#include "event.h"#include "decode.h"#include "signature.h"#include "parser/IpAddrSet.h"#include "spo_plugbase.h"Go to the source code of this file.
Defines | |
| #define | RULE_LOG 0 |
| #define | RULE_PASS 1 |
| #define | RULE_ALERT 2 |
| #define | RULE_VAR 3 |
| #define | RULE_INCLUDE 4 |
| #define | RULE_PREPROCESS 5 |
| #define | RULE_OUTPUT 6 |
| #define | RULE_ACTIVATE 7 |
| #define | RULE_DYNAMIC 8 |
| #define | RULE_CONFIG 9 |
| #define | RULE_DECLARE 10 |
| #define | RULE_THRESHOLD 11 |
| #define | RULE_SUPPRESS 12 |
| #define | RULE_UNKNOWN 13 |
| #define | RULE_DROP 14 |
| #define | RULE_SDROP 15 |
| #define | RULE_REJECT 16 |
| #define | RULE_REJECTBOTH 17 |
| #define | RULE_REJECTSRC 18 |
| #define | RULE_REJECTDST 19 |
| #define | RULE_REINJECT 20 |
| #define | EXCEPT_SRC_IP 0x01 |
| #define | EXCEPT_DST_IP 0x02 |
| #define | ANY_SRC_PORT 0x04 |
| #define | ANY_DST_PORT 0x08 |
| #define | ANY_FLAGS 0x10 |
| #define | EXCEPT_SRC_PORT 0x20 |
| #define | EXCEPT_DST_PORT 0x40 |
| #define | BIDIRECTIONAL 0x80 |
| #define | ANY_SRC_IP 0x100 |
| #define | ANY_DST_IP 0x200 |
| #define | EXCEPT_IP 0x01 |
| #define | R_FIN 0x01 |
| #define | R_SYN 0x02 |
| #define | R_RST 0x04 |
| #define | R_PSH 0x08 |
| #define | R_ACK 0x10 |
| #define | R_URG 0x20 |
| #define | R_RES2 0x40 |
| #define | R_RES1 0x80 |
| #define | MODE_EXIT_ON_MATCH 0 |
| #define | MODE_FULL_SEARCH 1 |
| #define | CHECK_SRC 0x01 |
| #define | CHECK_DST 0x02 |
| #define | INVERSE 0x04 |
| #define | SESSION_PRINTABLE 1 |
| #define | SESSION_ALL 2 |
| #define | RESP_RST_SND 0x01 |
| #define | RESP_RST_RCV 0x02 |
| #define | RESP_BAD_NET 0x04 |
| #define | RESP_BAD_HOST 0x08 |
| #define | RESP_BAD_PORT 0x10 |
| #define | MODE_EXIT_ON_MATCH 0 |
| #define | MODE_FULL_SEARCH 1 |
| #define | SRC 0 |
| #define | DST 1 |
| #define | PARSERULE_SIZE 8192 |
| #define | VAR_STATIC 1 |
Typedefs | |
| typedef _RuleFpList | RuleFpList |
| typedef _OptFpList | OptFpList |
| typedef _RspFpList | RspFpList |
| typedef _TagData | TagData |
| typedef _OptTreeNode | OptTreeNode |
| typedef _ActivateList | ActivateList |
| typedef _RuleTreeNode | RuleTreeNode |
| typedef _ListHead | ListHead |
| typedef _RuleListNode | RuleListNode |
|
|
Definition at line 73 of file rules.h. Referenced by AddrToFunc(), and ProcessIP(). |
|
|
Definition at line 67 of file rules.h. Referenced by CheckAddrPort(), DumpChain(), fpCreateFastPacketDetection(), ParseRule(), PortscanPreprocFunction(), and SetupRTNFuncList(). |
|
|
|
|
|
Definition at line 72 of file rules.h. Referenced by AddrToFunc(), and ProcessIP(). |
|
|
Definition at line 66 of file rules.h. Referenced by CheckAddrPort(), DumpChain(), fpCreateFastPacketDetection(), IsServer(), ParseRule(), ScanParseIp(), and SetupRTNFuncList(). |
|
|
Definition at line 71 of file rules.h. Referenced by fpCreateFastPacketDetection(), fpEvalRTN(), fpEvalRTNSW(), ParseRule(), and SetupRTNFuncList(). |
|
|
Definition at line 90 of file rules.h. Referenced by CheckBidirectional(), and PortscanPreprocFunction(). |
|
|
Definition at line 89 of file rules.h. Referenced by CheckAddrPort(), CheckBidirectional(), IsIgnored(), and IsServer(). |
|
|
Definition at line 106 of file rules.h. Referenced by AddrToFunc(), AllocAddrNode(), ParseRule(), PortToFunc(), ProcessIP(), and SetupRTNFuncList(). |
|
|
Definition at line 65 of file rules.h. Referenced by CheckAddrPort(), CheckDstIP(), DumpChain(), PortscanParseIP(), and ProcessIP(). |
|
|
Definition at line 70 of file rules.h. Referenced by CheckAddrPort(), DumpChain(), fpEvalRTN(), fpEvalRTNSW(), ParseRule(), ProcessHeadNode(), and SetupRTNFuncList(). |
|
|
|
|
|
Definition at line 64 of file rules.h. Referenced by CheckAddrPort(), CheckSrcIP(), DumpChain(), ProcessIP(), and ScanParseIp(). |
|
|
Definition at line 69 of file rules.h. Referenced by CheckAddrPort(), DumpChain(), ParseRule(), ScanParseIp(), and SetupRTNFuncList(). |
|
|
Definition at line 91 of file rules.h. Referenced by CheckAddrPort(), and CheckBidirectional(). |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Definition at line 109 of file rules.h. Referenced by ExpandVars(), ParseRule(), and ParseRulesFile(). |
|
|
Definition at line 81 of file rules.h. Referenced by CheckTCPFlags(), and ParseTCPFlags(). |
|
|
Definition at line 77 of file rules.h. Referenced by CheckTCPFlags(), and ParseTCPFlags(). |
|
|
Definition at line 80 of file rules.h. Referenced by CheckTCPFlags(), and ParseTCPFlags(). |
|
|
Definition at line 84 of file rules.h. Referenced by CheckTCPFlags(), and ParseTCPFlags(). |
|
|
Definition at line 83 of file rules.h. Referenced by CheckTCPFlags(), and ParseTCPFlags(). |
|
|
Definition at line 79 of file rules.h. Referenced by CheckTCPFlags(), and ParseTCPFlags(). |
|
|
Definition at line 78 of file rules.h. Referenced by CheckTCPFlags(), and ParseTCPFlags(). |
|
|
Definition at line 82 of file rules.h. Referenced by CheckTCPFlags(), and ParseTCPFlags(). |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Definition at line 49 of file rules.h. Referenced by CreateDefaultRules(), fpLogEvent(), ParseRule(), ParseRuleTypeDeclaration(), and RuleType(). |
|
|
Definition at line 44 of file rules.h. Referenced by CreateDefaultRules(), fpLogEvent(), ParseRule(), ParseRuleTypeDeclaration(), and RuleType(). |
|
|
Definition at line 51 of file rules.h. Referenced by ParseRule(), and RuleType(). |
|
|
Definition at line 52 of file rules.h. Referenced by ParseRule(), and RuleType(). |
|
|
Definition at line 56 of file rules.h. Referenced by CreateDefaultRules(), fpEvalOTN(), fpLogEvent(), ParseRule(), and RuleType(). |
|
|
Definition at line 50 of file rules.h. Referenced by CreateDefaultRules(), fpEvalOTN(), fpEvalRTN(), fpEvalRTNSW(), fpLogEvent(), ParseRule(), ParseRuleOptions(), ParseRuleTypeDeclaration(), and RuleType(). |
|
|
Definition at line 46 of file rules.h. Referenced by ParseRule(), and RuleType(). |
|
|
Definition at line 42 of file rules.h. Referenced by CreateDefaultRules(), fpLogEvent(), ParseRule(), ParseRuleTypeDeclaration(), and RuleType(). |
|
|
Definition at line 48 of file rules.h. Referenced by ParseRule(), ParseRuleTypeDeclaration(), and RuleType(). |
|
|
Definition at line 43 of file rules.h. Referenced by CreateDefaultRules(), fpLogEvent(), ParseRule(), ParseRuleTypeDeclaration(), and RuleType(). |
|
|
Definition at line 47 of file rules.h. Referenced by ParseRule(), and RuleType(). |
|
|
Definition at line 62 of file rules.h. Referenced by CreateDefaultRules(), fpLogEvent(), ParseRule(), and RuleType(). |
|
|
Definition at line 58 of file rules.h. Referenced by CreateDefaultRules(), fpLogEvent(), ParseRule(), and RuleType(). |
|
|
Definition at line 59 of file rules.h. Referenced by CreateDefaultRules(), fpLogEvent(), ParseRule(), and RuleType(). |
|
|
Definition at line 61 of file rules.h. Referenced by CreateDefaultRules(), fpLogEvent(), ParseRule(), and RuleType(). |
|
|
Definition at line 60 of file rules.h. Referenced by CreateDefaultRules(), fpLogEvent(), ParseRule(), and RuleType(). |
|
|
Definition at line 57 of file rules.h. Referenced by CreateDefaultRules(), fpEvalOTN(), fpLogEvent(), ParseRule(), and RuleType(). |
|
|
Definition at line 54 of file rules.h. Referenced by ParseRule(), and RuleType(). |
|
|
Definition at line 53 of file rules.h. Referenced by ParseRule(), and RuleType(). |
|
|
Definition at line 55 of file rules.h. Referenced by checkKeyword(), ParseRule(), and RuleType(). |
|
|
Definition at line 45 of file rules.h. Referenced by ParseRule(), and RuleType(). |
|
|
|
|
|
|
|
|
Definition at line 105 of file rules.h. Referenced by AddrToFunc(), AllocAddrNode(), ParseRule(), PortToFunc(), ProcessIP(), and SetupRTNFuncList(). |
|
|
Definition at line 305 of file rules.h. Referenced by ParseCmdLine(), and VarDefine(). |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1.4.2