aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/suricata/src/detect-threshold.h
diff options
context:
space:
mode:
Diffstat (limited to 'framework/src/suricata/src/detect-threshold.h')
-rw-r--r--framework/src/suricata/src/detect-threshold.h95
1 files changed, 95 insertions, 0 deletions
diff --git a/framework/src/suricata/src/detect-threshold.h b/framework/src/suricata/src/detect-threshold.h
new file mode 100644
index 00000000..50e1d270
--- /dev/null
+++ b/framework/src/suricata/src/detect-threshold.h
@@ -0,0 +1,95 @@
+/* Copyright (C) 2007-2013 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Breno Silva <breno.silva@gmail.com>
+ */
+
+#ifndef __DETECT_THRESHOLD_H__
+#define __DETECT_THRESHOLD_H__
+
+#include "decode-events.h"
+#include "decode-ipv4.h"
+#include "decode-tcp.h"
+
+#define TYPE_LIMIT 1
+#define TYPE_BOTH 2
+#define TYPE_THRESHOLD 3
+#define TYPE_DETECTION 4
+#define TYPE_RATE 5
+#define TYPE_SUPPRESS 6
+
+#define TRACK_DST 1
+#define TRACK_SRC 2
+#define TRACK_RULE 3
+#define TRACK_EITHER 4 /**< either src or dst: only used by suppress */
+
+/* Get the new action to take */
+#define TH_ACTION_ALERT 0x01
+#define TH_ACTION_DROP 0x02
+#define TH_ACTION_PASS 0x04
+#define TH_ACTION_LOG 0x08
+#define TH_ACTION_SDROP 0x10
+#define TH_ACTION_REJECT 0x20
+
+/**
+ * \typedef DetectThresholdData
+ * A typedef for DetectThresholdData_
+ */
+
+typedef struct DetectThresholdData_ {
+ uint32_t count; /**< Event count */
+ uint32_t seconds; /**< Event seconds */
+ uint8_t type; /**< Threshold type : limit , threshold, both, detection_filter */
+ uint8_t track; /**< Track type: by_src, by_dst */
+ uint8_t new_action; /**< new_action alert|drop|pass|log|sdrop|reject */
+ uint32_t timeout; /**< timeout */
+ uint32_t flags; /**< flags used to set option */
+ DetectAddressHead addrs;
+} DetectThresholdData;
+
+typedef struct DetectThresholdEntry_ {
+ uint32_t sid; /**< Signature id */
+ uint32_t gid; /**< Signature group id */
+
+ uint32_t tv_timeout; /**< Timeout for new_action (for rate_filter)
+ its not "seconds", that define the time interval */
+ uint32_t seconds; /**< Event seconds */
+ uint32_t tv_sec1; /**< Var for time control */
+ uint32_t tv_usec1; /**< Var for time control */
+ uint32_t current_count; /**< Var for count control */
+ int track; /**< Track type: by_src, by_src */
+
+ struct DetectThresholdEntry_ *next;
+} DetectThresholdEntry;
+
+
+/**
+ * Registration function for threshold: keyword
+ */
+
+void DetectThresholdRegister(void);
+
+/**
+ * This function registers unit tests for Threshold
+ */
+
+void ThresholdRegisterTests(void);
+
+#endif /*__DETECT_THRESHOLD_H__ */