#include "suricata-common.h"
#include "suricata.h"
#include "decode.h"
#include "feature.h"
#include "detect.h"
#include "packet-queue.h"
#include "threads.h"
#include "threadvars.h"
#include "flow-worker.h"
#include "util-atomic.h"
#include "util-spm.h"
#include "util-cpu.h"
#include "util-action.h"
#include "util-pidfile.h"
#include "util-ioctl.h"
#include "util-device.h"
#include "util-misc.h"
#include "util-running-modes.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-fast-pattern.h"
#include "detect-engine-tag.h"
#include "detect-engine-threshold.h"
#include "detect-engine-address.h"
#include "detect-engine-port.h"
#include "detect-engine-mpm.h"
#include "tm-queuehandlers.h"
#include "tm-queues.h"
#include "tm-threads.h"
#include "tmqh-flow.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "app-layer-htp-range.h"
#include "datasets.h"
#include "stream-tcp.h"
#include "source-nfq.h"
#include "source-nfq-prototypes.h"
#include "source-nflog.h"
#include "source-ipfw.h"
#include "source-pcap.h"
#include "source-pcap-file.h"
#include "source-pfring.h"
#include "source-erf-file.h"
#include "source-erf-dag.h"
#include "source-napatech.h"
#include "source-af-packet.h"
#include "source-netmap.h"
#include "source-dpdk.h"
#include "source-windivert.h"
#include "source-windivert-prototypes.h"
#include "respond-reject.h"
#include "flow.h"
#include "flow-timeout.h"
#include "flow-manager.h"
#include "flow-bypass.h"
#include "flow-var.h"
#include "flow-bit.h"
#include "pkt-var.h"
#include "host-bit.h"
#include "ippair.h"
#include "ippair-bit.h"
#include "host.h"
#include "unix-manager.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-register.h"
#include "app-layer-htp.h"
#include "app-layer-ssl.h"
#include "app-layer-ssh.h"
#include "app-layer-ftp.h"
#include "app-layer-smtp.h"
#include "app-layer-enip.h"
#include "app-layer-dnp3.h"
#include "app-layer-smb.h"
#include "app-layer-htp-file.h"
#include "output-filestore.h"
#include "util-ebpf.h"
#include "util-radix-tree.h"
#include "util-host-os-info.h"
#include "util-cidr.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-time.h"
#include "util-rule-vars.h"
#include "util-classification-config.h"
#include "util-threshold-config.h"
#include "util-reference-config.h"
#include "util-profiling.h"
#include "util-magic.h"
#include "util-signal.h"
#include "util-coredump-config.h"
#include "util-decode-mime.h"
#include "defrag.h"
#include "runmodes.h"
#include "runmode-unittests.h"
#include "util-debug.h"
#include "util-error.h"
#include "util-daemon.h"
#include "util-byte.h"
#include "reputation.h"
#include "output.h"
#include "util-privs.h"
#include "tmqh-packetpool.h"
#include "util-proto-name.h"
#include "util-mpm-hs.h"
#include "util-storage.h"
#include "host-storage.h"
#include "util-lua.h"
#include "util-plugin.h"
#include "util-dpdk.h"
#include "rust.h"
#include "build-info.h"

Macros
#define	DEFAULT_MAX_PENDING_PACKETS 1024

Functions
	SC_ATOMIC_DECLARE (unsigned int, engine_stage)

int	SuriHasSigFile (void)

int	EngineModeIsIPS (void)

int	EngineModeIsIDS (void)

void	EngineModeSetIPS (void)

void	EngineModeSetIDS (void)

int	RunmodeIsUnittests (void)

int	RunmodeGetCurrent (void)

void	GlobalsInitPreConfig (void)

void	EngineStop (void)
	make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached. More...

void	EngineDone (void)
	Used to indicate that the current task is done. More...

void	RegisterAllModules (void)

const char *	GetDocURL (void)

const char *	GetProgramVersion (void)
	get string with program version More...

void	PreRunInit (const int runmode)

void	PreRunPostPrivsDropInit (const int runmode)

void	PostRunDeinit (const int runmode, struct timeval *start_time)

void	PostConfLoadedDetectSetup (SCInstance *suri)

int	PostConfLoadedSetup (SCInstance *suri)

int	InitGlobal (void)
	Global initialization common to all runmodes. More...

int	SuricataMain (int argc, char **argv)

Variables
volatile sig_atomic_t	sigint_count = 0

volatile sig_atomic_t	sighup_count = 0

volatile sig_atomic_t	sigterm_count = 0

volatile sig_atomic_t	sigusr2_count = 0

volatile uint8_t	suricata_ctl_flags = 0

int	run_mode = RUNMODE_UNKNOWN

uint8_t	host_mode = SURI_HOST_IS_SNIFFER_ONLY

intmax_t	max_pending_packets

int	g_detect_disabled = 0

int	sc_set_caps = FALSE

int	g_default_mtu = 0

bool	g_system = false

int	g_disable_randomness = 0

uint16_t	g_vlan_mask = 0xffff

bool	g_disable_hashing = false

SCInstance	suricata

int	coverage_unittests

int	g_ut_modules

int	g_ut_covered

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file suricata.c.

Macro Definition Documentation

◆ DEFAULT_MAX_PENDING_PACKETS

#define DEFAULT_MAX_PENDING_PACKETS 1024

Definition at line 198 of file suricata.c.

Function Documentation

◆ EngineDone()

void EngineDone ( void )

Used to indicate that the current task is done.

This is mainly used by pcap-file to tell it has finished to treat a pcap files when running in unix-socket mode.

Definition at line 455 of file suricata.c.

References suricata_ctl_flags, and SURICATA_DONE.

◆ EngineModeIsIDS()

int EngineModeIsIDS ( void )

Definition at line 255 of file suricata.c.

◆ EngineModeIsIPS()

int EngineModeIsIPS ( void )

Definition at line 250 of file suricata.c.

Referenced by AlertFastLogger(), FlowHandlePacketUpdate(), and StreamTcpInitConfig().

Here is the caller graph for this function:

◆ EngineModeSetIDS()

void EngineModeSetIDS ( void )

Definition at line 265 of file suricata.c.

◆ EngineModeSetIPS()

void EngineModeSetIPS ( void )

Definition at line 260 of file suricata.c.

◆ EngineStop()

void EngineStop ( void )

make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached.

Definition at line 444 of file suricata.c.

References suricata_ctl_flags, and SURICATA_STOP.

Referenced by ReceiveErfFileLoop().

Here is the caller graph for this function:

◆ GetDocURL()

const char* GetDocURL ( void )

Definition at line 1094 of file suricata.c.

References DOC_URL, GetProgramVersion(), and PROG_VER.

Here is the call graph for this function:

◆ GetProgramVersion()

const char* GetProgramVersion ( void )

get string with program version

Get the program version as passed to us from AC_INIT

Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed to us.

Possible outputs: release: '5.0.1 RELEASE' dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)' dev w/o rev: '5.0.1-dev'

Definition at line 1115 of file suricata.c.

References PROG_VER, and xstr.

Referenced by GetDocURL().

Here is the caller graph for this function:

◆ GlobalsInitPreConfig()

void GlobalsInitPreConfig ( void )

Definition at line 371 of file suricata.c.

References SCThresholdConfGlobalInit(), SupportFastPatternForSigMatchTypes(), and TimeInit().

Referenced by LLVMFuzzerTestOneInput(), and RunUnittests().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ InitGlobal()

int InitGlobal ( void )

Global initialization common to all runmodes.

This can be used by fuzz targets.

Definition at line 2784 of file suricata.c.

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PostConfLoadedDetectSetup()

void PostConfLoadedDetectSetup ( SCInstance * suri )

Definition at line 2443 of file suricata.c.

References de_ctx, SCInstance_::disabled_detect, SCClassConfInit(), and SCReferenceConfInit().

Here is the call graph for this function:

◆ PostConfLoadedSetup()

int PostConfLoadedSetup ( SCInstance * suri )

This function is meant to contain code that needs to be run once the configuration has been loaded.

Definition at line 2562 of file suricata.c.

References AppLayerSetup(), SCInstance_::checksum_validation, ConfGet(), ConfGetBool(), ConfGetValue(), ConfSet(), LiveDevRegisterExtension(), LiveSetOffloadDisable(), LiveSetOffloadWarn(), MacSetRegisterFlowStorage(), MpmTableSetup(), RegisterFlowBypassInfo(), SCInstance_::run_mode, RUNMODE_AFP_DEV, SCInstance_::runmode_custom_mode, SCReturnInt, SpmTableSetup(), StorageInit(), StringParseUint16(), and TM_ECODE_FAILED.

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PostRunDeinit()

void PostRunDeinit	(	const int	runmode,
		struct timeval *	start_time
	)

Definition at line 2171 of file suricata.c.

References FlowDisableFlowManagerThread(), FlowForceReassembly(), PacketPoolInit(), RUNMODE_UNIX_SOCKET, TmThreadDisablePacketThreads(), and TmThreadDisableReceiveThreads().

Referenced by PreRunPostPrivsDropInit().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ PreRunInit()

void PreRunInit ( const int runmode )

Definition at line 2124 of file suricata.c.

References AppLayerParserPostStreamSetup(), AppLayerRegisterGlobalCounters(), DefragInit(), FLOW_QUIET, FlowInitConfig(), HttpRangeContainersInit(), IPPairInitConfig(), OutputFilestoreRegisterGlobalCounters(), RUNMODE_UNIX_SOCKET, SCProfilingInit(), SCProfilingKeywordsGlobalInit(), SCProfilingPrefilterGlobalInit(), SCProfilingRulesGlobalInit(), SCProfilingSghsGlobalInit(), StatsInit(), STREAM_VERBOSE, and StreamTcpInitConfig().

Here is the call graph for this function:

◆ PreRunPostPrivsDropInit()

void PreRunPostPrivsDropInit ( const int runmode )

Definition at line 2149 of file suricata.c.

References DatasetsInit(), PostRunDeinit(), RUNMODE_PCAP_FILE, RUNMODE_UNIX_SOCKET, RunModeInitializeOutputs(), StatsSetupPostConfigPostOutput(), and StatsSetupPostConfigPreOutput().

Here is the call graph for this function:

◆ RegisterAllModules()

void RegisterAllModules ( void )

Definition at line 895 of file suricata.c.

Referenced by RunUnittests().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ RunmodeGetCurrent()

int RunmodeGetCurrent ( void )

Definition at line 280 of file suricata.c.

References run_mode.

Referenced by ConfUnixSocketIsEnable(), RunModeGetMainMode(), and SigLoadSignatures().

Here is the caller graph for this function:

◆ RunmodeIsUnittests()

int RunmodeIsUnittests ( void )

Definition at line 271 of file suricata.c.

References run_mode, and RUNMODE_UNITTEST.

Referenced by AppLayerParserConfParserEnabled(), AppLayerProtoDetectConfProtoDetectionEnabledDefault(), DetectEngineThreadCtxInit(), DetectTemplateBufferRegister(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterTemplateParsers(), RegisterTFTPParsers(), StreamTcpDecrMemuse(), StreamTcpInitConfig(), and StreamTcpReassembleDecrMemuse().

Here is the caller graph for this function:

◆ SC_ATOMIC_DECLARE()

SC_ATOMIC_DECLARE	(	unsigned int	,
		engine_stage
	)

◆ SuricataMain()

int SuricataMain	(	int	argc,
		char **	argv
	)

Definition at line 2835 of file suricata.c.

Referenced by main().

Here is the caller graph for this function:

◆ SuriHasSigFile()

int SuriHasSigFile ( void )

Definition at line 245 of file suricata.c.

References SCInstance_::sig_file, and suricata.

Variable Documentation

◆ coverage_unittests

int coverage_unittests

Definition at line 891 of file suricata.c.

Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_default_mtu

int g_default_mtu = 0

highest mtu of the interfaces we monitor

Definition at line 223 of file suricata.c.

◆ g_detect_disabled

int g_detect_disabled = 0

global indicating if detection is enabled

Definition at line 217 of file suricata.c.

◆ g_disable_hashing

bool g_disable_hashing = false

Definition at line 240 of file suricata.c.

Referenced by FileForceHashParseCfg(), and SSLEnableJA3().

◆ g_disable_randomness

int g_disable_randomness = 0

disable randomness to get reproducible results accross runs

Definition at line 229 of file suricata.c.

Referenced by RandomGet().

◆ g_system

bool g_system = false

Definition at line 225 of file suricata.c.

◆ g_ut_covered

int g_ut_covered

Definition at line 893 of file suricata.c.

Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_ut_modules

int g_ut_modules

Definition at line 892 of file suricata.c.

Referenced by MpmRegisterTests(), SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_vlan_mask

uint16_t g_vlan_mask = 0xffff

determine (without branching) if we include the vlan_ids when hashing or comparing flows

Definition at line 236 of file suricata.c.

Referenced by FlowKeyGetHash().

◆ host_mode

uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY

Host mode: set if box is sniffing only or is a router

Definition at line 211 of file suricata.c.

◆ run_mode

int run_mode = RUNMODE_UNKNOWN

Run mode selected

Definition at line 203 of file suricata.c.

Referenced by DPDKCleanupEAL(), DPDKCloseDevice(), LLVMFuzzerTestOneInput(), RunmodeGetCurrent(), and RunmodeIsUnittests().

◆ sc_set_caps

int sc_set_caps = FALSE

set caps or not

Definition at line 220 of file suricata.c.

◆ sighup_count

volatile sig_atomic_t sighup_count = 0

Definition at line 185 of file suricata.c.

◆ sigint_count

volatile sig_atomic_t sigint_count = 0

Definition at line 184 of file suricata.c.

◆ sigterm_count

volatile sig_atomic_t sigterm_count = 0

Definition at line 186 of file suricata.c.

◆ sigusr2_count

volatile sig_atomic_t sigusr2_count = 0

Definition at line 187 of file suricata.c.

◆ suricata

SCInstance suricata

Suricata instance

Definition at line 243 of file suricata.c.

Referenced by SuriHasSigFile().

◆ suricata_ctl_flags

volatile uint8_t suricata_ctl_flags = 0

suricata engine control flags

Definition at line 200 of file suricata.c.

Referenced by EngineDone(), EngineStop(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), and ReceivePfringLoop().

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ DEFAULT_MAX_PENDING_PACKETS

Function Documentation

◆ EngineDone()

◆ EngineModeIsIDS()

◆ EngineModeIsIPS()

◆ EngineModeSetIDS()

◆ EngineModeSetIPS()

◆ EngineStop()

◆ GetDocURL()

◆ GetProgramVersion()

◆ GlobalsInitPreConfig()

◆ InitGlobal()

◆ PostConfLoadedDetectSetup()

◆ PostConfLoadedSetup()

◆ PostRunDeinit()

◆ PreRunInit()

◆ PreRunPostPrivsDropInit()

◆ RegisterAllModules()

◆ RunmodeGetCurrent()

◆ RunmodeIsUnittests()

◆ SC_ATOMIC_DECLARE()

◆ SuricataMain()

◆ SuriHasSigFile()

Variable Documentation

◆ coverage_unittests

◆ g_default_mtu

◆ g_detect_disabled

◆ g_disable_hashing

◆ g_disable_randomness

◆ g_system

◆ g_ut_covered

◆ g_ut_modules

◆ g_vlan_mask

◆ host_mode

◆ run_mode

◆ sc_set_caps

◆ sighup_count

◆ sigint_count

◆ sigterm_count

◆ sigusr2_count

◆ suricata

◆ suricata_ctl_flags