本文整理汇总了C++中SCLogDebug函数的典型用法代码示例。如果您正苦于以下问题:C++ SCLogDebug函数的具体用法?C++ SCLogDebug怎么用?C++ SCLogDebug使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SCLogDebug函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: SCCudaHlGetCudaDevicePtr
/**
* \brief Returns a cuda_device_pointer against the handle in the argument.
*
* If a device pointer by the name \"name\" is not registered for the
* handle, it is created and associated with this handle and cuda mem is
* alloted and the cuda_device_pointer is returned in the argument.
* If a device pointer by the name \"name\" is already registered with
* the handle, the cuda_device_pointer is returned in the argument.
*
* \param device_ptr Pointer to the device pointer instance which should be
* with the cuda_device_pointer that has to be returned back.
* \param name Name of the device pointer by which we have to search
* module for its existance.
* \param size Size of the cuda device memory to be alloted.
* \param host_ptr If any host memory has to be transferred to the cuda device
* memory, it can sent using this argument. host_ptr should
* hold atleast size bytes in memory.
* \param handle A unique handle which identifies a module. Obtained from
* a call to SCCudaHlGetUniqueHandle().
* \param cumodule_handle A handle that identifies the CUmodule within the above module.
* Obtained from a call to SCCudaHlGetCudaModule() or
* SCCudaHlGetCudaModuleFromFile().
*
* \retval 0 On success.
* \retval -1 On failure.
*/
int SCCudaHlGetCudaDevicePtr(CUdeviceptr *device_ptr, const char *name,
size_t size, void *host_ptr, int handle,
int cumodule_handle)
{
SCCudaHlModuleData *data = NULL;
SCCudaHlModuleCUmodule *cumodule = NULL;
SCCudaHlModuleDevicePointer *new_module_device_ptr = NULL;
SCCudaHlModuleDevicePointer *module_device_ptr = NULL;
if (device_ptr == NULL || name == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Error invalid arguments"
"device_ptr is NULL or name is NULL");
goto error;
}
/* check if the particular module that wants to allocate device memory is
* already registered or not. If it is registered, check if a context has
* been associated with the module. If yes, then we can go ahead and
* create the device memory or return the reference to the device memory if
* we already have the device memory associated with the module. If no, "
* log warning and get out of here */
if ( ((data = SCCudaHlGetModuleData(handle)) == NULL) ||
(data->cuda_context == 0)) {
SCLogDebug("Module not registered or no cuda context associated with "
"this module. You can't create a CUDA module without"
"associating a context with a module first. To use this "
"registration facility, first register a module using "
"context using SCCudaHlRegisterModule(), and then register "
"a cuda context with that module using "
"SCCudaHlGetCudaContext(), after which you can call this "
"function ");
goto error;
}
if ( (cumodule = SCCudaHlGetModuleCUmodule(data, cumodule_handle)) == NULL ) {
SCLogDebug("CUmodule not registered with the module. Before you can request"
"a device pointer for a module you need to load the CUmodule into"
"the engine module using SCCudaHlGetCudaModule() or"
"SCCudaHlGetCudaModuleFromFile().");
goto error;
}
/* if we already have a device pointer registered by this name return the
* cuda device pointer instance */
if ( (module_device_ptr = SCCudaHlCudaDevicePtrAvailable(cumodule, name)) != NULL) {
device_ptr[0] = module_device_ptr->d_ptr;
return 0;
}
new_module_device_ptr = SCMalloc(sizeof(SCCudaHlModuleDevicePointer));
if (new_module_device_ptr == NULL)
goto error;
memset(new_module_device_ptr, 0, sizeof(SCCudaHlModuleDevicePointer));
if ( (new_module_device_ptr->name = SCStrdup(name)) == NULL) {
SCLogError(SC_ERR_FATAL, "Fatal error encountered in SCCudaHlGetCudaDevicePtr. Exiting...");
exit(EXIT_FAILURE);
}
/* allocate the cuda memory */
if (SCCudaMemAlloc(&new_module_device_ptr->d_ptr, size) == -1)
goto error;
/* if the user has supplied a host buffer, copy contents to the device mem */
if (host_ptr != NULL) {
if (SCCudaMemcpyHtoD(new_module_device_ptr->d_ptr, host_ptr,
size) == -1) {
goto error;
}
}
/* send the newly assigned device pointer back to the caller */
device_ptr[0] = new_module_device_ptr->d_ptr;
//.........这里部分代码省略.........
示例2: DetectIsdataatSetup
/**
* \brief This function is used to add the parsed isdataatdata into the current
* signature.
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param isdataatstr pointer to the user provided isdataat options
*
* \retval 0 on Success
* \retval -1 on Failure
*/
int DetectIsdataatSetup (DetectEngineCtx *de_ctx, Signature *s, char *isdataatstr)
{
DetectIsdataatData *idad = NULL;
SigMatch *sm = NULL;
SigMatch *dm = NULL;
SigMatch *pm = NULL;
SigMatch *prev_pm = NULL;
char *offset = NULL;
idad = DetectIsdataatParse(isdataatstr, &offset);
if (idad == NULL)
goto error;
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_ISDATAAT;
sm->ctx = (void *)idad;
if (s->alproto == ALPROTO_DCERPC &&
idad->flags & ISDATAAT_RELATIVE) {
pm = SigMatchGetLastSMFromLists(s, 6,
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_PMATCH],
DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_PMATCH]);
dm = SigMatchGetLastSMFromLists(s, 6,
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_DMATCH],
DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_DMATCH],
DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_DMATCH]);
if (pm == NULL) {
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DMATCH);
} else if (dm == NULL) {
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DMATCH);
} else if (pm->idx > dm->idx) {
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_PMATCH);
} else {
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_DMATCH);
}
prev_pm = SigMatchGetLastSMFromLists(s, 6,
DETECT_CONTENT, sm->prev,
DETECT_BYTEJUMP, sm->prev,
DETECT_PCRE, sm->prev);
if (prev_pm == NULL) {
SCLogDebug("No preceding content or pcre keyword. Possible "
"since this is a dce alproto sig.");
if (offset != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
"seen in isdataat - %s", offset);
goto error;
}
return 0;
}
} else if (s->init_flags & SIG_FLAG_INIT_FILE_DATA) {
if (idad->flags & ISDATAAT_RELATIVE) {
pm = SigMatchGetLastSMFromLists(s, 10,
DETECT_CONTENT, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH],
DETECT_PCRE, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH],
DETECT_BYTEJUMP, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH],
DETECT_BYTE_EXTRACT, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH],
DETECT_BYTETEST, s->sm_lists_tail[DETECT_SM_LIST_HSBDMATCH]);
if (pm == NULL) {
idad->flags &= ~ISDATAAT_RELATIVE;
}
s->flags |= SIG_FLAG_APPLAYER;
AppLayerHtpEnableResponseBodyCallback();
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSBDMATCH);
} else {
s->flags |= SIG_FLAG_APPLAYER;
AppLayerHtpEnableResponseBodyCallback();
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HSBDMATCH);
}
if (pm == NULL) {
SCLogDebug("No preceding content or pcre keyword. Possible "
"since this is a file_data sig.");
if (offset != NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown byte_extract var "
"seen in isdataat - %s", offset);
goto error;
}
return 0;
}
prev_pm = pm;
} else {
if (!(idad->flags & ISDATAAT_RELATIVE)) {
//.........这里部分代码省略.........
示例3: DetectIsdataatSetup
//.........这里部分代码省略.........
case DETECT_CONTENT:
list_type = DETECT_SM_LIST_PMATCH;
break;
case DETECT_URICONTENT:
list_type = DETECT_SM_LIST_UMATCH;
break;
case DETECT_AL_HTTP_CLIENT_BODY:
list_type = DETECT_SM_LIST_HCBDMATCH;
break;
case DETECT_AL_HTTP_RAW_HEADER:
list_type = DETECT_SM_LIST_HRHDMATCH;
break;
case DETECT_AL_HTTP_HEADER:
list_type = DETECT_SM_LIST_HHDMATCH;
break;
case DETECT_AL_HTTP_METHOD:
list_type = DETECT_SM_LIST_HMDMATCH;
break;
case DETECT_AL_HTTP_COOKIE:
list_type = DETECT_SM_LIST_HCDMATCH;
break;
} /* switch */
} /* else */
SigMatchAppendSMToList(s, sm, list_type);
} /* else - if (pm == NULL) */
prev_pm = pm;
}
if (!(idad->flags & ISDATAAT_RELATIVE)) {
return 0;
}
if (prev_pm == NULL) {
if (s->alproto == ALPROTO_DCERPC) {
SCLogDebug("No preceding content or pcre keyword. Possible "
"since this is a dce alproto sig.");
return 0;
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "No preceding content, pcre, "
"uricontent, http_client_body, http_header, "
"http_raw_header, http_method or http_cookie keyword");
goto error;
}
}
DetectContentData *cd = NULL;
DetectPcreData *pe = NULL;
switch (prev_pm->type) {
case DETECT_CONTENT:
case DETECT_URICONTENT:
case DETECT_AL_HTTP_CLIENT_BODY:
case DETECT_AL_HTTP_HEADER:
case DETECT_AL_HTTP_RAW_HEADER:
case DETECT_AL_HTTP_METHOD:
case DETECT_AL_HTTP_COOKIE:
/* Set the relative next flag on the prev sigmatch */
cd = (DetectContentData *)prev_pm->ctx;
if (cd == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!");
return -1;
}
cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
break;
case DETECT_PCRE:
pe = (DetectPcreData *)prev_pm->ctx;
if (pe == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!");
return -1;
}
pe->flags |= DETECT_PCRE_RELATIVE_NEXT;
break;
case DETECT_BYTEJUMP:
SCLogDebug("Do nothing for bytejump");
break;
default:
/* this will never hit */
SCLogError(SC_ERR_INVALID_SIGNATURE, "Unknown previous-"
"previous keyword!");
return -1;
} /* switch */
return 0;
error:
//if (idad != NULL)
// DetectIsdataatFree(idad);
//if (sm != NULL)
// SCFree(sm);
return -1;
}示例4: DetectSslVersionTestDetect01
/** \test Send a get request in three chunks + more data. */
static int DetectSslVersionTestDetect01(void)
{
int result = 0;
Flow f;
uint8_t sslbuf1[] = { 0x16 };
uint32_t ssllen1 = sizeof(sslbuf1);
uint8_t sslbuf2[] = { 0x03 };
uint32_t ssllen2 = sizeof(sslbuf2);
uint8_t sslbuf3[] = { 0x01 };
uint32_t ssllen3 = sizeof(sslbuf3);
uint8_t sslbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x01 };
uint32_t ssllen4 = sizeof(sslbuf4);
TcpSession ssn;
Packet *p = NULL;
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.proto = IPPROTO_TCP;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
f.alproto = ALPROTO_TLS;
StreamTcpInitConfig(TRUE);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tls any any -> any any (msg:\"TLS\"; ssl_version:tls1.0; sid:1;)");
if (s == NULL) {
goto end;
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
SCMutexLock(&f.m);
int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
SCMutexUnlock(&f.m);
goto end;
}
SCMutexUnlock(&f.m);
SSLState *app_state = f.alstate;
if (app_state == NULL) {
printf("no ssl state: ");
goto end;
}
if (app_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16, app_state->client_connp.content_type);
goto end;
}
if (app_state->client_connp.version != TLS_VERSION_10) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ", TLS_VERSION_10, app_state->client_connp.version);
goto end;
}
SCLogDebug("app_state is at %p, app_state->server_connp.version 0x%02X app_state->client_connp.version 0x%02X",
app_state, app_state->server_connp.version, app_state->client_connp.version);
//.........这里部分代码省略.........
示例5: SCClassConfAddClasstype
/**
* \brief Parses a line from the classification file and adds it to Classtype
* hash table in DetectEngineCtx, i.e. DetectEngineCtx->class_conf_ht.
*
* \param rawstr Pointer to the string to be parsed.
* \param index Relative index of the string to be parsed.
* \param de_ctx Pointer to the Detection Engine Context.
*
* \retval 0 On success.
* \retval -1 On failure.
*/
int SCClassConfAddClasstype(char *rawstr, uint8_t index, DetectEngineCtx *de_ctx)
{
const char *ct_name = NULL;
const char *ct_desc = NULL;
const char *ct_priority_str = NULL;
int ct_priority = 0;
uint8_t ct_id = index;
SCClassConfClasstype *ct_new = NULL;
SCClassConfClasstype *ct_lookup = NULL;
#define MAX_SUBSTRINGS 30
int ret = 0;
int ov[MAX_SUBSTRINGS];
ret = pcre_exec(regex, regex_study, rawstr, strlen(rawstr), 0, 0, ov, 30);
if (ret < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid Classtype in "
"classification.config file");
goto error;
}
/* retrieve the classtype name */
ret = pcre_get_substring((char *)rawstr, ov, 30, 1, &ct_name);
if (ret < 0) {
SCLogInfo("pcre_get_substring() failed");
goto error;
}
/* retrieve the classtype description */
ret = pcre_get_substring((char *)rawstr, ov, 30, 2, &ct_desc);
if (ret < 0) {
SCLogInfo("pcre_get_substring() failed");
goto error;
}
/* retrieve the classtype priority */
ret = pcre_get_substring((char *)rawstr, ov, 30, 3, &ct_priority_str);
if (ret < 0) {
SCLogInfo("pcre_get_substring() failed");
goto error;
}
if (ct_priority_str == NULL) {
goto error;
}
ct_priority = atoi(ct_priority_str);
/* Create a new instance of the parsed Classtype string */
ct_new = SCClassConfAllocClasstype(ct_id, ct_name, ct_desc, ct_priority);
if (ct_new == NULL)
goto error;
/* Check if the Classtype is present in the HashTable. In case it's present
* ignore it, as it is a duplicate. If not present, add it to the table */
ct_lookup = HashTableLookup(de_ctx->class_conf_ht, ct_new, 0);
if (ct_lookup == NULL) {
if (HashTableAdd(de_ctx->class_conf_ht, ct_new, 0) < 0)
SCLogDebug("HashTable Add failed");
} else {
SCLogDebug("Duplicate classtype found inside classification.config");
if (ct_new->classtype_desc) SCFree(ct_new->classtype_desc);
if (ct_new->classtype) SCFree(ct_new->classtype);
SCFree(ct_new);
}
if (ct_name) SCFree((char *)ct_name);
if (ct_desc) SCFree((char *)ct_desc);
if (ct_priority_str) SCFree((char *)ct_priority_str);
return 0;
error:
if (ct_name) SCFree((char *)ct_name);
if (ct_desc) SCFree((char *)ct_desc);
if (ct_priority_str) SCFree((char *)ct_priority_str);
return -1;
}示例6: HtpBodyPrune
/**
* \brief Free request body chunks that are already fully parsed.
*
* \param state htp_state, with reference to our config
* \param body the body to prune
* \param direction STREAM_TOSERVER (request), STREAM_TOCLIENT (response)
*
* \retval none
*/
void HtpBodyPrune(HtpState *state, HtpBody *body, int direction)
{
SCEnter();
if (body == NULL || body->first == NULL) {
SCReturn;
}
if (body->body_parsed == 0) {
SCReturn;
}
/* get the configured inspect sizes. Default to response values */
uint32_t min_size = state->cfg->response.inspect_min_size;
uint32_t window = state->cfg->response.inspect_window;
if (direction == STREAM_TOSERVER) {
min_size = state->cfg->request.inspect_min_size;
window = state->cfg->request.inspect_window;
}
uint64_t max_window = ((min_size > window) ? min_size : window);
uint64_t in_flight = body->content_len_so_far - body->body_inspected;
/* Special case. If body_inspected is not being updated, we make sure that
* we prune the body. We allow for some extra size/room as we may be called
* multiple times on uninspected body chunk additions if a large block of
* data was ack'd at once. Want to avoid pruning before inspection. */
if (in_flight > (max_window * 3)) {
body->body_inspected = body->content_len_so_far - max_window;
} else if (body->body_inspected < max_window) {
SCReturn;
}
uint64_t left_edge = body->body_inspected;
if (left_edge <= min_size || left_edge <= window)
left_edge = 0;
if (left_edge)
left_edge -= window;
if (left_edge) {
SCLogDebug("sliding body to offset %"PRIu64, left_edge);
StreamingBufferSlideToOffset(body->sb, left_edge);
}
SCLogDebug("pruning chunks of body %p", body);
HtpBodyChunk *cur = body->first;
while (cur != NULL) {
HtpBodyChunk *next = cur->next;
SCLogDebug("cur %p", cur);
if (!StreamingBufferSegmentIsBeforeWindow(body->sb, &cur->sbseg)) {
SCLogDebug("not removed");
break;
}
body->first = next;
if (body->last == cur) {
body->last = next;
}
HTPFree(cur, sizeof(HtpBodyChunk));
cur = next;
SCLogDebug("removed");
}
SCReturn;
}示例7: TLSParseServerRecord
/**
* \brief Function to parse the TLS field in packet received from the server
*
* \param tls_state Pointer the state in which the value to be stored
* \param pstate Application layer tarser state for this session
* \param input Pointer the received input data
* \param input_len Length in bytes of the received data
* \param output Pointer to the list of parsed output elements
*/
static int TLSParseServerRecord(Flow *f, void *tls_state, AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len,
AppLayerParserResult *output)
{
SCEnter();
if (input_len >= 7) {
if (SSLParseServerRecord(f, tls_state, pstate, input, input_len, output)
== 1)
{
SCLogDebug("it seems the ssl version 2 is detected");
SCReturnInt(1);
}
}
SCLogDebug("tls_state %p, pstate %p, input %p,input_len %" PRIu32 "",
tls_state, pstate, input, input_len);
//PrintRawDataFp(stdout, input,input_len);
uint16_t max_fields = 3;
int16_t u = 0;
uint32_t offset = 0;
if (pstate == NULL)
SCReturnInt(-1);
for (u = pstate->parse_field; u < max_fields; u++) {
SCLogDebug("u %" PRIu32 "", u);
switch(u % 3) {
case 0: /* TLS CONTENT TYPE */
{
uint8_t *data = input + offset;
uint32_t data_len = input_len - offset;
int r = AlpParseFieldBySize(output, pstate,
TLS_FIELD_SERVER_CONTENT_TYPE,
/* single byte field */1, data,
data_len, &offset);
SCLogDebug("r = %" PRId32 "", r);
if (r == 0) {
pstate->parse_field = 0;
SCReturnInt(0);
} else if (r == -1) {
SCLogError(SC_ERR_ALPARSER, "AlpParseFieldBySize failed, "
"r %d", r);
SCReturnInt(-1);
}
break;
}
case 1: /* TLS VERSION */
{
uint8_t *data = input + offset;
uint32_t data_len = input_len - offset;
int r = AlpParseFieldBySize(output, pstate,
TLS_FIELD_SERVER_VERSION,/* 2 byte
*field */2, data, data_len, &offset);
if (r == 0) {
pstate->parse_field = 1;
SCReturnInt(0);
} else if (r == -1) {
SCLogError(SC_ERR_ALPARSER, "AlpParseFieldBySize failed, "
"r %d", r);
SCReturnInt(-1);
}
break;
}
case 2: /* TLS Record Message Length */
{
uint8_t *data = input + offset;
uint32_t data_len = input_len - offset;
int r = AlpParseFieldBySize(output, pstate, TLS_FIELD_LENGTH,
/* 2 byte field */2, data, data_len,
&offset);
if (r == 0) {
pstate->parse_field = 2;
SCReturnInt(0);
} else if (r == -1) {
SCLogError(SC_ERR_ALPARSER, "AlpParseFieldBySize failed, "
"r %d", r);
SCReturnInt(-1);
}
/* Parsing of the record is done. Since we may have more than
* one record, we check here if we still have data left *after*
* this record. In that case setup the parser to parse that
* record as well. */
//.........这里部分代码省略.........
示例8: SCSetThreadName
void *TmThreadsSlot1NoInOut(void *td) {
ThreadVars *tv = (ThreadVars *)td;
Tm1Slot *s = (Tm1Slot *)tv->tm_slots;
char run = 1;
TmEcode r = TM_ECODE_OK;
/* Set the thread name */
SCSetThreadName(tv->name);
/* Drop the capabilities for this thread */
SCDropCaps(tv);
if (tv->thread_setup_flags != 0)
TmThreadSetupOptions(tv);
SCLogDebug("%s starting", tv->name);
if (s->s.SlotThreadInit != NULL) {
r = s->s.SlotThreadInit(tv, s->s.slot_initdata, &s->s.slot_data);
if (r != TM_ECODE_OK) {
EngineKill();
TmThreadsSetFlag(tv, THV_CLOSED);
pthread_exit((void *) -1);
}
}
memset(&s->s.slot_pre_pq, 0, sizeof(PacketQueue));
memset(&s->s.slot_post_pq, 0, sizeof(PacketQueue));
TmThreadsSetFlag(tv, THV_INIT_DONE);
while(run) {
TmThreadTestThreadUnPaused(tv);
r = s->s.SlotFunc(tv, NULL, s->s.slot_data, /* no outqh, no pq */NULL, NULL);
//printf("%s: TmThreadsSlot1NoInNoOut: r %" PRId32 "\n", tv->name, r);
/* handle error */
if (r == TM_ECODE_FAILED) {
TmThreadsSetFlag(tv, THV_FAILED);
break;
}
if (TmThreadsCheckFlag(tv, THV_KILL)) {
//printf("%s: TmThreadsSlot1NoInOut: KILL is set\n", tv->name);
SCPerfUpdateCounterArray(tv->sc_perf_pca, &tv->sc_perf_pctx, 0);
run = 0;
}
}
if (s->s.SlotThreadExitPrintStats != NULL) {
s->s.SlotThreadExitPrintStats(tv, s->s.slot_data);
}
if (s->s.SlotThreadDeinit != NULL) {
r = s->s.SlotThreadDeinit(tv, s->s.slot_data);
if (r != TM_ECODE_OK) {
TmThreadsSetFlag(tv, THV_CLOSED);
pthread_exit((void *) -1);
}
}
//printf("TmThreadsSlot1NoInOut: %s ending\n", tv->name);
TmThreadsSetFlag(tv, THV_CLOSED);
pthread_exit((void *) 0);
}示例9: DecodeVLAN
/**
* \internal
* \brief this function is used to decode IEEE802.1q packets
*
* \param tv pointer to the thread vars
* \param dtv pointer code thread vars
* \param p pointer to the packet struct
* \param pkt pointer to the raw packet
* \param len packet len
* \param pq pointer to the packet queue
*
*/
int DecodeVLAN(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
{
uint32_t proto;
if (p->vlan_idx == 0)
SCPerfCounterIncr(dtv->counter_vlan, tv->sc_perf_pca);
else if (p->vlan_idx == 1)
SCPerfCounterIncr(dtv->counter_vlan_qinq, tv->sc_perf_pca);
if(len < VLAN_HEADER_LEN) {
ENGINE_SET_INVALID_EVENT(p, VLAN_HEADER_TOO_SMALL);
return TM_ECODE_FAILED;
}
if (p->vlan_idx >= 2) {
ENGINE_SET_EVENT(p,VLAN_HEADER_TOO_MANY_LAYERS);
return TM_ECODE_FAILED;
}
p->vlanh[p->vlan_idx] = (VLANHdr *)pkt;
if(p->vlanh[p->vlan_idx] == NULL)
return TM_ECODE_FAILED;
proto = GET_VLAN_PROTO(p->vlanh[p->vlan_idx]);
SCLogDebug("p %p pkt %p VLAN protocol %04x VLAN PRI %d VLAN CFI %d VLAN ID %d Len: %" PRId32 "",
p, pkt, proto, GET_VLAN_PRIORITY(p->vlanh[p->vlan_idx]),
GET_VLAN_CFI(p->vlanh[p->vlan_idx]), GET_VLAN_ID(p->vlanh[p->vlan_idx]), len);
/* only store the id for flow hashing if it's not disabled. */
if (dtv->vlan_disabled == 0)
p->vlan_id[p->vlan_idx] = (uint16_t)GET_VLAN_ID(p->vlanh[p->vlan_idx]);
p->vlan_idx++;
switch (proto) {
case ETHERNET_TYPE_IP:
DecodeIPV4(tv, dtv, p, pkt + VLAN_HEADER_LEN,
len - VLAN_HEADER_LEN, pq);
break;
case ETHERNET_TYPE_IPV6:
DecodeIPV6(tv, dtv, p, pkt + VLAN_HEADER_LEN,
len - VLAN_HEADER_LEN, pq);
break;
case ETHERNET_TYPE_PPPOE_SESS:
DecodePPPOESession(tv, dtv, p, pkt + VLAN_HEADER_LEN,
len - VLAN_HEADER_LEN, pq);
break;
case ETHERNET_TYPE_PPPOE_DISC:
DecodePPPOEDiscovery(tv, dtv, p, pkt + VLAN_HEADER_LEN,
len - VLAN_HEADER_LEN, pq);
break;
case ETHERNET_TYPE_VLAN:
case ETHERNET_TYPE_8021AD:
if (p->vlan_idx >= 2) {
ENGINE_SET_EVENT(p,VLAN_HEADER_TOO_MANY_LAYERS);
return TM_ECODE_OK;
} else {
DecodeVLAN(tv, dtv, p, pkt + VLAN_HEADER_LEN,
len - VLAN_HEADER_LEN, pq);
}
break;
default:
SCLogDebug("unknown VLAN type: %" PRIx32 "", proto);
ENGINE_SET_INVALID_EVENT(p, VLAN_UNKNOWN_TYPE);
return TM_ECODE_OK;
}
return TM_ECODE_OK;
}示例10: TmThreadKillThreads
void TmThreadKillThreads(void) {
ThreadVars *tv = NULL;
int i = 0;
for (i = 0; i < TVT_MAX; i++) {
tv = tv_root[i];
while (tv) {
TmThreadsSetFlag(tv, THV_KILL);
SCLogDebug("told thread %s to stop", tv->name);
if (tv->inq != NULL) {
int i;
//printf("TmThreadKillThreads: (t->inq->reader_cnt + t->inq->writer_cnt) %" PRIu32 "\n", (t->inq->reader_cnt + t->inq->writer_cnt));
/* make sure our packet pending counter doesn't block */
//SCCondSignal(&cond_pending);
/* signal the queue for the number of users */
if (tv->InShutdownHandler != NULL) {
tv->InShutdownHandler(tv);
}
for (i = 0; i < (tv->inq->reader_cnt + tv->inq->writer_cnt); i++) {
if (tv->inq->q_type == 0)
SCCondSignal(&trans_q[tv->inq->id].cond_q);
else
SCCondSignal(&data_queues[tv->inq->id].cond_q);
}
/* to be sure, signal more */
int cnt = 0;
while (1) {
if (TmThreadsCheckFlag(tv, THV_CLOSED)) {
SCLogDebug("signalled the thread %" PRId32 " times", cnt);
break;
}
cnt++;
if (tv->InShutdownHandler != NULL) {
tv->InShutdownHandler(tv);
}
for (i = 0; i < (tv->inq->reader_cnt + tv->inq->writer_cnt); i++) {
if (tv->inq->q_type == 0)
SCCondSignal(&trans_q[tv->inq->id].cond_q);
else
SCCondSignal(&data_queues[tv->inq->id].cond_q);
}
usleep(100);
}
SCLogDebug("signalled tv->inq->id %" PRIu32 "", tv->inq->id);
}
if (tv->cond != NULL ) {
int cnt = 0;
while (1) {
if (TmThreadsCheckFlag(tv, THV_CLOSED)) {
SCLogDebug("signalled the thread %" PRId32 " times", cnt);
break;
}
cnt++;
pthread_cond_broadcast(tv->cond);
usleep(100);
}
}
/* join it */
pthread_join(tv->t, NULL);
SCLogDebug("thread %s stopped", tv->name);
tv = tv->next;
}
}
}示例11: DetectSslVersionTestDetect03
static int DetectSslVersionTestDetect03(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
Flow f;
uint8_t sslbuf1[] = { 0x16 };
uint32_t ssllen1 = sizeof(sslbuf1);
uint8_t sslbuf2[] = { 0x03 };
uint32_t ssllen2 = sizeof(sslbuf2);
uint8_t sslbuf3[] = { 0x01 };
uint32_t ssllen3 = sizeof(sslbuf3);
uint8_t sslbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x02 };
uint32_t ssllen4 = sizeof(sslbuf4);
TcpSession ssn;
Packet *p = NULL;
Signature *s = NULL;
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx = NULL;
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
p->tcph->th_seq = htonl(1000);
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST;
f.alproto = ALPROTO_TLS;
f.proto = p->proto;
StreamTcpInitConfig(TRUE);
FlowL7DataPtrInit(&f);
StreamMsg *stream_msg = StreamMsgGetFromPool();
if (stream_msg == NULL) {
printf("no stream_msg: ");
goto end;
}
memcpy(stream_msg->data.data, sslbuf4, ssllen4);
stream_msg->data.data_len = ssllen4;
ssn.toserver_smsg_head = stream_msg;
ssn.toserver_smsg_tail = stream_msg;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"TLS\"; ssl_version:tls1.0; content:\"|01 00 00 AD|\"; sid:1;)");
if (s == NULL) {
goto end;
}
if (s->flags & SIG_FLAG_PACKET) {
SCLogDebug("SIG_FLAG_PACKET flags");
}
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
int r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf1, ssllen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
goto end;
}
r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf2, ssllen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
goto end;
}
r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf3, ssllen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
goto end;
}
r = AppLayerParse(&f, ALPROTO_TLS, STREAM_TOSERVER, sslbuf4, ssllen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
goto end;
}
TlsState *app_state = f.aldata[AlpGetStateIdx(ALPROTO_TLS)];
if (app_state == NULL) {
printf("no ssl state: ");
goto end;
}
if (app_state->client_content_type != 0x16) {
//.........这里部分代码省略.........
示例12: SCRConfAddReference
/**
* \brief Parses a line from the reference config file and adds it to Reference
* Config hash table DetectEngineCtx->reference_conf_ht.
*
* \param rawstr Pointer to the string to be parsed.
* \param de_ctx Pointer to the Detection Engine Context.
*
* \retval 0 On success.
* \retval -1 On failure.
*/
static int SCRConfAddReference(char *rawstr, DetectEngineCtx *de_ctx)
{
const char *system = NULL;
const char *url = NULL;
SCRConfReference *ref_new = NULL;
SCRConfReference *ref_lookup = NULL;
#define MAX_SUBSTRINGS 30
int ret = 0;
int ov[MAX_SUBSTRINGS];
ret = pcre_exec(regex, regex_study, rawstr, strlen(rawstr), 0, 0, ov, 30);
if (ret < 0) {
SCLogError(SC_ERR_REFERENCE_CONFIG, "Invalid Reference Config in "
"reference.config file");
goto error;
}
/* retrieve the reference system */
ret = pcre_get_substring((char *)rawstr, ov, 30, 1, &system);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring() failed");
goto error;
}
/* retrieve the reference url */
ret = pcre_get_substring((char *)rawstr, ov, 30, 2, &url);
if (ret < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring() failed");
goto error;
}
/* Create a new instance of the parsed Reference string */
ref_new = SCRConfAllocSCRConfReference(system, url);
/* Check if the Reference is present in the HashTable. In case it's present
* ignore it, as it's a duplicate. If not present, add it to the table */
ref_lookup = HashTableLookup(de_ctx->reference_conf_ht, ref_new, 0);
if (ref_lookup == NULL) {
if (HashTableAdd(de_ctx->reference_conf_ht, ref_new, 0) < 0) {
SCLogDebug("HashTable Add failed");
}
} else {
SCLogDebug("Duplicate reference found inside reference.config");
SCRConfDeAllocSCRConfReference(ref_new);
}
/* free the substrings */
pcre_free_substring(system);
pcre_free_substring(url);
return 0;
error:
if (system)
pcre_free_substring(system);
if (url)
pcre_free_substring(url);
return -1;
}示例13: SCCudaHlFreeCudaDevicePtr
/**
* \brief Frees a Cuda Device Pointer.
*
* If a device pointer by the name \"name\" is registered for this
* handle, it is freed.
*
* \param name Name of the device pointer by which we have to search
* module for its existance.
* \param handle A unique handle which identifies a module. Obtained from
* a call to SCCudaHlGetUniqueHandle().
* \param cumodule A handle that identifies the CUmodule within the above module.
* Obtained from a call to SCCudaHlGetCudaModule() or
* SCCudaHlGetCudaModuleFromFile().
* \retval 0 On success.
* \retval -1 On failure.
*/
int SCCudaHlFreeCudaDevicePtr(const char *name, int handle, int cumodule_handle)
{
SCCudaHlModuleData *data = NULL;
SCCudaHlModuleCUmodule *cumodule = NULL;
SCCudaHlModuleDevicePointer *module_device_ptr = NULL;
SCCudaHlModuleDevicePointer *temp_module_device_ptr = NULL;
if (name == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENTS, "Error invalid arguments"
"device_ptr is NULL or name is NULL");
goto error;
}
/* check if the particular module that wants to free device memory is
* already registered or not. If it is registered, check if a context has
* been associated with the module. If yes, then we can go ahead and
* free the device memory.
*/
if ( ((data = SCCudaHlGetModuleData(handle)) == NULL) ||
(data->cuda_context == 0)) {
SCLogDebug("Module not registered or no cuda context associated with "
"this module. You can't create a CUDA module without"
"associating a context with a module first. To use this "
"registration facility, first register a module using "
"context using SCCudaHlRegisterModule(), and then register "
"a cuda context with that module using "
"SCCudaHlGetCudaContext(), after which you can call this "
"function ");
goto error;
}
if ( (cumodule = SCCudaHlGetModuleCUmodule(data, cumodule_handle)) == NULL ) {
SCLogDebug("CUmodule not registered with the module. Before you can request"
"a device pointer for a module you need to load the CUmodule into"
"the engine module using SCCudaHlGetCudaModule() or"
"SCCudaHlGetCudaModuleFromFile().");
goto error;
}
/* if we do not have a device pointer registered by this name get out */
if ( (module_device_ptr = SCCudaHlCudaDevicePtrAvailable(cumodule, name)) == NULL) {
goto error;
}
SCCudaMemFree(module_device_ptr->d_ptr);
module_device_ptr->d_ptr = 0;
if (module_device_ptr == cumodule->device_ptrs) {
cumodule->device_ptrs = cumodule->device_ptrs->next;
} else {
temp_module_device_ptr = cumodule->device_ptrs;
while (strcmp(temp_module_device_ptr->next->name, name) != 0) {
temp_module_device_ptr = temp_module_device_ptr->next;
}
temp_module_device_ptr->next = temp_module_device_ptr->next->next;
}
SCFree(module_device_ptr->name);
SCFree(module_device_ptr);
return 0;
error:
return -1;
}示例14: OutputTxLog
static TmEcode OutputTxLog(ThreadVars *tv, Packet *p, void *thread_data)
{
BUG_ON(thread_data == NULL);
if (list == NULL) {
/* No child loggers registered. */
return TM_ECODE_OK;
}
OutputLoggerThreadData *op_thread_data = (OutputLoggerThreadData *)thread_data;
if (p->flow == NULL)
return TM_ECODE_OK;
Flow * const f = p->flow;
const uint8_t ipproto = f->proto;
const AppProto alproto = f->alproto;
if (AppLayerParserProtocolIsTxAware(p->proto, alproto) == 0)
goto end;
if (AppLayerParserProtocolHasLogger(p->proto, alproto) == 0)
goto end;
const LoggerId logger_expectation = AppLayerParserProtocolGetLoggerBits(p->proto, alproto);
if (logger_expectation == 0)
goto end;
void *alstate = f->alstate;
if (alstate == NULL) {
SCLogDebug("no alstate");
goto end;
}
const uint8_t ts_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOSERVER);
const uint8_t tc_disrupt_flags = FlowGetDisruptionFlags(f, STREAM_TOCLIENT);
const uint64_t total_txs = AppLayerParserGetTxCnt(f, alstate);
uint64_t tx_id = AppLayerParserGetTransactionLogId(f->alparser);
uint64_t max_id = tx_id;
int logged = 0;
int gap = 0;
AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(ipproto, alproto);
AppLayerGetTxIterState state;
memset(&state, 0, sizeof(state));
while (1) {
AppLayerGetTxIterTuple ires = IterFunc(ipproto, alproto, alstate, tx_id, total_txs, &state);
if (ires.tx_ptr == NULL)
break;
void * const tx = ires.tx_ptr;
tx_id = ires.tx_id;
LoggerId tx_logged = AppLayerParserGetTxLogged(f, alstate, tx);
const LoggerId tx_logged_old = tx_logged;
SCLogDebug("logger: expect %08x, have %08x", logger_expectation, tx_logged);
if (tx_logged == logger_expectation) {
/* tx already fully logged */
goto next_tx;
}
int tx_progress_ts = AppLayerParserGetStateProgress(p->proto, alproto,
tx, ts_disrupt_flags);
int tx_progress_tc = AppLayerParserGetStateProgress(p->proto, alproto,
tx, tc_disrupt_flags);
SCLogDebug("tx_progress_ts %d tx_progress_tc %d",
tx_progress_ts, tx_progress_tc);
const OutputTxLogger *logger = list;
const OutputLoggerThreadStore *store = op_thread_data->store;
#ifdef DEBUG_VALIDATION
BUG_ON(logger == NULL && store != NULL);
BUG_ON(logger != NULL && store == NULL);
BUG_ON(logger == NULL && store == NULL);
#endif
while (logger && store) {
BUG_ON(logger->LogFunc == NULL);
SCLogDebug("logger %p, LogCondition %p, ts_log_progress %d "
"tc_log_progress %d", logger, logger->LogCondition,
logger->ts_log_progress, logger->tc_log_progress);
if (logger->alproto == alproto &&
(tx_logged_old & (1<<logger->logger_id)) == 0)
{
SCLogDebug("alproto match, logging tx_id %"PRIu64, tx_id);
if (!(AppLayerParserStateIssetFlag(f->alparser,
APP_LAYER_PARSER_EOF))) {
if (logger->LogCondition) {
int r = logger->LogCondition(tv, p, alstate, tx, tx_id);
if (r == FALSE) {
SCLogDebug("conditions not met, not logging");
goto next_logger;
}
} else {
if (tx_progress_tc < logger->tc_log_progress) {
SCLogDebug("progress not far enough, not logging");
goto next_logger;
}
if (tx_progress_ts < logger->ts_log_progress) {
SCLogDebug("progress not far enough, not logging");
goto next_logger;
}
//.........这里部分代码省略.........
示例15: OutputRegisterTxLogger
int OutputRegisterTxLogger(LoggerId id, const char *name, AppProto alproto,
TxLogger LogFunc,
OutputCtx *output_ctx, int tc_log_progress,
int ts_log_progress, TxLoggerCondition LogCondition,
ThreadInitFunc ThreadInit,
ThreadDeinitFunc ThreadDeinit,
void (*ThreadExitPrintStats)(ThreadVars *, void *))
{
if (!(AppLayerParserIsTxAware(alproto))) {
SCLogNotice("%s logger not enabled: protocol %s is disabled",
name, AppProtoToString(alproto));
return -1;
}
OutputTxLogger *op = SCMalloc(sizeof(*op));
if (op == NULL)
return -1;
memset(op, 0x00, sizeof(*op));
op->alproto = alproto;
op->LogFunc = LogFunc;
op->LogCondition = LogCondition;
op->output_ctx = output_ctx;
op->name = name;
op->logger_id = id;
op->ThreadInit = ThreadInit;
op->ThreadDeinit = ThreadDeinit;
op->ThreadExitPrintStats = ThreadExitPrintStats;
if (tc_log_progress < 0) {
op->tc_log_progress =
AppLayerParserGetStateProgressCompletionStatus(alproto,
STREAM_TOCLIENT);
} else {
op->tc_log_progress = tc_log_progress;
}
if (ts_log_progress < 0) {
op->ts_log_progress =
AppLayerParserGetStateProgressCompletionStatus(alproto,
STREAM_TOSERVER);
} else {
op->ts_log_progress = ts_log_progress;
}
if (list == NULL) {
op->id = 1;
list = op;
} else {
OutputTxLogger *t = list;
while (t->next)
t = t->next;
if (t->id * 2 > UINT32_MAX) {
SCLogError(SC_ERR_FATAL, "Too many loggers registered.");
exit(EXIT_FAILURE);
}
op->id = t->id * 2;
t->next = op;
}
SCLogDebug("OutputRegisterTxLogger happy");
return 0;
}