/* Sysmon action stuff. */ #ifndef ACTION_H #define ACTION_H #include #ifndef ETREE_H # include "etree.h" #endif /*************************************************************************/ /* Directives in an Action. These are a lot like WinActions (window.h). */ typedef struct { int what; int nargs; ETree **args; } ActionDirective; #define AD_SETSTATE 0 #define AD_SETMESSAGE 1 #define AD_CONNECT 2 #define AD_IF 100 #define AD_ELSE 101 #define AD_NOELSE 102 /*************************************************************************/ typedef struct action_struct Action; struct action_struct { Action *next, *prev; char *name; int check; /* How often to check, in milliseconds */ int timeout; /* Timeout for connections, in msec */ struct timeval lastexec; /* Last time we completely executed */ struct timeval lasttouch; /* Last time we tried to execute */ int state; /* State of action */ char *message; /* Message for action */ int sock; /* Socket for connections */ int connectstatus; /* Result of last connection attempt */ struct timeval connstart; /* When connection was initiated */ int connectdelay; /* Time from connect to close, in msec */ ActionDirective **dirlist; int dirlist_size; /* Size of directive list */ int dirlist_pos; /* Current position in directive list */ }; /*************************************************************************/ /*************************************************************************/ /* List of all actions. */ extern Action *actlist; /* Action which is currently being executed. */ extern Action *current_action; /*************************************************************************/ /* Allocate a new Action structure and link it to the global list. */ extern Action *act_new(void); /* Execute an Action. */ extern void act_execute(Action *a); /* Delete an Action. */ extern void act_kill(Action *a); /* Find an action by name. */ extern Action *act_find(const char *name); /*************************************************************************/ #endif /* ACTION_H */