#include "suricata-common.h"#include "config.h"#include "suricata.h"#include "decode.h"#include "feature.h"#include "detect.h"#include "packet-queue.h"#include "threads.h"#include "threadvars.h"#include "flow-worker.h"#include "util-atomic.h"#include "util-spm.h"#include "util-cpu.h"#include "util-action.h"#include "util-pidfile.h"#include "util-ioctl.h"#include "util-device.h"#include "util-misc.h"#include "util-running-modes.h"#include "detect-engine.h"#include "detect-parse.h"#include "detect-fast-pattern.h"#include "detect-engine-tag.h"#include "detect-engine-threshold.h"#include "detect-engine-address.h"#include "detect-engine-port.h"#include "detect-engine-mpm.h"#include "tm-queuehandlers.h"#include "tm-queues.h"#include "tm-threads.h"#include "tmqh-flow.h"#include "conf.h"#include "conf-yaml-loader.h"#include "datasets.h"#include "stream-tcp.h"#include "source-nfq.h"#include "source-nfq-prototypes.h"#include "source-nflog.h"#include "source-ipfw.h"#include "source-pcap.h"#include "source-pcap-file.h"#include "source-pfring.h"#include "source-erf-file.h"#include "source-erf-dag.h"#include "source-napatech.h"#include "source-af-packet.h"#include "source-netmap.h"#include "source-windivert.h"#include "source-windivert-prototypes.h"#include "respond-reject.h"#include "flow.h"#include "flow-timeout.h"#include "flow-manager.h"#include "flow-bypass.h"#include "flow-var.h"#include "flow-bit.h"#include "pkt-var.h"#include "host-bit.h"#include "ippair.h"#include "ippair-bit.h"#include "host.h"#include "unix-manager.h"#include "app-layer.h"#include "app-layer-parser.h"#include "app-layer-htp.h"#include "app-layer-ssl.h"#include "app-layer-ssh.h"#include "app-layer-ftp.h"#include "app-layer-smtp.h"#include "app-layer-modbus.h"#include "app-layer-enip.h"#include "app-layer-dnp3.h"#include "app-layer-smb.h"#include "app-layer-dcerpc.h"#include "util-ebpf.h"#include "util-radix-tree.h"#include "util-host-os-info.h"#include "util-cidr.h"#include "util-unittest.h"#include "util-unittest-helper.h"#include "util-time.h"#include "util-rule-vars.h"#include "util-classification-config.h"#include "util-threshold-config.h"#include "util-reference-config.h"#include "util-profiling.h"#include "util-magic.h"#include "util-signal.h"#include "util-coredump-config.h"#include "util-decode-mime.h"#include "defrag.h"#include "runmodes.h"#include "runmode-unittests.h"#include "util-decode-asn1.h"#include "util-debug.h"#include "util-error.h"#include "util-daemon.h"#include "util-byte.h"#include "reputation.h"#include "output.h"#include "util-privs.h"#include "tmqh-packetpool.h"#include "util-proto-name.h"#include "util-mpm-hs.h"#include "util-storage.h"#include "host-storage.h"#include "util-lua.h"#include "rust.h"#include "build-info.h"Go to the source code of this file.
Macros | |
| #define | DEFAULT_MAX_PENDING_PACKETS 1024 |
Functions | |
| SC_ATOMIC_DECLARE (unsigned int, engine_stage) | |
| int | SuriHasSigFile (void) |
| int | EngineModeIsIPS (void) |
| int | EngineModeIsIDS (void) |
| void | EngineModeSetIPS (void) |
| void | EngineModeSetIDS (void) |
| int | RunmodeIsUnittests (void) |
| int | RunmodeGetCurrent (void) |
| void | GlobalsInitPreConfig (void) |
| void | EngineStop (void) |
| make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached. More... | |
| void | EngineDone (void) |
| Used to indicate that the current task is done. More... | |
| void | RegisterAllModules (void) |
| const char * | GetProgramVersion (void) |
| get string with program version More... | |
| void | PreRunInit (const int runmode) |
| void | PreRunPostPrivsDropInit (const int runmode) |
| void | PostRunDeinit (const int runmode, struct timeval *start_time) |
| int | PostConfLoadedSetup (SCInstance *suri) |
| int | InitGlobal (void) |
| Global initialization common to all runmodes. More... | |
| int | SuricataMain (int argc, char **argv) |
Variables | |
| volatile sig_atomic_t | sigint_count = 0 |
| volatile sig_atomic_t | sighup_count = 0 |
| volatile sig_atomic_t | sigterm_count = 0 |
| volatile sig_atomic_t | sigusr2_count = 0 |
| volatile uint8_t | suricata_ctl_flags = 0 |
| int | run_mode = RUNMODE_UNKNOWN |
| uint8_t | host_mode = SURI_HOST_IS_SNIFFER_ONLY |
| intmax_t | max_pending_packets |
| int | g_detect_disabled = 0 |
| int | sc_set_caps = FALSE |
| int | g_default_mtu = 0 |
| bool | g_system = false |
| int | g_disable_randomness = 0 |
| uint16_t | g_vlan_mask = 0xffff |
| SCInstance | suricata |
| int | coverage_unittests |
| int | g_ut_modules |
| int | g_ut_covered |
| SuricataContext | context |
Detailed Description
Definition in file suricata.c.
Macro Definition Documentation
◆ DEFAULT_MAX_PENDING_PACKETS
| #define DEFAULT_MAX_PENDING_PACKETS 1024 |
Definition at line 195 of file suricata.c.
Function Documentation
◆ EngineDone()
| void EngineDone | ( | void | ) |
Used to indicate that the current task is done.
This is mainly used by pcap-file to tell it has finished to treat a pcap files when running in unix-socket mode.
Definition at line 425 of file suricata.c.
References suricata_ctl_flags, and SURICATA_DONE.
◆ EngineModeIsIDS()
| int EngineModeIsIDS | ( | void | ) |
Definition at line 249 of file suricata.c.
◆ EngineModeIsIPS()
| int EngineModeIsIPS | ( | void | ) |
Definition at line 244 of file suricata.c.
Referenced by AlertFastLogger(), AlertJsonHeader(), FlowHandlePacketUpdate(), and StreamTcpInitConfig().
◆ EngineModeSetIDS()
| void EngineModeSetIDS | ( | void | ) |
Definition at line 259 of file suricata.c.
◆ EngineModeSetIPS()
| void EngineModeSetIPS | ( | void | ) |
Definition at line 254 of file suricata.c.
◆ EngineStop()
| void EngineStop | ( | void | ) |
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached.
Definition at line 414 of file suricata.c.
References suricata_ctl_flags, and SURICATA_STOP.
Referenced by ReceiveErfFileLoop().
◆ GetProgramVersion()
| const char* GetProgramVersion | ( | void | ) |
get string with program version
Get the program version as passed to us from AC_INIT
Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed to us.
Possible outputs: release: '5.0.1 RELEASE' dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)' dev w/o rev: '5.0.1-dev'
Definition at line 1045 of file suricata.c.
◆ GlobalsInitPreConfig()
| void GlobalsInitPreConfig | ( | void | ) |
Definition at line 327 of file suricata.c.
References SCThresholdConfGlobalInit(), SupportFastPatternForSigMatchTypes(), and TimeInit().
Referenced by LLVMFuzzerTestOneInput(), and RunUnittests().
◆ InitGlobal()
| int InitGlobal | ( | void | ) |
Global initialization common to all runmodes.
This can be used by fuzz targets.
Definition at line 2640 of file suricata.c.
References SuricataContext_::AppLayerDecoderEventsFreeEvents, AppLayerDecoderEventsFreeEvents(), SuricataContext_::AppLayerDecoderEventsSetEventRaw, AppLayerDecoderEventsSetEventRaw(), ConfInit(), context, SuricataContext_::DetectEngineStateFree, DetectEngineStateFree(), SuricataContext_::FileAppendDataById, FileAppendDataById(), SuricataContext_::FileAppendGAPById, FileAppendGAPById(), SuricataContext_::FileCloseFileById, FileCloseFileById(), SuricataContext_::FileContainerRecycle, FileContainerRecycle(), FileContainerSetTx(), SuricataContext_::FileOpenFileWithId, FileOpenFileWithId(), SuricataContext_::FilePrune, FilePrune(), SuricataContext_::FileSetTx, ParseSizeInit(), RunModeRegisterRunModes(), SC_ATOMIC_INIT, SC_ERR_INITIALIZATION, SCLogError, SCLogInitLogModule(), SuricataContext_::SCLogMessage, SCLogMessage(), SCSetThreadName, UtilSignalBlock(), and UtilSignalHandlerSetup().
Referenced by LLVMFuzzerTestOneInput().
◆ PostConfLoadedSetup()
| int PostConfLoadedSetup | ( | SCInstance * | suri | ) |
This function is meant to contain code that needs to be run once the configuration has been loaded.
Definition at line 2408 of file suricata.c.
References AppLayerSetup(), SCInstance_::checksum_validation, ConfGet(), ConfGetBool(), ConfGetValue(), ConfSet(), LiveDevRegisterExtension(), LiveSetOffloadDisable(), LiveSetOffloadWarn(), MpmTableSetup(), RegisterFlowBypassInfo(), SCInstance_::runmode_custom_mode, SCReturnInt, SpmTableSetup(), StorageInit(), StringParseUint16(), and TM_ECODE_FAILED.
Referenced by LLVMFuzzerTestOneInput().
◆ PostRunDeinit()
| void PostRunDeinit | ( | const int | runmode, |
| struct timeval * | start_time | ||
| ) |
Definition at line 2017 of file suricata.c.
References FlowDisableFlowManagerThread(), FlowForceReassembly(), PacketPoolInit(), RUNMODE_UNIX_SOCKET, TmThreadDisablePacketThreads(), and TmThreadDisableReceiveThreads().
◆ PreRunInit()
| void PreRunInit | ( | const int | runmode | ) |
Definition at line 1979 of file suricata.c.
References AppLayerParserPostStreamSetup(), AppLayerRegisterGlobalCounters(), DatasetsInit(), DefragInit(), FLOW_QUIET, FlowInitConfig(), IPPairInitConfig(), RUNMODE_UNIX_SOCKET, SCProfilingInit(), SCProfilingKeywordsGlobalInit(), SCProfilingPrefilterGlobalInit(), SCProfilingRulesGlobalInit(), SCProfilingSghsGlobalInit(), StatsInit(), STREAM_VERBOSE, and StreamTcpInitConfig().
◆ PreRunPostPrivsDropInit()
| void PreRunPostPrivsDropInit | ( | const int | runmode | ) |
Definition at line 2003 of file suricata.c.
References RUNMODE_UNIX_SOCKET, RunModeInitializeOutputs(), StatsSetupPostConfigPostOutput(), and StatsSetupPostConfigPreOutput().
◆ RegisterAllModules()
| void RegisterAllModules | ( | void | ) |
Definition at line 848 of file suricata.c.
References tmm_modules, TMM_SIZE, TmModuleBypassedFlowManagerRegister(), TmModuleDebugList(), TmModuleDecodeAFPRegister(), TmModuleDecodeErfDagRegister(), TmModuleDecodeErfFileRegister(), TmModuleDecodeIPFWRegister(), TmModuleDecodeNetmapRegister(), TmModuleDecodeNFLOGRegister(), TmModuleDecodeNFQRegister(), TmModuleDecodePcapFileRegister(), TmModuleDecodePcapRegister(), TmModuleDecodePfringRegister(), TmModuleDecodeWinDivertRegister(), TmModuleFlowManagerRegister(), TmModuleFlowRecyclerRegister(), TmModuleFlowWorkerRegister(), TmModuleLoggerRegister(), TmModuleNapatechDecodeRegister(), TmModuleNapatechStreamRegister(), TmModuleReceiveAFPRegister(), TmModuleReceiveErfDagRegister(), TmModuleReceiveErfFileRegister(), TmModuleReceiveIPFWRegister(), TmModuleReceiveNetmapRegister(), TmModuleReceiveNFLOGRegister(), TmModuleReceiveNFQRegister(), TmModuleReceivePcapFileRegister(), TmModuleReceivePcapRegister(), TmModuleReceivePfringRegister(), TmModuleReceiveWinDivertRegister(), TmModuleRespondRejectRegister(), TmModuleStatsLoggerRegister(), TmModuleUnixManagerRegister(), TmModuleVerdictIPFWRegister(), TmModuleVerdictNFQRegister(), and TmModuleVerdictWinDivertRegister().
Referenced by RunUnittests().
◆ RunmodeGetCurrent()
| int RunmodeGetCurrent | ( | void | ) |
Definition at line 272 of file suricata.c.
References run_mode.
Referenced by ConfUnixSocketIsEnable(), RunModeGetMainMode(), and SigLoadSignatures().
◆ RunmodeIsUnittests()
| int RunmodeIsUnittests | ( | void | ) |
Definition at line 264 of file suricata.c.
References run_mode, and RUNMODE_UNITTEST.
Referenced by AppLayerParserConfParserEnabled(), AppLayerProtoDetectConfProtoDetectionEnabled(), DetectEngineThreadCtxInit(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterModbusParsers(), RegisterTemplateParsers(), RegisterTFTPParsers(), StreamTcpDecrMemuse(), StreamTcpInitConfig(), and StreamTcpReassembleDecrMemuse().
◆ SC_ATOMIC_DECLARE()
| SC_ATOMIC_DECLARE | ( | unsigned int | , |
| engine_stage | |||
| ) |
◆ SuricataMain()
| int SuricataMain | ( | int | argc, |
| char ** | argv | ||
| ) |
Definition at line 2685 of file suricata.c.
Referenced by main().
◆ SuriHasSigFile()
| int SuriHasSigFile | ( | void | ) |
Definition at line 239 of file suricata.c.
References SCInstance_::sig_file, and suricata.
Variable Documentation
◆ context
| SuricataContext context |
Definition at line 2632 of file suricata.c.
Referenced by DecodeENIPPDU(), and InitGlobal().
◆ coverage_unittests
| int coverage_unittests |
Definition at line 844 of file suricata.c.
Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().
◆ g_default_mtu
| int g_default_mtu = 0 |
highest mtu of the interfaces we monitor
Definition at line 221 of file suricata.c.
◆ g_detect_disabled
| int g_detect_disabled = 0 |
global indicating if detection is enabled
Definition at line 215 of file suricata.c.
◆ g_disable_randomness
| int g_disable_randomness = 0 |
disable randomness to get reproducible results accross runs
Definition at line 227 of file suricata.c.
Referenced by RandomGet().
◆ g_system
| bool g_system = false |
Definition at line 223 of file suricata.c.
◆ g_ut_covered
| int g_ut_covered |
Definition at line 846 of file suricata.c.
Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().
◆ g_ut_modules
| int g_ut_modules |
Definition at line 845 of file suricata.c.
Referenced by MpmRegisterTests(), SigTableRegisterTests(), and TmModuleRegisterTests().
◆ g_vlan_mask
| uint16_t g_vlan_mask = 0xffff |
determine (without branching) if we include the vlan_ids when hashing or comparing flows
Definition at line 234 of file suricata.c.
Referenced by FlowKeyGetHash().
◆ host_mode
| uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY |
Host mode: set if box is sniffing only or is a router
Definition at line 209 of file suricata.c.
◆ run_mode
| int run_mode = RUNMODE_UNKNOWN |
Run mode selected
Definition at line 201 of file suricata.c.
Referenced by LLVMFuzzerTestOneInput(), RunmodeGetCurrent(), and RunmodeIsUnittests().
◆ sc_set_caps
| int sc_set_caps = FALSE |
set caps or not
Definition at line 218 of file suricata.c.
◆ sighup_count
| volatile sig_atomic_t sighup_count = 0 |
Definition at line 183 of file suricata.c.
◆ sigint_count
| volatile sig_atomic_t sigint_count = 0 |
Definition at line 182 of file suricata.c.
◆ sigterm_count
| volatile sig_atomic_t sigterm_count = 0 |
Definition at line 184 of file suricata.c.
◆ sigusr2_count
| volatile sig_atomic_t sigusr2_count = 0 |
Definition at line 185 of file suricata.c.
◆ suricata
| SCInstance suricata |
◆ suricata_ctl_flags
| volatile uint8_t suricata_ctl_flags = 0 |
suricata engine control flags
Definition at line 198 of file suricata.c.
Referenced by EngineDone(), EngineStop(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), and ReceivePfringLoop().
