aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Unified2rev2

Browse Source 
Signed-off-by: Breno Silva <breno.silva@gmail.com>
remotes/origin/master-1.0.x
Breno Silva 16 years ago committed by Victor Julien
parent ee8fef2e68
commit f6b36b7241
2 changed files with 99 additions and 71 deletions
Show Stats Download Patch File Download Diff File

102
src/alert-unified2-alert.c
Unescape Escape View File

@ -31,6 +31,98 @@
#define DEBUG
/*prototypes*/
int Unified2Alert (ThreadVars *, Packet *, void *, PacketQueue *);
int Unified2AlertThreadInit(ThreadVars *, void *, void **);
int Unified2AlertThreadDeinit(ThreadVars *, void *);
int Unified2IPv4TypeAlert(ThreadVars *, Packet *, void *, PacketQueue *);
int Unified2IPv6TypeAlert(ThreadVars *, Packet *, void *, PacketQueue *);
int Unified2PacketTypeAlert(ThreadVars *, Packet *, void *);
void Unified2RegisterTests();
/**
* Unified2 thread vars
*
* Used for storing file options.
*/
typedef struct Unified2AlertThread_ {
FILE *fp; /* file pointer */
uint32_t size_limit; /* file size limit */
uint32_t size_current; /* file current size */
} Unified2AlertThread;
/**
* Unified2 file header struct
*
* Used for storing file header options.
*/
typedef struct Unified2AlertFileHeader_ {
uint32_t type; /* unified2 type header */
uint32_t length; /* unified2 struct size length */
} Unified2AlertFileHeader;
/**
* Unified2 Ipv4 struct
*
* Used for storing ipv4 type values.
*/
typedef struct AlertIPv4Unified2_ {
uint32_t sensor_id; /* sendor id */
uint32_t event_id; /* event id */
uint32_t event_second; /* event second */
uint32_t event_microsecond; /* event microsecond */
uint32_t signature_id; /* signature id */
uint32_t generator_id; /* generator id */
uint32_t signature_revision; /* signature revision */
uint32_t classification_id; /* classification id */
uint32_t priority_id; /* priority id */
uint32_t src_ip; /* source ip */
uint32_t dst_ip; /* destination ip */
uint16_t sp; /* source port */
uint16_t dp; /* destination port */
uint8_t protocol; /* protocol */
uint8_t packet_action; /* packet action */
} AlertIPv4Unified2;
/**
* Unified2 Ipv6 type struct
*
* Used for storing ipv6 type values.
*/
typedef struct AlertIPv6Unified2_ {
uint32_t sensor_id; /* sendor id */
uint32_t event_id; /* event id */
uint32_t event_second; /* event second */
uint32_t event_microsecond; /* event microsecond */
uint32_t signature_id; /* signature id */
uint32_t generator_id; /* generator id */
uint32_t signature_revision; /* signature revision */
uint32_t classification_id; /* classification id */
uint32_t priority_id; /* priority id */
struct in6_addr src_ip; /* source ip */
struct in6_addr dst_ip; /* destination ip */
uint16_t sp; /* source port */
uint16_t dp; /* destination port */
uint8_t protocol; /* protocol */
uint8_t packet_action; /* packet action */
} AlertIPv6Unified2;
/**
* Unified2 packet type struct
*
* Used for storing packet type values.
*/
typedef struct AlertUnified2Packet_ {
uint32_t sensor_id; /* sensor id */
uint32_t event_id; /* event id */
uint32_t event_second; /* event second */
uint32_t packet_second; /* packet second */
uint32_t packet_microsecond; /* packet microsecond */
uint32_t linktype; /* link type */
uint32_t packet_length; /* packet length */
uint8_t packet_data[4]; /* packet data */
} Unified2Packet;
void TmModuleUnified2AlertRegister (void) {
tmm_modules[TMM_ALERTUNIFIED2ALERT].name = "Unified2Alert";
tmm_modules[TMM_ALERTUNIFIED2ALERT].ThreadInit = Unified2AlertThreadInit;
@ -83,12 +175,12 @@ int Unified2AlertCreateFile(ThreadVars *t, Unified2AlertThread *aun) {
* \param aun Unified2 thread variable.
*/
int Unified2AlertCloseFile(ThreadVars *t, Unified2AlertThread *aun) {
if (aun->fp != NULL)
fclose(aun->fp);
int Unified2AlertCloseFile(ThreadVars *t, Unified2AlertThread *aun) {
if (aun->fp != NULL)
fclose(aun->fp);
return 0;
}
return 0;
}
/**
* \brief Function to rotate unified2 file

68
src/alert-unified2-alert.h
Unescape Escape View File

@ -6,9 +6,11 @@
#ifndef __ALERT_UNIFIED2_ALERT_H__
#define __ALERT_UNIFIED2_ALERT_H__
/** Unified2 Option packet action */
#define UNIFIED2_PACKET_FLAG 1
#define UNIFIED2_BLOCKED_FLAG 0x20
/** Unified2 Header Types */
#define UNIFIED2_EVENT_TYPE 1
#define UNIFIED2_PACKET_TYPE 2
#define UNIFIED2_IDS_EVENT_TYPE 7
@ -19,73 +21,7 @@
#define UNIFIED2_IDS_EVENT_MPLS_TYPE 99
#define UNIFIED2_IDS_EVENT_IPV6_MPLS_TYPE 100
int Unified2Alert (ThreadVars *, Packet *, void *, PacketQueue *);
int Unified2AlertThreadInit(ThreadVars *, void *, void **);
int Unified2AlertThreadDeinit(ThreadVars *, void *);
int Unified2IPv4TypeAlert(ThreadVars *, Packet *, void *, PacketQueue *);
int Unified2IPv6TypeAlert(ThreadVars *, Packet *, void *, PacketQueue *);
int Unified2PacketTypeAlert(ThreadVars *, Packet *, void *);
void Unified2RegisterTests();
void TmModuleUnified2AlertRegister (void);
typedef struct Unified2AlertThread_ {
FILE *fp;
uint32_t size_limit;
uint32_t size_current;
} Unified2AlertThread;
typedef struct Unified2AlertFileHeader_ {
uint32_t type;
uint32_t length;
} Unified2AlertFileHeader;
typedef struct AlertIPv4Unified2_ {
uint32_t sensor_id;
uint32_t event_id;
uint32_t event_second;
uint32_t event_microsecond;
uint32_t signature_id;
uint32_t generator_id;
uint32_t signature_revision;
uint32_t classification_id;
uint32_t priority_id;
uint32_t src_ip;
uint32_t dst_ip;
uint16_t sp;
uint16_t dp;
uint8_t protocol;
uint8_t packet_action;
} AlertIPv4Unified2;
typedef struct AlertIPv6Unified2_ {
uint32_t sensor_id;
uint32_t event_id;
uint32_t event_second;
uint32_t event_microsecond;
uint32_t signature_id;
uint32_t generator_id;
uint32_t signature_revision;
uint32_t classification_id;
uint32_t priority_id;
struct in6_addr src_ip;
struct in6_addr dst_ip;
uint16_t sp;
uint16_t dp;
uint8_t protocol;
uint8_t packet_action;
} AlertIPv6Unified2;
typedef struct AlertUnified2Packet_ {
uint32_t sensor_id;
uint32_t event_id;
uint32_t event_second;
uint32_t packet_second;
uint32_t packet_microsecond;
uint32_t linktype;
uint32_t packet_length;
uint8_t packet_data[4];
} Unified2Packet;
#endif /* __ALERT_UNIFIED2_ALERT_H__ */

Write Preview
Loading…
Cancel
Save