Azinix

Azinix Data Structures

Here are the data structures with brief descriptions:
Array_tArray structure
Circbuf_tStructure for keeping a generic circular buffer
Evl_Action_tStruct encoding the action to be taken
Evl_BddLevelPair_tA bdd_t and the level we are thinking of it as being at
Evl_Bridge_tBasic structure used for pulling packets in and out
Evl_BridgeStats_tStructure encapsulating various stats, used for testing purposes
Evl_ContentMgr_tA stucture for evaluating L7 rules
Evl_Fsm_tFsm structure
Evl_GenericManager_tGeneric checks
Evl_L4Flow_tEncapsulate L4 flow information specifically destPort, srcPort, destIP, srcIP
Evl_L4LookupTable_tA lookup table for finding potentially applicable rules for a packet based on L4 header information
Evl_L4Manager_tEverything needed to check TCP packets
Evl_Manager_tA representation of rules and corresponding lookup table
Hash_Entry_tHash table entry
Hash_Generator_tUsed for traversing entries in a table
Hash_tHash table
Heap_tHeap data structure
Nm_TclCD_tStructure used to pass return values around as integers
Pkt_EthernetHdr_tEthernet Packet Header
Pkt_IcmpHdr_tICMP packet header
Pkt_IpFlags_tPacked bit-fields for ip frag flags, offset
Pkt_IpHdr_tIP Packet header
Pkt_L4Flow_tLayer 4 flow captured by 4 fields - source/dest IP, source/dest TCP ports
Pkt_LibNet_tAn encapsulation of the libnet_t structure
Pkt_LibPcap_tAn encapsulation of the libpcap_t structure
Pkt_ProcessPkt_tPacket and rules that are to be applied
Pkt_TcpHdr_tTCP Packet header
Pkt_TcpResDoffFlags_tPacked bit-fields for tcp flags, offset, etc
Pkt_TfcMode_tStructure encapsulating settings for Pkt_CreateRandEthPktArray
Pkt_UdpHdr_tUDP Packet header
Pkt_VectorBuff_tUseful for passing sets of packets around
Pkt_WifiHdr_tUse for wlan detection
Q_Cos_tData structure for differentiated service based on class of service
Q_Drr_tData structure for differentiated service based on DRR
Q_Flow_tData structure for keeping flow
Q_Q_tCos Queue structure used for actions
Rlp_AckAttribute_tTCP ack value to check against
Rlp_Action_tStruct encoding the action to be taken
Rlp_ByteJumpAttribute_tByte jump operation
Rlp_ByteTestAttribute_tByte test operation
Rlp_ContentAttribute_tContent to test for
Rlp_ContentCheckAttribute_tStruct for checking a content type rule
Rlp_DepthAttribute_tSets maximum search depth for the content pattern match to search from beginning of region
Rlp_DistanceAttribute_tLook for at least N bytes between pattern matches using content
Rlp_DsizeAttribute_tThe dsize option is used to test the packet payload size. It may be set to any value, plus use the greater than/less than signs to indicate ranges and limits
Rlp_FlagsAttribute_tTest the TCP flags for a match
Rlp_FragbitsAttribute_tThis rule inspects the fragment and reserved bits in the IP header
Rlp_IcmpIdAttribute_tThe icmp_id option examines an ICMP ECHO packet's ICMP ID number for a specific value
Rlp_IcmpSeqAttribute_tThe icmp_id option examines an ICMP ECHO packet's ICMP sequence field for a specific value
Rlp_IcodeAttribute_tItype rule, just set a numeric value in here and Detect any traffic using that ICMP code value
Rlp_IfAttribute_tInterface to check against
Rlp_IpOptsAttribute_tIp options
Rlp_IpProtoAttribute_tCheck the ip proto field
Rlp_ItypeAttribute_tThis rule tests the value of the ICMP type field. It is set using the numeric value of this field
Rlp_L4Check_tA struct for holding the layer 4 check on a formula
Rlp_L7Check_tA struct for holding the content tests on a formula
Rlp_NocaseAttribute_tThe nocase option is used to deactivate case sensitivity in a content rule
Rlp_Node_tNode structure - basically a cons list
Rlp_OffsetAttribute_tThe offset rule option is used as a modifier to rules using the content option keyword
Rlp_PcreAttribute_tStruct for pcre checking
Rlp_RpcAttribute_tThis option looks at RPC requests and automatically decodes the application, procedure, and program version, indicating success when all three variables are matched
Rlp_SameIpAttribute_tCheck if source and dest ip are the same
Rlp_SampleAttribute_tSampling threshold
Rlp_SeqAttribute_tThis rule option refers to the TCP sequence number
Rlp_TtlAttribute_tThis rule option is used to set a specific time-to-live value to test against
Rlp_WithinAttribute_tThe within keyword is a content modifier that makes sure that at least N bytes are between pattern matches
RlpIntAttribute_tStruct to represent a single int entry
util_attrib_val_tAttribute-value pair used to read formula
util_byte_array_tStruct to represent byte-array
util_int_array_tStruct to represent int-arrays
util_timing_tAn encapsulation of a pair of u_int32_t's used to manipulate times
var_set_tBit vector