diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c index d04ebf0577..c35b2959b9 100644 --- a/src/alert-unified2-alert.c +++ b/src/alert-unified2-alert.c @@ -31,6 +31,98 @@ #define DEBUG +/*prototypes*/ +int Unified2Alert (ThreadVars *, Packet *, void *, PacketQueue *); +int Unified2AlertThreadInit(ThreadVars *, void *, void **); +int Unified2AlertThreadDeinit(ThreadVars *, void *); +int Unified2IPv4TypeAlert(ThreadVars *, Packet *, void *, PacketQueue *); +int Unified2IPv6TypeAlert(ThreadVars *, Packet *, void *, PacketQueue *); +int Unified2PacketTypeAlert(ThreadVars *, Packet *, void *); +void Unified2RegisterTests(); + +/** + * Unified2 thread vars + * + * Used for storing file options. + */ +typedef struct Unified2AlertThread_ { + FILE *fp; /* file pointer */ + uint32_t size_limit; /* file size limit */ + uint32_t size_current; /* file current size */ +} Unified2AlertThread; + +/** + * Unified2 file header struct + * + * Used for storing file header options. + */ +typedef struct Unified2AlertFileHeader_ { + uint32_t type; /* unified2 type header */ + uint32_t length; /* unified2 struct size length */ +} Unified2AlertFileHeader; + +/** + * Unified2 Ipv4 struct + * + * Used for storing ipv4 type values. + */ +typedef struct AlertIPv4Unified2_ { + uint32_t sensor_id; /* sendor id */ + uint32_t event_id; /* event id */ + uint32_t event_second; /* event second */ + uint32_t event_microsecond; /* event microsecond */ + uint32_t signature_id; /* signature id */ + uint32_t generator_id; /* generator id */ + uint32_t signature_revision; /* signature revision */ + uint32_t classification_id; /* classification id */ + uint32_t priority_id; /* priority id */ + uint32_t src_ip; /* source ip */ + uint32_t dst_ip; /* destination ip */ + uint16_t sp; /* source port */ + uint16_t dp; /* destination port */ + uint8_t protocol; /* protocol */ + uint8_t packet_action; /* packet action */ +} AlertIPv4Unified2; + +/** + * Unified2 Ipv6 type struct + * + * Used for storing ipv6 type values. + */ +typedef struct AlertIPv6Unified2_ { + uint32_t sensor_id; /* sendor id */ + uint32_t event_id; /* event id */ + uint32_t event_second; /* event second */ + uint32_t event_microsecond; /* event microsecond */ + uint32_t signature_id; /* signature id */ + uint32_t generator_id; /* generator id */ + uint32_t signature_revision; /* signature revision */ + uint32_t classification_id; /* classification id */ + uint32_t priority_id; /* priority id */ + struct in6_addr src_ip; /* source ip */ + struct in6_addr dst_ip; /* destination ip */ + uint16_t sp; /* source port */ + uint16_t dp; /* destination port */ + uint8_t protocol; /* protocol */ + uint8_t packet_action; /* packet action */ +} AlertIPv6Unified2; + +/** + * Unified2 packet type struct + * + * Used for storing packet type values. + */ +typedef struct AlertUnified2Packet_ { + uint32_t sensor_id; /* sensor id */ + uint32_t event_id; /* event id */ + uint32_t event_second; /* event second */ + uint32_t packet_second; /* packet second */ + uint32_t packet_microsecond; /* packet microsecond */ + uint32_t linktype; /* link type */ + uint32_t packet_length; /* packet length */ + uint8_t packet_data[4]; /* packet data */ +} Unified2Packet; + void TmModuleUnified2AlertRegister (void) { tmm_modules[TMM_ALERTUNIFIED2ALERT].name = "Unified2Alert"; tmm_modules[TMM_ALERTUNIFIED2ALERT].ThreadInit = Unified2AlertThreadInit; @@ -83,12 +175,12 @@ int Unified2AlertCreateFile(ThreadVars *t, Unified2AlertThread *aun) { * \param aun Unified2 thread variable. */ -int Unified2AlertCloseFile(ThreadVars *t, Unified2AlertThread *aun) { - if (aun->fp != NULL) - fclose(aun->fp); + int Unified2AlertCloseFile(ThreadVars *t, Unified2AlertThread *aun) { + if (aun->fp != NULL) + fclose(aun->fp); - return 0; -} + return 0; + } /** * \brief Function to rotate unified2 file diff --git a/src/alert-unified2-alert.h b/src/alert-unified2-alert.h index c19e5768f8..48a44c28ec 100644 --- a/src/alert-unified2-alert.h +++ b/src/alert-unified2-alert.h @@ -6,9 +6,11 @@ #ifndef __ALERT_UNIFIED2_ALERT_H__ #define __ALERT_UNIFIED2_ALERT_H__ +/** Unified2 Option packet action */ #define UNIFIED2_PACKET_FLAG 1 #define UNIFIED2_BLOCKED_FLAG 0x20 +/** Unified2 Header Types */ #define UNIFIED2_EVENT_TYPE 1 #define UNIFIED2_PACKET_TYPE 2 #define UNIFIED2_IDS_EVENT_TYPE 7 @@ -19,73 +21,7 @@ #define UNIFIED2_IDS_EVENT_MPLS_TYPE 99 #define UNIFIED2_IDS_EVENT_IPV6_MPLS_TYPE 100 -int Unified2Alert (ThreadVars *, Packet *, void *, PacketQueue *); -int Unified2AlertThreadInit(ThreadVars *, void *, void **); -int Unified2AlertThreadDeinit(ThreadVars *, void *); -int Unified2IPv4TypeAlert(ThreadVars *, Packet *, void *, PacketQueue *); -int Unified2IPv6TypeAlert(ThreadVars *, Packet *, void *, PacketQueue *); -int Unified2PacketTypeAlert(ThreadVars *, Packet *, void *); - -void Unified2RegisterTests(); void TmModuleUnified2AlertRegister (void); -typedef struct Unified2AlertThread_ { - FILE *fp; - uint32_t size_limit; - uint32_t size_current; -} Unified2AlertThread; - -typedef struct Unified2AlertFileHeader_ { - uint32_t type; - uint32_t length; -} Unified2AlertFileHeader; - -typedef struct AlertIPv4Unified2_ { - uint32_t sensor_id; - uint32_t event_id; - uint32_t event_second; - uint32_t event_microsecond; - uint32_t signature_id; - uint32_t generator_id; - uint32_t signature_revision; - uint32_t classification_id; - uint32_t priority_id; - uint32_t src_ip; - uint32_t dst_ip; - uint16_t sp; - uint16_t dp; - uint8_t protocol; - uint8_t packet_action; -} AlertIPv4Unified2; - -typedef struct AlertIPv6Unified2_ { - uint32_t sensor_id; - uint32_t event_id; - uint32_t event_second; - uint32_t event_microsecond; - uint32_t signature_id; - uint32_t generator_id; - uint32_t signature_revision; - uint32_t classification_id; - uint32_t priority_id; - struct in6_addr src_ip; - struct in6_addr dst_ip; - uint16_t sp; - uint16_t dp; - uint8_t protocol; - uint8_t packet_action; -} AlertIPv6Unified2; - -typedef struct AlertUnified2Packet_ { - uint32_t sensor_id; - uint32_t event_id; - uint32_t event_second; - uint32_t packet_second; - uint32_t packet_microsecond; - uint32_t linktype; - uint32_t packet_length; - uint8_t packet_data[4]; -} Unified2Packet; - #endif /* __ALERT_UNIFIED2_ALERT_H__ */