suricata
runmode-unix-socket.c
Go to the documentation of this file.
1 /* Copyright (C) 2012 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata-common.h"
19 #include "tm-threads.h"
20 #include "conf.h"
21 #include "runmodes.h"
22 #include "runmode-pcap-file.h"
23 #include "output.h"
24 #include "output-json.h"
25 
26 #include "util-debug.h"
27 #include "util-time.h"
28 #include "util-cpu.h"
29 #include "util-affinity.h"
30 #include "util-var-name.h"
31 #include "unix-manager.h"
32 
33 #include "detect-engine.h"
34 
35 #include "flow-manager.h"
36 #include "flow-timeout.h"
37 #include "flow-hash.h"
38 #include "stream-tcp.h"
39 #include "stream-tcp-reassemble.h"
40 #include "source-pcap-file-directory-helper.h"
41 #include "host.h"
42 #include "defrag.h"
43 #include "defrag-hash.h"
44 #include "ippair.h"
45 #include "app-layer.h"
46 #include "app-layer-htp-mem.h"
47 #include "host-bit.h"
48 
49 #include "util-misc.h"
50 #include "util-profiling.h"
51 
52 #include "conf-yaml-loader.h"
53 
54 #include "datasets.h"
55 #include "runmode-unix-socket.h"
56 
57 int unix_socket_mode_is_running = 0;
58 
59 typedef struct PcapFiles_ {
60  char *filename;
61  char *output_dir;
62  int tenant_id;
63  time_t delay;
64  time_t poll_interval;
65  bool continuous;
66  bool should_delete;
67  TAILQ_ENTRY(PcapFiles_) next;
68 } PcapFiles;
69 
70 typedef struct PcapCommand_ {
71  TAILQ_HEAD(, PcapFiles_) files;
72  int running;
73  PcapFiles *current_file;
74 } PcapCommand;
75 
76 typedef struct MemcapCommand_ {
77  const char *name;
78  int (*SetFunc)(uint64_t);
79  uint64_t (*GetFunc)(void);
80  uint64_t (*GetMemuseFunc)(void);
81 } MemcapCommand;
82 
83 const char *RunModeUnixSocketGetDefaultMode(void)
84 {
85  return "autofp";
86 }
87 
88 #define MEMCAPS_MAX 7
89 static MemcapCommand memcaps[MEMCAPS_MAX] = {
90  {
91  "stream",
92  StreamTcpSetMemcap,
93  StreamTcpGetMemcap,
94  StreamTcpMemuseCounter,
95  },
96  {
97  "stream-reassembly",
98  StreamTcpReassembleSetMemcap,
99  StreamTcpReassembleGetMemcap,
100  StreamTcpReassembleMemuseGlobalCounter
101  },
102  {
103  "flow",
104  FlowSetMemcap,
105  FlowGetMemcap,
106  FlowGetMemuse
107  },
108  {
109  "applayer-proto-http",
110  HTPSetMemcap,
111  HTPGetMemcap,
112  HTPMemuseGlobalCounter
113  },
114  {
115  "defrag",
116  DefragTrackerSetMemcap,
117  DefragTrackerGetMemcap,
118  DefragTrackerGetMemuse
119  },
120  {
121  "ippair",
122  IPPairSetMemcap,
123  IPPairGetMemcap,
124  IPPairGetMemuse
125  },
126  {
127  "host",
128  HostSetMemcap,
129  HostGetMemcap,
130  HostGetMemuse
131  },
132 };
133 
134 float MemcapsGetPressure(void)
135 {
136  float percent = 0.0;
137  for (int i = 0; i < 4; i++) { // only flow, streams, http
138  uint64_t memcap = memcaps[i].GetFunc();
139  if (memcap) {
140  uint64_t memuse = memcaps[i].GetMemuseFunc();
141  float p = (float)((double)memuse / (double)memcap);
142  // SCLogNotice("%s: memuse %"PRIu64", memcap %"PRIu64" => %f%%",
143  // memcaps[i].name, memuse, memcap, (p * 100));
144  percent = MAX(p, percent);
145  }
146  }
147  return percent;
148 }
149 
150 #ifdef BUILD_UNIX_SOCKET
151 
152 static int RunModeUnixSocketMaster(void);
153 static int unix_manager_pcap_task_running = 0;
154 static int unix_manager_pcap_task_failed = 0;
155 static int unix_manager_pcap_task_interrupted = 0;
156 static struct timespec unix_manager_pcap_last_processed;
157 static SCCtrlMutex unix_manager_pcap_last_processed_mutex;
158 
159 /**
160  * \brief return list of files in the queue
161  *
162  * \retval 0 in case of error, 1 in case of success
163  */
164 static TmEcode UnixSocketPcapFilesList(json_t *cmd, json_t* answer, void *data)
165 {
166  PcapCommand *this = (PcapCommand *) data;
167  int i = 0;
168  PcapFiles *file;
169  json_t *jdata;
170  json_t *jarray;
171 
172  jdata = json_object();
173  if (jdata == NULL) {
174  json_object_set_new(answer, "message",
175  json_string("internal error at json object creation"));
176  return TM_ECODE_FAILED;
177  }
178  jarray = json_array();
179  if (jarray == NULL) {
180  json_decref(jdata);
181  json_object_set_new(answer, "message",
182  json_string("internal error at json object creation"));
183  return TM_ECODE_FAILED;
184  }
185  TAILQ_FOREACH(file, &this->files, next) {
186  json_array_append_new(jarray, SCJsonString(file->filename));
187  i++;
188  }
189  json_object_set_new(jdata, "count", json_integer(i));
190  json_object_set_new(jdata, "files", jarray);
191  json_object_set_new(answer, "message", jdata);
192  return TM_ECODE_OK;
193 }
194 
195 static TmEcode UnixSocketPcapFilesNumber(json_t *cmd, json_t* answer, void *data)
196 {
197  PcapCommand *this = (PcapCommand *) data;
198  int i = 0;
199  PcapFiles *file;
200 
201  TAILQ_FOREACH(file, &this->files, next) {
202  i++;
203  }
204  json_object_set_new(answer, "message", json_integer(i));
205  return TM_ECODE_OK;
206 }
207 
208 static TmEcode UnixSocketPcapCurrent(json_t *cmd, json_t* answer, void *data)
209 {
210  PcapCommand *this = (PcapCommand *) data;
211 
212  if (this->current_file != NULL && this->current_file->filename != NULL) {
213  json_object_set_new(answer, "message",
214  json_string(this->current_file->filename));
215  } else {
216  json_object_set_new(answer, "message", json_string("None"));
217  }
218  return TM_ECODE_OK;
219 }
220 
221 static TmEcode UnixSocketPcapLastProcessed(json_t *cmd, json_t *answer, void *data)
222 {
223  json_int_t epoch_millis;
224  SCCtrlMutexLock(&unix_manager_pcap_last_processed_mutex);
225  epoch_millis = SCTimespecAsEpochMillis(&unix_manager_pcap_last_processed);
226  SCCtrlMutexUnlock(&unix_manager_pcap_last_processed_mutex);
227 
228  json_object_set_new(answer, "message",
229  json_integer(epoch_millis));
230 
231  return TM_ECODE_OK;
232 }
233 
234 static TmEcode UnixSocketPcapInterrupt(json_t *cmd, json_t *answer, void *data)
235 {
236  unix_manager_pcap_task_interrupted = 1;
237 
238  json_object_set_new(answer, "message", json_string("Interrupted"));
239 
240  return TM_ECODE_OK;
241 }
242 
243 static void PcapFilesFree(PcapFiles *cfile)
244 {
245  if (cfile == NULL)
246  return;
247  if (cfile->filename)
248  SCFree(cfile->filename);
249  if (cfile->output_dir)
250  SCFree(cfile->output_dir);
251  SCFree(cfile);
252 }
253 
254 /**
255  * \brief Add file to file queue
256  *
257  * \param this a UnixCommand:: structure
258  * \param filename absolute filename
259  * \param output_dir absolute name of directory where log will be put
260  * \param tenant_id Id of tenant associated with this file
261  * \param continuous If file should be run in continuous mode
262  * \param delete If file should be deleted when done
263  * \param delay Delay required for file modified time before being processed
264  * \param poll_interval How frequently directory mode polls for new files
265  *
266  * \retval 0 in case of error, 1 in case of success
267  */
268 static TmEcode UnixListAddFile(
269  PcapCommand *this,
270  const char *filename,
271  const char *output_dir,
272  int tenant_id,
273  bool continuous,
274  bool should_delete,
275  time_t delay,
276  time_t poll_interval
277 )
278 {
279  PcapFiles *cfile = NULL;
280  if (filename == NULL || this == NULL)
281  return TM_ECODE_FAILED;
282  cfile = SCMalloc(sizeof(PcapFiles));
283  if (unlikely(cfile == NULL)) {
284  SCLogError("Unable to allocate new file");
285  return TM_ECODE_FAILED;
286  }
287  memset(cfile, 0, sizeof(PcapFiles));
288 
289  cfile->filename = SCStrdup(filename);
290  if (unlikely(cfile->filename == NULL)) {
291  SCFree(cfile);
292  SCLogError("Unable to dup filename");
293  return TM_ECODE_FAILED;
294  }
295 
296  if (output_dir) {
297  cfile->output_dir = SCStrdup(output_dir);
298  if (unlikely(cfile->output_dir == NULL)) {
299  SCFree(cfile->filename);
300  SCFree(cfile);
301  SCLogError("Unable to dup output_dir");
302  return TM_ECODE_FAILED;
303  }
304  }
305 
306  cfile->tenant_id = tenant_id;
307  cfile->continuous = continuous;
308  cfile->should_delete = should_delete;
309  cfile->delay = delay;
310  cfile->poll_interval = poll_interval;
311 
312  TAILQ_INSERT_TAIL(&this->files, cfile, next);
313  return TM_ECODE_OK;
314 }
315 
316 /**
317  * \brief Command to add a file to treatment list
318  *
319  * \param cmd the content of command Arguments as a json_t object
320  * \param answer the json_t object that has to be used to answer
321  * \param data pointer to data defining the context here a PcapCommand::
322  * \param continuous If this should run in continuous mode
323  */
324 static TmEcode UnixSocketAddPcapFileImpl(json_t *cmd, json_t* answer, void *data,
325  bool continuous)
326 {
327  PcapCommand *this = (PcapCommand *) data;
328  const char *filename;
329  const char *output_dir;
330  int tenant_id = 0;
331  bool should_delete = false;
332  time_t delay = 30;
333  time_t poll_interval = 5;
334 #ifdef OS_WIN32
335  struct _stat st;
336 #else
337  struct stat st;
338 #endif /* OS_WIN32 */
339 
340  json_t *jarg = json_object_get(cmd, "filename");
341  if (!json_is_string(jarg)) {
342  SCLogError("filename is not a string");
343  json_object_set_new(answer, "message",
344  json_string("filename is not a string"));
345  return TM_ECODE_FAILED;
346  }
347  filename = json_string_value(jarg);
348 #ifdef OS_WIN32
349  if (_stat(filename, &st) != 0) {
350 #else
351  if (stat(filename, &st) != 0) {
352 #endif /* OS_WIN32 */
353  json_object_set_new(answer, "message",
354  json_string("filename does not exist"));
355  return TM_ECODE_FAILED;
356  }
357 
358  json_t *oarg = json_object_get(cmd, "output-dir");
359  if (oarg != NULL) {
360  if (!json_is_string(oarg)) {
361  SCLogError("output-dir is not a string");
362 
363  json_object_set_new(answer, "message",
364  json_string("output-dir is not a string"));
365  return TM_ECODE_FAILED;
366  }
367  output_dir = json_string_value(oarg);
368  } else {
369  SCLogError("can't get output-dir");
370 
371  json_object_set_new(answer, "message",
372  json_string("output-dir param is mandatory"));
373  return TM_ECODE_FAILED;
374  }
375 
376 #ifdef OS_WIN32
377  if (_stat(output_dir, &st) != 0) {
378 #else
379  if (stat(output_dir, &st) != 0) {
380 #endif /* OS_WIN32 */
381  json_object_set_new(answer, "message",
382  json_string("output-dir does not exist"));
383  return TM_ECODE_FAILED;
384  }
385 
386  json_t *targ = json_object_get(cmd, "tenant");
387  if (targ != NULL) {
388  if (!json_is_integer(targ)) {
389  json_object_set_new(answer, "message",
390  json_string("tenant is not a number"));
391  return TM_ECODE_FAILED;
392  }
393  tenant_id = json_number_value(targ);
394  }
395 
396  json_t *delete_arg = json_object_get(cmd, "delete-when-done");
397  if (delete_arg != NULL) {
398  should_delete = json_is_true(delete_arg);
399  }
400 
401  json_t *delay_arg = json_object_get(cmd, "delay");
402  if (delay_arg != NULL) {
403  if (!json_is_integer(delay_arg)) {
404  SCLogError("delay is not a integer");
405  json_object_set_new(answer, "message",
406  json_string("delay is not a integer"));
407  return TM_ECODE_FAILED;
408  }
409  delay = json_integer_value(delay_arg);
410  }
411 
412  json_t *interval_arg = json_object_get(cmd, "poll-interval");
413  if (interval_arg != NULL) {
414  if (!json_is_integer(interval_arg)) {
415  SCLogError("poll-interval is not a integer");
416 
417  json_object_set_new(answer, "message",
418  json_string("poll-interval is not a integer"));
419  return TM_ECODE_FAILED;
420  }
421  poll_interval = json_integer_value(interval_arg);
422  }
423 
424  switch (UnixListAddFile(this, filename, output_dir, tenant_id, continuous,
425  should_delete, delay, poll_interval)) {
426  case TM_ECODE_FAILED:
427  case TM_ECODE_DONE:
428  json_object_set_new(answer, "message",
429  json_string("Unable to add file to list"));
430  return TM_ECODE_FAILED;
431  case TM_ECODE_OK:
432  SCLogInfo("Added file '%s' to list", filename);
433  json_object_set_new(answer, "message",
434  json_string("Successfully added file to list"));
435  return TM_ECODE_OK;
436  }
437  return TM_ECODE_OK;
438 }
439 
440 /**
441  * \brief Command to add a file to treatment list
442  *
443  * \param cmd the content of command Arguments as a json_t object
444  * \param answer the json_t object that has to be used to answer
445  * \param data pointer to data defining the context here a PcapCommand::
446  */
447 static TmEcode UnixSocketAddPcapFile(json_t *cmd, json_t* answer, void *data)
448 {
449  bool continuous = false;
450 
451  json_t *cont_arg = json_object_get(cmd, "continuous");
452  if (cont_arg != NULL) {
453  continuous = json_is_true(cont_arg);
454  }
455 
456  return UnixSocketAddPcapFileImpl(cmd, answer, data, continuous);
457 }
458 
459 /**
460  * \brief Command to add a file to treatment list, forcing continuous mode
461  *
462  * \param cmd the content of command Arguments as a json_t object
463  * \param answer the json_t object that has to be used to answer
464  * \param data pointer to data defining the context here a PcapCommand::
465  */
466 static TmEcode UnixSocketAddPcapFileContinuous(json_t *cmd, json_t* answer, void *data)
467 {
468  return UnixSocketAddPcapFileImpl(cmd, answer, data, true);
469 }
470 
471 /**
472  * \brief Handle the file queue
473  *
474  * This function check if there is currently a file
475  * being parse. If it is not the case, it will start to
476  * work on a new file. This implies to start a new 'pcap-file'
477  * running mode after having set the file and the output dir.
478  * This function also handles the cleaning of the previous
479  * running mode.
480  *
481  * \param this a UnixCommand:: structure
482  * \retval 0 in case of error, 1 in case of success
483  */
484 static TmEcode UnixSocketPcapFilesCheck(void *data)
485 {
486  PcapCommand *this = (PcapCommand *) data;
487  if (unix_manager_pcap_task_running == 1) {
488  return TM_ECODE_OK;
489  }
490  if ((unix_manager_pcap_task_failed == 1) || (this->running == 1)) {
491  if (unix_manager_pcap_task_failed) {
492  SCLogInfo("Preceeding task failed, cleaning the running mode");
493  }
494  unix_manager_pcap_task_failed = 0;
495  this->running = 0;
496 
497  SCLogInfo("Resetting engine state");
498  PostRunDeinit(RUNMODE_PCAP_FILE, NULL /* no ts */);
499 
500  if (this->current_file) {
501  PcapFilesFree(this->current_file);
502  }
503  this->current_file = NULL;
504  }
505 
506  if (TAILQ_EMPTY(&this->files)) {
507  // nothing to do
508  return TM_ECODE_OK;
509  }
510 
511  PcapFiles *cfile = TAILQ_FIRST(&this->files);
512  TAILQ_REMOVE(&this->files, cfile, next);
513 
514  unix_manager_pcap_task_running = 1;
515  this->running = 1;
516 
517  if (ConfSetFinal("pcap-file.file", cfile->filename) != 1) {
518  SCLogError("Can not set working file to '%s'", cfile->filename);
519  PcapFilesFree(cfile);
520  return TM_ECODE_FAILED;
521  }
522 
523  int set_res = 0;
524  if (cfile->continuous) {
525  set_res = ConfSetFinal("pcap-file.continuous", "true");
526  } else {
527  set_res = ConfSetFinal("pcap-file.continuous", "false");
528  }
529  if (set_res != 1) {
530  SCLogError("Can not set continuous mode for pcap processing");
531  PcapFilesFree(cfile);
532  return TM_ECODE_FAILED;
533  }
534  if (cfile->should_delete) {
535  set_res = ConfSetFinal("pcap-file.delete-when-done", "true");
536  } else {
537  set_res = ConfSetFinal("pcap-file.delete-when-done", "false");
538  }
539  if (set_res != 1) {
540  SCLogError("Can not set delete mode for pcap processing");
541  PcapFilesFree(cfile);
542  return TM_ECODE_FAILED;
543  }
544 
545  if (cfile->delay > 0) {
546  char tstr[32];
547  snprintf(tstr, sizeof(tstr), "%" PRIuMAX, (uintmax_t)cfile->delay);
548  if (ConfSetFinal("pcap-file.delay", tstr) != 1) {
549  SCLogError("Can not set delay to '%s'", tstr);
550  PcapFilesFree(cfile);
551  return TM_ECODE_FAILED;
552  }
553  }
554 
555  if (cfile->poll_interval > 0) {
556  char tstr[32];
557  snprintf(tstr, sizeof(tstr), "%" PRIuMAX, (uintmax_t)cfile->poll_interval);
558  if (ConfSetFinal("pcap-file.poll-interval", tstr) != 1) {
559  SCLogError("Can not set poll-interval to '%s'", tstr);
560  PcapFilesFree(cfile);
561  return TM_ECODE_FAILED;
562  }
563  }
564 
565  if (cfile->tenant_id > 0) {
566  char tstr[16];
567  snprintf(tstr, sizeof(tstr), "%d", cfile->tenant_id);
568  if (ConfSetFinal("pcap-file.tenant-id", tstr) != 1) {
569  SCLogError("Can not set working tenant-id to '%s'", tstr);
570  PcapFilesFree(cfile);
571  return TM_ECODE_FAILED;
572  }
573  } else {
574  SCLogInfo("pcap-file.tenant-id not set");
575  }
576 
577  if (cfile->output_dir) {
578  if (ConfSetFinal("default-log-dir", cfile->output_dir) != 1) {
579  SCLogError("Can not set output dir to '%s'", cfile->output_dir);
580  PcapFilesFree(cfile);
581  return TM_ECODE_FAILED;
582  }
583  }
584 
585  this->current_file = cfile;
586 
587  SCLogInfo("Starting run for '%s'", this->current_file->filename);
588 
589  PreRunInit(RUNMODE_PCAP_FILE);
590  PreRunPostPrivsDropInit(RUNMODE_PCAP_FILE);
591  RunModeDispatch(RUNMODE_PCAP_FILE, NULL, NULL, NULL);
592 
593  /* Un-pause all the paused threads */
594  TmThreadWaitOnThreadInit();
595  PacketPoolPostRunmodes();
596  TmThreadContinueThreads();
597 
598  return TM_ECODE_OK;
599 }
600 #endif
601 
602 void RunModeUnixSocketRegister(void)
603 {
604 #ifdef BUILD_UNIX_SOCKET
605  /* a bit of a hack, but register twice to --list-runmodes shows both */
606  RunModeRegisterNewRunMode(
607  RUNMODE_UNIX_SOCKET, "single", "Unix socket mode", RunModeUnixSocketMaster, NULL);
608  RunModeRegisterNewRunMode(
609  RUNMODE_UNIX_SOCKET, "autofp", "Unix socket mode", RunModeUnixSocketMaster, NULL);
610 #endif
611 }
612 
613 TmEcode UnixSocketPcapFile(TmEcode tm, struct timespec *last_processed)
614 {
615 #ifdef BUILD_UNIX_SOCKET
616  if(last_processed) {
617  SCCtrlMutexLock(&unix_manager_pcap_last_processed_mutex);
618  unix_manager_pcap_last_processed.tv_sec = last_processed->tv_sec;
619  unix_manager_pcap_last_processed.tv_nsec = last_processed->tv_nsec;
620  SCCtrlMutexUnlock(&unix_manager_pcap_last_processed_mutex);
621  }
622  switch (tm) {
623  case TM_ECODE_DONE:
624  SCLogInfo("Marking current task as done");
625  unix_manager_pcap_task_running = 0;
626  return TM_ECODE_DONE;
627  case TM_ECODE_FAILED:
628  SCLogInfo("Marking current task as failed");
629  unix_manager_pcap_task_running = 0;
630  unix_manager_pcap_task_failed = 1;
631  //if we return failed, we can't stop the thread and suricata will fail to close
632  return TM_ECODE_FAILED;
633  case TM_ECODE_OK:
634  if (unix_manager_pcap_task_interrupted == 1) {
635  SCLogInfo("Interrupting current run mode");
636  unix_manager_pcap_task_interrupted = 0;
637  return TM_ECODE_DONE;
638  } else {
639  return TM_ECODE_OK;
640  }
641  }
642 #endif
643  return TM_ECODE_FAILED;
644 }
645 
646 #ifdef BUILD_UNIX_SOCKET
647 /**
648  * \brief Command to add data to a dataset
649  *
650  * \param cmd the content of command Arguments as a json_t object
651  * \param answer the json_t object that has to be used to answer
652  * \param data pointer to data defining the context here a PcapCommand::
653  */
654 TmEcode UnixSocketDatasetAdd(json_t *cmd, json_t* answer, void *data)
655 {
656  /* 1 get dataset name */
657  json_t *narg = json_object_get(cmd, "setname");
658  if (!json_is_string(narg)) {
659  json_object_set_new(answer, "message", json_string("setname is not a string"));
660  return TM_ECODE_FAILED;
661  }
662  const char *set_name = json_string_value(narg);
663 
664  /* 2 get the data type */
665  json_t *targ = json_object_get(cmd, "settype");
666  if (!json_is_string(targ)) {
667  json_object_set_new(answer, "message", json_string("settype is not a string"));
668  return TM_ECODE_FAILED;
669  }
670  const char *type = json_string_value(targ);
671 
672  /* 3 get value */
673  json_t *varg = json_object_get(cmd, "datavalue");
674  if (!json_is_string(varg)) {
675  json_object_set_new(answer, "message", json_string("datavalue is not string"));
676  return TM_ECODE_FAILED;
677  }
678  const char *value = json_string_value(varg);
679 
680  SCLogDebug("dataset-add: %s type %s value %s", set_name, type, value);
681 
682  enum DatasetTypes t = DatasetGetTypeFromString(type);
683  if (t == DATASET_TYPE_NOTSET) {
684  json_object_set_new(answer, "message", json_string("unknown settype"));
685  return TM_ECODE_FAILED;
686  }
687 
688  Dataset *set = DatasetFind(set_name, t);
689  if (set == NULL) {
690  json_object_set_new(answer, "message", json_string("set not found or wrong type"));
691  return TM_ECODE_FAILED;
692  }
693 
694  int r = DatasetAddSerialized(set, value);
695  if (r == 1) {
696  json_object_set_new(answer, "message", json_string("data added"));
697  return TM_ECODE_OK;
698  } else if (r == 0) {
699  json_object_set_new(answer, "message", json_string("data already in set"));
700  return TM_ECODE_OK;
701  } else {
702  json_object_set_new(answer, "message", json_string("failed to add data"));
703  return TM_ECODE_FAILED;
704  }
705 }
706 
707 TmEcode UnixSocketDatasetRemove(json_t *cmd, json_t* answer, void *data)
708 {
709  /* 1 get dataset name */
710  json_t *narg = json_object_get(cmd, "setname");
711  if (!json_is_string(narg)) {
712  json_object_set_new(answer, "message", json_string("setname is not a string"));
713  return TM_ECODE_FAILED;
714  }
715  const char *set_name = json_string_value(narg);
716 
717  /* 2 get the data type */
718  json_t *targ = json_object_get(cmd, "settype");
719  if (!json_is_string(targ)) {
720  json_object_set_new(answer, "message", json_string("settype is not a string"));
721  return TM_ECODE_FAILED;
722  }
723  const char *type = json_string_value(targ);
724 
725  /* 3 get value */
726  json_t *varg = json_object_get(cmd, "datavalue");
727  if (!json_is_string(varg)) {
728  json_object_set_new(answer, "message", json_string("datavalue is not string"));
729  return TM_ECODE_FAILED;
730  }
731  const char *value = json_string_value(varg);
732 
733  SCLogDebug("dataset-remove: %s type %s value %s", set_name, type, value);
734 
735  enum DatasetTypes t = DatasetGetTypeFromString(type);
736  if (t == DATASET_TYPE_NOTSET) {
737  json_object_set_new(answer, "message", json_string("unknown settype"));
738  return TM_ECODE_FAILED;
739  }
740 
741  Dataset *set = DatasetFind(set_name, t);
742  if (set == NULL) {
743  json_object_set_new(answer, "message", json_string("set not found or wrong type"));
744  return TM_ECODE_FAILED;
745  }
746 
747  int r = DatasetRemoveSerialized(set, value);
748  if (r == 1) {
749  json_object_set_new(answer, "message", json_string("data removed"));
750  return TM_ECODE_OK;
751  } else if (r == 0) {
752  json_object_set_new(answer, "message", json_string("data is busy, try again"));
753  return TM_ECODE_OK;
754  } else {
755  json_object_set_new(answer, "message", json_string("failed to remove data"));
756  return TM_ECODE_FAILED;
757  }
758 }
759 
760 TmEcode UnixSocketDatasetDump(json_t *cmd, json_t *answer, void *data)
761 {
762  SCEnter();
763  SCLogDebug("Going to dump datasets");
764  DatasetsSave();
765  json_object_set_new(answer, "message", json_string("datasets dump done"));
766  SCReturnInt(TM_ECODE_OK);
767 }
768 
769 TmEcode UnixSocketDatasetClear(json_t *cmd, json_t *answer, void *data)
770 {
771  /* 1 get dataset name */
772  json_t *narg = json_object_get(cmd, "setname");
773  if (!json_is_string(narg)) {
774  json_object_set_new(answer, "message", json_string("setname is not a string"));
775  return TM_ECODE_FAILED;
776  }
777  const char *set_name = json_string_value(narg);
778 
779  /* 2 get the data type */
780  json_t *targ = json_object_get(cmd, "settype");
781  if (!json_is_string(targ)) {
782  json_object_set_new(answer, "message", json_string("settype is not a string"));
783  return TM_ECODE_FAILED;
784  }
785  const char *type = json_string_value(targ);
786 
787  enum DatasetTypes t = DatasetGetTypeFromString(type);
788  if (t == DATASET_TYPE_NOTSET) {
789  json_object_set_new(answer, "message", json_string("unknown settype"));
790  return TM_ECODE_FAILED;
791  }
792 
793  Dataset *set = DatasetFind(set_name, t);
794  if (set == NULL) {
795  json_object_set_new(answer, "message", json_string("set not found or wrong type"));
796  return TM_ECODE_FAILED;
797  }
798 
799  THashCleanup(set->hash);
800 
801  json_object_set_new(answer, "message", json_string("dataset cleared"));
802  return TM_ECODE_OK;
803 }
804 
805 TmEcode UnixSocketDatasetLookup(json_t *cmd, json_t *answer, void *data)
806 {
807  /* 1 get dataset name */
808  json_t *narg = json_object_get(cmd, "setname");
809  if (!json_is_string(narg)) {
810  json_object_set_new(answer, "message", json_string("setname is not a string"));
811  return TM_ECODE_FAILED;
812  }
813  const char *set_name = json_string_value(narg);
814 
815  /* 2 get the data type */
816  json_t *targ = json_object_get(cmd, "settype");
817  if (!json_is_string(targ)) {
818  json_object_set_new(answer, "message", json_string("settype is not a string"));
819  return TM_ECODE_FAILED;
820  }
821  const char *type = json_string_value(targ);
822 
823  /* 3 get value */
824  json_t *varg = json_object_get(cmd, "datavalue");
825  if (!json_is_string(varg)) {
826  json_object_set_new(answer, "message", json_string("datavalue is not string"));
827  return TM_ECODE_FAILED;
828  }
829  const char *value = json_string_value(varg);
830 
831  SCLogDebug("dataset-exist: %s type %s value %s", set_name, type, value);
832 
833  enum DatasetTypes t = DatasetGetTypeFromString(type);
834  if (t == DATASET_TYPE_NOTSET) {
835  json_object_set_new(answer, "message", json_string("unknown settype"));
836  return TM_ECODE_FAILED;
837  }
838 
839  Dataset *set = DatasetFind(set_name, t);
840  if (set == NULL) {
841  json_object_set_new(answer, "message", json_string("set not found or wrong type"));
842  return TM_ECODE_FAILED;
843  }
844 
845  if (DatasetLookupSerialized(set, value) > 0) {
846  json_object_set_new(answer, "message", json_string("item found in set"));
847  return TM_ECODE_OK;
848  } else {
849  json_object_set_new(answer, "message", json_string("item not found in set"));
850  return TM_ECODE_FAILED;
851  }
852 }
853 
854 /**
855  * \brief Command to add a tenant handler
856  *
857  * \param cmd the content of command Arguments as a json_t object
858  * \param answer the json_t object that has to be used to answer
859  * \param data pointer to data defining the context here a PcapCommand::
860  */
861 TmEcode UnixSocketRegisterTenantHandler(json_t *cmd, json_t* answer, void *data)
862 {
863  const char *htype;
864  json_int_t traffic_id = -1;
865 
866  if (!(DetectEngineMultiTenantEnabled())) {
867  SCLogInfo("error: multi-tenant support not enabled");
868  json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
869  return TM_ECODE_FAILED;
870  }
871 
872  /* 1 get tenant id */
873  json_t *jarg = json_object_get(cmd, "id");
874  if (!json_is_integer(jarg)) {
875  SCLogInfo("error: command is not a string");
876  json_object_set_new(answer, "message", json_string("id is not an integer"));
877  return TM_ECODE_FAILED;
878  }
879  int tenant_id = json_integer_value(jarg);
880 
881  /* 2 get tenant handler type */
882  jarg = json_object_get(cmd, "htype");
883  if (!json_is_string(jarg)) {
884  SCLogInfo("error: command is not a string");
885  json_object_set_new(answer, "message", json_string("command is not a string"));
886  return TM_ECODE_FAILED;
887  }
888  htype = json_string_value(jarg);
889 
890  SCLogDebug("add-tenant-handler: %d %s", tenant_id, htype);
891 
892  /* 3 get optional hargs */
893  json_t *hargs = json_object_get(cmd, "hargs");
894  if (hargs != NULL) {
895  if (!json_is_integer(hargs)) {
896  SCLogInfo("error: hargs not a number");
897  json_object_set_new(answer, "message", json_string("hargs not a number"));
898  return TM_ECODE_FAILED;
899  }
900  traffic_id = json_integer_value(hargs);
901  }
902 
903  /* 4 add to system */
904  int r = -1;
905  if (strcmp(htype, "pcap") == 0) {
906  r = DetectEngineTentantRegisterPcapFile(tenant_id);
907  } else if (strcmp(htype, "vlan") == 0) {
908  if (traffic_id < 0) {
909  json_object_set_new(answer, "message", json_string("vlan requires argument"));
910  return TM_ECODE_FAILED;
911  }
912  if (traffic_id > USHRT_MAX) {
913  json_object_set_new(answer, "message", json_string("vlan argument out of range"));
914  return TM_ECODE_FAILED;
915  }
916 
917  SCLogInfo("VLAN handler: id %u maps to tenant %u", (uint32_t)traffic_id, tenant_id);
918  r = DetectEngineTentantRegisterVlanId(tenant_id, (uint16_t)traffic_id);
919  }
920  if (r != 0) {
921  json_object_set_new(answer, "message", json_string("handler setup failure"));
922  return TM_ECODE_FAILED;
923  }
924 
925  if (DetectEngineMTApply() < 0) {
926  json_object_set_new(answer, "message", json_string("couldn't apply settings"));
927  // TODO cleanup
928  return TM_ECODE_FAILED;
929  }
930 
931  json_object_set_new(answer, "message", json_string("handler added"));
932  return TM_ECODE_OK;
933 }
934 
935 /**
936  * \brief Command to remove a tenant handler
937  *
938  * \param cmd the content of command Arguments as a json_t object
939  * \param answer the json_t object that has to be used to answer
940  * \param data pointer to data defining the context here a PcapCommand::
941  */
942 TmEcode UnixSocketUnregisterTenantHandler(json_t *cmd, json_t* answer, void *data)
943 {
944  const char *htype;
945  json_int_t traffic_id = -1;
946 
947  if (!(DetectEngineMultiTenantEnabled())) {
948  SCLogInfo("error: multi-tenant support not enabled");
949  json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
950  return TM_ECODE_FAILED;
951  }
952 
953  /* 1 get tenant id */
954  json_t *jarg = json_object_get(cmd, "id");
955  if (!json_is_integer(jarg)) {
956  SCLogInfo("error: command is not a string");
957  json_object_set_new(answer, "message", json_string("id is not an integer"));
958  return TM_ECODE_FAILED;
959  }
960  int tenant_id = json_integer_value(jarg);
961 
962  /* 2 get tenant handler type */
963  jarg = json_object_get(cmd, "htype");
964  if (!json_is_string(jarg)) {
965  SCLogInfo("error: command is not a string");
966  json_object_set_new(answer, "message", json_string("command is not a string"));
967  return TM_ECODE_FAILED;
968  }
969  htype = json_string_value(jarg);
970 
971  SCLogDebug("add-tenant-handler: %d %s", tenant_id, htype);
972 
973  /* 3 get optional hargs */
974  json_t *hargs = json_object_get(cmd, "hargs");
975  if (hargs != NULL) {
976  if (!json_is_integer(hargs)) {
977  SCLogInfo("error: hargs not a number");
978  json_object_set_new(answer, "message", json_string("hargs not a number"));
979  return TM_ECODE_FAILED;
980  }
981  traffic_id = json_integer_value(hargs);
982  }
983 
984  /* 4 add to system */
985  int r = -1;
986  if (strcmp(htype, "pcap") == 0) {
987  r = DetectEngineTentantUnregisterPcapFile(tenant_id);
988  } else if (strcmp(htype, "vlan") == 0) {
989  if (traffic_id < 0) {
990  json_object_set_new(answer, "message", json_string("vlan requires argument"));
991  return TM_ECODE_FAILED;
992  }
993  if (traffic_id > USHRT_MAX) {
994  json_object_set_new(answer, "message", json_string("vlan argument out of range"));
995  return TM_ECODE_FAILED;
996  }
997 
998  SCLogInfo("VLAN handler: removing mapping of %u to tenant %u", (uint32_t)traffic_id, tenant_id);
999  r = DetectEngineTentantUnregisterVlanId(tenant_id, (uint16_t)traffic_id);
1000  }
1001  if (r != 0) {
1002  json_object_set_new(answer, "message", json_string("handler unregister failure"));
1003  return TM_ECODE_FAILED;
1004  }
1005 
1006  /* 5 apply it */
1007  if (DetectEngineMTApply() < 0) {
1008  json_object_set_new(answer, "message", json_string("couldn't apply settings"));
1009  // TODO cleanup
1010  return TM_ECODE_FAILED;
1011  }
1012 
1013  json_object_set_new(answer, "message", json_string("handler removed"));
1014  return TM_ECODE_OK;
1015 }
1016 
1017 /**
1018  * \brief Command to add a tenant
1019  *
1020  * \param cmd the content of command Arguments as a json_t object
1021  * \param answer the json_t object that has to be used to answer
1022  * \param data pointer to data defining the context here a PcapCommand::
1023  */
1024 TmEcode UnixSocketRegisterTenant(json_t *cmd, json_t* answer, void *data)
1025 {
1026  const char *filename;
1027 #ifdef OS_WIN32
1028  struct _stat st;
1029 #else
1030  struct stat st;
1031 #endif /* OS_WIN32 */
1032 
1033  if (!(DetectEngineMultiTenantEnabled())) {
1034  SCLogInfo("error: multi-tenant support not enabled");
1035  json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
1036  return TM_ECODE_FAILED;
1037  }
1038 
1039  /* 1 get tenant id */
1040  json_t *jarg = json_object_get(cmd, "id");
1041  if (!json_is_integer(jarg)) {
1042  json_object_set_new(answer, "message", json_string("id is not an integer"));
1043  return TM_ECODE_FAILED;
1044  }
1045  int tenant_id = json_integer_value(jarg);
1046 
1047  /* 2 get tenant yaml */
1048  jarg = json_object_get(cmd, "filename");
1049  if (!json_is_string(jarg)) {
1050  json_object_set_new(answer, "message", json_string("command is not a string"));
1051  return TM_ECODE_FAILED;
1052  }
1053  filename = json_string_value(jarg);
1054 #ifdef OS_WIN32
1055  if (_stat(filename, &st) != 0) {
1056 #else
1057  if (stat(filename, &st) != 0) {
1058 #endif /* OS_WIN32 */
1059  json_object_set_new(answer, "message", json_string("file does not exist"));
1060  return TM_ECODE_FAILED;
1061  }
1062 
1063  SCLogDebug("add-tenant: %d %s", tenant_id, filename);
1064 
1065  /* setup the yaml in this loop so that it's not done by the loader
1066  * threads. ConfYamlLoadFileWithPrefix is not thread safe. */
1067  char prefix[64];
1068  snprintf(prefix, sizeof(prefix), "multi-detect.%d", tenant_id);
1069  if (ConfYamlLoadFileWithPrefix(filename, prefix) != 0) {
1070  SCLogError("failed to load yaml %s", filename);
1071  json_object_set_new(answer, "message", json_string("failed to load yaml"));
1072  return TM_ECODE_FAILED;
1073  }
1074 
1075  /* 3 load into the system */
1076  if (DetectEngineLoadTenantBlocking(tenant_id, filename) != 0) {
1077  json_object_set_new(answer, "message", json_string("adding tenant failed"));
1078  return TM_ECODE_FAILED;
1079  }
1080 
1081  /* 4 apply to the running system */
1082  if (DetectEngineMTApply() < 0) {
1083  json_object_set_new(answer, "message", json_string("couldn't apply settings"));
1084  // TODO cleanup
1085  return TM_ECODE_FAILED;
1086  }
1087 
1088  json_object_set_new(answer, "message", json_string("adding tenant succeeded"));
1089  return TM_ECODE_OK;
1090 }
1091 
1092 static int reload_cnt = 1;
1093 /**
1094  * \brief Command to reload a tenant
1095  *
1096  * \param cmd the content of command Arguments as a json_t object
1097  * \param answer the json_t object that has to be used to answer
1098  * \param data pointer to data defining the context here a PcapCommand::
1099  */
1100 TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data)
1101 {
1102  const char *filename;
1103 #ifdef OS_WIN32
1104  struct _stat st;
1105 #else
1106  struct stat st;
1107 #endif /* OS_WIN32 */
1108 
1109  if (!(DetectEngineMultiTenantEnabled())) {
1110  SCLogInfo("error: multi-tenant support not enabled");
1111  json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
1112  return TM_ECODE_FAILED;
1113  }
1114 
1115  /* 1 get tenant id */
1116  json_t *jarg = json_object_get(cmd, "id");
1117  if (!json_is_integer(jarg)) {
1118  json_object_set_new(answer, "message", json_string("id is not an integer"));
1119  return TM_ECODE_FAILED;
1120  }
1121  int tenant_id = json_integer_value(jarg);
1122 
1123  /* 2 get tenant yaml */
1124  jarg = json_object_get(cmd, "filename");
1125  if (!json_is_string(jarg)) {
1126  json_object_set_new(answer, "message", json_string("command is not a string"));
1127  return TM_ECODE_FAILED;
1128  }
1129  filename = json_string_value(jarg);
1130 #ifdef OS_WIN32
1131  if (_stat(filename, &st) != 0) {
1132 #else
1133  if (stat(filename, &st) != 0) {
1134 #endif /* OS_WIN32 */
1135  json_object_set_new(answer, "message", json_string("file does not exist"));
1136  return TM_ECODE_FAILED;
1137  }
1138 
1139  SCLogDebug("reload-tenant: %d %s", tenant_id, filename);
1140 
1141  char prefix[64];
1142  snprintf(prefix, sizeof(prefix), "multi-detect.%d.reload.%d", tenant_id, reload_cnt);
1143  SCLogInfo("prefix %s", prefix);
1144 
1145  if (ConfYamlLoadFileWithPrefix(filename, prefix) != 0) {
1146  json_object_set_new(answer, "message", json_string("failed to load yaml"));
1147  return TM_ECODE_FAILED;
1148  }
1149 
1150  /* 3 load into the system */
1151  if (DetectEngineReloadTenantBlocking(tenant_id, filename, reload_cnt) != 0) {
1152  json_object_set_new(answer, "message", json_string("reload tenant failed"));
1153  return TM_ECODE_FAILED;
1154  }
1155 
1156  reload_cnt++;
1157 
1158  /* apply to the running system */
1159  if (DetectEngineMTApply() < 0) {
1160  json_object_set_new(answer, "message", json_string("couldn't apply settings"));
1161  // TODO cleanup
1162  return TM_ECODE_FAILED;
1163  }
1164 
1165  json_object_set_new(answer, "message", json_string("reloading tenant succeeded"));
1166  return TM_ECODE_OK;
1167 }
1168 
1169 /**
1170  * \brief Command to remove a tenant
1171  *
1172  * \param cmd the content of command Arguments as a json_t object
1173  * \param answer the json_t object that has to be used to answer
1174  * \param data pointer to data defining the context here a PcapCommand::
1175  */
1176 TmEcode UnixSocketUnregisterTenant(json_t *cmd, json_t* answer, void *data)
1177 {
1178  if (!(DetectEngineMultiTenantEnabled())) {
1179  SCLogInfo("error: multi-tenant support not enabled");
1180  json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
1181  return TM_ECODE_FAILED;
1182  }
1183 
1184  /* 1 get tenant id */
1185  json_t *jarg = json_object_get(cmd, "id");
1186  if (!json_is_integer(jarg)) {
1187  SCLogInfo("error: command is not a string");
1188  json_object_set_new(answer, "message", json_string("id is not an integer"));
1189  return TM_ECODE_FAILED;
1190  }
1191  int tenant_id = json_integer_value(jarg);
1192 
1193  SCLogInfo("remove-tenant: removing tenant %d", tenant_id);
1194 
1195  /* 2 remove it from the system */
1196  char prefix[64];
1197  snprintf(prefix, sizeof(prefix), "multi-detect.%d", tenant_id);
1198 
1199  DetectEngineCtx *de_ctx = DetectEngineGetByTenantId(tenant_id);
1200  if (de_ctx == NULL) {
1201  json_object_set_new(answer, "message", json_string("tenant detect engine not found"));
1202  return TM_ECODE_FAILED;
1203  }
1204 
1205  /* move to free list */
1206  DetectEngineMoveToFreeList(de_ctx);
1207  DetectEngineDeReference(&de_ctx);
1208 
1209  /* update the threads */
1210  if (DetectEngineMTApply() < 0) {
1211  json_object_set_new(answer, "message", json_string("couldn't apply settings"));
1212  // TODO cleanup
1213  return TM_ECODE_FAILED;
1214  }
1215 
1216  /* walk free list, freeing the removed de_ctx */
1217  DetectEnginePruneFreeList();
1218 
1219  json_object_set_new(answer, "message", json_string("removing tenant succeeded"));
1220  return TM_ECODE_OK;
1221 }
1222 
1223 /**
1224  * \brief Command to add a hostbit
1225  *
1226  * \param cmd the content of command Arguments as a json_t object
1227  * \param answer the json_t object that has to be used to answer
1228  */
1229 TmEcode UnixSocketHostbitAdd(json_t *cmd, json_t* answer, void *data_usused)
1230 {
1231  /* 1 get ip address */
1232  json_t *jarg = json_object_get(cmd, "ipaddress");
1233  if (!json_is_string(jarg)) {
1234  json_object_set_new(answer, "message", json_string("ipaddress is not an string"));
1235  return TM_ECODE_FAILED;
1236  }
1237  const char *ipaddress = json_string_value(jarg);
1238 
1239  Address a;
1240  struct in_addr in;
1241  memset(&in, 0, sizeof(in));
1242  if (inet_pton(AF_INET, ipaddress, &in) != 1) {
1243  uint32_t in6[4];
1244  memset(&in6, 0, sizeof(in6));
1245  if (inet_pton(AF_INET6, ipaddress, &in) != 1) {
1246  json_object_set_new(answer, "message", json_string("invalid address string"));
1247  return TM_ECODE_FAILED;
1248  } else {
1249  a.family = AF_INET6;
1250  a.addr_data32[0] = in6[0];
1251  a.addr_data32[1] = in6[1];
1252  a.addr_data32[2] = in6[2];
1253  a.addr_data32[3] = in6[3];
1254  }
1255  } else {
1256  a.family = AF_INET;
1257  a.addr_data32[0] = in.s_addr;
1258  a.addr_data32[1] = 0;
1259  a.addr_data32[2] = 0;
1260  a.addr_data32[3] = 0;
1261  }
1262 
1263  /* 2 get variable name */
1264  jarg = json_object_get(cmd, "hostbit");
1265  if (!json_is_string(jarg)) {
1266  json_object_set_new(answer, "message", json_string("hostbit is not a string"));
1267  return TM_ECODE_FAILED;
1268  }
1269  const char *hostbit = json_string_value(jarg);
1270  uint32_t idx = VarNameStoreLookupByName(hostbit, VAR_TYPE_HOST_BIT);
1271  if (idx == 0) {
1272  json_object_set_new(answer, "message", json_string("hostbit not found"));
1273  return TM_ECODE_FAILED;
1274  }
1275 
1276  /* 3 get expire */
1277  jarg = json_object_get(cmd, "expire");
1278  if (!json_is_integer(jarg)) {
1279  json_object_set_new(answer, "message", json_string("expire is not an integer"));
1280  return TM_ECODE_FAILED;
1281  }
1282  uint32_t expire = json_integer_value(jarg);
1283 
1284  SCLogInfo("add-hostbit: ip %s hostbit %s expire %us", ipaddress, hostbit, expire);
1285 
1286  SCTime_t current_time = TimeGet();
1287  Host *host = HostGetHostFromHash(&a);
1288  if (host) {
1289  HostBitSet(host, idx, SCTIME_SECS(current_time) + expire);
1290  HostUnlock(host);
1291 
1292  json_object_set_new(answer, "message", json_string("hostbit added"));
1293  return TM_ECODE_OK;
1294  } else {
1295  json_object_set_new(answer, "message", json_string("couldn't create host"));
1296  return TM_ECODE_FAILED;
1297  }
1298 }
1299 
1300 /**
1301  * \brief Command to remove a hostbit
1302  *
1303  * \param cmd the content of command Arguments as a json_t object
1304  * \param answer the json_t object that has to be used to answer
1305  */
1306 TmEcode UnixSocketHostbitRemove(json_t *cmd, json_t* answer, void *data_unused)
1307 {
1308  /* 1 get ip address */
1309  json_t *jarg = json_object_get(cmd, "ipaddress");
1310  if (!json_is_string(jarg)) {
1311  json_object_set_new(answer, "message", json_string("ipaddress is not an string"));
1312  return TM_ECODE_FAILED;
1313  }
1314  const char *ipaddress = json_string_value(jarg);
1315 
1316  Address a;
1317  struct in_addr in;
1318  memset(&in, 0, sizeof(in));
1319  if (inet_pton(AF_INET, ipaddress, &in) != 1) {
1320  uint32_t in6[4];
1321  memset(&in6, 0, sizeof(in6));
1322  if (inet_pton(AF_INET6, ipaddress, &in) != 1) {
1323  json_object_set_new(answer, "message", json_string("invalid address string"));
1324  return TM_ECODE_FAILED;
1325  } else {
1326  a.family = AF_INET6;
1327  a.addr_data32[0] = in6[0];
1328  a.addr_data32[1] = in6[1];
1329  a.addr_data32[2] = in6[2];
1330  a.addr_data32[3] = in6[3];
1331  }
1332  } else {
1333  a.family = AF_INET;
1334  a.addr_data32[0] = in.s_addr;
1335  a.addr_data32[1] = 0;
1336  a.addr_data32[2] = 0;
1337  a.addr_data32[3] = 0;
1338  }
1339 
1340  /* 2 get variable name */
1341  jarg = json_object_get(cmd, "hostbit");
1342  if (!json_is_string(jarg)) {
1343  json_object_set_new(answer, "message", json_string("hostbit is not a string"));
1344  return TM_ECODE_FAILED;
1345  }
1346 
1347  const char *hostbit = json_string_value(jarg);
1348  uint32_t idx = VarNameStoreLookupByName(hostbit, VAR_TYPE_HOST_BIT);
1349  if (idx == 0) {
1350  json_object_set_new(answer, "message", json_string("hostbit not found"));
1351  return TM_ECODE_FAILED;
1352  }
1353 
1354  SCLogInfo("remove-hostbit: %s %s", ipaddress, hostbit);
1355 
1356  Host *host = HostLookupHostFromHash(&a);
1357  if (host) {
1358  HostBitUnset(host, idx);
1359  HostUnlock(host);
1360  json_object_set_new(answer, "message", json_string("hostbit removed"));
1361  return TM_ECODE_OK;
1362  } else {
1363  json_object_set_new(answer, "message", json_string("host not found"));
1364  return TM_ECODE_FAILED;
1365  }
1366 }
1367 
1368 /**
1369  * \brief Command to list hostbits for an ip
1370  *
1371  * \param cmd the content of command Arguments as a json_t object
1372  * \param answer the json_t object that has to be used to answer
1373  *
1374  * Message looks like:
1375  * {"message": {"count": 1, "hostbits": [{"expire": 3222, "name": "firefox-users"}]}, "return": "OK"}
1376  *
1377  * \retval r TM_ECODE_OK or TM_ECODE_FAILED
1378  */
1379 TmEcode UnixSocketHostbitList(json_t *cmd, json_t* answer, void *data_unused)
1380 {
1381  /* 1 get ip address */
1382  json_t *jarg = json_object_get(cmd, "ipaddress");
1383  if (!json_is_string(jarg)) {
1384  json_object_set_new(answer, "message", json_string("ipaddress is not an string"));
1385  return TM_ECODE_FAILED;
1386  }
1387  const char *ipaddress = json_string_value(jarg);
1388 
1389  Address a;
1390  struct in_addr in;
1391  memset(&in, 0, sizeof(in));
1392  if (inet_pton(AF_INET, ipaddress, &in) != 1) {
1393  uint32_t in6[4];
1394  memset(&in6, 0, sizeof(in6));
1395  if (inet_pton(AF_INET6, ipaddress, &in) != 1) {
1396  json_object_set_new(answer, "message", json_string("invalid address string"));
1397  return TM_ECODE_FAILED;
1398  } else {
1399  a.family = AF_INET6;
1400  a.addr_data32[0] = in6[0];
1401  a.addr_data32[1] = in6[1];
1402  a.addr_data32[2] = in6[2];
1403  a.addr_data32[3] = in6[3];
1404  }
1405  } else {
1406  a.family = AF_INET;
1407  a.addr_data32[0] = in.s_addr;
1408  a.addr_data32[1] = 0;
1409  a.addr_data32[2] = 0;
1410  a.addr_data32[3] = 0;
1411  }
1412 
1413  SCLogInfo("list-hostbit: %s", ipaddress);
1414 
1415  SCTime_t ts = TimeGet();
1416 
1417  struct Bit {
1418  uint32_t id;
1419  uint32_t expire;
1420  } bits[256];
1421  memset(&bits, 0, sizeof(bits));
1422  int i = 0, use = 0;
1423 
1424  Host *host = HostLookupHostFromHash(&a);
1425  if (!host) {
1426  json_object_set_new(answer, "message", json_string("host not found"));
1427  return TM_ECODE_FAILED;
1428  }
1429 
1430  XBit *iter = NULL;
1431  while (use < 256 && HostBitList(host, &iter) == 1) {
1432  bits[use].id = iter->idx;
1433  bits[use].expire = iter->expire;
1434  use++;
1435  }
1436  HostUnlock(host);
1437 
1438  json_t *jdata = json_object();
1439  json_t *jarray = json_array();
1440  if (jarray == NULL || jdata == NULL) {
1441  if (jdata != NULL)
1442  json_decref(jdata);
1443  if (jarray != NULL)
1444  json_decref(jarray);
1445  json_object_set_new(answer, "message",
1446  json_string("internal error at json object creation"));
1447  return TM_ECODE_FAILED;
1448  }
1449 
1450  for (i = 0; i < use; i++) {
1451  json_t *bitobject = json_object();
1452  if (bitobject == NULL)
1453  continue;
1454  uint32_t expire = 0;
1455  if ((uint32_t)SCTIME_SECS(ts) < bits[i].expire)
1456  expire = bits[i].expire - (uint32_t)SCTIME_SECS(ts);
1457 
1458  const char *name = VarNameStoreLookupById(bits[i].id, VAR_TYPE_HOST_BIT);
1459  if (name == NULL)
1460  continue;
1461  json_object_set_new(bitobject, "name", json_string(name));
1462  SCLogDebug("xbit %s expire %u", name, expire);
1463  json_object_set_new(bitobject, "expire", json_integer(expire));
1464  json_array_append_new(jarray, bitobject);
1465  }
1466 
1467  json_object_set_new(jdata, "count", json_integer(i));
1468  json_object_set_new(jdata, "hostbits", jarray);
1469  json_object_set_new(answer, "message", jdata);
1470  return TM_ECODE_OK;
1471 }
1472 
1473 static void MemcapBuildValue(uint64_t val, char *str, uint32_t str_len)
1474 {
1475  if ((val / (1024 * 1024 * 1024)) != 0) {
1476  snprintf(str, str_len, "%"PRIu64"gb", val / (1024*1024*1024));
1477  } else if ((val / (1024 * 1024)) != 0) {
1478  snprintf(str, str_len, "%"PRIu64"mb", val / (1024*1024));
1479  } else {
1480  snprintf(str, str_len, "%"PRIu64"kb", val / (1024));
1481  }
1482 }
1483 
1484 TmEcode UnixSocketSetMemcap(json_t *cmd, json_t* answer, void *data)
1485 {
1486  char *memcap = NULL;
1487  char *value_str = NULL;
1488  uint64_t value;
1489  int i;
1490 
1491  json_t *jarg = json_object_get(cmd, "config");
1492  if (!json_is_string(jarg)) {
1493  json_object_set_new(answer, "message", json_string("memcap key is not a string"));
1494  return TM_ECODE_FAILED;
1495  }
1496  memcap = (char *)json_string_value(jarg);
1497 
1498  jarg = json_object_get(cmd, "memcap");
1499  if (!json_is_string(jarg)) {
1500  json_object_set_new(answer, "message", json_string("memcap value is not a string"));
1501  return TM_ECODE_FAILED;
1502  }
1503  value_str = (char *)json_string_value(jarg);
1504 
1505  if (ParseSizeStringU64(value_str, &value) < 0) {
1506  SCLogError("Error parsing "
1507  "memcap from unix socket: %s",
1508  value_str);
1509  json_object_set_new(answer, "message",
1510  json_string("error parsing memcap specified, "
1511  "value not changed"));
1512  return TM_ECODE_FAILED;
1513  }
1514 
1515  for (i = 0; i < MEMCAPS_MAX; i++) {
1516  if (strcmp(memcaps[i].name, memcap) == 0 && memcaps[i].SetFunc) {
1517  int updated = memcaps[i].SetFunc(value);
1518  char message[150];
1519 
1520  if (updated) {
1521  snprintf(message, sizeof(message),
1522  "memcap value for '%s' updated: %"PRIu64" %s",
1523  memcaps[i].name, value,
1524  (value == 0) ? "(unlimited)" : "");
1525  json_object_set_new(answer, "message", json_string(message));
1526  return TM_ECODE_OK;
1527  } else {
1528  if (value == 0) {
1529  snprintf(message, sizeof(message),
1530  "Unlimited value is not allowed for '%s'", memcaps[i].name);
1531  } else {
1532  if (memcaps[i].GetMemuseFunc()) {
1533  char memuse[50];
1534  MemcapBuildValue(memcaps[i].GetMemuseFunc(), memuse, sizeof(memuse));
1535  snprintf(message, sizeof(message),
1536  "memcap value specified for '%s' is less than the memory in use: %s",
1537  memcaps[i].name, memuse);
1538  } else {
1539  snprintf(message, sizeof(message),
1540  "memcap value specified for '%s' is less than the memory in use",
1541  memcaps[i].name);
1542  }
1543  }
1544  json_object_set_new(answer, "message", json_string(message));
1545  return TM_ECODE_FAILED;
1546  }
1547  }
1548  }
1549 
1550  json_object_set_new(answer, "message",
1551  json_string("Memcap value not found. Use 'memcap-list' to show all"));
1552  return TM_ECODE_FAILED;
1553 }
1554 
1555 TmEcode UnixSocketShowMemcap(json_t *cmd, json_t *answer, void *data)
1556 {
1557  char *memcap = NULL;
1558  int i;
1559 
1560  json_t *jarg = json_object_get(cmd, "config");
1561  if (!json_is_string(jarg)) {
1562  json_object_set_new(answer, "message", json_string("memcap name is not a string"));
1563  return TM_ECODE_FAILED;
1564  }
1565  memcap = (char *)json_string_value(jarg);
1566 
1567  for (i = 0; i < MEMCAPS_MAX; i++) {
1568  if (strcmp(memcaps[i].name, memcap) == 0 && memcaps[i].GetFunc) {
1569  char str[50];
1570  uint64_t val = memcaps[i].GetFunc();
1571  json_t *jobj = json_object();
1572  if (jobj == NULL) {
1573  json_object_set_new(answer, "message",
1574  json_string("internal error at json object creation"));
1575  return TM_ECODE_FAILED;
1576  }
1577 
1578  if (val == 0) {
1579  strlcpy(str, "unlimited", sizeof(str));
1580  } else {
1581  MemcapBuildValue(val, str, sizeof(str));
1582  }
1583 
1584  json_object_set_new(jobj, "value", json_string(str));
1585  json_object_set_new(answer, "message", jobj);
1586  return TM_ECODE_OK;
1587  }
1588  }
1589 
1590  json_object_set_new(answer, "message",
1591  json_string("Memcap value not found. Use 'memcap-list' to show all"));
1592  return TM_ECODE_FAILED;
1593 }
1594 
1595 TmEcode UnixSocketShowAllMemcap(json_t *cmd, json_t *answer, void *data)
1596 {
1597  json_t *jmemcaps = json_array();
1598  int i;
1599 
1600  if (jmemcaps == NULL) {
1601  json_object_set_new(answer, "message",
1602  json_string("internal error at json array creation"));
1603  return TM_ECODE_FAILED;
1604  }
1605 
1606  for (i = 0; i < MEMCAPS_MAX; i++) {
1607  json_t *jobj = json_object();
1608  if (jobj == NULL) {
1609  json_decref(jmemcaps);
1610  json_object_set_new(answer, "message",
1611  json_string("internal error at json object creation"));
1612  return TM_ECODE_FAILED;
1613  }
1614  char str[50];
1615  uint64_t val = memcaps[i].GetFunc();
1616 
1617  if (val == 0) {
1618  strlcpy(str, "unlimited", sizeof(str));
1619  } else {
1620  MemcapBuildValue(val, str, sizeof(str));
1621  }
1622 
1623  json_object_set_new(jobj, "name", json_string(memcaps[i].name));
1624  json_object_set_new(jobj, "value", json_string(str));
1625  json_array_append_new(jmemcaps, jobj);
1626  }
1627 
1628  json_object_set_new(answer, "message", jmemcaps);
1629  SCReturnInt(TM_ECODE_OK);
1630 }
1631 
1632 TmEcode UnixSocketGetFlowStatsById(json_t *cmd, json_t *answer, void *data)
1633 {
1634  /* Input: we need the IP tuple including VLAN/tenant and the flow ID */
1635  json_t *jarg = json_object_get(cmd, "flow_id");
1636  if (!json_is_integer(jarg)) {
1637  SCLogInfo("error: command is not a string");
1638  json_object_set_new(answer, "message", json_string("flow_id is not an integer"));
1639  return TM_ECODE_FAILED;
1640  }
1641  int64_t flow_id = json_integer_value(jarg);
1642 
1643  Flow *f = FlowGetExistingFlowFromFlowId(flow_id);
1644  if (f == NULL) {
1645  json_object_set_new(answer, "message", json_string("Not found"));
1646  SCReturnInt(TM_ECODE_FAILED);
1647  }
1648  uint32_t tosrcpktcnt = f->tosrcpktcnt;
1649  uint32_t todstpktcnt = f->todstpktcnt;
1650  uint64_t tosrcbytecnt = f->tosrcbytecnt;
1651  uint64_t todstbytecnt = f->todstbytecnt;
1652  uint64_t age = SCTIME_SECS(f->lastts) - SCTIME_SECS(f->startts);
1653  FLOWLOCK_UNLOCK(f);
1654 
1655  json_t *flow_info = json_object();
1656  if (flow_info == NULL) {
1657  SCReturnInt(TM_ECODE_FAILED);
1658  }
1659  json_object_set_new(flow_info, "pkts_toclient", json_integer(tosrcpktcnt));
1660  json_object_set_new(flow_info, "pkts_toserver", json_integer(todstpktcnt));
1661  json_object_set_new(flow_info, "bytes_toclient", json_integer(tosrcbytecnt));
1662  json_object_set_new(flow_info, "bytes_toserver", json_integer(todstbytecnt));
1663  json_object_set_new(flow_info, "age", json_integer(age));
1664  json_object_set_new(answer, "message", flow_info);
1665  SCReturnInt(TM_ECODE_OK);
1666 }
1667 #endif /* BUILD_UNIX_SOCKET */
1668 
1669 #ifdef BUILD_UNIX_SOCKET
1670 /**
1671  * \brief Single thread version of the Pcap file processing.
1672  */
1673 static int RunModeUnixSocketMaster(void)
1674 {
1675  if (UnixManagerInit() != 0)
1676  return 1;
1677 
1678  PcapCommand *pcapcmd = SCMalloc(sizeof(PcapCommand));
1679  if (unlikely(pcapcmd == NULL)) {
1680  SCLogError("Can not allocate pcap command");
1681  return 1;
1682  }
1683  TAILQ_INIT(&pcapcmd->files);
1684  pcapcmd->running = 0;
1685  pcapcmd->current_file = NULL;
1686 
1687  memset(&unix_manager_pcap_last_processed, 0, sizeof(struct timespec));
1688 
1689  SCCtrlMutexInit(&unix_manager_pcap_last_processed_mutex, NULL);
1690 
1691  UnixManagerRegisterCommand("pcap-file", UnixSocketAddPcapFile, pcapcmd, UNIX_CMD_TAKE_ARGS);
1692  UnixManagerRegisterCommand("pcap-file-continuous", UnixSocketAddPcapFileContinuous, pcapcmd, UNIX_CMD_TAKE_ARGS);
1693  UnixManagerRegisterCommand("pcap-file-number", UnixSocketPcapFilesNumber, pcapcmd, 0);
1694  UnixManagerRegisterCommand("pcap-file-list", UnixSocketPcapFilesList, pcapcmd, 0);
1695  UnixManagerRegisterCommand("pcap-last-processed", UnixSocketPcapLastProcessed, pcapcmd, 0);
1696  UnixManagerRegisterCommand("pcap-interrupt", UnixSocketPcapInterrupt, pcapcmd, 0);
1697  UnixManagerRegisterCommand("pcap-current", UnixSocketPcapCurrent, pcapcmd, 0);
1698 
1699  UnixManagerRegisterBackgroundTask(UnixSocketPcapFilesCheck, pcapcmd);
1700 
1701  UnixManagerThreadSpawn(1);
1702  unix_socket_mode_is_running = 1;
1703 
1704  return 0;
1705 }
1706 #endif
1707 
1708 int RunModeUnixSocketIsActive(void)
1709 {
1710  return unix_socket_mode_is_running;
1711 }
1712 
1713 
1714 
1715 
host.h
tm-threads.h
HostBitList
int HostBitList(Host *h, XBit **iter)
Definition: host-bit.c:184
HostUnlock
void HostUnlock(Host *h)
Definition: host.c:488
ts
uint64_t ts
Definition: source-erf-file.c:55
XBit_::expire
uint32_t expire
Definition: util-var.h:60
ippair.h
THashCleanup
void THashCleanup(THashTableContext *ctx)
Cleanup the thash engine.
Definition: util-thash.c:416
detect-engine.h
DetectEngineMTApply
int DetectEngineMTApply(void)
Definition: detect-engine.c:4548
DetectEngineTentantRegisterPcapFile
int DetectEngineTentantRegisterPcapFile(uint32_t tenant_id)
Definition: detect-engine.c:4264
RUNMODE_UNIX_SOCKET
@ RUNMODE_UNIX_SOCKET
Definition: runmodes.h:43
MemcapCommand_::GetFunc
uint64_t(* GetFunc)(void)
Definition: runmode-unix-socket.c:79
PcapFiles_::continuous
bool continuous
Definition: runmode-unix-socket.c:65
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:4307
PcapFiles_::should_delete
bool should_delete
Definition: runmode-unix-socket.c:66
TAILQ_INIT
#define TAILQ_INIT(head)
Definition: queue.h:262
TmThreadContinueThreads
void TmThreadContinueThreads(void)
Unpauses all threads present in tv_root.
Definition: tm-threads.c:1892
Flow_::startts
SCTime_t startts
Definition: flow.h:496
stream-tcp.h
DetectEnginePruneFreeList
void DetectEnginePruneFreeList(void)
Definition: detect-engine.c:4398
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
DetectEngineTentantUnregisterVlanId
int DetectEngineTentantUnregisterVlanId(uint32_t tenant_id, uint16_t vlan_id)
Definition: detect-engine.c:4259
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
ParseSizeStringU64
int ParseSizeStringU64(const char *size, uint64_t *res)
Definition: util-misc.c:198
DetectEngineGetByTenantId
DetectEngineCtx * DetectEngineGetByTenantId(int tenant_id)
Definition: detect-engine.c:4281
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:86
RunModeDispatch
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
Definition: runmodes.c:416
Dataset::hash
THashTableContext * hash
Definition: datasets.h:46
Flow_
Flow data structure.
Definition: flow.h:357
DetectEngineReloadTenantBlocking
int DetectEngineReloadTenantBlocking(uint32_t tenant_id, const char *yaml, int reload_cnt)
Reload a tenant and wait for loading to complete.
Definition: detect-engine.c:3849
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:785
ConfYamlLoadFileWithPrefix
int ConfYamlLoadFileWithPrefix(const char *filename, const char *prefix)
Load configuration from a YAML file, insert in tree at 'prefix'.
Definition: conf-yaml-loader.c:522
HostGetHostFromHash
Host * HostGetHostFromHash(Address *a)
Definition: host.c:502
flow-hash.h
UnixManagerThreadSpawn
void UnixManagerThreadSpawn(int mode)
Definition: unix-manager.c:1235
HostSetMemcap
int HostSetMemcap(uint64_t size)
Update memcap value.
Definition: host.c:68
TAILQ_EMPTY
#define TAILQ_EMPTY(head)
Definition: queue.h:248
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
RunModeRegisterNewRunMode
void RunModeRegisterNewRunMode(enum RunModes runmode, const char *name, const char *description, int(*RunModeFunc)(void), void(*RunModeIsIPSEnabled)(void))
Registers a new runmode.
Definition: runmodes.c:491
PcapCommand_
Definition: runmode-unix-socket.c:70
MemcapCommand_::GetMemuseFunc
uint64_t(* GetMemuseFunc)(void)
Definition: runmode-unix-socket.c:80
util-var-name.h
FlowGetMemuse
uint64_t FlowGetMemuse(void)
Definition: flow.c:137
FlowGetMemcap
uint64_t FlowGetMemcap(void)
Return memcap value.
Definition: flow.c:131
ConfSetFinal
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:303
Address_
Definition: decode.h:114
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:2219
stream-tcp-reassemble.h
unix_socket_mode_is_running
int unix_socket_mode_is_running
Definition: runmode-unix-socket.c:57
TAILQ_INSERT_TAIL
#define TAILQ_INSERT_TAIL(head, elm, field)
Definition: queue.h:294
HTPMemuseGlobalCounter
uint64_t HTPMemuseGlobalCounter(void)
Definition: app-layer-htp-mem.c:83
DefragTrackerGetMemuse
uint64_t DefragTrackerGetMemuse(void)
Return memuse value.
Definition: defrag-hash.c:71
PacketPoolPostRunmodes
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
Definition: tmqh-packetpool.c:500
MAX
#define MAX(x, y)
Definition: suricata-common.h:384
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:85
MemcapCommand_::SetFunc
int(* SetFunc)(uint64_t)
Definition: runmode-unix-socket.c:78
runmode-unix-socket.h
SCJsonString
json_t * SCJsonString(const char *val)
Definition: output-json.c:103
HTPSetMemcap
int HTPSetMemcap(uint64_t size)
Update memcap value.
Definition: app-layer-htp-mem.c:115
DatasetLookupSerialized
int DatasetLookupSerialized(Dataset *set, const char *string)
add serialized data to set
Definition: datasets.c:1639
FLOWLOCK_UNLOCK
#define FLOWLOCK_UNLOCK(fb)
Definition: flow.h:272
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:84
HostGetMemcap
uint64_t HostGetMemcap(void)
Return memcap value.
Definition: host.c:83
MemcapCommand_::name
const char * name
Definition: runmode-unix-socket.c:77
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
TAILQ_ENTRY
#define TAILQ_ENTRY(type)
Definition: queue.h:239
RunModeUnixSocketGetDefaultMode
const char * RunModeUnixSocketGetDefaultMode(void)
Definition: runmode-unix-socket.c:83
Flow_::tosrcbytecnt
uint64_t tosrcbytecnt
Definition: flow.h:501
DetectEngineMultiTenantEnabled
int DetectEngineMultiTenantEnabled(void)
Definition: detect-engine.c:3642
MEMCAPS_MAX
#define MEMCAPS_MAX
Definition: runmode-unix-socket.c:88
datasets.h
VarNameStoreLookupByName
uint32_t VarNameStoreLookupByName(const char *name, const enum VarTypes type)
Definition: util-var-name.c:309
TAILQ_REMOVE
#define TAILQ_REMOVE(head, elm, field)
Definition: queue.h:312
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2244
util-debug.h
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4347
TAILQ_FIRST
#define TAILQ_FIRST(head)
Definition: queue.h:250
type
uint8_t type
Definition: decode-icmpv4.h:0
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
TmThreadWaitOnThreadInit
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
Definition: tm-threads.c:1933
HTPGetMemcap
uint64_t HTPGetMemcap(void)
Update memcap value.
Definition: app-layer-htp-mem.c:129
util-cpu.h
Flow_::todstpktcnt
uint32_t todstpktcnt
Definition: flow.h:498
output-json.h
HostBitUnset
void HostBitUnset(Host *h, uint32_t idx)
Definition: host-bit.c:139
SCTimespecAsEpochMillis
uint64_t SCTimespecAsEpochMillis(const struct timespec *ts)
Definition: util-time.c:639
Flow_::lastts
SCTime_t lastts
Definition: flow.h:416
DATASET_TYPE_NOTSET
#define DATASET_TYPE_NOTSET
Definition: datasets.h:31
IPPairGetMemcap
uint64_t IPPairGetMemcap(void)
Return memcap value.
Definition: ippair.c:81
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
util-affinity.h
MemcapsGetPressure
float MemcapsGetPressure(void)
Definition: runmode-unix-socket.c:134
util-time.h
source-pcap-file-directory-helper.h
RunModeUnixSocketIsActive
int RunModeUnixSocketIsActive(void)
Definition: runmode-unix-socket.c:1708
HostGetMemuse
uint64_t HostGetMemuse(void)
Return memuse value.
Definition: host.c:94
DefragTrackerGetMemcap
uint64_t DefragTrackerGetMemcap(void)
Return memcap value.
Definition: defrag-hash.c:60
Flow_::todstbytecnt
uint64_t todstbytecnt
Definition: flow.h:500
util-profiling.h
HostBitSet
void HostBitSet(Host *h, uint32_t idx, uint32_t expire)
Definition: host-bit.c:131
PcapFiles_::tenant_id
int tenant_id
Definition: runmode-unix-socket.c:62
DetectEngineLoadTenantBlocking
int DetectEngineLoadTenantBlocking(uint32_t tenant_id, const char *yaml)
Load a tenant and wait for loading to complete.
Definition: detect-engine.c:3835
SCCtrlMutexLock
#define SCCtrlMutexLock(mut)
Definition: threads-debug.h:376
conf-yaml-loader.h
TimeGet
SCTime_t TimeGet(void)
Definition: util-time.c:152
PcapFiles_
Definition: runmode-unix-socket.c:59
FlowGetExistingFlowFromFlowId
Flow * FlowGetExistingFlowFromFlowId(int64_t flow_id)
Look for existing Flow using a flow id value.
Definition: flow-hash.c:920
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:1039
conf.h
PcapCommand
struct PcapCommand_ PcapCommand
UNIX_CMD_TAKE_ARGS
#define UNIX_CMD_TAKE_ARGS
Definition: unix-manager.h:29
SCTime_t
Definition: util-time.h:40
runmode-pcap-file.h
TmEcode
TmEcode
Definition: tm-threads-common.h:83
flow-timeout.h
DatasetRemoveSerialized
int DatasetRemoveSerialized(Dataset *set, const char *string)
remove serialized data from set
Definition: datasets.c:1717
DetectEngineTentantRegisterVlanId
int DetectEngineTentantRegisterVlanId(uint32_t tenant_id, uint16_t vlan_id)
Definition: detect-engine.c:4254
defrag.h
runmodes.h
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
PcapFiles_::poll_interval
time_t poll_interval
Definition: runmode-unix-socket.c:64
DatasetTypes
DatasetTypes
Definition: datasets.h:30
SCCtrlMutexUnlock
#define SCCtrlMutexUnlock(mut)
Definition: threads-debug.h:378
StreamTcpSetMemcap
int StreamTcpSetMemcap(uint64_t size)
Update memcap value.
Definition: stream-tcp.c:177
DetectEngineTentantUnregisterPcapFile
int DetectEngineTentantUnregisterPcapFile(uint32_t tenant_id)
Definition: detect-engine.c:4270
RunModeUnixSocketRegister
void RunModeUnixSocketRegister(void)
Definition: runmode-unix-socket.c:602
flow-manager.h
suricata-common.h
VarNameStoreLookupById
const char * VarNameStoreLookupById(const uint32_t id, const enum VarTypes type)
Definition: util-var-name.c:297
SCCtrlMutex
#define SCCtrlMutex
Definition: threads-debug.h:373
UnixManagerInit
int UnixManagerInit(void)
SCTIME_SECS
#define SCTIME_SECS(t)
Definition: util-time.h:51
IPPairGetMemuse
uint64_t IPPairGetMemuse(void)
Return memuse value.
Definition: ippair.c:92
MemcapCommand
struct MemcapCommand_ MemcapCommand
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
VAR_TYPE_HOST_BIT
@ VAR_TYPE_HOST_BIT
Definition: util-var.h:39
DefragTrackerSetMemcap
int DefragTrackerSetMemcap(uint64_t size)
Update memcap value.
Definition: defrag-hash.c:45
DatasetFind
Dataset * DatasetFind(const char *name, enum DatasetTypes type)
look for set by name without creating it
Definition: datasets.c:618
PcapFiles
struct PcapFiles_ PcapFiles
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
unix-manager.h
str
#define str(s)
Definition: suricata-common.h:280
DatasetGetTypeFromString
enum DatasetTypes DatasetGetTypeFromString(const char *s)
Definition: datasets.c:58
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
StreamTcpMemuseCounter
uint64_t StreamTcpMemuseCounter(void)
Definition: stream-tcp.c:152
StreamTcpReassembleMemuseGlobalCounter
uint64_t StreamTcpReassembleMemuseGlobalCounter(void)
Definition: stream-tcp-reassemble.c:148
TAILQ_HEAD
#define TAILQ_HEAD(name, type)
Definition: queue.h:230
SCCtrlMutexInit
#define SCCtrlMutexInit(mut, mutattr)
Definition: threads-debug.h:375
StreamTcpGetMemcap
uint64_t StreamTcpGetMemcap(void)
Return memcap value.
Definition: stream-tcp.c:192
PcapFiles_::delay
time_t delay
Definition: runmode-unix-socket.c:63
UnixSocketPcapFile
TmEcode UnixSocketPcapFile(TmEcode tm, struct timespec *last_processed)
Definition: runmode-unix-socket.c:613
app-layer-htp-mem.h
PcapFiles_::output_dir
char * output_dir
Definition: runmode-unix-socket.c:61
HostLookupHostFromHash
Host * HostLookupHostFromHash(Address *a)
look up a host in the hash
Definition: host.c:601
IPPairSetMemcap
int IPPairSetMemcap(uint64_t size)
Update memcap value.
Definition: ippair.c:66
defrag-hash.h
StreamTcpReassembleGetMemcap
uint64_t StreamTcpReassembleGetMemcap(void)
Return memcap value.
Definition: stream-tcp-reassemble.c:198
Address_::family
char family
Definition: decode.h:115
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
Definition: suricata.c:2266
XBit_::idx
uint32_t idx
Definition: util-var.h:58
DatasetAddSerialized
int DatasetAddSerialized(Dataset *set, const char *string)
add serialized data to set
Definition: datasets.c:1627
MemcapCommand_
Definition: runmode-unix-socket.c:76
XBit_
Definition: util-var.h:55
Dataset
Definition: datasets.h:40
util-misc.h
StreamTcpReassembleSetMemcap
int StreamTcpReassembleSetMemcap(uint64_t size)
Update memcap value.
Definition: stream-tcp-reassemble.c:183
Host_
Definition: host.h:58
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
Flow_::tosrcpktcnt
uint32_t tosrcpktcnt
Definition: flow.h:499
output.h
host-bit.h
app-layer.h
PcapFiles_::filename
char * filename
Definition: runmode-unix-socket.c:60
FlowSetMemcap
int FlowSetMemcap(uint64_t size)
Update memcap value.
Definition: flow.c:116