/** \brief Alloc and setup DecodeThreadVars */
DecodeThreadVars *DecodeThreadVarsAlloc(ThreadVars *tv)
{
DecodeThreadVars *dtv = NULL;
if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
return NULL;
memset(dtv, 0, sizeof(DecodeThreadVars));
dtv->app_tctx = AppLayerGetCtxThread(tv);
if (OutputFlowLogThreadInit(tv, NULL, &dtv->output_flow_thread_data) != TM_ECODE_OK) {
SCLogError(SC_ERR_THREAD_INIT, "initializing flow log API for thread failed");
DecodeThreadVarsFree(tv, dtv);
return NULL;
}
/** set config defaults */
int vlanbool = 0;
if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
dtv->vlan_disabled = 1;
}
SCLogDebug("vlan tracking is %s", dtv->vlan_disabled == 0 ? "enabled" : "disabled");
return dtv;
}
/** \brief Function to register the TLS protocol parsers and other functions
*/
void RegisterTLSParsers(void)
{
AppLayerRegisterProto("tls", ALPROTO_TLS, STREAM_TOSERVER,
TLSParseClientRecord);
AppLayerRegisterParser("tls.client.content_type", ALPROTO_TLS,
TLS_FIELD_CLIENT_CONTENT_TYPE,
TLSParseClientContentType, "tls");
AppLayerRegisterParser("tls.client.version", ALPROTO_TLS,
TLS_FIELD_CLIENT_VERSION, TLSParseClientVersion,
"tls");
AppLayerRegisterProto("tls", ALPROTO_TLS, STREAM_TOCLIENT,
TLSParseServerRecord);
AppLayerRegisterParser("tls.server.content_type", ALPROTO_TLS,
TLS_FIELD_SERVER_CONTENT_TYPE,
TLSParseServerContentType, "tls");
AppLayerRegisterParser("tls.server.version", ALPROTO_TLS,
TLS_FIELD_SERVER_VERSION, TLSParseServerVersion,
"tls");
AppLayerRegisterStateFuncs(ALPROTO_TLS, TLSStateAlloc, TLSStateFree);
/* Get the value of no reassembly option from the config file */
if(ConfGetBool("tls.no_reassemble", &tls.no_reassemble) != 1)
tls.no_reassemble = 1;
}
void DetectMpmInitializeAppMpms(DetectEngineCtx *de_ctx)
{
int i;
for (i = 0; i < APP_MPMS_MAX; i++) {
AppLayerMpms *am = &app_mpms[i];
/* default to whatever the global setting is */
int shared = (de_ctx->sgh_mpm_context == ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE);
/* see if we use a unique or shared mpm ctx for this type */
int confshared = 0;
char confstring[256] = "detect.mpm.";
strlcat(confstring, am->name, sizeof(confstring));
strlcat(confstring, ".shared", sizeof(confstring));
if (ConfGetBool(confstring, &confshared) == 1)
shared = confshared;
if (shared == 0) {
if (!(de_ctx->flags & DE_QUIET)) {
SCLogInfo("using unique mpm ctx' for %s", am->name);
}
am->sgh_mpm_context = MPM_CTX_FACTORY_UNIQUE_CONTEXT;
} else {
if (!(de_ctx->flags & DE_QUIET)) {
SCLogInfo("using shared mpm ctx' for %s", am->name);
}
am->sgh_mpm_context = MpmFactoryRegisterMpmCtxProfile(de_ctx, am->name);
}
SCLogDebug("AppLayer MPM %s: %u", am->name, am->sgh_mpm_context);
}
}
uint32_t UtRunTests(char *regex_arg) {
UtTest *ut;
uint32_t good = 0, bad = 0, matchcnt = 0;
int ret = 0, rcomp = 0;
int ov[MAX_SUBSTRINGS];
int failure_fatal;
if (ConfGetBool("unittests.failure-fatal", &failure_fatal) != 1) {
SCLogDebug("ConfGetBool could not load the value.");
failure_fatal = 0;
}
rcomp = UtRegex(regex_arg);
if(rcomp == 1){
for (ut = ut_list; ut != NULL; ut = ut->next) {
ret = pcre_exec(parse_regex, parse_regex_study, ut->name, strlen(ut->name), 0, 0, ov, MAX_SUBSTRINGS);
if( ret >= 1 ) {
printf("Test %-60.60s : ", ut->name);
matchcnt++;
fflush(stdout); /* flush so in case of a segv we see the testname */
/* reset the time */
TimeModeSetOffline();
TimeSetToCurrentTime();
ret = ut->TestFn();
printf("%s\n", (ret == ut->evalue) ? "pass" : "FAILED");
if (ret != ut->evalue) {
if (failure_fatal == 1) {
fprintf(stderr, "ERROR: unittest failed.\n");
exit(EXIT_FAILURE);
}
bad++;
} else {
good++;
}
}
}
if(matchcnt > 0){
printf("==== TEST RESULTS ====\n");
printf("PASSED: %" PRIu32 "\n", good);
printf("FAILED: %" PRIu32 "\n", bad);
printf("======================\n");
} else {
SCLogInfo("UtRunTests: regex provided regex_arg: %s did not match any tests",regex_arg);
}
} else {
SCLogInfo("UtRunTests: pcre compilation failed");
}
return bad;
}
/**
* \brief Sets up the fast pattern analyzer according to the config.
*
* \retval 1 If rule analyzer successfully enabled.
* \retval 0 If not enabled.
*/
int SetupFPAnalyzer(void)
{
int fp_engine_analysis_set = 0;
if ((ConfGetBool("engine-analysis.rules-fast-pattern",
&fp_engine_analysis_set)) == 0) {
return 0;
}
if (fp_engine_analysis_set == 0)
return 0;
char *log_dir;
log_dir = ConfigGetLogDirectory();
snprintf(log_path, sizeof(log_path), "%s/%s", log_dir,
"rules_fast_pattern.txt");
fp_engine_analysis_FD = fopen(log_path, "w");
if (fp_engine_analysis_FD == NULL) {
SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", log_path,
strerror(errno));
return 0;
}
SCLogInfo("Engine-Analysis for fast_pattern printed to file - %s",
log_path);
struct timeval tval;
struct tm *tms;
gettimeofday(&tval, NULL);
struct tm local_tm;
tms = SCLocalTime(tval.tv_sec, &local_tm);
fprintf(fp_engine_analysis_FD, "----------------------------------------------"
"---------------------\n");
fprintf(fp_engine_analysis_FD, "Date: %" PRId32 "/%" PRId32 "/%04d -- "
"%02d:%02d:%02d\n",
tms->tm_mday, tms->tm_mon + 1, tms->tm_year + 1900, tms->tm_hour,
tms->tm_min, tms->tm_sec);
fprintf(fp_engine_analysis_FD, "----------------------------------------------"
"---------------------\n");
memset(&fp_pattern_stats, 0, sizeof(fp_pattern_stats));
return 1;
}
/** \brief Alloc and setup DecodeThreadVars */
DecodeThreadVars *DecodeThreadVarsAlloc(ThreadVars *tv)
{
DecodeThreadVars *dtv = NULL;
if ( (dtv = SCMalloc(sizeof(DecodeThreadVars))) == NULL)
return NULL;
memset(dtv, 0, sizeof(DecodeThreadVars));
dtv->app_tctx = AppLayerGetCtxThread(tv);
/** set config defaults */
int vlanbool = 0;
if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
dtv->vlan_disabled = 1;
}
SCLogDebug("vlan tracking is %s", dtv->vlan_disabled == 0 ? "enabled" : "disabled");
return dtv;
}
static int32_t SetupBuiltinMpm(DetectEngineCtx *de_ctx, const char *name)
{
/* default to whatever the global setting is */
int shared = (de_ctx->sgh_mpm_context == ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE);
/* see if we use a unique or shared mpm ctx for this type */
int confshared = 0;
char confstring[256] = "detect.mpm.";
strlcat(confstring, name, sizeof(confstring));
strlcat(confstring, ".shared", sizeof(confstring));
if (ConfGetBool(confstring, &confshared) == 1)
shared = confshared;
int32_t ctx;
if (shared == 0) {
ctx = MPM_CTX_FACTORY_UNIQUE_CONTEXT;
SCLogInfo("using unique mpm ctx' for %s", name);
} else {
ctx = MpmFactoryRegisterMpmCtxProfile(de_ctx, name);
SCLogInfo("using shared mpm ctx' for %s", name);
}
return ctx;
}
void vDos_Init(void)
{
hideWinTill = GetTickCount()+2500; // Auto hidden till first keyboard check, parachute at 2.5 secs
LOG_MSG("vDos version: %s", vDosVersion);
#ifndef WITHIRQ1
// Wil have been called earlier in starup if WITHIRQ1 is defined
vDos_LoadConfig();
#endif
GUI_StartUp();
IO_Init();
PAGING_Init();
MEM_Init();
CALLBACK_Init();
PIC_Init();
PROGRAMS_Init();
TIMER_Init();
// CMOS_Init();
VGA_Init();
CPU_Init();
KEYBOARD_Init();
BIOS_Init();
INT10_Init();
MOUSE_Init();
SERIAL_Init();
PARALLEL_Init();
printTimeout = ConfGetBool("timeout");
DOS_Init();
XMS_Init();
EMS_Init();
if (errorMess[0])
MessageBox(NULL, errorMess+1, "vDos: CONFIG.TXT has unresolved items", MB_OK|MB_ICONWARNING);
SHELL_Init(); // Start up main machine
}
/** \brief To initialize the NFQ global configuration data
*
* \param quiet It tells the mode of operation, if it is TRUE nothing will
* be get printed.
*/
void NFQInitConfig(char quiet)
{
intmax_t value = 0;
char* nfq_mode = NULL;
int boolval;
SCLogDebug("Initializing NFQ");
memset(&nfq_config, 0, sizeof(nfq_config));
if ((ConfGet("nfq.mode", &nfq_mode)) == 0) {
nfq_config.mode = NFQ_ACCEPT_MODE;
} else {
if (!strcmp("accept", nfq_mode)) {
nfq_config.mode = NFQ_ACCEPT_MODE;
} else if (!strcmp("repeat", nfq_mode)) {
nfq_config.mode = NFQ_REPEAT_MODE;
} else if (!strcmp("route", nfq_mode)) {
nfq_config.mode = NFQ_ROUTE_MODE;
} else {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Unknown nfq.mode");
exit(EXIT_FAILURE);
}
}
(void)ConfGetBool("nfq.fail-open", (int *)&boolval);
if (boolval) {
#ifdef HAVE_NFQ_SET_QUEUE_FLAGS
SCLogInfo("Enabling fail-open on queue");
nfq_config.flags |= NFQ_FLAG_FAIL_OPEN;
#else
SCLogError(SC_ERR_NFQ_NOSUPPORT,
"nfq.fail-open set but NFQ library has no support for it.");
#endif
}
if ((ConfGetInt("nfq.repeat-mark", &value)) == 1) {
nfq_config.mark = (uint32_t)value;
}
if ((ConfGetInt("nfq.repeat-mask", &value)) == 1) {
nfq_config.mask = (uint32_t)value;
}
if ((ConfGetInt("nfq.route-queue", &value)) == 1) {
nfq_config.next_queue = ((uint32_t)value) << 16;
}
if (!quiet) {
switch (nfq_config.mode) {
case NFQ_ACCEPT_MODE:
SCLogInfo("NFQ running in standard ACCEPT/DROP mode");
break;
case NFQ_REPEAT_MODE:
SCLogInfo("NFQ running in REPEAT mode with mark %"PRIu32"/%"PRIu32,
nfq_config.mark, nfq_config.mask);
break;
case NFQ_ROUTE_MODE:
SCLogInfo("NFQ running in route mode with next queue %"PRIu32,
nfq_config.next_queue);
break;
}
}
}
/**
* \brief Single thread version of the Pcap file processing.
*/
int RunModeFilePcapSingle(void)
{
const char *file = NULL;
char tname[TM_THREAD_NAME_MAX];
if (ConfGet("pcap-file.file", &file) == 0) {
SCLogError(SC_ERR_RUNMODE, "Failed retrieving pcap-file from Conf");
exit(EXIT_FAILURE);
}
RunModeInitialize();
TimeModeSetOffline();
PcapFileGlobalInit();
snprintf(tname, sizeof(tname), "%s#01", thread_name_single);
/* create the threads */
ThreadVars *tv = TmThreadCreatePacketHandler(tname,
"packetpool", "packetpool",
"packetpool", "packetpool",
"pktacqloop");
if (tv == NULL) {
SCLogError(SC_ERR_RUNMODE, "threading setup failed");
exit(EXIT_FAILURE);
}
TmModule *tm_module = TmModuleGetByName("ReceivePcapFile");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName failed for ReceivePcap");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv, tm_module, file);
tm_module = TmModuleGetByName("DecodePcapFile");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName DecodePcap failed");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv, tm_module, NULL);
tm_module = TmModuleGetByName("FlowWorker");
if (tm_module == NULL) {
SCLogError(SC_ERR_RUNMODE, "TmModuleGetByName for FlowWorker failed");
exit(EXIT_FAILURE);
}
TmSlotSetFuncAppend(tv, tm_module, NULL);
TmThreadSetCPU(tv, WORKER_CPU_SET);
#ifndef AFLFUZZ_PCAP_RUNMODE
if (TmThreadSpawn(tv) != TM_ECODE_OK) {
SCLogError(SC_ERR_RUNMODE, "TmThreadSpawn failed");
exit(EXIT_FAILURE);
}
#else
/* in afl mode we don't spawn a new thread, but run the pipeline
* in the main thread */
tv->tm_func(tv);
int afl_runmode_exit_immediately = 0;
(void)ConfGetBool("afl.exit_after_pcap", &afl_runmode_exit_immediately);
if (afl_runmode_exit_immediately) {
SCLogNotice("exit because of afl-runmode-exit-after-pcap commandline option");
exit(EXIT_SUCCESS);
}
#endif
return 0;
}
