suricata
suricata.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "config.h"
26 
27 #if HAVE_GETOPT_H
28 #include <getopt.h>
29 #endif
30 
31 #if HAVE_SIGNAL_H
32 #include <signal.h>
33 #endif
34 
35 #ifdef HAVE_NSS
36 #include <prinit.h>
37 #include <nss.h>
38 #endif
39 
40 #include "suricata.h"
41 #include "decode.h"
42 #include "feature.h"
43 #include "detect.h"
44 #include "packet-queue.h"
45 #include "threads.h"
46 #include "threadvars.h"
47 #include "flow-worker.h"
48 
49 #include "util-atomic.h"
50 #include "util-spm.h"
51 #include "util-cpu.h"
52 #include "util-action.h"
53 #include "util-pidfile.h"
54 #include "util-ioctl.h"
55 #include "util-device.h"
56 #include "util-misc.h"
57 #include "util-running-modes.h"
58 
59 #include "detect-engine.h"
60 #include "detect-parse.h"
61 #include "detect-fast-pattern.h"
62 #include "detect-engine-tag.h"
63 #include "detect-engine-threshold.h"
64 #include "detect-engine-address.h"
65 #include "detect-engine-port.h"
66 #include "detect-engine-mpm.h"
67 
68 #include "tm-queuehandlers.h"
69 #include "tm-queues.h"
70 #include "tm-threads.h"
71 
72 #include "tmqh-flow.h"
73 
74 #include "conf.h"
75 #include "conf-yaml-loader.h"
76 
77 #include "datasets.h"
78 
79 #include "stream-tcp.h"
80 
81 #include "source-nfq.h"
82 #include "source-nfq-prototypes.h"
83 
84 #include "source-nflog.h"
85 
86 #include "source-ipfw.h"
87 
88 #include "source-pcap.h"
89 #include "source-pcap-file.h"
90 
91 #include "source-pfring.h"
92 
93 #include "source-erf-file.h"
94 #include "source-erf-dag.h"
95 #include "source-napatech.h"
96 
97 #include "source-af-packet.h"
98 #include "source-netmap.h"
99 
100 #include "source-windivert.h"
101 #include "source-windivert-prototypes.h"
102 
103 #include "respond-reject.h"
104 
105 #include "flow.h"
106 #include "flow-timeout.h"
107 #include "flow-manager.h"
108 #include "flow-bypass.h"
109 #include "flow-var.h"
110 #include "flow-bit.h"
111 #include "pkt-var.h"
112 #include "host-bit.h"
113 
114 #include "ippair.h"
115 #include "ippair-bit.h"
116 
117 #include "host.h"
118 #include "unix-manager.h"
119 
120 #include "app-layer.h"
121 #include "app-layer-parser.h"
122 #include "app-layer-htp.h"
123 #include "app-layer-ssl.h"
124 #include "app-layer-ssh.h"
125 #include "app-layer-ftp.h"
126 #include "app-layer-smtp.h"
127 #include "app-layer-modbus.h"
128 #include "app-layer-enip.h"
129 #include "app-layer-dnp3.h"
130 #include "app-layer-smb.h"
131 #include "app-layer-dcerpc.h"
132 
133 #include "util-ebpf.h"
134 #include "util-radix-tree.h"
135 #include "util-host-os-info.h"
136 #include "util-cidr.h"
137 #include "util-unittest.h"
138 #include "util-unittest-helper.h"
139 #include "util-time.h"
140 #include "util-rule-vars.h"
141 #include "util-classification-config.h"
142 #include "util-threshold-config.h"
143 #include "util-reference-config.h"
144 #include "util-profiling.h"
145 #include "util-magic.h"
146 #include "util-signal.h"
147 
148 #include "util-coredump-config.h"
149 
150 #include "util-decode-mime.h"
151 
152 #include "defrag.h"
153 
154 #include "runmodes.h"
155 #include "runmode-unittests.h"
156 
157 #include "util-decode-asn1.h"
158 #include "util-debug.h"
159 #include "util-error.h"
160 #include "util-daemon.h"
161 #include "util-byte.h"
162 #include "reputation.h"
163 
164 #include "output.h"
165 
166 #include "util-privs.h"
167 
168 #include "tmqh-packetpool.h"
169 
170 #include "util-proto-name.h"
171 #include "util-mpm-hs.h"
172 #include "util-storage.h"
173 #include "host-storage.h"
174 
175 #include "util-lua.h"
176 
177 #include "rust.h"
178 
179 /*
180  * we put this here, because we only use it here in main.
181  */
182 volatile sig_atomic_t sigint_count = 0;
183 volatile sig_atomic_t sighup_count = 0;
184 volatile sig_atomic_t sigterm_count = 0;
185 volatile sig_atomic_t sigusr2_count = 0;
186 
187 /*
188  * Flag to indicate if the engine is at the initialization
189  * or already processing packets. 3 stages: SURICATA_INIT,
190  * SURICATA_RUNTIME and SURICATA_FINALIZE
191  */
192 SC_ATOMIC_DECLARE(unsigned int, engine_stage);
193 
194 /* Max packets processed simultaniously per thread. */
195 #define DEFAULT_MAX_PENDING_PACKETS 1024
196 
197 /** suricata engine control flags */
198 volatile uint8_t suricata_ctl_flags = 0;
199 
200 /** Run mode selected */
201 int run_mode = RUNMODE_UNKNOWN;
202 
203 /** Engine mode: inline (ENGINE_MODE_IPS) or just
204  * detection mode (ENGINE_MODE_IDS by default) */
205 static enum EngineMode g_engine_mode = ENGINE_MODE_IDS;
206 
207 /** Host mode: set if box is sniffing only
208  * or is a router */
209 uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY;
210 
211 /** Maximum packets to simultaneously process. */
212 intmax_t max_pending_packets;
213 
214 /** global indicating if detection is enabled */
215 int g_detect_disabled = 0;
216 
217 /** set caps or not */
218 int sc_set_caps = FALSE;
219 
220 /** highest mtu of the interfaces we monitor */
221 int g_default_mtu = 0;
222 
223 bool g_system = false;
224 
225 /** disable randomness to get reproducible results accross runs */
226 #ifndef AFLFUZZ_NO_RANDOM
227 int g_disable_randomness = 0;
228 #else
229 int g_disable_randomness = 1;
230 #endif
231 
232 /** determine (without branching) if we include the vlan_ids when hashing or
233  * comparing flows */
234 uint16_t g_vlan_mask = 0xffff;
235 
236 /** Suricata instance */
237 SCInstance suricata;
238 
239 int SuriHasSigFile(void)
240 {
241  return (suricata.sig_file != NULL);
242 }
243 
244 int EngineModeIsIPS(void)
245 {
246  return (g_engine_mode == ENGINE_MODE_IPS);
247 }
248 
249 int EngineModeIsIDS(void)
250 {
251  return (g_engine_mode == ENGINE_MODE_IDS);
252 }
253 
254 void EngineModeSetIPS(void)
255 {
256  g_engine_mode = ENGINE_MODE_IPS;
257 }
258 
259 void EngineModeSetIDS(void)
260 {
261  g_engine_mode = ENGINE_MODE_IDS;
262 }
263 
264 int RunmodeIsUnittests(void)
265 {
266  if (run_mode == RUNMODE_UNITTEST)
267  return 1;
268 
269  return 0;
270 }
271 
272 int RunmodeGetCurrent(void)
273 {
274  return run_mode;
275 }
276 
277 /** signal handlers
278  *
279  * WARNING: don't use the SCLog* API in the handlers. The API is complex
280  * with memory allocation possibly happening, calls to syslog, json message
281  * construction, etc.
282  */
283 
284 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
285 static void SignalHandlerSigint(/*@unused@*/ int sig)
286 {
287  sigint_count = 1;
288 }
289 static void SignalHandlerSigterm(/*@unused@*/ int sig)
290 {
291  sigterm_count = 1;
292 }
293 #endif
294 
295 #ifndef OS_WIN32
296 /**
297  * SIGUSR2 handler. Just set sigusr2_count. The main loop will act on
298  * it.
299  */
300 static void SignalHandlerSigusr2(int sig)
301 {
302  if (sigusr2_count < 2)
303  sigusr2_count++;
304 }
305 
306 /**
307  * SIGHUP handler. Just set sighup_count. The main loop will act on
308  * it.
309  */
310 static void SignalHandlerSigHup(/*@unused@*/ int sig)
311 {
312  sighup_count = 1;
313 }
314 #endif
315 
316 #ifdef DBG_MEM_ALLOC
317 #ifndef _GLOBAL_MEM_
318 #define _GLOBAL_MEM_
319 /* This counter doesn't complain realloc's(), it's gives
320  * an aproximation for the startup */
321 size_t global_mem = 0;
322 #ifdef DBG_MEM_ALLOC_SKIP_STARTUP
323 uint8_t print_mem_flag = 0;
324 #else
325 uint8_t print_mem_flag = 1;
326 #endif
327 #endif
328 #endif
329 
330 void GlobalsInitPreConfig(void)
331 {
332  TimeInit();
333  SupportFastPatternForSigMatchTypes();
334  SCThresholdConfGlobalInit();
335 }
336 
337 static void GlobalsDestroy(SCInstance *suri)
338 {
339  HostShutdown();
340  HTPFreeConfig();
341  HTPAtExitPrintStats();
342 
343 #ifdef DBG_MEM_ALLOC
344  SCLogInfo("Total memory used (without SCFree()): %"PRIdMAX, (intmax_t)global_mem);
345 #ifdef DBG_MEM_ALLOC_SKIP_STARTUP
346  print_mem_flag = 0;
347 #endif
348 #endif
349 
350  AppLayerHtpPrintStats();
351 
352  /* TODO this can do into it's own func */
353  DetectEngineCtx *de_ctx = DetectEngineGetCurrent();
354  if (de_ctx) {
355  DetectEngineMoveToFreeList(de_ctx);
356  DetectEngineDeReference(&de_ctx);
357  }
358  DetectEnginePruneFreeList();
359 
360  AppLayerDeSetup();
361  DatasetsSave();
362  DatasetsDestroy();
363  TagDestroyCtx();
364 
365  LiveDeviceListClean();
366  OutputDeregisterAll();
367  FeatureTrackingRelease();
368  TimeDeinit();
369  SCProtoNameDeInit();
370  if (!suri->disabled_detect) {
371  SCReferenceConfDeinit();
372  SCClassConfDeinit();
373  }
374 #ifdef HAVE_MAGIC
375  MagicDeinit();
376 #endif
377  TmqhCleanup();
378  TmModuleRunDeInit();
379  ParseSizeDeinit();
380 #ifdef HAVE_NSS
381  if (NSS_IsInitialized()) {
382  NSS_Shutdown();
383  PR_Cleanup();
384  }
385 #endif
386 
387 #ifdef HAVE_AF_PACKET
388  AFPPeersListClean();
389 #endif
390 
391 #ifdef NFQ
392  NFQContextsClean();
393 #endif
394 
395  SC_ATOMIC_DESTROY(engine_stage);
396 
397 #ifdef BUILD_HYPERSCAN
398  MpmHSGlobalCleanup();
399 #endif
400 
401  ConfDeInit();
402 #ifdef HAVE_LUAJIT
403  LuajitFreeStatesPool();
404 #endif
405  SCLogDeInitLogModule();
406  DetectParseFreeRegexes();
407  SCThresholdConfGlobalFree();
408 
409  SCPidfileRemove(suri->pid_filename);
410  SCFree(suri->pid_filename);
411  suri->pid_filename = NULL;
412 }
413 
414 /** \brief make sure threads can stop the engine by calling this
415  * function. Purpose: pcap file mode needs to be able to tell the
416  * engine the file eof is reached. */
417 void EngineStop(void)
418 {
419  suricata_ctl_flags |= SURICATA_STOP;
420 }
421 
422 /**
423  * \brief Used to indicate that the current task is done.
424  *
425  * This is mainly used by pcap-file to tell it has finished
426  * to treat a pcap files when running in unix-socket mode.
427  */
428 void EngineDone(void)
429 {
430  suricata_ctl_flags |= SURICATA_DONE;
431 }
432 
433 static int SetBpfString(int argc, char *argv[])
434 {
435  char *bpf_filter = NULL;
436  uint32_t bpf_len = 0;
437  int tmpindex = 0;
438 
439  /* attempt to parse remaining args as bpf filter */
440  tmpindex = argc;
441  while(argv[tmpindex] != NULL) {
442  bpf_len+=strlen(argv[tmpindex]) + 1;
443  tmpindex++;
444  }
445 
446  if (bpf_len == 0)
447  return TM_ECODE_OK;
448 
449  if (EngineModeIsIPS()) {
450  SCLogError(SC_ERR_NOT_SUPPORTED,
451  "BPF filter not available in IPS mode."
452  " Use firewall filtering if possible.");
453  return TM_ECODE_FAILED;
454  }
455 
456  bpf_filter = SCMalloc(bpf_len);
457  if (unlikely(bpf_filter == NULL))
458  return TM_ECODE_OK;
459  memset(bpf_filter, 0x00, bpf_len);
460 
461  tmpindex = optind;
462  while(argv[tmpindex] != NULL) {
463  strlcat(bpf_filter, argv[tmpindex],bpf_len);
464  if(argv[tmpindex + 1] != NULL) {
465  strlcat(bpf_filter," ", bpf_len);
466  }
467  tmpindex++;
468  }
469 
470  if(strlen(bpf_filter) > 0) {
471  if (ConfSetFinal("bpf-filter", bpf_filter) != 1) {
472  SCLogError(SC_ERR_FATAL, "Failed to set bpf filter.");
473  SCFree(bpf_filter);
474  return TM_ECODE_FAILED;
475  }
476  }
477  SCFree(bpf_filter);
478 
479  return TM_ECODE_OK;
480 }
481 
482 static void SetBpfStringFromFile(char *filename)
483 {
484  char *bpf_filter = NULL;
485  char *bpf_comment_tmp = NULL;
486  char *bpf_comment_start = NULL;
487  uint32_t bpf_len = 0;
488 #ifdef OS_WIN32
489  struct _stat st;
490 #else
491  struct stat st;
492 #endif /* OS_WIN32 */
493  FILE *fp = NULL;
494  size_t nm = 0;
495 
496  if (EngineModeIsIPS()) {
497  SCLogError(SC_ERR_NOT_SUPPORTED,
498  "BPF filter not available in IPS mode."
499  " Use firewall filtering if possible.");
500  exit(EXIT_FAILURE);
501  }
502 
503 #ifdef OS_WIN32
504  if(_stat(filename, &st) != 0) {
505 #else
506  if(stat(filename, &st) != 0) {
507 #endif /* OS_WIN32 */
508  SCLogError(SC_ERR_FOPEN, "Failed to stat file %s", filename);
509  exit(EXIT_FAILURE);
510  }
511  bpf_len = st.st_size + 1;
512 
513  // coverity[toctou : FALSE]
514  fp = fopen(filename,"r");
515  if (fp == NULL) {
516  SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
517  exit(EXIT_FAILURE);
518  }
519 
520  bpf_filter = SCMalloc(bpf_len * sizeof(char));
521  if (unlikely(bpf_filter == NULL)) {
522  SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate buffer for bpf filter in file %s", filename);
523  exit(EXIT_FAILURE);
524  }
525  memset(bpf_filter, 0x00, bpf_len);
526 
527  nm = fread(bpf_filter, 1, bpf_len - 1, fp);
528  if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
529  SCLogError(SC_ERR_BPF, "Failed to read complete BPF file %s", filename);
530  SCFree(bpf_filter);
531  fclose(fp);
532  exit(EXIT_FAILURE);
533  }
534  fclose(fp);
535  bpf_filter[nm] = '\0';
536 
537  if(strlen(bpf_filter) > 0) {
538  /*replace comments with space*/
539  bpf_comment_start = bpf_filter;
540  while((bpf_comment_tmp = strchr(bpf_comment_start, '#')) != NULL) {
541  while((*bpf_comment_tmp !='\0') &&
542  (*bpf_comment_tmp != '\r') && (*bpf_comment_tmp != '\n'))
543  {
544  *bpf_comment_tmp++ = ' ';
545  }
546  bpf_comment_start = bpf_comment_tmp;
547  }
548  /*remove remaining '\r' and '\n' */
549  while((bpf_comment_tmp = strchr(bpf_filter, '\r')) != NULL) {
550  *bpf_comment_tmp = ' ';
551  }
552  while((bpf_comment_tmp = strchr(bpf_filter, '\n')) != NULL) {
553  *bpf_comment_tmp = ' ';
554  }
555  /* cut trailing spaces */
556  while (strlen(bpf_filter) > 0 &&
557  bpf_filter[strlen(bpf_filter)-1] == ' ')
558  {
559  bpf_filter[strlen(bpf_filter)-1] = '\0';
560  }
561  if (strlen(bpf_filter) > 0) {
562  if(ConfSetFinal("bpf-filter", bpf_filter) != 1) {
563  SCLogError(SC_ERR_FOPEN, "ERROR: Failed to set bpf filter!");
564  SCFree(bpf_filter);
565  exit(EXIT_FAILURE);
566  }
567  }
568  }
569  SCFree(bpf_filter);
570 }
571 
572 static void PrintUsage(const char *progname)
573 {
574 #ifdef REVISION
575  printf("%s %s (%s)\n", PROG_NAME, PROG_VER, xstr(REVISION));
576 #else
577  printf("%s %s\n", PROG_NAME, PROG_VER);
578 #endif
579  printf("USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
580  printf("\t-c <path> : path to configuration file\n");
581  printf("\t-T : test configuration file (use with -c)\n");
582  printf("\t-i <dev or ip> : run in pcap live mode\n");
583  printf("\t-F <bpf filter file> : bpf filter file\n");
584  printf("\t-r <path> : run in pcap file/offline mode\n");
585 #ifdef NFQ
586  printf("\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
587 #endif /* NFQ */
588 #ifdef IPFW
589  printf("\t-d <divert port> : run in inline ipfw divert mode\n");
590 #endif /* IPFW */
591  printf("\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
592  printf("\t-S <path> : path to signature file loaded exclusively (optional)\n");
593  printf("\t-l <dir> : default log directory\n");
594 #ifndef OS_WIN32
595  printf("\t-D : run as daemon\n");
596 #else
597  printf("\t--service-install : install as service\n");
598  printf("\t--service-remove : remove service\n");
599  printf("\t--service-change-params : change service startup parameters\n");
600 #endif /* OS_WIN32 */
601  printf("\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
602  printf("\t-V : display Suricata version\n");
603  printf("\t-v : be more verbose (use multiple times to increase verbosity)\n");
604 #ifdef UNITTESTS
605  printf("\t-u : run the unittests and exit\n");
606  printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
607  printf("\t--list-unittests : list unit tests\n");
608  printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
609  printf("\t--unittests-coverage : display unittest coverage report\n");
610 #endif /* UNITTESTS */
611  printf("\t--list-app-layer-protos : list supported app layer protocols\n");
612  printf("\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
613  printf("\t--list-runmodes : list supported runmodes\n");
614  printf("\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
615  "\t supplied should be the id for the runmode obtained by running\n"
616  "\t --list-runmodes\n");
617  printf("\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
618  "\t Please have a look at the conf parameter engine-analysis on what reports\n"
619  "\t can be printed\n");
620  printf("\t--pidfile <file> : write pid to this file\n");
621  printf("\t--init-errors-fatal : enable fatal failure on signature init error\n");
622  printf("\t--disable-detection : disable detection engine\n");
623  printf("\t--dump-config : show the running configuration\n");
624  printf("\t--dump-features : display provided features\n");
625  printf("\t--build-info : display build information\n");
626  printf("\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
627  printf("\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
628  printf("\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
629 #ifdef HAVE_PCAP_SET_BUFF
630  printf("\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
631 #endif /* HAVE_SET_PCAP_BUFF */
632 #ifdef HAVE_AF_PACKET
633  printf("\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
634 #endif
635 #ifdef HAVE_NETMAP
636  printf("\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
637 #endif
638 #ifdef HAVE_PFRING
639  printf("\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
640  printf("\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
641  printf("\t--pfring-cluster-id <id> : pfring cluster id \n");
642  printf("\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
643 #endif /* HAVE_PFRING */
644  printf("\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
645 #ifdef HAVE_LIBCAP_NG
646  printf("\t--user <user> : run suricata as this user after init\n");
647  printf("\t--group <group> : run suricata as this group after init\n");
648 #endif /* HAVE_LIBCAP_NG */
649  printf("\t--erf-in <path> : process an ERF file\n");
650 #ifdef HAVE_DAG
651  printf("\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
652 #endif
653 #ifdef HAVE_NAPATECH
654  printf("\t--napatech : run Napatech Streams using the API\n");
655 #endif
656 #ifdef BUILD_UNIX_SOCKET
657  printf("\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
658 #endif
659 #ifdef WINDIVERT
660  printf("\t--windivert <filter> : run in inline WinDivert mode\n");
661  printf("\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
662 #endif
663  printf("\t--set name=value : set a configuration value\n");
664  printf("\n");
665  printf("\nTo run the engine with default configuration on "
666  "interface eth0 with signature file \"signatures.rules\", run the "
667  "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
668  progname);
669 }
670 
671 static void PrintBuildInfo(void)
672 {
673  const char *bits = "<unknown>-bits";
674  const char *endian = "<unknown>-endian";
675  char features[2048] = "";
676  const char *tls = "pthread key";
677 
678  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
679 
680 #ifdef DEBUG
681  strlcat(features, "DEBUG ", sizeof(features));
682 #endif
683 #ifdef DEBUG_VALIDATION
684  strlcat(features, "DEBUG_VALIDATION ", sizeof(features));
685 #endif
686 #ifdef UNITTESTS
687  strlcat(features, "UNITTESTS ", sizeof(features));
688 #endif
689 #ifdef NFQ
690  strlcat(features, "NFQ ", sizeof(features));
691 #endif
692 #ifdef IPFW
693  strlcat(features, "IPFW ", sizeof(features));
694 #endif
695 #ifdef HAVE_PCAP_SET_BUFF
696  strlcat(features, "PCAP_SET_BUFF ", sizeof(features));
697 #endif
698 #ifdef HAVE_PFRING
699  strlcat(features, "PF_RING ", sizeof(features));
700 #endif
701 #ifdef HAVE_AF_PACKET
702  strlcat(features, "AF_PACKET ", sizeof(features));
703 #endif
704 #ifdef HAVE_NETMAP
705  strlcat(features, "NETMAP ", sizeof(features));
706 #endif
707 #ifdef HAVE_PACKET_FANOUT
708  strlcat(features, "HAVE_PACKET_FANOUT ", sizeof(features));
709 #endif
710 #ifdef HAVE_DAG
711  strlcat(features, "DAG ", sizeof(features));
712 #endif
713 #ifdef HAVE_LIBCAP_NG
714  strlcat(features, "LIBCAP_NG ", sizeof(features));
715 #endif
716 #ifdef HAVE_LIBNET11
717  strlcat(features, "LIBNET1.1 ", sizeof(features));
718 #endif
719 #ifdef HAVE_HTP_URI_NORMALIZE_HOOK
720  strlcat(features, "HAVE_HTP_URI_NORMALIZE_HOOK ", sizeof(features));
721 #endif
722 #ifdef PCRE_HAVE_JIT
723  strlcat(features, "PCRE_JIT ", sizeof(features));
724 #endif
725 #ifdef HAVE_NSS
726  strlcat(features, "HAVE_NSS ", sizeof(features));
727 #endif
728 #ifdef HAVE_LUA
729  strlcat(features, "HAVE_LUA ", sizeof(features));
730 #endif
731 #ifdef HAVE_LUAJIT
732  strlcat(features, "HAVE_LUAJIT ", sizeof(features));
733 #endif
734  strlcat(features, "HAVE_LIBJANSSON ", sizeof(features));
735 #ifdef PROFILING
736  strlcat(features, "PROFILING ", sizeof(features));
737 #endif
738 #ifdef PROFILE_LOCKING
739  strlcat(features, "PROFILE_LOCKING ", sizeof(features));
740 #endif
741 #ifdef TLS
742  strlcat(features, "TLS ", sizeof(features));
743 #endif
744 #ifdef HAVE_MAGIC
745  strlcat(features, "MAGIC ", sizeof(features));
746 #endif
747  strlcat(features, "RUST ", sizeof(features));
748  if (strlen(features) == 0) {
749  strlcat(features, "none", sizeof(features));
750  }
751 
752  printf("Features: %s\n", features);
753 
754  /* SIMD stuff */
755  memset(features, 0x00, sizeof(features));
756 #if defined(__SSE4_2__)
757  strlcat(features, "SSE_4_2 ", sizeof(features));
758 #endif
759 #if defined(__SSE4_1__)
760  strlcat(features, "SSE_4_1 ", sizeof(features));
761 #endif
762 #if defined(__SSE3__)
763  strlcat(features, "SSE_3 ", sizeof(features));
764 #endif
765  if (strlen(features) == 0) {
766  strlcat(features, "none", sizeof(features));
767  }
768  printf("SIMD support: %s\n", features);
769 
770  /* atomics stuff */
771  memset(features, 0x00, sizeof(features));
772 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
773  strlcat(features, "1 ", sizeof(features));
774 #endif
775 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
776  strlcat(features, "2 ", sizeof(features));
777 #endif
778 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
779  strlcat(features, "4 ", sizeof(features));
780 #endif
781 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
782  strlcat(features, "8 ", sizeof(features));
783 #endif
784 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
785  strlcat(features, "16 ", sizeof(features));
786 #endif
787  if (strlen(features) == 0) {
788  strlcat(features, "none", sizeof(features));
789  } else {
790  strlcat(features, "byte(s)", sizeof(features));
791  }
792  printf("Atomic intrinsics: %s\n", features);
793 
794 #if __WORDSIZE == 64
795  bits = "64-bits";
796 #elif __WORDSIZE == 32
797  bits = "32-bits";
798 #endif
799 
800 #if __BYTE_ORDER == __BIG_ENDIAN
801  endian = "Big-endian";
802 #elif __BYTE_ORDER == __LITTLE_ENDIAN
803  endian = "Little-endian";
804 #endif
805 
806  printf("%s, %s architecture\n", bits, endian);
807 #ifdef __GNUC__
808  printf("GCC version %s, C version %"PRIiMAX"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
809 #else
810  printf("C version %"PRIiMAX"\n", (intmax_t)__STDC_VERSION__);
811 #endif
812 
813 #if __SSP__ == 1
814  printf("compiled with -fstack-protector\n");
815 #endif
816 #if __SSP_ALL__ == 2
817  printf("compiled with -fstack-protector-all\n");
818 #endif
819 /*
820  * Workaround for special defines of _FORTIFY_SOURCE like
821  * FORTIFY_SOURCE=((defined __OPTIMIZE && OPTIMIZE > 0) ? 2 : 0)
822  * which is used by Gentoo for example and would result in the error
823  * 'defined' undeclared when _FORTIFY_SOURCE used via %d in printf func
824  *
825  */
826 #if _FORTIFY_SOURCE == 2
827  printf("compiled with _FORTIFY_SOURCE=2\n");
828 #elif _FORTIFY_SOURCE == 1
829  printf("compiled with _FORTIFY_SOURCE=1\n");
830 #elif _FORTIFY_SOURCE == 0
831  printf("compiled with _FORTIFY_SOURCE=0\n");
832 #endif
833 #ifdef CLS
834  printf("L1 cache line size (CLS)=%d\n", CLS);
835 #endif
836 #ifdef TLS
837  tls = "__thread";
838 #endif
839  printf("thread local storage method: %s\n", tls);
840 
841  printf("compiled with %s, linked against %s\n",
842  HTP_VERSION_STRING_FULL, htp_get_version());
843  printf("\n");
844 #include "build-info.h"
845 }
846 
847 int coverage_unittests;
848 int g_ut_modules;
849 int g_ut_covered;
850 
851 void RegisterAllModules(void)
852 {
853  // zero all module storage
854  memset(tmm_modules, 0, TMM_SIZE * sizeof(TmModule));
855 
856  /* commanders */
857  TmModuleUnixManagerRegister();
858  /* managers */
859  TmModuleFlowManagerRegister();
860  TmModuleFlowRecyclerRegister();
861  TmModuleBypassedFlowManagerRegister();
862  /* nfq */
863  TmModuleReceiveNFQRegister();
864  TmModuleVerdictNFQRegister();
865  TmModuleDecodeNFQRegister();
866  /* ipfw */
867  TmModuleReceiveIPFWRegister();
868  TmModuleVerdictIPFWRegister();
869  TmModuleDecodeIPFWRegister();
870  /* pcap live */
871  TmModuleReceivePcapRegister();
872  TmModuleDecodePcapRegister();
873  /* pcap file */
874  TmModuleReceivePcapFileRegister();
875  TmModuleDecodePcapFileRegister();
876  /* af-packet */
877  TmModuleReceiveAFPRegister();
878  TmModuleDecodeAFPRegister();
879  /* netmap */
880  TmModuleReceiveNetmapRegister();
881  TmModuleDecodeNetmapRegister();
882  /* pfring */
883  TmModuleReceivePfringRegister();
884  TmModuleDecodePfringRegister();
885  /* dag file */
886  TmModuleReceiveErfFileRegister();
887  TmModuleDecodeErfFileRegister();
888  /* dag live */
889  TmModuleReceiveErfDagRegister();
890  TmModuleDecodeErfDagRegister();
891  /* napatech */
892  TmModuleNapatechStreamRegister();
893  TmModuleNapatechDecodeRegister();
894 
895  /* flow worker */
896  TmModuleFlowWorkerRegister();
897  /* respond-reject */
898  TmModuleRespondRejectRegister();
899 
900  /* log api */
901  TmModuleLoggerRegister();
902  TmModuleStatsLoggerRegister();
903 
904  TmModuleDebugList();
905  /* nflog */
906  TmModuleReceiveNFLOGRegister();
907  TmModuleDecodeNFLOGRegister();
908 
909  /* windivert */
910  TmModuleReceiveWinDivertRegister();
911  TmModuleVerdictWinDivertRegister();
912  TmModuleDecodeWinDivertRegister();
913 }
914 
915 static TmEcode LoadYamlConfig(SCInstance *suri)
916 {
917  SCEnter();
918 
919  if (suri->conf_filename == NULL)
920  suri->conf_filename = DEFAULT_CONF_FILE;
921 
922  if (ConfYamlLoadFile(suri->conf_filename) != 0) {
923  /* Error already displayed. */
924  SCReturnInt(TM_ECODE_FAILED);
925  }
926 
927  SCReturnInt(TM_ECODE_OK);
928 }
929 
930 static TmEcode ParseInterfacesList(const int runmode, char *pcap_dev)
931 {
932  SCEnter();
933 
934  /* run the selected runmode */
935  if (runmode == RUNMODE_PCAP_DEV) {
936  if (strlen(pcap_dev) == 0) {
937  int ret = LiveBuildDeviceList("pcap");
938  if (ret == 0) {
939  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for pcap");
940  SCReturnInt(TM_ECODE_FAILED);
941  }
942  }
943  } else if (runmode == RUNMODE_PFRING) {
944  /* FIXME add backward compat support */
945  /* iface has been set on command line */
946  if (strlen(pcap_dev)) {
947  if (ConfSetFinal("pfring.live-interface", pcap_dev) != 1) {
948  SCLogError(SC_ERR_INITIALIZATION, "Failed to set pfring.live-interface");
949  SCReturnInt(TM_ECODE_FAILED);
950  }
951  } else {
952  /* not an error condition if we have a 1.0 config */
953  LiveBuildDeviceList("pfring");
954  }
955 #ifdef HAVE_AF_PACKET
956  } else if (runmode == RUNMODE_AFP_DEV) {
957  /* iface has been set on command line */
958  if (strlen(pcap_dev)) {
959  if (ConfSetFinal("af-packet.live-interface", pcap_dev) != 1) {
960  SCLogError(SC_ERR_INITIALIZATION, "Failed to set af-packet.live-interface");
961  SCReturnInt(TM_ECODE_FAILED);
962  }
963  } else {
964  int ret = LiveBuildDeviceList("af-packet");
965  if (ret == 0) {
966  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for af-packet");
967  SCReturnInt(TM_ECODE_FAILED);
968  }
969  }
970 #endif
971 #ifdef HAVE_NETMAP
972  } else if (runmode == RUNMODE_NETMAP) {
973  /* iface has been set on command line */
974  if (strlen(pcap_dev)) {
975  if (ConfSetFinal("netmap.live-interface", pcap_dev) != 1) {
976  SCLogError(SC_ERR_INITIALIZATION, "Failed to set netmap.live-interface");
977  SCReturnInt(TM_ECODE_FAILED);
978  }
979  } else {
980  int ret = LiveBuildDeviceList("netmap");
981  if (ret == 0) {
982  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for netmap");
983  SCReturnInt(TM_ECODE_FAILED);
984  }
985  }
986 #endif
987 #ifdef HAVE_NFLOG
988  } else if (runmode == RUNMODE_NFLOG) {
989  int ret = LiveBuildDeviceListCustom("nflog", "group");
990  if (ret == 0) {
991  SCLogError(SC_ERR_INITIALIZATION, "No group found in config for nflog");
992  SCReturnInt(TM_ECODE_FAILED);
993  }
994 #endif
995  }
996 
997  SCReturnInt(TM_ECODE_OK);
998 }
999 
1000 static void SCInstanceInit(SCInstance *suri, const char *progname)
1001 {
1002  memset(suri, 0x00, sizeof(*suri));
1003 
1004  suri->progname = progname;
1005  suri->run_mode = RUNMODE_UNKNOWN;
1006 
1007  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1008  suri->sig_file = NULL;
1009  suri->sig_file_exclusive = FALSE;
1010  suri->pid_filename = NULL;
1011  suri->regex_arg = NULL;
1012 
1013  suri->keyword_info = NULL;
1014  suri->runmode_custom_mode = NULL;
1015 #ifndef OS_WIN32
1016  suri->user_name = NULL;
1017  suri->group_name = NULL;
1018  suri->do_setuid = FALSE;
1019  suri->do_setgid = FALSE;
1020  suri->userid = 0;
1021  suri->groupid = 0;
1022 #endif /* OS_WIN32 */
1023  suri->delayed_detect = 0;
1024  suri->daemon = 0;
1025  suri->offline = 0;
1026  suri->verbose = 0;
1027  /* use -1 as unknown */
1028  suri->checksum_validation = -1;
1029 #if HAVE_DETECT_DISABLED==1
1030  g_detect_disabled = suri->disabled_detect = 1;
1031 #else
1032  g_detect_disabled = suri->disabled_detect = 0;
1033 #endif
1034 }
1035 
1036 /** \brief get string with program version
1037  *
1038  * Get the program version as passed to us from AC_INIT
1039  *
1040  * Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed
1041  * to us.
1042  *
1043  * Possible outputs:
1044  * release: '5.0.1 RELEASE'
1045  * dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)'
1046  * dev w/o rev: '5.0.1-dev'
1047  */
1048 const char *GetProgramVersion(void)
1049 {
1050  if (strstr(PROG_VER, "-dev") == NULL) {
1051  return PROG_VER " RELEASE";
1052  } else {
1053 #ifdef REVISION
1054  return PROG_VER " (" xstr(REVISION) ")";
1055 #else
1056  return PROG_VER;
1057 #endif
1058  }
1059 }
1060 
1061 static TmEcode PrintVersion(void)
1062 {
1063  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
1064  return TM_ECODE_OK;
1065 }
1066 
1067 static TmEcode LogVersion(SCInstance *suri)
1068 {
1069  const char *mode = suri->system ? "SYSTEM" : "USER";
1070  SCLogNotice("This is %s version %s running in %s mode",
1071  PROG_NAME, GetProgramVersion(), mode);
1072  return TM_ECODE_OK;
1073 }
1074 
1075 static void SCSetStartTime(SCInstance *suri)
1076 {
1077  memset(&suri->start_time, 0, sizeof(suri->start_time));
1078  gettimeofday(&suri->start_time, NULL);
1079 }
1080 
1081 static void SCPrintElapsedTime(struct timeval *start_time)
1082 {
1083  if (start_time == NULL)
1084  return;
1085  struct timeval end_time;
1086  memset(&end_time, 0, sizeof(end_time));
1087  gettimeofday(&end_time, NULL);
1088  uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1089  (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1090  SCLogInfo("time elapsed %.3fs", (float)milliseconds/(float)1000);
1091 }
1092 
1093 static int ParseCommandLineAfpacket(SCInstance *suri, const char *in_arg)
1094 {
1095 #ifdef HAVE_AF_PACKET
1096  if (suri->run_mode == RUNMODE_UNKNOWN) {
1097  suri->run_mode = RUNMODE_AFP_DEV;
1098  if (in_arg) {
1099  LiveRegisterDeviceName(in_arg);
1100  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1101  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1102  }
1103  } else if (suri->run_mode == RUNMODE_AFP_DEV) {
1104  if (in_arg) {
1105  LiveRegisterDeviceName(in_arg);
1106  } else {
1107  SCLogInfo("Multiple af-packet option without interface on each is useless");
1108  }
1109  } else {
1110  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1111  "has been specified");
1112  PrintUsage(suri->progname);
1113  return TM_ECODE_FAILED;
1114  }
1115  return TM_ECODE_OK;
1116 #else
1117  SCLogError(SC_ERR_NO_AF_PACKET,"AF_PACKET not enabled. On Linux "
1118  "host, make sure to pass --enable-af-packet to "
1119  "configure when building.");
1120  return TM_ECODE_FAILED;
1121 #endif
1122 }
1123 
1124 static int ParseCommandLinePcapLive(SCInstance *suri, const char *in_arg)
1125 {
1126  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1127 
1128  if (in_arg != NULL) {
1129  /* some windows shells require escaping of the \ in \Device. Otherwise
1130  * the backslashes are stripped. We put them back here. */
1131  if (strlen(in_arg) > 9 && strncmp(in_arg, "DeviceNPF", 9) == 0) {
1132  snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", in_arg+9);
1133  } else {
1134  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1135  PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev));
1136  }
1137 
1138  if (strcmp(suri->pcap_dev, in_arg) != 0) {
1139  SCLogInfo("translated %s to pcap device %s", in_arg, suri->pcap_dev);
1140  } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) {
1141  SCLogError(SC_ERR_PCAP_TRANSLATE, "failed to find a pcap device for IP %s", in_arg);
1142  return TM_ECODE_FAILED;
1143  }
1144  }
1145 
1146  if (suri->run_mode == RUNMODE_UNKNOWN) {
1147  suri->run_mode = RUNMODE_PCAP_DEV;
1148  if (in_arg) {
1149  LiveRegisterDeviceName(suri->pcap_dev);
1150  }
1151  } else if (suri->run_mode == RUNMODE_PCAP_DEV) {
1152  LiveRegisterDeviceName(suri->pcap_dev);
1153  } else {
1154  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1155  "has been specified");
1156  PrintUsage(suri->progname);
1157  return TM_ECODE_FAILED;
1158  }
1159  return TM_ECODE_OK;
1160 }
1161 
1162 /**
1163  * Helper function to check if log directory is writable
1164  */
1165 static bool IsLogDirectoryWritable(const char* str)
1166 {
1167  if (access(str, W_OK) == 0)
1168  return true;
1169  return false;
1170 }
1171 
1172 static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
1173 {
1174  int opt;
1175 
1176  int dump_config = 0;
1177  int dump_features = 0;
1178  int list_app_layer_protocols = 0;
1179  int list_unittests = 0;
1180  int list_runmodes = 0;
1181  int list_keywords = 0;
1182  int build_info = 0;
1183  int conf_test = 0;
1184  int engine_analysis = 0;
1185  int ret = TM_ECODE_OK;
1186 
1187 #ifdef UNITTESTS
1188  coverage_unittests = 0;
1189  g_ut_modules = 0;
1190  g_ut_covered = 0;
1191 #endif
1192 
1193  struct option long_opts[] = {
1194  {"dump-config", 0, &dump_config, 1},
1195  {"dump-features", 0, &dump_features, 1},
1196  {"pfring", optional_argument, 0, 0},
1197  {"pfring-int", required_argument, 0, 0},
1198  {"pfring-cluster-id", required_argument, 0, 0},
1199  {"pfring-cluster-type", required_argument, 0, 0},
1200  {"af-packet", optional_argument, 0, 0},
1201  {"netmap", optional_argument, 0, 0},
1202  {"pcap", optional_argument, 0, 0},
1203  {"pcap-file-continuous", 0, 0, 0},
1204  {"pcap-file-delete", 0, 0, 0},
1205  {"simulate-ips", 0, 0 , 0},
1206  {"no-random", 0, &g_disable_randomness, 1},
1207  {"strict-rule-keywords", optional_argument, 0, 0},
1208 
1209 #ifdef BUILD_UNIX_SOCKET
1210  {"unix-socket", optional_argument, 0, 0},
1211 #endif
1212  {"pcap-buffer-size", required_argument, 0, 0},
1213  {"unittest-filter", required_argument, 0, 'U'},
1214  {"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1215  {"list-unittests", 0, &list_unittests, 1},
1216  {"list-runmodes", 0, &list_runmodes, 1},
1217  {"list-keywords", optional_argument, &list_keywords, 1},
1218  {"runmode", required_argument, NULL, 0},
1219  {"engine-analysis", 0, &engine_analysis, 1},
1220 #ifdef OS_WIN32
1221  {"service-install", 0, 0, 0},
1222  {"service-remove", 0, 0, 0},
1223  {"service-change-params", 0, 0, 0},
1224 #endif /* OS_WIN32 */
1225  {"pidfile", required_argument, 0, 0},
1226  {"init-errors-fatal", 0, 0, 0},
1227  {"disable-detection", 0, 0, 0},
1228  {"fatal-unittests", 0, 0, 0},
1229  {"unittests-coverage", 0, &coverage_unittests, 1},
1230  {"user", required_argument, 0, 0},
1231  {"group", required_argument, 0, 0},
1232  {"erf-in", required_argument, 0, 0},
1233  {"dag", required_argument, 0, 0},
1234  {"napatech", 0, 0, 0},
1235  {"build-info", 0, &build_info, 1},
1236  {"data-dir", required_argument, 0, 0},
1237 #ifdef WINDIVERT
1238  {"windivert", required_argument, 0, 0},
1239  {"windivert-forward", required_argument, 0, 0},
1240 #endif
1241  {"set", required_argument, 0, 0},
1242 #ifdef HAVE_NFLOG
1243  {"nflog", optional_argument, 0, 0},
1244 #endif
1245  {NULL, 0, NULL, 0}
1246  };
1247 
1248  /* getopt_long stores the option index here. */
1249  int option_index = 0;
1250 
1251  char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1252 
1253  while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1254  switch (opt) {
1255  case 0:
1256  if (strcmp((long_opts[option_index]).name , "pfring") == 0 ||
1257  strcmp((long_opts[option_index]).name , "pfring-int") == 0) {
1258 #ifdef HAVE_PFRING
1259  suri->run_mode = RUNMODE_PFRING;
1260  if (optarg != NULL) {
1261  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1262  strlcpy(suri->pcap_dev, optarg,
1263  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1264  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1265  LiveRegisterDeviceName(optarg);
1266  }
1267 #else
1268  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1269  "to pass --enable-pfring to configure when building.");
1270  return TM_ECODE_FAILED;
1271 #endif /* HAVE_PFRING */
1272  }
1273  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-id") == 0){
1274 #ifdef HAVE_PFRING
1275  if (ConfSetFinal("pfring.cluster-id", optarg) != 1) {
1276  fprintf(stderr, "ERROR: Failed to set pfring.cluster-id.\n");
1277  return TM_ECODE_FAILED;
1278  }
1279 #else
1280  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1281  "to pass --enable-pfring to configure when building.");
1282  return TM_ECODE_FAILED;
1283 #endif /* HAVE_PFRING */
1284  }
1285  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-type") == 0){
1286 #ifdef HAVE_PFRING
1287  if (ConfSetFinal("pfring.cluster-type", optarg) != 1) {
1288  fprintf(stderr, "ERROR: Failed to set pfring.cluster-type.\n");
1289  return TM_ECODE_FAILED;
1290  }
1291 #else
1292  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1293  "to pass --enable-pfring to configure when building.");
1294  return TM_ECODE_FAILED;
1295 #endif /* HAVE_PFRING */
1296  }
1297  else if (strcmp((long_opts[option_index]).name , "af-packet") == 0)
1298  {
1299  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1300  return TM_ECODE_FAILED;
1301  }
1302  } else if (strcmp((long_opts[option_index]).name , "netmap") == 0){
1303 #ifdef HAVE_NETMAP
1304  if (suri->run_mode == RUNMODE_UNKNOWN) {
1305  suri->run_mode = RUNMODE_NETMAP;
1306  if (optarg) {
1307  LiveRegisterDeviceName(optarg);
1308  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1309  strlcpy(suri->pcap_dev, optarg,
1310  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1311  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1312  }
1313  } else if (suri->run_mode == RUNMODE_NETMAP) {
1314  if (optarg) {
1315  LiveRegisterDeviceName(optarg);
1316  } else {
1317  SCLogInfo("Multiple netmap option without interface on each is useless");
1318  break;
1319  }
1320  } else {
1321  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1322  "has been specified");
1323  PrintUsage(argv[0]);
1324  return TM_ECODE_FAILED;
1325  }
1326 #else
1327  SCLogError(SC_ERR_NO_NETMAP, "NETMAP not enabled.");
1328  return TM_ECODE_FAILED;
1329 #endif
1330  } else if (strcmp((long_opts[option_index]).name, "nflog") == 0) {
1331 #ifdef HAVE_NFLOG
1332  if (suri->run_mode == RUNMODE_UNKNOWN) {
1333  suri->run_mode = RUNMODE_NFLOG;
1334  LiveBuildDeviceListCustom("nflog", "group");
1335  }
1336 #else
1337  SCLogError(SC_ERR_NFLOG_NOSUPPORT, "NFLOG not enabled.");
1338  return TM_ECODE_FAILED;
1339 #endif /* HAVE_NFLOG */
1340  } else if (strcmp((long_opts[option_index]).name , "pcap") == 0) {
1341  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1342  return TM_ECODE_FAILED;
1343  }
1344  } else if(strcmp((long_opts[option_index]).name, "simulate-ips") == 0) {
1345  SCLogInfo("Setting IPS mode");
1346  EngineModeSetIPS();
1347  } else if(strcmp((long_opts[option_index]).name, "init-errors-fatal") == 0) {
1348  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1349  fprintf(stderr, "ERROR: Failed to set engine init-failure-fatal.\n");
1350  return TM_ECODE_FAILED;
1351  }
1352 #ifdef BUILD_UNIX_SOCKET
1353  } else if (strcmp((long_opts[option_index]).name , "unix-socket") == 0) {
1354  if (suri->run_mode == RUNMODE_UNKNOWN) {
1355  suri->run_mode = RUNMODE_UNIX_SOCKET;
1356  if (optarg) {
1357  if (ConfSetFinal("unix-command.filename", optarg) != 1) {
1358  fprintf(stderr, "ERROR: Failed to set unix-command.filename.\n");
1359  return TM_ECODE_FAILED;
1360  }
1361 
1362  }
1363  } else {
1364  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1365  "has been specified");
1366  PrintUsage(argv[0]);
1367  return TM_ECODE_FAILED;
1368  }
1369 #endif
1370  }
1371  else if(strcmp((long_opts[option_index]).name, "list-app-layer-protocols") == 0) {
1372  /* listing all supported app layer protocols */
1373  }
1374  else if(strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
1375 #ifdef UNITTESTS
1376  suri->run_mode = RUNMODE_LIST_UNITTEST;
1377 #else
1378  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1379  return TM_ECODE_FAILED;
1380 #endif /* UNITTESTS */
1381  } else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
1382  suri->run_mode = RUNMODE_LIST_RUNMODES;
1383  return TM_ECODE_OK;
1384  } else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
1385  if (optarg) {
1386  if (strcmp("short",optarg)) {
1387  suri->keyword_info = optarg;
1388  }
1389  }
1390  } else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
1391  suri->runmode_custom_mode = optarg;
1392  } else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
1393  // do nothing for now
1394  }
1395 #ifdef OS_WIN32
1396  else if(strcmp((long_opts[option_index]).name, "service-install") == 0) {
1397  suri->run_mode = RUNMODE_INSTALL_SERVICE;
1398  return TM_ECODE_OK;
1399  }
1400  else if(strcmp((long_opts[option_index]).name, "service-remove") == 0) {
1401  suri->run_mode = RUNMODE_REMOVE_SERVICE;
1402  return TM_ECODE_OK;
1403  }
1404  else if(strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
1405  suri->run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1406  return TM_ECODE_OK;
1407  }
1408 #endif /* OS_WIN32 */
1409  else if(strcmp((long_opts[option_index]).name, "pidfile") == 0) {
1410  suri->pid_filename = SCStrdup(optarg);
1411  if (suri->pid_filename == NULL) {
1412  SCLogError(SC_ERR_MEM_ALLOC, "strdup failed: %s",
1413  strerror(errno));
1414  return TM_ECODE_FAILED;
1415  }
1416  }
1417  else if(strcmp((long_opts[option_index]).name, "disable-detection") == 0) {
1418  g_detect_disabled = suri->disabled_detect = 1;
1419  }
1420  else if(strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
1421 #ifdef UNITTESTS
1422  unittests_fatal = 1;
1423 #else
1424  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1425  return TM_ECODE_FAILED;
1426 #endif /* UNITTESTS */
1427  }
1428  else if(strcmp((long_opts[option_index]).name, "user") == 0) {
1429 #ifndef HAVE_LIBCAP_NG
1430  SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
1431  " drop privileges, but it was not compiled into Suricata.");
1432  return TM_ECODE_FAILED;
1433 #else
1434  suri->user_name = optarg;
1435  suri->do_setuid = TRUE;
1436 #endif /* HAVE_LIBCAP_NG */
1437  }
1438  else if(strcmp((long_opts[option_index]).name, "group") == 0) {
1439 #ifndef HAVE_LIBCAP_NG
1440  SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
1441  " drop privileges, but it was not compiled into Suricata.");
1442  return TM_ECODE_FAILED;
1443 #else
1444  suri->group_name = optarg;
1445  suri->do_setgid = TRUE;
1446 #endif /* HAVE_LIBCAP_NG */
1447  }
1448  else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) {
1449  suri->run_mode = RUNMODE_ERF_FILE;
1450  if (ConfSetFinal("erf-file.file", optarg) != 1) {
1451  fprintf(stderr, "ERROR: Failed to set erf-file.file\n");
1452  return TM_ECODE_FAILED;
1453  }
1454  }
1455  else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
1456 #ifdef HAVE_DAG
1457  if (suri->run_mode == RUNMODE_UNKNOWN) {
1458  suri->run_mode = RUNMODE_DAG;
1459  }
1460  else if (suri->run_mode != RUNMODE_DAG) {
1461  SCLogError(SC_ERR_MULTIPLE_RUN_MODE,
1462  "more than one run mode has been specified");
1463  PrintUsage(argv[0]);
1464  return TM_ECODE_FAILED;
1465  }
1466  LiveRegisterDeviceName(optarg);
1467 #else
1468  SCLogError(SC_ERR_DAG_REQUIRED, "libdag and a DAG card are required"
1469  " to receive packets using --dag.");
1470  return TM_ECODE_FAILED;
1471 #endif /* HAVE_DAG */
1472  }
1473  else if (strcmp((long_opts[option_index]).name, "napatech") == 0) {
1474 #ifdef HAVE_NAPATECH
1475  suri->run_mode = RUNMODE_NAPATECH;
1476 #else
1477  SCLogError(SC_ERR_NAPATECH_REQUIRED, "libntapi and a Napatech adapter are required"
1478  " to capture packets using --napatech.");
1479  return TM_ECODE_FAILED;
1480 #endif /* HAVE_NAPATECH */
1481  }
1482  else if(strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
1483 #ifdef HAVE_PCAP_SET_BUFF
1484  if (ConfSetFinal("pcap.buffer-size", optarg) != 1) {
1485  fprintf(stderr, "ERROR: Failed to set pcap-buffer-size.\n");
1486  return TM_ECODE_FAILED;
1487  }
1488 #else
1489  SCLogError(SC_ERR_NO_PCAP_SET_BUFFER_SIZE, "The version of libpcap you have"
1490  " doesn't support setting buffer size.");
1491 #endif /* HAVE_PCAP_SET_BUFF */
1492  }
1493  else if(strcmp((long_opts[option_index]).name, "build-info") == 0) {
1494  suri->run_mode = RUNMODE_PRINT_BUILDINFO;
1495  return TM_ECODE_OK;
1496  }
1497  else if(strcmp((long_opts[option_index]).name, "windivert-forward") == 0) {
1498 #ifdef WINDIVERT
1499  if (suri->run_mode == RUNMODE_UNKNOWN) {
1500  suri->run_mode = RUNMODE_WINDIVERT;
1501  if (WinDivertRegisterQueue(true, optarg) == -1) {
1502  exit(EXIT_FAILURE);
1503  }
1504  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1505  if (WinDivertRegisterQueue(true, optarg) == -1) {
1506  exit(EXIT_FAILURE);
1507  }
1508  } else {
1509  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1510  "has been specified");
1511  PrintUsage(argv[0]);
1512  exit(EXIT_FAILURE);
1513  }
1514  }
1515  else if(strcmp((long_opts[option_index]).name, "windivert") == 0) {
1516  if (suri->run_mode == RUNMODE_UNKNOWN) {
1517  suri->run_mode = RUNMODE_WINDIVERT;
1518  if (WinDivertRegisterQueue(false, optarg) == -1) {
1519  exit(EXIT_FAILURE);
1520  }
1521  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1522  if (WinDivertRegisterQueue(false, optarg) == -1) {
1523  exit(EXIT_FAILURE);
1524  }
1525  } else {
1526  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1527  "has been specified");
1528  PrintUsage(argv[0]);
1529  exit(EXIT_FAILURE);
1530  }
1531 #else
1532  SCLogError(SC_ERR_WINDIVERT_NOSUPPORT,"WinDivert not enabled. Make sure to pass --enable-windivert to configure when building.");
1533  return TM_ECODE_FAILED;
1534 #endif /* WINDIVERT */
1535  }
1536  else if (strcmp((long_opts[option_index]).name, "set") == 0) {
1537  if (optarg != NULL) {
1538  /* Quick validation. */
1539  char *val = strchr(optarg, '=');
1540  if (val == NULL) {
1541  SCLogError(SC_ERR_CMD_LINE,
1542  "Invalid argument for --set, must be key=val.");
1543  exit(EXIT_FAILURE);
1544  }
1545  if (!ConfSetFromString(optarg, 1)) {
1546  fprintf(stderr, "Failed to set configuration value %s.",
1547  optarg);
1548  exit(EXIT_FAILURE);
1549  }
1550  }
1551  }
1552  else if (strcmp((long_opts[option_index]).name, "pcap-file-continuous") == 0) {
1553  if (ConfSetFinal("pcap-file.continuous", "true") != 1) {
1554  SCLogError(SC_ERR_CMD_LINE, "Failed to set pcap-file.continuous");
1555  return TM_ECODE_FAILED;
1556  }
1557  }
1558  else if (strcmp((long_opts[option_index]).name, "pcap-file-delete") == 0) {
1559  if (ConfSetFinal("pcap-file.delete-when-done", "true") != 1) {
1560  SCLogError(SC_ERR_CMD_LINE, "Failed to set pcap-file.delete-when-done");
1561  return TM_ECODE_FAILED;
1562  }
1563  }
1564  else if (strcmp((long_opts[option_index]).name, "data-dir") == 0) {
1565  if (optarg == NULL) {
1566  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -d");
1567  return TM_ECODE_FAILED;
1568  }
1569 
1570  if (ConfigSetDataDirectory(optarg) != TM_ECODE_OK) {
1571  SCLogError(SC_ERR_FATAL, "Failed to set data directory.");
1572  return TM_ECODE_FAILED;
1573  }
1574  if (ConfigCheckDataDirectory(optarg) != TM_ECODE_OK) {
1575  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The data directory \"%s\""
1576  " supplied at the commandline (-d %s) doesn't "
1577  "exist. Shutting down the engine.", optarg, optarg);
1578  return TM_ECODE_FAILED;
1579  }
1580  suri->set_datadir = true;
1581  } else if (strcmp((long_opts[option_index]).name , "strict-rule-keywords") == 0){
1582  if (optarg == NULL) {
1583  suri->strict_rule_parsing_string = SCStrdup("all");
1584  } else {
1585  suri->strict_rule_parsing_string = SCStrdup(optarg);
1586  }
1587  if (suri->strict_rule_parsing_string == NULL) {
1588  FatalError(SC_ERR_MEM_ALLOC, "failed to duplicate 'strict' string");
1589  }
1590  }
1591  break;
1592  case 'c':
1593  suri->conf_filename = optarg;
1594  break;
1595  case 'T':
1596  SCLogInfo("Running suricata under test mode");
1597  conf_test = 1;
1598  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1599  fprintf(stderr, "ERROR: Failed to set engine init-failure-fatal.\n");
1600  return TM_ECODE_FAILED;
1601  }
1602  break;
1603 #ifndef OS_WIN32
1604  case 'D':
1605  suri->daemon = 1;
1606  break;
1607 #endif /* OS_WIN32 */
1608  case 'h':
1609  suri->run_mode = RUNMODE_PRINT_USAGE;
1610  return TM_ECODE_OK;
1611  case 'i':
1612  if (optarg == NULL) {
1613  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -i");
1614  return TM_ECODE_FAILED;
1615  }
1616 #ifdef HAVE_AF_PACKET
1617  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1618  return TM_ECODE_FAILED;
1619  }
1620 #else /* not afpacket */
1621  /* warn user if netmap or pf-ring are available */
1622 #if defined HAVE_PFRING || HAVE_NETMAP
1623  int i = 0;
1624 #ifdef HAVE_PFRING
1625  i++;
1626 #endif
1627 #ifdef HAVE_NETMAP
1628  i++;
1629 #endif
1630  SCLogWarning(SC_WARN_FASTER_CAPTURE_AVAILABLE, "faster capture "
1631  "option%s %s available:"
1632 #ifdef HAVE_PFRING
1633  " PF_RING (--pfring-int=%s)"
1634 #endif
1635 #ifdef HAVE_NETMAP
1636  " NETMAP (--netmap=%s)"
1637 #endif
1638  ". Use --pcap=%s to suppress this warning",
1639  i == 1 ? "" : "s", i == 1 ? "is" : "are"
1640 #ifdef HAVE_PFRING
1641  , optarg
1642 #endif
1643 #ifdef HAVE_NETMAP
1644  , optarg
1645 #endif
1646  , optarg
1647  );
1648 #endif /* have faster methods */
1649  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1650  return TM_ECODE_FAILED;
1651  }
1652 #endif
1653  break;
1654  case 'l':
1655  if (optarg == NULL) {
1656  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -l");
1657  return TM_ECODE_FAILED;
1658  }
1659 
1660  if (ConfigSetLogDirectory(optarg) != TM_ECODE_OK) {
1661  SCLogError(SC_ERR_FATAL, "Failed to set log directory.");
1662  return TM_ECODE_FAILED;
1663  }
1664  if (ConfigCheckLogDirectoryExists(optarg) != TM_ECODE_OK) {
1665  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
1666  " supplied at the commandline (-l %s) doesn't "
1667  "exist. Shutting down the engine.", optarg, optarg);
1668  return TM_ECODE_FAILED;
1669  }
1670  if (!IsLogDirectoryWritable(optarg)) {
1671  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
1672  " supplied at the commandline (-l %s) is not "
1673  "writable. Shutting down the engine.", optarg, optarg);
1674  return TM_ECODE_FAILED;
1675  }
1676  suri->set_logdir = true;
1677 
1678  break;
1679  case 'q':
1680 #ifdef NFQ
1681  if (suri->run_mode == RUNMODE_UNKNOWN) {
1682  suri->run_mode = RUNMODE_NFQ;
1683  EngineModeSetIPS();
1684  if (NFQParseAndRegisterQueues(optarg) == -1)
1685  return TM_ECODE_FAILED;
1686  } else if (suri->run_mode == RUNMODE_NFQ) {
1687  if (NFQParseAndRegisterQueues(optarg) == -1)
1688  return TM_ECODE_FAILED;
1689  } else {
1690  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1691  "has been specified");
1692  PrintUsage(argv[0]);
1693  return TM_ECODE_FAILED;
1694  }
1695 #else
1696  SCLogError(SC_ERR_NFQ_NOSUPPORT,"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when building.");
1697  return TM_ECODE_FAILED;
1698 #endif /* NFQ */
1699  break;
1700  case 'd':
1701 #ifdef IPFW
1702  if (suri->run_mode == RUNMODE_UNKNOWN) {
1703  suri->run_mode = RUNMODE_IPFW;
1704  EngineModeSetIPS();
1705  if (IPFWRegisterQueue(optarg) == -1)
1706  return TM_ECODE_FAILED;
1707  } else if (suri->run_mode == RUNMODE_IPFW) {
1708  if (IPFWRegisterQueue(optarg) == -1)
1709  return TM_ECODE_FAILED;
1710  } else {
1711  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1712  "has been specified");
1713  PrintUsage(argv[0]);
1714  return TM_ECODE_FAILED;
1715  }
1716 #else
1717  SCLogError(SC_ERR_IPFW_NOSUPPORT,"IPFW not enabled. Make sure to pass --enable-ipfw to configure when building.");
1718  return TM_ECODE_FAILED;
1719 #endif /* IPFW */
1720  break;
1721  case 'r':
1722  if (suri->run_mode == RUNMODE_UNKNOWN) {
1723  suri->run_mode = RUNMODE_PCAP_FILE;
1724  } else {
1725  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1726  "has been specified");
1727  PrintUsage(argv[0]);
1728  return TM_ECODE_FAILED;
1729  }
1730 #ifdef OS_WIN32
1731  struct _stat buf;
1732  if(_stat(optarg, &buf) != 0) {
1733 #else
1734  struct stat buf;
1735  if (stat(optarg, &buf) != 0) {
1736 #endif /* OS_WIN32 */
1737  SCLogError(SC_ERR_INITIALIZATION, "ERROR: Pcap file does not exist\n");
1738  return TM_ECODE_FAILED;
1739  }
1740  if (ConfSetFinal("pcap-file.file", optarg) != 1) {
1741  SCLogError(SC_ERR_INITIALIZATION, "ERROR: Failed to set pcap-file.file\n");
1742  return TM_ECODE_FAILED;
1743  }
1744 
1745  break;
1746  case 's':
1747  if (suri->sig_file != NULL) {
1748  SCLogError(SC_ERR_CMD_LINE, "can't have multiple -s options or mix -s and -S.");
1749  return TM_ECODE_FAILED;
1750  }
1751  suri->sig_file = optarg;
1752  break;
1753  case 'S':
1754  if (suri->sig_file != NULL) {
1755  SCLogError(SC_ERR_CMD_LINE, "can't have multiple -S options or mix -s and -S.");
1756  return TM_ECODE_FAILED;
1757  }
1758  suri->sig_file = optarg;
1759  suri->sig_file_exclusive = TRUE;
1760  break;
1761  case 'u':
1762 #ifdef UNITTESTS
1763  if (suri->run_mode == RUNMODE_UNKNOWN) {
1764  suri->run_mode = RUNMODE_UNITTEST;
1765  } else {
1766  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode has"
1767  " been specified");
1768  PrintUsage(argv[0]);
1769  return TM_ECODE_FAILED;
1770  }
1771 #else
1772  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1773  return TM_ECODE_FAILED;
1774 #endif /* UNITTESTS */
1775  break;
1776  case 'U':
1777 #ifdef UNITTESTS
1778  suri->regex_arg = optarg;
1779 
1780  if(strlen(suri->regex_arg) == 0)
1781  suri->regex_arg = NULL;
1782 #endif
1783  break;
1784  case 'V':
1785  suri->run_mode = RUNMODE_PRINT_VERSION;
1786  return TM_ECODE_OK;
1787  case 'F':
1788  if (optarg == NULL) {
1789  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -F");
1790  return TM_ECODE_FAILED;
1791  }
1792 
1793  SetBpfStringFromFile(optarg);
1794  break;
1795  case 'v':
1796  suri->verbose++;
1797  break;
1798  case 'k':
1799  if (optarg == NULL) {
1800  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -k");
1801  return TM_ECODE_FAILED;
1802  }
1803  if (!strcmp("all", optarg))
1804  suri->checksum_validation = 1;
1805  else if (!strcmp("none", optarg))
1806  suri->checksum_validation = 0;
1807  else {
1808  SCLogError(SC_ERR_INITIALIZATION, "option '%s' invalid for -k", optarg);
1809  return TM_ECODE_FAILED;
1810  }
1811  break;
1812  default:
1813  PrintUsage(argv[0]);
1814  return TM_ECODE_FAILED;
1815  }
1816  }
1817 
1818  if (suri->disabled_detect && suri->sig_file != NULL) {
1819  SCLogError(SC_ERR_INITIALIZATION, "can't use -s/-S when detection is disabled");
1820  return TM_ECODE_FAILED;
1821  }
1822 
1823  if ((suri->run_mode == RUNMODE_UNIX_SOCKET) && suri->set_logdir) {
1824  SCLogError(SC_ERR_INITIALIZATION,
1825  "can't use -l and unix socket runmode at the same time");
1826  return TM_ECODE_FAILED;
1827  }
1828 
1829  /* save the runmode from the commandline (if any) */
1830  suri->aux_run_mode = suri->run_mode;
1831 
1832  if (list_app_layer_protocols)
1833  suri->run_mode = RUNMODE_LIST_APP_LAYERS;
1834  if (list_keywords)
1835  suri->run_mode = RUNMODE_LIST_KEYWORDS;
1836  if (list_unittests)
1837  suri->run_mode = RUNMODE_LIST_UNITTEST;
1838  if (dump_config)
1839  suri->run_mode = RUNMODE_DUMP_CONFIG;
1840  if (dump_features)
1841  suri->run_mode = RUNMODE_DUMP_FEATURES;
1842  if (conf_test)
1843  suri->run_mode = RUNMODE_CONF_TEST;
1844  if (engine_analysis)
1845  suri->run_mode = RUNMODE_ENGINE_ANALYSIS;
1846 
1847  suri->offline = IsRunModeOffline(suri->run_mode);
1848  g_system = suri->system = IsRunModeSystem(suri->run_mode);
1849 
1850  ret = SetBpfString(optind, argv);
1851  if (ret != TM_ECODE_OK)
1852  return ret;
1853 
1854  return TM_ECODE_OK;
1855 }
1856 
1857 #ifdef OS_WIN32
1858 static int WindowsInitService(int argc, char **argv)
1859 {
1860  if (SCRunningAsService()) {
1861  char path[MAX_PATH];
1862  char *p = NULL;
1863  strlcpy(path, argv[0], MAX_PATH);
1864  if ((p = strrchr(path, '\\'))) {
1865  *p = '\0';
1866  }
1867  if (!SetCurrentDirectory(path)) {
1868  SCLogError(SC_ERR_FATAL, "Can't set current directory to: %s", path);
1869  return -1;
1870  }
1871  SCLogInfo("Current directory is set to: %s", path);
1872  SCServiceInit(argc, argv);
1873  }
1874 
1875  /* Windows socket subsystem initialization */
1876  WSADATA wsaData;
1877  if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
1878  SCLogError(SC_ERR_FATAL, "Can't initialize Windows sockets: %d", WSAGetLastError());
1879  return -1;
1880  }
1881 
1882  return 0;
1883 }
1884 #endif /* OS_WIN32 */
1885 
1886 static int MayDaemonize(SCInstance *suri)
1887 {
1888  if (suri->daemon == 1 && suri->pid_filename == NULL) {
1889  const char *pid_filename;
1890 
1891  if (ConfGet("pid-file", &pid_filename) == 1) {
1892  SCLogInfo("Use pid file %s from config file.", pid_filename);
1893  } else {
1894  pid_filename = DEFAULT_PID_FILENAME;
1895  }
1896  /* The pid file name may be in config memory, but is needed later. */
1897  suri->pid_filename = SCStrdup(pid_filename);
1898  if (suri->pid_filename == NULL) {
1899  SCLogError(SC_ERR_MEM_ALLOC, "strdup failed: %s", strerror(errno));
1900  return TM_ECODE_FAILED;
1901  }
1902  }
1903 
1904  if (suri->pid_filename != NULL && SCPidfileTestRunning(suri->pid_filename) != 0) {
1905  SCFree(suri->pid_filename);
1906  suri->pid_filename = NULL;
1907  return TM_ECODE_FAILED;
1908  }
1909 
1910  if (suri->daemon == 1) {
1911  Daemonize();
1912  }
1913 
1914  if (suri->pid_filename != NULL) {
1915  if (SCPidfileCreate(suri->pid_filename) != 0) {
1916  SCFree(suri->pid_filename);
1917  suri->pid_filename = NULL;
1918  SCLogError(SC_ERR_PIDFILE_DAEMON,
1919  "Unable to create PID file, concurrent run of"
1920  " Suricata can occur.");
1921  SCLogError(SC_ERR_PIDFILE_DAEMON,
1922  "PID file creation WILL be mandatory for daemon mode"
1923  " in future version");
1924  }
1925  }
1926 
1927  return TM_ECODE_OK;
1928 }
1929 
1930 static int InitSignalHandler(SCInstance *suri)
1931 {
1932  /* registering signals we use */
1933 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
1934  UtilSignalHandlerSetup(SIGINT, SignalHandlerSigint);
1935  UtilSignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
1936 #endif
1937 #ifndef OS_WIN32
1938  UtilSignalHandlerSetup(SIGHUP, SignalHandlerSigHup);
1939  UtilSignalHandlerSetup(SIGPIPE, SIG_IGN);
1940  UtilSignalHandlerSetup(SIGSYS, SIG_IGN);
1941 
1942  /* Try to get user/group to run suricata as if
1943  command line as not decide of that */
1944  if (suri->do_setuid == FALSE && suri->do_setgid == FALSE) {
1945  const char *id;
1946  if (ConfGet("run-as.user", &id) == 1) {
1947  suri->do_setuid = TRUE;
1948  suri->user_name = id;
1949  }
1950  if (ConfGet("run-as.group", &id) == 1) {
1951  suri->do_setgid = TRUE;
1952  suri->group_name = id;
1953  }
1954  }
1955  /* Get the suricata user ID to given user ID */
1956  if (suri->do_setuid == TRUE) {
1957  if (SCGetUserID(suri->user_name, suri->group_name,
1958  &suri->userid, &suri->groupid) != 0) {
1959  SCLogError(SC_ERR_UID_FAILED, "failed in getting user ID");
1960  return TM_ECODE_FAILED;
1961  }
1962 
1963  sc_set_caps = TRUE;
1964  /* Get the suricata group ID to given group ID */
1965  } else if (suri->do_setgid == TRUE) {
1966  if (SCGetGroupID(suri->group_name, &suri->groupid) != 0) {
1967  SCLogError(SC_ERR_GID_FAILED, "failed in getting group ID");
1968  return TM_ECODE_FAILED;
1969  }
1970 
1971  sc_set_caps = TRUE;
1972  }
1973 #endif /* OS_WIN32 */
1974 
1975  return TM_ECODE_OK;
1976 }
1977 
1978 /* initialization code for both the main modes and for
1979  * unix socket mode.
1980  *
1981  * Will be run once per pcap in unix-socket mode */
1982 void PreRunInit(const int runmode)
1983 {
1984  if (runmode == RUNMODE_UNIX_SOCKET)
1985  return;
1986 
1987  StatsInit();
1988 #ifdef PROFILING
1989  SCProfilingRulesGlobalInit();
1990  SCProfilingKeywordsGlobalInit();
1991  SCProfilingPrefilterGlobalInit();
1992  SCProfilingSghsGlobalInit();
1993  SCProfilingInit();
1994 #endif /* PROFILING */
1995  DatasetsInit();
1996  DefragInit();
1997  FlowInitConfig(FLOW_QUIET);
1998  IPPairInitConfig(FLOW_QUIET);
1999  StreamTcpInitConfig(STREAM_VERBOSE);
2000  AppLayerParserPostStreamSetup();
2001  AppLayerRegisterGlobalCounters();
2002 }
2003 
2004 /* tasks we need to run before packets start flowing,
2005  * but after we dropped privs */
2006 void PreRunPostPrivsDropInit(const int runmode)
2007 {
2008  if (runmode == RUNMODE_UNIX_SOCKET)
2009  return;
2010 
2011  StatsSetupPostConfigPreOutput();
2012  RunModeInitializeOutputs();
2013  StatsSetupPostConfigPostOutput();
2014 }
2015 
2016 /* clean up / shutdown code for both the main modes and for
2017  * unix socket mode.
2018  *
2019  * Will be run once per pcap in unix-socket mode */
2020 void PostRunDeinit(const int runmode, struct timeval *start_time)
2021 {
2022  if (runmode == RUNMODE_UNIX_SOCKET)
2023  return;
2024 
2025  /* needed by FlowForceReassembly */
2026  PacketPoolInit();
2027 
2028  /* handle graceful shutdown of the flow engine, it's helper
2029  * threads and the packet threads */
2030  FlowDisableFlowManagerThread();
2031  TmThreadDisableReceiveThreads();
2032  FlowForceReassembly();
2033  TmThreadDisablePacketThreads();
2034  SCPrintElapsedTime(start_time);
2035  FlowDisableFlowRecyclerThread();
2036 
2037  /* kill the stats threads */
2038  TmThreadKillThreadsFamily(TVT_MGMT);
2039  TmThreadClearThreadsFamily(TVT_MGMT);
2040 
2041  /* kill packet threads -- already in 'disabled' state */
2042  TmThreadKillThreadsFamily(TVT_PPT);
2043  TmThreadClearThreadsFamily(TVT_PPT);
2044 
2045  PacketPoolDestroy();
2046 
2047  /* mgt and ppt threads killed, we can run non thread-safe
2048  * shutdown functions */
2049  StatsReleaseResources();
2050  DecodeUnregisterCounters();
2051  RunModeShutDown();
2052  FlowShutdown();
2053  IPPairShutdown();
2054  HostCleanup();
2055  StreamTcpFreeConfig(STREAM_VERBOSE);
2056  DefragDestroy();
2057 
2058  TmqResetQueues();
2059 #ifdef PROFILING
2060  if (profiling_rules_enabled)
2061  SCProfilingDump();
2062  SCProfilingDestroy();
2063 #endif
2064 }
2065 
2066 
2067 static int StartInternalRunMode(SCInstance *suri, int argc, char **argv)
2068 {
2069  /* Treat internal running mode */
2070  switch(suri->run_mode) {
2071  case RUNMODE_LIST_KEYWORDS:
2072  ListKeywords(suri->keyword_info);
2073  return TM_ECODE_DONE;
2074  case RUNMODE_LIST_APP_LAYERS:
2075  ListAppLayerProtocols();
2076  return TM_ECODE_DONE;
2077  case RUNMODE_PRINT_VERSION:
2078  PrintVersion();
2079  return TM_ECODE_DONE;
2080  case RUNMODE_PRINT_BUILDINFO:
2081  PrintBuildInfo();
2082  return TM_ECODE_DONE;
2083  case RUNMODE_PRINT_USAGE:
2084  PrintUsage(argv[0]);
2085  return TM_ECODE_DONE;
2086  case RUNMODE_LIST_RUNMODES:
2087  RunModeListRunmodes();
2088  return TM_ECODE_DONE;
2089  case RUNMODE_LIST_UNITTEST:
2090  RunUnittests(1, suri->regex_arg);
2091  case RUNMODE_UNITTEST:
2092  RunUnittests(0, suri->regex_arg);
2093 #ifdef OS_WIN32
2094  case RUNMODE_INSTALL_SERVICE:
2095  if (SCServiceInstall(argc, argv)) {
2096  return TM_ECODE_FAILED;
2097  }
2098  SCLogInfo("Suricata service has been successfuly installed.");
2099  return TM_ECODE_DONE;
2100  case RUNMODE_REMOVE_SERVICE:
2101  if (SCServiceRemove(argc, argv)) {
2102  return TM_ECODE_FAILED;
2103  }
2104  SCLogInfo("Suricata service has been successfuly removed.");
2105  return TM_ECODE_DONE;
2106  case RUNMODE_CHANGE_SERVICE_PARAMS:
2107  if (SCServiceChangeParams(argc, argv)) {
2108  return TM_ECODE_FAILED;
2109  }
2110  SCLogInfo("Suricata service startup parameters has been successfuly changed.");
2111  return TM_ECODE_DONE;
2112 #endif /* OS_WIN32 */
2113  default:
2114  /* simply continue for other running mode */
2115  break;
2116  }
2117  return TM_ECODE_OK;
2118 }
2119 
2120 static int FinalizeRunMode(SCInstance *suri, char **argv)
2121 {
2122  switch (suri->run_mode) {
2123  case RUNMODE_UNKNOWN:
2124  PrintUsage(argv[0]);
2125  return TM_ECODE_FAILED;
2126  default:
2127  break;
2128  }
2129  /* Set the global run mode and offline flag. */
2130  run_mode = suri->run_mode;
2131 
2132  if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) {
2133  return TM_ECODE_FAILED;
2134  }
2135 
2136  return TM_ECODE_OK;
2137 }
2138 
2139 static void SetupDelayedDetect(SCInstance *suri)
2140 {
2141  /* In offline mode delayed init of detect is a bad idea */
2142  if (suri->offline) {
2143  suri->delayed_detect = 0;
2144  } else {
2145  if (ConfGetBool("detect.delayed-detect", &suri->delayed_detect) != 1) {
2146  ConfNode *denode = NULL;
2147  ConfNode *decnf = ConfGetNode("detect-engine");
2148  if (decnf != NULL) {
2149  TAILQ_FOREACH(denode, &decnf->head, next) {
2150  if (strcmp(denode->val, "delayed-detect") == 0) {
2151  (void)ConfGetChildValueBool(denode, "delayed-detect", &suri->delayed_detect);
2152  }
2153  }
2154  }
2155  }
2156  }
2157 
2158  SCLogConfig("Delayed detect %s", suri->delayed_detect ? "enabled" : "disabled");
2159  if (suri->delayed_detect) {
2160  SCLogInfo("Packets will start being processed before signatures are active.");
2161  }
2162 
2163 }
2164 
2165 static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri)
2166 {
2167  if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) {
2168  SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.");
2169  if (de_ctx->failure_fatal)
2170  return TM_ECODE_FAILED;
2171  }
2172 
2173  return TM_ECODE_OK;
2174 }
2175 
2176 static int ConfigGetCaptureValue(SCInstance *suri)
2177 {
2178  /* Pull the max pending packets from the config, if not found fall
2179  * back on a sane default. */
2180  if (ConfGetInt("max-pending-packets", &max_pending_packets) != 1)
2181  max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
2182  if (max_pending_packets >= 65535) {
2183  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2184  "Maximum max-pending-packets setting is 65534. "
2185  "Please check %s for errors", suri->conf_filename);
2186  return TM_ECODE_FAILED;
2187  }
2188 
2189  SCLogDebug("Max pending packets set to %"PRIiMAX, max_pending_packets);
2190 
2191  /* Pull the default packet size from the config, if not found fall
2192  * back on a sane default. */
2193  const char *temp_default_packet_size;
2194  if ((ConfGet("default-packet-size", &temp_default_packet_size)) != 1) {
2195  int mtu = 0;
2196  int lthread;
2197  int nlive;
2198  int strip_trailing_plus = 0;
2199  switch (suri->run_mode) {
2200 #ifdef WINDIVERT
2201  case RUNMODE_WINDIVERT:
2202  /* by default, WinDivert collects from all devices */
2203  mtu = GetGlobalMTUWin32();
2204 
2205  if (mtu > 0) {
2206  g_default_mtu = mtu;
2207  /* SLL_HEADER_LEN is the longest header + 8 for VLAN */
2208  default_packet_size = mtu + SLL_HEADER_LEN + 8;
2209  break;
2210  }
2211 
2212  g_default_mtu = DEFAULT_MTU;
2213  default_packet_size = DEFAULT_PACKET_SIZE;
2214  break;
2215 #endif /* WINDIVERT */
2216  case RUNMODE_NETMAP:
2217  /* in netmap igb0+ has a special meaning, however the
2218  * interface really is igb0 */
2219  strip_trailing_plus = 1;
2220  /* fall through */
2221  case RUNMODE_PCAP_DEV:
2222  case RUNMODE_AFP_DEV:
2223  case RUNMODE_PFRING:
2224  nlive = LiveGetDeviceNameCount();
2225  for (lthread = 0; lthread < nlive; lthread++) {
2226  const char *live_dev = LiveGetDeviceNameName(lthread);
2227  char dev[128]; /* need to be able to support GUID names on Windows */
2228  (void)strlcpy(dev, live_dev, sizeof(dev));
2229 
2230  if (strip_trailing_plus) {
2231  size_t len = strlen(dev);
2232  if (len &&
2233  (dev[len-1] == '+' ||
2234  dev[len-1] == '^' ||
2235  dev[len-1] == '*'))
2236  {
2237  dev[len-1] = '\0';
2238  }
2239  }
2240  mtu = GetIfaceMTU(dev);
2241  g_default_mtu = MAX(mtu, g_default_mtu);
2242 
2243  unsigned int iface_max_packet_size = GetIfaceMaxPacketSize(dev);
2244  if (iface_max_packet_size > default_packet_size)
2245  default_packet_size = iface_max_packet_size;
2246  }
2247  if (default_packet_size)
2248  break;
2249  /* fall through */
2250  default:
2251  g_default_mtu = DEFAULT_MTU;
2252  default_packet_size = DEFAULT_PACKET_SIZE;
2253  }
2254  } else {
2255  if (ParseSizeStringU32(temp_default_packet_size, &default_packet_size) < 0) {
2256  SCLogError(SC_ERR_SIZE_PARSE, "Error parsing max-pending-packets "
2257  "from conf file - %s. Killing engine",
2258  temp_default_packet_size);
2259  return TM_ECODE_FAILED;
2260  }
2261  }
2262 
2263  SCLogDebug("Default packet size set to %"PRIu32, default_packet_size);
2264 
2265  return TM_ECODE_OK;
2266 }
2267 
2268 static void PostRunStartedDetectSetup(const SCInstance *suri)
2269 {
2270 #ifndef OS_WIN32
2271  /* registering signal handlers we use. We setup usr2 here, so that one
2272  * can't call it during the first sig load phase or while threads are still
2273  * starting up. */
2274  if (DetectEngineEnabled() && suri->delayed_detect == 0) {
2275  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2276  UtilSignalUnblock(SIGUSR2);
2277  }
2278 #endif
2279  if (suri->delayed_detect) {
2280  /* force 'reload', this will load the rules and swap engines */
2281  DetectEngineReload(suri);
2282  SCLogNotice("Signature(s) loaded, Detect thread(s) activated.");
2283 #ifndef OS_WIN32
2284  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2285  UtilSignalUnblock(SIGUSR2);
2286 #endif
2287  }
2288 }
2289 
2290 static void PostConfLoadedDetectSetup(SCInstance *suri)
2291 {
2292  DetectEngineCtx *de_ctx = NULL;
2293  if (!suri->disabled_detect) {
2294  SCClassConfInit();
2295  SCReferenceConfInit();
2296  SetupDelayedDetect(suri);
2297  int mt_enabled = 0;
2298  (void)ConfGetBool("multi-detect.enabled", &mt_enabled);
2299  int default_tenant = 0;
2300  if (mt_enabled)
2301  (void)ConfGetBool("multi-detect.default", &default_tenant);
2302  if (DetectEngineMultiTenantSetup() == -1) {
2303  SCLogError(SC_ERR_INITIALIZATION, "initializing multi-detect "
2304  "detection engine contexts failed.");
2305  exit(EXIT_FAILURE);
2306  }
2307  if (suri->delayed_detect && suri->run_mode != RUNMODE_CONF_TEST) {
2308  de_ctx = DetectEngineCtxInitStubForDD();
2309  } else if (mt_enabled && !default_tenant && suri->run_mode != RUNMODE_CONF_TEST) {
2310  de_ctx = DetectEngineCtxInitStubForMT();
2311  } else {
2312  de_ctx = DetectEngineCtxInit();
2313  }
2314  if (de_ctx == NULL) {
2315  SCLogError(SC_ERR_INITIALIZATION, "initializing detection engine "
2316  "context failed.");
2317  exit(EXIT_FAILURE);
2318  }
2319 
2320  if (de_ctx->type == DETECT_ENGINE_TYPE_NORMAL) {
2321  if (LoadSignatures(de_ctx, suri) != TM_ECODE_OK)
2322  exit(EXIT_FAILURE);
2323  }
2324 
2325  gettimeofday(&de_ctx->last_reload, NULL);
2326  DetectEngineAddToMaster(de_ctx);
2327  DetectEngineBumpVersion();
2328  }
2329 }
2330 
2331 static int PostDeviceFinalizedSetup(SCInstance *suri)
2332 {
2333  SCEnter();
2334 
2335 #ifdef HAVE_AF_PACKET
2336  if (suri->run_mode == RUNMODE_AFP_DEV) {
2337  if (AFPRunModeIsIPS()) {
2338  SCLogInfo("AF_PACKET: Setting IPS mode");
2339  EngineModeSetIPS();
2340  }
2341  }
2342 #endif
2343 #ifdef HAVE_NETMAP
2344  if (suri->run_mode == RUNMODE_NETMAP) {
2345  if (NetmapRunModeIsIPS()) {
2346  SCLogInfo("Netmap: Setting IPS mode");
2347  EngineModeSetIPS();
2348  }
2349  }
2350 #endif
2351 
2352  SCReturnInt(TM_ECODE_OK);
2353 }
2354 
2355 static void PostConfLoadedSetupHostMode(void)
2356 {
2357  const char *hostmode = NULL;
2358 
2359  if (ConfGetValue("host-mode", &hostmode) == 1) {
2360  if (!strcmp(hostmode, "router")) {
2361  host_mode = SURI_HOST_IS_ROUTER;
2362  } else if (!strcmp(hostmode, "sniffer-only")) {
2363  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2364  } else {
2365  if (strcmp(hostmode, "auto") != 0) {
2366  WarnInvalidConfEntry("host-mode", "%s", "auto");
2367  }
2368  if (EngineModeIsIPS()) {
2369  host_mode = SURI_HOST_IS_ROUTER;
2370  } else {
2371  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2372  }
2373  }
2374  } else {
2375  if (EngineModeIsIPS()) {
2376  host_mode = SURI_HOST_IS_ROUTER;
2377  SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
2378  "default setting 'router'");
2379  } else {
2380  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2381  SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
2382  "default setting 'sniffer-only'");
2383  }
2384  }
2385 
2386 }
2387 
2388 static void SetupUserMode(SCInstance *suri)
2389 {
2390  /* apply 'user mode' config updates here */
2391  if (suri->system == false) {
2392  if (suri->set_logdir == false) {
2393  /* override log dir to current work dir" */
2394  if (ConfigSetLogDirectory((char *)".") != TM_ECODE_OK) {
2395  FatalError(SC_ERR_LOGDIR_CONFIG, "could not set USER mode logdir");
2396  }
2397  }
2398  if (suri->set_datadir == false) {
2399  /* override data dir to current work dir" */
2400  if (ConfigSetDataDirectory((char *)".") != TM_ECODE_OK) {
2401  FatalError(SC_ERR_LOGDIR_CONFIG, "could not set USER mode datadir");
2402  }
2403  }
2404  }
2405 }
2406 
2407 /**
2408  * This function is meant to contain code that needs
2409  * to be run once the configuration has been loaded.
2410  */
2411 int PostConfLoadedSetup(SCInstance *suri)
2412 {
2413  /* do this as early as possible #1577 #1955 */
2414 #ifdef HAVE_LUAJIT
2415  if (LuajitSetupStatesPool() != 0) {
2416  SCReturnInt(TM_ECODE_FAILED);
2417  }
2418 #endif
2419 
2420  /* load the pattern matchers */
2421  MpmTableSetup();
2422  SpmTableSetup();
2423 
2424  int disable_offloading;
2425  if (ConfGetBool("capture.disable-offloading", &disable_offloading) == 0)
2426  disable_offloading = 1;
2427  if (disable_offloading) {
2428  LiveSetOffloadDisable();
2429  } else {
2430  LiveSetOffloadWarn();
2431  }
2432 
2433  if (suri->checksum_validation == -1) {
2434  const char *cv = NULL;
2435  if (ConfGetValue("capture.checksum-validation", &cv) == 1) {
2436  if (strcmp(cv, "none") == 0) {
2437  suri->checksum_validation = 0;
2438  } else if (strcmp(cv, "all") == 0) {
2439  suri->checksum_validation = 1;
2440  }
2441  }
2442  }
2443  switch (suri->checksum_validation) {
2444  case 0:
2445  ConfSet("stream.checksum-validation", "0");
2446  break;
2447  case 1:
2448  ConfSet("stream.checksum-validation", "1");
2449  break;
2450  }
2451 
2452  if (suri->runmode_custom_mode) {
2453  ConfSet("runmode", suri->runmode_custom_mode);
2454  }
2455 
2456  StorageInit();
2457 #ifdef HAVE_PACKET_EBPF
2458  EBPFRegisterExtension();
2459  LiveDevRegisterExtension();
2460 #endif
2461  RegisterFlowBypassInfo();
2462  AppLayerSetup();
2463 
2464  /* Suricata will use this umask if provided. By default it will use the
2465  umask passed on from the shell. */
2466  const char *custom_umask;
2467  if (ConfGet("umask", &custom_umask) == 1) {
2468  uint16_t mask;
2469  if (StringParseUint16(&mask, 8, strlen(custom_umask),
2470  custom_umask) > 0) {
2471  umask((mode_t)mask);
2472  }
2473  }
2474 
2475 
2476  if (ConfigGetCaptureValue(suri) != TM_ECODE_OK) {
2477  SCReturnInt(TM_ECODE_FAILED);
2478  }
2479 
2480 #ifdef NFQ
2481  if (suri->run_mode == RUNMODE_NFQ)
2482  NFQInitConfig(FALSE);
2483 #endif
2484 
2485  /* Load the Host-OS lookup. */
2486  SCHInfoLoadFromConfig();
2487 
2488  if (suri->run_mode == RUNMODE_ENGINE_ANALYSIS) {
2489  SCLogInfo("== Carrying out Engine Analysis ==");
2490  const char *temp = NULL;
2491  if (ConfGet("engine-analysis", &temp) == 0) {
2492  SCLogInfo("no engine-analysis parameter(s) defined in conf file. "
2493  "Please define/enable them in the conf to use this "
2494  "feature.");
2495  SCReturnInt(TM_ECODE_FAILED);
2496  }
2497  }
2498 
2499  /* hardcoded initialization code */
2500  SigTableSetup(); /* load the rule keywords */
2501  SigTableApplyStrictCommandlineOption(suri->strict_rule_parsing_string);
2502  TmqhSetup();
2503 
2504  CIDRInit();
2505  SCProtoNameInit();
2506 
2507  TagInitCtx();
2508  PacketAlertTagInit();
2509  ThresholdInit();
2510  HostBitInitCtx();
2511  IPPairBitInitCtx();
2512 
2513  if (DetectAddressTestConfVars() < 0) {
2514  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2515  "basic address vars test failed. Please check %s for errors",
2516  suri->conf_filename);
2517  SCReturnInt(TM_ECODE_FAILED);
2518  }
2519  if (DetectPortTestConfVars() < 0) {
2520  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2521  "basic port vars test failed. Please check %s for errors",
2522  suri->conf_filename);
2523  SCReturnInt(TM_ECODE_FAILED);
2524  }
2525 
2526  FeatureTrackingRegister(); /* must occur prior to output mod registration */
2527  RegisterAllModules();
2528 
2529  AppLayerHtpNeedFileInspection();
2530 
2531  StorageFinalize();
2532 
2533  TmModuleRunInit();
2534 
2535  if (MayDaemonize(suri) != TM_ECODE_OK)
2536  SCReturnInt(TM_ECODE_FAILED);
2537 
2538  if (InitSignalHandler(suri) != TM_ECODE_OK)
2539  SCReturnInt(TM_ECODE_FAILED);
2540 
2541  /* Check for the existance of the default logging directory which we pick
2542  * from suricata.yaml. If not found, shut the engine down */
2543  suri->log_dir = ConfigGetLogDirectory();
2544 
2545  if (ConfigCheckLogDirectoryExists(suri->log_dir) != TM_ECODE_OK) {
2546  SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
2547  "supplied by %s (default-log-dir) doesn't exist. "
2548  "Shutting down the engine", suri->log_dir, suri->conf_filename);
2549  SCReturnInt(TM_ECODE_FAILED);
2550  }
2551  if (!IsLogDirectoryWritable(suri->log_dir)) {
2552  SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
2553  "supplied by %s (default-log-dir) is not writable. "
2554  "Shutting down the engine", suri->log_dir, suri->conf_filename);
2555  SCReturnInt(TM_ECODE_FAILED);
2556  }
2557 
2558 
2559 #ifdef HAVE_NSS
2560  if (suri->run_mode != RUNMODE_CONF_TEST) {
2561  /* init NSS for hashing */
2562  PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
2563  NSS_NoDB_Init(NULL);
2564  }
2565 #endif
2566 
2567  if (suri->disabled_detect) {
2568  SCLogConfig("detection engine disabled");
2569  /* disable raw reassembly */
2570  (void)ConfSetFinal("stream.reassembly.raw", "false");
2571  }
2572 
2573  HostInitConfig(HOST_VERBOSE);
2574 #ifdef HAVE_MAGIC
2575  if (MagicInit() != 0)
2576  SCReturnInt(TM_ECODE_FAILED);
2577 #endif
2578  SCAsn1LoadConfig();
2579 
2580  CoredumpLoadConfig();
2581 
2582  DecodeGlobalConfig();
2583 
2584  LiveDeviceFinalize();
2585 
2586  /* set engine mode if L2 IPS */
2587  if (PostDeviceFinalizedSetup(suri) != TM_ECODE_OK) {
2588  exit(EXIT_FAILURE);
2589  }
2590 
2591  /* hostmode depends on engine mode being set */
2592  PostConfLoadedSetupHostMode();
2593 
2594  PreRunInit(suri->run_mode);
2595 
2596  SCReturnInt(TM_ECODE_OK);
2597 }
2598 
2599 static void SuricataMainLoop(SCInstance *suri)
2600 {
2601  while(1) {
2602  if (sigterm_count || sigint_count) {
2603  suricata_ctl_flags |= SURICATA_STOP;
2604  }
2605 
2606  if (suricata_ctl_flags & SURICATA_STOP) {
2607  SCLogNotice("Signal Received. Stopping engine.");
2608  break;
2609  }
2610 
2611  TmThreadCheckThreadState();
2612 
2613  if (sighup_count > 0) {
2614  OutputNotifyFileRotation();
2615  sighup_count--;
2616  }
2617 
2618  if (sigusr2_count > 0) {
2619  if (!(DetectEngineReloadIsStart())) {
2620  DetectEngineReloadStart();
2621  DetectEngineReload(suri);
2622  DetectEngineReloadSetIdle();
2623  sigusr2_count--;
2624  }
2625 
2626  } else if (DetectEngineReloadIsStart()) {
2627  DetectEngineReload(suri);
2628  DetectEngineReloadSetIdle();
2629  }
2630 
2631  usleep(10* 1000);
2632  }
2633 }
2634 
2635 SuricataContext context;
2636 
2637 /**
2638  * \brief Global initialization common to all runmodes.
2639  *
2640  * This can be used by fuzz targets.
2641  */
2642 
2643 int InitGlobal(void) {
2644  context.SCLogMessage = SCLogMessage;
2645  context.DetectEngineStateFree = DetectEngineStateFree;
2646  context.AppLayerDecoderEventsSetEventRaw =
2647  AppLayerDecoderEventsSetEventRaw;
2648  context.AppLayerDecoderEventsFreeEvents = AppLayerDecoderEventsFreeEvents;
2649 
2650  context.FileOpenFileWithId = FileOpenFileWithId;
2651  context.FileCloseFileById = FileCloseFileById;
2652  context.FileAppendDataById = FileAppendDataById;
2653  context.FileAppendGAPById = FileAppendGAPById;
2654  context.FileContainerRecycle = FileContainerRecycle;
2655  context.FilePrune = FilePrune;
2656  context.FileSetTx = FileContainerSetTx;
2657 
2658  rs_init(&context);
2659 
2660  SC_ATOMIC_INIT(engine_stage);
2661 
2662  /* initialize the logging subsys */
2663  SCLogInitLogModule(NULL);
2664 
2665  (void)SCSetThreadName("Suricata-Main");
2666 
2667  /* Ignore SIGUSR2 as early as possble. We redeclare interest
2668  * once we're done launching threads. The goal is to either die
2669  * completely or handle any and all SIGUSR2s correctly.
2670  */
2671 #ifndef OS_WIN32
2672  UtilSignalHandlerSetup(SIGUSR2, SIG_IGN);
2673  if (UtilSignalBlock(SIGUSR2)) {
2674  SCLogError(SC_ERR_INITIALIZATION, "SIGUSR2 initialization error");
2675  return EXIT_FAILURE;
2676  }
2677 #endif
2678 
2679  ParseSizeInit();
2680  RunModeRegisterRunModes();
2681 
2682  /* Initialize the configuration module. */
2683  ConfInit();
2684 
2685  return 0;
2686 }
2687 
2688 int SuricataMain(int argc, char **argv)
2689 {
2690  SCInstanceInit(&suricata, argv[0]);
2691 
2692  if (InitGlobal() != 0) {
2693  exit(EXIT_FAILURE);
2694  }
2695 
2696 #ifdef OS_WIN32
2697  /* service initialization */
2698  if (WindowsInitService(argc, argv) != 0) {
2699  exit(EXIT_FAILURE);
2700  }
2701 #endif /* OS_WIN32 */
2702 
2703  if (ParseCommandLine(argc, argv, &suricata) != TM_ECODE_OK) {
2704  exit(EXIT_FAILURE);
2705  }
2706 
2707  if (FinalizeRunMode(&suricata, argv) != TM_ECODE_OK) {
2708  exit(EXIT_FAILURE);
2709  }
2710 
2711  switch (StartInternalRunMode(&suricata, argc, argv)) {
2712  case TM_ECODE_DONE:
2713  exit(EXIT_SUCCESS);
2714  case TM_ECODE_FAILED:
2715  exit(EXIT_FAILURE);
2716  }
2717 
2718  /* Initializations for global vars, queues, etc (memsets, mutex init..) */
2719  GlobalsInitPreConfig();
2720 
2721  /* Load yaml configuration file if provided. */
2722  if (LoadYamlConfig(&suricata) != TM_ECODE_OK) {
2723  exit(EXIT_FAILURE);
2724  }
2725 
2726  if (suricata.run_mode == RUNMODE_DUMP_CONFIG) {
2727  ConfDump();
2728  exit(EXIT_SUCCESS);
2729  }
2730 
2731  int vlan_tracking = 1;
2732  if (ConfGetBool("vlan.use-for-tracking", &vlan_tracking) == 1 && !vlan_tracking) {
2733  /* Ignore vlan_ids when comparing flows. */
2734  g_vlan_mask = 0x0000;
2735  }
2736  SCLogDebug("vlan tracking is %s", vlan_tracking == 1 ? "enabled" : "disabled");
2737 
2738  SetupUserMode(&suricata);
2739 
2740  /* Since our config is now loaded we can finish configurating the
2741  * logging module. */
2742  SCLogLoadConfig(suricata.daemon, suricata.verbose);
2743 
2744  LogVersion(&suricata);
2745  UtilCpuPrintSummary();
2746 
2747  if (ParseInterfacesList(suricata.aux_run_mode, suricata.pcap_dev) != TM_ECODE_OK) {
2748  exit(EXIT_FAILURE);
2749  }
2750 
2751  if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) {
2752  exit(EXIT_FAILURE);
2753  }
2754 
2755  SCDropMainThreadCaps(suricata.userid, suricata.groupid);
2756 
2757  /* Re-enable coredumps after privileges are dropped. */
2758  CoredumpEnable();
2759 
2760  PreRunPostPrivsDropInit(suricata.run_mode);
2761 
2762  PostConfLoadedDetectSetup(&suricata);
2763  if (suricata.run_mode == RUNMODE_ENGINE_ANALYSIS) {
2764  goto out;
2765  } else if (suricata.run_mode == RUNMODE_CONF_TEST){
2766  SCLogNotice("Configuration provided was successfully loaded. Exiting.");
2767  goto out;
2768  } else if (suricata.run_mode == RUNMODE_DUMP_FEATURES) {
2769  FeatureDump();
2770  goto out;
2771  }
2772 
2773  SCSetStartTime(&suricata);
2774  RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode);
2775  if (suricata.run_mode != RUNMODE_UNIX_SOCKET) {
2776  UnixManagerThreadSpawnNonRunmode();
2777  }
2778 
2779  /* Wait till all the threads have been initialized */
2780  if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) {
2781  SCLogError(SC_ERR_INITIALIZATION, "Engine initialization failed, "
2782  "aborting...");
2783  exit(EXIT_FAILURE);
2784  }
2785 
2786  (void) SC_ATOMIC_CAS(&engine_stage, SURICATA_INIT, SURICATA_RUNTIME);
2787  PacketPoolPostRunmodes();
2788 
2789  /* Un-pause all the paused threads */
2790  TmThreadContinueThreads();
2791 
2792  PostRunStartedDetectSetup(&suricata);
2793 
2794 #ifdef DBG_MEM_ALLOC
2795  SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem);
2796 #ifdef DBG_MEM_ALLOC_SKIP_STARTUP
2797  print_mem_flag = 1;
2798 #endif
2799 #endif
2800 
2801  SCPledge();
2802  SuricataMainLoop(&suricata);
2803 
2804  /* Update the engine stage/status flag */
2805  (void) SC_ATOMIC_CAS(&engine_stage, SURICATA_RUNTIME, SURICATA_DEINIT);
2806 
2807  UnixSocketKillSocketThread();
2808  PostRunDeinit(suricata.run_mode, &suricata.start_time);
2809  /* kill remaining threads */
2810  TmThreadKillThreads();
2811 
2812 out:
2813  GlobalsDestroy(&suricata);
2814 
2815  exit(EXIT_SUCCESS);
2816 }
SCProtoNameInit
void SCProtoNameInit()
Function to load the protocol names from the specified protocol file.
Definition: util-proto-name.c:39
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1090
util-byte.h
host.h
tm-threads.h
ConfGetInt
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:437
TmModuleUnixManagerRegister
void TmModuleUnixManagerRegister(void)
Definition: unix-manager.c:1262
profiling_rules_enabled
int profiling_rules_enabled
Definition: util-profiling-rules.c:81
app-layer-dcerpc.h
SuricataContext_::DetectEngineStateFree
void(* DetectEngineStateFree)(DetectEngineState *)
Definition: rust-context.h:31
source-nflog.h
TagInitCtx
void TagInitCtx(void)
Definition: detect-engine-tag.c:51
TmModuleReceiveIPFWRegister
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
Definition: source-ipfw.c:153
flow-bypass.h
len
uint8_t len
Definition: app-layer-dnp3.h:4
SCReferenceConfDeinit
void SCReferenceConfDeinit(void)
Definition: util-reference-config.c:80
ippair.h
AppLayerHtpNeedFileInspection
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
Definition: app-layer-htp.c:505
SCInstance_::run_mode
enum RunModes run_mode
Definition: suricata.h:129
detect-engine.h
StringParseUint16
int StringParseUint16(uint16_t *res, int base, uint16_t len, const char *str)
Definition: util-byte.c:324
source-pcap.h
SCInstance_::groupid
uint32_t groupid
Definition: suricata.h:146
RUNMODE_UNIX_SOCKET
@ RUNMODE_UNIX_SOCKET
Definition: runmodes.h:41
g_system
bool g_system
Definition: suricata.c:223
SCStrdup
#define SCStrdup(a)
Definition: util-mem.h:268
SCReferenceConfInit
void SCReferenceConfInit(void)
Definition: util-reference-config.c:56
SC_ATOMIC_DESTROY
#define SC_ATOMIC_DESTROY(name)
Destroy the lock used to protect this variable.
Definition: util-atomic.h:97
host-storage.h
SCInstance_::daemon
int daemon
Definition: suricata.h:155
max_pending_packets
intmax_t max_pending_packets
Definition: suricata.c:212
SuricataContext_::SCLogMessage
SCError(* SCLogMessage)(const SCLogLevel, const char *, const unsigned int, const char *, const SCError, const char *message)
Definition: rust-context.h:29
app-layer-ssh.h
SCLogInitLogModule
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
Definition: util-debug.c:1252
SLL_HEADER_LEN
#define SLL_HEADER_LEN
Definition: decode-sll.h:27
SCInstance_::checksum_validation
int checksum_validation
Definition: suricata.h:158
SC_ERR_DAG_REQUIRED
@ SC_ERR_DAG_REQUIRED
Definition: util-error.h:201
SC_ERR_WINDIVERT_NOSUPPORT
@ SC_ERR_WINDIVERT_NOSUPPORT
Definition: util-error.h:346
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:3825
RUNMODE_UNITTEST
@ RUNMODE_UNITTEST
Definition: runmodes.h:39
StorageInit
void StorageInit(void)
Definition: util-storage.c:67
SCInstance_::start_time
struct timeval start_time
Definition: suricata.h:160
SCLogLoadConfig
void SCLogLoadConfig(int daemon, int verbose)
Definition: util-debug.c:1286
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
Initialize the previously declared atomic variable and it's lock.
Definition: util-atomic.h:81
FileAppendGAPById
int FileAppendGAPById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer...
Definition: util-file.c:762
SCThresholdConfGlobalFree
void SCThresholdConfGlobalFree(void)
Definition: util-threshold-config.c:151
source-pcap-file.h
AFPPeersListClean
void AFPPeersListClean()
Clean the global peers list.
Definition: source-af-packet.c:531
ConfNode_::val
char * val
Definition: conf.h:34
CLS
#define CLS
Definition: suricata-common.h:45
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as an boolen.
Definition: conf.c:517
stream-tcp.h
DetectEngineCtx_::type
enum DetectEngineType type
Definition: detect.h:894
DetectEnginePruneFreeList
void DetectEnginePruneFreeList(void)
Definition: detect-engine.c:3916
RUNMODE_UNKNOWN
@ RUNMODE_UNKNOWN
Definition: runmodes.h:28
SuricataContext_::AppLayerDecoderEventsSetEventRaw
void(* AppLayerDecoderEventsSetEventRaw)(AppLayerDecoderEvents **, uint8_t)
Definition: rust-context.h:32
SCInstance_::group_name
const char * group_name
Definition: suricata.h:142
SCFree
#define SCFree(a)
Definition: util-mem.h:322
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
runmode-unittests.h
SigTableApplyStrictCommandlineOption
void SigTableApplyStrictCommandlineOption(const char *str)
Definition: detect-parse.c:306
TmqhSetup
void TmqhSetup(void)
Definition: tm-queuehandlers.c:39
SC_ERR_GID_FAILED
@ SC_ERR_GID_FAILED
Definition: util-error.h:188
RUNMODE_PRINT_BUILDINFO
@ RUNMODE_PRINT_BUILDINFO
Definition: runmodes.h:48
DetectEngineCtxInitStubForDD
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
Definition: detect-engine.c:1980
LiveDevRegisterExtension
void LiveDevRegisterExtension(void)
Definition: util-device.c:496
SC_ERR_NFQ_NOSUPPORT
@ SC_ERR_NFQ_NOSUPPORT
Definition: util-error.h:97
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:335
AppLayerHtpPrintStats
void AppLayerHtpPrintStats(void)
Definition: app-layer-htp.c:2936
StatsSetupPostConfigPreOutput
void StatsSetupPostConfigPreOutput(void)
Definition: counters.c:868
SCInstance_::runmode_custom_mode
char * runmode_custom_mode
Definition: suricata.h:139
util-coredump-config.h
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:2
SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:399
TmModuleReceiveNFQRegister
void TmModuleReceiveNFQRegister(void)
Definition: source-nfq.c:171
LiveBuildDeviceList
int LiveBuildDeviceList(const char *runmode)
Definition: util-device.c:308
util-lua.h
RunModeShutDown
void RunModeShutDown(void)
Definition: runmodes.c:522
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:80
DEFAULT_MTU
#define DEFAULT_MTU
Definition: decode.h:612
ippair-bit.h
SC_ERR_NOT_SUPPORTED
@ SC_ERR_NOT_SUPPORTED
Definition: util-error.h:257
SuricataContext_::AppLayerDecoderEventsFreeEvents
void(* AppLayerDecoderEventsFreeEvents)(AppLayerDecoderEvents **)
Definition: rust-context.h:34
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
threads.h
RUNMODE_LIST_RUNMODES
@ RUNMODE_LIST_RUNMODES
Definition: runmodes.h:46
sigint_count
volatile sig_atomic_t sigint_count
Definition: suricata.c:182
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
TmModuleRunDeInit
void TmModuleRunDeInit(void)
Definition: tm-modules.c:146
RegisterFlowBypassInfo
void RegisterFlowBypassInfo(void)
Definition: flow-util.c:227
SCSetThreadName
#define SCSetThreadName(n)
Definition: threads.h:299
HostInitConfig
void HostInitConfig(char quiet)
initialize the configuration
Definition: host.c:175
SURICATA_INIT
@ SURICATA_INIT
Definition: suricata.h:101
SC_ERR_NO_PCAP_SET_BUFFER_SIZE
@ SC_ERR_NO_PCAP_SET_BUFFER_SIZE
Definition: util-error.h:59
SURICATA_DEINIT
@ SURICATA_DEINIT
Definition: suricata.h:103
SCLogDeInitLogModule
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
Definition: util-debug.c:1468
util-pidfile.h
TmModuleDecodeErfFileRegister
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
Definition: source-erf-file.c:98
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:761
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:102
FlowInitConfig
void FlowInitConfig(char quiet)
initialize the configuration
Definition: flow.c:530
DetectEngineReloadSetIdle
void DetectEngineReloadSetIdle(void)
Definition: detect-engine.c:1501
SCInstance_::userid
uint32_t userid
Definition: suricata.h:145
RUNMODE_ERF_FILE
@ RUNMODE_ERF_FILE
Definition: runmodes.h:35
source-windivert-prototypes.h
SC_ERR_IPFW_NOSUPPORT
@ SC_ERR_IPFW_NOSUPPORT
Definition: util-error.h:109
DetectEngineGetCurrent
DetectEngineCtx * DetectEngineGetCurrent(void)
Definition: detect-engine.c:3124
TmModuleFlowRecyclerRegister
void TmModuleFlowRecyclerRegister(void)
Definition: flow-manager.c:1144
packet-queue.h
Daemonize
void Daemonize(void)
Daemonize the process.
Definition: util-daemon.c:102
UtilSignalHandlerSetup
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
Definition: util-signal.c:60
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
TmModuleDecodeAFPRegister
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
Definition: source-af-packet.c:549
RUNMODE_NFLOG
@ RUNMODE_NFLOG
Definition: runmodes.h:33
TmModuleDecodeWinDivertRegister
void TmModuleDecodeWinDivertRegister(void)
Definition: source-windivert.c:74
SURICATA_STOP
#define SURICATA_STOP
Definition: suricata.h:95
FlowForceReassembly
void FlowForceReassembly(void)
Force reassembly for all the flows that have unprocessed segments.
Definition: flow-timeout.c:468
DetectEngineAddToMaster
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:3849
TmModuleStatsLoggerRegister
void TmModuleStatsLoggerRegister(void)
Definition: output-stats.c:197
RegisterAllModules
void RegisterAllModules(void)
Definition: suricata.c:851
ENGINE_MODE_IPS
@ ENGINE_MODE_IPS
Definition: suricata.h:109
SC_ATOMIC_CAS
#define SC_ATOMIC_CAS(name, cmpval, newval)
atomic Compare and Switch
Definition: util-atomic.h:222
SCGetUserID
int SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
Definition: util-privs.c:151
RUNMODE_PCAP_DEV
@ RUNMODE_PCAP_DEV
Definition: runmodes.h:29
flow-bit.h
SupportFastPatternForSigMatchTypes
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
Definition: detect-fast-pattern.c:139
ConfDump
void ConfDump(void)
Dump configuration to stdout.
Definition: conf.c:780
rust.h
SCPledge
#define SCPledge(...)
Definition: util-privs.h:100
CheckValidDaemonModes
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
Definition: util-daemon.c:174
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:148
SCClassConfDeinit
void SCClassConfDeinit(void)
Definition: util-classification-config.c:86
LiveGetDeviceNameName
const char * LiveGetDeviceNameName(int number)
Get a pointer to the pre device name at idx.
Definition: util-device.c:218
ConfSetFinal
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:299
unittests_fatal
int unittests_fatal
Definition: util-unittest.c:52
TmThreadDisableReceiveThreads
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
Definition: tm-threads.c:1325
StatsInit
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
Definition: counters.c:856
util-privs.h
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:1982
RUNMODE_LIST_KEYWORDS
@ RUNMODE_LIST_KEYWORDS
Definition: runmodes.h:44
SURICATA_DONE
#define SURICATA_DONE
Definition: suricata.h:97
SCInstance_::conf_filename
const char * conf_filename
Definition: suricata.h:164
RUNMODE_NAPATECH
@ RUNMODE_NAPATECH
Definition: runmodes.h:40
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:330
TmModuleReceiveNetmapRegister
void TmModuleReceiveNetmapRegister(void)
Definition: source-netmap.c:90
PacketPoolPostRunmodes
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
Definition: tmqh-packetpool.c:586
TmModuleReceiveWinDivertRegister
void TmModuleReceiveWinDivertRegister(void)
Definition: source-windivert.c:61
app-layer-ftp.h
MAX
#define MAX(x, y)
Definition: suricata-common.h:364
TmModuleReceivePfringRegister
void TmModuleReceivePfringRegister(void)
Registration Function for RecievePfring.
Definition: source-pfring.c:163
HOST_VERBOSE
#define HOST_VERBOSE
Definition: host.h:92
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:79
SCProfilingDestroy
void SCProfilingDestroy(void)
Free resources used by profiling.
Definition: util-profiling.c:271
IsRunModeOffline
bool IsRunModeOffline(enum RunModes run_mode_to_check)
Definition: runmodes.c:504
SuricataContext_::FileSetTx
void(* FileSetTx)(FileContainer *, uint64_t)
Definition: rust-context.h:47
RunModeInitializeOutputs
void RunModeInitializeOutputs(void)
Definition: runmodes.c:716
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1157
SCThresholdConfGlobalInit
void SCThresholdConfGlobalInit(void)
Definition: util-threshold-config.c:103
DecodeUnregisterCounters
void DecodeUnregisterCounters(void)
Definition: decode.c:467
NFQInitConfig
void NFQInitConfig(char quiet)
To initialize the NFQ global configuration data.
Definition: source-nfq.c:209
RUNMODE_DAG
@ RUNMODE_DAG
Definition: runmodes.h:36
HostBitInitCtx
void HostBitInitCtx(void)
Definition: host-bit.c:49
EngineMode
EngineMode
Definition: suricata.h:107
SCInstance_::set_datadir
bool set_datadir
Definition: suricata.h:151
TVT_MGMT
@ TVT_MGMT
Definition: tm-threads-common.h:86
tmqh-packetpool.h
FileContainerSetTx
void FileContainerSetTx(FileContainer *ffc, uint64_t tx_id)
Definition: util-file.c:574
g_ut_covered
int g_ut_covered
Definition: suricata.c:849
util-unittest.h
TmModuleLoggerRegister
void TmModuleLoggerRegister(void)
Definition: output.c:1067
TmThreadDisablePacketThreads
void TmThreadDisablePacketThreads(void)
Disable all packet threads.
Definition: tm-threads.c:1429
host_mode
uint8_t host_mode
Definition: suricata.c:209
RUNMODE_NETMAP
@ RUNMODE_NETMAP
Definition: runmodes.h:38
util-unittest-helper.h
RUNMODE_DUMP_FEATURES
@ RUNMODE_DUMP_FEATURES
Definition: runmodes.h:59
FeatureDump
void FeatureDump(void)
Definition: feature.c:142
PacketPoolInit
void PacketPoolInit(void)
Definition: tmqh-packetpool.c:370
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:78
AppLayerDeSetup
int AppLayerDeSetup(void)
De initializes the app layer.
Definition: app-layer.c:813
TmThreadContinueThreads
void TmThreadContinueThreads()
Unpauses all threads present in tv_root.
Definition: tm-threads.c:1754
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
PcapTranslateIPToDevice
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
Definition: source-pcap.c:605
FlowDisableFlowRecyclerThread
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
Definition: flow-manager.c:1069
ParseSizeInit
void ParseSizeInit(void)
Definition: util-misc.c:36
GetIfaceMaxPacketSize
int GetIfaceMaxPacketSize(const char *pcap_dev)
output max packet size for a link
Definition: util-ioctl.c:132
TmModuleDecodePcapFileRegister
void TmModuleDecodePcapFileRegister(void)
Definition: source-pcap-file.c:126
TmModuleBypassedFlowManagerRegister
void TmModuleBypassedFlowManagerRegister(void)
Definition: flow-bypass.c:214
IPPairShutdown
void IPPairShutdown(void)
shutdown the flow engine
Definition: ippair.c:302
source-erf-dag.h
util-signal.h
DetectParseFreeRegexes
void DetectParseFreeRegexes(void)
Definition: detect-parse.c:2390
SC_ERR_UID_FAILED
@ SC_ERR_UID_FAILED
Definition: util-error.h:187
SC_ERR_SIZE_PARSE
@ SC_ERR_SIZE_PARSE
Definition: util-error.h:230
TmModuleDecodeNFLOGRegister
void TmModuleDecodeNFLOGRegister(void)
Definition: source-nflog.c:54
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:331
NFQParseAndRegisterQueues
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
Definition: source-nfq.c:870
AppLayerSetup
int AppLayerSetup(void)
Setup the app layer.
Definition: app-layer.c:798
FeatureTrackingRegister
void FeatureTrackingRegister(void)
Definition: feature.c:150
util-cidr.h
FilePrune
void FilePrune(FileContainer *ffc)
Definition: util-file.c:388
app-layer-htp.h
UnixManagerThreadSpawnNonRunmode
void UnixManagerThreadSpawnNonRunmode(void)
Definition: unix-manager.c:1255
IsRunModeSystem
bool IsRunModeSystem(enum RunModes run_mode_to_check)
Definition: runmodes.c:491
datasets.h
TmModuleDecodeNetmapRegister
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
Definition: source-netmap.c:100
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2006
feature.h
decode.h
util-device.h
util-debug.h
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:3865
sigterm_count
volatile sig_atomic_t sigterm_count
Definition: suricata.c:184
SURI_HOST_IS_ROUTER
@ SURI_HOST_IS_ROUTER
Definition: suricata.h:120
run_mode
int run_mode
Definition: suricata.c:201
source-nfq.h
SC_ERR_CMD_LINE
@ SC_ERR_CMD_LINE
Definition: util-error.h:227
ListAppLayerProtocols
int ListAppLayerProtocols()
Definition: util-running-modes.c:44
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:16
TmThreadWaitOnThreadInit
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
Definition: tm-threads.c:1824
TmModuleVerdictNFQRegister
void TmModuleVerdictNFQRegister(void)
Definition: source-nfq.c:186
ConfYamlLoadFile
int ConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
Definition: conf-yaml-loader.c:404
RUNMODE_CONF_TEST
@ RUNMODE_CONF_TEST
Definition: runmodes.h:51
AppLayerRegisterGlobalCounters
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
Definition: app-layer.c:875
RunModeListRunmodes
void RunModeListRunmodes(void)
Lists all registered runmodes.
Definition: runmodes.c:235
RUNMODE_PRINT_USAGE
@ RUNMODE_PRINT_USAGE
Definition: runmodes.h:49
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
RUNMODE_LIST_APP_LAYERS
@ RUNMODE_LIST_APP_LAYERS
Definition: runmodes.h:45
util-cpu.h
suricata
SCInstance suricata
Definition: suricata.c:237
LiveSetOffloadDisable
void LiveSetOffloadDisable(void)
Definition: util-device.c:69
app-layer-dnp3.h
StatsSetupPostConfigPostOutput
void StatsSetupPostConfigPostOutput(void)
Definition: counters.c:873
EngineModeSetIDS
void EngineModeSetIDS(void)
Definition: suricata.c:259
SpmTableSetup
void SpmTableSetup(void)
Definition: util-spm.c:117
TmModuleReceiveAFPRegister
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
Definition: source-af-packet.c:326
LiveBuildDeviceListCustom
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
Definition: util-device.c:313
UnixSocketKillSocketThread
void UnixSocketKillSocketThread(void)
Definition: unix-manager.c:1250
TmModuleVerdictIPFWRegister
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
Definition: source-ipfw.c:175
flow-worker.h
SuricataContext_::FileAppendDataById
int(* FileAppendDataById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Definition: rust-context.h:41
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:276
util-reference-config.h
source-napatech.h
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:939
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:153
TmModuleVerdictWinDivertRegister
void TmModuleVerdictWinDivertRegister(void)
Definition: source-windivert.c:68
SCInstance_::progname
const char * progname
Definition: suricata.h:163
HostCleanup
void HostCleanup(void)
Cleanup the host engine.
Definition: host.c:351
SCEnter
#define SCEnter(...)
Definition: util-debug.h:337
FlowDisableFlowManagerThread
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
Definition: flow-manager.c:146
detect-engine-mpm.h
util-ebpf.h
SCInstance_::pcap_dev
char pcap_dev[128]
Definition: suricata.h:132
detect.h
SuricataMain
int SuricataMain(int argc, char **argv)
Definition: suricata.c:2688
UtilSignalUnblock
int UtilSignalUnblock(int signum)
Definition: util-signal.c:46
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3091
pkt-var.h
TmThreadClearThreadsFamily
void TmThreadClearThreadsFamily(int family)
Definition: tm-threads.c:1605
SC_ERR_PIDFILE_DAEMON
@ SC_ERR_PIDFILE_DAEMON
Definition: util-error.h:186
TVT_PPT
@ TVT_PPT
Definition: tm-threads-common.h:85
TmModuleRunInit
void TmModuleRunInit(void)
Definition: tm-modules.c:128
detect-engine-port.h
EngineModeSetIPS
void EngineModeSetIPS(void)
Definition: suricata.c:254
util-atomic.h
SCInstance_::user_name
const char * user_name
Definition: suricata.h:141
HTPAtExitPrintStats
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
Definition: app-layer-htp.c:2052
util-time.h
UtilSignalBlock
int UtilSignalBlock(int signum)
Definition: util-signal.c:29
SCProfilingPrefilterGlobalInit
void SCProfilingPrefilterGlobalInit(void)
Definition: util-profiling-prefilter.c:63
IPPairInitConfig
void IPPairInitConfig(char quiet)
initialize the configuration
Definition: ippair.c:170
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2411
GetProgramVersion
const char * GetProgramVersion(void)
get string with program version
Definition: suricata.c:1048
engine_analysis
int engine_analysis
app-layer-parser.h
SC_ERR_LIBCAP_NG_REQUIRED
@ SC_ERR_LIBCAP_NG_REQUIRED
Definition: util-error.h:190
TRUE
#define TRUE
Definition: suricata-common.h:33
SCMalloc
#define SCMalloc(a)
Definition: util-mem.h:222
SCGetGroupID
int SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
Definition: util-privs.c:214
TmModuleReceivePcapFileRegister
void TmModuleReceivePcapFileRegister(void)
Definition: source-pcap-file.c:112
source-pfring.h
SuricataContext_::FileCloseFileById
int(* FileCloseFileById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: rust-context.h:39
CoredumpLoadConfig
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
Definition: util-coredump-config.c:85
detect-engine-tag.h
IPFWRegisterQueue
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
Definition: source-ipfw.c:707
xstr
#define xstr(s)
Definition: suricata-common.h:255
util-profiling.h
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
AFPRunModeIsIPS
int AFPRunModeIsIPS()
Definition: runmode-af-packet.c:711
SCInstance_::offline
int offline
Definition: suricata.h:156
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:602
UtilCpuPrintSummary
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
Definition: util-cpu.c:162
TmThreadKillThreads
void TmThreadKillThreads(void)
Definition: tm-threads.c:1538
SC_ERR_FOPEN
@ SC_ERR_FOPEN
Definition: util-error.h:74
OutputDeregisterAll
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
Definition: output.c:848
EngineModeIsIDS
int EngineModeIsIDS(void)
Definition: suricata.c:249
TmModuleNapatechDecodeRegister
void TmModuleNapatechDecodeRegister(void)
Register the Napatech decoder module.
Definition: source-napatech.c:163
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:33
conf-yaml-loader.h
StreamTcpFreeConfig
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:669
SC_WARN_FASTER_CAPTURE_AVAILABLE
@ SC_WARN_FASTER_CAPTURE_AVAILABLE
Definition: util-error.h:308
coverage_unittests
int coverage_unittests
Definition: suricata.c:847
RUNMODE_DUMP_CONFIG
@ RUNMODE_DUMP_CONFIG
Definition: runmodes.h:50
SCAsn1LoadConfig
void SCAsn1LoadConfig()
Definition: util-decode-asn1.c:38
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:657
conf.h
source-ipfw.h
TMM_SIZE
@ TMM_SIZE
Definition: tm-threads-common.h:73
source-netmap.h
OutputNotifyFileRotation
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
Definition: output.c:919
util-magic.h
StorageFinalize
int StorageFinalize(void)
Definition: util-storage.c:139
SCInstance_::verbose
int verbose
Definition: suricata.h:157
util-radix-tree.h
TmEcode
TmEcode
Definition: tm-threads-common.h:77
source-windivert.h
FileOpenFileWithId
int FileOpenFileWithId(FileContainer *ffc, const StreamingBufferConfig *sbcfg, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags)
Open a new File.
Definition: util-file.c:918
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:353
SCInstance_::aux_run_mode
enum RunModes aux_run_mode
Definition: suricata.h:130
LiveGetDeviceNameCount
int LiveGetDeviceNameCount(void)
Get the number of pre registered devices.
Definition: util-device.c:198
flow-timeout.h
DEFAULT_PID_FILENAME
#define DEFAULT_PID_FILENAME
Definition: suricata.h:84
reputation.h
util-action.h
sighup_count
volatile sig_atomic_t sighup_count
Definition: suricata.c:183
ConfigSetDataDirectory
TmEcode ConfigSetDataDirectory(char *name)
Definition: util-conf.c:69
TmModuleDecodeErfDagRegister
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
Definition: source-erf-dag.c:153
SCInstance_::set_logdir
bool set_logdir
Definition: suricata.h:150
SCDropMainThreadCaps
#define SCDropMainThreadCaps(...)
Definition: util-privs.h:38
TmModuleDebugList
void TmModuleDebugList(void)
Definition: tm-modules.c:35
TmModuleDecodeNFQRegister
void TmModuleDecodeNFQRegister(void)
Definition: source-nfq.c:195
util-proto-name.h
STREAM_VERBOSE
#define STREAM_VERBOSE
Definition: stream-tcp.h:33
defrag.h
MpmTableSetup
void MpmTableSetup(void)
Definition: util-mpm.c:279
SCInstance_::log_dir
const char * log_dir
Definition: suricata.h:162
runmodes.h
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:264
source-nfq-prototypes.h
FileAppendDataById
int FileAppendDataById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer...
Definition: util-file.c:731
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:254
TmModuleReceiveNFLOGRegister
void TmModuleReceiveNFLOGRegister(void)
Definition: source-nflog.c:48
SC_ERR_INVALID_YAML_CONF_ENTRY
@ SC_ERR_INVALID_YAML_CONF_ENTRY
Definition: util-error.h:169
SCLogMessage
SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigned int line, const char *function, const SCError error_code, const char *message)
Adds the global log_format to the outgoing buffer.
Definition: util-debug.c:541
DEFAULT_PACKET_SIZE
#define DEFAULT_PACKET_SIZE
Definition: decode.h:615
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:37
DetectEngineStateFree
void DetectEngineStateFree(DetectEngineState *state)
Frees a DetectEngineState object.
Definition: detect-engine-state.c:175
util-host-os-info.h
TmModuleReceiveErfFileRegister
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-file.c:79
TmModule_
Definition: tm-modules.h:43
default_packet_size
uint32_t default_packet_size
Definition: decode.c:71
tm-queuehandlers.h
SuricataContext_::FilePrune
void(* FilePrune)(FileContainer *ffc)
Definition: rust-context.h:46
util-decode-asn1.h
DETECT_ENGINE_TYPE_NORMAL
@ DETECT_ENGINE_TYPE_NORMAL
Definition: detect.h:748
PROG_NAME
#define PROG_NAME
Definition: suricata.h:71
TmThreadKillThreadsFamily
void TmThreadKillThreadsFamily(int family)
Definition: tm-threads.c:1509
detect-fast-pattern.h
app-layer-modbus.h
FeatureTrackingRelease
void FeatureTrackingRelease(void)
Definition: feature.c:134
SuricataContext_::FileAppendGAPById
int(* FileAppendGAPById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Definition: rust-context.h:43
app-layer-enip.h
TmqhCleanup
void TmqhCleanup(void)
Clean up registration time allocs.
Definition: tm-queuehandlers.c:49
RUNMODE_PFRING
@ RUNMODE_PFRING
Definition: runmodes.h:31
SC_ERR_NO_RULES_LOADED
@ SC_ERR_NO_RULES_LOADED
Definition: util-error.h:73
flow-manager.h
DecodeGlobalConfig
void DecodeGlobalConfig(void)
Definition: decode.c:731
SCInstance_::strict_rule_parsing_string
char * strict_rule_parsing_string
Definition: suricata.h:165
SuriHasSigFile
int SuriHasSigFile(void)
Definition: suricata.c:239
suricata-common.h
g_default_mtu
int g_default_mtu
Definition: suricata.c:221
sc_set_caps
int sc_set_caps
Definition: suricata.c:218
DetectEngineCtxInitStubForMT
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
Definition: detect-engine.c:1975
tm-queues.h
util-daemon.h
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:685
SCHInfoLoadFromConfig
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
Definition: util-host-os-info.c:336
DetectEngineBumpVersion
void DetectEngineBumpVersion(void)
Definition: detect-engine.c:3115
util-decode-mime.h
AppLayerDecoderEventsSetEventRaw
void AppLayerDecoderEventsSetEventRaw(AppLayerDecoderEvents **sevents, uint8_t event)
Set an app layer decoder event.
Definition: app-layer-events.c:89
SC_ERR_PCAP_TRANSLATE
@ SC_ERR_PCAP_TRANSLATE
Definition: util-error.h:233
TmModuleFlowManagerRegister
void TmModuleFlowManagerRegister(void)
Definition: flow-manager.c:1130
util-spm.h
SCPidfileTestRunning
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
Definition: util-pidfile.c:105
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
HostShutdown
void HostShutdown(void)
shutdown the flow engine
Definition: host.c:307
TmModuleDecodePfringRegister
void TmModuleDecodePfringRegister(void)
Registration Function for DecodePfring.
Definition: source-pfring.c:180
LiveSetOffloadWarn
void LiveSetOffloadWarn(void)
Definition: util-device.c:74
ParseSizeDeinit
void ParseSizeDeinit(void)
Definition: util-misc.c:55
util-classification-config.h
RunModeRegisterRunModes
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
Definition: runmodes.c:209
FatalError
#define FatalError(x,...)
Definition: util-debug.h:569
ConfGetChildValueBool
int ConfGetChildValueBool(const ConfNode *base, const char *name, int *val)
Definition: conf.c:530
SCProfilingDump
void SCProfilingDump(void)
Definition: util-profiling.c:297
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:417
SCInstance_::sig_file
char * sig_file
Definition: suricata.h:133
SC_ERR_NO_AF_PACKET
@ SC_ERR_NO_AF_PACKET
Definition: util-error.h:225
ParseSizeStringU32
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:186
SC_ERR_BPF
@ SC_ERR_BPF
Definition: util-error.h:157
TmModuleReceiveErfDagRegister
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-dag.c:134
DetectEngineMultiTenantSetup
int DetectEngineMultiTenantSetup(void)
setup multi-detect / multi-tenancy
Definition: detect-engine.c:3499
IPPairBitInitCtx
void IPPairBitInitCtx(void)
Definition: ippair-bit.c:49
SCClassConfInit
void SCClassConfInit(void)
Definition: util-classification-config.c:63
RunmodeGetCurrent
int RunmodeGetCurrent(void)
Definition: suricata.c:272
ConfigSetLogDirectory
TmEcode ConfigSetLogDirectory(const char *name)
Definition: util-conf.c:31
CIDRInit
void CIDRInit(void)
Definition: util-cidr.c:31
threadvars.h
TmModuleDecodeIPFWRegister
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
Definition: source-ipfw.c:191
source-af-packet.h
RUNMODE_NFQ
@ RUNMODE_NFQ
Definition: runmodes.h:32
ConfSetFromString
int ConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
Definition: conf.c:245
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
g_vlan_mask
uint16_t g_vlan_mask
Definition: suricata.c:234
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:525
sigusr2_count
volatile sig_atomic_t sigusr2_count
Definition: suricata.c:185
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:53
RUNMODE_PRINT_VERSION
@ RUNMODE_PRINT_VERSION
Definition: runmodes.h:47
TmModuleDecodePcapRegister
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
Definition: source-pcap.c:123
util-running-modes.h
unix-manager.h
LiveDeviceListClean
int LiveDeviceListClean()
Definition: util-device.c:348
str
#define str(s)
Definition: suricata-common.h:256
ConfigCheckDataDirectory
TmEcode ConfigCheckDataDirectory(const char *data_dir)
Definition: util-conf.c:102
SCInstance_::sig_file_exclusive
int sig_file_exclusive
Definition: suricata.h:134
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:215
ConfigGetLogDirectory
const char * ConfigGetLogDirectory()
Definition: util-conf.c:36
DetectEngineReloadStart
int DetectEngineReloadStart(void)
Definition: detect-engine.c:1475
SC_ERR_NO_NETMAP
@ SC_ERR_NO_NETMAP
Definition: util-error.h:294
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:281
DEFAULT_CONF_FILE
#define DEFAULT_CONF_FILE
Definition: suricata.h:80
ConfNode_
Definition: conf.h:32
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:226
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
TmModuleReceivePcapRegister
void TmModuleReceivePcapRegister(void)
Registration Function for RecievePcap.
Definition: source-pcap.c:109
util-ioctl.h
detect-parse.h
SCInstance_::system
bool system
Definition: suricata.h:149
SCInstance_::pid_filename
char * pid_filename
Definition: suricata.h:135
TmModuleRespondRejectRegister
void TmModuleRespondRejectRegister(void)
Definition: respond-reject.c:50
CoredumpEnable
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
Definition: util-coredump-config.c:53
RunUnittests
void RunUnittests(int list_unittests, const char *regex_arg)
Definition: runmode-unittests.c:221
source-erf-file.h
ConfigCheckLogDirectoryExists
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
Definition: util-conf.c:54
SURI_HOST_IS_SNIFFER_ONLY
@ SURI_HOST_IS_SNIFFER_ONLY
Definition: suricata.h:119
StreamTcpInitConfig
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
TimeDeinit
void TimeDeinit(void)
Definition: util-time.c:85
PacketAlertTagInit
void PacketAlertTagInit(void)
Definition: detect-engine-alert.c:37
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:1985
tmqh-flow.h
RUNMODE_WINDIVERT
@ RUNMODE_WINDIVERT
Definition: runmodes.h:42
SCProfilingRulesGlobalInit
void SCProfilingRulesGlobalInit(void)
Definition: util-profiling-rules.c:114
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:244
SC_ERR_MEM_ALLOC
@ SC_ERR_MEM_ALLOC
Definition: util-error.h:31
TmModuleNapatechStreamRegister
void TmModuleNapatechStreamRegister(void)
Register the Napatech receiver (reader) module.
Definition: source-napatech.c:130
SCProfilingKeywordsGlobalInit
void SCProfilingKeywordsGlobalInit(void)
Definition: util-profiling-keywords.c:69
suricata.h
ConfGetValue
int ConfGetValue(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:360
SC_ERR_NFLOG_NOSUPPORT
@ SC_ERR_NFLOG_NOSUPPORT
Definition: util-error.h:278
EngineDone
void EngineDone(void)
Used to indicate that the current task is done.
Definition: suricata.c:428
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:38
app-layer-smb.h
util-mpm-hs.h
SC_ERR_LOGDIR_CMDLINE
@ SC_ERR_LOGDIR_CMDLINE
Definition: util-error.h:147
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
Definition: suricata.c:2020
context
SuricataContext context
Definition: suricata.c:2635
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:722
SuricataContext_::FileOpenFileWithId
int(* FileOpenFileWithId)(FileContainer *, const StreamingBufferConfig *, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: rust-context.h:36
NFQContextsClean
void NFQContextsClean()
Clean global contexts. Must be called on exit.
Definition: source-nfq.c:1284
SuricataContext_::FileContainerRecycle
void(* FileContainerRecycle)(FileContainer *ffc)
Definition: rust-context.h:45
ConfSet
int ConfSet(const char *name, const char *val)
Set a configuration value.
Definition: conf.c:220
DetectEngineReload
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
Definition: detect-engine.c:3955
SCInstance_::do_setgid
uint8_t do_setgid
Definition: suricata.h:144
DEFAULT_MAX_PENDING_PACKETS
#define DEFAULT_MAX_PENDING_PACKETS
Definition: suricata.c:195
SCInstance_
Definition: suricata.h:128
TmThreadCheckThreadState
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
Definition: tm-threads.c:1800
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:2643
SC_ERR_INITIALIZATION
@ SC_ERR_INITIALIZATION
Definition: util-error.h:75
SCInstance_::disabled_detect
int disabled_detect
Definition: suricata.h:154
app-layer-smtp.h
FileCloseFileById
int FileCloseFileById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: util-file.c:1028
SCProfilingSghsGlobalInit
void SCProfilingSghsGlobalInit(void)
Definition: util-profiling-rulegroups.c:71
SCPidfileCreate
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
Definition: util-pidfile.c:41
LiveRegisterDeviceName
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
Definition: util-device.c:95
ENGINE_MODE_IDS
@ ENGINE_MODE_IDS
Definition: suricata.h:108
LiveDeviceFinalize
void LiveDeviceFinalize(void)
Definition: util-device.c:473
PROG_VER
#define PROG_VER
Definition: suricata.h:72
util-misc.h
PacketPoolDestroy
void PacketPoolDestroy(void)
Definition: tmqh-packetpool.c:407
HTPFreeConfig
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
Definition: app-layer-htp.c:2065
flow.h
respond-reject.h
SCInstance_::regex_arg
char * regex_arg
Definition: suricata.h:136
ListKeywords
int ListKeywords(const char *keyword_info)
Definition: util-running-modes.c:33
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:269
SCProtoNameDeInit
void SCProtoNameDeInit()
Function to clears the memory used in storing the protocol names.
Definition: util-proto-name.c:111
FileContainerRecycle
void FileContainerRecycle(FileContainer *ffc)
Recycle a FileContainer.
Definition: util-file.c:440
StatsReleaseResources
void StatsReleaseResources()
Releases the resources alloted by the Stats API.
Definition: counters.c:1252
RUNMODE_AFP_DEV
@ RUNMODE_AFP_DEV
Definition: runmodes.h:37
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:341
SCPidfileRemove
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
Definition: util-pidfile.c:83
flow-var.h
SC_ERR_NAPATECH_REQUIRED
@ SC_ERR_NAPATECH_REQUIRED
Definition: util-error.h:249
ThresholdInit
void ThresholdInit(void)
Definition: detect-engine-threshold.c:80
SuricataContext_
Definition: rust-context.h:28
TimeInit
void TimeInit(void)
Definition: util-time.c:77
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
SCInstance_::keyword_info
char * keyword_info
Definition: suricata.h:138
SC_ERR_LOGDIR_CONFIG
@ SC_ERR_LOGDIR_CONFIG
Definition: util-error.h:146
SC_ERR_MULTIPLE_RUN_MODE
@ SC_ERR_MULTIPLE_RUN_MODE
Definition: util-error.h:156
SCInstance_::do_setuid
uint8_t do_setuid
Definition: suricata.h:143
app-layer-ssl.h
NetmapRunModeIsIPS
int NetmapRunModeIsIPS(void)
SCProfilingInit
void SCProfilingInit(void)
Initialize profiling.
Definition: util-profiling.c:140
g_ut_modules
int g_ut_modules
Definition: suricata.c:848
detect-engine-address.h
RUNMODE_IPFW
@ RUNMODE_IPFW
Definition: runmodes.h:34
output.h
util-storage.h
DetectEngineCtx_::failure_fatal
int failure_fatal
Definition: detect.h:763
util-threshold-config.h
DefragInit
void DefragInit(void)
Definition: defrag.c:1068
DetectEngineReloadIsStart
int DetectEngineReloadIsStart(void)
Definition: detect-engine.c:1489
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:198
host-bit.h
detect-engine-threshold.h
RunModeDispatch
void RunModeDispatch(int runmode, const char *custom_mode)
Definition: runmodes.c:278
SC_ERR_NO_PF_RING
@ SC_ERR_NO_PF_RING
Definition: util-error.h:60
RUNMODE_LIST_UNITTEST
@ RUNMODE_LIST_UNITTEST
Definition: runmodes.h:52
app-layer.h
TagDestroyCtx
void TagDestroyCtx(void)
Destroy tag context hash tables.
Definition: detect-engine-tag.c:73
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1224
g_disable_randomness
int g_disable_randomness
Definition: suricata.c:227
GetIfaceMTU
int GetIfaceMTU(const char *pcap_dev)
output the link MTU
Definition: util-ioctl.c:91
MpmHSGlobalCleanup
void MpmHSGlobalCleanup(void)
TmqResetQueues
void TmqResetQueues(void)
Definition: tm-queues.c:80