suricata
runmode-unix-socket.c
Go to the documentation of this file.
1 /* Copyright (C) 2012 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 #include "tm-threads.h"
20 #include "conf.h"
21 #include "runmodes.h"
22 #include "runmode-pcap-file.h"
23 #include "output.h"
24 #include "output-json.h"
25 
26 #include "util-debug.h"
27 #include "util-time.h"
28 #include "util-cpu.h"
29 #include "util-affinity.h"
30 #include "util-var-name.h"
31 #include "util-path.h"
32 #include "unix-manager.h"
33 
34 #include "detect-engine.h"
35 
36 #include "flow-manager.h"
37 #include "flow-timeout.h"
38 #include "flow-hash.h"
39 #include "stream-tcp.h"
40 #include "stream-tcp-reassemble.h"
42 #include "host.h"
43 #include "defrag.h"
44 #include "defrag-hash.h"
45 #include "ippair.h"
46 #include "app-layer.h"
47 #include "app-layer-htp-mem.h"
48 #include "host-bit.h"
49 
50 #include "util-misc.h"
51 #include "util-profiling.h"
52 
53 #include "conf-yaml-loader.h"
54 
55 #include "datasets.h"
56 #include "runmode-unix-socket.h"
57 
59 
60 typedef struct PcapFiles_ {
61  char *filename;
62  char *output_dir;
63  uint32_t tenant_id;
64  time_t delay;
65  time_t poll_interval;
66  bool continuous;
70 
71 typedef struct PcapCommand_ {
72  TAILQ_HEAD(, PcapFiles_) files;
73  int running;
74  PcapFiles *current_file;
76 
77 typedef struct MemcapCommand_ {
78  const char *name;
79  int (*SetFunc)(uint64_t);
80  uint64_t (*GetFunc)(void);
81  uint64_t (*GetMemuseFunc)(void);
83 
85 {
86  return "autofp";
87 }
88 
89 #define MEMCAPS_MAX 7
90 static MemcapCommand memcaps[MEMCAPS_MAX] = {
91  {
92  "stream",
96  },
97  {
98  "stream-reassembly",
102  },
103  {
104  "flow",
108  },
109  {
110  "applayer-proto-http",
111  HTPSetMemcap,
112  HTPGetMemcap,
114  },
115  {
116  "defrag",
120  },
121  {
122  "ippair",
126  },
127  {
128  "host",
132  },
133 };
134 
136 {
137  float percent = 0.0;
138  for (int i = 0; i < 4; i++) { // only flow, streams, http
139  uint64_t memcap = memcaps[i].GetFunc();
140  if (memcap) {
141  uint64_t memuse = memcaps[i].GetMemuseFunc();
142  float p = (float)((double)memuse / (double)memcap);
143  // SCLogNotice("%s: memuse %"PRIu64", memcap %"PRIu64" => %f%%",
144  // memcaps[i].name, memuse, memcap, (p * 100));
145  percent = MAX(p, percent);
146  }
147  }
148  return percent;
149 }
150 
151 #ifdef BUILD_UNIX_SOCKET
152 
153 static int RunModeUnixSocketMaster(void);
154 static int unix_manager_pcap_task_running = 0;
155 static int unix_manager_pcap_task_failed = 0;
156 static int unix_manager_pcap_task_interrupted = 0;
157 static struct timespec unix_manager_pcap_last_processed;
158 static SCCtrlMutex unix_manager_pcap_last_processed_mutex;
159 
160 /**
161  * \brief return list of files in the queue
162  *
163  * \retval 0 in case of error, 1 in case of success
164  */
165 static TmEcode UnixSocketPcapFilesList(json_t *cmd, json_t* answer, void *data)
166 {
167  PcapCommand *this = (PcapCommand *) data;
168  int i = 0;
169  PcapFiles *file;
170  json_t *jdata;
171  json_t *jarray;
172 
173  jdata = json_object();
174  if (jdata == NULL) {
175  json_object_set_new(answer, "message",
176  json_string("internal error at json object creation"));
177  return TM_ECODE_FAILED;
178  }
179  jarray = json_array();
180  if (jarray == NULL) {
181  json_decref(jdata);
182  json_object_set_new(answer, "message",
183  json_string("internal error at json object creation"));
184  return TM_ECODE_FAILED;
185  }
186  TAILQ_FOREACH(file, &this->files, next) {
187  json_array_append_new(jarray, SCJsonString(file->filename));
188  i++;
189  }
190  json_object_set_new(jdata, "count", json_integer(i));
191  json_object_set_new(jdata, "files", jarray);
192  json_object_set_new(answer, "message", jdata);
193  return TM_ECODE_OK;
194 }
195 
196 static TmEcode UnixSocketPcapFilesNumber(json_t *cmd, json_t* answer, void *data)
197 {
198  PcapCommand *this = (PcapCommand *) data;
199  int i = 0;
200  PcapFiles *file;
201 
202  TAILQ_FOREACH(file, &this->files, next) {
203  i++;
204  }
205  json_object_set_new(answer, "message", json_integer(i));
206  return TM_ECODE_OK;
207 }
208 
209 static TmEcode UnixSocketPcapCurrent(json_t *cmd, json_t* answer, void *data)
210 {
211  PcapCommand *this = (PcapCommand *) data;
212 
213  if (this->current_file != NULL && this->current_file->filename != NULL) {
214  json_object_set_new(answer, "message",
215  json_string(this->current_file->filename));
216  } else {
217  json_object_set_new(answer, "message", json_string("None"));
218  }
219  return TM_ECODE_OK;
220 }
221 
222 static TmEcode UnixSocketPcapLastProcessed(json_t *cmd, json_t *answer, void *data)
223 {
224  json_int_t epoch_millis;
225  SCCtrlMutexLock(&unix_manager_pcap_last_processed_mutex);
226  epoch_millis = SCTimespecAsEpochMillis(&unix_manager_pcap_last_processed);
227  SCCtrlMutexUnlock(&unix_manager_pcap_last_processed_mutex);
228 
229  json_object_set_new(answer, "message",
230  json_integer(epoch_millis));
231 
232  return TM_ECODE_OK;
233 }
234 
235 static TmEcode UnixSocketPcapInterrupt(json_t *cmd, json_t *answer, void *data)
236 {
237  unix_manager_pcap_task_interrupted = 1;
238 
239  json_object_set_new(answer, "message", json_string("Interrupted"));
240 
241  return TM_ECODE_OK;
242 }
243 
244 static void PcapFilesFree(PcapFiles *cfile)
245 {
246  if (cfile == NULL)
247  return;
248  if (cfile->filename)
249  SCFree(cfile->filename);
250  if (cfile->output_dir)
251  SCFree(cfile->output_dir);
252  SCFree(cfile);
253 }
254 
255 /**
256  * \brief Add file to file queue
257  *
258  * \param this a UnixCommand:: structure
259  * \param filename absolute filename
260  * \param output_dir absolute name of directory where log will be put
261  * \param tenant_id Id of tenant associated with this file
262  * \param continuous If file should be run in continuous mode
263  * \param delete If file should be deleted when done
264  * \param delay Delay required for file modified time before being processed
265  * \param poll_interval How frequently directory mode polls for new files
266  *
267  * \retval 0 in case of error, 1 in case of success
268  */
269 static TmEcode UnixListAddFile(PcapCommand *this, const char *filename, const char *output_dir,
270  uint32_t tenant_id, bool continuous, bool should_delete, time_t delay, time_t poll_interval)
271 {
272  PcapFiles *cfile = NULL;
273  if (filename == NULL || this == NULL)
274  return TM_ECODE_FAILED;
275  cfile = SCCalloc(1, sizeof(PcapFiles));
276  if (unlikely(cfile == NULL)) {
277  SCLogError("Unable to allocate new file");
278  return TM_ECODE_FAILED;
279  }
280 
281  cfile->filename = SCStrdup(filename);
282  if (unlikely(cfile->filename == NULL)) {
283  SCFree(cfile);
284  SCLogError("Unable to dup filename");
285  return TM_ECODE_FAILED;
286  }
287 
288  if (output_dir) {
289  cfile->output_dir = SCStrdup(output_dir);
290  if (unlikely(cfile->output_dir == NULL)) {
291  SCFree(cfile->filename);
292  SCFree(cfile);
293  SCLogError("Unable to dup output_dir");
294  return TM_ECODE_FAILED;
295  }
296  }
297 
298  cfile->tenant_id = tenant_id;
299  cfile->continuous = continuous;
300  cfile->should_delete = should_delete;
301  cfile->delay = delay;
302  cfile->poll_interval = poll_interval;
303 
304  TAILQ_INSERT_TAIL(&this->files, cfile, next);
305  return TM_ECODE_OK;
306 }
307 
308 /**
309  * \brief Command to add a file to treatment list
310  *
311  * \param cmd the content of command Arguments as a json_t object
312  * \param answer the json_t object that has to be used to answer
313  * \param data pointer to data defining the context here a PcapCommand::
314  * \param continuous If this should run in continuous mode
315  */
316 static TmEcode UnixSocketAddPcapFileImpl(json_t *cmd, json_t* answer, void *data,
317  bool continuous)
318 {
319  PcapCommand *this = (PcapCommand *) data;
320  const char *filename;
321  const char *output_dir;
322  uint32_t tenant_id = 0;
323  bool should_delete = false;
324  time_t delay = 30;
325  time_t poll_interval = 5;
326  SCStat st;
327 
328  json_t *jarg = json_object_get(cmd, "filename");
329  if (!json_is_string(jarg)) {
330  SCLogError("filename is not a string");
331  json_object_set_new(answer, "message",
332  json_string("filename is not a string"));
333  return TM_ECODE_FAILED;
334  }
335  filename = json_string_value(jarg);
336  if (SCStatFn(filename, &st) != 0) {
337  json_object_set_new(answer, "message",
338  json_string("filename does not exist"));
339  return TM_ECODE_FAILED;
340  }
341 
342  json_t *oarg = json_object_get(cmd, "output-dir");
343  if (oarg != NULL) {
344  if (!json_is_string(oarg)) {
345  SCLogError("output-dir is not a string");
346 
347  json_object_set_new(answer, "message",
348  json_string("output-dir is not a string"));
349  return TM_ECODE_FAILED;
350  }
351  output_dir = json_string_value(oarg);
352  } else {
353  SCLogError("can't get output-dir");
354 
355  json_object_set_new(answer, "message",
356  json_string("output-dir param is mandatory"));
357  return TM_ECODE_FAILED;
358  }
359 
360  if (SCStatFn(output_dir, &st) != 0) {
361  json_object_set_new(answer, "message",
362  json_string("output-dir does not exist"));
363  return TM_ECODE_FAILED;
364  }
365 
366  json_t *targ = json_object_get(cmd, "tenant");
367  if (targ != NULL) {
368  if (!json_is_integer(targ)) {
369  json_object_set_new(answer, "message",
370  json_string("tenant is not a number"));
371  return TM_ECODE_FAILED;
372  }
373  tenant_id = json_number_value(targ);
374  }
375 
376  json_t *delete_arg = json_object_get(cmd, "delete-when-done");
377  if (delete_arg != NULL) {
378  should_delete = json_is_true(delete_arg);
379  }
380 
381  json_t *delay_arg = json_object_get(cmd, "delay");
382  if (delay_arg != NULL) {
383  if (!json_is_integer(delay_arg)) {
384  SCLogError("delay is not a integer");
385  json_object_set_new(answer, "message",
386  json_string("delay is not a integer"));
387  return TM_ECODE_FAILED;
388  }
389  delay = json_integer_value(delay_arg);
390  }
391 
392  json_t *interval_arg = json_object_get(cmd, "poll-interval");
393  if (interval_arg != NULL) {
394  if (!json_is_integer(interval_arg)) {
395  SCLogError("poll-interval is not a integer");
396 
397  json_object_set_new(answer, "message",
398  json_string("poll-interval is not a integer"));
399  return TM_ECODE_FAILED;
400  }
401  poll_interval = json_integer_value(interval_arg);
402  }
403 
404  switch (UnixListAddFile(this, filename, output_dir, tenant_id, continuous,
405  should_delete, delay, poll_interval)) {
406  case TM_ECODE_FAILED:
407  case TM_ECODE_DONE:
408  json_object_set_new(answer, "message",
409  json_string("Unable to add file to list"));
410  return TM_ECODE_FAILED;
411  case TM_ECODE_OK:
412  SCLogInfo("Added file '%s' to list", filename);
413  json_object_set_new(answer, "message",
414  json_string("Successfully added file to list"));
415  return TM_ECODE_OK;
416  }
417  return TM_ECODE_OK;
418 }
419 
420 /**
421  * \brief Command to add a file to treatment list
422  *
423  * \param cmd the content of command Arguments as a json_t object
424  * \param answer the json_t object that has to be used to answer
425  * \param data pointer to data defining the context here a PcapCommand::
426  */
427 static TmEcode UnixSocketAddPcapFile(json_t *cmd, json_t* answer, void *data)
428 {
429  bool continuous = false;
430 
431  json_t *cont_arg = json_object_get(cmd, "continuous");
432  if (cont_arg != NULL) {
433  continuous = json_is_true(cont_arg);
434  }
435 
436  return UnixSocketAddPcapFileImpl(cmd, answer, data, continuous);
437 }
438 
439 /**
440  * \brief Command to add a file to treatment list, forcing continuous mode
441  *
442  * \param cmd the content of command Arguments as a json_t object
443  * \param answer the json_t object that has to be used to answer
444  * \param data pointer to data defining the context here a PcapCommand::
445  */
446 static TmEcode UnixSocketAddPcapFileContinuous(json_t *cmd, json_t* answer, void *data)
447 {
448  return UnixSocketAddPcapFileImpl(cmd, answer, data, true);
449 }
450 
451 /**
452  * \brief Handle the file queue
453  *
454  * This function check if there is currently a file
455  * being parse. If it is not the case, it will start to
456  * work on a new file. This implies to start a new 'pcap-file'
457  * running mode after having set the file and the output dir.
458  * This function also handles the cleaning of the previous
459  * running mode.
460  *
461  * \param this a UnixCommand:: structure
462  * \retval 0 in case of error, 1 in case of success
463  */
464 static TmEcode UnixSocketPcapFilesCheck(void *data)
465 {
466  PcapCommand *this = (PcapCommand *) data;
467  if (unix_manager_pcap_task_running == 1) {
468  return TM_ECODE_OK;
469  }
470  if ((unix_manager_pcap_task_failed == 1) || (this->running == 1)) {
471  if (unix_manager_pcap_task_failed) {
472  SCLogInfo("Preceeding task failed, cleaning the running mode");
473  }
474  unix_manager_pcap_task_failed = 0;
475  this->running = 0;
476 
477  SCLogInfo("Resetting engine state");
478  PostRunDeinit(RUNMODE_PCAP_FILE, NULL /* no ts */);
479 
480  if (this->current_file) {
481  PcapFilesFree(this->current_file);
482  }
483  this->current_file = NULL;
484  }
485 
486  if (TAILQ_EMPTY(&this->files)) {
487  // nothing to do
488  return TM_ECODE_OK;
489  }
490 
491  PcapFiles *cfile = TAILQ_FIRST(&this->files);
492  TAILQ_REMOVE(&this->files, cfile, next);
493 
494  unix_manager_pcap_task_running = 1;
495  this->running = 1;
496 
497  if (ConfSetFinal("pcap-file.file", cfile->filename) != 1) {
498  SCLogError("Can not set working file to '%s'", cfile->filename);
499  PcapFilesFree(cfile);
500  return TM_ECODE_FAILED;
501  }
502 
503  int set_res = 0;
504  if (cfile->continuous) {
505  set_res = ConfSetFinal("pcap-file.continuous", "true");
506  } else {
507  set_res = ConfSetFinal("pcap-file.continuous", "false");
508  }
509  if (set_res != 1) {
510  SCLogError("Can not set continuous mode for pcap processing");
511  PcapFilesFree(cfile);
512  return TM_ECODE_FAILED;
513  }
514  if (cfile->should_delete) {
515  set_res = ConfSetFinal("pcap-file.delete-when-done", "true");
516  } else {
517  set_res = ConfSetFinal("pcap-file.delete-when-done", "false");
518  }
519  if (set_res != 1) {
520  SCLogError("Can not set delete mode for pcap processing");
521  PcapFilesFree(cfile);
522  return TM_ECODE_FAILED;
523  }
524 
525  if (cfile->delay > 0) {
526  char tstr[32];
527  snprintf(tstr, sizeof(tstr), "%" PRIuMAX, (uintmax_t)cfile->delay);
528  if (ConfSetFinal("pcap-file.delay", tstr) != 1) {
529  SCLogError("Can not set delay to '%s'", tstr);
530  PcapFilesFree(cfile);
531  return TM_ECODE_FAILED;
532  }
533  }
534 
535  if (cfile->poll_interval > 0) {
536  char tstr[32];
537  snprintf(tstr, sizeof(tstr), "%" PRIuMAX, (uintmax_t)cfile->poll_interval);
538  if (ConfSetFinal("pcap-file.poll-interval", tstr) != 1) {
539  SCLogError("Can not set poll-interval to '%s'", tstr);
540  PcapFilesFree(cfile);
541  return TM_ECODE_FAILED;
542  }
543  }
544 
545  if (cfile->tenant_id > 0) {
546  char tstr[16];
547  snprintf(tstr, sizeof(tstr), "%u", cfile->tenant_id);
548  if (ConfSetFinal("pcap-file.tenant-id", tstr) != 1) {
549  SCLogError("Can not set working tenant-id to '%s'", tstr);
550  PcapFilesFree(cfile);
551  return TM_ECODE_FAILED;
552  }
553  } else {
554  SCLogInfo("pcap-file.tenant-id not set");
555  }
556 
557  if (cfile->output_dir) {
558  if (ConfSetFinal("default-log-dir", cfile->output_dir) != 1) {
559  SCLogError("Can not set output dir to '%s'", cfile->output_dir);
560  PcapFilesFree(cfile);
561  return TM_ECODE_FAILED;
562  }
563  }
564 
565  this->current_file = cfile;
566 
567  SCLogInfo("Starting run for '%s'", this->current_file->filename);
568 
571  RunModeDispatch(RUNMODE_PCAP_FILE, NULL, NULL, NULL);
572 
573  /* Un-pause all the paused threads */
577 
578  return TM_ECODE_OK;
579 }
580 #endif
581 
583 {
584 #ifdef BUILD_UNIX_SOCKET
585  /* a bit of a hack, but register twice to --list-runmodes shows both */
587  RUNMODE_UNIX_SOCKET, "single", "Unix socket mode", RunModeUnixSocketMaster, NULL);
589  RUNMODE_UNIX_SOCKET, "autofp", "Unix socket mode", RunModeUnixSocketMaster, NULL);
590 #endif
591 }
592 
593 TmEcode UnixSocketPcapFile(TmEcode tm, struct timespec *last_processed)
594 {
595 #ifdef BUILD_UNIX_SOCKET
596  if(last_processed) {
597  SCCtrlMutexLock(&unix_manager_pcap_last_processed_mutex);
598  unix_manager_pcap_last_processed.tv_sec = last_processed->tv_sec;
599  unix_manager_pcap_last_processed.tv_nsec = last_processed->tv_nsec;
600  SCCtrlMutexUnlock(&unix_manager_pcap_last_processed_mutex);
601  }
602  switch (tm) {
603  case TM_ECODE_DONE:
604  SCLogInfo("Marking current task as done");
605  unix_manager_pcap_task_running = 0;
606  return TM_ECODE_DONE;
607  case TM_ECODE_FAILED:
608  SCLogInfo("Marking current task as failed");
609  unix_manager_pcap_task_running = 0;
610  unix_manager_pcap_task_failed = 1;
611  //if we return failed, we can't stop the thread and suricata will fail to close
612  return TM_ECODE_FAILED;
613  case TM_ECODE_OK:
614  if (unix_manager_pcap_task_interrupted == 1) {
615  SCLogInfo("Interrupting current run mode");
616  unix_manager_pcap_task_interrupted = 0;
617  return TM_ECODE_DONE;
618  } else {
619  return TM_ECODE_OK;
620  }
621  }
622 #endif
623  return TM_ECODE_FAILED;
624 }
625 
626 #ifdef BUILD_UNIX_SOCKET
627 /**
628  * \brief Command to add data to a dataset
629  *
630  * \param cmd the content of command Arguments as a json_t object
631  * \param answer the json_t object that has to be used to answer
632  * \param data pointer to data defining the context here a PcapCommand::
633  */
634 TmEcode UnixSocketDatasetAdd(json_t *cmd, json_t* answer, void *data)
635 {
636  /* 1 get dataset name */
637  json_t *narg = json_object_get(cmd, "setname");
638  if (!json_is_string(narg)) {
639  json_object_set_new(answer, "message", json_string("setname is not a string"));
640  return TM_ECODE_FAILED;
641  }
642  const char *set_name = json_string_value(narg);
643 
644  /* 2 get the data type */
645  json_t *targ = json_object_get(cmd, "settype");
646  if (!json_is_string(targ)) {
647  json_object_set_new(answer, "message", json_string("settype is not a string"));
648  return TM_ECODE_FAILED;
649  }
650  const char *type = json_string_value(targ);
651 
652  /* 3 get value */
653  json_t *varg = json_object_get(cmd, "datavalue");
654  if (!json_is_string(varg)) {
655  json_object_set_new(answer, "message", json_string("datavalue is not string"));
656  return TM_ECODE_FAILED;
657  }
658  const char *value = json_string_value(varg);
659 
660  SCLogDebug("dataset-add: %s type %s value %s", set_name, type, value);
661 
663  if (t == DATASET_TYPE_NOTSET) {
664  json_object_set_new(answer, "message", json_string("unknown settype"));
665  return TM_ECODE_FAILED;
666  }
667 
668  Dataset *set = DatasetFind(set_name, t);
669  if (set == NULL) {
670  json_object_set_new(answer, "message", json_string("set not found or wrong type"));
671  return TM_ECODE_FAILED;
672  }
673 
674  int r = DatasetAddSerialized(set, value);
675  if (r == 1) {
676  json_object_set_new(answer, "message", json_string("data added"));
677  return TM_ECODE_OK;
678  } else if (r == 0) {
679  json_object_set_new(answer, "message", json_string("data already in set"));
680  return TM_ECODE_OK;
681  } else {
682  json_object_set_new(answer, "message", json_string("failed to add data"));
683  return TM_ECODE_FAILED;
684  }
685 }
686 
687 TmEcode UnixSocketDatasetRemove(json_t *cmd, json_t* answer, void *data)
688 {
689  /* 1 get dataset name */
690  json_t *narg = json_object_get(cmd, "setname");
691  if (!json_is_string(narg)) {
692  json_object_set_new(answer, "message", json_string("setname is not a string"));
693  return TM_ECODE_FAILED;
694  }
695  const char *set_name = json_string_value(narg);
696 
697  /* 2 get the data type */
698  json_t *targ = json_object_get(cmd, "settype");
699  if (!json_is_string(targ)) {
700  json_object_set_new(answer, "message", json_string("settype is not a string"));
701  return TM_ECODE_FAILED;
702  }
703  const char *type = json_string_value(targ);
704 
705  /* 3 get value */
706  json_t *varg = json_object_get(cmd, "datavalue");
707  if (!json_is_string(varg)) {
708  json_object_set_new(answer, "message", json_string("datavalue is not string"));
709  return TM_ECODE_FAILED;
710  }
711  const char *value = json_string_value(varg);
712 
713  SCLogDebug("dataset-remove: %s type %s value %s", set_name, type, value);
714 
716  if (t == DATASET_TYPE_NOTSET) {
717  json_object_set_new(answer, "message", json_string("unknown settype"));
718  return TM_ECODE_FAILED;
719  }
720 
721  Dataset *set = DatasetFind(set_name, t);
722  if (set == NULL) {
723  json_object_set_new(answer, "message", json_string("set not found or wrong type"));
724  return TM_ECODE_FAILED;
725  }
726 
727  int r = DatasetRemoveSerialized(set, value);
728  if (r == 1) {
729  json_object_set_new(answer, "message", json_string("data removed"));
730  return TM_ECODE_OK;
731  } else if (r == 0) {
732  json_object_set_new(answer, "message", json_string("data is busy, try again"));
733  return TM_ECODE_OK;
734  } else {
735  json_object_set_new(answer, "message", json_string("failed to remove data"));
736  return TM_ECODE_FAILED;
737  }
738 }
739 
740 TmEcode UnixSocketDatasetDump(json_t *cmd, json_t *answer, void *data)
741 {
742  SCEnter();
743  SCLogDebug("Going to dump datasets");
744  DatasetsSave();
745  json_object_set_new(answer, "message", json_string("datasets dump done"));
747 }
748 
749 TmEcode UnixSocketDatasetClear(json_t *cmd, json_t *answer, void *data)
750 {
751  /* 1 get dataset name */
752  json_t *narg = json_object_get(cmd, "setname");
753  if (!json_is_string(narg)) {
754  json_object_set_new(answer, "message", json_string("setname is not a string"));
755  return TM_ECODE_FAILED;
756  }
757  const char *set_name = json_string_value(narg);
758 
759  /* 2 get the data type */
760  json_t *targ = json_object_get(cmd, "settype");
761  if (!json_is_string(targ)) {
762  json_object_set_new(answer, "message", json_string("settype is not a string"));
763  return TM_ECODE_FAILED;
764  }
765  const char *type = json_string_value(targ);
766 
768  if (t == DATASET_TYPE_NOTSET) {
769  json_object_set_new(answer, "message", json_string("unknown settype"));
770  return TM_ECODE_FAILED;
771  }
772 
773  Dataset *set = DatasetFind(set_name, t);
774  if (set == NULL) {
775  json_object_set_new(answer, "message", json_string("set not found or wrong type"));
776  return TM_ECODE_FAILED;
777  }
778 
779  THashCleanup(set->hash);
780 
781  json_object_set_new(answer, "message", json_string("dataset cleared"));
782  return TM_ECODE_OK;
783 }
784 
785 TmEcode UnixSocketDatasetLookup(json_t *cmd, json_t *answer, void *data)
786 {
787  /* 1 get dataset name */
788  json_t *narg = json_object_get(cmd, "setname");
789  if (!json_is_string(narg)) {
790  json_object_set_new(answer, "message", json_string("setname is not a string"));
791  return TM_ECODE_FAILED;
792  }
793  const char *set_name = json_string_value(narg);
794 
795  /* 2 get the data type */
796  json_t *targ = json_object_get(cmd, "settype");
797  if (!json_is_string(targ)) {
798  json_object_set_new(answer, "message", json_string("settype is not a string"));
799  return TM_ECODE_FAILED;
800  }
801  const char *type = json_string_value(targ);
802 
803  /* 3 get value */
804  json_t *varg = json_object_get(cmd, "datavalue");
805  if (!json_is_string(varg)) {
806  json_object_set_new(answer, "message", json_string("datavalue is not string"));
807  return TM_ECODE_FAILED;
808  }
809  const char *value = json_string_value(varg);
810 
811  SCLogDebug("dataset-exist: %s type %s value %s", set_name, type, value);
812 
814  if (t == DATASET_TYPE_NOTSET) {
815  json_object_set_new(answer, "message", json_string("unknown settype"));
816  return TM_ECODE_FAILED;
817  }
818 
819  Dataset *set = DatasetFind(set_name, t);
820  if (set == NULL) {
821  json_object_set_new(answer, "message", json_string("set not found or wrong type"));
822  return TM_ECODE_FAILED;
823  }
824 
825  if (DatasetLookupSerialized(set, value) > 0) {
826  json_object_set_new(answer, "message", json_string("item found in set"));
827  return TM_ECODE_OK;
828  } else {
829  json_object_set_new(answer, "message", json_string("item not found in set"));
830  return TM_ECODE_FAILED;
831  }
832 }
833 
834 /**
835  * \brief Command to add a tenant handler
836  *
837  * \param cmd the content of command Arguments as a json_t object
838  * \param answer the json_t object that has to be used to answer
839  * \param data pointer to data defining the context here a PcapCommand::
840  */
841 TmEcode UnixSocketRegisterTenantHandler(json_t *cmd, json_t* answer, void *data)
842 {
843  const char *htype;
844  json_int_t traffic_id = -1;
845 
847  SCLogInfo("error: multi-tenant support not enabled");
848  json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
849  return TM_ECODE_FAILED;
850  }
851 
852  /* 1 get tenant id */
853  json_t *jarg = json_object_get(cmd, "id");
854  if (!json_is_integer(jarg)) {
855  SCLogInfo("error: command is not a string");
856  json_object_set_new(answer, "message", json_string("id is not an integer"));
857  return TM_ECODE_FAILED;
858  }
859  uint32_t tenant_id = json_integer_value(jarg);
860 
861  /* 2 get tenant handler type */
862  jarg = json_object_get(cmd, "htype");
863  if (!json_is_string(jarg)) {
864  SCLogInfo("error: command is not a string");
865  json_object_set_new(answer, "message", json_string("command is not a string"));
866  return TM_ECODE_FAILED;
867  }
868  htype = json_string_value(jarg);
869 
870  SCLogDebug("add-tenant-handler: %d %s", tenant_id, htype);
871 
872  /* 3 get optional hargs */
873  json_t *hargs = json_object_get(cmd, "hargs");
874  if (hargs != NULL) {
875  if (!json_is_integer(hargs)) {
876  SCLogInfo("error: hargs not a number");
877  json_object_set_new(answer, "message", json_string("hargs not a number"));
878  return TM_ECODE_FAILED;
879  }
880  traffic_id = json_integer_value(hargs);
881  }
882 
883  /* 4 add to system */
884  int r = -1;
885  if (strcmp(htype, "pcap") == 0) {
886  r = DetectEngineTenantRegisterPcapFile(tenant_id);
887  } else if (strcmp(htype, "vlan") == 0) {
888  if (traffic_id < 0) {
889  json_object_set_new(answer, "message", json_string("vlan requires argument"));
890  return TM_ECODE_FAILED;
891  }
892  if (traffic_id > USHRT_MAX) {
893  json_object_set_new(answer, "message", json_string("vlan argument out of range"));
894  return TM_ECODE_FAILED;
895  }
896 
897  SCLogInfo("VLAN handler: id %u maps to tenant %u", (uint32_t)traffic_id, tenant_id);
898  r = DetectEngineTenantRegisterVlanId(tenant_id, (uint16_t)traffic_id);
899  }
900  if (r != 0) {
901  json_object_set_new(answer, "message", json_string("handler setup failure"));
902  return TM_ECODE_FAILED;
903  }
904 
905  if (DetectEngineMTApply() < 0) {
906  json_object_set_new(answer, "message", json_string("couldn't apply settings"));
907  // TODO cleanup
908  return TM_ECODE_FAILED;
909  }
910 
911  json_object_set_new(answer, "message", json_string("handler added"));
912  return TM_ECODE_OK;
913 }
914 
915 /**
916  * \brief Command to remove a tenant handler
917  *
918  * \param cmd the content of command Arguments as a json_t object
919  * \param answer the json_t object that has to be used to answer
920  * \param data pointer to data defining the context here a PcapCommand::
921  */
922 TmEcode UnixSocketUnregisterTenantHandler(json_t *cmd, json_t* answer, void *data)
923 {
924  const char *htype;
925  json_int_t traffic_id = -1;
926 
928  SCLogInfo("error: multi-tenant support not enabled");
929  json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
930  return TM_ECODE_FAILED;
931  }
932 
933  /* 1 get tenant id */
934  json_t *jarg = json_object_get(cmd, "id");
935  if (!json_is_integer(jarg)) {
936  SCLogInfo("error: command is not a string");
937  json_object_set_new(answer, "message", json_string("id is not an integer"));
938  return TM_ECODE_FAILED;
939  }
940  uint32_t tenant_id = json_integer_value(jarg);
941 
942  /* 2 get tenant handler type */
943  jarg = json_object_get(cmd, "htype");
944  if (!json_is_string(jarg)) {
945  SCLogInfo("error: command is not a string");
946  json_object_set_new(answer, "message", json_string("command is not a string"));
947  return TM_ECODE_FAILED;
948  }
949  htype = json_string_value(jarg);
950 
951  SCLogDebug("add-tenant-handler: %d %s", tenant_id, htype);
952 
953  /* 3 get optional hargs */
954  json_t *hargs = json_object_get(cmd, "hargs");
955  if (hargs != NULL) {
956  if (!json_is_integer(hargs)) {
957  SCLogInfo("error: hargs not a number");
958  json_object_set_new(answer, "message", json_string("hargs not a number"));
959  return TM_ECODE_FAILED;
960  }
961  traffic_id = json_integer_value(hargs);
962  }
963 
964  /* 4 add to system */
965  int r = -1;
966  if (strcmp(htype, "pcap") == 0) {
968  } else if (strcmp(htype, "vlan") == 0) {
969  if (traffic_id < 0) {
970  json_object_set_new(answer, "message", json_string("vlan requires argument"));
971  return TM_ECODE_FAILED;
972  }
973  if (traffic_id > USHRT_MAX) {
974  json_object_set_new(answer, "message", json_string("vlan argument out of range"));
975  return TM_ECODE_FAILED;
976  }
977 
978  SCLogInfo("VLAN handler: removing mapping of %u to tenant %u", (uint32_t)traffic_id, tenant_id);
979  r = DetectEngineTenantUnregisterVlanId(tenant_id, (uint16_t)traffic_id);
980  }
981  if (r != 0) {
982  json_object_set_new(answer, "message", json_string("handler unregister failure"));
983  return TM_ECODE_FAILED;
984  }
985 
986  /* 5 apply it */
987  if (DetectEngineMTApply() < 0) {
988  json_object_set_new(answer, "message", json_string("couldn't apply settings"));
989  // TODO cleanup
990  return TM_ECODE_FAILED;
991  }
992 
993  json_object_set_new(answer, "message", json_string("handler removed"));
994  return TM_ECODE_OK;
995 }
996 
997 /**
998  * \brief Command to add a tenant
999  *
1000  * \param cmd the content of command Arguments as a json_t object
1001  * \param answer the json_t object that has to be used to answer
1002  * \param data pointer to data defining the context here a PcapCommand::
1003  */
1004 TmEcode UnixSocketRegisterTenant(json_t *cmd, json_t* answer, void *data)
1005 {
1006  const char *filename;
1007  SCStat st;
1008 
1009  if (!(DetectEngineMultiTenantEnabled())) {
1010  SCLogInfo("error: multi-tenant support not enabled");
1011  json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
1012  return TM_ECODE_FAILED;
1013  }
1014 
1015  /* 1 get tenant id */
1016  json_t *jarg = json_object_get(cmd, "id");
1017  if (!json_is_integer(jarg)) {
1018  json_object_set_new(answer, "message", json_string("id is not an integer"));
1019  return TM_ECODE_FAILED;
1020  }
1021  uint32_t tenant_id = json_integer_value(jarg);
1022 
1023  /* 2 get tenant yaml */
1024  jarg = json_object_get(cmd, "filename");
1025  if (!json_is_string(jarg)) {
1026  json_object_set_new(answer, "message", json_string("command is not a string"));
1027  return TM_ECODE_FAILED;
1028  }
1029  filename = json_string_value(jarg);
1030  if (SCStatFn(filename, &st) != 0) {
1031  json_object_set_new(answer, "message", json_string("file does not exist"));
1032  return TM_ECODE_FAILED;
1033  }
1034 
1035  SCLogDebug("add-tenant: %d %s", tenant_id, filename);
1036 
1037  /* setup the yaml in this loop so that it's not done by the loader
1038  * threads. ConfYamlLoadFileWithPrefix is not thread safe. */
1039  char prefix[64];
1040  snprintf(prefix, sizeof(prefix), "multi-detect.%u", tenant_id);
1041  if (ConfYamlLoadFileWithPrefix(filename, prefix) != 0) {
1042  SCLogError("failed to load yaml %s", filename);
1043  json_object_set_new(answer, "message", json_string("failed to load yaml"));
1044  return TM_ECODE_FAILED;
1045  }
1046 
1047  /* 3 load into the system */
1048  if (DetectEngineLoadTenantBlocking(tenant_id, filename) != 0) {
1049  json_object_set_new(answer, "message", json_string("adding tenant failed"));
1050  return TM_ECODE_FAILED;
1051  }
1052 
1053  /* 4 apply to the running system */
1054  if (DetectEngineMTApply() < 0) {
1055  json_object_set_new(answer, "message", json_string("couldn't apply settings"));
1056  // TODO cleanup
1057  return TM_ECODE_FAILED;
1058  }
1059 
1060  json_object_set_new(answer, "message", json_string("adding tenant succeeded"));
1061  return TM_ECODE_OK;
1062 }
1063 
1064 static int reload_cnt = 1;
1065 /**
1066  * \brief Command to reload a tenant
1067  *
1068  * \param cmd the content of command Arguments as a json_t object
1069  * \param answer the json_t object that has to be used to answer
1070  * \param data pointer to data defining the context here a PcapCommand::
1071  */
1072 TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data)
1073 {
1074  const char *filename = NULL;
1075  SCStat st;
1076 
1077  if (!(DetectEngineMultiTenantEnabled())) {
1078  SCLogInfo("error: multi-tenant support not enabled");
1079  json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
1080  return TM_ECODE_FAILED;
1081  }
1082 
1083  /* 1 get tenant id */
1084  json_t *jarg = json_object_get(cmd, "id");
1085  if (!json_is_integer(jarg)) {
1086  json_object_set_new(answer, "message", json_string("id is not an integer"));
1087  return TM_ECODE_FAILED;
1088  }
1089  uint32_t tenant_id = json_integer_value(jarg);
1090 
1091  /* 2 get tenant yaml */
1092  jarg = json_object_get(cmd, "filename");
1093  if (jarg) {
1094  if (!json_is_string(jarg)) {
1095  json_object_set_new(answer, "message", json_string("command is not a string"));
1096  return TM_ECODE_FAILED;
1097  }
1098  filename = json_string_value(jarg);
1099  if (SCStatFn(filename, &st) != 0) {
1100  json_object_set_new(answer, "message", json_string("file does not exist"));
1101  return TM_ECODE_FAILED;
1102  }
1103  }
1104 
1105  SCLogDebug("reload-tenant: %d %s", tenant_id, filename);
1106 
1107  /* 3 load into the system */
1108  if (DetectEngineReloadTenantBlocking(tenant_id, filename, reload_cnt) != 0) {
1109  json_object_set_new(answer, "message", json_string("reload tenant failed"));
1110  return TM_ECODE_FAILED;
1111  }
1112 
1113  reload_cnt++;
1114 
1115  /* apply to the running system */
1116  if (DetectEngineMTApply() < 0) {
1117  json_object_set_new(answer, "message", json_string("couldn't apply settings"));
1118  // TODO cleanup
1119  return TM_ECODE_FAILED;
1120  }
1121 
1122  json_object_set_new(answer, "message", json_string("reloading tenant succeeded"));
1123  return TM_ECODE_OK;
1124 }
1125 
1126 /**
1127  * \brief Command to reload all tenants
1128  *
1129  * \param cmd the content of command Arguments as a json_t object
1130  * \param answer the json_t object that has to be used to answer
1131  * \param data pointer to data defining the context here a PcapCommand::
1132  */
1133 TmEcode UnixSocketReloadTenants(json_t *cmd, json_t *answer, void *data)
1134 {
1135  if (!(DetectEngineMultiTenantEnabled())) {
1136  SCLogInfo("error: multi-tenant support not enabled");
1137  json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
1138  return TM_ECODE_FAILED;
1139  }
1140 
1141  if (DetectEngineReloadTenantsBlocking(reload_cnt) != 0) {
1142  json_object_set_new(answer, "message", json_string("reload tenants failed"));
1143  return TM_ECODE_FAILED;
1144  }
1145 
1146  reload_cnt++;
1147 
1148  /* apply to the running system */
1149  if (DetectEngineMTApply() < 0) {
1150  json_object_set_new(answer, "message", json_string("couldn't apply settings"));
1151  // TODO cleanup
1152  return TM_ECODE_FAILED;
1153  }
1154 
1155  SCLogNotice("reload-tenants complete");
1156 
1157  json_object_set_new(answer, "message", json_string("reloading tenants succeeded"));
1158  return TM_ECODE_OK;
1159 }
1160 
1161 /**
1162  * \brief Command to remove a tenant
1163  *
1164  * \param cmd the content of command Arguments as a json_t object
1165  * \param answer the json_t object that has to be used to answer
1166  * \param data pointer to data defining the context here a PcapCommand::
1167  */
1168 TmEcode UnixSocketUnregisterTenant(json_t *cmd, json_t* answer, void *data)
1169 {
1170  if (!(DetectEngineMultiTenantEnabled())) {
1171  SCLogInfo("error: multi-tenant support not enabled");
1172  json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
1173  return TM_ECODE_FAILED;
1174  }
1175 
1176  /* 1 get tenant id */
1177  json_t *jarg = json_object_get(cmd, "id");
1178  if (!json_is_integer(jarg)) {
1179  SCLogInfo("error: command is not a string");
1180  json_object_set_new(answer, "message", json_string("id is not an integer"));
1181  return TM_ECODE_FAILED;
1182  }
1183  uint32_t tenant_id = json_integer_value(jarg);
1184 
1185  SCLogInfo("remove-tenant: removing tenant %d", tenant_id);
1186 
1187  /* 2 remove it from the system */
1188  char prefix[64];
1189  snprintf(prefix, sizeof(prefix), "multi-detect.%u", tenant_id);
1190 
1192  if (de_ctx == NULL) {
1193  json_object_set_new(answer, "message", json_string("tenant detect engine not found"));
1194  return TM_ECODE_FAILED;
1195  }
1196 
1197  /* move to free list */
1200 
1201  /* update the threads */
1202  if (DetectEngineMTApply() < 0) {
1203  json_object_set_new(answer, "message", json_string("couldn't apply settings"));
1204  // TODO cleanup
1205  return TM_ECODE_FAILED;
1206  }
1207 
1208  /* walk free list, freeing the removed de_ctx */
1210 
1211  json_object_set_new(answer, "message", json_string("removing tenant succeeded"));
1212  return TM_ECODE_OK;
1213 }
1214 
1215 /**
1216  * \brief Command to add a hostbit
1217  *
1218  * \param cmd the content of command Arguments as a json_t object
1219  * \param answer the json_t object that has to be used to answer
1220  */
1221 TmEcode UnixSocketHostbitAdd(json_t *cmd, json_t* answer, void *data_usused)
1222 {
1223  /* 1 get ip address */
1224  json_t *jarg = json_object_get(cmd, "ipaddress");
1225  if (!json_is_string(jarg)) {
1226  json_object_set_new(answer, "message", json_string("ipaddress is not an string"));
1227  return TM_ECODE_FAILED;
1228  }
1229  const char *ipaddress = json_string_value(jarg);
1230 
1231  Address a;
1232  struct in_addr in;
1233  memset(&in, 0, sizeof(in));
1234  if (inet_pton(AF_INET, ipaddress, &in) != 1) {
1235  uint32_t in6[4];
1236  memset(&in6, 0, sizeof(in6));
1237  if (inet_pton(AF_INET6, ipaddress, &in) != 1) {
1238  json_object_set_new(answer, "message", json_string("invalid address string"));
1239  return TM_ECODE_FAILED;
1240  } else {
1241  a.family = AF_INET6;
1242  a.addr_data32[0] = in6[0];
1243  a.addr_data32[1] = in6[1];
1244  a.addr_data32[2] = in6[2];
1245  a.addr_data32[3] = in6[3];
1246  }
1247  } else {
1248  a.family = AF_INET;
1249  a.addr_data32[0] = in.s_addr;
1250  a.addr_data32[1] = 0;
1251  a.addr_data32[2] = 0;
1252  a.addr_data32[3] = 0;
1253  }
1254 
1255  /* 2 get variable name */
1256  jarg = json_object_get(cmd, "hostbit");
1257  if (!json_is_string(jarg)) {
1258  json_object_set_new(answer, "message", json_string("hostbit is not a string"));
1259  return TM_ECODE_FAILED;
1260  }
1261  const char *hostbit = json_string_value(jarg);
1262  uint32_t idx = VarNameStoreLookupByName(hostbit, VAR_TYPE_HOST_BIT);
1263  if (idx == 0) {
1264  json_object_set_new(answer, "message", json_string("hostbit not found"));
1265  return TM_ECODE_FAILED;
1266  }
1267 
1268  /* 3 get expire */
1269  jarg = json_object_get(cmd, "expire");
1270  if (!json_is_integer(jarg)) {
1271  json_object_set_new(answer, "message", json_string("expire is not an integer"));
1272  return TM_ECODE_FAILED;
1273  }
1274  uint32_t expire = json_integer_value(jarg);
1275 
1276  SCLogInfo("add-hostbit: ip %s hostbit %s expire %us", ipaddress, hostbit, expire);
1277 
1278  SCTime_t current_time = TimeGet();
1279  Host *host = HostGetHostFromHash(&a);
1280  if (host) {
1281  HostBitSet(host, idx, SCTIME_SECS(current_time) + expire);
1282  HostUnlock(host);
1283 
1284  json_object_set_new(answer, "message", json_string("hostbit added"));
1285  return TM_ECODE_OK;
1286  } else {
1287  json_object_set_new(answer, "message", json_string("couldn't create host"));
1288  return TM_ECODE_FAILED;
1289  }
1290 }
1291 
1292 /**
1293  * \brief Command to remove a hostbit
1294  *
1295  * \param cmd the content of command Arguments as a json_t object
1296  * \param answer the json_t object that has to be used to answer
1297  */
1298 TmEcode UnixSocketHostbitRemove(json_t *cmd, json_t* answer, void *data_unused)
1299 {
1300  /* 1 get ip address */
1301  json_t *jarg = json_object_get(cmd, "ipaddress");
1302  if (!json_is_string(jarg)) {
1303  json_object_set_new(answer, "message", json_string("ipaddress is not an string"));
1304  return TM_ECODE_FAILED;
1305  }
1306  const char *ipaddress = json_string_value(jarg);
1307 
1308  Address a;
1309  struct in_addr in;
1310  memset(&in, 0, sizeof(in));
1311  if (inet_pton(AF_INET, ipaddress, &in) != 1) {
1312  uint32_t in6[4];
1313  memset(&in6, 0, sizeof(in6));
1314  if (inet_pton(AF_INET6, ipaddress, &in) != 1) {
1315  json_object_set_new(answer, "message", json_string("invalid address string"));
1316  return TM_ECODE_FAILED;
1317  } else {
1318  a.family = AF_INET6;
1319  a.addr_data32[0] = in6[0];
1320  a.addr_data32[1] = in6[1];
1321  a.addr_data32[2] = in6[2];
1322  a.addr_data32[3] = in6[3];
1323  }
1324  } else {
1325  a.family = AF_INET;
1326  a.addr_data32[0] = in.s_addr;
1327  a.addr_data32[1] = 0;
1328  a.addr_data32[2] = 0;
1329  a.addr_data32[3] = 0;
1330  }
1331 
1332  /* 2 get variable name */
1333  jarg = json_object_get(cmd, "hostbit");
1334  if (!json_is_string(jarg)) {
1335  json_object_set_new(answer, "message", json_string("hostbit is not a string"));
1336  return TM_ECODE_FAILED;
1337  }
1338 
1339  const char *hostbit = json_string_value(jarg);
1340  uint32_t idx = VarNameStoreLookupByName(hostbit, VAR_TYPE_HOST_BIT);
1341  if (idx == 0) {
1342  json_object_set_new(answer, "message", json_string("hostbit not found"));
1343  return TM_ECODE_FAILED;
1344  }
1345 
1346  SCLogInfo("remove-hostbit: %s %s", ipaddress, hostbit);
1347 
1348  Host *host = HostLookupHostFromHash(&a);
1349  if (host) {
1350  HostBitUnset(host, idx);
1351  HostUnlock(host);
1352  json_object_set_new(answer, "message", json_string("hostbit removed"));
1353  return TM_ECODE_OK;
1354  } else {
1355  json_object_set_new(answer, "message", json_string("host not found"));
1356  return TM_ECODE_FAILED;
1357  }
1358 }
1359 
1360 /**
1361  * \brief Command to list hostbits for an ip
1362  *
1363  * \param cmd the content of command Arguments as a json_t object
1364  * \param answer the json_t object that has to be used to answer
1365  *
1366  * Message looks like:
1367  * {"message": {"count": 1, "hostbits": [{"expire": 3222, "name": "firefox-users"}]}, "return": "OK"}
1368  *
1369  * \retval r TM_ECODE_OK or TM_ECODE_FAILED
1370  */
1371 TmEcode UnixSocketHostbitList(json_t *cmd, json_t* answer, void *data_unused)
1372 {
1373  /* 1 get ip address */
1374  json_t *jarg = json_object_get(cmd, "ipaddress");
1375  if (!json_is_string(jarg)) {
1376  json_object_set_new(answer, "message", json_string("ipaddress is not an string"));
1377  return TM_ECODE_FAILED;
1378  }
1379  const char *ipaddress = json_string_value(jarg);
1380 
1381  Address a;
1382  struct in_addr in;
1383  memset(&in, 0, sizeof(in));
1384  if (inet_pton(AF_INET, ipaddress, &in) != 1) {
1385  uint32_t in6[4];
1386  memset(&in6, 0, sizeof(in6));
1387  if (inet_pton(AF_INET6, ipaddress, &in) != 1) {
1388  json_object_set_new(answer, "message", json_string("invalid address string"));
1389  return TM_ECODE_FAILED;
1390  } else {
1391  a.family = AF_INET6;
1392  a.addr_data32[0] = in6[0];
1393  a.addr_data32[1] = in6[1];
1394  a.addr_data32[2] = in6[2];
1395  a.addr_data32[3] = in6[3];
1396  }
1397  } else {
1398  a.family = AF_INET;
1399  a.addr_data32[0] = in.s_addr;
1400  a.addr_data32[1] = 0;
1401  a.addr_data32[2] = 0;
1402  a.addr_data32[3] = 0;
1403  }
1404 
1405  SCLogInfo("list-hostbit: %s", ipaddress);
1406 
1407  SCTime_t ts = TimeGet();
1408 
1409  struct Bit {
1410  uint32_t id;
1411  uint32_t expire;
1412  } bits[256];
1413  memset(&bits, 0, sizeof(bits));
1414  int i = 0, use = 0;
1415 
1416  Host *host = HostLookupHostFromHash(&a);
1417  if (!host) {
1418  json_object_set_new(answer, "message", json_string("host not found"));
1419  return TM_ECODE_FAILED;
1420  }
1421 
1422  XBit *iter = NULL;
1423  while (use < 256 && HostBitList(host, &iter) == 1) {
1424  bits[use].id = iter->idx;
1425  bits[use].expire = iter->expire;
1426  use++;
1427  }
1428  HostUnlock(host);
1429 
1430  json_t *jdata = json_object();
1431  json_t *jarray = json_array();
1432  if (jarray == NULL || jdata == NULL) {
1433  if (jdata != NULL)
1434  json_decref(jdata);
1435  if (jarray != NULL)
1436  json_decref(jarray);
1437  json_object_set_new(answer, "message",
1438  json_string("internal error at json object creation"));
1439  return TM_ECODE_FAILED;
1440  }
1441 
1442  for (i = 0; i < use; i++) {
1443  json_t *bitobject = json_object();
1444  if (bitobject == NULL)
1445  continue;
1446  uint32_t expire = 0;
1447  if ((uint32_t)SCTIME_SECS(ts) < bits[i].expire)
1448  expire = bits[i].expire - (uint32_t)SCTIME_SECS(ts);
1449 
1450  const char *name = VarNameStoreLookupById(bits[i].id, VAR_TYPE_HOST_BIT);
1451  if (name == NULL)
1452  continue;
1453  json_object_set_new(bitobject, "name", json_string(name));
1454  SCLogDebug("xbit %s expire %u", name, expire);
1455  json_object_set_new(bitobject, "expire", json_integer(expire));
1456  json_array_append_new(jarray, bitobject);
1457  }
1458 
1459  json_object_set_new(jdata, "count", json_integer(i));
1460  json_object_set_new(jdata, "hostbits", jarray);
1461  json_object_set_new(answer, "message", jdata);
1462  return TM_ECODE_OK;
1463 }
1464 
1465 static void MemcapBuildValue(uint64_t val, char *str, uint32_t str_len)
1466 {
1467  if ((val / (1024 * 1024 * 1024)) != 0) {
1468  snprintf(str, str_len, "%"PRIu64"gb", val / (1024*1024*1024));
1469  } else if ((val / (1024 * 1024)) != 0) {
1470  snprintf(str, str_len, "%"PRIu64"mb", val / (1024*1024));
1471  } else {
1472  snprintf(str, str_len, "%"PRIu64"kb", val / (1024));
1473  }
1474 }
1475 
1476 TmEcode UnixSocketSetMemcap(json_t *cmd, json_t* answer, void *data)
1477 {
1478  char *memcap = NULL;
1479  char *value_str = NULL;
1480  uint64_t value;
1481  int i;
1482 
1483  json_t *jarg = json_object_get(cmd, "config");
1484  if (!json_is_string(jarg)) {
1485  json_object_set_new(answer, "message", json_string("memcap key is not a string"));
1486  return TM_ECODE_FAILED;
1487  }
1488  memcap = (char *)json_string_value(jarg);
1489 
1490  jarg = json_object_get(cmd, "memcap");
1491  if (!json_is_string(jarg)) {
1492  json_object_set_new(answer, "message", json_string("memcap value is not a string"));
1493  return TM_ECODE_FAILED;
1494  }
1495  value_str = (char *)json_string_value(jarg);
1496 
1497  if (ParseSizeStringU64(value_str, &value) < 0) {
1498  SCLogError("Error parsing "
1499  "memcap from unix socket: %s",
1500  value_str);
1501  json_object_set_new(answer, "message",
1502  json_string("error parsing memcap specified, "
1503  "value not changed"));
1504  return TM_ECODE_FAILED;
1505  }
1506 
1507  for (i = 0; i < MEMCAPS_MAX; i++) {
1508  if (strcmp(memcaps[i].name, memcap) == 0 && memcaps[i].SetFunc) {
1509  int updated = memcaps[i].SetFunc(value);
1510  char message[150];
1511 
1512  if (updated) {
1513  snprintf(message, sizeof(message),
1514  "memcap value for '%s' updated: %"PRIu64" %s",
1515  memcaps[i].name, value,
1516  (value == 0) ? "(unlimited)" : "");
1517  json_object_set_new(answer, "message", json_string(message));
1518  return TM_ECODE_OK;
1519  } else {
1520  if (value == 0) {
1521  snprintf(message, sizeof(message),
1522  "Unlimited value is not allowed for '%s'", memcaps[i].name);
1523  } else {
1524  if (memcaps[i].GetMemuseFunc()) {
1525  char memuse[50];
1526  MemcapBuildValue(memcaps[i].GetMemuseFunc(), memuse, sizeof(memuse));
1527  snprintf(message, sizeof(message),
1528  "memcap value specified for '%s' is less than the memory in use: %s",
1529  memcaps[i].name, memuse);
1530  } else {
1531  snprintf(message, sizeof(message),
1532  "memcap value specified for '%s' is less than the memory in use",
1533  memcaps[i].name);
1534  }
1535  }
1536  json_object_set_new(answer, "message", json_string(message));
1537  return TM_ECODE_FAILED;
1538  }
1539  }
1540  }
1541 
1542  json_object_set_new(answer, "message",
1543  json_string("Memcap value not found. Use 'memcap-list' to show all"));
1544  return TM_ECODE_FAILED;
1545 }
1546 
1547 TmEcode UnixSocketShowMemcap(json_t *cmd, json_t *answer, void *data)
1548 {
1549  char *memcap = NULL;
1550  int i;
1551 
1552  json_t *jarg = json_object_get(cmd, "config");
1553  if (!json_is_string(jarg)) {
1554  json_object_set_new(answer, "message", json_string("memcap name is not a string"));
1555  return TM_ECODE_FAILED;
1556  }
1557  memcap = (char *)json_string_value(jarg);
1558 
1559  for (i = 0; i < MEMCAPS_MAX; i++) {
1560  if (strcmp(memcaps[i].name, memcap) == 0 && memcaps[i].GetFunc) {
1561  char str[50];
1562  uint64_t val = memcaps[i].GetFunc();
1563  json_t *jobj = json_object();
1564  if (jobj == NULL) {
1565  json_object_set_new(answer, "message",
1566  json_string("internal error at json object creation"));
1567  return TM_ECODE_FAILED;
1568  }
1569 
1570  if (val == 0) {
1571  strlcpy(str, "unlimited", sizeof(str));
1572  } else {
1573  MemcapBuildValue(val, str, sizeof(str));
1574  }
1575 
1576  json_object_set_new(jobj, "value", json_string(str));
1577  json_object_set_new(answer, "message", jobj);
1578  return TM_ECODE_OK;
1579  }
1580  }
1581 
1582  json_object_set_new(answer, "message",
1583  json_string("Memcap value not found. Use 'memcap-list' to show all"));
1584  return TM_ECODE_FAILED;
1585 }
1586 
1587 TmEcode UnixSocketShowAllMemcap(json_t *cmd, json_t *answer, void *data)
1588 {
1589  json_t *jmemcaps = json_array();
1590  int i;
1591 
1592  if (jmemcaps == NULL) {
1593  json_object_set_new(answer, "message",
1594  json_string("internal error at json array creation"));
1595  return TM_ECODE_FAILED;
1596  }
1597 
1598  for (i = 0; i < MEMCAPS_MAX; i++) {
1599  json_t *jobj = json_object();
1600  if (jobj == NULL) {
1601  json_decref(jmemcaps);
1602  json_object_set_new(answer, "message",
1603  json_string("internal error at json object creation"));
1604  return TM_ECODE_FAILED;
1605  }
1606  char str[50];
1607  uint64_t val = memcaps[i].GetFunc();
1608 
1609  if (val == 0) {
1610  strlcpy(str, "unlimited", sizeof(str));
1611  } else {
1612  MemcapBuildValue(val, str, sizeof(str));
1613  }
1614 
1615  json_object_set_new(jobj, "name", json_string(memcaps[i].name));
1616  json_object_set_new(jobj, "value", json_string(str));
1617  json_array_append_new(jmemcaps, jobj);
1618  }
1619 
1620  json_object_set_new(answer, "message", jmemcaps);
1622 }
1623 
1624 TmEcode UnixSocketGetFlowStatsById(json_t *cmd, json_t *answer, void *data)
1625 {
1626  /* Input: we need the IP tuple including VLAN/tenant and the flow ID */
1627  json_t *jarg = json_object_get(cmd, "flow_id");
1628  if (!json_is_integer(jarg)) {
1629  SCLogInfo("error: command is not a string");
1630  json_object_set_new(answer, "message", json_string("flow_id is not an integer"));
1631  return TM_ECODE_FAILED;
1632  }
1633  int64_t flow_id = json_integer_value(jarg);
1634 
1635  Flow *f = FlowGetExistingFlowFromFlowId(flow_id);
1636  if (f == NULL) {
1637  json_object_set_new(answer, "message", json_string("Not found"));
1639  }
1640  uint32_t tosrcpktcnt = f->tosrcpktcnt;
1641  uint32_t todstpktcnt = f->todstpktcnt;
1642  uint64_t tosrcbytecnt = f->tosrcbytecnt;
1643  uint64_t todstbytecnt = f->todstbytecnt;
1644  uint64_t age = SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts);
1645  FLOWLOCK_UNLOCK(f);
1646 
1647  json_t *flow_info = json_object();
1648  if (flow_info == NULL) {
1650  }
1651  json_object_set_new(flow_info, "pkts_toclient", json_integer(tosrcpktcnt));
1652  json_object_set_new(flow_info, "pkts_toserver", json_integer(todstpktcnt));
1653  json_object_set_new(flow_info, "bytes_toclient", json_integer(tosrcbytecnt));
1654  json_object_set_new(flow_info, "bytes_toserver", json_integer(todstbytecnt));
1655  json_object_set_new(flow_info, "age", json_integer(age));
1656  json_object_set_new(answer, "message", flow_info);
1658 }
1659 #endif /* BUILD_UNIX_SOCKET */
1660 
1661 #ifdef BUILD_UNIX_SOCKET
1662 /**
1663  * \brief Single thread version of the Pcap file processing.
1664  */
1665 static int RunModeUnixSocketMaster(void)
1666 {
1667  if (UnixManagerInit() != 0)
1668  return 1;
1669 
1670  PcapCommand *pcapcmd = SCMalloc(sizeof(PcapCommand));
1671  if (unlikely(pcapcmd == NULL)) {
1672  SCLogError("Can not allocate pcap command");
1673  return 1;
1674  }
1675  TAILQ_INIT(&pcapcmd->files);
1676  pcapcmd->running = 0;
1677  pcapcmd->current_file = NULL;
1678 
1679  memset(&unix_manager_pcap_last_processed, 0, sizeof(struct timespec));
1680 
1681  SCCtrlMutexInit(&unix_manager_pcap_last_processed_mutex, NULL);
1682 
1683  UnixManagerRegisterCommand("pcap-file", UnixSocketAddPcapFile, pcapcmd, UNIX_CMD_TAKE_ARGS);
1684  UnixManagerRegisterCommand("pcap-file-continuous", UnixSocketAddPcapFileContinuous, pcapcmd, UNIX_CMD_TAKE_ARGS);
1685  UnixManagerRegisterCommand("pcap-file-number", UnixSocketPcapFilesNumber, pcapcmd, 0);
1686  UnixManagerRegisterCommand("pcap-file-list", UnixSocketPcapFilesList, pcapcmd, 0);
1687  UnixManagerRegisterCommand("pcap-last-processed", UnixSocketPcapLastProcessed, pcapcmd, 0);
1688  UnixManagerRegisterCommand("pcap-interrupt", UnixSocketPcapInterrupt, pcapcmd, 0);
1689  UnixManagerRegisterCommand("pcap-current", UnixSocketPcapCurrent, pcapcmd, 0);
1690 
1691  UnixManagerRegisterBackgroundTask(UnixSocketPcapFilesCheck, pcapcmd);
1692 
1695 
1696  return 0;
1697 }
1698 #endif
1699 
1701 {
1703 }
1704 
1705 
1706 
1707 
host.h
tm-threads.h
HostBitList
int HostBitList(Host *h, XBit **iter)
Definition: host-bit.c:184
HostUnlock
void HostUnlock(Host *h)
Definition: host.c:483
ts
uint64_t ts
Definition: source-erf-file.c:55
XBit_::expire
uint32_t expire
Definition: util-var.h:60
ippair.h
THashCleanup
void THashCleanup(THashTableContext *ctx)
Cleanup the thash engine.
Definition: util-thash.c:416
detect-engine.h
DetectEngineMTApply
int DetectEngineMTApply(void)
Definition: detect-engine.c:4802
RUNMODE_UNIX_SOCKET
@ RUNMODE_UNIX_SOCKET
Definition: runmodes.h:43
MemcapCommand_::GetFunc
uint64_t(* GetFunc)(void)
Definition: runmode-unix-socket.c:80
PcapFiles_::continuous
bool continuous
Definition: runmode-unix-socket.c:66
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:4531
PcapFiles_::should_delete
bool should_delete
Definition: runmode-unix-socket.c:67
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
TmThreadContinueThreads
void TmThreadContinueThreads(void)
Unpauses all threads present in tv_root.
Definition: tm-threads.c:1907
Flow_::startts
SCTime_t startts
Definition: flow.h:489
stream-tcp.h
DetectEnginePruneFreeList
void DetectEnginePruneFreeList(void)
Definition: detect-engine.c:4625
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
ParseSizeStringU64
int ParseSizeStringU64(const char *size, uint64_t *res)
Definition: util-misc.c:198
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:86
RunModeDispatch
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
Definition: runmodes.c:416
Dataset::hash
THashTableContext * hash
Definition: datasets.h:46
Flow_
Flow data structure.
Definition: flow.h:350
DetectEngineReloadTenantBlocking
int DetectEngineReloadTenantBlocking(uint32_t tenant_id, const char *yaml, int reload_cnt)
Reload a tenant and wait for loading to complete.
Definition: detect-engine.c:4043
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:836
ConfYamlLoadFileWithPrefix
int ConfYamlLoadFileWithPrefix(const char *filename, const char *prefix)
Load configuration from a YAML file, insert in tree at 'prefix'.
Definition: conf-yaml-loader.c:542
HostGetHostFromHash
Host * HostGetHostFromHash(Address *a)
Definition: host.c:497
flow-hash.h
UnixManagerThreadSpawn
void UnixManagerThreadSpawn(int mode)
Definition: unix-manager.c:1276
HostSetMemcap
int HostSetMemcap(uint64_t size)
Update memcap value.
Definition: host.c:68
TAILQ_EMPTY
#define TAILQ_EMPTY(head)
Definition: queue.h:248
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
RunModeRegisterNewRunMode
void RunModeRegisterNewRunMode(enum RunModes runmode, const char *name, const char *description, int(*RunModeFunc)(void), void(*RunModeIsIPSEnabled)(void))
Registers a new runmode.
Definition: runmodes.c:491
PcapCommand_
Definition: runmode-unix-socket.c:71
MemcapCommand_::GetMemuseFunc
uint64_t(* GetMemuseFunc)(void)
Definition: runmode-unix-socket.c:81
util-var-name.h
FlowGetMemuse
uint64_t FlowGetMemuse(void)
Definition: flow.c:140
FlowGetMemcap
uint64_t FlowGetMemcap(void)
Return memcap value.
Definition: flow.c:134
ConfSetFinal
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:303
Address_
Definition: decode.h:115
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:2219
stream-tcp-reassemble.h
DetectEngineReloadTenantsBlocking
int DetectEngineReloadTenantsBlocking(const int reload_cnt)
Reload all tenants and wait for loading to complete.
Definition: detect-engine.c:4057
unix_socket_mode_is_running
int unix_socket_mode_is_running
Definition: runmode-unix-socket.c:58
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
HTPMemuseGlobalCounter
uint64_t HTPMemuseGlobalCounter(void)
Definition: app-layer-htp-mem.c:83
DefragTrackerGetMemuse
uint64_t DefragTrackerGetMemuse(void)
Return memuse value.
Definition: defrag-hash.c:71
PacketPoolPostRunmodes
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
Definition: tmqh-packetpool.c:480
MAX
#define MAX(x, y)
Definition: suricata-common.h:395
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:85
MemcapCommand_::SetFunc
int(* SetFunc)(uint64_t)
Definition: runmode-unix-socket.c:79
runmode-unix-socket.h
SCJsonString
json_t * SCJsonString(const char *val)
Definition: output-json.c:104
HTPSetMemcap
int HTPSetMemcap(uint64_t size)
Update memcap value.
Definition: app-layer-htp-mem.c:115
DatasetLookupSerialized
int DatasetLookupSerialized(Dataset *set, const char *string)
add serialized data to set
Definition: datasets.c:1661
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:267
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:84
HostGetMemcap
uint64_t HostGetMemcap(void)
Return memcap value.
Definition: host.c:83
MemcapCommand_::name
const char * name
Definition: runmode-unix-socket.c:78
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
TAILQ_ENTRY
#define TAILQ_ENTRY(type)
Definition: queue.h:239
RunModeUnixSocketGetDefaultMode
const char * RunModeUnixSocketGetDefaultMode(void)
Definition: runmode-unix-socket.c:84
Flow_::tosrcbytecnt
uint64_t tosrcbytecnt
Definition: flow.h:494
DetectEngineMultiTenantEnabled
int DetectEngineMultiTenantEnabled(void)
Definition: detect-engine.c:3775
MEMCAPS_MAX
#define MEMCAPS_MAX
Definition: runmode-unix-socket.c:89
datasets.h
VarNameStoreLookupByName
uint32_t VarNameStoreLookupByName(const char *name, const enum VarTypes type)
find name for id+type at packet time.
Definition: util-var-name.c:322
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2248
util-debug.h
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4615
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
type
uint8_t type
Definition: decode-icmpv4.h:0
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
TmThreadWaitOnThreadInit
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
Definition: tm-threads.c:1948
HTPGetMemcap
uint64_t HTPGetMemcap(void)
Update memcap value.
Definition: app-layer-htp-mem.c:129
util-cpu.h
Flow_::todstpktcnt
uint32_t todstpktcnt
Definition: flow.h:491
output-json.h
HostBitUnset
void HostBitUnset(Host *h, uint32_t idx)
Definition: host-bit.c:139
SCTimespecAsEpochMillis
uint64_t SCTimespecAsEpochMillis(const struct timespec *ts)
Definition: util-time.c:639
Flow_::lastts
SCTime_t lastts
Definition: flow.h:409
DATASET_TYPE_NOTSET
#define DATASET_TYPE_NOTSET
Definition: datasets.h:31
IPPairGetMemcap
uint64_t IPPairGetMemcap(void)
Return memcap value.
Definition: ippair.c:81
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
util-affinity.h
MemcapsGetPressure
float MemcapsGetPressure(void)
Definition: runmode-unix-socket.c:135
util-time.h
source-pcap-file-directory-helper.h
RunModeUnixSocketIsActive
int RunModeUnixSocketIsActive(void)
Definition: runmode-unix-socket.c:1700
HostGetMemuse
uint64_t HostGetMemuse(void)
Return memuse value.
Definition: host.c:94
DefragTrackerGetMemcap
uint64_t DefragTrackerGetMemcap(void)
Return memcap value.
Definition: defrag-hash.c:60
Flow_::todstbytecnt
uint64_t todstbytecnt
Definition: flow.h:493
util-profiling.h
HostBitSet
void HostBitSet(Host *h, uint32_t idx, uint32_t expire)
Definition: host-bit.c:131
DetectEngineLoadTenantBlocking
int DetectEngineLoadTenantBlocking(uint32_t tenant_id, const char *yaml)
Load a tenant and wait for loading to complete.
Definition: detect-engine.c:4029
SCCtrlMutexLock
#define SCCtrlMutexLock(mut)
Definition: threads-debug.h:376
conf-yaml-loader.h
TimeGet
SCTime_t TimeGet(void)
Definition: util-time.c:152
PcapFiles_
Definition: runmode-unix-socket.c:60
FlowGetExistingFlowFromFlowId
Flow * FlowGetExistingFlowFromFlowId(int64_t flow_id)
Look for existing Flow using a flow id value.
Definition: flow-hash.c:968
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:1061
conf.h
PcapCommand
struct PcapCommand_ PcapCommand
UNIX_CMD_TAKE_ARGS
#define UNIX_CMD_TAKE_ARGS
Definition: unix-manager.h:29
SCTime_t
Definition: util-time.h:40
runmode-pcap-file.h
TmEcode
TmEcode
Definition: tm-threads-common.h:83
flow-timeout.h
DatasetRemoveSerialized
int DatasetRemoveSerialized(Dataset *set, const char *string)
remove serialized data from set
Definition: datasets.c:1739
defrag.h
runmodes.h
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
PcapFiles_::poll_interval
time_t poll_interval
Definition: runmode-unix-socket.c:65
DatasetTypes
DatasetTypes
Definition: datasets.h:30
SCCtrlMutexUnlock
#define SCCtrlMutexUnlock(mut)
Definition: threads-debug.h:378
StreamTcpSetMemcap
int StreamTcpSetMemcap(uint64_t size)
Update memcap value.
Definition: stream-tcp.c:177
RunModeUnixSocketRegister
void RunModeUnixSocketRegister(void)
Definition: runmode-unix-socket.c:582
flow-manager.h
suricata-common.h
VarNameStoreLookupById
const char * VarNameStoreLookupById(const uint32_t id, const enum VarTypes type)
find name for id+type at packet time.
Definition: util-var-name.c:305
SCCtrlMutex
#define SCCtrlMutex
Definition: threads-debug.h:373
util-path.h
UnixManagerInit
int UnixManagerInit(void)
SCTIME_SECS
#define SCTIME_SECS(t)
Definition: util-time.h:57
IPPairGetMemuse
uint64_t IPPairGetMemuse(void)
Return memuse value.
Definition: ippair.c:92
MemcapCommand
struct MemcapCommand_ MemcapCommand
DetectEngineTenantRegisterPcapFile
int DetectEngineTenantRegisterPcapFile(uint32_t tenant_id)
Definition: detect-engine.c:4488
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
VAR_TYPE_HOST_BIT
@ VAR_TYPE_HOST_BIT
Definition: util-var.h:39
DefragTrackerSetMemcap
int DefragTrackerSetMemcap(uint64_t size)
Update memcap value.
Definition: defrag-hash.c:45
DatasetFind
Dataset * DatasetFind(const char *name, enum DatasetTypes type)
look for set by name without creating it
Definition: datasets.c:618
PcapFiles
struct PcapFiles_ PcapFiles
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
unix-manager.h
str
#define str(s)
Definition: suricata-common.h:291
DatasetGetTypeFromString
enum DatasetTypes DatasetGetTypeFromString(const char *s)
Definition: datasets.c:58
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
StreamTcpMemuseCounter
uint64_t StreamTcpMemuseCounter(void)
Definition: stream-tcp.c:152
StreamTcpReassembleMemuseGlobalCounter
uint64_t StreamTcpReassembleMemuseGlobalCounter(void)
Definition: stream-tcp-reassemble.c:148
TAILQ_HEAD
#define TAILQ_HEAD(name, type)
Definition: queue.h:230
SCCtrlMutexInit
#define SCCtrlMutexInit(mut, mutattr)
Definition: threads-debug.h:375
StreamTcpGetMemcap
uint64_t StreamTcpGetMemcap(void)
Return memcap value.
Definition: stream-tcp.c:192
PcapFiles_::delay
time_t delay
Definition: runmode-unix-socket.c:64
UnixSocketPcapFile
TmEcode UnixSocketPcapFile(TmEcode tm, struct timespec *last_processed)
Definition: runmode-unix-socket.c:593
app-layer-htp-mem.h
PcapFiles_::output_dir
char * output_dir
Definition: runmode-unix-socket.c:62
HostLookupHostFromHash
Host * HostLookupHostFromHash(Address *a)
look up a host in the hash
Definition: host.c:596
IPPairSetMemcap
int IPPairSetMemcap(uint64_t size)
Update memcap value.
Definition: ippair.c:66
defrag-hash.h
StreamTcpReassembleGetMemcap
uint64_t StreamTcpReassembleGetMemcap(void)
Return memcap value.
Definition: stream-tcp-reassemble.c:198
Address_::family
char family
Definition: decode.h:116
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
Definition: suricata.c:2270
XBit_::idx
uint32_t idx
Definition: util-var.h:58
DatasetAddSerialized
int DatasetAddSerialized(Dataset *set, const char *string)
add serialized data to set
Definition: datasets.c:1649
MemcapCommand_
Definition: runmode-unix-socket.c:77
XBit_
Definition: util-var.h:55
Dataset
Definition: datasets.h:40
SCStatFn
#define SCStatFn(pathname, statbuf)
Definition: util-path.h:35
util-misc.h
PcapFiles_::tenant_id
uint32_t tenant_id
Definition: runmode-unix-socket.c:63
StreamTcpReassembleSetMemcap
int StreamTcpReassembleSetMemcap(uint64_t size)
Update memcap value.
Definition: stream-tcp-reassemble.c:183
DetectEngineTenantRegisterVlanId
int DetectEngineTenantRegisterVlanId(uint32_t tenant_id, uint16_t vlan_id)
Definition: detect-engine.c:4478
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:237
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
Host_
Definition: host.h:58
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
DetectEngineTenantUnregisterPcapFile
int DetectEngineTenantUnregisterPcapFile(uint32_t tenant_id)
Definition: detect-engine.c:4494
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
DetectEngineGetByTenantId
DetectEngineCtx * DetectEngineGetByTenantId(uint32_t tenant_id)
Definition: detect-engine.c:4505
DetectEngineTenantUnregisterVlanId
int DetectEngineTenantUnregisterVlanId(uint32_t tenant_id, uint16_t vlan_id)
Definition: detect-engine.c:4483
SCStat
struct stat SCStat
Definition: util-path.h:33
Flow_::tosrcpktcnt
uint32_t tosrcpktcnt
Definition: flow.h:492
output.h
host-bit.h
app-layer.h
PcapFiles_::filename
char * filename
Definition: runmode-unix-socket.c:61
FlowSetMemcap
int FlowSetMemcap(uint64_t size)
Update memcap value.
Definition: flow.c:119