لطفا منتظر باشید ...
Callback Registration Functions
Much of the power and flexibility in libnids comes from its liberal use of stackable callback functions. One or more callbacks can be registered for both fragmented and assembled IP traffic as well as UDP and TCP traffic. Each time libnids receives a packet matching one of these types (that passes up through the filter), it invokes each of the registered callback functions for that type (in order). Note that one packet might elicit a callback from an IP callback as well as a TCP or UDP callback.
void nids_register_ip_frag (void (*ip_frag_func) (struct ip
*pkt, int len));
nids_register_ip_frag () registers a user-defined callback func-tion ip_frag_func (struct ip *pkt, int len) to process any IP packet that libnids receives, including a fragmented packet or a packet with a bad checksum. pkt is the IP packet, and len is the length of the packet.
void nids_register_ip (void (*ip_func) (struct ip *pkt, int
len));
nids_register_ip () registers a user-defined callback function ip_func (struct ip *pkt, int len) to process a fully validated and reassembled IP packet pkt, its length being len.
void nids_register_udp (void (*udp_func) (struct tuple4 *addr,
u_char *data, int len, struct ip *pkt));
nids_register_udp () registers a user-defined callback function udp_func (struct tuple4 *addr, u_char *data, int len, struct ip *pkt) that will be called on every UDP packet captured by libnids. addr contains the tuple information for the UDP packet; data points to possible packet data (after the UDP header), and pkt points to the IP packet that contains the UDP packet. len is the overall length.
void nids_register_tcp (void (*tcp_func) (struct tcp_stream
*ts, void **param));
nids_register_tcp () registers a user-defined callback function tcp_func (struct tcp_stream *ts, void **param) that will be called on TCP packets in one of two states:
During the three-way handshake process
When libnids receives a packet that is part of a stream that the callback registered to watch
