corsaro_dos.c File Reference

Corsaro new_rsdos plugin implementation. More...

Go to the source code of this file.

Macros
#define	CORSARO_DOS_MAGIC   0x45444F53
	The magic number for this plugin - "EDOS".
#define	PLUGIN_NAME   "dos"
	The name of this plugin.
#define	PLUGIN_NAME_DEPRECATED   "edgar_dos"
	The old name of this plugin.
#define	CORSARO_DOS_INTERVAL   300
	The interval that this plugin would like to dump at.
#define	CORSARO_DOS_VECTOR_TIMEOUT   CORSARO_DOS_INTERVAL
	The length of time after which an inactive attack vector is expired.
#define	CORSARO_DOS_ATTACK_VECTOR_MIN_PACKETS   25
	The minimum number of packets before a vector can be an attack.
#define	CORSARO_DOS_ATTACK_VECTOR_MIN_DURATION   60
	The minimum number of seconds before a vector can be an attack.
#define	CORSARO_DOS_ATTACK_VECTOR_MIN_PPM   30
	The minimum packet rate before a vector can be an attack.
#define	CORSARO_DOS_ATTACK_VECTOR_BYTECNT   (4+4+4+4+4+8+4+8+4+8+4+4+4+4+4)
	The length (in bytes) of an attack vector record.
#define	CORSARO_DOS_PPM_WINDOW_SIZE   60
	The length of the pps sliding window in seconds.
#define	CORSARO_DOS_PPM_WINDOW_PRECISION   10
	The amount to slide the window by in seconds.
#define	CORSARO_DOS_PPS_BUCKET_CNT
	The number of buckets.
#define	attack_vector_hash_equal(a, b)
	Compare two attack vectors for equality.
#define	STATE(corsaro)   (CORSARO_PLUGIN_STATE(corsaro, dos,CORSARO_PLUGIN_ID_DOS))
	Extends the generic plugin state convenience macro in corsaro_plugin.h.
#define	STATE_IN(corsaro)
	Extends the generic plugin state convenience macro in corsaro_plugin.h.
#define	PLUGIN(corsaro)   (CORSARO_PLUGIN_PLUGIN(corsaro, CORSARO_PLUGIN_ID_DOS))
	Extends the generic plugin plugin convenience macro in corsaro_plugin.h.

Typedefs
typedef struct ppm_window	ppm_window_t
	Initialize the hash types needed to hold maps in vectors.
typedef struct attack_vector	attack_vector_t
	A record for a potential attack vector.

Functions
static attack_vector_t *	attack_vector_init (corsaro_t *corsaro)
	Create an attack vector object.
static void	attack_vector_free (attack_vector_t *av)
	Free the memory allocated to an attack vector object.
static void	attack_vector_reset (attack_vector_t *av)
	Reset the per-interval counters in an attack vector.
static khint32_t	attack_vector_hash_func (attack_vector_t *av)
	Hash an attack vector.
	KHASH_INIT (av, attack_vector_t *, char, 0, attack_vector_hash_func, attack_vector_hash_equal)
	Initialize the hash functions and datatypes.
static int	attack_vector_is_expired (attack_vector_t *vector, uint32_t time)
	Check if a vector has had a packet added to it recently.
static void	attack_vector_update_ppm (ppm_window_t *ppm_window)
	Update the max ppm value given the current window values.
static void	attack_vector_update_ppm_window (attack_vector_t *vector, struct timeval tv)
	Update the packet rate window.
static int	attack_vector_is_attack (corsaro_t *corsaro, attack_vector_t *vector, uint32_t time)
	Determine whether a vector is indeed an attack vector.
static int	ascii_dump (corsaro_t *corsaro, attack_vector_t *vector)
	Dump the given vector to the plugin output file in ASCII.
static int	binary_dump (corsaro_t *corsaro, attack_vector_t *vector)
	Dump the given vector to the plugin output file in binary.
static int	read_header (corsaro_in_t *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
static int	validate_attack_vector (corsaro_dos_attack_vector_in_t *av)
static int	read_attack_vector (corsaro_in_t *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
static int	validate_global_header (corsaro_dos_global_header_t *g)
corsaro_plugin_t *	corsaro_dos_alloc (corsaro_t *corsaro)
int	corsaro_dos_probe_filename (const char *fname)
int	corsaro_dos_probe_magic (corsaro_in_t *corsaro, corsaro_file_in_t *file)
int	corsaro_dos_init_output (corsaro_t *corsaro)
int	corsaro_dos_init_input (corsaro_in_t *corsaro)
int	corsaro_dos_close_input (corsaro_in_t *corsaro)
int	corsaro_dos_close_output (corsaro_t *corsaro)
off_t	corsaro_dos_read_record (struct corsaro_in *corsaro, corsaro_in_record_type_t *record_type, corsaro_in_record_t *record)
off_t	corsaro_dos_read_global_data_record (struct corsaro_in *corsaro, enum corsaro_in_record_type *record_type, struct corsaro_in_record *record)
int	corsaro_dos_start_interval (corsaro_t *corsaro, corsaro_interval_t *int_start)
int	corsaro_dos_end_interval (corsaro_t *corsaro, corsaro_interval_t *int_end)
int	corsaro_dos_process_packet (corsaro_t *corsaro, corsaro_packet_t *packet)
void	corsaro_dos_attack_vector_get_packet (corsaro_dos_attack_vector_in_t *attack_vector, libtrace_packet_t *packet)
off_t	corsaro_dos_global_header_fprint (corsaro_t *corsaro, corsaro_file_t *file, corsaro_dos_global_header_t *header)
	Write a global dos header record to the given corsaro file in ascii.
void	corsaro_dos_global_header_print (corsaro_dos_global_header_t *header)
	Write a global dos header record to stdout in ascii format.
off_t	corsaro_dos_attack_vector_fprint (corsaro_t *corsaro, corsaro_file_t *file, corsaro_dos_attack_vector_in_t *av)
	Write a dos attack vector to the given corsaro file in ascii.
void	corsaro_dos_attack_vector_print (corsaro_dos_attack_vector_in_t *av)
	Write a dos attack vector to stdout in ascii format.
off_t	corsaro_dos_header_fprint (corsaro_t *corsaro, corsaro_file_t *file, corsaro_dos_header_t *header)
	Write a dos header record to the given corsaro file in ascii.
void	corsaro_dos_header_print (corsaro_dos_header_t *header)
	Write a dos header record to stdout in ascii format.
off_t	corsaro_dos_record_fprint (corsaro_t *corsaro, corsaro_file_t *file, corsaro_in_record_type_t record_type, corsaro_in_record_t *record)
	Write a generic dos record to the given corsaro file in ascii.
int	corsaro_dos_record_print (corsaro_in_record_type_t record_type, corsaro_in_record_t *record)
	Write a generic dos record to stdout in ascii format.

Variables
static corsaro_plugin_t	corsaro_dos_plugin
	Common plugin information across all instances.

---

Detailed Description

Corsaro new_rsdos plugin implementation.

Author:

Alistair King

Definition in file corsaro_dos.c.

---

Macro Definition Documentation

#define attack_vector_hash_equal	(		a,
			b
	)

Value:

(                               \
                                        (a)->target_ip == (b)->target_ip \
                                                                        )

Compare two attack vectors for equality.

Definition at line 278 of file corsaro_dos.c.

#define CORSARO_DOS_ATTACK_VECTOR_BYTECNT   (4+4+4+4+4+8+4+8+4+8+4+4+4+4+4)

The length (in bytes) of an attack vector record.

Definition at line 109 of file corsaro_dos.c.

Referenced by binary_dump().

#define CORSARO_DOS_ATTACK_VECTOR_MIN_DURATION   60

The minimum number of seconds before a vector can be an attack.

Definition at line 103 of file corsaro_dos.c.

Referenced by attack_vector_is_attack().

#define CORSARO_DOS_ATTACK_VECTOR_MIN_PACKETS   25

The minimum number of packets before a vector can be an attack.

Definition at line 100 of file corsaro_dos.c.

Referenced by attack_vector_is_attack().

#define CORSARO_DOS_ATTACK_VECTOR_MIN_PPM   30

The minimum packet rate before a vector can be an attack.

Definition at line 106 of file corsaro_dos.c.

Referenced by attack_vector_is_attack().

#define CORSARO_DOS_INTERVAL   300

The interval that this plugin would like to dump at.

NOTE THIS WELL! There is a known issue with how this plugin computes which corsaro intervals to dump on. IF the corsaro interval is set to longer than the time in the trace, and this is longer than the dos interval, it WILL NOT dump anything

To fix this, we should implement some method for plugins to choose an interval which corsaro will call them on its closest interval.

Definition at line 94 of file corsaro_dos.c.

#define CORSARO_DOS_MAGIC   0x45444F53

The magic number for this plugin - "EDOS".

Definition at line 61 of file corsaro_dos.c.

#define CORSARO_DOS_PPM_WINDOW_PRECISION   10

The amount to slide the window by in seconds.

Definition at line 115 of file corsaro_dos.c.

Referenced by attack_vector_update_ppm_window().

#define CORSARO_DOS_PPM_WINDOW_SIZE   60

The length of the pps sliding window in seconds.

Definition at line 112 of file corsaro_dos.c.

#define CORSARO_DOS_PPS_BUCKET_CNT

Value:

(CORSARO_DOS_PPM_WINDOW_SIZE/   \
                                        CORSARO_DOS_PPM_WINDOW_PRECISION)

The number of buckets.

Definition at line 118 of file corsaro_dos.c.

Referenced by attack_vector_update_ppm(), and attack_vector_update_ppm_window().

#define CORSARO_DOS_VECTOR_TIMEOUT   CORSARO_DOS_INTERVAL

The length of time after which an inactive attack vector is expired.

Definition at line 97 of file corsaro_dos.c.

Referenced by attack_vector_is_expired().

#define PLUGIN

(

corsaro

)

(CORSARO_PLUGIN_PLUGIN(corsaro, CORSARO_PLUGIN_ID_DOS))

Extends the generic plugin plugin convenience macro in corsaro_plugin.h.

Definition at line 326 of file corsaro_dos.c.

Referenced by corsaro_dos_init_output().

#define PLUGIN_NAME   "dos"

The name of this plugin.

Definition at line 64 of file corsaro_dos.c.

#define PLUGIN_NAME_DEPRECATED   "edgar_dos"

The old name of this plugin.

Because the original files created with the dos plugin do not have a magic number, we rely on the filename check. This is pretty fragile, but it's all we have right now

Definition at line 72 of file corsaro_dos.c.

#define STATE

(

corsaro

)

(CORSARO_PLUGIN_STATE(corsaro, dos,CORSARO_PLUGIN_ID_DOS))

Extends the generic plugin state convenience macro in corsaro_plugin.h.

Definition at line 319 of file corsaro_dos.c.

Referenced by ascii_dump(), binary_dump(), and corsaro_dos_process_packet().

#define STATE_IN

(

corsaro

)

Value:

(CORSARO_PLUGIN_STATE(corsaro, dos_in,                  \
                        CORSARO_PLUGIN_ID_DOS))

Extends the generic plugin state convenience macro in corsaro_plugin.h.

Definition at line 322 of file corsaro_dos.c.

---

Typedef Documentation

typedef struct attack_vector attack_vector_t

A record for a potential attack vector.

All values are in HOST byte order

typedef struct ppm_window ppm_window_t

Initialize the hash types needed to hold maps in vectors.

The convention is a 4 digit name, where the first two digits indicate the length of the key, and the last two indicate the length of the value e.g. 3264 means 32 bit integer keys with 64bit integer values State for the sliding packet rate algorithm

---

Function Documentation

static int ascii_dump ( corsaro_t *  corsaro, attack_vector_t *  vector  )

static

Dump the given vector to the plugin output file in ASCII.

Parameters:

corsaro	The corsaro object associated with the vector
vector	The vector to dump

Returns:

0 if the vector is dumped successfully, -1 if an error occurs

Definition at line 525 of file corsaro_dos.c.

References STATE.

static void attack_vector_free ( attack_vector_t *  av )

static

Free the memory allocated to an attack vector object.

Parameters:

av	The attack vector to be freed

Definition at line 234 of file corsaro_dos.c.

Referenced by corsaro_dos_process_packet().

static khint32_t attack_vector_hash_func ( attack_vector_t *  av )

inlinestatic

Hash an attack vector.

Parameters:

av	The attack vector to be hashed

Definition at line 286 of file corsaro_dos.c.

static attack_vector_t* attack_vector_init ( corsaro_t *  corsaro )

static

Create an attack vector object.

Parameters:

corsaro

The corsaro object associated with the vector

Returns:

an empty attack vector object

Definition at line 209 of file corsaro_dos.c.

Referenced by corsaro_dos_process_packet().

static int attack_vector_is_attack ( corsaro_t *  corsaro, attack_vector_t *  vector, uint32_t  time  )

static

Determine whether a vector is indeed an attack vector.

Parameters:

corsaro	The corsaro object associated with the vector
vector	The vector to check
ts	The current trace time

Returns:

1 if the vector is an attack, 0 if non-attack, -1 if an error occurs

Definition at line 482 of file corsaro_dos.c.

References attack_vector_update_ppm(), CORSARO_DOS_ATTACK_VECTOR_MIN_DURATION, CORSARO_DOS_ATTACK_VECTOR_MIN_PACKETS, and CORSARO_DOS_ATTACK_VECTOR_MIN_PPM.

static int attack_vector_is_expired ( attack_vector_t *  vector, uint32_t  time  )

static

Check if a vector has had a packet added to it recently.

Parameters:

vector	The attack vector to check
ts	The current trace time

Definition at line 334 of file corsaro_dos.c.

References CORSARO_DOS_VECTOR_TIMEOUT.

Referenced by corsaro_dos_process_packet().

static void attack_vector_reset ( attack_vector_t *  av )

static

Reset the per-interval counters in an attack vector.

Parameters:

av	The attack vector to be reset

Definition at line 268 of file corsaro_dos.c.

static void attack_vector_update_ppm ( ppm_window_t *  ppm_window )

static

Update the max ppm value given the current window values.

Parameters:

ppm_window

The packet rate window to update

Definition at line 347 of file corsaro_dos.c.

References CORSARO_DOS_PPS_BUCKET_CNT.

Referenced by attack_vector_is_attack(), and attack_vector_update_ppm_window().

static void attack_vector_update_ppm_window ( attack_vector_t *  vector, struct timeval  tv  )

static

Update the packet rate window.

Parameters:

vector	The attack vector to update
tv	The time the packet arrived at

PPS Sliding Window

In order to properly handle short-duration spikes in the PPS rate, we use a sliding window for each attack vector.

When a vector is first created, the initial packet time is used as the start of the window. Thereafter, packets added to the vector are used to update a sliding window of values.

Updating the window: When a packet is received, it is first checked to determine whether the window must be moved. It will be moved if this packet arrived more than PPM_WINDOW_SIZE seconds after the ppm_window.window_size value. If this is the case, the current bucket pointer is moved on onePPS_BUCKET_CNT this now has it pointing at the old start of the window, this value is then zeroed and ppm_window.window_start is incremented by PPM_WINDOW_PRECISION. This move is repeated until the new value falls into the bucket pointed to by the current_bucket pointer I.e. Its time, x, satisfies (window_start+(PPM_WINDOW_PRECISION * (PPS_BUCKET_CNT-1))) <= x < (window_start+(PPM_WINDOW_PRECISION * PPS_BUCKET_CNT)) The value of buckets[current_bucket] is then incremented by one

Computing the PPS rate: The maximum PPS rate for an attack vector is the maximum PPS rate across all of the windows observed. As such, every time the window is moved, we update the max_ppm value by summing the value in each bucket

For example: window_start: 1320969600 max_ppm: 56 current_bucket: 5 bucket | value 0 | 12 1 | 2 2 | 3 3 | 6 4 | 8 5 | 1

the current bucket of 5 covers times from (1320969600+(10*(6-1))) up to, but not including (1320969600+(10*6)) or, 1320969650 <= x < 1320969660

we receive a packet at 1320969665 which is 65 seconds after 1320969600 this means we will need to move the window, we first compute the ppm for the window that just ended by summing all buckets (12+2+3+6+8+1) is 32, not higher than the max so nothing is done we then advance the window by setting the current bucket to (5+1)%6, or, 0 and then setting the value in this bucket to 0. Because this example had the next packet arrive in the very next window, the window only needs to be advanced once, if it had been later, the window would have been advanced multiple times until the packet fell into the last window.

This implementation will work fairly efficiently if packets tend to arrive close together, if they are spaced by long amounts of time, it will be less efficient. We can help this by calculating how many times the window will need to be advanced and then zeroing the appropriate number of buckets before calculating the new ppm rate and updating the current window pointer. The formula for this calculation is delta: ((new_time) - (window_start+(PPM_WINDOW_SIZE))) buckets to zero: min(PPS_BUCKET_CNT, (delta/PPM_WINDOW_PRECISION)+1)) (assuming delta is > 0)

In our previous example, if the new packet had arrived at 1320969700, the delta would be (1320969700-(1320969600+60)) = 40 we would need to zero (min(6, (40/10)+1)) = 5 buckets

the truth is in the code, see attack_vector_update_ppm_window

Definition at line 440 of file corsaro_dos.c.

References attack_vector_update_ppm(), CORSARO_DOS_PPM_WINDOW_PRECISION, and CORSARO_DOS_PPS_BUCKET_CNT.

Referenced by corsaro_dos_process_packet().

static int binary_dump ( corsaro_t *  corsaro, attack_vector_t *  vector  )

static

Dump the given vector to the plugin output file in binary.

Parameters:

corsaro	The corsaro object associated with the vector
vector	The vector to dump

Returns:

0 if the vector is dumped successfully, -1 if an error occurs

Definition at line 570 of file corsaro_dos.c.

References CORSARO_DOS_ATTACK_VECTOR_BYTECNT, and STATE.

off_t corsaro_dos_attack_vector_fprint	(	corsaro_t *	corsaro,
		corsaro_file_t *	file,
		corsaro_dos_attack_vector_in_t *	av
	)

Write a dos attack vector to the given corsaro file in ascii.

Todo:

extend libpacketdump to allow to dump to a file

Definition at line 1409 of file corsaro_dos.c.

References corsaro_dos_attack_vector_in::attack_port_cnt, corsaro_dos_attack_vector_in::attacker_ip_cnt, corsaro_dos_attack_vector_in::byte_cnt, corsaro_dos_attack_vector_in::interval_attacker_ip_cnt, corsaro_dos_attack_vector_in::interval_byte_cnt, corsaro_dos_attack_vector_in::interval_packet_cnt, corsaro_dos_attack_vector_in::latest_time_sec, corsaro_dos_attack_vector_in::latest_time_usec, corsaro_dos_attack_vector_in::max_ppm, corsaro_dos_attack_vector_in::packet_cnt, corsaro_dos_attack_vector_in::start_time_sec, corsaro_dos_attack_vector_in::start_time_usec, corsaro_dos_attack_vector_in::target_ip, and corsaro_dos_attack_vector_in::target_port_cnt.

Referenced by corsaro_dos_record_fprint().

void corsaro_dos_attack_vector_print

(

corsaro_dos_attack_vector_in_t *

av

)

Write a dos attack vector to stdout in ascii format.

Parameters:

av	The attack vector to write out

Definition at line 1454 of file corsaro_dos.c.

References corsaro_dos_attack_vector_in::attack_port_cnt, corsaro_dos_attack_vector_in::attacker_ip_cnt, corsaro_dos_attack_vector_in::byte_cnt, corsaro_dos_attack_vector_in::interval_attacker_ip_cnt, corsaro_dos_attack_vector_in::interval_byte_cnt, corsaro_dos_attack_vector_in::interval_packet_cnt, corsaro_dos_attack_vector_in::latest_time_sec, corsaro_dos_attack_vector_in::latest_time_usec, corsaro_dos_attack_vector_in::max_ppm, corsaro_dos_attack_vector_in::packet_cnt, corsaro_dos_attack_vector_in::start_time_sec, corsaro_dos_attack_vector_in::start_time_usec, corsaro_dos_attack_vector_in::target_ip, and corsaro_dos_attack_vector_in::target_port_cnt.

Referenced by corsaro_dos_record_print().

off_t corsaro_dos_global_header_fprint	(	corsaro_t *	corsaro,
		corsaro_file_t *	file,
		corsaro_dos_global_header_t *	header
	)

Write a global dos header record to the given corsaro file in ascii.

Parameters:

corsaro	The corsaro object associated with the file
file	The corsaro file to write to
header	The global header record to write out

Returns:

the number of bytes written, -1 if an error occurs

Definition at line 1376 of file corsaro_dos.c.

References corsaro_dos_global_header::attack_vector_cnt, corsaro_dos_global_header::mismatched_pkt_cnt, and corsaro_dos_global_header::non_attack_vector_cnt.

Referenced by corsaro_dos_record_fprint().

void corsaro_dos_global_header_print

(

corsaro_dos_global_header_t *

header

)

Write a global dos header record to stdout in ascii format.

Parameters:

header

The global header record to write out

Definition at line 1394 of file corsaro_dos.c.

References corsaro_dos_global_header::attack_vector_cnt, corsaro_dos_global_header::mismatched_pkt_cnt, and corsaro_dos_global_header::non_attack_vector_cnt.

Referenced by corsaro_dos_record_print().

off_t corsaro_dos_header_fprint	(	corsaro_t *	corsaro,
		corsaro_file_t *	file,
		corsaro_dos_header_t *	header
	)

Write a dos header record to the given corsaro file in ascii.

Parameters:

corsaro	The corsaro object associated with the file
file	The corsaro file to write to
header	The header record to write out

Returns:

the number of bytes written, -1 if an error occurs

Definition at line 1512 of file corsaro_dos.c.

References corsaro_dos_header::attack_vector_cnt.

Referenced by corsaro_dos_record_fprint().

void corsaro_dos_header_print

(

corsaro_dos_header_t *

header

)

Write a dos header record to stdout in ascii format.

Parameters:

header

The header record to write out

Definition at line 1526 of file corsaro_dos.c.

References corsaro_dos_header::attack_vector_cnt.

Referenced by corsaro_dos_record_print().

int corsaro_dos_init_output

(

corsaro_t *

corsaro

)

Todo:

dump full corsaro headers

Definition at line 831 of file corsaro_dos.c.

References corsaro_plugin::name, PLUGIN, and corsaro::plugin_manager.

int corsaro_dos_probe_magic	(	corsaro_in_t *	corsaro,
		corsaro_file_in_t *	file
	)

Todo:

add a magic number and make it backwards compatible

Definition at line 820 of file corsaro_dos.c.

int corsaro_dos_process_packet	(	corsaro_t *	corsaro,
		corsaro_packet_t *	packet
	)

< Source port

< Destination port

Definition at line 1169 of file corsaro_dos.c.

References attack_vector_free(), attack_vector_init(), attack_vector_is_expired(), attack_vector_update_ppm_window(), corsaro_packet_state::flags, LT_PKT, corsaro_packet::state, and STATE.

off_t corsaro_dos_record_fprint	(	corsaro_t *	corsaro,
		corsaro_file_t *	file,
		corsaro_in_record_type_t	record_type,
		corsaro_in_record_t *	record
	)

Write a generic dos record to the given corsaro file in ascii.

Parameters:

corsaro	The corsaro object associated with the file
file	The corsaro file to write to
record_type	The type of the record
record	The record to write out

Returns:

the number of bytes written, -1 if an error occurs

Definition at line 1534 of file corsaro_dos.c.

References corsaro_in_record::buffer, corsaro_dos_attack_vector_fprint(), corsaro_dos_global_header_fprint(), corsaro_dos_header_fprint(), CORSARO_IN_RECORD_TYPE_DOS_ATTACK_VECTOR, CORSARO_IN_RECORD_TYPE_DOS_GLOBAL_HEADER, and CORSARO_IN_RECORD_TYPE_DOS_HEADER.

Referenced by corsaro_io_write_record().

int corsaro_dos_record_print	(	corsaro_in_record_type_t	record_type,
		corsaro_in_record_t *	record
	)

Write a generic dos record to stdout in ascii format.

Parameters:

record_type	The type of the record
record	The record to write out

Returns:

0 if successful, -1 if an error occurs

Definition at line 1566 of file corsaro_dos.c.

References corsaro_in_record::buffer, corsaro_dos_attack_vector_print(), corsaro_dos_global_header_print(), corsaro_dos_header_print(), CORSARO_IN_RECORD_TYPE_DOS_ATTACK_VECTOR, CORSARO_IN_RECORD_TYPE_DOS_GLOBAL_HEADER, and CORSARO_IN_RECORD_TYPE_DOS_HEADER.

Referenced by corsaro_io_print_record().

KHASH_INIT	(	av	,
		attack_vector_t *	,
		char	,
		0	,
		attack_vector_hash_func	,
		attack_vector_hash_equal
	)

Initialize the hash functions and datatypes.

---

Variable Documentation

corsaro_plugin_t corsaro_dos_plugin

static

Initial value:

 {
  PLUGIN_NAME,                                 
  CORSARO_PLUGIN_ID_DOS,                         
  CORSARO_DOS_MAGIC,                                           
  CORSARO_PLUGIN_GENERATE_PTRS(corsaro_dos),  
  NULL,                                        
}

Common plugin information across all instances.

Definition at line 75 of file corsaro_dos.c.