int _seze(int elen, double *e, double b, double *h)
{
double Q, sum, hh, product1, product0, enow, _bvr, _avr, _brn, _arn, c;
double abig, ahi, alo, bhi, blo, err1, err2, err3;
int eindex, hindex;
SPLT(b, bhi, blo);
TPP(e[0], b, bhi, blo, Q, hh);
hindex = 0;
if (hh != 0) {
h[hindex++] = hh;
}
for (eindex = 1; eindex < elen; eindex++) {
enow = e[eindex];
TPP(enow, b, bhi, blo, product1, product0);
TWS(Q, product0, sum, hh);
if (hh != 0) {
h[hindex++] = hh;
}
FTS(product1, sum, Q, hh);
if (hh != 0) {
h[hindex++] = hh;
}
}
if ((Q != 0.0) || (hindex == 0)) {
h[hindex++] = Q;
}
return hindex;
}
void Keyboard_GL(unsigned char fKey, int fX, int fY)
{
// Dummy
if (fX | fY | fKey) {}
switch(fKey)
{
case 27:
INFO("EXETING ... ");
EXIT(0);
break;
case ' ':
ToggleColorCube = !ToggleColorCube;
INFO("Toggling the color cube and the volume");
break;
case 'x':
rotationActive = !rotationActive;
INFO("Auto rotation is active");
break;
case '[':
samplingStep += 1.0 / 2048.0;
INFO("Sampling step : " + FTS(samplingStep));
break;
case ']':
samplingStep -= 1.0 / 2048.0;
INFO("Sampling step : " + FTS(samplingStep));
break;
case 'q':
rValueTF -= 0.05;
INFO("Red : " + FTS(rValueTF));
UpdateScene();
break;
case 'Q':
rValueTF += 0.05;
INFO("Red : " + FTS(rValueTF));
UpdateScene();
break;
case 'w':
gValueTF -= 0.05;
INFO("Green : " + FTS(gValueTF));
UpdateScene();
break;
case 'W':
gValueTF += 0.05;
INFO("Green : " + FTS(gValueTF));
UpdateScene();
break;
case 'e':
bValueTF -= 0.05;
INFO("Blue : " + FTS(bValueTF));
UpdateScene();
break;
case 'E':
bValueTF += 0.05;
INFO("Blue : " + FTS(bValueTF));
UpdateScene();
break;
case 'r':
aValueTF -= 0.05;
INFO("Alpha : " + FTS(aValueTF));
UpdateScene();
break;
case 'R':
aValueTF += 0.05;
INFO("Alpha : " + FTS(aValueTF));
UpdateScene();
break;
case 't':
desityThresholdTF -= 1;
INFO("Threshold : " + FTS(desityThresholdTF));
UpdateScene();
break;
case 'T':
desityThresholdTF += 1;
INFO("Threshold : " + FTS(desityThresholdTF));
UpdateScene();
break;
case 'z':
zoomValue *= 1.1;
INFO("Zoom : " + FTS(zoomValue));
break;
case 'Z':
zoomValue /= 1.1;
INFO("Zoom : " + FTS(zoomValue));
break;
case 'a':
rotateX += 5;
INFO("rotateX : " + FTS(rotateX));
break;
case 'A':
rotateX -= 5;
INFO("rotateX : " + FTS(rotateX));
break;
case 's':
rotateY += 5;
INFO("rotateY : " + FTS(rotateY));
break;
case 'S':
rotateY -= 5;
INFO("rotateY : " + FTS(rotateY));
break;
case 'd':
rotateZ += 5;
INFO("rotateZ : " + FTS(rotateZ));
break;
case 'D':
rotateZ -= 5;
INFO("rotateZ : " + FTS(rotateZ));
break;
// Default case
default:
break;
}
glutPostRedisplay();
}
/* CheckIfRuleMatch v0.1
* Will check if the currently_rule matches the event information
*/
RuleInfo *OS_CheckIfRuleMatch(Eventinfo *lf, RuleNode *curr_node)
{
/* We check for:
* decoded_as,
* fts,
* word match (fast regex),
* regex,
* url,
* id,
* user,
* maxsize,
* protocol,
* srcip,
* dstip,
* srcport,
* dstport,
* time,
* weekday,
* status,
*/
RuleInfo *currently_rule = curr_node->ruleinfo;
/* Can't be null */
if(!currently_rule)
{
merror("%s: Inconsistent state. currently rule NULL", ARGV0);
return(NULL);
}
#ifdef TESTRULE
if(full_output && !alert_only)
print_out(" Trying rule: %d - %s", currently_rule->sigid,
currently_rule->comment);
#endif
/* Checking if any decoder pre-matched here */
if(currently_rule->decoded_as &&
currently_rule->decoded_as != lf->decoder_info->id)
{
return(NULL);
}
/* Checking program name */
if(currently_rule->program_name)
{
if(!lf->program_name)
return(NULL);
if(!OSMatch_Execute(lf->program_name,
lf->p_name_size,
currently_rule->program_name))
return(NULL);
}
/* Checking for the id */
if(currently_rule->id)
{
if(!lf->id)
{
return(NULL);
}
if(!OSMatch_Execute(lf->id,
strlen(lf->id),
currently_rule->id))
return(NULL);
#ifdef CDBLOOKUP
#endif
}
/* Checking if any word to match exists */
if(currently_rule->match)
{
if(!OSMatch_Execute(lf->log, lf->size, currently_rule->match))
return(NULL);
}
/* Checking if exist any regex for this rule */
if(currently_rule->regex)
{
if(!OSRegex_Execute(lf->log, currently_rule->regex))
return(NULL);
}
/* Checking for actions */
if(currently_rule->action)
{
if(!lf->action)
return(NULL);
if(strcmp(currently_rule->action,lf->action) != 0)
return(NULL);
}
/* Checking for the url */
if(currently_rule->url)
{
if(!lf->url)
{
return(NULL);
}
if(!OSMatch_Execute(lf->url, strlen(lf->url), currently_rule->url))
{
return(NULL);
}
#ifdef CDBLOOKUP
#endif
}
/* Getting tcp/ip packet information */
if(currently_rule->alert_opts & DO_PACKETINFO)
{
/* Checking for the srcip */
if(currently_rule->srcip)
{
if(!lf->srcip)
{
return(NULL);
}
if(!OS_IPFoundList(lf->srcip, currently_rule->srcip))
{
return(NULL);
}
#ifdef CDBLOOKUP
#endif
}
/* Checking for the dstip */
if(currently_rule->dstip)
{
if(!lf->dstip)
{
return(NULL);
}
if(!OS_IPFoundList(lf->dstip, currently_rule->dstip))
{
return(NULL);
}
#ifdef CDBLOOKUP
#endif
}
if(currently_rule->srcport)
{
if(!lf->srcport)
{
return(NULL);
}
if(!OSMatch_Execute(lf->srcport,
strlen(lf->srcport),
currently_rule->srcport))
{
return(NULL);
}
#ifdef CDBLOOKUP
#endif
}
if(currently_rule->dstport)
{
if(!lf->dstport)
{
return(NULL);
}
if(!OSMatch_Execute(lf->dstport,
strlen(lf->dstport),
currently_rule->dstport))
{
return(NULL);
}
#ifdef CDBLOOKUP
#endif
}
} /* END PACKET_INFO */
/* Extra information from event */
if(currently_rule->alert_opts & DO_EXTRAINFO)
{
/* Checking compiled rule. */
if(currently_rule->compiled_rule)
{
if(!currently_rule->compiled_rule(lf))
{
return(NULL);
}
}
/* Checking if exist any user to match */
if(currently_rule->user)
{
if(lf->dstuser)
{
if(!OSMatch_Execute(lf->dstuser,
strlen(lf->dstuser),
currently_rule->user))
return(NULL);
}
else if(lf->srcuser)
{
if(!OSMatch_Execute(lf->srcuser,
strlen(lf->srcuser),
currently_rule->user))
return(NULL);
}
else
#ifdef CDBLOOKUP
#endif
{
/* no user set */
return(NULL);
}
}
/* Checking if any rule related to the size exist */
if(currently_rule->maxsize)
{
if(lf->size < currently_rule->maxsize)
return(NULL);
}
/* Checking if we are in the right time */
if(currently_rule->day_time)
{
if(!OS_IsonTime(lf->hour, currently_rule->day_time))
{
return(NULL);
}
}
/* Checking week day */
if(currently_rule->week_day)
{
if(!OS_IsonDay(__crt_wday, currently_rule->week_day))
{
return(NULL);
}
}
/* Getting extra data */
if(currently_rule->extra_data)
{
if(!lf->data)
return(NULL);
if(!OSMatch_Execute(lf->data,
strlen(lf->data),
currently_rule->extra_data))
return(NULL);
}
/* Checking hostname */
if(currently_rule->hostname)
{
if(!lf->hostname)
return(NULL);
if(!OSMatch_Execute(lf->hostname,
strlen(lf->hostname),
currently_rule->hostname))
return(NULL);
}
/* Checking for status */
if(currently_rule->status)
{
if(!lf->status)
return(NULL);
if(!OSMatch_Execute(lf->status,
strlen(lf->status),
currently_rule->status))
return(NULL);
}
/* Do diff check. */
if(currently_rule->context_opts & SAME_DODIFF)
{
if(!doDiff(currently_rule, lf))
{
return(NULL);
}
}
}
/* Checking for the FTS flag */
if(currently_rule->alert_opts & DO_FTS)
{
/** FTS CHECKS **/
if(lf->decoder_info->fts)
{
if(lf->decoder_info->fts & FTS_DONE)
{
/* We already did the fts in here. */
}
else if(!FTS(lf))
{
return(NULL);
}
}
else
{
return(NULL);
}
}
/* List lookups */
if(currently_rule->lists != NULL)
{
ListRule *list_holder=currently_rule->lists;
while(list_holder)
{
switch(list_holder->field)
{
case RULE_SRCIP:
if(!lf->srcip)
return(NULL);
if(!OS_DBSearch(list_holder,lf->srcip))
return(NULL);
break;
case RULE_SRCPORT:
if(!lf->srcport)
return(NULL);
if(!OS_DBSearch(list_holder,lf->srcport))
return(NULL);
break;
case RULE_DSTIP:
if(!lf->dstip)
return(NULL);
if(!OS_DBSearch(list_holder,lf->dstip))
return(NULL);
break;
case RULE_DSTPORT:
if(!lf->dstport)
return(NULL);
if(!OS_DBSearch(list_holder,lf->dstport))
return(NULL);
break;
case RULE_USER:
if(lf->srcuser)
{
if(!OS_DBSearch(list_holder,lf->srcuser))
return(NULL);
}
else if(lf->dstuser)
{
if(!OS_DBSearch(list_holder,lf->dstuser))
return(NULL);
}
else
{
return(NULL);
}
break;
case RULE_URL:
if(!lf->url)
return(NULL);
if(!OS_DBSearch(list_holder,lf->url))
return(NULL);
break;
case RULE_ID:
if(!lf->id)
return(NULL);
if(!OS_DBSearch(list_holder,lf->id))
return(NULL);
break;
case RULE_HOSTNAME:
if(!lf->hostname)
return(NULL);
if(!OS_DBSearch(list_holder,lf->hostname))
return(NULL);
break;
case RULE_PROGRAM_NAME:
if(!lf->program_name)
return(NULL);
if(!OS_DBSearch(list_holder,lf->program_name))
return(NULL);
break;
case RULE_STATUS:
if(!lf->status)
return(NULL);
if(!OS_DBSearch(list_holder,lf->status))
return(NULL);
break;
case RULE_ACTION:
if(!lf->action)
return(NULL);
if(!OS_DBSearch(list_holder,lf->action))
return(NULL);
break;
default:
return(NULL);
}
list_holder = list_holder->next;
}
}
/* If it is a context rule, search for it */
if(currently_rule->context == 1)
{
if(!currently_rule->event_search(lf, currently_rule))
return(NULL);
}
#ifdef TESTRULE
if(full_output && !alert_only)
print_out(" *Rule %d matched.", currently_rule->sigid);
#endif
/* Search for dependent rules */
if(curr_node->child)
{
RuleNode *child_node = curr_node->child;
RuleInfo *child_rule = NULL;
#ifdef TESTRULE
if(full_output && !alert_only)
print_out(" *Trying child rules.");
#endif
while(child_node)
{
child_rule = OS_CheckIfRuleMatch(lf, child_node);
if(child_rule != NULL)
{
return(child_rule);
}
child_node = child_node->next;
}
}
/* If we are set to no alert, keep going */
if(currently_rule->alert_opts & NO_ALERT)
{
return(NULL);
}
hourly_alerts++;
currently_rule->firedtimes++;
return(currently_rule); /* Matched */
}
int _fesze(int elen, double *e, int flen, double *f, double *h)
{
double Q, Qnew, hh, _bvr, _avr, _brn, _arn, enow, fnow;
int eindex, findex, hindex;
enow = e[0];
fnow = f[0];
eindex = findex = 0;
if ((fnow > enow) == (fnow > -enow)) {
Q = enow;
enow = e[++eindex];
} else {
Q = fnow;
fnow = f[++findex];
}
hindex = 0;
if ((eindex < elen) && (findex < flen)) {
if ((fnow > enow) == (fnow > -enow)) {
FTS(enow, Q, Qnew, hh);
enow = e[++eindex];
} else {
FTS(fnow, Q, Qnew, hh);
fnow = f[++findex];
}
Q = Qnew;
if (hh != 0.0) {
h[hindex++] = hh;
}
while ((eindex < elen) && (findex < flen)) {
if ((fnow > enow) == (fnow > -enow)) {
TWS(Q, enow, Qnew, hh);
enow = e[++eindex];
} else {
TWS(Q, fnow, Qnew, hh);
fnow = f[++findex];
}
Q = Qnew;
if (hh != 0.0) {
h[hindex++] = hh;
}
}
}
while (eindex < elen) {
TWS(Q, enow, Qnew, hh);
enow = e[++eindex];
Q = Qnew;
if (hh != 0.0) {
h[hindex++] = hh;
}
}
while (findex < flen) {
TWS(Q, fnow, Qnew, hh);
fnow = f[++findex];
Q = Qnew;
if (hh != 0.0) {
h[hindex++] = hh;
}
}
if ((Q != 0.0) || (hindex == 0)) {
h[hindex++] = Q;
}
return hindex;
}