alert.h

Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前

#ifndef __ALERT_HEADER_INCLUDED__
#define __ALERT_HEADER_INCLUDED__

#define RATE_SEC (100UL)
#define RATE_MIN (60UL*RATE_SEC)
#define RATE_HR  (60UL*RATE_MIN)
#define RATE_DAY (24UL*RATE_HR)

struct tokenbucket {
	unsigned long toks; /* tokens */
	unsigned long last_msg; /* time of last msg */
	unsigned long cost; /* max rate */
	unsigned long burst; /* burst */
	int missed; /* number of missed alerts */
};

#define init_generator(x,y) {NULL, x, y}
struct generator {
	struct generator	*next;
	char			*name;
	struct tokenbucket	*t;
};

#define init_alert(x, y, z, p) {x, y, z, p, {0, 0, 0, 0, 0}}
struct alert {
	char		*alert;
	u_int32_t	sid;
	u_int32_t	rev;
	u_int8_t	priority;

	/* Rate limiting */
	struct tokenbucket t;
};

#ifndef __PLUGIN__
void alert_conf_hook(char *);
void alert_conf_go(void);
void alert_init(void);
void alert_hup(void);
int alert_openlog(void);
struct generator *generator_find(char *);
#endif

#ifndef __PLUGIN__
void alert(struct generator*, struct packet *, struct alert *);
int generator_add(struct generator *);
#else
typedef void (*proc_alert)(struct generator*, struct packet *, struct alert *);
typedef int (*proc_generator_add)(struct generator *);
#endif

#endif /* __ALERT_HEADER_INCLUDED__ */