自学教程：C++ ConfNodeLookupChildValue函数代码示例

/** * /brief Create a new LogFileCtx for "fast" output style. * /param conf The configuration node for this output. * /return A LogFileCtx pointer on success, NULL on failure. */static OutputCtx *JsonAlertLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx){    AlertJsonThread *ajt = parent_ctx->data;    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL))        return NULL;    if (conf) {        const char *payload = ConfNodeLookupChildValue(conf, "payload");        const char *packet  = ConfNodeLookupChildValue(conf, "packet");        const char *payload_printable = ConfNodeLookupChildValue(conf, "payload-printable");        if (payload_printable != NULL) {            if (ConfValIsTrue(payload_printable)) {                ajt->file_ctx->flags |= LOG_JSON_PAYLOAD;            }        }        if (payload != NULL) {            if (ConfValIsTrue(payload)) {                ajt->file_ctx->flags |= LOG_JSON_PAYLOAD_BASE64;            }        }        if (packet != NULL) {            if (ConfValIsTrue(packet)) {                ajt->file_ctx->flags |= LOG_JSON_PACKET;            }        }    }    output_ctx->data = ajt->file_ctx;    output_ctx->DeInit = JsonAlertLogDeInitCtxSub;    return output_ctx;}

/** * /brief Create a new LogFileCtx for "fast" output style. * /param conf The configuration node for this output. * /return A LogFileCtx pointer on success, NULL on failure. */OutputCtx *AlertPcapInfoInitCtx(ConfNode *conf){    LogFileCtx *logfile_ctx = LogFileNewCtx();    if (logfile_ctx == NULL) {        SCLogDebug("AlertPcapInfoInitCtx2: Could not create new LogFileCtx");        return NULL;    }    const char *filename = ConfNodeLookupChildValue(conf, "filename");    if (filename == NULL)        filename = DEFAULT_LOG_FILENAME;    const char *mode = ConfNodeLookupChildValue(conf, "append");    if (mode == NULL)        mode = DEFAULT_PCAPINFO_MODE_APPEND;    if (AlertPcapInfoOpenFileCtx(logfile_ctx, filename, mode) < 0) {        LogFileFreeCtx(logfile_ctx);        return NULL;    }    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL))        return NULL;    output_ctx->data = logfile_ctx;    output_ctx->DeInit = AlertPcapInfoDeInitCtx;    SCLogInfo("Fast log output initialized, filename: %s", filename);    return output_ctx;}

/** /brief Create a new LogFileCtx for unified alert logging. *  /param conf The ConfNode for this output. *  /return NULL if failure, LogFileCtx* to the file_ctx if succesful * */OutputCtx *AlertUnifiedAlertInitCtx(ConfNode *conf){    int ret = 0;    LogFileCtx *file_ctx = NULL;    file_ctx = LogFileNewCtx();    if (file_ctx == NULL) {        SCLogError(SC_ERR_UNIFIED_ALERT_GENERIC, "Couldn't create new file_ctx");        goto error;    }    const char *filename = NULL;    if (conf != NULL)        filename = ConfNodeLookupChildValue(conf, "filename");    if (filename == NULL)        filename = DEFAULT_LOG_FILENAME;    file_ctx->prefix = SCStrdup(filename);    const char *s_limit = NULL;    uint32_t limit = DEFAULT_LIMIT;    if (conf != NULL) {        s_limit = ConfNodeLookupChildValue(conf, "limit");        if (s_limit != NULL) {            if (ByteExtractStringUint32(&limit, 10, 0, s_limit) == -1) {                SCLogError(SC_ERR_INVALID_ARGUMENT,                    "Fail to initialize unified alert output, invalid limit: %s",                    s_limit);                exit(EXIT_FAILURE);            }            if (limit < MIN_LIMIT) {                SCLogError(SC_ERR_INVALID_ARGUMENT,                    "Fail to initialize unified alert output, limit less than "                    "allowed minimum: %d.", MIN_LIMIT);                exit(EXIT_FAILURE);            }        }    }    file_ctx->size_limit = limit * 1024 * 1024;    ret = AlertUnifiedAlertOpenFileCtx(file_ctx, filename);    if (ret < 0)        goto error;    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (output_ctx == NULL)        goto error;    output_ctx->data = file_ctx;    output_ctx->DeInit = AlertUnifiedAlertDeInitCtx;    SCLogInfo("Unified-alert initialized: filename %s, limit %"PRIu32" MB",       filename, limit);    return output_ctx;error:    if (file_ctx != NULL) {        LogFileFreeCtx(file_ctx);    }    return NULL;}

void SCProfilingKeywordsGlobalInit(void) {    ConfNode *conf;    conf = ConfGetNode("profiling.keywords");    if (conf != NULL) {        if (ConfNodeChildValueIsTrue(conf, "enabled")) {            profiling_keyword_enabled = 1;            const char *filename = ConfNodeLookupChildValue(conf, "filename");            if (filename != NULL) {                char *log_dir;                log_dir = ConfigGetLogDirectory();                profiling_file_name = SCMalloc(PATH_MAX);                if (unlikely(profiling_file_name == NULL)) {                    SCLogError(SC_ERR_MEM_ALLOC, "can't duplicate file name");                    exit(EXIT_FAILURE);                }                snprintf(profiling_file_name, PATH_MAX, "%s/%s", log_dir, filename);                const char *v = ConfNodeLookupChildValue(conf, "append");                if (v == NULL || ConfValIsTrue(v)) {                    profiling_file_mode = "a";                } else {                    profiling_file_mode = "w";                }                profiling_keywords_output_to_file = 1;            }        }    }}

static OutputInitResult JsonDropLogInitCtx(ConfNode *conf){    OutputInitResult result = { NULL, false };    if (OutputDropLoggerEnable() != 0) {        SCLogError(SC_ERR_CONF_YAML_ERROR, "only one 'drop' logger "            "can be enabled");        return result;    }    JsonDropOutputCtx *drop_ctx = SCCalloc(1, sizeof(*drop_ctx));    if (drop_ctx == NULL)        return result;    drop_ctx->file_ctx = LogFileNewCtx();    if (drop_ctx->file_ctx == NULL) {        JsonDropOutputCtxFree(drop_ctx);        return result;    }    if (SCConfLogOpenGeneric(conf, drop_ctx->file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {        JsonDropOutputCtxFree(drop_ctx);        return result;    }    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        JsonDropOutputCtxFree(drop_ctx);        return result;    }    if (conf) {        const char *extended = ConfNodeLookupChildValue(conf, "alerts");        if (extended != NULL) {            if (ConfValIsTrue(extended)) {                drop_ctx->flags = LOG_DROP_ALERTS;            }        }        extended = ConfNodeLookupChildValue(conf, "flows");        if (extended != NULL) {            if (strcasecmp(extended, "start") == 0) {                g_droplog_flows_start = 1;            } else if (strcasecmp(extended, "all") == 0) {                g_droplog_flows_start = 0;            } else {                SCLogWarning(SC_ERR_CONF_YAML_ERROR, "valid options for "                        "'flow' are 'start' and 'all'");            }        }    }    output_ctx->data = drop_ctx;    output_ctx->DeInit = JsonDropLogDeInitCtx;    result.ctx = output_ctx;    result.ok = true;    return result;}

/** /brief Create a new http log LogFileCtx. *  /param conf Pointer to ConfNode containing this loggers configuration. *  /return NULL if failure, LogFileCtx* to the file_ctx if succesful * */OutputCtx *LogStatsLogInitCtx(ConfNode *conf){    LogFileCtx *file_ctx = LogFileNewCtx();    if (file_ctx == NULL) {        SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx");        return NULL;    }    if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {        LogFileFreeCtx(file_ctx);        return NULL;    }    LogStatsFileCtx *statslog_ctx = SCMalloc(sizeof(LogStatsFileCtx));    if (unlikely(statslog_ctx == NULL)) {        LogFileFreeCtx(file_ctx);        return NULL;    }    memset(statslog_ctx, 0x00, sizeof(LogStatsFileCtx));    statslog_ctx->flags = LOG_STATS_TOTALS;    if (conf != NULL) {        const char *totals = ConfNodeLookupChildValue(conf, "totals");        const char *threads = ConfNodeLookupChildValue(conf, "threads");        const char *nulls = ConfNodeLookupChildValue(conf, "null-values");        SCLogDebug("totals %s threads %s", totals, threads);        if (totals != NULL && ConfValIsFalse(totals)) {            statslog_ctx->flags &= ~LOG_STATS_TOTALS;        }        if (threads != NULL && ConfValIsTrue(threads)) {            statslog_ctx->flags |= LOG_STATS_THREADS;        }        if (nulls != NULL && ConfValIsTrue(nulls)) {            statslog_ctx->flags |= LOG_STATS_NULLS;        }        SCLogDebug("statslog_ctx->flags %08x", statslog_ctx->flags);    }    statslog_ctx->file_ctx = file_ctx;    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        LogFileFreeCtx(file_ctx);        SCFree(statslog_ctx);        return NULL;    }    output_ctx->data = statslog_ctx;    output_ctx->DeInit = LogStatsLogDeInitCtx;    SCLogDebug("STATS log output initialized");    return output_ctx;}

/** /brief Create a new http log LogFilestoreCtx. *  /param conf Pointer to ConfNode containing this loggers configuration. *  /return NULL if failure, LogFilestoreCtx* to the file_ctx if succesful * */static OutputCtx *LogFilestoreLogInitCtx(ConfNode *conf){    LogFileCtx *logfile_ctx = LogFileNewCtx();    if (logfile_ctx == NULL) {        SCLogDebug("Could not create new LogFilestoreCtx");        return NULL;    }    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL))        return NULL;    output_ctx->data = NULL;    output_ctx->DeInit = LogFilestoreLogDeInitCtx;    char *s_default_log_dir = NULL;    s_default_log_dir = ConfigGetLogDirectory();    const char *s_base_dir = NULL;    s_base_dir = ConfNodeLookupChildValue(conf, "log-dir");    if (s_base_dir == NULL || strlen(s_base_dir) == 0) {        strlcpy(g_logfile_base_dir,                s_default_log_dir, sizeof(g_logfile_base_dir));    } else {        if (PathIsAbsolute(s_base_dir)) {            strlcpy(g_logfile_base_dir,                    s_base_dir, sizeof(g_logfile_base_dir));        } else {            snprintf(g_logfile_base_dir, sizeof(g_logfile_base_dir),                    "%s/%s", s_default_log_dir, s_base_dir);        }    }    const char *force_magic = ConfNodeLookupChildValue(conf, "force-magic");    if (force_magic != NULL && ConfValIsTrue(force_magic)) {        FileForceMagicEnable();        SCLogInfo("forcing magic lookup for stored files");    }    const char *force_md5 = ConfNodeLookupChildValue(conf, "force-md5");    if (force_md5 != NULL && ConfValIsTrue(force_md5)) {#ifdef HAVE_NSS        FileForceMd5Enable();        SCLogInfo("forcing md5 calculation for stored files");#else        SCLogInfo("md5 calculation requires linking against libnss");#endif    }    SCLogInfo("storing files in %s", g_logfile_base_dir);    SCReturnPtr(output_ctx, "OutputCtx");}

OutputCtx *OutputStatsLogInit(ConfNode *conf){    LogFileCtx *file_ctx = LogFileNewCtx();    if(file_ctx == NULL) {        SCLogError(SC_ERR_STATS_LOG_GENERIC, "couldn't create new file_ctx");        return NULL;    }    if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {        LogFileFreeCtx(file_ctx);        return NULL;    }    OutputStatsCtx *stats_ctx = SCMalloc(sizeof(OutputStatsCtx));    if (unlikely(stats_ctx == NULL)) {        LogFileFreeCtx(file_ctx);        return NULL;    }    stats_ctx->flags = JSON_STATS_TOTALS;    if (conf != NULL) {        const char *totals = ConfNodeLookupChildValue(conf, "totals");        const char *threads = ConfNodeLookupChildValue(conf, "threads");        const char *deltas = ConfNodeLookupChildValue(conf, "deltas");        SCLogDebug("totals %s threads %s deltas %s", totals, threads, deltas);        if (totals != NULL && ConfValIsFalse(totals)) {            stats_ctx->flags &= ~JSON_STATS_TOTALS;        }        if (threads != NULL && ConfValIsTrue(threads)) {            stats_ctx->flags |= JSON_STATS_THREADS;        }        if (deltas != NULL && ConfValIsTrue(deltas)) {            stats_ctx->flags |= JSON_STATS_DELTAS;        }        SCLogDebug("stats_ctx->flags %08x", stats_ctx->flags);    }    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        LogFileFreeCtx(file_ctx);        SCFree(stats_ctx);        return NULL;    }    stats_ctx->file_ctx = file_ctx;    output_ctx->data = stats_ctx;    output_ctx->DeInit = OutputStatsLogDeinit;    return output_ctx;}

/** * /brief Create a new LogFileCtx for "syslog" output style. * * /param conf The configuration node for this output. * /return A OutputCtx pointer on success, NULL on failure. */OutputCtx *AlertSyslogInitCtx(ConfNode *conf){    const char *facility_s = ConfNodeLookupChildValue(conf, "facility");    if (facility_s == NULL) {        facility_s = DEFAULT_ALERT_SYSLOG_FACILITY_STR;    }    LogFileCtx *logfile_ctx = LogFileNewCtx();    if (logfile_ctx == NULL) {        SCLogDebug("AlertSyslogInitCtx: Could not create new LogFileCtx");        return NULL;    }    int facility = SCMapEnumNameToValue(facility_s, SCSyslogGetFacilityMap());    if (facility == -1) {        SCLogWarning(SC_ERR_INVALID_ARGUMENT, "Invalid syslog facility: /"%s/","                " now using /"%s/" as syslog facility", facility_s,                DEFAULT_ALERT_SYSLOG_FACILITY_STR);        facility = DEFAULT_ALERT_SYSLOG_FACILITY;    }    const char *level_s = ConfNodeLookupChildValue(conf, "level");    if (level_s != NULL) {        int level = SCMapEnumNameToValue(level_s, SCSyslogGetLogLevelMap());        if (level != -1) {            alert_syslog_level = level;        }    }    const char *ident = ConfNodeLookupChildValue(conf, "identity");    /* if null we just pass that to openlog, which will then     * figure it out by itself. */    openlog(ident, LOG_PID|LOG_NDELAY, facility);    OutputCtx *output_ctx = SCMalloc(sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        SCLogDebug("AlertSyslogInitCtx: Could not create new OutputCtx");        return NULL;    }    memset(output_ctx, 0x00, sizeof(OutputCtx));    output_ctx->data = logfile_ctx;    output_ctx->DeInit = AlertSyslogDeInitCtx;    SCLogInfo("Syslog output initialized");    return output_ctx;}

OutputCtx *OutputStatsLogInitSub(ConfNode *conf, OutputCtx *parent_ctx){    AlertJsonThread *ajt = parent_ctx->data;    OutputStatsCtx *stats_ctx = SCMalloc(sizeof(OutputStatsCtx));    if (unlikely(stats_ctx == NULL))        return NULL;    stats_ctx->flags = JSON_STATS_TOTALS;    if (conf != NULL) {        const char *totals = ConfNodeLookupChildValue(conf, "totals");        const char *threads = ConfNodeLookupChildValue(conf, "threads");        const char *deltas = ConfNodeLookupChildValue(conf, "deltas");        SCLogDebug("totals %s threads %s deltas %s", totals, threads, deltas);        if ((totals != NULL && ConfValIsFalse(totals)) &&                (threads != NULL && ConfValIsFalse(threads))) {            SCFree(stats_ctx);            SCLogError(SC_ERR_JSON_STATS_LOG_NEGATED,                    "Cannot disable both totals and threads in stats logging");            return NULL;        }        if (totals != NULL && ConfValIsFalse(totals)) {            stats_ctx->flags &= ~JSON_STATS_TOTALS;        }        if (threads != NULL && ConfValIsTrue(threads)) {            stats_ctx->flags |= JSON_STATS_THREADS;        }        if (deltas != NULL && ConfValIsTrue(deltas)) {            stats_ctx->flags |= JSON_STATS_DELTAS;        }        SCLogDebug("stats_ctx->flags %08x", stats_ctx->flags);    }    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        SCFree(stats_ctx);        return NULL;    }    stats_ctx->file_ctx = ajt->file_ctx;    output_ctx->data = stats_ctx;    output_ctx->DeInit = OutputStatsLogDeinitSub;    return output_ctx;}

OutputCtx *OutputTlsLogInitSub(ConfNode *conf, OutputCtx *parent_ctx){    OutputJsonCtx *ojc = parent_ctx->data;    OutputTlsCtx *tls_ctx = SCMalloc(sizeof(OutputTlsCtx));    if (unlikely(tls_ctx == NULL))        return NULL;    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        SCFree(tls_ctx);        return NULL;    }    tls_ctx->file_ctx = ojc->file_ctx;    tls_ctx->flags = LOG_TLS_DEFAULT;    if (conf) {        const char *extended = ConfNodeLookupChildValue(conf, "extended");        if (extended != NULL) {            if (ConfValIsTrue(extended)) {                tls_ctx->flags = LOG_TLS_EXTENDED;            }        }    }    output_ctx->data = tls_ctx;    output_ctx->DeInit = OutputTlsLogDeinitSub;    AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);    return output_ctx;}

OutputCtx *OutputHttpLogInitSub(ConfNode *conf, OutputCtx *parent_ctx){    AlertJsonThread *ajt = parent_ctx->data;    LogHttpFileCtx *http_ctx = SCMalloc(sizeof(LogHttpFileCtx));    if (unlikely(http_ctx == NULL))        return NULL;    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        SCFree(http_ctx);        return NULL;    }    http_ctx->file_ctx = ajt->file_ctx;    http_ctx->flags = LOG_HTTP_DEFAULT;    if (conf) {        const char *extended = ConfNodeLookupChildValue(conf, "extended");        if (extended != NULL) {            if (ConfValIsTrue(extended)) {                http_ctx->flags = LOG_HTTP_EXTENDED;            }        }    }    output_ctx->data = http_ctx;    output_ctx->DeInit = NULL;    /* enable the logger for the app layer */    AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP);    return output_ctx;}

static OutputCtx *JsonDropLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ctx){    if (OutputDropLoggerEnable() != 0) {        SCLogError(SC_ERR_CONF_YAML_ERROR, "only one 'drop' logger "            "can be enabled");        return NULL;    }    AlertJsonThread *ajt = parent_ctx->data;    JsonDropOutputCtx *drop_ctx = SCCalloc(1, sizeof(*drop_ctx));    if (drop_ctx == NULL)        return NULL;    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        JsonDropOutputCtxFree(drop_ctx);        return NULL;    }    if (conf) {        const char *extended = ConfNodeLookupChildValue(conf, "alerts");        if (extended != NULL) {            if (ConfValIsTrue(extended)) {                drop_ctx->flags = LOG_DROP_ALERTS;            }        }    }    drop_ctx->file_ctx = ajt->file_ctx;    output_ctx->data = drop_ctx;    output_ctx->DeInit = JsonDropLogDeInitCtxSub;    return output_ctx;}

/** /brief Create a new http log LogFileCtx. *  /param conf Pointer to ConfNode containing this loggers configuration. *  /return NULL if failure, LogFileCtx* to the file_ctx if succesful * */OutputCtx *OutputFileLogInitSub(ConfNode *conf, OutputCtx *parent_ctx){    OutputJsonCtx *ojc = parent_ctx->data;    OutputFileCtx *output_file_ctx = SCMalloc(sizeof(OutputFileCtx));    if (unlikely(output_file_ctx == NULL))        return NULL;    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        SCFree(output_file_ctx);        return NULL;    }    output_file_ctx->file_ctx = ojc->file_ctx;    if (conf) {        const char *force_filestore = ConfNodeLookupChildValue(conf, "force-filestore");        if (force_filestore != NULL && ConfValIsTrue(force_filestore)) {            FileForceFilestoreEnable();            SCLogInfo("forcing filestore of all files");        }        const char *force_magic = ConfNodeLookupChildValue(conf, "force-magic");        if (force_magic != NULL && ConfValIsTrue(force_magic)) {            FileForceMagicEnable();            SCLogInfo("forcing magic lookup for logged files");        }        const char *force_md5 = ConfNodeLookupChildValue(conf, "force-md5");        if (force_md5 != NULL && ConfValIsTrue(force_md5)) {#ifdef HAVE_NSS            FileForceMd5Enable();            SCLogInfo("forcing md5 calculation for logged files");#else            SCLogInfo("md5 calculation requires linking against libnss");#endif        }    }    output_ctx->data = output_file_ctx;    output_ctx->DeInit = OutputFileLogDeinitSub;    FileForceTrackingEnable();    return output_ctx;}

/** /brief Create a new http log LogFileCtx. *  /param conf Pointer to ConfNode containing this loggers configuration. *  /return NULL if failure, LogFileCtx* to the file_ctx if succesful * */static OutputCtx *LogFileLogInitCtx(ConfNode *conf){    LogFileCtx *logfile_ctx = LogFileNewCtx();    if (logfile_ctx == NULL) {        SCLogDebug("Could not create new LogFileCtx");        return NULL;    }    if (SCConfLogOpenGeneric(conf, logfile_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {        LogFileFreeCtx(logfile_ctx);        return NULL;    }    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL))        return NULL;    output_ctx->data = logfile_ctx;    output_ctx->DeInit = LogFileLogDeInitCtx;    const char *force_filestore = ConfNodeLookupChildValue(conf, "force-filestore");    if (force_filestore != NULL && ConfValIsTrue(force_filestore)) {        FileForceFilestoreEnable();        SCLogInfo("forcing filestore of all files");    }    const char *force_magic = ConfNodeLookupChildValue(conf, "force-magic");    if (force_magic != NULL && ConfValIsTrue(force_magic)) {        FileForceMagicEnable();        SCLogInfo("forcing magic lookup for logged files");    }    const char *force_md5 = ConfNodeLookupChildValue(conf, "force-md5");    if (force_md5 != NULL && ConfValIsTrue(force_md5)) {#ifdef HAVE_NSS        FileForceMd5Enable();        SCLogInfo("forcing md5 calculation for logged files");#else        SCLogInfo("md5 calculation requires linking against libnss");#endif    }    FileForceTrackingEnable();    SCReturnPtr(output_ctx, "OutputCtx");}

/** * /brief Sets up the rule analyzer according to the config * /retval 1 if rule analyzer successfully enabled * /retval 0 if not enabled */int SetupRuleAnalyzer(void){    ConfNode *conf = ConfGetNode("engine-analysis");    int enabled = 0;    if (conf != NULL) {        const char *value = ConfNodeLookupChildValue(conf, "rules");        if (value && ConfValIsTrue(value)) {            enabled = 1;        } else if (value && strcasecmp(value, "warnings-only") == 0) {            enabled = 1;            rule_warnings_only = 1;        }        if (enabled) {            char *log_dir;            log_dir = ConfigGetLogDirectory();            snprintf(log_path, sizeof(log_path), "%s/%s", log_dir, "rules_analysis.txt");            rule_engine_analysis_FD = fopen(log_path, "w");            if (rule_engine_analysis_FD == NULL) {                SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", log_path, strerror(errno));                return 0;            }            SCLogInfo("Engine-Analysis for rules printed to file - %s",                      log_path);            struct timeval tval;            struct tm *tms;            gettimeofday(&tval, NULL);            struct tm local_tm;            tms = SCLocalTime(tval.tv_sec, &local_tm);            fprintf(rule_engine_analysis_FD, "----------------------------------------------"                    "---------------------/n");            fprintf(rule_engine_analysis_FD, "Date: %" PRId32 "/%" PRId32 "/%04d -- "                    "%02d:%02d:%02d/n",                    tms->tm_mday, tms->tm_mon + 1, tms->tm_year + 1900, tms->tm_hour,                    tms->tm_min, tms->tm_sec);            fprintf(rule_engine_analysis_FD, "----------------------------------------------"                    "---------------------/n");            /*compile regex's for rule analysis*/            if (PerCentEncodingSetup()== 0) {                fprintf(rule_engine_analysis_FD, "Error compiling regex; can't check for percent encoding in normalized http content./n");            }        }    }    else {        SCLogInfo("Conf parameter /"engine-analysis.rules/" not found. "                                      "Defaulting to not printing the rules analysis report.");    }    if (!enabled) {        SCLogInfo("Engine-Analysis for rules disabled in conf file.");        return 0;    }    return 1;}

/** *  /brief Create a new LogFileCtx for alert debug logging. * *  /param ConfNode containing configuration for this logger. * *  /return output_ctx if succesful, NULL otherwise */OutputCtx *AlertDebugLogInitCtx(ConfNode *conf){    int ret = 0;    LogFileCtx *file_ctx = NULL;    file_ctx = LogFileNewCtx();    if(file_ctx == NULL) {        SCLogDebug("couldn't create new file_ctx");        goto error;    }    const char *filename = ConfNodeLookupChildValue(conf, "filename");    if (filename == NULL)        filename = DEFAULT_LOG_FILENAME;    const char *mode = ConfNodeLookupChildValue(conf, "append");    if (mode == NULL)        mode = DEFAULT_LOG_MODE_APPEND;    /** fill the new LogFileCtx with the specific AlertDebugLog configuration */    ret = AlertDebugLogOpenFileCtx(file_ctx, filename, mode);    if(ret < 0)        goto error;    OutputCtx *output_ctx = SCMalloc(sizeof(OutputCtx));    if (output_ctx == NULL)        goto error;    memset(output_ctx, 0x00, sizeof(OutputCtx));    output_ctx->data = file_ctx;    output_ctx->DeInit = AlertDebugLogDeInitCtx;    return output_ctx;error:    if (file_ctx != NULL) {        LogFileFreeCtx(file_ctx);    }    return NULL;}

/** /brief Create a new tls log LogFileCtx. *  /param conf Pointer to ConfNode containing this loggers configuration. *  /return NULL if failure, LogFileCtx* to the file_ctx if succesful * */static OutputCtx *LogTlsLogInitCtx(ConfNode *conf){    if (OutputTlsLoggerEnable() != 0) {        SCLogError(SC_ERR_CONF_YAML_ERROR, "only one 'tls' logger "            "can be enabled");        return NULL;    }    LogFileCtx* file_ctx = LogFileNewCtx();    if (file_ctx == NULL) {        SCLogError(SC_ERR_TLS_LOG_GENERIC, "LogTlsLogInitCtx: Couldn't "        "create new file_ctx");        return NULL;    }    if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {        goto filectx_error;    }    LogTlsFileCtx *tlslog_ctx = SCCalloc(1, sizeof(LogTlsFileCtx));    if (unlikely(tlslog_ctx == NULL))        goto filectx_error;    tlslog_ctx->file_ctx = file_ctx;    const char *extended = ConfNodeLookupChildValue(conf, "extended");    if (extended == NULL) {        tlslog_ctx->flags |= LOG_TLS_DEFAULT;    } else {        if (ConfValIsTrue(extended)) {            tlslog_ctx->flags |= LOG_TLS_EXTENDED;        }    }    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL))        goto tlslog_error;    output_ctx->data = tlslog_ctx;    output_ctx->DeInit = LogTlsLogDeInitCtx;    SCLogDebug("TLS log output initialized");    /* enable the logger for the app layer */    AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);    return output_ctx;tlslog_error:    SCFree(tlslog_ctx);filectx_error:    LogFileFreeCtx(file_ctx);    return NULL;}

/** /brief Create a new http log LogFileCtx. *  /param conf Pointer to ConfNode containing this loggers configuration. *  /return NULL if failure, LogFileCtx* to the file_ctx if succesful * */static OutputCtx *OutputFileLogInitSub(ConfNode *conf, OutputCtx *parent_ctx){    OutputJsonCtx *ojc = parent_ctx->data;    OutputFileCtx *output_file_ctx = SCMalloc(sizeof(OutputFileCtx));    if (unlikely(output_file_ctx == NULL))        return NULL;    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        SCFree(output_file_ctx);        return NULL;    }    output_file_ctx->file_ctx = ojc->file_ctx;    if (conf) {        const char *force_filestore = ConfNodeLookupChildValue(conf, "force-filestore");        if (force_filestore != NULL && ConfValIsTrue(force_filestore)) {            FileForceFilestoreEnable();            SCLogConfig("forcing filestore of all files");        }        const char *force_magic = ConfNodeLookupChildValue(conf, "force-magic");        if (force_magic != NULL && ConfValIsTrue(force_magic)) {            FileForceMagicEnable();            SCLogConfig("forcing magic lookup for logged files");        }        FileForceHashParseCfg(conf);    }    output_ctx->data = output_file_ctx;    output_ctx->DeInit = OutputFileLogDeinitSub;    FileForceTrackingEnable();    return output_ctx;}

OutputCtx *OutputTlsLogInit(ConfNode *conf){    if (OutputTlsLoggerEnable() != 0) {        SCLogError(SC_ERR_CONF_YAML_ERROR, "only one 'tls' logger "            "can be enabled");        return NULL;    }    LogFileCtx *file_ctx = LogFileNewCtx();    if(file_ctx == NULL) {        SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx");        return NULL;    }    if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME) < 0) {        LogFileFreeCtx(file_ctx);        return NULL;    }    OutputTlsCtx *tls_ctx = SCMalloc(sizeof(OutputTlsCtx));    if (unlikely(tls_ctx == NULL)) {        LogFileFreeCtx(file_ctx);        return NULL;    }    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        LogFileFreeCtx(file_ctx);        SCFree(tls_ctx);        return NULL;    }    tls_ctx->file_ctx = file_ctx;    tls_ctx->flags = LOG_TLS_DEFAULT;    if (conf) {        const char *extended = ConfNodeLookupChildValue(conf, "extended");        if (extended != NULL) {            if (ConfValIsTrue(extended)) {                tls_ctx->flags = LOG_TLS_EXTENDED;            }        }    }    output_ctx->data = tls_ctx;    output_ctx->DeInit = OutputTlsLogDeinit;    return output_ctx;}

OutputCtx *OutputHttpLogInit(ConfNode *conf){    LogFileCtx *file_ctx = LogFileNewCtx();    if(file_ctx == NULL) {        SCLogError(SC_ERR_HTTP_LOG_GENERIC, "couldn't create new file_ctx");        return NULL;    }    if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME) < 0) {        LogFileFreeCtx(file_ctx);        return NULL;    }    LogHttpFileCtx *http_ctx = SCMalloc(sizeof(LogHttpFileCtx));    if (unlikely(http_ctx == NULL)) {        LogFileFreeCtx(file_ctx);        return NULL;    }    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        LogFileFreeCtx(file_ctx);        SCFree(http_ctx);        return NULL;    }    http_ctx->file_ctx = file_ctx;    http_ctx->flags = LOG_HTTP_DEFAULT;    if (conf) {        const char *extended = ConfNodeLookupChildValue(conf, "extended");        if (extended != NULL) {            if (ConfValIsTrue(extended)) {                http_ctx->flags = LOG_HTTP_EXTENDED;            }        }    }    output_ctx->data = http_ctx;    output_ctx->DeInit = NULL;    /* enable the logger for the app layer */    AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_HTTP);    return output_ctx;}

OutputCtx *OutputTlsLogInit(ConfNode *conf){    LogFileCtx *file_ctx = LogFileNewCtx();    if(file_ctx == NULL) {        SCLogError(SC_ERR_TLS_LOG_GENERIC, "couldn't create new file_ctx");        return NULL;    }    if (SCConfLogOpenGeneric(conf, file_ctx, DEFAULT_LOG_FILENAME, 1) < 0) {        LogFileFreeCtx(file_ctx);        return NULL;    }    OutputTlsCtx *tls_ctx = SCMalloc(sizeof(OutputTlsCtx));    if (unlikely(tls_ctx == NULL)) {        LogFileFreeCtx(file_ctx);        return NULL;    }    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        LogFileFreeCtx(file_ctx);        SCFree(tls_ctx);        return NULL;    }    tls_ctx->file_ctx = file_ctx;    tls_ctx->flags = LOG_TLS_DEFAULT;    if (conf) {        const char *extended = ConfNodeLookupChildValue(conf, "extended");        if (extended != NULL) {            if (ConfValIsTrue(extended)) {                tls_ctx->flags = LOG_TLS_EXTENDED;            }        }    }    output_ctx->data = tls_ctx;    output_ctx->DeInit = OutputTlsLogDeinit;    AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_TLS);    return output_ctx;}

/** * /brief Create a new LogFileCtx for "fast" output style. * /param conf The configuration node for this output. * /return A LogFileCtx pointer on success, NULL on failure. */OutputCtx *OutputJsonInitCtx(ConfNode *conf){    OutputJsonCtx *json_ctx = SCCalloc(1, sizeof(OutputJsonCtx));;    if (unlikely(json_ctx == NULL)) {        SCLogDebug("AlertJsonInitCtx: Could not create new LogFileCtx");        return NULL;    }    json_ctx->file_ctx = LogFileNewCtx();    if (unlikely(json_ctx->file_ctx == NULL)) {        SCLogDebug("AlertJsonInitCtx: Could not create new LogFileCtx");        SCFree(json_ctx);        return NULL;    }    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL)) {        LogFileFreeCtx(json_ctx->file_ctx);        SCFree(json_ctx);        return NULL;    }    output_ctx->data = json_ctx;    output_ctx->DeInit = OutputJsonDeInitCtx;    if (conf) {        const char *output_s = ConfNodeLookupChildValue(conf, "type");        if (output_s != NULL) {            if (strcmp(output_s, "file") == 0) {                json_ctx->json_out = ALERT_FILE;            } else if (strcmp(output_s, "syslog") == 0) {                json_ctx->json_out = ALERT_SYSLOG;            } else if (strcmp(output_s, "unix_dgram") == 0) {                json_ctx->json_out = ALERT_UNIX_DGRAM;            } else if (strcmp(output_s, "unix_stream") == 0) {                json_ctx->json_out = ALERT_UNIX_STREAM;            } else {                SCLogError(SC_ERR_INVALID_ARGUMENT,                           "Invalid JSON output option: %s", output_s);                exit(EXIT_FAILURE);            }        }        if (json_ctx->json_out == ALERT_FILE) {            if (SCConfLogOpenGeneric(conf, json_ctx->file_ctx, DEFAULT_LOG_FILENAME) < 0) {                LogFileFreeCtx(json_ctx->file_ctx);                SCFree(json_ctx);                SCFree(output_ctx);                return NULL;            }            const char *format_s = ConfNodeLookupChildValue(conf, "format");            if (format_s != NULL) {                if (strcmp(format_s, "indent") == 0) {                    json_ctx->format = INDENT;                } else if (strcmp(format_s, "compact") == 0) {                    json_ctx->format = COMPACT;                } else {                    SCLogError(SC_ERR_INVALID_ARGUMENT,                               "Invalid JSON format option: %s", format_s);                    exit(EXIT_FAILURE);                }            }        } else if (json_out == ALERT_SYSLOG) {            const char *facility_s = ConfNodeLookupChildValue(conf, "facility");            if (facility_s == NULL) {                facility_s = DEFAULT_ALERT_SYSLOG_FACILITY_STR;            }            int facility = SCMapEnumNameToValue(facility_s, SCSyslogGetFacilityMap());            if (facility == -1) {                SCLogWarning(SC_ERR_INVALID_ARGUMENT, "Invalid syslog facility: /"%s/","                        " now using /"%s/" as syslog facility", facility_s,                        DEFAULT_ALERT_SYSLOG_FACILITY_STR);                facility = DEFAULT_ALERT_SYSLOG_FACILITY;            }            const char *level_s = ConfNodeLookupChildValue(conf, "level");            if (level_s != NULL) {                int level = SCMapEnumNameToValue(level_s, SCSyslogGetLogLevelMap());                if (level != -1) {                    alert_syslog_level = level;                }            }            const char *ident = ConfNodeLookupChildValue(conf, "identity");            /* if null we just pass that to openlog, which will then             * figure it out by itself. */            openlog(ident, LOG_PID|LOG_NDELAY, facility);        }        const char *sensor_id_s = ConfNodeLookupChildValue(conf, "sensor-id");//.........这里部分代码省略.........

/** * /brief Initialize profiling. */voidSCProfilingInit(void){    ConfNode *conf;    SC_ATOMIC_INIT(samples);    intmax_t rate_v = 0;    (void)ConfGetInt("profiling.sample-rate", &rate_v);    if (rate_v > 0 && rate_v < INT_MAX) {        rate = (int)rate_v;        if (rate != 1)            SCLogInfo("profiling runs for every %dth packet", rate);        else            SCLogInfo("profiling runs for every packet");    }    conf = ConfGetNode("profiling.packets");    if (conf != NULL) {        if (ConfNodeChildValueIsTrue(conf, "enabled")) {            profiling_packets_enabled = 1;            if (pthread_mutex_init(&packet_profile_lock, NULL) != 0) {                SCLogError(SC_ERR_MUTEX,                        "Failed to initialize packet profiling mutex.");                exit(EXIT_FAILURE);            }            memset(&packet_profile_data4, 0, sizeof(packet_profile_data4));            memset(&packet_profile_data6, 0, sizeof(packet_profile_data6));            memset(&packet_profile_tmm_data4, 0, sizeof(packet_profile_tmm_data4));            memset(&packet_profile_tmm_data6, 0, sizeof(packet_profile_tmm_data6));            memset(&packet_profile_app_data4, 0, sizeof(packet_profile_app_data4));            memset(&packet_profile_app_data6, 0, sizeof(packet_profile_app_data6));            memset(&packet_profile_app_pd_data4, 0, sizeof(packet_profile_app_pd_data4));            memset(&packet_profile_app_pd_data6, 0, sizeof(packet_profile_app_pd_data6));            memset(&packet_profile_detect_data4, 0, sizeof(packet_profile_detect_data4));            memset(&packet_profile_detect_data6, 0, sizeof(packet_profile_detect_data6));            memset(&packet_profile_log_data4, 0, sizeof(packet_profile_log_data4));            memset(&packet_profile_log_data6, 0, sizeof(packet_profile_log_data6));            memset(&packet_profile_flowworker_data, 0, sizeof(packet_profile_flowworker_data));            const char *filename = ConfNodeLookupChildValue(conf, "filename");            if (filename != NULL) {                char *log_dir;                log_dir = ConfigGetLogDirectory();                profiling_packets_file_name = SCMalloc(PATH_MAX);                if (unlikely(profiling_packets_file_name == NULL)) {                    SCLogError(SC_ERR_MEM_ALLOC, "can't duplicate file name");                    exit(EXIT_FAILURE);                }                snprintf(profiling_packets_file_name, PATH_MAX, "%s/%s", log_dir, filename);                const char *v = ConfNodeLookupChildValue(conf, "append");                if (v == NULL || ConfValIsTrue(v)) {                    profiling_packets_file_mode = "a";                } else {                    profiling_packets_file_mode = "w";                }                profiling_packets_output_to_file = 1;            }        }        conf = ConfGetNode("profiling.packets.csv");        if (conf != NULL) {            if (ConfNodeChildValueIsTrue(conf, "enabled")) {                const char *filename = ConfNodeLookupChildValue(conf, "filename");                if (filename == NULL) {                    filename = "packet_profile.csv";                }                char *log_dir;                log_dir = ConfigGetLogDirectory();                profiling_csv_file_name = SCMalloc(PATH_MAX);                if (unlikely(profiling_csv_file_name == NULL)) {                    SCLogError(SC_ERR_MEM_ALLOC, "out of memory");                    exit(EXIT_FAILURE);                }                snprintf(profiling_csv_file_name, PATH_MAX, "%s/%s", log_dir, filename);                packet_profile_csv_fp = fopen(profiling_csv_file_name, "w");                if (packet_profile_csv_fp == NULL) {                    return;                }                fprintf(packet_profile_csv_fp, "pcap_cnt,ipver,ipproto,total,");                int i;                for (i = 0; i < TMM_SIZE; i++) {                    fprintf(packet_profile_csv_fp, "%s,", TmModuleTmmIdToString(i));                }                fprintf(packet_profile_csv_fp, "threading,");                for (i = 0; i < ALPROTO_MAX; i++) {                    fprintf(packet_profile_csv_fp, "%s,", AppProtoToString(i));//.........这里部分代码省略.........

static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf){    HttpXFFCfg *xff_cfg = NULL;    xff_cfg = SCMalloc(sizeof(HttpXFFCfg));    if (unlikely(xff_cfg == NULL)) {        return;    }    memset(xff_cfg, 0, sizeof(HttpXFFCfg));    json_output_ctx->xff_cfg = xff_cfg;    uint32_t payload_buffer_size = JSON_STREAM_BUFFER_SIZE;    if (conf != NULL) {        const char *payload = ConfNodeLookupChildValue(conf, "payload");        const char *payload_buffer_value = ConfNodeLookupChildValue(conf, "payload-buffer-size");        const char *packet  = ConfNodeLookupChildValue(conf, "packet");        const char *payload_printable = ConfNodeLookupChildValue(conf, "payload-printable");        const char *http = ConfNodeLookupChildValue(conf, "http");        const char *tls = ConfNodeLookupChildValue(conf, "tls");        const char *ssh = ConfNodeLookupChildValue(conf, "ssh");        const char *smtp = ConfNodeLookupChildValue(conf, "smtp");        const char *tagged_packets = ConfNodeLookupChildValue(conf, "tagged-packets");        if (ssh != NULL) {            if (ConfValIsTrue(ssh)) {                json_output_ctx->flags |= LOG_JSON_SSH;            }        }        if (tls != NULL) {            if (ConfValIsTrue(tls)) {                json_output_ctx->flags |= LOG_JSON_TLS;            }        }        if (http != NULL) {            if (ConfValIsTrue(http)) {                json_output_ctx->flags |= LOG_JSON_HTTP;            }        }        if (smtp != NULL) {            if (ConfValIsTrue(smtp)) {                json_output_ctx->flags |= LOG_JSON_SMTP;            }        }        if (payload_printable != NULL) {            if (ConfValIsTrue(payload_printable)) {                json_output_ctx->flags |= LOG_JSON_PAYLOAD;            }        }        if (payload != NULL) {            if (ConfValIsTrue(payload)) {                json_output_ctx->flags |= LOG_JSON_PAYLOAD_BASE64;            }        }        if (payload_buffer_value != NULL) {            uint32_t value;            if (ParseSizeStringU32(payload_buffer_value, &value) < 0) {                SCLogError(SC_ERR_ALERT_PAYLOAD_BUFFER, "Error parsing "                           "payload-buffer-size - %s. Killing engine",                           payload_buffer_value);                exit(EXIT_FAILURE);            } else {                payload_buffer_size = value;            }        }        if (packet != NULL) {            if (ConfValIsTrue(packet)) {                json_output_ctx->flags |= LOG_JSON_PACKET;            }        }        if (tagged_packets != NULL) {            if (ConfValIsTrue(tagged_packets)) {                json_output_ctx->flags |= LOG_JSON_TAGGED_PACKETS;            }        }	json_output_ctx->payload_buffer_size = payload_buffer_size;        HttpXFFGetCfg(conf, xff_cfg);    }}

static void *MpmCudaConfParse(ConfNode *node){    const char *value;    MpmCudaConf *conf = SCMalloc(sizeof(MpmCudaConf));    if (unlikely(conf == NULL))        exit(EXIT_FAILURE);    memset(conf, 0, sizeof(*conf));    if (node != NULL)        value = ConfNodeLookupChildValue(node, "data-buffer-size-min-limit");    else        value = NULL;    if (value == NULL) {        /* default */        conf->data_buffer_size_min_limit = UTIL_MPM_CUDA_DATA_BUFFER_SIZE_MIN_LIMIT_DEFAULT;    } else if (ParseSizeStringU16(value, &conf->data_buffer_size_min_limit) < 0) {        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."                   "data-buffer-size-min-limit - /"%s/"", node->name, value);        exit(EXIT_FAILURE);    }    if (node != NULL)        value = ConfNodeLookupChildValue(node, "data-buffer-size-max-limit");    else        value = NULL;    if (value == NULL) {        /* default */        conf->data_buffer_size_max_limit = UTIL_MPM_CUDA_DATA_BUFFER_SIZE_MAX_LIMIT_DEFAULT;    } else if (ParseSizeStringU16(value, &conf->data_buffer_size_max_limit) < 0) {        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."                   "data-buffer-size-max-limit - /"%s/"", node->name, value);        exit(EXIT_FAILURE);    }    if (node != NULL)        value = ConfNodeLookupChildValue(node, "cudabuffer-buffer-size");    else        value = NULL;    if (value == NULL) {        /* default */        conf->cb_buffer_size = UTIL_MPM_CUDA_CUDA_BUFFER_DBUFFER_SIZE_DEFAULT;    } else if (ParseSizeStringU32(value, &conf->cb_buffer_size) < 0) {        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."                   "cb-buffer-size - /"%s/"", node->name, value);        exit(EXIT_FAILURE);    }    if (node != NULL)        value = ConfNodeLookupChildValue(node, "gpu-transfer-size");    else        value = NULL;    if (value == NULL) {        /* default */        conf->gpu_transfer_size = UTIL_MPM_CUDA_GPU_TRANSFER_SIZE;    } else if (ParseSizeStringU32(value, &conf->gpu_transfer_size) < 0) {        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."                   "gpu-transfer-size - /"%s/"", node->name, value);        exit(EXIT_FAILURE);    }    if (node != NULL)        value = ConfNodeLookupChildValue(node, "batching-timeout");    else        value = NULL;    if (value == NULL) {        /* default */        conf->batching_timeout = UTIL_MPM_CUDA_BATCHING_TIMEOUT_DEFAULT;    } else if ((conf->batching_timeout = atoi(value)) < 0) {        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."                   "batching-timeout - /"%s/"", node->name, value);        exit(EXIT_FAILURE);    }    if (node != NULL)        value = ConfNodeLookupChildValue(node, "device-id");    else        value = NULL;    if (value == NULL) {        /* default */        conf->device_id = UTIL_MPM_CUDA_DEVICE_ID_DEFAULT;    } else if ((conf->device_id = atoi(value)) < 0) {        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."                   "device-id - /"%s/"", node->name, value);        exit(EXIT_FAILURE);    }    if (node != NULL)        value = ConfNodeLookupChildValue(node, "cuda-streams");    else        value = NULL;    if (value == NULL) {        /* default */        conf->cuda_streams = UTIL_MPM_CUDA_CUDA_STREAMS_DEFAULT;    } else if ((conf->cuda_streams = atoi(value)) < 0) {        SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid entry for %s."                   "cuda-streams - /"%s/"", node->name, value);        exit(EXIT_FAILURE);    }//.........这里部分代码省略.........

/** /brief Create a new LogFileCtx from the provided ConfNode. *  /param conf The configuration node for this output. *  /return NULL if failure, LogFileCtx* to the file_ctx if succesful * */OutputCtx *Unified2AlertInitCtx(ConfNode *conf){    int ret = 0;    LogFileCtx* file_ctx = NULL;    file_ctx = LogFileNewCtx();    if (file_ctx == NULL) {        SCLogError(SC_ERR_UNIFIED2_ALERT_GENERIC, "Couldn't create new file_ctx");        goto error;    }    const char *filename = NULL;    if (conf != NULL) { /* To faciliate unit tests. */        filename = ConfNodeLookupChildValue(conf, "filename");    }    if (filename == NULL)        filename = DEFAULT_LOG_FILENAME;    file_ctx->prefix = SCStrdup(filename);    const char *s_limit = NULL;    file_ctx->size_limit = DEFAULT_LIMIT;    if (conf != NULL) {        s_limit = ConfNodeLookupChildValue(conf, "limit");        if (s_limit != NULL) {            if (ParseSizeStringU64(s_limit, &file_ctx->size_limit) < 0) {                SCLogError(SC_ERR_INVALID_ARGUMENT,                    "Failed to initialize unified2 output, invalid limit: %s",                    s_limit);                exit(EXIT_FAILURE);            }            if (file_ctx->size_limit < 4096) {                SCLogInfo("unified2-alert /"limit/" value of %"PRIu64" assumed to be pre-1.2 "                        "style: setting limit to %"PRIu64"mb", file_ctx->size_limit, file_ctx->size_limit);                uint64_t size = file_ctx->size_limit * 1024 * 1024;                file_ctx->size_limit = size;            } else if (file_ctx->size_limit < MIN_LIMIT) {                SCLogError(SC_ERR_INVALID_ARGUMENT,                    "Failed to initialize unified2 output, limit less than "                    "allowed minimum: %d.", MIN_LIMIT);                exit(EXIT_FAILURE);            }        }    }    if (conf != NULL) {        const char *sensor_id_s = NULL;        sensor_id_s = ConfNodeLookupChildValue(conf, "sensor-id");        if (sensor_id_s != NULL) {            if (ByteExtractStringUint32(&sensor_id, 10, 0, sensor_id_s) == -1) {                SCLogError(SC_ERR_INVALID_ARGUMENT, "Failed to initialize unified2 output, invalid sensor-id: %s", sensor_id_s);                exit(EXIT_FAILURE);            }        }    }    ret = Unified2AlertOpenFileCtx(file_ctx, filename);    if (ret < 0)        goto error;    OutputCtx *output_ctx = SCCalloc(1, sizeof(OutputCtx));    if (unlikely(output_ctx == NULL))        goto error;    output_ctx->data = file_ctx;    output_ctx->DeInit = Unified2AlertDeInitCtx;    SCLogInfo("Unified2-alert initialized: filename %s, limit %"PRIu64" MB",              filename, file_ctx->size_limit / (1024*1024));    SC_ATOMIC_INIT(unified2_event_id);    return output_ctx;error:    if (file_ctx != NULL) {        LogFileFreeCtx(file_ctx);    }    return NULL;}