suricata
source.c
Go to the documentation of this file.
1 /* Copyright (C) 2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata.h"
19 #include "threadvars.h"
20 #include "tm-modules.h"
21 #include "tm-threads-common.h"
22 #include "tm-threads.h"
23 #include "packet.h"
24 
25 #include "source.h"
26 
27 /* DNS request for suricata.io. */
28 static const unsigned char DNS_REQUEST[94] = {
29  0xa0, 0x36, 0x9f, 0x4c, 0x4c, 0x28, 0x50, 0xeb, /* .6.LL(P. */
30  0xf6, 0x7d, 0xea, 0x54, 0x08, 0x00, 0x45, 0x00, /* .}.T..E. */
31  0x00, 0x50, 0x19, 0xae, 0x00, 0x00, 0x40, 0x11, /* .P....@. */
32  0x4a, 0xc4, 0x0a, 0x10, 0x01, 0x0b, 0x0a, 0x10, /* J....... */
33  0x01, 0x01, 0x95, 0x97, 0x00, 0x35, 0x00, 0x3c, /* .....5.< */
34  0x90, 0x6e, 0xdb, 0x12, 0x01, 0x20, 0x00, 0x01, /* .n... .. */
35  0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x73, /* .......s */
36  0x75, 0x72, 0x69, 0x63, 0x61, 0x74, 0x61, 0x02, /* uricata. */
37  0x69, 0x6f, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, /* io...... */
38  0x00, 0x29, 0x04, 0xd0, 0x00, 0x00, 0x00, 0x00, /* .)...... */
39  0x00, 0x0c, 0x00, 0x0a, 0x00, 0x08, 0x88, 0x51, /* .......Q */
40  0x20, 0xaf, 0x46, 0xc5, 0xdc, 0xce /* .F... */
41 };
42 
43 static TmEcode ReceiveThreadInit(ThreadVars *tv, const void *initdata, void **data)
44 {
45  SCLogNotice("...");
46  return TM_ECODE_OK;
47 }
48 
49 static TmEcode ReceiveThreadDeinit(ThreadVars *tv, void *data)
50 {
51  SCLogNotice("...");
52  return TM_ECODE_OK;
53 }
54 
55 static TmEcode ReceiveLoop(ThreadVars *tv, void *data, void *slot)
56 {
57  SCLogNotice("...");
58 
59  if (suricata_ctl_flags & SURICATA_STOP) {
60  SCReturnInt(TM_ECODE_OK);
61  }
62 
63  TmSlot *s = ((TmSlot *)slot)->slot_next;
64 
65  /* Notify we are running and processing packets. */
66  TmThreadsSetFlag(tv, THV_RUNNING);
67 
68  PacketPoolWait();
69  Packet *p = PacketGetFromQueueOrAlloc();
70  if (unlikely(p == NULL)) {
71  return TM_ECODE_FAILED;
72  }
73  SCPacketSetSource(p, PKT_SRC_WIRE);
74  struct timeval now;
75  gettimeofday(&now, NULL);
76  SCPacketSetTime(p, SCTIME_FROM_TIMEVAL(&now));
77  SCPacketSetDatalink(p, LINKTYPE_ETHERNET);
78  p->flags |= PKT_IGNORE_CHECKSUM;
79 
80  if (unlikely(PacketCopyData(p, DNS_REQUEST, sizeof(DNS_REQUEST)) != 0)) {
81  TmqhOutputPacketpool(tv, p);
82  return TM_ECODE_FAILED;
83  }
84 
85  if (TmThreadsSlotProcessPkt(tv, s, p) != TM_ECODE_OK) {
86  return TM_ECODE_FAILED;
87  }
88 
89  EngineStop();
90  return TM_ECODE_DONE;
91 }
92 
93 static void ReceiveThreadExitPrintStats(ThreadVars *tv, void *data)
94 {
95  SCLogNotice("...");
96 }
97 
98 static TmEcode DecodeThreadInit(ThreadVars *tv, const void *initdata, void **data)
99 {
100  SCLogNotice("...");
101 
102  DecodeThreadVars *dtv = DecodeThreadVarsAlloc(tv);
103  if (dtv == NULL) {
104  SCReturnInt(TM_ECODE_FAILED);
105  }
106  DecodeRegisterPerfCounters(dtv, tv);
107  *data = (void *)dtv;
108 
109  return TM_ECODE_OK;
110 }
111 
112 static TmEcode DecodeThreadDeinit(ThreadVars *tv, void *data)
113 {
114  SCLogNotice("...");
115 
116  if (data != NULL) {
117  DecodeThreadVarsFree(tv, data);
118  }
119  SCReturnInt(TM_ECODE_OK);
120 
121  return TM_ECODE_OK;
122 }
123 
124 static TmEcode Decode(ThreadVars *tv, Packet *p, void *data)
125 {
126  SCLogNotice("...");
127 
128  DecodeLinkLayer(tv, data, p->datalink, p, GET_PKT_DATA(p), GET_PKT_LEN(p));
129 
130  return TM_ECODE_OK;
131 }
132 
133 void TmModuleReceiveCiCaptureRegister(int slot)
134 {
135  tmm_modules[slot].name = "ReceiveCiCapture";
136  tmm_modules[slot].ThreadInit = ReceiveThreadInit;
137  tmm_modules[slot].Func = NULL;
138  tmm_modules[slot].PktAcqLoop = ReceiveLoop;
139  tmm_modules[slot].PktAcqBreakLoop = NULL;
140  tmm_modules[slot].ThreadExitPrintStats = ReceiveThreadExitPrintStats;
141  tmm_modules[slot].ThreadDeinit = ReceiveThreadDeinit;
142  tmm_modules[slot].cap_flags = 0;
143  tmm_modules[slot].flags = TM_FLAG_RECEIVE_TM;
144 }
145 
146 void TmModuleDecodeCiCaptureRegister(int slot)
147 {
148  tmm_modules[slot].name = "DecodeCiCapture";
149  tmm_modules[slot].ThreadInit = DecodeThreadInit;
150  tmm_modules[slot].Func = Decode;
151  tmm_modules[slot].ThreadExitPrintStats = NULL;
152  tmm_modules[slot].ThreadDeinit = DecodeThreadDeinit;
153  tmm_modules[slot].cap_flags = 0;
154  tmm_modules[slot].flags = TM_FLAG_DECODE_TM;
155 }
TmModule_::cap_flags
uint8_t cap_flags
Definition: tm-modules.h:73
tm-threads.h
PacketCopyData
int PacketCopyData(Packet *p, const uint8_t *pktdata, uint32_t pktlen)
Copy data to Packet payload and set packet length.
Definition: decode.c:351
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
TmThreadsSetFlag
void TmThreadsSetFlag(ThreadVars *tv, uint32_t flag)
Set a thread flag.
Definition: tm-threads.c:101
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:83
Packet_::flags
uint32_t flags
Definition: decode.h:514
THV_RUNNING
#define THV_RUNNING
Definition: threadvars.h:55
SURICATA_STOP
#define SURICATA_STOP
Definition: suricata.h:89
tm-threads-common.h
tm-modules.h
TmqhOutputPacketpool
void TmqhOutputPacketpool(ThreadVars *t, Packet *p)
Definition: tmqh-packetpool.c:314
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:82
TmModule_::PktAcqLoop
TmEcode(* PktAcqLoop)(ThreadVars *, void *, void *)
Definition: tm-modules.h:54
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:81
SCPacketSetSource
void SCPacketSetSource(Packet *p, enum PktSrcEnum source)
Set packet source.
Definition: packet.c:185
TmModule_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: tm-modules.h:49
Packet_::datalink
int datalink
Definition: decode.h:609
DecodeRegisterPerfCounters
void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
Definition: decode.c:602
source.h
PKT_SRC_WIRE
@ PKT_SRC_WIRE
Definition: decode.h:52
TmModule_::PktAcqBreakLoop
TmEcode(* PktAcqBreakLoop)(ThreadVars *, void *)
Definition: tm-modules.h:57
GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition: decode.h:206
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
SCTIME_FROM_TIMEVAL
#define SCTIME_FROM_TIMEVAL(tv)
Definition: util-time.h:79
TmModule_::Func
TmEcode(* Func)(ThreadVars *, Packet *, void *)
Definition: tm-modules.h:52
TmModuleDecodeCiCaptureRegister
void TmModuleDecodeCiCaptureRegister(int slot)
Definition: source.c:146
TmModuleReceiveCiCaptureRegister
void TmModuleReceiveCiCaptureRegister(int slot)
Definition: source.c:133
PacketPoolWait
void PacketPoolWait(void)
Definition: tmqh-packetpool.c:80
Packet_
Definition: decode.h:477
TM_FLAG_DECODE_TM
#define TM_FLAG_DECODE_TM
Definition: tm-modules.h:33
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:29
GET_PKT_LEN
#define GET_PKT_LEN(p)
Definition: decode.h:205
SCPacketSetTime
void SCPacketSetTime(Packet *p, SCTime_t ts)
Set the timestamp for a packet.
Definition: packet.c:180
TmSlot_
Definition: tm-threads.h:53
PKT_IGNORE_CHECKSUM
#define PKT_IGNORE_CHECKSUM
Definition: decode.h:1244
TmEcode
TmEcode
Definition: tm-threads-common.h:80
TmModule_::name
const char * name
Definition: tm-modules.h:44
TM_FLAG_RECEIVE_TM
#define TM_FLAG_RECEIVE_TM
Definition: tm-modules.h:32
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
DecodeThreadVarsFree
void DecodeThreadVarsFree(ThreadVars *tv, DecodeThreadVars *dtv)
Definition: decode.c:792
packet.h
TmModule_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:47
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:451
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
TmModule_::ThreadExitPrintStats
void(* ThreadExitPrintStats)(ThreadVars *, void *)
Definition: tm-modules.h:48
threadvars.h
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:933
DecodeThreadVarsAlloc
DecodeThreadVars * DecodeThreadVarsAlloc(ThreadVars *tv)
Alloc and setup DecodeThreadVars.
Definition: decode.c:774
suricata.h
SCPacketSetDatalink
void SCPacketSetDatalink(Packet *p, int datalink)
Set a packets data link type.
Definition: packet.c:175
TmSlot_::slot_next
struct TmSlot_ * slot_next
Definition: tm-threads.h:62
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:237
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
PacketGetFromQueueOrAlloc
Packet * PacketGetFromQueueOrAlloc(void)
Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packe...
Definition: decode.c:267
TmModule_::flags
uint8_t flags
Definition: tm-modules.h:76
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:170