Feature #39 » 0002-Configurable-alert-outputs-for-PF_RING-modes.patch
| src/runmodes.c | ||
|---|---|---|
|
return 0;
|
||
|
}
|
||
|
int RunModeIdsPfring(DetectEngineCtx *de_ctx, char *iface, LogFileCtx *af_logfile_ctx, LogFileCtx *ad_logfile_ctx, LogFileCtx *lh_logfile_ctx, LogFileCtx *aul_logfile_ctx, LogFileCtx *aua_logfile_ctx, LogFileCtx *au2a_logfile_ctx) {
|
||
|
int RunModeIdsPfring(DetectEngineCtx *de_ctx, char *iface) {
|
||
|
TimeModeSetLive();
|
||
|
/* create the threads */
|
||
| ... | ... | |
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_alert = TmThreadCreatePacketHandler("AlertFastlog&Httplog","alert-queue1","simple","alert-queue2","simple","varslot");
|
||
|
if (tv_alert == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertFastlog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertFastlog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_alert, tm_module, af_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("LogHttplog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_alert, tm_module, lh_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_alert) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_unified = TmThreadCreatePacketHandler("AlertUnifiedLog","alert-queue2","simple","alert-queue3","simple","varslot");
|
||
|
if (tv_unified == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedLog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_unified, tm_module, aul_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedAlert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_unified, tm_module, aua_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_unified) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_debugalert = TmThreadCreatePacketHandler("AlertDebuglog","alert-queue3","simple","packetpool","packetpool","1slot");
|
||
|
if (tv_debugalert == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertDebuglog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
Tm1SlotSetFunc(tv_debugalert,tm_module,ad_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_debugalert) != TM_ECODE_OK) {
|
||
|
ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs",
|
||
|
"alert-queue1", "simple", "packetpool", "packetpool", "varslot");
|
||
|
SetupOutputs(tv_outputs);
|
||
|
if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
| ... | ... | |
|
}
|
||
|
/** \brief Live pfring mode with 4 stream tracking and reassembly threads, testing the flow queuehandler */
|
||
|
int RunModeIdsPfring2(DetectEngineCtx *de_ctx, char *iface, LogFileCtx *af_logfile_ctx, LogFileCtx *ad_logfile_ctx, LogFileCtx *lh_logfile_ctx, LogFileCtx *aul_logfile_ctx, LogFileCtx *aua_logfile_ctx, LogFileCtx *au2a_logfile_ctx) {
|
||
|
int RunModeIdsPfring2(DetectEngineCtx *de_ctx, char *iface) {
|
||
|
TimeModeSetLive();
|
||
|
/* create the threads */
|
||
| ... | ... | |
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_alert = TmThreadCreatePacketHandler("AlertFastlog&Httplog","alert-queue1","simple","alert-queue2","simple","varslot");
|
||
|
if (tv_alert == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertFastlog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertFastlog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_alert, tm_module, af_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("LogHttplog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_alert, tm_module, lh_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_alert) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_unified = TmThreadCreatePacketHandler("AlertUnifiedLog","alert-queue2","simple","alert-queue3","simple","varslot");
|
||
|
if (tv_unified == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedLog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_unified,tm_module,aul_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedAlert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv_unified,tm_module,aua_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_unified) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
ThreadVars *tv_debugalert = TmThreadCreatePacketHandler("AlertDebuglog","alert-queue3","simple","packetpool","packetpool","1slot");
|
||
|
if (tv_debugalert == NULL) {
|
||
|
printf("ERROR: TmThreadsCreate failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
tm_module = TmModuleGetByName("AlertDebuglog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
Tm1SlotSetFunc(tv_debugalert,tm_module,ad_logfile_ctx);
|
||
|
if (TmThreadSpawn(tv_debugalert) != TM_ECODE_OK) {
|
||
|
ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs",
|
||
|
"alert-queue1", "simple", "packetpool", "packetpool", "varslot");
|
||
|
SetupOutputs(tv_outputs);
|
||
|
if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) {
|
||
|
printf("ERROR: TmThreadSpawn failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
| ... | ... | |
|
return 0;
|
||
|
}
|
||
|
/** \brief Live pfring mode with 4 stream tracking and reassembly threads, testing the flow queuehandler */
|
||
|
int RunModeIdsPfring3(DetectEngineCtx *de_ctx, char *iface, LogFileCtx *af_logfile_ctx, LogFileCtx *ad_logfile_ctx, LogFileCtx *lh_logfile_ctx, LogFileCtx *aul_logfile_ctx, LogFileCtx *aua_logfile_ctx, LogFileCtx *au2a_logfile_ctx) {
|
||
|
int RunModeIdsPfring3(DetectEngineCtx *de_ctx, char *iface) {
|
||
|
TimeModeSetLive();
|
||
|
/* create the threads */
|
||
| ... | ... | |
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertFastlog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertFastlog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,af_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("LogHttplog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedLog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedAlert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertDebuglog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
SetupOutputs(tv);
|
||
|
TmThreadSetCPUAffinity(tv, 0);
|
||
| ... | ... | |
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertFastlog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertFastlog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("LogHttplog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,lh_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedLog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,aul_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedAlert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,aua_logfile_ctx);
|
||
|
tm_module = TmModuleGetByName("AlertDebuglog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
SetupOutputs(tv);
|
||
|
TmThreadSetCPUAffinity(tv, 0);
|
||
| ... | ... | |
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertFastlog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertFastlog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("LogHttplog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedLog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedAlert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertDebuglog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
SetupOutputs(tv);
|
||
|
TmThreadSetCPUAffinity(tv, 1);
|
||
| ... | ... | |
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertFastlog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertFastlog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("LogHttplog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedLog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertUnifiedAlert");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,NULL);
|
||
|
tm_module = TmModuleGetByName("AlertDebuglog");
|
||
|
if (tm_module == NULL) {
|
||
|
printf("ERROR: TmModuleGetByName failed\n");
|
||
|
exit(EXIT_FAILURE);
|
||
|
}
|
||
|
TmVarSlotSetFuncAppend(tv,tm_module,ad_logfile_ctx);
|
||
|
SetupOutputs(tv);
|
||
|
TmThreadSetCPUAffinity(tv, 1);
|
||
| src/runmodes.h | ||
|---|---|---|
|
int RunModeFilePcap(DetectEngineCtx *, char *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *);
|
||
|
int RunModeFilePcap2(DetectEngineCtx *, char *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *);
|
||
|
int RunModeIdsPfring(DetectEngineCtx *, char *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *);
|
||
|
int RunModeIdsPfring2(DetectEngineCtx *, char *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *);
|
||
|
int RunModeIdsPfring3(DetectEngineCtx *, char *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *);
|
||
|
int RunModeIdsPfring(DetectEngineCtx *, char *);
|
||
|
int RunModeIdsPfring2(DetectEngineCtx *, char *);
|
||
|
int RunModeIdsPfring3(DetectEngineCtx *, char *);
|
||
|
void RunModeShutDown(void);
|
||
| src/suricata.c | ||
|---|---|---|
|
gettimeofday(&start_time, NULL);
|
||
|
if (mode == MODE_PCAP_DEV) {
|
||
|
RunModeIdsPcap3(de_ctx, pcap_dev);
|
||
|
//RunModeIdsPcap2(de_ctx, pcap_dev);
|
||
|
//RunModeIdsPcap3(de_ctx, pcap_dev);
|
||
|
RunModeIdsPcap2(de_ctx, pcap_dev);
|
||
|
//RunModeIdsPcap(de_ctx, pcap_dev);
|
||
|
}
|
||
|
else if (mode == MODE_PCAP_FILE) {
|
||
| ... | ... | |
|
//RunModeFilePcap2(de_ctx, pcap_file, af_logfile_ctx, ad_logfile_ctx, lh_logfile_ctx, aul_logfile_ctx, aua_logfile_ctx, au2a_logfile_ctx);
|
||
|
}
|
||
|
else if (mode == MODE_PFRING) {
|
||
|
af_logfile_ctx = AlertFastlogInitCtx(NULL);
|
||
|
ad_logfile_ctx = AlertDebuglogInitCtx(NULL);
|
||
|
lh_logfile_ctx = LogHttplogInitCtx(NULL);
|
||
|
aul_logfile_ctx = AlertUnifiedLogInitCtx(NULL);
|
||
|
aua_logfile_ctx = AlertUnifiedAlertInitCtx(NULL);
|
||
|
au2a_logfile_ctx = Unified2AlertInitCtx(NULL);
|
||
|
//RunModeIdsPfring3(de_ctx, pfring_dev, af_logfile_ctx, ad_logfile_ctx, lh_logfile_ctx, aul_logfile_ctx, aua_logfile_ctx, au2a_logfile_ctx);
|
||
|
RunModeIdsPfring2(de_ctx, pfring_dev, af_logfile_ctx, ad_logfile_ctx, lh_logfile_ctx, aul_logfile_ctx, aua_logfile_ctx, au2a_logfile_ctx);
|
||
|
//RunModeIdsPfring(de_ctx, pfring_dev, af_logfile_ctx, ad_logfile_ctx, lh_logfile_ctx, aul_logfile_ctx, aua_logfile_ctx, au2a_logfile_ctx);
|
||
|
//RunModeIdsPfring3(de_ctx, pfring_dev);
|
||
|
RunModeIdsPfring2(de_ctx, pfring_dev);
|
||
|
RunModeIdsPfring(de_ctx, pfring_dev);
|
||
|
}
|
||
|
else if (mode == MODE_NFQ) {
|
||
|
af_logfile_ctx = AlertFastlogInitCtx(NULL);
|
||