Feature #39 » 0003-configurable-outputs-for-nfq-and-pcap-file.patch
| src/runmodes.c | ||
|---|---|---|
|
return 0;
|
||
|
}
|
||
|
int RunModeIpsNFQ(DetectEngineCtx *de_ctx, LogFileCtx *af_logfile_ctx, LogFileCtx *ad_logfile_ctx, LogFileCtx *lh_logfile_ctx, LogFileCtx *aul_logfile_ctx, LogFileCtx *aua_logfile_ctx, LogFileCtx *au2a_logfile_ctx) {
|
||
|
int RunModeIpsNFQ(DetectEngineCtx *de_ctx) {
|
||
|
TimeModeSetLive();
|
||
|
/* create the threads */
|
||
| ... | ... | |
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_alert = TmThreadCreatePacketHandler("AlertFastlog&Httplog","alert-queue1","simple","alert-queue2","simple","varslot");
|
||
|
if (tv_alert == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertFastlog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertFastlog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_alert, tm_module, af_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("LogHttplog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_alert, tm_module, lh_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_alert) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_unified = TmThreadCreatePacketHandler("AlertUnifiedLog","alert-queue2","simple","alert-queue3","simple","varslot");
|
||
|
if (tv_unified == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedLog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_unified, tm_module, aul_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedAlert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_unified, tm_module, aua_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_unified) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_unified2 = TmThreadCreatePacketHandler("Unified2Alert","alert-queue3","simple","alert-queue4","simple","1slot");
|
||
|
if (tv_unified2 == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("Unified2Alert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
Tm1SlotSetFunc(tv_unified2,tm_module,au2a_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_unified2) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_debugalert = TmThreadCreatePacketHandler("AlertDebuglog","alert-queue4","simple","packetpool","packetpool","1slot");
|
||
|
if (tv_debugalert == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertDebuglog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
Tm1SlotSetFunc(tv_debugalert,tm_module, ad_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_debugalert) != TM_ECODE_OK) {
|
||
|
ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs",
|
||
|
"alert-queue1", "simple", "packetpool", "packetpool", "varslot");
|
||
|
SetupOutputs(tv_outputs);
|
||
|
if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
| ... | ... | |
|
return 0;
|
||
|
}
|
||
|
int RunModeFilePcap(DetectEngineCtx *de_ctx, char *file, LogFileCtx *af_logfile_ctx, LogFileCtx *ad_logfile_ctx, LogFileCtx *lh_logfile_ctx, LogFileCtx *aul_logfile_ctx, LogFileCtx *aua_logfile_ctx, LogFileCtx *au2a_logfile_ctx) {
|
||
|
int RunModeFilePcap(DetectEngineCtx *de_ctx, char *file) {
|
||
|
printf("RunModeFilePcap: file %s\n", file);
|
||
|
TimeModeSetOffline();
|
||
| ... | ... | |
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_alert = TmThreadCreatePacketHandler("AlertFastlog&Httplog","alert-queue1","simple","alert-queue2","simple","varslot");
|
||
|
if (tv_alert == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertFastlog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertFastlog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_alert,tm_module,af_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("LogHttplog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_alert,tm_module, lh_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_alert) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_unified = TmThreadCreatePacketHandler("AlertUnifiedLog","alert-queue2","simple","alert-queue3","simple","varslot");
|
||
|
if (tv_unified == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedLog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_unified,tm_module,aul_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedAlert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_unified,tm_module,aua_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_unified) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_unified2 = TmThreadCreatePacketHandler("Unified2Alert","alert-queue3","simple","alert-queue4","simple","1slot");
|
||
|
if (tv_unified2 == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("Unified2Alert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for Unified2Alert failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
Tm1SlotSetFunc(tv_unified2,tm_module,au2a_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_unified2) != TM_ECODE_OK) {
|
||
|
ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs",
|
||
|
"alert-queue1", "simple", "packetpool", "packetpool", "varslot");
|
||
|
SetupOutputs(tv_outputs);
|
||
|
if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_debugalert = TmThreadCreatePacketHandler("AlertDebuglog","alert-queue4","simple","packetpool","packetpool","1slot");
|
||
|
if (tv_debugalert == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertDebuglog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
Tm1SlotSetFunc(tv_debugalert,tm_module, ad_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_debugalert) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
return 0;
|
||
|
}
|
||
|
/**
|
||
|
* \brief Single thread version of the Pcap file processing.
|
||
|
*/
|
||
|
int RunModeFilePcap2(DetectEngineCtx *de_ctx, char *file, LogFileCtx *af_logfile_ctx, LogFileCtx *ad_logfile_ctx, LogFileCtx *lh_logfile_ctx, LogFileCtx *aul_logfile_ctx, LogFileCtx *aua_logfile_ctx, LogFileCtx *au2a_logfile_ctx) {
|
||
|
int RunModeFilePcap2(DetectEngineCtx *de_ctx, char *file) {
|
||
|
printf("RunModeFilePcap2: file %s\n", file);
|
||
|
TimeModeSetOffline();
|
||
| ... | ... | |
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,(void *)de_ctx);
|
||
|
tm_module = TmModuleGetByName("AlertFastlog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertFastlog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,af_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("LogHttplog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module, lh_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedLog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,aul_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedAlert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,aua_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("Unified2Alert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for Unified2Alert failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,au2a_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("AlertDebuglog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module, ad_logfile_ctx);
|
||
|
SetupOutputs(tv);
|
||
|
if (TmThreadSpawn(tv) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
| src/runmodes.h | ||
|---|---|---|
|
int RunModeIdsPcap2(DetectEngineCtx *, char *);
|
||
|
int RunModeIdsPcap3(DetectEngineCtx *, char *);
|
||
|
int RunModeIpsNFQ(DetectEngineCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *);
|
||
|
int RunModeIpsNFQ(DetectEngineCtx *);
|
||
|
int RunModeFilePcap(DetectEngineCtx *, char *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *);
|
||
|
int RunModeFilePcap2(DetectEngineCtx *, char *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *);
|
||
|
int RunModeFilePcap(DetectEngineCtx *, char *);
|
||
|
int RunModeFilePcap2(DetectEngineCtx *, char *);
|
||
|
int RunModeIdsPfring(DetectEngineCtx *, char *);
|
||
|
int RunModeIdsPfring2(DetectEngineCtx *, char *);
|
||
| src/suricata.c | ||
|---|---|---|
|
SCClassConfLoadClassficationConfigFile(de_ctx);
|
||
|
/* Logging/alerting contexts. Eventually this won't be needed. */
|
||
|
LogFileCtx *af_logfile_ctx = NULL; /* AlertFastlog */
|
||
|
LogFileCtx *ad_logfile_ctx = NULL; /* AlertDebuglog */
|
||
|
LogFileCtx *lh_logfile_ctx = NULL; /* LogHttplog */
|
||
|
LogFileCtx *aul_logfile_ctx = NULL; /* AlertUnifiedLog */
|
||
|
LogFileCtx *aua_logfile_ctx = NULL; /* AlertUnifiedAlert */
|
||
|
LogFileCtx *au2a_logfile_ctx = NULL; /* Unified2Alert */
|
||
|
if (SigLoadSignatures(de_ctx, sig_file) < 0) {
|
||
|
if (sig_file == NULL) {
|
||
|
SCLogError(SC_ERR_OPENING_FILE, "Signature file has not been provided");
|
||
| ... | ... | |
|
//RunModeIdsPcap(de_ctx, pcap_dev);
|
||
|
}
|
||
|
else if (mode == MODE_PCAP_FILE) {
|
||
|
af_logfile_ctx = AlertFastlogInitCtx(NULL);
|
||
|
ad_logfile_ctx = AlertDebuglogInitCtx(NULL);
|
||
|
lh_logfile_ctx = LogHttplogInitCtx(NULL);
|
||
|
aul_logfile_ctx = AlertUnifiedLogInitCtx(NULL);
|
||
|
aua_logfile_ctx = AlertUnifiedAlertInitCtx(NULL);
|
||
|
au2a_logfile_ctx = Unified2AlertInitCtx(NULL);
|
||
|
RunModeFilePcap(de_ctx, pcap_file, af_logfile_ctx, ad_logfile_ctx, lh_logfile_ctx, aul_logfile_ctx, aua_logfile_ctx, au2a_logfile_ctx);
|
||
|
//RunModeFilePcap2(de_ctx, pcap_file, af_logfile_ctx, ad_logfile_ctx, lh_logfile_ctx, aul_logfile_ctx, aua_logfile_ctx, au2a_logfile_ctx);
|
||
|
RunModeFilePcap(de_ctx, pcap_file);
|
||
|
//RunModeFilePcap2(de_ctx, pcap_file);
|
||
|
}
|
||
|
else if (mode == MODE_PFRING) {
|
||
|
//RunModeIdsPfring3(de_ctx, pfring_dev);
|
||
| ... | ... | |
|
RunModeIdsPfring(de_ctx, pfring_dev);
|
||
|
}
|
||
|
else if (mode == MODE_NFQ) {
|
||
|
af_logfile_ctx = AlertFastlogInitCtx(NULL);
|
||
|
ad_logfile_ctx = AlertDebuglogInitCtx(NULL);
|
||
|
lh_logfile_ctx = LogHttplogInitCtx(NULL);
|
||
|
aul_logfile_ctx = AlertUnifiedLogInitCtx(NULL);
|
||
|
aua_logfile_ctx = AlertUnifiedAlertInitCtx(NULL);
|
||
|
au2a_logfile_ctx = Unified2AlertInitCtx(NULL);
|
||
|
RunModeIpsNFQ(de_ctx, af_logfile_ctx, ad_logfile_ctx, lh_logfile_ctx, aul_logfile_ctx, aua_logfile_ctx, au2a_logfile_ctx);
|
||
|
RunModeIpsNFQ(de_ctx);
|
||
|
}
|
||
|
else {
|
||
|
printf("ERROR: Unknown runtime mode.\n");
|
||
| ... | ... | |
|
RunModeShutDown();
|
||
|
/* Remove when all run modes use the configuration file for output
|
||
|
* configuration. LogFileFreeCtx accepts NULL. */
|
||
|
LogFileFreeCtx(af_logfile_ctx);
|
||
|
LogFileFreeCtx(lh_logfile_ctx);
|
||
|
LogFileFreeCtx(ad_logfile_ctx);
|
||
|
LogFileFreeCtx(aul_logfile_ctx);
|
||
|
LogFileFreeCtx(aua_logfile_ctx);
|
||
|
LogFileFreeCtx(au2a_logfile_ctx);
|
||
|
exit(EXIT_SUCCESS);
|
||
|
}
|
||
- « Previous
- 1
- 2
- 3
- 4
- Next »