1 //--------------------------------------------------------------------------
2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 // Copyright (C) 2002-2013 Sourcefire, Inc.
4 // Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
5 //
6 // This program is free software; you can redistribute it and/or modify it
7 // under the terms of the GNU General Public License Version 2 as published
8 // by the Free Software Foundation.  You may not use, modify or distribute
9 // this program under any other version of the GNU General Public License.
10 //
11 // This program is distributed in the hope that it will be useful, but
12 // WITHOUT ANY WARRANTY; without even the implied warranty of
13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 // General Public License for more details.
15 //
16 // You should have received a copy of the GNU General Public License along
17 // with this program; if not, write to the Free Software Foundation, Inc.,
18 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19 //--------------------------------------------------------------------------
20 
21 #ifndef EVENT_H
22 #define EVENT_H
23 
24 #include "main/thread.h"
25 
26 struct SigInfo;
27 
28 /* we must use fixed size of 32 bits, because on-disk
29  * format of savefiles uses 32-bit tv_sec (and tv_usec)
30  */
31 struct sf_timeval32
32 {
33     uint32_t tv_sec;      /* seconds */
34     uint32_t tv_usec;     /* microseconds */
35 };
36 
37 struct Event
38 {
39     SigInfo* sig_info = nullptr;
40     struct sf_timeval32 ref_time = { 0, 0 };   /* reference time for the event reference */
41     const char* alt_msg = nullptr;
42 
43     Event() = default;
EventEvent44     Event(SigInfo& si)
45     { sig_info = &si; }
46 
get_event_idEvent47     uint32_t get_event_id() const { return event_id; }
set_event_idEvent48     void set_event_id(uint32_t id) { event_id = id; }
49 
get_event_referenceEvent50     uint32_t get_event_reference() const { return event_reference; }
set_event_referenceEvent51     void set_event_reference(uint32_t ref) { event_reference = ref; }
52 
53     void update_event_id(uint16_t log_id);
54     void update_event_id_and_ref(uint16_t log_id);
55 
56     void set_event(uint32_t gid, uint32_t sid, uint32_t rev,
57         uint32_t classification, uint32_t priority, uint16_t event_ref,
58         uint16_t log_id, const struct timeval& tv);
59 
60 
61 private:
62     uint32_t event_id = 0;
63     uint32_t event_reference = 0; // reference to other events that have gone off,
64                                   // such as in the case of tagged packets...
65 };
66 
67 uint16_t get_event_id();
68 void incr_event_id();
69 
70 #endif
71 
72