/* Copyright (C) 2007-2010 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free * Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * version 2 along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. */ /** \file * * \author Victor Julien * * Pre-cooked threading runmodes. */ #include "suricata-common.h" #include "detect-engine.h" #include "detect-engine-mpm.h" #include "tm-threads.h" #include "util-debug.h" #include "util-time.h" #include "util-cpu.h" #include "util-byte.h" #include "util-affinity.h" #include "conf.h" #include "queue.h" #include "runmodes.h" #include "alert-fastlog.h" #include "alert-prelude.h" #include "alert-unified-log.h" #include "alert-unified-alert.h" #include "alert-unified2-alert.h" #include "alert-debuglog.h" #include "log-httplog.h" #include "output.h" #include "cuda-packet-batcher.h" /** * A list of output modules that will be active for the run mode. */ typedef struct RunModeOutput_ { TmModule *tm_module; OutputCtx *output_ctx; TAILQ_ENTRY(RunModeOutput_) entries; } RunModeOutput; TAILQ_HEAD(, RunModeOutput_) RunModeOutputs = TAILQ_HEAD_INITIALIZER(RunModeOutputs); /** * Cleanup the run mode. */ void RunModeShutDown(void) { /* Close any log files. */ RunModeOutput *output; while ((output = TAILQ_FIRST(&RunModeOutputs))) { SCLogDebug("Shutting down output %s.", output->tm_module->name); TAILQ_REMOVE(&RunModeOutputs, output, entries); if (output->output_ctx != NULL && output->output_ctx->DeInit != NULL) output->output_ctx->DeInit(output->output_ctx); SCFree(output); } } /** * Initialize the output modules. */ void RunModeInitializeOutputs(void) { ConfNode *outputs = ConfGetNode("outputs"); if (outputs == NULL) { /* No "outputs" section in the configuration. */ return; } ConfNode *output, *output_config; TmModule *tm_module; const char *enabled; TAILQ_FOREACH(output, &outputs->head, next) { if (strcmp(output->val, "stats") == 0) continue; OutputModule *module = OutputGetModuleByConfName(output->val); if (module == NULL) { SCLogWarning(SC_ERR_INVALID_ARGUMENT, "No output module named %s, ignoring", output->val); continue; } output_config = ConfNodeLookupChild(output, module->conf_name); if (output_config == NULL) { /* Shouldn't happen. */ SCLogError(SC_ERR_INVALID_ARGUMENT, "Failed to lookup configuration child node: fast"); exit(1); } enabled = ConfNodeLookupChildValue(output_config, "enabled"); if (enabled != NULL && strcasecmp(enabled, "yes") == 0) { OutputCtx *output_ctx = NULL; if (module->InitFunc != NULL) { output_ctx = module->InitFunc(output_config); if (output_ctx == NULL) { /* In most cases the init function will have logged the * error. Maybe we should exit on init errors? */ continue; } } tm_module = TmModuleGetByName(module->name); if (tm_module == NULL) { SCLogError(SC_ERR_INVALID_ARGUMENT, "TmModuleGetByName for %s failed", module->name); exit(EXIT_FAILURE); } RunModeOutput *runmode_output = SCCalloc(1, sizeof(RunModeOutput)); if (runmode_output == NULL) return; runmode_output->tm_module = tm_module; runmode_output->output_ctx = output_ctx; TAILQ_INSERT_TAIL(&RunModeOutputs, runmode_output, entries); } } } /** * Setup the outputs for this run mode. * * \param tv The ThreadVars for the thread the outputs will be * appended to. */ static void SetupOutputs(ThreadVars *tv) { RunModeOutput *output; TAILQ_FOREACH(output, &RunModeOutputs, entries) { tv->cap_flags |= output->tm_module->cap_flags; TmVarSlotSetFuncAppend(tv, output->tm_module, output->output_ctx); } } static float threading_detect_ratio = 1; /** * Initialize the output modules. */ static void RunModeInitialize(void) { threading_set_cpu_affinity = FALSE; if ((ConfGetBool("threading.set_cpu_affinity", &threading_set_cpu_affinity)) == 0) { threading_set_cpu_affinity = FALSE; } /* try to get custom cpu mask value if needed */ if (threading_set_cpu_affinity == TRUE) { AffinitySetupLoadFromConfig(); } if ((ConfGetFloat("threading.detect_thread_ratio", &threading_detect_ratio)) != 1) { threading_detect_ratio = 1; } SCLogDebug("threading_detect_ratio %f", threading_detect_ratio); } int RunModeIdsPcap(DetectEngineCtx *de_ctx, char *iface) { TimeModeSetLive(); char *thread_group_name = NULL; /* create the threads */ ThreadVars *tv_receivepcap = TmThreadCreatePacketHandler("ReceivePcap","packetpool","packetpool","pickup-queue","simple","1slot_noinout"); if (tv_receivepcap == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePcap"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePcap\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepcap,tm_module,(void *)iface); if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue","simple","decode-queue1","simple","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePcap"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","stream-queue1","simple","1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect1 = TmThreadCreatePacketHandler("Detect1","stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect1 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect1,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect1->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect2 = TmThreadCreatePacketHandler("Detect2","stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect2 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect2,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect2->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_rreject = TmThreadCreatePacketHandler("RespondReject","verdict-queue","simple","alert-queue1","simple","1slot"); if (tv_rreject == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_rreject,tm_module,NULL); if (TmThreadSpawn(tv_rreject) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** \brief Live pcap mode with 4 stream tracking and reassembly threads, testing the flow queuehandler */ int RunModeIdsPcap2(DetectEngineCtx *de_ctx, char *iface) { TimeModeSetLive(); char *thread_group_name = NULL; /* create the threads */ ThreadVars *tv_receivepcap = TmThreadCreatePacketHandler("ReceivePcap","packetpool","packetpool","pickup-queue","simple","1slot_noinout"); if (tv_receivepcap == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePcap"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePcap\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepcap,tm_module,(void *)iface); if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue","simple","decode-queue1,decode-queue2,decode-queue3,decode-queue4","flow","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePcap"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","stream-queue1","simple","1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream2 = TmThreadCreatePacketHandler("Stream2","decode-queue2","simple","stream-queue1","simple","1slot"); if (tv_stream2 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream2\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream2,tm_module,NULL); if (TmThreadSpawn(tv_stream2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream3 = TmThreadCreatePacketHandler("Stream3","decode-queue3","simple","stream-queue2","simple","1slot"); if (tv_stream3 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream3,tm_module,NULL); if (TmThreadSpawn(tv_stream3) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream4 = TmThreadCreatePacketHandler("Stream4","decode-queue4","simple","stream-queue2","simple","1slot"); if (tv_stream4 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream4,tm_module,NULL); if (TmThreadSpawn(tv_stream4) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect1 = TmThreadCreatePacketHandler("Detect1","stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect1 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect1,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect1->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect2 = TmThreadCreatePacketHandler("Detect2","stream-queue2","simple","verdict-queue","simple","1slot"); if (tv_detect2 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect2,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect2->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_rreject = TmThreadCreatePacketHandler("RespondReject","verdict-queue","simple","alert-queue1","simple","1slot"); if (tv_rreject == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_rreject,tm_module,NULL); if (TmThreadSpawn(tv_rreject) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs1 = TmThreadCreatePacketHandler("Outputs1", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs1); if (TmThreadSpawn(tv_outputs1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** \brief Live pcap mode with 4 stream tracking and reassembly threads, testing the flow queuehandler */ int RunModeIdsPcap3(DetectEngineCtx *de_ctx, char *iface) { TimeModeSetLive(); /* create the threads */ ThreadVars *tv_receivepcap = TmThreadCreatePacketHandler("ReceivePcap","packetpool","packetpool","pickup-queue","simple","1slot_noinout"); if (tv_receivepcap == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePcap"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePcap\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepcap,tm_module,(void *)iface); if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue","simple","decode-queue1,decode-queue2,decode-queue3,decode-queue4","flow","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePcap"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv; tv = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","packetpool","packetpool","varslot"); if (tv == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,(void *)de_ctx); tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); /* In this mode we don't create a new thread for alerting/logging. * We'll pass the one currently being setup and the alerting * modules will be appended to it. */ SetupOutputs(tv); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv, 0); } if (TmThreadSpawn(tv) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } tv = TmThreadCreatePacketHandler("Stream2","decode-queue2","simple","packetpool","packetpool","varslot"); if (tv == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,(void *)de_ctx); tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); SetupOutputs(tv); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv, 0); } if (TmThreadSpawn(tv) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } tv = TmThreadCreatePacketHandler("Stream3","decode-queue3","simple","packetpool","packetpool","varslot"); if (tv == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,(void *)de_ctx); tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); SetupOutputs(tv); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv, 1); } if (TmThreadSpawn(tv) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } tv = TmThreadCreatePacketHandler("Stream4","decode-queue4","simple","packetpool","packetpool","varslot"); if (tv == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,(void *)de_ctx); tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); SetupOutputs(tv); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv, 1); } if (TmThreadSpawn(tv) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } int RunModeIpsNFQ(DetectEngineCtx *de_ctx, char *nfq_id) { TimeModeSetLive(); char *thread_group_name = NULL; /* create the threads */ ThreadVars *tv_receivenfq = TmThreadCreatePacketHandler("ReceiveNFQ","packetpool","packetpool","pickup-queue","simple","1slot_noinout"); if (tv_receivenfq == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceiveNFQ"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceiveNFQ\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivenfq,tm_module,nfq_id); if (TmThreadSpawn(tv_receivenfq) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue","simple","decode-queue1","simple","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodeNFQ"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodeNFQ failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","stream-queue1","simple","1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect1 = TmThreadCreatePacketHandler("Detect1","stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect1 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect1,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect1->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect2 = TmThreadCreatePacketHandler("Detect2","stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect2 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect2,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect2->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_verdict = TmThreadCreatePacketHandler("Verdict","verdict-queue","simple","respond-queue","simple","1slot"); if (tv_verdict == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("VerdictNFQ"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName VerdictNFQ failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_verdict,tm_module,nfq_id); if (TmThreadSpawn(tv_verdict) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_rreject = TmThreadCreatePacketHandler("RespondReject","respond-queue","simple","alert-queue1","simple","1slot"); if (tv_rreject == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_rreject,tm_module,NULL); if (TmThreadSpawn(tv_rreject) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } int RunModeFilePcap(DetectEngineCtx *de_ctx, char *file) { SCLogDebug("file %s", file); TimeModeSetOffline(); char *thread_group_name = NULL; /* create the threads */ ThreadVars *tv_receivepcap = TmThreadCreatePacketHandler("ReceivePcapFile","packetpool","packetpool","pickup-queue","simple","1slot"); if (tv_receivepcap == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePcap\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepcap,tm_module,file); if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue","simple","decode-queue1","simple","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } //#if 0 ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","stream-queue1","simple","1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect1 = TmThreadCreatePacketHandler("Detect1","stream-queue1","simple","alert-queue1","simple","1slot"); //#endif //ThreadVars *tv_detect1 = TmThreadCreate("Detect1","decode-queue1","simple","alert-queue1","simple","1slot"); if (tv_detect1 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect1,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect1->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect2 = TmThreadCreatePacketHandler("Detect2","stream-queue1","simple","alert-queue1","simple","1slot"); if (tv_detect2 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect2,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect2->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** * \brief Single thread version of the Pcap file processing. */ int RunModeFilePcap2(DetectEngineCtx *de_ctx, char *file) { printf("RunModeFilePcap2: file %s\n", file); TimeModeSetOffline(); /* create the threads */ ThreadVars *tv = TmThreadCreatePacketHandler("PcapFile","packetpool","packetpool","packetpool","packetpool","varslot"); if (tv == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePcap\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,file); tm_module = TmModuleGetByName("DecodePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,(void *)de_ctx); SetupOutputs(tv); if (TmThreadSpawn(tv) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } int RunModeIdsPfring(DetectEngineCtx *de_ctx, char *iface) { TimeModeSetLive(); char *thread_group_name = NULL; /* create the threads */ ThreadVars *tv_receivepfring = TmThreadCreatePacketHandler("ReceivePfring","packetpool","packetpool","pickup-queue1","simple","1slot"); if (tv_receivepfring == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePfring\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepfring,tm_module,(void *)iface); if (TmThreadSpawn(tv_receivepfring) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_receivepfring2 = TmThreadCreatePacketHandler("ReceivePfring2","packetpool","packetpool","pickup-queue2","simple","1slot"); if (tv_receivepfring2 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("ReceivePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePfring\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepfring2,tm_module,(void *)iface); if (TmThreadSpawn(tv_receivepfring2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue1","simple","decode-queue1","simple","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePfring failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode2 = TmThreadCreatePacketHandler("Decode2","pickup-queue2","simple","decode-queue2","simple","1slot"); if (tv_decode2 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePfring failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode2,tm_module,NULL); if (TmThreadSpawn(tv_decode2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","stream-queue1","simple","1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream2 = TmThreadCreatePacketHandler("Stream2","decode-queue2","simple","stream-queue2","simple","1slot"); if (tv_stream2 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream2,tm_module,NULL); if (TmThreadSpawn(tv_stream2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect1 = TmThreadCreatePacketHandler("Detect1","stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect1 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect1,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect1->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect2 = TmThreadCreatePacketHandler("Detect2","stream-queue2","simple","verdict-queue","simple","1slot"); if (tv_detect2 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect2,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect2->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_rreject = TmThreadCreatePacketHandler("RespondReject","verdict-queue","simple","alert-queue1","simple","1slot"); if (tv_rreject == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_rreject,tm_module,NULL); if (TmThreadSpawn(tv_rreject) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** \brief Live pfring mode with 4 stream tracking and reassembly threads, testing the flow queuehandler */ int RunModeIdsPfring2(DetectEngineCtx *de_ctx, char *iface) { TimeModeSetLive(); char *thread_group_name = NULL; /* create the threads */ ThreadVars *tv_receivepfring = TmThreadCreatePacketHandler("ReceivePfring","packetpool","packetpool","pickup-queue","simple","1slot"); if (tv_receivepfring == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePfring\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepfring,tm_module,(void *)iface); if (TmThreadSpawn(tv_receivepfring) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue","simple","decode-queue1,decode-queue2,decode-queue3,decode-queue4","flow","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePfring failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","stream-queue1","simple","1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream2 = TmThreadCreatePacketHandler("Stream2","decode-queue2","simple","stream-queue1","simple","1slot"); if (tv_stream2 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream2\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream2,tm_module,NULL); if (TmThreadSpawn(tv_stream2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream3 = TmThreadCreatePacketHandler("Stream3","decode-queue3","simple","stream-queue2","simple","1slot"); if (tv_stream3 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream3,tm_module,NULL); if (TmThreadSpawn(tv_stream3) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream4 = TmThreadCreatePacketHandler("Stream4","decode-queue4","simple","stream-queue2","simple","1slot"); if (tv_stream4 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream4,tm_module,NULL); if (TmThreadSpawn(tv_stream4) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect1 = TmThreadCreatePacketHandler("Detect1","stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect1 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect1,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect1->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect2 = TmThreadCreatePacketHandler("Detect2","stream-queue2","simple","verdict-queue","simple","1slot"); if (tv_detect2 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect2,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect2->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_rreject = TmThreadCreatePacketHandler("RespondReject","verdict-queue","simple","alert-queue1","simple","1slot"); if (tv_rreject == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_rreject,tm_module,NULL); if (TmThreadSpawn(tv_rreject) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** \brief Live pfring mode with 4 stream tracking and reassembly threads, testing the flow queuehandler */ int RunModeIdsPfring3(DetectEngineCtx *de_ctx, char *iface) { TimeModeSetLive(); /* create the threads */ ThreadVars *tv_receivepfring = TmThreadCreatePacketHandler("ReceivePfring","packetpool","packetpool","pickup-queue","simple","1slot"); if (tv_receivepfring == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePfring\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepfring,tm_module,(void *)iface); if (TmThreadSpawn(tv_receivepfring) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue","simple","decode-queue1,decode-queue2,decode-queue3,decode-queue4","flow","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePfring failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv; tv = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","packetpool","packetpool","varslot"); if (tv == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,(void *)de_ctx); tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); SetupOutputs(tv); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv, 0); } if (TmThreadSpawn(tv) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } tv = TmThreadCreatePacketHandler("Stream2","decode-queue2","simple","packetpool","packetpool","varslot"); if (tv == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,(void *)de_ctx); tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); SetupOutputs(tv); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv, 0); } if (TmThreadSpawn(tv) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } tv = TmThreadCreatePacketHandler("Stream3","decode-queue3","simple","packetpool","packetpool","varslot"); if (tv == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,(void *)de_ctx); tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); SetupOutputs(tv); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv, 1); } if (TmThreadSpawn(tv) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } tv = TmThreadCreatePacketHandler("Stream4","decode-queue4","simple","packetpool","packetpool","varslot"); if (tv == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,(void *)de_ctx); tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); SetupOutputs(tv); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv, 1); } if (TmThreadSpawn(tv) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } int RunModeIpsIPFW(DetectEngineCtx *de_ctx) { TimeModeSetLive(); char *thread_group_name = NULL; /* create the threads */ ThreadVars *tv_receiveipfw = TmThreadCreatePacketHandler("ReceiveIPFW","packetpool","packetpool","pickup-queue","simple","1slot_noinout"); if (tv_receiveipfw == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceiveIPFW"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceiveIPFW\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receiveipfw,tm_module,NULL); if (TmThreadSpawn(tv_receiveipfw) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue","simple","decode-queue1","simple","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodeIPFW"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodeIPFW failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","stream-queue1","simple","1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect1 = TmThreadCreatePacketHandler("Detect1","stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect1 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect1,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect1->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect2 = TmThreadCreatePacketHandler("Detect2","stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect2 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect2,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect2->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_verdict = TmThreadCreatePacketHandler("Verdict","verdict-queue","simple","respond-queue","simple","1slot"); if (tv_verdict == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("VerdictIPFW"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName VerdictIPFW failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_verdict,tm_module,NULL); if (TmThreadSpawn(tv_verdict) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_rreject = TmThreadCreatePacketHandler("RespondReject","respond-queue","simple","alert-queue1","simple","1slot"); if (tv_rreject == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_rreject,tm_module,NULL); if (TmThreadSpawn(tv_rreject) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** RunmodeIdsPfring4 simple 4 pfring, decode, stream, and detect threads */ int RunModeIdsPfring4(DetectEngineCtx *de_ctx, char *iface) { TimeModeSetLive(); char *thread_group_name = NULL; /* create the threads */ ThreadVars *tv_receivepfring = TmThreadCreatePacketHandler("ReceivePfring","packetpool","packetpool","pickup-queue1","simple","1slot"); if (tv_receivepfring == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePfring\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepfring,tm_module,(void *)iface); if (TmThreadSpawn(tv_receivepfring) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_receivepfring2 = TmThreadCreatePacketHandler("ReceivePfring2","packetpool","packetpool","pickup-queue2","simple","1slot"); if (tv_receivepfring2 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("ReceivePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePfring\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepfring2,tm_module,(void *)iface); if (TmThreadSpawn(tv_receivepfring2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_receivepfring3 = TmThreadCreatePacketHandler("ReceivePfring3","packetpool","packetpool","pickup-queue3","simple","1slot"); if (tv_receivepfring3 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("ReceivePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePfring\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepfring3,tm_module,(void *)iface); if (TmThreadSpawn(tv_receivepfring3) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_receivepfring4 = TmThreadCreatePacketHandler("ReceivePfring4","packetpool","packetpool","pickup-queue4","simple","1slot"); if (tv_receivepfring4 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("ReceivePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePfring\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepfring4,tm_module,(void *)iface); if (TmThreadSpawn(tv_receivepfring4) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue1","simple","decode-queue1","simple","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePfring failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode2 = TmThreadCreatePacketHandler("Decode2","pickup-queue2","simple","decode-queue2","simple","1slot"); if (tv_decode2 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePfring failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode2,tm_module,NULL); if (TmThreadSpawn(tv_decode2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode3 = TmThreadCreatePacketHandler("Decode3","pickup-queue3","simple","decode-queue3","simple","1slot"); if (tv_decode3 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePfring failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode3,tm_module,NULL); if (TmThreadSpawn(tv_decode3) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode4 = TmThreadCreatePacketHandler("Decode4","pickup-queue4","simple","decode-queue4","simple","1slot"); if (tv_decode4 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePfring failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode4,tm_module,NULL); if (TmThreadSpawn(tv_decode4) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","stream-queue1","simple","1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream2 = TmThreadCreatePacketHandler("Stream2","decode-queue2","simple","stream-queue2","simple","1slot"); if (tv_stream2 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream2,tm_module,NULL); if (TmThreadSpawn(tv_stream2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream3 = TmThreadCreatePacketHandler("Stream3","decode-queue3","simple","stream-queue3","simple","1slot"); if (tv_stream3 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream3,tm_module,NULL); if (TmThreadSpawn(tv_stream3) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream4 = TmThreadCreatePacketHandler("Stream4","decode-queue4","simple","stream-queue4","simple","1slot"); if (tv_stream4 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream4,tm_module,NULL); if (TmThreadSpawn(tv_stream4) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect1 = TmThreadCreatePacketHandler("Detect1","stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect1 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect1,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect1->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect2 = TmThreadCreatePacketHandler("Detect2","stream-queue2","simple","verdict-queue","simple","1slot"); if (tv_detect2 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect2,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect2->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect2) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect3 = TmThreadCreatePacketHandler("Detect3","stream-queue3","simple","verdict-queue","simple","1slot"); if (tv_detect3 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect3,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect3->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect3) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_detect4= TmThreadCreatePacketHandler("Detect4","stream-queue4","simple","verdict-queue","simple","1slot"); if (tv_detect4 == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect4,tm_module,(void *)de_ctx); thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect4->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect4) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_rreject = TmThreadCreatePacketHandler("RespondReject","verdict-queue","simple","alert-queue1","simple","1slot"); if (tv_rreject == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_rreject,tm_module,NULL); if (TmThreadSpawn(tv_rreject) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** * \brief RunModeIdsPcapAuto set up the following thread packet handlers: * - Receive thread (from iface pcap) * - Decode thread * - Stream thread * - Detect: If we have only 1 cpu, it will setup one Detect thread * If we have more than one, it will setup num_cpus - 1 * starting from the second cpu available. * - Respond/Reject thread * - Outputs thread * By default the threads will use the first cpu available * except the Detection threads if we have more than one cpu * * \param de_ctx pointer to the Detection Engine * \param iface pointer to the name of the interface from which we will * fetch the packets * \retval 0 if all goes well. (If any problem is detected the engine will * exit()) */ int RunModeIdsPcapAuto(DetectEngineCtx *de_ctx, char *iface) { SCEnter(); /* tname = Detect + cpuid, this is 11bytes length as max */ char tname[16]; uint16_t cpu = 0; TmModule *tm_module; uint16_t thread; RunModeInitialize(); TimeModeSetLive(); /* Available cpus */ uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); int npcap = PcapLiveGetDeviceCount(); if (npcap == 1) { /* create the threads */ ThreadVars *tv_receivepcap = TmThreadCreatePacketHandler("ReceivePcap","packetpool","packetpool","pickup-queue","simple","1slot"); if (tv_receivepcap == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("ReceivePcap"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePcap\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepcap,tm_module,(void *)iface); TmThreadSetCPU(tv_receivepcap, RECEIVE_CPU_SET); if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } } else { SCLogInfo("Using %d pcap device(s).", npcap); for (thread = 0; thread < npcap; thread++) { char *pcap_dev = PcapLiveGetDevice(thread); if (pcap_dev == NULL) { printf("Failed to lookup pcap dev %d\n", thread); exit(EXIT_FAILURE); } SCLogDebug("pcap_dev %s", pcap_dev); snprintf(tname, sizeof(tname),"RecvPcap-%s", pcap_dev); char *tnamec = SCStrdup(tname); char *pcap_devc = SCStrdup(pcap_dev); /* create the threads */ ThreadVars *tv_receivepcap = TmThreadCreatePacketHandler(tnamec,"packetpool","packetpool","pickup-queue","simple","1slot"); if (tv_receivepcap == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("ReceivePcap"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePcap\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepcap,tm_module,(void *)pcap_devc); TmThreadSetCPU(tv_receivepcap, RECEIVE_CPU_SET); if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } } } #if defined(__SC_CUDA_SUPPORT__) if (PatternMatchDefaultMatcher() == MPM_B2G_CUDA) { ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode", "pickup-queue", "simple", "decode-queue1", "simple", "1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePcap"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1, tm_module, NULL); TmThreadSetCPU(tv_decode1, DECODE_CPU_SET); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_cuda_PB = TmThreadCreate("CUDA_PB", "decode-queue1", "simple", "cuda-pb-queue1", "simple", "custom", SCCudaPBTmThreadsSlot1, 0); if (tv_cuda_PB == NULL) { printf("ERROR: TmThreadsCreate failed for CUDA_PB\n"); exit(EXIT_FAILURE); } tv_cuda_PB->type = TVT_PPT; tm_module = TmModuleGetByName("CudaPacketBatcher"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName CudaPacketBatcher failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_cuda_PB, tm_module, (void *)de_ctx); TmThreadSetCPU(tv_cuda_PB, DETECT_CPU_SET); if (TmThreadSpawn(tv_cuda_PB) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1", "cuda-pb-queue1", "simple", "stream-queue1", "simple", "1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); TmThreadSetCPU(tv_stream1, STREAM_CPU_SET); if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } } else { ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode & Stream", "pickup-queue", "simple", "stream-queue1", "simple", "varslot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePcap"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); TmThreadSetCPU(tv_decode1, DECODE_CPU_SET); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } } #else //#if 0 //ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode & Stream","pickup-queue","simple","packetpool","packetpool","varslot"); ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode & Stream","pickup-queue","simple","stream-queue1","simple","varslot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePcap"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); TmThreadSetCPU(tv_decode1, DECODE_CPU_SET); if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } #endif /* start with cpu 1 so that if we're creating an odd number of detect * threads we're not creating the most on CPU0. */ if (ncpus > 0) cpu = 1; /* always create at least one thread */ int thread_max = ncpus * threading_detect_ratio; if (thread_max < 1) thread_max = 1; for (thread = 0; thread < thread_max; thread++) { snprintf(tname, sizeof(tname),"Detect%"PRIu16, thread+1); if (tname == NULL) break; char *thread_name = SCStrdup(tname); SCLogDebug("Assigning %s affinity to cpu %u", thread_name, cpu); ThreadVars *tv_detect_ncpu = TmThreadCreatePacketHandler(thread_name,"stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect_ncpu == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect_ncpu,tm_module,(void *)de_ctx); TmThreadSetCPU(tv_detect_ncpu, DETECT_CPU_SET); char *thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect_ncpu->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } if ((cpu + 1) == ncpus) cpu = 0; else cpu++; } ThreadVars *tv_rreject = TmThreadCreatePacketHandler("RespondReject","verdict-queue","simple","alert-queue","simple","1slot"); if (tv_rreject == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_rreject,tm_module,NULL); TmThreadSetCPU(tv_rreject, REJECT_CPU_SET); if (TmThreadSpawn(tv_rreject) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); TmThreadSetCPU(tv_outputs, OUTPUT_CPU_SET); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** * \brief RunModeFilePcapAuto set up the following thread packet handlers: * - Receive thread (from pcap file) * - Decode thread * - Stream thread * - Detect: If we have only 1 cpu, it will setup one Detect thread * If we have more than one, it will setup num_cpus - 1 * starting from the second cpu available. * - Outputs thread * By default the threads will use the first cpu available * except the Detection threads if we have more than one cpu * * \param de_ctx pointer to the Detection Engine * \param file pointer to the name of the file from which we will fetch * the packets * \retval 0 if all goes well. (If any problem is detected the engine will * exit()) */ int RunModeFilePcapAuto(DetectEngineCtx *de_ctx, char *file) { SCEnter(); char tname[12]; uint16_t cpu = 0; RunModeInitialize(); /* Available cpus */ uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); SCLogDebug("file %s", file); TimeModeSetOffline(); /* create the threads */ //ThreadVars *tv_receivepcap = TmThreadCreatePacketHandler("ReceivePcapFile","packetpool","packetpool","packetpool","packetpool","1slot"); ThreadVars *tv_receivepcap = TmThreadCreatePacketHandler("ReceivePcapFile","packetpool","packetpool","pickup-queue","simple","1slot"); if (tv_receivepcap == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePcap\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepcap,tm_module,file); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_receivepcap, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_receivepcap, PRIO_MEDIUM); } if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } #if defined(__SC_CUDA_SUPPORT__) if (PatternMatchDefaultMatcher() == MPM_B2G_CUDA) { ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode", "pickup-queue", "simple", "decode-queue1", "simple", "1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1, tm_module, NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_decode1, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_decode1, PRIO_MEDIUM); } if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_cuda_PB = TmThreadCreate("CUDA_PB", "decode-queue1", "simple", "cuda-pb-queue1", "simple", "custom", SCCudaPBTmThreadsSlot1, 0); if (tv_cuda_PB == NULL) { printf("ERROR: TmThreadsCreate failed for CUDA_PB\n"); exit(EXIT_FAILURE); } tv_cuda_PB->type = TVT_PPT; tm_module = TmModuleGetByName("CudaPacketBatcher"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName CudaPacketBatcher failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_cuda_PB, tm_module, (void *)de_ctx); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_cuda_PB, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_cuda_PB, PRIO_MEDIUM); } if (TmThreadSpawn(tv_cuda_PB) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1", "cuda-pb-queue1", "simple", "stream-queue1", "simple", "1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_stream1, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_stream1, PRIO_MEDIUM); } if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } } else { ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode & Stream", "pickup-queue", "simple", "stream-queue1", "simple", "varslot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_decode1, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_decode1, PRIO_MEDIUM); } if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } } #else //#if 0 //ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode & Stream","pickup-queue","simple","packetpool","packetpool","varslot"); ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode & Stream","pickup-queue","simple","stream-queue1","simple","varslot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_decode1, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_decode1, PRIO_MEDIUM); } if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } #endif //#if 0 /* start with cpu 1 so that if we're creating an odd number of detect * threads we're not creating the most on CPU0. */ if (ncpus > 0) cpu = 1; /* always create at least one thread */ int thread_max = ncpus * threading_detect_ratio; if (thread_max < 1) thread_max = 1; int thread; for (thread = 0; thread < thread_max; thread++) { snprintf(tname, sizeof(tname),"Detect%"PRIu16, thread+1); if (tname == NULL) break; char *thread_name = SCStrdup(tname); SCLogDebug("Assigning %s affinity to cpu %u", thread_name, cpu); ThreadVars *tv_detect_ncpu = TmThreadCreatePacketHandler(thread_name,"stream-queue1","simple","alert-queue1","simple","1slot"); if (tv_detect_ncpu == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect_ncpu,tm_module,(void *)de_ctx); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_detect_ncpu, (int)cpu); /* If we have more than one core/cpu, the first Detect thread * (at cpu 0) will have less priority (higher 'nice' value) * In this case we will set the thread priority to +10 (default is 0) */ if (cpu == 0 && ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_LOW); } else if (ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_MEDIUM); } } char *thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect_ncpu->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } if ((cpu + 1) == ncpus) cpu = 0; else cpu++; } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_outputs, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_outputs, PRIO_MEDIUM); } if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } //#endif return 0; } /** * \brief RunModeFilePcapAuto set up the following thread packet handlers: * - Receive thread (from pcap file) * - Decode thread * - Stream thread * - Detect: If we have only 1 cpu, it will setup one Detect thread * If we have more than one, it will setup num_cpus - 1 * starting from the second cpu available. * - Outputs thread * By default the threads will use the first cpu available * except the Detection threads if we have more than one cpu * * \param de_ctx pointer to the Detection Engine * \param file pointer to the name of the file from which we will fetch * the packets * \retval 0 if all goes well. (If any problem is detected the engine will * exit()) */ int RunModeFilePcapAutoFp(DetectEngineCtx *de_ctx, char *file) { SCEnter(); char tname[12]; char qname[12]; uint16_t cpu = 0; char queues[2048] = ""; RunModeInitialize(); /* Available cpus */ uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); /* start with cpu 1 so that if we're creating an odd number of detect * threads we're not creating the most on CPU0. */ if (ncpus > 0) cpu = 1; /* always create at least one thread */ int thread_max = ncpus * threading_detect_ratio; if (thread_max < 1) thread_max = 1; int thread; for (thread = 0; thread < thread_max; thread++) { if (strlen(queues) > 0) strlcat(queues, ",", sizeof(queues)); snprintf(qname, sizeof(qname),"pickup%"PRIu16, thread+1); strlcat(queues, qname, sizeof(queues)); } printf("queues %s\n", queues); SCLogDebug("file %s", file); TimeModeSetOffline(); /* create the threads */ ThreadVars *tv_receivepcap = TmThreadCreatePacketHandler("ReceivePcapFile","packetpool","packetpool",queues,"flow","varslot"); if (tv_receivepcap == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePcap\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_receivepcap,tm_module,file); tm_module = TmModuleGetByName("DecodePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_receivepcap,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_receivepcap, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_receivepcap, PRIO_MEDIUM); } if (TmThreadSpawn(tv_receivepcap) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } for (thread = 0; thread < thread_max; thread++) { snprintf(tname, sizeof(tname),"Detect%"PRIu16, thread+1); snprintf(qname, sizeof(qname),"pickup%"PRIu16, thread+1); printf("tname %s, qname %s\n", tname, qname); char *thread_name = SCStrdup(tname); SCLogDebug("Assigning %s affinity to cpu %u", thread_name, cpu); ThreadVars *tv_detect_ncpu = TmThreadCreatePacketHandler(thread_name, qname, "flow","packetpool","packetpool","varslot"); //ThreadVars *tv_detect_ncpu = TmThreadCreatePacketHandler(thread_name, qname, "flow","alert-queue1","simple","varslot"); if (tv_detect_ncpu == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_detect_ncpu,tm_module,NULL); tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_detect_ncpu,tm_module,(void *)de_ctx); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_detect_ncpu, (int)cpu); /* If we have more than one core/cpu, the first Detect thread * (at cpu 0) will have less priority (higher 'nice' value) * In this case we will set the thread priority to +10 (default is 0) */ if (cpu == 0 && ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_LOW); } else if (ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_MEDIUM); } } char *thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect_ncpu->thread_group_name = thread_group_name; /* add outputs as well */ SetupOutputs(tv_detect_ncpu); if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } if ((cpu + 1) == ncpus) cpu = 0; else cpu++; } /* ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_outputs, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_outputs, PRIO_MEDIUM); } if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } */ return 0; } int RunModeFilePcapAuto2(DetectEngineCtx *de_ctx, char *file) { SCEnter(); char tname[12]; uint16_t cpu = 0; /* Available cpus */ uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); RunModeInitialize(); SCLogDebug("file %s", file); TimeModeSetOffline(); /* create the threads */ ThreadVars *tv = TmThreadCreatePacketHandler("ReceivePcapFile","packetpool","packetpool","pickup-queue","simple","varslot"); if (tv == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePcap\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,file); tm_module = TmModuleGetByName("DecodePcapFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePcap failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv, PRIO_MEDIUM); } if (TmThreadSpawn(tv) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } /* start with cpu 1 so that if we're creating an odd number of detect * threads we're not creating the most on CPU0. */ if (ncpus > 0) cpu = 1; /* always create at least one thread */ int thread_max = ncpus * threading_detect_ratio; if (thread_max < 1) thread_max = 1; int thread; for (thread = 0; thread < thread_max; thread++) { snprintf(tname, sizeof(tname),"Detect%"PRIu16, thread+1); if (tname == NULL) break; char *thread_name = SCStrdup(tname); SCLogDebug("Assigning %s affinity to cpu %u", thread_name, cpu); ThreadVars *tv_detect_ncpu = TmThreadCreatePacketHandler(thread_name,"pickup-queue","simple","alert-queue1","simple","1slot"); if (tv_detect_ncpu == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect_ncpu,tm_module,(void *)de_ctx); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_detect_ncpu, (int)cpu); /* If we have more than one core/cpu, the first Detect thread * (at cpu 0) will have less priority (higher 'nice' value) * In this case we will set the thread priority to +10 (default is 0) */ if (cpu == 0 && ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_LOW); } else if (ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_MEDIUM); } } char *thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect_ncpu->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_outputs, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_outputs, PRIO_MEDIUM); } if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** * \brief RunModeIpsIPFWAuto set up the following thread packet handlers: * - Receive thread (from IPFW) * - Decode thread * - Stream thread * - Detect: If we have only 1 cpu, it will setup one Detect thread * If we have more than one, it will setup num_cpus - 1 * starting from the second cpu available. * - Veredict thread (IPFW) * - Respond/Reject thread * - Outputs thread * By default the threads will use the first cpu available * except the Detection threads if we have more than one cpu * * \param de_ctx pointer to the Detection Engine * \retval 0 if all goes well. (If any problem is detected the engine will * exit()) */ int RunModeIpsIPFWAuto(DetectEngineCtx *de_ctx) { SCEnter(); char tname[12]; uint16_t cpu = 0; /* Available cpus */ uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); RunModeInitialize(); TimeModeSetLive(); /* create the threads */ ThreadVars *tv_receiveipfw = TmThreadCreatePacketHandler("ReceiveIPFW","packetpool","packetpool","pickup-queue","simple","1slot_noinout"); if (tv_receiveipfw == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceiveIPFW"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceiveIPFW\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receiveipfw,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_receiveipfw, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_receiveipfw, PRIO_MEDIUM); } if (TmThreadSpawn(tv_receiveipfw) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue","simple","decode-queue1","simple","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodeIPFW"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodeIPFW failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_decode1, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_decode1, PRIO_MEDIUM); } if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","stream-queue1","simple","1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_stream1, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_stream1, PRIO_MEDIUM); } if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } /* start with cpu 1 so that if we're creating an odd number of detect * threads we're not creating the most on CPU0. */ if (ncpus > 0) cpu = 1; /* always create at least one thread */ int thread_max = ncpus * threading_detect_ratio; if (thread_max < 1) thread_max = 1; int thread; for (thread = 0; thread < thread_max; thread++) { snprintf(tname, sizeof(tname),"Detect%"PRIu16, thread+1); if (tname == NULL) break; char *thread_name = SCStrdup(tname); SCLogDebug("Assigning %s affinity to cpu %u", thread_name, cpu); ThreadVars *tv_detect_ncpu = TmThreadCreatePacketHandler(thread_name,"stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect_ncpu == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect_ncpu,tm_module,(void *)de_ctx); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_detect_ncpu, (int)cpu); /* If we have more than one core/cpu, the first Detect thread * (at cpu 0) will have less priority (higher 'nice' value) * In this case we will set the thread priority to +10 (default is 0) */ if (cpu == 0 && ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_LOW); } else if (ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_MEDIUM); } } char *thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect_ncpu->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } if ((cpu + 1) == ncpus) cpu = 0; else cpu++; } ThreadVars *tv_verdict = TmThreadCreatePacketHandler("Verdict","verdict-queue","simple","respond-queue","simple","1slot"); if (tv_verdict == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("VerdictIPFW"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName VerdictIPFW failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_verdict,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_verdict, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_verdict, PRIO_MEDIUM); } if (TmThreadSpawn(tv_verdict) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_rreject = TmThreadCreatePacketHandler("RespondReject","respond-queue","simple","alert-queue1","simple","1slot"); if (tv_rreject == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_rreject,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_rreject, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_rreject, PRIO_MEDIUM); } if (TmThreadSpawn(tv_rreject) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_outputs, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_outputs, PRIO_MEDIUM); } SetupOutputs(tv_outputs); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** * \brief RunModeIpsNFQAuto set up the following thread packet handlers: * - Receive thread (from NFQ) * - Decode thread * - Stream thread * - Detect: If we have only 1 cpu, it will setup one Detect thread * If we have more than one, it will setup num_cpus - 1 * starting from the second cpu available. * - Veredict thread (NFQ) * - Respond/Reject thread * - Outputs thread * By default the threads will use the first cpu available * except the Detection threads if we have more than one cpu * * \param de_ctx pointer to the Detection Engine * \param nfqid pointer to the netfilter queue id * \retval 0 if all goes well. (If any problem is detected the engine will * exit()) */ int RunModeIpsNFQAuto(DetectEngineCtx *de_ctx, char *nfq_id) { SCEnter(); char tname[12]; #if 0 uint16_t cpu = 0; #endif /* Available cpus */ uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); RunModeInitialize(); TimeModeSetLive(); /* create the threads */ /* receive nfq */ ThreadVars *tv_receivenfq = TmThreadCreatePacketHandler("ReceiveNFQ", "packetpool","packetpool","pickup-queue","simple","1slot_noinout"); if (tv_receivenfq == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceiveNFQ"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceiveNFQ\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivenfq,tm_module,nfq_id); TmThreadSetCPU(tv_receivenfq, RECEIVE_CPU_SET); if (TmThreadSpawn(tv_receivenfq) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } /* decode and stream */ ThreadVars *tv_decode = TmThreadCreatePacketHandler("Decode1", "pickup-queue","simple","decode-queue","simple","varslot"); if (tv_decode == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodeNFQ"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodeNFQ failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode,tm_module,NULL); tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode,tm_module,NULL); TmThreadSetCPU(tv_decode, DECODE_CPU_SET); if (TmThreadSpawn(tv_decode) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } #if 0 /* start with cpu 1 so that if we're creating an odd number of detect * threads we're not creating the most on CPU0. */ if (ncpus > 0) cpu = 1; #endif /* always create at least one thread */ int thread_max = ncpus * threading_detect_ratio; if (thread_max < 1) thread_max = 1; int thread; for (thread = 0; thread < thread_max; thread++) { snprintf(tname, sizeof(tname),"Detect%"PRIu16, thread+1); if (tname == NULL) break; char *thread_name = SCStrdup(tname); SCLogDebug("Assigning %s affinity", thread_name); ThreadVars *tv_detect_ncpu = TmThreadCreatePacketHandler(thread_name, "decode-queue","simple","verdict-queue","simple","1slot"); if (tv_detect_ncpu == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect_ncpu,tm_module,(void *)de_ctx); TmThreadSetCPU(tv_detect_ncpu, DETECT_CPU_SET); #if 0 /* If we have more than one core/cpu, the first Detect thread * (at cpu 0) will have less priority (higher 'nice' value) * In this case we will set the thread priority to +10 (default is 0) */ if (cpu == 0 && ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_LOW); } else if (ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_MEDIUM); } #endif char *thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect_ncpu->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } } ThreadVars *tv_verdict = TmThreadCreatePacketHandler("Verdict", "verdict-queue","simple","alert-queue","simple","varslot"); if (tv_verdict == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("VerdictNFQ"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName VerdictNFQ failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_verdict,tm_module,nfq_id); tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_verdict,tm_module,NULL); TmThreadSetCPU(tv_verdict, VERDICT_CPU_SET); if (TmThreadSpawn(tv_verdict) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue", "simple", "packetpool", "packetpool", "varslot"); TmThreadSetCPU(tv_outputs, OUTPUT_CPU_SET); SetupOutputs(tv_outputs); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** * \brief RunModeIdsPfringAuto set up the following thread packet handlers: * - Receive thread (from pfring) * - Decode thread * - Stream thread * - Detect: If we have only 1 cpu, it will setup one Detect thread * If we have more than one, it will setup num_cpus - 1 * starting from the second cpu available. * - Respond/Reject thread * - Outputs thread * By default the threads will use the first cpu available * except the Detection threads if we have more than one cpu * * \param de_ctx pointer to the Detection Engine * \param iface pointer to the name of the network interface to listen packets * \retval 0 if all goes well. (If any problem is detected the engine will * exit()) */ int RunModeIdsPfringAuto(DetectEngineCtx *de_ctx, char *iface) { SCEnter(); char tname[12]; uint16_t cpu = 0; /* Available cpus */ uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); RunModeInitialize(); TimeModeSetLive(); /* create the threads */ ThreadVars *tv_receivepfring = TmThreadCreatePacketHandler("ReceivePfring","packetpool","packetpool","pickup-queue1","simple","1slot"); if (tv_receivepfring == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceivePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceivePfring\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receivepfring,tm_module,(void *)iface); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_receivepfring, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_receivepfring, PRIO_MEDIUM); } if (TmThreadSpawn(tv_receivepfring) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode1","pickup-queue1","simple","decode-queue1","simple","1slot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodePfring"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodePfring failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_decode1,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_decode1, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_decode1, PRIO_MEDIUM); } if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_stream1 = TmThreadCreatePacketHandler("Stream1","decode-queue1","simple","stream-queue1","simple","1slot"); if (tv_stream1 == NULL) { printf("ERROR: TmThreadsCreate failed for Stream1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_stream1,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_stream1, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_stream1, PRIO_MEDIUM); } if (TmThreadSpawn(tv_stream1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } /* start with cpu 1 so that if we're creating an odd number of detect * threads we're not creating the most on CPU0. */ if (ncpus > 0) cpu = 1; /* always create at least one thread */ int thread_max = ncpus * threading_detect_ratio; if (thread_max < 1) thread_max = 1; int thread; for (thread = 0; thread < thread_max; thread++) { snprintf(tname, sizeof(tname),"Detect%"PRIu16, thread+1); if (tname == NULL) break; char *thread_name = SCStrdup(tname); SCLogDebug("Assigning %s affinity to cpu %u", thread_name, cpu); ThreadVars *tv_detect_ncpu = TmThreadCreatePacketHandler(thread_name,"stream-queue1","simple","verdict-queue","simple","1slot"); if (tv_detect_ncpu == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect_ncpu,tm_module,(void *)de_ctx); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_detect_ncpu, (int)cpu); /* If we have more than one core/cpu, the first Detect thread * (at cpu 0) will have less priority (higher 'nice' value) * In this case we will set the thread priority to +10 (default is 0) */ if (cpu == 0 && ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_LOW); } else if (ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_MEDIUM); } } char *thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect_ncpu->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } if ((cpu + 1) == ncpus) cpu = 0; else cpu++; } ThreadVars *tv_rreject = TmThreadCreatePacketHandler("RespondReject","verdict-queue","simple","alert-queue1","simple","1slot"); if (tv_rreject == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("RespondReject"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName for RespondReject failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_rreject,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_rreject, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_rreject, PRIO_MEDIUM); } if (TmThreadSpawn(tv_rreject) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_outputs, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_outputs, PRIO_MEDIUM); } SetupOutputs(tv_outputs); if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } int RunModeErfFileAuto(DetectEngineCtx *de_ctx, char *file) { SCEnter(); char tname[12]; uint16_t cpu = 0; /* Available cpus */ uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); RunModeInitialize(); SCLogDebug("file %s", file); TimeModeSetOffline(); /* create the threads */ ThreadVars *tv_receiveerf = TmThreadCreatePacketHandler("ReceiveErfFile", "packetpool","packetpool","pickup-queue","simple","1slot"); if (tv_receiveerf == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceiveErfFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceiveErfFile\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receiveerf, tm_module, file); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_receiveerf, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_receiveerf, PRIO_MEDIUM); } if (TmThreadSpawn(tv_receiveerf) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode & Stream", "pickup-queue","simple","stream-queue1","simple","varslot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodeErfFile"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodeErfFile failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_decode1, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_decode1, PRIO_MEDIUM); } if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } /* start with cpu 1 so that if we're creating an odd number of detect * threads we're not creating the most on CPU0. */ if (ncpus > 0) cpu = 1; /* always create at least one thread */ int thread_max = ncpus * threading_detect_ratio; if (thread_max < 1) thread_max = 1; int thread; for (thread = 0; thread < thread_max; thread++) { snprintf(tname, sizeof(tname),"Detect%"PRIu16, thread+1); if (tname == NULL) break; char *thread_name = SCStrdup(tname); SCLogDebug("Assigning %s affinity to cpu %u", thread_name, cpu); ThreadVars *tv_detect_ncpu = TmThreadCreatePacketHandler(thread_name,"stream-queue1","simple","alert-queue1","simple","1slot"); if (tv_detect_ncpu == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect_ncpu,tm_module,(void *)de_ctx); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_detect_ncpu, (int)cpu); /* If we have more than one core/cpu, the first Detect thread * (at cpu 0) will have less priority (higher 'nice' value) * In this case we will set the thread priority to +10 (default is 0) */ if (cpu == 0 && ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_LOW); } else if (ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_MEDIUM); } } char *thread_group_name = SCStrdup("Detect"); if (thread_group_name == NULL) { printf("Error allocating memory\n"); exit(EXIT_FAILURE); } tv_detect_ncpu->thread_group_name = thread_group_name; if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } if ((cpu + 1) == ncpus) cpu = 0; else cpu++; } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_outputs, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_outputs, PRIO_MEDIUM); } if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; } /** * * \brief Sets up support for reading from a DAG card. * * \param de_ctx * \param file * \notes Currently only supports a single interface. */ int RunModeErfDagAuto(DetectEngineCtx *de_ctx, char *file) { SCEnter(); char tname[12]; uint16_t cpu = 0; /* Available cpus */ uint16_t ncpus = UtilCpuGetNumProcessorsOnline(); RunModeInitialize(); SCLogDebug("file %s", file); TimeModeSetOffline(); /* @TODO/JNM: We need to create a separate processing pipeliine for each * interface supported by the */ ThreadVars *tv_receiveerf = TmThreadCreatePacketHandler("ReceiveErfDag", "packetpool","packetpool", "pickup-queue","simple", "1slot"); if (tv_receiveerf == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } TmModule *tm_module = TmModuleGetByName("ReceiveErfDag"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName failed for ReceiveErfDag\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_receiveerf, tm_module, file); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_receiveerf, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_receiveerf, PRIO_MEDIUM); } if (TmThreadSpawn(tv_receiveerf) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } ThreadVars *tv_decode1 = TmThreadCreatePacketHandler("Decode & Stream", "pickup-queue","simple", "stream-queue1","simple", "varslot"); if (tv_decode1 == NULL) { printf("ERROR: TmThreadsCreate failed for Decode1\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("DecodeErfDag"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName DecodeErfDag failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); tm_module = TmModuleGetByName("StreamTcp"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName StreamTcp failed\n"); exit(EXIT_FAILURE); } TmVarSlotSetFuncAppend(tv_decode1,tm_module,NULL); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_decode1, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_decode1, PRIO_MEDIUM); } if (TmThreadSpawn(tv_decode1) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } /* start with cpu 1 so that if we're creating an odd number of detect * threads we're not creating the most on CPU0. */ if (ncpus > 0) cpu = 1; /* always create at least one thread */ int thread_max = ncpus * threading_detect_ratio; if (thread_max < 1) thread_max = 1; int thread; for (thread = 0; thread < thread_max; thread++) { snprintf(tname, sizeof(tname),"Detect%"PRIu16, thread+1); if (tname == NULL) break; char *thread_name = SCStrdup(tname); SCLogDebug("Assigning %s affinity to cpu %u", thread_name, cpu); ThreadVars *tv_detect_ncpu = TmThreadCreatePacketHandler(thread_name, "stream-queue1","simple", "alert-queue1","simple", "1slot"); if (tv_detect_ncpu == NULL) { printf("ERROR: TmThreadsCreate failed\n"); exit(EXIT_FAILURE); } tm_module = TmModuleGetByName("Detect"); if (tm_module == NULL) { printf("ERROR: TmModuleGetByName Detect failed\n"); exit(EXIT_FAILURE); } Tm1SlotSetFunc(tv_detect_ncpu,tm_module,(void *)de_ctx); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_detect_ncpu, (int)cpu); /* If we have more than one core/cpu, the first Detect thread * (at cpu 0) will have less priority (higher 'nice' value) * In this case we will set the thread priority to +10 (default is 0) */ if (cpu == 0 && ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_LOW); } else if (ncpus > 1) { TmThreadSetThreadPriority(tv_detect_ncpu, PRIO_MEDIUM); } } if (TmThreadSpawn(tv_detect_ncpu) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } } ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); SetupOutputs(tv_outputs); if (threading_set_cpu_affinity) { TmThreadSetCPUAffinity(tv_outputs, 0); if (ncpus > 1) TmThreadSetThreadPriority(tv_outputs, PRIO_MEDIUM); } if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } return 0; }