Example #1
0
static void DNSUDPConfigure(void)
{
    uint32_t request_flood = DNS_CONFIG_DEFAULT_REQUEST_FLOOD;
    uint32_t state_memcap = DNS_CONFIG_DEFAULT_STATE_MEMCAP;
    uint64_t global_memcap = DNS_CONFIG_DEFAULT_GLOBAL_MEMCAP;

    ConfNode *p = ConfGetNode("app-layer.protocols.dns.request-flood");
    if (p != NULL) {
        uint32_t value;
        if (ParseSizeStringU32(p->val, &value) < 0) {
            SCLogError(SC_ERR_DNS_CONFIG, "invalid value for request-flood %s", p->val);
        } else {
            request_flood = value;
        }
    }
    SCLogInfo("DNS request flood protection level: %u", request_flood);
    DNSConfigSetRequestFlood(request_flood);

    p = ConfGetNode("app-layer.protocols.dns.state-memcap");
    if (p != NULL) {
        uint32_t value;
        if (ParseSizeStringU32(p->val, &value) < 0) {
            SCLogError(SC_ERR_DNS_CONFIG, "invalid value for state-memcap %s", p->val);
        } else {
            state_memcap = value;
        }
    }
    SCLogInfo("DNS per flow memcap (state-memcap): %u", state_memcap);
    DNSConfigSetStateMemcap(state_memcap);

    p = ConfGetNode("app-layer.protocols.dns.global-memcap");
    if (p != NULL) {
        uint64_t value;
        if (ParseSizeStringU64(p->val, &value) < 0) {
            SCLogError(SC_ERR_DNS_CONFIG, "invalid value for global-memcap %s", p->val);
        } else {
            global_memcap = value;
        }
    }
    SCLogInfo("DNS global memcap: %"PRIu64, global_memcap);
    DNSConfigSetGlobalMemcap(global_memcap);
}
Example #2
0
static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf)
{
    HttpXFFCfg *xff_cfg = NULL;

    xff_cfg = SCMalloc(sizeof(HttpXFFCfg));
    if (unlikely(xff_cfg == NULL)) {
        return;
    }
    memset(xff_cfg, 0, sizeof(HttpXFFCfg));

    json_output_ctx->xff_cfg = xff_cfg;

    uint32_t payload_buffer_size = JSON_STREAM_BUFFER_SIZE;

    if (conf != NULL) {
        const char *payload = ConfNodeLookupChildValue(conf, "payload");
        const char *payload_buffer_value = ConfNodeLookupChildValue(conf, "payload-buffer-size");
        const char *packet  = ConfNodeLookupChildValue(conf, "packet");
        const char *payload_printable = ConfNodeLookupChildValue(conf, "payload-printable");
        const char *http = ConfNodeLookupChildValue(conf, "http");
        const char *tls = ConfNodeLookupChildValue(conf, "tls");
        const char *ssh = ConfNodeLookupChildValue(conf, "ssh");
        const char *smtp = ConfNodeLookupChildValue(conf, "smtp");
        const char *tagged_packets = ConfNodeLookupChildValue(conf, "tagged-packets");

        if (ssh != NULL) {
            if (ConfValIsTrue(ssh)) {
                json_output_ctx->flags |= LOG_JSON_SSH;
            }
        }
        if (tls != NULL) {
            if (ConfValIsTrue(tls)) {
                json_output_ctx->flags |= LOG_JSON_TLS;
            }
        }
        if (http != NULL) {
            if (ConfValIsTrue(http)) {
                json_output_ctx->flags |= LOG_JSON_HTTP;
            }
        }
        if (smtp != NULL) {
            if (ConfValIsTrue(smtp)) {
                json_output_ctx->flags |= LOG_JSON_SMTP;
            }
        }
        if (payload_printable != NULL) {
            if (ConfValIsTrue(payload_printable)) {
                json_output_ctx->flags |= LOG_JSON_PAYLOAD;
            }
        }
        if (payload != NULL) {
            if (ConfValIsTrue(payload)) {
                json_output_ctx->flags |= LOG_JSON_PAYLOAD_BASE64;
            }
        }
        if (payload_buffer_value != NULL) {
            uint32_t value;
            if (ParseSizeStringU32(payload_buffer_value, &value) < 0) {
                SCLogError(SC_ERR_ALERT_PAYLOAD_BUFFER, "Error parsing "
                           "payload-buffer-size - %s. Killing engine",
                           payload_buffer_value);
                exit(EXIT_FAILURE);
            } else {
                payload_buffer_size = value;
            }
        }
        if (packet != NULL) {
            if (ConfValIsTrue(packet)) {
                json_output_ctx->flags |= LOG_JSON_PACKET;
            }
        }
        if (tagged_packets != NULL) {
            if (ConfValIsTrue(tagged_packets)) {
                json_output_ctx->flags |= LOG_JSON_TAGGED_PACKETS;
            }
        }

	json_output_ctx->payload_buffer_size = payload_buffer_size;
        HttpXFFGetCfg(conf, xff_cfg);
    }
}
Example #3
0
static void *MpmCudaConfParse(ConfNode *node)
{
    const char *value;

    MpmCudaConf *conf = SCMalloc(sizeof(MpmCudaConf));
    if (unlikely(conf == NULL))
        exit(EXIT_FAILURE);
    memset(conf, 0, sizeof(*conf));

    if (node != NULL)
        value = ConfNodeLookupChildValue(node, "data-buffer-size-min-limit");
    else
        value = NULL;
    if (value == NULL) {
        /* default */
        conf->data_buffer_size_min_limit = UTIL_MPM_CUDA_DATA_BUFFER_SIZE_MIN_LIMIT_DEFAULT;
    } else if (ParseSizeStringU16(value, &conf->data_buffer_size_min_limit) < 0) {
        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."
                   "data-buffer-size-min-limit - \"%s\"", node->name, value);
        exit(EXIT_FAILURE);
    }

    if (node != NULL)
        value = ConfNodeLookupChildValue(node, "data-buffer-size-max-limit");
    else
        value = NULL;
    if (value == NULL) {
        /* default */
        conf->data_buffer_size_max_limit = UTIL_MPM_CUDA_DATA_BUFFER_SIZE_MAX_LIMIT_DEFAULT;
    } else if (ParseSizeStringU16(value, &conf->data_buffer_size_max_limit) < 0) {
        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."
                   "data-buffer-size-max-limit - \"%s\"", node->name, value);
        exit(EXIT_FAILURE);
    }

    if (node != NULL)
        value = ConfNodeLookupChildValue(node, "cudabuffer-buffer-size");
    else
        value = NULL;
    if (value == NULL) {
        /* default */
        conf->cb_buffer_size = UTIL_MPM_CUDA_CUDA_BUFFER_DBUFFER_SIZE_DEFAULT;
    } else if (ParseSizeStringU32(value, &conf->cb_buffer_size) < 0) {
        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."
                   "cb-buffer-size - \"%s\"", node->name, value);
        exit(EXIT_FAILURE);
    }

    if (node != NULL)
        value = ConfNodeLookupChildValue(node, "gpu-transfer-size");
    else
        value = NULL;
    if (value == NULL) {
        /* default */
        conf->gpu_transfer_size = UTIL_MPM_CUDA_GPU_TRANSFER_SIZE;
    } else if (ParseSizeStringU32(value, &conf->gpu_transfer_size) < 0) {
        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."
                   "gpu-transfer-size - \"%s\"", node->name, value);
        exit(EXIT_FAILURE);
    }

    if (node != NULL)
        value = ConfNodeLookupChildValue(node, "batching-timeout");
    else
        value = NULL;
    if (value == NULL) {
        /* default */
        conf->batching_timeout = UTIL_MPM_CUDA_BATCHING_TIMEOUT_DEFAULT;
    } else if ((conf->batching_timeout = atoi(value)) < 0) {
        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."
                   "batching-timeout - \"%s\"", node->name, value);
        exit(EXIT_FAILURE);
    }

    if (node != NULL)
        value = ConfNodeLookupChildValue(node, "device-id");
    else
        value = NULL;
    if (value == NULL) {
        /* default */
        conf->device_id = UTIL_MPM_CUDA_DEVICE_ID_DEFAULT;
    } else if ((conf->device_id = atoi(value)) < 0) {
        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."
                   "device-id - \"%s\"", node->name, value);
        exit(EXIT_FAILURE);
    }

    if (node != NULL)
        value = ConfNodeLookupChildValue(node, "cuda-streams");
    else
        value = NULL;
    if (value == NULL) {
        /* default */
        conf->cuda_streams = UTIL_MPM_CUDA_CUDA_STREAMS_DEFAULT;
    } else if ((conf->cuda_streams = atoi(value)) < 0) {
        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."
                   "cuda-streams - \"%s\"", node->name, value);
        exit(EXIT_FAILURE);
    }

    return conf;
}
Example #4
0
/** \brief Create a new http log LogFilestoreCtx.
 *  \param conf Pointer to ConfNode containing this loggers configuration.
 *  \return NULL if failure, LogFilestoreCtx* to the file_ctx if succesful
 * */
static OutputInitResult LogFilestoreLogInitCtx(ConfNode *conf)
{
    OutputInitResult result = { NULL, false };

    intmax_t version = 0;
    if (ConfGetChildValueInt(conf, "version", &version)) {
        if (version > 1) {
            result.ok = true;
            return result;
        }
    }

    if (RunModeOutputFiledataEnabled()) {
        SCLogWarning(SC_ERR_NOT_SUPPORTED,
                "A file data logger is already enabled. Filestore (v1) "
                "will not be enabled.");
        return result;
    }

    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
    if (unlikely(output_ctx == NULL))
        return result;

    output_ctx->data = NULL;
    output_ctx->DeInit = LogFilestoreLogDeInitCtx;

    const char *s_default_log_dir = NULL;
    s_default_log_dir = ConfigGetLogDirectory();

    const char *s_base_dir = NULL;
    s_base_dir = ConfNodeLookupChildValue(conf, "log-dir");
    if (s_base_dir == NULL || strlen(s_base_dir) == 0) {
        strlcpy(g_logfile_base_dir,
                s_default_log_dir, sizeof(g_logfile_base_dir));
    } else {
        if (PathIsAbsolute(s_base_dir)) {
            strlcpy(g_logfile_base_dir,
                    s_base_dir, sizeof(g_logfile_base_dir));
        } else {
            snprintf(g_logfile_base_dir, sizeof(g_logfile_base_dir),
                    "%s/%s", s_default_log_dir, s_base_dir);
        }
    }

    const char *force_filestore = ConfNodeLookupChildValue(conf, "force-filestore");
    if (force_filestore != NULL && ConfValIsTrue(force_filestore)) {
        FileForceFilestoreEnable();
        SCLogInfo("forcing filestore of all files");
    }

    const char *force_magic = ConfNodeLookupChildValue(conf, "force-magic");
    if (force_magic != NULL && ConfValIsTrue(force_magic)) {
        FileForceMagicEnable();
        SCLogInfo("forcing magic lookup for stored files");
    }

    const char *write_meta = ConfNodeLookupChildValue(conf, "write-meta");
    if (write_meta != NULL && !ConfValIsTrue(write_meta)) {
        FileWriteMetaDisable();
        SCLogInfo("File-store output will not write meta files");
    }

    FileForceHashParseCfg(conf);
    SCLogInfo("storing files in %s", g_logfile_base_dir);

    const char *stream_depth_str = ConfNodeLookupChildValue(conf, "stream-depth");
    if (stream_depth_str != NULL && strcmp(stream_depth_str, "no")) {
        uint32_t stream_depth = 0;
        if (ParseSizeStringU32(stream_depth_str,
                               &stream_depth) < 0) {
            SCLogError(SC_ERR_SIZE_PARSE, "Error parsing "
                       "file-store.stream-depth "
                       "from conf file - %s.  Killing engine",
                       stream_depth_str);
            exit(EXIT_FAILURE);
        } else {
            FileReassemblyDepthEnable(stream_depth);
        }
    }

    const char *file_count_str = ConfNodeLookupChildValue(conf, "max-open-files");
    if (file_count_str != NULL) {
        uint32_t file_count = 0;
        if (ParseSizeStringU32(file_count_str,
                               &file_count) < 0) {
            SCLogError(SC_ERR_SIZE_PARSE, "Error parsing "
                       "file-store.max-open-files "
                       "from conf file - %s.  Killing engine",
                       stream_depth_str);
            exit(EXIT_FAILURE);
        } else {
            if (file_count != 0) {
                FileSetMaxOpenFiles(file_count);
                SCLogInfo("file-store will keep a max of %d simultaneously"
                          " open files", file_count);
            }
        }
    }

    const char *include_pid = ConfNodeLookupChildValue(conf, "include-pid");
    if (include_pid != NULL && ConfValIsTrue(include_pid)) {
        FileIncludePidEnable();
        SCLogInfo("enabling pid as a part of all file names");
    }

    StatsRegisterGlobalCounter("file_store.open_files",
            LogFilestoreOpenFilesCounter);

    result.ctx = output_ctx;
    result.ok = true;
    SCReturnCT(result, "OutputInitResult");
}