suricata
detect-engine-loader.c
Go to the documentation of this file.
1 /* Copyright (C) 2021-2023 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "suricata.h"
26 #include "conf.h"
27 #include "detect.h"
28 #include "detect-parse.h"
29 
30 #include "runmodes.h"
31 #include "threads.h"
32 #include "threadvars.h"
33 #include "tm-threads.h"
34 #include "queue.h"
35 
36 #include "detect-engine.h"
37 #include "detect-engine-loader.h"
38 #include "detect-engine-build.h"
39 #include "detect-engine-analyzer.h"
40 #include "detect-engine-mpm.h"
41 #include "detect-engine-sigorder.h"
42 
43 #include "util-detect.h"
44 #include "util-threshold-config.h"
45 #include "util-path.h"
46 
47 #include "rust.h"
48 
49 #ifdef HAVE_GLOB_H
50 #include <glob.h>
51 #endif
52 
53 extern int rule_reload;
54 extern int engine_analysis;
55 static bool fp_engine_analysis_set = false;
57 
58 static char *DetectLoadCompleteSigPathWithKey(
59  const DetectEngineCtx *de_ctx, const char *default_key, const char *sig_file)
60 {
61  const char *defaultpath = NULL;
62  char *path = NULL;
63  char varname[128];
64 
65  if (sig_file == NULL) {
66  SCLogError("invalid sig_file argument - NULL");
67  return NULL;
68  }
69 
70  /* If we have a configuration prefix, only use it if the primary configuration node
71  * is not marked as final, as that means it was provided on the command line with
72  * a --set. */
73  SCConfNode *default_rule_path = SCConfGetNode(default_key);
74  if ((!default_rule_path || !default_rule_path->final) && strlen(de_ctx->config_prefix) > 0) {
75  snprintf(varname, sizeof(varname), "%s.%s", de_ctx->config_prefix, default_key);
76  default_rule_path = SCConfGetNode(varname);
77  }
78  if (default_rule_path) {
79  defaultpath = default_rule_path->val;
80  }
81 
82  /* Path not specified */
83  if (PathIsRelative(sig_file)) {
84  if (defaultpath) {
85  path = PathMergeAlloc(defaultpath, sig_file);
86  if (unlikely(path == NULL))
87  return NULL;
88  } else {
89  path = SCStrdup(sig_file);
90  if (unlikely(path == NULL))
91  return NULL;
92  }
93  } else {
94  path = SCStrdup(sig_file);
95  if (unlikely(path == NULL))
96  return NULL;
97  }
98  return path;
99 }
100 
101 /**
102  * \brief Create the path if default-rule-path was specified
103  * \param sig_file The name of the file
104  * \retval str Pointer to the string path + sig_file
105  */
106 char *DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
107 {
108  return DetectLoadCompleteSigPathWithKey(de_ctx, "default-rule-path", sig_file);
109 }
110 
111 /**
112  * \brief Load a file with signatures
113  * \param de_ctx Pointer to the detection engine context
114  * \param sig_file Filename to load signatures from
115  * \param goodsigs_tot Will store number of valid signatures in the file
116  * \param badsigs_tot Will store number of invalid signatures in the file
117  * \retval 0 on success, -1 on error
118  */
119 static int DetectLoadSigFile(DetectEngineCtx *de_ctx, const char *sig_file, int *goodsigs,
120  int *badsigs, int *skippedsigs, const bool firewall_rule)
121 {
122  int good = 0, bad = 0, skipped = 0;
123  char line[DETECT_MAX_RULE_SIZE] = "";
124  size_t offset = 0;
125  int lineno = 0, multiline = 0;
126 
127  (*goodsigs) = 0;
128  (*badsigs) = 0;
129  (*skippedsigs) = 0;
130 
131  FILE *fp = fopen(sig_file, "r");
132  if (fp == NULL) {
133  SCLogError("opening rule file %s:"
134  " %s.",
135  sig_file, strerror(errno));
136  return -1;
137  }
138 
139  while (1) {
140  /* help clang to understand offset can't get > sizeof(line), so the argument to
141  * fgets can't get negative. */
142  BUG_ON(offset >= sizeof(line));
143  char *res = fgets(line + offset, (int)(sizeof(line) - offset), fp);
144  if (res == NULL)
145  break;
146 
147  lineno++;
148  size_t len = strlen(line);
149 
150  /* ignore comments and empty lines */
151  if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
152  continue;
153 
154  /* Check for multiline rules. */
155  while (len > 0 && isspace((unsigned char)line[--len]));
156  if (line[len] == '\\') {
157  multiline++;
158  offset = len;
159  if (offset < sizeof(line) - 1) {
160  /* We have room for more. */
161  continue;
162  }
163  /* No more room in line buffer, continue, rule will fail
164  * to parse. */
165  }
166 
167  /* Check if we have a trailing newline, and remove it */
168  len = strlen(line);
169  if (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r')) {
170  line[len - 1] = '\0';
171  }
172 
173  /* Reset offset. */
174  offset = 0;
175 
176  de_ctx->rule_file = sig_file;
177  de_ctx->rule_line = lineno - multiline;
178 
179  Signature *sig = NULL;
180  if (firewall_rule)
181  sig = DetectFirewallRuleAppendNew(de_ctx, line);
182  else
183  sig = DetectEngineAppendSig(de_ctx, line);
184  if (sig != NULL) {
185  if (rule_engine_analysis_set || fp_engine_analysis_set) {
186  if (fp_engine_analysis_set) {
187  EngineAnalysisFP(de_ctx, sig, line);
188  }
190  EngineAnalysisRules(de_ctx, sig, line);
191  }
192  }
193  SCLogDebug("signature %"PRIu32" loaded", sig->id);
194  good++;
195  } else {
196  if (!de_ctx->sigerror_silent) {
197  SCLogError("error parsing signature \"%s\" from "
198  "file %s at line %" PRId32 "",
199  line, sig_file, lineno - multiline);
200 
201  if (!SigStringAppend(&de_ctx->sig_stat, sig_file, line, de_ctx->sigerror, (lineno - multiline))) {
202  SCLogError("Error adding sig \"%s\" from "
203  "file %s at line %" PRId32 "",
204  line, sig_file, lineno - multiline);
205  }
206  if (de_ctx->sigerror) {
207  de_ctx->sigerror = NULL;
208  }
209  }
211  EngineAnalysisRulesFailure(de_ctx, line, sig_file, lineno - multiline);
212  }
213  if (!de_ctx->sigerror_ok) {
214  bad++;
215  }
216  if (de_ctx->sigerror_requires) {
217  SCLogInfo("Skipping signature due to missing requirements: %s from file %s at line "
218  "%" PRId32,
219  line, sig_file, lineno - multiline);
220  skipped++;
221  }
222  }
223  multiline = 0;
224  }
225  fclose(fp);
226 
227  *goodsigs = good;
228  *badsigs = bad;
229  *skippedsigs = skipped;
230  return 0;
231 }
232 
233 /**
234  * \brief Expands wildcards and reads signatures from each matching file
235  * \param de_ctx Pointer to the detection engine context
236  * \param sig_file Filename (or pattern) holding signatures
237  * \retval -1 on error
238  */
239 static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern, SigFileLoaderStat *st,
240  int *good_sigs, int *bad_sigs, int *skipped_sigs)
241 {
242  int r = 0;
243 
244  if (pattern == NULL) {
245  SCLogError("opening rule file null");
246  return -1;
247  }
248 
249 #ifdef HAVE_GLOB_H
250  glob_t files;
251  r = glob(pattern, 0, NULL, &files);
252 
253  if (r == GLOB_NOMATCH) {
254  SCLogWarning("No rule files match the pattern %s", pattern);
255  ++(st->bad_files);
256  ++(st->total_files);
257  return -1;
258  } else if (r != 0) {
259  SCLogError("error expanding template %s: %s", pattern, strerror(errno));
260  return -1;
261  }
262 
263  for (size_t i = 0; i < (size_t)files.gl_pathc; i++) {
264  char *fname = files.gl_pathv[i];
265  if (strcmp("/dev/null", fname) == 0)
266  continue;
267 #else
268  char *fname = pattern;
269  if (strcmp("/dev/null", fname) == 0)
270  return 0;
271 #endif
272  if (strlen(de_ctx->config_prefix) > 0) {
273  SCLogConfig("tenant id %d: Loading rule file: %s", de_ctx->tenant_id, fname);
274  } else {
275  SCLogConfig("Loading rule file: %s", fname);
276  }
277  r = DetectLoadSigFile(de_ctx, fname, good_sigs, bad_sigs, skipped_sigs, false);
278  if (r < 0) {
279  ++(st->bad_files);
280  }
281 
282  ++(st->total_files);
283 
284  st->good_sigs_total += *good_sigs;
285  st->bad_sigs_total += *bad_sigs;
286  st->skipped_sigs_total += *skipped_sigs;
287 
288 #ifdef HAVE_GLOB_H
289  }
290  globfree(&files);
291 #endif
292  return r;
293 }
294 
295 static int LoadFirewallRuleFiles(DetectEngineCtx *de_ctx)
296 {
298  int32_t good_sigs = 0;
299  int32_t bad_sigs = 0;
300  int32_t skipped_sigs = 0;
301 
302  SCLogNotice("fw: rule file full path \"%s\"", de_ctx->firewall_rule_file_exclusive);
304 
305  int ret = DetectLoadSigFile(de_ctx, de_ctx->firewall_rule_file_exclusive, &good_sigs,
306  &bad_sigs, &skipped_sigs, true);
307 
308  /* for now be as strict as possible */
309  if (ret != 0 || bad_sigs != 0 || skipped_sigs != 0) {
310  /* Some rules failed to load, just exit as
311  * errors would have already been logged. */
312  exit(EXIT_FAILURE);
313  }
314 
315  if (good_sigs == 0) {
316  SCLogNotice("fw: No rules loaded from %s.", de_ctx->firewall_rule_file_exclusive);
317  } else {
318  SCLogNotice("fw: %d rules loaded from %s.", good_sigs,
320  de_ctx->sig_stat.good_sigs_total += good_sigs;
321  }
322 
323  return 0;
324  }
325 
326  SCConfNode *default_fw_rule_path = SCConfGetNode("firewall-rule-path");
327  if (default_fw_rule_path == NULL) {
328  SCLogNotice("fw: firewall-rule-path not defined, skip loading firewall rules");
329  return 0;
330  }
331  SCConfNode *rule_files = SCConfGetNode("firewall-rule-files");
332  if (rule_files == NULL) {
333  SCLogNotice("fw: firewall-rule-files not defined, skip loading firewall rules");
334  return 0;
335  }
336 
337  SCConfNode *file = NULL;
338  TAILQ_FOREACH (file, &rule_files->head, next) {
339  int32_t good_sigs = 0;
340  int32_t bad_sigs = 0;
341  int32_t skipped_sigs = 0;
342 
343  char *sfile = DetectLoadCompleteSigPathWithKey(de_ctx, "firewall-rule-path", file->val);
344  SCLogNotice("fw: rule file full path \"%s\"", sfile);
345 
346  int ret = DetectLoadSigFile(de_ctx, sfile, &good_sigs, &bad_sigs, &skipped_sigs, true);
347  SCFree(sfile);
348 
349  /* for now be as strict as possible */
350  if (ret != 0 || bad_sigs != 0 || skipped_sigs != 0) {
351  /* Some rules failed to load, just exit as
352  * errors would have already been logged. */
353  exit(EXIT_FAILURE);
354  }
355 
356  if (good_sigs == 0) {
357  SCLogNotice("fw: No rules loaded from %s.", file->val);
358  } else {
359  SCLogNotice("fw: %d rules loaded from %s.", good_sigs, file->val);
360  de_ctx->sig_stat.good_sigs_total += good_sigs;
361  }
362  }
364 
365  return 0;
366 }
367 
368 /**
369  * \brief Load signatures
370  * \param de_ctx Pointer to the detection engine context
371  * \param sig_file Filename (or pattern) holding signatures
372  * \param sig_file_exclusive File passed in 'sig_file' should be loaded exclusively.
373  * \retval -1 on error
374  */
375 int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
376 {
377  SCEnter();
378 
379  SCConfNode *rule_files;
380  SCConfNode *file = NULL;
381  SigFileLoaderStat *sig_stat = &de_ctx->sig_stat;
382  int ret = 0;
383  char *sfile = NULL;
384  char varname[128] = "rule-files";
385  int good_sigs = 0;
386  int bad_sigs = 0;
387  int skipped_sigs = 0;
388 
389  if (strlen(de_ctx->config_prefix) > 0) {
390  snprintf(varname, sizeof(varname), "%s.rule-files", de_ctx->config_prefix);
391  }
392 
394  SetupEngineAnalysis(de_ctx, &fp_engine_analysis_set, &rule_engine_analysis_set);
395  }
396 
398  if (LoadFirewallRuleFiles(de_ctx) < 0) {
399  if (de_ctx->failure_fatal) {
400  exit(EXIT_FAILURE);
401  }
402  ret = -1;
403  goto end;
404  }
405 
406  /* skip regular rules if we used a exclusive firewall rule file */
407  if (!sig_file_exclusive && de_ctx->firewall_rule_file_exclusive) {
408  ret = 0;
409  goto skip_regular_rules;
410  }
411  }
412 
413  /* ok, let's load signature files from the general config */
414  if (!(sig_file != NULL && sig_file_exclusive)) {
415  rule_files = SCConfGetNode(varname);
416  if (rule_files != NULL) {
417  if (!SCConfNodeIsSequence(rule_files)) {
418  SCLogWarning("Invalid rule-files configuration section: "
419  "expected a list of filenames.");
420  } else {
421  TAILQ_FOREACH(file, &rule_files->head, next) {
422  sfile = DetectLoadCompleteSigPath(de_ctx, file->val);
423  good_sigs = bad_sigs = skipped_sigs = 0;
424  ret = ProcessSigFiles(
425  de_ctx, sfile, sig_stat, &good_sigs, &bad_sigs, &skipped_sigs);
426  SCFree(sfile);
427 
428  if (de_ctx->failure_fatal && ret != 0) {
429  /* Some rules failed to load, just exit as
430  * errors would have already been logged. */
431  exit(EXIT_FAILURE);
432  }
433 
434  if (good_sigs == 0) {
435  SCLogConfig("No rules loaded from %s.", file->val);
436  }
437  }
438  }
439  }
440  }
441 
442  /* If a Signature file is specified from command-line, parse it too */
443  if (sig_file != NULL) {
444  ret = ProcessSigFiles(de_ctx, sig_file, sig_stat, &good_sigs, &bad_sigs, &skipped_sigs);
445 
446  if (ret != 0) {
447  if (de_ctx->failure_fatal) {
448  exit(EXIT_FAILURE);
449  }
450  }
451 
452  if (good_sigs == 0) {
453  SCLogConfig("No rules loaded from %s", sig_file);
454  }
455  }
456 
457 skip_regular_rules:
458  /* now we should have signatures to work with */
459  if (sig_stat->good_sigs_total <= 0) {
460  if (sig_stat->total_files > 0) {
461  SCLogWarning(
462  "%d rule files specified, but no rules were loaded!", sig_stat->total_files);
463  } else {
464  SCLogInfo("No signatures supplied.");
465  goto end;
466  }
467  } else {
468  /* we report the total of files and rules successfully loaded and failed */
469  if (strlen(de_ctx->config_prefix) > 0) {
470  SCLogInfo("tenant id %d: %" PRId32 " rule files processed. %" PRId32
471  " rules successfully loaded, %" PRId32 " rules failed, %" PRId32
472  " rules skipped",
473  de_ctx->tenant_id, sig_stat->total_files, sig_stat->good_sigs_total,
474  sig_stat->bad_sigs_total, sig_stat->skipped_sigs_total);
475  } else {
476  SCLogInfo("%" PRId32 " rule files processed. %" PRId32
477  " rules successfully loaded, %" PRId32 " rules failed, %" PRId32
478  " rules skipped",
479  sig_stat->total_files, sig_stat->good_sigs_total, sig_stat->bad_sigs_total,
480  sig_stat->skipped_sigs_total);
481  }
482  if (de_ctx->requirements != NULL && sig_stat->skipped_sigs_total > 0) {
483  SCDetectRequiresStatusLog(de_ctx->requirements, PROG_VER,
484  strlen(de_ctx->config_prefix) > 0 ? de_ctx->tenant_id : 0);
485  }
486  }
487 
488  if ((sig_stat->bad_sigs_total || sig_stat->bad_files) && de_ctx->failure_fatal) {
489  ret = -1;
490  goto end;
491  }
492 
496 
498  ret = -1;
499  goto end;
500  }
501 
502  /* Setup the signature group lookup structure and pattern matchers */
503  if (SigGroupBuild(de_ctx) < 0)
504  goto end;
505 
506  ret = 0;
507 
508  if (mpm_table[de_ctx->mpm_matcher].CacheRuleset != NULL) {
510  }
511 
512  end:
513  gettimeofday(&de_ctx->last_reload, NULL);
516  }
517 
519  SCReturnInt(ret);
520 }
521 
522 #define NLOADERS 4
523 static DetectLoaderControl *loaders = NULL;
524 static int cur_loader = 0;
525 static void TmThreadWakeupDetectLoaderThreads(void);
526 static int num_loaders = NLOADERS;
527 
528 /** \param loader -1 for auto select
529  * \retval loader_id or negative in case of error */
530 int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx, LoaderFreeFunc FreeFunc)
531 {
532  if (loader_id == -1) {
533  loader_id = cur_loader;
534  cur_loader++;
535  if (cur_loader >= num_loaders)
536  cur_loader = 0;
537  }
538  if (loader_id >= num_loaders || loader_id < 0) {
539  return -ERANGE;
540  }
541 
542  DetectLoaderControl *loader = &loaders[loader_id];
543 
544  DetectLoaderTask *t = SCCalloc(1, sizeof(*t));
545  if (t == NULL)
546  return -ENOMEM;
547 
548  t->Func = Func;
549  t->ctx = func_ctx;
550  t->FreeFunc = FreeFunc;
551 
552  SCMutexLock(&loader->m);
553  TAILQ_INSERT_TAIL(&loader->task_list, t, next);
554  SCMutexUnlock(&loader->m);
555 
556  TmThreadWakeupDetectLoaderThreads();
557 
558  SCLogDebug("%d %p %p", loader_id, Func, func_ctx);
559  return loader_id;
560 }
561 
562 /** \brief wait for loader tasks to complete
563  * \retval result 0 for ok, -1 for errors */
565 {
566  SCLogDebug("waiting");
567  int errors = 0;
568  for (int i = 0; i < num_loaders; i++) {
569  bool done = false;
570 
571  DetectLoaderControl *loader = &loaders[i];
572  while (!done) {
573  SCMutexLock(&loader->m);
574  if (TAILQ_EMPTY(&loader->task_list)) {
575  done = true;
576  }
577  SCMutexUnlock(&loader->m);
578  if (!done) {
579  /* nudge thread in case it's sleeping */
580  SCCtrlMutexLock(loader->tv->ctrl_mutex);
581  pthread_cond_broadcast(loader->tv->ctrl_cond);
582  SCCtrlMutexUnlock(loader->tv->ctrl_mutex);
583  }
584  }
585  SCMutexLock(&loader->m);
586  if (loader->result != 0) {
587  errors++;
588  loader->result = 0;
589  }
590  SCMutexUnlock(&loader->m);
591  }
592  if (errors) {
593  SCLogError("%d loaders reported errors", errors);
594  return -1;
595  }
596  SCLogDebug("done");
597  return 0;
598 }
599 
600 static void DetectLoaderInit(DetectLoaderControl *loader)
601 {
602  memset(loader, 0x00, sizeof(*loader));
603  SCMutexInit(&loader->m, NULL);
604  TAILQ_INIT(&loader->task_list);
605 }
606 
608 {
609  intmax_t setting = NLOADERS;
610  (void)SCConfGetInt("multi-detect.loaders", &setting);
611 
612  if (setting < 1 || setting > 1024) {
613  FatalError("invalid multi-detect.loaders setting %" PRIdMAX, setting);
614  }
615 
616  num_loaders = (int32_t)setting;
617  SCLogInfo("using %d detect loader threads", num_loaders);
618 
619  BUG_ON(loaders != NULL);
620  loaders = SCCalloc(num_loaders, sizeof(DetectLoaderControl));
621  BUG_ON(loaders == NULL);
622 
623  for (int i = 0; i < num_loaders; i++) {
624  DetectLoaderInit(&loaders[i]);
625  }
626 }
627 
628 /**
629  * \brief Unpauses all threads present in tv_root
630  */
631 static void TmThreadWakeupDetectLoaderThreads(void)
632 {
634  for (int i = 0; i < TVT_MAX; i++) {
635  ThreadVars *tv = tv_root[i];
636  while (tv != NULL) {
637  if (strncmp(tv->name,"DL#",3) == 0) {
638  BUG_ON(tv->ctrl_cond == NULL);
640  pthread_cond_broadcast(tv->ctrl_cond);
642  }
643  tv = tv->next;
644  }
645  }
647 }
648 
649 /**
650  * \brief Unpauses all threads present in tv_root
651  */
653 {
655  for (int i = 0; i < TVT_MAX; i++) {
656  ThreadVars *tv = tv_root[i];
657  while (tv != NULL) {
658  if (strncmp(tv->name,"DL#",3) == 0)
660 
661  tv = tv->next;
662  }
663  }
665 }
666 
667 SC_ATOMIC_DECLARE(int, detect_loader_cnt);
668 
669 typedef struct DetectLoaderThreadData_ {
670  uint32_t instance;
672 
673 static TmEcode DetectLoaderThreadInit(ThreadVars *t, const void *initdata, void **data)
674 {
676  if (ftd == NULL)
677  return TM_ECODE_FAILED;
678 
679  ftd->instance = SC_ATOMIC_ADD(detect_loader_cnt, 1); /* id's start at 0 */
680  SCLogDebug("detect loader instance %u", ftd->instance);
681 
682  /* pass thread data back to caller */
683  *data = ftd;
684 
685  DetectLoaderControl *loader = &loaders[ftd->instance];
686  loader->tv = t;
687 
688  return TM_ECODE_OK;
689 }
690 
691 static TmEcode DetectLoaderThreadDeinit(ThreadVars *t, void *data)
692 {
693  SCFree(data);
694  return TM_ECODE_OK;
695 }
696 
697 
698 static TmEcode DetectLoader(ThreadVars *th_v, void *thread_data)
699 {
700  DetectLoaderThreadData *ftd = (DetectLoaderThreadData *)thread_data;
701  BUG_ON(ftd == NULL);
702 
704  SCLogDebug("loader thread started");
705  bool run = TmThreadsWaitForUnpause(th_v);
706  while (run) {
707  /* see if we have tasks */
708 
709  DetectLoaderControl *loader = &loaders[ftd->instance];
710  SCMutexLock(&loader->m);
711 
712  DetectLoaderTask *task = NULL, *tmptask = NULL;
713  TAILQ_FOREACH_SAFE(task, &loader->task_list, next, tmptask) {
714  int r = task->Func(task->ctx, ftd->instance);
715  loader->result |= r;
716  TAILQ_REMOVE(&loader->task_list, task, next);
717  task->FreeFunc(task->ctx);
718  SCFree(task);
719  }
720 
721  SCMutexUnlock(&loader->m);
722 
723  if (TmThreadsCheckFlag(th_v, THV_KILL)) {
724  break;
725  }
726 
727  /* just wait until someone wakes us up */
729  SCCtrlCondWait(th_v->ctrl_cond, th_v->ctrl_mutex);
731 
732  SCLogDebug("woke up...");
733  }
734 
738 
739  return TM_ECODE_OK;
740 }
741 
742 /** \brief spawn the detect loader manager thread */
744 {
745  for (int i = 0; i < num_loaders; i++) {
746  char name[TM_THREAD_NAME_MAX];
747  snprintf(name, sizeof(name), "%s#%02d", thread_name_detect_loader, i+1);
748 
749  ThreadVars *tv_loader = TmThreadCreateCmdThreadByName(name, "DetectLoader", 1);
750  if (tv_loader == NULL) {
751  FatalError("failed to create thread %s", name);
752  }
753  if (TmThreadSpawn(tv_loader) != TM_ECODE_OK) {
754  FatalError("failed to create spawn %s", name);
755  }
756  }
757 }
758 
760 {
761  tmm_modules[TMM_DETECTLOADER].name = "DetectLoader";
762  tmm_modules[TMM_DETECTLOADER].ThreadInit = DetectLoaderThreadInit;
763  tmm_modules[TMM_DETECTLOADER].ThreadDeinit = DetectLoaderThreadDeinit;
764  tmm_modules[TMM_DETECTLOADER].Management = DetectLoader;
767  SCLogDebug("%s registered", tmm_modules[TMM_DETECTLOADER].name);
768 
769  SC_ATOMIC_INIT(detect_loader_cnt);
770 }
DetectLoaderTask_::FreeFunc
LoaderFreeFunc FreeFunc
Definition: detect-engine-loader.h:40
TmModule_::cap_flags
uint8_t cap_flags
Definition: tm-modules.h:73
DetectLoaderControl_
Definition: detect-engine-loader.h:44
SigFileLoaderStat_::bad_files
int bad_files
Definition: detect.h:867
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:56
tm-threads.h
SCCtrlCondWait
#define SCCtrlCondWait
Definition: threads-debug.h:386
len
uint8_t len
Definition: app-layer-dnp3.h:2
TmThreadSpawn
TmEcode TmThreadSpawn(ThreadVars *tv)
Spawns a thread associated with the ThreadVars instance tv.
Definition: tm-threads.c:1684
detect-engine.h
DE_HAS_FIREWALL
#define DE_HAS_FIREWALL
Definition: detect.h:331
DetectLoaderThreadSpawn
void DetectLoaderThreadSpawn(void)
spawn the detect loader manager thread
Definition: detect-engine-loader.c:743
offset
uint64_t offset
Definition: util-streaming-buffer.h:0
ThreadVars_::name
char name[16]
Definition: threadvars.h:65
PathMergeAlloc
char * PathMergeAlloc(const char *const dir, const char *const fname)
Definition: util-path.c:107
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:375
DetectEngineCtx_::firewall_rule_file_exclusive
const char * firewall_rule_file_exclusive
Definition: detect.h:1131
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SetupEngineAnalysis
void SetupEngineAnalysis(DetectEngineCtx *de_ctx, bool *fp_analysis, bool *rule_analysis)
Definition: detect-engine-analyzer.c:474
DetectLoaderTask_::ctx
void * ctx
Definition: detect-engine-loader.h:39
DetectEngineCtx_::sigerror_silent
bool sigerror_silent
Definition: detect.h:1013
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:270
TmThreadsSetFlag
void TmThreadsSetFlag(ThreadVars *tv, uint32_t flag)
Set a thread flag.
Definition: tm-threads.c:101
TmThreadWaitForFlag
void TmThreadWaitForFlag(ThreadVars *tv, uint32_t flags)
Waits till the specified flag(s) is(are) set. We don't bother if the kill flag has been set or not on...
Definition: tm-threads.c:1802
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(int, detect_loader_cnt)
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
THV_DEINIT
#define THV_DEINIT
Definition: threadvars.h:45
threads.h
TmThreadContinueDetectLoaderThreads
void TmThreadContinueDetectLoaderThreads(void)
Unpauses all threads present in tv_root.
Definition: detect-engine-loader.c:652
SC_ATOMIC_ADD
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:332
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:919
THV_RUNNING
#define THV_RUNNING
Definition: threadvars.h:55
TAILQ_EMPTY
#define TAILQ_EMPTY(head)
Definition: queue.h:248
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
LoaderFreeFunc
void(* LoaderFreeFunc)(void *ctx)
Definition: detect-engine-loader.h:35
DetectEngineCtx_::mpm_cfg
MpmConfig * mpm_cfg
Definition: detect.h:923
SCSigSignatureOrderingModuleCleanup
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
Definition: detect-engine-sigorder.c:939
SCMutexLock
#define SCMutexLock(mut)
Definition: threads-debug.h:117
rust.h
tv_root
ThreadVars * tv_root[TVT_MAX]
Definition: tm-threads.c:82
LoaderFunc
int(* LoaderFunc)(void *ctx, int loader_id)
Definition: detect-engine-loader.h:34
DetectEngineCtx_::sigerror_requires
bool sigerror_requires
Definition: detect.h:1017
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
DetectParseDupSigHashFree
void DetectParseDupSigHashFree(DetectEngineCtx *de_ctx)
Frees the hash table that is used to cull duplicate sigs.
Definition: detect-parse.c:3088
DetectEngineCtx_::sigerror_ok
bool sigerror_ok
Definition: detect.h:1014
DetectLoaderControl_::result
int result
Definition: detect-engine-loader.h:51
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:3338
SCThresholdConfInitContext
int SCThresholdConfInitContext(DetectEngineCtx *de_ctx)
Inits the context to be used by the Threshold Config parsing API.
Definition: util-threshold-config.c:169
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:82
EngineAnalysisRulesFailure
void EngineAnalysisRulesFailure(const DetectEngineCtx *de_ctx, const char *line, const char *file, int lineno)
Definition: detect-engine-analyzer.c:622
TM_THREAD_NAME_MAX
#define TM_THREAD_NAME_MAX
Definition: tm-threads.h:49
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:81
SCConfNodeIsSequence
int SCConfNodeIsSequence(const SCConfNode *node)
Check if a node is a sequence or node.
Definition: conf.c:925
TmModule_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: tm-modules.h:49
THV_RUNNING_DONE
#define THV_RUNNING_DONE
Definition: threadvars.h:46
SigFileLoaderStat_::skipped_sigs_total
int skipped_sigs_total
Definition: detect.h:871
NLOADERS
#define NLOADERS
Definition: detect-engine-loader.c:522
TmThreadContinue
void TmThreadContinue(ThreadVars *tv)
Unpauses a thread.
Definition: tm-threads.c:1814
DetectEngineCtx_::requirements
SCDetectRequiresStatus * requirements
Definition: detect.h:1122
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
SCRunmodeGet
SCRunMode SCRunmodeGet(void)
Get the current run mode.
Definition: suricata.c:266
rule_engine_analysis_set
bool rule_engine_analysis_set
Definition: detect-engine-loader.c:56
SigStringAppend
int SigStringAppend(SigFileLoaderStat *sig_stats, const char *sig_file, const char *sig_str, const char *sig_error, int line)
Append a new list member to SigString list.
Definition: util-detect.c:104
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
DetectLoadersInit
void DetectLoadersInit(void)
Definition: detect-engine-loader.c:607
SCSigOrderSignatures
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
Definition: detect-engine-sigorder.c:804
SCMutexUnlock
#define SCMutexUnlock(mut)
Definition: threads-debug.h:119
SCConfGetInt
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:414
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:1086
DetectEngineCtx_::failure_fatal
bool failure_fatal
Definition: detect.h:920
SCEnter
#define SCEnter(...)
Definition: util-debug.h:272
detect-engine-mpm.h
detect.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
TmModule_::Management
TmEcode(* Management)(ThreadVars *, void *)
Definition: tm-modules.h:65
THV_KILL
#define THV_KILL
Definition: threadvars.h:40
SCSigRegisterSignatureOrderingFuncs
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered s...
Definition: detect-engine-sigorder.c:919
DetectEngineCtx_::mpm_matcher
uint8_t mpm_matcher
Definition: detect.h:922
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:250
EngineAnalysisRules
void EngineAnalysisRules(const DetectEngineCtx *de_ctx, const Signature *s, const char *line)
Prints analysis of loaded rules.
Definition: detect-engine-analyzer.c:1559
rule_reload
int rule_reload
engine_analysis
int engine_analysis
ThreadVars_::next
struct ThreadVars_ * next
Definition: threadvars.h:125
DetectLoaderThreadData_::instance
uint32_t instance
Definition: detect-engine-loader.c:670
SigFileLoaderStat_::bad_sigs_total
int bad_sigs_total
Definition: detect.h:870
util-detect.h
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:317
tv_root_lock
SCMutex tv_root_lock
Definition: tm-threads.c:85
thread_name_detect_loader
const char * thread_name_detect_loader
Definition: runmodes.c:74
TmModuleDetectLoaderRegister
void TmModuleDetectLoaderRegister(void)
Definition: detect-engine-loader.c:759
SCCtrlMutexLock
#define SCCtrlMutexLock(mut)
Definition: threads-debug.h:376
detect-engine-build.h
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:29
DetectLoaderThreadData
struct DetectLoaderThreadData_ DetectLoaderThreadData
ThreadVars_::ctrl_cond
SCCtrlCondT * ctrl_cond
Definition: threadvars.h:133
conf.h
DETECT_MAX_RULE_SIZE
#define DETECT_MAX_RULE_SIZE
Definition: detect.h:46
MpmTableElmt_::CacheRuleset
int(* CacheRuleset)(MpmConfig *)
Definition: util-mpm.h:175
TmEcode
TmEcode
Definition: tm-threads-common.h:80
name
const char * name
Definition: tm-threads.c:2123
DetectLoaderThreadData_
Definition: detect-engine-loader.c:669
queue.h
TmModule_::name
const char * name
Definition: tm-modules.h:44
runmodes.h
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:225
TAILQ_FOREACH_SAFE
#define TAILQ_FOREACH_SAFE(var, head, field, tvar)
Definition: queue.h:329
SCMutexInit
#define SCMutexInit(mut, mutattrs)
Definition: threads-debug.h:116
DetectLoaderQueueTask
int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx, LoaderFreeFunc FreeFunc)
Definition: detect-engine-loader.c:530
SigGroupBuild
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
Definition: detect-engine-build.c:2130
DetectEngineCtx_::config_prefix
char config_prefix[64]
Definition: detect.h:1038
detect-engine-analyzer.h
DetectLoaderTask_
Definition: detect-engine-loader.h:37
THV_INIT_DONE
#define THV_INIT_DONE
Definition: threadvars.h:37
SCCtrlMutexUnlock
#define SCCtrlMutexUnlock(mut)
Definition: threads-debug.h:378
DetectEngineCtx_::sig_stat
SigFileLoaderStat sig_stat
Definition: detect.h:1089
DetectEngineCtx_::rule_file
const char * rule_file
Definition: detect.h:1011
suricata-common.h
TMM_DETECTLOADER
@ TMM_DETECTLOADER
Definition: tm-threads-common.h:72
util-path.h
TmThreadsWaitForUnpause
bool TmThreadsWaitForUnpause(ThreadVars *tv)
Wait for a thread to become unpaused.
Definition: tm-threads.c:363
CleanupEngineAnalysis
void CleanupEngineAnalysis(DetectEngineCtx *de_ctx)
Definition: detect-engine-analyzer.c:510
DetectLoaderControl_::m
SCMutex m
Definition: detect-engine-loader.h:50
SigFileLoaderStat_::total_files
int total_files
Definition: detect.h:868
TmModule_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:47
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(...)
Definition: util-debug.h:503
TmThreadCreateCmdThreadByName
ThreadVars * TmThreadCreateCmdThreadByName(const char *name, const char *module, int mucond)
Creates and returns the TV instance for a Command thread (CMD). This function supports only custom sl...
Definition: tm-threads.c:1142
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
threadvars.h
detect-engine-sigorder.h
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
EngineAnalysisFP
void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, const char *line)
Definition: detect-engine-analyzer.c:169
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:181
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:262
SCFree
#define SCFree(p)
Definition: util-mem.h:61
SigFileLoaderStat_::good_sigs_total
int good_sigs_total
Definition: detect.h:869
Signature_::id
uint32_t id
Definition: detect.h:702
TVT_MAX
@ TVT_MAX
Definition: tm-threads-common.h:91
PathIsRelative
int PathIsRelative(const char *path)
Check if a path is relative.
Definition: util-path.c:69
detect-parse.h
Signature_
Signature container.
Definition: detect.h:657
SCConfNode_::final
int final
Definition: conf.h:44
DetectLoadersSync
int DetectLoadersSync(void)
wait for loader tasks to complete
Definition: detect-engine-loader.c:564
mpm_table
MpmTableElmt mpm_table[MPM_TABLE_SIZE]
Definition: util-mpm.c:47
suricata.h
DetectLoaderTask_::Func
LoaderFunc Func
Definition: detect-engine-loader.h:38
DetectLoadCompleteSigPath
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
Definition: detect-engine-loader.c:106
DetectEngineCtx_::sigerror
const char * sigerror
Definition: detect.h:1012
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:921
ThreadVars_::ctrl_mutex
SCCtrlMutex * ctrl_mutex
Definition: threadvars.h:132
DetectEngineCtx_::rule_line
int rule_line
Definition: detect.h:1010
PROG_VER
#define PROG_VER
Definition: suricata.h:76
TmThreadsCheckFlag
int TmThreadsCheckFlag(ThreadVars *tv, uint32_t flag)
Check if a thread flag is set.
Definition: tm-threads.c:93
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:238
THV_CLOSED
#define THV_CLOSED
Definition: threadvars.h:42
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:276
SCConfNode_
Definition: conf.h:37
DetectEngineCtx_::tenant_id
uint32_t tenant_id
Definition: detect.h:926
detect-engine-loader.h
SigFileLoaderStat_
Signature loader statistics.
Definition: detect.h:865
SCConfNode_::val
char * val
Definition: conf.h:39
TmModule_::flags
uint8_t flags
Definition: tm-modules.h:76
DetectFirewallRuleAppendNew
Signature * DetectFirewallRuleAppendNew(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:3266
DetectLoaderControl_::tv
ThreadVars * tv
Definition: detect-engine-loader.h:46
util-threshold-config.h
TM_FLAG_MANAGEMENT_TM
#define TM_FLAG_MANAGEMENT_TM
Definition: tm-modules.h:36