Go to the documentation of this file.
100 static char *active_runmode;
120 static const char *RunModeTranslateModeToName(
int runmode)
131 return "PFRING(DISABLED)";
150 return "AF_PACKET_DEV";
157 return "NETMAP(DISABLED)";
160 return "UNIX_SOCKET";
165 return "WINDIVERT(DISABLED)";
171 return "DPDK(DISABLED)";
187 static RunMode *RunModeGetCustomMode(
enum RunModes runmode,
const char *custom_mode)
190 for (
int i = 0; i < runmodes[runmode].cnt; i++) {
191 if (strcmp(runmodes[runmode].runmodes[i].name, custom_mode) == 0)
192 return &runmodes[runmode].runmodes[i];
208 return active_runmode;
222 return RunModeTranslateModeToName(mainmode);
230 memset(runmodes, 0,
sizeof(runmodes));
258 printf(
"------------------------------------- Runmodes -------------------"
259 "-----------------------\n");
261 printf(
"| %-17s | %-17s | %-10s \n",
262 "RunMode Type",
"Custom Mode ",
"Description");
263 printf(
"|-----------------------------------------------------------------"
264 "-----------------------\n");
268 int mode_displayed = 0;
269 for (j = 0; j < runmodes[i].cnt; j++) {
270 if (mode_displayed == 1) {
271 printf(
"| ----------------------------------------------"
272 "-----------------------\n");
273 RunMode *runmode = &runmodes[i].runmodes[j];
274 printf(
"| %-17s | %-17s | %-27s \n",
279 RunMode *runmode = &runmodes[i].runmodes[j];
280 printf(
"| %-17s | %-17s | %-27s \n",
281 RunModeTranslateModeToName(runmode->
runmode),
285 if (mode_displayed == 0)
288 if (mode_displayed == 1) {
289 printf(
"|-----------------------------------------------------------------"
290 "-----------------------\n");
297 static const char *RunModeGetConfOrDefault(
int capture_mode,
const char *capture_plugin_name)
299 const char *custom_mode = NULL;
300 const char *val = NULL;
301 if (
ConfGet(
"runmode", &val) != 1) {
307 if ((custom_mode == NULL) || (strcmp(custom_mode,
"auto") == 0)) {
308 switch (capture_mode) {
323 if (plugin == NULL) {
324 FatalError(
"No capture plugin found with name %s", capture_plugin_name);
375 if (!strcmp(
"worker", custom_mode)) {
377 "to 'workers', please modify your setup.");
378 custom_mode =
"workers";
387 if (runmode == NULL) {
388 runmode = RunModeGetConfOrDefault(capture_mode, capture_plugin_name);
393 RunMode *mode = RunModeGetCustomMode(capture_mode, runmode);
401 if (ips_enabled == 1) {
404 SCLogWarning(
"disabling livedev.use-for-tracking with IPS mode. See ticket #6726.");
415 void RunModeDispatch(
int runmode,
const char *custom_mode,
const char *capture_plugin_name,
416 const char *capture_plugin_args)
418 char *local_custom_mode = NULL;
420 if (custom_mode == NULL) {
421 custom_mode = RunModeGetConfOrDefault(runmode, capture_plugin_name);
422 if (custom_mode == NULL)
426 RunMode *mode = RunModeGetCustomMode(runmode, custom_mode);
428 SCLogError(
"The custom type \"%s\" doesn't exist "
429 "for this runmode type \"%s\". Please use --list-runmodes to "
430 "see available custom types for this runmode",
431 custom_mode, RunModeTranslateModeToName(runmode));
436 if (active_runmode) {
439 active_runmode =
SCStrdup(custom_mode);
440 if (
unlikely(active_runmode == NULL)) {
444 if (strcasecmp(active_runmode,
"autofp") == 0) {
450 if (local_custom_mode != NULL)
451 SCFree(local_custom_mode);
467 static int g_runmode_needs_bypass = 0;
471 g_runmode_needs_bypass = 1;
476 return g_runmode_needs_bypass;
491 int (*RunModeFunc)(
void),
int (*RunModeIsIPSEnabled)(
void))
493 if (RunModeGetCustomMode(runmode, name) != NULL) {
495 "been registered. Please use an unique name.",
499 void *ptmp =
SCRealloc(runmodes[runmode].runmodes,
500 (runmodes[runmode].
cnt + 1) *
sizeof(
RunMode));
502 SCFree(runmodes[runmode].runmodes);
503 runmodes[runmode].runmodes = NULL;
506 runmodes[runmode].runmodes = ptmp;
508 RunMode *mode = &runmodes[runmode].runmodes[runmodes[runmode].cnt];
509 runmodes[runmode].cnt++;
510 memset(mode, 0x00,
sizeof(*mode));
533 static void RunOutputFreeList(
void)
536 while ((output =
TAILQ_FIRST(&output_free_list))) {
546 static int file_logger_count = 0;
547 static int filedata_logger_count = 0;
552 return filedata_logger_count > 0;
557 switch (run_mode_to_check) {
570 switch(run_mode_to_check) {
601 file_logger_count = 0;
602 filedata_logger_count = 0;
662 filedata_logger_count++;
693 if (strcmp(
type->val,
"ikev2") == 0) {
694 SCLogWarning(
"eve module 'ikev2' has been replaced by 'ike'");
695 strlcpy(subname,
"eve-log.ike",
sizeof(subname));
697 snprintf(subname,
sizeof(subname),
"eve-log.%s",
type->val);
703 if (sub_output_config != NULL) {
705 sub_output_config,
"enabled");
714 if (strcmp(subname, sub_module->
conf_name) == 0) {
727 sub_module->
InitSubFunc(sub_output_config, parent_ctx);
728 if (!result.
ok || result.
ctx == NULL) {
729 FatalError(
"unable to initialize sub-module %s", subname);
732 AddOutputToFreeList(sub_module, result.
ctx);
733 SetupOutput(sub_module->
name, sub_module,
750 BUG_ON(lua_module == NULL);
762 if (strcmp(script->
val,
m->conf_name) == 0) {
770 if (!result.
ok || result.
ctx == NULL) {
774 AddOutputToFreeList(
m, result.
ctx);
775 SetupOutput(
m->name,
m, result.
ctx);
788 if (outputs == NULL) {
795 char tls_log_enabled = 0;
796 char tls_store_present = 0;
798 memset(&logger_bits, 0,
sizeof(logger_bits));
803 if (output_config == NULL) {
805 FatalError(
"Failed to lookup configuration child node: %s", output->
val);
808 if (strcmp(output->
val,
"tls-store") == 0) {
809 tls_store_present = 1;
817 if (strcmp(output->
val,
"file-log") == 0) {
819 " use eve.files instead "
821 " for an explanation)");
823 }
else if (strncmp(output->
val,
"unified-",
sizeof(
"unified-") - 1) == 0) {
825 " use Unified2 instead "
827 " for an explanation)");
829 }
else if (strncmp(output->
val,
"unified2-",
sizeof(
"unified2-") - 1) == 0) {
832 }
else if (strcmp(output->
val,
"lua") == 0) {
834 SCLogWarning(
"lua support not compiled in. Reconfigure/"
835 "recompile with lua(jit) and its development "
836 "files installed to add lua support.");
839 }
else if (strcmp(output->
val,
"dns-log") == 0) {
840 SCLogWarning(
"dns-log is not longer available as of Suricata 5.0");
842 }
else if (strcmp(output->
val,
"tls-log") == 0) {
861 }
else if (r.
ctx == NULL) {
871 if (strcmp(output->
val,
"eve-log") == 0) {
872 RunModeInitializeEveOutput(output_config, output_ctx);
877 AddOutputToFreeList(module, output_ctx);
878 }
else if (strcmp(output->
val,
"lua") == 0) {
880 if (output_ctx == NULL)
882 RunModeInitializeLuaOutput(output_config, output_ctx);
883 AddOutputToFreeList(module, output_ctx);
885 AddOutputToFreeList(module, output_ctx);
886 SetupOutput(module->
name, module, output_ctx);
896 if (!tls_store_present && tls_log_enabled) {
899 SCLogWarning(
"Please use 'tls-store' in YAML to configure TLS storage");
904 if (strcmp(output->
val,
"tls-log") == 0) {
907 if (module == NULL) {
908 SCLogWarning(
"No output module named %s, ignoring",
"tls-store");
918 }
else if (r.
ctx == NULL) {
924 AddOutputToFreeList(module, output_ctx);
925 SetupOutput(module->
name, module, output_ctx);
938 SCLogDebug(
"IPPROTO_TCP::%s: g_file_logger_enabled %d g_filedata_logger_enabled %d -> "
950 if (logger_bits[a] == 0)
960 tcp ?
"true" :
"false", udp ?
"true" :
"false");
980 if ((
ConfGetBool(
"threading.set-cpu-affinity", &affinity)) == 0) {
991 if (
ConfGetNode(
"threading.detect-thread-ratio") != NULL)
1002 const char *ss = NULL;
1003 if ((
ConfGet(
"threading.stack-size", &ss)) == 1) {
1006 FatalError(
"Failed to initialize thread_stack_size output, invalid limit: %s", ss);
1010 pthread_attr_t attr;
1011 pthread_attr_init(&attr);
1013 if (pthread_attr_getstacksize(&attr, &size) == 0 && size < 512 * 1024) {
1015 SCLogNotice(
"thread stack size of %" PRIuMAX
" to too small: setting to 512k",
const char * thread_name_workers
const char * RunModeIpsIPFWGetDefaultMode(void)
void FlowManagerThreadSpawn(void)
spawn the flow manager thread
int OutputRegisterStreamingLogger(LoggerId id, const char *name, StreamingLogger LogFunc, OutputCtx *output_ctx, enum OutputStreamingType type, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
void AffinitySetupLoadFromConfig(void)
Extract cpu affinity configuration from current config file.
const char * thread_name_counter_wakeup
int SCRunmodeGet(void)
Get the current run mode.
bool threading_set_cpu_affinity
void RunModeErfFileRegister(void)
void OutputStreamingShutdown(void)
int(* RunModeIsIPSEnabled)(void)
int AppLayerParserProtocolHasLogger(uint8_t ipproto, AppProto alproto)
const char * thread_name_flow_mgr
const char * RunModeErfFileGetDefaultMode(void)
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
void OutputTxShutdown(void)
void TmqhFlowPrintAutofpHandler(void)
void RunModeIdsAFPRegister(void)
int ParseSizeStringU64(const char *size, uint64_t *res)
struct HtpBodyChunk_ * next
void BypassedFlowManagerThreadSpawn(void)
spawn the flow bypass manager thread
int OutputRegisterFileLogger(LoggerId id, const char *name, FileLogger LogFunc, OutputCtx *output_ctx, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
void RunModeShutDown(void)
int OutputRegisterStatsLogger(const char *name, StatsLogger LogFunc, OutputCtx *output_ctx, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
const char * thread_name_counter_stats
StreamingLogger StreamingLogFunc
const char * AppProtoToString(AppProto alproto)
Maps the ALPROTO_*, to its string equivalent.
bool AppLayerParserSupportsFiles(uint8_t ipproto, AppProto alproto)
const char * RunModeAFPGetDefaultMode(void)
const char * thread_name_flow_rec
void OutputFiledataShutdown(void)
void RunModeIdsPfringRegister(void)
const char * RunModeFilePcapGetDefaultMode(void)
#define TAILQ_FOREACH(var, head, field)
const char * thread_name_autofp
OutputModule * OutputGetModuleByConfName(const char *conf_name)
Get an output module by name.
void OutputSetupActiveLoggers(void)
const char * RunModeIdsNflogGetDefaultMode(void)
void OutputStatsShutdown(void)
#define TAILQ_INSERT_TAIL(head, elm, field)
char * RunmodeGetActive(void)
OutputInitSubFunc InitSubFunc
struct RunModes_ RunModes
PacketLogger PacketLogFunc
void TmValidateQueueState(void)
Checks if all the queues allocated so far have at least one reader and writer.
const char * RunModeAFXDPGetDefaultMode(void)
bool IsRunModeOffline(enum RunModes run_mode_to_check)
void RunModeInitializeOutputs(void)
const char * thread_name_single
const char *(* GetDefaultMode)(void)
int ConfValIsTrue(const char *val)
Check if a value is true.
void OutputClearActiveLoggers(void)
const char * RunModeIdsPfringGetDefaultMode(void)
enum OutputStreamingType stream_type
size_t strlcpy(char *dst, const char *src, size_t siz)
int OutputRegisterFiledataLogger(LoggerId id, const char *name, FiledataLogger LogFunc, OutputCtx *output_ctx, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
#define TAILQ_ENTRY(type)
const char * RunModeUnixSocketGetDefaultMode(void)
int OutputRegisterFlowLogger(const char *name, FlowLogger LogFunc, OutputCtx *output_ctx, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
void RunModeIpsNFQRegister(void)
void RunModeInitializeThreadSettings(void)
int OutputRegisterTxLogger(LoggerId id, const char *name, AppProto alproto, TxLogger LogFunc, OutputCtx *output_ctx, int tc_log_progress, int ts_log_progress, TxLoggerCondition LogCondition, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, void(*ThreadExitPrintStats)(ThreadVars *, void *))
ThreadInitFunc ThreadInit
const char * RunModeDpdkGetDefaultMode(void)
#define TAILQ_HEAD_INITIALIZER(head)
bool IsRunModeSystem(enum RunModes run_mode_to_check)
OutputModuleList output_modules
#define TAILQ_REMOVE(head, elm, field)
FiledataLogger FiledataLogFunc
#define TAILQ_FIRST(head)
const char * thread_name_flow_bypass
ThreadDeinitFunc ThreadDeinit
void RunModeListRunmodes(void)
Lists all registered runmodes.
bool g_filedata_logger_enabled
void RunModeRegisterNewRunMode(enum RunModes runmode, const char *name, const char *description, int(*RunModeFunc)(void), int(*RunModeIsIPSEnabled)(void))
Registers a new runmode.
uint64_t threading_set_stack_size
void RunModeEnablesBypassManager(void)
void OutputPacketShutdown(void)
void RunModeIdsNflogRegister(void)
Holds description for a runmode.
void AppLayerParserRegisterLoggerBits(uint8_t ipproto, AppProto alproto, LoggerId bits)
void RunModeIpsIPFWRegister(void)
#define SCLogWarning(...)
Macro used to log WARNING messages.
const char * RunModeErfDagGetDefaultMode(void)
const char * thread_name_detect_loader
void OutputFileShutdown(void)
void FlowRecyclerThreadSpawn(void)
spawn the flow recycler thread
void RunModeErfDagRegister(void)
ThreadExitPrintStatsFunc ThreadExitPrintStats
struct RunMode_ RunMode
Holds description for a runmode.
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
void RunModeIpsWinDivertRegister(void)
#define SCRealloc(ptr, sz)
const char * RunModeNapatechGetDefaultMode(void)
ConfNode * ConfNodeLookupChild(const ConfNode *node, const char *name)
Lookup a child configuration node by name.
void RunModeIdsAFXDPRegister(void)
int ConfGetFloat(const char *name, float *val)
Retrieve a configuration value as a float.
TxLoggerCondition TxLogCondition
void RunModeUnixSocketRegister(void)
void(* DeInit)(struct OutputCtx_ *)
#define FatalErrorOnInit(...)
Fatal error IF we're starting up, and configured to consider errors to be fatal errors.
void StatsSpawnThreads(void)
Spawns the wakeup, and the management thread used by the stats api.
int RunModeNeedsBypassManager(void)
bool g_file_logger_enabled
void RunModeIdsPcapRegister(void)
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
void RunModeFilePcapRegister(void)
PacketLogCondition PacketConditionFunc
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
const char * RunModeNetmapGetDefaultMode(void)
const char * RunModeIpsNFQGetDefaultMode(void)
@ RUNMODE_ENGINE_ANALYSIS
#define SCLogError(...)
Macro used to log ERROR messages.
void RunModeIdsNetmapRegister(void)
struct OutputFreeList_ OutputFreeList
const char * thread_name_verdict
void RunModeDpdkRegister(void)
#define TAILQ_HEAD(name, type)
void OutputFlowShutdown(void)
int RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
const char * thread_name_unix_socket
void RunModeNapatechRegister(void)
OutputModule * output_module
const char * RunModeGetMainMode(void)
int RunModeOutputFiledataEnabled(void)
int LiveGetDeviceCount(void)
Get the number of registered devices.
#define SCLogNotice(...)
Macro used to log NOTICE messages.
void UtRunModeRegister(void)
const char * RunModeIpsWinDivertGetDefaultMode(void)
SCCapturePlugin * SCPluginFindCaptureByName(const char *name)
float threading_detect_ratio
int OutputRegisterPacketLogger(LoggerId logger_id, const char *name, PacketLogger LogFunc, PacketLogCondition ConditionFunc, OutputCtx *output_ctx, ThreadInitFunc ThreadInit, ThreadDeinitFunc ThreadDeinit, ThreadExitPrintStatsFunc ThreadExitPrintStats)
const char * RunModeIdsGetDefaultMode(void)
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.