博客主机

suricata 3.1 源码分析12

suricata 3.1 源码分析12
int engine_retval = EXIT_SUCCESS; while(1) { if (sigterm_count) { suricata_ctl_flags |= SURICATA_KILL; } else if (sigint_count) { suricata_ctl_flags |= SURICATA_STOP; } if (suricata_ctl_flags & (SURICATA_KILL | SURICATA_STOP)) { SCLogNotice("Signal Received. Stoppi...
博客主机

suricata 3.1 源码分析11

suricata 3.1 源码分析11
/* Wait till all the threads have been initialized */ if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) { SCLogError(SC_ERR_INITIALIZATION, "Engine initialization failed, " "aborting..."); exit(EXIT_FAILURE); } 等待子线程初始化完成。检查是否初始化完成的方式是遍历tv_root,调用TmThreadsCheckFlag检查子线程的状...

suricata 3.1 源码分析10

suricata 3.1 源码分析10
/* In Unix socket runmode, Flow manager is started on demand */ if (suri.run_mode != RUNMODE_UNIX_SOCKET) { /* Spawn the unix socket manager thread */ int unix_socket = 0; if (ConfGetBool("unix-command.enabled", &unix_socket) != 1) unix_socket = 0; if (unix_socket == 1) { Unix...

suricata 3.1 源码分析9

suricata 3.1 源码分析9
RunModeDispatch(suri.run_mode, suri.runmode_custom_mode) 初始化运行模式。首先,根据配置文件和程序中的默认值来配置运行模式(single、auto这些),而运行模式类 型(PCAP_DEV、PCAPFILE这些)也在之前已经确定了,因此运行模式已经固定下来,可以从runmodes表中获取到特定的RunMode 了,接着就调用RunMode中的RunModeFunc,进入当前运行模式的初始化函数。以PCAP_DEV类型下的autofp模式为例,该模...
Copyright © 九毛的官方博客 保留所有权利.   Theme  Ality

用户登录

分享到: