suricata
suricata.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 
26 #if HAVE_GETOPT_H
27 #include <getopt.h>
28 #endif
29 
30 #if HAVE_SIGNAL_H
31 #include <signal.h>
32 #endif
33 
34 #include "suricata.h"
35 #include "decode.h"
36 #include "feature.h"
37 #include "detect.h"
38 #include "packet-queue.h"
39 #include "threads.h"
40 #include "threadvars.h"
41 #include "flow-worker.h"
42 
43 #include "util-atomic.h"
44 #include "util-spm.h"
45 #include "util-cpu.h"
46 #include "util-action.h"
47 #include "util-pidfile.h"
48 #include "util-ioctl.h"
49 #include "util-device.h"
50 #include "util-misc.h"
51 #include "util-running-modes.h"
52 
53 #include "detect-engine.h"
54 #include "detect-parse.h"
55 #include "detect-fast-pattern.h"
56 #include "detect-engine-tag.h"
57 #include "detect-engine-threshold.h"
58 #include "detect-engine-address.h"
59 #include "detect-engine-port.h"
60 #include "detect-engine-mpm.h"
61 
62 #include "tm-queuehandlers.h"
63 #include "tm-queues.h"
64 #include "tm-threads.h"
65 
66 #include "tmqh-flow.h"
67 
68 #include "conf.h"
69 #include "conf-yaml-loader.h"
70 
71 #include "datasets.h"
72 
73 #include "stream-tcp.h"
74 
75 #include "source-nfq.h"
76 #include "source-nfq-prototypes.h"
77 
78 #include "source-nflog.h"
79 
80 #include "source-ipfw.h"
81 
82 #include "source-pcap.h"
83 #include "source-pcap-file.h"
84 
85 #include "source-pfring.h"
86 
87 #include "source-erf-file.h"
88 #include "source-erf-dag.h"
89 #include "source-napatech.h"
90 
91 #include "source-af-packet.h"
92 #include "source-netmap.h"
93 
94 #include "source-windivert.h"
95 #include "source-windivert-prototypes.h"
96 
97 #include "respond-reject.h"
98 
99 #include "flow.h"
100 #include "flow-timeout.h"
101 #include "flow-manager.h"
102 #include "flow-bypass.h"
103 #include "flow-var.h"
104 #include "flow-bit.h"
105 #include "pkt-var.h"
106 #include "host-bit.h"
107 
108 #include "ippair.h"
109 #include "ippair-bit.h"
110 
111 #include "host.h"
112 #include "unix-manager.h"
113 
114 #include "app-layer.h"
115 #include "app-layer-parser.h"
116 #include "app-layer-register.h"
117 #include "app-layer-htp.h"
118 #include "app-layer-ssl.h"
119 #include "app-layer-ssh.h"
120 #include "app-layer-ftp.h"
121 #include "app-layer-smtp.h"
122 #include "app-layer-modbus.h"
123 #include "app-layer-enip.h"
124 #include "app-layer-dnp3.h"
125 #include "app-layer-smb.h"
126 #include "app-layer-dcerpc.h"
127 
128 #include "output-filestore.h"
129 
130 #include "util-ebpf.h"
131 #include "util-radix-tree.h"
132 #include "util-host-os-info.h"
133 #include "util-cidr.h"
134 #include "util-unittest.h"
135 #include "util-unittest-helper.h"
136 #include "util-time.h"
137 #include "util-rule-vars.h"
138 #include "util-classification-config.h"
139 #include "util-threshold-config.h"
140 #include "util-reference-config.h"
141 #include "util-profiling.h"
142 #include "util-magic.h"
143 #include "util-signal.h"
144 
145 #include "util-coredump-config.h"
146 
147 #include "util-decode-mime.h"
148 
149 #include "defrag.h"
150 
151 #include "runmodes.h"
152 #include "runmode-unittests.h"
153 
154 #include "util-debug.h"
155 #include "util-error.h"
156 #include "util-daemon.h"
157 #include "util-byte.h"
158 #include "reputation.h"
159 
160 #include "output.h"
161 
162 #include "util-privs.h"
163 
164 #include "tmqh-packetpool.h"
165 
166 #include "util-proto-name.h"
167 #include "util-mpm-hs.h"
168 #include "util-storage.h"
169 #include "host-storage.h"
170 
171 #include "util-lua.h"
172 
173 #include "util-plugin.h"
174 
175 #include "rust.h"
176 
177 /*
178  * we put this here, because we only use it here in main.
179  */
180 volatile sig_atomic_t sigint_count = 0;
181 volatile sig_atomic_t sighup_count = 0;
182 volatile sig_atomic_t sigterm_count = 0;
183 volatile sig_atomic_t sigusr2_count = 0;
184 
185 /*
186  * Flag to indicate if the engine is at the initialization
187  * or already processing packets. 3 stages: SURICATA_INIT,
188  * SURICATA_RUNTIME and SURICATA_FINALIZE
189  */
190 SC_ATOMIC_DECLARE(unsigned int, engine_stage);
191 
192 /* Max packets processed simultaniously per thread. */
193 #define DEFAULT_MAX_PENDING_PACKETS 1024
194 
195 /** suricata engine control flags */
196 volatile uint8_t suricata_ctl_flags = 0;
197 
198 /** Run mode selected */
199 int run_mode = RUNMODE_UNKNOWN;
200 
201 /** Engine mode: inline (ENGINE_MODE_IPS) or just
202  * detection mode (ENGINE_MODE_IDS by default) */
203 static enum EngineMode g_engine_mode = ENGINE_MODE_IDS;
204 
205 /** Host mode: set if box is sniffing only
206  * or is a router */
207 uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY;
208 
209 /** Maximum packets to simultaneously process. */
210 intmax_t max_pending_packets;
211 
212 /** global indicating if detection is enabled */
213 int g_detect_disabled = 0;
214 
215 /** set caps or not */
216 int sc_set_caps = FALSE;
217 
218 /** highest mtu of the interfaces we monitor */
219 int g_default_mtu = 0;
220 
221 bool g_system = false;
222 
223 /** disable randomness to get reproducible results accross runs */
224 #ifndef AFLFUZZ_NO_RANDOM
225 int g_disable_randomness = 0;
226 #else
227 int g_disable_randomness = 1;
228 #endif
229 
230 /** determine (without branching) if we include the vlan_ids when hashing or
231  * comparing flows */
232 uint16_t g_vlan_mask = 0xffff;
233 
234 /* flag to disable hashing almost globally, to be similar to disabling nss
235  * support */
236 bool g_disable_hashing = false;
237 
238 /** Suricata instance */
239 SCInstance suricata;
240 
241 int SuriHasSigFile(void)
242 {
243  return (suricata.sig_file != NULL);
244 }
245 
246 int EngineModeIsIPS(void)
247 {
248  return (g_engine_mode == ENGINE_MODE_IPS);
249 }
250 
251 int EngineModeIsIDS(void)
252 {
253  return (g_engine_mode == ENGINE_MODE_IDS);
254 }
255 
256 void EngineModeSetIPS(void)
257 {
258  g_engine_mode = ENGINE_MODE_IPS;
259 }
260 
261 void EngineModeSetIDS(void)
262 {
263  g_engine_mode = ENGINE_MODE_IDS;
264 }
265 
266 int RunmodeIsUnittests(void)
267 {
268  if (run_mode == RUNMODE_UNITTEST)
269  return 1;
270 
271  return 0;
272 }
273 
274 int RunmodeGetCurrent(void)
275 {
276  return run_mode;
277 }
278 
279 /** signal handlers
280  *
281  * WARNING: don't use the SCLog* API in the handlers. The API is complex
282  * with memory allocation possibly happening, calls to syslog, json message
283  * construction, etc.
284  */
285 
286 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
287 static void SignalHandlerSigint(/*@unused@*/ int sig)
288 {
289  sigint_count = 1;
290 }
291 static void SignalHandlerSigterm(/*@unused@*/ int sig)
292 {
293  sigterm_count = 1;
294 }
295 #endif
296 
297 #ifndef OS_WIN32
298 /**
299  * SIGUSR2 handler. Just set sigusr2_count. The main loop will act on
300  * it.
301  */
302 static void SignalHandlerSigusr2(int sig)
303 {
304  if (sigusr2_count < 2)
305  sigusr2_count++;
306 }
307 
308 /**
309  * SIGHUP handler. Just set sighup_count. The main loop will act on
310  * it.
311  */
312 static void SignalHandlerSigHup(/*@unused@*/ int sig)
313 {
314  sighup_count = 1;
315 }
316 #endif
317 
318 void GlobalsInitPreConfig(void)
319 {
320  TimeInit();
321  SupportFastPatternForSigMatchTypes();
322  SCThresholdConfGlobalInit();
323 }
324 
325 static void GlobalsDestroy(SCInstance *suri)
326 {
327  HostShutdown();
328  HTPFreeConfig();
329  HTPAtExitPrintStats();
330 
331  AppLayerHtpPrintStats();
332 
333  /* TODO this can do into it's own func */
334  DetectEngineCtx *de_ctx = DetectEngineGetCurrent();
335  if (de_ctx) {
336  DetectEngineMoveToFreeList(de_ctx);
337  DetectEngineDeReference(&de_ctx);
338  }
339  DetectEnginePruneFreeList();
340 
341  AppLayerDeSetup();
342  DatasetsSave();
343  DatasetsDestroy();
344  TagDestroyCtx();
345 
346  LiveDeviceListClean();
347  OutputDeregisterAll();
348  FeatureTrackingRelease();
349  TimeDeinit();
350  SCProtoNameDeInit();
351  if (!suri->disabled_detect) {
352  SCReferenceConfDeinit();
353  SCClassConfDeinit();
354  }
355  TmqhCleanup();
356  TmModuleRunDeInit();
357  ParseSizeDeinit();
358 
359 #ifdef HAVE_AF_PACKET
360  AFPPeersListClean();
361 #endif
362 
363 #ifdef NFQ
364  NFQContextsClean();
365 #endif
366 
367 #ifdef BUILD_HYPERSCAN
368  MpmHSGlobalCleanup();
369 #endif
370 
371  ConfDeInit();
372 #ifdef HAVE_LUAJIT
373  LuajitFreeStatesPool();
374 #endif
375  SCLogDeInitLogModule();
376  DetectParseFreeRegexes();
377  SCThresholdConfGlobalFree();
378 
379  SCPidfileRemove(suri->pid_filename);
380  SCFree(suri->pid_filename);
381  suri->pid_filename = NULL;
382 }
383 
384 /** \brief make sure threads can stop the engine by calling this
385  * function. Purpose: pcap file mode needs to be able to tell the
386  * engine the file eof is reached. */
387 void EngineStop(void)
388 {
389  suricata_ctl_flags |= SURICATA_STOP;
390 }
391 
392 /**
393  * \brief Used to indicate that the current task is done.
394  *
395  * This is mainly used by pcap-file to tell it has finished
396  * to treat a pcap files when running in unix-socket mode.
397  */
398 void EngineDone(void)
399 {
400  suricata_ctl_flags |= SURICATA_DONE;
401 }
402 
403 static int SetBpfString(int argc, char *argv[])
404 {
405  char *bpf_filter = NULL;
406  uint32_t bpf_len = 0;
407  int tmpindex = 0;
408 
409  /* attempt to parse remaining args as bpf filter */
410  tmpindex = argc;
411  while(argv[tmpindex] != NULL) {
412  bpf_len+=strlen(argv[tmpindex]) + 1;
413  tmpindex++;
414  }
415 
416  if (bpf_len == 0)
417  return TM_ECODE_OK;
418 
419  if (EngineModeIsIPS()) {
420  SCLogError(SC_ERR_NOT_SUPPORTED,
421  "BPF filter not available in IPS mode."
422  " Use firewall filtering if possible.");
423  return TM_ECODE_FAILED;
424  }
425 
426  bpf_filter = SCMalloc(bpf_len);
427  if (unlikely(bpf_filter == NULL))
428  return TM_ECODE_OK;
429  memset(bpf_filter, 0x00, bpf_len);
430 
431  tmpindex = optind;
432  while(argv[tmpindex] != NULL) {
433  strlcat(bpf_filter, argv[tmpindex],bpf_len);
434  if(argv[tmpindex + 1] != NULL) {
435  strlcat(bpf_filter," ", bpf_len);
436  }
437  tmpindex++;
438  }
439 
440  if(strlen(bpf_filter) > 0) {
441  if (ConfSetFinal("bpf-filter", bpf_filter) != 1) {
442  SCLogError(SC_ERR_FATAL, "Failed to set bpf filter.");
443  SCFree(bpf_filter);
444  return TM_ECODE_FAILED;
445  }
446  }
447  SCFree(bpf_filter);
448 
449  return TM_ECODE_OK;
450 }
451 
452 static void SetBpfStringFromFile(char *filename)
453 {
454  char *bpf_filter = NULL;
455  char *bpf_comment_tmp = NULL;
456  char *bpf_comment_start = NULL;
457  uint32_t bpf_len = 0;
458 #ifdef OS_WIN32
459  struct _stat st;
460 #else
461  struct stat st;
462 #endif /* OS_WIN32 */
463  FILE *fp = NULL;
464  size_t nm = 0;
465 
466  if (EngineModeIsIPS()) {
467  FatalError(SC_ERR_FATAL,
468  "BPF filter not available in IPS mode."
469  " Use firewall filtering if possible.");
470  }
471 
472 #ifdef OS_WIN32
473  if(_stat(filename, &st) != 0) {
474 #else
475  if(stat(filename, &st) != 0) {
476 #endif /* OS_WIN32 */
477  SCLogError(SC_ERR_FOPEN, "Failed to stat file %s", filename);
478  exit(EXIT_FAILURE);
479  }
480  bpf_len = st.st_size + 1;
481 
482  // coverity[toctou : FALSE]
483  fp = fopen(filename,"r");
484  if (fp == NULL) {
485  SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
486  exit(EXIT_FAILURE);
487  }
488 
489  bpf_filter = SCMalloc(bpf_len * sizeof(char));
490  if (unlikely(bpf_filter == NULL)) {
491  SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate buffer for bpf filter in file %s", filename);
492  exit(EXIT_FAILURE);
493  }
494  memset(bpf_filter, 0x00, bpf_len);
495 
496  nm = fread(bpf_filter, 1, bpf_len - 1, fp);
497  if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
498  SCLogError(SC_ERR_BPF, "Failed to read complete BPF file %s", filename);
499  SCFree(bpf_filter);
500  fclose(fp);
501  exit(EXIT_FAILURE);
502  }
503  fclose(fp);
504  bpf_filter[nm] = '\0';
505 
506  if(strlen(bpf_filter) > 0) {
507  /*replace comments with space*/
508  bpf_comment_start = bpf_filter;
509  while((bpf_comment_tmp = strchr(bpf_comment_start, '#')) != NULL) {
510  while((*bpf_comment_tmp !='\0') &&
511  (*bpf_comment_tmp != '\r') && (*bpf_comment_tmp != '\n'))
512  {
513  *bpf_comment_tmp++ = ' ';
514  }
515  bpf_comment_start = bpf_comment_tmp;
516  }
517  /*remove remaining '\r' and '\n' */
518  while((bpf_comment_tmp = strchr(bpf_filter, '\r')) != NULL) {
519  *bpf_comment_tmp = ' ';
520  }
521  while((bpf_comment_tmp = strchr(bpf_filter, '\n')) != NULL) {
522  *bpf_comment_tmp = ' ';
523  }
524  /* cut trailing spaces */
525  while (strlen(bpf_filter) > 0 &&
526  bpf_filter[strlen(bpf_filter)-1] == ' ')
527  {
528  bpf_filter[strlen(bpf_filter)-1] = '\0';
529  }
530  if (strlen(bpf_filter) > 0) {
531  if(ConfSetFinal("bpf-filter", bpf_filter) != 1) {
532  SCLogError(SC_ERR_FOPEN, "ERROR: Failed to set bpf filter!");
533  SCFree(bpf_filter);
534  exit(EXIT_FAILURE);
535  }
536  }
537  }
538  SCFree(bpf_filter);
539 }
540 
541 static void PrintUsage(const char *progname)
542 {
543 #ifdef REVISION
544  printf("%s %s (%s)\n", PROG_NAME, PROG_VER, xstr(REVISION));
545 #else
546  printf("%s %s\n", PROG_NAME, PROG_VER);
547 #endif
548  printf("USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
549  printf("\t-c <path> : path to configuration file\n");
550  printf("\t-T : test configuration file (use with -c)\n");
551  printf("\t-i <dev or ip> : run in pcap live mode\n");
552  printf("\t-F <bpf filter file> : bpf filter file\n");
553  printf("\t-r <path> : run in pcap file/offline mode\n");
554 #ifdef NFQ
555  printf("\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
556 #endif /* NFQ */
557 #ifdef IPFW
558  printf("\t-d <divert port> : run in inline ipfw divert mode\n");
559 #endif /* IPFW */
560  printf("\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
561  printf("\t-S <path> : path to signature file loaded exclusively (optional)\n");
562  printf("\t-l <dir> : default log directory\n");
563 #ifndef OS_WIN32
564  printf("\t-D : run as daemon\n");
565 #else
566  printf("\t--service-install : install as service\n");
567  printf("\t--service-remove : remove service\n");
568  printf("\t--service-change-params : change service startup parameters\n");
569 #endif /* OS_WIN32 */
570  printf("\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
571  printf("\t-V : display Suricata version\n");
572  printf("\t-v : be more verbose (use multiple times to increase verbosity)\n");
573 #ifdef UNITTESTS
574  printf("\t-u : run the unittests and exit\n");
575  printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
576  printf("\t--list-unittests : list unit tests\n");
577  printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
578  printf("\t--unittests-coverage : display unittest coverage report\n");
579 #endif /* UNITTESTS */
580  printf("\t--list-app-layer-protos : list supported app layer protocols\n");
581  printf("\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
582  printf("\t--list-runmodes : list supported runmodes\n");
583  printf("\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
584  "\t supplied should be the id for the runmode obtained by running\n"
585  "\t --list-runmodes\n");
586  printf("\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
587  "\t Please have a look at the conf parameter engine-analysis on what reports\n"
588  "\t can be printed\n");
589  printf("\t--pidfile <file> : write pid to this file\n");
590  printf("\t--init-errors-fatal : enable fatal failure on signature init error\n");
591  printf("\t--disable-detection : disable detection engine\n");
592  printf("\t--dump-config : show the running configuration\n");
593  printf("\t--dump-features : display provided features\n");
594  printf("\t--build-info : display build information\n");
595  printf("\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
596  printf("\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
597  printf("\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
598  printf("\t--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)\n");
599 #ifdef HAVE_PCAP_SET_BUFF
600  printf("\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
601 #endif /* HAVE_SET_PCAP_BUFF */
602 #ifdef HAVE_AF_PACKET
603  printf("\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
604 #endif
605 #ifdef HAVE_NETMAP
606  printf("\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
607 #endif
608 #ifdef HAVE_PFRING
609  printf("\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
610  printf("\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
611  printf("\t--pfring-cluster-id <id> : pfring cluster id \n");
612  printf("\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
613 #endif /* HAVE_PFRING */
614  printf("\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
615 #ifdef HAVE_LIBCAP_NG
616  printf("\t--user <user> : run suricata as this user after init\n");
617  printf("\t--group <group> : run suricata as this group after init\n");
618 #endif /* HAVE_LIBCAP_NG */
619  printf("\t--erf-in <path> : process an ERF file\n");
620 #ifdef HAVE_DAG
621  printf("\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
622 #endif
623 #ifdef HAVE_NAPATECH
624  printf("\t--napatech : run Napatech Streams using the API\n");
625 #endif
626 #ifdef BUILD_UNIX_SOCKET
627  printf("\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
628 #endif
629 #ifdef WINDIVERT
630  printf("\t--windivert <filter> : run in inline WinDivert mode\n");
631  printf("\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
632 #endif
633 #ifdef HAVE_LIBNET11
634  printf("\t--reject-dev <dev> : send reject packets from this interface\n");
635 #endif
636  printf("\t--set name=value : set a configuration value\n");
637  printf("\n");
638  printf("\nTo run the engine with default configuration on "
639  "interface eth0 with signature file \"signatures.rules\", run the "
640  "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
641  progname);
642 }
643 
644 static void PrintBuildInfo(void)
645 {
646  const char *bits = "<unknown>-bits";
647  const char *endian = "<unknown>-endian";
648  char features[2048] = "";
649  const char *tls;
650 
651  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
652 
653 #ifdef DEBUG
654  strlcat(features, "DEBUG ", sizeof(features));
655 #endif
656 #ifdef DEBUG_VALIDATION
657  strlcat(features, "DEBUG_VALIDATION ", sizeof(features));
658 #endif
659 #ifdef UNITTESTS
660  strlcat(features, "UNITTESTS ", sizeof(features));
661 #endif
662 #ifdef NFQ
663  strlcat(features, "NFQ ", sizeof(features));
664 #endif
665 #ifdef IPFW
666  strlcat(features, "IPFW ", sizeof(features));
667 #endif
668 #ifdef HAVE_PCAP_SET_BUFF
669  strlcat(features, "PCAP_SET_BUFF ", sizeof(features));
670 #endif
671 #ifdef HAVE_PFRING
672  strlcat(features, "PF_RING ", sizeof(features));
673 #endif
674 #ifdef HAVE_AF_PACKET
675  strlcat(features, "AF_PACKET ", sizeof(features));
676 #endif
677 #ifdef HAVE_NETMAP
678  strlcat(features, "NETMAP ", sizeof(features));
679 #endif
680 #ifdef HAVE_PACKET_FANOUT
681  strlcat(features, "HAVE_PACKET_FANOUT ", sizeof(features));
682 #endif
683 #ifdef HAVE_DAG
684  strlcat(features, "DAG ", sizeof(features));
685 #endif
686 #ifdef HAVE_LIBCAP_NG
687  strlcat(features, "LIBCAP_NG ", sizeof(features));
688 #endif
689 #ifdef HAVE_LIBNET11
690  strlcat(features, "LIBNET1.1 ", sizeof(features));
691 #endif
692 #ifdef HAVE_HTP_URI_NORMALIZE_HOOK
693  strlcat(features, "HAVE_HTP_URI_NORMALIZE_HOOK ", sizeof(features));
694 #endif
695 #ifdef PCRE_HAVE_JIT
696  strlcat(features, "PCRE_JIT ", sizeof(features));
697 #endif
698  /* For compatibility, just say we have HAVE_NSS. */
699  strlcat(features, "HAVE_NSS ", sizeof(features));
700  /* HTTP2_DECOMPRESSION is not an optional feature in this major version */
701  strlcat(features, "HTTP2_DECOMPRESSION ", sizeof(features));
702 #ifdef HAVE_LUA
703  strlcat(features, "HAVE_LUA ", sizeof(features));
704 #endif
705 #ifdef HAVE_LUAJIT
706  strlcat(features, "HAVE_LUAJIT ", sizeof(features));
707 #endif
708  strlcat(features, "HAVE_LIBJANSSON ", sizeof(features));
709 #ifdef PROFILING
710  strlcat(features, "PROFILING ", sizeof(features));
711 #endif
712 #ifdef PROFILE_LOCKING
713  strlcat(features, "PROFILE_LOCKING ", sizeof(features));
714 #endif
715 #if defined(TLS_C11) || defined(TLS_GNU)
716  strlcat(features, "TLS ", sizeof(features));
717 #endif
718 #if defined(TLS_C11)
719  strlcat(features, "TLS_C11 ", sizeof(features));
720 #elif defined(TLS_GNU)
721  strlcat(features, "TLS_GNU ", sizeof(features));
722 #endif
723 #ifdef HAVE_MAGIC
724  strlcat(features, "MAGIC ", sizeof(features));
725 #endif
726  strlcat(features, "RUST ", sizeof(features));
727  if (strlen(features) == 0) {
728  strlcat(features, "none", sizeof(features));
729  }
730 
731  printf("Features: %s\n", features);
732 
733  /* SIMD stuff */
734  memset(features, 0x00, sizeof(features));
735 #if defined(__SSE4_2__)
736  strlcat(features, "SSE_4_2 ", sizeof(features));
737 #endif
738 #if defined(__SSE4_1__)
739  strlcat(features, "SSE_4_1 ", sizeof(features));
740 #endif
741 #if defined(__SSE3__)
742  strlcat(features, "SSE_3 ", sizeof(features));
743 #endif
744  if (strlen(features) == 0) {
745  strlcat(features, "none", sizeof(features));
746  }
747  printf("SIMD support: %s\n", features);
748 
749  /* atomics stuff */
750  memset(features, 0x00, sizeof(features));
751 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
752  strlcat(features, "1 ", sizeof(features));
753 #endif
754 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
755  strlcat(features, "2 ", sizeof(features));
756 #endif
757 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
758  strlcat(features, "4 ", sizeof(features));
759 #endif
760 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
761  strlcat(features, "8 ", sizeof(features));
762 #endif
763 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
764  strlcat(features, "16 ", sizeof(features));
765 #endif
766  if (strlen(features) == 0) {
767  strlcat(features, "none", sizeof(features));
768  } else {
769  strlcat(features, "byte(s)", sizeof(features));
770  }
771  printf("Atomic intrinsics: %s\n", features);
772 
773 #if __WORDSIZE == 64
774  bits = "64-bits";
775 #elif __WORDSIZE == 32
776  bits = "32-bits";
777 #endif
778 
779 #if __BYTE_ORDER == __BIG_ENDIAN
780  endian = "Big-endian";
781 #elif __BYTE_ORDER == __LITTLE_ENDIAN
782  endian = "Little-endian";
783 #endif
784 
785  printf("%s, %s architecture\n", bits, endian);
786 #ifdef __GNUC__
787  printf("GCC version %s, C version %"PRIiMAX"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
788 #else
789  printf("C version %"PRIiMAX"\n", (intmax_t)__STDC_VERSION__);
790 #endif
791 
792 #if __SSP__ == 1
793  printf("compiled with -fstack-protector\n");
794 #endif
795 #if __SSP_ALL__ == 2
796  printf("compiled with -fstack-protector-all\n");
797 #endif
798 /*
799  * Workaround for special defines of _FORTIFY_SOURCE like
800  * FORTIFY_SOURCE=((defined __OPTIMIZE && OPTIMIZE > 0) ? 2 : 0)
801  * which is used by Gentoo for example and would result in the error
802  * 'defined' undeclared when _FORTIFY_SOURCE used via %d in printf func
803  *
804  */
805 #if _FORTIFY_SOURCE == 2
806  printf("compiled with _FORTIFY_SOURCE=2\n");
807 #elif _FORTIFY_SOURCE == 1
808  printf("compiled with _FORTIFY_SOURCE=1\n");
809 #elif _FORTIFY_SOURCE == 0
810  printf("compiled with _FORTIFY_SOURCE=0\n");
811 #endif
812 #ifdef CLS
813  printf("L1 cache line size (CLS)=%d\n", CLS);
814 #endif
815 #if defined(TLS_C11)
816  tls = "_Thread_local";
817 #elif defined(TLS_GNU)
818  tls = "__thread";
819 #else
820 #error "Unsupported thread local"
821 #endif
822  printf("thread local storage method: %s\n", tls);
823 
824  printf("compiled with %s, linked against %s\n",
825  HTP_VERSION_STRING_FULL, htp_get_version());
826  printf("\n");
827 #include "build-info.h"
828 }
829 
830 int coverage_unittests;
831 int g_ut_modules;
832 int g_ut_covered;
833 
834 void RegisterAllModules(void)
835 {
836  // zero all module storage
837  memset(tmm_modules, 0, TMM_SIZE * sizeof(TmModule));
838 
839  /* commanders */
840  TmModuleUnixManagerRegister();
841  /* managers */
842  TmModuleFlowManagerRegister();
843  TmModuleFlowRecyclerRegister();
844  TmModuleBypassedFlowManagerRegister();
845  /* nfq */
846  TmModuleReceiveNFQRegister();
847  TmModuleVerdictNFQRegister();
848  TmModuleDecodeNFQRegister();
849  /* ipfw */
850  TmModuleReceiveIPFWRegister();
851  TmModuleVerdictIPFWRegister();
852  TmModuleDecodeIPFWRegister();
853  /* pcap live */
854  TmModuleReceivePcapRegister();
855  TmModuleDecodePcapRegister();
856  /* pcap file */
857  TmModuleReceivePcapFileRegister();
858  TmModuleDecodePcapFileRegister();
859  /* af-packet */
860  TmModuleReceiveAFPRegister();
861  TmModuleDecodeAFPRegister();
862  /* netmap */
863  TmModuleReceiveNetmapRegister();
864  TmModuleDecodeNetmapRegister();
865  /* pfring */
866  TmModuleReceivePfringRegister();
867  TmModuleDecodePfringRegister();
868  /* dag file */
869  TmModuleReceiveErfFileRegister();
870  TmModuleDecodeErfFileRegister();
871  /* dag live */
872  TmModuleReceiveErfDagRegister();
873  TmModuleDecodeErfDagRegister();
874  /* napatech */
875  TmModuleNapatechStreamRegister();
876  TmModuleNapatechDecodeRegister();
877 
878  /* flow worker */
879  TmModuleFlowWorkerRegister();
880  /* respond-reject */
881  TmModuleRespondRejectRegister();
882 
883  /* log api */
884  TmModuleLoggerRegister();
885  TmModuleStatsLoggerRegister();
886 
887  TmModuleDebugList();
888  /* nflog */
889  TmModuleReceiveNFLOGRegister();
890  TmModuleDecodeNFLOGRegister();
891 
892  /* windivert */
893  TmModuleReceiveWinDivertRegister();
894  TmModuleVerdictWinDivertRegister();
895  TmModuleDecodeWinDivertRegister();
896 }
897 
898 static TmEcode LoadYamlConfig(SCInstance *suri)
899 {
900  SCEnter();
901 
902  if (suri->conf_filename == NULL)
903  suri->conf_filename = DEFAULT_CONF_FILE;
904 
905  if (ConfYamlLoadFile(suri->conf_filename) != 0) {
906  /* Error already displayed. */
907  SCReturnInt(TM_ECODE_FAILED);
908  }
909 
910  SCReturnInt(TM_ECODE_OK);
911 }
912 
913 static TmEcode ParseInterfacesList(const int runmode, char *pcap_dev)
914 {
915  SCEnter();
916 
917  /* run the selected runmode */
918  if (runmode == RUNMODE_PCAP_DEV) {
919  if (strlen(pcap_dev) == 0) {
920  int ret = LiveBuildDeviceList("pcap");
921  if (ret == 0) {
922  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for pcap");
923  SCReturnInt(TM_ECODE_FAILED);
924  }
925  }
926  } else if (runmode == RUNMODE_PFRING) {
927  /* FIXME add backward compat support */
928  /* iface has been set on command line */
929  if (strlen(pcap_dev)) {
930  if (ConfSetFinal("pfring.live-interface", pcap_dev) != 1) {
931  SCLogError(SC_ERR_INITIALIZATION, "Failed to set pfring.live-interface");
932  SCReturnInt(TM_ECODE_FAILED);
933  }
934  } else {
935  /* not an error condition if we have a 1.0 config */
936  LiveBuildDeviceList("pfring");
937  }
938 #ifdef HAVE_AF_PACKET
939  } else if (runmode == RUNMODE_AFP_DEV) {
940  /* iface has been set on command line */
941  if (strlen(pcap_dev)) {
942  if (ConfSetFinal("af-packet.live-interface", pcap_dev) != 1) {
943  SCLogError(SC_ERR_INITIALIZATION, "Failed to set af-packet.live-interface");
944  SCReturnInt(TM_ECODE_FAILED);
945  }
946  } else {
947  int ret = LiveBuildDeviceList("af-packet");
948  if (ret == 0) {
949  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for af-packet");
950  SCReturnInt(TM_ECODE_FAILED);
951  }
952  }
953 #endif
954 #ifdef HAVE_NETMAP
955  } else if (runmode == RUNMODE_NETMAP) {
956  /* iface has been set on command line */
957  if (strlen(pcap_dev)) {
958  if (ConfSetFinal("netmap.live-interface", pcap_dev) != 1) {
959  SCLogError(SC_ERR_INITIALIZATION, "Failed to set netmap.live-interface");
960  SCReturnInt(TM_ECODE_FAILED);
961  }
962  } else {
963  int ret = LiveBuildDeviceList("netmap");
964  if (ret == 0) {
965  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for netmap");
966  SCReturnInt(TM_ECODE_FAILED);
967  }
968  }
969 #endif
970 #ifdef HAVE_NFLOG
971  } else if (runmode == RUNMODE_NFLOG) {
972  int ret = LiveBuildDeviceListCustom("nflog", "group");
973  if (ret == 0) {
974  SCLogError(SC_ERR_INITIALIZATION, "No group found in config for nflog");
975  SCReturnInt(TM_ECODE_FAILED);
976  }
977 #endif
978  }
979 
980  SCReturnInt(TM_ECODE_OK);
981 }
982 
983 static void SCInstanceInit(SCInstance *suri, const char *progname)
984 {
985  memset(suri, 0x00, sizeof(*suri));
986 
987  suri->progname = progname;
988  suri->run_mode = RUNMODE_UNKNOWN;
989 
990  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
991  suri->sig_file = NULL;
992  suri->sig_file_exclusive = FALSE;
993  suri->pid_filename = NULL;
994  suri->regex_arg = NULL;
995 
996  suri->keyword_info = NULL;
997  suri->runmode_custom_mode = NULL;
998 #ifndef OS_WIN32
999  suri->user_name = NULL;
1000  suri->group_name = NULL;
1001  suri->do_setuid = FALSE;
1002  suri->do_setgid = FALSE;
1003  suri->userid = 0;
1004  suri->groupid = 0;
1005 #endif /* OS_WIN32 */
1006  suri->delayed_detect = 0;
1007  suri->daemon = 0;
1008  suri->offline = 0;
1009  suri->verbose = 0;
1010  /* use -1 as unknown */
1011  suri->checksum_validation = -1;
1012 #if HAVE_DETECT_DISABLED==1
1013  g_detect_disabled = suri->disabled_detect = 1;
1014 #else
1015  g_detect_disabled = suri->disabled_detect = 0;
1016 #endif
1017 }
1018 
1019 const char *GetDocURL(void)
1020 {
1021  const char *prog_ver = GetProgramVersion();
1022  if (strstr(prog_ver, "RELEASE") != NULL) {
1023  return DOC_URL "suricata-" PROG_VER;
1024  }
1025  return DOC_URL "latest";
1026 }
1027 
1028 /** \brief get string with program version
1029  *
1030  * Get the program version as passed to us from AC_INIT
1031  *
1032  * Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed
1033  * to us.
1034  *
1035  * Possible outputs:
1036  * release: '5.0.1 RELEASE'
1037  * dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)'
1038  * dev w/o rev: '5.0.1-dev'
1039  */
1040 const char *GetProgramVersion(void)
1041 {
1042  if (strstr(PROG_VER, "-dev") == NULL) {
1043  return PROG_VER " RELEASE";
1044  } else {
1045 #ifdef REVISION
1046  return PROG_VER " (" xstr(REVISION) ")";
1047 #else
1048  return PROG_VER;
1049 #endif
1050  }
1051 }
1052 
1053 static TmEcode PrintVersion(void)
1054 {
1055  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
1056  return TM_ECODE_OK;
1057 }
1058 
1059 static TmEcode LogVersion(SCInstance *suri)
1060 {
1061  const char *mode = suri->system ? "SYSTEM" : "USER";
1062  SCLogNotice("This is %s version %s running in %s mode",
1063  PROG_NAME, GetProgramVersion(), mode);
1064  return TM_ECODE_OK;
1065 }
1066 
1067 static void SCSetStartTime(SCInstance *suri)
1068 {
1069  memset(&suri->start_time, 0, sizeof(suri->start_time));
1070  gettimeofday(&suri->start_time, NULL);
1071 }
1072 
1073 static void SCPrintElapsedTime(struct timeval *start_time)
1074 {
1075  if (start_time == NULL)
1076  return;
1077  struct timeval end_time;
1078  memset(&end_time, 0, sizeof(end_time));
1079  gettimeofday(&end_time, NULL);
1080  uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1081  (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1082  SCLogInfo("time elapsed %.3fs", (float)milliseconds/(float)1000);
1083 }
1084 
1085 static int ParseCommandLineAfpacket(SCInstance *suri, const char *in_arg)
1086 {
1087 #ifdef HAVE_AF_PACKET
1088  if (suri->run_mode == RUNMODE_UNKNOWN) {
1089  suri->run_mode = RUNMODE_AFP_DEV;
1090  if (in_arg) {
1091  LiveRegisterDeviceName(in_arg);
1092  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1093  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1094  }
1095  } else if (suri->run_mode == RUNMODE_AFP_DEV) {
1096  if (in_arg) {
1097  LiveRegisterDeviceName(in_arg);
1098  } else {
1099  SCLogInfo("Multiple af-packet option without interface on each is useless");
1100  }
1101  } else {
1102  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1103  "has been specified");
1104  PrintUsage(suri->progname);
1105  return TM_ECODE_FAILED;
1106  }
1107  return TM_ECODE_OK;
1108 #else
1109  SCLogError(SC_ERR_NO_AF_PACKET,"AF_PACKET not enabled. On Linux "
1110  "host, make sure to pass --enable-af-packet to "
1111  "configure when building.");
1112  return TM_ECODE_FAILED;
1113 #endif
1114 }
1115 
1116 static int ParseCommandLinePcapLive(SCInstance *suri, const char *in_arg)
1117 {
1118  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1119 
1120  if (in_arg != NULL) {
1121  /* some windows shells require escaping of the \ in \Device. Otherwise
1122  * the backslashes are stripped. We put them back here. */
1123  if (strlen(in_arg) > 9 && strncmp(in_arg, "DeviceNPF", 9) == 0) {
1124  snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", in_arg+9);
1125  } else {
1126  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1127  PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev));
1128  }
1129 
1130  if (strcmp(suri->pcap_dev, in_arg) != 0) {
1131  SCLogInfo("translated %s to pcap device %s", in_arg, suri->pcap_dev);
1132  } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) {
1133  SCLogError(SC_ERR_PCAP_TRANSLATE, "failed to find a pcap device for IP %s", in_arg);
1134  return TM_ECODE_FAILED;
1135  }
1136  }
1137 
1138  if (suri->run_mode == RUNMODE_UNKNOWN) {
1139  suri->run_mode = RUNMODE_PCAP_DEV;
1140  if (in_arg) {
1141  LiveRegisterDeviceName(suri->pcap_dev);
1142  }
1143  } else if (suri->run_mode == RUNMODE_PCAP_DEV) {
1144  LiveRegisterDeviceName(suri->pcap_dev);
1145  } else {
1146  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1147  "has been specified");
1148  PrintUsage(suri->progname);
1149  return TM_ECODE_FAILED;
1150  }
1151  return TM_ECODE_OK;
1152 }
1153 
1154 /**
1155  * Helper function to check if log directory is writable
1156  */
1157 static bool IsLogDirectoryWritable(const char* str)
1158 {
1159  if (access(str, W_OK) == 0)
1160  return true;
1161  return false;
1162 }
1163 
1164 static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
1165 {
1166  int opt;
1167 
1168  int dump_config = 0;
1169  int dump_features = 0;
1170  int list_app_layer_protocols = 0;
1171  int list_unittests = 0;
1172  int list_runmodes = 0;
1173  int list_keywords = 0;
1174  int build_info = 0;
1175  int conf_test = 0;
1176  int engine_analysis = 0;
1177  int ret = TM_ECODE_OK;
1178 
1179 #ifdef UNITTESTS
1180  coverage_unittests = 0;
1181  g_ut_modules = 0;
1182  g_ut_covered = 0;
1183 #endif
1184 
1185  // clang-format off
1186  struct option long_opts[] = {
1187  {"dump-config", 0, &dump_config, 1},
1188  {"dump-features", 0, &dump_features, 1},
1189  {"pfring", optional_argument, 0, 0},
1190  {"pfring-int", required_argument, 0, 0},
1191  {"pfring-cluster-id", required_argument, 0, 0},
1192  {"pfring-cluster-type", required_argument, 0, 0},
1193  {"af-packet", optional_argument, 0, 0},
1194  {"netmap", optional_argument, 0, 0},
1195  {"pcap", optional_argument, 0, 0},
1196  {"pcap-file-continuous", 0, 0, 0},
1197  {"pcap-file-delete", 0, 0, 0},
1198  {"pcap-file-recursive", 0, 0, 0},
1199  {"simulate-ips", 0, 0 , 0},
1200  {"no-random", 0, &g_disable_randomness, 1},
1201  {"strict-rule-keywords", optional_argument, 0, 0},
1202 
1203  {"capture-plugin", required_argument, 0, 0},
1204  {"capture-plugin-args", required_argument, 0, 0},
1205 
1206 #ifdef BUILD_UNIX_SOCKET
1207  {"unix-socket", optional_argument, 0, 0},
1208 #endif
1209  {"pcap-buffer-size", required_argument, 0, 0},
1210  {"unittest-filter", required_argument, 0, 'U'},
1211  {"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1212  {"list-unittests", 0, &list_unittests, 1},
1213  {"list-runmodes", 0, &list_runmodes, 1},
1214  {"list-keywords", optional_argument, &list_keywords, 1},
1215  {"runmode", required_argument, NULL, 0},
1216  {"engine-analysis", 0, &engine_analysis, 1},
1217 #ifdef OS_WIN32
1218  {"service-install", 0, 0, 0},
1219  {"service-remove", 0, 0, 0},
1220  {"service-change-params", 0, 0, 0},
1221 #endif /* OS_WIN32 */
1222  {"pidfile", required_argument, 0, 0},
1223  {"init-errors-fatal", 0, 0, 0},
1224  {"disable-detection", 0, 0, 0},
1225  {"disable-hashing", 0, 0, 0},
1226  {"fatal-unittests", 0, 0, 0},
1227  {"unittests-coverage", 0, &coverage_unittests, 1},
1228  {"user", required_argument, 0, 0},
1229  {"group", required_argument, 0, 0},
1230  {"erf-in", required_argument, 0, 0},
1231  {"dag", required_argument, 0, 0},
1232  {"napatech", 0, 0, 0},
1233  {"build-info", 0, &build_info, 1},
1234  {"data-dir", required_argument, 0, 0},
1235 #ifdef WINDIVERT
1236  {"windivert", required_argument, 0, 0},
1237  {"windivert-forward", required_argument, 0, 0},
1238 #endif
1239 #ifdef HAVE_LIBNET11
1240  {"reject-dev", required_argument, 0, 0},
1241 #endif
1242  {"set", required_argument, 0, 0},
1243 #ifdef HAVE_NFLOG
1244  {"nflog", optional_argument, 0, 0},
1245 #endif
1246  {NULL, 0, NULL, 0}
1247  };
1248  // clang-format on
1249 
1250  /* getopt_long stores the option index here. */
1251  int option_index = 0;
1252 
1253  char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1254 
1255  while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1256  switch (opt) {
1257  case 0:
1258  if (strcmp((long_opts[option_index]).name , "pfring") == 0 ||
1259  strcmp((long_opts[option_index]).name , "pfring-int") == 0) {
1260 #ifdef HAVE_PFRING
1261  suri->run_mode = RUNMODE_PFRING;
1262  if (optarg != NULL) {
1263  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1264  strlcpy(suri->pcap_dev, optarg,
1265  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1266  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1267  LiveRegisterDeviceName(optarg);
1268  }
1269 #else
1270  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1271  "to pass --enable-pfring to configure when building.");
1272  return TM_ECODE_FAILED;
1273 #endif /* HAVE_PFRING */
1274  }
1275  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-id") == 0){
1276 #ifdef HAVE_PFRING
1277  if (ConfSetFinal("pfring.cluster-id", optarg) != 1) {
1278  fprintf(stderr, "ERROR: Failed to set pfring.cluster-id.\n");
1279  return TM_ECODE_FAILED;
1280  }
1281 #else
1282  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1283  "to pass --enable-pfring to configure when building.");
1284  return TM_ECODE_FAILED;
1285 #endif /* HAVE_PFRING */
1286  }
1287  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-type") == 0){
1288 #ifdef HAVE_PFRING
1289  if (ConfSetFinal("pfring.cluster-type", optarg) != 1) {
1290  fprintf(stderr, "ERROR: Failed to set pfring.cluster-type.\n");
1291  return TM_ECODE_FAILED;
1292  }
1293 #else
1294  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1295  "to pass --enable-pfring to configure when building.");
1296  return TM_ECODE_FAILED;
1297 #endif /* HAVE_PFRING */
1298  }
1299  else if (strcmp((long_opts[option_index]).name , "capture-plugin") == 0){
1300  suri->run_mode = RUNMODE_PLUGIN;
1301  suri->capture_plugin_name = optarg;
1302  }
1303  else if (strcmp((long_opts[option_index]).name , "capture-plugin-args") == 0){
1304  suri->capture_plugin_args = optarg;
1305  }
1306  else if (strcmp((long_opts[option_index]).name , "af-packet") == 0)
1307  {
1308  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1309  return TM_ECODE_FAILED;
1310  }
1311  } else if (strcmp((long_opts[option_index]).name , "netmap") == 0){
1312 #ifdef HAVE_NETMAP
1313  if (suri->run_mode == RUNMODE_UNKNOWN) {
1314  suri->run_mode = RUNMODE_NETMAP;
1315  if (optarg) {
1316  LiveRegisterDeviceName(optarg);
1317  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1318  strlcpy(suri->pcap_dev, optarg,
1319  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1320  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1321  }
1322  } else if (suri->run_mode == RUNMODE_NETMAP) {
1323  if (optarg) {
1324  LiveRegisterDeviceName(optarg);
1325  } else {
1326  SCLogInfo("Multiple netmap option without interface on each is useless");
1327  break;
1328  }
1329  } else {
1330  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1331  "has been specified");
1332  PrintUsage(argv[0]);
1333  return TM_ECODE_FAILED;
1334  }
1335 #else
1336  SCLogError(SC_ERR_NO_NETMAP, "NETMAP not enabled.");
1337  return TM_ECODE_FAILED;
1338 #endif
1339  } else if (strcmp((long_opts[option_index]).name, "nflog") == 0) {
1340 #ifdef HAVE_NFLOG
1341  if (suri->run_mode == RUNMODE_UNKNOWN) {
1342  suri->run_mode = RUNMODE_NFLOG;
1343  LiveBuildDeviceListCustom("nflog", "group");
1344  }
1345 #else
1346  SCLogError(SC_ERR_NFLOG_NOSUPPORT, "NFLOG not enabled.");
1347  return TM_ECODE_FAILED;
1348 #endif /* HAVE_NFLOG */
1349  } else if (strcmp((long_opts[option_index]).name , "pcap") == 0) {
1350  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1351  return TM_ECODE_FAILED;
1352  }
1353  } else if(strcmp((long_opts[option_index]).name, "simulate-ips") == 0) {
1354  SCLogInfo("Setting IPS mode");
1355  EngineModeSetIPS();
1356  } else if(strcmp((long_opts[option_index]).name, "init-errors-fatal") == 0) {
1357  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1358  fprintf(stderr, "ERROR: Failed to set engine init-failure-fatal.\n");
1359  return TM_ECODE_FAILED;
1360  }
1361 #ifdef BUILD_UNIX_SOCKET
1362  } else if (strcmp((long_opts[option_index]).name , "unix-socket") == 0) {
1363  if (suri->run_mode == RUNMODE_UNKNOWN) {
1364  suri->run_mode = RUNMODE_UNIX_SOCKET;
1365  if (optarg) {
1366  if (ConfSetFinal("unix-command.filename", optarg) != 1) {
1367  fprintf(stderr, "ERROR: Failed to set unix-command.filename.\n");
1368  return TM_ECODE_FAILED;
1369  }
1370 
1371  }
1372  } else {
1373  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1374  "has been specified");
1375  PrintUsage(argv[0]);
1376  return TM_ECODE_FAILED;
1377  }
1378 #endif
1379  }
1380  else if(strcmp((long_opts[option_index]).name, "list-app-layer-protocols") == 0) {
1381  /* listing all supported app layer protocols */
1382  }
1383  else if(strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
1384 #ifdef UNITTESTS
1385  suri->run_mode = RUNMODE_LIST_UNITTEST;
1386 #else
1387  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1388  return TM_ECODE_FAILED;
1389 #endif /* UNITTESTS */
1390  } else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
1391  suri->run_mode = RUNMODE_LIST_RUNMODES;
1392  return TM_ECODE_OK;
1393  } else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
1394  if (optarg) {
1395  if (strcmp("short",optarg)) {
1396  suri->keyword_info = optarg;
1397  }
1398  }
1399  } else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
1400  suri->runmode_custom_mode = optarg;
1401  } else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
1402  // do nothing for now
1403  }
1404 #ifdef OS_WIN32
1405  else if(strcmp((long_opts[option_index]).name, "service-install") == 0) {
1406  suri->run_mode = RUNMODE_INSTALL_SERVICE;
1407  return TM_ECODE_OK;
1408  }
1409  else if(strcmp((long_opts[option_index]).name, "service-remove") == 0) {
1410  suri->run_mode = RUNMODE_REMOVE_SERVICE;
1411  return TM_ECODE_OK;
1412  }
1413  else if(strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
1414  suri->run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1415  return TM_ECODE_OK;
1416  }
1417 #endif /* OS_WIN32 */
1418  else if(strcmp((long_opts[option_index]).name, "pidfile") == 0) {
1419  suri->pid_filename = SCStrdup(optarg);
1420  if (suri->pid_filename == NULL) {
1421  SCLogError(SC_ERR_MEM_ALLOC, "strdup failed: %s",
1422  strerror(errno));
1423  return TM_ECODE_FAILED;
1424  }
1425  }
1426  else if(strcmp((long_opts[option_index]).name, "disable-detection") == 0) {
1427  g_detect_disabled = suri->disabled_detect = 1;
1428  } else if (strcmp((long_opts[option_index]).name, "disable-hashing") == 0) {
1429  g_disable_hashing = true;
1430  } else if (strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
1431 #ifdef UNITTESTS
1432  unittests_fatal = 1;
1433 #else
1434  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1435  return TM_ECODE_FAILED;
1436 #endif /* UNITTESTS */
1437  } else if (strcmp((long_opts[option_index]).name, "user") == 0) {
1438 #ifndef HAVE_LIBCAP_NG
1439  SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
1440  " drop privileges, but it was not compiled into Suricata.");
1441  return TM_ECODE_FAILED;
1442 #else
1443  suri->user_name = optarg;
1444  suri->do_setuid = TRUE;
1445 #endif /* HAVE_LIBCAP_NG */
1446  } else if (strcmp((long_opts[option_index]).name, "group") == 0) {
1447 #ifndef HAVE_LIBCAP_NG
1448  SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
1449  " drop privileges, but it was not compiled into Suricata.");
1450  return TM_ECODE_FAILED;
1451 #else
1452  suri->group_name = optarg;
1453  suri->do_setgid = TRUE;
1454 #endif /* HAVE_LIBCAP_NG */
1455  } else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) {
1456  suri->run_mode = RUNMODE_ERF_FILE;
1457  if (ConfSetFinal("erf-file.file", optarg) != 1) {
1458  fprintf(stderr, "ERROR: Failed to set erf-file.file\n");
1459  return TM_ECODE_FAILED;
1460  }
1461  } else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
1462 #ifdef HAVE_DAG
1463  if (suri->run_mode == RUNMODE_UNKNOWN) {
1464  suri->run_mode = RUNMODE_DAG;
1465  }
1466  else if (suri->run_mode != RUNMODE_DAG) {
1467  SCLogError(SC_ERR_MULTIPLE_RUN_MODE,
1468  "more than one run mode has been specified");
1469  PrintUsage(argv[0]);
1470  return TM_ECODE_FAILED;
1471  }
1472  LiveRegisterDeviceName(optarg);
1473 #else
1474  SCLogError(SC_ERR_DAG_REQUIRED, "libdag and a DAG card are required"
1475  " to receive packets using --dag.");
1476  return TM_ECODE_FAILED;
1477 #endif /* HAVE_DAG */
1478  } else if (strcmp((long_opts[option_index]).name, "napatech") == 0) {
1479 #ifdef HAVE_NAPATECH
1480  suri->run_mode = RUNMODE_NAPATECH;
1481 #else
1482  SCLogError(SC_ERR_NAPATECH_REQUIRED, "libntapi and a Napatech adapter are required"
1483  " to capture packets using --napatech.");
1484  return TM_ECODE_FAILED;
1485 #endif /* HAVE_NAPATECH */
1486  } else if (strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
1487 #ifdef HAVE_PCAP_SET_BUFF
1488  if (ConfSetFinal("pcap.buffer-size", optarg) != 1) {
1489  fprintf(stderr, "ERROR: Failed to set pcap-buffer-size.\n");
1490  return TM_ECODE_FAILED;
1491  }
1492 #else
1493  SCLogError(SC_ERR_NO_PCAP_SET_BUFFER_SIZE, "The version of libpcap you have"
1494  " doesn't support setting buffer size.");
1495 #endif /* HAVE_PCAP_SET_BUFF */
1496  } else if (strcmp((long_opts[option_index]).name, "build-info") == 0) {
1497  suri->run_mode = RUNMODE_PRINT_BUILDINFO;
1498  return TM_ECODE_OK;
1499  } else if (strcmp((long_opts[option_index]).name, "windivert-forward") == 0) {
1500 #ifdef WINDIVERT
1501  if (suri->run_mode == RUNMODE_UNKNOWN) {
1502  suri->run_mode = RUNMODE_WINDIVERT;
1503  if (WinDivertRegisterQueue(true, optarg) == -1) {
1504  exit(EXIT_FAILURE);
1505  }
1506  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1507  if (WinDivertRegisterQueue(true, optarg) == -1) {
1508  exit(EXIT_FAILURE);
1509  }
1510  } else {
1511  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1512  "has been specified");
1513  PrintUsage(argv[0]);
1514  exit(EXIT_FAILURE);
1515  }
1516  }
1517  else if(strcmp((long_opts[option_index]).name, "windivert") == 0) {
1518  if (suri->run_mode == RUNMODE_UNKNOWN) {
1519  suri->run_mode = RUNMODE_WINDIVERT;
1520  if (WinDivertRegisterQueue(false, optarg) == -1) {
1521  exit(EXIT_FAILURE);
1522  }
1523  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1524  if (WinDivertRegisterQueue(false, optarg) == -1) {
1525  exit(EXIT_FAILURE);
1526  }
1527  } else {
1528  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1529  "has been specified");
1530  PrintUsage(argv[0]);
1531  exit(EXIT_FAILURE);
1532  }
1533 #else
1534  SCLogError(SC_ERR_WINDIVERT_NOSUPPORT,"WinDivert not enabled. Make sure to pass --enable-windivert to configure when building.");
1535  return TM_ECODE_FAILED;
1536 #endif /* WINDIVERT */
1537  } else if(strcmp((long_opts[option_index]).name, "reject-dev") == 0) {
1538 #ifdef HAVE_LIBNET11
1539  BUG_ON(optarg == NULL); /* for static analysis */
1540  extern char *g_reject_dev;
1541  extern uint16_t g_reject_dev_mtu;
1542  g_reject_dev = optarg;
1543  int mtu = GetIfaceMTU(g_reject_dev);
1544  if (mtu > 0) {
1545  g_reject_dev_mtu = (uint16_t)mtu;
1546  }
1547 #else
1548  SCLogError(SC_ERR_LIBNET_NOT_ENABLED,
1549  "Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1550  return TM_ECODE_FAILED;
1551 #endif
1552  }
1553  else if (strcmp((long_opts[option_index]).name, "set") == 0) {
1554  if (optarg != NULL) {
1555  /* Quick validation. */
1556  char *val = strchr(optarg, '=');
1557  if (val == NULL) {
1558  FatalError(SC_ERR_FATAL,
1559  "Invalid argument for --set, must be key=val.");
1560  }
1561  if (!ConfSetFromString(optarg, 1)) {
1562  fprintf(stderr, "Failed to set configuration value %s.",
1563  optarg);
1564  exit(EXIT_FAILURE);
1565  }
1566  }
1567  }
1568  else if (strcmp((long_opts[option_index]).name, "pcap-file-continuous") == 0) {
1569  if (ConfSetFinal("pcap-file.continuous", "true") != 1) {
1570  SCLogError(SC_ERR_CMD_LINE, "Failed to set pcap-file.continuous");
1571  return TM_ECODE_FAILED;
1572  }
1573  }
1574  else if (strcmp((long_opts[option_index]).name, "pcap-file-delete") == 0) {
1575  if (ConfSetFinal("pcap-file.delete-when-done", "true") != 1) {
1576  SCLogError(SC_ERR_CMD_LINE, "Failed to set pcap-file.delete-when-done");
1577  return TM_ECODE_FAILED;
1578  }
1579  }
1580  else if (strcmp((long_opts[option_index]).name, "pcap-file-recursive") == 0) {
1581  if (ConfSetFinal("pcap-file.recursive", "true") != 1) {
1582  SCLogError(SC_ERR_CMD_LINE, "ERROR: Failed to set pcap-file.recursive");
1583  return TM_ECODE_FAILED;
1584  }
1585  }
1586  else if (strcmp((long_opts[option_index]).name, "data-dir") == 0) {
1587  if (optarg == NULL) {
1588  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -d");
1589  return TM_ECODE_FAILED;
1590  }
1591 
1592  if (ConfigSetDataDirectory(optarg) != TM_ECODE_OK) {
1593  SCLogError(SC_ERR_FATAL, "Failed to set data directory.");
1594  return TM_ECODE_FAILED;
1595  }
1596  if (ConfigCheckDataDirectory(optarg) != TM_ECODE_OK) {
1597  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The data directory \"%s\""
1598  " supplied at the commandline (-d %s) doesn't "
1599  "exist. Shutting down the engine.", optarg, optarg);
1600  return TM_ECODE_FAILED;
1601  }
1602  suri->set_datadir = true;
1603  } else if (strcmp((long_opts[option_index]).name , "strict-rule-keywords") == 0){
1604  if (optarg == NULL) {
1605  suri->strict_rule_parsing_string = SCStrdup("all");
1606  } else {
1607  suri->strict_rule_parsing_string = SCStrdup(optarg);
1608  }
1609  if (suri->strict_rule_parsing_string == NULL) {
1610  FatalError(SC_ERR_MEM_ALLOC, "failed to duplicate 'strict' string");
1611  }
1612  }
1613  break;
1614  case 'c':
1615  suri->conf_filename = optarg;
1616  break;
1617  case 'T':
1618  SCLogInfo("Running suricata under test mode");
1619  conf_test = 1;
1620  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1621  fprintf(stderr, "ERROR: Failed to set engine init-failure-fatal.\n");
1622  return TM_ECODE_FAILED;
1623  }
1624  break;
1625 #ifndef OS_WIN32
1626  case 'D':
1627  suri->daemon = 1;
1628  break;
1629 #endif /* OS_WIN32 */
1630  case 'h':
1631  suri->run_mode = RUNMODE_PRINT_USAGE;
1632  return TM_ECODE_OK;
1633  case 'i':
1634  if (optarg == NULL) {
1635  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -i");
1636  return TM_ECODE_FAILED;
1637  }
1638 #ifdef HAVE_AF_PACKET
1639  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1640  return TM_ECODE_FAILED;
1641  }
1642 #else /* not afpacket */
1643  /* warn user if netmap or pf-ring are available */
1644 #if defined HAVE_PFRING || HAVE_NETMAP
1645  int i = 0;
1646 #ifdef HAVE_PFRING
1647  i++;
1648 #endif
1649 #ifdef HAVE_NETMAP
1650  i++;
1651 #endif
1652  SCLogWarning(SC_WARN_FASTER_CAPTURE_AVAILABLE, "faster capture "
1653  "option%s %s available:"
1654 #ifdef HAVE_PFRING
1655  " PF_RING (--pfring-int=%s)"
1656 #endif
1657 #ifdef HAVE_NETMAP
1658  " NETMAP (--netmap=%s)"
1659 #endif
1660  ". Use --pcap=%s to suppress this warning",
1661  i == 1 ? "" : "s", i == 1 ? "is" : "are"
1662 #ifdef HAVE_PFRING
1663  , optarg
1664 #endif
1665 #ifdef HAVE_NETMAP
1666  , optarg
1667 #endif
1668  , optarg
1669  );
1670 #endif /* have faster methods */
1671  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1672  return TM_ECODE_FAILED;
1673  }
1674 #endif
1675  break;
1676  case 'l':
1677  if (optarg == NULL) {
1678  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -l");
1679  return TM_ECODE_FAILED;
1680  }
1681 
1682  if (ConfigSetLogDirectory(optarg) != TM_ECODE_OK) {
1683  SCLogError(SC_ERR_FATAL, "Failed to set log directory.");
1684  return TM_ECODE_FAILED;
1685  }
1686  if (ConfigCheckLogDirectoryExists(optarg) != TM_ECODE_OK) {
1687  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
1688  " supplied at the commandline (-l %s) doesn't "
1689  "exist. Shutting down the engine.", optarg, optarg);
1690  return TM_ECODE_FAILED;
1691  }
1692  if (!IsLogDirectoryWritable(optarg)) {
1693  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
1694  " supplied at the commandline (-l %s) is not "
1695  "writable. Shutting down the engine.", optarg, optarg);
1696  return TM_ECODE_FAILED;
1697  }
1698  suri->set_logdir = true;
1699 
1700  break;
1701  case 'q':
1702 #ifdef NFQ
1703  if (suri->run_mode == RUNMODE_UNKNOWN) {
1704  suri->run_mode = RUNMODE_NFQ;
1705  EngineModeSetIPS();
1706  if (NFQParseAndRegisterQueues(optarg) == -1)
1707  return TM_ECODE_FAILED;
1708  } else if (suri->run_mode == RUNMODE_NFQ) {
1709  if (NFQParseAndRegisterQueues(optarg) == -1)
1710  return TM_ECODE_FAILED;
1711  } else {
1712  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1713  "has been specified");
1714  PrintUsage(argv[0]);
1715  return TM_ECODE_FAILED;
1716  }
1717 #else
1718  SCLogError(SC_ERR_NFQ_NOSUPPORT,"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when building.");
1719  return TM_ECODE_FAILED;
1720 #endif /* NFQ */
1721  break;
1722  case 'd':
1723 #ifdef IPFW
1724  if (suri->run_mode == RUNMODE_UNKNOWN) {
1725  suri->run_mode = RUNMODE_IPFW;
1726  EngineModeSetIPS();
1727  if (IPFWRegisterQueue(optarg) == -1)
1728  return TM_ECODE_FAILED;
1729  } else if (suri->run_mode == RUNMODE_IPFW) {
1730  if (IPFWRegisterQueue(optarg) == -1)
1731  return TM_ECODE_FAILED;
1732  } else {
1733  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1734  "has been specified");
1735  PrintUsage(argv[0]);
1736  return TM_ECODE_FAILED;
1737  }
1738 #else
1739  SCLogError(SC_ERR_IPFW_NOSUPPORT,"IPFW not enabled. Make sure to pass --enable-ipfw to configure when building.");
1740  return TM_ECODE_FAILED;
1741 #endif /* IPFW */
1742  break;
1743  case 'r':
1744  BUG_ON(optarg == NULL); /* for static analysis */
1745  if (suri->run_mode == RUNMODE_UNKNOWN) {
1746  suri->run_mode = RUNMODE_PCAP_FILE;
1747  } else {
1748  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1749  "has been specified");
1750  PrintUsage(argv[0]);
1751  return TM_ECODE_FAILED;
1752  }
1753 #ifdef OS_WIN32
1754  struct _stat buf;
1755  if(_stat(optarg, &buf) != 0) {
1756 #else
1757  struct stat buf;
1758  if (stat(optarg, &buf) != 0) {
1759 #endif /* OS_WIN32 */
1760  SCLogError(SC_ERR_INITIALIZATION, "ERROR: Pcap file does not exist\n");
1761  return TM_ECODE_FAILED;
1762  }
1763  if (ConfSetFinal("pcap-file.file", optarg) != 1) {
1764  SCLogError(SC_ERR_INITIALIZATION, "ERROR: Failed to set pcap-file.file\n");
1765  return TM_ECODE_FAILED;
1766  }
1767 
1768  break;
1769  case 's':
1770  if (suri->sig_file != NULL) {
1771  SCLogError(SC_ERR_CMD_LINE, "can't have multiple -s options or mix -s and -S.");
1772  return TM_ECODE_FAILED;
1773  }
1774  suri->sig_file = optarg;
1775  break;
1776  case 'S':
1777  if (suri->sig_file != NULL) {
1778  SCLogError(SC_ERR_CMD_LINE, "can't have multiple -S options or mix -s and -S.");
1779  return TM_ECODE_FAILED;
1780  }
1781  suri->sig_file = optarg;
1782  suri->sig_file_exclusive = TRUE;
1783  break;
1784  case 'u':
1785 #ifdef UNITTESTS
1786  if (suri->run_mode == RUNMODE_UNKNOWN) {
1787  suri->run_mode = RUNMODE_UNITTEST;
1788  } else {
1789  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode has"
1790  " been specified");
1791  PrintUsage(argv[0]);
1792  return TM_ECODE_FAILED;
1793  }
1794 #else
1795  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1796  return TM_ECODE_FAILED;
1797 #endif /* UNITTESTS */
1798  break;
1799  case 'U':
1800 #ifdef UNITTESTS
1801  suri->regex_arg = optarg;
1802 
1803  if(strlen(suri->regex_arg) == 0)
1804  suri->regex_arg = NULL;
1805 #endif
1806  break;
1807  case 'V':
1808  suri->run_mode = RUNMODE_PRINT_VERSION;
1809  return TM_ECODE_OK;
1810  case 'F':
1811  if (optarg == NULL) {
1812  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -F");
1813  return TM_ECODE_FAILED;
1814  }
1815 
1816  SetBpfStringFromFile(optarg);
1817  break;
1818  case 'v':
1819  suri->verbose++;
1820  break;
1821  case 'k':
1822  if (optarg == NULL) {
1823  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -k");
1824  return TM_ECODE_FAILED;
1825  }
1826  if (!strcmp("all", optarg))
1827  suri->checksum_validation = 1;
1828  else if (!strcmp("none", optarg))
1829  suri->checksum_validation = 0;
1830  else {
1831  SCLogError(SC_ERR_INITIALIZATION, "option '%s' invalid for -k", optarg);
1832  return TM_ECODE_FAILED;
1833  }
1834  break;
1835  default:
1836  PrintUsage(argv[0]);
1837  return TM_ECODE_FAILED;
1838  }
1839  }
1840 
1841  if (suri->disabled_detect && suri->sig_file != NULL) {
1842  SCLogError(SC_ERR_INITIALIZATION, "can't use -s/-S when detection is disabled");
1843  return TM_ECODE_FAILED;
1844  }
1845 
1846  /* save the runmode from the commandline (if any) */
1847  suri->aux_run_mode = suri->run_mode;
1848 
1849  if (list_app_layer_protocols)
1850  suri->run_mode = RUNMODE_LIST_APP_LAYERS;
1851  if (list_keywords)
1852  suri->run_mode = RUNMODE_LIST_KEYWORDS;
1853  if (list_unittests)
1854  suri->run_mode = RUNMODE_LIST_UNITTEST;
1855  if (dump_config)
1856  suri->run_mode = RUNMODE_DUMP_CONFIG;
1857  if (dump_features)
1858  suri->run_mode = RUNMODE_DUMP_FEATURES;
1859  if (conf_test)
1860  suri->run_mode = RUNMODE_CONF_TEST;
1861  if (engine_analysis)
1862  suri->run_mode = RUNMODE_ENGINE_ANALYSIS;
1863 
1864  suri->offline = IsRunModeOffline(suri->run_mode);
1865  g_system = suri->system = IsRunModeSystem(suri->run_mode);
1866 
1867  ret = SetBpfString(optind, argv);
1868  if (ret != TM_ECODE_OK)
1869  return ret;
1870 
1871  return TM_ECODE_OK;
1872 }
1873 
1874 #ifdef OS_WIN32
1875 static int WindowsInitService(int argc, char **argv)
1876 {
1877  if (SCRunningAsService()) {
1878  char path[MAX_PATH];
1879  char *p = NULL;
1880  strlcpy(path, argv[0], MAX_PATH);
1881  if ((p = strrchr(path, '\\'))) {
1882  *p = '\0';
1883  }
1884  if (!SetCurrentDirectory(path)) {
1885  SCLogError(SC_ERR_FATAL, "Can't set current directory to: %s", path);
1886  return -1;
1887  }
1888  SCLogInfo("Current directory is set to: %s", path);
1889  SCServiceInit(argc, argv);
1890  }
1891 
1892  /* Windows socket subsystem initialization */
1893  WSADATA wsaData;
1894  if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
1895  SCLogError(SC_ERR_FATAL, "Can't initialize Windows sockets: %d", WSAGetLastError());
1896  return -1;
1897  }
1898 
1899  return 0;
1900 }
1901 #endif /* OS_WIN32 */
1902 
1903 static int MayDaemonize(SCInstance *suri)
1904 {
1905  if (suri->daemon == 1 && suri->pid_filename == NULL) {
1906  const char *pid_filename;
1907 
1908  if (ConfGet("pid-file", &pid_filename) == 1) {
1909  SCLogInfo("Use pid file %s from config file.", pid_filename);
1910  } else {
1911  pid_filename = DEFAULT_PID_FILENAME;
1912  }
1913  /* The pid file name may be in config memory, but is needed later. */
1914  suri->pid_filename = SCStrdup(pid_filename);
1915  if (suri->pid_filename == NULL) {
1916  SCLogError(SC_ERR_MEM_ALLOC, "strdup failed: %s", strerror(errno));
1917  return TM_ECODE_FAILED;
1918  }
1919  }
1920 
1921  if (suri->pid_filename != NULL && SCPidfileTestRunning(suri->pid_filename) != 0) {
1922  SCFree(suri->pid_filename);
1923  suri->pid_filename = NULL;
1924  return TM_ECODE_FAILED;
1925  }
1926 
1927  if (suri->daemon == 1) {
1928  Daemonize();
1929  }
1930 
1931  if (suri->pid_filename != NULL) {
1932  if (SCPidfileCreate(suri->pid_filename) != 0) {
1933  SCFree(suri->pid_filename);
1934  suri->pid_filename = NULL;
1935  SCLogError(SC_ERR_PIDFILE_DAEMON,
1936  "Unable to create PID file, concurrent run of"
1937  " Suricata can occur.");
1938  SCLogError(SC_ERR_PIDFILE_DAEMON,
1939  "PID file creation WILL be mandatory for daemon mode"
1940  " in future version");
1941  }
1942  }
1943 
1944  return TM_ECODE_OK;
1945 }
1946 
1947 static int InitSignalHandler(SCInstance *suri)
1948 {
1949  /* registering signals we use */
1950 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
1951  UtilSignalHandlerSetup(SIGINT, SignalHandlerSigint);
1952  UtilSignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
1953 #endif
1954 #ifndef OS_WIN32
1955  UtilSignalHandlerSetup(SIGHUP, SignalHandlerSigHup);
1956  UtilSignalHandlerSetup(SIGPIPE, SIG_IGN);
1957  UtilSignalHandlerSetup(SIGSYS, SIG_IGN);
1958 
1959  /* Try to get user/group to run suricata as if
1960  command line as not decide of that */
1961  if (suri->do_setuid == FALSE && suri->do_setgid == FALSE) {
1962  const char *id;
1963  if (ConfGet("run-as.user", &id) == 1) {
1964  suri->do_setuid = TRUE;
1965  suri->user_name = id;
1966  }
1967  if (ConfGet("run-as.group", &id) == 1) {
1968  suri->do_setgid = TRUE;
1969  suri->group_name = id;
1970  }
1971  }
1972  /* Get the suricata user ID to given user ID */
1973  if (suri->do_setuid == TRUE) {
1974  if (SCGetUserID(suri->user_name, suri->group_name,
1975  &suri->userid, &suri->groupid) != 0) {
1976  SCLogError(SC_ERR_UID_FAILED, "failed in getting user ID");
1977  return TM_ECODE_FAILED;
1978  }
1979 
1980  sc_set_caps = TRUE;
1981  /* Get the suricata group ID to given group ID */
1982  } else if (suri->do_setgid == TRUE) {
1983  if (SCGetGroupID(suri->group_name, &suri->groupid) != 0) {
1984  SCLogError(SC_ERR_GID_FAILED, "failed in getting group ID");
1985  return TM_ECODE_FAILED;
1986  }
1987 
1988  sc_set_caps = TRUE;
1989  }
1990 #endif /* OS_WIN32 */
1991 
1992  return TM_ECODE_OK;
1993 }
1994 
1995 /* initialization code for both the main modes and for
1996  * unix socket mode.
1997  *
1998  * Will be run once per pcap in unix-socket mode */
1999 void PreRunInit(const int runmode)
2000 {
2001  /* Initialize Datasets to be able to use them with unix socket */
2002  DatasetsInit();
2003  if (runmode == RUNMODE_UNIX_SOCKET)
2004  return;
2005 
2006  StatsInit();
2007 #ifdef PROFILING
2008  SCProfilingRulesGlobalInit();
2009  SCProfilingKeywordsGlobalInit();
2010  SCProfilingPrefilterGlobalInit();
2011  SCProfilingSghsGlobalInit();
2012  SCProfilingInit();
2013 #endif /* PROFILING */
2014  DefragInit();
2015  FlowInitConfig(FLOW_QUIET);
2016  IPPairInitConfig(FLOW_QUIET);
2017  StreamTcpInitConfig(STREAM_VERBOSE);
2018  AppLayerParserPostStreamSetup();
2019  AppLayerRegisterGlobalCounters();
2020  OutputFilestoreRegisterGlobalCounters();
2021 }
2022 
2023 /* tasks we need to run before packets start flowing,
2024  * but after we dropped privs */
2025 void PreRunPostPrivsDropInit(const int runmode)
2026 {
2027  StatsSetupPostConfigPreOutput();
2028  RunModeInitializeOutputs();
2029 
2030  if (runmode == RUNMODE_UNIX_SOCKET)
2031  return;
2032 
2033  StatsSetupPostConfigPostOutput();
2034 }
2035 
2036 /* clean up / shutdown code for both the main modes and for
2037  * unix socket mode.
2038  *
2039  * Will be run once per pcap in unix-socket mode */
2040 void PostRunDeinit(const int runmode, struct timeval *start_time)
2041 {
2042  if (runmode == RUNMODE_UNIX_SOCKET)
2043  return;
2044 
2045  /* needed by FlowForceReassembly */
2046  PacketPoolInit();
2047 
2048  /* handle graceful shutdown of the flow engine, it's helper
2049  * threads and the packet threads */
2050  FlowDisableFlowManagerThread();
2051  TmThreadDisableReceiveThreads();
2052  FlowForceReassembly();
2053  TmThreadDisablePacketThreads();
2054  SCPrintElapsedTime(start_time);
2055  FlowDisableFlowRecyclerThread();
2056 
2057  /* kill the stats threads */
2058  TmThreadKillThreadsFamily(TVT_MGMT);
2059  TmThreadClearThreadsFamily(TVT_MGMT);
2060 
2061  /* kill packet threads -- already in 'disabled' state */
2062  TmThreadKillThreadsFamily(TVT_PPT);
2063  TmThreadClearThreadsFamily(TVT_PPT);
2064 
2065  PacketPoolDestroy();
2066 
2067  /* mgt and ppt threads killed, we can run non thread-safe
2068  * shutdown functions */
2069  StatsReleaseResources();
2070  DecodeUnregisterCounters();
2071  RunModeShutDown();
2072  FlowShutdown();
2073  IPPairShutdown();
2074  HostCleanup();
2075  StreamTcpFreeConfig(STREAM_VERBOSE);
2076  DefragDestroy();
2077 
2078  TmqResetQueues();
2079 #ifdef PROFILING
2080  if (profiling_rules_enabled)
2081  SCProfilingDump();
2082  SCProfilingDestroy();
2083 #endif
2084 }
2085 
2086 
2087 static int StartInternalRunMode(SCInstance *suri, int argc, char **argv)
2088 {
2089  /* Treat internal running mode */
2090  switch(suri->run_mode) {
2091  case RUNMODE_LIST_KEYWORDS:
2092  return ListKeywords(suri->keyword_info);
2093  case RUNMODE_LIST_APP_LAYERS:
2094  if (suri->conf_filename != NULL) {
2095  return ListAppLayerProtocols(suri->conf_filename);
2096  } else {
2097  return ListAppLayerProtocols(DEFAULT_CONF_FILE);
2098  }
2099  case RUNMODE_PRINT_VERSION:
2100  PrintVersion();
2101  return TM_ECODE_DONE;
2102  case RUNMODE_PRINT_BUILDINFO:
2103  PrintBuildInfo();
2104  return TM_ECODE_DONE;
2105  case RUNMODE_PRINT_USAGE:
2106  PrintUsage(argv[0]);
2107  return TM_ECODE_DONE;
2108  case RUNMODE_LIST_RUNMODES:
2109  RunModeListRunmodes();
2110  return TM_ECODE_DONE;
2111  case RUNMODE_LIST_UNITTEST:
2112  RunUnittests(1, suri->regex_arg);
2113  case RUNMODE_UNITTEST:
2114  RunUnittests(0, suri->regex_arg);
2115 #ifdef OS_WIN32
2116  case RUNMODE_INSTALL_SERVICE:
2117  if (SCServiceInstall(argc, argv)) {
2118  return TM_ECODE_FAILED;
2119  }
2120  SCLogInfo("Suricata service has been successfuly installed.");
2121  return TM_ECODE_DONE;
2122  case RUNMODE_REMOVE_SERVICE:
2123  if (SCServiceRemove(argc, argv)) {
2124  return TM_ECODE_FAILED;
2125  }
2126  SCLogInfo("Suricata service has been successfuly removed.");
2127  return TM_ECODE_DONE;
2128  case RUNMODE_CHANGE_SERVICE_PARAMS:
2129  if (SCServiceChangeParams(argc, argv)) {
2130  return TM_ECODE_FAILED;
2131  }
2132  SCLogInfo("Suricata service startup parameters has been successfuly changed.");
2133  return TM_ECODE_DONE;
2134 #endif /* OS_WIN32 */
2135  default:
2136  /* simply continue for other running mode */
2137  break;
2138  }
2139  return TM_ECODE_OK;
2140 }
2141 
2142 static int FinalizeRunMode(SCInstance *suri, char **argv)
2143 {
2144  switch (suri->run_mode) {
2145  case RUNMODE_UNKNOWN:
2146  PrintUsage(argv[0]);
2147  return TM_ECODE_FAILED;
2148  default:
2149  break;
2150  }
2151  /* Set the global run mode and offline flag. */
2152  run_mode = suri->run_mode;
2153 
2154  if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) {
2155  return TM_ECODE_FAILED;
2156  }
2157 
2158  return TM_ECODE_OK;
2159 }
2160 
2161 static void SetupDelayedDetect(SCInstance *suri)
2162 {
2163  /* In offline mode delayed init of detect is a bad idea */
2164  if (suri->offline) {
2165  suri->delayed_detect = 0;
2166  } else {
2167  if (ConfGetBool("detect.delayed-detect", &suri->delayed_detect) != 1) {
2168  ConfNode *denode = NULL;
2169  ConfNode *decnf = ConfGetNode("detect-engine");
2170  if (decnf != NULL) {
2171  TAILQ_FOREACH(denode, &decnf->head, next) {
2172  if (strcmp(denode->val, "delayed-detect") == 0) {
2173  (void)ConfGetChildValueBool(denode, "delayed-detect", &suri->delayed_detect);
2174  }
2175  }
2176  }
2177  }
2178  }
2179 
2180  SCLogConfig("Delayed detect %s", suri->delayed_detect ? "enabled" : "disabled");
2181  if (suri->delayed_detect) {
2182  SCLogInfo("Packets will start being processed before signatures are active.");
2183  }
2184 
2185 }
2186 
2187 static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri)
2188 {
2189  if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) {
2190  SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.");
2191  if (de_ctx->failure_fatal)
2192  return TM_ECODE_FAILED;
2193  }
2194 
2195  return TM_ECODE_OK;
2196 }
2197 
2198 static int ConfigGetCaptureValue(SCInstance *suri)
2199 {
2200  /* Pull the max pending packets from the config, if not found fall
2201  * back on a sane default. */
2202  if (ConfGetInt("max-pending-packets", &max_pending_packets) != 1)
2203  max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
2204  if (max_pending_packets >= 65535) {
2205  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2206  "Maximum max-pending-packets setting is 65534. "
2207  "Please check %s for errors", suri->conf_filename);
2208  return TM_ECODE_FAILED;
2209  }
2210 
2211  SCLogDebug("Max pending packets set to %"PRIiMAX, max_pending_packets);
2212 
2213  /* Pull the default packet size from the config, if not found fall
2214  * back on a sane default. */
2215  const char *temp_default_packet_size;
2216  if ((ConfGet("default-packet-size", &temp_default_packet_size)) != 1) {
2217  int mtu = 0;
2218  int lthread;
2219  int nlive;
2220  int strip_trailing_plus = 0;
2221  switch (suri->run_mode) {
2222 #ifdef WINDIVERT
2223  case RUNMODE_WINDIVERT:
2224  /* by default, WinDivert collects from all devices */
2225  mtu = GetGlobalMTUWin32();
2226 
2227  if (mtu > 0) {
2228  g_default_mtu = mtu;
2229  /* SLL_HEADER_LEN is the longest header + 8 for VLAN */
2230  default_packet_size = mtu + SLL_HEADER_LEN + 8;
2231  break;
2232  }
2233 
2234  g_default_mtu = DEFAULT_MTU;
2235  default_packet_size = DEFAULT_PACKET_SIZE;
2236  break;
2237 #endif /* WINDIVERT */
2238  case RUNMODE_NETMAP:
2239  /* in netmap igb0+ has a special meaning, however the
2240  * interface really is igb0 */
2241  strip_trailing_plus = 1;
2242  /* fall through */
2243  case RUNMODE_PCAP_DEV:
2244  case RUNMODE_AFP_DEV:
2245  case RUNMODE_PFRING:
2246  nlive = LiveGetDeviceNameCount();
2247  for (lthread = 0; lthread < nlive; lthread++) {
2248  const char *live_dev = LiveGetDeviceNameName(lthread);
2249  char dev[128]; /* need to be able to support GUID names on Windows */
2250  (void)strlcpy(dev, live_dev, sizeof(dev));
2251 
2252  if (strip_trailing_plus) {
2253  size_t len = strlen(dev);
2254  if (len &&
2255  (dev[len-1] == '+' ||
2256  dev[len-1] == '^' ||
2257  dev[len-1] == '*'))
2258  {
2259  dev[len-1] = '\0';
2260  }
2261  }
2262  mtu = GetIfaceMTU(dev);
2263  g_default_mtu = MAX(mtu, g_default_mtu);
2264 
2265  unsigned int iface_max_packet_size = GetIfaceMaxPacketSize(dev);
2266  if (iface_max_packet_size > default_packet_size)
2267  default_packet_size = iface_max_packet_size;
2268  }
2269  if (default_packet_size)
2270  break;
2271  /* fall through */
2272  default:
2273  g_default_mtu = DEFAULT_MTU;
2274  default_packet_size = DEFAULT_PACKET_SIZE;
2275  }
2276  } else {
2277  if (ParseSizeStringU32(temp_default_packet_size, &default_packet_size) < 0) {
2278  SCLogError(SC_ERR_SIZE_PARSE, "Error parsing max-pending-packets "
2279  "from conf file - %s. Killing engine",
2280  temp_default_packet_size);
2281  return TM_ECODE_FAILED;
2282  }
2283  }
2284 
2285  SCLogDebug("Default packet size set to %"PRIu32, default_packet_size);
2286 
2287  return TM_ECODE_OK;
2288 }
2289 
2290 static void PostRunStartedDetectSetup(const SCInstance *suri)
2291 {
2292 #ifndef OS_WIN32
2293  /* registering signal handlers we use. We setup usr2 here, so that one
2294  * can't call it during the first sig load phase or while threads are still
2295  * starting up. */
2296  if (DetectEngineEnabled() && suri->delayed_detect == 0) {
2297  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2298  UtilSignalUnblock(SIGUSR2);
2299  }
2300 #endif
2301  if (suri->delayed_detect) {
2302  /* force 'reload', this will load the rules and swap engines */
2303  DetectEngineReload(suri);
2304  SCLogNotice("Signature(s) loaded, Detect thread(s) activated.");
2305 #ifndef OS_WIN32
2306  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2307  UtilSignalUnblock(SIGUSR2);
2308 #endif
2309  }
2310 }
2311 
2312 void PostConfLoadedDetectSetup(SCInstance *suri)
2313 {
2314  DetectEngineCtx *de_ctx = NULL;
2315  if (!suri->disabled_detect) {
2316  SCClassConfInit();
2317  SCReferenceConfInit();
2318  SetupDelayedDetect(suri);
2319  int mt_enabled = 0;
2320  (void)ConfGetBool("multi-detect.enabled", &mt_enabled);
2321  int default_tenant = 0;
2322  if (mt_enabled)
2323  (void)ConfGetBool("multi-detect.default", &default_tenant);
2324  if (DetectEngineMultiTenantSetup() == -1) {
2325  FatalError(SC_ERR_FATAL, "initializing multi-detect "
2326  "detection engine contexts failed.");
2327  }
2328  if (suri->delayed_detect && suri->run_mode != RUNMODE_CONF_TEST) {
2329  de_ctx = DetectEngineCtxInitStubForDD();
2330  } else if (mt_enabled && !default_tenant && suri->run_mode != RUNMODE_CONF_TEST) {
2331  de_ctx = DetectEngineCtxInitStubForMT();
2332  } else {
2333  de_ctx = DetectEngineCtxInit();
2334  }
2335  if (de_ctx == NULL) {
2336  FatalError(SC_ERR_FATAL, "initializing detection engine "
2337  "context failed.");
2338  }
2339 
2340  if (de_ctx->type == DETECT_ENGINE_TYPE_NORMAL) {
2341  if (LoadSignatures(de_ctx, suri) != TM_ECODE_OK)
2342  exit(EXIT_FAILURE);
2343  }
2344 
2345  gettimeofday(&de_ctx->last_reload, NULL);
2346  DetectEngineAddToMaster(de_ctx);
2347  DetectEngineBumpVersion();
2348  }
2349 }
2350 
2351 static int PostDeviceFinalizedSetup(SCInstance *suri)
2352 {
2353  SCEnter();
2354 
2355 #ifdef HAVE_AF_PACKET
2356  if (suri->run_mode == RUNMODE_AFP_DEV) {
2357  if (AFPRunModeIsIPS()) {
2358  SCLogInfo("AF_PACKET: Setting IPS mode");
2359  EngineModeSetIPS();
2360  }
2361  }
2362 #endif
2363 #ifdef HAVE_NETMAP
2364  if (suri->run_mode == RUNMODE_NETMAP) {
2365  if (NetmapRunModeIsIPS()) {
2366  SCLogInfo("Netmap: Setting IPS mode");
2367  EngineModeSetIPS();
2368  }
2369  }
2370 #endif
2371 
2372  SCReturnInt(TM_ECODE_OK);
2373 }
2374 
2375 static void PostConfLoadedSetupHostMode(void)
2376 {
2377  const char *hostmode = NULL;
2378 
2379  if (ConfGetValue("host-mode", &hostmode) == 1) {
2380  if (!strcmp(hostmode, "router")) {
2381  host_mode = SURI_HOST_IS_ROUTER;
2382  } else if (!strcmp(hostmode, "sniffer-only")) {
2383  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2384  } else {
2385  if (strcmp(hostmode, "auto") != 0) {
2386  WarnInvalidConfEntry("host-mode", "%s", "auto");
2387  }
2388  if (EngineModeIsIPS()) {
2389  host_mode = SURI_HOST_IS_ROUTER;
2390  } else {
2391  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2392  }
2393  }
2394  } else {
2395  if (EngineModeIsIPS()) {
2396  host_mode = SURI_HOST_IS_ROUTER;
2397  SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
2398  "default setting 'router'");
2399  } else {
2400  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2401  SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
2402  "default setting 'sniffer-only'");
2403  }
2404  }
2405 
2406 }
2407 
2408 static void SetupUserMode(SCInstance *suri)
2409 {
2410  /* apply 'user mode' config updates here */
2411  if (suri->system == false) {
2412  if (suri->set_logdir == false) {
2413  /* override log dir to current work dir" */
2414  if (ConfigSetLogDirectory((char *)".") != TM_ECODE_OK) {
2415  FatalError(SC_ERR_LOGDIR_CONFIG, "could not set USER mode logdir");
2416  }
2417  }
2418  if (suri->set_datadir == false) {
2419  /* override data dir to current work dir" */
2420  if (ConfigSetDataDirectory((char *)".") != TM_ECODE_OK) {
2421  FatalError(SC_ERR_LOGDIR_CONFIG, "could not set USER mode datadir");
2422  }
2423  }
2424  }
2425 }
2426 
2427 /**
2428  * This function is meant to contain code that needs
2429  * to be run once the configuration has been loaded.
2430  */
2431 int PostConfLoadedSetup(SCInstance *suri)
2432 {
2433  /* do this as early as possible #1577 #1955 */
2434 #ifdef HAVE_LUAJIT
2435  if (LuajitSetupStatesPool() != 0) {
2436  SCReturnInt(TM_ECODE_FAILED);
2437  }
2438 #endif
2439 
2440  /* load the pattern matchers */
2441  MpmTableSetup();
2442  SpmTableSetup();
2443 
2444  int disable_offloading;
2445  if (ConfGetBool("capture.disable-offloading", &disable_offloading) == 0)
2446  disable_offloading = 1;
2447  if (disable_offloading) {
2448  LiveSetOffloadDisable();
2449  } else {
2450  LiveSetOffloadWarn();
2451  }
2452 
2453  if (suri->checksum_validation == -1) {
2454  const char *cv = NULL;
2455  if (ConfGetValue("capture.checksum-validation", &cv) == 1) {
2456  if (strcmp(cv, "none") == 0) {
2457  suri->checksum_validation = 0;
2458  } else if (strcmp(cv, "all") == 0) {
2459  suri->checksum_validation = 1;
2460  }
2461  }
2462  }
2463  switch (suri->checksum_validation) {
2464  case 0:
2465  ConfSet("stream.checksum-validation", "0");
2466  break;
2467  case 1:
2468  ConfSet("stream.checksum-validation", "1");
2469  break;
2470  }
2471 
2472  if (suri->runmode_custom_mode) {
2473  ConfSet("runmode", suri->runmode_custom_mode);
2474  }
2475 
2476  StorageInit();
2477 #ifdef HAVE_PACKET_EBPF
2478  if (suri->run_mode == RUNMODE_AFP_DEV) {
2479  EBPFRegisterExtension();
2480  LiveDevRegisterExtension();
2481  }
2482 #endif
2483  RegisterFlowBypassInfo();
2484 
2485  MacSetRegisterFlowStorage();
2486 
2487  AppLayerSetup();
2488 
2489  /* Suricata will use this umask if provided. By default it will use the
2490  umask passed on from the shell. */
2491  const char *custom_umask;
2492  if (ConfGet("umask", &custom_umask) == 1) {
2493  uint16_t mask;
2494  if (StringParseUint16(&mask, 8, strlen(custom_umask),
2495  custom_umask) > 0) {
2496  umask((mode_t)mask);
2497  }
2498  }
2499 
2500 
2501  if (ConfigGetCaptureValue(suri) != TM_ECODE_OK) {
2502  SCReturnInt(TM_ECODE_FAILED);
2503  }
2504 
2505 #ifdef NFQ
2506  if (suri->run_mode == RUNMODE_NFQ)
2507  NFQInitConfig(FALSE);
2508 #endif
2509 
2510  /* Load the Host-OS lookup. */
2511  SCHInfoLoadFromConfig();
2512 
2513  if (suri->run_mode == RUNMODE_ENGINE_ANALYSIS) {
2514  SCLogInfo("== Carrying out Engine Analysis ==");
2515  const char *temp = NULL;
2516  if (ConfGet("engine-analysis", &temp) == 0) {
2517  SCLogInfo("no engine-analysis parameter(s) defined in conf file. "
2518  "Please define/enable them in the conf to use this "
2519  "feature.");
2520  SCReturnInt(TM_ECODE_FAILED);
2521  }
2522  }
2523 
2524  /* hardcoded initialization code */
2525  SigTableSetup(); /* load the rule keywords */
2526  SigTableApplyStrictCommandlineOption(suri->strict_rule_parsing_string);
2527  TmqhSetup();
2528 
2529  CIDRInit();
2530  SCProtoNameInit();
2531 
2532  TagInitCtx();
2533  PacketAlertTagInit();
2534  ThresholdInit();
2535  HostBitInitCtx();
2536  IPPairBitInitCtx();
2537 
2538  if (DetectAddressTestConfVars() < 0) {
2539  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2540  "basic address vars test failed. Please check %s for errors",
2541  suri->conf_filename);
2542  SCReturnInt(TM_ECODE_FAILED);
2543  }
2544  if (DetectPortTestConfVars() < 0) {
2545  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2546  "basic port vars test failed. Please check %s for errors",
2547  suri->conf_filename);
2548  SCReturnInt(TM_ECODE_FAILED);
2549  }
2550 
2551  FeatureTrackingRegister(); /* must occur prior to output mod registration */
2552  RegisterAllModules();
2553 #ifdef HAVE_PLUGINS
2554  SCPluginsLoad(suri->capture_plugin_name, suri->capture_plugin_args);
2555 #endif
2556  AppLayerHtpNeedFileInspection();
2557 
2558  StorageFinalize();
2559 
2560  TmModuleRunInit();
2561 
2562  if (MayDaemonize(suri) != TM_ECODE_OK)
2563  SCReturnInt(TM_ECODE_FAILED);
2564 
2565  if (InitSignalHandler(suri) != TM_ECODE_OK)
2566  SCReturnInt(TM_ECODE_FAILED);
2567 
2568  /* Check for the existance of the default logging directory which we pick
2569  * from suricata.yaml. If not found, shut the engine down */
2570  suri->log_dir = ConfigGetLogDirectory();
2571 
2572  if (ConfigCheckLogDirectoryExists(suri->log_dir) != TM_ECODE_OK) {
2573  SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
2574  "supplied by %s (default-log-dir) doesn't exist. "
2575  "Shutting down the engine", suri->log_dir, suri->conf_filename);
2576  SCReturnInt(TM_ECODE_FAILED);
2577  }
2578  if (!IsLogDirectoryWritable(suri->log_dir)) {
2579  SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
2580  "supplied by %s (default-log-dir) is not writable. "
2581  "Shutting down the engine", suri->log_dir, suri->conf_filename);
2582  SCReturnInt(TM_ECODE_FAILED);
2583  }
2584 
2585  if (suri->disabled_detect) {
2586  SCLogConfig("detection engine disabled");
2587  /* disable raw reassembly */
2588  (void)ConfSetFinal("stream.reassembly.raw", "false");
2589  }
2590 
2591  HostInitConfig(HOST_VERBOSE);
2592 
2593  CoredumpLoadConfig();
2594 
2595  DecodeGlobalConfig();
2596 
2597  LiveDeviceFinalize();
2598 
2599  /* set engine mode if L2 IPS */
2600  if (PostDeviceFinalizedSetup(suri) != TM_ECODE_OK) {
2601  exit(EXIT_FAILURE);
2602  }
2603 
2604  /* hostmode depends on engine mode being set */
2605  PostConfLoadedSetupHostMode();
2606 
2607  PreRunInit(suri->run_mode);
2608 
2609  SCReturnInt(TM_ECODE_OK);
2610 }
2611 
2612 static void SuricataMainLoop(SCInstance *suri)
2613 {
2614  while(1) {
2615  if (sigterm_count || sigint_count) {
2616  suricata_ctl_flags |= SURICATA_STOP;
2617  }
2618 
2619  if (suricata_ctl_flags & SURICATA_STOP) {
2620  SCLogNotice("Signal Received. Stopping engine.");
2621  break;
2622  }
2623 
2624  TmThreadCheckThreadState();
2625 
2626  if (sighup_count > 0) {
2627  OutputNotifyFileRotation();
2628  sighup_count--;
2629  }
2630 
2631  if (sigusr2_count > 0) {
2632  if (!(DetectEngineReloadIsStart())) {
2633  DetectEngineReloadStart();
2634  DetectEngineReload(suri);
2635  DetectEngineReloadSetIdle();
2636  sigusr2_count--;
2637  }
2638 
2639  } else if (DetectEngineReloadIsStart()) {
2640  DetectEngineReload(suri);
2641  DetectEngineReloadSetIdle();
2642  }
2643 
2644  usleep(10* 1000);
2645  }
2646 }
2647 
2648 /**
2649  * \brief Global initialization common to all runmodes.
2650  *
2651  * This can be used by fuzz targets.
2652  */
2653 
2654 int InitGlobal(void) {
2655  suricata_context.SCLogMessage = SCLogMessage;
2656  suricata_context.DetectEngineStateFree = DetectEngineStateFree;
2657  suricata_context.AppLayerDecoderEventsSetEventRaw = AppLayerDecoderEventsSetEventRaw;
2658  suricata_context.AppLayerDecoderEventsFreeEvents = AppLayerDecoderEventsFreeEvents;
2659  suricata_context.AppLayerParserTriggerRawStreamReassembly =
2660  AppLayerParserTriggerRawStreamReassembly;
2661 
2662  suricata_context.FileOpenFileWithId = FileOpenFileWithId;
2663  suricata_context.FileCloseFileById = FileCloseFileById;
2664  suricata_context.FileAppendDataById = FileAppendDataById;
2665  suricata_context.FileAppendGAPById = FileAppendGAPById;
2666  suricata_context.FileContainerRecycle = FileContainerRecycle;
2667  suricata_context.FilePrune = FilePrune;
2668  suricata_context.FileSetTx = FileContainerSetTx;
2669 
2670  suricata_context.AppLayerRegisterParser = AppLayerRegisterParser;
2671 
2672  rs_init(&suricata_context);
2673 
2674  SC_ATOMIC_INIT(engine_stage);
2675 
2676  /* initialize the logging subsys */
2677  SCLogInitLogModule(NULL);
2678 
2679  (void)SCSetThreadName("Suricata-Main");
2680 
2681  /* Ignore SIGUSR2 as early as possble. We redeclare interest
2682  * once we're done launching threads. The goal is to either die
2683  * completely or handle any and all SIGUSR2s correctly.
2684  */
2685 #ifndef OS_WIN32
2686  UtilSignalHandlerSetup(SIGUSR2, SIG_IGN);
2687  if (UtilSignalBlock(SIGUSR2)) {
2688  SCLogError(SC_ERR_INITIALIZATION, "SIGUSR2 initialization error");
2689  return EXIT_FAILURE;
2690  }
2691 #endif
2692 
2693  ParseSizeInit();
2694  RunModeRegisterRunModes();
2695 
2696  /* Initialize the configuration module. */
2697  ConfInit();
2698 
2699  return 0;
2700 }
2701 
2702 int SuricataMain(int argc, char **argv)
2703 {
2704  SCInstanceInit(&suricata, argv[0]);
2705 
2706  if (InitGlobal() != 0) {
2707  exit(EXIT_FAILURE);
2708  }
2709 
2710 #ifdef OS_WIN32
2711  /* service initialization */
2712  if (WindowsInitService(argc, argv) != 0) {
2713  exit(EXIT_FAILURE);
2714  }
2715 #endif /* OS_WIN32 */
2716 
2717  if (ParseCommandLine(argc, argv, &suricata) != TM_ECODE_OK) {
2718  exit(EXIT_FAILURE);
2719  }
2720 
2721  if (FinalizeRunMode(&suricata, argv) != TM_ECODE_OK) {
2722  exit(EXIT_FAILURE);
2723  }
2724 
2725  switch (StartInternalRunMode(&suricata, argc, argv)) {
2726  case TM_ECODE_DONE:
2727  exit(EXIT_SUCCESS);
2728  case TM_ECODE_FAILED:
2729  exit(EXIT_FAILURE);
2730  }
2731 
2732  /* Initializations for global vars, queues, etc (memsets, mutex init..) */
2733  GlobalsInitPreConfig();
2734 
2735  /* Load yaml configuration file if provided. */
2736  if (LoadYamlConfig(&suricata) != TM_ECODE_OK) {
2737  exit(EXIT_FAILURE);
2738  }
2739 
2740  if (suricata.run_mode == RUNMODE_DUMP_CONFIG) {
2741  ConfDump();
2742  exit(EXIT_SUCCESS);
2743  }
2744 
2745  int vlan_tracking = 1;
2746  if (ConfGetBool("vlan.use-for-tracking", &vlan_tracking) == 1 && !vlan_tracking) {
2747  /* Ignore vlan_ids when comparing flows. */
2748  g_vlan_mask = 0x0000;
2749  }
2750  SCLogDebug("vlan tracking is %s", vlan_tracking == 1 ? "enabled" : "disabled");
2751 
2752  SetupUserMode(&suricata);
2753 
2754  /* Since our config is now loaded we can finish configurating the
2755  * logging module. */
2756  SCLogLoadConfig(suricata.daemon, suricata.verbose);
2757 
2758  LogVersion(&suricata);
2759  UtilCpuPrintSummary();
2760 
2761  if (ParseInterfacesList(suricata.aux_run_mode, suricata.pcap_dev) != TM_ECODE_OK) {
2762  exit(EXIT_FAILURE);
2763  }
2764 
2765  if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) {
2766  exit(EXIT_FAILURE);
2767  }
2768 
2769  SCDropMainThreadCaps(suricata.userid, suricata.groupid);
2770 
2771  /* Re-enable coredumps after privileges are dropped. */
2772  CoredumpEnable();
2773 
2774  PreRunPostPrivsDropInit(suricata.run_mode);
2775 
2776  PostConfLoadedDetectSetup(&suricata);
2777  if (suricata.run_mode == RUNMODE_ENGINE_ANALYSIS) {
2778  goto out;
2779  } else if (suricata.run_mode == RUNMODE_CONF_TEST){
2780  SCLogNotice("Configuration provided was successfully loaded. Exiting.");
2781  goto out;
2782  } else if (suricata.run_mode == RUNMODE_DUMP_FEATURES) {
2783  FeatureDump();
2784  goto out;
2785  }
2786 
2787  SCSetStartTime(&suricata);
2788  RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode,
2789  suricata.capture_plugin_name, suricata.capture_plugin_args);
2790  if (suricata.run_mode != RUNMODE_UNIX_SOCKET) {
2791  UnixManagerThreadSpawnNonRunmode();
2792  }
2793 
2794  /* Wait till all the threads have been initialized */
2795  if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) {
2796  FatalError(SC_ERR_FATAL, "Engine initialization failed, "
2797  "aborting...");
2798  }
2799 
2800  SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
2801  PacketPoolPostRunmodes();
2802 
2803  /* Un-pause all the paused threads */
2804  TmThreadContinueThreads();
2805 
2806  PostRunStartedDetectSetup(&suricata);
2807 
2808  SCPledge();
2809  SuricataMainLoop(&suricata);
2810 
2811  /* Update the engine stage/status flag */
2812  SC_ATOMIC_SET(engine_stage, SURICATA_DEINIT);
2813 
2814  UnixSocketKillSocketThread();
2815  PostRunDeinit(suricata.run_mode, &suricata.start_time);
2816  /* kill remaining threads */
2817  TmThreadKillThreads();
2818 
2819 out:
2820  GlobalsDestroy(&suricata);
2821 
2822  exit(EXIT_SUCCESS);
2823 }
SCProtoNameInit
void SCProtoNameInit()
Function to load the protocol names from the specified protocol file.
Definition: util-proto-name.c:50
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1085
util-byte.h
host.h
tm-threads.h
ConfGetInt
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:436
TmModuleUnixManagerRegister
void TmModuleUnixManagerRegister(void)
Definition: unix-manager.c:1259
profiling_rules_enabled
int profiling_rules_enabled
Definition: util-profiling-rules.c:81
app-layer-dcerpc.h
SuricataContext_::DetectEngineStateFree
void(* DetectEngineStateFree)(DetectEngineState *)
Definition: rust-context.h:33
source-nflog.h
TagInitCtx
void TagInitCtx(void)
Definition: detect-engine-tag.c:51
TmModuleReceiveIPFWRegister
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
Definition: source-ipfw.c:150
flow-bypass.h
len
uint8_t len
Definition: app-layer-dnp3.h:2
SCReferenceConfDeinit
void SCReferenceConfDeinit(void)
Definition: util-reference-config.c:80
ippair.h
AppLayerHtpNeedFileInspection
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
Definition: app-layer-htp.c:514
SCInstance_::run_mode
enum RunModes run_mode
Definition: suricata.h:124
detect-engine.h
StringParseUint16
int StringParseUint16(uint16_t *res, int base, uint16_t len, const char *str)
Definition: util-byte.c:336
source-pcap.h
SCInstance_::groupid
uint32_t groupid
Definition: suricata.h:141
RUNMODE_UNIX_SOCKET
@ RUNMODE_UNIX_SOCKET
Definition: runmodes.h:41
g_system
bool g_system
Definition: suricata.c:221
SCReferenceConfInit
void SCReferenceConfInit(void)
Definition: util-reference-config.c:56
host-storage.h
SCInstance_::daemon
int daemon
Definition: suricata.h:150
max_pending_packets
intmax_t max_pending_packets
Definition: suricata.c:210
SuricataContext_::SCLogMessage
SCError(* SCLogMessage)(const SCLogLevel, const char *, const unsigned int, const char *, const SCError, const char *message)
Definition: rust-context.h:31
app-layer-ssh.h
SCLogInitLogModule
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
Definition: util-debug.c:1304
SLL_HEADER_LEN
#define SLL_HEADER_LEN
Definition: decode-sll.h:27
SCInstance_::checksum_validation
int checksum_validation
Definition: suricata.h:153
SURI_HOST_IS_SNIFFER_ONLY
@ SURI_HOST_IS_SNIFFER_ONLY
Definition: suricata.h:114
SC_ERR_DAG_REQUIRED
@ SC_ERR_DAG_REQUIRED
Definition: util-error.h:201
app-layer-register.h
SC_ERR_WINDIVERT_NOSUPPORT
@ SC_ERR_WINDIVERT_NOSUPPORT
Definition: util-error.h:346
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:3880
RUNMODE_UNITTEST
@ RUNMODE_UNITTEST
Definition: runmodes.h:39
StorageInit
void StorageInit(void)
Definition: util-storage.c:67
SCInstance_::start_time
struct timeval start_time
Definition: suricata.h:155
SCLogLoadConfig
void SCLogLoadConfig(int daemon, int verbose)
Definition: util-debug.c:1337
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:315
FileAppendGAPById
int FileAppendGAPById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer...
Definition: util-file.c:775
SCThresholdConfGlobalFree
void SCThresholdConfGlobalFree(void)
Definition: util-threshold-config.c:152
source-pcap-file.h
AFPPeersListClean
void AFPPeersListClean()
Clean the global peers list.
Definition: source-af-packet.c:524
ConfNode_::val
char * val
Definition: conf.h:34
CLS
#define CLS
Definition: suricata-common.h:45
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as an boolen.
Definition: conf.c:516
stream-tcp.h
DetectEngineCtx_::type
enum DetectEngineType type
Definition: detect.h:888
DetectEnginePruneFreeList
void DetectEnginePruneFreeList(void)
Definition: detect-engine.c:3971
RUNMODE_UNKNOWN
@ RUNMODE_UNKNOWN
Definition: runmodes.h:28
SuricataContext_::AppLayerDecoderEventsSetEventRaw
void(* AppLayerDecoderEventsSetEventRaw)(AppLayerDecoderEvents **, uint8_t)
Definition: rust-context.h:34
SCInstance_::group_name
const char * group_name
Definition: suricata.h:137
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:387
runmode-unittests.h
SigTableApplyStrictCommandlineOption
void SigTableApplyStrictCommandlineOption(const char *str)
Definition: detect-parse.c:306
TmqhSetup
void TmqhSetup(void)
Definition: tm-queuehandlers.c:39
SC_ERR_GID_FAILED
@ SC_ERR_GID_FAILED
Definition: util-error.h:188
RUNMODE_PRINT_BUILDINFO
@ RUNMODE_PRINT_BUILDINFO
Definition: runmodes.h:49
DetectEngineCtxInitStubForDD
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
Definition: detect-engine.c:1990
LiveDevRegisterExtension
void LiveDevRegisterExtension(void)
Definition: util-device.c:492
SC_ERR_NFQ_NOSUPPORT
@ SC_ERR_NFQ_NOSUPPORT
Definition: util-error.h:97
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
AppLayerHtpPrintStats
void AppLayerHtpPrintStats(void)
Definition: app-layer-htp.c:2925
TVT_PPT
@ TVT_PPT
Definition: tm-threads-common.h:87
StatsSetupPostConfigPreOutput
void StatsSetupPostConfigPreOutput(void)
Definition: counters.c:873
SCInstance_::runmode_custom_mode
char * runmode_custom_mode
Definition: suricata.h:134
util-coredump-config.h
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:437
TmModuleReceiveNFQRegister
void TmModuleReceiveNFQRegister(void)
Definition: source-nfq.c:167
LiveBuildDeviceList
int LiveBuildDeviceList(const char *runmode)
Definition: util-device.c:307
util-lua.h
RunModeShutDown
void RunModeShutDown(void)
Definition: runmodes.c:536
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1461
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:82
DEFAULT_MTU
#define DEFAULT_MTU
Definition: decode.h:628
ippair-bit.h
RunModeDispatch
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
Definition: runmodes.c:283
SC_ERR_NOT_SUPPORTED
@ SC_ERR_NOT_SUPPORTED
Definition: util-error.h:257
SuricataContext_::AppLayerDecoderEventsFreeEvents
void(* AppLayerDecoderEventsFreeEvents)(AppLayerDecoderEvents **)
Definition: rust-context.h:36
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
threads.h
RUNMODE_LIST_RUNMODES
@ RUNMODE_LIST_RUNMODES
Definition: runmodes.h:47
sigint_count
volatile sig_atomic_t sigint_count
Definition: suricata.c:180
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
TmModuleRunDeInit
void TmModuleRunDeInit(void)
Definition: tm-modules.c:146
RegisterFlowBypassInfo
void RegisterFlowBypassInfo(void)
Definition: flow-util.c:238
SCSetThreadName
#define SCSetThreadName(n)
Definition: threads.h:303
HostInitConfig
void HostInitConfig(char quiet)
initialize the configuration
Definition: host.c:173
SC_ERR_NO_PCAP_SET_BUFFER_SIZE
@ SC_ERR_NO_PCAP_SET_BUFFER_SIZE
Definition: util-error.h:59
SCLogDeInitLogModule
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
Definition: util-debug.c:1518
util-pidfile.h
TmModuleDecodeErfFileRegister
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
Definition: source-erf-file.c:97
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:755
FlowInitConfig
void FlowInitConfig(char quiet)
initialize the configuration
Definition: flow.c:516
DetectEngineReloadSetIdle
void DetectEngineReloadSetIdle(void)
Definition: detect-engine.c:1514
SCInstance_::userid
uint32_t userid
Definition: suricata.h:140
RUNMODE_ERF_FILE
@ RUNMODE_ERF_FILE
Definition: runmodes.h:35
source-windivert-prototypes.h
SC_ERR_IPFW_NOSUPPORT
@ SC_ERR_IPFW_NOSUPPORT
Definition: util-error.h:109
DetectEngineGetCurrent
DetectEngineCtx * DetectEngineGetCurrent(void)
Definition: detect-engine.c:3179
TmModuleFlowRecyclerRegister
void TmModuleFlowRecyclerRegister(void)
Definition: flow-manager.c:1369
packet-queue.h
Daemonize
void Daemonize(void)
Daemonize the process.
Definition: util-daemon.c:101
UtilSignalHandlerSetup
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
Definition: util-signal.c:60
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
TmModuleDecodeAFPRegister
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
Definition: source-af-packet.c:542
RUNMODE_NFLOG
@ RUNMODE_NFLOG
Definition: runmodes.h:33
TmModuleDecodeWinDivertRegister
void TmModuleDecodeWinDivertRegister(void)
Definition: source-windivert.c:74
SURICATA_STOP
#define SURICATA_STOP
Definition: suricata.h:90
FlowForceReassembly
void FlowForceReassembly(void)
Force reassembly for all the flows that have unprocessed segments.
Definition: flow-timeout.c:422
DetectEngineAddToMaster
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:3904
TmModuleStatsLoggerRegister
void TmModuleStatsLoggerRegister(void)
Definition: output-stats.c:197
RegisterAllModules
void RegisterAllModules(void)
Definition: suricata.c:834
ENGINE_MODE_IPS
@ ENGINE_MODE_IPS
Definition: suricata.h:104
SCGetUserID
int SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
Definition: util-privs.c:149
RUNMODE_PCAP_DEV
@ RUNMODE_PCAP_DEV
Definition: runmodes.h:29
flow-bit.h
SupportFastPatternForSigMatchTypes
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
Definition: detect-fast-pattern.c:135
ConfDump
void ConfDump(void)
Dump configuration to stdout.
Definition: conf.c:779
rust.h
SCPledge
#define SCPledge(...)
Definition: util-privs.h:100
CheckValidDaemonModes
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
Definition: util-daemon.c:171
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:148
SCClassConfDeinit
void SCClassConfDeinit(void)
Definition: util-classification-config.c:87
LiveGetDeviceNameName
const char * LiveGetDeviceNameName(int number)
Get a pointer to the pre device name at idx.
Definition: util-device.c:217
ConfSetFinal
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:298
unittests_fatal
int unittests_fatal
Definition: util-unittest.c:52
TmThreadDisableReceiveThreads
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
Definition: tm-threads.c:1373
StatsInit
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
Definition: counters.c:861
util-privs.h
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:1999
RUNMODE_LIST_KEYWORDS
@ RUNMODE_LIST_KEYWORDS
Definition: runmodes.h:45
SURICATA_DONE
#define SURICATA_DONE
Definition: suricata.h:92
SuricataContext_::AppLayerRegisterParser
int(* AppLayerRegisterParser)(const struct AppLayerParser *p, AppProto alproto)
Definition: rust-context.h:52
MacSetRegisterFlowStorage
void MacSetRegisterFlowStorage(void)
Definition: util-macset.c:61
SCInstance_::conf_filename
const char * conf_filename
Definition: suricata.h:159
RUNMODE_NAPATECH
@ RUNMODE_NAPATECH
Definition: runmodes.h:40
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:318
TmModuleReceiveNetmapRegister
void TmModuleReceiveNetmapRegister(void)
Definition: source-netmap.c:90
PacketPoolPostRunmodes
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
Definition: tmqh-packetpool.c:512
TmModuleReceiveWinDivertRegister
void TmModuleReceiveWinDivertRegister(void)
Definition: source-windivert.c:61
app-layer-ftp.h
MAX
#define MAX(x, y)
Definition: suricata-common.h:376
TmModuleReceivePfringRegister
void TmModuleReceivePfringRegister(void)
Registration Function for RecievePfring.
Definition: source-pfring.c:161
HOST_VERBOSE
#define HOST_VERBOSE
Definition: host.h:92
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:81
SCProfilingDestroy
void SCProfilingDestroy(void)
Free resources used by profiling.
Definition: util-profiling.c:268
IsRunModeOffline
bool IsRunModeOffline(enum RunModes run_mode_to_check)
Definition: runmodes.c:518
SuricataContext_::FileSetTx
void(* FileSetTx)(FileContainer *, uint64_t)
Definition: rust-context.h:50
RunModeInitializeOutputs
void RunModeInitializeOutputs(void)
Definition: runmodes.c:736
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1165
SCThresholdConfGlobalInit
void SCThresholdConfGlobalInit(void)
Definition: util-threshold-config.c:104
DecodeUnregisterCounters
void DecodeUnregisterCounters(void)
Definition: decode.c:481
NFQInitConfig
void NFQInitConfig(char quiet)
To initialize the NFQ global configuration data.
Definition: source-nfq.c:204
SCInstance_::capture_plugin_name
const char * capture_plugin_name
Definition: suricata.h:162
RUNMODE_DAG
@ RUNMODE_DAG
Definition: runmodes.h:36
HostBitInitCtx
void HostBitInitCtx(void)
Definition: host-bit.c:49
EngineMode
EngineMode
Definition: suricata.h:102
SURICATA_DEINIT
@ SURICATA_DEINIT
Definition: suricata.h:98
SCInstance_::set_datadir
bool set_datadir
Definition: suricata.h:146
tmqh-packetpool.h
FileContainerSetTx
void FileContainerSetTx(FileContainer *ffc, uint64_t tx_id)
Definition: util-file.c:575
g_ut_covered
int g_ut_covered
Definition: suricata.c:832
util-unittest.h
SCInstance_::capture_plugin_args
const char * capture_plugin_args
Definition: suricata.h:163
TmModuleLoggerRegister
void TmModuleLoggerRegister(void)
Definition: output.c:1017
TmThreadDisablePacketThreads
void TmThreadDisablePacketThreads(void)
Disable all packet threads.
Definition: tm-threads.c:1502
host_mode
uint8_t host_mode
Definition: suricata.c:207
RUNMODE_NETMAP
@ RUNMODE_NETMAP
Definition: runmodes.h:38
util-unittest-helper.h
TVT_MGMT
@ TVT_MGMT
Definition: tm-threads-common.h:88
RUNMODE_DUMP_FEATURES
@ RUNMODE_DUMP_FEATURES
Definition: runmodes.h:60
FeatureDump
void FeatureDump(void)
Definition: feature.c:142
PacketPoolInit
void PacketPoolInit(void)
Definition: tmqh-packetpool.c:302
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:80
AppLayerDeSetup
int AppLayerDeSetup(void)
De initializes the app layer.
Definition: app-layer.c:854
TmThreadContinueThreads
void TmThreadContinueThreads()
Unpauses all threads present in tv_root.
Definition: tm-threads.c:1831
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
PcapTranslateIPToDevice
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
Definition: source-pcap.c:649
FlowDisableFlowRecyclerThread
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
Definition: flow-manager.c:1295
ParseSizeInit
void ParseSizeInit(void)
Definition: util-misc.c:35
GetIfaceMaxPacketSize
int GetIfaceMaxPacketSize(const char *pcap_dev)
output max packet size for a link
Definition: util-ioctl.c:132
TmModuleDecodePcapFileRegister
void TmModuleDecodePcapFileRegister(void)
Definition: source-pcap-file.c:125
TmModuleBypassedFlowManagerRegister
void TmModuleBypassedFlowManagerRegister(void)
Definition: flow-bypass.c:214
IPPairShutdown
void IPPairShutdown(void)
shutdown the flow engine
Definition: ippair.c:300
source-erf-dag.h
util-signal.h
DetectParseFreeRegexes
void DetectParseFreeRegexes(void)
Definition: detect-parse.c:2455
SC_ERR_UID_FAILED
@ SC_ERR_UID_FAILED
Definition: util-error.h:187
SC_ERR_SIZE_PARSE
@ SC_ERR_SIZE_PARSE
Definition: util-error.h:230
TmModuleDecodeNFLOGRegister
void TmModuleDecodeNFLOGRegister(void)
Definition: source-nflog.c:54
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:330
NFQParseAndRegisterQueues
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
Definition: source-nfq.c:860
AppLayerSetup
int AppLayerSetup(void)
Setup the app layer.
Definition: app-layer.c:839
FeatureTrackingRegister
void FeatureTrackingRegister(void)
Definition: feature.c:150
util-cidr.h
FilePrune
void FilePrune(FileContainer *ffc)
Definition: util-file.c:391
app-layer-htp.h
UnixManagerThreadSpawnNonRunmode
void UnixManagerThreadSpawnNonRunmode(void)
Definition: unix-manager.c:1252
IsRunModeSystem
bool IsRunModeSystem(enum RunModes run_mode_to_check)
Definition: runmodes.c:505
datasets.h
TmModuleDecodeNetmapRegister
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
Definition: source-netmap.c:100
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2025
feature.h
decode.h
util-device.h
util-debug.h
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:3920
sigterm_count
volatile sig_atomic_t sigterm_count
Definition: suricata.c:182
run_mode
int run_mode
Definition: suricata.c:199
source-nfq.h
SC_ERR_CMD_LINE
@ SC_ERR_CMD_LINE
Definition: util-error.h:227
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
TmThreadWaitOnThreadInit
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
Definition: tm-threads.c:1901
TmModuleVerdictNFQRegister
void TmModuleVerdictNFQRegister(void)
Definition: source-nfq.c:182
ConfYamlLoadFile
int ConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
Definition: conf-yaml-loader.c:416
RUNMODE_CONF_TEST
@ RUNMODE_CONF_TEST
Definition: runmodes.h:52
AppLayerRegisterGlobalCounters
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
Definition: app-layer.c:916
RunModeListRunmodes
void RunModeListRunmodes(void)
Lists all registered runmodes.
Definition: runmodes.c:240
RUNMODE_PRINT_USAGE
@ RUNMODE_PRINT_USAGE
Definition: runmodes.h:50
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
RUNMODE_LIST_APP_LAYERS
@ RUNMODE_LIST_APP_LAYERS
Definition: runmodes.h:46
util-cpu.h
suricata
SCInstance suricata
Definition: suricata.c:239
LiveSetOffloadDisable
void LiveSetOffloadDisable(void)
Definition: util-device.c:69
app-layer-dnp3.h
StatsSetupPostConfigPostOutput
void StatsSetupPostConfigPostOutput(void)
Definition: counters.c:878
EngineModeSetIDS
void EngineModeSetIDS(void)
Definition: suricata.c:261
SpmTableSetup
void SpmTableSetup(void)
Definition: util-spm.c:123
TmModuleReceiveAFPRegister
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
Definition: source-af-packet.c:323
LiveBuildDeviceListCustom
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
Definition: util-device.c:312
UnixSocketKillSocketThread
void UnixSocketKillSocketThread(void)
Definition: unix-manager.c:1247
TmModuleVerdictIPFWRegister
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
Definition: source-ipfw.c:171
flow-worker.h
SuricataContext_::FileAppendDataById
int(* FileAppendDataById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Definition: rust-context.h:44
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:276
util-reference-config.h
source-napatech.h
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:933
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:148
TmModuleVerdictWinDivertRegister
void TmModuleVerdictWinDivertRegister(void)
Definition: source-windivert.c:68
SCInstance_::progname
const char * progname
Definition: suricata.h:158
HostCleanup
void HostCleanup(void)
Cleanup the host engine.
Definition: host.c:343
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
FlowDisableFlowManagerThread
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
Definition: flow-manager.c:140
detect-engine-mpm.h
util-ebpf.h
SCInstance_::pcap_dev
char pcap_dev[128]
Definition: suricata.h:127
detect.h
SuricataMain
int SuricataMain(int argc, char **argv)
Definition: suricata.c:2702
UtilSignalUnblock
int UtilSignalUnblock(int signum)
Definition: util-signal.c:46
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3146
pkt-var.h
TmThreadClearThreadsFamily
void TmThreadClearThreadsFamily(int family)
Definition: tm-threads.c:1683
SC_ERR_PIDFILE_DAEMON
@ SC_ERR_PIDFILE_DAEMON
Definition: util-error.h:186
TmModuleRunInit
void TmModuleRunInit(void)
Definition: tm-modules.c:128
detect-engine-port.h
EngineModeSetIPS
void EngineModeSetIPS(void)
Definition: suricata.c:256
util-atomic.h
SCInstance_::user_name
const char * user_name
Definition: suricata.h:136
HTPAtExitPrintStats
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
Definition: app-layer-htp.c:2014
util-time.h
UtilSignalBlock
int UtilSignalBlock(int signum)
Definition: util-signal.c:29
SCProfilingPrefilterGlobalInit
void SCProfilingPrefilterGlobalInit(void)
Definition: util-profiling-prefilter.c:63
IPPairInitConfig
void IPPairInitConfig(char quiet)
initialize the configuration
Definition: ippair.c:168
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2431
GetProgramVersion
const char * GetProgramVersion(void)
get string with program version
Definition: suricata.c:1040
engine_analysis
int engine_analysis
app-layer-parser.h
SC_ERR_LIBCAP_NG_REQUIRED
@ SC_ERR_LIBCAP_NG_REQUIRED
Definition: util-error.h:190
TRUE
#define TRUE
Definition: suricata-common.h:33
SCGetGroupID
int SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
Definition: util-privs.c:213
TmModuleReceivePcapFileRegister
void TmModuleReceivePcapFileRegister(void)
Definition: source-pcap-file.c:112
source-pfring.h
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:277
SuricataContext_::FileCloseFileById
int(* FileCloseFileById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: rust-context.h:42
CoredumpLoadConfig
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
Definition: util-coredump-config.c:85
detect-engine-tag.h
IPFWRegisterQueue
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
Definition: source-ipfw.c:701
xstr
#define xstr(s)
Definition: suricata-common.h:267
util-profiling.h
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
AFPRunModeIsIPS
int AFPRunModeIsIPS()
Definition: runmode-af-packet.c:720
ListAppLayerProtocols
int ListAppLayerProtocols(const char *conf_filename)
Definition: util-running-modes.c:42
SCInstance_::offline
int offline
Definition: suricata.h:151
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:737
UtilCpuPrintSummary
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
Definition: util-cpu.c:169
TmThreadKillThreads
void TmThreadKillThreads(void)
Definition: tm-threads.c:1611
SC_ERR_FOPEN
@ SC_ERR_FOPEN
Definition: util-error.h:74
OutputDeregisterAll
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
Definition: output.c:798
PostConfLoadedDetectSetup
void PostConfLoadedDetectSetup(SCInstance *suri)
Definition: suricata.c:2312
EngineModeIsIDS
int EngineModeIsIDS(void)
Definition: suricata.c:251
TmModuleNapatechDecodeRegister
void TmModuleNapatechDecodeRegister(void)
Register the Napatech decoder module.
Definition: source-napatech.c:160
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:33
SuricataContext_::AppLayerParserTriggerRawStreamReassembly
void(* AppLayerParserTriggerRawStreamReassembly)(Flow *, int direction)
Definition: rust-context.h:37
conf-yaml-loader.h
StreamTcpFreeConfig
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:670
SC_WARN_FASTER_CAPTURE_AVAILABLE
@ SC_WARN_FASTER_CAPTURE_AVAILABLE
Definition: util-error.h:308
coverage_unittests
int coverage_unittests
Definition: suricata.c:830
RUNMODE_DUMP_CONFIG
@ RUNMODE_DUMP_CONFIG
Definition: runmodes.h:51
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:792
conf.h
source-ipfw.h
TMM_SIZE
@ TMM_SIZE
Definition: tm-threads-common.h:75
source-netmap.h
OutputNotifyFileRotation
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
Definition: output.c:869
util-magic.h
StorageFinalize
int StorageFinalize(void)
Definition: util-storage.c:139
SCInstance_::verbose
int verbose
Definition: suricata.h:152
util-radix-tree.h
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:97
TmEcode
TmEcode
Definition: tm-threads-common.h:79
source-windivert.h
FileOpenFileWithId
int FileOpenFileWithId(FileContainer *ffc, const StreamingBufferConfig *sbcfg, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags)
Open a new File.
Definition: util-file.c:920
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:621
SCInstance_::aux_run_mode
enum RunModes aux_run_mode
Definition: suricata.h:125
LiveGetDeviceNameCount
int LiveGetDeviceNameCount(void)
Get the number of pre registered devices.
Definition: util-device.c:197
util-plugin.h
flow-timeout.h
DEFAULT_PID_FILENAME
#define DEFAULT_PID_FILENAME
Definition: suricata.h:84
reputation.h
util-action.h
sighup_count
volatile sig_atomic_t sighup_count
Definition: suricata.c:181
ConfigSetDataDirectory
TmEcode ConfigSetDataDirectory(char *name)
Definition: util-conf.c:68
TmModuleDecodeErfDagRegister
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
Definition: source-erf-dag.c:150
SCInstance_::set_logdir
bool set_logdir
Definition: suricata.h:145
SCDropMainThreadCaps
#define SCDropMainThreadCaps(...)
Definition: util-privs.h:38
TmModuleDebugList
void TmModuleDebugList(void)
Definition: tm-modules.c:35
TmModuleDecodeNFQRegister
void TmModuleDecodeNFQRegister(void)
Definition: source-nfq.c:190
util-proto-name.h
STREAM_VERBOSE
#define STREAM_VERBOSE
Definition: stream-tcp.h:33
defrag.h
MpmTableSetup
void MpmTableSetup(void)
Definition: util-mpm.c:276
SCInstance_::log_dir
const char * log_dir
Definition: suricata.h:157
runmodes.h
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:266
source-nfq-prototypes.h
FileAppendDataById
int FileAppendDataById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer...
Definition: util-file.c:744
SCPluginsLoad
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args)
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
TmModuleReceiveNFLOGRegister
void TmModuleReceiveNFLOGRegister(void)
Definition: source-nflog.c:48
SC_ERR_INVALID_YAML_CONF_ENTRY
@ SC_ERR_INVALID_YAML_CONF_ENTRY
Definition: util-error.h:169
SCLogMessage
SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigned int line, const char *function, const SCError error_code, const char *message)
Adds the global log_format to the outgoing buffer.
Definition: util-debug.c:541
DEFAULT_PACKET_SIZE
#define DEFAULT_PACKET_SIZE
Definition: decode.h:631
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:37
DetectEngineStateFree
void DetectEngineStateFree(DetectEngineState *state)
Frees a DetectEngineState object.
Definition: detect-engine-state.c:174
util-host-os-info.h
TmModuleReceiveErfFileRegister
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-file.c:79
TmModule_
Definition: tm-modules.h:43
default_packet_size
uint32_t default_packet_size
Definition: decode.c:71
tm-queuehandlers.h
SuricataContext_::FilePrune
void(* FilePrune)(FileContainer *ffc)
Definition: rust-context.h:49
SURI_HOST_IS_ROUTER
@ SURI_HOST_IS_ROUTER
Definition: suricata.h:115
DETECT_ENGINE_TYPE_NORMAL
@ DETECT_ENGINE_TYPE_NORMAL
Definition: detect.h:742
PROG_NAME
#define PROG_NAME
Definition: suricata.h:71
TmThreadKillThreadsFamily
void TmThreadKillThreadsFamily(int family)
Definition: tm-threads.c:1582
detect-fast-pattern.h
app-layer-modbus.h
FeatureTrackingRelease
void FeatureTrackingRelease(void)
Definition: feature.c:134
SuricataContext_::FileAppendGAPById
int(* FileAppendGAPById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Definition: rust-context.h:46
app-layer-enip.h
TmqhCleanup
void TmqhCleanup(void)
Clean up registration time allocs.
Definition: tm-queuehandlers.c:49
RUNMODE_PFRING
@ RUNMODE_PFRING
Definition: runmodes.h:31
SC_ERR_NO_RULES_LOADED
@ SC_ERR_NO_RULES_LOADED
Definition: util-error.h:73
flow-manager.h
DecodeGlobalConfig
void DecodeGlobalConfig(void)
Definition: decode.c:765
SCInstance_::strict_rule_parsing_string
char * strict_rule_parsing_string
Definition: suricata.h:160
SuriHasSigFile
int SuriHasSigFile(void)
Definition: suricata.c:241
suricata-common.h
g_default_mtu
int g_default_mtu
Definition: suricata.c:219
sc_set_caps
int sc_set_caps
Definition: suricata.c:216
DetectEngineCtxInitStubForMT
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
Definition: detect-engine.c:1985
tm-queues.h
util-daemon.h
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:644
SCHInfoLoadFromConfig
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
Definition: util-host-os-info.c:333
DetectEngineBumpVersion
void DetectEngineBumpVersion(void)
Definition: detect-engine.c:3170
util-decode-mime.h
AppLayerDecoderEventsSetEventRaw
void AppLayerDecoderEventsSetEventRaw(AppLayerDecoderEvents **sevents, uint8_t event)
Set an app layer decoder event.
Definition: app-layer-events.c:89
SC_ERR_PCAP_TRANSLATE
@ SC_ERR_PCAP_TRANSLATE
Definition: util-error.h:233
TmModuleFlowManagerRegister
void TmModuleFlowManagerRegister(void)
Definition: flow-manager.c:1355
util-spm.h
SCPidfileTestRunning
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
Definition: util-pidfile.c:105
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
HostShutdown
void HostShutdown(void)
shutdown the flow engine
Definition: host.c:305
DOC_URL
#define DOC_URL
Definition: suricata.h:86
output-filestore.h
TmModuleDecodePfringRegister
void TmModuleDecodePfringRegister(void)
Registration Function for DecodePfring.
Definition: source-pfring.c:177
LiveSetOffloadWarn
void LiveSetOffloadWarn(void)
Definition: util-device.c:74
ParseSizeDeinit
void ParseSizeDeinit(void)
Definition: util-misc.c:54
util-classification-config.h
RunModeRegisterRunModes
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
Definition: runmodes.c:214
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(x,...)
Definition: util-debug.h:532
ConfGetChildValueBool
int ConfGetChildValueBool(const ConfNode *base, const char *name, int *val)
Definition: conf.c:529
SCProfilingDump
void SCProfilingDump(void)
Definition: util-profiling.c:294
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:387
SCInstance_::sig_file
char * sig_file
Definition: suricata.h:128
SC_ERR_NO_AF_PACKET
@ SC_ERR_NO_AF_PACKET
Definition: util-error.h:225
ParseSizeStringU32
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:185
SC_ERR_BPF
@ SC_ERR_BPF
Definition: util-error.h:157
TmModuleReceiveErfDagRegister
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-dag.c:132
DetectEngineMultiTenantSetup
int DetectEngineMultiTenantSetup(void)
setup multi-detect / multi-tenancy
Definition: detect-engine.c:3554
IPPairBitInitCtx
void IPPairBitInitCtx(void)
Definition: ippair-bit.c:49
SCClassConfInit
void SCClassConfInit(void)
Definition: util-classification-config.c:64
RunmodeGetCurrent
int RunmodeGetCurrent(void)
Definition: suricata.c:274
ConfigSetLogDirectory
TmEcode ConfigSetLogDirectory(const char *name)
Definition: util-conf.c:30
CIDRInit
void CIDRInit(void)
Definition: util-cidr.c:31
threadvars.h
TmModuleDecodeIPFWRegister
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
Definition: source-ipfw.c:186
source-af-packet.h
RUNMODE_NFQ
@ RUNMODE_NFQ
Definition: runmodes.h:32
ConfSetFromString
int ConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
Definition: conf.c:244
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
g_vlan_mask
uint16_t g_vlan_mask
Definition: suricata.c:232
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:626
sigusr2_count
volatile sig_atomic_t sigusr2_count
Definition: suricata.c:183
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:54
RUNMODE_PRINT_VERSION
@ RUNMODE_PRINT_VERSION
Definition: runmodes.h:48
TmModuleDecodePcapRegister
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
Definition: source-pcap.c:147
util-running-modes.h
unix-manager.h
LiveDeviceListClean
int LiveDeviceListClean()
Definition: util-device.c:347
str
#define str(s)
Definition: suricata-common.h:268
ConfigCheckDataDirectory
TmEcode ConfigCheckDataDirectory(const char *data_dir)
Definition: util-conf.c:101
SCInstance_::sig_file_exclusive
int sig_file_exclusive
Definition: suricata.h:129
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:213
ConfigGetLogDirectory
const char * ConfigGetLogDirectory()
Definition: util-conf.c:35
DetectEngineReloadStart
int DetectEngineReloadStart(void)
Definition: detect-engine.c:1488
SC_ERR_NO_NETMAP
@ SC_ERR_NO_NETMAP
Definition: util-error.h:294
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:244
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DEFAULT_CONF_FILE
#define DEFAULT_CONF_FILE
Definition: suricata.h:80
ConfNode_
Definition: conf.h:32
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:226
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
TmModuleReceivePcapRegister
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
Definition: source-pcap.c:130
util-ioctl.h
detect-parse.h
SCInstance_::system
bool system
Definition: suricata.h:144
SCInstance_::pid_filename
char * pid_filename
Definition: suricata.h:130
TmModuleRespondRejectRegister
void TmModuleRespondRejectRegister(void)
Definition: respond-reject.c:49
CoredumpEnable
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
Definition: util-coredump-config.c:53
RunUnittests
void RunUnittests(int list_unittests, const char *regex_arg)
Definition: runmode-unittests.c:218
source-erf-file.h
ConfigCheckLogDirectoryExists
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
Definition: util-conf.c:53
StreamTcpInitConfig
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
TimeDeinit
void TimeDeinit(void)
Definition: util-time.c:85
PacketAlertTagInit
void PacketAlertTagInit(void)
Definition: detect-engine-alert.c:37
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:1995
AppLayerRegisterParser
int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
App layer protocol registration function.
Definition: app-layer-register.c:93
tmqh-flow.h
RUNMODE_WINDIVERT
@ RUNMODE_WINDIVERT
Definition: runmodes.h:42
SCProfilingRulesGlobalInit
void SCProfilingRulesGlobalInit(void)
Definition: util-profiling-rules.c:114
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:246
SC_ERR_MEM_ALLOC
@ SC_ERR_MEM_ALLOC
Definition: util-error.h:31
TmModuleNapatechStreamRegister
void TmModuleNapatechStreamRegister(void)
Register the Napatech receiver (reader) module.
Definition: source-napatech.c:128
SCProfilingKeywordsGlobalInit
void SCProfilingKeywordsGlobalInit(void)
Definition: util-profiling-keywords.c:69
suricata.h
ConfGetValue
int ConfGetValue(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:359
SC_ERR_NFLOG_NOSUPPORT
@ SC_ERR_NFLOG_NOSUPPORT
Definition: util-error.h:278
EngineDone
void EngineDone(void)
Used to indicate that the current task is done.
Definition: suricata.c:398
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:39
app-layer-smb.h
GetDocURL
const char * GetDocURL(void)
Definition: suricata.c:1019
util-mpm-hs.h
SC_ERR_LOGDIR_CMDLINE
@ SC_ERR_LOGDIR_CMDLINE
Definition: util-error.h:147
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
Definition: suricata.c:2040
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:721
SuricataContext_::FileOpenFileWithId
int(* FileOpenFileWithId)(FileContainer *, const StreamingBufferConfig *, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: rust-context.h:39
SC_ERR_LIBNET_NOT_ENABLED
@ SC_ERR_LIBNET_NOT_ENABLED
Definition: util-error.h:178
NFQContextsClean
void NFQContextsClean()
Clean global contexts. Must be called on exit.
Definition: source-nfq.c:1274
SuricataContext_::FileContainerRecycle
void(* FileContainerRecycle)(FileContainer *ffc)
Definition: rust-context.h:48
ConfSet
int ConfSet(const char *name, const char *val)
Set a configuration value.
Definition: conf.c:219
DetectEngineReload
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
Definition: detect-engine.c:4010
SCInstance_::do_setgid
uint8_t do_setgid
Definition: suricata.h:139
DEFAULT_MAX_PENDING_PACKETS
#define DEFAULT_MAX_PENDING_PACKETS
Definition: suricata.c:193
SCInstance_
Definition: suricata.h:123
TmThreadCheckThreadState
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
Definition: tm-threads.c:1877
OutputFilestoreRegisterGlobalCounters
void OutputFilestoreRegisterGlobalCounters(void)
Definition: output-filestore.c:544
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:2654
SC_ERR_INITIALIZATION
@ SC_ERR_INITIALIZATION
Definition: util-error.h:75
SCInstance_::disabled_detect
int disabled_detect
Definition: suricata.h:149
app-layer-smtp.h
FileCloseFileById
int FileCloseFileById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: util-file.c:1024
SCProfilingSghsGlobalInit
void SCProfilingSghsGlobalInit(void)
Definition: util-profiling-rulegroups.c:71
SCPidfileCreate
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
Definition: util-pidfile.c:41
LiveRegisterDeviceName
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
Definition: util-device.c:95
ENGINE_MODE_IDS
@ ENGINE_MODE_IDS
Definition: suricata.h:103
LiveDeviceFinalize
void LiveDeviceFinalize(void)
Definition: util-device.c:469
PROG_VER
#define PROG_VER
Definition: suricata.h:72
util-misc.h
PacketPoolDestroy
void PacketPoolDestroy(void)
Definition: tmqh-packetpool.c:335
HTPFreeConfig
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
Definition: app-layer-htp.c:2027
flow.h
suricata_context
SuricataContext suricata_context
Definition: rust-context.c:21
respond-reject.h
SCInstance_::regex_arg
char * regex_arg
Definition: suricata.h:131
ListKeywords
int ListKeywords(const char *keyword_info)
Definition: util-running-modes.c:32
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:232
SCProtoNameDeInit
void SCProtoNameDeInit()
Function to clears the memory used in storing the protocol names.
Definition: util-proto-name.c:118
FileContainerRecycle
void FileContainerRecycle(FileContainer *ffc)
Recycle a FileContainer.
Definition: util-file.c:443
StatsReleaseResources
void StatsReleaseResources()
Releases the resources alloted by the Stats API.
Definition: counters.c:1252
RUNMODE_AFP_DEV
@ RUNMODE_AFP_DEV
Definition: runmodes.h:37
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
SCPidfileRemove
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
Definition: util-pidfile.c:83
flow-var.h
SC_ERR_NAPATECH_REQUIRED
@ SC_ERR_NAPATECH_REQUIRED
Definition: util-error.h:249
ThresholdInit
void ThresholdInit(void)
Definition: detect-engine-threshold.c:80
TimeInit
void TimeInit(void)
Definition: util-time.c:77
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
SCInstance_::keyword_info
char * keyword_info
Definition: suricata.h:133
RUNMODE_PLUGIN
@ RUNMODE_PLUGIN
Definition: runmodes.h:43
SC_ERR_LOGDIR_CONFIG
@ SC_ERR_LOGDIR_CONFIG
Definition: util-error.h:146
SC_ERR_MULTIPLE_RUN_MODE
@ SC_ERR_MULTIPLE_RUN_MODE
Definition: util-error.h:156
SCInstance_::do_setuid
uint8_t do_setuid
Definition: suricata.h:138
app-layer-ssl.h
NetmapRunModeIsIPS
int NetmapRunModeIsIPS(void)
SCProfilingInit
void SCProfilingInit(void)
Initialize profiling.
Definition: util-profiling.c:140
g_ut_modules
int g_ut_modules
Definition: suricata.c:831
detect-engine-address.h
RUNMODE_IPFW
@ RUNMODE_IPFW
Definition: runmodes.h:34
output.h
util-storage.h
DetectEngineCtx_::failure_fatal
int failure_fatal
Definition: detect.h:757
util-threshold-config.h
DefragInit
void DefragInit(void)
Definition: defrag.c:1064
DetectEngineReloadIsStart
int DetectEngineReloadIsStart(void)
Definition: detect-engine.c:1502
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:196
host-bit.h
detect-engine-threshold.h
SC_ERR_NO_PF_RING
@ SC_ERR_NO_PF_RING
Definition: util-error.h:60
RUNMODE_LIST_UNITTEST
@ RUNMODE_LIST_UNITTEST
Definition: runmodes.h:53
app-layer.h
TagDestroyCtx
void TagDestroyCtx(void)
Destroy tag context hash tables.
Definition: detect-engine-tag.c:71
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1226
g_disable_randomness
int g_disable_randomness
Definition: suricata.c:225
GetIfaceMTU
int GetIfaceMTU(const char *pcap_dev)
output the link MTU
Definition: util-ioctl.c:91
MpmHSGlobalCleanup
void MpmHSGlobalCleanup(void)
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:236
TmqResetQueues
void TmqResetQueues(void)
Definition: tm-queues.c:80