suricata
detect-engine-alert.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2011 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #ifndef __DETECT_ENGINE_ALERT_H__
25 #define __DETECT_ENGINE_ALERT_H__
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 #include "detect.h"
30 
31 void PacketAlertFinalize(DetectEngineCtx *, DetectEngineThreadCtx *, Packet *);
32 int PacketAlertAppend(DetectEngineThreadCtx *, const Signature *,
33  Packet *, uint64_t tx_id, uint8_t);
34 int PacketAlertCheck(Packet *, uint32_t);
35 int PacketAlertRemove(Packet *, uint16_t);
36 void PacketAlertTagInit(void);
37 PacketAlert *PacketAlertGetTag(void);
38 
39 #endif /* __DETECT_ENGINE_ALERT_H__ */
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:761
PacketAlertGetTag
PacketAlert * PacketAlertGetTag(void)
Definition: detect-engine-alert.c:53
PacketAlertRemove
int PacketAlertRemove(Packet *, uint16_t)
Remove alert from the p->alerts.alerts array at pos.
Definition: detect-engine-alert.c:161
decode.h
DetectEngineThreadCtx_
Definition: detect.h:1003
detect.h
Packet_
Definition: decode.h:408
PacketAlertCheck
int PacketAlertCheck(Packet *, uint32_t)
Check if a certain sid alerted, this is used in the test functions.
Definition: detect-engine-alert.c:138
PacketAlertAppend
int PacketAlertAppend(DetectEngineThreadCtx *, const Signature *, Packet *, uint64_t tx_id, uint8_t)
append a signature match to a packet
Definition: detect-engine-alert.c:188
suricata-common.h
PacketAlertTagInit
void PacketAlertTagInit(void)
Definition: detect-engine-alert.c:37
Signature_
Signature container.
Definition: detect.h:522
PacketAlertFinalize
void PacketAlertFinalize(DetectEngineCtx *, DetectEngineThreadCtx *, Packet *)
Check the threshold of the sigs that match, set actions, break on pass action This function iterate t...
Definition: detect-engine-alert.c:238
PacketAlert_
Definition: decode.h:270
tx_id
uint16_t tx_id
Definition: app-layer-dns-common.h:2