suricata.8.0.0/source_8c_source.html

/* Copyright (C) 2024 Open Information Security Foundation

 *

 * You can copy, redistribute or modify this Program under the terms of

 * the GNU General Public License version 2 as published by the Free

 * Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * version 2 along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

 * 02110-1301, USA.

 */


#include "suricata.h"

#include "threadvars.h"

#include "tm-modules.h"

#include "tm-threads-common.h"

#include "tm-threads.h"

#include "packet.h"


#include "source.h"


/* DNS request for suricata.io. */

static const unsigned char DNS_REQUEST[94] = {

    0xa0, 0x36, 0x9f, 0x4c, 0x4c, 0x28, 0x50, 0xeb, /* .6.LL(P. */

    0xf6, 0x7d, 0xea, 0x54, 0x08, 0x00, 0x45, 0x00, /* .}.T..E. */

    0x00, 0x50, 0x19, 0xae, 0x00, 0x00, 0x40, 0x11, /* .P....@. */

    0x4a, 0xc4, 0x0a, 0x10, 0x01, 0x0b, 0x0a, 0x10, /* J....... */

    0x01, 0x01, 0x95, 0x97, 0x00, 0x35, 0x00, 0x3c, /* .....5.< */

    0x90, 0x6e, 0xdb, 0x12, 0x01, 0x20, 0x00, 0x01, /* .n... .. */

    0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x73, /* .......s */

    0x75, 0x72, 0x69, 0x63, 0x61, 0x74, 0x61, 0x02, /* uricata. */

    0x69, 0x6f, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, /* io...... */

    0x00, 0x29, 0x04, 0xd0, 0x00, 0x00, 0x00, 0x00, /* .)...... */

    0x00, 0x0c, 0x00, 0x0a, 0x00, 0x08, 0x88, 0x51, /* .......Q */

    0x20, 0xaf, 0x46, 0xc5, 0xdc, 0xce              /*  .F... */

};


static TmEcode ReceiveThreadInit(ThreadVars *tv, const void *initdata, void **data)

{

    SCLogNotice("...");

    return TM_ECODE_OK;

}


static TmEcode ReceiveThreadDeinit(ThreadVars *tv, void *data)

{

    SCLogNotice("...");

    return TM_ECODE_OK;

}


static TmEcode ReceiveLoop(ThreadVars *tv, void *data, void *slot)

{

    SCLogNotice("...");


    if (suricata_ctl_flags & SURICATA_STOP) {

        SCReturnInt(TM_ECODE_OK);

    }


    TmSlot *s = ((TmSlot *)slot)->slot_next;


    /* Notify we are running and processing packets. */

    TmThreadsSetFlag(tv, THV_RUNNING);


    PacketPoolWait();

    Packet *p = PacketGetFromQueueOrAlloc();

    if (unlikely(p == NULL)) {

        return TM_ECODE_FAILED;

    }

    SCPacketSetSource(p, PKT_SRC_WIRE);

    struct timeval now;

    gettimeofday(&now, NULL);

    SCPacketSetTime(p, SCTIME_FROM_TIMEVAL(&now));

    SCPacketSetDatalink(p, LINKTYPE_ETHERNET);

    p->flags |= PKT_IGNORE_CHECKSUM;


    if (unlikely(PacketCopyData(p, DNS_REQUEST, sizeof(DNS_REQUEST)) != 0)) {

        TmqhOutputPacketpool(tv, p);

        return TM_ECODE_FAILED;

    }


    if (TmThreadsSlotProcessPkt(tv, s, p) != TM_ECODE_OK) {

        return TM_ECODE_FAILED;

    }


    EngineStop();

    return TM_ECODE_DONE;

}


static void ReceiveThreadExitPrintStats(ThreadVars *tv, void *data)

{

    SCLogNotice("...");

}


static TmEcode DecodeThreadInit(ThreadVars *tv, const void *initdata, void **data)

{

    SCLogNotice("...");


    DecodeThreadVars *dtv = DecodeThreadVarsAlloc(tv);

    if (dtv == NULL) {

        SCReturnInt(TM_ECODE_FAILED);

    }

    DecodeRegisterPerfCounters(dtv, tv);

    *data = (void *)dtv;


    return TM_ECODE_OK;

}


static TmEcode DecodeThreadDeinit(ThreadVars *tv, void *data)

{

    SCLogNotice("...");


    if (data != NULL) {

        DecodeThreadVarsFree(tv, data);

    }

    SCReturnInt(TM_ECODE_OK);


    return TM_ECODE_OK;

}


static TmEcode Decode(ThreadVars *tv, Packet *p, void *data)

{

    SCLogNotice("...");


    DecodeLinkLayer(tv, data, p->datalink, p, GET_PKT_DATA(p), GET_PKT_LEN(p));


    return TM_ECODE_OK;

}


void TmModuleReceiveCiCaptureRegister(int slot)

{

    tmm_modules[slot].name = "ReceiveCiCapture";

    tmm_modules[slot].ThreadInit = ReceiveThreadInit;

    tmm_modules[slot].Func = NULL;

    tmm_modules[slot].PktAcqLoop = ReceiveLoop;

    tmm_modules[slot].PktAcqBreakLoop = NULL;

    tmm_modules[slot].ThreadExitPrintStats = ReceiveThreadExitPrintStats;

    tmm_modules[slot].ThreadDeinit = ReceiveThreadDeinit;

    tmm_modules[slot].cap_flags = 0;

    tmm_modules[slot].flags = TM_FLAG_RECEIVE_TM;

}


void TmModuleDecodeCiCaptureRegister(int slot)

{

    tmm_modules[slot].name = "DecodeCiCapture";

    tmm_modules[slot].ThreadInit = DecodeThreadInit;

    tmm_modules[slot].Func = Decode;

    tmm_modules[slot].ThreadExitPrintStats = NULL;

    tmm_modules[slot].ThreadDeinit = DecodeThreadDeinit;

    tmm_modules[slot].cap_flags = 0;

    tmm_modules[slot].flags = TM_FLAG_DECODE_TM;

}


GET_PKT_DATA
#define GET_PKT_DATA(p)
Definition decode.h:209

GET_PKT_LEN
#define GET_PKT_LEN(p)
Definition decode.h:208

PKT_SRC_WIRE
@ PKT_SRC_WIRE
Definition decode.h:52

PKT_IGNORE_CHECKSUM
#define PKT_IGNORE_CHECKSUM
Definition decode.h:1282

dtv
DecodeThreadVars * dtv
Definition fuzz_decodepcapfile.c:33

tv
ThreadVars * tv
Definition fuzz_decodepcapfile.c:32

PacketGetFromQueueOrAlloc
Packet * PacketGetFromQueueOrAlloc(void)
Get a packet. We try to get a packet from the packetpool first, but if that is empty we alloc a packe...
Definition decode.c:293

DecodeRegisterPerfCounters
void DecodeRegisterPerfCounters(DecodeThreadVars *dtv, ThreadVars *tv)
Definition decode.c:628

DecodeThreadVarsAlloc
DecodeThreadVars * DecodeThreadVarsAlloc(ThreadVars *tv)
Alloc and setup DecodeThreadVars.
Definition decode.c:804

DecodeThreadVarsFree
void DecodeThreadVarsFree(ThreadVars *tv, DecodeThreadVars *dtv)
Definition decode.c:822

PacketCopyData
int PacketCopyData(Packet *p, const uint8_t *pktdata, uint32_t pktlen)
Copy data to Packet payload and set packet length.
Definition decode.c:377

SCPacketSetTime
void SCPacketSetTime(Packet *p, SCTime_t ts)
Set the timestamp for a packet.
Definition packet.c:187

SCPacketSetSource
void SCPacketSetSource(Packet *p, enum PktSrcEnum source)
Set packet source.
Definition packet.c:192

SCPacketSetDatalink
void SCPacketSetDatalink(Packet *p, int datalink)
Set a packets data link type.
Definition packet.c:182

packet.h

TmModuleDecodeCiCaptureRegister
void TmModuleDecodeCiCaptureRegister(int slot)
Definition source.c:146

TmModuleReceiveCiCaptureRegister
void TmModuleReceiveCiCaptureRegister(int slot)
Definition source.c:133

source.h

DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition decode.h:963

Packet_
Definition decode.h:501

Packet_::datalink
int datalink
Definition decode.h:639

Packet_::flags
uint32_t flags
Definition decode.h:544

ThreadVars_
Per thread variable structure.
Definition threadvars.h:58

TmModule_::name
const char * name
Definition tm-modules.h:48

TmModule_::ThreadDeinit
TmEcode(* ThreadDeinit)(ThreadVars *, void *)
Definition tm-modules.h:53

TmModule_::ThreadExitPrintStats
void(* ThreadExitPrintStats)(ThreadVars *, void *)
Definition tm-modules.h:52

TmModule_::PktAcqBreakLoop
TmEcode(* PktAcqBreakLoop)(ThreadVars *, void *)
Definition tm-modules.h:61

TmModule_::cap_flags
uint8_t cap_flags
Definition tm-modules.h:77

TmModule_::Func
TmEcode(* Func)(ThreadVars *, Packet *, void *)
Definition tm-modules.h:56

TmModule_::PktAcqLoop
TmEcode(* PktAcqLoop)(ThreadVars *, void *, void *)
Definition tm-modules.h:58

TmModule_::flags
uint8_t flags
Definition tm-modules.h:80

TmModule_::ThreadInit
TmEcode(* ThreadInit)(ThreadVars *, const void *, void **)
Definition tm-modules.h:51

TmSlot_
Definition tm-threads.h:53

TmSlot_::slot_next
struct TmSlot_ * slot_next
Definition tm-threads.h:62

suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition suricata.c:172

EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition suricata.c:470

suricata.h

SURICATA_STOP
#define SURICATA_STOP
Definition suricata.h:94

threadvars.h

THV_RUNNING
#define THV_RUNNING
Definition threadvars.h:55

tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition tm-modules.c:29

tm-modules.h

TM_FLAG_RECEIVE_TM
#define TM_FLAG_RECEIVE_TM
Definition tm-modules.h:32

TM_FLAG_DECODE_TM
#define TM_FLAG_DECODE_TM
Definition tm-modules.h:33

tm-threads-common.h

TmEcode
TmEcode
Definition tm-threads-common.h:80

TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition tm-threads-common.h:82

TM_ECODE_OK
@ TM_ECODE_OK
Definition tm-threads-common.h:81

TM_ECODE_DONE
@ TM_ECODE_DONE
Definition tm-threads-common.h:83

TmThreadsSetFlag
void TmThreadsSetFlag(ThreadVars *tv, uint32_t flag)
Set a thread flag.
Definition tm-threads.c:101

tm-threads.h

PacketPoolWait
void PacketPoolWait(void)
Definition tmqh-packetpool.c:71

TmqhOutputPacketpool
void TmqhOutputPacketpool(ThreadVars *t, Packet *p)
Definition tmqh-packetpool.c:305

LINKTYPE_ETHERNET
#define LINKTYPE_ETHERNET
Definition util-datalink.h:48

SCReturnInt
#define SCReturnInt(x)
Definition util-debug.h:281

SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition util-debug.h:243

unlikely
#define unlikely(expr)
Definition util-optimize.h:35

SCTIME_FROM_TIMEVAL
#define SCTIME_FROM_TIMEVAL(tv)
Definition util-time.h:79