From: Jason Ish <jason.ish@oisf.net>
Date: Thu, 12 Sep 2024 20:25:01 +0000 (-0600)
Subject: examples/lib: update library example for ips drop
X-Git-Tag: suricata-8.0.0-beta1~139
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b100b4231555ee953b67a24ee39cd38b2f7feed5;p=thirdparty%2Fsuricata.git

examples/lib: update library example for ips drop

Add a release packet callback where the action can be checked for drop.

Ticket: #7240
---

diff --git a/examples/lib/custom/main.c b/examples/lib/custom/main.c
index 45b0bb5046..34d65d74cb 100644
--- a/examples/lib/custom/main.c
+++ b/examples/lib/custom/main.c
@@ -22,9 +22,35 @@
 #include "runmode-lib.h"
 #include "source-lib.h"
 #include "threadvars.h"
+#include "action-globals.h"
+#include "packet.h"
 
 static int worker_id = 1;
 
+/**
+ * Release packet callback.
+ *
+ * If there is any cleanup that needs to be done when Suricata is done
+ * with a packet, this is the place to do it.
+ *
+ * Important: If using a custom release function, you must also
+ * release or free the packet.
+ *
+ * Optionally this is where you would handle IPS like functionality
+ * such as forwarding the packet, or triggering some other mechanism
+ * to forward the packet.
+ */
+static void ReleasePacket(Packet *p)
+{
+    if (PacketCheckAction(p, ACTION_DROP)) {
+        SCLogNotice("Dropping packet!");
+    }
+
+    /* As we overode the default release function, we must release or
+     * free the packet. */
+    PacketFreeOrRelease(p);
+}
+
 /**
  * Suricata worker thread in library mode.
  * The functions should be wrapped in an API layer.
@@ -58,14 +84,42 @@ static void *SimpleWorker(void *arg)
     struct pcap_pkthdr pkthdr;
     const u_char *packet;
     while ((packet = pcap_next(fp, &pkthdr)) != NULL) {
-        if (TmModuleLibHandlePacket(tv, device, packet, datalink, pkthdr.ts, pkthdr.len, 0, 0) !=
-                0) {
-            pthread_exit(NULL);
+
+        Packet *p = PacketGetFromQueueOrAlloc();
+        if (unlikely(p == NULL)) {
+            /* Memory allocation error. */
+            goto done;
+        }
+
+        /* If we are processing a PCAP and it is the first packet we need to set the timestamp. */
+        SCTime_t timestamp = SCTIME_FROM_TIMEVAL(&pkthdr.ts);
+        if (count == 0) {
+            TmThreadsInitThreadsTimestamp(timestamp);
+        }
+
+        /* Setup the packet, these will become functions to avoid
+         * internal Packet access. */
+        PKT_SET_SRC(p, PKT_SRC_WIRE);
+        p->ts = SCTIME_FROM_TIMEVAL(&pkthdr.ts);
+        p->datalink = datalink;
+        p->livedev = device;
+        p->ReleasePacket = ReleasePacket;
+
+        if (PacketSetData(p, packet, pkthdr.len) == -1) {
+            TmqhOutputPacketpool(tv, p);
+            goto done;
+        }
+
+        if (TmThreadsSlotProcessPkt(tv, tv->tm_slots, p) != TM_ECODE_OK) {
+            TmqhOutputPacketpool(tv, p);
+            goto done;
         }
 
         (void)SC_ATOMIC_ADD(device->pkts, 1);
         count++;
     }
+
+done:
     pcap_close(fp);
 
     /* Cleanup. */