Go to the documentation of this file.
52 static int fp_engine_analysis_set = 0;
62 const char *defaultpath = NULL;
66 if (sig_file == NULL) {
76 snprintf(varname,
sizeof(varname),
"%s.default-rule-path",
80 if (default_rule_path) {
81 defaultpath = default_rule_path->
val;
88 size_t path_len =
sizeof(char) * (strlen(defaultpath) +
89 strlen(sig_file) + 2);
93 strlcpy(path, defaultpath, path_len);
94 #if defined OS_WIN32 || defined __CYGWIN__
95 if (path[strlen(path) - 1] !=
'\\')
96 strlcat(path,
"\\\\", path_len);
98 if (path[strlen(path) - 1] !=
'/')
101 strlcat(path, sig_file, path_len);
124 int *goodsigs,
int *badsigs)
127 int good = 0, bad = 0;
130 int lineno = 0, multiline = 0;
135 FILE *fp = fopen(sig_file,
"r");
138 " %s.", sig_file, strerror(errno));
142 while(fgets(line +
offset, (
int)
sizeof(line) -
offset, fp) != NULL) {
144 size_t len = strlen(line);
147 if (line[0] ==
'\n' || line [0] ==
'\r' || line[0] ==
' ' || line[0] ==
'#' || line[0] ==
'\t')
151 while (
len > 0 && isspace((
unsigned char)line[--
len]));
152 if (line[
len] ==
'\\') {
155 if (
offset <
sizeof(line) - 1) {
165 if (
len > 0 && (line[
len - 1] ==
'\n' || line[
len - 1] ==
'\r')) {
166 line[
len - 1] =
'\0';
179 if (fp_engine_analysis_set) {
191 "file %s at line %"PRId32
"", line, sig_file, lineno - multiline);
195 "file %s at line %"PRId32
"", line, sig_file, lineno - multiline);
228 if (pattern == NULL) {
235 r = glob(pattern, 0, NULL, &files);
237 if (r == GLOB_NOMATCH) {
244 pattern, strerror(errno));
248 for (
size_t i = 0; i < (size_t)files.gl_pathc; i++) {
249 char *fname = files.gl_pathv[i];
250 if (strcmp(
"/dev/null", fname) == 0)
253 char *fname = pattern;
254 if (strcmp(
"/dev/null", fname) == 0)
258 r = DetectLoadSigFile(
de_ctx, fname, good_sigs, bad_sigs);
291 char varname[128] =
"rule-files";
296 snprintf(varname,
sizeof(varname),
"%s.rule-files",
306 if (!(sig_file != NULL && sig_file_exclusive ==
TRUE)) {
308 if (rule_files != NULL) {
311 "Invalid rule-files configuration section: "
312 "expected a list of filenames.");
317 good_sigs = bad_sigs = 0;
318 ret = ProcessSigFiles(
de_ctx, sfile, sig_stat, &good_sigs, &bad_sigs);
327 if (good_sigs == 0) {
336 if (sig_file != NULL) {
337 ret = ProcessSigFiles(
de_ctx, sig_file, sig_stat, &good_sigs, &bad_sigs);
345 if (good_sigs == 0) {
360 SCLogInfo(
"%" PRId32
" rule files processed. %" PRId32
" rules successfully loaded, %" PRId32
" rules failed",
390 if (fp_engine_analysis_set) {
401 static int cur_loader = 0;
409 if (loader_id == -1) {
410 loader_id = cur_loader;
412 if (cur_loader >= num_loaders)
415 if (loader_id >= num_loaders || loader_id < 0) {
434 SCLogDebug(
"%d %p %p", loader_id, Func, func_ctx);
445 for (i = 0; i < num_loaders; i++) {
456 if (loader->
result != 0) {
473 memset(loader, 0x00,
sizeof(*loader));
481 (void)
ConfGetInt(
"multi-detect.loaders", &setting);
483 if (setting < 1 || setting > 1024) {
485 "invalid multi-detect.loaders setting %"PRIdMAX, setting);
488 num_loaders = (int32_t)setting;
490 SCLogInfo(
"using %d detect loader threads", num_loaders);
497 for (i = 0; i < num_loaders; i++) {
498 DetectLoaderInit(&loaders[i]);
511 for (i = 0; i <
TVT_MAX; i++) {
514 if (strncmp(
tv->
name,
"DL#",3) == 0) {
535 for (i = 0; i <
TVT_MAX; i++) {
538 if (strncmp(
tv->
name,
"DL#",3) == 0)
556 static TmEcode DetectLoaderThreadInit(
ThreadVars *t,
const void *initdata,
void **data)
627 for (i = 0; i < num_loaders; i++) {
635 BUG_ON(tv_loader == NULL);
637 if (tv_loader == NULL) {
638 printf(
"ERROR: TmThreadsCreate failed\n");
642 printf(
"ERROR: TmThreadSpawn failed\n");
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
TmEcode TmThreadSpawn(ThreadVars *tv)
Spawns a thread associated with the ThreadVars instance tv.
void DetectLoaderThreadSpawn(void)
spawn the detect loader manager thread
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
void TmThreadsSetFlag(ThreadVars *tv, uint32_t flag)
Set a thread flag.
void CleanupFPAnalyzer(void)
SC_ATOMIC_DECLARE(int, detect_loader_cnt)
struct HtpBodyChunk_ * next
void TmThreadWakeupDetectLoaderThreads(void)
Unpauses all threads present in tv_root.
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
main detection engine ctx
@ SC_ERR_INVALID_SIGNATURE
#define TAILQ_EMPTY(head)
#define TAILQ_FOREACH(var, head, field)
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
ThreadVars * tv_root[TVT_MAX]
int(* LoaderFunc)(void *ctx, int loader_id)
#define TAILQ_INSERT_TAIL(head, elm, field)
void DetectParseDupSigHashFree(DetectEngineCtx *de_ctx)
Frees the hash table that is used to cull duplicate sigs.
int SCThresholdConfInitContext(DetectEngineCtx *de_ctx)
Inits the context to be used by the Threshold Config parsing API.
@ SC_ERR_INVALID_ARGUMENTS
void CleanupRuleAnalyzer(void)
#define TM_THREAD_NAME_MAX
size_t strlcpy(char *dst, const char *src, size_t siz)
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
void TmThreadContinueDetectLoaderThreads()
Unpauses all threads present in tv_root.
void TmThreadsUnsetFlag(ThreadVars *tv, uint32_t flag)
Unset a thread flag.
void TmThreadContinue(ThreadVars *tv)
Unpauses a thread.
#define TAILQ_REMOVE(head, elm, field)
int SigStringAppend(SigFileLoaderStat *sig_stats, const char *sig_file, const char *sig_str, const char *sig_error, int line)
Append a new list member to SigString list.
size_t strlcat(char *, const char *src, size_t siz)
void DetectLoadersInit(void)
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
#define SCMutexUnlock(mut)
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
Load signatures.
struct timeval last_reload
Per thread variable structure.
void TmThreadTestThreadUnPaused(ThreadVars *tv)
Tests if the thread represented in the arg has been unpaused or not.
TmEcode(* Management)(ThreadVars *, void *)
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered,...
int rule_engine_analysis_set
void EngineAnalysisRules(const DetectEngineCtx *de_ctx, const Signature *s, const char *line)
Prints analysis of loaded rules.
@ SC_ERR_INVALID_ARGUMENT
struct ThreadVars_ * next
const char * thread_name_detect_loader
void TmModuleDetectLoaderRegister(void)
#define SCCtrlMutexLock(mut)
TmModule tmm_modules[TMM_SIZE]
struct DetectLoaderThreadData_ DetectLoaderThreadData
#define DETECT_MAX_RULE_SIZE
@ SC_ERR_OPENING_RULE_FILE
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
#define TAILQ_FOREACH_SAFE(var, head, field, tvar)
#define SCMutexInit(mut, mutattrs)
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
#define SCCtrlMutexUnlock(mut)
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
SigFileLoaderStat sig_stat
void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *line)
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
int ConfNodeIsSequence(const ConfNode *node)
Check if a node is a sequence or node.
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
int SetupFPAnalyzer(void)
Sets up the fast pattern analyzer according to the config.
ThreadVars * TmThreadCreateCmdThreadByName(const char *name, const char *module, int mucond)
Creates and returns the TV instance for a Command thread (CMD). This function supports only custom sl...
void EngineAnalysisRulesFailure(char *line, char *file, int lineno)
int RunmodeGetCurrent(void)
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
@ RUNMODE_ENGINE_ANALYSIS
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
int PathIsRelative(const char *path)
Check if a path is relative.
int DetectLoadersSync(void)
wait for loader tasks to complete
int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx)
int SetupRuleAnalyzer(void)
Sets up the rule analyzer according to the config.
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
int TmThreadsCheckFlag(ThreadVars *tv, uint32_t flag)
Check if a thread flag is set.
Signature loader statistics.
#define TM_FLAG_MANAGEMENT_TM
void RetrieveFPForSig(const DetectEngineCtx *de_ctx, Signature *s)