suricata
Macros | Functions | Variables
suricata.c File Reference
#include "suricata-common.h"
#include "suricata.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "decode.h"
#include "defrag.h"
#include "flow.h"
#include "stream-tcp.h"
#include "ippair.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-address.h"
#include "detect-engine-alert.h"
#include "detect-engine-port.h"
#include "detect-engine-tag.h"
#include "detect-engine-threshold.h"
#include "detect-fast-pattern.h"
#include "datasets.h"
#include "feature.h"
#include "flow-bypass.h"
#include "flow-manager.h"
#include "flow-timeout.h"
#include "flow-worker.h"
#include "flow-bit.h"
#include "host-bit.h"
#include "ippair-bit.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-htp.h"
#include "app-layer-htp-range.h"
#include "output.h"
#include "output-filestore.h"
#include "respond-reject.h"
#include "runmode-af-packet.h"
#include "runmode-af-xdp.h"
#include "runmode-netmap.h"
#include "runmode-unittests.h"
#include "source-nfq.h"
#include "source-nfq-prototypes.h"
#include "source-nflog.h"
#include "source-ipfw.h"
#include "source-pcap.h"
#include "source-pcap-file.h"
#include "source-pcap-file-helper.h"
#include "source-pfring.h"
#include "source-erf-file.h"
#include "source-erf-dag.h"
#include "source-napatech.h"
#include "source-af-packet.h"
#include "source-af-xdp.h"
#include "source-netmap.h"
#include "source-dpdk.h"
#include "source-windivert.h"
#include "source-windivert-prototypes.h"
#include "unix-manager.h"
#include "util-classification-config.h"
#include "util-threshold-config.h"
#include "util-reference-config.h"
#include "tmqh-packetpool.h"
#include "tm-queuehandlers.h"
#include "util-byte.h"
#include "util-conf.h"
#include "util-coredump-config.h"
#include "util-cpu.h"
#include "util-daemon.h"
#include "util-device.h"
#include "util-dpdk.h"
#include "util-ebpf.h"
#include "util-exception-policy.h"
#include "util-host-os-info.h"
#include "util-ioctl.h"
#include "util-landlock.h"
#include "util-luajit.h"
#include "util-macset.h"
#include "util-misc.h"
#include "util-mpm-hs.h"
#include "util-path.h"
#include "util-pidfile.h"
#include "util-plugin.h"
#include "util-privs.h"
#include "util-profiling.h"
#include "util-proto-name.h"
#include "util-running-modes.h"
#include "util-signal.h"
#include "util-time.h"
#include "util-validate.h"
#include "util-var-name.h"
#include "build-info.h"

Go to the source code of this file.

Macros

#define DEFAULT_MAX_PENDING_PACKETS   1024
 

Functions

 SC_ATOMIC_DECLARE (unsigned int, engine_stage)
 
int SuriHasSigFile (void)
 
int EngineModeIsUnknown (void)
 
int EngineModeIsIPS (void)
 
int EngineModeIsIDS (void)
 
void EngineModeSetIPS (void)
 
void EngineModeSetIDS (void)
 
int RunmodeIsUnittests (void)
 
int RunmodeGetCurrent (void)
 
void GlobalsInitPreConfig (void)
 
void EngineStop (void)
 make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached. More...
 
void EngineDone (void)
 Used to indicate that the current task is done. More...
 
void RegisterAllModules (void)
 
const char * GetDocURL (void)
 
const char * GetProgramVersion (void)
 get string with program version More...
 
void PreRunInit (const int runmode)
 
void PreRunPostPrivsDropInit (const int runmode)
 
void PostRunDeinit (const int runmode, struct timeval *start_time)
 
void PostConfLoadedDetectSetup (SCInstance *suri)
 
int PostConfLoadedSetup (SCInstance *suri)
 
int InitGlobal (void)
 Global initialization common to all runmodes. More...
 
int SuricataMain (int argc, char **argv)
 

Variables

volatile sig_atomic_t sigint_count = 0
 
volatile sig_atomic_t sighup_count = 0
 
volatile sig_atomic_t sigterm_count = 0
 
volatile sig_atomic_t sigusr2_count = 0
 
volatile uint8_t suricata_ctl_flags = 0
 
int run_mode = RUNMODE_UNKNOWN
 
uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY
 
uint16_t max_pending_packets
 
int g_detect_disabled = 0
 
int sc_set_caps = FALSE
 
bool g_system = false
 
int g_disable_randomness = 0
 
uint16_t g_vlan_mask = 0xffff
 
uint16_t g_livedev_mask = 0xffff
 
bool g_disable_hashing = false
 
SCInstance suricata
 
int coverage_unittests
 
int g_ut_modules
 
int g_ut_covered
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file suricata.c.

Macro Definition Documentation

◆ DEFAULT_MAX_PENDING_PACKETS

#define DEFAULT_MAX_PENDING_PACKETS   1024

Definition at line 170 of file suricata.c.

Function Documentation

◆ EngineDone()

void EngineDone ( void  )

Used to indicate that the current task is done.

This is mainly used by pcap-file to tell it has finished to treat a pcap files when running in unix-socket mode.

Definition at line 453 of file suricata.c.

References suricata_ctl_flags, and SURICATA_DONE.

◆ EngineModeIsIDS()

int EngineModeIsIDS ( void  )

Definition at line 234 of file suricata.c.

References DEBUG_VALIDATE_BUG_ON.

◆ EngineModeIsIPS()

int EngineModeIsIPS ( void  )

Definition at line 228 of file suricata.c.

References DEBUG_VALIDATE_BUG_ON.

Referenced by AlertFastLogger(), AlertJsonHeader(), CaptureStatsSetup(), CaptureStatsUpdate(), EveAddVerdict(), ExceptionPolicyParse(), FlowHandlePacketUpdate(), and StreamTcpInitConfig().

Here is the caller graph for this function:

◆ EngineModeIsUnknown()

int EngineModeIsUnknown ( void  )

Definition at line 223 of file suricata.c.

Referenced by PostConfLoadedSetup().

Here is the caller graph for this function:

◆ EngineModeSetIDS()

void EngineModeSetIDS ( void  )

Definition at line 245 of file suricata.c.

Referenced by ListAppLayerProtocols(), ListKeywords(), LLVMFuzzerTestOneInput(), PostConfLoadedSetup(), and RunUnittests().

Here is the caller graph for this function:

◆ EngineModeSetIPS()

void EngineModeSetIPS ( void  )

Definition at line 240 of file suricata.c.

◆ EngineStop()

void EngineStop ( void  )

make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached.

Definition at line 442 of file suricata.c.

References suricata_ctl_flags, and SURICATA_STOP.

Referenced by ReceiveErfFileLoop().

Here is the caller graph for this function:

◆ GetDocURL()

const char* GetDocURL ( void  )

Definition at line 1105 of file suricata.c.

References DOC_URL, GetProgramVersion(), and PROG_VER.

Here is the call graph for this function:

◆ GetProgramVersion()

const char* GetProgramVersion ( void  )

get string with program version

Get the program version as passed to us from AC_INIT

Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed to us.

Possible outputs: release: '5.0.1 RELEASE' dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)' dev w/o rev: '5.0.1-dev'

Definition at line 1126 of file suricata.c.

References PROG_VER, and xstr.

Referenced by GetDocURL().

Here is the caller graph for this function:

◆ GlobalsInitPreConfig()

void GlobalsInitPreConfig ( void  )

Definition at line 353 of file suricata.c.

References FrameConfigInit(), SCProtoNameInit(), SCThresholdConfGlobalInit(), SupportFastPatternForSigMatchTypes(), and TimeInit().

Referenced by LLVMFuzzerTestOneInput(), and RunUnittests().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ InitGlobal()

int InitGlobal ( void  )

Global initialization common to all runmodes.

This can be used by fuzz targets.

Definition at line 2850 of file suricata.c.

References ConfInit(), ParseSizeInit(), RunModeRegisterRunModes(), SC_ATOMIC_INIT, SCLogError, SCLogInitLogModule(), SCSetThreadName, suricata_context, UtilSignalBlock(), UtilSignalHandlerSetup(), and VarNameStoreInit().

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PostConfLoadedDetectSetup()

void PostConfLoadedDetectSetup ( SCInstance suri)

Definition at line 2536 of file suricata.c.

References de_ctx, and SCInstance_::disabled_detect.

◆ PostConfLoadedSetup()

int PostConfLoadedSetup ( SCInstance suri)

This function is meant to contain code that needs to be run once the configuration has been loaded.

Definition at line 2627 of file suricata.c.

References AppLayerSetup(), SCInstance_::capture_plugin_name, SCInstance_::checksum_validation, ConfGet(), ConfGetBool(), ConfSet(), EngineModeIsUnknown(), EngineModeSetIDS(), LiveDeviceFinalize(), LiveDevRegisterExtension(), LiveSetOffloadDisable(), LiveSetOffloadWarn(), MacSetRegisterFlowStorage(), MpmTableSetup(), RegisterFlowBypassInfo(), SCInstance_::run_mode, RUNMODE_AFP_DEV, SCInstance_::runmode_custom_mode, RunModeEngineIsIPS(), SCLogInfo, SCReturnInt, SetMasterExceptionPolicy(), SpmTableSetup(), StorageInit(), StringParseUint16(), suricata, and TM_ECODE_FAILED.

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PostRunDeinit()

void PostRunDeinit ( const int  runmode,
struct timeval *  start_time 
)

Definition at line 2265 of file suricata.c.

References FlowDisableFlowManagerThread(), FlowForceReassembly(), PacketPoolInit(), RUNMODE_UNIX_SOCKET, TmThreadDisablePacketThreads(), and TmThreadDisableReceiveThreads().

Referenced by PreRunPostPrivsDropInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PreRunInit()

void PreRunInit ( const int  runmode)

Definition at line 2214 of file suricata.c.

References AppLayerParserPostStreamSetup(), AppLayerRegisterGlobalCounters(), DefragInit(), FLOW_QUIET, FlowInitConfig(), HttpRangeContainersInit(), IPPairInitConfig(), OutputFilestoreRegisterGlobalCounters(), RUNMODE_UNIX_SOCKET, SCProfilingInit(), SCProfilingKeywordsGlobalInit(), SCProfilingPrefilterGlobalInit(), SCProfilingRulesGlobalInit(), SCProfilingSghsGlobalInit(), StatsInit(), STREAM_VERBOSE, and StreamTcpInitConfig().

Here is the call graph for this function:

◆ PreRunPostPrivsDropInit()

void PreRunPostPrivsDropInit ( const int  runmode)

Definition at line 2243 of file suricata.c.

References DatasetsInit(), PostRunDeinit(), RUNMODE_PCAP_FILE, RUNMODE_UNIX_SOCKET, RunModeInitializeOutputs(), StatsSetupPostConfigPostOutput(), and StatsSetupPostConfigPreOutput().

Here is the call graph for this function:

◆ RegisterAllModules()

void RegisterAllModules ( void  )

Definition at line 881 of file suricata.c.

References tmm_modules, TMM_SIZE, TmModuleBypassedFlowManagerRegister(), TmModuleDebugList(), TmModuleDecodeAFPRegister(), TmModuleDecodeAFXDPRegister(), TmModuleDecodeDPDKRegister(), TmModuleDecodeErfDagRegister(), TmModuleDecodeErfFileRegister(), TmModuleDecodeIPFWRegister(), TmModuleDecodeNetmapRegister(), TmModuleDecodeNFLOGRegister(), TmModuleDecodeNFQRegister(), TmModuleDecodePcapFileRegister(), TmModuleDecodePcapRegister(), TmModuleDecodePfringRegister(), TmModuleDecodeWinDivertRegister(), TmModuleFlowManagerRegister(), TmModuleFlowRecyclerRegister(), TmModuleFlowWorkerRegister(), TmModuleLoggerRegister(), TmModuleNapatechDecodeRegister(), TmModuleNapatechStreamRegister(), TmModuleReceiveAFPRegister(), TmModuleReceiveAFXDPRegister(), TmModuleReceiveDPDKRegister(), TmModuleReceiveErfDagRegister(), TmModuleReceiveErfFileRegister(), TmModuleReceiveIPFWRegister(), TmModuleReceiveNetmapRegister(), TmModuleReceiveNFLOGRegister(), TmModuleReceiveNFQRegister(), TmModuleReceivePcapFileRegister(), TmModuleReceivePcapRegister(), TmModuleReceivePfringRegister(), TmModuleReceiveWinDivertRegister(), TmModuleRespondRejectRegister(), TmModuleStatsLoggerRegister(), TmModuleUnixManagerRegister(), TmModuleVerdictIPFWRegister(), TmModuleVerdictNFQRegister(), and TmModuleVerdictWinDivertRegister().

Referenced by RunUnittests().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ RunmodeGetCurrent()

int RunmodeGetCurrent ( void  )

Definition at line 260 of file suricata.c.

References run_mode.

Referenced by ConfUnixSocketIsEnable(), RunModeGetMainMode(), and SigLoadSignatures().

Here is the caller graph for this function:

◆ RunmodeIsUnittests()

int RunmodeIsUnittests ( void  )

Definition at line 251 of file suricata.c.

References run_mode, and RUNMODE_UNITTEST.

Referenced by AppLayerParserConfParserEnabled(), AppLayerProtoDetectConfProtoDetectionEnabledDefault(), DetectEngineThreadCtxInit(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterTFTPParsers(), StreamTcpDecrMemuse(), StreamTcpInitConfig(), StreamTcpReassembleDecrMemuse(), StreamTcpThreadCacheReturnSegment(), and StreamTcpThreadCacheReturnSession().

Here is the caller graph for this function:

◆ SC_ATOMIC_DECLARE()

SC_ATOMIC_DECLARE ( unsigned int  ,
engine_stage   
)

◆ SuricataMain()

int SuricataMain ( int  argc,
char **  argv 
)

Definition at line 2883 of file suricata.c.

Referenced by main().

Here is the caller graph for this function:

◆ SuriHasSigFile()

int SuriHasSigFile ( void  )

Definition at line 218 of file suricata.c.

References SCInstance_::sig_file, and suricata.

Variable Documentation

◆ coverage_unittests

int coverage_unittests

Definition at line 877 of file suricata.c.

Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_detect_disabled

int g_detect_disabled = 0

global indicating if detection is enabled

Definition at line 189 of file suricata.c.

◆ g_disable_hashing

bool g_disable_hashing = false

Definition at line 213 of file suricata.c.

Referenced by FileForceHashParseCfg(), and SSLEnableJA3().

◆ g_disable_randomness

int g_disable_randomness = 0

disable randomness to get reproducible results across runs

Definition at line 198 of file suricata.c.

Referenced by RandomGet().

◆ g_livedev_mask

uint16_t g_livedev_mask = 0xffff

determine (without branching) if we include the livedev ids when hashing or comparing flows

Definition at line 209 of file suricata.c.

Referenced by FlowKeyGetHash().

◆ g_system

bool g_system = false

Definition at line 194 of file suricata.c.

◆ g_ut_covered

int g_ut_covered

Definition at line 879 of file suricata.c.

Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_ut_modules

int g_ut_modules

Definition at line 878 of file suricata.c.

Referenced by MpmRegisterTests(), SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_vlan_mask

uint16_t g_vlan_mask = 0xffff

determine (without branching) if we include the vlan_ids when hashing or comparing flows

Definition at line 205 of file suricata.c.

Referenced by FlowGetIpPairProtoHash(), and FlowKeyGetHash().

◆ host_mode

uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY

Host mode: set if box is sniffing only or is a router

Definition at line 183 of file suricata.c.

◆ run_mode

int run_mode = RUNMODE_UNKNOWN

Run mode selected

Definition at line 175 of file suricata.c.

Referenced by DPDKCleanupEAL(), DPDKCloseDevice(), DPDKFreeDevice(), LLVMFuzzerTestOneInput(), RunmodeGetCurrent(), and RunmodeIsUnittests().

◆ sc_set_caps

int sc_set_caps = FALSE

set caps or not

Definition at line 192 of file suricata.c.

◆ sighup_count

volatile sig_atomic_t sighup_count = 0

Definition at line 157 of file suricata.c.

◆ sigint_count

volatile sig_atomic_t sigint_count = 0

Definition at line 156 of file suricata.c.

◆ sigterm_count

volatile sig_atomic_t sigterm_count = 0

Definition at line 158 of file suricata.c.

◆ sigusr2_count

volatile sig_atomic_t sigusr2_count = 0

Definition at line 159 of file suricata.c.

◆ suricata

SCInstance suricata

Suricata instance

Definition at line 216 of file suricata.c.

Referenced by PostConfLoadedSetup(), and SuriHasSigFile().

◆ suricata_ctl_flags

volatile uint8_t suricata_ctl_flags = 0

suricata engine control flags

Definition at line 172 of file suricata.c.

Referenced by EngineDone(), EngineStop(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), and ReceivePfringLoop().