Add TILE-Gx mPIPE packet processing support.
The TILE-Gx processor includes a packet processing engine, called
mPIPE, that can deliver packets directly into user space memory. It
handles buffer allocation and load balancing (either static 5-tuple
hashing, or dynamic flow affinity hashing are used here). The new
packet source code is in source-mpipe.c and source-mpipe.h
A new Tile runmode is added that configures the Suricata pipelines in
worker mode, where each thread does the entire packet processing
pipeline. It scales across all the Gx chips sizes of 9, 16, 36 or 72
cores. The new runmode is in runmode-tile.c and runmode-tile.h
The configure script detects the TILE-Gx architecture and defines
HAVE_MPIPE, which is then used to conditionally enable the code to
support mPIPE packet processing. Suricata runs on TILE-Gx even without
mPIPE support enabled.
The Suricata Packet structures are allocated by the mPIPE hardware by
allocating the Suricata Packet structure immediatley before the mPIPE
packet buffer and then pushing the mPIPE packet buffer pointer onto
the mPIPE buffer stack. This way, mPIPE writes the packet data into
the buffer, returns the mPIPE packet buffer pointer, which is then
converted into a Suricata Packet pointer for processing inside
Suricata. When the Packet is freed, the buffer is returned to mPIPE's
buffer stack, by setting ReleasePacket to an mPIPE release specific
function.
The code checks for the largest Huge page available in Linux when
Suricata is started. TILE-Gx supports Huge pages sizes of 16MB, 64MB,
256MB, 1GB and 4GB. Suricata then divides one of those page into
packet buffers for mPIPE.
The code is not yet optimized for high performance. Performance
improvements will follow shortly.
The code was originally written by Tom Decanio and then further
modified by Tilera.
This code has been tested with Tilera's Multicore Developement
Environment (MDE) version 4.1.5. The TILEncore-Gx36 (PCIe card) and
TILEmpower-Gx (1U Rack mount).
12 years ago
|
|
|
/* Copyright (C) 2007-2013 Open Information Security Foundation
|
|
|
|
*
|
|
|
|
* You can copy, redistribute or modify this Program under the terms of
|
|
|
|
* the GNU General Public License version 2 as published by the Free
|
|
|
|
* Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* version 2 along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
|
|
* 02110-1301, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/** \file
|
|
|
|
*
|
|
|
|
* \author Victor Julien <victor@inliniac.net>
|
|
|
|
*
|
|
|
|
* Pre-cooked threading runmodes.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "suricata-common.h"
|
|
|
|
#include "detect.h"
|
|
|
|
#include "detect-engine.h"
|
|
|
|
#include "detect-engine-mpm.h"
|
|
|
|
#include "tm-threads.h"
|
|
|
|
#include "util-debug.h"
|
|
|
|
#include "util-time.h"
|
|
|
|
#include "util-cpu.h"
|
|
|
|
#include "util-byte.h"
|
|
|
|
#include "util-affinity.h"
|
|
|
|
#include "conf.h"
|
|
|
|
#include "queue.h"
|
|
|
|
#include "runmodes.h"
|
|
|
|
#include "util-unittest.h"
|
|
|
|
#include "util-misc.h"
|
|
|
|
|
|
|
|
#include "alert-fastlog.h"
|
|
|
|
#include "alert-prelude.h"
|
|
|
|
#include "alert-unified2-alert.h"
|
|
|
|
#include "alert-debuglog.h"
|
|
|
|
|
|
|
|
#include "log-httplog.h"
|
|
|
|
|
|
|
|
#include "output.h"
|
|
|
|
|
|
|
|
#include "source-pfring.h"
|
|
|
|
|
|
|
|
#include "tmqh-flow.h"
|
|
|
|
|
|
|
|
#ifdef __SC_CUDA_SUPPORT__
|
|
|
|
#include "util-cuda-buffer.h"
|
|
|
|
#include "util-mpm-ac.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
int debuglog_enabled = 0;
|
|
|
|
|
|
|
|
/* Runmode Global Thread Names */
|
|
|
|
const char *thread_name_autofp = "RX";
|
|
|
|
const char *thread_name_single = "W";
|
|
|
|
const char *thread_name_workers = "W";
|
|
|
|
const char *thread_name_verdict = "TX";
|
|
|
|
const char *thread_name_flow_mgr = "FM";
|
|
|
|
const char *thread_name_flow_rec = "FR";
|
|
|
|
const char *thread_name_unix_socket = "US";
|
|
|
|
const char *thread_name_detect_loader = "DL";
|
|
|
|
const char *thread_name_counter_stats = "CS";
|
|
|
|
const char *thread_name_counter_wakeup = "CW";
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \brief Holds description for a runmode.
|
|
|
|
*/
|
|
|
|
typedef struct RunMode_ {
|
|
|
|
/* the runmode type */
|
|
|
|
int runmode;
|
|
|
|
const char *name;
|
|
|
|
const char *description;
|
|
|
|
/* runmode function */
|
|
|
|
int (*RunModeFunc)(void);
|
|
|
|
} RunMode;
|
|
|
|
|
|
|
|
typedef struct RunModes_ {
|
|
|
|
int no_of_runmodes;
|
|
|
|
RunMode *runmodes;
|
|
|
|
} RunModes;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A list of output modules that will be active for the run mode.
|
|
|
|
*/
|
|
|
|
typedef struct RunModeOutput_ {
|
|
|
|
const char *name;
|
|
|
|
TmModule *tm_module;
|
|
|
|
OutputCtx *output_ctx;
|
|
|
|
|
|
|
|
TAILQ_ENTRY(RunModeOutput_) entries;
|
|
|
|
} RunModeOutput;
|
|
|
|
TAILQ_HEAD(, RunModeOutput_) RunModeOutputs =
|
|
|
|
TAILQ_HEAD_INITIALIZER(RunModeOutputs);
|
|
|
|
|
|
|
|
static RunModes runmodes[RUNMODE_USER_MAX];
|
|
|
|
|
|
|
|
static char *active_runmode;
|
|
|
|
|
|
|
|
/* free list for our outputs */
|
|
|
|
typedef struct OutputFreeList_ {
|
|
|
|
TmModule *tm_module;
|
|
|
|
OutputCtx *output_ctx;
|
|
|
|
|
|
|
|
TAILQ_ENTRY(OutputFreeList_) entries;
|
|
|
|
} OutputFreeList;
|
|
|
|
TAILQ_HEAD(, OutputFreeList_) output_free_list =
|
|
|
|
TAILQ_HEAD_INITIALIZER(output_free_list);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \internal
|
|
|
|
* \brief Translate a runmode mode to a printale string.
|
|
|
|
*
|
|
|
|
* \param runmode Runmode to be converted into a printable string.
|
|
|
|
*
|
|
|
|
* \retval string Printable string.
|
|
|
|
*/
|
|
|
|
static const char *RunModeTranslateModeToName(int runmode)
|
|
|
|
{
|
|
|
|
switch (runmode) {
|
|
|
|
case RUNMODE_PCAP_DEV:
|
|
|
|
return "PCAP_DEV";
|
|
|
|
case RUNMODE_PCAP_FILE:
|
|
|
|
return "PCAP_FILE";
|
|
|
|
case RUNMODE_PFRING:
|
|
|
|
#ifdef HAVE_PFRING
|
|
|
|
return "PFRING";
|
|
|
|
#else
|
|
|
|
return "PFRING(DISABLED)";
|
|
|
|
#endif
|
|
|
|
case RUNMODE_NFQ:
|
|
|
|
return "NFQ";
|
|
|
|
case RUNMODE_NFLOG:
|
|
|
|
return "NFLOG";
|
|
|
|
case RUNMODE_IPFW:
|
|
|
|
return "IPFW";
|
|
|
|
case RUNMODE_ERF_FILE:
|
|
|
|
return "ERF_FILE";
|
|
|
|
case RUNMODE_DAG:
|
|
|
|
return "ERF_DAG";
|
|
|
|
case RUNMODE_NAPATECH:
|
|
|
|
return "NAPATECH";
|
|
|
|
case RUNMODE_UNITTEST:
|
|
|
|
return "UNITTEST";
|
Add TILE-Gx mPIPE packet processing support.
The TILE-Gx processor includes a packet processing engine, called
mPIPE, that can deliver packets directly into user space memory. It
handles buffer allocation and load balancing (either static 5-tuple
hashing, or dynamic flow affinity hashing are used here). The new
packet source code is in source-mpipe.c and source-mpipe.h
A new Tile runmode is added that configures the Suricata pipelines in
worker mode, where each thread does the entire packet processing
pipeline. It scales across all the Gx chips sizes of 9, 16, 36 or 72
cores. The new runmode is in runmode-tile.c and runmode-tile.h
The configure script detects the TILE-Gx architecture and defines
HAVE_MPIPE, which is then used to conditionally enable the code to
support mPIPE packet processing. Suricata runs on TILE-Gx even without
mPIPE support enabled.
The Suricata Packet structures are allocated by the mPIPE hardware by
allocating the Suricata Packet structure immediatley before the mPIPE
packet buffer and then pushing the mPIPE packet buffer pointer onto
the mPIPE buffer stack. This way, mPIPE writes the packet data into
the buffer, returns the mPIPE packet buffer pointer, which is then
converted into a Suricata Packet pointer for processing inside
Suricata. When the Packet is freed, the buffer is returned to mPIPE's
buffer stack, by setting ReleasePacket to an mPIPE release specific
function.
The code checks for the largest Huge page available in Linux when
Suricata is started. TILE-Gx supports Huge pages sizes of 16MB, 64MB,
256MB, 1GB and 4GB. Suricata then divides one of those page into
packet buffers for mPIPE.
The code is not yet optimized for high performance. Performance
improvements will follow shortly.
The code was originally written by Tom Decanio and then further
modified by Tilera.
This code has been tested with Tilera's Multicore Developement
Environment (MDE) version 4.1.5. The TILEncore-Gx36 (PCIe card) and
TILEmpower-Gx (1U Rack mount).
12 years ago
|
|
|
case RUNMODE_TILERA_MPIPE:
|
|
|
|
return "MPIPE";
|
|
|
|
case RUNMODE_AFP_DEV:
|
|
|
|
return "AF_PACKET_DEV";
|
|
|
|
case RUNMODE_NETMAP:
|
|
|
|
#ifdef HAVE_NETMAP
|
|
|
|
return "NETMAP";
|
|
|
|
#else
|
|
|
|
return "NETMAP(DISABLED)";
|
|
|
|
#endif
|
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
14 years ago
|
|
|
case RUNMODE_UNIX_SOCKET:
|
|
|
|
return "UNIX_SOCKET";
|
|
|
|
default:
|
|
|
|
SCLogError(SC_ERR_UNKNOWN_RUN_MODE, "Unknown runtime mode. Aborting");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \internal
|
|
|
|
* \brief Dispatcher function for runmodes. Calls the required runmode function
|
|
|
|
* based on runmode + runmode_custom_id.
|
|
|
|
*
|
|
|
|
* \param runmode The runmode type.
|
|
|
|
* \param runmode_customd_id The runmode custom id.
|
|
|
|
*/
|
|
|
|
static RunMode *RunModeGetCustomMode(int runmode, const char *custom_mode)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < runmodes[runmode].no_of_runmodes; i++) {
|
|
|
|
if (strcmp(runmodes[runmode].runmodes[i].name, custom_mode) == 0)
|
|
|
|
return &runmodes[runmode].runmodes[i];
|
|
|
|
}
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return the running mode
|
|
|
|
*
|
|
|
|
* The returned string must not be freed.
|
|
|
|
*
|
|
|
|
* \return a string containing the current running mode
|
|
|
|
*/
|
|
|
|
char *RunmodeGetActive(void)
|
|
|
|
{
|
|
|
|
return active_runmode;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return the running mode
|
|
|
|
*
|
|
|
|
* The returned string must not be freed.
|
|
|
|
*
|
|
|
|
* \return a string containing the current running mode
|
|
|
|
*/
|
|
|
|
const char *RunModeGetMainMode(void)
|
|
|
|
{
|
|
|
|
int mainmode = RunmodeGetCurrent();
|
|
|
|
|
|
|
|
return RunModeTranslateModeToName(mainmode);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \brief Register all runmodes in the engine.
|
|
|
|
*/
|
|
|
|
void RunModeRegisterRunModes(void)
|
|
|
|
{
|
|
|
|
memset(runmodes, 0, sizeof(runmodes));
|
|
|
|
|
|
|
|
RunModeIdsPcapRegister();
|
|
|
|
RunModeFilePcapRegister();
|
|
|
|
RunModeIdsPfringRegister();
|
|
|
|
RunModeIpsNFQRegister();
|
|
|
|
RunModeIpsIPFWRegister();
|
|
|
|
RunModeErfFileRegister();
|
|
|
|
RunModeErfDagRegister();
|
|
|
|
RunModeNapatechRegister();
|
|
|
|
RunModeIdsAFPRegister();
|
|
|
|
RunModeIdsNetmapRegister();
|
|
|
|
RunModeIdsNflogRegister();
|
Add TILE-Gx mPIPE packet processing support.
The TILE-Gx processor includes a packet processing engine, called
mPIPE, that can deliver packets directly into user space memory. It
handles buffer allocation and load balancing (either static 5-tuple
hashing, or dynamic flow affinity hashing are used here). The new
packet source code is in source-mpipe.c and source-mpipe.h
A new Tile runmode is added that configures the Suricata pipelines in
worker mode, where each thread does the entire packet processing
pipeline. It scales across all the Gx chips sizes of 9, 16, 36 or 72
cores. The new runmode is in runmode-tile.c and runmode-tile.h
The configure script detects the TILE-Gx architecture and defines
HAVE_MPIPE, which is then used to conditionally enable the code to
support mPIPE packet processing. Suricata runs on TILE-Gx even without
mPIPE support enabled.
The Suricata Packet structures are allocated by the mPIPE hardware by
allocating the Suricata Packet structure immediatley before the mPIPE
packet buffer and then pushing the mPIPE packet buffer pointer onto
the mPIPE buffer stack. This way, mPIPE writes the packet data into
the buffer, returns the mPIPE packet buffer pointer, which is then
converted into a Suricata Packet pointer for processing inside
Suricata. When the Packet is freed, the buffer is returned to mPIPE's
buffer stack, by setting ReleasePacket to an mPIPE release specific
function.
The code checks for the largest Huge page available in Linux when
Suricata is started. TILE-Gx supports Huge pages sizes of 16MB, 64MB,
256MB, 1GB and 4GB. Suricata then divides one of those page into
packet buffers for mPIPE.
The code is not yet optimized for high performance. Performance
improvements will follow shortly.
The code was originally written by Tom Decanio and then further
modified by Tilera.
This code has been tested with Tilera's Multicore Developement
Environment (MDE) version 4.1.5. The TILEncore-Gx36 (PCIe card) and
TILEmpower-Gx (1U Rack mount).
12 years ago
|
|
|
RunModeTileMpipeRegister();
|
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
14 years ago
|
|
|
RunModeUnixSocketRegister();
|
|
|
|
#ifdef UNITTESTS
|
|
|
|
UtRunModeRegister();
|
|
|
|
#endif
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \brief Lists all registered runmodes.
|
|
|
|
*/
|
|
|
|
void RunModeListRunmodes(void)
|
|
|
|
{
|
|
|
|
printf("------------------------------------- Runmodes -------------------"
|
|
|
|
"-----------------------\n");
|
|
|
|
|
|
|
|
printf("| %-17s | %-17s | %-10s \n",
|
|
|
|
"RunMode Type", "Custom Mode ", "Description");
|
|
|
|
printf("|-----------------------------------------------------------------"
|
|
|
|
"-----------------------\n");
|
|
|
|
int i = RUNMODE_UNKNOWN + 1;
|
|
|
|
int j = 0;
|
|
|
|
for ( ; i < RUNMODE_USER_MAX; i++) {
|
|
|
|
int mode_displayed = 0;
|
|
|
|
for (j = 0; j < runmodes[i].no_of_runmodes; j++) {
|
|
|
|
if (mode_displayed == 1) {
|
|
|
|
printf("| ----------------------------------------------"
|
|
|
|
"-----------------------\n");
|
|
|
|
RunMode *runmode = &runmodes[i].runmodes[j];
|
|
|
|
printf("| %-17s | %-17s | %-27s \n",
|
|
|
|
"",
|
|
|
|
runmode->name,
|
|
|
|
runmode->description);
|
|
|
|
} else {
|
|
|
|
RunMode *runmode = &runmodes[i].runmodes[j];
|
|
|
|
printf("| %-17s | %-17s | %-27s \n",
|
|
|
|
RunModeTranslateModeToName(runmode->runmode),
|
|
|
|
runmode->name,
|
|
|
|
runmode->description);
|
|
|
|
}
|
|
|
|
if (mode_displayed == 0)
|
|
|
|
mode_displayed = 1;
|
|
|
|
}
|
|
|
|
if (mode_displayed == 1) {
|
|
|
|
printf("|-----------------------------------------------------------------"
|
|
|
|
"-----------------------\n");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
*/
|
|
|
|
void RunModeDispatch(int runmode, const char *custom_mode)
|
|
|
|
{
|
|
|
|
char *local_custom_mode = NULL;
|
|
|
|
|
|
|
|
if (custom_mode == NULL) {
|
|
|
|
char *val = NULL;
|
|
|
|
if (ConfGet("runmode", &val) != 1) {
|
|
|
|
custom_mode = NULL;
|
|
|
|
} else {
|
|
|
|
custom_mode = val;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (custom_mode == NULL || strcmp(custom_mode, "auto") == 0) {
|
|
|
|
switch (runmode) {
|
|
|
|
case RUNMODE_PCAP_DEV:
|
|
|
|
custom_mode = RunModeIdsGetDefaultMode();
|
|
|
|
break;
|
|
|
|
case RUNMODE_PCAP_FILE:
|
|
|
|
custom_mode = RunModeFilePcapGetDefaultMode();
|
|
|
|
break;
|
|
|
|
#ifdef HAVE_PFRING
|
|
|
|
case RUNMODE_PFRING:
|
|
|
|
custom_mode = RunModeIdsPfringGetDefaultMode();
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
case RUNMODE_NFQ:
|
|
|
|
custom_mode = RunModeIpsNFQGetDefaultMode();
|
|
|
|
break;
|
|
|
|
case RUNMODE_IPFW:
|
|
|
|
custom_mode = RunModeIpsIPFWGetDefaultMode();
|
|
|
|
break;
|
|
|
|
case RUNMODE_ERF_FILE:
|
|
|
|
custom_mode = RunModeErfFileGetDefaultMode();
|
|
|
|
break;
|
|
|
|
case RUNMODE_DAG:
|
|
|
|
custom_mode = RunModeErfDagGetDefaultMode();
|
|
|
|
break;
|
Add TILE-Gx mPIPE packet processing support.
The TILE-Gx processor includes a packet processing engine, called
mPIPE, that can deliver packets directly into user space memory. It
handles buffer allocation and load balancing (either static 5-tuple
hashing, or dynamic flow affinity hashing are used here). The new
packet source code is in source-mpipe.c and source-mpipe.h
A new Tile runmode is added that configures the Suricata pipelines in
worker mode, where each thread does the entire packet processing
pipeline. It scales across all the Gx chips sizes of 9, 16, 36 or 72
cores. The new runmode is in runmode-tile.c and runmode-tile.h
The configure script detects the TILE-Gx architecture and defines
HAVE_MPIPE, which is then used to conditionally enable the code to
support mPIPE packet processing. Suricata runs on TILE-Gx even without
mPIPE support enabled.
The Suricata Packet structures are allocated by the mPIPE hardware by
allocating the Suricata Packet structure immediatley before the mPIPE
packet buffer and then pushing the mPIPE packet buffer pointer onto
the mPIPE buffer stack. This way, mPIPE writes the packet data into
the buffer, returns the mPIPE packet buffer pointer, which is then
converted into a Suricata Packet pointer for processing inside
Suricata. When the Packet is freed, the buffer is returned to mPIPE's
buffer stack, by setting ReleasePacket to an mPIPE release specific
function.
The code checks for the largest Huge page available in Linux when
Suricata is started. TILE-Gx supports Huge pages sizes of 16MB, 64MB,
256MB, 1GB and 4GB. Suricata then divides one of those page into
packet buffers for mPIPE.
The code is not yet optimized for high performance. Performance
improvements will follow shortly.
The code was originally written by Tom Decanio and then further
modified by Tilera.
This code has been tested with Tilera's Multicore Developement
Environment (MDE) version 4.1.5. The TILEncore-Gx36 (PCIe card) and
TILEmpower-Gx (1U Rack mount).
12 years ago
|
|
|
case RUNMODE_TILERA_MPIPE:
|
|
|
|
custom_mode = RunModeTileMpipeGetDefaultMode();
|
|
|
|
break;
|
|
|
|
case RUNMODE_NAPATECH:
|
|
|
|
custom_mode = RunModeNapatechGetDefaultMode();
|
|
|
|
break;
|
|
|
|
case RUNMODE_AFP_DEV:
|
|
|
|
custom_mode = RunModeAFPGetDefaultMode();
|
|
|
|
break;
|
|
|
|
case RUNMODE_NETMAP:
|
|
|
|
custom_mode = RunModeNetmapGetDefaultMode();
|
|
|
|
break;
|
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
14 years ago
|
|
|
case RUNMODE_UNIX_SOCKET:
|
|
|
|
custom_mode = RunModeUnixSocketGetDefaultMode();
|
|
|
|
break;
|
|
|
|
case RUNMODE_NFLOG:
|
|
|
|
custom_mode = RunModeIdsNflogGetDefaultMode();
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
SCLogError(SC_ERR_UNKNOWN_RUN_MODE, "Unknown runtime mode. Aborting");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
} else { /* if (custom_mode == NULL) */
|
|
|
|
/* Add compability with old 'worker' name */
|
|
|
|
if (!strcmp("worker", custom_mode)) {
|
|
|
|
SCLogWarning(SC_ERR_RUNMODE, "'worker' mode have been renamed "
|
|
|
|
"to 'workers', please modify your setup.");
|
|
|
|
local_custom_mode = SCStrdup("workers");
|
|
|
|
if (unlikely(local_custom_mode == NULL)) {
|
|
|
|
SCLogError(SC_ERR_MEM_ALLOC, "Unable to dup custom mode");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
custom_mode = local_custom_mode;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef __SC_CUDA_SUPPORT__
|
|
|
|
if (PatternMatchDefaultMatcher() == MPM_AC_CUDA &&
|
|
|
|
strcasecmp(custom_mode, "autofp") != 0) {
|
|
|
|
SCLogError(SC_ERR_RUNMODE, "When using a cuda mpm, the only runmode we "
|
|
|
|
"support is autofp.");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
RunMode *mode = RunModeGetCustomMode(runmode, custom_mode);
|
|
|
|
if (mode == NULL) {
|
|
|
|
SCLogError(SC_ERR_RUNMODE, "The custom type \"%s\" doesn't exist "
|
|
|
|
"for this runmode type \"%s\". Please use --list-runmodes to "
|
|
|
|
"see available custom types for this runmode",
|
|
|
|
custom_mode, RunModeTranslateModeToName(runmode));
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Export the custom mode */
|
|
|
|
if (active_runmode) {
|
|
|
|
SCFree(active_runmode);
|
|
|
|
}
|
|
|
|
active_runmode = SCStrdup(custom_mode);
|
|
|
|
if (unlikely(active_runmode == NULL)) {
|
|
|
|
SCLogError(SC_ERR_MEM_ALLOC, "Unable to dup active mode");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (strcasecmp(active_runmode, "autofp") == 0) {
|
|
|
|
TmqhFlowPrintAutofpHandler();
|
|
|
|
}
|
|
|
|
|
|
|
|
mode->RunModeFunc();
|
|
|
|
|
|
|
|
if (local_custom_mode != NULL)
|
|
|
|
SCFree(local_custom_mode);
|
|
|
|
|
|
|
|
#ifdef __SC_CUDA_SUPPORT__
|
|
|
|
if (PatternMatchDefaultMatcher() == MPM_AC_CUDA)
|
|
|
|
SCACCudaStartDispatcher();
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Check if the alloted queues have at least 1 reader and writer */
|
|
|
|
TmValidateQueueState();
|
|
|
|
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \brief Registers a new runmode.
|
|
|
|
*
|
|
|
|
* \param runmode Runmode type.
|
|
|
|
* \param name Custom mode for this specific runmode type. Within each
|
|
|
|
* runmode type, each custom name is a primary key.
|
|
|
|
* \param description Description for this runmode.
|
|
|
|
* \param RunModeFunc The function to be run for this runmode.
|
|
|
|
*/
|
|
|
|
void RunModeRegisterNewRunMode(int runmode, const char *name,
|
|
|
|
const char *description,
|
|
|
|
int (*RunModeFunc)(void))
|
|
|
|
{
|
Fix realloc error handling
This patch is fixing realloc error handling. In case of a realloc
failure, it free the initial memory and continue existing error
handling.
The patch has been obtained via the following semantic patch and
a bit oh hand editing:
@@
expression x, E;
identifier f;
@@
f(...)
{
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (x == NULL)
+ if (ptmp == NULL)
{
+ SCFree(x);
+ x = NULL;
...
- }
+ } else {
+ x = ptmp;
+ }
...+>
}
@@
expression x, E;
identifier f;
statement ES;
@@
f(...) {
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (x == NULL) ES
+ if (ptmp == NULL) {
+ SCFree(x);
+ x = NULL;
+ ES
+ } else {
+ x = ptmp;
+ }
...+>
}
@@
expression x, E;
identifier f;
@@
f(...)
{
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (unlikely(x == NULL))
+ if (unlikely(ptmp == NULL))
{
+ SCFree(x);
+ x = NULL;
...
- }
+ } else {
+ x = ptmp;
+ }
...+>
}
@@
expression x, E;
identifier f;
statement ES;
@@
f(...) {
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (unlikely(x == NULL)) ES
+ if (unlikely(ptmp == NULL)) {
+ SCFree(x);
+ x = NULL;
+ ES
+ } else {
+ x = ptmp;
+ }
...+>
}
12 years ago
|
|
|
void *ptmp;
|
|
|
|
if (RunModeGetCustomMode(runmode, name) != NULL) {
|
|
|
|
SCLogError(SC_ERR_RUNMODE, "A runmode by this custom name has already "
|
|
|
|
"been registered. Please use an unique name");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
Fix realloc error handling
This patch is fixing realloc error handling. In case of a realloc
failure, it free the initial memory and continue existing error
handling.
The patch has been obtained via the following semantic patch and
a bit oh hand editing:
@@
expression x, E;
identifier f;
@@
f(...)
{
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (x == NULL)
+ if (ptmp == NULL)
{
+ SCFree(x);
+ x = NULL;
...
- }
+ } else {
+ x = ptmp;
+ }
...+>
}
@@
expression x, E;
identifier f;
statement ES;
@@
f(...) {
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (x == NULL) ES
+ if (ptmp == NULL) {
+ SCFree(x);
+ x = NULL;
+ ES
+ } else {
+ x = ptmp;
+ }
...+>
}
@@
expression x, E;
identifier f;
@@
f(...)
{
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (unlikely(x == NULL))
+ if (unlikely(ptmp == NULL))
{
+ SCFree(x);
+ x = NULL;
...
- }
+ } else {
+ x = ptmp;
+ }
...+>
}
@@
expression x, E;
identifier f;
statement ES;
@@
f(...) {
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (unlikely(x == NULL)) ES
+ if (unlikely(ptmp == NULL)) {
+ SCFree(x);
+ x = NULL;
+ ES
+ } else {
+ x = ptmp;
+ }
...+>
}
12 years ago
|
|
|
ptmp = SCRealloc(runmodes[runmode].runmodes,
|
|
|
|
(runmodes[runmode].no_of_runmodes + 1) * sizeof(RunMode));
|
|
|
|
if (ptmp == NULL) {
|
|
|
|
SCFree(runmodes[runmode].runmodes);
|
|
|
|
runmodes[runmode].runmodes = NULL;
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
Fix realloc error handling
This patch is fixing realloc error handling. In case of a realloc
failure, it free the initial memory and continue existing error
handling.
The patch has been obtained via the following semantic patch and
a bit oh hand editing:
@@
expression x, E;
identifier f;
@@
f(...)
{
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (x == NULL)
+ if (ptmp == NULL)
{
+ SCFree(x);
+ x = NULL;
...
- }
+ } else {
+ x = ptmp;
+ }
...+>
}
@@
expression x, E;
identifier f;
statement ES;
@@
f(...) {
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (x == NULL) ES
+ if (ptmp == NULL) {
+ SCFree(x);
+ x = NULL;
+ ES
+ } else {
+ x = ptmp;
+ }
...+>
}
@@
expression x, E;
identifier f;
@@
f(...)
{
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (unlikely(x == NULL))
+ if (unlikely(ptmp == NULL))
{
+ SCFree(x);
+ x = NULL;
...
- }
+ } else {
+ x = ptmp;
+ }
...+>
}
@@
expression x, E;
identifier f;
statement ES;
@@
f(...) {
+ void *ptmp;
<+...
- x = SCRealloc(x, E);
+ ptmp = SCRealloc(x, E);
... when != x
- if (unlikely(x == NULL)) ES
+ if (unlikely(ptmp == NULL)) {
+ SCFree(x);
+ x = NULL;
+ ES
+ } else {
+ x = ptmp;
+ }
...+>
}
12 years ago
|
|
|
runmodes[runmode].runmodes = ptmp;
|
|
|
|
|
|
|
|
RunMode *mode = &runmodes[runmode].runmodes[runmodes[runmode].no_of_runmodes];
|
|
|
|
runmodes[runmode].no_of_runmodes++;
|
|
|
|
|
|
|
|
mode->runmode = runmode;
|
|
|
|
mode->name = SCStrdup(name);
|
|
|
|
if (unlikely(mode->name == NULL)) {
|
|
|
|
SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate string");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
mode->description = SCStrdup(description);
|
|
|
|
if (unlikely(mode->description == NULL)) {
|
|
|
|
SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate string");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
mode->RunModeFunc = RunModeFunc;
|
|
|
|
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Setup the outputs for this run mode.
|
|
|
|
*
|
|
|
|
* \param tv The ThreadVars for the thread the outputs will be
|
|
|
|
* appended to.
|
|
|
|
*/
|
|
|
|
void RunOutputFreeList(void)
|
|
|
|
{
|
|
|
|
OutputFreeList *output;
|
|
|
|
while ((output = TAILQ_FIRST(&output_free_list))) {
|
|
|
|
SCLogDebug("output %s %p %p", output->tm_module->name, output, output->output_ctx);
|
|
|
|
|
|
|
|
if (output->output_ctx != NULL && output->output_ctx->DeInit != NULL)
|
|
|
|
output->output_ctx->DeInit(output->output_ctx);
|
|
|
|
|
|
|
|
TAILQ_REMOVE(&output_free_list, output, entries);
|
|
|
|
SCFree(output);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static TmModule *pkt_logger_module = NULL;
|
|
|
|
static TmModule *tx_logger_module = NULL;
|
|
|
|
static TmModule *file_logger_module = NULL;
|
|
|
|
static TmModule *filedata_logger_module = NULL;
|
|
|
|
static TmModule *streaming_logger_module = NULL;
|
|
|
|
|
|
|
|
int RunModeOutputFileEnabled(void)
|
|
|
|
{
|
|
|
|
return (file_logger_module != NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
int RunModeOutputFiledataEnabled(void)
|
|
|
|
{
|
|
|
|
return (filedata_logger_module != NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Cleanup the run mode.
|
|
|
|
*/
|
|
|
|
void RunModeShutDown(void)
|
|
|
|
{
|
|
|
|
RunOutputFreeList();
|
|
|
|
|
|
|
|
OutputPacketShutdown();
|
|
|
|
OutputTxShutdown();
|
|
|
|
OutputFileShutdown();
|
|
|
|
OutputFiledataShutdown();
|
|
|
|
OutputStreamingShutdown();
|
|
|
|
OutputStatsShutdown();
|
|
|
|
OutputFlowShutdown();
|
|
|
|
|
|
|
|
/* Close any log files. */
|
|
|
|
RunModeOutput *output;
|
|
|
|
while ((output = TAILQ_FIRST(&RunModeOutputs))) {
|
|
|
|
SCLogDebug("Shutting down output %s.", output->tm_module->name);
|
|
|
|
TAILQ_REMOVE(&RunModeOutputs, output, entries);
|
|
|
|
SCFree(output);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* reset logger pointers */
|
|
|
|
pkt_logger_module = NULL;
|
|
|
|
tx_logger_module = NULL;
|
|
|
|
file_logger_module = NULL;
|
|
|
|
filedata_logger_module = NULL;
|
|
|
|
streaming_logger_module = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** \internal
|
|
|
|
* \brief add Sub RunModeOutput to list for Submodule so we can free
|
|
|
|
* the output ctx at shutdown and unix socket reload */
|
|
|
|
static void AddOutputToFreeList(OutputModule *module, OutputCtx *output_ctx)
|
|
|
|
{
|
|
|
|
TmModule *tm_module = TmModuleGetByName(module->name);
|
|
|
|
if (tm_module == NULL) {
|
|
|
|
SCLogError(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"TmModuleGetByName for %s failed", module->name);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
OutputFreeList *fl_output = SCCalloc(1, sizeof(OutputFreeList));
|
|
|
|
if (unlikely(fl_output == NULL))
|
|
|
|
return;
|
|
|
|
fl_output->tm_module = tm_module;
|
|
|
|
fl_output->output_ctx = output_ctx;
|
|
|
|
TAILQ_INSERT_TAIL(&output_free_list, fl_output, entries);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int GetRunModeOutputPriority(RunModeOutput *module)
|
|
|
|
{
|
|
|
|
TmModule *tm = TmModuleGetByName(module->name);
|
|
|
|
if (tm == NULL)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return tm->priority;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void InsertInRunModeOutputs(RunModeOutput *runmode_output)
|
|
|
|
{
|
|
|
|
RunModeOutput *r_output = NULL;
|
|
|
|
int output_priority = GetRunModeOutputPriority(runmode_output);
|
|
|
|
|
|
|
|
TAILQ_FOREACH(r_output, &RunModeOutputs, entries) {
|
|
|
|
if (GetRunModeOutputPriority(r_output) < output_priority)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (r_output) {
|
|
|
|
TAILQ_INSERT_BEFORE(r_output, runmode_output, entries);
|
|
|
|
} else {
|
|
|
|
TAILQ_INSERT_TAIL(&RunModeOutputs, runmode_output, entries);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
/** \brief Turn output into thread module */
|
|
|
|
static void SetupOutput(const char *name, OutputModule *module, OutputCtx *output_ctx)
|
|
|
|
{
|
|
|
|
/* flow logger doesn't run in the packet path */
|
|
|
|
if (module->FlowLogFunc) {
|
|
|
|
OutputRegisterFlowLogger(module->name, module->FlowLogFunc, output_ctx);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
/* stats logger doesn't run in the packet path */
|
|
|
|
if (module->StatsLogFunc) {
|
|
|
|
OutputRegisterStatsLogger(module->name, module->StatsLogFunc, output_ctx);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
TmModule *tm_module = TmModuleGetByName(module->name);
|
|
|
|
if (tm_module == NULL) {
|
|
|
|
SCLogError(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"TmModuleGetByName for %s failed", module->name);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
if (strcmp(tmm_modules[TMM_ALERTDEBUGLOG].name, tm_module->name) == 0)
|
|
|
|
debuglog_enabled = 1;
|
|
|
|
|
|
|
|
if (module->PacketLogFunc) {
|
|
|
|
SCLogDebug("%s is a packet logger", module->name);
|
|
|
|
OutputRegisterPacketLogger(module->name, module->PacketLogFunc,
|
|
|
|
module->PacketConditionFunc, output_ctx);
|
|
|
|
|
|
|
|
/* need one instance of the packet logger module */
|
|
|
|
if (pkt_logger_module == NULL) {
|
|
|
|
pkt_logger_module = TmModuleGetByName("__packet_logger__");
|
|
|
|
if (pkt_logger_module == NULL) {
|
|
|
|
SCLogError(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"TmModuleGetByName for __packet_logger__ failed");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
|
|
|
|
if (unlikely(runmode_output == NULL))
|
|
|
|
return;
|
|
|
|
runmode_output->name = module->name;
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
runmode_output->tm_module = pkt_logger_module;
|
|
|
|
runmode_output->output_ctx = NULL;
|
|
|
|
InsertInRunModeOutputs(runmode_output);
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
SCLogDebug("__packet_logger__ added");
|
|
|
|
}
|
|
|
|
} else if (module->TxLogFunc) {
|
|
|
|
SCLogDebug("%s is a tx logger", module->name);
|
|
|
|
OutputRegisterTxLogger(module->name, module->alproto,
|
|
|
|
module->TxLogFunc, output_ctx, module->tc_log_progress,
|
|
|
|
module->ts_log_progress, module->TxLogCondition);
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
|
|
|
|
/* need one instance of the tx logger module */
|
|
|
|
if (tx_logger_module == NULL) {
|
|
|
|
tx_logger_module = TmModuleGetByName("__tx_logger__");
|
|
|
|
if (tx_logger_module == NULL) {
|
|
|
|
SCLogError(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"TmModuleGetByName for __tx_logger__ failed");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
|
|
|
|
if (unlikely(runmode_output == NULL))
|
|
|
|
return;
|
|
|
|
runmode_output->name = module->name;
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
runmode_output->tm_module = tx_logger_module;
|
|
|
|
runmode_output->output_ctx = NULL;
|
|
|
|
InsertInRunModeOutputs(runmode_output);
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
SCLogDebug("__tx_logger__ added");
|
|
|
|
}
|
|
|
|
} else if (module->FiledataLogFunc) {
|
|
|
|
SCLogDebug("%s is a filedata logger", module->name);
|
|
|
|
OutputRegisterFiledataLogger(module->name, module->FiledataLogFunc, output_ctx);
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
|
|
|
|
/* need one instance of the tx logger module */
|
|
|
|
if (filedata_logger_module == NULL) {
|
|
|
|
filedata_logger_module = TmModuleGetByName("__filedata_logger__");
|
|
|
|
if (filedata_logger_module == NULL) {
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
SCLogError(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"TmModuleGetByName for __filedata_logger__ failed");
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
|
|
|
|
if (unlikely(runmode_output == NULL))
|
|
|
|
return;
|
|
|
|
runmode_output->name = module->name;
|
|
|
|
runmode_output->tm_module = filedata_logger_module;
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
runmode_output->output_ctx = NULL;
|
|
|
|
InsertInRunModeOutputs(runmode_output);
|
|
|
|
SCLogDebug("__filedata_logger__ added");
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
}
|
|
|
|
} else if (module->FileLogFunc) {
|
|
|
|
SCLogDebug("%s is a file logger", module->name);
|
|
|
|
OutputRegisterFileLogger(module->name, module->FileLogFunc, output_ctx);
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
|
|
|
|
/* need one instance of the tx logger module */
|
|
|
|
if (file_logger_module == NULL) {
|
|
|
|
file_logger_module = TmModuleGetByName("__file_logger__");
|
|
|
|
if (file_logger_module == NULL) {
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
SCLogError(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"TmModuleGetByName for __file_logger__ failed");
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
|
|
|
|
if (unlikely(runmode_output == NULL))
|
|
|
|
return;
|
|
|
|
runmode_output->name = module->name;
|
|
|
|
runmode_output->tm_module = file_logger_module;
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
runmode_output->output_ctx = NULL;
|
|
|
|
InsertInRunModeOutputs(runmode_output);
|
|
|
|
SCLogDebug("__file_logger__ added");
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
}
|
|
|
|
} else if (module->StreamingLogFunc) {
|
|
|
|
SCLogDebug("%s is a streaming logger", module->name);
|
|
|
|
OutputRegisterStreamingLogger(module->name, module->StreamingLogFunc,
|
|
|
|
output_ctx, module->stream_type);
|
|
|
|
|
|
|
|
/* need one instance of the streaming logger module */
|
|
|
|
if (streaming_logger_module == NULL) {
|
|
|
|
streaming_logger_module = TmModuleGetByName("__streaming_logger__");
|
|
|
|
if (streaming_logger_module == NULL) {
|
|
|
|
SCLogError(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"TmModuleGetByName for __streaming_logger__ failed");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
|
|
|
|
if (unlikely(runmode_output == NULL))
|
|
|
|
return;
|
|
|
|
runmode_output->name = module->name;
|
|
|
|
runmode_output->tm_module = streaming_logger_module;
|
|
|
|
runmode_output->output_ctx = NULL;
|
|
|
|
InsertInRunModeOutputs(runmode_output);
|
|
|
|
SCLogDebug("__streaming_logger__ added");
|
|
|
|
}
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
} else {
|
|
|
|
SCLogDebug("%s is a regular logger", module->name);
|
|
|
|
|
|
|
|
RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput));
|
|
|
|
if (unlikely(runmode_output == NULL))
|
|
|
|
return;
|
|
|
|
runmode_output->name = module->name;
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
runmode_output->tm_module = tm_module;
|
|
|
|
runmode_output->output_ctx = output_ctx;
|
|
|
|
InsertInRunModeOutputs(runmode_output);
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void RunModeInitializeEveOutput(ConfNode *conf, OutputCtx *parent_ctx)
|
|
|
|
{
|
|
|
|
ConfNode *types = ConfNodeLookupChild(conf, "types");
|
|
|
|
SCLogDebug("types %p", types);
|
|
|
|
if (types == NULL) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
ConfNode *type = NULL;
|
|
|
|
TAILQ_FOREACH(type, &types->head, next) {
|
|
|
|
SCLogConfig("enabling 'eve-log' module '%s'", type->val);
|
|
|
|
|
|
|
|
int sub_count = 0;
|
|
|
|
char subname[256];
|
|
|
|
snprintf(subname, sizeof(subname), "eve-log.%s", type->val);
|
|
|
|
|
|
|
|
/* Now setup all registers logger of this name. */
|
|
|
|
OutputModule *sub_module;
|
|
|
|
TAILQ_FOREACH(sub_module, &output_modules, entries) {
|
|
|
|
if (strcmp(subname, sub_module->conf_name) == 0) {
|
|
|
|
sub_count++;
|
|
|
|
|
|
|
|
if (sub_module->parent_name == NULL ||
|
|
|
|
strcmp(sub_module->parent_name, "eve-log") != 0) {
|
|
|
|
FatalError(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"bad parent for %s", subname);
|
|
|
|
}
|
|
|
|
if (sub_module->InitSubFunc == NULL) {
|
|
|
|
FatalError(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"bad sub-module for %s", subname);
|
|
|
|
}
|
|
|
|
ConfNode *sub_output_config =
|
|
|
|
ConfNodeLookupChild(type, type->val);
|
|
|
|
// sub_output_config may be NULL if no config
|
|
|
|
|
|
|
|
/* pass on parent output_ctx */
|
|
|
|
OutputCtx *sub_output_ctx =
|
|
|
|
sub_module->InitSubFunc(sub_output_config,
|
|
|
|
parent_ctx);
|
|
|
|
if (sub_output_ctx == NULL) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
AddOutputToFreeList(sub_module, sub_output_ctx);
|
|
|
|
SetupOutput(sub_module->name, sub_module,
|
|
|
|
sub_output_ctx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Error is no registered loggers with this name
|
|
|
|
* were found .*/
|
|
|
|
if (!sub_count) {
|
|
|
|
FatalErrorOnInit(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"No output module named %s", subname);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void RunModeInitializeLuaOutput(ConfNode *conf, OutputCtx *parent_ctx)
|
|
|
|
{
|
|
|
|
OutputModule *lua_module = OutputGetModuleByConfName("lua");
|
|
|
|
BUG_ON(lua_module == NULL);
|
|
|
|
|
|
|
|
ConfNode *scripts = ConfNodeLookupChild(conf, "scripts");
|
|
|
|
BUG_ON(scripts == NULL); //TODO
|
|
|
|
|
|
|
|
OutputModule *m;
|
|
|
|
TAILQ_FOREACH(m, &parent_ctx->submodules, entries) {
|
|
|
|
SCLogDebug("m %p %s:%s", m, m->name, m->conf_name);
|
|
|
|
|
|
|
|
ConfNode *script = NULL;
|
|
|
|
TAILQ_FOREACH(script, &scripts->head, next) {
|
|
|
|
SCLogDebug("script %s", script->val);
|
|
|
|
if (strcmp(script->val, m->conf_name) == 0) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
BUG_ON(script == NULL);
|
|
|
|
|
|
|
|
/* pass on parent output_ctx */
|
|
|
|
OutputCtx *sub_output_ctx =
|
|
|
|
m->InitSubFunc(script, parent_ctx);
|
|
|
|
if (sub_output_ctx == NULL) {
|
|
|
|
SCLogInfo("sub_output_ctx NULL, skipping");
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
AddOutputToFreeList(m, sub_output_ctx);
|
|
|
|
SetupOutput(m->name, m, sub_output_ctx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Initialize the output modules.
|
|
|
|
*/
|
|
|
|
void RunModeInitializeOutputs(void)
|
|
|
|
{
|
|
|
|
ConfNode *outputs = ConfGetNode("outputs");
|
|
|
|
if (outputs == NULL) {
|
|
|
|
/* No "outputs" section in the configuration. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
ConfNode *output, *output_config;
|
|
|
|
const char *enabled;
|
|
|
|
char tls_log_enabled = 0;
|
|
|
|
char tls_store_present = 0;
|
|
|
|
|
|
|
|
TAILQ_FOREACH(output, &outputs->head, next) {
|
|
|
|
|
|
|
|
output_config = ConfNodeLookupChild(output, output->val);
|
|
|
|
if (output_config == NULL) {
|
|
|
|
/* Shouldn't happen. */
|
|
|
|
FatalError(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"Failed to lookup configuration child node: %s", output->val);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (strcmp(output->val, "tls-store") == 0) {
|
|
|
|
tls_store_present = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
enabled = ConfNodeLookupChildValue(output_config, "enabled");
|
|
|
|
if (enabled == NULL || !ConfValIsTrue(enabled)) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (strncmp(output->val, "unified-", sizeof("unified-") - 1) == 0) {
|
|
|
|
SCLogWarning(SC_ERR_NOT_SUPPORTED,
|
|
|
|
"Unified1 is no longer supported,"
|
|
|
|
" use Unified2 instead "
|
|
|
|
"(see https://redmine.openinfosecfoundation.org/issues/353"
|
|
|
|
" for an explanation)");
|
|
|
|
continue;
|
|
|
|
} else if (strcmp(output->val, "alert-prelude") == 0) {
|
|
|
|
#ifndef PRELUDE
|
|
|
|
SCLogWarning(SC_ERR_NOT_SUPPORTED,
|
|
|
|
"Prelude support not compiled in. Reconfigure/"
|
|
|
|
"recompile with --enable-prelude to add Prelude "
|
|
|
|
"support.");
|
|
|
|
continue;
|
|
|
|
#endif
|
|
|
|
} else if (strcmp(output->val, "eve-log") == 0) {
|
|
|
|
#ifndef HAVE_LIBJANSSON
|
|
|
|
SCLogWarning(SC_ERR_NOT_SUPPORTED,
|
|
|
|
"Eve-log support not compiled in. Reconfigure/"
|
|
|
|
"recompile with libjansson and its development "
|
|
|
|
"files installed to add eve-log support.");
|
|
|
|
continue;
|
|
|
|
#endif
|
|
|
|
} else if (strcmp(output->val, "lua") == 0) {
|
|
|
|
#ifndef HAVE_LUA
|
|
|
|
SCLogWarning(SC_ERR_NOT_SUPPORTED,
|
|
|
|
"lua support not compiled in. Reconfigure/"
|
|
|
|
"recompile with lua(jit) and its development "
|
|
|
|
"files installed to add lua support.");
|
|
|
|
continue;
|
|
|
|
#endif
|
|
|
|
} else if (strcmp(output->val, "tls-log") == 0) {
|
|
|
|
tls_log_enabled = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
OutputModule *module;
|
|
|
|
int count = 0;
|
|
|
|
TAILQ_FOREACH(module, &output_modules, entries) {
|
|
|
|
if (strcmp(module->conf_name, output->val) != 0) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
count++;
|
output: introduce concept of sub-modules
To support the 'eve-log' idea, we need to be able to force all log
modules to be enabled by the master eve-log module, and need to be
able to make all logs go into a single file. This didn't fit the
API so far, so added the sub-module concept.
A sub-module is a regular module, that registers itself as a sub-
module of another module:
OutputRegisterTxSubModule("eve-log", "JsonHttpLog", "http",
OutputHttpLogInitSub, ALPROTO_HTTP, JsonHttpLogger);
The first argument is the name of the parent. The 4th argument is
the OutputCtx init function. It differs slightly from the non-sub
one. The different is that in addition to it's ConfNode, it gets
the OutputCtx from the parent. This way it can set the parents
LogFileCtx in it's own OutputCtx.
The runmode setup code will take care of all the extra setup. It's
possible to register a module both as a normal module and as a sub-
module, which can operate at the same time.
Only the TxLogger API is handled in this patch, the rest will be
updated later.
12 years ago
|
|
|
|
|
|
|
OutputCtx *output_ctx = NULL;
|
|
|
|
if (module->InitFunc != NULL) {
|
|
|
|
output_ctx = module->InitFunc(output_config);
|
|
|
|
if (output_ctx == NULL) {
|
|
|
|
FatalErrorOnInit(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"output module setup failed");
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
} else if (module->InitSubFunc != NULL) {
|
|
|
|
SCLogInfo("skipping submodule");
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO if module == parent, find it's children
|
|
|
|
if (strcmp(output->val, "eve-log") == 0) {
|
|
|
|
RunModeInitializeEveOutput(output_config, output_ctx);
|
|
|
|
|
|
|
|
/* add 'eve-log' to free list as it's the owner of the
|
|
|
|
* main output ctx from which the sub-modules share the
|
|
|
|
* LogFileCtx */
|
|
|
|
AddOutputToFreeList(module, output_ctx);
|
|
|
|
} else if (strcmp(output->val, "lua") == 0) {
|
|
|
|
SCLogDebug("handle lua");
|
|
|
|
if (output_ctx == NULL)
|
|
|
|
continue;
|
|
|
|
RunModeInitializeLuaOutput(output_config, output_ctx);
|
|
|
|
AddOutputToFreeList(module, output_ctx);
|
|
|
|
} else {
|
|
|
|
AddOutputToFreeList(module, output_ctx);
|
|
|
|
SetupOutput(module->name, module, output_ctx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (count == 0) {
|
|
|
|
FatalErrorOnInit(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"No output module named %s", output->val);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Backward compatibility code */
|
|
|
|
if (!tls_store_present && tls_log_enabled) {
|
|
|
|
/* old YAML with no "tls-store" in outputs. "tls-log" value needs
|
|
|
|
* to be started using 'tls-log' config as own config */
|
|
|
|
SCLogWarning(SC_ERR_CONF_YAML_ERROR,
|
|
|
|
"Please use 'tls-store' in YAML to configure TLS storage");
|
|
|
|
|
|
|
|
TAILQ_FOREACH(output, &outputs->head, next) {
|
|
|
|
output_config = ConfNodeLookupChild(output, output->val);
|
|
|
|
|
|
|
|
if (strcmp(output->val, "tls-log") == 0) {
|
|
|
|
|
|
|
|
OutputModule *module = OutputGetModuleByConfName("tls-store");
|
|
|
|
if (module == NULL) {
|
|
|
|
SCLogWarning(SC_ERR_INVALID_ARGUMENT,
|
|
|
|
"No output module named %s, ignoring", "tls-store");
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
OutputCtx *output_ctx = NULL;
|
|
|
|
if (module->InitFunc != NULL) {
|
|
|
|
output_ctx = module->InitFunc(output_config);
|
|
|
|
if (output_ctx == NULL) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
AddOutputToFreeList(module, output_ctx);
|
|
|
|
SetupOutput(module->name, module, output_ctx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Setup the outputs for this run mode.
|
|
|
|
*
|
|
|
|
* \param tv The ThreadVars for the thread the outputs will be
|
|
|
|
* appended to.
|
|
|
|
*/
|
|
|
|
void SetupOutputs(ThreadVars *tv)
|
|
|
|
{
|
|
|
|
RunModeOutput *output;
|
|
|
|
TAILQ_FOREACH(output, &RunModeOutputs, entries) {
|
|
|
|
tv->cap_flags |= output->tm_module->cap_flags;
|
|
|
|
TmSlotSetFuncAppend(tv, output->tm_module, output->output_ctx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
float threading_detect_ratio = 1;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Initialize multithreading settings.
|
|
|
|
*/
|
|
|
|
void RunModeInitialize(void)
|
|
|
|
{
|
|
|
|
threading_set_cpu_affinity = FALSE;
|
|
|
|
if ((ConfGetBool("threading.set-cpu-affinity", &threading_set_cpu_affinity)) == 0) {
|
|
|
|
threading_set_cpu_affinity = FALSE;
|
|
|
|
}
|
|
|
|
/* try to get custom cpu mask value if needed */
|
|
|
|
if (threading_set_cpu_affinity == TRUE) {
|
|
|
|
AffinitySetupLoadFromConfig();
|
|
|
|
}
|
|
|
|
if ((ConfGetFloat("threading.detect-thread-ratio", &threading_detect_ratio)) != 1) {
|
|
|
|
if (ConfGetNode("threading.detect-thread-ratio") != NULL)
|
|
|
|
WarnInvalidConfEntry("threading.detect-thread-ratio", "%s", "1");
|
|
|
|
threading_detect_ratio = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
SCLogDebug("threading.detect-thread-ratio %f", threading_detect_ratio);
|
|
|
|
}
|