suricata
detect-engine-loader.c
Go to the documentation of this file.
1 /* Copyright (C) 2021-2023 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "suricata.h"
26 #include "conf.h"
27 #include "detect.h"
28 #include "detect-parse.h"
29 
30 #include "runmodes.h"
31 #include "threads.h"
32 #include "threadvars.h"
33 #include "tm-threads.h"
34 #include "queue.h"
35 
36 #include "detect-engine-loader.h"
37 #include "detect-engine-build.h"
38 #include "detect-engine-analyzer.h"
39 #include "detect-engine-mpm.h"
40 #include "detect-engine-sigorder.h"
41 
42 #include "util-detect.h"
43 #include "util-threshold-config.h"
44 #include "util-path.h"
45 
46 #include "rust.h"
47 
48 #ifdef HAVE_GLOB_H
49 #include <glob.h>
50 #endif
51 
52 extern int rule_reload;
53 extern int engine_analysis;
54 static bool fp_engine_analysis_set = false;
56 
57 /**
58  * \brief Create the path if default-rule-path was specified
59  * \param sig_file The name of the file
60  * \retval str Pointer to the string path + sig_file
61  */
62 char *DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
63 {
64  const char *defaultpath = NULL;
65  char *path = NULL;
66  char varname[128];
67 
68  if (sig_file == NULL) {
69  SCLogError("invalid sig_file argument - NULL");
70  return NULL;
71  }
72 
73  /* If we have a configuration prefix, only use it if the primary configuration node
74  * is not marked as final, as that means it was provided on the command line with
75  * a --set. */
76  ConfNode *default_rule_path = ConfGetNode("default-rule-path");
77  if ((!default_rule_path || !default_rule_path->final) && strlen(de_ctx->config_prefix) > 0) {
78  snprintf(varname, sizeof(varname), "%s.default-rule-path",
80  default_rule_path = ConfGetNode(varname);
81  }
82  if (default_rule_path) {
83  defaultpath = default_rule_path->val;
84  }
85 
86  /* Path not specified */
87  if (PathIsRelative(sig_file)) {
88  if (defaultpath) {
89  path = PathMergeAlloc(defaultpath, sig_file);
90  if (unlikely(path == NULL))
91  return NULL;
92  } else {
93  path = SCStrdup(sig_file);
94  if (unlikely(path == NULL))
95  return NULL;
96  }
97  } else {
98  path = SCStrdup(sig_file);
99  if (unlikely(path == NULL))
100  return NULL;
101  }
102  return path;
103 }
104 
105 /**
106  * \brief Load a file with signatures
107  * \param de_ctx Pointer to the detection engine context
108  * \param sig_file Filename to load signatures from
109  * \param goodsigs_tot Will store number of valid signatures in the file
110  * \param badsigs_tot Will store number of invalid signatures in the file
111  * \retval 0 on success, -1 on error
112  */
113 static int DetectLoadSigFile(
114  DetectEngineCtx *de_ctx, char *sig_file, int *goodsigs, int *badsigs, int *skippedsigs)
115 {
116  Signature *sig = NULL;
117  int good = 0, bad = 0, skipped = 0;
118  char line[DETECT_MAX_RULE_SIZE] = "";
119  size_t offset = 0;
120  int lineno = 0, multiline = 0;
121 
122  (*goodsigs) = 0;
123  (*badsigs) = 0;
124  (*skippedsigs) = 0;
125 
126  FILE *fp = fopen(sig_file, "r");
127  if (fp == NULL) {
128  SCLogError("opening rule file %s:"
129  " %s.",
130  sig_file, strerror(errno));
131  return -1;
132  }
133 
134  while(fgets(line + offset, (int)sizeof(line) - offset, fp) != NULL) {
135  lineno++;
136  size_t len = strlen(line);
137 
138  /* ignore comments and empty lines */
139  if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
140  continue;
141 
142  /* Check for multiline rules. */
143  while (len > 0 && isspace((unsigned char)line[--len]));
144  if (line[len] == '\\') {
145  multiline++;
146  offset = len;
147  if (offset < sizeof(line) - 1) {
148  /* We have room for more. */
149  continue;
150  }
151  /* No more room in line buffer, continue, rule will fail
152  * to parse. */
153  }
154 
155  /* Check if we have a trailing newline, and remove it */
156  len = strlen(line);
157  if (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r')) {
158  line[len - 1] = '\0';
159  }
160 
161  /* Reset offset. */
162  offset = 0;
163 
164  de_ctx->rule_file = sig_file;
165  de_ctx->rule_line = lineno - multiline;
166 
167  sig = DetectEngineAppendSig(de_ctx, line);
168  if (sig != NULL) {
169  if (rule_engine_analysis_set || fp_engine_analysis_set) {
170  RetrieveFPForSig(de_ctx, sig);
171  if (fp_engine_analysis_set) {
172  EngineAnalysisFP(de_ctx, sig, line);
173  }
175  EngineAnalysisRules(de_ctx, sig, line);
176  }
177  }
178  SCLogDebug("signature %"PRIu32" loaded", sig->id);
179  good++;
180  } else {
181  if (!de_ctx->sigerror_silent) {
182  SCLogError("error parsing signature \"%s\" from "
183  "file %s at line %" PRId32 "",
184  line, sig_file, lineno - multiline);
185 
186  if (!SigStringAppend(&de_ctx->sig_stat, sig_file, line, de_ctx->sigerror, (lineno - multiline))) {
187  SCLogError("Error adding sig \"%s\" from "
188  "file %s at line %" PRId32 "",
189  line, sig_file, lineno - multiline);
190  }
191  if (de_ctx->sigerror) {
192  de_ctx->sigerror = NULL;
193  }
194  }
196  EngineAnalysisRulesFailure(de_ctx, line, sig_file, lineno - multiline);
197  }
198  if (!de_ctx->sigerror_ok) {
199  bad++;
200  }
201  if (de_ctx->sigerror_requires) {
202  SCLogInfo("Skipping signature due to missing requirements: %s from file %s at line "
203  "%" PRId32,
204  line, sig_file, lineno - multiline);
205  skipped++;
206  }
207  }
208  multiline = 0;
209  }
210  fclose(fp);
211 
212  *goodsigs = good;
213  *badsigs = bad;
214  *skippedsigs = skipped;
215  return 0;
216 }
217 
218 /**
219  * \brief Expands wildcards and reads signatures from each matching file
220  * \param de_ctx Pointer to the detection engine context
221  * \param sig_file Filename (or pattern) holding signatures
222  * \retval -1 on error
223  */
224 static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern, SigFileLoaderStat *st,
225  int *good_sigs, int *bad_sigs, int *skipped_sigs)
226 {
227  int r = 0;
228 
229  if (pattern == NULL) {
230  SCLogError("opening rule file null");
231  return -1;
232  }
233 
234 #ifdef HAVE_GLOB_H
235  glob_t files;
236  r = glob(pattern, 0, NULL, &files);
237 
238  if (r == GLOB_NOMATCH) {
239  SCLogWarning("No rule files match the pattern %s", pattern);
240  ++(st->bad_files);
241  ++(st->total_files);
242  return -1;
243  } else if (r != 0) {
244  SCLogError("error expanding template %s: %s", pattern, strerror(errno));
245  return -1;
246  }
247 
248  for (size_t i = 0; i < (size_t)files.gl_pathc; i++) {
249  char *fname = files.gl_pathv[i];
250  if (strcmp("/dev/null", fname) == 0)
251  continue;
252 #else
253  char *fname = pattern;
254  if (strcmp("/dev/null", fname) == 0)
255  return 0;
256 #endif
257  if (strlen(de_ctx->config_prefix) > 0) {
258  SCLogConfig("tenant id %d: Loading rule file: %s", de_ctx->tenant_id, fname);
259  } else {
260  SCLogConfig("Loading rule file: %s", fname);
261  }
262  r = DetectLoadSigFile(de_ctx, fname, good_sigs, bad_sigs, skipped_sigs);
263  if (r < 0) {
264  ++(st->bad_files);
265  }
266 
267  ++(st->total_files);
268 
269  st->good_sigs_total += *good_sigs;
270  st->bad_sigs_total += *bad_sigs;
271  st->skipped_sigs_total += *skipped_sigs;
272 
273 #ifdef HAVE_GLOB_H
274  }
275  globfree(&files);
276 #endif
277  return r;
278 }
279 
280 /**
281  * \brief Load signatures
282  * \param de_ctx Pointer to the detection engine context
283  * \param sig_file Filename (or pattern) holding signatures
284  * \param sig_file_exclusive File passed in 'sig_file' should be loaded exclusively.
285  * \retval -1 on error
286  */
287 int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
288 {
289  SCEnter();
290 
291  ConfNode *rule_files;
292  ConfNode *file = NULL;
293  SigFileLoaderStat *sig_stat = &de_ctx->sig_stat;
294  int ret = 0;
295  char *sfile = NULL;
296  char varname[128] = "rule-files";
297  int good_sigs = 0;
298  int bad_sigs = 0;
299  int skipped_sigs = 0;
300 
301  if (strlen(de_ctx->config_prefix) > 0) {
302  snprintf(varname, sizeof(varname), "%s.rule-files",
304  }
305 
307  SetupEngineAnalysis(de_ctx, &fp_engine_analysis_set, &rule_engine_analysis_set);
308  }
309 
310  /* ok, let's load signature files from the general config */
311  if (!(sig_file != NULL && sig_file_exclusive)) {
312  rule_files = ConfGetNode(varname);
313  if (rule_files != NULL) {
314  if (!ConfNodeIsSequence(rule_files)) {
315  SCLogWarning("Invalid rule-files configuration section: "
316  "expected a list of filenames.");
317  }
318  else {
319  TAILQ_FOREACH(file, &rule_files->head, next) {
320  sfile = DetectLoadCompleteSigPath(de_ctx, file->val);
321  good_sigs = bad_sigs = skipped_sigs = 0;
322  ret = ProcessSigFiles(
323  de_ctx, sfile, sig_stat, &good_sigs, &bad_sigs, &skipped_sigs);
324  SCFree(sfile);
325 
326  if (de_ctx->failure_fatal && ret != 0) {
327  /* Some rules failed to load, just exit as
328  * errors would have already been logged. */
329  exit(EXIT_FAILURE);
330  }
331 
332  if (good_sigs == 0) {
333  SCLogConfig("No rules loaded from %s.", file->val);
334  }
335  }
336  }
337  }
338  }
339 
340  /* If a Signature file is specified from command-line, parse it too */
341  if (sig_file != NULL) {
342  ret = ProcessSigFiles(de_ctx, sig_file, sig_stat, &good_sigs, &bad_sigs, &skipped_sigs);
343 
344  if (ret != 0) {
345  if (de_ctx->failure_fatal) {
346  exit(EXIT_FAILURE);
347  }
348  }
349 
350  if (good_sigs == 0) {
351  SCLogConfig("No rules loaded from %s", sig_file);
352  }
353  }
354 
355  /* now we should have signatures to work with */
356  if (sig_stat->good_sigs_total <= 0) {
357  if (sig_stat->total_files > 0) {
358  SCLogWarning(
359  "%d rule files specified, but no rules were loaded!", sig_stat->total_files);
360  } else {
361  SCLogInfo("No signatures supplied.");
362  goto end;
363  }
364  } else {
365  /* we report the total of files and rules successfully loaded and failed */
366  if (strlen(de_ctx->config_prefix) > 0) {
367  SCLogInfo("tenant id %d: %" PRId32 " rule files processed. %" PRId32
368  " rules successfully loaded, %" PRId32 " rules failed, %" PRId32
369  " rules skipped",
370  de_ctx->tenant_id, sig_stat->total_files, sig_stat->good_sigs_total,
371  sig_stat->bad_sigs_total, sig_stat->skipped_sigs_total);
372  } else {
373  SCLogInfo("%" PRId32 " rule files processed. %" PRId32
374  " rules successfully loaded, %" PRId32 " rules failed, %" PRId32
375  " rules skipped",
376  sig_stat->total_files, sig_stat->good_sigs_total, sig_stat->bad_sigs_total,
377  sig_stat->skipped_sigs_total);
378  }
379  if (de_ctx->requirements != NULL && sig_stat->skipped_sigs_total > 0) {
380  SCDetectRequiresStatusLog(de_ctx->requirements, PROG_VER,
381  strlen(de_ctx->config_prefix) > 0 ? de_ctx->tenant_id : 0);
382  }
383  }
384 
385  if ((sig_stat->bad_sigs_total || sig_stat->bad_files) && de_ctx->failure_fatal) {
386  ret = -1;
387  goto end;
388  }
389 
393 
395  ret = -1;
396  goto end;
397  }
398 
399  /* Setup the signature group lookup structure and pattern matchers */
400  if (SigGroupBuild(de_ctx) < 0)
401  goto end;
402 
403  ret = 0;
404 
405  end:
406  gettimeofday(&de_ctx->last_reload, NULL);
409  }
410 
412  SCReturnInt(ret);
413 }
414 
415 #define NLOADERS 4
416 static DetectLoaderControl *loaders = NULL;
417 static int cur_loader = 0;
418 static void TmThreadWakeupDetectLoaderThreads(void);
419 static int num_loaders = NLOADERS;
420 
421 /** \param loader -1 for auto select
422  * \retval loader_id or negative in case of error */
423 int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx, LoaderFreeFunc FreeFunc)
424 {
425  if (loader_id == -1) {
426  loader_id = cur_loader;
427  cur_loader++;
428  if (cur_loader >= num_loaders)
429  cur_loader = 0;
430  }
431  if (loader_id >= num_loaders || loader_id < 0) {
432  return -ERANGE;
433  }
434 
435  DetectLoaderControl *loader = &loaders[loader_id];
436 
437  DetectLoaderTask *t = SCCalloc(1, sizeof(*t));
438  if (t == NULL)
439  return -ENOMEM;
440 
441  t->Func = Func;
442  t->ctx = func_ctx;
443  t->FreeFunc = FreeFunc;
444 
445  SCMutexLock(&loader->m);
446  TAILQ_INSERT_TAIL(&loader->task_list, t, next);
447  SCMutexUnlock(&loader->m);
448 
449  TmThreadWakeupDetectLoaderThreads();
450 
451  SCLogDebug("%d %p %p", loader_id, Func, func_ctx);
452  return loader_id;
453 }
454 
455 /** \brief wait for loader tasks to complete
456  * \retval result 0 for ok, -1 for errors */
458 {
459  SCLogDebug("waiting");
460  int errors = 0;
461  for (int i = 0; i < num_loaders; i++) {
462  bool done = false;
463 
464  DetectLoaderControl *loader = &loaders[i];
465  while (!done) {
466  SCMutexLock(&loader->m);
467  if (TAILQ_EMPTY(&loader->task_list)) {
468  done = true;
469  }
470  SCMutexUnlock(&loader->m);
471  if (!done) {
472  /* nudge thread in case it's sleeping */
473  SCCtrlMutexLock(loader->tv->ctrl_mutex);
474  pthread_cond_broadcast(loader->tv->ctrl_cond);
475  SCCtrlMutexUnlock(loader->tv->ctrl_mutex);
476  }
477  }
478  SCMutexLock(&loader->m);
479  if (loader->result != 0) {
480  errors++;
481  loader->result = 0;
482  }
483  SCMutexUnlock(&loader->m);
484  }
485  if (errors) {
486  SCLogError("%d loaders reported errors", errors);
487  return -1;
488  }
489  SCLogDebug("done");
490  return 0;
491 }
492 
493 static void DetectLoaderInit(DetectLoaderControl *loader)
494 {
495  memset(loader, 0x00, sizeof(*loader));
496  SCMutexInit(&loader->m, NULL);
497  TAILQ_INIT(&loader->task_list);
498 }
499 
501 {
502  intmax_t setting = NLOADERS;
503  (void)ConfGetInt("multi-detect.loaders", &setting);
504 
505  if (setting < 1 || setting > 1024) {
506  FatalError("invalid multi-detect.loaders setting %" PRIdMAX, setting);
507  }
508 
509  num_loaders = (int32_t)setting;
510  SCLogInfo("using %d detect loader threads", num_loaders);
511 
512  BUG_ON(loaders != NULL);
513  loaders = SCCalloc(num_loaders, sizeof(DetectLoaderControl));
514  BUG_ON(loaders == NULL);
515 
516  for (int i = 0; i < num_loaders; i++) {
517  DetectLoaderInit(&loaders[i]);
518  }
519 }
520 
521 /**
522  * \brief Unpauses all threads present in tv_root
523  */
524 static void TmThreadWakeupDetectLoaderThreads(void)
525 {
527  for (int i = 0; i < TVT_MAX; i++) {
528  ThreadVars *tv = tv_root[i];
529  while (tv != NULL) {
530  if (strncmp(tv->name,"DL#",3) == 0) {
531  BUG_ON(tv->ctrl_cond == NULL);
533  pthread_cond_broadcast(tv->ctrl_cond);
535  }
536  tv = tv->next;
537  }
538  }
540 }
541 
542 /**
543  * \brief Unpauses all threads present in tv_root
544  */
546 {
548  for (int i = 0; i < TVT_MAX; i++) {
549  ThreadVars *tv = tv_root[i];
550  while (tv != NULL) {
551  if (strncmp(tv->name,"DL#",3) == 0)
553 
554  tv = tv->next;
555  }
556  }
558 }
559 
560 SC_ATOMIC_DECLARE(int, detect_loader_cnt);
561 
562 typedef struct DetectLoaderThreadData_ {
563  uint32_t instance;
565 
566 static TmEcode DetectLoaderThreadInit(ThreadVars *t, const void *initdata, void **data)
567 {
569  if (ftd == NULL)
570  return TM_ECODE_FAILED;
571 
572  ftd->instance = SC_ATOMIC_ADD(detect_loader_cnt, 1); /* id's start at 0 */
573  SCLogDebug("detect loader instance %u", ftd->instance);
574 
575  /* pass thread data back to caller */
576  *data = ftd;
577 
578  DetectLoaderControl *loader = &loaders[ftd->instance];
579  loader->tv = t;
580 
581  return TM_ECODE_OK;
582 }
583 
584 static TmEcode DetectLoaderThreadDeinit(ThreadVars *t, void *data)
585 {
586  SCFree(data);
587  return TM_ECODE_OK;
588 }
589 
590 
591 static TmEcode DetectLoader(ThreadVars *th_v, void *thread_data)
592 {
593  DetectLoaderThreadData *ftd = (DetectLoaderThreadData *)thread_data;
594  BUG_ON(ftd == NULL);
595 
597  SCLogDebug("loader thread started");
598  while (1)
599  {
600  if (TmThreadsCheckFlag(th_v, THV_PAUSE)) {
604  }
605 
606  /* see if we have tasks */
607 
608  DetectLoaderControl *loader = &loaders[ftd->instance];
609  SCMutexLock(&loader->m);
610 
611  DetectLoaderTask *task = NULL, *tmptask = NULL;
612  TAILQ_FOREACH_SAFE(task, &loader->task_list, next, tmptask) {
613  int r = task->Func(task->ctx, ftd->instance);
614  loader->result |= r;
615  TAILQ_REMOVE(&loader->task_list, task, next);
616  task->FreeFunc(task->ctx);
617  SCFree(task);
618  }
619 
620  SCMutexUnlock(&loader->m);
621 
622  if (TmThreadsCheckFlag(th_v, THV_KILL)) {
623  break;
624  }
625 
626  /* just wait until someone wakes us up */
628  SCCtrlCondWait(th_v->ctrl_cond, th_v->ctrl_mutex);
630 
631  SCLogDebug("woke up...");
632  }
633 
637 
638  return TM_ECODE_OK;
639 }
640 
641 /** \brief spawn the detect loader manager thread */
643 {
644  for (int i = 0; i < num_loaders; i++) {
645  char name[TM_THREAD_NAME_MAX];
646  snprintf(name, sizeof(name), "%s#%02d", thread_name_detect_loader, i+1);
647 
648  ThreadVars *tv_loader = TmThreadCreateCmdThreadByName(name, "DetectLoader", 1);
649  if (tv_loader == NULL) {
650  FatalError("failed to create thread %s", name);
651  }
652  if (TmThreadSpawn(tv_loader) != TM_ECODE_OK) {
653  FatalError("failed to create spawn %s", name);
654  }
655  }
656 }
657 
659 {
660  tmm_modules[TMM_DETECTLOADER].name = "DetectLoader";
661  tmm_modules[TMM_DETECTLOADER].ThreadInit = DetectLoaderThreadInit;
662  tmm_modules[TMM_DETECTLOADER].ThreadDeinit = DetectLoaderThreadDeinit;
663  tmm_modules[TMM_DETECTLOADER].Management = DetectLoader;
666  SCLogDebug("%s registered", tmm_modules[TMM_DETECTLOADER].name);
667 
668  SC_ATOMIC_INIT(detect_loader_cnt);
669 }
DetectLoaderTask_::FreeFunc
LoaderFreeFunc FreeFunc
Definition: detect-engine-loader.h:40
TmModule_::cap_flags
uint8_t cap_flags
Definition: tm-modules.h:74
DetectLoaderControl_
Definition: detect-engine-loader.h:44
SigFileLoaderStat_::bad_files
int bad_files
Definition: detect.h:799
tm-threads.h
ConfGetInt
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:399
SCCtrlCondWait
#define SCCtrlCondWait
Definition: threads-debug.h:386
len
uint8_t len
Definition: app-layer-dnp3.h:2
TmThreadSpawn
TmEcode TmThreadSpawn(ThreadVars *tv)
Spawns a thread associated with the ThreadVars instance tv.
Definition: tm-threads.c:1652
SCRunmodeGet
int SCRunmodeGet(void)
Get the current run mode.
Definition: suricata.c:262
DetectLoaderThreadSpawn
void DetectLoaderThreadSpawn(void)
spawn the detect loader manager thread
Definition: detect-engine-loader.c:642
offset
uint64_t offset
Definition: util-streaming-buffer.h:0
ThreadVars_::name
char name[16]
Definition: threadvars.h:64
PathMergeAlloc
char * PathMergeAlloc(const char *const dir, const char *const fname)
Definition: util-path.c:107
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
ConfNode_::val
char * val
Definition: conf.h:34
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:287
DetectEngineCtx_::rule_file
char * rule_file
Definition: detect.h:930
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SetupEngineAnalysis
void SetupEngineAnalysis(DetectEngineCtx *de_ctx, bool *fp_analysis, bool *rule_analysis)
Definition: detect-engine-analyzer.c:472
DetectLoaderTask_::ctx
void * ctx
Definition: detect-engine-loader.h:39
DetectEngineCtx_::sigerror_silent
bool sigerror_silent
Definition: detect.h:932
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
TmThreadsSetFlag
void TmThreadsSetFlag(ThreadVars *tv, uint32_t flag)
Set a thread flag.
Definition: tm-threads.c:99
TmThreadWaitForFlag
void TmThreadWaitForFlag(ThreadVars *tv, uint32_t flags)
Waits till the specified flag(s) is(are) set. We don't bother if the kill flag has been set or not on...
Definition: tm-threads.c:1767
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, detect_loader_cnt)
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
THV_DEINIT
#define THV_DEINIT
Definition: threadvars.h:44
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
threads.h
TmThreadContinueDetectLoaderThreads
void TmThreadContinueDetectLoaderThreads(void)
Unpauses all threads present in tv_root.
Definition: detect-engine-loader.c:545
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:332
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:841
THV_RUNNING
#define THV_RUNNING
Definition: threadvars.h:54
TAILQ_EMPTY
#define TAILQ_EMPTY(head)
Definition: queue.h:248
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
LoaderFreeFunc
void(* LoaderFreeFunc)(void *ctx)
Definition: detect-engine-loader.h:35
SCSigSignatureOrderingModuleCleanup
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
Definition: detect-engine-sigorder.c:823
SCMutexLock
#define SCMutexLock(mut)
Definition: threads-debug.h:117
rust.h
tv_root
ThreadVars * tv_root[TVT_MAX]
Definition: tm-threads.c:80
LoaderFunc
int(* LoaderFunc)(void *ctx, int loader_id)
Definition: detect-engine-loader.h:34
DetectEngineCtx_::sigerror_requires
bool sigerror_requires
Definition: detect.h:936
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
DetectParseDupSigHashFree
void DetectParseDupSigHashFree(DetectEngineCtx *de_ctx)
Frees the hash table that is used to cull duplicate sigs.
Definition: detect-parse.c:2420
DetectEngineCtx_::sigerror_ok
bool sigerror_ok
Definition: detect.h:933
DetectLoaderControl_::result
int result
Definition: detect-engine-loader.h:51
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2598
SCThresholdConfInitContext
int SCThresholdConfInitContext(DetectEngineCtx *de_ctx)
Inits the context to be used by the Threshold Config parsing API.
Definition: util-threshold-config.c:169
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:85
THV_PAUSE
#define THV_PAUSE
Definition: threadvars.h:37
TM_THREAD_NAME_MAX
#define TM_THREAD_NAME_MAX
Definition: tm-threads.h:49
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:84
TmModule_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: tm-modules.h:50
THV_RUNNING_DONE
#define THV_RUNNING_DONE
Definition: threadvars.h:45
TmThreadsUnsetFlag
void TmThreadsUnsetFlag(ThreadVars *tv, uint32_t flag)
Unset a thread flag.
Definition: tm-threads.c:107
SigFileLoaderStat_::skipped_sigs_total
int skipped_sigs_total
Definition: detect.h:803
NLOADERS
#define NLOADERS
Definition: detect-engine-loader.c:415
TmThreadContinue
void TmThreadContinue(ThreadVars *tv)
Unpauses a thread.
Definition: tm-threads.c:1779
DetectEngineCtx_::requirements
SCDetectRequiresStatus * requirements
Definition: detect.h:1041
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
rule_engine_analysis_set
bool rule_engine_analysis_set
Definition: detect-engine-loader.c:55
SigStringAppend
int SigStringAppend(SigFileLoaderStat *sig_stats, const char *sig_file, const char *sig_str, const char *sig_error, int line)
Append a new list member to SigString list.
Definition: util-detect.c:104
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectLoadersInit
void DetectLoadersInit(void)
Definition: detect-engine-loader.c:500
SCSigOrderSignatures
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
Definition: detect-engine-sigorder.c:731
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition: threads-debug.h:119
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:1005
DetectEngineCtx_::failure_fatal
bool failure_fatal
Definition: detect.h:842
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
detect-engine-mpm.h
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
TmThreadTestThreadUnPaused
void TmThreadTestThreadUnPaused(ThreadVars *tv)
Tests if the thread represented in the arg has been unpaused or not.
Definition: tm-threads.c:1751
TmModule_::Management
TmEcode(* Management)(ThreadVars *, void *)
Definition: tm-modules.h:66
THV_KILL
#define THV_KILL
Definition: threadvars.h:39
ConfNode_::final
int final
Definition: conf.h:39
SCSigRegisterSignatureOrderingFuncs
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered s...
Definition: detect-engine-sigorder.c:803
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
EngineAnalysisRules
void EngineAnalysisRules(const DetectEngineCtx *de_ctx, const Signature *s, const char *line)
Prints analysis of loaded rules.
Definition: detect-engine-analyzer.c:1430
rule_reload
int rule_reload
engine_analysis
int engine_analysis
ThreadVars_::next
struct ThreadVars_ * next
Definition: threadvars.h:124
DetectLoaderThreadData_::instance
uint32_t instance
Definition: detect-engine-loader.c:563
SigFileLoaderStat_::bad_sigs_total
int bad_sigs_total
Definition: detect.h:802
util-detect.h
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:300
tv_root_lock
SCMutex tv_root_lock
Definition: tm-threads.c:83
thread_name_detect_loader
const char * thread_name_detect_loader
Definition: runmodes.c:76
TmModuleDetectLoaderRegister
void TmModuleDetectLoaderRegister(void)
Definition: detect-engine-loader.c:658
SCCtrlMutexLock
#define SCCtrlMutexLock(mut)
Definition: threads-debug.h:376
detect-engine-build.h
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:33
DetectLoaderThreadData
struct DetectLoaderThreadData_ DetectLoaderThreadData
ThreadVars_::ctrl_cond
SCCtrlCondT * ctrl_cond
Definition: threadvars.h:132
conf.h
DETECT_MAX_RULE_SIZE
#define DETECT_MAX_RULE_SIZE
Definition: detect.h:44
TmEcode
TmEcode
Definition: tm-threads-common.h:83
DetectLoaderThreadData_
Definition: detect-engine-loader.c:562
queue.h
TmModule_::name
const char * name
Definition: tm-modules.h:45
runmodes.h
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
TAILQ_FOREACH_SAFE
#define TAILQ_FOREACH_SAFE(var, head, field, tvar)
Definition: queue.h:329
EngineAnalysisRulesFailure
void EngineAnalysisRulesFailure(const DetectEngineCtx *de_ctx, char *line, char *file, int lineno)
Definition: detect-engine-analyzer.c:620
SCMutexInit
#define SCMutexInit(mut, mutattrs)
Definition: threads-debug.h:116
DetectLoaderQueueTask
int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx, LoaderFreeFunc FreeFunc)
Definition: detect-engine-loader.c:423
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:2161
DetectEngineCtx_::config_prefix
char config_prefix[64]
Definition: detect.h:957
detect-engine-analyzer.h
DetectLoaderTask_
Definition: detect-engine-loader.h:37
THV_PAUSED
#define THV_PAUSED
Definition: threadvars.h:38
THV_INIT_DONE
#define THV_INIT_DONE
Definition: threadvars.h:36
SCCtrlMutexUnlock
#define SCCtrlMutexUnlock(mut)
Definition: threads-debug.h:378
DetectEngineCtx_::sig_stat
SigFileLoaderStat sig_stat
Definition: detect.h:1008
EngineAnalysisFP
void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *line)
Definition: detect-engine-analyzer.c:166
suricata-common.h
TMM_DETECTLOADER
@ TMM_DETECTLOADER
Definition: tm-threads-common.h:75
util-path.h
CleanupEngineAnalysis
void CleanupEngineAnalysis(DetectEngineCtx *de_ctx)
Definition: detect-engine-analyzer.c:508
DetectLoaderControl_::m
SCMutex m
Definition: detect-engine-loader.h:50
SigFileLoaderStat_::total_files
int total_files
Definition: detect.h:800
ConfNodeIsSequence
int ConfNodeIsSequence(const ConfNode *node)
Check if a node is a sequence or node.
Definition: conf.c:911
TmModule_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:48
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(...)
Definition: util-debug.h:502
TmThreadCreateCmdThreadByName
ThreadVars * TmThreadCreateCmdThreadByName(const char *name, const char *module, int mucond)
Creates and returns the TV instance for a Command thread (CMD). This function supports only custom sl...
Definition: tm-threads.c:1125
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
threadvars.h
detect-engine-sigorder.h
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
TVT_MAX
@ TVT_MAX
Definition: tm-threads-common.h:94
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:56
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SigFileLoaderStat_::good_sigs_total
int good_sigs_total
Definition: detect.h:801
ConfNode_
Definition: conf.h:32
Signature_::id
uint32_t id
Definition: detect.h:636
PathIsRelative
int PathIsRelative(const char *path)
Check if a path is relative.
Definition: util-path.c:69
detect-parse.h
Signature_
Signature container.
Definition: detect.h:601
DetectLoadersSync
int DetectLoadersSync(void)
wait for loader tasks to complete
Definition: detect-engine-loader.c:457
suricata.h
DetectLoaderTask_::Func
LoaderFunc Func
Definition: detect-engine-loader.h:38
DetectLoadCompleteSigPath
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
Definition: detect-engine-loader.c:62
DetectEngineCtx_::sigerror
const char * sigerror
Definition: detect.h:931
ThreadVars_::ctrl_mutex
SCCtrlMutex * ctrl_mutex
Definition: threadvars.h:131
DetectEngineCtx_::rule_line
int rule_line
Definition: detect.h:929
PROG_VER
#define PROG_VER
Definition: suricata.h:71
TmThreadsCheckFlag
int TmThreadsCheckFlag(ThreadVars *tv, uint32_t flag)
Check if a thread flag is set.
Definition: tm-threads.c:91
THV_CLOSED
#define THV_CLOSED
Definition: threadvars.h:41
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
DetectEngineCtx_::tenant_id
uint32_t tenant_id
Definition: detect.h:847
detect-engine-loader.h
SigFileLoaderStat_
Signature loader statistics.
Definition: detect.h:797
TmModule_::flags
uint8_t flags
Definition: tm-modules.h:77
DetectLoaderControl_::tv
ThreadVars * tv
Definition: detect-engine-loader.h:46
util-threshold-config.h
TM_FLAG_MANAGEMENT_TM
#define TM_FLAG_MANAGEMENT_TM
Definition: tm-modules.h:37
RetrieveFPForSig
void RetrieveFPForSig(const DetectEngineCtx *de_ctx, Signature *s)
Definition: detect-engine-mpm.c:1069