suricata
detect-engine-loader.c
Go to the documentation of this file.
1 /* Copyright (C) 2021-2023 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "suricata.h"
26 #include "conf.h"
27 #include "detect.h"
28 #include "detect-parse.h"
29 
30 #include "runmodes.h"
31 #include "threads.h"
32 #include "threadvars.h"
33 #include "tm-threads.h"
34 #include "queue.h"
35 #include "util-signal.h"
36 
37 #include "detect-engine-loader.h"
38 #include "detect-engine-build.h"
39 #include "detect-engine-analyzer.h"
40 #include "detect-engine-mpm.h"
41 #include "detect-engine-sigorder.h"
42 
43 #include "util-detect.h"
44 #include "util-threshold-config.h"
45 #include "util-path.h"
46 
47 #include "rust.h"
48 
49 #ifdef HAVE_GLOB_H
50 #include <glob.h>
51 #endif
52 
53 extern int rule_reload;
54 extern int engine_analysis;
55 static bool fp_engine_analysis_set = false;
57 
58 /**
59  * \brief Create the path if default-rule-path was specified
60  * \param sig_file The name of the file
61  * \retval str Pointer to the string path + sig_file
62  */
63 char *DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
64 {
65  const char *defaultpath = NULL;
66  char *path = NULL;
67  char varname[128];
68 
69  if (sig_file == NULL) {
70  SCLogError("invalid sig_file argument - NULL");
71  return NULL;
72  }
73 
74  /* If we have a configuration prefix, only use it if the primary configuration node
75  * is not marked as final, as that means it was provided on the command line with
76  * a --set. */
77  ConfNode *default_rule_path = ConfGetNode("default-rule-path");
78  if ((!default_rule_path || !default_rule_path->final) && strlen(de_ctx->config_prefix) > 0) {
79  snprintf(varname, sizeof(varname), "%s.default-rule-path",
81  default_rule_path = ConfGetNode(varname);
82  }
83  if (default_rule_path) {
84  defaultpath = default_rule_path->val;
85  }
86 
87  /* Path not specified */
88  if (PathIsRelative(sig_file)) {
89  if (defaultpath) {
90  path = PathMergeAlloc(defaultpath, sig_file);
91  if (unlikely(path == NULL))
92  return NULL;
93  } else {
94  path = SCStrdup(sig_file);
95  if (unlikely(path == NULL))
96  return NULL;
97  }
98  } else {
99  path = SCStrdup(sig_file);
100  if (unlikely(path == NULL))
101  return NULL;
102  }
103  return path;
104 }
105 
106 /**
107  * \brief Load a file with signatures
108  * \param de_ctx Pointer to the detection engine context
109  * \param sig_file Filename to load signatures from
110  * \param goodsigs_tot Will store number of valid signatures in the file
111  * \param badsigs_tot Will store number of invalid signatures in the file
112  * \retval 0 on success, -1 on error
113  */
114 static int DetectLoadSigFile(
115  DetectEngineCtx *de_ctx, char *sig_file, int *goodsigs, int *badsigs, int *skippedsigs)
116 {
117  Signature *sig = NULL;
118  int good = 0, bad = 0, skipped = 0;
119  char line[DETECT_MAX_RULE_SIZE] = "";
120  size_t offset = 0;
121  int lineno = 0, multiline = 0;
122 
123  (*goodsigs) = 0;
124  (*badsigs) = 0;
125  (*skippedsigs) = 0;
126 
127  FILE *fp = fopen(sig_file, "r");
128  if (fp == NULL) {
129  SCLogError("opening rule file %s:"
130  " %s.",
131  sig_file, strerror(errno));
132  return -1;
133  }
134 
135  while(fgets(line + offset, (int)sizeof(line) - offset, fp) != NULL) {
136  lineno++;
137  size_t len = strlen(line);
138 
139  /* ignore comments and empty lines */
140  if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
141  continue;
142 
143  /* Check for multiline rules. */
144  while (len > 0 && isspace((unsigned char)line[--len]));
145  if (line[len] == '\\') {
146  multiline++;
147  offset = len;
148  if (offset < sizeof(line) - 1) {
149  /* We have room for more. */
150  continue;
151  }
152  /* No more room in line buffer, continue, rule will fail
153  * to parse. */
154  }
155 
156  /* Check if we have a trailing newline, and remove it */
157  len = strlen(line);
158  if (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r')) {
159  line[len - 1] = '\0';
160  }
161 
162  /* Reset offset. */
163  offset = 0;
164 
165  de_ctx->rule_file = sig_file;
166  de_ctx->rule_line = lineno - multiline;
167 
168  sig = DetectEngineAppendSig(de_ctx, line);
169  if (sig != NULL) {
170  if (rule_engine_analysis_set || fp_engine_analysis_set) {
171  RetrieveFPForSig(de_ctx, sig);
172  if (fp_engine_analysis_set) {
173  EngineAnalysisFP(de_ctx, sig, line);
174  }
176  EngineAnalysisRules(de_ctx, sig, line);
177  }
178  }
179  SCLogDebug("signature %"PRIu32" loaded", sig->id);
180  good++;
181  } else {
182  if (!de_ctx->sigerror_silent) {
183  SCLogError("error parsing signature \"%s\" from "
184  "file %s at line %" PRId32 "",
185  line, sig_file, lineno - multiline);
186 
187  if (!SigStringAppend(&de_ctx->sig_stat, sig_file, line, de_ctx->sigerror, (lineno - multiline))) {
188  SCLogError("Error adding sig \"%s\" from "
189  "file %s at line %" PRId32 "",
190  line, sig_file, lineno - multiline);
191  }
192  if (de_ctx->sigerror) {
193  de_ctx->sigerror = NULL;
194  }
195  }
197  EngineAnalysisRulesFailure(de_ctx, line, sig_file, lineno - multiline);
198  }
199  if (!de_ctx->sigerror_ok) {
200  bad++;
201  }
202  if (de_ctx->sigerror_requires) {
203  SCLogInfo("Skipping signature due to missing requirements: %s from file %s at line "
204  "%" PRId32,
205  line, sig_file, lineno - multiline);
206  skipped++;
207  }
208  }
209  multiline = 0;
210  }
211  fclose(fp);
212 
213  *goodsigs = good;
214  *badsigs = bad;
215  *skippedsigs = skipped;
216  return 0;
217 }
218 
219 /**
220  * \brief Expands wildcards and reads signatures from each matching file
221  * \param de_ctx Pointer to the detection engine context
222  * \param sig_file Filename (or pattern) holding signatures
223  * \retval -1 on error
224  */
225 static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern, SigFileLoaderStat *st,
226  int *good_sigs, int *bad_sigs, int *skipped_sigs)
227 {
228  int r = 0;
229 
230  if (pattern == NULL) {
231  SCLogError("opening rule file null");
232  return -1;
233  }
234 
235 #ifdef HAVE_GLOB_H
236  glob_t files;
237  r = glob(pattern, 0, NULL, &files);
238 
239  if (r == GLOB_NOMATCH) {
240  SCLogWarning("No rule files match the pattern %s", pattern);
241  ++(st->bad_files);
242  ++(st->total_files);
243  return -1;
244  } else if (r != 0) {
245  SCLogError("error expanding template %s: %s", pattern, strerror(errno));
246  return -1;
247  }
248 
249  for (size_t i = 0; i < (size_t)files.gl_pathc; i++) {
250  char *fname = files.gl_pathv[i];
251  if (strcmp("/dev/null", fname) == 0)
252  continue;
253 #else
254  char *fname = pattern;
255  if (strcmp("/dev/null", fname) == 0)
256  return 0;
257 #endif
258  if (strlen(de_ctx->config_prefix) > 0) {
259  SCLogConfig("tenant id %d: Loading rule file: %s", de_ctx->tenant_id, fname);
260  } else {
261  SCLogConfig("Loading rule file: %s", fname);
262  }
263  r = DetectLoadSigFile(de_ctx, fname, good_sigs, bad_sigs, skipped_sigs);
264  if (r < 0) {
265  ++(st->bad_files);
266  }
267 
268  ++(st->total_files);
269 
270  st->good_sigs_total += *good_sigs;
271  st->bad_sigs_total += *bad_sigs;
272  st->skipped_sigs_total += *skipped_sigs;
273 
274 #ifdef HAVE_GLOB_H
275  }
276  globfree(&files);
277 #endif
278  return r;
279 }
280 
281 /**
282  * \brief Load signatures
283  * \param de_ctx Pointer to the detection engine context
284  * \param sig_file Filename (or pattern) holding signatures
285  * \param sig_file_exclusive File passed in 'sig_file' should be loaded exclusively.
286  * \retval -1 on error
287  */
288 int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
289 {
290  SCEnter();
291 
292  ConfNode *rule_files;
293  ConfNode *file = NULL;
294  SigFileLoaderStat *sig_stat = &de_ctx->sig_stat;
295  int ret = 0;
296  char *sfile = NULL;
297  char varname[128] = "rule-files";
298  int good_sigs = 0;
299  int bad_sigs = 0;
300  int skipped_sigs = 0;
301 
302  if (strlen(de_ctx->config_prefix) > 0) {
303  snprintf(varname, sizeof(varname), "%s.rule-files",
305  }
306 
308  SetupEngineAnalysis(de_ctx, &fp_engine_analysis_set, &rule_engine_analysis_set);
309  }
310 
311  /* ok, let's load signature files from the general config */
312  if (!(sig_file != NULL && sig_file_exclusive)) {
313  rule_files = ConfGetNode(varname);
314  if (rule_files != NULL) {
315  if (!ConfNodeIsSequence(rule_files)) {
316  SCLogWarning("Invalid rule-files configuration section: "
317  "expected a list of filenames.");
318  }
319  else {
320  TAILQ_FOREACH(file, &rule_files->head, next) {
321  sfile = DetectLoadCompleteSigPath(de_ctx, file->val);
322  good_sigs = bad_sigs = skipped_sigs = 0;
323  ret = ProcessSigFiles(
324  de_ctx, sfile, sig_stat, &good_sigs, &bad_sigs, &skipped_sigs);
325  SCFree(sfile);
326 
327  if (de_ctx->failure_fatal && ret != 0) {
328  /* Some rules failed to load, just exit as
329  * errors would have already been logged. */
330  exit(EXIT_FAILURE);
331  }
332 
333  if (good_sigs == 0) {
334  SCLogConfig("No rules loaded from %s.", file->val);
335  }
336  }
337  }
338  }
339  }
340 
341  /* If a Signature file is specified from command-line, parse it too */
342  if (sig_file != NULL) {
343  ret = ProcessSigFiles(de_ctx, sig_file, sig_stat, &good_sigs, &bad_sigs, &skipped_sigs);
344 
345  if (ret != 0) {
346  if (de_ctx->failure_fatal) {
347  exit(EXIT_FAILURE);
348  }
349  }
350 
351  if (good_sigs == 0) {
352  SCLogConfig("No rules loaded from %s", sig_file);
353  }
354  }
355 
356  /* now we should have signatures to work with */
357  if (sig_stat->good_sigs_total <= 0) {
358  if (sig_stat->total_files > 0) {
359  SCLogWarning(
360  "%d rule files specified, but no rules were loaded!", sig_stat->total_files);
361  } else {
362  SCLogInfo("No signatures supplied.");
363  goto end;
364  }
365  } else {
366  /* we report the total of files and rules successfully loaded and failed */
367  if (strlen(de_ctx->config_prefix) > 0) {
368  SCLogInfo("tenant id %d: %" PRId32 " rule files processed. %" PRId32
369  " rules successfully loaded, %" PRId32 " rules failed, %" PRId32
370  " rules skipped",
371  de_ctx->tenant_id, sig_stat->total_files, sig_stat->good_sigs_total,
372  sig_stat->bad_sigs_total, sig_stat->skipped_sigs_total);
373  } else {
374  SCLogInfo("%" PRId32 " rule files processed. %" PRId32
375  " rules successfully loaded, %" PRId32 " rules failed, %" PRId32
376  " rules skipped",
377  sig_stat->total_files, sig_stat->good_sigs_total, sig_stat->bad_sigs_total,
378  sig_stat->skipped_sigs_total);
379  }
380  if (de_ctx->requirements != NULL && sig_stat->skipped_sigs_total > 0) {
381  SCDetectRequiresStatusLog(de_ctx->requirements, PROG_VER,
382  strlen(de_ctx->config_prefix) > 0 ? de_ctx->tenant_id : 0);
383  }
384  }
385 
386  if ((sig_stat->bad_sigs_total || sig_stat->bad_files) && de_ctx->failure_fatal) {
387  ret = -1;
388  goto end;
389  }
390 
394 
396  ret = -1;
397  goto end;
398  }
399 
400  /* Setup the signature group lookup structure and pattern matchers */
401  if (SigGroupBuild(de_ctx) < 0)
402  goto end;
403 
404  ret = 0;
405 
406  end:
407  gettimeofday(&de_ctx->last_reload, NULL);
410  }
411 
413  SCReturnInt(ret);
414 }
415 
416 #define NLOADERS 4
417 static DetectLoaderControl *loaders = NULL;
418 static int cur_loader = 0;
419 static void TmThreadWakeupDetectLoaderThreads(void);
420 static int num_loaders = NLOADERS;
421 
422 /** \param loader -1 for auto select
423  * \retval loader_id or negative in case of error */
424 int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx, LoaderFreeFunc FreeFunc)
425 {
426  if (loader_id == -1) {
427  loader_id = cur_loader;
428  cur_loader++;
429  if (cur_loader >= num_loaders)
430  cur_loader = 0;
431  }
432  if (loader_id >= num_loaders || loader_id < 0) {
433  return -ERANGE;
434  }
435 
436  DetectLoaderControl *loader = &loaders[loader_id];
437 
438  DetectLoaderTask *t = SCCalloc(1, sizeof(*t));
439  if (t == NULL)
440  return -ENOMEM;
441 
442  t->Func = Func;
443  t->ctx = func_ctx;
444  t->FreeFunc = FreeFunc;
445 
446  SCMutexLock(&loader->m);
447  TAILQ_INSERT_TAIL(&loader->task_list, t, next);
448  SCMutexUnlock(&loader->m);
449 
450  TmThreadWakeupDetectLoaderThreads();
451 
452  SCLogDebug("%d %p %p", loader_id, Func, func_ctx);
453  return loader_id;
454 }
455 
456 /** \brief wait for loader tasks to complete
457  * \retval result 0 for ok, -1 for errors */
459 {
460  SCLogDebug("waiting");
461  int errors = 0;
462  for (int i = 0; i < num_loaders; i++) {
463  bool done = false;
464 
465  DetectLoaderControl *loader = &loaders[i];
466  while (!done) {
467  SCMutexLock(&loader->m);
468  if (TAILQ_EMPTY(&loader->task_list)) {
469  done = true;
470  }
471  SCMutexUnlock(&loader->m);
472  if (!done) {
473  /* nudge thread in case it's sleeping */
474  SCCtrlMutexLock(loader->tv->ctrl_mutex);
475  pthread_cond_broadcast(loader->tv->ctrl_cond);
476  SCCtrlMutexUnlock(loader->tv->ctrl_mutex);
477  }
478  }
479  SCMutexLock(&loader->m);
480  if (loader->result != 0) {
481  errors++;
482  loader->result = 0;
483  }
484  SCMutexUnlock(&loader->m);
485  }
486  if (errors) {
487  SCLogError("%d loaders reported errors", errors);
488  return -1;
489  }
490  SCLogDebug("done");
491  return 0;
492 }
493 
494 static void DetectLoaderInit(DetectLoaderControl *loader)
495 {
496  memset(loader, 0x00, sizeof(*loader));
497  SCMutexInit(&loader->m, NULL);
498  TAILQ_INIT(&loader->task_list);
499 }
500 
502 {
503  intmax_t setting = NLOADERS;
504  (void)ConfGetInt("multi-detect.loaders", &setting);
505 
506  if (setting < 1 || setting > 1024) {
507  FatalError("invalid multi-detect.loaders setting %" PRIdMAX, setting);
508  }
509 
510  num_loaders = (int32_t)setting;
511  SCLogInfo("using %d detect loader threads", num_loaders);
512 
513  BUG_ON(loaders != NULL);
514  loaders = SCCalloc(num_loaders, sizeof(DetectLoaderControl));
515  BUG_ON(loaders == NULL);
516 
517  for (int i = 0; i < num_loaders; i++) {
518  DetectLoaderInit(&loaders[i]);
519  }
520 }
521 
522 /**
523  * \brief Unpauses all threads present in tv_root
524  */
525 static void TmThreadWakeupDetectLoaderThreads(void)
526 {
528  for (int i = 0; i < TVT_MAX; i++) {
529  ThreadVars *tv = tv_root[i];
530  while (tv != NULL) {
531  if (strncmp(tv->name,"DL#",3) == 0) {
532  BUG_ON(tv->ctrl_cond == NULL);
534  pthread_cond_broadcast(tv->ctrl_cond);
536  }
537  tv = tv->next;
538  }
539  }
541 }
542 
543 /**
544  * \brief Unpauses all threads present in tv_root
545  */
547 {
549  for (int i = 0; i < TVT_MAX; i++) {
550  ThreadVars *tv = tv_root[i];
551  while (tv != NULL) {
552  if (strncmp(tv->name,"DL#",3) == 0)
554 
555  tv = tv->next;
556  }
557  }
559 }
560 
561 SC_ATOMIC_DECLARE(int, detect_loader_cnt);
562 
563 typedef struct DetectLoaderThreadData_ {
564  uint32_t instance;
566 
567 static TmEcode DetectLoaderThreadInit(ThreadVars *t, const void *initdata, void **data)
568 {
570  if (ftd == NULL)
571  return TM_ECODE_FAILED;
572 
573  ftd->instance = SC_ATOMIC_ADD(detect_loader_cnt, 1); /* id's start at 0 */
574  SCLogDebug("detect loader instance %u", ftd->instance);
575 
576  /* pass thread data back to caller */
577  *data = ftd;
578 
579  DetectLoaderControl *loader = &loaders[ftd->instance];
580  loader->tv = t;
581 
582  return TM_ECODE_OK;
583 }
584 
585 static TmEcode DetectLoaderThreadDeinit(ThreadVars *t, void *data)
586 {
587  SCFree(data);
588  return TM_ECODE_OK;
589 }
590 
591 
592 static TmEcode DetectLoader(ThreadVars *th_v, void *thread_data)
593 {
594  DetectLoaderThreadData *ftd = (DetectLoaderThreadData *)thread_data;
595  BUG_ON(ftd == NULL);
596 
598  SCLogDebug("loader thread started");
599  while (1)
600  {
601  if (TmThreadsCheckFlag(th_v, THV_PAUSE)) {
605  }
606 
607  /* see if we have tasks */
608 
609  DetectLoaderControl *loader = &loaders[ftd->instance];
610  SCMutexLock(&loader->m);
611 
612  DetectLoaderTask *task = NULL, *tmptask = NULL;
613  TAILQ_FOREACH_SAFE(task, &loader->task_list, next, tmptask) {
614  int r = task->Func(task->ctx, ftd->instance);
615  loader->result |= r;
616  TAILQ_REMOVE(&loader->task_list, task, next);
617  task->FreeFunc(task->ctx);
618  SCFree(task);
619  }
620 
621  SCMutexUnlock(&loader->m);
622 
623  if (TmThreadsCheckFlag(th_v, THV_KILL)) {
624  break;
625  }
626 
627  /* just wait until someone wakes us up */
629  SCCtrlCondWait(th_v->ctrl_cond, th_v->ctrl_mutex);
631 
632  SCLogDebug("woke up...");
633  }
634 
638 
639  return TM_ECODE_OK;
640 }
641 
642 /** \brief spawn the detect loader manager thread */
644 {
645  for (int i = 0; i < num_loaders; i++) {
646  char name[TM_THREAD_NAME_MAX];
647  snprintf(name, sizeof(name), "%s#%02d", thread_name_detect_loader, i+1);
648 
649  ThreadVars *tv_loader = TmThreadCreateCmdThreadByName(name, "DetectLoader", 1);
650  if (tv_loader == NULL) {
651  FatalError("failed to create thread %s", name);
652  }
653  if (TmThreadSpawn(tv_loader) != TM_ECODE_OK) {
654  FatalError("failed to create spawn %s", name);
655  }
656  }
657 }
658 
660 {
661  tmm_modules[TMM_DETECTLOADER].name = "DetectLoader";
662  tmm_modules[TMM_DETECTLOADER].ThreadInit = DetectLoaderThreadInit;
663  tmm_modules[TMM_DETECTLOADER].ThreadDeinit = DetectLoaderThreadDeinit;
664  tmm_modules[TMM_DETECTLOADER].Management = DetectLoader;
667  SCLogDebug("%s registered", tmm_modules[TMM_DETECTLOADER].name);
668 
669  SC_ATOMIC_INIT(detect_loader_cnt);
670 }
DetectLoaderTask_::FreeFunc
LoaderFreeFunc FreeFunc
Definition: detect-engine-loader.h:40
TmModule_::cap_flags
uint8_t cap_flags
Definition: tm-modules.h:74
DetectLoaderControl_
Definition: detect-engine-loader.h:44
SigFileLoaderStat_::bad_files
int bad_files
Definition: detect.h:799
tm-threads.h
ConfGetInt
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:399
SCCtrlCondWait
#define SCCtrlCondWait
Definition: threads-debug.h:386
len
uint8_t len
Definition: app-layer-dnp3.h:2
TmThreadSpawn
TmEcode TmThreadSpawn(ThreadVars *tv)
Spawns a thread associated with the ThreadVars instance tv.
Definition: tm-threads.c:1660
DetectLoaderThreadSpawn
void DetectLoaderThreadSpawn(void)
spawn the detect loader manager thread
Definition: detect-engine-loader.c:643
offset
uint64_t offset
Definition: util-streaming-buffer.h:0
ThreadVars_::name
char name[16]
Definition: threadvars.h:64
PathMergeAlloc
char * PathMergeAlloc(const char *const dir, const char *const fname)
Definition: util-path.c:107
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
ConfNode_::val
char * val
Definition: conf.h:34
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:288
DetectEngineCtx_::rule_file
char * rule_file
Definition: detect.h:926
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SetupEngineAnalysis
void SetupEngineAnalysis(DetectEngineCtx *de_ctx, bool *fp_analysis, bool *rule_analysis)
Definition: detect-engine-analyzer.c:471
DetectLoaderTask_::ctx
void * ctx
Definition: detect-engine-loader.h:39
DetectEngineCtx_::sigerror_silent
bool sigerror_silent
Definition: detect.h:928
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
TmThreadsSetFlag
void TmThreadsSetFlag(ThreadVars *tv, uint32_t flag)
Set a thread flag.
Definition: tm-threads.c:99
TmThreadWaitForFlag
void TmThreadWaitForFlag(ThreadVars *tv, uint32_t flags)
Waits till the specified flag(s) is(are) set. We don't bother if the kill flag has been set or not on...
Definition: tm-threads.c:1780
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, detect_loader_cnt)
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
THV_DEINIT
#define THV_DEINIT
Definition: threadvars.h:44
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
threads.h
TmThreadContinueDetectLoaderThreads
void TmThreadContinueDetectLoaderThreads(void)
Unpauses all threads present in tv_root.
Definition: detect-engine-loader.c:546
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:332
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:836
THV_RUNNING
#define THV_RUNNING
Definition: threadvars.h:54
TAILQ_EMPTY
#define TAILQ_EMPTY(head)
Definition: queue.h:248
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
LoaderFreeFunc
void(* LoaderFreeFunc)(void *ctx)
Definition: detect-engine-loader.h:35
SCSigSignatureOrderingModuleCleanup
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
Definition: detect-engine-sigorder.c:825
SCMutexLock
#define SCMutexLock(mut)
Definition: threads-debug.h:117
rust.h
tv_root
ThreadVars * tv_root[TVT_MAX]
Definition: tm-threads.c:80
LoaderFunc
int(* LoaderFunc)(void *ctx, int loader_id)
Definition: detect-engine-loader.h:34
DetectEngineCtx_::sigerror_requires
bool sigerror_requires
Definition: detect.h:932
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
DetectParseDupSigHashFree
void DetectParseDupSigHashFree(DetectEngineCtx *de_ctx)
Frees the hash table that is used to cull duplicate sigs.
Definition: detect-parse.c:2440
DetectEngineCtx_::sigerror_ok
bool sigerror_ok
Definition: detect.h:929
DetectLoaderControl_::result
int result
Definition: detect-engine-loader.h:51
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2620
SCThresholdConfInitContext
int SCThresholdConfInitContext(DetectEngineCtx *de_ctx)
Inits the context to be used by the Threshold Config parsing API.
Definition: util-threshold-config.c:165
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:85
THV_PAUSE
#define THV_PAUSE
Definition: threadvars.h:37
TM_THREAD_NAME_MAX
#define TM_THREAD_NAME_MAX
Definition: tm-threads.h:49
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:84
TmModule_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: tm-modules.h:50
THV_RUNNING_DONE
#define THV_RUNNING_DONE
Definition: threadvars.h:45
TmThreadsUnsetFlag
void TmThreadsUnsetFlag(ThreadVars *tv, uint32_t flag)
Unset a thread flag.
Definition: tm-threads.c:107
util-signal.h
SigFileLoaderStat_::skipped_sigs_total
int skipped_sigs_total
Definition: detect.h:803
NLOADERS
#define NLOADERS
Definition: detect-engine-loader.c:416
TmThreadContinue
void TmThreadContinue(ThreadVars *tv)
Unpauses a thread.
Definition: tm-threads.c:1794
DetectEngineCtx_::requirements
SCDetectRequiresStatus * requirements
Definition: detect.h:1043
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
rule_engine_analysis_set
bool rule_engine_analysis_set
Definition: detect-engine-loader.c:56
SigStringAppend
int SigStringAppend(SigFileLoaderStat *sig_stats, const char *sig_file, const char *sig_str, const char *sig_error, int line)
Append a new list member to SigString list.
Definition: util-detect.c:104
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectLoadersInit
void DetectLoadersInit(void)
Definition: detect-engine-loader.c:501
SCSigOrderSignatures
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
Definition: detect-engine-sigorder.c:733
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition: threads-debug.h:119
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:1007
DetectEngineCtx_::failure_fatal
bool failure_fatal
Definition: detect.h:837
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
detect-engine-mpm.h
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
TmThreadTestThreadUnPaused
void TmThreadTestThreadUnPaused(ThreadVars *tv)
Tests if the thread represented in the arg has been unpaused or not.
Definition: tm-threads.c:1762
TmModule_::Management
TmEcode(* Management)(ThreadVars *, void *)
Definition: tm-modules.h:66
THV_KILL
#define THV_KILL
Definition: threadvars.h:39
ConfNode_::final
int final
Definition: conf.h:39
SCSigRegisterSignatureOrderingFuncs
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered s...
Definition: detect-engine-sigorder.c:805
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
EngineAnalysisRules
void EngineAnalysisRules(const DetectEngineCtx *de_ctx, const Signature *s, const char *line)
Prints analysis of loaded rules.
Definition: detect-engine-analyzer.c:1406
rule_reload
int rule_reload
engine_analysis
int engine_analysis
ThreadVars_::next
struct ThreadVars_ * next
Definition: threadvars.h:124
DetectLoaderThreadData_::instance
uint32_t instance
Definition: detect-engine-loader.c:564
SigFileLoaderStat_::bad_sigs_total
int bad_sigs_total
Definition: detect.h:802
util-detect.h
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:300
tv_root_lock
SCMutex tv_root_lock
Definition: tm-threads.c:83
thread_name_detect_loader
const char * thread_name_detect_loader
Definition: runmodes.c:87
TmModuleDetectLoaderRegister
void TmModuleDetectLoaderRegister(void)
Definition: detect-engine-loader.c:659
SCCtrlMutexLock
#define SCCtrlMutexLock(mut)
Definition: threads-debug.h:376
detect-engine-build.h
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:33
DetectLoaderThreadData
struct DetectLoaderThreadData_ DetectLoaderThreadData
ThreadVars_::ctrl_cond
SCCtrlCondT * ctrl_cond
Definition: threadvars.h:132
conf.h
DETECT_MAX_RULE_SIZE
#define DETECT_MAX_RULE_SIZE
Definition: detect.h:44
TmEcode
TmEcode
Definition: tm-threads-common.h:83
DetectLoaderThreadData_
Definition: detect-engine-loader.c:563
queue.h
TmModule_::name
const char * name
Definition: tm-modules.h:45
runmodes.h
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
TAILQ_FOREACH_SAFE
#define TAILQ_FOREACH_SAFE(var, head, field, tvar)
Definition: queue.h:329
EngineAnalysisRulesFailure
void EngineAnalysisRulesFailure(const DetectEngineCtx *de_ctx, char *line, char *file, int lineno)
Definition: detect-engine-analyzer.c:621
SCMutexInit
#define SCMutexInit(mut, mutattrs)
Definition: threads-debug.h:116
DetectLoaderQueueTask
int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx, LoaderFreeFunc FreeFunc)
Definition: detect-engine-loader.c:424
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:2142
DetectEngineCtx_::config_prefix
char config_prefix[64]
Definition: detect.h:959
detect-engine-analyzer.h
DetectLoaderTask_
Definition: detect-engine-loader.h:37
THV_PAUSED
#define THV_PAUSED
Definition: threadvars.h:38
THV_INIT_DONE
#define THV_INIT_DONE
Definition: threadvars.h:36
SCCtrlMutexUnlock
#define SCCtrlMutexUnlock(mut)
Definition: threads-debug.h:378
DetectEngineCtx_::sig_stat
SigFileLoaderStat sig_stat
Definition: detect.h:1010
EngineAnalysisFP
void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *line)
Definition: detect-engine-analyzer.c:162
suricata-common.h
TMM_DETECTLOADER
@ TMM_DETECTLOADER
Definition: tm-threads-common.h:75
util-path.h
CleanupEngineAnalysis
void CleanupEngineAnalysis(DetectEngineCtx *de_ctx)
Definition: detect-engine-analyzer.c:507
DetectLoaderControl_::m
SCMutex m
Definition: detect-engine-loader.h:50
SigFileLoaderStat_::total_files
int total_files
Definition: detect.h:800
ConfNodeIsSequence
int ConfNodeIsSequence(const ConfNode *node)
Check if a node is a sequence or node.
Definition: conf.c:946
TmModule_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:48
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(...)
Definition: util-debug.h:502
TmThreadCreateCmdThreadByName
ThreadVars * TmThreadCreateCmdThreadByName(const char *name, const char *module, int mucond)
Creates and returns the TV instance for a Command thread (CMD). This function supports only custom sl...
Definition: tm-threads.c:1126
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
RunmodeGetCurrent
int RunmodeGetCurrent(void)
Definition: suricata.c:261
threadvars.h
detect-engine-sigorder.h
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:56
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SigFileLoaderStat_::good_sigs_total
int good_sigs_total
Definition: detect.h:801
ConfNode_
Definition: conf.h:32
Signature_::id
uint32_t id
Definition: detect.h:628
TVT_MAX
@ TVT_MAX
Definition: tm-threads-common.h:94
PathIsRelative
int PathIsRelative(const char *path)
Check if a path is relative.
Definition: util-path.c:69
detect-parse.h
Signature_
Signature container.
Definition: detect.h:593
DetectLoadersSync
int DetectLoadersSync(void)
wait for loader tasks to complete
Definition: detect-engine-loader.c:458
suricata.h
DetectLoaderTask_::Func
LoaderFunc Func
Definition: detect-engine-loader.h:38
DetectLoadCompleteSigPath
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
Definition: detect-engine-loader.c:63
DetectEngineCtx_::sigerror
const char * sigerror
Definition: detect.h:927
ThreadVars_::ctrl_mutex
SCCtrlMutex * ctrl_mutex
Definition: threadvars.h:131
DetectEngineCtx_::rule_line
int rule_line
Definition: detect.h:925
PROG_VER
#define PROG_VER
Definition: suricata.h:71
TmThreadsCheckFlag
int TmThreadsCheckFlag(ThreadVars *tv, uint32_t flag)
Check if a thread flag is set.
Definition: tm-threads.c:91
THV_CLOSED
#define THV_CLOSED
Definition: threadvars.h:41
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
DetectEngineCtx_::tenant_id
uint32_t tenant_id
Definition: detect.h:842
detect-engine-loader.h
SigFileLoaderStat_
Signature loader statistics.
Definition: detect.h:797
TmModule_::flags
uint8_t flags
Definition: tm-modules.h:77
DetectLoaderControl_::tv
ThreadVars * tv
Definition: detect-engine-loader.h:46
util-threshold-config.h
TM_FLAG_MANAGEMENT_TM
#define TM_FLAG_MANAGEMENT_TM
Definition: tm-modules.h:37
RetrieveFPForSig
void RetrieveFPForSig(const DetectEngineCtx *de_ctx, Signature *s)
Definition: detect-engine-mpm.c:1057