suricata
detect-engine-loader.c
Go to the documentation of this file.
1 /* Copyright (C) 2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "suricata.h"
26 #include "conf.h"
27 #include "debug.h"
28 #include "detect.h"
29 #include "detect-parse.h"
30 
31 #include "runmodes.h"
32 #include "threads.h"
33 #include "threadvars.h"
34 #include "tm-threads.h"
35 #include "queue.h"
36 #include "util-signal.h"
37 
38 #include "detect-engine-loader.h"
39 #include "detect-engine-analyzer.h"
40 #include "detect-engine-mpm.h"
41 #include "detect-engine-sigorder.h"
42 
43 #include "util-detect.h"
44 #include "util-threshold-config.h"
45 
46 #ifdef HAVE_GLOB_H
47 #include <glob.h>
48 #endif
49 
50 extern int rule_reload;
51 extern int engine_analysis;
52 static int fp_engine_analysis_set = 0;
54 
55 /**
56  * \brief Create the path if default-rule-path was specified
57  * \param sig_file The name of the file
58  * \retval str Pointer to the string path + sig_file
59  */
60 char *DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
61 {
62  const char *defaultpath = NULL;
63  char *path = NULL;
64  char varname[128];
65 
66  if (sig_file == NULL) {
67  SCLogError(SC_ERR_INVALID_ARGUMENTS,"invalid sig_file argument - NULL");
68  return NULL;
69  }
70 
71  /* If we have a configuration prefix, only use it if the primary configuration node
72  * is not marked as final, as that means it was provided on the command line with
73  * a --set. */
74  ConfNode *default_rule_path = ConfGetNode("default-rule-path");
75  if ((!default_rule_path || !default_rule_path->final) && strlen(de_ctx->config_prefix) > 0) {
76  snprintf(varname, sizeof(varname), "%s.default-rule-path",
78  default_rule_path = ConfGetNode(varname);
79  }
80  if (default_rule_path) {
81  defaultpath = default_rule_path->val;
82  }
83 
84  /* Path not specified */
85  if (PathIsRelative(sig_file)) {
86  if (defaultpath) {
87  SCLogDebug("Default path: %s", defaultpath);
88  size_t path_len = sizeof(char) * (strlen(defaultpath) +
89  strlen(sig_file) + 2);
90  path = SCMalloc(path_len);
91  if (unlikely(path == NULL))
92  return NULL;
93  strlcpy(path, defaultpath, path_len);
94 #if defined OS_WIN32 || defined __CYGWIN__
95  if (path[strlen(path) - 1] != '\\')
96  strlcat(path, "\\\\", path_len);
97 #else
98  if (path[strlen(path) - 1] != '/')
99  strlcat(path, "/", path_len);
100 #endif
101  strlcat(path, sig_file, path_len);
102  } else {
103  path = SCStrdup(sig_file);
104  if (unlikely(path == NULL))
105  return NULL;
106  }
107  } else {
108  path = SCStrdup(sig_file);
109  if (unlikely(path == NULL))
110  return NULL;
111  }
112  return path;
113 }
114 
115 /**
116  * \brief Load a file with signatures
117  * \param de_ctx Pointer to the detection engine context
118  * \param sig_file Filename to load signatures from
119  * \param goodsigs_tot Will store number of valid signatures in the file
120  * \param badsigs_tot Will store number of invalid signatures in the file
121  * \retval 0 on success, -1 on error
122  */
123 static int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file,
124  int *goodsigs, int *badsigs)
125 {
126  Signature *sig = NULL;
127  int good = 0, bad = 0;
128  char line[DETECT_MAX_RULE_SIZE] = "";
129  size_t offset = 0;
130  int lineno = 0, multiline = 0;
131 
132  (*goodsigs) = 0;
133  (*badsigs) = 0;
134 
135  FILE *fp = fopen(sig_file, "r");
136  if (fp == NULL) {
137  SCLogError(SC_ERR_OPENING_RULE_FILE, "opening rule file %s:"
138  " %s.", sig_file, strerror(errno));
139  return -1;
140  }
141 
142  while(fgets(line + offset, (int)sizeof(line) - offset, fp) != NULL) {
143  lineno++;
144  size_t len = strlen(line);
145 
146  /* ignore comments and empty lines */
147  if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
148  continue;
149 
150  /* Check for multiline rules. */
151  while (len > 0 && isspace((unsigned char)line[--len]));
152  if (line[len] == '\\') {
153  multiline++;
154  offset = len;
155  if (offset < sizeof(line) - 1) {
156  /* We have room for more. */
157  continue;
158  }
159  /* No more room in line buffer, continue, rule will fail
160  * to parse. */
161  }
162 
163  /* Check if we have a trailing newline, and remove it */
164  len = strlen(line);
165  if (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r')) {
166  line[len - 1] = '\0';
167  }
168 
169  /* Reset offset. */
170  offset = 0;
171 
172  de_ctx->rule_file = sig_file;
173  de_ctx->rule_line = lineno - multiline;
174 
175  sig = DetectEngineAppendSig(de_ctx, line);
176  if (sig != NULL) {
177  if (rule_engine_analysis_set || fp_engine_analysis_set) {
178  RetrieveFPForSig(de_ctx, sig);
179  if (fp_engine_analysis_set) {
180  EngineAnalysisFP(de_ctx, sig, line);
181  }
183  EngineAnalysisRules(de_ctx, sig, line);
184  }
185  }
186  SCLogDebug("signature %"PRIu32" loaded", sig->id);
187  good++;
188  } else {
189  if (!de_ctx->sigerror_silent) {
190  SCLogError(SC_ERR_INVALID_SIGNATURE, "error parsing signature \"%s\" from "
191  "file %s at line %"PRId32"", line, sig_file, lineno - multiline);
192 
193  if (!SigStringAppend(&de_ctx->sig_stat, sig_file, line, de_ctx->sigerror, (lineno - multiline))) {
194  SCLogError(SC_ERR_MEM_ALLOC, "Error adding sig \"%s\" from "
195  "file %s at line %"PRId32"", line, sig_file, lineno - multiline);
196  }
197  if (de_ctx->sigerror) {
198  de_ctx->sigerror = NULL;
199  }
200  }
202  EngineAnalysisRulesFailure(line, sig_file, lineno - multiline);
203  }
204  if (!de_ctx->sigerror_ok) {
205  bad++;
206  }
207  }
208  multiline = 0;
209  }
210  fclose(fp);
211 
212  *goodsigs = good;
213  *badsigs = bad;
214  return 0;
215 }
216 
217 /**
218  * \brief Expands wildcards and reads signatures from each matching file
219  * \param de_ctx Pointer to the detection engine context
220  * \param sig_file Filename (or pattern) holding signatures
221  * \retval -1 on error
222  */
223 static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern,
224  SigFileLoaderStat *st, int *good_sigs, int *bad_sigs)
225 {
226  int r = 0;
227 
228  if (pattern == NULL) {
229  SCLogError(SC_ERR_INVALID_ARGUMENT, "opening rule file null");
230  return -1;
231  }
232 
233 #ifdef HAVE_GLOB_H
234  glob_t files;
235  r = glob(pattern, 0, NULL, &files);
236 
237  if (r == GLOB_NOMATCH) {
238  SCLogWarning(SC_ERR_NO_RULES, "No rule files match the pattern %s", pattern);
239  ++(st->bad_files);
240  ++(st->total_files);
241  return -1;
242  } else if (r != 0) {
243  SCLogError(SC_ERR_OPENING_RULE_FILE, "error expanding template %s: %s",
244  pattern, strerror(errno));
245  return -1;
246  }
247 
248  for (size_t i = 0; i < (size_t)files.gl_pathc; i++) {
249  char *fname = files.gl_pathv[i];
250  if (strcmp("/dev/null", fname) == 0)
251  continue;
252 #else
253  char *fname = pattern;
254  if (strcmp("/dev/null", fname) == 0)
255  return 0;
256 #endif
257  SCLogConfig("Loading rule file: %s", fname);
258  r = DetectLoadSigFile(de_ctx, fname, good_sigs, bad_sigs);
259  if (r < 0) {
260  ++(st->bad_files);
261  }
262 
263  ++(st->total_files);
264 
265  st->good_sigs_total += *good_sigs;
266  st->bad_sigs_total += *bad_sigs;
267 
268 #ifdef HAVE_GLOB_H
269  }
270  globfree(&files);
271 #endif
272  return r;
273 }
274 
275 /**
276  * \brief Load signatures
277  * \param de_ctx Pointer to the detection engine context
278  * \param sig_file Filename (or pattern) holding signatures
279  * \param sig_file_exclusive File passed in 'sig_file' should be loaded exclusively.
280  * \retval -1 on error
281  */
282 int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
283 {
284  SCEnter();
285 
286  ConfNode *rule_files;
287  ConfNode *file = NULL;
288  SigFileLoaderStat *sig_stat = &de_ctx->sig_stat;
289  int ret = 0;
290  char *sfile = NULL;
291  char varname[128] = "rule-files";
292  int good_sigs = 0;
293  int bad_sigs = 0;
294 
295  if (strlen(de_ctx->config_prefix) > 0) {
296  snprintf(varname, sizeof(varname), "%s.rule-files",
298  }
299 
301  fp_engine_analysis_set = SetupFPAnalyzer();
303  }
304 
305  /* ok, let's load signature files from the general config */
306  if (!(sig_file != NULL && sig_file_exclusive == TRUE)) {
307  rule_files = ConfGetNode(varname);
308  if (rule_files != NULL) {
309  if (!ConfNodeIsSequence(rule_files)) {
311  "Invalid rule-files configuration section: "
312  "expected a list of filenames.");
313  }
314  else {
315  TAILQ_FOREACH(file, &rule_files->head, next) {
316  sfile = DetectLoadCompleteSigPath(de_ctx, file->val);
317  good_sigs = bad_sigs = 0;
318  ret = ProcessSigFiles(de_ctx, sfile, sig_stat, &good_sigs, &bad_sigs);
319  SCFree(sfile);
320 
321  if (de_ctx->failure_fatal && ret != 0) {
322  /* Some rules failed to load, just exit as
323  * errors would have already been logged. */
324  exit(EXIT_FAILURE);
325  }
326 
327  if (good_sigs == 0) {
328  SCLogConfig("No rules loaded from %s.", file->val);
329  }
330  }
331  }
332  }
333  }
334 
335  /* If a Signature file is specified from commandline, parse it too */
336  if (sig_file != NULL) {
337  ret = ProcessSigFiles(de_ctx, sig_file, sig_stat, &good_sigs, &bad_sigs);
338 
339  if (ret != 0) {
340  if (de_ctx->failure_fatal == 1) {
341  exit(EXIT_FAILURE);
342  }
343  }
344 
345  if (good_sigs == 0) {
346  SCLogConfig("No rules loaded from %s", sig_file);
347  }
348  }
349 
350  /* now we should have signatures to work with */
351  if (sig_stat->good_sigs_total <= 0) {
352  if (sig_stat->total_files > 0) {
353  SCLogWarning(SC_ERR_NO_RULES_LOADED, "%d rule files specified, but no rules were loaded!", sig_stat->total_files);
354  } else {
355  SCLogInfo("No signatures supplied.");
356  goto end;
357  }
358  } else {
359  /* we report the total of files and rules successfully loaded and failed */
360  SCLogInfo("%" PRId32 " rule files processed. %" PRId32 " rules successfully loaded, %" PRId32 " rules failed",
361  sig_stat->total_files, sig_stat->good_sigs_total, sig_stat->bad_sigs_total);
362  }
363 
364  if ((sig_stat->bad_sigs_total || sig_stat->bad_files) && de_ctx->failure_fatal) {
365  ret = -1;
366  goto end;
367  }
368 
372 
374  ret = -1;
375  goto end;
376  }
377 
378  /* Setup the signature group lookup structure and pattern matchers */
379  if (SigGroupBuild(de_ctx) < 0)
380  goto end;
381 
382  ret = 0;
383 
384  end:
385  gettimeofday(&de_ctx->last_reload, NULL);
389  }
390  if (fp_engine_analysis_set) {
392  }
393  }
394 
396  SCReturnInt(ret);
397 }
398 
399 #define NLOADERS 4
400 static DetectLoaderControl *loaders = NULL;
401 static int cur_loader = 0;
403 static int num_loaders = NLOADERS;
404 
405 /** \param loader -1 for auto select
406  * \retval loader_id or negative in case of error */
407 int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx)
408 {
409  if (loader_id == -1) {
410  loader_id = cur_loader;
411  cur_loader++;
412  if (cur_loader >= num_loaders)
413  cur_loader = 0;
414  }
415  if (loader_id >= num_loaders || loader_id < 0) {
416  return -ERANGE;
417  }
418 
419  DetectLoaderControl *loader = &loaders[loader_id];
420 
421  DetectLoaderTask *t = SCCalloc(1, sizeof(*t));
422  if (t == NULL)
423  return -ENOMEM;
424 
425  t->Func = Func;
426  t->ctx = func_ctx;
427 
428  SCMutexLock(&loader->m);
429  TAILQ_INSERT_TAIL(&loader->task_list, t, next);
430  SCMutexUnlock(&loader->m);
431 
433 
434  SCLogDebug("%d %p %p", loader_id, Func, func_ctx);
435  return loader_id;
436 }
437 
438 /** \brief wait for loader tasks to complete
439  * \retval result 0 for ok, -1 for errors */
441 {
442  SCLogDebug("waiting");
443  int errors = 0;
444  int i;
445  for (i = 0; i < num_loaders; i++) {
446  int done = 0;
447  DetectLoaderControl *loader = &loaders[i];
448  while (!done) {
449  SCMutexLock(&loader->m);
450  if (TAILQ_EMPTY(&loader->task_list)) {
451  done = 1;
452  }
453  SCMutexUnlock(&loader->m);
454  }
455  SCMutexLock(&loader->m);
456  if (loader->result != 0) {
457  errors++;
458  loader->result = 0;
459  }
460  SCMutexUnlock(&loader->m);
461 
462  }
463  if (errors) {
464  SCLogError(SC_ERR_INITIALIZATION, "%d loaders reported errors", errors);
465  return -1;
466  }
467  SCLogDebug("done");
468  return 0;
469 }
470 
471 static void DetectLoaderInit(DetectLoaderControl *loader)
472 {
473  memset(loader, 0x00, sizeof(*loader));
474  SCMutexInit(&loader->m, NULL);
475  TAILQ_INIT(&loader->task_list);
476 }
477 
479 {
480  intmax_t setting = NLOADERS;
481  (void)ConfGetInt("multi-detect.loaders", &setting);
482 
483  if (setting < 1 || setting > 1024) {
485  "invalid multi-detect.loaders setting %"PRIdMAX, setting);
486  exit(EXIT_FAILURE);
487  }
488  num_loaders = (int32_t)setting;
489 
490  SCLogInfo("using %d detect loader threads", num_loaders);
491 
492  BUG_ON(loaders != NULL);
493  loaders = SCCalloc(num_loaders, sizeof(DetectLoaderControl));
494  BUG_ON(loaders == NULL);
495 
496  int i;
497  for (i = 0; i < num_loaders; i++) {
498  DetectLoaderInit(&loaders[i]);
499  }
500 }
501 
502 /**
503  * \brief Unpauses all threads present in tv_root
504  */
506 {
507  ThreadVars *tv = NULL;
508  int i = 0;
509 
511  for (i = 0; i < TVT_MAX; i++) {
512  tv = tv_root[i];
513  while (tv != NULL) {
514  if (strncmp(tv->name,"DL#",3) == 0) {
515  BUG_ON(tv->ctrl_cond == NULL);
516  pthread_cond_broadcast(tv->ctrl_cond);
517  }
518  tv = tv->next;
519  }
520  }
522 
523  return;
524 }
525 
526 /**
527  * \brief Unpauses all threads present in tv_root
528  */
530 {
531  ThreadVars *tv = NULL;
532  int i = 0;
533 
535  for (i = 0; i < TVT_MAX; i++) {
536  tv = tv_root[i];
537  while (tv != NULL) {
538  if (strncmp(tv->name,"DL#",3) == 0)
540 
541  tv = tv->next;
542  }
543  }
545 
546  return;
547 }
548 
549 
550 SC_ATOMIC_DECLARE(int, detect_loader_cnt);
551 
552 typedef struct DetectLoaderThreadData_ {
553  uint32_t instance;
555 
556 static TmEcode DetectLoaderThreadInit(ThreadVars *t, const void *initdata, void **data)
557 {
559  if (ftd == NULL)
560  return TM_ECODE_FAILED;
561 
562  ftd->instance = SC_ATOMIC_ADD(detect_loader_cnt, 1); /* id's start at 0 */
563  SCLogDebug("detect loader instance %u", ftd->instance);
564 
565  /* pass thread data back to caller */
566  *data = ftd;
567 
568  return TM_ECODE_OK;
569 }
570 
571 static TmEcode DetectLoaderThreadDeinit(ThreadVars *t, void *data)
572 {
573  SCFree(data);
574  return TM_ECODE_OK;
575 }
576 
577 
578 static TmEcode DetectLoader(ThreadVars *th_v, void *thread_data)
579 {
580  DetectLoaderThreadData *ftd = (DetectLoaderThreadData *)thread_data;
581  BUG_ON(ftd == NULL);
582 
583  SCLogDebug("loader thread started");
584  while (1)
585  {
586  if (TmThreadsCheckFlag(th_v, THV_PAUSE)) {
590  }
591 
592  /* see if we have tasks */
593 
594  DetectLoaderControl *loader = &loaders[ftd->instance];
595  SCMutexLock(&loader->m);
596 
597  DetectLoaderTask *task = NULL, *tmptask = NULL;
598  TAILQ_FOREACH_SAFE(task, &loader->task_list, next, tmptask) {
599  int r = task->Func(task->ctx, ftd->instance);
600  loader->result |= r;
601  TAILQ_REMOVE(&loader->task_list, task, next);
602  SCFree(task->ctx);
603  SCFree(task);
604  }
605 
606  SCMutexUnlock(&loader->m);
607 
608  if (TmThreadsCheckFlag(th_v, THV_KILL)) {
609  break;
610  }
611 
612  /* just wait until someone wakes us up */
614  SCCtrlCondWait(th_v->ctrl_cond, th_v->ctrl_mutex);
616 
617  SCLogDebug("woke up...");
618  }
619 
620  return TM_ECODE_OK;
621 }
622 
623 /** \brief spawn the detect loader manager thread */
625 {
626  int i;
627  for (i = 0; i < num_loaders; i++) {
628  ThreadVars *tv_loader = NULL;
629 
630  char name[TM_THREAD_NAME_MAX];
631  snprintf(name, sizeof(name), "%s#%02d", thread_name_detect_loader, i+1);
632 
633  tv_loader = TmThreadCreateCmdThreadByName(name,
634  "DetectLoader", 1);
635  BUG_ON(tv_loader == NULL);
636 
637  if (tv_loader == NULL) {
638  printf("ERROR: TmThreadsCreate failed\n");
639  exit(1);
640  }
641  if (TmThreadSpawn(tv_loader) != TM_ECODE_OK) {
642  printf("ERROR: TmThreadSpawn failed\n");
643  exit(1);
644  }
645  }
646  return;
647 }
648 
650 {
651  tmm_modules[TMM_DETECTLOADER].name = "DetectLoader";
652  tmm_modules[TMM_DETECTLOADER].ThreadInit = DetectLoaderThreadInit;
653  tmm_modules[TMM_DETECTLOADER].ThreadDeinit = DetectLoaderThreadDeinit;
654  tmm_modules[TMM_DETECTLOADER].Management = DetectLoader;
657  SCLogDebug("%s registered", tmm_modules[TMM_DETECTLOADER].name);
658 
659  SC_ATOMIC_INIT(detect_loader_cnt);
660 }
TmModule_::cap_flags
uint8_t cap_flags
Definition: tm-modules.h:67
DetectLoaderControl_
Definition: detect-engine-loader.h:42
SigFileLoaderStat_::bad_files
int bad_files
Definition: detect.h:775
tm-threads.h
ConfGetInt
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:436
SCCtrlCondWait
#define SCCtrlCondWait
Definition: threads-debug.h:386
len
uint8_t len
Definition: app-layer-dnp3.h:2
TmThreadSpawn
TmEcode TmThreadSpawn(ThreadVars *tv)
Spawns a thread associated with the ThreadVars instance tv.
Definition: tm-threads.c:1635
DetectLoaderThreadSpawn
void DetectLoaderThreadSpawn(void)
spawn the detect loader manager thread
Definition: detect-engine-loader.c:624
offset
uint64_t offset
Definition: util-streaming-buffer.h:0
ThreadVars_::name
char name[16]
Definition: threadvars.h:65
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:263
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:315
ConfNode_::val
char * val
Definition: conf.h:34
DetectEngineCtx_::rule_file
char * rule_file
Definition: detect.h:916
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
DetectLoaderTask_::ctx
void * ctx
Definition: detect-engine-loader.h:38
DetectEngineCtx_::sigerror_silent
bool sigerror_silent
Definition: detect.h:918
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
TmThreadsSetFlag
void TmThreadsSetFlag(ThreadVars *tv, uint32_t flag)
Set a thread flag.
Definition: tm-threads.c:97
CleanupFPAnalyzer
void CleanupFPAnalyzer(void)
Definition: detect-engine-analyzer.c:390
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, detect_loader_cnt)
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
TmThreadWakeupDetectLoaderThreads
void TmThreadWakeupDetectLoaderThreads(void)
Unpauses all threads present in tv_root.
Definition: detect-engine-loader.c:505
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
threads.h
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:333
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:811
SC_ERR_INVALID_SIGNATURE
@ SC_ERR_INVALID_SIGNATURE
Definition: util-error.h:69
TAILQ_EMPTY
#define TAILQ_EMPTY(head)
Definition: queue.h:249
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:253
SCSigSignatureOrderingModuleCleanup
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
Definition: detect-engine-sigorder.c:808
SCMutexLock
#define SCMutexLock(mut)
Definition: threads-debug.h:117
tv_root
ThreadVars * tv_root[TVT_MAX]
Definition: tm-threads.c:78
LoaderFunc
int(* LoaderFunc)(void *ctx, int loader_id)
Definition: detect-engine-loader.h:34
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:295
DetectParseDupSigHashFree
void DetectParseDupSigHashFree(DetectEngineCtx *de_ctx)
Frees the hash table that is used to cull duplicate sigs.
Definition: detect-parse.c:2239
DetectEngineCtx_::sigerror_ok
bool sigerror_ok
Definition: detect.h:919
DetectLoaderControl_::result
int result
Definition: detect-engine-loader.h:44
SC_ERR_NO_RULES
@ SC_ERR_NO_RULES
Definition: util-error.h:72
SCThresholdConfInitContext
int SCThresholdConfInitContext(DetectEngineCtx *de_ctx)
Inits the context to be used by the Threshold Config parsing API.
Definition: util-threshold-config.c:242
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:83
SC_ERR_INVALID_ARGUMENTS
@ SC_ERR_INVALID_ARGUMENTS
Definition: util-error.h:82
THV_PAUSE
#define THV_PAUSE
Definition: threadvars.h:39
CleanupRuleAnalyzer
void CleanupRuleAnalyzer(void)
Definition: detect-engine-analyzer.c:414
TM_THREAD_NAME_MAX
#define TM_THREAD_NAME_MAX
Definition: tm-threads.h:48
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:82
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
TmModule_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: tm-modules.h:49
TmThreadContinueDetectLoaderThreads
void TmThreadContinueDetectLoaderThreads()
Unpauses all threads present in tv_root.
Definition: detect-engine-loader.c:529
TmThreadsUnsetFlag
void TmThreadsUnsetFlag(ThreadVars *tv, uint32_t flag)
Unset a thread flag.
Definition: tm-threads.c:105
util-signal.h
NLOADERS
#define NLOADERS
Definition: detect-engine-loader.c:399
TmThreadContinue
void TmThreadContinue(ThreadVars *tv)
Unpauses a thread.
Definition: tm-threads.c:1772
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:313
SigStringAppend
int SigStringAppend(SigFileLoaderStat *sig_stats, const char *sig_file, const char *sig_str, const char *sig_error, int line)
Append a new list member to SigString list.
Definition: util-detect.c:104
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
DetectLoadersInit
void DetectLoadersInit(void)
Definition: detect-engine-loader.c:478
SCSigOrderSignatures
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
Definition: detect-engine-sigorder.c:728
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition: threads-debug.h:119
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:282
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:991
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
detect-engine-mpm.h
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
TmThreadTestThreadUnPaused
void TmThreadTestThreadUnPaused(ThreadVars *tv)
Tests if the thread represented in the arg has been unpaused or not.
Definition: tm-threads.c:1740
TmModule_::Management
TmEcode(* Management)(ThreadVars *, void *)
Definition: tm-modules.h:59
THV_KILL
#define THV_KILL
Definition: threadvars.h:41
ConfNode_::final
int final
Definition: conf.h:39
SCSigRegisterSignatureOrderingFuncs
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered,...
Definition: detect-engine-sigorder.c:788
rule_engine_analysis_set
int rule_engine_analysis_set
Definition: detect-engine-loader.c:53
EngineAnalysisRules
void EngineAnalysisRules(const DetectEngineCtx *de_ctx, const Signature *s, const char *line)
Prints analysis of loaded rules.
Definition: detect-engine-analyzer.c:1109
SC_ERR_INVALID_ARGUMENT
@ SC_ERR_INVALID_ARGUMENT
Definition: util-error.h:43
rule_reload
int rule_reload
engine_analysis
int engine_analysis
TRUE
#define TRUE
Definition: suricata-common.h:33
ThreadVars_::next
struct ThreadVars_ * next
Definition: threadvars.h:123
DetectLoaderThreadData_::instance
uint32_t instance
Definition: detect-engine-loader.c:553
SigFileLoaderStat_::bad_sigs_total
int bad_sigs_total
Definition: detect.h:778
util-detect.h
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:281
tv_root_lock
SCMutex tv_root_lock
Definition: tm-threads.c:81
thread_name_detect_loader
const char * thread_name_detect_loader
Definition: runmodes.c:72
TmModuleDetectLoaderRegister
void TmModuleDetectLoaderRegister(void)
Definition: detect-engine-loader.c:649
SCCtrlMutexLock
#define SCCtrlMutexLock(mut)
Definition: threads-debug.h:376
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:33
DetectLoaderThreadData
struct DetectLoaderThreadData_ DetectLoaderThreadData
ThreadVars_::ctrl_cond
SCCtrlCondT * ctrl_cond
Definition: threadvars.h:131
conf.h
DETECT_MAX_RULE_SIZE
#define DETECT_MAX_RULE_SIZE
Definition: detect.h:56
TmEcode
TmEcode
Definition: tm-threads-common.h:81
DetectLoaderThreadData_
Definition: detect-engine-loader.c:552
queue.h
TmModule_::name
const char * name
Definition: tm-modules.h:44
SC_ERR_OPENING_RULE_FILE
@ SC_ERR_OPENING_RULE_FILE
Definition: util-error.h:71
runmodes.h
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
TAILQ_FOREACH_SAFE
#define TAILQ_FOREACH_SAFE(var, head, field, tvar)
Definition: queue.h:330
SCMutexInit
#define SCMutexInit(mut, mutattrs)
Definition: threads-debug.h:116
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:1948
DetectEngineCtx_::config_prefix
char config_prefix[64]
Definition: detect.h:943
detect-engine-analyzer.h
DetectLoaderTask_
Definition: detect-engine-loader.h:36
THV_PAUSED
#define THV_PAUSED
Definition: threadvars.h:40
SCCtrlMutexUnlock
#define SCCtrlMutexUnlock(mut)
Definition: threads-debug.h:378
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2420
DetectEngineCtx_::sig_stat
SigFileLoaderStat sig_stat
Definition: detect.h:994
EngineAnalysisFP
void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *line)
Definition: detect-engine-analyzer.c:151
SC_ERR_NO_RULES_LOADED
@ SC_ERR_NO_RULES_LOADED
Definition: util-error.h:73
suricata-common.h
TMM_DETECTLOADER
@ TMM_DETECTLOADER
Definition: tm-threads-common.h:73
DetectLoaderControl_::m
SCMutex m
Definition: detect-engine-loader.h:45
SigFileLoaderStat_::total_files
int total_files
Definition: detect.h:776
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
ConfNodeIsSequence
int ConfNodeIsSequence(const ConfNode *node)
Check if a node is a sequence or node.
Definition: conf.c:974
TmModule_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:47
SetupFPAnalyzer
int SetupFPAnalyzer(void)
Sets up the fast pattern analyzer according to the config.
Definition: detect-engine-analyzer.c:284
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
TmThreadCreateCmdThreadByName
ThreadVars * TmThreadCreateCmdThreadByName(const char *name, const char *module, int mucond)
Creates and returns the TV instance for a Command thread (CMD). This function supports only custom sl...
Definition: tm-threads.c:1112
EngineAnalysisRulesFailure
void EngineAnalysisRulesFailure(char *line, char *file, int lineno)
Definition: detect-engine-analyzer.c:549
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
RunmodeGetCurrent
int RunmodeGetCurrent(void)
Definition: suricata.c:280
threadvars.h
detect-engine-sigorder.h
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
TVT_MAX
@ TVT_MAX
Definition: tm-threads-common.h:92
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:55
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:244
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SigFileLoaderStat_::good_sigs_total
int good_sigs_total
Definition: detect.h:777
ConfNode_
Definition: conf.h:32
Signature_::id
uint32_t id
Definition: detect.h:582
PathIsRelative
int PathIsRelative(const char *path)
Check if a path is relative.
Definition: util-path.c:70
detect-parse.h
Signature_
Signature container.
Definition: detect.h:548
DetectLoadersSync
int DetectLoadersSync(void)
wait for loader tasks to complete
Definition: detect-engine-loader.c:440
DetectLoaderQueueTask
int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx)
Definition: detect-engine-loader.c:407
SC_ERR_MEM_ALLOC
@ SC_ERR_MEM_ALLOC
Definition: util-error.h:31
suricata.h
SetupRuleAnalyzer
int SetupRuleAnalyzer(void)
Sets up the rule analyzer according to the config.
Definition: detect-engine-analyzer.c:334
DetectLoaderTask_::Func
LoaderFunc Func
Definition: detect-engine-loader.h:37
DetectLoadCompleteSigPath
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
Definition: detect-engine-loader.c:60
DetectEngineCtx_::sigerror
const char * sigerror
Definition: detect.h:920
SC_ERR_INITIALIZATION
@ SC_ERR_INITIALIZATION
Definition: util-error.h:75
ThreadVars_::ctrl_mutex
SCCtrlMutex * ctrl_mutex
Definition: threadvars.h:130
DetectEngineCtx_::rule_line
int rule_line
Definition: detect.h:917
TmThreadsCheckFlag
int TmThreadsCheckFlag(ThreadVars *tv, uint32_t flag)
Check if a thread flag is set.
Definition: tm-threads.c:89
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
detect-engine-loader.h
SigFileLoaderStat_
Signature loader statistics.
Definition: detect.h:773
TmModule_::flags
uint8_t flags
Definition: tm-modules.h:70
debug.h
DetectEngineCtx_::failure_fatal
int failure_fatal
Definition: detect.h:813
util-threshold-config.h
TM_FLAG_MANAGEMENT_TM
#define TM_FLAG_MANAGEMENT_TM
Definition: tm-modules.h:36
RetrieveFPForSig
void RetrieveFPForSig(const DetectEngineCtx *de_ctx, Signature *s)
Definition: detect-engine-mpm.c:1079