suricata
Macros | Functions | Variables
suricata.c File Reference
#include "suricata-common.h"
#include "suricata.h"
#include "decode.h"
#include "feature.h"
#include "detect.h"
#include "packet-queue.h"
#include "threads.h"
#include "threadvars.h"
#include "flow-worker.h"
#include "util-atomic.h"
#include "util-spm.h"
#include "util-cpu.h"
#include "util-action.h"
#include "util-pidfile.h"
#include "util-ioctl.h"
#include "util-device.h"
#include "util-misc.h"
#include "util-running-modes.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-fast-pattern.h"
#include "detect-engine-tag.h"
#include "detect-engine-threshold.h"
#include "detect-engine-address.h"
#include "detect-engine-port.h"
#include "detect-engine-mpm.h"
#include "tm-queuehandlers.h"
#include "tm-queues.h"
#include "tm-threads.h"
#include "tmqh-flow.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "datasets.h"
#include "stream-tcp.h"
#include "source-nfq.h"
#include "source-nfq-prototypes.h"
#include "source-nflog.h"
#include "source-ipfw.h"
#include "source-pcap.h"
#include "source-pcap-file.h"
#include "source-pfring.h"
#include "source-erf-file.h"
#include "source-erf-dag.h"
#include "source-napatech.h"
#include "source-af-packet.h"
#include "source-netmap.h"
#include "source-windivert.h"
#include "source-windivert-prototypes.h"
#include "respond-reject.h"
#include "flow.h"
#include "flow-timeout.h"
#include "flow-manager.h"
#include "flow-bypass.h"
#include "flow-var.h"
#include "flow-bit.h"
#include "pkt-var.h"
#include "host-bit.h"
#include "ippair.h"
#include "ippair-bit.h"
#include "host.h"
#include "unix-manager.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-register.h"
#include "app-layer-htp.h"
#include "app-layer-ssl.h"
#include "app-layer-ssh.h"
#include "app-layer-ftp.h"
#include "app-layer-smtp.h"
#include "app-layer-modbus.h"
#include "app-layer-enip.h"
#include "app-layer-dnp3.h"
#include "app-layer-smb.h"
#include "app-layer-dcerpc.h"
#include "output-filestore.h"
#include "util-ebpf.h"
#include "util-radix-tree.h"
#include "util-host-os-info.h"
#include "util-cidr.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-time.h"
#include "util-rule-vars.h"
#include "util-classification-config.h"
#include "util-threshold-config.h"
#include "util-reference-config.h"
#include "util-profiling.h"
#include "util-magic.h"
#include "util-signal.h"
#include "util-coredump-config.h"
#include "util-decode-mime.h"
#include "defrag.h"
#include "runmodes.h"
#include "runmode-unittests.h"
#include "util-debug.h"
#include "util-error.h"
#include "util-daemon.h"
#include "util-byte.h"
#include "reputation.h"
#include "output.h"
#include "util-privs.h"
#include "tmqh-packetpool.h"
#include "util-proto-name.h"
#include "util-mpm-hs.h"
#include "util-storage.h"
#include "host-storage.h"
#include "util-lua.h"
#include "util-plugin.h"
#include "rust.h"
#include "build-info.h"

Go to the source code of this file.

Macros

#define DEFAULT_MAX_PENDING_PACKETS   1024
 

Functions

 SC_ATOMIC_DECLARE (unsigned int, engine_stage)
 
int SuriHasSigFile (void)
 
int EngineModeIsIPS (void)
 
int EngineModeIsIDS (void)
 
void EngineModeSetIPS (void)
 
void EngineModeSetIDS (void)
 
int RunmodeIsUnittests (void)
 
int RunmodeGetCurrent (void)
 
void GlobalsInitPreConfig (void)
 
void EngineStop (void)
 make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached. More...
 
void EngineDone (void)
 Used to indicate that the current task is done. More...
 
void RegisterAllModules (void)
 
const char * GetDocURL (void)
 
const char * GetProgramVersion (void)
 get string with program version More...
 
void PreRunInit (const int runmode)
 
void PreRunPostPrivsDropInit (const int runmode)
 
void PostRunDeinit (const int runmode, struct timeval *start_time)
 
void PostConfLoadedDetectSetup (SCInstance *suri)
 
int PostConfLoadedSetup (SCInstance *suri)
 
int InitGlobal (void)
 Global initialization common to all runmodes. More...
 
int SuricataMain (int argc, char **argv)
 

Variables

volatile sig_atomic_t sigint_count = 0
 
volatile sig_atomic_t sighup_count = 0
 
volatile sig_atomic_t sigterm_count = 0
 
volatile sig_atomic_t sigusr2_count = 0
 
volatile uint8_t suricata_ctl_flags = 0
 
int run_mode = RUNMODE_UNKNOWN
 
uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY
 
intmax_t max_pending_packets
 
int g_detect_disabled = 0
 
int sc_set_caps = FALSE
 
int g_default_mtu = 0
 
bool g_system = false
 
int g_disable_randomness = 0
 
uint16_t g_vlan_mask = 0xffff
 
bool g_disable_hashing = false
 
SCInstance suricata
 
int coverage_unittests
 
int g_ut_modules
 
int g_ut_covered
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file suricata.c.

Macro Definition Documentation

◆ DEFAULT_MAX_PENDING_PACKETS

#define DEFAULT_MAX_PENDING_PACKETS   1024

Definition at line 194 of file suricata.c.

Function Documentation

◆ EngineDone()

void EngineDone ( void  )

Used to indicate that the current task is done.

This is mainly used by pcap-file to tell it has finished to treat a pcap files when running in unix-socket mode.

Definition at line 398 of file suricata.c.

References suricata_ctl_flags, and SURICATA_DONE.

◆ EngineModeIsIDS()

int EngineModeIsIDS ( void  )

Definition at line 251 of file suricata.c.

◆ EngineModeIsIPS()

int EngineModeIsIPS ( void  )

Definition at line 246 of file suricata.c.

Referenced by AlertFastLogger(), AlertJsonHeader(), FlowHandlePacketUpdate(), and StreamTcpInitConfig().

Here is the caller graph for this function:

◆ EngineModeSetIDS()

void EngineModeSetIDS ( void  )

Definition at line 261 of file suricata.c.

◆ EngineModeSetIPS()

void EngineModeSetIPS ( void  )

Definition at line 256 of file suricata.c.

◆ EngineStop()

void EngineStop ( void  )

make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached.

Definition at line 387 of file suricata.c.

References suricata_ctl_flags, and SURICATA_STOP.

Referenced by ReceiveErfFileLoop().

Here is the caller graph for this function:

◆ GetDocURL()

const char* GetDocURL ( void  )

Definition at line 1019 of file suricata.c.

References DOC_URL, GetProgramVersion(), and PROG_VER.

Here is the call graph for this function:

◆ GetProgramVersion()

const char* GetProgramVersion ( void  )

get string with program version

Get the program version as passed to us from AC_INIT

Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed to us.

Possible outputs: release: '5.0.1 RELEASE' dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)' dev w/o rev: '5.0.1-dev'

Definition at line 1040 of file suricata.c.

References PROG_VER, and xstr.

Referenced by GetDocURL().

Here is the caller graph for this function:

◆ GlobalsInitPreConfig()

void GlobalsInitPreConfig ( void  )

Definition at line 318 of file suricata.c.

References SCThresholdConfGlobalInit(), SupportFastPatternForSigMatchTypes(), and TimeInit().

Referenced by LLVMFuzzerTestOneInput(), and RunUnittests().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ InitGlobal()

int InitGlobal ( void  )

Global initialization common to all runmodes.

This can be used by fuzz targets.

Definition at line 2654 of file suricata.c.

References SuricataContext_::AppLayerDecoderEventsFreeEvents, AppLayerDecoderEventsFreeEvents(), SuricataContext_::AppLayerDecoderEventsSetEventRaw, AppLayerDecoderEventsSetEventRaw(), SuricataContext_::AppLayerParserTriggerRawStreamReassembly, AppLayerParserTriggerRawStreamReassembly(), SuricataContext_::AppLayerRegisterParser, AppLayerRegisterParser(), ConfInit(), SuricataContext_::DetectEngineStateFree, DetectEngineStateFree(), SuricataContext_::FileAppendDataById, FileAppendDataById(), SuricataContext_::FileAppendGAPById, FileAppendGAPById(), SuricataContext_::FileCloseFileById, FileCloseFileById(), SuricataContext_::FileContainerRecycle, FileContainerRecycle(), FileContainerSetTx(), SuricataContext_::FileOpenFileWithId, FileOpenFileWithId(), SuricataContext_::FilePrune, FilePrune(), SuricataContext_::FileSetTx, ParseSizeInit(), RunModeRegisterRunModes(), SC_ATOMIC_INIT, SC_ERR_INITIALIZATION, SCLogError, SCLogInitLogModule(), SuricataContext_::SCLogMessage, SCLogMessage(), SCSetThreadName, suricata_context, UtilSignalBlock(), and UtilSignalHandlerSetup().

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PostConfLoadedDetectSetup()

void PostConfLoadedDetectSetup ( SCInstance suri)

Definition at line 2312 of file suricata.c.

References de_ctx, SCInstance_::disabled_detect, SCClassConfInit(), and SCReferenceConfInit().

Here is the call graph for this function:

◆ PostConfLoadedSetup()

int PostConfLoadedSetup ( SCInstance suri)

This function is meant to contain code that needs to be run once the configuration has been loaded.

Definition at line 2431 of file suricata.c.

References AppLayerSetup(), SCInstance_::checksum_validation, ConfGet(), ConfGetBool(), ConfGetValue(), ConfSet(), LiveDevRegisterExtension(), LiveSetOffloadDisable(), LiveSetOffloadWarn(), MacSetRegisterFlowStorage(), MpmTableSetup(), RegisterFlowBypassInfo(), SCInstance_::run_mode, RUNMODE_AFP_DEV, SCInstance_::runmode_custom_mode, SCReturnInt, SpmTableSetup(), StorageInit(), StringParseUint16(), and TM_ECODE_FAILED.

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PostRunDeinit()

void PostRunDeinit ( const int  runmode,
struct timeval *  start_time 
)

Definition at line 2040 of file suricata.c.

References FlowDisableFlowManagerThread(), FlowForceReassembly(), PacketPoolInit(), RUNMODE_UNIX_SOCKET, TmThreadDisablePacketThreads(), and TmThreadDisableReceiveThreads().

Here is the call graph for this function:

◆ PreRunInit()

void PreRunInit ( const int  runmode)

Definition at line 1999 of file suricata.c.

References AppLayerParserPostStreamSetup(), AppLayerRegisterGlobalCounters(), DatasetsInit(), DefragInit(), FLOW_QUIET, FlowInitConfig(), IPPairInitConfig(), OutputFilestoreRegisterGlobalCounters(), RUNMODE_UNIX_SOCKET, SCProfilingInit(), SCProfilingKeywordsGlobalInit(), SCProfilingPrefilterGlobalInit(), SCProfilingRulesGlobalInit(), SCProfilingSghsGlobalInit(), StatsInit(), STREAM_VERBOSE, and StreamTcpInitConfig().

Here is the call graph for this function:

◆ PreRunPostPrivsDropInit()

void PreRunPostPrivsDropInit ( const int  runmode)

Definition at line 2025 of file suricata.c.

References RUNMODE_UNIX_SOCKET, RunModeInitializeOutputs(), StatsSetupPostConfigPostOutput(), and StatsSetupPostConfigPreOutput().

Here is the call graph for this function:

◆ RegisterAllModules()

void RegisterAllModules ( void  )

Definition at line 834 of file suricata.c.

References tmm_modules, TMM_SIZE, TmModuleBypassedFlowManagerRegister(), TmModuleDebugList(), TmModuleDecodeAFPRegister(), TmModuleDecodeErfDagRegister(), TmModuleDecodeErfFileRegister(), TmModuleDecodeIPFWRegister(), TmModuleDecodeNetmapRegister(), TmModuleDecodeNFLOGRegister(), TmModuleDecodeNFQRegister(), TmModuleDecodePcapFileRegister(), TmModuleDecodePcapRegister(), TmModuleDecodePfringRegister(), TmModuleDecodeWinDivertRegister(), TmModuleFlowManagerRegister(), TmModuleFlowRecyclerRegister(), TmModuleFlowWorkerRegister(), TmModuleLoggerRegister(), TmModuleNapatechDecodeRegister(), TmModuleNapatechStreamRegister(), TmModuleReceiveAFPRegister(), TmModuleReceiveErfDagRegister(), TmModuleReceiveErfFileRegister(), TmModuleReceiveIPFWRegister(), TmModuleReceiveNetmapRegister(), TmModuleReceiveNFLOGRegister(), TmModuleReceiveNFQRegister(), TmModuleReceivePcapFileRegister(), TmModuleReceivePcapRegister(), TmModuleReceivePfringRegister(), TmModuleReceiveWinDivertRegister(), TmModuleRespondRejectRegister(), TmModuleStatsLoggerRegister(), TmModuleUnixManagerRegister(), TmModuleVerdictIPFWRegister(), TmModuleVerdictNFQRegister(), and TmModuleVerdictWinDivertRegister().

Referenced by RunUnittests().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ RunmodeGetCurrent()

int RunmodeGetCurrent ( void  )

Definition at line 274 of file suricata.c.

References run_mode.

Referenced by ConfUnixSocketIsEnable(), RunModeGetMainMode(), and SigLoadSignatures().

Here is the caller graph for this function:

◆ RunmodeIsUnittests()

int RunmodeIsUnittests ( void  )

Definition at line 266 of file suricata.c.

References run_mode, and RUNMODE_UNITTEST.

Referenced by AppLayerParserConfParserEnabled(), AppLayerProtoDetectConfProtoDetectionEnabled(), DetectEngineThreadCtxInit(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterModbusParsers(), RegisterTemplateParsers(), RegisterTFTPParsers(), StreamTcpDecrMemuse(), StreamTcpInitConfig(), and StreamTcpReassembleDecrMemuse().

Here is the caller graph for this function:

◆ SC_ATOMIC_DECLARE()

SC_ATOMIC_DECLARE ( unsigned int  ,
engine_stage   
)

◆ SuricataMain()

int SuricataMain ( int  argc,
char **  argv 
)

Definition at line 2702 of file suricata.c.

Referenced by main().

Here is the caller graph for this function:

◆ SuriHasSigFile()

int SuriHasSigFile ( void  )

Definition at line 241 of file suricata.c.

References SCInstance_::sig_file, and suricata.

Variable Documentation

◆ coverage_unittests

int coverage_unittests

Definition at line 830 of file suricata.c.

Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_default_mtu

int g_default_mtu = 0

highest mtu of the interfaces we monitor

Definition at line 219 of file suricata.c.

◆ g_detect_disabled

int g_detect_disabled = 0

global indicating if detection is enabled

Definition at line 213 of file suricata.c.

◆ g_disable_hashing

bool g_disable_hashing = false

Definition at line 236 of file suricata.c.

Referenced by FileForceHashParseCfg(), and SSLEnableJA3().

◆ g_disable_randomness

int g_disable_randomness = 0

disable randomness to get reproducible results accross runs

Definition at line 225 of file suricata.c.

Referenced by RandomGet().

◆ g_system

bool g_system = false

Definition at line 221 of file suricata.c.

◆ g_ut_covered

int g_ut_covered

Definition at line 832 of file suricata.c.

Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_ut_modules

int g_ut_modules

Definition at line 831 of file suricata.c.

Referenced by MpmRegisterTests(), SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_vlan_mask

uint16_t g_vlan_mask = 0xffff

determine (without branching) if we include the vlan_ids when hashing or comparing flows

Definition at line 232 of file suricata.c.

Referenced by FlowKeyGetHash().

◆ host_mode

uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY

Host mode: set if box is sniffing only or is a router

Definition at line 207 of file suricata.c.

◆ run_mode

int run_mode = RUNMODE_UNKNOWN

Run mode selected

Definition at line 199 of file suricata.c.

Referenced by LLVMFuzzerTestOneInput(), RunmodeGetCurrent(), and RunmodeIsUnittests().

◆ sc_set_caps

int sc_set_caps = FALSE

set caps or not

Definition at line 216 of file suricata.c.

◆ sighup_count

volatile sig_atomic_t sighup_count = 0

Definition at line 181 of file suricata.c.

◆ sigint_count

volatile sig_atomic_t sigint_count = 0

Definition at line 180 of file suricata.c.

◆ sigterm_count

volatile sig_atomic_t sigterm_count = 0

Definition at line 182 of file suricata.c.

◆ sigusr2_count

volatile sig_atomic_t sigusr2_count = 0

Definition at line 183 of file suricata.c.

◆ suricata

SCInstance suricata

Suricata instance

Definition at line 239 of file suricata.c.

Referenced by SuriHasSigFile().

◆ suricata_ctl_flags

volatile uint8_t suricata_ctl_flags = 0

suricata engine control flags

Definition at line 196 of file suricata.c.

Referenced by EngineDone(), EngineStop(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), and ReceivePfringLoop().