#include "packet_io/active.h"
#include "ports/port_object.h"
#include "profiler/profiler_defs.h"
+#include "pub_sub/detection_events.h"
#include "reputation/reputation_common.h"
#include "sfip/sf_ipvar.h"
#include "stream/stream.h"
p->dsize = dsize;
}
+ IpsRuleEvent data_event(event, p);
+ DataBus::publish(DetectionEngine::get_pub_id(), DetectionEventIds::IPS_LOGGING, data_event, p->flow);
+
OutputSet* idx = head ? head->LogList : nullptr;
EventManager::call_loggers(idx, p, otn->sigInfo.message.c_str(), &event);
#include "parser/parser.h"
#include "profiler/profiler_defs.h"
#include "protocols/packet.h"
+#include "pub_sub/detection_events.h"
#include "stream/stream.h"
#include "time/packet_time.h"
#include "trace/trace_api.h"
static THREAD_LOCAL RegexOffload* offloader = nullptr;
bool DetectionEngine::offload_enabled = false;
+static unsigned de_pub_id = 0;
+
//--------------------------------------------------------------------------
// basic de
//--------------------------------------------------------------------------
}
}
+void DetectionEngine::init()
+{
+ assert(in_main_thread());
+ de_pub_id = DataBus::get_id(de_pub_key);
+}
+
void DetectionEngine::enable_offload()
{ offload_enabled = true; }
pc.log_limit += sfeventq_reset(pq);
}
+unsigned DetectionEngine::get_pub_id()
+{ return de_pub_id; }
+
~DetectionEngine();
public:
+ static void init();
static void thread_init();
static void thread_term();
static void wait_for_context();
+ static unsigned get_pub_id();
+
private:
static struct SF_EVENTQ* get_event_queue();
static bool do_offload(snort::Packet*);
#include "actions/ips_actions.h"
#include "codecs/codec_api.h"
#include "connectors/connectors.h"
+#include "detection/detection_engine.h"
#include "detection/fp_config.h"
#include "file_api/file_service.h"
#include "filters/detection_filter.h"
InitProtoNames();
DataBus::init();
+ DetectionEngine::init();
+
load_actions();
load_codecs();
load_connectors();
data_decrypt_event.h
daq_message_event.h
dcerpc_events.h
+ detection_events.h
dhcp_events.h
domain_fronting.h
eve_process_event.h
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2025 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// detection_events.h author Anna Norokh <anorokh@cisco.com>
+
+#ifndef DETECTION_EVENTS_H
+#define DETECTION_EVENTS_H
+
+#include "events/event.h"
+#include "framework/data_bus.h"
+
+namespace snort
+{
+
+struct DetectionEventIds
+{
+ enum : unsigned
+ {
+ IPS_LOGGING,
+ MAX
+ };
+};
+
+const PubKey de_pub_key { "detection", DetectionEventIds::MAX };
+
+class IpsRuleEvent : public DataEvent, public Event
+{
+public:
+ IpsRuleEvent(const Event& e, const Packet* p) : Event(e), p(p) {}
+
+ const snort::Packet* get_packet() const override
+ { return p; }
+
+private:
+ const Packet* p;
+};
+
+}
+#endif
projects / thirdparty / snort3.git / commitdiff
