suricata
suricata-common.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Common includes, etc.
24  */
25 
26 #ifndef __SURICATA_COMMON_H__
27 #define __SURICATA_COMMON_H__
28 
29 #ifdef DEBUG
30 #define DBG_PERF
31 #endif
32 
33 #define _GNU_SOURCE
34 #define __USE_GNU
35 
36 #if defined(__clang_analyzer__)
37 /* clang analyzer acts as DEBUG_VALIDATION in some places, so
38  * force this so #ifdef DEBUG_VALIDATION code gets included */
39 #define DEBUG_VALIDATION 1
40 #endif
41 
42 #if defined(__has_feature)
43 #if __has_feature(address_sanitizer)
44 #define SC_ADDRESS_SANITIZER 1
45 #endif
46 #elif defined(__SANITIZE_ADDRESS__)
47 #define SC_ADDRESS_SANITIZER 1
48 #endif
49 
50 #if HAVE_CONFIG_H
51 #include "autoconf.h"
52 #endif
53 
54 #ifndef CLS
55 #warning "L1 cache line size not detected during build. Assuming 64 bytes."
56 #define CLS 64
57 #endif
58 
59 #if HAVE_DIRENT_H
60 #include <dirent.h>
61 #endif
62 
63 #if HAVE_STDIO_H
64 #include <stdio.h>
65 #endif
66 
67 #if HAVE_STDDEF_H
68 #include <stddef.h>
69 #endif
70 
71 #if HAVE_STDINT_h
72 #include <stdint.h>
73 #endif
74 
75 #if HAVE_STDBOOL_H
76 #include <stdbool.h>
77 #endif
78 
79 #if HAVE_STDARG_H
80 #include <stdarg.h>
81 #endif
82 
83 #ifdef HAVE_STDLIB_H
84 #include <stdlib.h>
85 #endif
86 
87 #if HAVE_ERRNO_H
88 #include <errno.h>
89 #endif
90 
91 #if HAVE_UNISTD_H
92 #include <unistd.h>
93 #endif
94 
95 #if HAVE_INTTYPES_H
96 #include <inttypes.h>
97 #endif
98 
99 #if HAVE_LIMITS_H
100 #include <limits.h>
101 #endif
102 
103 #if HAVE_CTYPE_H
104 #include <ctype.h>
105 #endif
106 
107 #if HAVE_STRING_H
108 #include <string.h>
109 #endif
110 
111 #if HAVE_STRINGS_H
112 #include <strings.h>
113 #endif
114 
115 #if HAVE_FCNTL_H
116 #include <fcntl.h>
117 #endif
118 
119 #ifdef HAVE_TIME_H
120 #include <time.h>
121 #endif
122 
123 #if HAVE_SYS_SYSCALL_H
124 #include <sys/syscall.h>
125 #endif
126 
127 #if HAVE_SYSCALL_H
128 #include <syscall.h>
129 #endif
130 
131 #if HAVE_SYS_TYPES_H
132 #include <sys/types.h> /* for gettid(2) */
133 #endif
134 
135 #if HAVE_SCHED_H
136 #include <sched.h> /* for sched_setaffinity(2) */
137 #endif
138 
139 #ifdef HAVE_TYPE_U_LONG_NOT_DEFINED
140 typedef unsigned long int u_long;
141 #endif
142 #ifdef HAVE_TYPE_U_INT_NOT_DEFINED
143 typedef unsigned int u_int;
144 #endif
145 #ifdef HAVE_TYPE_U_SHORT_NOT_DEFINED
146 typedef unsigned short u_short;
147 #endif
148 #ifdef HAVE_TYPE_U_CHAR_NOT_DEFINED
149 typedef unsigned char u_char;
150 #endif
151 
152 #include <pcre2.h>
153 
154 #ifdef HAVE_SYSLOG_H
155 #include <syslog.h>
156 #else
157 #ifdef OS_WIN32
158 #include "win32-syslog.h"
159 #endif /* OS_WIN32 */
160 #endif /* HAVE_SYSLOG_H */
161 
162 #ifdef OS_WIN32
163 #include "win32-misc.h"
164 #include "win32-service.h"
165 #endif /* OS_WIN32 */
166 
167 #if HAVE_SYS_TIME_H
168 #include <sys/time.h>
169 #endif
170 
171 #if HAVE_POLL_H
172 #include <poll.h>
173 #endif
174 
175 #if HAVE_SYS_SIGNAL_H
176 #include <sys/signal.h>
177 #endif
178 
179 #if HAVE_SIGNAL_H
180 #include <signal.h>
181 #endif
182 
183 #if HAVE_SYS_SOCKET_H
184 #include <sys/socket.h>
185 #endif
186 
187 #if HAVE_SYS_STAT_H
188 #include <sys/stat.h>
189 #endif
190 
191 #if HAVE_SYS_IOCTL_H
192 #include <sys/ioctl.h>
193 #endif
194 
195 #if HAVE_SYS_MMAN_H
196 #include <sys/mman.h>
197 #endif
198 
199 #if HAVE_SYS_RANDOM_H
200 #include <sys/random.h>
201 #endif
202 
203 #if HAVE_NETINET_IN_H
204 #include <netinet/in.h>
205 #endif
206 
207 #if HAVE_ARPA_INET_H
208 #include <arpa/inet.h>
209 #endif
210 
211 #if HAVE_NETDB_H
212 #include <netdb.h>
213 #endif
214 
215 #if HAVE_MALLOC_H
216 #include <malloc.h>
217 #endif
218 
219 #if __CYGWIN__
220 #if !defined _X86_ && !defined __x86_64
221 #define _X86_
222 #endif
223 #endif
224 
225 #if !__CYGWIN__
226 #ifdef HAVE_WINSOCK2_H
227 #include <winsock2.h>
228 #endif
229 #ifdef HAVE_WS2TCPIP_H
230 #include <ws2tcpip.h>
231 #endif
232 #endif /* !__CYGWIN__ */
233 
234 #ifdef HAVE_WINDOWS_H
235 #ifndef _WIN32_WINNT
236 #define _WIN32_WINNT 0x0501
237 #endif
238 #include <windows.h>
239 #endif
240 
241 #ifdef HAVE_W32API_WINBASE_H
242 #include <w32api/winbase.h>
243 #endif
244 
245 #ifdef HAVE_W32API_WTYPES_H
246 #include <w32api/wtypes.h>
247 #endif
248 
249 #ifndef SC_PCAP_DONT_INCLUDE_PCAP_H
250 #ifdef HAVE_PCAP_H
251 #include <pcap.h>
252 #endif
253 
254 #ifdef HAVE_PCAP_PCAP_H
255 #include <pcap/pcap.h>
256 #endif
257 #endif
258 
259 #ifdef HAVE_UTIME_H
260 #include <utime.h>
261 #endif
262 
263 #ifdef HAVE_LIBGEN_H
264 #include <libgen.h>
265 #endif
266 
267 #ifdef HAVE_GRP_H
268 #include <grp.h>
269 #endif
270 
271 #ifdef HAVE_PWD_H
272 #include <pwd.h>
273 #endif
274 
275 #include <jansson.h>
276 #ifndef JSON_ESCAPE_SLASH
277 #define JSON_ESCAPE_SLASH 0
278 #endif
279 
280 #ifdef HAVE_MAGIC
281 #include <magic.h>
282 #endif
283 
284 #ifdef HAVE_MATH_H
285 #include <math.h>
286 #endif
287 
288 /* we need this to stringify the defines which are supplied at compiletime see:
289  http://gcc.gnu.org/onlinedocs/gcc-3.4.1/cpp/Stringification.html#Stringification */
290 #define xstr(s) str(s)
291 #define str(s) #s
292 
293 #if CPPCHECK==1
294  #define BUG_ON(x) if (((x))) exit(1)
295 #else
296  #if defined HAVE_ASSERT_H && !defined NDEBUG
297  #include <assert.h>
298  #define BUG_ON(x) assert(!(x))
299  #else
300  #define BUG_ON(x) do { \
301  if (((x))) { \
302  fprintf(stderr, "BUG at %s:%d(%s)\n", __FILE__, __LINE__, __func__); \
303  fprintf(stderr, "Code: '%s'\n", xstr((x))); \
304  exit(EXIT_FAILURE); \
305  } \
306  } while(0)
307  #endif
308 #endif
309 
310 /** type for the internal signature id. Since it's used in the matching engine
311  * extensively keeping this as small as possible reduces the overall memory
312  * footprint of the engine. Set to uint32_t if the engine needs to support
313  * more than 64k sigs. */
314 //#define SigIntId uint16_t
315 #define SigIntId uint32_t
316 
317 /** same for pattern id's */
318 #define PatIntId uint32_t
319 
320 /** FreeBSD does not define __WORDSIZE, but it uses __LONG_BIT */
321 #ifndef __WORDSIZE
322  #ifdef __LONG_BIT
323  #define __WORDSIZE __LONG_BIT
324  #else
325  #ifdef LONG_BIT
326  #define __WORDSIZE LONG_BIT
327  #endif
328  #endif
329 #endif
330 
331 /** Windows does not define __WORDSIZE, but it uses __X86__ */
332 #ifndef __WORDSIZE
333  #if defined(__X86__) || defined(_X86_) || defined(_M_IX86)
334  #define __WORDSIZE 32
335  #else
336  #if defined(__X86_64__) || defined(_X86_64_) || \
337  defined(__x86_64) || defined(__x86_64__) || \
338  defined(__amd64) || defined(__amd64__)
339  #define __WORDSIZE 64
340  #endif
341  #endif
342 #endif
343 
344 /** if not succesful yet try the data models */
345 #ifndef __WORDSIZE
346  #if defined(_ILP32) || defined(__ILP32__)
347  #define __WORDSIZE 32
348  #endif
349  #if defined(_LP64) || defined(__LP64__)
350  #define __WORDSIZE 64
351  #endif
352 #endif
353 
354 #ifndef __WORDSIZE
355  #warning Defaulting to __WORDSIZE 32
356  #define __WORDSIZE 32
357 #endif
358 
359 /** darwin doesn't defined __BYTE_ORDER and friends, but BYTE_ORDER */
360 #ifndef __BYTE_ORDER
361  #if defined(BYTE_ORDER)
362  #define __BYTE_ORDER BYTE_ORDER
363  #elif defined(__BYTE_ORDER__)
364  #define __BYTE_ORDER __BYTE_ORDER__
365  #else
366  #error "byte order not detected"
367  #endif
368 #endif
369 
370 #ifndef __LITTLE_ENDIAN
371  #if defined(LITTLE_ENDIAN)
372  #define __LITTLE_ENDIAN LITTLE_ENDIAN
373  #elif defined(__ORDER_LITTLE_ENDIAN__)
374  #define __LITTLE_ENDIAN __ORDER_LITTLE_ENDIAN__
375  #endif
376 #endif
377 
378 #ifndef __BIG_ENDIAN
379  #if defined(BIG_ENDIAN)
380  #define __BIG_ENDIAN BIG_ENDIAN
381  #elif defined(__ORDER_BIG_ENDIAN__)
382  #define __BIG_ENDIAN __ORDER_BIG_ENDIAN__
383  #endif
384 #endif
385 
386 #if !defined(__LITTLE_ENDIAN) && !defined(__BIG_ENDIAN)
387  #error "byte order: can't figure out big or little"
388 #endif
389 
390 #ifndef MIN
391 #define MIN(x, y) (((x)<(y))?(x):(y))
392 #endif
393 
394 #ifndef MAX
395 #define MAX(x, y) (((x)<(y))?(y):(x))
396 #endif
397 
398 #define BIT_U8(n) ((uint8_t)(1 << (n)))
399 #define BIT_U16(n) ((uint16_t)(1 << (n)))
400 #define BIT_U32(n) (1UL << (n))
401 #define BIT_U64(n) (1ULL << (n))
402 
403 #define WARN_UNUSED __attribute__((warn_unused_result))
404 
405 #if defined(__MINGW32__)
406 #define ATTR_FMT_PRINTF(x, y) __attribute__((format(__MINGW_PRINTF_FORMAT, (x), (y))))
407 #elif defined(__GNUC__)
408 #define ATTR_FMT_PRINTF(x, y) __attribute__((format(printf, (x), (y))))
409 #else
410 #define ATTR_FMT_PRINTF(x, y)
411 #endif
412 
413 #define SCNtohl(x) (uint32_t)ntohl((x))
414 #define SCNtohs(x) (uint16_t)ntohs((x))
415 
416 /* swap flags if one of them is set, otherwise do nothing. */
417 #define SWAP_FLAGS(flags, a, b) \
418  do { \
419  if (((flags) & ((a)|(b))) == (a)) { \
420  (flags) &= ~(a); \
421  (flags) |= (b); \
422  } else if (((flags) & ((a)|(b))) == (b)) { \
423  (flags) &= ~(b); \
424  (flags) |= (a); \
425  } \
426  } while(0)
427 
428 #define SWAP_VARS(type, a, b) \
429  do { \
430  type t = (a); \
431  (a) = (b); \
432  (b) = t; \
433  } while (0)
434 
435 #include <ctype.h>
436 #define u8_tolower(c) ((uint8_t)tolower((uint8_t)(c)))
437 #define u8_toupper(c) ((uint8_t)toupper((uint8_t)(c)))
438 
455 
458 
459 /** \note update PacketProfileLoggerIdToString if you change anything here */
460 typedef enum {
462 
463  /* TX loggers first for low logger IDs */
470 
471  /** \warning Note that transaction loggers here with a value > 31
472  will not work. */
473 
474  /* non-tx loggers below */
475 
494 } LoggerId;
495 
496 #ifndef HAVE_LUA
497 
498 /* If we don't have Lua, create a typedef for lua_State so the
499  * exported Lua functions don't fail the build. */
500 typedef void lua_State;
501 
502 #else
503 
504 #include <lua.h>
505 #include <lualib.h>
506 #include <lauxlib.h>
507 
508 #endif
509 
510 #include "tm-threads-common.h"
511 #include "util-optimize.h"
512 #include "util-time.h"
513 #include "util-mem.h"
514 #include "util-memcmp.h"
515 #include "util-atomic.h"
516 #include "util-unittest.h"
517 
518 // pseudo system headers
519 #include "queue.h"
520 #include "tree.h"
521 
522 #ifndef HAVE_STRLCAT
523 size_t strlcat(char *, const char *src, size_t siz);
524 #endif
525 #ifndef HAVE_STRLCPY
526 size_t strlcpy(char *dst, const char *src, size_t siz);
527 #endif
528 #ifndef HAVE_STRPTIME
529 char *strptime(const char * __restrict, const char * __restrict, struct tm * __restrict);
530 #endif
531 
532 #ifndef HAVE_FWRITE_UNLOCKED
533 #define SCFwriteUnlocked fwrite
534 #define SCFflushUnlocked fflush
535 #define SCClearErrUnlocked clearerr
536 #define SCFerrorUnlocked ferror
537 #else
538 #define SCFwriteUnlocked fwrite_unlocked
539 #define SCFflushUnlocked fflush_unlocked
540 #define SCClearErrUnlocked clearerr_unlocked
541 #define SCFerrorUnlocked ferror_unlocked
542 #endif
543 extern int coverage_unittests;
544 extern int g_ut_modules;
545 extern int g_ut_covered;
546 
547 #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof(arr[0]))
548 
549 #endif /* __SURICATA_COMMON_H__ */
win32-misc.h
PROF_DETECT_GETSGH
@ PROF_DETECT_GETSGH
Definition: suricata-common.h:441
PacketProfileDetectId_
PacketProfileDetectId_
Definition: suricata-common.h:439
g_ut_modules
int g_ut_modules
Definition: suricata.c:877
PROF_DETECT_PF_PAYLOAD
@ PROF_DETECT_PF_PAYLOAD
Definition: suricata-common.h:446
LOGGER_ALERT_SYSLOG
@ LOGGER_ALERT_SYSLOG
Definition: suricata-common.h:478
LOGGER_FILEDATA
@ LOGGER_FILEDATA
Definition: suricata-common.h:469
LOGGER_JSON_STATS
@ LOGGER_JSON_STATS
Definition: suricata-common.h:488
LOGGER_JSON_ALERT
@ LOGGER_JSON_ALERT
Definition: suricata-common.h:479
PROF_DETECT_ALERT
@ PROF_DETECT_ALERT
Definition: suricata-common.h:452
LoggerId
LoggerId
Definition: suricata-common.h:460
PROF_DETECT_SIZE
@ PROF_DETECT_SIZE
Definition: suricata-common.h:456
g_ut_covered
int g_ut_covered
Definition: suricata.c:878
PROF_DETECT_PF_TX
@ PROF_DETECT_PF_TX
Definition: suricata-common.h:447
PROF_DETECT_CLEANUP
@ PROF_DETECT_CLEANUP
Definition: suricata-common.h:454
tm-threads-common.h
LOGGER_STATS
@ LOGGER_STATS
Definition: suricata-common.h:487
util-unittest.h
PROF_DETECT_PF_SORT2
@ PROF_DETECT_PF_SORT2
Definition: suricata-common.h:450
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
PROF_DETECT_PF_SORT1
@ PROF_DETECT_PF_SORT1
Definition: suricata-common.h:449
util-memcmp.h
PROF_DETECT_TX_UPDATE
@ PROF_DETECT_TX_UPDATE
Definition: suricata-common.h:453
LOGGER_JSON_FLOW
@ LOGGER_JSON_FLOW
Definition: suricata-common.h:485
LOGGER_HTTP
@ LOGGER_HTTP
Definition: suricata-common.h:464
LOGGER_TCP_DATA
@ LOGGER_TCP_DATA
Definition: suricata-common.h:484
strptime
char * strptime(const char *__restrict, const char *__restrict, struct tm *__restrict)
Definition: util-strptime.c:97
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
LOGGER_JSON_FILE
@ LOGGER_JSON_FILE
Definition: suricata-common.h:483
PacketProfileDetectId
enum PacketProfileDetectId_ PacketProfileDetectId
PROF_DETECT_PF_PKT
@ PROF_DETECT_PF_PKT
Definition: suricata-common.h:445
LOGGER_UNDEFINED
@ LOGGER_UNDEFINED
Definition: suricata-common.h:461
util-atomic.h
util-time.h
LOGGER_TLS
@ LOGGER_TLS
Definition: suricata-common.h:466
LOGGER_SIZE
@ LOGGER_SIZE
Definition: suricata-common.h:493
LOGGER_JSON_NETFLOW
@ LOGGER_JSON_NETFLOW
Definition: suricata-common.h:486
PROF_DETECT_IPONLY
@ PROF_DETECT_IPONLY
Definition: suricata-common.h:442
queue.h
win32-syslog.h
tree.h
util-mem.h
LOGGER_PCAP
@ LOGGER_PCAP
Definition: suricata-common.h:489
LOGGER_JSON_METADATA
@ LOGGER_JSON_METADATA
Definition: suricata-common.h:490
PROF_DETECT_PF_RECORD
@ PROF_DETECT_PF_RECORD
Definition: suricata-common.h:448
LOGGER_JSON_DROP
@ LOGGER_JSON_DROP
Definition: suricata-common.h:481
PROF_DETECT_SETUP
@ PROF_DETECT_SETUP
Definition: suricata-common.h:440
lua_State
void lua_State
Definition: suricata-common.h:500
LOGGER_ALERT_DEBUG
@ LOGGER_ALERT_DEBUG
Definition: suricata-common.h:476
util-optimize.h
win32-service.h
LOGGER_FILE
@ LOGGER_FILE
Definition: suricata-common.h:468
PROF_DETECT_RULES
@ PROF_DETECT_RULES
Definition: suricata-common.h:443
LOGGER_JSON_TX
@ LOGGER_JSON_TX
Definition: suricata-common.h:467
PROF_DETECT_NONMPMLIST
@ PROF_DETECT_NONMPMLIST
Definition: suricata-common.h:451
src
uint16_t src
Definition: app-layer-dnp3.h:5
LOGGER_FILE_STORE
@ LOGGER_FILE_STORE
Definition: suricata-common.h:482
LOGGER_JSON_FRAME
@ LOGGER_JSON_FRAME
Definition: suricata-common.h:491
PROF_DETECT_TX
@ PROF_DETECT_TX
Definition: suricata-common.h:444
LOGGER_TLS_STORE
@ LOGGER_TLS_STORE
Definition: suricata-common.h:465
coverage_unittests
int coverage_unittests
Definition: suricata.c:876
dst
uint16_t dst
Definition: app-layer-dnp3.h:4
LOGGER_JSON_STREAM
@ LOGGER_JSON_STREAM
Definition: suricata-common.h:492
LOGGER_ALERT_FAST
@ LOGGER_ALERT_FAST
Definition: suricata-common.h:477
LOGGER_JSON_ANOMALY
@ LOGGER_JSON_ANOMALY
Definition: suricata-common.h:480