1 /*
2  * ftpp_eo.h
3  *
4  * Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
5  * Copyright (C) 2004-2013 Sourcefire, Inc.
6  * Steven A. Sturges <ssturges@sourcefire.com>
7  * Daniel J. Roelker <droelker@sourcefire.com>
8  * Marc A. Norton <mnorton@sourcefire.com>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License Version 2 as
12  * published by the Free Software Foundation.  You may not use, modify or
13  * distribute this program under any other version of the GNU General
14  * Public License.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software
23  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
24  *
25  * Description:
26  *
27  * Contains the data structures, event types, specific events,
28  * and function prototypes for the Event Output Module.
29  *
30  * This file is key to alerting with FTPTelnet.  It contains the header
31  * file with all the individual alerts.
32  *
33  * The Event Output Module provides a mechanism to queue HttpInspect events
34  * and prioritize them.  The Event Output Module does not actually log the
35  * events, but tracks them per session/packet.  The user program needs to
36  * do the actual logging of events.
37  *
38  * Each event contains the type of event, the priority of the event, and
39  * any data that is associated with the event.
40  *
41  * NOTES:
42  * - 20.09.04:  Initial Development.  SAS
43  *
44  */
45 #ifndef __FTPP_EO_H__
46 #define __FTPP_EO_H__
47 
48 #include "ftpp_include.h"
49 #include "ftpp_eo_events.h"
50 
51 /*
52  * We hold the type of alert, the priority of the alert
53  * and any data associated with this alert.
54  */
55 typedef struct s_FTPP_EVENT_INFO
56 {
57     int alert_id;               /* the alert id */
58     int alert_sid;              /* the unique sid */
59     int classification;         /* classification */
60     int priority;               /* the alert priority, 0 = highest */
61     char *alert_str;            /* the alert string */
62 
63 } FTPP_EVENT_INFO;
64 
65 typedef struct s_FTPP_EVENT
66 {
67     FTPP_EVENT_INFO *event_info;
68     int  count;                 /* number of times event occurred in session */
69     void *data;                 /* generic ptr to data */
70     void (*free_data)(void *);  /* function to free data */
71 
72 } FTPP_EVENT;
73 
74 /*
75  * This is a generic structure to translate different event types to
76  * the same structure.  This helps when logging the different types
77  * of events.
78  */
79 typedef struct s_FTPP_GEN_EVENTS
80 {
81     int *stack;
82     int stack_count;
83     FTPP_EVENT *events;
84 
85 } FTPP_GEN_EVENTS;
86 
87 /*
88  * The idea behind this event storage structure is that we use a
89  * simple stack to tell us which events we have set, so we don't
90  * set an event twice and can access the events very easily.
91  */
92 typedef struct s_FTP_EVENTS
93 {
94     int stack[FTP_EO_EVENT_NUM];
95     int stack_count;
96     FTPP_EVENT events[FTP_EO_EVENT_NUM];
97 
98 } FTP_EVENTS;
99 
100 /*
101  * The idea behind this event storage structure is that we use a
102  * simple stack to tell us which events we have set, so we don't
103  * set an event twice and can access the events very easily.
104  */
105 typedef struct s_TELNET_EVENTS
106 {
107     int stack[TELNET_EO_EVENT_NUM];
108     int stack_count;
109     FTPP_EVENT events[TELNET_EO_EVENT_NUM];
110 
111 } TELNET_EVENTS;
112 #endif
113