suricata
runmode-nflog.c
Go to the documentation of this file.
1 /* Copyright (C) 2014-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Giuseppe Longo <giuseppelng@gmail.com>
22  */
23 #include "suricata-common.h"
24 #include "tm-threads.h"
25 #include "conf.h"
26 #include "runmodes.h"
27 #include "runmode-nflog.h"
28 
29 #include "util-debug.h"
30 #include "util-device.h"
31 #include "util-runmodes.h"
32 #include "util-misc.h"
33 
34 #include "source-nflog.h"
35 
36 #ifdef HAVE_NFLOG
37 #include "util-time.h"
38 
39 static void NflogDerefConfig(void *data)
40 {
41  NflogGroupConfig *nflogconf = (NflogGroupConfig *)data;
42  SCFree(nflogconf);
43 }
44 
45 static void *ParseNflogConfig(const char *group)
46 {
47  ConfNode *group_root;
48  ConfNode *group_default = NULL;
49  ConfNode *nflog_node;
50  NflogGroupConfig *nflogconf = SCMalloc(sizeof(*nflogconf));
51  intmax_t bufsize;
52  intmax_t bufsize_max;
53  intmax_t qthreshold;
54  intmax_t qtimeout;
55  int boolval;
56 
57  if (unlikely(nflogconf == NULL))
58  return NULL;
59 
60  if (group == NULL) {
61  SCFree(nflogconf);
62  return NULL;
63  }
64 
65  nflogconf->DerefFunc = NflogDerefConfig;
66  nflog_node = ConfGetNode("nflog");
67 
68  if (nflog_node == NULL) {
69  SCLogInfo("Unable to find nflog config using default value");
70  return nflogconf;
71  }
72 
73  group_root = ConfNodeLookupKeyValue(nflog_node, "group", group);
74 
75  group_default = ConfNodeLookupKeyValue(nflog_node, "group", "default");
76 
77  if (group_root == NULL && group_default == NULL) {
78  SCLogInfo("Unable to find nflog config for "
79  "group \"%s\" or \"default\", using default value",
80  group);
81  return nflogconf;
82  }
83 
84  nflogconf->nful_overrun_warned = 0;
85  strlcpy(nflogconf->numgroup, group, sizeof(nflogconf->numgroup));
86 
87  if (ParseSizeStringU16(group, &nflogconf->group) < 0) {
88  FatalError("NFLOG's group number invalid.");
89  }
90 
91  boolval = ConfGetChildValueIntWithDefault(group_root, group_default,
92  "buffer-size", &bufsize);
93 
94  if (boolval)
95  nflogconf->nlbufsiz = bufsize;
96  else {
97  SCLogError("Invalid buffer-size value");
98  SCFree(nflogconf);
99  return NULL;
100  }
101 
102  boolval = ConfGetChildValueIntWithDefault(group_root, group_default,
103  "max-size", &bufsize_max);
104 
105  if (boolval)
106  nflogconf->nlbufsiz_max = bufsize_max;
107  else {
108  SCLogError("Invalid max-size value");
109  SCFree(nflogconf);
110  return NULL;
111  }
112 
113  if (nflogconf->nlbufsiz > nflogconf->nlbufsiz_max) {
114  SCLogWarning("buffer-size value larger "
115  "than max-size value, adjusting buffer-size");
116  nflogconf->nlbufsiz = nflogconf->nlbufsiz_max;
117  }
118 
119  boolval = ConfGetChildValueIntWithDefault(group_root, group_default,
120  "qthreshold", &qthreshold);
121 
122  if (boolval)
123  nflogconf->qthreshold = qthreshold;
124  else {
125  SCLogError("Invalid qthreshold value");
126  SCFree(nflogconf);
127  return NULL;
128  }
129 
130  boolval = ConfGetChildValueIntWithDefault(group_root, group_default,
131  "qtimeout", &qtimeout);
132 
133  if (boolval)
134  nflogconf->qtimeout = qtimeout;
135  else {
136  SCLogError("Invalid qtimeout value");
137  SCFree(nflogconf);
138  return NULL;
139  }
140 
141  return nflogconf;
142 }
143 
144 static int NflogConfigGeThreadsCount(void *conf)
145 {
146  /* for each nflog group there is no reason to use more than 1 thread */
147  return 1;
148 }
149 #endif
150 
151 static int RunModeIdsNflogAutoFp(void)
152 {
153  SCEnter();
154 
155 #ifdef HAVE_NFLOG
156  RunModeInitialize();
157  TimeModeSetLive();
158 
159  int ret = RunModeSetLiveCaptureAutoFp(ParseNflogConfig, NflogConfigGeThreadsCount,
160  "ReceiveNFLOG", "DecodeNFLOG", thread_name_autofp, NULL);
161  if (ret != 0) {
162  FatalError("Unable to start runmode");
163  }
164 
165  SCLogInfo("RunModeIdsNflogAutoFp initialised");
166 #endif /* HAVE_NFLOG */
167 
168  SCReturnInt(0);
169 }
170 
171 static int RunModeIdsNflogSingle(void)
172 {
173  SCEnter();
174 
175 #ifdef HAVE_NFLOG
176  RunModeInitialize();
177  TimeModeSetLive();
178 
179  int ret = RunModeSetLiveCaptureSingle(ParseNflogConfig, NflogConfigGeThreadsCount,
180  "ReceiveNFLOG", "DecodeNFLOG", thread_name_single, NULL);
181  if (ret != 0) {
182  FatalError("Unable to start runmode");
183  }
184 
185  SCLogInfo("RunModeIdsNflogSingle initialised");
186 #endif /* HAVE_NFLOG */
187 
188  SCReturnInt(0);
189 }
190 
191 static int RunModeIdsNflogWorkers(void)
192 {
193  SCEnter();
194 
195 #ifdef HAVE_NFLOG
196  RunModeInitialize();
197  TimeModeSetLive();
198 
199  int ret = RunModeSetLiveCaptureWorkers(ParseNflogConfig, NflogConfigGeThreadsCount,
200  "ReceiveNFLOG", "DecodeNFLOG", thread_name_workers, NULL);
201  if (ret != 0) {
202  FatalError("Unable to start runmode");
203  }
204 
205  SCLogInfo("RunModeIdsNflogWorkers initialised");
206 #endif /* HAVE_NFLOG */
207 
208  SCReturnInt(0);
209 }
210 
211 const char *RunModeIdsNflogGetDefaultMode(void)
212 {
213  return "autofp";
214 }
215 
216 void RunModeIdsNflogRegister(void)
217 {
218  RunModeRegisterNewRunMode(
219  RUNMODE_NFLOG, "autofp", "Multi threaded nflog mode", RunModeIdsNflogAutoFp, NULL);
220  RunModeRegisterNewRunMode(
221  RUNMODE_NFLOG, "single", "Single threaded nflog mode", RunModeIdsNflogSingle, NULL);
222  RunModeRegisterNewRunMode(
223  RUNMODE_NFLOG, "workers", "Workers nflog mode", RunModeIdsNflogWorkers, NULL);
224  return;
225 }
thread_name_workers
const char * thread_name_workers
Definition: runmodes.c:81
tm-threads.h
source-nflog.h
RunModeSetLiveCaptureWorkers
int RunModeSetLiveCaptureWorkers(ConfigIfaceParserFunc ConfigParser, ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name, const char *decode_mod_name, const char *thread_name, const char *live_dev)
Definition: util-runmodes.c:322
ParseSizeStringU16
int ParseSizeStringU16(const char *size, uint16_t *res)
Definition: util-misc.c:164
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
RunModeInitialize
void RunModeInitialize(void)
Definition: runmodes.c:985
util-runmodes.h
thread_name_autofp
const char * thread_name_autofp
Definition: runmodes.c:79
RUNMODE_NFLOG
@ RUNMODE_NFLOG
Definition: runmodes.h:33
RunModeRegisterNewRunMode
void RunModeRegisterNewRunMode(enum RunModes runmode, const char *name, const char *description, int(*RunModeFunc)(void), void(*RunModeIsIPSEnabled)(void))
Registers a new runmode.
Definition: runmodes.c:491
RunModeIdsNflogGetDefaultMode
const char * RunModeIdsNflogGetDefaultMode(void)
Definition: runmode-nflog.c:211
ConfNodeLookupKeyValue
ConfNode * ConfNodeLookupKeyValue(const ConfNode *base, const char *key, const char *value)
Lookup for a key value under a specific node.
Definition: conf.c:830
NflogGroupConfig_::numgroup
char numgroup[NFLOG_GROUP_NAME_LENGTH]
Definition: source-nflog.h:47
ConfGetChildValueIntWithDefault
int ConfGetChildValueIntWithDefault(const ConfNode *base, const ConfNode *dflt, const char *name, intmax_t *val)
Definition: conf.c:460
thread_name_single
const char * thread_name_single
Definition: runmodes.c:80
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
RunModeSetLiveCaptureAutoFp
int RunModeSetLiveCaptureAutoFp(ConfigIfaceParserFunc ConfigParser, ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name, const char *decode_mod_name, const char *thread_name, const char *live_dev)
Definition: util-runmodes.c:86
util-device.h
util-debug.h
RunModeIdsNflogRegister
void RunModeIdsNflogRegister(void)
Definition: runmode-nflog.c:216
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
util-time.h
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
NflogGroupConfig_::qtimeout
uint32_t qtimeout
Definition: source-nflog.h:44
conf.h
runmodes.h
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
TimeModeSetLive
void TimeModeSetLive(void)
Definition: util-time.c:99
group
uint8_t group
Definition: app-layer-dnp3.h:0
suricata-common.h
NflogGroupConfig_::DerefFunc
void(* DerefFunc)(void *)
Definition: source-nflog.h:51
FatalError
#define FatalError(...)
Definition: util-debug.h:502
NflogGroupConfig_::group
uint16_t group
Definition: source-nflog.h:36
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
NflogGroupConfig_::qthreshold
uint32_t qthreshold
Definition: source-nflog.h:42
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
NflogGroupConfig_::nful_overrun_warned
int nful_overrun_warned
Definition: source-nflog.h:49
RunModeSetLiveCaptureSingle
int RunModeSetLiveCaptureSingle(ConfigIfaceParserFunc ConfigParser, ConfigIfaceThreadsCountFunc ModThreadsCount, const char *recv_mod_name, const char *decode_mod_name, const char *thread_name, const char *live_dev)
Definition: util-runmodes.c:351
runmode-nflog.h
NflogGroupConfig_
Definition: source-nflog.h:34
util-misc.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
NflogGroupConfig_::nlbufsiz_max
uint32_t nlbufsiz_max
Definition: source-nflog.h:40
NflogGroupConfig_::nlbufsiz
uint32_t nlbufsiz
Definition: source-nflog.h:38