static int StoreQueueId(TmqhFlowCtx *ctx, char *name)
{
Tmq *tmq = TmqGetQueueByName(name);
if (tmq == NULL) {
tmq = TmqCreateQueue(SCStrdup(name));
if (tmq == NULL)
return -1;
}
tmq->writer_cnt++;
uint16_t id = tmq->id;
if (ctx->queues == NULL) {
ctx->size = 1;
ctx->queues = SCMalloc(ctx->size * sizeof(TmqhFlowMode));
if (ctx->queues == NULL) {
return -1;
}
memset(ctx->queues, 0, ctx->size * sizeof(TmqhFlowMode));
} else {
ctx->size++;
ctx->queues = SCRealloc(ctx->queues, ctx->size * sizeof(TmqhFlowMode));
if (ctx->queues == NULL) {
return -1;
}
memset(ctx->queues + (ctx->size - 1), 0, sizeof(TmqhFlowMode));
}
ctx->queues[ctx->size - 1].q = &trans_q[id];
SC_ATOMIC_INIT(ctx->queues[ctx->size - 1].total_packets);
SC_ATOMIC_INIT(ctx->queues[ctx->size - 1].total_flows);
return 0;
}
RingBuffer16 *RingBufferInit(void) {
RingBuffer16 *rb = SCMalloc(sizeof(RingBuffer16));
if (unlikely(rb == NULL)) {
return NULL;
}
memset(rb, 0x00, sizeof(RingBuffer16));
SC_ATOMIC_INIT(rb->write);
SC_ATOMIC_INIT(rb->read);
SCSpinInit(&rb->spin, 0);
#ifdef RINGBUFFER_MUTEX_WAIT
SCMutexInit(&rb->wait_mutex, NULL);
SCCondInit(&rb->wait_cond, NULL);
#endif
return rb;
}
void LogFilestoreRegister (void)
{
OutputRegisterFiledataModule(LOGGER_FILE_STORE, MODULE_NAME, "file",
LogFilestoreLogInitCtx, LogFilestoreLogger, LogFilestoreLogThreadInit,
LogFilestoreLogThreadDeinit, LogFilestoreLogExitPrintStats);
OutputRegisterFiledataModule(LOGGER_FILE_STORE, MODULE_NAME, "file-store",
LogFilestoreLogInitCtx, LogFilestoreLogger, LogFilestoreLogThreadInit,
LogFilestoreLogThreadDeinit, LogFilestoreLogExitPrintStats);
SC_ATOMIC_INIT(filestore_open_file_cnt);
SC_ATOMIC_SET(filestore_open_file_cnt, 0);
SCLogDebug("registered");
}
void HTPParseMemcap()
{
char *conf_val;
/** set config values for memcap, prealloc and hash_size */
if ((ConfGet("app-layer.protocols.http.memcap", &conf_val)) == 1)
{
if (ParseSizeStringU64(conf_val, &htp_config_memcap) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing http.memcap "
"from conf file - %s. Killing engine",
conf_val);
exit(EXIT_FAILURE);
}
SCLogInfo("HTTP memcap: %"PRIu64, htp_config_memcap);
} else {
/* default to unlimited */
htp_config_memcap = 0;
}
SC_ATOMIC_INIT(htp_memuse);
SC_ATOMIC_INIT(htp_memcap);
}
/**
* \brief extract information from config file
*
* The returned structure will be freed by the thread init function.
* This is thus necessary to or copy the structure before giving it
* to thread or to reparse the file for each thread (and thus have
* new structure.
*
* \return a NetmapIfaceConfig corresponding to the interface name
*/
static void *ParseNetmapConfig(const char *iface_name)
{
ConfNode *if_root = NULL;
ConfNode *if_default = NULL;
ConfNode *netmap_node;
char *out_iface = NULL;
if (iface_name == NULL) {
return NULL;
}
NetmapIfaceConfig *aconf = SCMalloc(sizeof(*aconf));
if (unlikely(aconf == NULL)) {
return NULL;
}
memset(aconf, 0, sizeof(*aconf));
aconf->DerefFunc = NetmapDerefConfig;
strlcpy(aconf->iface_name, iface_name, sizeof(aconf->iface_name));
SC_ATOMIC_INIT(aconf->ref);
(void) SC_ATOMIC_ADD(aconf->ref, 1);
/* Find initial node */
netmap_node = ConfGetNode("netmap");
if (netmap_node == NULL) {
SCLogInfo("Unable to find netmap config using default value");
} else {
if_root = ConfFindDeviceConfig(netmap_node, aconf->iface_name);
if_default = ConfFindDeviceConfig(netmap_node, "default");
}
/* parse settings for capture iface */
ParseNetmapSettings(&aconf->in, aconf->iface_name, if_root, if_default);
/* if we have a copy iface, parse that as well */
if (netmap_node != NULL) {
if (ConfGetChildValueWithDefault(if_root, if_default, "copy-iface", &out_iface) == 1) {
if (strlen(out_iface) > 0) {
if_root = ConfFindDeviceConfig(netmap_node, out_iface);
ParseNetmapSettings(&aconf->out, out_iface, if_root, if_default);
}
}
}
SC_ATOMIC_RESET(aconf->ref);
(void) SC_ATOMIC_ADD(aconf->ref, aconf->in.threads);
SCLogPerf("Using %d threads for interface %s", aconf->in.threads,
aconf->iface_name);
return aconf;
}
void TagInitCtx(void)
{
SC_ATOMIC_INIT(num_tags);
host_tag_id = HostStorageRegister("tag", sizeof(void *), NULL, DetectTagDataListFree);
if (host_tag_id == -1) {
SCLogError(SC_ERR_HOST_INIT, "Can't initiate host storage for tag");
exit(EXIT_FAILURE);
}
flow_tag_id = FlowStorageRegister("tag", sizeof(void *), NULL, DetectTagDataListFree);
if (flow_tag_id == -1) {
SCLogError(SC_ERR_FLOW_INIT, "Can't initiate flow storage for tag");
exit(EXIT_FAILURE);
}
}
void TmModuleLogFilestoreRegister (void) {
tmm_modules[TMM_FILESTORE].name = MODULE_NAME;
tmm_modules[TMM_FILESTORE].ThreadInit = LogFilestoreLogThreadInit;
tmm_modules[TMM_FILESTORE].Func = LogFilestoreLog;
tmm_modules[TMM_FILESTORE].ThreadExitPrintStats = LogFilestoreLogExitPrintStats;
tmm_modules[TMM_FILESTORE].ThreadDeinit = LogFilestoreLogThreadDeinit;
tmm_modules[TMM_FILESTORE].RegisterTests = NULL;
tmm_modules[TMM_FILESTORE].cap_flags = 0;
OutputRegisterModule(MODULE_NAME, "file", LogFilestoreLogInitCtx);
OutputRegisterModule(MODULE_NAME, "file-store", LogFilestoreLogInitCtx);
SCLogDebug("registered");
SC_ATOMIC_INIT(file_id);
}
/**
* \brief setup the queue handlers ctx
*
* Parses a comma separated string "queuename1,queuename2,etc"
* and sets the ctx up to devide flows over these queue's.
*
* \param queue_str comma separated string with output queue names
*
* \retval ctx queues handlers ctx or NULL in error
*/
void *TmqhOutputFlowSetupCtx(char *queue_str)
{
if (queue_str == NULL || strlen(queue_str) == 0)
return NULL;
SCLogDebug("queue_str %s", queue_str);
TmqhFlowCtx *ctx = SCMalloc(sizeof(TmqhFlowCtx));
if (unlikely(ctx == NULL))
return NULL;
memset(ctx,0x00,sizeof(TmqhFlowCtx));
char *str = SCStrdup(queue_str);
if (unlikely(str == NULL)) {
goto error;
}
char *tstr = str;
/* parse the comma separated string */
do {
char *comma = strchr(tstr,',');
if (comma != NULL) {
*comma = '\0';
char *qname = tstr;
int r = StoreQueueId(ctx,qname);
if (r < 0)
goto error;
} else {
char *qname = tstr;
int r = StoreQueueId(ctx,qname);
if (r < 0)
goto error;
}
tstr = comma ? (comma + 1) : comma;
} while (tstr != NULL);
SC_ATOMIC_INIT(ctx->round_robin_idx);
SCFree(str);
return (void *)ctx;
error:
SCFree(ctx);
if (str != NULL)
SCFree(str);
return NULL;
}
static TmEcode FlowWorkerThreadInit(ThreadVars *tv, const void *initdata, void **data)
{
FlowWorkerThreadData *fw = SCCalloc(1, sizeof(*fw));
if (fw == NULL)
return TM_ECODE_FAILED;
SC_ATOMIC_INIT(fw->detect_thread);
SC_ATOMIC_SET(fw->detect_thread, NULL);
fw->dtv = DecodeThreadVarsAlloc(tv);
if (fw->dtv == NULL) {
FlowWorkerThreadDeinit(tv, fw);
return TM_ECODE_FAILED;
}
/* setup TCP */
if (StreamTcpThreadInit(tv, NULL, &fw->stream_thread_ptr) != TM_ECODE_OK) {
FlowWorkerThreadDeinit(tv, fw);
return TM_ECODE_FAILED;
}
if (DetectEngineEnabled()) {
/* setup DETECT */
void *detect_thread = NULL;
if (DetectEngineThreadCtxInit(tv, NULL, &detect_thread) != TM_ECODE_OK) {
FlowWorkerThreadDeinit(tv, fw);
return TM_ECODE_FAILED;
}
SC_ATOMIC_SET(fw->detect_thread, detect_thread);
}
/* Setup outputs for this thread. */
if (OutputLoggerThreadInit(tv, initdata, &fw->output_thread) != TM_ECODE_OK) {
FlowWorkerThreadDeinit(tv, fw);
return TM_ECODE_FAILED;
}
DecodeRegisterPerfCounters(fw->dtv, tv);
AppLayerRegisterThreadCounters(tv);
/* setup pq for stream end pkts */
memset(&fw->pq, 0, sizeof(PacketQueue));
SCMutexInit(&fw->pq.mutex_q, NULL);
*data = fw;
return TM_ECODE_OK;
}
void PacketPoolInitEmpty(void)
{
#ifndef TLS
TmqhPacketPoolInit();
#endif
PktPool *my_pool = GetThreadPacketPool();
#ifdef DEBUG_VALIDATION
BUG_ON(my_pool->initialized);
my_pool->initialized = 1;
my_pool->destroyed = 0;
#endif /* DEBUG_VALIDATION */
SCMutexInit(&my_pool->return_stack.mutex, NULL);
SCCondInit(&my_pool->return_stack.cond, NULL);
SC_ATOMIC_INIT(my_pool->return_stack.sync_now);
}
Host *HostAlloc(void) {
if (!(HOST_CHECK_MEMCAP(sizeof(Host)))) {
return NULL;
}
(void) SC_ATOMIC_ADD(host_memuse, sizeof(Host));
Host *h = SCMalloc(sizeof(Host));
if (unlikely(h == NULL))
goto error;
memset(h, 0x00, sizeof(Host));
SCMutexInit(&h->m, NULL);
SC_ATOMIC_INIT(h->use_cnt);
return h;
error:
return NULL;
}
IPPair *IPPairAlloc(void)
{
if (!(IPPAIR_CHECK_MEMCAP(g_ippair_size))) {
return NULL;
}
(void) SC_ATOMIC_ADD(ippair_memuse, g_ippair_size);
IPPair *h = SCMalloc(g_ippair_size);
if (unlikely(h == NULL))
goto error;
memset(h, 0x00, g_ippair_size);
SCMutexInit(&h->m, NULL);
SC_ATOMIC_INIT(h->use_cnt);
return h;
error:
return NULL;
}
static DefragTracker *DefragTrackerAlloc(void)
{
if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) {
return NULL;
}
(void) SC_ATOMIC_ADD(defrag_memuse, sizeof(DefragTracker));
DefragTracker *dt = SCMalloc(sizeof(DefragTracker));
if (unlikely(dt == NULL))
goto error;
memset(dt, 0x00, sizeof(DefragTracker));
SCMutexInit(&dt->lock, NULL);
SC_ATOMIC_INIT(dt->use_cnt);
return dt;
error:
return NULL;
}
void PacketPoolInit(void)
{
extern intmax_t max_pending_packets;
#ifndef TLS
TmqhPacketPoolInit();
#endif
PktPool *my_pool = GetThreadPacketPool();
#ifdef DEBUG_VALIDATION
BUG_ON(my_pool->initialized);
my_pool->initialized = 1;
my_pool->destroyed = 0;
#endif /* DEBUG_VALIDATION */
SCMutexInit(&my_pool->return_stack.mutex, NULL);
SCCondInit(&my_pool->return_stack.cond, NULL);
SC_ATOMIC_INIT(my_pool->return_stack.sync_now);
/* pre allocate packets */
SCLogDebug("preallocating packets... packet size %" PRIuMAX "",
(uintmax_t)SIZE_OF_PACKET);
int i = 0;
for (i = 0; i < max_pending_packets; i++) {
Packet *p = PacketGetFromAlloc();
if (unlikely(p == NULL)) {
SCLogError(SC_ERR_FATAL, "Fatal error encountered while allocating a packet. Exiting...");
exit(EXIT_FAILURE);
}
PacketPoolStorePacket(p);
}
//SCLogInfo("preallocated %"PRIiMAX" packets. Total memory %"PRIuMAX"",
// max_pending_packets, (uintmax_t)(max_pending_packets*SIZE_OF_PACKET));
}
void *ParsePcapConfig(const char *iface)
{
char *threadsstr = NULL;
ConfNode *if_root;
ConfNode *pcap_node;
PcapIfaceConfig *aconf = SCMalloc(sizeof(*aconf));
char *tmpbpf;
char *tmpctype;
intmax_t value;
if (unlikely(aconf == NULL)) {
return NULL;
}
if (iface == NULL) {
SCFree(aconf);
return NULL;
}
memset(aconf, 0x00, sizeof(*aconf));
strlcpy(aconf->iface, iface, sizeof(aconf->iface));
aconf->buffer_size = 0;
/* If set command line option has precedence over config */
if ((ConfGetInt("pcap.buffer-size", &value)) == 1) {
SCLogInfo("Pcap will use %d buffer size", (int)value);
aconf->buffer_size = value;
}
aconf->checksum_mode = CHECKSUM_VALIDATION_AUTO;
aconf->bpf_filter = NULL;
if ((ConfGet("bpf-filter", &tmpbpf)) == 1) {
aconf->bpf_filter = tmpbpf;
}
SC_ATOMIC_INIT(aconf->ref);
aconf->DerefFunc = PcapDerefConfig;
aconf->threads = 1;
/* Find initial node */
pcap_node = ConfGetNode("pcap");
if (pcap_node == NULL) {
SCLogInfo("Unable to find pcap config using default value");
return aconf;
}
if_root = ConfNodeLookupKeyValue(pcap_node, "interface", iface);
if (if_root == NULL) {
SCLogInfo("Unable to find pcap config for "
"interface %s, using default value",
iface);
return aconf;
}
if (ConfGetChildValue(if_root, "threads", &threadsstr) != 1) {
aconf->threads = 1;
} else {
if (threadsstr != NULL) {
aconf->threads = (uint8_t)atoi(threadsstr);
}
}
if (aconf->threads == 0) {
aconf->threads = 1;
}
(void) SC_ATOMIC_ADD(aconf->ref, aconf->threads);
if (aconf->buffer_size == 0) {
const char *s_limit = ConfNodeLookupChildValue(if_root, "buffer-size");
if (s_limit != NULL) {
uint64_t bsize = 0;
if (ParseSizeStringU64(s_limit, &bsize) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Failed to parse pcap buffer size: %s",
s_limit);
} else {
/* the string 2gb returns 2147483648 which is 1 to high
* for a int. */
if (bsize == (uint64_t)((uint64_t)INT_MAX + (uint64_t)1))
bsize = (uint64_t)INT_MAX;
if (bsize > INT_MAX) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Failed to set pcap buffer size: 2gb max. %"PRIu64" > %d", bsize, INT_MAX);
} else {
aconf->buffer_size = (int)bsize;
}
}
}
}
if (aconf->bpf_filter == NULL) {
/* set bpf filter if we have one */
if (ConfGetChildValue(if_root, "bpf-filter", &tmpbpf) != 1) {
SCLogDebug("could not get bpf or none specified");
} else {
aconf->bpf_filter = tmpbpf;
}
} else {
SCLogInfo("BPF filter set from command line or via old 'bpf-filter' option.");
}
if (ConfGetChildValue(if_root, "checksum-checks", &tmpctype) == 1) {
if (strcmp(tmpctype, "auto") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_AUTO;
} else if (strcmp(tmpctype, "yes") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_ENABLE;
} else if (strcmp(tmpctype, "no") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_DISABLE;
} else {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid value for checksum-checks for %s", aconf->iface);
}
}
return aconf;
}
/**
* \brief Initialize profiling.
*/
void
SCProfilingInit(void)
{
ConfNode *conf;
SC_ATOMIC_INIT(samples);
intmax_t rate_v = 0;
(void)ConfGetInt("profiling.sample-rate", &rate_v);
if (rate_v > 0 && rate_v < INT_MAX) {
rate = (int)rate_v;
if (rate != 1)
SCLogInfo("profiling runs for every %dth packet", rate);
else
SCLogInfo("profiling runs for every packet");
}
conf = ConfGetNode("profiling.packets");
if (conf != NULL) {
if (ConfNodeChildValueIsTrue(conf, "enabled")) {
profiling_packets_enabled = 1;
if (pthread_mutex_init(&packet_profile_lock, NULL) != 0) {
SCLogError(SC_ERR_MUTEX,
"Failed to initialize packet profiling mutex.");
exit(EXIT_FAILURE);
}
memset(&packet_profile_data4, 0, sizeof(packet_profile_data4));
memset(&packet_profile_data6, 0, sizeof(packet_profile_data6));
memset(&packet_profile_tmm_data4, 0, sizeof(packet_profile_tmm_data4));
memset(&packet_profile_tmm_data6, 0, sizeof(packet_profile_tmm_data6));
memset(&packet_profile_app_data4, 0, sizeof(packet_profile_app_data4));
memset(&packet_profile_app_data6, 0, sizeof(packet_profile_app_data6));
memset(&packet_profile_app_pd_data4, 0, sizeof(packet_profile_app_pd_data4));
memset(&packet_profile_app_pd_data6, 0, sizeof(packet_profile_app_pd_data6));
memset(&packet_profile_detect_data4, 0, sizeof(packet_profile_detect_data4));
memset(&packet_profile_detect_data6, 0, sizeof(packet_profile_detect_data6));
memset(&packet_profile_log_data4, 0, sizeof(packet_profile_log_data4));
memset(&packet_profile_log_data6, 0, sizeof(packet_profile_log_data6));
memset(&packet_profile_flowworker_data, 0, sizeof(packet_profile_flowworker_data));
const char *filename = ConfNodeLookupChildValue(conf, "filename");
if (filename != NULL) {
char *log_dir;
log_dir = ConfigGetLogDirectory();
profiling_packets_file_name = SCMalloc(PATH_MAX);
if (unlikely(profiling_packets_file_name == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC, "can't duplicate file name");
exit(EXIT_FAILURE);
}
snprintf(profiling_packets_file_name, PATH_MAX, "%s/%s", log_dir, filename);
const char *v = ConfNodeLookupChildValue(conf, "append");
if (v == NULL || ConfValIsTrue(v)) {
profiling_packets_file_mode = "a";
} else {
profiling_packets_file_mode = "w";
}
profiling_packets_output_to_file = 1;
}
}
conf = ConfGetNode("profiling.packets.csv");
if (conf != NULL) {
if (ConfNodeChildValueIsTrue(conf, "enabled")) {
const char *filename = ConfNodeLookupChildValue(conf, "filename");
if (filename == NULL) {
filename = "packet_profile.csv";
}
char *log_dir;
log_dir = ConfigGetLogDirectory();
profiling_csv_file_name = SCMalloc(PATH_MAX);
if (unlikely(profiling_csv_file_name == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC, "out of memory");
exit(EXIT_FAILURE);
}
snprintf(profiling_csv_file_name, PATH_MAX, "%s/%s", log_dir, filename);
packet_profile_csv_fp = fopen(profiling_csv_file_name, "w");
if (packet_profile_csv_fp == NULL) {
return;
}
fprintf(packet_profile_csv_fp, "pcap_cnt,ipver,ipproto,total,");
int i;
for (i = 0; i < TMM_SIZE; i++) {
fprintf(packet_profile_csv_fp, "%s,", TmModuleTmmIdToString(i));
}
fprintf(packet_profile_csv_fp, "threading,");
for (i = 0; i < ALPROTO_MAX; i++) {
fprintf(packet_profile_csv_fp, "%s,", AppProtoToString(i));
}
fprintf(packet_profile_csv_fp, "proto detect,");
for (i = 0; i < PROF_DETECT_SIZE; i++) {
fprintf(packet_profile_csv_fp, "%s,", PacketProfileDetectIdToString(i));
}
fprintf(packet_profile_csv_fp, "\n");
profiling_packets_csv_enabled = 1;
}
}
}
conf = ConfGetNode("profiling.locks");
if (conf != NULL) {
if (ConfNodeChildValueIsTrue(conf, "enabled")) {
#ifndef PROFILE_LOCKING
SCLogWarning(SC_WARN_PROFILE, "lock profiling not compiled in. Add --enable-profiling-locks to configure.");
#else
profiling_locks_enabled = 1;
LockRecordInitHash();
const char *filename = ConfNodeLookupChildValue(conf, "filename");
if (filename != NULL) {
char *log_dir;
log_dir = ConfigGetLogDirectory();
profiling_locks_file_name = SCMalloc(PATH_MAX);
if (unlikely(profiling_locks_file_name == NULL)) {
SCLogError(SC_ERR_MEM_ALLOC, "can't duplicate file name");
exit(EXIT_FAILURE);
}
snprintf(profiling_locks_file_name, PATH_MAX, "%s/%s", log_dir, filename);
const char *v = ConfNodeLookupChildValue(conf, "append");
if (v == NULL || ConfValIsTrue(v)) {
profiling_locks_file_mode = "a";
} else {
profiling_locks_file_mode = "w";
}
profiling_locks_output_to_file = 1;
}
#endif
}
}
}
void PcapFileGlobalInit()
{
SC_ATOMIC_INIT(pcap_g.invalid_checksums);
}
void AppLayerExpectationSetup(void)
{
g_expectation_id = IPPairStorageRegister("expectation", sizeof(void *), NULL, ExpectationListFree);
g_expectation_data_id = FlowStorageRegister("expectation", sizeof(void *), NULL, ExpectationDataFree);
SC_ATOMIC_INIT(expectation_count);
}
void PcapFileGlobalInit()
{
memset(&pcap_g, 0x00, sizeof(pcap_g));
SC_ATOMIC_INIT(pcap_g.invalid_checksums);
}
/** \brief Create a new LogFileCtx from the provided ConfNode.
* \param conf The configuration node for this output.
* \return NULL if failure, LogFileCtx* to the file_ctx if succesful
* */
OutputCtx *Unified2AlertInitCtx(ConfNode *conf)
{
int ret = 0;
LogFileCtx* file_ctx = NULL;
file_ctx = LogFileNewCtx();
if (file_ctx == NULL) {
SCLogError(SC_ERR_UNIFIED2_ALERT_GENERIC, "Couldn't create new file_ctx");
goto error;
}
const char *filename = NULL;
if (conf != NULL) { /* To faciliate unit tests. */
filename = ConfNodeLookupChildValue(conf, "filename");
}
if (filename == NULL)
filename = DEFAULT_LOG_FILENAME;
file_ctx->prefix = SCStrdup(filename);
const char *s_limit = NULL;
file_ctx->size_limit = DEFAULT_LIMIT;
if (conf != NULL) {
s_limit = ConfNodeLookupChildValue(conf, "limit");
if (s_limit != NULL) {
if (ParseSizeStringU64(s_limit, &file_ctx->size_limit) < 0) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Failed to initialize unified2 output, invalid limit: %s",
s_limit);
exit(EXIT_FAILURE);
}
if (file_ctx->size_limit < 4096) {
SCLogInfo("unified2-alert \"limit\" value of %"PRIu64" assumed to be pre-1.2 "
"style: setting limit to %"PRIu64"mb", file_ctx->size_limit, file_ctx->size_limit);
uint64_t size = file_ctx->size_limit * 1024 * 1024;
file_ctx->size_limit = size;
} else if (file_ctx->size_limit < MIN_LIMIT) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Failed to initialize unified2 output, limit less than "
"allowed minimum: %d.", MIN_LIMIT);
exit(EXIT_FAILURE);
}
}
}
if (conf != NULL) {
const char *sensor_id_s = NULL;
sensor_id_s = ConfNodeLookupChildValue(conf, "sensor-id");
if (sensor_id_s != NULL) {
if (ByteExtractStringUint32(&sensor_id, 10, 0, sensor_id_s) == -1) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Failed to initialize unified2 output, invalid sensor-id: %s", sensor_id_s);
exit(EXIT_FAILURE);
}
}
}
ret = Unified2AlertOpenFileCtx(file_ctx, filename);
if (ret < 0)
goto error;
OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));
if (unlikely(output_ctx == NULL))
goto error;
output_ctx->data = file_ctx;
output_ctx->DeInit = Unified2AlertDeInitCtx;
SCLogInfo("Unified2-alert initialized: filename %s, limit %"PRIu64" MB",
filename, file_ctx->size_limit / (1024*1024));
SC_ATOMIC_INIT(unified2_event_id);
return output_ctx;
error:
if (file_ctx != NULL) {
LogFileFreeCtx(file_ctx);
}
return NULL;
}
/**
* \brief extract information from config file
*
* The returned structure will be freed by the thread init function.
* This is thus necessary to or copy the structure before giving it
* to thread or to reparse the file for each thread (and thus have
* new structure.
*
* \return a AFPIfaceConfig corresponding to the interface name
*/
void *ParseAFPConfig(const char *iface)
{
char *threadsstr = NULL;
ConfNode *if_root;
ConfNode *if_default = NULL;
ConfNode *af_packet_node;
AFPIfaceConfig *aconf = SCMalloc(sizeof(*aconf));
char *tmpclusterid;
char *tmpctype;
char *copymodestr;
intmax_t value;
int boolval;
char *bpf_filter = NULL;
char *out_iface = NULL;
if (unlikely(aconf == NULL)) {
return NULL;
}
if (iface == NULL) {
SCFree(aconf);
return NULL;
}
strlcpy(aconf->iface, iface, sizeof(aconf->iface));
aconf->threads = 1;
SC_ATOMIC_INIT(aconf->ref);
(void) SC_ATOMIC_ADD(aconf->ref, 1);
aconf->buffer_size = 0;
aconf->cluster_id = 1;
aconf->cluster_type = PACKET_FANOUT_HASH;
aconf->promisc = 1;
aconf->checksum_mode = CHECKSUM_VALIDATION_KERNEL;
aconf->DerefFunc = AFPDerefConfig;
aconf->flags = 0;
aconf->bpf_filter = NULL;
aconf->out_iface = NULL;
aconf->copy_mode = AFP_COPY_MODE_NONE;
if (ConfGet("bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
aconf->bpf_filter = bpf_filter;
SCLogInfo("Going to use command-line provided bpf filter '%s'",
aconf->bpf_filter);
}
}
/* Find initial node */
af_packet_node = ConfGetNode("af-packet");
if (af_packet_node == NULL) {
SCLogInfo("Unable to find af-packet config using default value");
return aconf;
}
if_root = ConfNodeLookupKeyValue(af_packet_node, "interface", iface);
if_default = ConfNodeLookupKeyValue(af_packet_node, "interface", "default");
if (if_root == NULL && if_default == NULL) {
SCLogInfo("Unable to find af-packet config for "
"interface \"%s\" or \"default\", using default value",
iface);
return aconf;
}
/* If there is no setting for current interface use default one as main iface */
if (if_root == NULL) {
if_root = if_default;
if_default = NULL;
}
if (ConfGetChildValueWithDefault(if_root, if_default, "threads", &threadsstr) != 1) {
aconf->threads = 1;
} else {
if (threadsstr != NULL) {
aconf->threads = (uint8_t)atoi(threadsstr);
}
}
if (aconf->threads == 0) {
aconf->threads = 1;
}
if (ConfGetChildValueWithDefault(if_root, if_default, "copy-iface", &out_iface) == 1) {
if (strlen(out_iface) > 0) {
aconf->out_iface = out_iface;
}
}
(void)ConfGetChildValueBoolWithDefault(if_root, if_default, "use-mmap", (int *)&boolval);
if (boolval) {
SCLogInfo("Enabling mmaped capture on iface %s",
aconf->iface);
aconf->flags |= AFP_RING_MODE;
}
(void)ConfGetChildValueBoolWithDefault(if_root, if_default, "use-emergency-flush", (int *)&boolval);
if (boolval) {
SCLogInfo("Enabling ring emergency flush on iface %s",
aconf->iface);
aconf->flags |= AFP_EMERGENCY_MODE;
}
aconf->copy_mode = AFP_COPY_MODE_NONE;
if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) {
if (aconf->out_iface == NULL) {
SCLogInfo("Copy mode activated but no destination"
" iface. Disabling feature");
} else if (!(aconf->flags & AFP_RING_MODE)) {
SCLogInfo("Copy mode activated but use-mmap "
"set to no. Disabling feature");
} else if (strlen(copymodestr) <= 0) {
aconf->out_iface = NULL;
} else if (strcmp(copymodestr, "ips") == 0) {
SCLogInfo("AF_PACKET IPS mode activated %s->%s",
iface,
aconf->out_iface);
aconf->copy_mode = AFP_COPY_MODE_IPS;
} else if (strcmp(copymodestr, "tap") == 0) {
SCLogInfo("AF_PACKET TAP mode activated %s->%s",
iface,
aconf->out_iface);
aconf->copy_mode = AFP_COPY_MODE_TAP;
} else {
SCLogInfo("Invalid mode (not in tap, ips)");
}
}
SC_ATOMIC_RESET(aconf->ref);
(void) SC_ATOMIC_ADD(aconf->ref, aconf->threads);
if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-id", &tmpclusterid) != 1) {
SCLogError(SC_ERR_INVALID_ARGUMENT,"Could not get cluster-id from config");
} else {
aconf->cluster_id = (uint16_t)atoi(tmpclusterid);
SCLogDebug("Going to use cluster-id %" PRId32, aconf->cluster_id);
}
if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-type", &tmpctype) != 1) {
SCLogError(SC_ERR_GET_CLUSTER_TYPE_FAILED,"Could not get cluster-type from config");
} else if (strcmp(tmpctype, "cluster_round_robin") == 0) {
SCLogInfo("Using round-robin cluster mode for AF_PACKET (iface %s)",
aconf->iface);
aconf->cluster_type = PACKET_FANOUT_LB;
} else if (strcmp(tmpctype, "cluster_flow") == 0) {
/* In hash mode, we also ask for defragmentation needed to
* compute the hash */
uint16_t defrag = 0;
int conf_val = 0;
SCLogInfo("Using flow cluster mode for AF_PACKET (iface %s)",
aconf->iface);
ConfGetChildValueBoolWithDefault(if_root, if_default, "defrag", &conf_val);
if (conf_val) {
SCLogInfo("Using defrag kernel functionality for AF_PACKET (iface %s)",
aconf->iface);
defrag = PACKET_FANOUT_FLAG_DEFRAG;
}
aconf->cluster_type = PACKET_FANOUT_HASH | defrag;
} else if (strcmp(tmpctype, "cluster_cpu") == 0) {
SCLogInfo("Using cpu cluster mode for AF_PACKET (iface %s)",
aconf->iface);
aconf->cluster_type = PACKET_FANOUT_CPU;
} else {
SCLogError(SC_ERR_INVALID_CLUSTER_TYPE,"invalid cluster-type %s",tmpctype);
SCFree(aconf);
return NULL;
}
/*load af_packet bpf filter*/
/* command line value has precedence */
if (ConfGet("bpf-filter", &bpf_filter) != 1) {
if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
aconf->bpf_filter = bpf_filter;
SCLogInfo("Going to use bpf filter %s", aconf->bpf_filter);
}
}
}
if ((ConfGetChildValueIntWithDefault(if_root, if_default, "buffer-size", &value)) == 1) {
aconf->buffer_size = value;
} else {
aconf->buffer_size = 0;
}
if ((ConfGetChildValueIntWithDefault(if_root, if_default, "ring-size", &value)) == 1) {
aconf->ring_size = value;
if (value * aconf->threads < max_pending_packets) {
aconf->ring_size = max_pending_packets / aconf->threads + 1;
SCLogWarning(SC_ERR_AFP_CREATE, "Inefficient setup: ring-size < max_pending_packets. "
"Resetting to decent value %d.", aconf->ring_size);
/* We want at least that max_pending_packets packets can be handled by the
* interface. This is generous if we have multiple interfaces listening. */
}
} else {
/* We want that max_pending_packets packets can be handled by suricata
* for this interface. To take burst into account we multiply the obtained
* size by 2. */
aconf->ring_size = max_pending_packets * 2 / aconf->threads;
}
(void)ConfGetChildValueBoolWithDefault(if_root, if_default, "disable-promisc", (int *)&boolval);
if (boolval) {
SCLogInfo("Disabling promiscuous mode on iface %s",
aconf->iface);
aconf->promisc = 0;
}
if (ConfGetChildValueWithDefault(if_root, if_default, "checksum-checks", &tmpctype) == 1) {
if (strcmp(tmpctype, "auto") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_AUTO;
} else if (strcmp(tmpctype, "yes") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_ENABLE;
} else if (strcmp(tmpctype, "no") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_DISABLE;
} else if (strcmp(tmpctype, "kernel") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_KERNEL;
} else {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid value for checksum-checks for %s", aconf->iface);
}
}
return aconf;
}
/** \brief initialize the configuration
* \warning Not thread safe */
void HostInitConfig(char quiet)
{
SCLogDebug("initializing host engine...");
memset(&host_config, 0, sizeof(host_config));
//SC_ATOMIC_INIT(flow_flags);
SC_ATOMIC_INIT(host_counter);
SC_ATOMIC_INIT(host_memuse);
SC_ATOMIC_INIT(host_prune_idx);
HostQueueInit(&host_spare_q);
unsigned int seed = RandomTimePreseed();
/* set defaults */
host_config.hash_rand = (int)( HOST_DEFAULT_HASHSIZE * (rand_r(&seed) / RAND_MAX + 1.0));
host_config.hash_size = HOST_DEFAULT_HASHSIZE;
host_config.memcap = HOST_DEFAULT_MEMCAP;
host_config.prealloc = HOST_DEFAULT_PREALLOC;
/* Check if we have memcap and hash_size defined at config */
char *conf_val;
uint32_t configval = 0;
/** set config values for memcap, prealloc and hash_size */
if ((ConfGet("host.memcap", &conf_val)) == 1)
{
if (ParseSizeStringU64(conf_val, &host_config.memcap) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing host.memcap "
"from conf file - %s. Killing engine",
conf_val);
exit(EXIT_FAILURE);
}
}
if ((ConfGet("host.hash-size", &conf_val)) == 1)
{
if (ByteExtractStringUint32(&configval, 10, strlen(conf_val),
conf_val) > 0) {
host_config.hash_size = configval;
}
}
if ((ConfGet("host.prealloc", &conf_val)) == 1)
{
if (ByteExtractStringUint32(&configval, 10, strlen(conf_val),
conf_val) > 0) {
host_config.prealloc = configval;
}
}
SCLogDebug("Host config from suricata.yaml: memcap: %"PRIu64", hash-size: "
"%"PRIu32", prealloc: %"PRIu32, host_config.memcap,
host_config.hash_size, host_config.prealloc);
/* alloc hash memory */
uint64_t hash_size = host_config.hash_size * sizeof(HostHashRow);
if (!(HOST_CHECK_MEMCAP(hash_size))) {
SCLogError(SC_ERR_HOST_INIT, "allocating host hash failed: "
"max host memcap is smaller than projected hash size. "
"Memcap: %"PRIu64", Hash table size %"PRIu64". Calculate "
"total hash size by multiplying \"host.hash-size\" with %"PRIuMAX", "
"which is the hash bucket size.", host_config.memcap, hash_size,
(uintmax_t)sizeof(HostHashRow));
exit(EXIT_FAILURE);
}
host_hash = SCCalloc(host_config.hash_size, sizeof(HostHashRow));
if (unlikely(host_hash == NULL)) {
SCLogError(SC_ERR_FATAL, "Fatal error encountered in HostInitConfig. Exiting...");
exit(EXIT_FAILURE);
}
memset(host_hash, 0, host_config.hash_size * sizeof(HostHashRow));
uint32_t i = 0;
for (i = 0; i < host_config.hash_size; i++) {
HRLOCK_INIT(&host_hash[i]);
}
(void) SC_ATOMIC_ADD(host_memuse, (host_config.hash_size * sizeof(HostHashRow)));
if (quiet == FALSE) {
SCLogInfo("allocated %llu bytes of memory for the host hash... "
"%" PRIu32 " buckets of size %" PRIuMAX "",
SC_ATOMIC_GET(host_memuse), host_config.hash_size,
(uintmax_t)sizeof(HostHashRow));
}
/* pre allocate hosts */
for (i = 0; i < host_config.prealloc; i++) {
if (!(HOST_CHECK_MEMCAP(sizeof(Host)))) {
SCLogError(SC_ERR_HOST_INIT, "preallocating hosts failed: "
"max host memcap reached. Memcap %"PRIu64", "
"Memuse %"PRIu64".", host_config.memcap,
((uint64_t)SC_ATOMIC_GET(host_memuse) + (uint64_t)sizeof(Host)));
exit(EXIT_FAILURE);
}
Host *h = HostAlloc();
if (h == NULL) {
SCLogError(SC_ERR_HOST_INIT, "preallocating host failed: %s", strerror(errno));
exit(EXIT_FAILURE);
}
HostEnqueue(&host_spare_q,h);
}
if (quiet == FALSE) {
SCLogInfo("preallocated %" PRIu32 " hosts of size %" PRIuMAX "",
host_spare_q.len, (uintmax_t)sizeof(Host));
SCLogInfo("host memory usage: %llu bytes, maximum: %"PRIu64,
SC_ATOMIC_GET(host_memuse), host_config.memcap);
}
return;
}
/**
* \brief extract information from config file
*
* The returned structure will be freed by the thread init function.
* This is thus necessary to or copy the structure before giving it
* to thread or to reparse the file for each thread (and thus have
* new structure.
*
* \return a AFPIfaceConfig corresponding to the interface name
*/
void *ParseAFPConfig(const char *iface)
{
char *threadsstr = NULL;
ConfNode *if_root;
ConfNode *af_packet_node;
AFPIfaceConfig *aconf = SCMalloc(sizeof(*aconf));
char *tmpclusterid;
char *tmpctype;
intmax_t value;
int boolval;
char *bpf_filter = NULL;
if (aconf == NULL) {
return NULL;
}
if (iface == NULL) {
SCFree(aconf);
return NULL;
}
strlcpy(aconf->iface, iface, sizeof(aconf->iface));
aconf->threads = 1;
SC_ATOMIC_INIT(aconf->ref);
(void) SC_ATOMIC_ADD(aconf->ref, 1);
aconf->buffer_size = 0;
aconf->cluster_id = 1;
aconf->cluster_type = PACKET_FANOUT_HASH;
aconf->promisc = 1;
aconf->checksum_mode = CHECKSUM_VALIDATION_KERNEL;
aconf->DerefFunc = AFPDerefConfig;
aconf->flags = 0;
aconf->bpf_filter = NULL;
if (ConfGet("bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
aconf->bpf_filter = bpf_filter;
SCLogInfo("Going to use command-line provided bpf filter '%s'",
aconf->bpf_filter);
}
}
/* Find initial node */
af_packet_node = ConfGetNode("af-packet");
if (af_packet_node == NULL) {
SCLogInfo("Unable to find af-packet config using default value");
return aconf;
}
if_root = ConfNodeLookupKeyValue(af_packet_node, "interface", iface);
if (if_root == NULL) {
SCLogInfo("Unable to find af-packet config for "
"interface %s, using default value",
iface);
return aconf;
}
if (ConfGetChildValue(if_root, "threads", &threadsstr) != 1) {
aconf->threads = 1;
} else {
if (threadsstr != NULL) {
aconf->threads = (uint8_t)atoi(threadsstr);
}
}
if (aconf->threads == 0) {
aconf->threads = 1;
}
SC_ATOMIC_RESET(aconf->ref);
(void) SC_ATOMIC_ADD(aconf->ref, aconf->threads);
if (ConfGetChildValue(if_root, "cluster-id", &tmpclusterid) != 1) {
SCLogError(SC_ERR_INVALID_ARGUMENT,"Could not get cluster-id from config");
} else {
aconf->cluster_id = (uint16_t)atoi(tmpclusterid);
SCLogDebug("Going to use cluster-id %" PRId32, aconf->cluster_id);
}
if (ConfGetChildValue(if_root, "cluster-type", &tmpctype) != 1) {
SCLogError(SC_ERR_GET_CLUSTER_TYPE_FAILED,"Could not get cluster-type from config");
} else if (strcmp(tmpctype, "cluster_round_robin") == 0) {
SCLogInfo("Using round-robin cluster mode for AF_PACKET (iface %s)",
aconf->iface);
aconf->cluster_type = PACKET_FANOUT_LB;
} else if (strcmp(tmpctype, "cluster_flow") == 0) {
/* In hash mode, we also ask for defragmentation needed to
* compute the hash */
uint16_t defrag = 0;
SCLogInfo("Using flow cluster mode for AF_PACKET (iface %s)",
aconf->iface);
ConfGetChildValueBool(if_root, "defrag", (int *)&defrag);
if (defrag) {
SCLogInfo("Using defrag kernel functionnality for AF_PACKET (iface %s)",
aconf->iface);
defrag = PACKET_FANOUT_FLAG_DEFRAG;
}
aconf->cluster_type = PACKET_FANOUT_HASH | defrag;
} else if (strcmp(tmpctype, "cluster_cpu") == 0) {
SCLogInfo("Using cpu cluster mode for AF_PACKET (iface %s)",
aconf->iface);
aconf->cluster_type = PACKET_FANOUT_CPU;
} else {
SCLogError(SC_ERR_INVALID_CLUSTER_TYPE,"invalid cluster-type %s",tmpctype);
SCFree(aconf);
return NULL;
}
/*load af_packet bpf filter*/
/* command line value has precedence */
if (ConfGet("bpf-filter", &bpf_filter) != 1) {
if (ConfGetChildValue(if_root, "bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
aconf->bpf_filter = bpf_filter;
SCLogInfo("Going to use bpf filter %s", aconf->bpf_filter);
}
}
}
if ((ConfGetChildValueInt(if_root, "buffer-size", &value)) == 1) {
aconf->buffer_size = value;
} else {
aconf->buffer_size = 0;
}
(void)ConfGetChildValueBool(if_root, "disable-promisc", (int *)&boolval);
if (boolval) {
SCLogInfo("Disabling promiscuous mode on iface %s",
aconf->iface);
aconf->promisc = 0;
}
(void)ConfGetChildValueBool(if_root, "use-mmap", (int *)&boolval);
if (boolval) {
SCLogInfo("Enabling mmaped capture on iface %s",
aconf->iface);
aconf->flags |= AFP_RING_MODE;
}
if (ConfGetChildValue(if_root, "checksum-checks", &tmpctype) == 1) {
if (strcmp(tmpctype, "auto") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_AUTO;
} else if (strcmp(tmpctype, "yes") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_ENABLE;
} else if (strcmp(tmpctype, "no") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_DISABLE;
} else if (strcmp(tmpctype, "kernel") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_KERNEL;
} else {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid value for checksum-checks for %s", aconf->iface);
}
}
return aconf;
}
/**
* \brief extract information from config file
*
* The returned structure will be freed by the thread init function.
* This is thus necessary to or copy the structure before giving it
* to thread or to reparse the file for each thread (and thus have
* new structure.
*
* If old config system is used, then return the smae parameters
* value for each interface.
*
* \return a PfringIfaceConfig corresponding to the interface name
*/
void *OldParsePfringConfig(const char *iface)
{
char *threadsstr = NULL;
PfringIfaceConfig *pfconf = SCMalloc(sizeof(*pfconf));
char *tmpclusterid;
#ifdef HAVE_PFRING_CLUSTER_TYPE
char *tmpctype = NULL;
cluster_type default_ctype = CLUSTER_ROUND_ROBIN;
#endif
if (unlikely(pfconf == NULL)) {
return NULL;
}
if (iface == NULL) {
SCFree(pfconf);
return NULL;
}
strlcpy(pfconf->iface, iface, sizeof(pfconf->iface));
pfconf->threads = 1;
pfconf->cluster_id = 1;
#ifdef HAVE_PFRING_CLUSTER_TYPE
pfconf->ctype = default_ctype;
#endif
pfconf->DerefFunc = PfringDerefConfig;
pfconf->checksum_mode = CHECKSUM_VALIDATION_AUTO;
SC_ATOMIC_INIT(pfconf->ref);
(void) SC_ATOMIC_ADD(pfconf->ref, 1);
/* Find initial node */
if (ConfGet("pfring.threads", &threadsstr) != 1) {
pfconf->threads = 1;
} else {
if (threadsstr != NULL) {
pfconf->threads = (uint8_t)atoi(threadsstr);
}
}
if (pfconf->threads == 0) {
pfconf->threads = 1;
}
SC_ATOMIC_RESET(pfconf->ref);
(void) SC_ATOMIC_ADD(pfconf->ref, pfconf->threads);
if (ConfGet("pfring.cluster-id", &tmpclusterid) != 1) {
SCLogError(SC_ERR_INVALID_ARGUMENT,"Could not get cluster-id from config");
} else {
pfconf->cluster_id = (uint16_t)atoi(tmpclusterid);
SCLogDebug("Going to use cluster-id %" PRId32, pfconf->cluster_id);
}
#ifdef HAVE_PFRING_CLUSTER_TYPE
if (ConfGet("pfring.cluster-type", &tmpctype) != 1) {
SCLogError(SC_ERR_GET_CLUSTER_TYPE_FAILED,"Could not get cluster-type fron config");
} else if (strcmp(tmpctype, "cluster_round_robin") == 0) {
SCLogInfo("Using round-robin cluster mode for PF_RING (iface %s)",
pfconf->iface);
pfconf->ctype = (cluster_type)tmpctype;
} else if (strcmp(tmpctype, "cluster_flow") == 0) {
SCLogInfo("Using flow cluster mode for PF_RING (iface %s)",
pfconf->iface);
pfconf->ctype = (cluster_type)tmpctype;
} else {
SCLogError(SC_ERR_INVALID_CLUSTER_TYPE,"invalid cluster-type %s",tmpctype);
SCFree(pfconf);
return NULL;
}
#endif
return pfconf;
}
/** \brief initialize the configuration
* \warning Not thread safe */
void DefragInitConfig(char quiet)
{
SCLogDebug("initializing defrag engine...");
memset(&defrag_config, 0, sizeof(defrag_config));
//SC_ATOMIC_INIT(flow_flags);
SC_ATOMIC_INIT(defragtracker_counter);
SC_ATOMIC_INIT(defrag_memuse);
SC_ATOMIC_INIT(defragtracker_prune_idx);
DefragTrackerQueueInit(&defragtracker_spare_q);
/* set defaults */
defrag_config.hash_rand = (uint32_t)RandomGet();
defrag_config.hash_size = DEFRAG_DEFAULT_HASHSIZE;
defrag_config.memcap = DEFRAG_DEFAULT_MEMCAP;
defrag_config.prealloc = DEFRAG_DEFAULT_PREALLOC;
/* Check if we have memcap and hash_size defined at config */
const char *conf_val;
uint32_t configval = 0;
/** set config values for memcap, prealloc and hash_size */
if ((ConfGet("defrag.memcap", &conf_val)) == 1)
{
if (ParseSizeStringU64(conf_val, &defrag_config.memcap) < 0) {
SCLogError(SC_ERR_SIZE_PARSE, "Error parsing defrag.memcap "
"from conf file - %s. Killing engine",
conf_val);
exit(EXIT_FAILURE);
}
}
if ((ConfGet("defrag.hash-size", &conf_val)) == 1)
{
if (ByteExtractStringUint32(&configval, 10, strlen(conf_val),
conf_val) > 0) {
defrag_config.hash_size = configval;
} else {
WarnInvalidConfEntry("defrag.hash-size", "%"PRIu32, defrag_config.hash_size);
}
}
if ((ConfGet("defrag.trackers", &conf_val)) == 1)
{
if (ByteExtractStringUint32(&configval, 10, strlen(conf_val),
conf_val) > 0) {
defrag_config.prealloc = configval;
} else {
WarnInvalidConfEntry("defrag.trackers", "%"PRIu32, defrag_config.prealloc);
}
}
SCLogDebug("DefragTracker config from suricata.yaml: memcap: %"PRIu64", hash-size: "
"%"PRIu32", prealloc: %"PRIu32, defrag_config.memcap,
defrag_config.hash_size, defrag_config.prealloc);
/* alloc hash memory */
uint64_t hash_size = defrag_config.hash_size * sizeof(DefragTrackerHashRow);
if (!(DEFRAG_CHECK_MEMCAP(hash_size))) {
SCLogError(SC_ERR_DEFRAG_INIT, "allocating defrag hash failed: "
"max defrag memcap is smaller than projected hash size. "
"Memcap: %"PRIu64", Hash table size %"PRIu64". Calculate "
"total hash size by multiplying \"defrag.hash-size\" with %"PRIuMAX", "
"which is the hash bucket size.", defrag_config.memcap, hash_size,
(uintmax_t)sizeof(DefragTrackerHashRow));
exit(EXIT_FAILURE);
}
defragtracker_hash = SCCalloc(defrag_config.hash_size, sizeof(DefragTrackerHashRow));
if (unlikely(defragtracker_hash == NULL)) {
SCLogError(SC_ERR_FATAL, "Fatal error encountered in DefragTrackerInitConfig. Exiting...");
exit(EXIT_FAILURE);
}
memset(defragtracker_hash, 0, defrag_config.hash_size * sizeof(DefragTrackerHashRow));
uint32_t i = 0;
for (i = 0; i < defrag_config.hash_size; i++) {
DRLOCK_INIT(&defragtracker_hash[i]);
}
(void) SC_ATOMIC_ADD(defrag_memuse, (defrag_config.hash_size * sizeof(DefragTrackerHashRow)));
if (quiet == FALSE) {
SCLogConfig("allocated %"PRIu64" bytes of memory for the defrag hash... "
"%" PRIu32 " buckets of size %" PRIuMAX "",
SC_ATOMIC_GET(defrag_memuse), defrag_config.hash_size,
(uintmax_t)sizeof(DefragTrackerHashRow));
}
if ((ConfGet("defrag.prealloc", &conf_val)) == 1)
{
if (ConfValIsTrue(conf_val)) {
/* pre allocate defrag trackers */
for (i = 0; i < defrag_config.prealloc; i++) {
if (!(DEFRAG_CHECK_MEMCAP(sizeof(DefragTracker)))) {
SCLogError(SC_ERR_DEFRAG_INIT, "preallocating defrag trackers failed: "
"max defrag memcap reached. Memcap %"PRIu64", "
"Memuse %"PRIu64".", defrag_config.memcap,
((uint64_t)SC_ATOMIC_GET(defrag_memuse) + (uint64_t)sizeof(DefragTracker)));
exit(EXIT_FAILURE);
}
DefragTracker *h = DefragTrackerAlloc();
if (h == NULL) {
SCLogError(SC_ERR_DEFRAG_INIT, "preallocating defrag failed: %s", strerror(errno));
exit(EXIT_FAILURE);
}
DefragTrackerEnqueue(&defragtracker_spare_q,h);
}
if (quiet == FALSE) {
SCLogConfig("preallocated %" PRIu32 " defrag trackers of size %" PRIuMAX "",
defragtracker_spare_q.len, (uintmax_t)sizeof(DefragTracker));
}
}
}
if (quiet == FALSE) {
SCLogConfig("defrag memory usage: %"PRIu64" bytes, maximum: %"PRIu64,
SC_ATOMIC_GET(defrag_memuse), defrag_config.memcap);
}
return;
}
int main(int argc, char **argv)
{
int opt;
char *pcap_file = NULL;
char pcap_dev[128];
#ifdef HAVE_PFRING
char *pfring_dev = NULL;
#endif
char *sig_file = NULL;
char *nfq_id = NULL;
char *conf_filename = NULL;
char *pid_filename = NULL;
#ifdef UNITTESTS
char *regex_arg = NULL;
#endif
int dump_config = 0;
int list_unittests = 0;
int list_cuda_cards = 0;
int daemon = 0;
char *user_name = NULL;
char *group_name = NULL;
uint8_t do_setuid = FALSE;
uint8_t do_setgid = FALSE;
uint32_t userid = 0;
uint32_t groupid = 0;
char *erf_file = NULL;
char *dag_input = NULL;
char *log_dir;
struct stat buf;
sc_set_caps = FALSE;
SC_ATOMIC_INIT(engine_stage);
/* initialize the logging subsys */
SCLogInitLogModule(NULL);
/* By default use IDS mode, but if nfq or ipfw
* are specified, IPS mode will overwrite this */
SET_ENGINE_MODE_IDS(engine_mode);
#ifdef OS_WIN32
/* service initialization */
if (SCRunningAsService()) {
char path[MAX_PATH];
char *p = NULL;
strlcpy(path, argv[0], MAX_PATH);
if ((p = strrchr(path, '\\'))) {
*p = '\0';
}
if (!SetCurrentDirectory(path)) {
SCLogError(SC_ERR_FATAL, "Can't set current directory to: %s", path);
return -1;
}
SCLogInfo("Current directory is set to: %s", path);
daemon = 1;
SCServiceInit(argc, argv);
}
/* Windows socket subsystem initialization */
WSADATA wsaData;
if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
SCLogError(SC_ERR_FATAL, "Can't initialize Windows sockets: %d", WSAGetLastError());
exit(EXIT_FAILURE);
}
#endif /* OS_WIN32 */
#ifdef REVISION
SCLogInfo("This is %s version %s (rev %s)", PROG_NAME, PROG_VER, xstr(REVISION));
#else
SCLogInfo("This is %s version %s", PROG_NAME, PROG_VER);
#endif
/* Initialize the configuration module. */
ConfInit();
struct option long_opts[] = {
{"dump-config", 0, &dump_config, 1},
{"pfring-int", required_argument, 0, 0},
{"pfring-cluster-id", required_argument, 0, 0},
{"pfring-cluster-type", required_argument, 0, 0},
{"pcap-buffer-size", required_argument, 0, 0},
{"unittest-filter", required_argument, 0, 'U'},
{"list-unittests", 0, &list_unittests, 1},
{"list-cuda-cards", 0, &list_cuda_cards, 1},
{"engine-analysis", 0, &engine_analysis, 1},
#ifdef OS_WIN32
{"service-install", 0, 0, 0},
{"service-remove", 0, 0, 0},
{"service-change-params", 0, 0, 0},
#endif /* OS_WIN32 */
{"pidfile", required_argument, 0, 0},
{"init-errors-fatal", 0, 0, 0},
{"fatal-unittests", 0, 0, 0},
{"user", required_argument, 0, 0},
{"group", required_argument, 0, 0},
{"erf-in", required_argument, 0, 0},
{"dag", required_argument, 0, 0},
{NULL, 0, NULL, 0}
};
/* getopt_long stores the option index here. */
int option_index = 0;
char short_opts[] = "c:Dhi:l:q:d:r:us:U:V";
while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
switch (opt) {
case 0:
if(strcmp((long_opts[option_index]).name , "pfring-int") == 0){
#ifdef HAVE_PFRING
run_mode = MODE_PFRING;
if (ConfSet("pfring.interface", optarg, 0) != 1) {
fprintf(stderr, "ERROR: Failed to set pfring interface.\n");
exit(EXIT_FAILURE);
}
#else
SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure to pass --enable-pfring to configure when building.");
exit(EXIT_FAILURE);
#endif /* HAVE_PFRING */
}
else if(strcmp((long_opts[option_index]).name , "pfring-cluster-id") == 0){
#ifdef HAVE_PFRING
if (ConfSet("pfring.cluster-id", optarg, 0) != 1) {
fprintf(stderr, "ERROR: Failed to set pfring cluster-id.\n");
exit(EXIT_FAILURE);
}
#else
SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure to pass --enable-pfring to configure when building.");
exit(EXIT_FAILURE);
#endif /* HAVE_PFRING */
}
else if(strcmp((long_opts[option_index]).name , "pfring-cluster-type") == 0){
#ifdef HAVE_PFRING
if (ConfSet("pfring.cluster-type", optarg, 0) != 1) {
fprintf(stderr, "ERROR: Failed to set pfring cluster-type.\n");
exit(EXIT_FAILURE);
}
#else
SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure to pass --enable-pfring to configure when building.");
exit(EXIT_FAILURE);
#endif /* HAVE_PFRING */
}
else if(strcmp((long_opts[option_index]).name, "init-errors-fatal") == 0) {
if (ConfSet("engine.init_failure_fatal", "1", 0) != 1) {
fprintf(stderr, "ERROR: Failed to set engine init_failure_fatal.\n");
exit(EXIT_FAILURE);
}
}
else if(strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
#ifdef UNITTESTS
/* Set run_mode to unit tests. */
run_mode = MODE_UNITTEST;
#else
fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
exit(EXIT_FAILURE);
#endif /* UNITTESTS */
} else if(strcmp((long_opts[option_index]).name, "list-cuda-cards") == 0) {
#ifndef __SC_CUDA_SUPPORT__
fprintf(stderr, "ERROR: Cuda not enabled. Make sure to pass "
"--enable-cuda to configure when building.\n");
exit(EXIT_FAILURE);
#endif /* UNITTESTS */
} else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
// do nothing for now
}
#ifdef OS_WIN32
else if(strcmp((long_opts[option_index]).name, "service-install") == 0) {
if (SCServiceInstall(argc, argv)) {
exit(EXIT_FAILURE);
}
SCLogInfo("Suricata service has been successfuly installed.");
exit(EXIT_SUCCESS);
}
else if(strcmp((long_opts[option_index]).name, "service-remove") == 0) {
if (SCServiceRemove(argc, argv)) {
exit(EXIT_FAILURE);
}
SCLogInfo("Suricata service has been successfuly removed.");
exit(EXIT_SUCCESS);
}
else if(strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
if (SCServiceChangeParams(argc, argv)) {
exit(EXIT_FAILURE);
}
SCLogInfo("Suricata service startup parameters has been successfuly changed.");
exit(EXIT_SUCCESS);
}
#endif /* OS_WIN32 */
else if(strcmp((long_opts[option_index]).name, "pidfile") == 0) {
pid_filename = optarg;
}
else if(strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
#ifdef UNITTESTS
if (ConfSet("unittests.failure_fatal", "1", 0) != 1) {
fprintf(stderr, "ERROR: Failed to set unittests failure_fatal.\n");
exit(EXIT_FAILURE);
}
#else
fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
exit(EXIT_FAILURE);
#endif /* UNITTESTS */
}
else if(strcmp((long_opts[option_index]).name, "user") == 0) {
#ifndef HAVE_LIBCAP_NG
SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
" drop privileges, but it was not compiled into Suricata.");
exit(EXIT_FAILURE);
#else
user_name = optarg;
do_setuid = TRUE;
#endif /* HAVE_LIBCAP_NG */
}
else if(strcmp((long_opts[option_index]).name, "group") == 0) {
#ifndef HAVE_LIBCAP_NG
SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
" drop privileges, but it was not compiled into Suricata.");
exit(EXIT_FAILURE);
#else
group_name = optarg;
do_setgid = TRUE;
#endif /* HAVE_LIBCAP_NG */
}
else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) {
run_mode = MODE_ERF_FILE;
erf_file = optarg;
}
else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
#ifdef HAVE_DAG
run_mode = MODE_DAG;
dag_input = optarg;
#else
SCLogError(SC_ERR_DAG_REQUIRED, "libdag and a DAG card are required"
" to receieve packets using --dag.");
exit(EXIT_FAILURE);
#endif /* HAVE_DAG */
}
else if(strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
#ifdef HAVE_PCAP_SET_BUFF
if (ConfSet("pcap.buffer-size", optarg, 0) != 1) {
fprintf(stderr, "ERROR: Failed to set pcap-buffer-size.\n");
exit(EXIT_FAILURE);
}
#else
SCLogError(SC_ERR_NO_PCAP_SET_BUFFER_SIZE, "The version of libpcap you have"
" doesn't support setting buffer size.");
#endif /* HAVE_PCAP_SET_BUFF */
}
break;
case 'c':
conf_filename = optarg;
break;
#ifndef OS_WIN32
case 'D':
daemon = 1;
break;
#endif /* OS_WIN32 */
case 'h':
usage(argv[0]);
exit(EXIT_SUCCESS);
break;
case 'i':
if (run_mode == MODE_UNKNOWN) {
run_mode = MODE_PCAP_DEV;
PcapLiveRegisterDevice(optarg);
} else if (run_mode == MODE_PCAP_DEV) {
#ifdef OS_WIN32
SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev "
"support is not (yet) supported on Windows.");
exit(EXIT_FAILURE);
#else
SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using "
"multiple pcap devices to get packets is experimental.");
PcapLiveRegisterDevice(optarg);
#endif
} else {
SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
"has been specified");
usage(argv[0]);
exit(EXIT_FAILURE);
}
memset(pcap_dev, 0, sizeof(pcap_dev));
strlcpy(pcap_dev, optarg, ((strlen(optarg) < sizeof(pcap_dev)) ? (strlen(optarg)+1) : (sizeof(pcap_dev))));
break;
case 'l':
if (ConfSet("default-log-dir", optarg, 0) != 1) {
fprintf(stderr, "ERROR: Failed to set log directory.\n");
exit(EXIT_FAILURE);
}
if (stat(optarg, &buf) != 0) {
SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\" "
"supplied at the commandline (-l %s) doesn't "
"exist. Shutting down the engine.", optarg, optarg);
exit(EXIT_FAILURE);
}
break;
case 'q':
#ifdef NFQ
if (run_mode == MODE_UNKNOWN) {
run_mode = MODE_NFQ;
SET_ENGINE_MODE_IPS(engine_mode);
if (NFQRegisterQueue(optarg) == -1)
exit(EXIT_FAILURE);
} else if (run_mode == MODE_NFQ) {
if (NFQRegisterQueue(optarg) == -1)
exit(EXIT_FAILURE);
} else {
SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
"has been specified");
usage(argv[0]);
exit(EXIT_FAILURE);
}
nfq_id = optarg;
#else
SCLogError(SC_ERR_NFQ_NOSUPPORT,"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when building.");
exit(EXIT_FAILURE);
#endif /* NFQ */
break;
case 'd':
#ifdef IPFW
if (run_mode == MODE_UNKNOWN) {
run_mode = MODE_IPFW;
SET_ENGINE_MODE_IPS(engine_mode);
} else {
SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
"has been specified");
usage(argv[0]);
exit(EXIT_SUCCESS);
}
if (ConfSet("ipfw-divert-port", optarg, 0) != 1) {
fprintf(stderr, "ERROR: Failed to set ipfw_divert_port\n");
exit(EXIT_FAILURE);
}
#else
SCLogError(SC_ERR_IPFW_NOSUPPORT,"IPFW not enabled. Make sure to pass --enable-ipfw to configure when building.");
exit(EXIT_FAILURE);
#endif /* IPFW */
break;
case 'r':
if (run_mode == MODE_UNKNOWN) {
run_mode = MODE_PCAP_FILE;
} else {
SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
"has been specified");
usage(argv[0]);
exit(EXIT_SUCCESS);
}
pcap_file = optarg;
break;
case 's':
sig_file = optarg;
break;
case 'u':
#ifdef UNITTESTS
if (run_mode == MODE_UNKNOWN) {
run_mode = MODE_UNITTEST;
} else {
SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode has"
" been specified");
usage(argv[0]);
exit(EXIT_SUCCESS);
}
#else
fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
exit(EXIT_FAILURE);
#endif /* UNITTESTS */
break;
case 'U':
#ifdef UNITTESTS
regex_arg = optarg;
if(strlen(regex_arg) == 0)
regex_arg = NULL;
#endif
break;
case 'V':
#ifdef REVISION
printf("\nThis is %s version %s (rev %s)\n\n", PROG_NAME, PROG_VER, xstr(REVISION));
#else
printf("\nThis is %s version %s\n\n", PROG_NAME, PROG_VER);
#endif
exit(EXIT_SUCCESS);
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
SetBpfString(optind, argv);
UtilCpuPrintSummary();
#ifdef __SC_CUDA_SUPPORT__
/* Init the CUDA environment */
SCCudaInitCudaEnvironment();
if (list_cuda_cards) {
SCCudaListCards();
exit(EXIT_SUCCESS);
}
#endif
if (!CheckValidDaemonModes(daemon, run_mode)) {
exit(EXIT_FAILURE);
}
/* Initializations for global vars, queues, etc (memsets, mutex init..) */
GlobalInits();
TimeInit();
SupportFastPatternForSigMatchTypes();
/* Load yaml configuration file if provided. */
if (conf_filename != NULL) {
if (ConfYamlLoadFile(conf_filename) != 0) {
/* Error already displayed. */
exit(EXIT_FAILURE);
}
} else if (run_mode != MODE_UNITTEST){
SCLogError(SC_ERR_OPENING_FILE, "Configuration file has not been provided");
usage(argv[0]);
exit(EXIT_FAILURE);
}
if (dump_config) {
ConfDump();
exit(EXIT_SUCCESS);
}
/* Check for the existance of the default logging directory which we pick
* from suricata.yaml. If not found, shut the engine down */
if (ConfGet("default-log-dir", &log_dir) != 1)
log_dir = DEFAULT_LOG_DIR;
if (stat(log_dir, &buf) != 0) {
SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
"supplied by %s (default-log-dir) doesn't exist. "
"Shutting down the engine", log_dir, conf_filename);
exit(EXIT_FAILURE);
}
/* Pull the max pending packets from the config, if not found fall
* back on a sane default. */
if (ConfGetInt("max-pending-packets", &max_pending_packets) != 1)
max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
SCLogDebug("Max pending packets set to %"PRIiMAX, max_pending_packets);
/* Pull the default packet size from the config, if not found fall
* back on a sane default. */
if (ConfGetInt("default-packet-size", &default_packet_size) != 1) {
switch (run_mode) {
case MODE_PCAP_DEV:
case MODE_PFRING:
/* find payload for interface and use it */
default_packet_size = GetIfaceMaxPayloadSize(pcap_dev);
if (default_packet_size)
break;
default:
default_packet_size = DEFAULT_PACKET_SIZE;
}
}
SCLogDebug("Default packet size set to %"PRIiMAX, default_packet_size);
#ifdef NFQ
if (run_mode == MODE_NFQ)
NFQInitConfig(FALSE);
#endif
/* Since our config is now loaded we can finish configurating the
* logging module. */
SCLogLoadConfig();
#ifdef __SC_CUDA_SUPPORT__
/* load the cuda configuration */
SCCudaHlGetYamlConf();
#endif /* __SC_CUDA_SUPPORT__ */
/* Load the Host-OS lookup. */
SCHInfoLoadFromConfig();
if (run_mode == MODE_UNKNOWN) {
if (!engine_analysis) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
if (engine_analysis) {
SCLogInfo("== Carrying out Engine Analysis ==");
char *temp = NULL;
if (ConfGet("engine-analysis", &temp) == 0) {
SCLogInfo("no engine-analysis parameter(s) defined in conf file. "
"Please define/enable them in the conf to use this "
"feature.");
exit(EXIT_FAILURE);
}
}
/* create table for O(1) lowercase conversion lookup. It was removed, but
* we still need it for cuda. So resintalling it back into the codebase */
uint8_t c = 0;
memset(g_u8_lowercasetable, 0x00, sizeof(g_u8_lowercasetable));
for ( ; c < 255; c++) {
if (c >= 'A' && c <= 'Z')
g_u8_lowercasetable[c] = (c + ('a' - 'A'));
else
g_u8_lowercasetable[c] = c;
}
/* hardcoded initialization code */
MpmTableSetup(); /* load the pattern matchers */
SigTableSetup(); /* load the rule keywords */
TmqhSetup();
CIDRInit();
SigParsePrepare();
//PatternMatchPrepare(mpm_ctx, MPM_B2G);
SCPerfInitCounterApi();
#ifdef PROFILING
SCProfilingInit();
#endif /* PROFILING */
SCReputationInitCtx();
SCProtoNameInit();
TagInitCtx();
TmModuleReceiveNFQRegister();
TmModuleVerdictNFQRegister();
TmModuleDecodeNFQRegister();
TmModuleReceiveIPFWRegister();
TmModuleVerdictIPFWRegister();
TmModuleDecodeIPFWRegister();
TmModuleReceivePcapRegister();
TmModuleDecodePcapRegister();
TmModuleReceivePfringRegister();
TmModuleDecodePfringRegister();
TmModuleReceivePcapFileRegister();
TmModuleDecodePcapFileRegister();
TmModuleDetectRegister();
TmModuleAlertFastLogRegister();
TmModuleAlertDebugLogRegister();
TmModuleAlertPreludeRegister();
TmModuleRespondRejectRegister();
TmModuleAlertFastLogIPv4Register();
TmModuleAlertFastLogIPv6Register();
TmModuleAlertSyslogIPv4Register();
TmModuleAlertSyslogIPv6Register();
TmModuleAlertUnifiedLogRegister();
TmModuleAlertUnifiedAlertRegister();
TmModuleUnified2AlertRegister();
TmModuleAlertSyslogRegister();
TmModuleLogDropLogRegister();
TmModuleStreamTcpRegister();
TmModuleLogHttpLogRegister();
TmModuleLogHttpLogIPv4Register();
TmModuleLogHttpLogIPv6Register();
#ifdef __SC_CUDA_SUPPORT__
TmModuleCudaMpmB2gRegister();
TmModuleCudaPacketBatcherRegister();
#endif
TmModuleReceiveErfFileRegister();
TmModuleDecodeErfFileRegister();
TmModuleReceiveErfDagRegister();
TmModuleDecodeErfDagRegister();
TmModuleDebugList();
/** \todo we need an api for these */
AppLayerDetectProtoThreadInit();
RegisterAppLayerParsers();
RegisterHTPParsers();
RegisterTLSParsers();
RegisterSMBParsers();
RegisterDCERPCParsers();
RegisterDCERPCUDPParsers();
RegisterFTPParsers();
RegisterSSHParsers();
AppLayerParsersInitPostProcess();
#ifdef UNITTESTS
if (run_mode == MODE_UNITTEST) {
#ifdef DBG_MEM_ALLOC
SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem);
#endif
/* test and initialize the unittesting subsystem */
if(regex_arg == NULL){
regex_arg = ".*";
UtRunSelftest(regex_arg); /* inits and cleans up again */
}
AppLayerHtpEnableRequestBodyCallback();
AppLayerHtpRegisterExtraCallbacks();
UtInitialize();
UTHRegisterTests();
SCReputationRegisterTests();
TmModuleRegisterTests();
SigTableRegisterTests();
HashTableRegisterTests();
HashListTableRegisterTests();
BloomFilterRegisterTests();
BloomFilterCountingRegisterTests();
PoolRegisterTests();
ByteRegisterTests();
MpmRegisterTests();
FlowBitRegisterTests();
FlowAlertSidRegisterTests();
SCPerfRegisterTests();
DecodePPPRegisterTests();
DecodeVLANRegisterTests();
HTPParserRegisterTests();
TLSParserRegisterTests();
SSHParserRegisterTests();
SMBParserRegisterTests();
DCERPCParserRegisterTests();
DCERPCUDPParserRegisterTests();
FTPParserRegisterTests();
DecodeRawRegisterTests();
DecodePPPOERegisterTests();
DecodeICMPV4RegisterTests();
DecodeICMPV6RegisterTests();
DecodeIPV4RegisterTests();
DecodeTCPRegisterTests();
DecodeUDPV4RegisterTests();
DecodeGRERegisterTests();
DecodeAsn1RegisterTests();
AlpDetectRegisterTests();
ConfRegisterTests();
ConfYamlRegisterTests();
TmqhFlowRegisterTests();
FlowRegisterTests();
SCSigRegisterSignatureOrderingTests();
SCRadixRegisterTests();
DefragRegisterTests();
SigGroupHeadRegisterTests();
SCHInfoRegisterTests();
SCRuleVarsRegisterTests();
AppLayerParserRegisterTests();
ThreadMacrosRegisterTests();
UtilSpmSearchRegistertests();
UtilActionRegisterTests();
SCClassConfRegisterTests();
SCThresholdConfRegisterTests();
SCRConfRegisterTests();
#ifdef __SC_CUDA_SUPPORT__
SCCudaRegisterTests();
#endif
PayloadRegisterTests();
DcePayloadRegisterTests();
UriRegisterTests();
#ifdef PROFILING
SCProfilingRegisterTests();
#endif
DeStateRegisterTests();
DetectRingBufferRegisterTests();
MemcmpRegisterTests();
DetectEngineHttpClientBodyRegisterTests();
DetectEngineHttpHeaderRegisterTests();
DetectEngineHttpRawHeaderRegisterTests();
DetectEngineHttpMethodRegisterTests();
DetectEngineHttpCookieRegisterTests();
DetectEngineRegisterTests();
SCLogRegisterTests();
if (list_unittests) {
UtListTests(regex_arg);
}
else {
uint32_t failed = UtRunTests(regex_arg);
UtCleanup();
#ifdef __SC_CUDA_SUPPORT__
/* need this in case any of the cuda dispatcher threads are still
* running, kill them, so that we can free the cuda contexts. We
* need to free those cuda contexts so that next when we call
* deregister functions, we will need to attach to those contexts
* the contexts and its associated data */
TmThreadKillThreads();
SCCudaHlDeRegisterAllRegisteredModules();
#endif
if (failed) {
exit(EXIT_FAILURE);
}
}
#ifdef DBG_MEM_ALLOC
SCLogInfo("Total memory used (without SCFree()): %"PRIdMAX, (intmax_t)global_mem);
#endif
exit(EXIT_SUCCESS);
}
#endif /* UNITTESTS */
if (daemon == 1) {
Daemonize();
if (pid_filename != NULL) {
if (SCPidfileCreate(pid_filename) != 0) {
pid_filename = NULL;
exit(EXIT_FAILURE);
}
}
} else {
if (pid_filename != NULL) {
SCLogError(SC_ERR_PIDFILE_DAEMON, "The pidfile file option applies "
"only to the daemon modes");
pid_filename = NULL;
exit(EXIT_FAILURE);
}
}
/* registering signals we use */
SignalHandlerSetup(SIGINT, SignalHandlerSigint);
SignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
#ifndef OS_WIN32
/* SIGHUP is not implemnetd on WIN32 */
//SignalHandlerSetup(SIGHUP, SignalHandlerSighup);
/* Get the suricata user ID to given user ID */
if (do_setuid == TRUE) {
if (SCGetUserID(user_name, group_name, &userid, &groupid) != 0) {
SCLogError(SC_ERR_UID_FAILED, "failed in getting user ID");
exit(EXIT_FAILURE);
}
sc_set_caps = TRUE;
/* Get the suricata group ID to given group ID */
} else if (do_setgid == TRUE) {
if (SCGetGroupID(group_name, &groupid) != 0) {
SCLogError(SC_ERR_GID_FAILED, "failed in getting group ID");
exit(EXIT_FAILURE);
}
sc_set_caps = TRUE;
}
#endif /* OS_WIN32 */
/* pre allocate packets */
SCLogDebug("preallocating packets... packet size %" PRIuMAX "", (uintmax_t)SIZE_OF_PACKET);
int i = 0;
for (i = 0; i < max_pending_packets; i++) {
/* XXX pkt alloc function */
Packet *p = SCMalloc(SIZE_OF_PACKET);
if (p == NULL) {
SCLogError(SC_ERR_FATAL, "Fatal error encountered while allocating a packet. Exiting...");
exit(EXIT_FAILURE);
}
PACKET_INITIALIZE(p);
PacketPoolStorePacket(p);
}
SCLogInfo("preallocated %"PRIiMAX" packets. Total memory %"PRIuMAX"",
max_pending_packets, (uintmax_t)(max_pending_packets*SIZE_OF_PACKET));
FlowInitConfig(FLOW_VERBOSE);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
SCClassConfLoadClassficationConfigFile(de_ctx);
SCRConfLoadReferenceConfigFile(de_ctx);
ActionInitConfig();
if (SigLoadSignatures(de_ctx, sig_file) < 0) {
if (sig_file == NULL) {
SCLogError(SC_ERR_OPENING_FILE, "Signature file has not been provided");
} else {
SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.");
}
if (de_ctx->failure_fatal)
exit(EXIT_FAILURE);
}
if (engine_analysis) {
exit(EXIT_SUCCESS);
}
#ifdef PROFILING
SCProfilingInitRuleCounters(de_ctx);
#endif /* PROFILING */
#ifdef __SC_CUDA_SUPPORT__
SCCudaPBSetUpQueuesAndBuffers();
#endif /* __SC_CUDA_SUPPORT__ */
AppLayerHtpRegisterExtraCallbacks();
SCThresholdConfInitContext(de_ctx,NULL);
SCAsn1LoadConfig();
struct timeval start_time;
memset(&start_time, 0, sizeof(start_time));
gettimeofday(&start_time, NULL);
SCDropMainThreadCaps(userid, groupid);
RunModeInitializeOutputs();
/* run the selected runmode */
if (run_mode == MODE_PCAP_DEV) {
//RunModeIdsPcap3(de_ctx, pcap_dev);
//RunModeIdsPcap2(de_ctx, pcap_dev);
//RunModeIdsPcap(de_ctx, pcap_dev);
PcapTranslateIPToDevice(pcap_dev, sizeof(pcap_dev));
RunModeIdsPcapAuto(de_ctx, pcap_dev);
}
else if (run_mode == MODE_PCAP_FILE) {
//RunModeFilePcap(de_ctx, pcap_file);
//RunModeFilePcap2(de_ctx, pcap_file);
RunModeFilePcapAuto(de_ctx, pcap_file);
//RunModeFilePcapAutoFp(de_ctx, pcap_file);
//RunModeFilePcapAuto2(de_ctx, pcap_file);
}
#ifdef HAVE_PFRING
else if (run_mode == MODE_PFRING) {
PfringLoadConfig();
//RunModeIdsPfring3(de_ctx, pfring_dev);
//RunModeIdsPfring2(de_ctx, pfring_dev);
//RunModeIdsPfring(de_ctx, pfring_dev);
//RunModeIdsPfring4(de_ctx, pfring_dev);
if (PfringConfGetThreads() == 1) {
RunModeIdsPfringAuto(de_ctx, pfring_dev);
} else {
RunModeIdsPfringAutoFp(de_ctx, pfring_dev);
}
}
#endif /* HAVE_PFRING */
else if (run_mode == MODE_NFQ) {
//RunModeIpsNFQ(de_ctx, nfq_id);
RunModeIpsNFQAuto(de_ctx, nfq_id);
}
else if (run_mode == MODE_IPFW) {
//RunModeIpsIPFW(de_ctx);
RunModeIpsIPFWAuto(de_ctx);
}
else if (run_mode == MODE_ERF_FILE) {
RunModeErfFileAuto(de_ctx, erf_file);
}
else if (run_mode == MODE_DAG) {
RunModeErfDagAuto(de_ctx, dag_input);
}
else {
SCLogError(SC_ERR_UNKNOWN_RUN_MODE, "Unknown runtime mode. Aborting");
exit(EXIT_FAILURE);
}
#ifdef __SC_CUDA_SUPPORT__
if (PatternMatchDefaultMatcher() == MPM_B2G_CUDA) {
/* start the dispatcher thread for this module */
if (B2gCudaStartDispatcherThreadRC("SC_RULES_CONTENT_B2G_CUDA") == -1)
exit(EXIT_FAILURE);
}
#endif
/* Spawn the flow manager thread */
FlowManagerThreadSpawn();
StreamTcpInitConfig(STREAM_VERBOSE);
DefragInit();
/* Spawn the L7 App Detect thread */
//AppLayerDetectProtoThreadSpawn();
/* Spawn the perf counter threads. Let these be the last one spawned */
SCPerfSpawnThreads();
/* Check if the alloted queues have at least 1 reader and writer */
TmValidateQueueState();
/* Wait till all the threads have been initialized */
if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) {
SCLogError(SC_ERR_INITIALIZATION, "Engine initialization failed, "
"aborting...");
exit(EXIT_FAILURE);
}
SC_ATOMIC_CAS(&engine_stage, SURICATA_INIT, SURICATA_RUNTIME);
/* Un-pause all the paused threads */
TmThreadContinueThreads();
#ifdef DBG_MEM_ALLOC
SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem);
#ifdef DBG_MEM_ALLOC_SKIP_STARTUP
print_mem_flag = 1;
#endif
#endif
while(1) {
if (suricata_ctl_flags != 0) {
SCLogInfo("signal received");
if (suricata_ctl_flags & SURICATA_STOP) {
SCLogInfo("EngineStop received");
/* Stop the engine so it quits after processing the pcap file
* but first make sure all packets are processed by all other
* threads. */
char done = 0;
do {
if (suricata_ctl_flags & SURICATA_KILL)
break;
/* if all packets are returned to the packetpool
* we are done */
if (PacketPoolSize() == max_pending_packets)
done = 1;
if (done == 0) {
usleep(100);
}
} while (done == 0);
SCLogInfo("all packets processed by threads, stopping engine");
}
struct timeval end_time;
memset(&end_time, 0, sizeof(end_time));
gettimeofday(&end_time, NULL);
SCLogInfo("time elapsed %" PRIuMAX "s", (uintmax_t)(end_time.tv_sec - start_time.tv_sec));
#ifdef __SC_CUDA_SUPPORT__
SCCudaPBKillBatchingPackets();
#endif
TmThreadKillThreads();
SCPerfReleaseResources();
break;
}
TmThreadCheckThreadState();
usleep(10* 1000);
}
/* Update the engine stage/status flag */
SC_ATOMIC_CAS(&engine_stage, SURICATA_RUNTIME, SURICATA_DEINIT);
FlowShutdown();
FlowPrintQueueInfo();
StreamTcpFreeConfig(STREAM_VERBOSE);
HTPFreeConfig();
HTPAtExitPrintStats();
#ifdef DBG_MEM_ALLOC
SCLogInfo("Total memory used (without SCFree()): %"PRIdMAX, (intmax_t)global_mem);
#ifdef DBG_MEM_ALLOC_SKIP_STARTUP
print_mem_flag = 0;
#endif
#endif
SCPidfileRemove(pid_filename);
/** \todo review whats needed here */
#ifdef __SC_CUDA_SUPPORT__
if (PatternMatchDefaultMatcher() == MPM_B2G_CUDA) {
/* all threadvars related to cuda should be free by now, which means
* the cuda contexts would be floating */
if (SCCudaHlPushCudaContextFromModule("SC_RULES_CONTENT_B2G_CUDA") == -1) {
SCLogError(SC_ERR_CUDA_HANDLER_ERROR, "Call to "
"SCCudaHlPushCudaContextForModule() failed during the "
"shutdown phase just before the call to SigGroupCleanup()");
}
}
#endif
SigGroupCleanup(de_ctx);
#ifdef __SC_CUDA_SUPPORT__
if (PatternMatchDefaultMatcher() == MPM_B2G_CUDA) {
/* pop the cuda context we just pushed before the call to SigGroupCleanup() */
if (SCCudaCtxPopCurrent(NULL) == -1) {
SCLogError(SC_ERR_CUDA_HANDLER_ERROR, "Call to SCCudaCtxPopCurrent() "
"during the shutdown phase just before the call to "
"SigGroupCleanup()");
return 0;
}
}
#endif
AppLayerHtpPrintStats();
SigCleanSignatures(de_ctx);
if (de_ctx->sgh_mpm_context == ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE) {
MpmFactoryDeRegisterAllMpmCtxProfiles();
}
DetectEngineCtxFree(de_ctx);
AlpProtoDestroy();
TagDestroyCtx();
RunModeShutDown();
OutputDeregisterAll();
TimeDeinit();
SCProtoNameDeInit();
DefragDestroy();
TmqhPacketpoolDestroy();
#ifdef PROFILING
if (profiling_rules_enabled)
SCProfilingDump(stdout);
SCProfilingDestroy();
#endif
#ifdef __SC_CUDA_SUPPORT__
/* all cuda contexts attached to any threads should be free by now.
* if any host_thread is still attached to any cuda_context, they need
* to pop them by the time we reach here, if they aren't using those
* cuda contexts in any way */
SCCudaHlDeRegisterAllRegisteredModules();
#endif
#ifdef OS_WIN32
if (daemon) {
return 0;
}
#endif /* OS_WIN32 */
SC_ATOMIC_DESTROY(engine_stage);
exit(EXIT_SUCCESS);
}
/**
* \brief extract information from config file
*
* The returned structure will be freed by the thread init function.
* This is thus necessary to or copy the structure before giving it
* to thread or to reparse the file for each thread (and thus have
* new structure.
*
* If old config system is used, then return the smae parameters
* value for each interface.
*
* \return a PfringIfaceConfig corresponding to the interface name
*/
void *ParsePfringConfig(const char *iface)
{
char *threadsstr = NULL;
ConfNode *if_root;
ConfNode *if_default = NULL;
ConfNode *pf_ring_node;
PfringIfaceConfig *pfconf = SCMalloc(sizeof(*pfconf));
char *tmpclusterid;
char *tmpctype = NULL;
#ifdef HAVE_PFRING_CLUSTER_TYPE
cluster_type default_ctype = CLUSTER_ROUND_ROBIN;
int getctype = 0;
#endif
#ifdef HAVE_PFRING_SET_BPF_FILTER
char *bpf_filter = NULL;
#endif /* HAVE_PFRING_SET_BPF_FILTER */
if (unlikely(pfconf == NULL)) {
return NULL;
}
if (iface == NULL) {
SCFree(pfconf);
return NULL;
}
memset(pfconf, 0, sizeof(PfringIfaceConfig));
strlcpy(pfconf->iface, iface, sizeof(pfconf->iface));
pfconf->threads = 1;
pfconf->cluster_id = 1;
#ifdef HAVE_PFRING_CLUSTER_TYPE
pfconf->ctype = (cluster_type)default_ctype;
#endif
pfconf->DerefFunc = PfringDerefConfig;
SC_ATOMIC_INIT(pfconf->ref);
(void) SC_ATOMIC_ADD(pfconf->ref, 1);
/* Find initial node */
pf_ring_node = ConfGetNode("pfring");
if (pf_ring_node == NULL) {
SCLogInfo("Unable to find pfring config using default value");
return pfconf;
}
if_root = ConfNodeLookupKeyValue(pf_ring_node, "interface", iface);
if_default = ConfNodeLookupKeyValue(pf_ring_node, "interface", "default");
if (if_root == NULL && if_default == NULL) {
/* Switch to old mode */
if_root = pf_ring_node;
SCLogInfo("Unable to find pfring config for "
"interface %s, using default value or 1.0 "
"configuration system. ",
iface);
return pfconf;
}
/* If there is no setting for current interface use default one as main iface */
if (if_root == NULL) {
if_root = if_default;
if_default = NULL;
}
if (ConfGetChildValueWithDefault(if_root, if_default, "threads", &threadsstr) != 1) {
pfconf->threads = 1;
} else {
if (threadsstr != NULL) {
pfconf->threads = (uint8_t)atoi(threadsstr);
}
}
if (pfconf->threads == 0) {
pfconf->threads = 1;
}
SC_ATOMIC_RESET(pfconf->ref);
(void) SC_ATOMIC_ADD(pfconf->ref, pfconf->threads);
/* command line value has precedence */
if (ConfGet("pfring.cluster-id", &tmpclusterid) == 1) {
pfconf->cluster_id = (uint16_t)atoi(tmpclusterid);
SCLogDebug("Going to use command-line provided cluster-id %" PRId32,
pfconf->cluster_id);
} else {
if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-id", &tmpclusterid) != 1) {
SCLogError(SC_ERR_INVALID_ARGUMENT,
"Could not get cluster-id from config");
} else {
pfconf->cluster_id = (uint16_t)atoi(tmpclusterid);
SCLogDebug("Going to use cluster-id %" PRId32, pfconf->cluster_id);
}
}
#ifdef HAVE_PFRING_SET_BPF_FILTER
/*load pfring bpf filter*/
/* command line value has precedence */
if (ConfGet("bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
pfconf->bpf_filter = SCStrdup(bpf_filter);
SCLogDebug("Going to use command-line provided bpf filter %s",
pfconf->bpf_filter);
}
} else {
if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
pfconf->bpf_filter = SCStrdup(bpf_filter);
SCLogDebug("Going to use bpf filter %s", pfconf->bpf_filter);
}
}
}
#endif /* HAVE_PFRING_SET_BPF_FILTER */
#ifdef HAVE_PFRING_CLUSTER_TYPE
if (ConfGet("pfring.cluster-type", &tmpctype) == 1) {
SCLogDebug("Going to use command-line provided cluster-type");
getctype = 1;
} else {
if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-type", &tmpctype) != 1) {
SCLogError(SC_ERR_GET_CLUSTER_TYPE_FAILED,
"Could not get cluster-type fron config");
} else {
getctype = 1;
}
}
if (getctype) {
if (strcmp(tmpctype, "cluster_round_robin") == 0) {
SCLogInfo("Using round-robin cluster mode for PF_RING (iface %s)",
pfconf->iface);
pfconf->ctype = CLUSTER_ROUND_ROBIN;
} else if (strcmp(tmpctype, "cluster_flow") == 0) {
SCLogInfo("Using flow cluster mode for PF_RING (iface %s)",
pfconf->iface);
pfconf->ctype = CLUSTER_FLOW;
} else {
SCLogError(SC_ERR_INVALID_CLUSTER_TYPE,
"invalid cluster-type %s",
tmpctype);
SCFree(pfconf);
return NULL;
}
}
#endif /* HAVE_PFRING_CLUSTER_TYPE */
if (ConfGetChildValueWithDefault(if_root, if_default, "checksum-checks", &tmpctype) == 1) {
if (strcmp(tmpctype, "auto") == 0) {
pfconf->checksum_mode = CHECKSUM_VALIDATION_AUTO;
} else if (strcmp(tmpctype, "yes") == 0) {
pfconf->checksum_mode = CHECKSUM_VALIDATION_ENABLE;
} else if (strcmp(tmpctype, "no") == 0) {
pfconf->checksum_mode = CHECKSUM_VALIDATION_DISABLE;
} else if (strcmp(tmpctype, "rx-only") == 0) {
pfconf->checksum_mode = CHECKSUM_VALIDATION_RXONLY;
} else {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid value for checksum-checks for %s", pfconf->iface);
}
}
return pfconf;
}
void TagInitCtx(void) {
SC_ATOMIC_INIT(num_tags);
}
/**
* \brief extract information from config file
*
* The returned structure will be freed by the thread init function.
* This is thus necessary to or copy the structure before giving it
* to thread or to reparse the file for each thread (and thus have
* new structure.
*
* \return a NetmapIfaceConfig corresponding to the interface name
*/
static void *ParseNetmapConfig(const char *iface_name)
{
char *threadsstr = NULL;
ConfNode *if_root;
ConfNode *if_default = NULL;
ConfNode *netmap_node;
NetmapIfaceConfig *aconf = SCMalloc(sizeof(*aconf));
char *tmpctype;
char *copymodestr;
int boolval;
char *bpf_filter = NULL;
char *out_iface = NULL;
if (unlikely(aconf == NULL)) {
return NULL;
}
if (iface_name == NULL) {
SCFree(aconf);
return NULL;
}
memset(aconf, 0, sizeof(*aconf));
aconf->DerefFunc = NetmapDerefConfig;
aconf->threads = 1;
aconf->promisc = 1;
aconf->checksum_mode = CHECKSUM_VALIDATION_AUTO;
aconf->copy_mode = NETMAP_COPY_MODE_NONE;
strlcpy(aconf->iface_name, iface_name, sizeof(aconf->iface_name));
SC_ATOMIC_INIT(aconf->ref);
(void) SC_ATOMIC_ADD(aconf->ref, 1);
strlcpy(aconf->iface, aconf->iface_name, sizeof(aconf->iface));
if (aconf->iface[0]) {
size_t len = strlen(aconf->iface);
if (aconf->iface[len-1] == '+') {
aconf->iface[len-1] = '\0';
aconf->iface_sw = 1;
}
}
if (ConfGet("bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
aconf->bpf_filter = bpf_filter;
SCLogInfo("Going to use command-line provided bpf filter '%s'",
aconf->bpf_filter);
}
}
/* Find initial node */
netmap_node = ConfGetNode("netmap");
if (netmap_node == NULL) {
SCLogInfo("Unable to find netmap config using default value");
return aconf;
}
if_root = ConfFindDeviceConfig(netmap_node, aconf->iface_name);
if_default = ConfFindDeviceConfig(netmap_node, "default");
if (if_root == NULL && if_default == NULL) {
SCLogInfo("Unable to find netmap config for "
"interface \"%s\" or \"default\", using default value",
aconf->iface_name);
return aconf;
}
/* If there is no setting for current interface use default one as main iface */
if (if_root == NULL) {
if_root = if_default;
if_default = NULL;
}
if (ConfGetChildValueWithDefault(if_root, if_default, "threads", &threadsstr) != 1) {
aconf->threads = 1;
} else {
if (strcmp(threadsstr, "auto") == 0) {
aconf->threads = GetIfaceRSSQueuesNum(aconf->iface);
} else {
aconf->threads = (uint8_t)atoi(threadsstr);
}
}
if (aconf->threads <= 0) {
aconf->threads = 1;
}
if (aconf->threads) {
SCLogInfo("Using %d threads for interface %s", aconf->threads,
aconf->iface_name);
}
if (ConfGetChildValueWithDefault(if_root, if_default, "copy-iface", &out_iface) == 1) {
if (strlen(out_iface) > 0) {
aconf->out_iface_name = out_iface;
}
}
if (ConfGetChildValueWithDefault(if_root, if_default, "copy-mode", ©modestr) == 1) {
if (aconf->out_iface_name == NULL) {
SCLogInfo("Copy mode activated but no destination"
" iface. Disabling feature");
} else if (strlen(copymodestr) <= 0) {
aconf->out_iface_name = NULL;
} else if (strcmp(copymodestr, "ips") == 0) {
SCLogInfo("Netmap IPS mode activated %s->%s",
aconf->iface_name,
aconf->out_iface_name);
aconf->copy_mode = NETMAP_COPY_MODE_IPS;
} else if (strcmp(copymodestr, "tap") == 0) {
SCLogInfo("Netmap TAP mode activated %s->%s",
aconf->iface_name,
aconf->out_iface_name);
aconf->copy_mode = NETMAP_COPY_MODE_TAP;
} else {
SCLogInfo("Invalid mode (not in tap, ips)");
}
}
if (aconf->out_iface_name && aconf->out_iface_name[0]) {
strlcpy(aconf->out_iface, aconf->out_iface_name,
sizeof(aconf->out_iface));
size_t len = strlen(aconf->out_iface);
if (aconf->out_iface[len-1] == '+') {
aconf->out_iface[len-1] = '\0';
aconf->out_iface_sw = 1;
}
}
SC_ATOMIC_RESET(aconf->ref);
(void) SC_ATOMIC_ADD(aconf->ref, aconf->threads);
/* load netmap bpf filter */
/* command line value has precedence */
if (ConfGet("bpf-filter", &bpf_filter) != 1) {
if (ConfGetChildValueWithDefault(if_root, if_default, "bpf-filter", &bpf_filter) == 1) {
if (strlen(bpf_filter) > 0) {
aconf->bpf_filter = bpf_filter;
SCLogInfo("Going to use bpf filter %s", aconf->bpf_filter);
}
}
}
(void)ConfGetChildValueBoolWithDefault(if_root, if_default, "disable-promisc", (int *)&boolval);
if (boolval) {
SCLogInfo("Disabling promiscuous mode on iface %s", aconf->iface);
aconf->promisc = 0;
}
if (ConfGetChildValueWithDefault(if_root, if_default, "checksum-checks", &tmpctype) == 1) {
if (strcmp(tmpctype, "auto") == 0) {
aconf->checksum_mode = CHECKSUM_VALIDATION_AUTO;
} else if (ConfValIsTrue(tmpctype)) {
aconf->checksum_mode = CHECKSUM_VALIDATION_ENABLE;
} else if (ConfValIsFalse(tmpctype)) {
aconf->checksum_mode = CHECKSUM_VALIDATION_DISABLE;
} else {
SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid value for checksum-checks for %s", aconf->iface_name);
}
}
return aconf;
}
/**
* \brief Creates and returns the TV instance for a new thread.
*
* \param name Name of this TV instance
* \param inq_name Incoming queue name
* \param inqh_name Incoming queue handler name as set by TmqhSetup()
* \param outq_name Outgoing queue name
* \param outqh_name Outgoing queue handler as set by TmqhSetup()
* \param slots String representation for the slot function to be used
* \param fn_p Pointer to function when \"slots\" is of type \"custom\"
* \param mucond Flag to indicate whether to initialize the condition
* and the mutex variables for this newly created TV.
*
* \retval the newly created TV instance, or NULL on error
*/
ThreadVars *TmThreadCreate(char *name, char *inq_name, char *inqh_name,
char *outq_name, char *outqh_name, char *slots,
void * (*fn_p)(void *), int mucond)
{
ThreadVars *tv = NULL;
Tmq *tmq = NULL;
Tmqh *tmqh = NULL;
SCLogDebug("creating thread \"%s\"...", name);
/* XXX create separate function for this: allocate a thread container */
tv = SCMalloc(sizeof(ThreadVars));
if (tv == NULL)
goto error;
memset(tv, 0, sizeof(ThreadVars));
SC_ATOMIC_INIT(tv->flags);
SCMutexInit(&tv->sc_perf_pctx.m, NULL);
tv->name = name;
/* default state for every newly created thread */
TmThreadsSetFlag(tv, THV_PAUSE);
TmThreadsSetFlag(tv, THV_USE);
/* default aof for every newly created thread */
tv->aof = THV_RESTART_THREAD;
/* set the incoming queue */
if (inq_name != NULL && strcmp(inq_name,"packetpool") != 0) {
SCLogDebug("inq_name \"%s\"", inq_name);
tmq = TmqGetQueueByName(inq_name);
if (tmq == NULL) {
tmq = TmqCreateQueue(inq_name);
if (tmq == NULL) goto error;
}
SCLogDebug("tmq %p", tmq);
tv->inq = tmq;
tv->inq->reader_cnt++;
SCLogDebug("tv->inq %p", tv->inq);
}
if (inqh_name != NULL) {
SCLogDebug("inqh_name \"%s\"", inqh_name);
tmqh = TmqhGetQueueHandlerByName(inqh_name);
if (tmqh == NULL) goto error;
tv->tmqh_in = tmqh->InHandler;
tv->InShutdownHandler = tmqh->InShutdownHandler;
SCLogDebug("tv->tmqh_in %p", tv->tmqh_in);
}
/* set the outgoing queue */
if (outqh_name != NULL) {
SCLogDebug("outqh_name \"%s\"", outqh_name);
tmqh = TmqhGetQueueHandlerByName(outqh_name);
if (tmqh == NULL) goto error;
tv->tmqh_out = tmqh->OutHandler;
if (outq_name != NULL && strcmp(outq_name,"packetpool") != 0) {
SCLogDebug("outq_name \"%s\"", outq_name);
if (tmqh->OutHandlerCtxSetup != NULL) {
tv->outctx = tmqh->OutHandlerCtxSetup(outq_name);
tv->outq = NULL;
} else {
tmq = TmqGetQueueByName(outq_name);
if (tmq == NULL) {
tmq = TmqCreateQueue(outq_name);
if (tmq == NULL) goto error;
}
SCLogDebug("tmq %p", tmq);
tv->outq = tmq;
tv->outctx = NULL;
tv->outq->writer_cnt++;
}
}
}
if (TmThreadSetSlots(tv, slots, fn_p) != TM_ECODE_OK) {
goto error;
}
if (mucond != 0)
TmThreadInitMC(tv);
return tv;
error:
printf("ERROR: failed to setup a thread.\n");
return NULL;
}
