1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Common includes, etc.
24  */
25 
26 #ifndef __SURICATA_COMMON_H__
27 #define __SURICATA_COMMON_H__
28 
29 #ifdef DEBUG
30 #define DBG_PERF
31 #endif
32 
33 #define TRUE   1
34 #define FALSE  0
35 
36 #define _GNU_SOURCE
37 #define __USE_GNU
38 
39 #if HAVE_CONFIG_H
40 #include <autoconf.h>
41 #endif
42 
43 #ifndef CLS
44 #warning "L1 cache line size not detected during build. Assuming 64 bytes."
45 #define CLS 64
46 #endif
47 
48 #if HAVE_DIRENT_H
49 #include <dirent.h>
50 #endif
51 
52 #if HAVE_STDIO_H
53 #include <stdio.h>
54 #endif
55 
56 #if HAVE_STDDEF_H
57 #include <stddef.h>
58 #endif
59 
60 #if HAVE_STDINT_h
61 #include <stdint.h>
62 #endif
63 
64 #if HAVE_STDBOOL_H
65 #include <stdbool.h>
66 #endif
67 
68 #if HAVE_STDARG_H
69 #include <stdarg.h>
70 #endif
71 
72 #ifdef HAVE_STDLIB_H
73 #include <stdlib.h>
74 #endif
75 
76 #if HAVE_ERRNO_H
77 #include <errno.h>
78 #endif
79 
80 #if HAVE_UNISTD_H
81 #include <unistd.h>
82 #endif
83 
84 #if HAVE_INTTYPES_H
85 #include <inttypes.h>
86 #endif
87 
88 #if HAVE_LIMITS_H
89 #include <limits.h>
90 #endif
91 
92 #if HAVE_CTYPE_H
93 #include <ctype.h>
94 #endif
95 
96 #if HAVE_STRING_H
97 #include <string.h>
98 #endif
99 
100 #if HAVE_STRINGS_H
101 #include <strings.h>
102 #endif
103 
104 #if HAVE_FCNTL_H
105 #include <fcntl.h>
106 #endif
107 
108 #ifdef HAVE_TIME_H
109 #include <time.h>
110 #endif
111 
112 #if HAVE_SYS_SYSCALL_H
113 #include <sys/syscall.h>
114 #endif
115 
116 #if HAVE_SYSCALL_H
117 #include <syscall.h>
118 #endif
119 
120 #if HAVE_SYS_TYPES_H
121 #include <sys/types.h> /* for gettid(2) */
122 #endif
123 
124 #if HAVE_SCHED_H
125 #include <sched.h>     /* for sched_setaffinity(2) */
126 #endif
127 
128 #ifdef HAVE_TYPE_U_LONG_NOT_DEFINED
129 typedef unsigned long int u_long
130 #endif
131 #ifdef HAVE_TYPE_U_INT_NOT_DEFINED
132 typedef unsigned int u_int
133 #endif
134 #ifdef HAVE_TYPE_U_SHORT_NOT_DEFINED
135 typedef unsigned short u_short
136 #endif
137 #ifdef HAVE_TYPE_U_CHAR_NOT_DEFINED
138 typedef unsigned char u_char
139 #endif
140 
141 #include <pcre.h>
142 
143 #ifdef HAVE_SYSLOG_H
144 #include <syslog.h>
145 #else
146 #ifdef OS_WIN32
147 #include "win32-syslog.h"
148 #endif /* OS_WIN32 */
149 #endif /* HAVE_SYSLOG_H */
150 
151 #ifdef OS_WIN32
152 #include "win32-misc.h"
153 #include "win32-service.h"
154 #endif /* OS_WIN32 */
155 
156 #if HAVE_SYS_TIME_H
157 #include <sys/time.h>
158 #endif
159 
160 #if HAVE_POLL_H
161 #include <poll.h>
162 #endif
163 
164 #if HAVE_SYS_SIGNAL_H
165 #include <sys/signal.h>
166 #endif
167 
168 #if HAVE_SIGNAL_H
169 #include <signal.h>
170 #endif
171 
172 #if HAVE_SYS_SOCKET_H
173 #include <sys/socket.h>
174 #endif
175 
176 #if HAVE_SYS_STAT_H
177 #include <sys/stat.h>
178 #endif
179 
180 #if HAVE_SYS_MMAN_H
181 #include <sys/mman.h>
182 #endif
183 
184 #if HAVE_SYS_RANDOM_H
185 #include <sys/random.h>
186 #endif
187 
188 #if HAVE_NETINET_IN_H
189 #include <netinet/in.h>
190 #endif
191 
192 #if HAVE_ARPA_INET_H
193 #include <arpa/inet.h>
194 #endif
195 
196 #if HAVE_NETDB_H
197 #include <netdb.h>
198 #endif
199 
200 #if __CYGWIN__
201 #if !defined _X86_ && !defined __x86_64
202 #define _X86_
203 #endif
204 #endif
205 
206 #if !__CYGWIN__
207 #ifdef HAVE_WINSOCK2_H
208 #include <winsock2.h>
209 #endif
210 #ifdef HAVE_WS2TCPIP_H
211 #include <ws2tcpip.h>
212 #endif
213 #endif /* !__CYGWIN__ */
214 
215 #ifdef HAVE_WINDOWS_H
216 #ifndef _WIN32_WINNT
217 #define _WIN32_WINNT 0x0501
218 #endif
219 #include <windows.h>
220 #endif
221 
222 #ifdef HAVE_W32API_WINBASE_H
223 #include <w32api/winbase.h>
224 #endif
225 
226 #ifdef HAVE_W32API_WTYPES_H
227 #include <w32api/wtypes.h>
228 #endif
229 
230 #ifndef SC_PCAP_DONT_INCLUDE_PCAP_H
231 #ifdef HAVE_PCAP_H
232 #include <pcap.h>
233 #endif
234 
235 #ifdef HAVE_PCAP_PCAP_H
236 #include <pcap/pcap.h>
237 #endif
238 #endif
239 
240 #ifdef HAVE_UTIME_H
241 #include <utime.h>
242 #endif
243 
244 #ifdef HAVE_LIBGEN_H
245 #include <libgen.h>
246 #endif
247 
248 #ifdef HAVE_GRP_H
249 #include <grp.h>
250 #endif
251 
252 #ifdef HAVE_PWD_H
253 #include <pwd.h>
254 #endif
255 
256 #include <jansson.h>
257 #ifndef JSON_ESCAPE_SLASH
258 #define JSON_ESCAPE_SLASH 0
259 #endif
260 /* Appears not all current distros have jansson that defines this. */
261 #ifndef json_boolean
262 #define json_boolean(val)      SCJsonBool((val))
263 //#define json_boolean(val)      ((val) ? json_true() : json_false())
264 #endif
265 
266 #ifdef HAVE_MAGIC
267 #include <magic.h>
268 #endif
269 
270 /* we need this to stringify the defines which are supplied at compiletime see:
271    http://gcc.gnu.org/onlinedocs/gcc-3.4.1/cpp/Stringification.html#Stringification */
272 #define xstr(s) str(s)
273 #define str(s) #s
274 
275 #if CPPCHECK==1
276     #define BUG_ON(x) if (((x))) exit(1)
277 #else
278     #if defined HAVE_ASSERT_H && !defined NDEBUG
279     #include <assert.h>
280         #define BUG_ON(x) assert(!(x))
281     #else
282         #define BUG_ON(x) do {      \
283             if (((x))) {            \
284                 fprintf(stderr, "BUG at %s:%d(%s)\n", __FILE__, __LINE__, __func__);    \
285                 fprintf(stderr, "Code: '%s'\n", xstr((x)));                             \
286                 exit(EXIT_FAILURE); \
287             }                       \
288         } while(0)
289     #endif
290 #endif
291 
292 /** type for the internal signature id. Since it's used in the matching engine
293  *  extensively keeping this as small as possible reduces the overall memory
294  *  footprint of the engine. Set to uint32_t if the engine needs to support
295  *  more than 64k sigs. */
296 //#define SigIntId uint16_t
297 #define SigIntId uint32_t
298 
299 /** same for pattern id's */
300 #define PatIntId uint32_t
301 
302 /** FreeBSD does not define __WORDSIZE, but it uses __LONG_BIT */
303 #ifndef __WORDSIZE
304     #ifdef __LONG_BIT
305         #define __WORDSIZE __LONG_BIT
306     #else
307         #ifdef LONG_BIT
308             #define __WORDSIZE LONG_BIT
309         #endif
310     #endif
311 #endif
312 
313 /** Windows does not define __WORDSIZE, but it uses __X86__ */
314 #ifndef __WORDSIZE
315     #if defined(__X86__) || defined(_X86_) || defined(_M_IX86)
316         #define __WORDSIZE 32
317     #else
318         #if defined(__X86_64__) || defined(_X86_64_) || \
319             defined(__x86_64)   || defined(__x86_64__) || \
320             defined(__amd64)    || defined(__amd64__)
321             #define __WORDSIZE 64
322         #endif
323     #endif
324 #endif
325 
326 /** if not succesful yet try the data models */
327 #ifndef __WORDSIZE
328     #if defined(_ILP32) || defined(__ILP32__)
329         #define __WORDSIZE 32
330     #endif
331     #if defined(_LP64) || defined(__LP64__)
332         #define __WORDSIZE 64
333     #endif
334 #endif
335 
336 #ifndef __WORDSIZE
337     #warning Defaulting to __WORDSIZE 32
338     #define __WORDSIZE 32
339 #endif
340 
341 /** darwin doesn't defined __BYTE_ORDER and friends, but BYTE_ORDER */
342 #ifndef __BYTE_ORDER
343     #if defined(BYTE_ORDER)
344         #define __BYTE_ORDER BYTE_ORDER
345     #elif defined(__BYTE_ORDER__)
346         #define __BYTE_ORDER __BYTE_ORDER__
347     #else
348         #error "byte order not detected"
349     #endif
350 #endif
351 
352 #ifndef __LITTLE_ENDIAN
353     #if defined(LITTLE_ENDIAN)
354         #define __LITTLE_ENDIAN LITTLE_ENDIAN
355     #elif defined(__ORDER_LITTLE_ENDIAN__)
356         #define __LITTLE_ENDIAN __ORDER_LITTLE_ENDIAN__
357     #endif
358 #endif
359 
360 #ifndef __BIG_ENDIAN
361     #if defined(BIG_ENDIAN)
362         #define __BIG_ENDIAN BIG_ENDIAN
363     #elif defined(__ORDER_BIG_ENDIAN__)
364         #define __BIG_ENDIAN __ORDER_BIG_ENDIAN__
365     #endif
366 #endif
367 
368 #if !defined(__LITTLE_ENDIAN) && !defined(__BIG_ENDIAN)
369     #error "byte order: can't figure out big or little"
370 #endif
371 
372 #ifndef HAVE_PCRE_FREE_STUDY
373 #define pcre_free_study pcre_free
374 #endif
375 
376 #ifndef MIN
377 #define MIN(x, y) (((x)<(y))?(x):(y))
378 #endif
379 
380 #ifndef MAX
381 #define MAX(x, y) (((x)<(y))?(y):(x))
382 #endif
383 
384 #define BIT_U8(n)  ((uint8_t)(1 << (n)))
385 #define BIT_U16(n) ((uint16_t)(1 << (n)))
386 #define BIT_U32(n) (1UL  << (n))
387 #define BIT_U64(n) (1ULL << (n))
388 
389 #define WARN_UNUSED __attribute__((warn_unused_result))
390 
391 #if defined(__MINGW32__)
392 #define ATTR_FMT_PRINTF(x, y) __attribute__((format(__MINGW_PRINTF_FORMAT, (x), (y))))
393 #elif defined(__GNUC__)
394 #define ATTR_FMT_PRINTF(x, y) __attribute__((format(printf, (x), (y))))
395 #else
396 #define ATTR_FMT_PRINTF(x, y)
397 #endif
398 
399 #define SCNtohl(x) (uint32_t)ntohl((x))
400 #define SCNtohs(x) (uint16_t)ntohs((x))
401 
402 /* swap flags if one of them is set, otherwise do nothing. */
403 #define SWAP_FLAGS(flags, a, b)                     \
404     do {                                            \
405         if (((flags) & ((a)|(b))) == (a)) {         \
406             (flags) &= ~(a);                        \
407             (flags) |= (b);                         \
408         } else if (((flags) & ((a)|(b))) == (b)) {  \
409             (flags) &= ~(b);                        \
410             (flags) |= (a);                         \
411         }                                           \
412     } while(0)
413 
414 #define SWAP_VARS(type, a, b)           \
415     do {                                \
416         type t = (a);                   \
417         (a) = (b);                      \
418         (b) = t;                        \
419     } while (0)
420 
421 typedef enum PacketProfileDetectId_ {
422     PROF_DETECT_SETUP,
423     PROF_DETECT_GETSGH,
424     PROF_DETECT_IPONLY,
425     PROF_DETECT_RULES,
426     PROF_DETECT_TX,
427     PROF_DETECT_PF_PKT,
428     PROF_DETECT_PF_PAYLOAD,
429     PROF_DETECT_PF_TX,
430     PROF_DETECT_PF_SORT1,
431     PROF_DETECT_PF_SORT2,
432     PROF_DETECT_NONMPMLIST,
433     PROF_DETECT_ALERT,
434     PROF_DETECT_TX_UPDATE,
435     PROF_DETECT_CLEANUP,
436 
437     PROF_DETECT_SIZE,
438 } PacketProfileDetectId;
439 
440 /** \note update PacketProfileLoggertIdToString if you change anything here */
441 typedef enum {
442     LOGGER_UNDEFINED,
443 
444     /* TX loggers first for low logger IDs */
445     LOGGER_DNS_TS,
446     LOGGER_DNS_TC,
447     LOGGER_HTTP,
448     LOGGER_TLS_STORE,
449     LOGGER_TLS,
450     LOGGER_JSON_DNS_TS,
451     LOGGER_JSON_DNS_TC,
452     LOGGER_JSON_HTTP,
453     LOGGER_JSON_SMTP,
454     LOGGER_JSON_TLS,
455     LOGGER_JSON_NFS,
456     LOGGER_JSON_TFTP,
457     LOGGER_JSON_FTP,
458     LOGGER_JSON_DNP3_TS,
459     LOGGER_JSON_DNP3_TC,
460     LOGGER_JSON_SSH,
461     LOGGER_JSON_SMB,
462     LOGGER_JSON_IKEV2,
463     LOGGER_JSON_KRB5,
464     LOGGER_JSON_DHCP,
465     LOGGER_JSON_SNMP,
466     LOGGER_JSON_SIP,
467     LOGGER_JSON_TEMPLATE_RUST,
468     LOGGER_JSON_RFB,
469     LOGGER_JSON_MQTT,
470     LOGGER_JSON_TEMPLATE,
471     LOGGER_JSON_RDP,
472     LOGGER_JSON_DCERPC,
473     LOGGER_JSON_HTTP2,
474 
475     LOGGER_ALERT_DEBUG,
476     LOGGER_ALERT_FAST,
477     LOGGER_UNIFIED2,
478     LOGGER_ALERT_SYSLOG,
479     LOGGER_DROP,
480     LOGGER_JSON_ALERT,
481     LOGGER_JSON_ANOMALY,
482     LOGGER_JSON_DROP,
483     LOGGER_FILE_STORE,
484     LOGGER_JSON_FILE,
485     LOGGER_TCP_DATA,
486     LOGGER_JSON_FLOW,
487     LOGGER_JSON_NETFLOW,
488     LOGGER_STATS,
489     LOGGER_JSON_STATS,
490     LOGGER_PRELUDE,
491     LOGGER_PCAP,
492     LOGGER_JSON_METADATA,
493     LOGGER_SIZE,
494 } LoggerId;
495 
496 #include "util-optimize.h"
497 #ifndef SURICATA_PLUGIN
498 #include <htp/htp.h>
499 #endif
500 #include "threads.h"
501 #include "tm-threads-common.h"
502 #include "util-debug.h"
503 #include "util-error.h"
504 #include "util-mem.h"
505 #ifndef SURICATA_PLUGIN
506 #include "detect-engine-alert.h"
507 #endif
508 #include "util-path.h"
509 #include "util-conf.h"
510 
511 #ifdef HAVE_LUA
512 #include <lua.h>
513 #include <lualib.h>
514 #include <lauxlib.h>
515 #else
516 /* If we don't have Lua, create a typedef for lua_State so the
517  * exported Lua functions don't fail the build. */
518 typedef void lua_State;
519 #endif
520 
521 #ifndef HAVE_STRLCAT
522 size_t strlcat(char *, const char *src, size_t siz);
523 #endif
524 #ifndef HAVE_STRLCPY
525 size_t strlcpy(char *dst, const char *src, size_t siz);
526 #endif
527 #ifndef HAVE_STRPTIME
528 char *strptime(const char * __restrict, const char * __restrict, struct tm * __restrict);
529 #endif
530 
531 #ifndef HAVE_FWRITE_UNLOCKED
532 #define SCFwriteUnlocked    fwrite
533 #define SCFflushUnlocked    fflush
534 #define SCClearErrUnlocked  clearerr
535 #define SCFerrorUnlocked    ferror
536 #else
537 #define SCFwriteUnlocked    fwrite_unlocked
538 #define SCFflushUnlocked    fflush_unlocked
539 #define SCClearErrUnlocked  clearerr_unlocked
540 #define SCFerrorUnlocked    ferror_unlocked
541 #endif
542 extern int coverage_unittests;
543 extern int g_ut_modules;
544 extern int g_ut_covered;
545 
546 #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof(arr[0]))
547 
548 #ifndef NAME_MAX
549 #define NAME_MAX 255
550 #endif
551 
552 #endif /* __SURICATA_COMMON_H__ */
553 
554