Initial import of svn+ssh:://svn.icir.org/bro/trunk/bro as of r7088

2025-10-02 14:48:21 +00:00 · 2010-09-27 20:42:30 -07:00 · 2010-09-27 20:42:30 -07:00 · 61757ac78b
commit 61757ac78b
1383 changed files with 380824 additions and 0 deletions
--- a/src/RuleAction.h
+++ b/src/RuleAction.h
@ -0,0 +1,80 @@
+// $Id: RuleAction.h 5880 2008-06-30 17:42:45Z vern $
+
+#ifndef ruleaction_h
+#define ruleaction_h
+
+#include "AnalyzerTags.h"
+#include "BroString.h"
+#include "List.h"
+#include "util.h"
+
+class Rule;
+class RuleEndpointState;
+
+// Base class of all rule actions.
+class RuleAction {
+public:
+	RuleAction()	{ }
+	virtual ~RuleAction()	{ }
+
+	virtual void DoAction(const Rule* parent, RuleEndpointState* state,
+				const u_char* data, int len) = 0;
+	virtual void PrintDebug() = 0;
+};
+
+// Implements the "event" keyword.
+class RuleActionEvent : public RuleAction {
+public:
+	RuleActionEvent(const char* arg_msg)	{ msg = copy_string(arg_msg); }
+	virtual ~RuleActionEvent()	{ delete [] msg; }
+
+	virtual void DoAction(const Rule* parent, RuleEndpointState* state,
+				const u_char* data, int len);
+
+	virtual void PrintDebug();
+
+private:
+	const char* msg;
+};
+
+// Base class for DPM enable/disable actions.
+class RuleActionDPM : public RuleAction {
+public:
+	RuleActionDPM(const char* analyzer);
+
+	virtual void DoAction(const Rule* parent, RuleEndpointState* state,
+			      const u_char* data, int len) = 0;
+
+	virtual void PrintDebug();
+
+	AnalyzerTag::Tag Analyzer() const { return analyzer; }
+	AnalyzerTag::Tag ChildAnalyzer() const { return child_analyzer; }
+
+private:
+	// FIXME: This is in fact an AnalyzerID but we can't include "Analyzer.h"
+	// at this point due to circular dependenides. Fix that!
+	AnalyzerTag::Tag analyzer;
+	AnalyzerTag::Tag child_analyzer;
+};
+
+class RuleActionEnable : public RuleActionDPM {
+public:
+	RuleActionEnable(const char* analyzer) : RuleActionDPM(analyzer)	{}
+
+	virtual void DoAction(const Rule* parent, RuleEndpointState* state,
+				const u_char* data, int len);
+
+	virtual void PrintDebug();
+};
+
+class RuleActionDisable : public RuleActionDPM {
+public:
+	RuleActionDisable(const char* analyzer) : RuleActionDPM(analyzer)	{}
+
+	virtual void DoAction(const Rule* parent, RuleEndpointState* state,
+				const u_char* data, int len);
+
+	virtual void PrintDebug();
+};
+
+#endif