#include "suricata-common.h"
#include "suricata.h"
#include "decode.h"
#include "feature.h"
#include "detect.h"
#include "packet-queue.h"
#include "threads.h"
#include "threadvars.h"
#include "flow-worker.h"
#include "util-atomic.h"
#include "util-spm.h"
#include "util-cpu.h"
#include "util-action.h"
#include "util-pidfile.h"
#include "util-ioctl.h"
#include "util-device.h"
#include "util-misc.h"
#include "util-running-modes.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-fast-pattern.h"
#include "detect-engine-tag.h"
#include "detect-engine-threshold.h"
#include "detect-engine-address.h"
#include "detect-engine-port.h"
#include "detect-engine-mpm.h"
#include "tm-queuehandlers.h"
#include "tm-queues.h"
#include "tm-threads.h"
#include "tmqh-flow.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "datasets.h"
#include "stream-tcp.h"
#include "source-nfq.h"
#include "source-nfq-prototypes.h"
#include "source-nflog.h"
#include "source-ipfw.h"
#include "source-pcap.h"
#include "source-pcap-file.h"
#include "source-pfring.h"
#include "source-erf-file.h"
#include "source-erf-dag.h"
#include "source-napatech.h"
#include "source-af-packet.h"
#include "source-netmap.h"
#include "source-windivert.h"
#include "source-windivert-prototypes.h"
#include "respond-reject.h"
#include "flow.h"
#include "flow-timeout.h"
#include "flow-manager.h"
#include "flow-bypass.h"
#include "flow-var.h"
#include "flow-bit.h"
#include "pkt-var.h"
#include "host-bit.h"
#include "ippair.h"
#include "ippair-bit.h"
#include "host.h"
#include "unix-manager.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "app-layer-ssl.h"
#include "app-layer-ssh.h"
#include "app-layer-ftp.h"
#include "app-layer-smtp.h"
#include "app-layer-modbus.h"
#include "app-layer-enip.h"
#include "app-layer-dnp3.h"
#include "app-layer-smb.h"
#include "app-layer-dcerpc.h"
#include "util-ebpf.h"
#include "util-radix-tree.h"
#include "util-host-os-info.h"
#include "util-cidr.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-time.h"
#include "util-rule-vars.h"
#include "util-classification-config.h"
#include "util-threshold-config.h"
#include "util-reference-config.h"
#include "util-profiling.h"
#include "util-magic.h"
#include "util-signal.h"
#include "util-coredump-config.h"
#include "util-decode-mime.h"
#include "defrag.h"
#include "runmodes.h"
#include "runmode-unittests.h"
#include "util-debug.h"
#include "util-error.h"
#include "util-daemon.h"
#include "util-byte.h"
#include "reputation.h"
#include "output.h"
#include "util-privs.h"
#include "tmqh-packetpool.h"
#include "util-proto-name.h"
#include "util-mpm-hs.h"
#include "util-storage.h"
#include "host-storage.h"
#include "util-lua.h"
#include "util-plugin.h"
#include "rust.h"
#include "build-info.h"

Macros
#define	DEFAULT_MAX_PENDING_PACKETS 1024

Functions
	SC_ATOMIC_DECLARE (unsigned int, engine_stage)

int	SuriHasSigFile (void)

int	EngineModeIsIPS (void)

int	EngineModeIsIDS (void)

void	EngineModeSetIPS (void)

void	EngineModeSetIDS (void)

int	RunmodeIsUnittests (void)

int	RunmodeGetCurrent (void)

void	GlobalsInitPreConfig (void)

void	EngineStop (void)
	make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached. More...

void	EngineDone (void)
	Used to indicate that the current task is done. More...

void	RegisterAllModules (void)

const char *	GetDocURL (void)

const char *	GetProgramVersion (void)
	get string with program version More...

void	PreRunInit (const int runmode)

void	PreRunPostPrivsDropInit (const int runmode)

void	PostRunDeinit (const int runmode, struct timeval *start_time)

void	PostConfLoadedDetectSetup (SCInstance *suri)

int	PostConfLoadedSetup (SCInstance *suri)

int	InitGlobal (void)
	Global initialization common to all runmodes. More...

int	SuricataMain (int argc, char **argv)

Variables
volatile sig_atomic_t	sigint_count = 0

volatile sig_atomic_t	sighup_count = 0

volatile sig_atomic_t	sigterm_count = 0

volatile sig_atomic_t	sigusr2_count = 0

volatile uint8_t	suricata_ctl_flags = 0

int	run_mode = RUNMODE_UNKNOWN

uint8_t	host_mode = SURI_HOST_IS_SNIFFER_ONLY

intmax_t	max_pending_packets

int	g_detect_disabled = 0

int	sc_set_caps = FALSE

int	g_default_mtu = 0

bool	g_system = false

int	g_disable_randomness = 0

uint16_t	g_vlan_mask = 0xffff

SCInstance	suricata

int	coverage_unittests

int	g_ut_modules

int	g_ut_covered

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file suricata.c.

Macro Definition Documentation

◆ DEFAULT_MAX_PENDING_PACKETS

#define DEFAULT_MAX_PENDING_PACKETS 1024

Definition at line 196 of file suricata.c.

Function Documentation

◆ EngineDone()

void EngineDone ( void )

Used to indicate that the current task is done.

This is mainly used by pcap-file to tell it has finished to treat a pcap files when running in unix-socket mode.

Definition at line 402 of file suricata.c.

References suricata_ctl_flags, and SURICATA_DONE.

◆ EngineModeIsIDS()

int EngineModeIsIDS ( void )

Definition at line 249 of file suricata.c.

◆ EngineModeIsIPS()

int EngineModeIsIPS ( void )

Definition at line 244 of file suricata.c.

Referenced by AlertFastLogger(), AlertJsonHeader(), FlowHandlePacketUpdate(), and StreamTcpInitConfig().

Here is the caller graph for this function:

◆ EngineModeSetIDS()

void EngineModeSetIDS ( void )

Definition at line 259 of file suricata.c.

◆ EngineModeSetIPS()

void EngineModeSetIPS ( void )

Definition at line 254 of file suricata.c.

◆ EngineStop()

void EngineStop ( void )

make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached.

Definition at line 391 of file suricata.c.

References suricata_ctl_flags, and SURICATA_STOP.

Referenced by ReceiveErfFileLoop().

Here is the caller graph for this function:

◆ GetDocURL()

const char* GetDocURL ( void )

Definition at line 1022 of file suricata.c.

References DOC_URL, GetProgramVersion(), and PROG_VER.

Here is the call graph for this function:

◆ GetProgramVersion()

const char* GetProgramVersion ( void )

get string with program version

Get the program version as passed to us from AC_INIT

Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed to us.

Possible outputs: release: '5.0.1 RELEASE' dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)' dev w/o rev: '5.0.1-dev'

Definition at line 1043 of file suricata.c.

References PROG_VER, and xstr.

Referenced by GetDocURL().

Here is the caller graph for this function:

◆ GlobalsInitPreConfig()

void GlobalsInitPreConfig ( void )

Definition at line 316 of file suricata.c.

References SCThresholdConfGlobalInit(), SupportFastPatternForSigMatchTypes(), and TimeInit().

Referenced by LLVMFuzzerTestOneInput(), and RunUnittests().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ InitGlobal()

int InitGlobal ( void )

Global initialization common to all runmodes.

This can be used by fuzz targets.

Definition at line 2671 of file suricata.c.

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PostConfLoadedDetectSetup()

void PostConfLoadedDetectSetup ( SCInstance * suri )

Definition at line 2322 of file suricata.c.

References de_ctx, SCInstance_::disabled_detect, SCClassConfInit(), and SCReferenceConfInit().

Here is the call graph for this function:

◆ PostConfLoadedSetup()

int PostConfLoadedSetup ( SCInstance * suri )

This function is meant to contain code that needs to be run once the configuration has been loaded.

Definition at line 2441 of file suricata.c.

References AppLayerSetup(), SCInstance_::checksum_validation, ConfGet(), ConfGetBool(), ConfGetValue(), ConfSet(), LiveDevRegisterExtension(), LiveSetOffloadDisable(), LiveSetOffloadWarn(), MacSetRegisterFlowStorage(), MpmTableSetup(), RegisterFlowBypassInfo(), SCInstance_::runmode_custom_mode, SCReturnInt, SpmTableSetup(), StorageInit(), StringParseUint16(), and TM_ECODE_FAILED.

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PostRunDeinit()

void PostRunDeinit	(	const int	runmode,
		struct timeval *	start_time
	)

Definition at line 2048 of file suricata.c.

References FlowDisableFlowManagerThread(), FlowForceReassembly(), PacketPoolInit(), RUNMODE_UNIX_SOCKET, TmThreadDisablePacketThreads(), and TmThreadDisableReceiveThreads().

Here is the call graph for this function:

◆ PreRunInit()

void PreRunInit ( const int runmode )

Definition at line 2008 of file suricata.c.

References AppLayerParserPostStreamSetup(), AppLayerRegisterGlobalCounters(), DatasetsInit(), DefragInit(), FLOW_QUIET, FlowInitConfig(), IPPairInitConfig(), RUNMODE_UNIX_SOCKET, SCProfilingInit(), SCProfilingKeywordsGlobalInit(), SCProfilingPrefilterGlobalInit(), SCProfilingRulesGlobalInit(), SCProfilingSghsGlobalInit(), StatsInit(), STREAM_VERBOSE, and StreamTcpInitConfig().

Here is the call graph for this function:

◆ PreRunPostPrivsDropInit()

void PreRunPostPrivsDropInit ( const int runmode )

Definition at line 2033 of file suricata.c.

References RUNMODE_UNIX_SOCKET, RunModeInitializeOutputs(), StatsSetupPostConfigPostOutput(), and StatsSetupPostConfigPreOutput().

Here is the call graph for this function:

◆ RegisterAllModules()

void RegisterAllModules ( void )

Definition at line 837 of file suricata.c.

Referenced by RunUnittests().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ RunmodeGetCurrent()

int RunmodeGetCurrent ( void )

Definition at line 272 of file suricata.c.

References run_mode.

Referenced by ConfUnixSocketIsEnable(), RunModeGetMainMode(), and SigLoadSignatures().

Here is the caller graph for this function:

◆ RunmodeIsUnittests()

int RunmodeIsUnittests ( void )

Definition at line 264 of file suricata.c.

References run_mode, and RUNMODE_UNITTEST.

Referenced by AppLayerParserConfParserEnabled(), AppLayerProtoDetectConfProtoDetectionEnabled(), DetectEngineThreadCtxInit(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterModbusParsers(), RegisterTemplateParsers(), RegisterTFTPParsers(), StreamTcpDecrMemuse(), StreamTcpInitConfig(), and StreamTcpReassembleDecrMemuse().

Here is the caller graph for this function:

◆ SC_ATOMIC_DECLARE()

SC_ATOMIC_DECLARE	(	unsigned int	,
		engine_stage
	)

◆ SuricataMain()

int SuricataMain	(	int	argc,
		char **	argv
	)

Definition at line 2715 of file suricata.c.

Referenced by main().

Here is the caller graph for this function:

◆ SuriHasSigFile()

int SuriHasSigFile ( void )

Definition at line 239 of file suricata.c.

References SCInstance_::sig_file, and suricata.

Variable Documentation

◆ coverage_unittests

int coverage_unittests

Definition at line 833 of file suricata.c.

Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_default_mtu

int g_default_mtu = 0

highest mtu of the interfaces we monitor

Definition at line 221 of file suricata.c.

◆ g_detect_disabled

int g_detect_disabled = 0

global indicating if detection is enabled

Definition at line 215 of file suricata.c.

◆ g_disable_randomness

int g_disable_randomness = 0

disable randomness to get reproducible results accross runs

Definition at line 227 of file suricata.c.

Referenced by RandomGet().

◆ g_system

bool g_system = false

Definition at line 223 of file suricata.c.

◆ g_ut_covered

int g_ut_covered

Definition at line 835 of file suricata.c.

Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_ut_modules

int g_ut_modules

Definition at line 834 of file suricata.c.

Referenced by MpmRegisterTests(), SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_vlan_mask

uint16_t g_vlan_mask = 0xffff

determine (without branching) if we include the vlan_ids when hashing or comparing flows

Definition at line 234 of file suricata.c.

Referenced by FlowKeyGetHash().

◆ host_mode

uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY

Host mode: set if box is sniffing only or is a router

Definition at line 209 of file suricata.c.

◆ run_mode

int run_mode = RUNMODE_UNKNOWN

Run mode selected

Definition at line 201 of file suricata.c.

Referenced by LLVMFuzzerTestOneInput(), RunmodeGetCurrent(), and RunmodeIsUnittests().

◆ sc_set_caps

int sc_set_caps = FALSE

set caps or not

Definition at line 218 of file suricata.c.

◆ sighup_count

volatile sig_atomic_t sighup_count = 0

Definition at line 183 of file suricata.c.

◆ sigint_count

volatile sig_atomic_t sigint_count = 0

Definition at line 182 of file suricata.c.

◆ sigterm_count

volatile sig_atomic_t sigterm_count = 0

Definition at line 184 of file suricata.c.

◆ sigusr2_count

volatile sig_atomic_t sigusr2_count = 0

Definition at line 185 of file suricata.c.

◆ suricata

SCInstance suricata

Suricata instance

Definition at line 237 of file suricata.c.

Referenced by SuriHasSigFile().

◆ suricata_ctl_flags

volatile uint8_t suricata_ctl_flags = 0

suricata engine control flags

Definition at line 198 of file suricata.c.

Referenced by EngineDone(), EngineStop(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), and ReceivePfringLoop().

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ DEFAULT_MAX_PENDING_PACKETS

Function Documentation

◆ EngineDone()

◆ EngineModeIsIDS()

◆ EngineModeIsIPS()

◆ EngineModeSetIDS()

◆ EngineModeSetIPS()

◆ EngineStop()

◆ GetDocURL()

◆ GetProgramVersion()

◆ GlobalsInitPreConfig()

◆ InitGlobal()

◆ PostConfLoadedDetectSetup()

◆ PostConfLoadedSetup()

◆ PostRunDeinit()

◆ PreRunInit()

◆ PreRunPostPrivsDropInit()

◆ RegisterAllModules()

◆ RunmodeGetCurrent()

◆ RunmodeIsUnittests()

◆ SC_ATOMIC_DECLARE()

◆ SuricataMain()

◆ SuriHasSigFile()

Variable Documentation

◆ coverage_unittests

◆ g_default_mtu

◆ g_detect_disabled

◆ g_disable_randomness

◆ g_system

◆ g_ut_covered

◆ g_ut_modules

◆ g_vlan_mask

◆ host_mode

◆ run_mode

◆ sc_set_caps

◆ sighup_count

◆ sigint_count

◆ sigterm_count

◆ sigusr2_count

◆ suricata

◆ suricata_ctl_flags