suricata
suricata-common.h
Go to the documentation of this file.
1
/* Copyright (C) 2007-2022 Open Information Security Foundation
2
*
3
* You can copy, redistribute or modify this Program under the terms of
4
* the GNU General Public License version 2 as published by the Free
5
* Software Foundation.
6
*
7
* This program is distributed in the hope that it will be useful,
8
* but WITHOUT ANY WARRANTY; without even the implied warranty of
9
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10
* GNU General Public License for more details.
11
*
12
* You should have received a copy of the GNU General Public License
13
* version 2 along with this program; if not, write to the Free Software
14
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15
* 02110-1301, USA.
16
*/
17
18
/**
19
* \file
20
*
21
* \author Victor Julien <victor@inliniac.net>
22
*
23
* Common includes, etc.
24
*/
25
26
#ifndef __SURICATA_COMMON_H__
27
#define __SURICATA_COMMON_H__
28
29
#ifdef DEBUG
30
#define DBG_PERF
31
#endif
32
33
#define TRUE 1
34
#define FALSE 0
35
36
#define _GNU_SOURCE
37
#define __USE_GNU
38
39
#if defined(__has_feature)
40
#if __has_feature(address_sanitizer)
41
#define SC_ADDRESS_SANITIZER 1
42
#endif
43
#elif defined(__SANITIZE_ADDRESS__)
44
#define SC_ADDRESS_SANITIZER 1
45
#endif
46
47
#if HAVE_CONFIG_H
48
#include <autoconf.h>
49
#endif
50
51
#ifndef CLS
52
#warning "L1 cache line size not detected during build. Assuming 64 bytes."
53
#define CLS 64
54
#endif
55
56
#if HAVE_DIRENT_H
57
#include <dirent.h>
58
#endif
59
60
#if HAVE_STDIO_H
61
#include <stdio.h>
62
#endif
63
64
#if HAVE_STDDEF_H
65
#include <stddef.h>
66
#endif
67
68
#if HAVE_STDINT_h
69
#include <stdint.h>
70
#endif
71
72
#if HAVE_STDBOOL_H
73
#include <stdbool.h>
74
#endif
75
76
#if HAVE_STDARG_H
77
#include <stdarg.h>
78
#endif
79
80
#ifdef HAVE_STDLIB_H
81
#include <stdlib.h>
82
#endif
83
84
#if HAVE_ERRNO_H
85
#include <errno.h>
86
#endif
87
88
#if HAVE_UNISTD_H
89
#include <unistd.h>
90
#endif
91
92
#if HAVE_INTTYPES_H
93
#include <inttypes.h>
94
#endif
95
96
#if HAVE_LIMITS_H
97
#include <limits.h>
98
#endif
99
100
#if HAVE_CTYPE_H
101
#include <ctype.h>
102
#endif
103
104
#if HAVE_STRING_H
105
#include <string.h>
106
#endif
107
108
#if HAVE_STRINGS_H
109
#include <strings.h>
110
#endif
111
112
#if HAVE_FCNTL_H
113
#include <fcntl.h>
114
#endif
115
116
#ifdef HAVE_TIME_H
117
#include <time.h>
118
#endif
119
120
#if HAVE_SYS_SYSCALL_H
121
#include <sys/syscall.h>
122
#endif
123
124
#if HAVE_SYSCALL_H
125
#include <syscall.h>
126
#endif
127
128
#if HAVE_SYS_TYPES_H
129
#include <sys/types.h>
/* for gettid(2) */
130
#endif
131
132
#if HAVE_SCHED_H
133
#include <sched.h>
/* for sched_setaffinity(2) */
134
#endif
135
136
#ifdef HAVE_TYPE_U_LONG_NOT_DEFINED
137
typedef
unsigned
long
int
u_long;
138
#endif
139
#ifdef HAVE_TYPE_U_INT_NOT_DEFINED
140
typedef
unsigned
int
u_int;
141
#endif
142
#ifdef HAVE_TYPE_U_SHORT_NOT_DEFINED
143
typedef
unsigned
short
u_short;
144
#endif
145
#ifdef HAVE_TYPE_U_CHAR_NOT_DEFINED
146
typedef
unsigned
char
u_char;
147
#endif
148
149
#include <pcre2.h>
150
151
#ifdef HAVE_SYSLOG_H
152
#include <syslog.h>
153
#else
154
#ifdef OS_WIN32
155
#include "
win32-syslog.h
"
156
#endif
/* OS_WIN32 */
157
#endif
/* HAVE_SYSLOG_H */
158
159
#ifdef OS_WIN32
160
#include "
win32-misc.h
"
161
#include "
win32-service.h
"
162
#endif
/* OS_WIN32 */
163
164
#if HAVE_SYS_TIME_H
165
#include <sys/time.h>
166
#endif
167
168
#if HAVE_POLL_H
169
#include <poll.h>
170
#endif
171
172
#if HAVE_SYS_SIGNAL_H
173
#include <sys/signal.h>
174
#endif
175
176
#if HAVE_SIGNAL_H
177
#include <signal.h>
178
#endif
179
180
#if HAVE_SYS_SOCKET_H
181
#include <sys/socket.h>
182
#endif
183
184
#if HAVE_SYS_STAT_H
185
#include <sys/stat.h>
186
#endif
187
188
#if HAVE_SYS_IOCTL_H
189
#include <sys/ioctl.h>
190
#endif
191
192
#if HAVE_SYS_MMAN_H
193
#include <sys/mman.h>
194
#endif
195
196
#if HAVE_SYS_RANDOM_H
197
#include <sys/random.h>
198
#endif
199
200
#if HAVE_NETINET_IN_H
201
#include <netinet/in.h>
202
#endif
203
204
#if HAVE_ARPA_INET_H
205
#include <arpa/inet.h>
206
#endif
207
208
#if HAVE_NETDB_H
209
#include <netdb.h>
210
#endif
211
212
#if __CYGWIN__
213
#if !defined _X86_ && !defined __x86_64
214
#define _X86_
215
#endif
216
#endif
217
218
#if !__CYGWIN__
219
#ifdef HAVE_WINSOCK2_H
220
#include <winsock2.h>
221
#endif
222
#ifdef HAVE_WS2TCPIP_H
223
#include <ws2tcpip.h>
224
#endif
225
#endif
/* !__CYGWIN__ */
226
227
#ifdef HAVE_WINDOWS_H
228
#ifndef _WIN32_WINNT
229
#define _WIN32_WINNT 0x0501
230
#endif
231
#include <windows.h>
232
#endif
233
234
#ifdef HAVE_W32API_WINBASE_H
235
#include <w32api/winbase.h>
236
#endif
237
238
#ifdef HAVE_W32API_WTYPES_H
239
#include <w32api/wtypes.h>
240
#endif
241
242
#ifndef SC_PCAP_DONT_INCLUDE_PCAP_H
243
#ifdef HAVE_PCAP_H
244
#include <pcap.h>
245
#endif
246
247
#ifdef HAVE_PCAP_PCAP_H
248
#include <pcap/pcap.h>
249
#endif
250
#endif
251
252
#ifdef HAVE_UTIME_H
253
#include <utime.h>
254
#endif
255
256
#ifdef HAVE_LIBGEN_H
257
#include <libgen.h>
258
#endif
259
260
#ifdef HAVE_GRP_H
261
#include <grp.h>
262
#endif
263
264
#ifdef HAVE_PWD_H
265
#include <pwd.h>
266
#endif
267
268
#include <jansson.h>
269
#ifndef JSON_ESCAPE_SLASH
270
#define JSON_ESCAPE_SLASH 0
271
#endif
272
273
#ifdef HAVE_MAGIC
274
#include <magic.h>
275
#endif
276
277
/* we need this to stringify the defines which are supplied at compiletime see:
278
http://gcc.gnu.org/onlinedocs/gcc-3.4.1/cpp/Stringification.html#Stringification */
279
#define xstr(s) str(s)
280
#define str(s) #s
281
282
#if CPPCHECK==1
283
#define BUG_ON(x) if (((x))) exit(1)
284
#else
285
#if defined HAVE_ASSERT_H && !defined NDEBUG
286
#include <assert.h>
287
#define BUG_ON(x) assert(!(x))
288
#else
289
#define BUG_ON(x) do { \
290
if (((x))) { \
291
fprintf(stderr, "BUG at %s:%d(%s)\n", __FILE__, __LINE__, __func__); \
292
fprintf(stderr, "Code: '%s'\n", xstr((x))); \
293
exit(EXIT_FAILURE); \
294
} \
295
} while(0)
296
#endif
297
#endif
298
299
/** type for the internal signature id. Since it's used in the matching engine
300
* extensively keeping this as small as possible reduces the overall memory
301
* footprint of the engine. Set to uint32_t if the engine needs to support
302
* more than 64k sigs. */
303
//#define SigIntId uint16_t
304
#define SigIntId uint32_t
305
306
/** same for pattern id's */
307
#define PatIntId uint32_t
308
309
/** FreeBSD does not define __WORDSIZE, but it uses __LONG_BIT */
310
#ifndef __WORDSIZE
311
#ifdef __LONG_BIT
312
#define __WORDSIZE __LONG_BIT
313
#else
314
#ifdef LONG_BIT
315
#define __WORDSIZE LONG_BIT
316
#endif
317
#endif
318
#endif
319
320
/** Windows does not define __WORDSIZE, but it uses __X86__ */
321
#ifndef __WORDSIZE
322
#if defined(__X86__) || defined(_X86_) || defined(_M_IX86)
323
#define __WORDSIZE 32
324
#else
325
#if defined(__X86_64__) || defined(_X86_64_) || \
326
defined(__x86_64) || defined(__x86_64__) || \
327
defined(__amd64) || defined(__amd64__)
328
#define __WORDSIZE 64
329
#endif
330
#endif
331
#endif
332
333
/** if not succesful yet try the data models */
334
#ifndef __WORDSIZE
335
#if defined(_ILP32) || defined(__ILP32__)
336
#define __WORDSIZE 32
337
#endif
338
#if defined(_LP64) || defined(__LP64__)
339
#define __WORDSIZE 64
340
#endif
341
#endif
342
343
#ifndef __WORDSIZE
344
#warning Defaulting to __WORDSIZE 32
345
#define __WORDSIZE 32
346
#endif
347
348
/** darwin doesn't defined __BYTE_ORDER and friends, but BYTE_ORDER */
349
#ifndef __BYTE_ORDER
350
#if defined(BYTE_ORDER)
351
#define __BYTE_ORDER BYTE_ORDER
352
#elif defined(__BYTE_ORDER__)
353
#define __BYTE_ORDER __BYTE_ORDER__
354
#else
355
#error "byte order not detected"
356
#endif
357
#endif
358
359
#ifndef __LITTLE_ENDIAN
360
#if defined(LITTLE_ENDIAN)
361
#define __LITTLE_ENDIAN LITTLE_ENDIAN
362
#elif defined(__ORDER_LITTLE_ENDIAN__)
363
#define __LITTLE_ENDIAN __ORDER_LITTLE_ENDIAN__
364
#endif
365
#endif
366
367
#ifndef __BIG_ENDIAN
368
#if defined(BIG_ENDIAN)
369
#define __BIG_ENDIAN BIG_ENDIAN
370
#elif defined(__ORDER_BIG_ENDIAN__)
371
#define __BIG_ENDIAN __ORDER_BIG_ENDIAN__
372
#endif
373
#endif
374
375
#if !defined(__LITTLE_ENDIAN) && !defined(__BIG_ENDIAN)
376
#error "byte order: can't figure out big or little"
377
#endif
378
379
#ifndef MIN
380
#define MIN(x, y) (((x)<(y))?(x):(y))
381
#endif
382
383
#ifndef MAX
384
#define MAX(x, y) (((x)<(y))?(y):(x))
385
#endif
386
387
#define BIT_U8(n) ((uint8_t)(1 << (n)))
388
#define BIT_U16(n) ((uint16_t)(1 << (n)))
389
#define BIT_U32(n) (1UL << (n))
390
#define BIT_U64(n) (1ULL << (n))
391
392
#define WARN_UNUSED __attribute__((warn_unused_result))
393
394
#if defined(__MINGW32__)
395
#define ATTR_FMT_PRINTF(x, y) __attribute__((format(__MINGW_PRINTF_FORMAT, (x), (y))))
396
#elif defined(__GNUC__)
397
#define ATTR_FMT_PRINTF(x, y) __attribute__((format(printf, (x), (y))))
398
#else
399
#define ATTR_FMT_PRINTF(x, y)
400
#endif
401
402
#define SCNtohl(x) (uint32_t)ntohl((x))
403
#define SCNtohs(x) (uint16_t)ntohs((x))
404
405
/* swap flags if one of them is set, otherwise do nothing. */
406
#define SWAP_FLAGS(flags, a, b) \
407
do { \
408
if (((flags) & ((a)|(b))) == (a)) { \
409
(flags) &= ~(a); \
410
(flags) |= (b); \
411
} else if (((flags) & ((a)|(b))) == (b)) { \
412
(flags) &= ~(b); \
413
(flags) |= (a); \
414
} \
415
} while(0)
416
417
#define SWAP_VARS(type, a, b) \
418
do { \
419
type t = (a); \
420
(a) = (b); \
421
(b) = t; \
422
} while (0)
423
424
#include <ctype.h>
425
#define u8_tolower(c) ((uint8_t)tolower((uint8_t)(c)))
426
#define u8_toupper(c) ((uint8_t)toupper((uint8_t)(c)))
427
428
typedef
enum
PacketProfileDetectId_
{
429
PROF_DETECT_SETUP
,
430
PROF_DETECT_GETSGH
,
431
PROF_DETECT_IPONLY
,
432
PROF_DETECT_RULES
,
433
PROF_DETECT_TX
,
434
PROF_DETECT_PF_PKT
,
435
PROF_DETECT_PF_PAYLOAD
,
436
PROF_DETECT_PF_TX
,
437
PROF_DETECT_PF_RECORD
,
438
PROF_DETECT_PF_SORT1
,
439
PROF_DETECT_PF_SORT2
,
440
PROF_DETECT_NONMPMLIST
,
441
PROF_DETECT_ALERT
,
442
PROF_DETECT_TX_UPDATE
,
443
PROF_DETECT_CLEANUP
,
444
445
PROF_DETECT_SIZE
,
446
}
PacketProfileDetectId
;
447
448
/** \note update PacketProfileLoggertIdToString if you change anything here */
449
typedef
enum
{
450
LOGGER_UNDEFINED
,
451
452
/* TX loggers first for low logger IDs */
453
LOGGER_HTTP
,
454
LOGGER_TLS_STORE
,
455
LOGGER_TLS
,
456
LOGGER_JSON_TX
,
457
LOGGER_FILE
,
458
LOGGER_FILEDATA
,
459
460
/** \warning Note that transaction loggers here with a value > 31
461
will not work. */
462
463
/* non-tx loggers below */
464
465
LOGGER_ALERT_DEBUG
,
466
LOGGER_ALERT_FAST
,
467
LOGGER_ALERT_SYSLOG
,
468
LOGGER_JSON_ALERT
,
469
LOGGER_JSON_ANOMALY
,
470
LOGGER_JSON_DROP
,
471
LOGGER_FILE_STORE
,
472
LOGGER_JSON_FILE
,
473
LOGGER_TCP_DATA
,
474
LOGGER_JSON_FLOW
,
475
LOGGER_JSON_NETFLOW
,
476
LOGGER_STATS
,
477
LOGGER_JSON_STATS
,
478
LOGGER_PCAP
,
479
LOGGER_JSON_METADATA
,
480
LOGGER_JSON_FRAME
,
481
LOGGER_JSON_STREAM
,
482
LOGGER_SIZE
,
483
}
LoggerId
;
484
485
#ifndef HAVE_LUA
486
487
/* If we don't have Lua, create a typedef for lua_State so the
488
* exported Lua functions don't fail the build. */
489
typedef
void
lua_State
;
490
491
#else
492
493
#include <lua.h>
494
#include <lualib.h>
495
#include <lauxlib.h>
496
497
#endif
498
499
#include "
tm-threads-common.h
"
500
#include "
util-optimize.h
"
501
#include "
util-time.h
"
502
#include "
util-mem.h
"
503
#include "
util-memcmp.h
"
504
#include "
util-atomic.h
"
505
#include "
util-unittest.h
"
506
507
// pseudo system headers
508
#include "
queue.h
"
509
#include "
tree.h
"
510
511
#ifndef HAVE_STRLCAT
512
size_t
strlcat
(
char
*,
const
char
*
src
,
size_t
siz);
513
#endif
514
#ifndef HAVE_STRLCPY
515
size_t
strlcpy
(
char
*
dst
,
const
char
*
src
,
size_t
siz);
516
#endif
517
#ifndef HAVE_STRPTIME
518
char
*
strptime
(
const
char
* __restrict,
const
char
* __restrict,
struct
tm * __restrict);
519
#endif
520
521
#ifndef HAVE_FWRITE_UNLOCKED
522
#define SCFwriteUnlocked fwrite
523
#define SCFflushUnlocked fflush
524
#define SCClearErrUnlocked clearerr
525
#define SCFerrorUnlocked ferror
526
#else
527
#define SCFwriteUnlocked fwrite_unlocked
528
#define SCFflushUnlocked fflush_unlocked
529
#define SCClearErrUnlocked clearerr_unlocked
530
#define SCFerrorUnlocked ferror_unlocked
531
#endif
532
extern
int
coverage_unittests
;
533
extern
int
g_ut_modules
;
534
extern
int
g_ut_covered
;
535
536
#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof(arr[0]))
537
538
#endif
/* __SURICATA_COMMON_H__ */
win32-misc.h
PROF_DETECT_GETSGH
@ PROF_DETECT_GETSGH
Definition:
suricata-common.h:430
PacketProfileDetectId_
PacketProfileDetectId_
Definition:
suricata-common.h:428
g_ut_modules
int g_ut_modules
Definition:
suricata.c:878
PROF_DETECT_PF_PAYLOAD
@ PROF_DETECT_PF_PAYLOAD
Definition:
suricata-common.h:435
LOGGER_ALERT_SYSLOG
@ LOGGER_ALERT_SYSLOG
Definition:
suricata-common.h:467
LOGGER_FILEDATA
@ LOGGER_FILEDATA
Definition:
suricata-common.h:458
LOGGER_JSON_STATS
@ LOGGER_JSON_STATS
Definition:
suricata-common.h:477
LOGGER_JSON_ALERT
@ LOGGER_JSON_ALERT
Definition:
suricata-common.h:468
PROF_DETECT_ALERT
@ PROF_DETECT_ALERT
Definition:
suricata-common.h:441
LoggerId
LoggerId
Definition:
suricata-common.h:449
PROF_DETECT_SIZE
@ PROF_DETECT_SIZE
Definition:
suricata-common.h:445
g_ut_covered
int g_ut_covered
Definition:
suricata.c:879
PROF_DETECT_PF_TX
@ PROF_DETECT_PF_TX
Definition:
suricata-common.h:436
PROF_DETECT_CLEANUP
@ PROF_DETECT_CLEANUP
Definition:
suricata-common.h:443
tm-threads-common.h
LOGGER_STATS
@ LOGGER_STATS
Definition:
suricata-common.h:476
util-unittest.h
PROF_DETECT_PF_SORT2
@ PROF_DETECT_PF_SORT2
Definition:
suricata-common.h:439
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition:
util-strlcpyu.c:43
PROF_DETECT_PF_SORT1
@ PROF_DETECT_PF_SORT1
Definition:
suricata-common.h:438
util-memcmp.h
PROF_DETECT_TX_UPDATE
@ PROF_DETECT_TX_UPDATE
Definition:
suricata-common.h:442
LOGGER_JSON_FLOW
@ LOGGER_JSON_FLOW
Definition:
suricata-common.h:474
LOGGER_HTTP
@ LOGGER_HTTP
Definition:
suricata-common.h:453
LOGGER_TCP_DATA
@ LOGGER_TCP_DATA
Definition:
suricata-common.h:473
strptime
char * strptime(const char *__restrict, const char *__restrict, struct tm *__restrict)
Definition:
util-strptime.c:97
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition:
util-strlcatu.c:45
LOGGER_JSON_FILE
@ LOGGER_JSON_FILE
Definition:
suricata-common.h:472
PacketProfileDetectId
enum PacketProfileDetectId_ PacketProfileDetectId
PROF_DETECT_PF_PKT
@ PROF_DETECT_PF_PKT
Definition:
suricata-common.h:434
LOGGER_UNDEFINED
@ LOGGER_UNDEFINED
Definition:
suricata-common.h:450
util-atomic.h
util-time.h
LOGGER_TLS
@ LOGGER_TLS
Definition:
suricata-common.h:455
LOGGER_SIZE
@ LOGGER_SIZE
Definition:
suricata-common.h:482
LOGGER_JSON_NETFLOW
@ LOGGER_JSON_NETFLOW
Definition:
suricata-common.h:475
PROF_DETECT_IPONLY
@ PROF_DETECT_IPONLY
Definition:
suricata-common.h:431
queue.h
win32-syslog.h
tree.h
util-mem.h
LOGGER_PCAP
@ LOGGER_PCAP
Definition:
suricata-common.h:478
LOGGER_JSON_METADATA
@ LOGGER_JSON_METADATA
Definition:
suricata-common.h:479
PROF_DETECT_PF_RECORD
@ PROF_DETECT_PF_RECORD
Definition:
suricata-common.h:437
LOGGER_JSON_DROP
@ LOGGER_JSON_DROP
Definition:
suricata-common.h:470
PROF_DETECT_SETUP
@ PROF_DETECT_SETUP
Definition:
suricata-common.h:429
lua_State
void lua_State
Definition:
suricata-common.h:489
LOGGER_ALERT_DEBUG
@ LOGGER_ALERT_DEBUG
Definition:
suricata-common.h:465
util-optimize.h
win32-service.h
LOGGER_FILE
@ LOGGER_FILE
Definition:
suricata-common.h:457
PROF_DETECT_RULES
@ PROF_DETECT_RULES
Definition:
suricata-common.h:432
LOGGER_JSON_TX
@ LOGGER_JSON_TX
Definition:
suricata-common.h:456
PROF_DETECT_NONMPMLIST
@ PROF_DETECT_NONMPMLIST
Definition:
suricata-common.h:440
src
uint16_t src
Definition:
app-layer-dnp3.h:5
LOGGER_FILE_STORE
@ LOGGER_FILE_STORE
Definition:
suricata-common.h:471
LOGGER_JSON_FRAME
@ LOGGER_JSON_FRAME
Definition:
suricata-common.h:480
PROF_DETECT_TX
@ PROF_DETECT_TX
Definition:
suricata-common.h:433
LOGGER_TLS_STORE
@ LOGGER_TLS_STORE
Definition:
suricata-common.h:454
coverage_unittests
int coverage_unittests
Definition:
suricata.c:877
dst
uint16_t dst
Definition:
app-layer-dnp3.h:4
LOGGER_JSON_STREAM
@ LOGGER_JSON_STREAM
Definition:
suricata-common.h:481
LOGGER_ALERT_FAST
@ LOGGER_ALERT_FAST
Definition:
suricata-common.h:466
LOGGER_JSON_ANOMALY
@ LOGGER_JSON_ANOMALY
Definition:
suricata-common.h:469
src
suricata-common.h
Generated on Mon Mar 27 2023 23:30:44 for suricata by
1.8.18