Go to the documentation of this file.
55 static bool fp_engine_analysis_set =
false;
65 const char *defaultpath = NULL;
69 if (sig_file == NULL) {
70 SCLogError(
"invalid sig_file argument - NULL");
79 snprintf(varname,
sizeof(varname),
"%s.default-rule-path",
83 if (default_rule_path) {
84 defaultpath = default_rule_path->
val;
114 static int DetectLoadSigFile(
118 int good = 0, bad = 0, skipped = 0;
121 int lineno = 0, multiline = 0;
127 FILE *fp = fopen(sig_file,
"r");
131 sig_file, strerror(errno));
135 while(fgets(line +
offset, (
int)
sizeof(line) -
offset, fp) != NULL) {
137 size_t len = strlen(line);
140 if (line[0] ==
'\n' || line [0] ==
'\r' || line[0] ==
' ' || line[0] ==
'#' || line[0] ==
'\t')
144 while (
len > 0 && isspace((
unsigned char)line[--
len]));
145 if (line[
len] ==
'\\') {
148 if (
offset <
sizeof(line) - 1) {
158 if (
len > 0 && (line[
len - 1] ==
'\n' || line[
len - 1] ==
'\r')) {
159 line[
len - 1] =
'\0';
172 if (fp_engine_analysis_set) {
183 SCLogError(
"error parsing signature \"%s\" from "
184 "file %s at line %" PRId32
"",
185 line, sig_file, lineno - multiline);
189 "file %s at line %" PRId32
"",
190 line, sig_file, lineno - multiline);
203 SCLogInfo(
"Skipping signature due to missing requirements: %s from file %s at line "
205 line, sig_file, lineno - multiline);
215 *skippedsigs = skipped;
226 int *good_sigs,
int *bad_sigs,
int *skipped_sigs)
230 if (pattern == NULL) {
237 r = glob(pattern, 0, NULL, &files);
239 if (r == GLOB_NOMATCH) {
240 SCLogWarning(
"No rule files match the pattern %s", pattern);
245 SCLogError(
"error expanding template %s: %s", pattern, strerror(errno));
249 for (
size_t i = 0; i < (size_t)files.gl_pathc; i++) {
250 char *fname = files.gl_pathv[i];
251 if (strcmp(
"/dev/null", fname) == 0)
254 char *fname = pattern;
255 if (strcmp(
"/dev/null", fname) == 0)
263 r = DetectLoadSigFile(
de_ctx, fname, good_sigs, bad_sigs, skipped_sigs);
297 char varname[128] =
"rule-files";
300 int skipped_sigs = 0;
303 snprintf(varname,
sizeof(varname),
"%s.rule-files",
312 if (!(sig_file != NULL && sig_file_exclusive)) {
314 if (rule_files != NULL) {
316 SCLogWarning(
"Invalid rule-files configuration section: "
317 "expected a list of filenames.");
322 good_sigs = bad_sigs = skipped_sigs = 0;
323 ret = ProcessSigFiles(
324 de_ctx, sfile, sig_stat, &good_sigs, &bad_sigs, &skipped_sigs);
333 if (good_sigs == 0) {
342 if (sig_file != NULL) {
343 ret = ProcessSigFiles(
de_ctx, sig_file, sig_stat, &good_sigs, &bad_sigs, &skipped_sigs);
351 if (good_sigs == 0) {
360 "%d rule files specified, but no rules were loaded!", sig_stat->
total_files);
368 SCLogInfo(
"tenant id %d: %" PRId32
" rule files processed. %" PRId32
369 " rules successfully loaded, %" PRId32
" rules failed, %" PRId32
374 SCLogInfo(
"%" PRId32
" rule files processed. %" PRId32
375 " rules successfully loaded, %" PRId32
" rules failed, %" PRId32
418 static int cur_loader = 0;
419 static void TmThreadWakeupDetectLoaderThreads(
void);
426 if (loader_id == -1) {
427 loader_id = cur_loader;
429 if (cur_loader >= num_loaders)
432 if (loader_id >= num_loaders || loader_id < 0) {
450 TmThreadWakeupDetectLoaderThreads();
452 SCLogDebug(
"%d %p %p", loader_id, Func, func_ctx);
462 for (
int i = 0; i < num_loaders; i++) {
480 if (loader->
result != 0) {
487 SCLogError(
"%d loaders reported errors", errors);
496 memset(loader, 0x00,
sizeof(*loader));
504 (void)
ConfGetInt(
"multi-detect.loaders", &setting);
506 if (setting < 1 || setting > 1024) {
507 FatalError(
"invalid multi-detect.loaders setting %" PRIdMAX, setting);
510 num_loaders = (int32_t)setting;
511 SCLogInfo(
"using %d detect loader threads", num_loaders);
517 for (
int i = 0; i < num_loaders; i++) {
518 DetectLoaderInit(&loaders[i]);
525 static void TmThreadWakeupDetectLoaderThreads(
void)
528 for (
int i = 0; i <
TVT_MAX; i++) {
531 if (strncmp(
tv->
name,
"DL#",3) == 0) {
549 for (
int i = 0; i <
TVT_MAX; i++) {
552 if (strncmp(
tv->
name,
"DL#",3) == 0)
567 static TmEcode DetectLoaderThreadInit(
ThreadVars *t,
const void *initdata,
void **data)
645 for (
int i = 0; i < num_loaders; i++) {
650 if (tv_loader == NULL) {
651 FatalError(
"failed to create thread %s", name);
654 FatalError(
"failed to create spawn %s", name);
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
TmEcode TmThreadSpawn(ThreadVars *tv)
Spawns a thread associated with the ThreadVars instance tv.
void DetectLoaderThreadSpawn(void)
spawn the detect loader manager thread
char * PathMergeAlloc(const char *const dir, const char *const fname)
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
void SetupEngineAnalysis(DetectEngineCtx *de_ctx, bool *fp_analysis, bool *rule_analysis)
void TmThreadsSetFlag(ThreadVars *tv, uint32_t flag)
Set a thread flag.
void TmThreadWaitForFlag(ThreadVars *tv, uint32_t flags)
Waits till the specified flag(s) is(are) set. We don't bother if the kill flag has been set or not on...
SC_ATOMIC_DECLARE(int, detect_loader_cnt)
struct HtpBodyChunk_ * next
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
void TmThreadContinueDetectLoaderThreads(void)
Unpauses all threads present in tv_root.
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
main detection engine ctx
#define TAILQ_EMPTY(head)
#define TAILQ_FOREACH(var, head, field)
void(* LoaderFreeFunc)(void *ctx)
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
ThreadVars * tv_root[TVT_MAX]
int(* LoaderFunc)(void *ctx, int loader_id)
#define TAILQ_INSERT_TAIL(head, elm, field)
void DetectParseDupSigHashFree(DetectEngineCtx *de_ctx)
Frees the hash table that is used to cull duplicate sigs.
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
int SCThresholdConfInitContext(DetectEngineCtx *de_ctx)
Inits the context to be used by the Threshold Config parsing API.
#define TM_THREAD_NAME_MAX
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
void TmThreadsUnsetFlag(ThreadVars *tv, uint32_t flag)
Unset a thread flag.
void TmThreadContinue(ThreadVars *tv)
Unpauses a thread.
SCDetectRequiresStatus * requirements
#define TAILQ_REMOVE(head, elm, field)
bool rule_engine_analysis_set
int SigStringAppend(SigFileLoaderStat *sig_stats, const char *sig_file, const char *sig_str, const char *sig_error, int line)
Append a new list member to SigString list.
void DetectLoadersInit(void)
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
#define SCMutexUnlock(mut)
struct timeval last_reload
Per thread variable structure.
void TmThreadTestThreadUnPaused(ThreadVars *tv)
Tests if the thread represented in the arg has been unpaused or not.
TmEcode(* Management)(ThreadVars *, void *)
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered s...
#define SCLogWarning(...)
Macro used to log WARNING messages.
void EngineAnalysisRules(const DetectEngineCtx *de_ctx, const Signature *s, const char *line)
Prints analysis of loaded rules.
struct ThreadVars_ * next
const char * thread_name_detect_loader
void TmModuleDetectLoaderRegister(void)
#define SCCtrlMutexLock(mut)
TmModule tmm_modules[TMM_SIZE]
struct DetectLoaderThreadData_ DetectLoaderThreadData
#define DETECT_MAX_RULE_SIZE
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
#define TAILQ_FOREACH_SAFE(var, head, field, tvar)
void EngineAnalysisRulesFailure(const DetectEngineCtx *de_ctx, char *line, char *file, int lineno)
#define SCMutexInit(mut, mutattrs)
int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx, LoaderFreeFunc FreeFunc)
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
#define SCCtrlMutexUnlock(mut)
SigFileLoaderStat sig_stat
void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *line)
void CleanupEngineAnalysis(DetectEngineCtx *de_ctx)
int ConfNodeIsSequence(const ConfNode *node)
Check if a node is a sequence or node.
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
ThreadVars * TmThreadCreateCmdThreadByName(const char *name, const char *module, int mucond)
Creates and returns the TV instance for a Command thread (CMD). This function supports only custom sl...
int RunmodeGetCurrent(void)
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
@ RUNMODE_ENGINE_ANALYSIS
#define SCLogError(...)
Macro used to log ERROR messages.
int PathIsRelative(const char *path)
Check if a path is relative.
int DetectLoadersSync(void)
wait for loader tasks to complete
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
int TmThreadsCheckFlag(ThreadVars *tv, uint32_t flag)
Check if a thread flag is set.
Signature loader statistics.
#define TM_FLAG_MANAGEMENT_TM
void RetrieveFPForSig(const DetectEngineCtx *de_ctx, Signature *s)