From f2506980b86583742e482884aaef72d267305d83 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 6 Jan 2010 14:37:35 -0800 Subject: [PATCH 3/3] configurable outputs for nfq and pcap file. --- src/runmodes.c | 213 +++---------------------------------------------------- src/runmodes.h | 6 +- src/suricata.c | 35 +--------- 3 files changed, 18 insertions(+), 236 deletions(-) diff --git a/src/runmodes.c b/src/runmodes.c index b5a5a82..77a87ed 100644 --- a/src/runmodes.c +++ b/src/runmodes.c @@ -616,7 +616,7 @@ int RunModeIdsPcap3(DetectEngineCtx *de_ctx, char *iface) { return 0; } -int RunModeIpsNFQ(DetectEngineCtx *de_ctx, LogFileCtx *af_logfile_ctx, LogFileCtx *ad_logfile_ctx, LogFileCtx *lh_logfile_ctx, LogFileCtx *aul_logfile_ctx, LogFileCtx *aua_logfile_ctx, LogFileCtx *au2a_logfile_ctx) { +int RunModeIpsNFQ(DetectEngineCtx *de_ctx) { TimeModeSetLive(); /* create the threads */ @@ -739,85 +739,10 @@ int RunModeIpsNFQ(DetectEngineCtx *de_ctx, LogFileCtx *af_logfile_ctx, LogFileCt exit(EXIT_FAILURE); } - ThreadVars *tv_alert = TmThreadCreatePacketHandler("AlertFastlog&Httplog","alert-queue1","simple","alert-queue2","simple","varslot"); - if (tv_alert == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); - exit(EXIT_FAILURE); - } - tm_module = TmModuleGetByName("AlertFastlog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for AlertFastlog failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv_alert, tm_module, af_logfile_ctx); - - tm_module = TmModuleGetByName("LogHttplog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv_alert, tm_module, lh_logfile_ctx); - - if (TmThreadSpawn(tv_alert) != TM_ECODE_OK) { - printf("ERROR: TmThreadSpawn failed\n"); - exit(EXIT_FAILURE); - } - - ThreadVars *tv_unified = TmThreadCreatePacketHandler("AlertUnifiedLog","alert-queue2","simple","alert-queue3","simple","varslot"); - if (tv_unified == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); - exit(EXIT_FAILURE); - } - - tm_module = TmModuleGetByName("AlertUnifiedLog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv_unified, tm_module, aul_logfile_ctx); - - tm_module = TmModuleGetByName("AlertUnifiedAlert"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv_unified, tm_module, aua_logfile_ctx); - - if (TmThreadSpawn(tv_unified) != TM_ECODE_OK) { - printf("ERROR: TmThreadSpawn failed\n"); - exit(EXIT_FAILURE); - } - - ThreadVars *tv_unified2 = TmThreadCreatePacketHandler("Unified2Alert","alert-queue3","simple","alert-queue4","simple","1slot"); - if (tv_unified2 == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); - exit(EXIT_FAILURE); - } - tm_module = TmModuleGetByName("Unified2Alert"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); - exit(EXIT_FAILURE); - } - Tm1SlotSetFunc(tv_unified2,tm_module,au2a_logfile_ctx); - - if (TmThreadSpawn(tv_unified2) != TM_ECODE_OK) { - printf("ERROR: TmThreadSpawn failed\n"); - exit(EXIT_FAILURE); - } - - ThreadVars *tv_debugalert = TmThreadCreatePacketHandler("AlertDebuglog","alert-queue4","simple","packetpool","packetpool","1slot"); - if (tv_debugalert == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); - exit(EXIT_FAILURE); - } - tm_module = TmModuleGetByName("AlertDebuglog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); - exit(EXIT_FAILURE); - } - Tm1SlotSetFunc(tv_debugalert,tm_module, ad_logfile_ctx); - - if (TmThreadSpawn(tv_debugalert) != TM_ECODE_OK) { + ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", + "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); + SetupOutputs(tv_outputs); + if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } @@ -825,7 +750,7 @@ int RunModeIpsNFQ(DetectEngineCtx *de_ctx, LogFileCtx *af_logfile_ctx, LogFileCt return 0; } -int RunModeFilePcap(DetectEngineCtx *de_ctx, char *file, LogFileCtx *af_logfile_ctx, LogFileCtx *ad_logfile_ctx, LogFileCtx *lh_logfile_ctx, LogFileCtx *aul_logfile_ctx, LogFileCtx *aua_logfile_ctx, LogFileCtx *au2a_logfile_ctx) { +int RunModeFilePcap(DetectEngineCtx *de_ctx, char *file) { printf("RunModeFilePcap: file %s\n", file); TimeModeSetOffline(); @@ -917,96 +842,21 @@ int RunModeFilePcap(DetectEngineCtx *de_ctx, char *file, LogFileCtx *af_logfile_ exit(EXIT_FAILURE); } - ThreadVars *tv_alert = TmThreadCreatePacketHandler("AlertFastlog&Httplog","alert-queue1","simple","alert-queue2","simple","varslot"); - if (tv_alert == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); - exit(EXIT_FAILURE); - } - tm_module = TmModuleGetByName("AlertFastlog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for AlertFastlog failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv_alert,tm_module,af_logfile_ctx); - - tm_module = TmModuleGetByName("LogHttplog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv_alert,tm_module, lh_logfile_ctx); - - if (TmThreadSpawn(tv_alert) != TM_ECODE_OK) { - printf("ERROR: TmThreadSpawn failed\n"); - exit(EXIT_FAILURE); - } - - ThreadVars *tv_unified = TmThreadCreatePacketHandler("AlertUnifiedLog","alert-queue2","simple","alert-queue3","simple","varslot"); - if (tv_unified == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); - exit(EXIT_FAILURE); - } - - tm_module = TmModuleGetByName("AlertUnifiedLog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv_unified,tm_module,aul_logfile_ctx); - - tm_module = TmModuleGetByName("AlertUnifiedAlert"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv_unified,tm_module,aua_logfile_ctx); - - if (TmThreadSpawn(tv_unified) != TM_ECODE_OK) { - printf("ERROR: TmThreadSpawn failed\n"); - exit(EXIT_FAILURE); - } - - ThreadVars *tv_unified2 = TmThreadCreatePacketHandler("Unified2Alert","alert-queue3","simple","alert-queue4","simple","1slot"); - if (tv_unified2 == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); - exit(EXIT_FAILURE); - } - - tm_module = TmModuleGetByName("Unified2Alert"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for Unified2Alert failed\n"); - exit(EXIT_FAILURE); - } - Tm1SlotSetFunc(tv_unified2,tm_module,au2a_logfile_ctx); - - if (TmThreadSpawn(tv_unified2) != TM_ECODE_OK) { + ThreadVars *tv_outputs = TmThreadCreatePacketHandler("Outputs", + "alert-queue1", "simple", "packetpool", "packetpool", "varslot"); + SetupOutputs(tv_outputs); + if (TmThreadSpawn(tv_outputs) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); exit(EXIT_FAILURE); } - ThreadVars *tv_debugalert = TmThreadCreatePacketHandler("AlertDebuglog","alert-queue4","simple","packetpool","packetpool","1slot"); - if (tv_debugalert == NULL) { - printf("ERROR: TmThreadsCreate failed\n"); - exit(EXIT_FAILURE); - } - tm_module = TmModuleGetByName("AlertDebuglog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); - exit(EXIT_FAILURE); - } - Tm1SlotSetFunc(tv_debugalert,tm_module, ad_logfile_ctx); - - if (TmThreadSpawn(tv_debugalert) != TM_ECODE_OK) { - printf("ERROR: TmThreadSpawn failed\n"); - exit(EXIT_FAILURE); - } return 0; } /** * \brief Single thread version of the Pcap file processing. */ -int RunModeFilePcap2(DetectEngineCtx *de_ctx, char *file, LogFileCtx *af_logfile_ctx, LogFileCtx *ad_logfile_ctx, LogFileCtx *lh_logfile_ctx, LogFileCtx *aul_logfile_ctx, LogFileCtx *aua_logfile_ctx, LogFileCtx *au2a_logfile_ctx) { +int RunModeFilePcap2(DetectEngineCtx *de_ctx, char *file) { printf("RunModeFilePcap2: file %s\n", file); TimeModeSetOffline(); @@ -1045,46 +895,7 @@ int RunModeFilePcap2(DetectEngineCtx *de_ctx, char *file, LogFileCtx *af_logfile } TmVarSlotSetFuncAppend(tv,tm_module,(void *)de_ctx); - tm_module = TmModuleGetByName("AlertFastlog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for AlertFastlog failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv,tm_module,af_logfile_ctx); - - tm_module = TmModuleGetByName("LogHttplog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv,tm_module, lh_logfile_ctx); - - tm_module = TmModuleGetByName("AlertUnifiedLog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for AlertUnifiedLog failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv,tm_module,aul_logfile_ctx); - - tm_module = TmModuleGetByName("AlertUnifiedAlert"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for AlertUnifiedAlert failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv,tm_module,aua_logfile_ctx); - - tm_module = TmModuleGetByName("Unified2Alert"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName for Unified2Alert failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv,tm_module,au2a_logfile_ctx); - tm_module = TmModuleGetByName("AlertDebuglog"); - if (tm_module == NULL) { - printf("ERROR: TmModuleGetByName failed\n"); - exit(EXIT_FAILURE); - } - TmVarSlotSetFuncAppend(tv,tm_module, ad_logfile_ctx); + SetupOutputs(tv); if (TmThreadSpawn(tv) != TM_ECODE_OK) { printf("ERROR: TmThreadSpawn failed\n"); diff --git a/src/runmodes.h b/src/runmodes.h index 53d955f..f8d8a36 100644 --- a/src/runmodes.h +++ b/src/runmodes.h @@ -5,10 +5,10 @@ int RunModeIdsPcap(DetectEngineCtx *, char *); int RunModeIdsPcap2(DetectEngineCtx *, char *); int RunModeIdsPcap3(DetectEngineCtx *, char *); -int RunModeIpsNFQ(DetectEngineCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *); +int RunModeIpsNFQ(DetectEngineCtx *); -int RunModeFilePcap(DetectEngineCtx *, char *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *); -int RunModeFilePcap2(DetectEngineCtx *, char *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *, LogFileCtx *); +int RunModeFilePcap(DetectEngineCtx *, char *); +int RunModeFilePcap2(DetectEngineCtx *, char *); int RunModeIdsPfring(DetectEngineCtx *, char *); int RunModeIdsPfring2(DetectEngineCtx *, char *); diff --git a/src/suricata.c b/src/suricata.c index ab864a1..8e29974 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -624,14 +624,6 @@ int main(int argc, char **argv) SCClassConfLoadClassficationConfigFile(de_ctx); - /* Logging/alerting contexts. Eventually this won't be needed. */ - LogFileCtx *af_logfile_ctx = NULL; /* AlertFastlog */ - LogFileCtx *ad_logfile_ctx = NULL; /* AlertDebuglog */ - LogFileCtx *lh_logfile_ctx = NULL; /* LogHttplog */ - LogFileCtx *aul_logfile_ctx = NULL; /* AlertUnifiedLog */ - LogFileCtx *aua_logfile_ctx = NULL; /* AlertUnifiedAlert */ - LogFileCtx *au2a_logfile_ctx = NULL; /* Unified2Alert */ - if (SigLoadSignatures(de_ctx, sig_file) < 0) { if (sig_file == NULL) { SCLogError(SC_ERR_OPENING_FILE, "Signature file has not been provided"); @@ -652,14 +644,8 @@ int main(int argc, char **argv) //RunModeIdsPcap(de_ctx, pcap_dev); } else if (mode == MODE_PCAP_FILE) { - af_logfile_ctx = AlertFastlogInitCtx(NULL); - ad_logfile_ctx = AlertDebuglogInitCtx(NULL); - lh_logfile_ctx = LogHttplogInitCtx(NULL); - aul_logfile_ctx = AlertUnifiedLogInitCtx(NULL); - aua_logfile_ctx = AlertUnifiedAlertInitCtx(NULL); - au2a_logfile_ctx = Unified2AlertInitCtx(NULL); - RunModeFilePcap(de_ctx, pcap_file, af_logfile_ctx, ad_logfile_ctx, lh_logfile_ctx, aul_logfile_ctx, aua_logfile_ctx, au2a_logfile_ctx); - //RunModeFilePcap2(de_ctx, pcap_file, af_logfile_ctx, ad_logfile_ctx, lh_logfile_ctx, aul_logfile_ctx, aua_logfile_ctx, au2a_logfile_ctx); + RunModeFilePcap(de_ctx, pcap_file); + //RunModeFilePcap2(de_ctx, pcap_file); } else if (mode == MODE_PFRING) { //RunModeIdsPfring3(de_ctx, pfring_dev); @@ -667,13 +653,7 @@ int main(int argc, char **argv) RunModeIdsPfring(de_ctx, pfring_dev); } else if (mode == MODE_NFQ) { - af_logfile_ctx = AlertFastlogInitCtx(NULL); - ad_logfile_ctx = AlertDebuglogInitCtx(NULL); - lh_logfile_ctx = LogHttplogInitCtx(NULL); - aul_logfile_ctx = AlertUnifiedLogInitCtx(NULL); - aua_logfile_ctx = AlertUnifiedAlertInitCtx(NULL); - au2a_logfile_ctx = Unified2AlertInitCtx(NULL); - RunModeIpsNFQ(de_ctx, af_logfile_ctx, ad_logfile_ctx, lh_logfile_ctx, aul_logfile_ctx, aua_logfile_ctx, au2a_logfile_ctx); + RunModeIpsNFQ(de_ctx); } else { printf("ERROR: Unknown runtime mode.\n"); @@ -767,14 +747,5 @@ int main(int argc, char **argv) RunModeShutDown(); - /* Remove when all run modes use the configuration file for output - * configuration. LogFileFreeCtx accepts NULL. */ - LogFileFreeCtx(af_logfile_ctx); - LogFileFreeCtx(lh_logfile_ctx); - LogFileFreeCtx(ad_logfile_ctx); - LogFileFreeCtx(aul_logfile_ctx); - LogFileFreeCtx(aua_logfile_ctx); - LogFileFreeCtx(au2a_logfile_ctx); - exit(EXIT_SUCCESS); } -- 1.6.5.2