Go to the documentation of this file.
34 #ifdef HAVE_SYS_RESOURCE_H
36 #include <sys/resource.h>
41 #include <systemd/sd-daemon.h>
170 #define DEFAULT_MAX_PENDING_PACKETS 1024
198 #ifndef AFLFUZZ_NO_RANDOM
273 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
274 static void SignalHandlerSigint(
int sig)
278 static void SignalHandlerSigterm(
int sig)
284 #define UNW_LOCAL_ONLY
285 #include <libunwind.h>
286 static void SignalHandlerUnexpected(
int sig_num, siginfo_t *info,
void *context)
291 signal(SIGABRT, SIG_DFL);
292 signal(SIGSEGV, SIG_DFL);
294 if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
295 SCLogError(
"unable to obtain stack trace: unw_init_local: %s", unw_strerror(r));
304 if (unw_is_signal_frame(&cursor) == 0) {
307 if (unw_get_proc_name(&cursor, name,
sizeof(name), &off) == UNW_ENOMEM) {
316 r = unw_step(&cursor);
326 kill(getpid(), sig_num);
328 #undef UNW_LOCAL_ONLY
338 static void SignalHandlerSigusr2(
int sig)
348 static void SignalHandlerSigHup(
int sig)
397 #ifdef HAVE_AF_PACKET
405 #ifdef BUILD_HYPERSCAN
411 LuajitFreeStatesPool();
428 static void OnNotifyRunning(
void)
431 if (sd_notify(0,
"READY=1") < 0) {
459 static int SetBpfString(
int argc,
char *argv[])
461 char *bpf_filter = NULL;
462 uint32_t bpf_len = 0;
467 while(argv[tmpindex] != NULL) {
468 bpf_len+=strlen(argv[tmpindex]) + 1;
480 while(argv[tmpindex] != NULL) {
481 strlcat(bpf_filter, argv[tmpindex],bpf_len);
482 if(argv[tmpindex + 1] != NULL) {
483 strlcat(bpf_filter,
" ", bpf_len);
488 if(strlen(bpf_filter) > 0) {
500 static void SetBpfStringFromFile(
char *filename)
502 char *bpf_filter = NULL;
503 char *bpf_comment_tmp = NULL;
504 char *bpf_comment_start = NULL;
505 uint32_t bpf_len = 0;
510 fp = fopen(filename,
"r");
512 SCLogError(
"Failed to open file %s", filename);
517 SCLogError(
"Failed to stat file %s", filename);
520 bpf_len = st.st_size + 1;
524 SCLogError(
"Failed to allocate buffer for bpf filter in file %s", filename);
528 nm = fread(bpf_filter, 1, bpf_len - 1, fp);
529 if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
530 SCLogError(
"Failed to read complete BPF file %s", filename);
536 bpf_filter[nm] =
'\0';
538 if(strlen(bpf_filter) > 0) {
540 bpf_comment_start = bpf_filter;
541 while((bpf_comment_tmp = strchr(bpf_comment_start,
'#')) != NULL) {
542 while((*bpf_comment_tmp !=
'\0') &&
543 (*bpf_comment_tmp !=
'\r') && (*bpf_comment_tmp !=
'\n'))
545 *bpf_comment_tmp++ =
' ';
547 bpf_comment_start = bpf_comment_tmp;
550 while((bpf_comment_tmp = strchr(bpf_filter,
'\r')) != NULL) {
551 *bpf_comment_tmp =
' ';
553 while((bpf_comment_tmp = strchr(bpf_filter,
'\n')) != NULL) {
554 *bpf_comment_tmp =
' ';
557 while (strlen(bpf_filter) > 0 &&
558 bpf_filter[strlen(bpf_filter)-1] ==
' ')
560 bpf_filter[strlen(bpf_filter)-1] =
'\0';
562 if (strlen(bpf_filter) > 0) {
572 static void PrintUsage(
const char *progname)
579 printf(
"USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
580 printf(
"\t-c <path> : path to configuration file\n");
581 printf(
"\t-T : test configuration file (use with -c)\n");
582 printf(
"\t-i <dev or ip> : run in pcap live mode\n");
583 printf(
"\t-F <bpf filter file> : bpf filter file\n");
584 printf(
"\t-r <path> : run in pcap file/offline mode\n");
586 printf(
"\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
589 printf(
"\t-d <divert port> : run in inline ipfw divert mode\n");
591 printf(
"\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
592 printf(
"\t-S <path> : path to signature file loaded exclusively (optional)\n");
593 printf(
"\t-l <dir> : default log directory\n");
595 printf(
"\t-D : run as daemon\n");
597 printf(
"\t--service-install : install as service\n");
598 printf(
"\t--service-remove : remove service\n");
599 printf(
"\t--service-change-params : change service startup parameters\n");
601 printf(
"\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
602 printf(
"\t-V : display Suricata version\n");
603 printf(
"\t-v : be more verbose (use multiple times to increase verbosity)\n");
605 printf(
"\t-u : run the unittests and exit\n");
606 printf(
"\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
607 printf(
"\t--list-unittests : list unit tests\n");
608 printf(
"\t--fatal-unittests : enable fatal failure on unittest error\n");
609 printf(
"\t--unittests-coverage : display unittest coverage report\n");
611 printf(
"\t--list-app-layer-protos : list supported app layer protocols\n");
612 printf(
"\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
613 printf(
"\t--list-runmodes : list supported runmodes\n");
614 printf(
"\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
615 "\t supplied should be the id for the runmode obtained by running\n"
616 "\t --list-runmodes\n");
617 printf(
"\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
618 "\t Please have a look at the conf parameter engine-analysis on what reports\n"
619 "\t can be printed\n");
620 printf(
"\t--pidfile <file> : write pid to this file\n");
621 printf(
"\t--init-errors-fatal : enable fatal failure on signature init error\n");
622 printf(
"\t--disable-detection : disable detection engine\n");
623 printf(
"\t--dump-config : show the running configuration\n");
624 printf(
"\t--dump-features : display provided features\n");
625 printf(
"\t--build-info : display build information\n");
626 printf(
"\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
627 printf(
"\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
628 printf(
"\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
629 printf(
"\t--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)\n");
630 #ifdef HAVE_PCAP_SET_BUFF
631 printf(
"\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
634 printf(
"\t--dpdk : run in dpdk mode, uses interfaces from "
637 #ifdef HAVE_AF_PACKET
638 printf(
"\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
641 printf(
"\t--af-xdp[=<dev>] : run in af-xdp mode, no value select "
642 "interfaces from suricata.yaml\n");
645 printf(
"\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
648 printf(
"\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
649 printf(
"\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
650 printf(
"\t--pfring-cluster-id <id> : pfring cluster id \n");
651 printf(
"\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
653 printf(
"\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
654 #ifdef HAVE_LIBCAP_NG
655 printf(
"\t--user <user> : run suricata as this user after init\n");
656 printf(
"\t--group <group> : run suricata as this group after init\n");
658 printf(
"\t--erf-in <path> : process an ERF file\n");
660 printf(
"\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
663 printf(
"\t--napatech : run Napatech Streams using the API\n");
665 #ifdef BUILD_UNIX_SOCKET
666 printf(
"\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
669 printf(
"\t--windivert <filter> : run in inline WinDivert mode\n");
670 printf(
"\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
673 printf(
"\t--reject-dev <dev> : send reject packets from this interface\n");
675 printf(
"\t--include <path> : additional configuration file\n");
676 printf(
"\t--set name=value : set a configuration value\n");
678 printf(
"\nTo run the engine with default configuration on "
679 "interface eth0 with signature file \"signatures.rules\", run the "
680 "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
684 static void PrintBuildInfo(
void)
688 char features[2048] =
"";
693 strlcat(features,
"DEBUG ",
sizeof(features));
695 #ifdef DEBUG_VALIDATION
696 strlcat(features,
"DEBUG_VALIDATION ",
sizeof(features));
699 strlcat(features,
"UNITTESTS ",
sizeof(features));
702 strlcat(features,
"NFQ ",
sizeof(features));
705 strlcat(features,
"IPFW ",
sizeof(features));
707 #ifdef HAVE_PCAP_SET_BUFF
708 strlcat(features,
"PCAP_SET_BUFF ",
sizeof(features));
711 strlcat(features,
"PF_RING ",
sizeof(features));
713 #ifdef HAVE_AF_PACKET
714 strlcat(features,
"AF_PACKET ",
sizeof(features));
717 strlcat(features,
"NETMAP ",
sizeof(features));
719 #ifdef HAVE_PACKET_FANOUT
720 strlcat(features,
"HAVE_PACKET_FANOUT ",
sizeof(features));
723 strlcat(features,
"DAG ",
sizeof(features));
725 #ifdef HAVE_LIBCAP_NG
726 strlcat(features,
"LIBCAP_NG ",
sizeof(features));
729 strlcat(features,
"LIBNET1.1 ",
sizeof(features));
731 #ifdef HAVE_HTP_URI_NORMALIZE_HOOK
732 strlcat(features,
"HAVE_HTP_URI_NORMALIZE_HOOK ",
sizeof(features));
734 #ifdef PCRE2_HAVE_JIT
735 strlcat(features,
"PCRE_JIT ",
sizeof(features));
738 strlcat(features,
"HAVE_NSS ",
sizeof(features));
740 strlcat(features,
"HTTP2_DECOMPRESSION ",
sizeof(features));
742 strlcat(features,
"HAVE_LUA ",
sizeof(features));
745 strlcat(features,
"HAVE_LUAJIT ",
sizeof(features));
747 strlcat(features,
"HAVE_LIBJANSSON ",
sizeof(features));
749 strlcat(features,
"PROFILING ",
sizeof(features));
751 #ifdef PROFILE_LOCKING
752 strlcat(features,
"PROFILE_LOCKING ",
sizeof(features));
754 #if defined(TLS_C11) || defined(TLS_GNU)
755 strlcat(features,
"TLS ",
sizeof(features));
758 strlcat(features,
"TLS_C11 ",
sizeof(features));
759 #elif defined(TLS_GNU)
760 strlcat(features,
"TLS_GNU ",
sizeof(features));
763 strlcat(features,
"MAGIC ",
sizeof(features));
765 strlcat(features,
"RUST ",
sizeof(features));
766 #if defined(SC_ADDRESS_SANITIZER)
767 strlcat(features,
"ASAN ",
sizeof(features));
769 #if defined(HAVE_POPCNT64)
770 strlcat(features,
"POPCNT64 ",
sizeof(features));
772 if (strlen(features) == 0) {
773 strlcat(features,
"none",
sizeof(features));
776 printf(
"Features: %s\n", features);
779 memset(features, 0x00,
sizeof(features));
780 #if defined(__SSE4_2__)
781 strlcat(features,
"SSE_4_2 ",
sizeof(features));
783 #if defined(__SSE4_1__)
784 strlcat(features,
"SSE_4_1 ",
sizeof(features));
786 #if defined(__SSE3__)
787 strlcat(features,
"SSE_3 ",
sizeof(features));
789 #if defined(__SSE2__)
790 strlcat(features,
"SSE_2 ",
sizeof(features));
792 if (strlen(features) == 0) {
793 strlcat(features,
"none",
sizeof(features));
795 printf(
"SIMD support: %s\n", features);
798 memset(features, 0x00,
sizeof(features));
799 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
800 strlcat(features,
"1 ",
sizeof(features));
802 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
803 strlcat(features,
"2 ",
sizeof(features));
805 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
806 strlcat(features,
"4 ",
sizeof(features));
808 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
809 strlcat(features,
"8 ",
sizeof(features));
811 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
812 strlcat(features,
"16 ",
sizeof(features));
814 if (strlen(features) == 0) {
815 strlcat(features,
"none",
sizeof(features));
817 strlcat(features,
"byte(s)",
sizeof(features));
819 printf(
"Atomic intrinsics: %s\n", features);
823 #elif __WORDSIZE == 32
826 bits =
"<unknown>-bits";
829 #if __BYTE_ORDER == __BIG_ENDIAN
830 endian =
"Big-endian";
831 #elif __BYTE_ORDER == __LITTLE_ENDIAN
832 endian =
"Little-endian";
834 endian =
"<unknown>-endian";
837 printf(
"%s, %s architecture\n", bits, endian);
839 printf(
"GCC version %s, C version %"PRIiMAX
"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
841 printf(
"C version %"PRIiMAX
"\n", (intmax_t)__STDC_VERSION__);
845 printf(
"compiled with -fstack-protector\n");
848 printf(
"compiled with -fstack-protector-all\n");
857 #if _FORTIFY_SOURCE == 2
858 printf(
"compiled with _FORTIFY_SOURCE=2\n");
859 #elif _FORTIFY_SOURCE == 1
860 printf(
"compiled with _FORTIFY_SOURCE=1\n");
861 #elif _FORTIFY_SOURCE == 0
862 printf(
"compiled with _FORTIFY_SOURCE=0\n");
865 printf(
"L1 cache line size (CLS)=%d\n",
CLS);
868 tls =
"_Thread_local";
869 #elif defined(TLS_GNU)
872 #error "Unsupported thread local"
874 printf(
"thread local storage method: %s\n", tls);
876 printf(
"compiled with %s, linked against %s\n",
877 HTP_VERSION_STRING_FULL, htp_get_version());
879 #include "build-info.h"
976 static TmEcode ParseInterfacesList(
const int runmode,
char *pcap_dev)
982 if (strlen(pcap_dev) == 0) {
985 SCLogError(
"No interface found in config for pcap");
992 if (strlen(pcap_dev)) {
993 if (
ConfSetFinal(
"pfring.live-interface", pcap_dev) != 1) {
994 SCLogError(
"Failed to set pfring.live-interface");
1003 char iface_selector[] =
"dpdk.interfaces";
1006 SCLogError(
"No interface found in config for %s", iface_selector);
1010 #ifdef HAVE_AF_PACKET
1013 if (strlen(pcap_dev)) {
1014 if (
ConfSetFinal(
"af-packet.live-interface", pcap_dev) != 1) {
1015 SCLogError(
"Failed to set af-packet.live-interface");
1021 SCLogError(
"No interface found in config for af-packet");
1029 if (strlen(pcap_dev)) {
1030 if (
ConfSetFinal(
"af-xdp.live-interface", pcap_dev) != 1) {
1031 SCLogError(
"Failed to set af-xdp.live-interface");
1037 SCLogError(
"No interface found in config for af-xdp");
1045 if (strlen(pcap_dev)) {
1046 if (
ConfSetFinal(
"netmap.live-interface", pcap_dev) != 1) {
1047 SCLogError(
"Failed to set netmap.live-interface");
1053 SCLogError(
"No interface found in config for netmap");
1062 SCLogError(
"No group found in config for nflog");
1071 static void SCInstanceInit(
SCInstance *suri,
const char *progname)
1073 memset(suri, 0x00,
sizeof(*suri));
1100 #if HAVE_DETECT_DISABLED==1
1110 if (strstr(prog_ver,
"RELEASE") != NULL) {
1130 if (strstr(
PROG_VER,
"-dev") == NULL) {
1141 static TmEcode PrintVersion(
void)
1149 const char *mode = suri->
system ?
"SYSTEM" :
"USER";
1150 SCLogNotice(
"This is %s version %s running in %s mode",
1161 static void SCPrintElapsedTime(
struct timeval *start_time)
1163 if (start_time == NULL)
1165 struct timeval end_time;
1166 memset(&end_time, 0,
sizeof(end_time));
1167 gettimeofday(&end_time, NULL);
1168 uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1169 (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1170 SCLogInfo(
"time elapsed %.3fs", (
float)milliseconds/(
float)1000);
1173 static int ParseCommandLineAfpacket(
SCInstance *suri,
const char *in_arg)
1175 #ifdef HAVE_AF_PACKET
1187 SCLogInfo(
"Multiple af-packet option without interface on each is useless");
1191 "has been specified");
1197 SCLogError(
"AF_PACKET not enabled. On Linux "
1198 "host, make sure to pass --enable-af-packet to "
1199 "configure when building.");
1204 static int ParseCommandLineAfxdp(
SCInstance *suri,
const char *in_arg)
1218 SCLogInfo(
"Multiple af-xdp options without interface on each is useless");
1222 "has been specified");
1229 "host, make sure correct libraries are installed,"
1230 " see documentation for information.");
1235 static int ParseCommandLineDpdk(
SCInstance *suri,
const char *in_arg)
1241 SCLogInfo(
"Multiple dpdk options have no effect on Suricata");
1244 "has been specified");
1251 "host, make sure to pass --enable-dpdk to "
1252 "configure when building.");
1257 static int ParseCommandLinePcapLive(
SCInstance *suri,
const char *in_arg)
1259 #if defined(OS_WIN32) && !defined(HAVE_LIBWPCAP)
1261 FatalError(
"Live capture not available. To support live capture compile against Npcap.");
1265 if (in_arg != NULL) {
1268 if (strlen(in_arg) > 9 && strncmp(in_arg,
"DeviceNPF", 9) == 0) {
1269 snprintf(suri->
pcap_dev,
sizeof(suri->
pcap_dev),
"\\Device\\NPF%s", in_arg+9);
1275 if (strcmp(suri->
pcap_dev, in_arg) != 0) {
1277 }
else if (strlen(suri->
pcap_dev) > 0 && isdigit((
unsigned char)suri->
pcap_dev[0])) {
1278 SCLogError(
"failed to find a pcap device for IP %s", in_arg);
1292 "has been specified");
1302 static bool IsLogDirectoryWritable(
const char*
str)
1304 if (access(
str, W_OK) == 0)
1315 int dump_config = 0;
1316 int dump_features = 0;
1317 int list_app_layer_protocols = 0;
1318 int list_unittests = 0;
1319 int list_runmodes = 0;
1320 int list_keywords = 0;
1333 struct option long_opts[] = {
1334 {
"dump-config", 0, &dump_config, 1},
1335 {
"dump-features", 0, &dump_features, 1},
1336 {
"pfring", optional_argument, 0, 0},
1337 {
"pfring-int", required_argument, 0, 0},
1338 {
"pfring-cluster-id", required_argument, 0, 0},
1339 {
"pfring-cluster-type", required_argument, 0, 0},
1343 {
"af-packet", optional_argument, 0, 0},
1344 {
"af-xdp", optional_argument, 0, 0},
1345 {
"netmap", optional_argument, 0, 0},
1346 {
"pcap", optional_argument, 0, 0},
1347 {
"pcap-file-continuous", 0, 0, 0},
1348 {
"pcap-file-delete", 0, 0, 0},
1349 {
"pcap-file-recursive", 0, 0, 0},
1350 {
"simulate-ips", 0, 0 , 0},
1352 {
"strict-rule-keywords", optional_argument, 0, 0},
1354 {
"capture-plugin", required_argument, 0, 0},
1355 {
"capture-plugin-args", required_argument, 0, 0},
1357 #ifdef BUILD_UNIX_SOCKET
1358 {
"unix-socket", optional_argument, 0, 0},
1360 {
"pcap-buffer-size", required_argument, 0, 0},
1361 {
"unittest-filter", required_argument, 0,
'U'},
1362 {
"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1363 {
"list-unittests", 0, &list_unittests, 1},
1364 {
"list-runmodes", 0, &list_runmodes, 1},
1365 {
"list-keywords", optional_argument, &list_keywords, 1},
1366 {
"runmode", required_argument, NULL, 0},
1369 {
"service-install", 0, 0, 0},
1370 {
"service-remove", 0, 0, 0},
1371 {
"service-change-params", 0, 0, 0},
1373 {
"pidfile", required_argument, 0, 0},
1374 {
"init-errors-fatal", 0, 0, 0},
1375 {
"disable-detection", 0, 0, 0},
1376 {
"disable-hashing", 0, 0, 0},
1377 {
"fatal-unittests", 0, 0, 0},
1379 {
"user", required_argument, 0, 0},
1380 {
"group", required_argument, 0, 0},
1381 {
"erf-in", required_argument, 0, 0},
1382 {
"dag", required_argument, 0, 0},
1383 {
"napatech", 0, 0, 0},
1384 {
"build-info", 0, &build_info, 1},
1385 {
"data-dir", required_argument, 0, 0},
1387 {
"windivert", required_argument, 0, 0},
1388 {
"windivert-forward", required_argument, 0, 0},
1390 #ifdef HAVE_LIBNET11
1391 {
"reject-dev", required_argument, 0, 0},
1393 {
"set", required_argument, 0, 0},
1395 {
"nflog", optional_argument, 0, 0},
1397 {
"simulate-packet-flow-memcap", required_argument, 0, 0},
1398 {
"simulate-applayer-error-at-offset-ts", required_argument, 0, 0},
1399 {
"simulate-applayer-error-at-offset-tc", required_argument, 0, 0},
1400 {
"simulate-packet-loss", required_argument, 0, 0},
1401 {
"simulate-packet-tcp-reassembly-memcap", required_argument, 0, 0},
1402 {
"simulate-packet-tcp-ssn-memcap", required_argument, 0, 0},
1403 {
"simulate-packet-defrag-memcap", required_argument, 0, 0},
1404 {
"simulate-alert-queue-realloc-failure", 0, 0, 0},
1408 {
"include", required_argument, 0, 0},
1415 int option_index = 0;
1417 char short_opts[] =
"c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1419 while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1422 if (strcmp((long_opts[option_index]).name ,
"pfring") == 0 ||
1423 strcmp((long_opts[option_index]).name ,
"pfring-int") == 0) {
1426 if (optarg != NULL) {
1429 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1430 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1435 "to pass --enable-pfring to configure when building.");
1439 else if(strcmp((long_opts[option_index]).name ,
"pfring-cluster-id") == 0){
1442 SCLogError(
"failed to set pfring.cluster-id");
1447 "to pass --enable-pfring to configure when building.");
1451 else if(strcmp((long_opts[option_index]).name ,
"pfring-cluster-type") == 0){
1453 if (
ConfSetFinal(
"pfring.cluster-type", optarg) != 1) {
1454 SCLogError(
"failed to set pfring.cluster-type");
1459 "to pass --enable-pfring to configure when building.");
1463 else if (strcmp((long_opts[option_index]).name ,
"capture-plugin") == 0){
1467 else if (strcmp((long_opts[option_index]).name ,
"capture-plugin-args") == 0){
1469 }
else if (strcmp((long_opts[option_index]).name,
"dpdk") == 0) {
1470 if (ParseCommandLineDpdk(suri, optarg) !=
TM_ECODE_OK) {
1473 }
else if (strcmp((long_opts[option_index]).name,
"af-packet") == 0) {
1474 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1477 }
else if (strcmp((long_opts[option_index]).name,
"af-xdp") == 0) {
1478 if (ParseCommandLineAfxdp(suri, optarg) !=
TM_ECODE_OK) {
1481 }
else if (strcmp((long_opts[option_index]).name,
"netmap") == 0) {
1489 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1490 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1496 SCLogInfo(
"Multiple netmap option without interface on each is useless");
1501 "has been specified");
1502 PrintUsage(argv[0]);
1509 }
else if (strcmp((long_opts[option_index]).name,
"nflog") == 0) {
1519 }
else if (strcmp((long_opts[option_index]).name,
"pcap") == 0) {
1520 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1523 }
else if (strcmp((long_opts[option_index]).name,
"simulate-ips") == 0) {
1526 }
else if (strcmp((long_opts[option_index]).name,
"init-errors-fatal") == 0) {
1527 if (
ConfSetFinal(
"engine.init-failure-fatal",
"1") != 1) {
1528 SCLogError(
"failed to set engine init-failure-fatal");
1531 #ifdef BUILD_UNIX_SOCKET
1532 }
else if (strcmp((long_opts[option_index]).name ,
"unix-socket") == 0) {
1536 if (
ConfSetFinal(
"unix-command.filename", optarg) != 1) {
1537 SCLogError(
"failed to set unix-command.filename");
1544 "has been specified");
1545 PrintUsage(argv[0]);
1550 else if(strcmp((long_opts[option_index]).name,
"list-app-layer-protocols") == 0) {
1553 else if(strcmp((long_opts[option_index]).name,
"list-unittests") == 0) {
1557 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to "
1558 "configure when building");
1561 }
else if (strcmp((long_opts[option_index]).name,
"list-runmodes") == 0) {
1564 }
else if (strcmp((long_opts[option_index]).name,
"list-keywords") == 0) {
1566 if (strcmp(
"short",optarg)) {
1570 }
else if (strcmp((long_opts[option_index]).name,
"runmode") == 0) {
1572 }
else if(strcmp((long_opts[option_index]).name,
"engine-analysis") == 0) {
1576 else if(strcmp((long_opts[option_index]).name,
"service-install") == 0) {
1577 suri->
run_mode = RUNMODE_INSTALL_SERVICE;
1580 else if(strcmp((long_opts[option_index]).name,
"service-remove") == 0) {
1581 suri->
run_mode = RUNMODE_REMOVE_SERVICE;
1584 else if(strcmp((long_opts[option_index]).name,
"service-change-params") == 0) {
1585 suri->
run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1589 else if(strcmp((long_opts[option_index]).name,
"pidfile") == 0) {
1592 SCLogError(
"strdup failed: %s", strerror(errno));
1596 else if(strcmp((long_opts[option_index]).name,
"disable-detection") == 0) {
1598 }
else if (strcmp((long_opts[option_index]).name,
"disable-hashing") == 0) {
1600 }
else if (strcmp((long_opts[option_index]).name,
"fatal-unittests") == 0) {
1604 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to "
1605 "configure when building");
1608 }
else if (strcmp((long_opts[option_index]).name,
"user") == 0) {
1609 #ifndef HAVE_LIBCAP_NG
1611 " drop privileges, but it was not compiled into Suricata.");
1617 }
else if (strcmp((long_opts[option_index]).name,
"group") == 0) {
1618 #ifndef HAVE_LIBCAP_NG
1620 " drop privileges, but it was not compiled into Suricata.");
1626 }
else if (strcmp((long_opts[option_index]).name,
"erf-in") == 0) {
1632 }
else if (strcmp((long_opts[option_index]).name,
"dag") == 0) {
1638 SCLogError(
"more than one run mode has been specified");
1639 PrintUsage(argv[0]);
1644 SCLogError(
"libdag and a DAG card are required"
1645 " to receive packets using --dag.");
1648 }
else if (strcmp((long_opts[option_index]).name,
"napatech") == 0) {
1649 #ifdef HAVE_NAPATECH
1652 SCLogError(
"libntapi and a Napatech adapter are required"
1653 " to capture packets using --napatech.");
1656 }
else if (strcmp((long_opts[option_index]).name,
"pcap-buffer-size") == 0) {
1657 #ifdef HAVE_PCAP_SET_BUFF
1659 SCLogError(
"failed to set pcap-buffer-size");
1664 " doesn't support setting buffer size.");
1666 }
else if (strcmp((long_opts[option_index]).name,
"build-info") == 0) {
1669 }
else if (strcmp((long_opts[option_index]).name,
"windivert-forward") == 0) {
1673 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1677 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1682 "has been specified");
1683 PrintUsage(argv[0]);
1687 else if(strcmp((long_opts[option_index]).name,
"windivert") == 0) {
1690 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1694 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1699 "has been specified");
1700 PrintUsage(argv[0]);
1704 SCLogError(
"WinDivert not enabled. Make sure to pass --enable-windivert to "
1705 "configure when building.");
1708 }
else if(strcmp((long_opts[option_index]).name,
"reject-dev") == 0) {
1709 #ifdef HAVE_LIBNET11
1711 extern char *g_reject_dev;
1712 extern uint16_t g_reject_dev_mtu;
1713 g_reject_dev = optarg;
1716 g_reject_dev_mtu = (uint16_t)mtu;
1719 SCLogError(
"Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1723 else if (strcmp((long_opts[option_index]).name,
"set") == 0) {
1724 if (optarg != NULL) {
1726 char *val = strchr(optarg,
'=');
1728 FatalError(
"Invalid argument for --set, must be key=val.");
1731 FatalError(
"failed to set configuration value %s", optarg);
1735 else if (strcmp((long_opts[option_index]).name,
"pcap-file-continuous") == 0) {
1736 if (
ConfSetFinal(
"pcap-file.continuous",
"true") != 1) {
1737 SCLogError(
"Failed to set pcap-file.continuous");
1741 else if (strcmp((long_opts[option_index]).name,
"pcap-file-delete") == 0) {
1742 if (
ConfSetFinal(
"pcap-file.delete-when-done",
"true") != 1) {
1743 SCLogError(
"Failed to set pcap-file.delete-when-done");
1747 else if (strcmp((long_opts[option_index]).name,
"pcap-file-recursive") == 0) {
1748 if (
ConfSetFinal(
"pcap-file.recursive",
"true") != 1) {
1749 SCLogError(
"failed to set pcap-file.recursive");
1753 else if (strcmp((long_opts[option_index]).name,
"data-dir") == 0) {
1754 if (optarg == NULL) {
1755 SCLogError(
"no option argument (optarg) for -d");
1765 " supplied at the command-line (-d %s) doesn't "
1766 "exist. Shutting down the engine.",
1771 }
else if (strcmp((long_opts[option_index]).name ,
"strict-rule-keywords") == 0){
1772 if (optarg == NULL) {
1778 FatalError(
"failed to duplicate 'strict' string");
1780 }
else if (strcmp((long_opts[option_index]).name,
"include") == 0) {
1785 "Failed to allocate memory for additional configuration files: %s",
1790 for (
int i = 0;; i++) {
1792 const char **additional_configs =
1794 if (additional_configs == NULL) {
1795 FatalError(
"Failed to allocate memory for additional configuration "
1809 (long_opts[option_index]).name, optarg);
1819 if (
ConfSetFinal(
"engine.init-failure-fatal",
"1") != 1) {
1820 SCLogError(
"failed to set engine init-failure-fatal");
1833 if (optarg == NULL) {
1834 SCLogError(
"no option argument (optarg) for -i");
1837 #ifdef HAVE_AF_PACKET
1838 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1843 #if defined HAVE_PFRING || HAVE_NETMAP
1852 "option%s %s available:"
1854 " PF_RING (--pfring-int=%s)"
1857 " NETMAP (--netmap=%s)"
1859 ". Use --pcap=%s to suppress this warning",
1860 i == 1 ?
"" :
"s", i == 1 ?
"is" :
"are"
1872 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1878 if (optarg == NULL) {
1879 SCLogError(
"no option argument (optarg) for -l");
1889 " supplied at the command-line (-l %s) doesn't "
1890 "exist. Shutting down the engine.",
1894 if (!IsLogDirectoryWritable(optarg)) {
1896 " supplied at the command-line (-l %s) is not "
1897 "writable. Shutting down the engine.",
1916 "has been specified");
1917 PrintUsage(argv[0]);
1921 SCLogError(
"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when "
1938 "has been specified");
1939 PrintUsage(argv[0]);
1943 SCLogError(
"IPFW not enabled. Make sure to pass --enable-ipfw to configure when "
1954 "has been specified");
1955 PrintUsage(argv[0]);
1960 SCLogError(
"pcap file '%s': %s", optarg, strerror(errno));
1964 SCLogError(
"ERROR: Failed to set pcap-file.file\n");
1971 SCLogError(
"can't have multiple -s options or mix -s and -S.");
1978 SCLogError(
"can't have multiple -S options or mix -s and -S.");
1991 PrintUsage(argv[0]);
1995 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to configure "
2012 if (optarg == NULL) {
2013 SCLogError(
"no option argument (optarg) for -F");
2017 SetBpfStringFromFile(optarg);
2023 if (optarg == NULL) {
2024 SCLogError(
"no option argument (optarg) for -k");
2027 if (!strcmp(
"all", optarg))
2029 else if (!strcmp(
"none", optarg))
2032 SCLogError(
"option '%s' invalid for -k", optarg);
2037 PrintUsage(argv[0]);
2043 SCLogError(
"can't use -s/-S when detection is disabled");
2050 if (list_app_layer_protocols)
2068 ret = SetBpfString(optind, argv);
2076 static int WindowsInitService(
int argc,
char **argv)
2078 if (SCRunningAsService()) {
2079 char path[MAX_PATH];
2081 strlcpy(path, argv[0], MAX_PATH);
2082 if ((p = strrchr(path,
'\\'))) {
2085 if (!SetCurrentDirectory(path)) {
2086 SCLogError(
"Can't set current directory to: %s", path);
2089 SCLogInfo(
"Current directory is set to: %s", path);
2090 SCServiceInit(argc, argv);
2095 if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
2096 SCLogError(
"Can't initialize Windows sockets: %d", WSAGetLastError());
2107 const char *pid_filename;
2109 if (
ConfGet(
"pid-file", &pid_filename) == 1) {
2110 SCLogInfo(
"Use pid file %s from config file.", pid_filename);
2117 SCLogError(
"strdup failed: %s", strerror(errno));
2136 SCLogError(
"Unable to create PID file, concurrent run of"
2137 " Suricata can occur.");
2138 SCLogError(
"PID file creation WILL be mandatory for daemon mode"
2139 " in future version");
2154 if (
ConfGet(
"run-as.user", &
id) == 1) {
2158 if (
ConfGet(
"run-as.group", &
id) == 1) {
2176 static int InitSignalHandler(
SCInstance *suri)
2179 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2184 if (
ConfGetBool(
"logging.stacktrace-on-signal", &enabled) == 0) {
2189 SCLogInfo(
"Preparing unexpected signal handling");
2190 struct sigaction stacktrace_action;
2191 memset(&stacktrace_action, 0,
sizeof(stacktrace_action));
2192 stacktrace_action.sa_sigaction = SignalHandlerUnexpected;
2193 stacktrace_action.sa_flags = SA_SIGINFO;
2194 sigaction(SIGSEGV, &stacktrace_action, NULL);
2195 sigaction(SIGABRT, &stacktrace_action, NULL);
2219 #ifdef PROFILE_RULES
2227 #ifdef PROFILE_RULES
2277 SCPrintElapsedTime(start_time);
2311 static int StartInternalRunMode(
SCInstance *suri,
int argc,
char **argv)
2330 PrintUsage(argv[0]);
2340 case RUNMODE_INSTALL_SERVICE:
2341 if (SCServiceInstall(argc, argv)) {
2344 SCLogInfo(
"Suricata service has been successfully installed.");
2346 case RUNMODE_REMOVE_SERVICE:
2347 if (SCServiceRemove(argc, argv)) {
2350 SCLogInfo(
"Suricata service has been successfully removed.");
2352 case RUNMODE_CHANGE_SERVICE_PARAMS:
2353 if (SCServiceChangeParams(argc, argv)) {
2356 SCLogInfo(
"Suricata service startup parameters has been successfully changed.");
2366 static int FinalizeRunMode(
SCInstance *suri,
char **argv)
2370 PrintUsage(argv[0]);
2385 static void SetupDelayedDetect(
SCInstance *suri)
2394 if (decnf != NULL) {
2396 if (strcmp(denode->
val,
"delayed-detect") == 0) {
2406 SCLogInfo(
"Packets will start being processed before signatures are active.");
2422 static int ConfigGetCaptureValue(
SCInstance *suri)
2426 intmax_t tmp_max_pending_packets;
2427 if (
ConfGetInt(
"max-pending-packets", &tmp_max_pending_packets) != 1)
2429 if (tmp_max_pending_packets < 1 || tmp_max_pending_packets >= UINT16_MAX) {
2430 SCLogError(
"Maximum max-pending-packets setting is 65534 and must be greater than 0. "
2431 "Please check %s for errors",
2442 const char *temp_default_packet_size;
2443 if ((
ConfGet(
"default-packet-size", &temp_default_packet_size)) != 1) {
2446 int strip_trailing_plus = 0;
2451 const int mtu = GetGlobalMTUWin32();
2465 strip_trailing_plus = 1;
2472 for (lthread = 0; lthread < nlive; lthread++) {
2475 (void)
strlcpy(dev, live_dev,
sizeof(dev));
2477 if (strip_trailing_plus) {
2478 size_t len = strlen(dev);
2480 (dev[
len-1] ==
'+' ||
2481 dev[
len-1] ==
'^' ||
2500 SCLogError(
"Error parsing max-pending-packets "
2501 "from conf file - %s. Killing engine",
2502 temp_default_packet_size);
2512 static void PostRunStartedDetectSetup(
const SCInstance *suri)
2526 SCLogNotice(
"Signature(s) loaded, Detect thread(s) activated.");
2538 SetupDelayedDetect(suri);
2540 (void)
ConfGetBool(
"multi-detect.enabled", &mt_enabled);
2541 int default_tenant = 0;
2543 (void)
ConfGetBool(
"multi-detect.default", &default_tenant);
2546 "detection engine contexts failed.");
2556 FatalError(
"initializing detection engine failed.");
2570 static void PostConfLoadedSetupHostMode(
void)
2572 const char *hostmode = NULL;
2574 if (
ConfGet(
"host-mode", &hostmode) == 1) {
2575 if (!strcmp(hostmode,
"router")) {
2577 }
else if (!strcmp(hostmode,
"sniffer-only")) {
2580 if (strcmp(hostmode,
"auto") != 0) {
2592 SCLogInfo(
"No 'host-mode': suricata is in IPS mode, using "
2593 "default setting 'router'");
2596 SCLogInfo(
"No 'host-mode': suricata is in IDS mode, using "
2597 "default setting 'sniffer-only'");
2605 if (suri->
system ==
false) {
2609 FatalError(
"could not set USER mode logdir");
2615 FatalError(
"could not set USER mode datadir");
2629 if (LuajitSetupStatesPool() != 0) {
2638 int disable_offloading;
2639 if (
ConfGetBool(
"capture.disable-offloading", &disable_offloading) == 0)
2640 disable_offloading = 1;
2641 if (disable_offloading) {
2648 const char *cv = NULL;
2649 if (
ConfGet(
"capture.checksum-validation", &cv) == 1) {
2650 if (strcmp(cv,
"none") == 0) {
2652 }
else if (strcmp(cv,
"all") == 0) {
2659 ConfSet(
"stream.checksum-validation",
"0");
2662 ConfSet(
"stream.checksum-validation",
"1");
2671 #ifdef HAVE_PACKET_EBPF
2673 EBPFRegisterExtension();
2691 SCLogInfo(
"Setting engine mode to IDS mode by default");
2701 const char *custom_umask;
2702 if (
ConfGet(
"umask", &custom_umask) == 1) {
2704 if (
StringParseUint16(&mask, 8, (uint16_t)strlen(custom_umask), custom_umask) > 0) {
2705 umask((mode_t)mask);
2723 SCLogInfo(
"== Carrying out Engine Analysis ==");
2724 const char *temp = NULL;
2725 if (
ConfGet(
"engine-analysis", &temp) == 0) {
2726 SCLogInfo(
"no engine-analysis parameter(s) defined in conf file. "
2727 "Please define/enable them in the conf to use this "
2746 "basic address vars test failed. Please check %s for errors", suri->
conf_filename);
2774 "supplied by %s (default-log-dir) doesn't exist. "
2775 "Shutting down the engine",
2779 if (!IsLogDirectoryWritable(suri->
log_dir)) {
2781 "supplied by %s (default-log-dir) is not writable. "
2782 "Shutting down the engine",
2800 PostConfLoadedSetupHostMode();
2807 static void SuricataMainLoop(
SCInstance *suri)
2868 return EXIT_FAILURE;
2888 SCInstanceInit(&
suricata, argv[0]);
2896 if (WindowsInitService(argc, argv) != 0) {
2909 switch (StartInternalRunMode(&
suricata, argc, argv)) {
2930 if (
ConfGetBool(
"vlan.use-for-tracking", &tracking) == 1 && !tracking) {
2934 SCLogDebug(
"vlan tracking is %s", tracking == 1 ?
"enabled" :
"disabled");
2935 if (
ConfGetBool(
"livedev.use-for-tracking", &tracking) == 1 && !tracking) {
2951 SCLogInfo(
"Running suricata under test mode");
2978 SCLogNotice(
"Configuration provided was successfully loaded. Exiting.");
3002 int limit_nproc = 0;
3003 if (
ConfGetBool(
"security.limit-noproc", &limit_nproc) == 0) {
3007 #if defined(SC_ADDRESS_SANITIZER)
3010 "\"security.limit-noproc\" (setrlimit()) not set when using address sanitizer");
3016 #if defined(HAVE_SYS_RESOURCE_H)
3019 SCLogWarning(
"setrlimit has no effet when running as root.");
3022 struct rlimit r = { 0, 0 };
3023 if (setrlimit(RLIMIT_NPROC, &r) != 0) {
3024 SCLogWarning(
"setrlimit failed to prevent process creation.");
3045 PostRunStartedDetectSetup(&
suricata);
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
void TmModuleUnixManagerRegister(void)
void StatsReleaseResources(void)
Releases the resources allotted by the Stats API.
uint16_t max_pending_packets
@ SURI_HOST_IS_SNIFFER_ONLY
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
int ExceptionSimulationCommandLineParser(const char *name, const char *arg)
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
void IPPairInitConfig(bool quiet)
initialize the configuration
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
int LiveDeviceListClean(void)
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
void RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
struct timeval start_time
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
void TmThreadContinueThreads(void)
Unpauses all threads present in tv_root.
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
enum DetectEngineType type
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
@ RUNMODE_PRINT_BUILDINFO
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
void LiveDevRegisterExtension(void)
void AppLayerHtpPrintStats(void)
void StatsSetupPostConfigPreOutput(void)
char * runmode_custom_mode
struct HtpBodyChunk_ * next
void TmModuleReceiveNFQRegister(void)
int LiveBuildDeviceList(const char *runmode)
void RunModeShutDown(void)
void SCProtoNameInit(void)
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
volatile sig_atomic_t sigint_count
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
void SCProfilingRulesGlobalInit(void)
void TmModuleRunDeInit(void)
void RegisterFlowBypassInfo(void)
#define SCSetThreadName(n)
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
main detection engine ctx
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
void DetectEngineReloadSetIdle(void)
DetectEngineCtx * DetectEngineGetCurrent(void)
int EngineModeIsUnknown(void)
void VarNameStoreInit(void)
void TmModuleFlowRecyclerRegister(void)
void Daemonize(void)
Daemonize the process.
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
#define TAILQ_FOREACH(var, head, field)
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
void TmModuleDecodeWinDivertRegister(void)
void FlowForceReassembly(void)
Force reassembly for all the flows that have unprocessed segments.
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
void TmModuleStatsLoggerRegister(void)
int ConfYamlHandleInclude(ConfNode *parent, const char *filename)
Include a file in the configuration.
void RegisterAllModules(void)
int DetectEngineMultiTenantSetup(const bool unix_socket)
setup multi-detect / multi-tenancy
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
void ConfDump(void)
Dump configuration to stdout.
const SuricataContext suricata_context
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
void SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
void PreRunInit(const int runmode)
void MacSetRegisterFlowStorage(void)
const char * conf_filename
int GetIfaceMTU(const char *dev)
output the link MTU
void GlobalsInitPreConfig(void)
void TmModuleReceiveNetmapRegister(void)
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
void NFQInitConfig(bool quiet)
To initialize the NFQ global configuration data.
void TmModuleReceiveWinDivertRegister(void)
void TmModuleReceivePfringRegister(void)
Registration Function for ReceivePfring.
void SCProfilingDestroy(void)
Free resources used by profiling.
bool IsRunModeOffline(enum RunModes run_mode_to_check)
void AFPPeersListClean(void)
Clean the global peers list.
void RunModeInitializeOutputs(void)
int DetectPortTestConfVars(void)
void SCThresholdConfGlobalInit(void)
void DecodeUnregisterCounters(void)
const char * capture_plugin_name
void HostBitInitCtx(void)
const char * capture_plugin_args
void TmModuleLoggerRegister(void)
void TmThreadDisablePacketThreads(void)
Disable all packet threads.
void PacketPoolInit(void)
int AppLayerDeSetup(void)
De initializes the app layer.
size_t strlcpy(char *dst, const char *src, size_t siz)
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
void TmModuleDecodePcapFileRegister(void)
void TmModuleBypassedFlowManagerRegister(void)
void IPPairShutdown(void)
shutdown the flow engine
void DetectParseFreeRegexes(void)
void TmModuleDecodeNFLOGRegister(void)
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
ConfNode * ConfGetRootNode(void)
Get the root configuration node.
void FlowInitConfig(bool quiet)
initialize the configuration
int AppLayerSetup(void)
Setup the app layer.
void FeatureTrackingRegister(void)
void TmModuleReceiveDPDKRegister(void)
void UnixManagerThreadSpawnNonRunmode(const bool unix_socket_enabled)
void RunModeInitializeThreadSettings(void)
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
bool IsRunModeSystem(enum RunModes run_mode_to_check)
int GetIfaceMaxPacketSize(LiveDevice *ld)
output max packet size for a link
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
void PreRunPostPrivsDropInit(const int runmode)
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
volatile sig_atomic_t sigterm_count
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
void TmModuleVerdictNFQRegister(void)
int ConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
void RunModeListRunmodes(void)
Lists all registered runmodes.
size_t strlcat(char *, const char *src, size_t siz)
@ RUNMODE_LIST_APP_LAYERS
void LiveSetOffloadDisable(void)
void StatsSetupPostConfigPostOutput(void)
void EngineModeSetIDS(void)
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
LiveDevice * LiveGetDevice(const char *name)
Get a pointer to the device at idx.
void UnixSocketKillSocketThread(void)
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
void HttpRangeContainersInit(void)
struct timeval last_reload
void TmModuleVerdictWinDivertRegister(void)
void HostCleanup(void)
Cleanup the host engine.
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
int SuricataMain(int argc, char **argv)
int UtilSignalUnblock(int signum)
int DetectEngineEnabled(void)
Check if detection is enabled.
void TmThreadClearThreadsFamily(int family)
void TmModuleRunInit(void)
void EngineModeSetIPS(void)
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
int UtilSignalBlock(int signum)
void SCProfilingPrefilterGlobalInit(void)
#define SCLogWarning(...)
Macro used to log WARNING messages.
int PostConfLoadedSetup(SCInstance *suri)
const char * GetProgramVersion(void)
get string with program version
void TmModuleReceivePcapFileRegister(void)
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
int ListAppLayerProtocols(const char *conf_filename)
void DatasetsDestroy(void)
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
void TmThreadKillThreads(void)
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
void PostConfLoadedDetectSetup(SCInstance *suri)
int EngineModeIsIDS(void)
void TmModuleNapatechDecodeRegister(void)
Register the Napatech decoder module.
TmModule tmm_modules[TMM_SIZE]
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
int StorageFinalize(void)
void VarNameStoreDestroy(void)
void TmModuleFlowWorkerRegister(void)
enum RunModes aux_run_mode
const char ** additional_configs
#define DEFAULT_PID_FILENAME
volatile sig_atomic_t sighup_count
TmEcode ConfigSetDataDirectory(char *name)
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
#define SCDropMainThreadCaps(...)
void TmModuleDebugList(void)
void TmModuleDecodeNFQRegister(void)
void SCProtoNameRelease(void)
int RunmodeIsUnittests(void)
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void TmModuleReceiveNFLOGRegister(void)
#define DEFAULT_PACKET_SIZE
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
#define SCRealloc(ptr, sz)
void TmModuleDecodeAFXDPRegister(void)
Registration Function for DecodeAFXDP.
uint32_t default_packet_size
void SigTableApplyStrictCommandLineOption(const char *str)
@ DETECT_ENGINE_TYPE_NORMAL
void TmThreadKillThreadsFamily(int family)
void FeatureTrackingRelease(void)
void TmqhCleanup(void)
Clean up registration time allocs.
void StreamTcpFreeConfig(bool quiet)
void DecodeGlobalConfig(void)
char * strict_rule_parsing_string
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
const char * LiveGetDeviceName(int number)
Get a pointer to the device name at idx.
void FlowShutdown(void)
shutdown the flow engine
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
void DetectEngineBumpVersion(void)
void TmModuleFlowManagerRegister(void)
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
void HostShutdown(void)
shutdown the flow engine
#define SCFstatFn(fd, statbuf)
void TmModuleDecodePfringRegister(void)
Registration Function for DecodePfring.
void LiveSetOffloadWarn(void)
void ParseSizeDeinit(void)
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
int ConfGetChildValueBool(const ConfNode *base, const char *name, int *val)
void SCProfilingDump(void)
void TmModuleReceiveAFXDPRegister(void)
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
void FrameConfigInit(void)
int ParseSizeStringU32(const char *size, uint32_t *res)
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
void IPPairBitInitCtx(void)
int RunmodeGetCurrent(void)
TmEcode ConfigSetLogDirectory(const char *name)
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
int ConfUnixSocketIsEnable(void)
int ConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
void ConfInit(void)
Initialize the configuration system.
const char * ConfigGetLogDirectory(void)
volatile sig_atomic_t sigusr2_count
void SystemHugepageSnapshotDestroy(SystemHugepageSnapshot *s)
@ RUNMODE_ENGINE_ANALYSIS
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
TmEcode ConfigCheckDataDirectory(const char *data_dir)
#define SCLogError(...)
Macro used to log ERROR messages.
int DetectEngineReloadStart(void)
#define DEFAULT_CONF_FILE
#define SC_LOG_MAX_LOG_MSG_LEN
void AppLayerParserPostStreamSetup(void)
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
void SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
void TmModuleRespondRejectRegister(void)
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
void RunUnittests(int list_unittests, const char *regex_arg)
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
void PacketAlertTagInit(void)
DetectEngineCtx * DetectEngineCtxInit(void)
int EngineModeIsIPS(void)
void TmModuleNapatechStreamRegister(void)
Register the Napatech receiver (reader) module.
void SCProfilingKeywordsGlobalInit(void)
void EngineDone(void)
Used to indicate that the current task is done.
const char * GetDocURL(void)
int profiling_rules_enabled
void PostRunDeinit(const int runmode, struct timeval *start_time)
void HostInitConfig(bool quiet)
initialize the configuration
TmEcode TmThreadWaitOnThreadRunning(void)
Waits for all threads to be in a running state.
void ConfDeInit(void)
De-initializes the configuration system.
void HttpRangeContainersDestroy(void)
int ConfSet(const char *name, const char *val)
Set a configuration value.
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
#define DEFAULT_MAX_PENDING_PACKETS
void DetectEngineClearMaster(void)
void SetMasterExceptionPolicy(void)
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
void OutputFilestoreRegisterGlobalCounters(void)
int InitGlobal(void)
Global initialization common to all runmodes.
int LiveGetDeviceCount(void)
Get the number of registered devices.
SystemHugepageSnapshot * SystemHugepageSnapshotCreate(void)
The function creates a snapshot of the system's hugepage usage per NUMA node and per hugepage size....
void SCProfilingSghsGlobalInit(void)
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
#define SCStatFn(pathname, statbuf)
void LiveDeviceFinalize(void)
void TmModuleDecodeDPDKRegister(void)
Registration Function for DecodeDPDK.
void PacketPoolDestroy(void)
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
void LandlockSandboxing(SCInstance *suri)
int ListKeywords(const char *keyword_info)
#define SCLogNotice(...)
Macro used to log NOTICE messages.
void DPDKCleanupEAL(void)
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
void NFQContextsClean(void)
Clean global contexts. Must be called on exit.
void SystemHugepageEvaluateHugepages(SystemHugepageSnapshot *pre_s, SystemHugepageSnapshot *post_s)
The function compares two hugepage snapshots and prints out recommendations for hugepage configuratio...
#define DEBUG_VALIDATE_BUG_ON(exp)
void SCProfilingInit(void)
Initialize profiling.
int DetectEngineReloadIsStart(void)
volatile uint8_t suricata_ctl_flags
void TagDestroyCtx(void)
Destroy tag context hash tables.
int DetectAddressTestConfVars(void)
void MpmHSGlobalCleanup(void)
void TmqResetQueues(void)