suricata
detect-engine-loader.c
Go to the documentation of this file.
1 /* Copyright (C) 2015 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "suricata.h"
26 #include "conf.h"
27 #include "debug.h"
28 #include "detect.h"
29 #include "detect-parse.h"
30 
31 #include "runmodes.h"
32 #include "threads.h"
33 #include "threadvars.h"
34 #include "tm-threads.h"
35 #include "queue.h"
36 #include "util-signal.h"
37 
38 #include "detect-engine-loader.h"
39 #include "detect-engine-analyzer.h"
40 #include "detect-engine-mpm.h"
41 #include "detect-engine-sigorder.h"
42 
43 #include "util-detect.h"
44 #include "util-threshold-config.h"
45 
46 #ifdef HAVE_GLOB_H
47 #include <glob.h>
48 #endif
49 
50 extern int rule_reload;
51 extern int engine_analysis;
52 static int fp_engine_analysis_set = 0;
54 
55 /**
56  * \brief Create the path if default-rule-path was specified
57  * \param sig_file The name of the file
58  * \retval str Pointer to the string path + sig_file
59  */
60 char *DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
61 {
62  const char *defaultpath = NULL;
63  char *path = NULL;
64  char varname[128];
65 
66  if (sig_file == NULL) {
67  SCLogError(SC_ERR_INVALID_ARGUMENTS,"invalid sig_file argument - NULL");
68  return NULL;
69  }
70 
71  if (strlen(de_ctx->config_prefix) > 0) {
72  snprintf(varname, sizeof(varname), "%s.default-rule-path",
73  de_ctx->config_prefix);
74  } else {
75  snprintf(varname, sizeof(varname), "default-rule-path");
76  }
77 
78  /* Path not specified */
79  if (PathIsRelative(sig_file)) {
80  if (ConfGet(varname, &defaultpath) == 1) {
81  SCLogDebug("Default path: %s", defaultpath);
82  size_t path_len = sizeof(char) * (strlen(defaultpath) +
83  strlen(sig_file) + 2);
84  path = SCMalloc(path_len);
85  if (unlikely(path == NULL))
86  return NULL;
87  strlcpy(path, defaultpath, path_len);
88 #if defined OS_WIN32 || defined __CYGWIN__
89  if (path[strlen(path) - 1] != '\\')
90  strlcat(path, "\\\\", path_len);
91 #else
92  if (path[strlen(path) - 1] != '/')
93  strlcat(path, "/", path_len);
94 #endif
95  strlcat(path, sig_file, path_len);
96  } else {
97  path = SCStrdup(sig_file);
98  if (unlikely(path == NULL))
99  return NULL;
100  }
101  } else {
102  path = SCStrdup(sig_file);
103  if (unlikely(path == NULL))
104  return NULL;
105  }
106  return path;
107 }
108 
109 /**
110  * \brief Load a file with signatures
111  * \param de_ctx Pointer to the detection engine context
112  * \param sig_file Filename to load signatures from
113  * \param goodsigs_tot Will store number of valid signatures in the file
114  * \param badsigs_tot Will store number of invalid signatures in the file
115  * \retval 0 on success, -1 on error
116  */
117 static int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file,
118  int *goodsigs, int *badsigs)
119 {
120  Signature *sig = NULL;
121  int good = 0, bad = 0;
122  char line[DETECT_MAX_RULE_SIZE] = "";
123  size_t offset = 0;
124  int lineno = 0, multiline = 0;
125 
126  (*goodsigs) = 0;
127  (*badsigs) = 0;
128 
129  FILE *fp = fopen(sig_file, "r");
130  if (fp == NULL) {
131  SCLogError(SC_ERR_OPENING_RULE_FILE, "opening rule file %s:"
132  " %s.", sig_file, strerror(errno));
133  return -1;
134  }
135 
136  while(fgets(line + offset, (int)sizeof(line) - offset, fp) != NULL) {
137  lineno++;
138  size_t len = strlen(line);
139 
140  /* ignore comments and empty lines */
141  if (line[0] == '\n' || line [0] == '\r' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
142  continue;
143 
144  /* Check for multiline rules. */
145  while (len > 0 && isspace((unsigned char)line[--len]));
146  if (line[len] == '\\') {
147  multiline++;
148  offset = len;
149  if (offset < sizeof(line) - 1) {
150  /* We have room for more. */
151  continue;
152  }
153  /* No more room in line buffer, continue, rule will fail
154  * to parse. */
155  }
156 
157  /* Check if we have a trailing newline, and remove it */
158  len = strlen(line);
159  if (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r')) {
160  line[len - 1] = '\0';
161  }
162 
163  /* Reset offset. */
164  offset = 0;
165 
166  de_ctx->rule_file = sig_file;
167  de_ctx->rule_line = lineno - multiline;
168 
169  sig = DetectEngineAppendSig(de_ctx, line);
170  if (sig != NULL) {
171  if (rule_engine_analysis_set || fp_engine_analysis_set) {
172  RetrieveFPForSig(de_ctx, sig);
173  if (fp_engine_analysis_set) {
174  EngineAnalysisFP(de_ctx, sig, line);
175  }
177  EngineAnalysisRules(de_ctx, sig, line);
178  }
179  }
180  SCLogDebug("signature %"PRIu32" loaded", sig->id);
181  good++;
182  } else {
183  if (!de_ctx->sigerror_silent) {
184  SCLogError(SC_ERR_INVALID_SIGNATURE, "error parsing signature \"%s\" from "
185  "file %s at line %"PRId32"", line, sig_file, lineno - multiline);
186 
187  if (!SigStringAppend(&de_ctx->sig_stat, sig_file, line, de_ctx->sigerror, (lineno - multiline))) {
188  SCLogError(SC_ERR_MEM_ALLOC, "Error adding sig \"%s\" from "
189  "file %s at line %"PRId32"", line, sig_file, lineno - multiline);
190  }
191  if (de_ctx->sigerror) {
192  de_ctx->sigerror = NULL;
193  }
194  }
196  EngineAnalysisRulesFailure(line, sig_file, lineno - multiline);
197  }
198  bad++;
199  }
200  multiline = 0;
201  }
202  fclose(fp);
203 
204  *goodsigs = good;
205  *badsigs = bad;
206  return 0;
207 }
208 
209 /**
210  * \brief Expands wildcards and reads signatures from each matching file
211  * \param de_ctx Pointer to the detection engine context
212  * \param sig_file Filename (or pattern) holding signatures
213  * \retval -1 on error
214  */
215 static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern,
216  SigFileLoaderStat *st, int *good_sigs, int *bad_sigs)
217 {
218  int r = 0;
219 
220  if (pattern == NULL) {
221  SCLogError(SC_ERR_INVALID_ARGUMENT, "opening rule file null");
222  return -1;
223  }
224 
225 #ifdef HAVE_GLOB_H
226  glob_t files;
227  r = glob(pattern, 0, NULL, &files);
228 
229  if (r == GLOB_NOMATCH) {
230  SCLogWarning(SC_ERR_NO_RULES, "No rule files match the pattern %s", pattern);
231  ++(st->bad_files);
232  ++(st->total_files);
233  return -1;
234  } else if (r != 0) {
235  SCLogError(SC_ERR_OPENING_RULE_FILE, "error expanding template %s: %s",
236  pattern, strerror(errno));
237  return -1;
238  }
239 
240  for (size_t i = 0; i < (size_t)files.gl_pathc; i++) {
241  char *fname = files.gl_pathv[i];
242  if (strcmp("/dev/null", fname) == 0)
243  continue;
244 #else
245  char *fname = pattern;
246  if (strcmp("/dev/null", fname) == 0)
247  return 0;
248 #endif
249  SCLogConfig("Loading rule file: %s", fname);
250  r = DetectLoadSigFile(de_ctx, fname, good_sigs, bad_sigs);
251  if (r < 0) {
252  ++(st->bad_files);
253  }
254 
255  ++(st->total_files);
256 
257  st->good_sigs_total += *good_sigs;
258  st->bad_sigs_total += *bad_sigs;
259 
260 #ifdef HAVE_GLOB_H
261  }
262  globfree(&files);
263 #endif
264  return r;
265 }
266 
267 /**
268  * \brief Load signatures
269  * \param de_ctx Pointer to the detection engine context
270  * \param sig_file Filename (or pattern) holding signatures
271  * \param sig_file_exclusive File passed in 'sig_file' should be loaded exclusively.
272  * \retval -1 on error
273  */
274 int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
275 {
276  SCEnter();
277 
278  ConfNode *rule_files;
279  ConfNode *file = NULL;
280  SigFileLoaderStat *sig_stat = &de_ctx->sig_stat;
281  int ret = 0;
282  char *sfile = NULL;
283  char varname[128] = "rule-files";
284  int good_sigs = 0;
285  int bad_sigs = 0;
286 
287  if (strlen(de_ctx->config_prefix) > 0) {
288  snprintf(varname, sizeof(varname), "%s.rule-files",
289  de_ctx->config_prefix);
290  }
291 
293  fp_engine_analysis_set = SetupFPAnalyzer();
295  }
296 
297  /* ok, let's load signature files from the general config */
298  if (!(sig_file != NULL && sig_file_exclusive == TRUE)) {
299  rule_files = ConfGetNode(varname);
300  if (rule_files != NULL) {
301  if (!ConfNodeIsSequence(rule_files)) {
303  "Invalid rule-files configuration section: "
304  "expected a list of filenames.");
305  }
306  else {
307  TAILQ_FOREACH(file, &rule_files->head, next) {
308  sfile = DetectLoadCompleteSigPath(de_ctx, file->val);
309  good_sigs = bad_sigs = 0;
310  ret = ProcessSigFiles(de_ctx, sfile, sig_stat, &good_sigs, &bad_sigs);
311  SCFree(sfile);
312 
313  if (de_ctx->failure_fatal && ret != 0) {
314  /* Some rules failed to load, just exit as
315  * errors would have already been logged. */
316  exit(EXIT_FAILURE);
317  }
318 
319  if (good_sigs == 0) {
320  SCLogConfig("No rules loaded from %s.", file->val);
321  }
322  }
323  }
324  }
325  }
326 
327  /* If a Signature file is specified from commandline, parse it too */
328  if (sig_file != NULL) {
329  ret = ProcessSigFiles(de_ctx, sig_file, sig_stat, &good_sigs, &bad_sigs);
330 
331  if (ret != 0) {
332  if (de_ctx->failure_fatal == 1) {
333  exit(EXIT_FAILURE);
334  }
335  }
336 
337  if (good_sigs == 0) {
338  SCLogConfig("No rules loaded from %s", sig_file);
339  }
340  }
341 
342  /* now we should have signatures to work with */
343  if (sig_stat->good_sigs_total <= 0) {
344  if (sig_stat->total_files > 0) {
345  SCLogWarning(SC_ERR_NO_RULES_LOADED, "%d rule files specified, but no rule was loaded at all!", sig_stat->total_files);
346  } else {
347  SCLogInfo("No signatures supplied.");
348  goto end;
349  }
350  } else {
351  /* we report the total of files and rules successfully loaded and failed */
352  SCLogInfo("%" PRId32 " rule files processed. %" PRId32 " rules successfully loaded, %" PRId32 " rules failed",
353  sig_stat->total_files, sig_stat->good_sigs_total, sig_stat->bad_sigs_total);
354  }
355 
356  if ((sig_stat->bad_sigs_total || sig_stat->bad_files) && de_ctx->failure_fatal) {
357  ret = -1;
358  goto end;
359  }
360 
362  SCSigOrderSignatures(de_ctx);
364 
366 
367  /* Setup the signature group lookup structure and pattern matchers */
368  if (SigGroupBuild(de_ctx) < 0)
369  goto end;
370 
371  ret = 0;
372 
373  end:
374  gettimeofday(&de_ctx->last_reload, NULL);
378  }
379  if (fp_engine_analysis_set) {
381  }
382  }
383 
385  SCReturnInt(ret);
386 }
387 
388 #define NLOADERS 4
389 static DetectLoaderControl *loaders = NULL;
390 static int cur_loader = 0;
392 static int num_loaders = NLOADERS;
393 
394 /** \param loader -1 for auto select
395  * \retval loader_id or negative in case of error */
396 int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx)
397 {
398  if (loader_id == -1) {
399  loader_id = cur_loader;
400  cur_loader++;
401  if (cur_loader >= num_loaders)
402  cur_loader = 0;
403  }
404  if (loader_id >= num_loaders || loader_id < 0) {
405  return -ERANGE;
406  }
407 
408  DetectLoaderControl *loader = &loaders[loader_id];
409 
410  DetectLoaderTask *t = SCCalloc(1, sizeof(*t));
411  if (t == NULL)
412  return -ENOMEM;
413 
414  t->Func = Func;
415  t->ctx = func_ctx;
416 
417  SCMutexLock(&loader->m);
418  TAILQ_INSERT_TAIL(&loader->task_list, t, next);
419  SCMutexUnlock(&loader->m);
420 
422 
423  SCLogDebug("%d %p %p", loader_id, Func, func_ctx);
424  return loader_id;
425 }
426 
427 /** \brief wait for loader tasks to complete
428  * \retval result 0 for ok, -1 for errors */
430 {
431  SCLogDebug("waiting");
432  int errors = 0;
433  int i;
434  for (i = 0; i < num_loaders; i++) {
435  int done = 0;
436  DetectLoaderControl *loader = &loaders[i];
437  while (!done) {
438  SCMutexLock(&loader->m);
439  if (TAILQ_EMPTY(&loader->task_list)) {
440  done = 1;
441  }
442  SCMutexUnlock(&loader->m);
443  }
444  SCMutexLock(&loader->m);
445  if (loader->result != 0) {
446  errors++;
447  loader->result = 0;
448  }
449  SCMutexUnlock(&loader->m);
450 
451  }
452  if (errors) {
453  SCLogError(SC_ERR_INITIALIZATION, "%d loaders reported errors", errors);
454  return -1;
455  }
456  SCLogDebug("done");
457  return 0;
458 }
459 
460 static void DetectLoaderInit(DetectLoaderControl *loader)
461 {
462  memset(loader, 0x00, sizeof(*loader));
463  SCMutexInit(&loader->m, NULL);
464  TAILQ_INIT(&loader->task_list);
465 }
466 
468 {
469  intmax_t setting = NLOADERS;
470  (void)ConfGetInt("multi-detect.loaders", &setting);
471 
472  if (setting < 1 || setting > 1024) {
474  "invalid multi-detect.loaders setting %"PRIdMAX, setting);
475  exit(EXIT_FAILURE);
476  }
477  num_loaders = (int32_t)setting;
478 
479  SCLogInfo("using %d detect loader threads", num_loaders);
480 
481  BUG_ON(loaders != NULL);
482  loaders = SCCalloc(num_loaders, sizeof(DetectLoaderControl));
483  BUG_ON(loaders == NULL);
484 
485  int i;
486  for (i = 0; i < num_loaders; i++) {
487  DetectLoaderInit(&loaders[i]);
488  }
489 }
490 
491 /**
492  * \brief Unpauses all threads present in tv_root
493  */
495 {
496  ThreadVars *tv = NULL;
497  int i = 0;
498 
500  for (i = 0; i < TVT_MAX; i++) {
501  tv = tv_root[i];
502  while (tv != NULL) {
503  if (strncmp(tv->name,"DL#",3) == 0) {
504  BUG_ON(tv->ctrl_cond == NULL);
505  pthread_cond_broadcast(tv->ctrl_cond);
506  }
507  tv = tv->next;
508  }
509  }
511 
512  return;
513 }
514 
515 /**
516  * \brief Unpauses all threads present in tv_root
517  */
519 {
520  ThreadVars *tv = NULL;
521  int i = 0;
522 
524  for (i = 0; i < TVT_MAX; i++) {
525  tv = tv_root[i];
526  while (tv != NULL) {
527  if (strncmp(tv->name,"DL#",3) == 0)
528  TmThreadContinue(tv);
529 
530  tv = tv->next;
531  }
532  }
534 
535  return;
536 }
537 
538 
539 SC_ATOMIC_DECLARE(int, detect_loader_cnt);
540 
541 typedef struct DetectLoaderThreadData_ {
542  uint32_t instance;
544 
545 static TmEcode DetectLoaderThreadInit(ThreadVars *t, const void *initdata, void **data)
546 {
548  if (ftd == NULL)
549  return TM_ECODE_FAILED;
550 
551  ftd->instance = SC_ATOMIC_ADD(detect_loader_cnt, 1) - 1; /* id's start at 0 */
552  SCLogDebug("detect loader instance %u", ftd->instance);
553 
554  /* pass thread data back to caller */
555  *data = ftd;
556 
557  return TM_ECODE_OK;
558 }
559 
560 static TmEcode DetectLoaderThreadDeinit(ThreadVars *t, void *data)
561 {
562  SCFree(data);
563  return TM_ECODE_OK;
564 }
565 
566 
567 static TmEcode DetectLoader(ThreadVars *th_v, void *thread_data)
568 {
569  DetectLoaderThreadData *ftd = (DetectLoaderThreadData *)thread_data;
570  BUG_ON(ftd == NULL);
571 
572  SCLogDebug("loader thread started");
573  while (1)
574  {
575  if (TmThreadsCheckFlag(th_v, THV_PAUSE)) {
579  }
580 
581  /* see if we have tasks */
582 
583  DetectLoaderControl *loader = &loaders[ftd->instance];
584  SCMutexLock(&loader->m);
585 
586  DetectLoaderTask *task = NULL, *tmptask = NULL;
587  TAILQ_FOREACH_SAFE(task, &loader->task_list, next, tmptask) {
588  int r = task->Func(task->ctx, ftd->instance);
589  loader->result |= r;
590  TAILQ_REMOVE(&loader->task_list, task, next);
591  SCFree(task->ctx);
592  SCFree(task);
593  }
594 
595  SCMutexUnlock(&loader->m);
596 
597  if (TmThreadsCheckFlag(th_v, THV_KILL)) {
598  break;
599  }
600 
601  /* just wait until someone wakes us up */
603  SCCtrlCondWait(th_v->ctrl_cond, th_v->ctrl_mutex);
605 
606  SCLogDebug("woke up...");
607  }
608 
609  return TM_ECODE_OK;
610 }
611 
612 /** \brief spawn the detect loader manager thread */
614 {
615  int i;
616  for (i = 0; i < num_loaders; i++) {
617  ThreadVars *tv_loader = NULL;
618 
619  char name[TM_THREAD_NAME_MAX];
620  snprintf(name, sizeof(name), "%s#%02d", thread_name_detect_loader, i+1);
621 
622  tv_loader = TmThreadCreateCmdThreadByName(name,
623  "DetectLoader", 1);
624  BUG_ON(tv_loader == NULL);
625 
626  if (tv_loader == NULL) {
627  printf("ERROR: TmThreadsCreate failed\n");
628  exit(1);
629  }
630  if (TmThreadSpawn(tv_loader) != TM_ECODE_OK) {
631  printf("ERROR: TmThreadSpawn failed\n");
632  exit(1);
633  }
634  }
635  return;
636 }
637 
639 {
640  tmm_modules[TMM_DETECTLOADER].name = "DetectLoader";
641  tmm_modules[TMM_DETECTLOADER].ThreadInit = DetectLoaderThreadInit;
642  tmm_modules[TMM_DETECTLOADER].ThreadDeinit = DetectLoaderThreadDeinit;
643  tmm_modules[TMM_DETECTLOADER].Management = DetectLoader;
646  SCLogDebug("%s registered", tmm_modules[TMM_DETECTLOADER].name);
647 
648  SC_ATOMIC_INIT(detect_loader_cnt);
649 }
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
int rule_engine_analysis_set
void CleanupFPAnalyzer(void)
int PathIsRelative(const char *path)
Check if a path is relative.
Definition: util-path.c:64
#define SCLogDebug(...)
Definition: util-debug.h:335
uint8_t cap_flags
Definition: tm-modules.h:67
int DetectLoadersSync(void)
wait for loader tasks to complete
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
struct HtpBodyChunk_ * next
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
Signature loader statistics.
Definition: detect.h:723
#define BUG_ON(x)
uint8_t flags
Definition: tm-modules.h:70
uint32_t id
Definition: detect.h:555
void RetrieveFPForSig(const DetectEngineCtx *de_ctx, Signature *s)
#define unlikely(expr)
Definition: util-optimize.h:35
bool sigerror_silent
Definition: detect.h:867
char config_prefix[64]
Definition: detect.h:891
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
#define TAILQ_FOREACH_SAFE(var, head, field, tvar)
Definition: queue.h:356
SCCtrlCondT * ctrl_cond
Definition: threadvars.h:107
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:107
uint64_t offset
struct DetectLoaderThreadData_ DetectLoaderThreadData
#define THV_PAUSED
Definition: threadvars.h:38
ThreadVars * TmThreadCreateCmdThreadByName(const char *name, const char *module, int mucond)
Creates and returns the TV instance for a Command thread (CMD). This function supports only custom sl...
Definition: tm-threads.c:1332
char * val
Definition: conf.h:34
void DetectLoaderThreadSpawn(void)
spawn the detect loader manager thread
Signature container.
Definition: detect.h:522
void TmThreadContinue(ThreadVars *tv)
Unpauses a thread.
Definition: tm-threads.c:2005
int rule_reload
#define TRUE
#define SCMutexLock(mut)
const char * sigerror
Definition: detect.h:868
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:331
void SCSigOrderSignatures(DetectEngineCtx *de_ctx)
Orders the signatures.
SCCtrlMutex * ctrl_mutex
Definition: threadvars.h:106
main detection engine ctx
Definition: detect.h:761
void SCSigRegisterSignatureOrderingFuncs(DetectEngineCtx *de_ctx)
Lets you register the Signature ordering functions. The order in which the functions are registered...
int DetectLoaderQueueTask(int loader_id, LoaderFunc Func, void *func_ctx)
void TmThreadsSetFlag(ThreadVars *tv, uint16_t flag)
Set a thread flag.
Definition: tm-threads.c:97
#define SC_ATOMIC_INIT(name)
Initialize the previously declared atomic variable and it&#39;s lock.
Definition: util-atomic.h:81
#define SCCalloc(nm, a)
Definition: util-mem.h:253
int engine_analysis
#define SCMutexUnlock(mut)
int ConfNodeIsSequence(const ConfNode *node)
Check if a node is a sequence or node.
Definition: conf.c:975
SCMutex tv_root_lock
Definition: tm-threads.c:81
TmEcode(* Management)(ThreadVars *, void *)
Definition: tm-modules.h:59
char * rule_file
Definition: detect.h:865
#define TAILQ_INIT(head)
Definition: queue.h:370
void CleanupRuleAnalyzer(void)
struct timeval last_reload
Definition: detect.h:938
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
struct ThreadVars_ * next
Definition: threadvars.h:111
int SigGroupBuild(DetectEngineCtx *de_ctx)
Convert the signature list into the runtime match structure.
#define TM_FLAG_MANAGEMENT_TM
Definition: tm-modules.h:36
void EngineAnalysisRules(const DetectEngineCtx *de_ctx, const Signature *s, const char *line)
Prints analysis of loaded rules.
void SCSigSignatureOrderingModuleCleanup(DetectEngineCtx *de_ctx)
De-registers all the signature ordering functions registered.
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:412
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: tm-modules.h:49
#define SCEnter(...)
Definition: util-debug.h:337
SigFileLoaderStat sig_stat
Definition: detect.h:941
void DetectParseDupSigHashFree(DetectEngineCtx *de_ctx)
Frees the hash table that is used to cull duplicate sigs.
const char * thread_name_detect_loader
Definition: runmodes.c:69
void TmThreadWakeupDetectLoaderThreads(void)
Unpauses all threads present in tv_root.
void TmThreadsUnsetFlag(ThreadVars *tv, uint16_t flag)
Unset a thread flag.
Definition: tm-threads.c:105
#define SCMutexInit(mut, mutattrs)
#define SCReturnInt(x)
Definition: util-debug.h:341
#define THV_PAUSE
Definition: threadvars.h:37
int SCThresholdConfInitContext(DetectEngineCtx *de_ctx)
Inits the context to be used by the Threshold Config parsing API.
#define THV_KILL
Definition: threadvars.h:39
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:281
int SigStringAppend(SigFileLoaderStat *sig_stats, const char *sig_file, const char *sig_str, const char *sig_error, int line)
Append a new list member to SigString list.
Definition: util-detect.c:104
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:385
void EngineAnalysisRulesFailure(char *line, char *file, int lineno)
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
Definition: conf.h:32
const char * name
Definition: tm-modules.h:44
void EngineAnalysisFP(const DetectEngineCtx *de_ctx, const Signature *s, char *line)
SC_ATOMIC_DECLARE(int, detect_loader_cnt)
#define SCMalloc(a)
Definition: util-mem.h:222
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
#define DETECT_MAX_RULE_SIZE
Definition: detect.h:56
#define SCCtrlMutexLock(mut)
#define SCFree(a)
Definition: util-mem.h:322
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.h:73
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:437
void TmModuleDetectLoaderRegister(void)
int failure_fatal
Definition: detect.h:763
int RunmodeGetCurrent(void)
Definition: suricata.c:275
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:47
#define TM_THREAD_NAME_MAX
Definition: tm-threads.h:48
int TmThreadsCheckFlag(ThreadVars *tv, uint16_t flag)
Check if a thread flag is set.
Definition: tm-threads.c:89
#define SCCtrlMutexUnlock(mut)
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
#define SCStrdup(a)
Definition: util-mem.h:268
char name[16]
Definition: threadvars.h:59
int SetupFPAnalyzer(void)
Sets up the fast pattern analyzer according to the config.
#define NLOADERS
#define TAILQ_EMPTY(head)
Definition: queue.h:347
ThreadVars * tv_root[TVT_MAX]
Definition: tm-threads.c:78
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
Load signatures.
uint8_t len
Per thread variable structure.
Definition: threadvars.h:57
void TmThreadContinueDetectLoaderThreads()
Unpauses all threads present in tv_root.
void DetectLoadersInit(void)
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
TmEcode TmThreadSpawn(ThreadVars *tv)
Spawns a thread associated with the ThreadVars instance tv.
Definition: tm-threads.c:1875
int SetupRuleAnalyzer(void)
Sets up the rule analyzer according to the config.
int(* LoaderFunc)(void *ctx, int loader_id)
#define SCCtrlCondWait
void TmThreadTestThreadUnPaused(ThreadVars *tv)
Tests if the thread represented in the arg has been unpaused or not.
Definition: tm-threads.c:1973