Permalink
Browse files

unix-manager: introduce unix command socket

This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
 * Client connects to the socket
 * It sends a version message: { "version": "$VERSION_ID" }
 * Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.

The format of command is the following:
 {
   "command": "pcap-file",
   "arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
 }
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
 {
   "return": "OK|NOK",
   "message": JSON_OBJECT or information string
 }

For now, only the "shutdown" command is implemented.
  • Loading branch information...
regit committed Feb 7, 2012
1 parent c91c359 commit 1a58eec318a842834a9252fbf4961a392cbad8a8
Showing with 522 additions and 0 deletions.
  1. +24 −0 configure.ac
  2. +2 −0 src/Makefile.am
  3. +8 −0 src/suricata.c
  4. +456 −0 src/unix-manager.c
  5. +32 −0 src/unix-manager.h
View
@@ -471,6 +471,16 @@ AC_INIT(configure.ac)
exit 1
fi
AC_CHECK_LIB(jansson, json_loads,, JANSSON="no")

This comment has been minimized.

@inliniac

inliniac Sep 19, 2012

Please add options to pass the include and lib dir for this as well.

This comment has been minimized.

@regit

regit Sep 20, 2012

Owner

Done.

if test "$JANSSON" = "no"; then
echo
echo " Unix socket command requires jansson: http://www.digip.org/jansson/"
echo
enable_unixsocket="no"
else
enable_unixsocket="yes"

This comment has been minimized.

@inliniac

inliniac Sep 19, 2012

I think this needs to be more generic. "enable_jansson". We'll likely use the lib for more purposes in the future.

This comment has been minimized.

@regit

regit Sep 19, 2012

Owner

No and yes:

  • Keeping the enable_unixsocket to be able to display it when it is build in.
  • Adding a more generic enable_jansson
fi
#enable support for NFQUEUE
AC_ARG_ENABLE(nfqueue,
AS_HELP_STRING([--enable-nfqueue], [Enable NFQUEUE support for inline IDP]),,[enable_nfqueue=no])
@@ -1267,6 +1277,19 @@ AC_INIT(configure.ac)
fi
fi
define([EXPAND_VARIABLE],

This comment has been minimized.

@inliniac

inliniac Sep 19, 2012

what does this do?

This comment has been minimized.

@regit

regit Sep 19, 2012

Owner

It is used to expand the variable in suricatasc.in when creating suricatasc. Basically this is the same technique as the one used my "make install-full".
Good catch anyway: EXPAND_VARIABLE was defined below and I've simplified the code. Furthermore this is code related to suricatasc which should be put in next patch.

This comment has been minimized.

@regit

regit Sep 20, 2012

Owner

I've merged the two commits (unix-socket introduction and adding suricatasc)

[$2=[$]$1
while true; do
case "[$]$2" in
*\[$]* ) eval "$2=[$]$2" ;;
*) break ;;
esac
done])dnl EXPAND_VARIABLE
EXPAND_VARIABLE(localstatedir,e_localstatedir)
AC_SUBST(e_localstatedir)
AC_SUBST(CFLAGS)
AC_SUBST(LDFLAGS)
AC_SUBST(CPPFLAGS)
@@ -1325,6 +1348,7 @@ Suricata Configuration:
IPFW support: ${enable_ipfw}
DAG enabled: ${enable_dag}
Napatech enabled: ${enable_napatech}
Unix socket enabled: ${enable_unixsocket}
libnss support: ${enable_nss}
libnspr support: ${enable_nspr}
View
@@ -252,6 +252,7 @@ util-file.c util-file.h \
util-path.c util-path.h \
util-buffer.c util-buffer.h \
util-crypt.c util-crypt.h \
unix-manager.c unix-manager.h \
tm-modules.c tm-modules.h \
tm-queues.c tm-queues.h \
tm-queuehandlers.c tm-queuehandlers.h \
@@ -378,6 +379,7 @@ endif
#suricata_CFLAGS = -Wall -fno-strict-aliasing
AM_CFLAGS = -DLOCAL_STATE_DIR=\"$(localstatedir)\"
if BUILD_UNITTESTS
check-am:
View
@@ -131,6 +131,7 @@
#include "pkt-var.h"
#include "host.h"
#include "unix-manager.h"
#include "app-layer-detect-proto.h"
#include "app-layer-parser.h"
@@ -1851,6 +1852,13 @@ int main(int argc, char **argv)
/* Spawn the flow manager thread */
FlowManagerThreadSpawn();
/* Spawn the unix socket manager thread */
int unix_socket = 0;
if (ConfGetBool("unix-command", &unix_socket) != 1)
unix_socket = 0;
if (unix_socket == 1) {
UnixManagerThreadSpawn();
}
StreamTcpInitConfig(STREAM_VERBOSE);
Oops, something went wrong.

0 comments on commit 1a58eec

Please sign in to comment.