suricata
Macros | Functions | Variables
suricata.c File Reference
#include "suricata-common.h"
#include "suricata.h"
#include "decode.h"
#include "feature.h"
#include "detect.h"
#include "packet-queue.h"
#include "threads.h"
#include "threadvars.h"
#include "flow-worker.h"
#include "util-atomic.h"
#include "util-spm.h"
#include "util-cpu.h"
#include "util-action.h"
#include "util-pidfile.h"
#include "util-ioctl.h"
#include "util-device.h"
#include "util-misc.h"
#include "util-running-modes.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-fast-pattern.h"
#include "detect-engine-tag.h"
#include "detect-engine-threshold.h"
#include "detect-engine-address.h"
#include "detect-engine-port.h"
#include "detect-engine-mpm.h"
#include "tm-queuehandlers.h"
#include "tm-queues.h"
#include "tm-threads.h"
#include "tmqh-flow.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "app-layer-htp-range.h"
#include "datasets.h"
#include "stream-tcp.h"
#include "source-nfq.h"
#include "source-nfq-prototypes.h"
#include "source-nflog.h"
#include "source-ipfw.h"
#include "source-pcap.h"
#include "source-pcap-file.h"
#include "source-pcap-file-helper.h"
#include "source-pfring.h"
#include "source-erf-file.h"
#include "source-erf-dag.h"
#include "source-napatech.h"
#include "source-af-packet.h"
#include "source-netmap.h"
#include "source-dpdk.h"
#include "source-windivert.h"
#include "source-windivert-prototypes.h"
#include "respond-reject.h"
#include "flow.h"
#include "flow-timeout.h"
#include "flow-manager.h"
#include "flow-bypass.h"
#include "flow-var.h"
#include "flow-bit.h"
#include "pkt-var.h"
#include "host-bit.h"
#include "ippair.h"
#include "ippair-bit.h"
#include "host.h"
#include "unix-manager.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-register.h"
#include "app-layer-htp.h"
#include "app-layer-ssl.h"
#include "app-layer-ssh.h"
#include "app-layer-ftp.h"
#include "app-layer-smtp.h"
#include "app-layer-enip.h"
#include "app-layer-dnp3.h"
#include "app-layer-smb.h"
#include "app-layer-htp-file.h"
#include "output-filestore.h"
#include "util-ebpf.h"
#include "util-radix-tree.h"
#include "util-host-os-info.h"
#include "util-cidr.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-time.h"
#include "util-rule-vars.h"
#include "util-classification-config.h"
#include "util-threshold-config.h"
#include "util-reference-config.h"
#include "util-profiling.h"
#include "util-magic.h"
#include "util-signal.h"
#include "util-coredump-config.h"
#include "util-decode-mime.h"
#include "defrag.h"
#include "runmodes.h"
#include "runmode-unittests.h"
#include "util-debug.h"
#include "util-error.h"
#include "util-daemon.h"
#include "util-byte.h"
#include "reputation.h"
#include "output.h"
#include "util-privs.h"
#include "tmqh-packetpool.h"
#include "util-proto-name.h"
#include "util-mpm-hs.h"
#include "util-storage.h"
#include "host-storage.h"
#include "util-lua.h"
#include "util-plugin.h"
#include "util-dpdk.h"
#include "util-exception-policy.h"
#include "rust.h"
#include "build-info.h"

Go to the source code of this file.

Macros

#define DEFAULT_MAX_PENDING_PACKETS   1024
 

Functions

 SC_ATOMIC_DECLARE (unsigned int, engine_stage)
 
int SuriHasSigFile (void)
 
int EngineModeIsIPS (void)
 
int EngineModeIsIDS (void)
 
void EngineModeSetIPS (void)
 
void EngineModeSetIDS (void)
 
int RunmodeIsUnittests (void)
 
int RunmodeGetCurrent (void)
 
void GlobalsInitPreConfig (void)
 
void EngineStop (void)
 make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached. More...
 
void EngineDone (void)
 Used to indicate that the current task is done. More...
 
void RegisterAllModules (void)
 
const char * GetDocURL (void)
 
const char * GetProgramVersion (void)
 get string with program version More...
 
void PreRunInit (const int runmode)
 
void PreRunPostPrivsDropInit (const int runmode)
 
void PostRunDeinit (const int runmode, struct timeval *start_time)
 
void PostConfLoadedDetectSetup (SCInstance *suri)
 
int PostConfLoadedSetup (SCInstance *suri)
 
int InitGlobal (void)
 Global initialization common to all runmodes. More...
 
int SuricataMain (int argc, char **argv)
 

Variables

volatile sig_atomic_t sigint_count = 0
 
volatile sig_atomic_t sighup_count = 0
 
volatile sig_atomic_t sigterm_count = 0
 
volatile sig_atomic_t sigusr2_count = 0
 
volatile uint8_t suricata_ctl_flags = 0
 
int run_mode = RUNMODE_UNKNOWN
 
uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY
 
intmax_t max_pending_packets
 
int g_detect_disabled = 0
 
int sc_set_caps = FALSE
 
int g_default_mtu = 0
 
bool g_system = false
 
int g_disable_randomness = 0
 
uint16_t g_vlan_mask = 0xffff
 
bool g_disable_hashing = false
 
SCInstance suricata
 
int coverage_unittests
 
int g_ut_modules
 
int g_ut_covered
 

Detailed Description

Author
Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Definition in file suricata.c.

Macro Definition Documentation

◆ DEFAULT_MAX_PENDING_PACKETS

#define DEFAULT_MAX_PENDING_PACKETS   1024

Definition at line 200 of file suricata.c.

Function Documentation

◆ EngineDone()

void EngineDone ( void  )

Used to indicate that the current task is done.

This is mainly used by pcap-file to tell it has finished to treat a pcap files when running in unix-socket mode.

Definition at line 461 of file suricata.c.

References suricata_ctl_flags, and SURICATA_DONE.

◆ EngineModeIsIDS()

int EngineModeIsIDS ( void  )

Definition at line 257 of file suricata.c.

◆ EngineModeIsIPS()

int EngineModeIsIPS ( void  )

Definition at line 252 of file suricata.c.

Referenced by AlertFastLogger(), ExceptionPolicyParse(), FlowHandlePacketUpdate(), and StreamTcpInitConfig().

Here is the caller graph for this function:

◆ EngineModeSetIDS()

void EngineModeSetIDS ( void  )

Definition at line 267 of file suricata.c.

◆ EngineModeSetIPS()

void EngineModeSetIPS ( void  )

Definition at line 262 of file suricata.c.

◆ EngineStop()

void EngineStop ( void  )

make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached.

Definition at line 450 of file suricata.c.

References suricata_ctl_flags, and SURICATA_STOP.

Referenced by ReceiveErfFileLoop().

Here is the caller graph for this function:

◆ GetDocURL()

const char* GetDocURL ( void  )

Definition at line 1099 of file suricata.c.

References DOC_URL, GetProgramVersion(), and PROG_VER.

Here is the call graph for this function:

◆ GetProgramVersion()

const char* GetProgramVersion ( void  )

get string with program version

Get the program version as passed to us from AC_INIT

Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed to us.

Possible outputs: release: '5.0.1 RELEASE' dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)' dev w/o rev: '5.0.1-dev'

Definition at line 1120 of file suricata.c.

References PROG_VER, and xstr.

Referenced by GetDocURL().

Here is the caller graph for this function:

◆ GlobalsInitPreConfig()

void GlobalsInitPreConfig ( void  )

Definition at line 375 of file suricata.c.

References SCProtoNameInit(), SCThresholdConfGlobalInit(), SupportFastPatternForSigMatchTypes(), and TimeInit().

Referenced by LLVMFuzzerTestOneInput(), and RunUnittests().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ InitGlobal()

int InitGlobal ( void  )

Global initialization common to all runmodes.

This can be used by fuzz targets.

Definition at line 2803 of file suricata.c.

References ConfInit(), ParseSizeInit(), RunModeRegisterRunModes(), SC_ATOMIC_INIT, SC_ERR_INITIALIZATION, SCLogError, SCLogInitLogModule(), SCSetThreadName, suricata_context, UtilSignalBlock(), and UtilSignalHandlerSetup().

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PostConfLoadedDetectSetup()

void PostConfLoadedDetectSetup ( SCInstance suri)

Definition at line 2466 of file suricata.c.

References de_ctx, SCInstance_::disabled_detect, SCClassConfInit(), and SCReferenceConfInit().

Here is the call graph for this function:

◆ PostConfLoadedSetup()

int PostConfLoadedSetup ( SCInstance suri)

This function is meant to contain code that needs to be run once the configuration has been loaded.

Definition at line 2584 of file suricata.c.

References AppLayerSetup(), SCInstance_::checksum_validation, ConfGet(), ConfGetBool(), ConfSet(), LiveDevRegisterExtension(), LiveSetOffloadDisable(), LiveSetOffloadWarn(), MacSetRegisterFlowStorage(), MpmTableSetup(), RegisterFlowBypassInfo(), SCInstance_::run_mode, RUNMODE_AFP_DEV, SCInstance_::runmode_custom_mode, SCReturnInt, SpmTableSetup(), StorageInit(), StringParseUint16(), and TM_ECODE_FAILED.

Referenced by LLVMFuzzerTestOneInput().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PostRunDeinit()

void PostRunDeinit ( const int  runmode,
struct timeval *  start_time 
)

Definition at line 2194 of file suricata.c.

References FlowDisableFlowManagerThread(), FlowForceReassembly(), PacketPoolInit(), RUNMODE_UNIX_SOCKET, TmThreadDisablePacketThreads(), and TmThreadDisableReceiveThreads().

Referenced by PreRunPostPrivsDropInit().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ PreRunInit()

void PreRunInit ( const int  runmode)

Definition at line 2147 of file suricata.c.

References AppLayerParserPostStreamSetup(), AppLayerRegisterGlobalCounters(), DefragInit(), FLOW_QUIET, FlowInitConfig(), HttpRangeContainersInit(), IPPairInitConfig(), OutputFilestoreRegisterGlobalCounters(), RUNMODE_UNIX_SOCKET, SCProfilingInit(), SCProfilingKeywordsGlobalInit(), SCProfilingPrefilterGlobalInit(), SCProfilingRulesGlobalInit(), SCProfilingSghsGlobalInit(), StatsInit(), STREAM_VERBOSE, and StreamTcpInitConfig().

Here is the call graph for this function:

◆ PreRunPostPrivsDropInit()

void PreRunPostPrivsDropInit ( const int  runmode)

Definition at line 2172 of file suricata.c.

References DatasetsInit(), PostRunDeinit(), RUNMODE_PCAP_FILE, RUNMODE_UNIX_SOCKET, RunModeInitializeOutputs(), StatsSetupPostConfigPostOutput(), and StatsSetupPostConfigPreOutput().

Here is the call graph for this function:

◆ RegisterAllModules()

void RegisterAllModules ( void  )

Definition at line 900 of file suricata.c.

References tmm_modules, TMM_SIZE, TmModuleBypassedFlowManagerRegister(), TmModuleDebugList(), TmModuleDecodeAFPRegister(), TmModuleDecodeDPDKRegister(), TmModuleDecodeErfDagRegister(), TmModuleDecodeErfFileRegister(), TmModuleDecodeIPFWRegister(), TmModuleDecodeNetmapRegister(), TmModuleDecodeNFLOGRegister(), TmModuleDecodeNFQRegister(), TmModuleDecodePcapFileRegister(), TmModuleDecodePcapRegister(), TmModuleDecodePfringRegister(), TmModuleDecodeWinDivertRegister(), TmModuleFlowManagerRegister(), TmModuleFlowRecyclerRegister(), TmModuleFlowWorkerRegister(), TmModuleLoggerRegister(), TmModuleNapatechDecodeRegister(), TmModuleNapatechStreamRegister(), TmModuleReceiveAFPRegister(), TmModuleReceiveDPDKRegister(), TmModuleReceiveErfDagRegister(), TmModuleReceiveErfFileRegister(), TmModuleReceiveIPFWRegister(), TmModuleReceiveNetmapRegister(), TmModuleReceiveNFLOGRegister(), TmModuleReceiveNFQRegister(), TmModuleReceivePcapFileRegister(), TmModuleReceivePcapRegister(), TmModuleReceivePfringRegister(), TmModuleReceiveWinDivertRegister(), TmModuleRespondRejectRegister(), TmModuleStatsLoggerRegister(), TmModuleUnixManagerRegister(), TmModuleVerdictIPFWRegister(), TmModuleVerdictNFQRegister(), and TmModuleVerdictWinDivertRegister().

Referenced by RunUnittests().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ RunmodeGetCurrent()

int RunmodeGetCurrent ( void  )

Definition at line 282 of file suricata.c.

References run_mode.

Referenced by ConfUnixSocketIsEnable(), RunModeGetMainMode(), and SigLoadSignatures().

Here is the caller graph for this function:

◆ RunmodeIsUnittests()

int RunmodeIsUnittests ( void  )

Definition at line 273 of file suricata.c.

References run_mode, and RUNMODE_UNITTEST.

Referenced by AppLayerParserConfParserEnabled(), AppLayerProtoDetectConfProtoDetectionEnabledDefault(), DetectEngineThreadCtxInit(), DetectTemplateBufferRegister(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterTemplateParsers(), RegisterTFTPParsers(), StreamTcpDecrMemuse(), StreamTcpInitConfig(), and StreamTcpReassembleDecrMemuse().

Here is the caller graph for this function:

◆ SC_ATOMIC_DECLARE()

SC_ATOMIC_DECLARE ( unsigned int  ,
engine_stage   
)

◆ SuricataMain()

int SuricataMain ( int  argc,
char **  argv 
)

Definition at line 2834 of file suricata.c.

Referenced by main().

Here is the caller graph for this function:

◆ SuriHasSigFile()

int SuriHasSigFile ( void  )

Definition at line 247 of file suricata.c.

References SCInstance_::sig_file, and suricata.

Variable Documentation

◆ coverage_unittests

int coverage_unittests

Definition at line 896 of file suricata.c.

Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_default_mtu

int g_default_mtu = 0

highest mtu of the interfaces we monitor

Definition at line 225 of file suricata.c.

◆ g_detect_disabled

int g_detect_disabled = 0

global indicating if detection is enabled

Definition at line 219 of file suricata.c.

◆ g_disable_hashing

bool g_disable_hashing = false

Definition at line 242 of file suricata.c.

Referenced by FileForceHashParseCfg(), and SSLEnableJA3().

◆ g_disable_randomness

int g_disable_randomness = 0

disable randomness to get reproducible results accross runs

Definition at line 231 of file suricata.c.

Referenced by RandomGet().

◆ g_system

bool g_system = false

Definition at line 227 of file suricata.c.

◆ g_ut_covered

int g_ut_covered

Definition at line 898 of file suricata.c.

Referenced by SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_ut_modules

int g_ut_modules

Definition at line 897 of file suricata.c.

Referenced by MpmRegisterTests(), SigTableRegisterTests(), and TmModuleRegisterTests().

◆ g_vlan_mask

uint16_t g_vlan_mask = 0xffff

determine (without branching) if we include the vlan_ids when hashing or comparing flows

Definition at line 238 of file suricata.c.

Referenced by FlowKeyGetHash().

◆ host_mode

uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY

Host mode: set if box is sniffing only or is a router

Definition at line 213 of file suricata.c.

◆ run_mode

int run_mode = RUNMODE_UNKNOWN

Run mode selected

Definition at line 205 of file suricata.c.

Referenced by DPDKCleanupEAL(), DPDKCloseDevice(), LLVMFuzzerTestOneInput(), RunmodeGetCurrent(), and RunmodeIsUnittests().

◆ sc_set_caps

int sc_set_caps = FALSE

set caps or not

Definition at line 222 of file suricata.c.

◆ sighup_count

volatile sig_atomic_t sighup_count = 0

Definition at line 187 of file suricata.c.

◆ sigint_count

volatile sig_atomic_t sigint_count = 0

Definition at line 186 of file suricata.c.

◆ sigterm_count

volatile sig_atomic_t sigterm_count = 0

Definition at line 188 of file suricata.c.

◆ sigusr2_count

volatile sig_atomic_t sigusr2_count = 0

Definition at line 189 of file suricata.c.

◆ suricata

SCInstance suricata

Suricata instance

Definition at line 245 of file suricata.c.

Referenced by SuriHasSigFile().

◆ suricata_ctl_flags

volatile uint8_t suricata_ctl_flags = 0

suricata engine control flags

Definition at line 202 of file suricata.c.

Referenced by EngineDone(), EngineStop(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), and ReceivePfringLoop().