local (THD_STRUCT *thd, int type)
void print_thresholding ()
int sfthreshold_create (THDX_STRUCT *thdx)
int sfthreshold_test (unsigned gen_id, unsigned sig_id, unsigned sip, unsigned dip, long curtime)
void sfthreshold_reset (void)

Variables

static int s_memcap = 1024 * 1024
static THD_STRUCTs_thd = 0
static int s_enabled = 1
static int s_checked = 0
static int s_answer = 0

Define Documentation

#define PRINT_GLOBAL   0
 

Definition at line 612 of file sfthreshold.c.

Referenced by print_thresholding().

#define PRINT_LOCAL   1
 

Definition at line 613 of file sfthreshold.c.

Referenced by print_thresholding().

#define PRINT_SUPPRESS   2
 

Definition at line 614 of file sfthreshold.c.

Referenced by print_thresholding().

Function Documentation

static void ntoa char *  buff,
int  blen,
unsigned  ip
[static]
 

Definition at line 607 of file sfthreshold.c.

References snprintf.

Referenced by print_thd_node().

static void parseCIDR THDX_STRUCT thdx,
char *  s
[static]
 

Definition at line 383 of file sfthreshold.c.

References FatalError(), file_line, file_name, THDX_STRUCT::ip_address, THDX_STRUCT::ip_mask, mSplit(), mSplitFree(), THDX_STRUCT::not_flag, and xatou().

Referenced by ParseSFSuppress().

void ParseSFSuppress FILE *  fp,
char *  rule
 

Definition at line 443 of file sfthreshold.c.

References FatalError(), file_line, file_name, THDX_STRUCT::gen_id, THDX_STRUCT::ip_address, THDX_STRUCT::ip_mask, memset, mSplit(), mSplitFree(), parseCIDR(), THDX_STRUCT::priority, sfthreshold_create(), THDX_STRUCT::sig_id, strtoul(), THD_PRIORITY_SUPPRESS, THD_TRK_DST, THD_TRK_SRC, THD_TYPE_SUPPRESS, THDX_STRUCT::tracking, and THDX_STRUCT::type.

Referenced by ParseRule().

void ParseSFThreshold FILE *  fp,
char *  rule
 

Definition at line 237 of file sfthreshold.c.

References THDX_STRUCT::count, FatalError(), file_line, file_name, THDX_STRUCT::gen_id, memset, mSplit(), mSplitFree(), THDX_STRUCT::seconds, sfthreshold_create(), THDX_STRUCT::sig_id, THD_TRK_DST, THD_TRK_SRC, THD_TYPE_BOTH, THD_TYPE_LIMIT, THD_TYPE_THRESHOLD, THDX_STRUCT::tracking, THDX_STRUCT::type, and xatou().

Referenced by ParseRule().

void ParseThreshold2 THDX_STRUCT thdx,
char *  s
 

Definition at line 92 of file sfthreshold.c.

References THDX_STRUCT::count, FatalError(), file_line, file_name, memset, THDX_STRUCT::priority, s_enabled, THDX_STRUCT::seconds, THD_TRK_DST, THD_TRK_SRC, THD_TYPE_BOTH, THD_TYPE_LIMIT, THD_TYPE_THRESHOLD, THDX_STRUCT::tracking, THDX_STRUCT::type, and xatou().

Referenced by ParseRuleOptions().

void print_netip unsigned long  ip  ) 
 

Definition at line 561 of file sfthreshold.c.

Referenced by print_thdx().

int print_thd_local THD_STRUCT thd,
int  type
 

Definition at line 705 of file sfthreshold.c.

References _sfghash_node::data, LogMessage(), print_thd_node(), sfghash_findfirst(), sfghash_findnext(), sflist_first(), sflist_next(), THD_STRUCT::sfthd_array, THD_ITEM::sfthd_node_list, and THD_MAX_GENID.

Referenced by print_thresholding().

int print_thd_node THD_NODE p,
int  type
 

Definition at line 620 of file sfthreshold.c.

References buffer, THD_NODE::count, THD_NODE::gen_id, THD_NODE::ip_address, THD_NODE::ip_mask, LogMessage(), memset, THD_NODE::not_flag, ntoa(), THD_NODE::seconds, sfsnprintfappend(), THD_NODE::sig_id, STD_BUF, THD_TYPE_BOTH, THD_TYPE_LIMIT, THD_TYPE_SUPPRESS, THD_TYPE_THRESHOLD, THD_NODE::tracking, and THD_NODE::type.

Referenced by print_thd_local(), and print_thresholding().

void print_thdx THDX_STRUCT thdx  ) 
 

Definition at line 578 of file sfthreshold.c.

References THDX_STRUCT::count, THDX_STRUCT::gen_id, THDX_STRUCT::ip_address, THDX_STRUCT::ip_mask, THDX_STRUCT::not_flag, print_netip(), THDX_STRUCT::seconds, THDX_STRUCT::sig_id, THD_TYPE_SUPPRESS, THDX_STRUCT::tracking, and THDX_STRUCT::type.

void print_thresholding  ) 
 

Definition at line 752 of file sfthreshold.c.

References THD_NODE::gen_id, LogMessage(), PRINT_GLOBAL, PRINT_LOCAL, PRINT_SUPPRESS, print_thd_local(), print_thd_node(), s_memcap, THD_STRUCT::sfthd_garray, THD_NODE::sig_id, and THD_MAX_GENID.

Referenced by SnortMain().

void ProcessThresholdOptions char *  options  ) 
 

Definition at line 201 of file sfthreshold.c.

References FatalError(), file_line, file_name, mSplit(), mSplitFree(), s_enabled, s_memcap, and xatou().

Referenced by ParseConfig().

int sfthreshold_create THDX_STRUCT thdx  ) 
 

Definition at line 836 of file sfthreshold.c.

References THDX_STRUCT::count, THDX_STRUCT::gen_id, THDX_STRUCT::ip_address, THDX_STRUCT::ip_mask, THDX_STRUCT::not_flag, THDX_STRUCT::priority, s_enabled, THDX_STRUCT::seconds, sfthd_create_threshold(), sfthreshold_init(), THDX_STRUCT::sig_id, THDX_STRUCT::tracking, and THDX_STRUCT::type.

Referenced by ParseRuleOptions(), ParseSFSuppress(), and ParseSFThreshold().

int sfthreshold_init void   ) 
 

Definition at line 540 of file sfthreshold.c.

References s_enabled, s_memcap, and sfthd_new().

Referenced by sfthreshold_create().

void sfthreshold_reset void   ) 
 

Reset the thresholding system so that subsequent calls to sfthreshold_test will indeed try to alter the thresholding system

Definition at line 916 of file sfthreshold.c.

References s_checked.

Referenced by GenerateOpenPortEvent(), LogSnortEvents(), and PcapProcessPacket().

int sfthreshold_test unsigned  gen_id,
unsigned  sig_id,
unsigned  sip,
unsigned  dip,
long  curtime
 

Definition at line 890 of file sfthreshold.c.

References s_answer, s_checked, s_enabled, and sfthd_test_threshold().

Referenced by CallAlertFuncs(), CallLogFuncs(), fpLogEvent(), GenerateOpenPortEvent(), LogPortscanAlert(), and ParseXLink2State().

static unsigned xatou char *  s,
char *  etext
[static]
 

Definition at line 56 of file sfthreshold.c.

References errno, FatalError(), file_line, file_name, and strtoul().

Referenced by parseCIDR(), ParseSFThreshold(), ParseThreshold2(), and ProcessThresholdOptions().

Variable Documentation

int s_answer = 0 [static]
 

what was the last return value?

Definition at line 49 of file sfthreshold.c.

Referenced by sfthreshold_test().

int s_checked = 0 [static]
 

have we evaluated this yet?

Definition at line 48 of file sfthreshold.c.

Referenced by sfthreshold_reset(), and sfthreshold_test().

int s_enabled = 1 [static]
 

Definition at line 47 of file sfthreshold.c.

int s_memcap = 1024 * 1024 [static]
 

Definition at line 45 of file sfthreshold.c.

Referenced by print_thresholding(), ProcessThresholdOptions(), and sfthreshold_init().

THD_STRUCT* s_thd = 0 [static]
 

Definition at line 46 of file sfthreshold.c.

Generated on Sun May 14 14:51:26 2006 by  doxygen 1.4.2