suricata
source.c
Go to the documentation of this file.
1 /* Copyright (C) 2024 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "suricata.h"
19 #include "threadvars.h"
20 #include "tm-modules.h"
21 #include "tm-threads-common.h"
22 #include "tm-threads.h"
23 
24 #include "source.h"
25 
26 /* DNS request for suricata.io. */
27 static const unsigned char DNS_REQUEST[94] = {
28  0xa0, 0x36, 0x9f, 0x4c, 0x4c, 0x28, 0x50, 0xeb, /* .6.LL(P. */
29  0xf6, 0x7d, 0xea, 0x54, 0x08, 0x00, 0x45, 0x00, /* .}.T..E. */
30  0x00, 0x50, 0x19, 0xae, 0x00, 0x00, 0x40, 0x11, /* .P....@. */
31  0x4a, 0xc4, 0x0a, 0x10, 0x01, 0x0b, 0x0a, 0x10, /* J....... */
32  0x01, 0x01, 0x95, 0x97, 0x00, 0x35, 0x00, 0x3c, /* .....5.< */
33  0x90, 0x6e, 0xdb, 0x12, 0x01, 0x20, 0x00, 0x01, /* .n... .. */
34  0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x73, /* .......s */
35  0x75, 0x72, 0x69, 0x63, 0x61, 0x74, 0x61, 0x02, /* uricata. */
36  0x69, 0x6f, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, /* io...... */
37  0x00, 0x29, 0x04, 0xd0, 0x00, 0x00, 0x00, 0x00, /* .)...... */
38  0x00, 0x0c, 0x00, 0x0a, 0x00, 0x08, 0x88, 0x51, /* .......Q */
39  0x20, 0xaf, 0x46, 0xc5, 0xdc, 0xce /* .F... */
40 };
41 
42 static TmEcode ReceiveThreadInit(ThreadVars *tv, const void *initdata, void **data)
43 {
44  SCLogNotice("...");
45  return TM_ECODE_OK;
46 }
47 
48 static TmEcode ReceiveThreadDeinit(ThreadVars *tv, void *data)
49 {
50  SCLogNotice("...");
51  return TM_ECODE_OK;
52 }
53 
54 static TmEcode ReceiveLoop(ThreadVars *tv, void *data, void *slot)
55 {
56  SCLogNotice("...");
57 
58  if (suricata_ctl_flags & SURICATA_STOP) {
59  SCReturnInt(TM_ECODE_OK);
60  }
61 
62  TmSlot *s = ((TmSlot *)slot)->slot_next;
63 
64  /* Notify we are running and processing packets. */
65  TmThreadsSetFlag(tv, THV_RUNNING);
66 
67  PacketPoolWait();
68  Packet *p = PacketGetFromQueueOrAlloc();
69  if (unlikely(p == NULL)) {
70  return TM_ECODE_FAILED;
71  }
72  PKT_SET_SRC(p, PKT_SRC_WIRE);
73  struct timeval now;
74  gettimeofday(&now, NULL);
75  p->ts = SCTIME_FROM_TIMEVAL(&now);
76  p->datalink = LINKTYPE_ETHERNET;
77  p->flags |= PKT_IGNORE_CHECKSUM;
78 
79  if (unlikely(PacketCopyData(p, DNS_REQUEST, sizeof(DNS_REQUEST)) != 0)) {
80  TmqhOutputPacketpool(tv, p);
81  return TM_ECODE_FAILED;
82  }
83 
84  if (TmThreadsSlotProcessPkt(tv, s, p) != TM_ECODE_OK) {
85  return TM_ECODE_FAILED;
86  }
87 
88  EngineStop();
89  return TM_ECODE_DONE;
90 }
91 
92 static void ReceiveThreadExitPrintStats(ThreadVars *tv, void *data)
93 {
94  SCLogNotice("...");
95 }
96 
97 static TmEcode DecodeThreadInit(ThreadVars *tv, const void *initdata, void **data)
98 {
99  SCLogNotice("...");
100 
101  DecodeThreadVars *dtv = DecodeThreadVarsAlloc(tv);
102  if (dtv == NULL) {
103  SCReturnInt(TM_ECODE_FAILED);
104  }
105  DecodeRegisterPerfCounters(dtv, tv);
106  *data = (void *)dtv;
107 
108  return TM_ECODE_OK;
109 }
110 
111 static TmEcode DecodeThreadDeinit(ThreadVars *tv, void *data)
112 {
113  SCLogNotice("...");
114 
115  if (data != NULL) {
116  DecodeThreadVarsFree(tv, data);
117  }
118  SCReturnInt(TM_ECODE_OK);
119 
120  return TM_ECODE_OK;
121 }
122 
123 static TmEcode Decode(ThreadVars *tv, Packet *p, void *data)
124 {
125  SCLogNotice("...");
126 
127  DecodeLinkLayer(tv, data, p->datalink, p, GET_PKT_DATA(p), GET_PKT_LEN(p));
128 
129  return TM_ECODE_OK;
130 }
131 
132 void TmModuleReceiveCiCaptureRegister(int slot)
133 {
134  tmm_modules[slot].name = "ReceiveCiCapture";
135  tmm_modules[slot].ThreadInit = ReceiveThreadInit;
136  tmm_modules[slot].Func = NULL;
137  tmm_modules[slot].PktAcqLoop = ReceiveLoop;
138  tmm_modules[slot].PktAcqBreakLoop = NULL;
139  tmm_modules[slot].ThreadExitPrintStats = ReceiveThreadExitPrintStats;
140  tmm_modules[slot].ThreadDeinit = ReceiveThreadDeinit;
141  tmm_modules[slot].cap_flags = 0;
142  tmm_modules[slot].flags = TM_FLAG_RECEIVE_TM;
143 }
144 
145 void TmModuleDecodeCiCaptureRegister(int slot)
146 {
147  tmm_modules[slot].name = "DecodeCiCapture";
148  tmm_modules[slot].ThreadInit = DecodeThreadInit;
149  tmm_modules[slot].Func = Decode;
150  tmm_modules[slot].ThreadExitPrintStats = NULL;
151  tmm_modules[slot].ThreadDeinit = DecodeThreadDeinit;
152  tmm_modules[slot].cap_flags = 0;
153  tmm_modules[slot].flags = TM_FLAG_DECODE_TM;
154 }
TmModule_::cap_flags
uint8_t cap_flags
Definition: tm-modules.h:74
tm-threads.h
PacketCopyData
int PacketCopyData(Packet *p, const uint8_t *pktdata, uint32_t pktlen)
Copy data to Packet payload and set packet length.
Definition: decode.c:348
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
TmThreadsSetFlag
void TmThreadsSetFlag(ThreadVars *tv, uint32_t flag)
Set a thread flag.
Definition: tm-threads.c:99
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:86
Packet_::flags
uint32_t flags
Definition: decode.h:525
THV_RUNNING
#define THV_RUNNING
Definition: threadvars.h:54
SURICATA_STOP
#define SURICATA_STOP
Definition: suricata.h:89
tm-threads-common.h
tm-modules.h
TmqhOutputPacketpool
void TmqhOutputPacketpool(ThreadVars *t, Packet *p)
Definition: tmqh-packetpool.c:317
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:85
TmModule_::PktAcqLoop
TmEcode(* PktAcqLoop)(ThreadVars *, void *, void *)
Definition: tm-modules.h:55
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:84
TmModule_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition: tm-modules.h:50
Packet_::datalink
int datalink
Definition: decode.h:628
PKT_SET_SRC
#define PKT_SET_SRC(p, src_val)
Definition: decode.h:1318
DecodeRegisterPerfCounters
void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
Definition: decode.c:599
source.h
PKT_SRC_WIRE
@ PKT_SRC_WIRE
Definition: decode.h:55
TmModule_::PktAcqBreakLoop
TmEcode(* PktAcqBreakLoop)(ThreadVars *, void *)
Definition: tm-modules.h:58
Packet_::ts
SCTime_t ts
Definition: decode.h:536
GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition: decode.h:213
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
SCTIME_FROM_TIMEVAL
#define SCTIME_FROM_TIMEVAL(tv)
Definition: util-time.h:79
TmModule_::Func
TmEcode(* Func)(ThreadVars *, Packet *, void *)
Definition: tm-modules.h:53
TmModuleDecodeCiCaptureRegister
void TmModuleDecodeCiCaptureRegister(int slot)
Definition: source.c:145
TmModuleReceiveCiCaptureRegister
void TmModuleReceiveCiCaptureRegister(int slot)
Definition: source.c:132
PacketPoolWait
void PacketPoolWait(void)
Definition: tmqh-packetpool.c:80
Packet_
Definition: decode.h:488
TM_FLAG_DECODE_TM
#define TM_FLAG_DECODE_TM
Definition: tm-modules.h:33
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:33
GET_PKT_LEN
#define GET_PKT_LEN(p)
Definition: decode.h:212
TmSlot_
Definition: tm-threads.h:53
PKT_IGNORE_CHECKSUM
#define PKT_IGNORE_CHECKSUM
Definition: decode.h:1278
TmEcode
TmEcode
Definition: tm-threads-common.h:83
TmModule_::name
const char * name
Definition: tm-modules.h:45
TM_FLAG_RECEIVE_TM
#define TM_FLAG_RECEIVE_TM
Definition: tm-modules.h:32
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
DecodeThreadVarsFree
void DecodeThreadVarsFree(ThreadVars *tv, DecodeThreadVars *dtv)
Definition: decode.c:787
TmModule_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition: tm-modules.h:48
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:448
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
TmModule_::ThreadExitPrintStats
void(* ThreadExitPrintStats)(ThreadVars *, void *)
Definition: tm-modules.h:49
threadvars.h
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:933
DecodeThreadVarsAlloc
DecodeThreadVars * DecodeThreadVarsAlloc(ThreadVars *tv)
Alloc and setup DecodeThreadVars.
Definition: decode.c:769
suricata.h
TmSlot_::slot_next
struct TmSlot_ * slot_next
Definition: tm-threads.h:62
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:237
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
PacketGetFromQueueOrAlloc
Packet * PacketGetFromQueueOrAlloc(void)
Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packe...
Definition: decode.c:264
TmModule_::flags
uint8_t flags
Definition: tm-modules.h:77
LINKTYPE_ETHERNET
#define LINKTYPE_ETHERNET
Definition: decode.h:1229
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:172