Go to the documentation of this file.
52 static int fp_engine_analysis_set = 0;
62 const char *defaultpath = NULL;
66 if (sig_file == NULL) {
72 snprintf(varname,
sizeof(varname),
"%s.default-rule-path",
75 snprintf(varname,
sizeof(varname),
"default-rule-path");
80 if (
ConfGet(varname, &defaultpath) == 1) {
82 size_t path_len =
sizeof(char) * (strlen(defaultpath) +
83 strlen(sig_file) + 2);
87 strlcpy(path, defaultpath, path_len);
88 #if defined OS_WIN32 || defined __CYGWIN__
89 if (path[strlen(path) - 1] !=
'\\')
90 strlcat(path,
"\\\\", path_len);
92 if (path[strlen(path) - 1] !=
'/')
95 strlcat(path, sig_file, path_len);
118 int *goodsigs,
int *badsigs)
121 int good = 0, bad = 0;
124 int lineno = 0, multiline = 0;
129 FILE *fp = fopen(sig_file,
"r");
132 " %s.", sig_file, strerror(errno));
136 while(fgets(line +
offset, (
int)
sizeof(line) -
offset, fp) != NULL) {
138 size_t len = strlen(line);
141 if (line[0] ==
'\n' || line [0] ==
'\r' || line[0] ==
' ' || line[0] ==
'#' || line[0] ==
'\t')
145 while (
len > 0 && isspace((
unsigned char)line[--
len]));
146 if (line[
len] ==
'\\') {
149 if (
offset <
sizeof(line) - 1) {
159 if (
len > 0 && (line[
len - 1] ==
'\n' || line[
len - 1] ==
'\r')) {
160 line[
len - 1] =
'\0';
173 if (fp_engine_analysis_set) {
185 "file %s at line %"PRId32
"", line, sig_file, lineno - multiline);
189 "file %s at line %"PRId32
"", line, sig_file, lineno - multiline);
222 if (pattern == NULL) {
229 r = glob(pattern, 0, NULL, &files);
231 if (r == GLOB_NOMATCH) {
238 pattern, strerror(errno));
242 for (
size_t i = 0; i < (size_t)files.gl_pathc; i++) {
243 char *fname = files.gl_pathv[i];
244 if (strcmp(
"/dev/null", fname) == 0)
247 char *fname = pattern;
248 if (strcmp(
"/dev/null", fname) == 0)
252 r = DetectLoadSigFile(
de_ctx, fname, good_sigs, bad_sigs);
285 char varname[128] =
"rule-files";
290 snprintf(varname,
sizeof(varname),
"%s.rule-files",
300 if (!(sig_file != NULL && sig_file_exclusive ==
TRUE)) {
302 if (rule_files != NULL) {
305 "Invalid rule-files configuration section: "
306 "expected a list of filenames.");
311 good_sigs = bad_sigs = 0;
312 ret = ProcessSigFiles(
de_ctx, sfile, sig_stat, &good_sigs, &bad_sigs);
321 if (good_sigs == 0) {
330 if (sig_file != NULL) {
331 ret = ProcessSigFiles(
de_ctx, sig_file, sig_stat, &good_sigs, &bad_sigs);
339 if (good_sigs == 0) {
354 SCLogInfo(
"%" PRId32
" rule files processed. %" PRId32
" rules successfully loaded, %" PRId32
" rules failed",
381 if (fp_engine_analysis_set) {
392 static int cur_loader = 0;
400 if (loader_id == -1) {
401 loader_id = cur_loader;
403 if (cur_loader >= num_loaders)
406 if (loader_id >= num_loaders || loader_id < 0) {
425 SCLogDebug(
"%d %p %p", loader_id, Func, func_ctx);
436 for (i = 0; i < num_loaders; i++) {
447 if (loader->
result != 0) {
464 memset(loader, 0x00,
sizeof(*loader));
472 (void)
ConfGetInt(
"multi-detect.loaders", &setting);
474 if (setting < 1 || setting > 1024) {
476 "invalid multi-detect.loaders setting %"PRIdMAX, setting);
479 num_loaders = (int32_t)setting;
481 SCLogInfo(
"using %d detect loader threads", num_loaders);
488 for (i = 0; i < num_loaders; i++) {
489 DetectLoaderInit(&loaders[i]);
502 for (i = 0; i <
TVT_MAX; i++) {
505 if (strncmp(
tv->
name,
"DL#",3) == 0) {
526 for (i = 0; i <
TVT_MAX; i++) {
529 if (strncmp(
tv->
name,
"DL#",3) == 0)
547 static TmEcode DetectLoaderThreadInit(
ThreadVars *t,
const void *initdata,
void **data)
618 for (i = 0; i < num_loaders; i++) {
626 BUG_ON(tv_loader == NULL);
628 if (tv_loader == NULL) {
629 printf(
"ERROR: TmThreadsCreate failed\n");
633 printf(
"ERROR: TmThreadSpawn failed\n");
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
TmEcode TmThreadSpawn(ThreadVars *tv)
Spawns a thread associated with the ThreadVars instance tv.
void DetectLoaderThreadSpawn(void)
spawn the detect loader manager thread
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
void TmThreadsSetFlag(ThreadVars *tv, uint32_t flag)
Set a thread flag.
void CleanupFPAnalyzer(void)
SC_ATOMIC_DECLARE(int, detect_loader_cnt)
struct HtpBodyChunk_ * next
void TmThreadWakeupDetectLoaderThreads(void)
Unpauses all threads present in tv_root.
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
main detection engine ctx
@ SC_ERR_INVALID_SIGNATURE
#define TAILQ_EMPTY(head)
#define TAILQ_FOREACH(var, head, field)
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
ThreadVars * tv_root[TVT_MAX]
int(* LoaderFunc)(void *ctx, int loader_id)
#define TAILQ_INSERT_TAIL(head, elm, field)
void DetectParseDupSigHashFree(DetectEngineCtx *de_ctx)
Frees the hash table that is used to cull duplicate sigs.
int SCThresholdConfInitContext(DetectEngineCtx *de_ctx)
Inits the context to be used by the Threshold Config parsing API.
@ SC_ERR_INVALID_ARGUMENTS
void CleanupRuleAnalyzer(void)
#define TM_THREAD_NAME_MAX
size_t strlcpy(char *dst, const char *src, size_t siz)
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
void TmThreadContinueDetectLoaderThreads()
Unpauses all threads present in tv_root.
void TmThreadsUnsetFlag(ThreadVars *tv, uint32_t flag)
Unset a thread flag.
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
void TmThreadContinue(ThreadVars *tv)
Unpauses a thread.
#define TAILQ_REMOVE(head, elm, field)
int SigStringAppend(SigFileLoaderStat *sig_stats, const char *sig_file, const char *sig_str, const char *sig_error, int line)
Append a new list member to SigString list.
size_t strlcat(char *, const char *src, size_t siz)
void DetectLoadersInit(void)
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
#define SCMutexUnlock(mut)
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
Load signatures.
struct timeval last_reload
Per thread variable structure.
void TmThreadTestThreadUnPaused(ThreadVars *tv)
Tests if the thread represented in the arg has been unpaused or not.
TmEcode(* Management)(ThreadVars *, void *)
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered,...
int rule_engine_analysis_set
void EngineAnalysisRules(const DetectEngineCtx *de_ctx, const Signature *s, const char *line)
Prints analysis of loaded rules.
@ SC_ERR_INVALID_ARGUMENT
struct ThreadVars_ * next
const char * thread_name_detect_loader
void TmModuleDetectLoaderRegister(void)
#define SCCtrlMutexLock(mut)
TmModule tmm_modules[TMM_SIZE]
struct DetectLoaderThreadData_ DetectLoaderThreadData
#define DETECT_MAX_RULE_SIZE
@ SC_ERR_OPENING_RULE_FILE
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
#define TAILQ_FOREACH_SAFE(var, head, field, tvar)
#define SCMutexInit(mut, mutattrs)
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
#define SCCtrlMutexUnlock(mut)
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
SigFileLoaderStat sig_stat
void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *line)
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
int ConfNodeIsSequence(const ConfNode *node)
Check if a node is a sequence or node.
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
int SetupFPAnalyzer(void)
Sets up the fast pattern analyzer according to the config.
ThreadVars * TmThreadCreateCmdThreadByName(const char *name, const char *module, int mucond)
Creates and returns the TV instance for a Command thread (CMD). This function supports only custom sl...
void EngineAnalysisRulesFailure(char *line, char *file, int lineno)
int RunmodeGetCurrent(void)
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
@ RUNMODE_ENGINE_ANALYSIS
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
int PathIsRelative(const char *path)
Check if a path is relative.
int DetectLoadersSync(void)
wait for loader tasks to complete
int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx)
int SetupRuleAnalyzer(void)
Sets up the rule analyzer according to the config.
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
int TmThreadsCheckFlag(ThreadVars *tv, uint32_t flag)
Check if a thread flag is set.
Signature loader statistics.
#define TM_FLAG_MANAGEMENT_TM
void RetrieveFPForSig(const DetectEngineCtx *de_ctx, Signature *s)