Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src

event_queue.h File Reference

#include "decode.h"

Go to the source code of this file.

Defines

#define SNORT_EVENTQ_PRIORITY   1
#define SNORT_EVENTQ_CONTENT_LEN   2

Typedefs

typedef s_SNORT_EVENTQ_USER SNORT_EVENTQ_USER
typedef s_SNORT_EVENT_QUEUE SNORT_EVENT_QUEUE
typedef _EventNode EventNode

Functions

int SnortEventqInit (void)
void SnortEventqReset (void)
int SnortEventqLog (Packet *)
int SnortEventqAdd (unsigned int gid, unsigned int sid, unsigned int rev, unsigned int classification, unsigned int pri, char *msg, void *rule_info)

Define Documentation

#define SNORT_EVENTQ_CONTENT_LEN   2
 

Definition at line 7 of file event_queue.h.

Referenced by ProcessEventQueue(), and SnortEventqInit().

#define SNORT_EVENTQ_PRIORITY   1
 

Definition at line 6 of file event_queue.h.

Referenced by ProcessEventQueue(), and SnortEventqInit().

Typedef Documentation

typedef struct _EventNode EventNode
 

typedef struct s_SNORT_EVENT_QUEUE SNORT_EVENT_QUEUE
 

typedef struct s_SNORT_EVENTQ_USER SNORT_EVENTQ_USER
 

Function Documentation

int SnortEventqAdd unsigned int  gid,
unsigned int  sid,
unsigned int  rev,
unsigned int  classification,
unsigned int  pri,
char *  msg,
void *  rule_info
 

Definition at line 30 of file event_queue.c.

References _EventNode::classification, _EventNode::gid, _EventNode::msg, _EventNode::priority, _EventNode::rev, _EventNode::rule_info, sfeventq_add(), sfeventq_event_alloc(), and _EventNode::sid.

Referenced by BoFind(), BoGetDirection(), CheckRst(), ConvFunc(), CreateNewSession(), DecodeARP(), DecodeEAP(), DecodeEapol(), DecodeEapolKey(), DecodeICMP(), DecodeIEEE80211Pkt(), DecodeIP(), DecodeIPOptions(), DecodePPPoEPkt(), DecodeTCP(), DecodeTCPOptions(), DecodeTRPkt(), DecodeUDP(), DecodeVlan(), DetectARPattacks(), EventAnomBadsizeLg(), EventAnomBadsizeSm(), EventAnomIpOpts(), EventAnomOverlap(), EventAnomOversize(), EventAnomShortFrag(), EventAnomZeroFrag(), EventAttackTeardrop(), fpFinalSelectEvent(), Frag2Defrag(), InsertFrag(), IPHdrTests(), LogEvents(), ParseXLink2State(), PreprocRpcDecode(), ReassembleStream4(), StoreStreamPkt(), TcpAction(), and TcpActionAsync().

int SnortEventqInit void   ) 
 

Definition at line 127 of file event_queue.c.

References FatalError(), int(), s_SNORT_EVENT_QUEUE::log_events, s_SNORT_EVENT_QUEUE::max_events, NULL, s_SNORT_EVENT_QUEUE::order, OrderContentLength(), OrderPriority(), sfeventq_init(), SNORT_EVENTQ_CONTENT_LEN, and SNORT_EVENTQ_PRIORITY.

Referenced by SnortMain().

int SnortEventqLog Packet p  ) 
 

We return whether we logged events or not. We've add a eventq user structure so we can track whether the events logged we're rule events or preprocessor/decoder events. The reason being that we don't want to flush a TCP stream for preprocessor/decoder events, and cause early flushing of the stream.

Returns:
1 logged events

0 did not log events or logged only decoder/preprocessor events

Definition at line 205 of file event_queue.c.

References LogSnortEvents(), s_SNORT_EVENTQ_USER::pkt, s_SNORT_EVENTQ_USER::rule_alert, and sfeventq_action().

Referenced by Preprocess().

void SnortEventqReset void   ) 
 

Definition at line 221 of file event_queue.c.

References sfeventq_reset().

Referenced by PcapProcessPacket(), and Preprocess().

Generated on Sun May 14 14:51:23 2006 by  doxygen 1.4.2