suricata
source-nflog.c
Go to the documentation of this file.
1 /* Copyright (C) 2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Giuseppe Longo <giuseppelng@gmail.com>
22  *
23  * Netfilter's netfilter_log support
24  */
25 #include "suricata-common.h"
26 #include "suricata.h"
27 #include "decode.h"
28 #include "packet-queue.h"
29 
30 #include "threads.h"
31 #include "threadvars.h"
32 #include "tm-threads.h"
33 #include "tm-modules.h"
34 #include "tm-queuehandlers.h"
35 #include "tmqh-packetpool.h"
36 
37 #include "runmodes.h"
38 #include "util-error.h"
39 #include "util-device.h"
40 
41 #ifndef HAVE_NFLOG
42 /** Handle the case where no NFLOG support is compiled in.
43  *
44  */
45 
46 TmEcode NoNFLOGSupportExit(ThreadVars *, const void *, void **);
47 
49 {
50  tmm_modules[TMM_RECEIVENFLOG].name = "ReceiveNFLOG";
52 }
53 
55 {
56  tmm_modules[TMM_DECODENFLOG].name = "DecodeNFLOG";
58 }
59 
60 TmEcode NoNFLOGSupportExit(ThreadVars *tv, const void *initdata, void **data)
61 {
62  SCLogError(SC_ERR_NFLOG_NOSUPPORT,"Error creating thread %s: you do not have support for nflog "
63  "enabled please recompile with --enable-nflog", tv->name);
64  exit(EXIT_FAILURE);
65 }
66 
67 #else /* implied we do have NFLOG support */
68 
69 #include "source-nflog.h"
70 
71 TmEcode ReceiveNFLOGThreadInit(ThreadVars *, const void *, void **);
72 TmEcode ReceiveNFLOGThreadDeinit(ThreadVars *, void *);
73 TmEcode ReceiveNFLOGLoop(ThreadVars *, void *, void *);
74 void ReceiveNFLOGThreadExitStats(ThreadVars *, void *);
75 
76 TmEcode DecodeNFLOGThreadInit(ThreadVars *, const void *, void **);
77 TmEcode DecodeNFLOGThreadDeinit(ThreadVars *tv, void *data);
78 TmEcode DecodeNFLOG(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
79 
80 static int runmode_workers;
81 
82 /* Structure to hold thread specific variables */
83 typedef struct NFLOGThreadVars_ {
84  ThreadVars *tv;
85  TmSlot *slot;
86 
87  char *data;
88  int datalen;
89 
90  uint16_t group;
91  uint32_t nlbufsiz;
92  uint32_t nlbufsiz_max;
93  uint32_t qthreshold;
94  uint32_t qtimeout;
95 
96  struct nflog_handle *h;
97  struct nflog_g_handle *gh;
98 
99  LiveDevice *livedev;
100  int nful_overrun_warned;
101 
102  /* counters */
103  uint32_t pkts;
104  uint64_t bytes;
105  uint32_t errs;
106 
107  uint16_t capture_kernel_packets;
108  uint16_t capture_kernel_drops;
109 } NFLOGThreadVars;
110 
111 /**
112  * \brief Registration function for ReceiveNFLOG
113  */
115 {
116  tmm_modules[TMM_RECEIVENFLOG].name = "ReceiveNFLOG";
117  tmm_modules[TMM_RECEIVENFLOG].ThreadInit = ReceiveNFLOGThreadInit;
119  tmm_modules[TMM_RECEIVENFLOG].PktAcqLoop = ReceiveNFLOGLoop;
121  tmm_modules[TMM_RECEIVENFLOG].ThreadExitPrintStats = ReceiveNFLOGThreadExitStats;
122  tmm_modules[TMM_RECEIVENFLOG].ThreadDeinit = ReceiveNFLOGThreadDeinit;
125 }
126 
127 /**
128  * \brief Registration function for DecodeNFLOG
129  */
130 void TmModuleDecodeNFLOGRegister (void)
131 {
132  tmm_modules[TMM_DECODENFLOG].name = "DecodeNFLOG";
133  tmm_modules[TMM_DECODENFLOG].ThreadInit = DecodeNFLOGThreadInit;
134  tmm_modules[TMM_DECODENFLOG].Func = DecodeNFLOG;
136  tmm_modules[TMM_DECODENFLOG].ThreadDeinit = DecodeNFLOGThreadDeinit;
139 }
140 
141 /**
142  * \brief NFLOG callback function
143  * This function setup a packet from a nflog message
144  */
145 static int NFLOGCallback(struct nflog_g_handle *gh, struct nfgenmsg *msg,
146  struct nflog_data *nfa, void *data)
147 {
148  NFLOGThreadVars *ntv = (NFLOGThreadVars *) data;
149  struct nfulnl_msg_packet_hdr *ph;
150  char *payload;
151  int ret;
152 
153  /* grab a packet*/
155  if (p == NULL)
156  return -1;
157 
159 
160  ph = nflog_get_msg_packet_hdr(nfa);
161  if (ph != NULL) {
162  p->nflog_v.hw_protocol = ph->hw_protocol;
163  }
164 
165  p->nflog_v.ifi = nflog_get_indev(nfa);
166  p->nflog_v.ifo = nflog_get_outdev(nfa);
167 
168  ret = nflog_get_payload(nfa, &payload);
169 
170  if (ret > 0) {
171  if (ret > 65536) {
172  SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "NFLOG sent too big packet");
173  SET_PKT_LEN(p, 0);
174  } else if (runmode_workers)
175  PacketSetData(p, (uint8_t *)payload, ret);
176  else
177  PacketCopyData(p, (uint8_t *)payload, ret);
178  } else if (ret == -1)
179  SET_PKT_LEN(p, 0);
180 
181  ret = nflog_get_timestamp(nfa, &p->ts);
182  if (ret != 0) {
183  memset(&p->ts, 0, sizeof(struct timeval));
184  gettimeofday(&p->ts, NULL);
185  }
186 
187  p->datalink = DLT_RAW;
188 
189 #ifdef COUNTERS
190  ntv->pkts++;
191  ntv->bytes += GET_PKT_LEN(p);
192 #endif
193  (void) SC_ATOMIC_ADD(ntv->livedev->pkts, 1);
194 
195  if (TmThreadsSlotProcessPkt(ntv->tv, ntv->slot, p) != TM_ECODE_OK) {
196  TmqhOutputPacketpool(ntv->tv, p);
197  return -1;
198  }
199 
200  return 0;
201 }
202 
203 /**
204  * \brief Receives packet from a nflog group via libnetfilter_log
205  * This is a setup function for recieving packets via libnetfilter_log.
206  * \param tv pointer to ThreadVars
207  * \param initdata pointer to the group passed from the user
208  * \param data pointer gets populated with NFLOGThreadVars
209  * \retvalTM_ECODE_OK on success
210  * \retval TM_ECODE_FAILED on error
211  */
212 TmEcode ReceiveNFLOGThreadInit(ThreadVars *tv, const void *initdata, void **data)
213 {
214  NflogGroupConfig *nflconfig = (NflogGroupConfig *)initdata;
215 
216  if (initdata == NULL) {
217  SCLogError(SC_ERR_INVALID_ARGUMENT, "initdata == NULL");
219  }
220 
221  NFLOGThreadVars *ntv = SCMalloc(sizeof(NFLOGThreadVars));
222  if (unlikely(ntv == NULL)) {
223  nflconfig->DerefFunc(nflconfig);
225  }
226  memset(ntv, 0, sizeof(NFLOGThreadVars));
227 
228  ntv->tv = tv;
229  ntv->group = nflconfig->group;
230  ntv->nlbufsiz = nflconfig->nlbufsiz;
231  ntv->nlbufsiz_max = nflconfig->nlbufsiz_max;
232  ntv->qthreshold = nflconfig->qthreshold;
233  ntv->qtimeout = nflconfig->qtimeout;
234  ntv->nful_overrun_warned = nflconfig->nful_overrun_warned;
235 
236  ntv->h = nflog_open();
237  if (ntv->h == NULL) {
238  SCLogError(SC_ERR_NFLOG_OPEN, "nflog_open() failed");
239  SCFree(ntv);
240  return TM_ECODE_FAILED;
241  }
242 
243  SCLogDebug("binding netfilter_log as nflog handler for AF_INET and AF_INET6");
244 
245  if (nflog_bind_pf(ntv->h, AF_INET) < 0) {
246  SCLogError(SC_ERR_NFLOG_BIND, "nflog_bind_pf() for AF_INET failed");
247  exit(EXIT_FAILURE);
248  }
249  if (nflog_bind_pf(ntv->h, AF_INET6) < 0) {
250  SCLogError(SC_ERR_NFLOG_BIND, "nflog_bind_pf() for AF_INET6 failed");
251  exit(EXIT_FAILURE);
252  }
253 
254  ntv->gh = nflog_bind_group(ntv->h, ntv->group);
255  if (!ntv->gh) {
256  SCLogError(SC_ERR_NFLOG_OPEN, "nflog_bind_group() failed");
257  SCFree(ntv);
258  return TM_ECODE_FAILED;
259  }
260 
261  if (nflog_set_mode(ntv->gh, NFULNL_COPY_PACKET, 0xFFFF) < 0) {
262  SCLogError(SC_ERR_NFLOG_SET_MODE, "can't set packet_copy mode");
263  SCFree(ntv);
264  return TM_ECODE_FAILED;
265  }
266 
267  nflog_callback_register(ntv->gh, &NFLOGCallback, (void *)ntv);
268 
269  if (ntv->nlbufsiz < ntv->nlbufsiz_max)
270  ntv->nlbufsiz = nfnl_rcvbufsiz(nflog_nfnlh(ntv->h), ntv->nlbufsiz);
271  else {
272  SCLogError(SC_ERR_NFLOG_MAX_BUFSIZ, "Maximum buffer size (%d) in NFLOG "
273  "has been reached", ntv->nlbufsiz);
274  return TM_ECODE_FAILED;
275  }
276 
277  if (nflog_set_qthresh(ntv->gh, ntv->qthreshold) >= 0)
278  SCLogDebug("NFLOG netlink queue threshold has been set to %d",
279  ntv->qthreshold);
280  else
281  SCLogDebug("NFLOG netlink queue threshold can't be set to %d",
282  ntv->qthreshold);
283 
284  if (nflog_set_timeout(ntv->gh, ntv->qtimeout) >= 0)
285  SCLogDebug("NFLOG netlink queue timeout has been set to %d",
286  ntv->qtimeout);
287  else
288  SCLogDebug("NFLOG netlink queue timeout can't be set to %d",
289  ntv->qtimeout);
290 
291  ntv->livedev = LiveGetDevice(nflconfig->numgroup);
292  if (ntv->livedev == NULL) {
293  SCLogError(SC_ERR_INVALID_VALUE, "Unable to find Live device");
294  SCFree(ntv);
296  }
297 
298  /* set a timeout to the socket so we can check for a signal
299  * in case we don't get packets for a longer period. */
300  struct timeval timev;
301  timev.tv_sec = 1;
302  timev.tv_usec = 0;
303 
304  int fd = nflog_fd(ntv->h);
305  if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &timev, sizeof(timev)) == -1) {
306  SCLogWarning(SC_WARN_NFLOG_SETSOCKOPT, "can't set socket "
307  "timeout: %s", strerror(errno));
308  }
309 
310 #ifdef PACKET_STATISTICS
311  ntv->capture_kernel_packets = StatsRegisterCounter("capture.kernel_packets",
312  ntv->tv);
313  ntv->capture_kernel_drops = StatsRegisterCounter("capture.kernel_drops",
314  ntv->tv);
315 #endif
316 
317  char *active_runmode = RunmodeGetActive();
318  if (active_runmode && !strcmp("workers", active_runmode))
319  runmode_workers = 1;
320  else
321  runmode_workers = 0;
322 
323 #define T_DATA_SIZE 70000
324  ntv->data = SCMalloc(T_DATA_SIZE);
325  if (ntv->data == NULL) {
326  nflconfig->DerefFunc(nflconfig);
327  SCFree(ntv);
329  }
330 
331  ntv->datalen = T_DATA_SIZE;
332 #undef T_DATA_SIZE
333 
334  *data = (void *)ntv;
335 
336  nflconfig->DerefFunc(nflconfig);
338 }
339 
340 /**
341  * \brief DeInit function unbind group and close nflog's handle
342  * \param tv pointer to ThreadVars
343  * \param data pointer that gets cast into NFLogThreadVars
344  * \retval TM_ECODE_OK is always returned
345  */
346 TmEcode ReceiveNFLOGThreadDeinit(ThreadVars *tv, void *data)
347 {
348  NFLOGThreadVars *ntv = (NFLOGThreadVars *)data;
349 
350  SCLogDebug("closing nflog group %d", ntv->group);
351  if (nflog_unbind_pf(ntv->h, AF_INET) < 0) {
352  SCLogError(SC_ERR_NFLOG_UNBIND, "nflog_unbind_pf() for AF_INET failed");
353  exit(EXIT_FAILURE);
354  }
355 
356  if (nflog_unbind_pf(ntv->h, AF_INET6) < 0) {
357  SCLogError(SC_ERR_NFLOG_UNBIND, "nflog_unbind_pf() for AF_INET6 failed");
358  exit(EXIT_FAILURE);
359  }
360 
361  if (ntv->gh) {
362  nflog_unbind_group(ntv->gh);
363  ntv->gh = NULL;
364  }
365 
366  if (ntv->h) {
367  nflog_close(ntv->h);
368  ntv->h = NULL;
369  }
370 
371  if (ntv->data != NULL) {
372  SCFree(ntv->data);
373  ntv->data = NULL;
374  }
375  ntv->datalen = 0;
376 
377  SCFree(ntv);
378 
380 }
381 
382 /**
383  * \brief Increases netlink buffer size
384  *
385  * This function netlink's buffer size until
386  * the max buffer size is reached
387  *
388  * \param data pointer that gets cast into NFLOGThreadVars
389  * \param size netlink buffer size
390  */
391 static int NFLOGSetnlbufsiz(void *data, unsigned int size)
392 {
393  SCEnter();
394  NFLOGThreadVars *ntv = (NFLOGThreadVars *)data;
395 
396  if (size < ntv->nlbufsiz_max) {
397  ntv->nlbufsiz = nfnl_rcvbufsiz(nflog_nfnlh(ntv->h), ntv->nlbufsiz);
398  return 1;
399  }
400 
402  "Maximum buffer size (%d) in NFLOG has been "
403  "reached. Please, consider raising "
404  "`buffer-size` and `max-size` in nflog configuration",
405  ntv->nlbufsiz);
406  return 0;
407 
408 }
409 
410 /**
411  * \brief Recieves packets from a group via libnetfilter_log.
412  *
413  * This function recieves packets from a group and passes
414  * the packet on to the nflog callback function.
415  *
416  * \param tv pointer to ThreadVars
417  * \param data pointer that gets cast into NFLOGThreadVars
418  * \param slot slot containing task information
419  * \retval TM_ECODE_OK on success
420  * \retval TM_ECODE_FAILED on failure
421  */
422 TmEcode ReceiveNFLOGLoop(ThreadVars *tv, void *data, void *slot)
423 {
424  SCEnter();
425  NFLOGThreadVars *ntv = (NFLOGThreadVars *)data;
426  int rv, fd;
427  int ret = -1;
428 
429  ntv->slot = ((TmSlot *) slot)->slot_next;
430 
431  fd = nflog_fd(ntv->h);
432  if (fd < 0) {
433  SCLogError(SC_ERR_NFLOG_FD, "Can't obtain a file descriptor");
435  }
436 
437  while (1) {
438  if (suricata_ctl_flags != 0)
439  break;
440 
441  rv = recv(fd, ntv->data, ntv->datalen, 0);
442  if (rv < 0) {
443  /*We received an error on socket read */
444  if (errno == EINTR || errno == EWOULDBLOCK) {
445  /*Nothing for us to process */
446  continue;
447  } else if (errno == ENOBUFS) {
448  if (!ntv->nful_overrun_warned) {
449  int s = ntv->nlbufsiz * 2;
450  if (NFLOGSetnlbufsiz((void *)ntv, s)) {
452  "We are losing events, "
453  "increasing buffer size "
454  "to %d", ntv->nlbufsiz);
455  } else {
456  ntv->nful_overrun_warned = 1;
457  }
458  }
459  continue;
460  } else {
462  "Read from NFLOG fd failed: %s",
463  strerror(errno));
465  }
466  }
467 
468  ret = nflog_handle_packet(ntv->h, ntv->data, rv);
469  if (ret != 0)
471  "nflog_handle_packet error %" PRId32 "", ret);
472 
474  }
475 
477 }
478 
479 /**
480  * \brief This function prints stats to the screen at exit
481  * \param tv pointer to ThreadVars
482  * \param data pointer that gets cast into NFLOGThreadVars
483  */
484 void ReceiveNFLOGThreadExitStats(ThreadVars *tv, void *data)
485 {
486  SCEnter();
487  NFLOGThreadVars *ntv = (NFLOGThreadVars *)data;
488 
489  SCLogNotice("(%s) Pkts %" PRIu32 ", Bytes %" PRIu64 "",
490  tv->name, ntv->pkts, ntv->bytes);
491 }
492 
493 
494 /**
495  * \brief Decode IPv4/v6 packets.
496  *
497  * \param tv pointer to ThreadVars
498  * \param p pointer to the current packet
499  * \param data pointer that gets cast into NFLOGThreadVars for ptv
500  * \param pq pointer to the current PacketQueue
501  *
502  * \retval TM_ECODE_OK is always returned
503  */
504 TmEcode DecodeNFLOG(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq)
505 {
506  SCEnter();
507  IPV4Hdr *ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
508  IPV6Hdr *ip6h = (IPV6Hdr *)GET_PKT_DATA(p);
509  DecodeThreadVars *dtv = (DecodeThreadVars *)data;
510 
511  DecodeUpdatePacketCounters(tv, dtv, p);
512 
513  if (IPV4_GET_RAW_VER(ip4h) == 4) {
514  if (unlikely(GET_PKT_LEN(p) > USHRT_MAX)) {
515  return TM_ECODE_FAILED;
516  }
517  SCLogDebug("IPv4 packet");
518  DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
519  } else if(IPV6_GET_RAW_VER(ip6h) == 6) {
520  if (unlikely(GET_PKT_LEN(p) > USHRT_MAX)) {
521  return TM_ECODE_FAILED;
522  }
523  SCLogDebug("IPv6 packet");
524  DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
525  } else {
526  SCLogDebug("packet unsupported by NFLOG, first byte: %02x", *GET_PKT_DATA(p));
527  }
528 
529  PacketDecodeFinalize(tv, dtv, p);
530 
532 }
533 
534 /**
535  * \brief This an Init function for DecodeNFLOG
536  *
537  * \param tv pointer to ThreadVars
538  * \param initdata pointer to initilization data.
539  * \param data pointer that gets cast into NFLOGThreadVars
540  * \retval TM_ECODE_OK is returned on success
541  * \retval TM_ECODE_FAILED is returned on error
542  */
543 TmEcode DecodeNFLOGThreadInit(ThreadVars *tv, const void *initdata, void **data)
544 {
545  DecodeThreadVars *dtv = NULL;
546  dtv = DecodeThreadVarsAlloc(tv);
547 
548  if (dtv == NULL)
550 
552 
553  *data = (void *)dtv;
554 
556 }
557 
558 TmEcode DecodeNFLOGThreadDeinit(ThreadVars *tv, void *data)
559 {
560  if (data != NULL)
561  DecodeThreadVarsFree(tv, data);
563 }
564 
565 #endif /* NFLOG */
#define TM_FLAG_DECODE_TM
Definition: tm-modules.h:32
DecodeThreadVars * DecodeThreadVarsAlloc(ThreadVars *tv)
Alloc and setup DecodeThreadVars.
Definition: decode.c:605
#define SCLogDebug(...)
Definition: util-debug.h:335
uint8_t flags
Definition: tm-modules.h:70
TmEcode NoNFLOGSupportExit(ThreadVars *, const void *, void **)
Definition: source-nflog.c:60
#define SET_PKT_LEN(p, len)
Definition: decode.h:229
void PacketDecodeFinalize(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p)
Finalize decoding of a packet.
Definition: decode.c:115
#define unlikely(expr)
Definition: util-optimize.h:35
TmEcode(* Func)(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *)
Definition: tm-modules.h:52
void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
Definition: decode.c:465
void TmModuleReceiveNFLOGRegister(void)
Definition: source-nflog.c:48
#define SC_ATOMIC_ADD(name, val)
add a value to our atomic variable
Definition: util-atomic.h:107
void TmModuleDecodeNFLOGRegister(void)
Definition: source-nflog.c:54
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:201
Packet * PacketGetFromQueueOrAlloc(void)
Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packe...
Definition: decode.c:177
TmEcode(* PktAcqLoop)(ThreadVars *, void *, void *)
Definition: tm-modules.h:54
#define IPV4_GET_RAW_VER(ip4h)
Definition: decode-ipv4.h:94
void(* DerefFunc)(void *)
Definition: source-nflog.h:51
char * RunmodeGetActive(void)
Definition: runmodes.c:187
#define PKT_SET_SRC(p, src_val)
Definition: decode.h:1132
#define TM_FLAG_RECEIVE_TM
Definition: tm-modules.h:31
TmEcode(* PktAcqBreakLoop)(ThreadVars *, void *)
Definition: tm-modules.h:57
uint16_t StatsRegisterCounter(const char *name, struct ThreadVars_ *tv)
Registers a normal, unqualified counter.
Definition: counters.c:931
int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
Definition: decode-ipv4.c:532
uint32_t qthreshold
Definition: source-nflog.h:42
int DecodeIPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
Definition: decode-ipv6.c:583
void TmqhOutputPacketpool(ThreadVars *t, Packet *p)
int datalink
Definition: decode.h:574
#define IPV6_GET_RAW_VER(ip6h)
Definition: decode-ipv6.h:62
#define T_DATA_SIZE
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
uint8_t group
Structure to hold thread specific data for all decode modules.
Definition: decode.h:632
void(* RegisterTests)(void)
Definition: tm-modules.h:65
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: tm-modules.h:49
#define SCEnter(...)
Definition: util-debug.h:337
char numgroup[NFLOG_GROUP_NAME_LENGTH]
Definition: source-nflog.h:47
#define SCReturnInt(x)
Definition: util-debug.h:341
LiveDevice * LiveGetDevice(const char *name)
Get a pointer to the device at idx.
Definition: util-device.c:236
void(* ThreadExitPrintStats)(ThreadVars *, void *)
Definition: tm-modules.h:48
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:281
const char * name
Definition: tm-modules.h:44
#define SCMalloc(a)
Definition: util-mem.h:222
int PacketSetData(Packet *p, uint8_t *pktdata, uint32_t pktlen)
Set data for Packet and set length when zeo copy is used.
Definition: decode.c:644
#define SCFree(a)
Definition: util-mem.h:322
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:269
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.h:73
uint32_t nlbufsiz_max
Definition: source-nflog.h:40
#define StatsSyncCountersIfSignalled(tv)
Definition: counters.h:136
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:47
#define GET_PKT_DATA(p)
Definition: decode.h:225
void DecodeUpdatePacketCounters(ThreadVars *tv, const DecodeThreadVars *dtv, const Packet *p)
Definition: decode.c:571
char name[16]
Definition: threadvars.h:59
const char * msg
Per thread variable structure.
Definition: threadvars.h:57
struct timeval ts
Definition: decode.h:451
#define GET_PKT_LEN(p)
Definition: decode.h:224
void DecodeThreadVarsFree(ThreadVars *tv, DecodeThreadVars *dtv)
Definition: decode.c:624
int PacketCopyData(Packet *p, uint8_t *pktdata, uint32_t pktlen)
Copy data to Packet payload and set packet length.
Definition: decode.c:259