/**
** We return whether we logged events or not. We've add a eventq user
** structure so we can track whether the events logged were rule events
** or preprocessor/decoder events. The reason being that we don't want
** to flush a TCP stream for preprocessor/decoder events, and cause
** early flushing of the stream.
**
** @return 1 logged events
** @return 0 did not log events or logged only decoder/preprocessor events
*/
int SnortEventqLog(SF_EVENTQ *eq[], Packet *p)
{
static SNORT_EVENTQ_USER user;
user.rule_alert = 0x00;
user.pkt = (void *)p;
if (sfeventq_action(eq[qIndex], LogSnortEvents, (void *)&user) > 0)
{
if (user.rule_alert)
return 1;
}
return 0;
}
int main(int argc, char **argv)
{
int max_events;
int log_events;
int add_events;
int *event;
int iCtr;
if(argc < 4)
{
printf("-- Not enough args\n");
return 1;
}
max_events = atoi(argv[1]);
if(max_events <= 0)
{
printf("-- max_events invalid.\n");
return 1;
}
log_events = atoi(argv[2]);
if(log_events <= 0)
{
printf("-- log_events invalid.\n");
return 1;
}
add_events = atoi(argv[3]);
if(add_events <= 0)
{
printf("-- add_events invalid.\n");
return 1;
}
if(max_events < log_events)
{
printf("-- log_events greater than max_events\n");
return 1;
}
srandom(time(NULL));
sfeventq_init(max_events, log_events, sizeof(int), mysort);
do
{
printf("-- Event Queue Test --\n\n");
for(iCtr = 0; iCtr < add_events; iCtr++)
{
event = (int *)sfeventq_event_alloc();
if(!event)
{
printf("-- event allocation failed\n");
return 1;
}
*event = (int)(random()%3);
sfeventq_add(event);
printf("-- added %d\n", *event);
}
printf("\n-- Logging\n\n");
if(sfeventq_action(myaction, NULL))
{
printf("-- There was a problem.\n");
return 1;
}
sfeventq_reset();
} while(getc(stdin) < 14);
return 0;
}
