-/* @(#) $Id: rules.h,v 1.41 2009/06/24 17:06:22 dcid Exp $ */
+/* @(#) $Id$ */
/* Copyright (C) 2009 Trend Micro Inc.
* All right reserved.
*
* This program is a free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
- * License (version 3) as published by the FSF - Free Software
+ * License (version 2) as published by the FSF - Free Software
* Foundation
*/
#include "shared.h"
#include "active-response.h"
+#include "lists.h"
+
/* Event context - stored on a uint8 */
#define SAME_USER 0x001 /* 1 */
#define DIFFERENT_URL 0x010 /* */
#define SAME_SRCPORT 0x020
#define SAME_DSTPORT 0x040
+#define SAME_DODIFF 0x100
#define NOT_SAME_USER 0xffe /* 0xfff - 0x001 */
#define NOT_SAME_SRCIP 0xffd /* 0xfff - 0x002 */
#define NOT_SAME_ID 0xffb /* 0xfff - 0x004 */
#define DO_FTS 0x001
#define DO_MAILALERT 0x002
#define DO_LOGALERT 0x004
+#define NO_AR 0x008
#define NO_ALERT 0x010
#define DO_OVERWRITE 0x020
#define DO_PACKETINFO 0x040
#define DO_EXTRAINFO 0x100
#define SAME_EXTRAINFO 0x200
+#define RULE_MASTER 1
+#define RULE_SRCIP 2
+#define RULE_SRCPORT 4
+#define RULE_DSTIP 8
+#define RULE_DSTPORT 16
+#define RULE_USER 32
+#define RULE_URL 64
+#define RULE_ID 128
+#define RULE_HOSTNAME 256
+#define RULE_PROGRAM_NAME 512
+#define RULE_STATUS 1024
+#define RULE_ACTION 2048
+
+
+#define RULEINFODETAIL_TEXT 0
+#define RULEINFODETAIL_LINK 1
+#define RULEINFODETAIL_CVE 2
+#define RULEINFODETAIL_OSVDB 3
+#define RULEINFODETAIL_BUGTRACK 4
+
+#define MAX_RULEINFODETAIL 32
+
+typedef struct _RuleInfoDetail
+{
+ int type;
+ char *data;
+ struct _RuleInfoDetail *next;
+}RuleInfoDetail;
typedef struct _RuleInfo
{
char *comment; /* description in the xml */
char *info;
char *cve;
+ RuleInfoDetail *info_details;
+ ListRule *lists;
char *if_sid;
char *if_level;
RuleInfo *currently_rule; /* */
+RuleInfoDetail *zeroinfodetails(int type, char *data);
+int get_info_attributes(char **attributes, char **values);
+
/* RuleInfo functions */
RuleInfo *zerorulemember(int id,
int level,