diff --git a/configure.in b/configure.in index b19da58075..58a26c3773 100644 --- a/configure.in +++ b/configure.in @@ -1,3 +1,5 @@ +#TODO test for pcre and a better test for lpthread? A better place for default CFLAGS? + AC_INIT(configure.in) AM_CONFIG_HEADER(config.h) @@ -7,4 +9,136 @@ AC_LANG_C AC_PROG_CC AM_PROG_LIBTOOL +AC_DEFUN([FAIL_MESSAGE],[ + echo + echo + echo "**********************************************" + echo " ERROR: unable to find" $1 + echo " checked in the following places" + for i in `echo $2`; do + echo " $i" + done + echo "**********************************************" + echo + exit 1 +]) + +LIBS="-lpthread -lpcre" +CFLAGS="-Wall -fno-strict-aliasing" + +AC_ARG_WITH(libnfnetlink_includes, + [ --with-libnfnetlink-includes=DIR libnfnetlink include directory], + [with_libnfnetlink_includes="$withval"],[with_libnfnetlink_includes=no]) +AC_ARG_WITH(libnfnetlink_libraries, + [ --with-libnfnetlink-libraries=DIR libnfnetlink library directory], + [with_libnfnetlink_libraries="$withval"],[with_libnfnetlink_libraries="no"]) + +if test "$with_libnfnetlink_includes" != "no"; then + CPPFLAGS="${CPPFLAGS} -I${with_libnfnetlink_includes}" +fi + +AC_CHECK_HEADER(libnfnetlink/libnfnetlink.h,,[AC_ERROR(libnfnetlink.h not found ...)]) + +if test "$with_libnfnetlink_libraries" != "no"; then + LDFLAGS="${LDFLAGS} -L${with_libnfnetlink_libraries}" +fi + +NFNL="" +AC_CHECK_LIB(nfnetlink, nfnl_fd,, NFNL="no") + +if test "$NFNL" = "no"; then + echo + echo " ERROR! nfnetlink library not found, go get it" + echo " from www.netfilter.org." + echo " we automatically append libnetfilter_queue/ when searching" + echo " for headers etc. when the --with-libnfnetlink-inlcudes directive" + echo " is used" + echo + exit +fi + +AC_ARG_WITH(libnetfilter_queue_includes, + [ --with-libnetfilter_queue-includes=DIR libnetfilter_queue include directory], + [with_libnetfilter_queue_includes="$withval"],[with_libnetfilter_queue_includes=no]) +AC_ARG_WITH(libnetfilter_queue_libraries, + [ --with-libnetfilter_queue-libraries=DIR libnetfilter_queue library directory], + [with_libnetfilter_queue_libraries="$withval"],[with_libnetfilter_queue_libraries="no"]) + +if test "$with_libnetfilter_queue_includes" != "no"; then + CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_queue_includes}" +fi + +AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,[AC_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)]) + +if test "$with_libnetfilter_queue_libraries" != "no"; then + LDFLAGS="${LDFLAGS} -L${with_libnetfilter_queue_libraries}" +fi + +#LDFLAGS="${LDFLAGS} -lnetfilter_queue" + +NFQ="" +AC_CHECK_LIB(netfilter_queue, nfq_open,, NFQ="no",) + +if test "$NFQ" = "no"; then + echo + echo " ERROR! libnetfilter_queue library not found, go get it" + echo " from www.netfilter.org." + echo " we automatically append libnetfilter_queue/ when searching" + echo " for headers etc. when the --with-libnfq-inlcudes directive" + echo " is used" + echo + exit 1 +fi + +AC_ARG_WITH(libnet_includes, + [ --with-libnet-includes=DIR libnet include directory], + [with_libnet_includes="$withval"],[with_libnet_includes="no"]) + +AC_ARG_WITH(libnet_libraries, + [ --with-libnet-libraries=DIR libnet library directory], + [with_libnet_libraries="$withval"],[with_libnet_libraries="no"]) + +if test "x$with_libnet_includes" != "xno"; then + CPPFLAGS="${CPPFLAGS} -I${with_libnet_includes}" +fi + +if test "x$with_libnet_libraries" != "xno"; then + LDFLAGS="${LDFLAGS} -L${with_libnet_libraries}" +fi + +LIBNET_INC_DIR="" +AC_MSG_CHECKING("for libnet.h version 1.1.x") +libnet_dir="/usr/include /usr/local/include" +for i in $libnet_dir; do + if test -r "$i/libnet.h"; then + LIBNET_INC_DIR="$i" + fi +done + +if test "$LIBNET_INC_DIR" != ""; then + if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.1 >/dev/null"; then + FAIL_MESSAGE("libnet 1.1.x (libnet.h)", $tmp) + fi + CFLAGS="${CFLAGS} `libnet-config --defines` `libnet-config --cflags`" + LIBS="${LIBS} `libnet-config --libs`" + CPPFLAGS="${CPPFLAGS} -I${LIBNET_INC_DIR}" + AC_MSG_RESULT($i) +else + AC_MSG_RESULT(no) + AC_MSG_ERROR("libnet 1.1.x could not be found. please download and install the library from http://www.packetfactory.net/libnet/") +fi + +# see if we have the patched libnet 1.1 +# http://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html +LLIBNET="" +AC_CHECK_LIB(net, libnet_build_icmpv6_unreach,, LLIBNET="no") + if test "$LLIBNET" != "no"; then + CFLAGS="$CFLAGS -DHAVE_LIBNET_ICMPV6_UNREACH" + fi + +AC_SUBST(CFLAGS) +AC_SUBST(LDFLAGS) +AC_SUBST(CPPFLAGS) + AC_OUTPUT(Makefile src/Makefile) + diff --git a/src/Makefile.am b/src/Makefile.am index 0984312832..28aa0e0027 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -62,13 +62,15 @@ tmqh-packetpool.c tmqh-packetpool.h \ alert-fastlog.c alert-fastlog.h \ log-httplog.c log-httplog.h \ alert-unified-log.c alert-unified-log.h \ -alert-unified-alert.c alert-unified-alert.h +alert-unified-alert.c alert-unified-alert.h \ +respond-reject.c respond-reject.h \ +respond-reject-libnet11.h respond-reject-libnet11.c # set the include path found by configure INCLUDES= $(all_includes) # the library search path. vips_LDFLAGS = $(all_libraries) -vips_LDADD = -lnetfilter_queue -lpthread -lpcre -vips_CFLAGS = -Wall -fno-strict-aliasing +#vips_LDADD = -lnetfilter_queue -lpthread -lpcre +#vips_CFLAGS = -Wall -fno-strict-aliasing diff --git a/src/action-globals.h b/src/action-globals.h index e8303c1523..be527918fb 100644 --- a/src/action-globals.h +++ b/src/action-globals.h @@ -5,6 +5,8 @@ #define ACTION_ALERT 0 #define ACTION_DROP 1 #define ACTION_REJECT 2 -#define ACTION_PASS 3 +#define ACTION_REJECT_DST 3 +#define ACTION_REJECT_BOTH 4 +#define ACTION_PASS 5 #endif /* __ACTION_GLOBALS_H__ */ diff --git a/src/decode-tcp.h b/src/decode-tcp.h index 6d0cb6d6d1..df57a0259e 100644 --- a/src/decode-tcp.h +++ b/src/decode-tcp.h @@ -48,10 +48,18 @@ #define TCP_SET_RAW_TCP_OFFSET(tcph, value) ((tcph)->th_offx2 = (unsigned char)(((tcph)->th_offx2 & 0x0f) | (value << 4))) #define TCP_SET_RAW_TCP_X2(tcph, value) ((tcph)->th_offx2 = (unsigned char)(((tcph)->th_offx2 & 0xf0) | (value & 0x0f))) +#define TCP_GET_RAW_SEQ(tcph) ntohl((tcph)->th_seq) +#define TCP_GET_RAW_ACK(tcph) ntohl((tcph)->th_ack) + +#define TCP_GET_RAW_WINDOW(tcph) ntohs((tcph)->th_win) + #define TCP_GET_OFFSET(p) TCP_GET_RAW_OFFSET(p->tcph) #define TCP_GET_HLEN(p) TCP_GET_OFFSET(p) << 2 #define TCP_GET_SRC_PORT(p) TCP_GET_RAW_SRC_PORT(p->tcph) #define TCP_GET_DST_PORT(p) TCP_GET_RAW_DST_PORT(p->tcph) +#define TCP_GET_SEQ(p) TCP_GET_RAW_SEQ(p->tcph) +#define TCP_GET_ACK(p) TCP_GET_RAW_ACK(p->tcph) +#define TCP_GET_WINDOW(p) TCP_GET_RAW_WINDOW(p->tcph) typedef struct _TCPOpt { u_int8_t type; diff --git a/src/decode.h b/src/decode.h index f99b5ccd41..a87af1001e 100644 --- a/src/decode.h +++ b/src/decode.h @@ -279,6 +279,8 @@ typedef struct _Packet #define ACCEPT_PACKET(p) ((p)->root ? ((p)->root->action = ACTION_ACCEPT) : ((p)->action = ACTION_ACCEPT)) #define DROP_PACKET(p) ((p)->root ? ((p)->root->action = ACTION_DROP) : ((p)->action = ACTION_DROP)) #define REJECT_PACKET(p) ((p)->root ? ((p)->root->action = ACTION_REJECT) : ((p)->action = ACTION_REJECT)) +#define REJECT_PACKET_DST(p) ((p)->root ? ((p)->root->action = ACTION_REJECT_DST) : ((p)->action = ACTION_REJECT_DST)) +#define REJECT_PACKET_BOTH(p) ((p)->root ? ((p)->root->action = ACTION_REJECT_BOTH) : ((p)->action = ACTION_REJECT_BOTH)) #define INCR_PKT_RTV(p) \ { \ diff --git a/src/detect-parse.c b/src/detect-parse.c index 75f2a2a4fd..5082ff94c3 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -305,6 +305,15 @@ int SigParseAction(Signature *s, const char *action) { } else if(strcasecmp(action, "reject") == 0) { s->action = ACTION_REJECT; return 0; + } else if(strcasecmp(action, "rejectsrc") == 0) { + s->action = ACTION_REJECT; + return 0; + } else if(strcasecmp(action, "rejectdst") == 0) { + s->action = ACTION_REJECT_DST; + return 0; + } else if(strcasecmp(action, "rejectboth") == 0) { + s->action = ACTION_REJECT_BOTH; + return 0; } else { return -1; } diff --git a/src/respond-reject-libnet11.c b/src/respond-reject-libnet11.c new file mode 100644 index 0000000000..5372dc1e5a --- /dev/null +++ b/src/respond-reject-libnet11.c @@ -0,0 +1,150 @@ +/* Copyright (c) 2008 Victor Julien */ + +/* RespondRejectLibnet11 used to send out libnet based + * TCP resets and ICMP unreachables. + */ + +/*TODO calculate TTL base on average from stream tracking*/ + +#include +#include +#include + +#include "vips.h" +#include "decode.h" +#include "decode-ipv4.h" +#include "decode-tcp.h" +#include "packet-queue.h" +#include "threads.h" +#include "threadvars.h" +#include "tm-queuehandlers.h" +#include "tm-modules.h" +#include "action-globals.h" +#include "respond-reject.h" +#include "respond-reject-libnet11.h" + +typedef struct _Libnet11Packet +{ + u_int32_t ack, seq; + u_int16_t window, dsize; + u_int8_t ttl; + u_int16_t id; + u_int32_t flow; + u_int8_t class; + struct in6_addr src6, dst6; + u_int32_t src4, dst4; + u_int16_t sp, dp; +} Libnet11Packet; + +int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir){ + + Libnet11Packet lpacket; + + libnet_t *c; /* libnet context */ + char ebuf[LIBNET_ERRBUF_SIZE]; + libnet_ptag_t t; + int result; + + /* fill in struct defaults */ + lpacket.ttl = 0; + lpacket.id = 0; + lpacket.flow = 0; + lpacket.class = 0; + + if ((c = libnet_init (LIBNET_RAW4, NULL, ebuf)) == NULL) + { + printf("RejectSendLibnet11IPv4TCP libnet_init %s\n", ebuf); + return 1; + } + + /* shut up a compiler warning + lpacket.src4.s_addr = 0; + lpacket.dst4.s_addr = 0; + */ + if (p->tcph == NULL) + return 1; + + /* save payload len */ + lpacket.dsize = p->tcp_payload_len; + + if(dir == REJECT_DIR_SRC){ + printf ("sending a tcp reset to src\n"); + lpacket.seq = TCP_GET_ACK(p); + lpacket.ack = TCP_GET_SEQ(p) + lpacket.dsize; + + lpacket.sp = TCP_GET_DST_PORT(p); + lpacket.dp = TCP_GET_SRC_PORT(p); + + lpacket.src4 = GET_IPV4_DST_ADDR_U32(p); + lpacket.dst4 = GET_IPV4_SRC_ADDR_U32(p); + } + else if(dir == REJECT_DIR_DST){ + printf ("sending a tcp reset to dst\n"); + lpacket.seq = TCP_GET_SEQ(p); + lpacket.ack = TCP_GET_ACK(p); + + lpacket.sp = TCP_GET_SRC_PORT(p); + lpacket.dp = TCP_GET_DST_PORT(p); + + lpacket.src4 = GET_IPV4_SRC_ADDR_U32(p); + lpacket.dst4 = GET_IPV4_DST_ADDR_U32(p); + + } else { + printf ("reset not src or dst returning\n"); + return 1; + } + + lpacket.window = TCP_GET_WINDOW(p); + //lpacket.seq += lpacket.dsize; + + /* TODO come up with ttl calc function */ + lpacket.ttl = 64; + + /* build the package */ + if ((t = libnet_build_tcp (lpacket.sp, /* source port */ + lpacket.dp, /* dst port */ + lpacket.seq, /* seq number */ + lpacket.ack, /* ack number */ + TH_RST|TH_ACK, /* flags */ + lpacket.window, /* window size */ + 0, /* checksum */ + 0, /* urgent flag */ + LIBNET_TCP_H, /* header length */ + NULL, /* payload */ + 0, /* payload length */ + c, /* libnet context */ + 0)) < 0) /* libnet ptag */ + { + printf("RejectSendLibnet11IPv4TCP libnet_build_tcp %s\n", libnet_geterror(c)); + goto cleanup; + } + + if((t = libnet_build_ipv4( + LIBNET_TCP_H + LIBNET_IPV4_H, /* entire packet length */ + 0, /* tos */ + lpacket.id, /* ID */ + 0, /* fragmentation flags and offset */ + lpacket.ttl, /* TTL */ + IPPROTO_TCP, /* protocol */ + 0, /* checksum */ + lpacket.src4, /* source address */ + lpacket.dst4, /* destination address */ + NULL, /* pointer to packet data (or NULL) */ + 0, /* payload length */ + c, /* libnet context pointer */ + 0)) < 0) /* packet id */ + { + printf("RejectSendLibnet11IPv4TCP libnet_build_ipv4 %s\n", libnet_geterror(c)); + goto cleanup; + } + + result = libnet_write(c); + if (result == -1) { + printf("RejectSendLibnet11IPv4TCP libnet_write failed: %s\n", libnet_geterror(c)); + goto cleanup; + } + + cleanup: + libnet_destroy (c); + return 0; +} diff --git a/src/respond-reject-libnet11.h b/src/respond-reject-libnet11.h new file mode 100644 index 0000000000..8a7ea142b6 --- /dev/null +++ b/src/respond-reject-libnet11.h @@ -0,0 +1,8 @@ +/* Copyright (c) 2008 Victor Julien */ + +#ifndef __RESPOND_REJECT_LIBNET11_H__ +#define __RESPOND_REJECT_LIBNET11_H__ + +int RejectSendLibnet11L3IPv4TCP(ThreadVars *, Packet *, void *,int); + +#endif /* __RESPOND_REJECT_LIBNET11_H__ */ diff --git a/src/respond-reject.c b/src/respond-reject.c new file mode 100644 index 0000000000..94d2e1ba71 --- /dev/null +++ b/src/respond-reject.c @@ -0,0 +1,93 @@ +/* Copyright (c) 2008 Victor Julien */ + +/* RespondReject is a threaded wrapper for sending Rejects + * + */ + +#include +#include +#include + +#include "vips.h" +#include "decode.h" +#include "packet-queue.h" +#include "threads.h" +#include "threadvars.h" +#include "tm-queuehandlers.h" +#include "tm-modules.h" +#include "action-globals.h" +#include "respond-reject.h" +#include "respond-reject-libnet11.h" + +int RejectSendIPv4TCP(ThreadVars *, Packet *, void *); +int RejectSendIPv4ICMP(ThreadVars *, Packet *, void *); +int RejectSendIPv6TCP(ThreadVars *, Packet *, void *); +int RejectSendIPv6ICMP(ThreadVars *, Packet *, void *); + +void TmModuleRespondRejectRegister (void) { + + tmm_modules[TMM_RESPONDREJECT].name = "RespondReject"; + tmm_modules[TMM_RESPONDREJECT].Init = NULL; + tmm_modules[TMM_RESPONDREJECT].Func = RespondRejectFunc; + tmm_modules[TMM_RESPONDREJECT].Deinit = NULL; + tmm_modules[TMM_RESPONDREJECT].RegisterTests = NULL; +} + +int RespondRejectFunc(ThreadVars *tv, Packet *p, void *data) { + + /* ACTION_REJECT defaults to rejecting the SRC */ + if(p->action != ACTION_REJECT && p->action != ACTION_REJECT_DST && + p->action != ACTION_REJECT_BOTH) { + return 0; + } + + if(PKT_IS_IPV4(p)){ + if(PKT_IS_TCP(p)){ + return RejectSendIPv4TCP(tv, p, data); + } else if(PKT_IS_UDP(p)){ + return RejectSendIPv4ICMP(tv, p, data); + } else{ + return 0; + } + } else if (PKT_IS_IPV6(p)) { + if(PKT_IS_TCP(p)){ + return RejectSendIPv6TCP(tv, p, data); + } else if(PKT_IS_UDP(p)){ + return RejectSendIPv6ICMP(tv, p, data); + } else{ + return 0; + } + } else{ + printf ("wtf? packet is not ipv4 or ipv6 returning\n"); + return 0; + } +} + +int RejectSendIPv4TCP(ThreadVars *tv, Packet *p, void *data){ + if(p->action == ACTION_REJECT){ + return RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC); + } else if(p->action == ACTION_REJECT_DST){ + return RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST); + } else if(p->action == ACTION_REJECT_BOTH){ + if(RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_SRC) == 0 && + RejectSendLibnet11L3IPv4TCP(tv, p, data, REJECT_DIR_DST) == 0){ + return 0; + } else { + return 1; + } + } + return 0; +} +int RejectSendIPv4ICMP(ThreadVars *tv, Packet *p, void *data){ + printf ("we would send a ipv4 icmp reset here\n"); + return 1; +} +int RejectSendIPv6TCP(ThreadVars *tv, Packet *p, void *data){ + printf ("we would send a ipv6 tcp reset here\n"); + return 1; +} +int RejectSendIPv6ICMP(ThreadVars *tv, Packet *p, void *data){ + printf ("we would send a ipv6 icmp reset here\n"); + return 1; +} + diff --git a/src/respond-reject.h b/src/respond-reject.h new file mode 100644 index 0000000000..d9be166a8f --- /dev/null +++ b/src/respond-reject.h @@ -0,0 +1,12 @@ +/* Copyright (c) 2008 Victor Julien */ + +#ifndef __RESPOND_REJECT_H__ +#define __RESPOND_REJECT_H__ + +#define REJECT_DIR_SRC 0 +#define REJECT_DIR_DST 1 + +void TmModuleRespondRejectRegister (void); +int RespondRejectFunc(ThreadVars *, Packet *, void *); + +#endif /* __RESPOND_REJECT_H__ */ diff --git a/src/source-nfq.c b/src/source-nfq.c index cfc5508471..9e0117d0e5 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -312,7 +312,8 @@ void NFQSetVerdict(NFQThreadVars *t, Packet *p) { verdict = NF_ACCEPT; } else if(p->action == ACTION_DROP){ verdict = NF_DROP; - } else if(p->action == ACTION_REJECT){ + } else if(p->action == ACTION_REJECT||p->action == ACTION_REJECT_DST|| + p->action == ACTION_REJECT_BOTH){ verdict = NF_DROP; } else { /* a verdict we don't know about, drop to be sure */ diff --git a/src/tm-modules.h b/src/tm-modules.h index c7ba04a6b2..1de785f4be 100644 --- a/src/tm-modules.h +++ b/src/tm-modules.h @@ -19,10 +19,10 @@ enum { TMM_ALERTFASTLOG6, TMM_ALERTUNIFIEDLOG, TMM_ALERTUNIFIEDALERT, + TMM_RESPONDREJECT, TMM_LOGHTTPLOG, TMM_LOGHTTPLOG4, TMM_LOGHTTPLOG6, - TMM_SIZE, }; diff --git a/src/vips.c b/src/vips.c index 1a9dea7eb7..cffec3b259 100644 --- a/src/vips.c +++ b/src/vips.c @@ -41,6 +41,7 @@ #include "source-nfq-prototypes.h" #endif /* NFQ */ +#include "respond-reject.h" #include "flow.h" #include "util-cidr.h" @@ -296,6 +297,7 @@ int main(int argc, char **argv) TmModuleDecodeNFQRegister(); TmModuleDetectRegister(); TmModuleAlertFastlogRegister(); + TmModuleRespondRejectRegister(); TmModuleAlertFastlogIPv4Register(); TmModuleAlertFastlogIPv6Register(); TmModuleAlertUnifiedLogRegister(); @@ -356,7 +358,7 @@ int main(int argc, char **argv) } TmModule *tm_module = TmModuleGetByName("ReceiveNFQ"); if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); + printf("ERROR: TmModuleGetByName failed for ReceiveNFQ\n"); exit(1); } Tm1SlotSetFunc(tv_receivenfq,tm_module); @@ -368,12 +370,12 @@ int main(int argc, char **argv) ThreadVars *tv_decode1 = TmThreadCreate("Decode1","pickup-queue","simple","decode-queue1","simple","1slot"); if (tv_decode1 == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); + printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(1); } tm_module = TmModuleGetByName("DecodeNFQ"); if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); + printf("ERROR: TmModuleGetByName DecodeNFQ failed\n"); exit(1); } Tm1SlotSetFunc(tv_decode1,tm_module); @@ -390,7 +392,7 @@ int main(int argc, char **argv) } tm_module = TmModuleGetByName("DecodeNFQ"); if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); + printf("ERROR: TmModuleGetByName DecodeNFQ failed\n"); exit(1); } Tm1SlotSetFunc(tv_decode2,tm_module); @@ -407,7 +409,7 @@ int main(int argc, char **argv) } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); + printf("ERROR: TmModuleGetByName Detect failed\n"); exit(1); } Tm1SlotSetFunc(tv_detect1,tm_module); @@ -427,7 +429,7 @@ int main(int argc, char **argv) } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); + printf("ERROR: TmModuleGetByName Detect failed\n"); exit(1); } Tm1SlotSetFunc(tv_detect2,tm_module); @@ -440,14 +442,14 @@ int main(int argc, char **argv) exit(1); } - ThreadVars *tv_verdict = TmThreadCreate("Verdict","verdict-queue","simple","alert-queue1","simple","1slot"); + ThreadVars *tv_verdict = TmThreadCreate("Verdict","verdict-queue","simple","respond-queue","simple","1slot"); if (tv_verdict == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(1); } tm_module = TmModuleGetByName("VerdictNFQ"); if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); + printf("ERROR: TmModuleGetByName VerdictNFQ failed\n"); exit(1); } Tm1SlotSetFunc(tv_verdict,tm_module); @@ -457,6 +459,24 @@ int main(int argc, char **argv) exit(1); } + ThreadVars *tv_rreject = TmThreadCreate("RespondReject","respond-queue","simple","alert-queue1","simple","1slot"); + if (tv_rreject == NULL) { + printf("ERROR: TmThreadsCreate failed\n"); + exit(1); + } + tm_module = TmModuleGetByName("RespondReject"); + if (tm_module == NULL) { + printf("ERROR: TmModuleGetByName for RespondReject failed\n"); + exit(1); + } + Tm1SlotSetFunc(tv_rreject,tm_module); + + /* XXX this needs an api way of doing this */ + if (TmThreadSpawn(tv_rreject) != 0) { + printf("ERROR: TmThreadSpawn failed\n"); + exit(1); + } + ThreadVars *tv_alert = TmThreadCreate("AlertFastlog&Httplog","alert-queue1","simple","alert-queue2","simple","2slot"); if (tv_alert == NULL) { printf("ERROR: TmThreadsCreate failed\n"); @@ -464,7 +484,7 @@ int main(int argc, char **argv) } tm_module = TmModuleGetByName("AlertFastlog"); if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); + printf("ERROR: TmModuleGetByName for AlertFastlog failed\n"); exit(1); } Tm2SlotSetFunc1(tv_alert,tm_module); @@ -489,14 +509,14 @@ int main(int argc, char **argv) tm_module = TmModuleGetByName("AlertUnifiedLog"); if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); + printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n"); exit(1); } Tm2SlotSetFunc1(tv_unified,tm_module); tm_module = TmModuleGetByName("AlertUnifiedAlert"); if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); + printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n"); exit(1); } Tm2SlotSetFunc2(tv_unified,tm_module);