suricata
suricata.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 
26 #if HAVE_GETOPT_H
27 #include <getopt.h>
28 #endif
29 
30 #if HAVE_SIGNAL_H
31 #include <signal.h>
32 #endif
33 #ifndef OS_WIN32
34 #ifdef HAVE_SYS_RESOURCE_H
35 // setrlimit
36 #include <sys/resource.h>
37 #endif
38 #endif
39 
40 #if HAVE_LIBSYSTEMD
41 #include <systemd/sd-daemon.h>
42 #endif
43 
44 #include "suricata.h"
45 
46 #include "conf.h"
47 #include "conf-yaml-loader.h"
48 
49 #include "decode.h"
50 #include "defrag.h"
51 #include "flow.h"
52 #include "stream-tcp.h"
53 #include "ippair.h"
54 
55 #include "detect.h"
56 #include "detect-parse.h"
57 #include "detect-engine.h"
58 #include "detect-engine-address.h"
59 #include "detect-engine-alert.h"
60 #include "detect-engine-port.h"
61 #include "detect-engine-tag.h"
62 #include "detect-engine-threshold.h"
63 #include "detect-fast-pattern.h"
64 
65 #include "datasets.h"
66 
67 #include "feature.h"
68 
69 #include "flow-bypass.h"
70 #include "flow-manager.h"
71 #include "flow-timeout.h"
72 #include "flow-worker.h"
73 
74 #include "flow-bit.h"
75 #include "host-bit.h"
76 #include "ippair-bit.h"
77 
78 #include "app-layer.h"
79 #include "app-layer-parser.h"
80 #include "app-layer-htp.h"
81 #include "app-layer-htp-range.h"
82 
83 #include "output.h"
84 #include "output-filestore.h"
85 
86 #include "respond-reject.h"
87 
88 #include "runmode-af-packet.h"
89 #include "runmode-af-xdp.h"
90 #include "runmode-netmap.h"
91 #include "runmode-unittests.h"
92 
93 #include "source-nfq.h"
94 #include "source-nfq-prototypes.h"
95 #include "source-nflog.h"
96 #include "source-ipfw.h"
97 #include "source-pcap.h"
98 #include "source-pcap-file.h"
99 #include "source-pcap-file-helper.h"
100 #include "source-pfring.h"
101 #include "source-erf-file.h"
102 #include "source-erf-dag.h"
103 #include "source-napatech.h"
104 #include "source-af-packet.h"
105 #include "source-af-xdp.h"
106 #include "source-netmap.h"
107 #include "source-dpdk.h"
108 #include "source-windivert.h"
109 #include "source-windivert-prototypes.h"
110 
111 #include "unix-manager.h"
112 
113 #include "util-classification-config.h"
114 #include "util-threshold-config.h"
115 #include "util-reference-config.h"
116 
117 #include "tmqh-packetpool.h"
118 #include "tm-queuehandlers.h"
119 
120 #include "util-byte.h"
121 #include "util-conf.h"
122 #include "util-coredump-config.h"
123 #include "util-cpu.h"
124 #include "util-daemon.h"
125 #include "util-device.h"
126 #include "util-dpdk.h"
127 #include "util-ebpf.h"
128 #include "util-exception-policy.h"
129 #include "util-host-os-info.h"
130 #include "util-ioctl.h"
131 #include "util-landlock.h"
132 #include "util-luajit.h"
133 #include "util-macset.h"
134 #include "util-misc.h"
135 #include "util-mpm-hs.h"
136 #include "util-pidfile.h"
137 #include "util-plugin.h"
138 #include "util-privs.h"
139 #include "util-profiling.h"
140 #include "util-proto-name.h"
141 #include "util-running-modes.h"
142 #include "util-signal.h"
143 #include "util-time.h"
144 #include "util-validate.h"
145 
146 #ifdef WINDIVERT
147 #include "decode-sll.h"
148 #include "win32-syscall.h"
149 #endif
150 
151 /*
152  * we put this here, because we only use it here in main.
153  */
154 volatile sig_atomic_t sigint_count = 0;
155 volatile sig_atomic_t sighup_count = 0;
156 volatile sig_atomic_t sigterm_count = 0;
157 volatile sig_atomic_t sigusr2_count = 0;
158 
159 /*
160  * Flag to indicate if the engine is at the initialization
161  * or already processing packets. 3 stages: SURICATA_INIT,
162  * SURICATA_RUNTIME and SURICATA_FINALIZE
163  */
164 SC_ATOMIC_DECLARE(unsigned int, engine_stage);
165 
166 /* Max packets processed simultaneously per thread. */
167 #define DEFAULT_MAX_PENDING_PACKETS 1024
168 
169 /** suricata engine control flags */
170 volatile uint8_t suricata_ctl_flags = 0;
171 
172 /** Run mode selected */
173 int run_mode = RUNMODE_UNKNOWN;
174 
175 /** Engine mode: inline (ENGINE_MODE_IPS) or just
176  * detection mode (ENGINE_MODE_IDS by default) */
177 static enum EngineMode g_engine_mode = ENGINE_MODE_UNKNOWN;
178 
179 /** Host mode: set if box is sniffing only
180  * or is a router */
181 uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY;
182 
183 /** Maximum packets to simultaneously process. */
184 uint16_t max_pending_packets;
185 
186 /** global indicating if detection is enabled */
187 int g_detect_disabled = 0;
188 
189 /** set caps or not */
190 int sc_set_caps = FALSE;
191 
192 bool g_system = false;
193 
194 /** disable randomness to get reproducible results across runs */
195 #ifndef AFLFUZZ_NO_RANDOM
196 int g_disable_randomness = 0;
197 #else
198 int g_disable_randomness = 1;
199 #endif
200 
201 /** determine (without branching) if we include the vlan_ids when hashing or
202  * comparing flows */
203 uint16_t g_vlan_mask = 0xffff;
204 
205 /* flag to disable hashing almost globally, to be similar to disabling nss
206  * support */
207 bool g_disable_hashing = false;
208 
209 /** Suricata instance */
210 SCInstance suricata;
211 
212 int SuriHasSigFile(void)
213 {
214  return (suricata.sig_file != NULL);
215 }
216 
217 int EngineModeIsUnknown(void)
218 {
219  return (g_engine_mode == ENGINE_MODE_UNKNOWN);
220 }
221 
222 int EngineModeIsIPS(void)
223 {
224  DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
225  return (g_engine_mode == ENGINE_MODE_IPS);
226 }
227 
228 int EngineModeIsIDS(void)
229 {
230  DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
231  return (g_engine_mode == ENGINE_MODE_IDS);
232 }
233 
234 void EngineModeSetIPS(void)
235 {
236  g_engine_mode = ENGINE_MODE_IPS;
237 }
238 
239 void EngineModeSetIDS(void)
240 {
241  g_engine_mode = ENGINE_MODE_IDS;
242 }
243 
244 #ifdef UNITTESTS
245 int RunmodeIsUnittests(void)
246 {
247  if (run_mode == RUNMODE_UNITTEST)
248  return 1;
249 
250  return 0;
251 }
252 #endif
253 
254 int RunmodeGetCurrent(void)
255 {
256  return run_mode;
257 }
258 
259 /** signal handlers
260  *
261  * WARNING: don't use the SCLog* API in the handlers. The API is complex
262  * with memory allocation possibly happening, calls to syslog, json message
263  * construction, etc.
264  */
265 
266 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
267 static void SignalHandlerSigint(/*@unused@*/ int sig)
268 {
269  sigint_count = 1;
270 }
271 static void SignalHandlerSigterm(/*@unused@*/ int sig)
272 {
273  sigterm_count = 1;
274 }
275 #ifndef OS_WIN32
276 #if HAVE_LIBUNWIND
277 #define UNW_LOCAL_ONLY
278 #include <libunwind.h>
279 static void SignalHandlerUnexpected(int sig_num, siginfo_t *info, void *context)
280 {
281  char msg[SC_LOG_MAX_LOG_MSG_LEN];
282  unw_cursor_t cursor;
283  /* Restore defaults for signals to avoid loops */
284  signal(SIGABRT, SIG_DFL);
285  signal(SIGSEGV, SIG_DFL);
286  int r;
287  if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
288  SCLogError("unable to obtain stack trace: unw_init_local: %s", unw_strerror(r));
289  goto terminate;
290  }
291 
292  char *temp = msg;
293  int cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "stacktrace:sig %d:", sig_num);
294  temp += cw;
295  r = 1;
296  while (r > 0) {
297  if (unw_is_signal_frame(&cursor) == 0) {
298  unw_word_t off;
299  char name[256];
300  if (unw_get_proc_name(&cursor, name, sizeof(name), &off) == UNW_ENOMEM) {
301  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "[unknown]:");
302  } else {
303  cw = snprintf(
304  temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "%s+0x%08" PRIx64, name, off);
305  }
306  temp += cw;
307  }
308 
309  r = unw_step(&cursor);
310  if (r > 0) {
311  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), ";");
312  temp += cw;
313  }
314  }
315  SCLogError("%s", msg);
316 
317 terminate:
318  // Propagate signal to watchers, if any
319  kill(getpid(), sig_num);
320 }
321 #undef UNW_LOCAL_ONLY
322 #endif /* HAVE_LIBUNWIND */
323 #endif /* !OS_WIN32 */
324 #endif
325 
326 #ifndef OS_WIN32
327 /**
328  * SIGUSR2 handler. Just set sigusr2_count. The main loop will act on
329  * it.
330  */
331 static void SignalHandlerSigusr2(int sig)
332 {
333  if (sigusr2_count < 2)
334  sigusr2_count++;
335 }
336 
337 /**
338  * SIGHUP handler. Just set sighup_count. The main loop will act on
339  * it.
340  */
341 static void SignalHandlerSigHup(/*@unused@*/ int sig)
342 {
343  sighup_count = 1;
344 }
345 #endif
346 
347 void GlobalsInitPreConfig(void)
348 {
349  TimeInit();
350  SupportFastPatternForSigMatchTypes();
351  SCThresholdConfGlobalInit();
352  SCProtoNameInit();
353  FrameConfigInit();
354 }
355 
356 static void GlobalsDestroy(SCInstance *suri)
357 {
358  HostShutdown();
359  HTPFreeConfig();
360  HTPAtExitPrintStats();
361 
362  AppLayerHtpPrintStats();
363 
364  /* TODO this can do into it's own func */
365  DetectEngineCtx *de_ctx = DetectEngineGetCurrent();
366  if (de_ctx) {
367  DetectEngineMoveToFreeList(de_ctx);
368  DetectEngineDeReference(&de_ctx);
369  }
370  DetectEnginePruneFreeList();
371 
372  AppLayerDeSetup();
373  DatasetsSave();
374  DatasetsDestroy();
375  TagDestroyCtx();
376 
377  LiveDeviceListClean();
378  OutputDeregisterAll();
379  FeatureTrackingRelease();
380  SCProtoNameRelease();
381  TimeDeinit();
382  if (!suri->disabled_detect) {
383  SCReferenceConfDeinit();
384  SCClassConfDeinit();
385  }
386  TmqhCleanup();
387  TmModuleRunDeInit();
388  ParseSizeDeinit();
389 
390 #ifdef HAVE_DPDK
391  DPDKCleanupEAL();
392 #endif
393 
394 #ifdef HAVE_AF_PACKET
395  AFPPeersListClean();
396 #endif
397 
398 #ifdef NFQ
399  NFQContextsClean();
400 #endif
401 
402 #ifdef BUILD_HYPERSCAN
403  MpmHSGlobalCleanup();
404 #endif
405 
406  ConfDeInit();
407 #ifdef HAVE_LUAJIT
408  LuajitFreeStatesPool();
409 #endif
410  SCLogDeInitLogModule();
411  DetectParseFreeRegexes();
412  SCThresholdConfGlobalFree();
413 
414  SCPidfileRemove(suri->pid_filename);
415  SCFree(suri->pid_filename);
416  suri->pid_filename = NULL;
417 }
418 
419 /**
420  * \brief Used to send OS specific notification of running threads
421  *
422  * \retval TmEcode TM_ECODE_OK on success; TM_ECODE_FAILED on failure.
423  */
424 static void OnNotifyRunning(void)
425 {
426 #if HAVE_LIBSYSTEMD
427  if (sd_notify(0, "READY=1") < 0) {
428  SCLogWarning("failed to notify systemd");
429  /* Please refer to:
430  * https://www.freedesktop.org/software/systemd/man/sd_notify.html#Return%20Value
431  * for discussion on why failure should not be considered an error */
432  }
433 #endif
434 }
435 
436 /** \brief make sure threads can stop the engine by calling this
437  * function. Purpose: pcap file mode needs to be able to tell the
438  * engine the file eof is reached. */
439 void EngineStop(void)
440 {
441  suricata_ctl_flags |= SURICATA_STOP;
442 }
443 
444 /**
445  * \brief Used to indicate that the current task is done.
446  *
447  * This is mainly used by pcap-file to tell it has finished
448  * to treat a pcap files when running in unix-socket mode.
449  */
450 void EngineDone(void)
451 {
452  suricata_ctl_flags |= SURICATA_DONE;
453 }
454 
455 static int SetBpfString(int argc, char *argv[])
456 {
457  char *bpf_filter = NULL;
458  uint32_t bpf_len = 0;
459  int tmpindex = 0;
460 
461  /* attempt to parse remaining args as bpf filter */
462  tmpindex = argc;
463  while(argv[tmpindex] != NULL) {
464  bpf_len+=strlen(argv[tmpindex]) + 1;
465  tmpindex++;
466  }
467 
468  if (bpf_len == 0)
469  return TM_ECODE_OK;
470 
471  bpf_filter = SCMalloc(bpf_len);
472  if (unlikely(bpf_filter == NULL))
473  return TM_ECODE_FAILED;
474  memset(bpf_filter, 0x00, bpf_len);
475 
476  tmpindex = optind;
477  while(argv[tmpindex] != NULL) {
478  strlcat(bpf_filter, argv[tmpindex],bpf_len);
479  if(argv[tmpindex + 1] != NULL) {
480  strlcat(bpf_filter," ", bpf_len);
481  }
482  tmpindex++;
483  }
484 
485  if(strlen(bpf_filter) > 0) {
486  if (ConfSetFinal("bpf-filter", bpf_filter) != 1) {
487  SCLogError("Failed to set bpf filter.");
488  SCFree(bpf_filter);
489  return TM_ECODE_FAILED;
490  }
491  }
492  SCFree(bpf_filter);
493 
494  return TM_ECODE_OK;
495 }
496 
497 static void SetBpfStringFromFile(char *filename)
498 {
499  char *bpf_filter = NULL;
500  char *bpf_comment_tmp = NULL;
501  char *bpf_comment_start = NULL;
502  uint32_t bpf_len = 0;
503 #ifdef OS_WIN32
504  struct _stat st;
505 #else
506  struct stat st;
507 #endif /* OS_WIN32 */
508  FILE *fp = NULL;
509  size_t nm = 0;
510 
511  fp = fopen(filename, "r");
512  if (fp == NULL) {
513  SCLogError("Failed to open file %s", filename);
514  exit(EXIT_FAILURE);
515  }
516 
517 #ifdef OS_WIN32
518  if (_fstat(_fileno(fp), &st) != 0) {
519 #else
520  if (fstat(fileno(fp), &st) != 0) {
521 #endif /* OS_WIN32 */
522  SCLogError("Failed to stat file %s", filename);
523  exit(EXIT_FAILURE);
524  }
525  bpf_len = st.st_size + 1;
526 
527  bpf_filter = SCMalloc(bpf_len);
528  if (unlikely(bpf_filter == NULL)) {
529  SCLogError("Failed to allocate buffer for bpf filter in file %s", filename);
530  exit(EXIT_FAILURE);
531  }
532  memset(bpf_filter, 0x00, bpf_len);
533 
534  nm = fread(bpf_filter, 1, bpf_len - 1, fp);
535  if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
536  SCLogError("Failed to read complete BPF file %s", filename);
537  SCFree(bpf_filter);
538  fclose(fp);
539  exit(EXIT_FAILURE);
540  }
541  fclose(fp);
542  bpf_filter[nm] = '\0';
543 
544  if(strlen(bpf_filter) > 0) {
545  /*replace comments with space*/
546  bpf_comment_start = bpf_filter;
547  while((bpf_comment_tmp = strchr(bpf_comment_start, '#')) != NULL) {
548  while((*bpf_comment_tmp !='\0') &&
549  (*bpf_comment_tmp != '\r') && (*bpf_comment_tmp != '\n'))
550  {
551  *bpf_comment_tmp++ = ' ';
552  }
553  bpf_comment_start = bpf_comment_tmp;
554  }
555  /*remove remaining '\r' and '\n' */
556  while((bpf_comment_tmp = strchr(bpf_filter, '\r')) != NULL) {
557  *bpf_comment_tmp = ' ';
558  }
559  while((bpf_comment_tmp = strchr(bpf_filter, '\n')) != NULL) {
560  *bpf_comment_tmp = ' ';
561  }
562  /* cut trailing spaces */
563  while (strlen(bpf_filter) > 0 &&
564  bpf_filter[strlen(bpf_filter)-1] == ' ')
565  {
566  bpf_filter[strlen(bpf_filter)-1] = '\0';
567  }
568  if (strlen(bpf_filter) > 0) {
569  if (ConfSetFinal("bpf-filter", bpf_filter) != 1) {
570  SCFree(bpf_filter);
571  FatalError("failed to set bpf filter");
572  }
573  }
574  }
575  SCFree(bpf_filter);
576 }
577 
578 static void PrintUsage(const char *progname)
579 {
580 #ifdef REVISION
581  printf("%s %s (%s)\n", PROG_NAME, PROG_VER, xstr(REVISION));
582 #else
583  printf("%s %s\n", PROG_NAME, PROG_VER);
584 #endif
585  printf("USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
586  printf("\t-c <path> : path to configuration file\n");
587  printf("\t-T : test configuration file (use with -c)\n");
588  printf("\t-i <dev or ip> : run in pcap live mode\n");
589  printf("\t-F <bpf filter file> : bpf filter file\n");
590  printf("\t-r <path> : run in pcap file/offline mode\n");
591 #ifdef NFQ
592  printf("\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
593 #endif /* NFQ */
594 #ifdef IPFW
595  printf("\t-d <divert port> : run in inline ipfw divert mode\n");
596 #endif /* IPFW */
597  printf("\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
598  printf("\t-S <path> : path to signature file loaded exclusively (optional)\n");
599  printf("\t-l <dir> : default log directory\n");
600 #ifndef OS_WIN32
601  printf("\t-D : run as daemon\n");
602 #else
603  printf("\t--service-install : install as service\n");
604  printf("\t--service-remove : remove service\n");
605  printf("\t--service-change-params : change service startup parameters\n");
606 #endif /* OS_WIN32 */
607  printf("\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
608  printf("\t-V : display Suricata version\n");
609  printf("\t-v : be more verbose (use multiple times to increase verbosity)\n");
610 #ifdef UNITTESTS
611  printf("\t-u : run the unittests and exit\n");
612  printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
613  printf("\t--list-unittests : list unit tests\n");
614  printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
615  printf("\t--unittests-coverage : display unittest coverage report\n");
616 #endif /* UNITTESTS */
617  printf("\t--list-app-layer-protos : list supported app layer protocols\n");
618  printf("\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
619  printf("\t--list-runmodes : list supported runmodes\n");
620  printf("\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
621  "\t supplied should be the id for the runmode obtained by running\n"
622  "\t --list-runmodes\n");
623  printf("\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
624  "\t Please have a look at the conf parameter engine-analysis on what reports\n"
625  "\t can be printed\n");
626  printf("\t--pidfile <file> : write pid to this file\n");
627  printf("\t--init-errors-fatal : enable fatal failure on signature init error\n");
628  printf("\t--disable-detection : disable detection engine\n");
629  printf("\t--dump-config : show the running configuration\n");
630  printf("\t--dump-features : display provided features\n");
631  printf("\t--build-info : display build information\n");
632  printf("\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
633  printf("\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
634  printf("\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
635  printf("\t--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)\n");
636 #ifdef HAVE_PCAP_SET_BUFF
637  printf("\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
638 #endif /* HAVE_SET_PCAP_BUFF */
639 #ifdef HAVE_DPDK
640  printf("\t--dpdk : run in dpdk mode, uses interfaces from "
641  "suricata.yaml\n");
642 #endif
643 #ifdef HAVE_AF_PACKET
644  printf("\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
645 #endif
646 #ifdef HAVE_AF_XDP
647  printf("\t--af-xdp[=<dev>] : run in af-xdp mode, no value select "
648  "interfaces from suricata.yaml\n");
649 #endif
650 #ifdef HAVE_NETMAP
651  printf("\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
652 #endif
653 #ifdef HAVE_PFRING
654  printf("\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
655  printf("\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
656  printf("\t--pfring-cluster-id <id> : pfring cluster id \n");
657  printf("\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
658 #endif /* HAVE_PFRING */
659  printf("\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
660 #ifdef HAVE_LIBCAP_NG
661  printf("\t--user <user> : run suricata as this user after init\n");
662  printf("\t--group <group> : run suricata as this group after init\n");
663 #endif /* HAVE_LIBCAP_NG */
664  printf("\t--erf-in <path> : process an ERF file\n");
665 #ifdef HAVE_DAG
666  printf("\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
667 #endif
668 #ifdef HAVE_NAPATECH
669  printf("\t--napatech : run Napatech Streams using the API\n");
670 #endif
671 #ifdef BUILD_UNIX_SOCKET
672  printf("\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
673 #endif
674 #ifdef WINDIVERT
675  printf("\t--windivert <filter> : run in inline WinDivert mode\n");
676  printf("\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
677 #endif
678 #ifdef HAVE_LIBNET11
679  printf("\t--reject-dev <dev> : send reject packets from this interface\n");
680 #endif
681  printf("\t--include <path> : additional configuration file\n");
682  printf("\t--set name=value : set a configuration value\n");
683  printf("\n");
684  printf("\nTo run the engine with default configuration on "
685  "interface eth0 with signature file \"signatures.rules\", run the "
686  "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
687  progname);
688 }
689 
690 static void PrintBuildInfo(void)
691 {
692  const char *bits;
693  const char *endian;
694  char features[2048] = "";
695  const char *tls;
696 
697  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
698 #ifdef DEBUG
699  strlcat(features, "DEBUG ", sizeof(features));
700 #endif
701 #ifdef DEBUG_VALIDATION
702  strlcat(features, "DEBUG_VALIDATION ", sizeof(features));
703 #endif
704 #ifdef UNITTESTS
705  strlcat(features, "UNITTESTS ", sizeof(features));
706 #endif
707 #ifdef NFQ
708  strlcat(features, "NFQ ", sizeof(features));
709 #endif
710 #ifdef IPFW
711  strlcat(features, "IPFW ", sizeof(features));
712 #endif
713 #ifdef HAVE_PCAP_SET_BUFF
714  strlcat(features, "PCAP_SET_BUFF ", sizeof(features));
715 #endif
716 #ifdef HAVE_PFRING
717  strlcat(features, "PF_RING ", sizeof(features));
718 #endif
719 #ifdef HAVE_AF_PACKET
720  strlcat(features, "AF_PACKET ", sizeof(features));
721 #endif
722 #ifdef HAVE_NETMAP
723  strlcat(features, "NETMAP ", sizeof(features));
724 #endif
725 #ifdef HAVE_PACKET_FANOUT
726  strlcat(features, "HAVE_PACKET_FANOUT ", sizeof(features));
727 #endif
728 #ifdef HAVE_DAG
729  strlcat(features, "DAG ", sizeof(features));
730 #endif
731 #ifdef HAVE_LIBCAP_NG
732  strlcat(features, "LIBCAP_NG ", sizeof(features));
733 #endif
734 #ifdef HAVE_LIBNET11
735  strlcat(features, "LIBNET1.1 ", sizeof(features));
736 #endif
737 #ifdef HAVE_HTP_URI_NORMALIZE_HOOK
738  strlcat(features, "HAVE_HTP_URI_NORMALIZE_HOOK ", sizeof(features));
739 #endif
740 #ifdef PCRE2_HAVE_JIT
741  strlcat(features, "PCRE_JIT ", sizeof(features));
742 #endif
743  /* For compatibility, just say we have HAVE_NSS. */
744  strlcat(features, "HAVE_NSS ", sizeof(features));
745  /* HTTP2_DECOMPRESSION is not an optional feature in this major version */
746  strlcat(features, "HTTP2_DECOMPRESSION ", sizeof(features));
747 #ifdef HAVE_LUA
748  strlcat(features, "HAVE_LUA ", sizeof(features));
749 #endif
750 #ifdef HAVE_LUAJIT
751  strlcat(features, "HAVE_LUAJIT ", sizeof(features));
752 #endif
753  strlcat(features, "HAVE_LIBJANSSON ", sizeof(features));
754 #ifdef PROFILING
755  strlcat(features, "PROFILING ", sizeof(features));
756 #endif
757 #ifdef PROFILE_LOCKING
758  strlcat(features, "PROFILE_LOCKING ", sizeof(features));
759 #endif
760 #if defined(TLS_C11) || defined(TLS_GNU)
761  strlcat(features, "TLS ", sizeof(features));
762 #endif
763 #if defined(TLS_C11)
764  strlcat(features, "TLS_C11 ", sizeof(features));
765 #elif defined(TLS_GNU)
766  strlcat(features, "TLS_GNU ", sizeof(features));
767 #endif
768 #ifdef HAVE_MAGIC
769  strlcat(features, "MAGIC ", sizeof(features));
770 #endif
771  strlcat(features, "RUST ", sizeof(features));
772 #if defined(SC_ADDRESS_SANITIZER)
773  strlcat(features, "ASAN ", sizeof(features));
774 #endif
775  if (strlen(features) == 0) {
776  strlcat(features, "none", sizeof(features));
777  }
778 
779  printf("Features: %s\n", features);
780 
781  /* SIMD stuff */
782  memset(features, 0x00, sizeof(features));
783 #if defined(__SSE4_2__)
784  strlcat(features, "SSE_4_2 ", sizeof(features));
785 #endif
786 #if defined(__SSE4_1__)
787  strlcat(features, "SSE_4_1 ", sizeof(features));
788 #endif
789 #if defined(__SSE3__)
790  strlcat(features, "SSE_3 ", sizeof(features));
791 #endif
792  if (strlen(features) == 0) {
793  strlcat(features, "none", sizeof(features));
794  }
795  printf("SIMD support: %s\n", features);
796 
797  /* atomics stuff */
798  memset(features, 0x00, sizeof(features));
799 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
800  strlcat(features, "1 ", sizeof(features));
801 #endif
802 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
803  strlcat(features, "2 ", sizeof(features));
804 #endif
805 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
806  strlcat(features, "4 ", sizeof(features));
807 #endif
808 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
809  strlcat(features, "8 ", sizeof(features));
810 #endif
811 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
812  strlcat(features, "16 ", sizeof(features));
813 #endif
814  if (strlen(features) == 0) {
815  strlcat(features, "none", sizeof(features));
816  } else {
817  strlcat(features, "byte(s)", sizeof(features));
818  }
819  printf("Atomic intrinsics: %s\n", features);
820 
821 #if __WORDSIZE == 64
822  bits = "64-bits";
823 #elif __WORDSIZE == 32
824  bits = "32-bits";
825 #else
826  bits = "<unknown>-bits";
827 #endif
828 
829 #if __BYTE_ORDER == __BIG_ENDIAN
830  endian = "Big-endian";
831 #elif __BYTE_ORDER == __LITTLE_ENDIAN
832  endian = "Little-endian";
833 #else
834  endian = "<unknown>-endian";
835 #endif
836 
837  printf("%s, %s architecture\n", bits, endian);
838 #ifdef __GNUC__
839  printf("GCC version %s, C version %"PRIiMAX"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
840 #else
841  printf("C version %"PRIiMAX"\n", (intmax_t)__STDC_VERSION__);
842 #endif
843 
844 #if __SSP__ == 1
845  printf("compiled with -fstack-protector\n");
846 #endif
847 #if __SSP_ALL__ == 2
848  printf("compiled with -fstack-protector-all\n");
849 #endif
850 /*
851  * Workaround for special defines of _FORTIFY_SOURCE like
852  * FORTIFY_SOURCE=((defined __OPTIMIZE && OPTIMIZE > 0) ? 2 : 0)
853  * which is used by Gentoo for example and would result in the error
854  * 'defined' undeclared when _FORTIFY_SOURCE used via %d in printf func
855  *
856  */
857 #if _FORTIFY_SOURCE == 2
858  printf("compiled with _FORTIFY_SOURCE=2\n");
859 #elif _FORTIFY_SOURCE == 1
860  printf("compiled with _FORTIFY_SOURCE=1\n");
861 #elif _FORTIFY_SOURCE == 0
862  printf("compiled with _FORTIFY_SOURCE=0\n");
863 #endif
864 #ifdef CLS
865  printf("L1 cache line size (CLS)=%d\n", CLS);
866 #endif
867 #if defined(TLS_C11)
868  tls = "_Thread_local";
869 #elif defined(TLS_GNU)
870  tls = "__thread";
871 #else
872 #error "Unsupported thread local"
873 #endif
874  printf("thread local storage method: %s\n", tls);
875 
876  printf("compiled with %s, linked against %s\n",
877  HTP_VERSION_STRING_FULL, htp_get_version());
878  printf("\n");
879 #include "build-info.h"
880 }
881 
882 int coverage_unittests;
883 int g_ut_modules;
884 int g_ut_covered;
885 
886 void RegisterAllModules(void)
887 {
888  // zero all module storage
889  memset(tmm_modules, 0, TMM_SIZE * sizeof(TmModule));
890 
891  /* commanders */
892  TmModuleUnixManagerRegister();
893  /* managers */
894  TmModuleFlowManagerRegister();
895  TmModuleFlowRecyclerRegister();
896  TmModuleBypassedFlowManagerRegister();
897  /* nfq */
898  TmModuleReceiveNFQRegister();
899  TmModuleVerdictNFQRegister();
900  TmModuleDecodeNFQRegister();
901  /* ipfw */
902  TmModuleReceiveIPFWRegister();
903  TmModuleVerdictIPFWRegister();
904  TmModuleDecodeIPFWRegister();
905  /* pcap live */
906  TmModuleReceivePcapRegister();
907  TmModuleDecodePcapRegister();
908  /* pcap file */
909  TmModuleReceivePcapFileRegister();
910  TmModuleDecodePcapFileRegister();
911  /* af-packet */
912  TmModuleReceiveAFPRegister();
913  TmModuleDecodeAFPRegister();
914  /* af-xdp */
915  TmModuleReceiveAFXDPRegister();
916  TmModuleDecodeAFXDPRegister();
917  /* netmap */
918  TmModuleReceiveNetmapRegister();
919  TmModuleDecodeNetmapRegister();
920  /* pfring */
921  TmModuleReceivePfringRegister();
922  TmModuleDecodePfringRegister();
923  /* dag file */
924  TmModuleReceiveErfFileRegister();
925  TmModuleDecodeErfFileRegister();
926  /* dag live */
927  TmModuleReceiveErfDagRegister();
928  TmModuleDecodeErfDagRegister();
929  /* napatech */
930  TmModuleNapatechStreamRegister();
931  TmModuleNapatechDecodeRegister();
932 
933  /* flow worker */
934  TmModuleFlowWorkerRegister();
935  /* respond-reject */
936  TmModuleRespondRejectRegister();
937 
938  /* log api */
939  TmModuleLoggerRegister();
940  TmModuleStatsLoggerRegister();
941 
942  TmModuleDebugList();
943  /* nflog */
944  TmModuleReceiveNFLOGRegister();
945  TmModuleDecodeNFLOGRegister();
946 
947  /* windivert */
948  TmModuleReceiveWinDivertRegister();
949  TmModuleVerdictWinDivertRegister();
950  TmModuleDecodeWinDivertRegister();
951 
952  /* Dpdk */
953  TmModuleReceiveDPDKRegister();
954  TmModuleDecodeDPDKRegister();
955 }
956 
957 static TmEcode LoadYamlConfig(SCInstance *suri)
958 {
959  SCEnter();
960 
961  if (suri->conf_filename == NULL)
962  suri->conf_filename = DEFAULT_CONF_FILE;
963 
964  if (ConfYamlLoadFile(suri->conf_filename) != 0) {
965  /* Error already displayed. */
966  SCReturnInt(TM_ECODE_FAILED);
967  }
968 
969  if (suri->additional_configs) {
970  for (int i = 0; suri->additional_configs[i] != NULL; i++) {
971  SCLogConfig("Loading additional configuration file %s", suri->additional_configs[i]);
972  ConfYamlHandleInclude(ConfGetRootNode(), suri->additional_configs[i]);
973  }
974  }
975 
976  SCReturnInt(TM_ECODE_OK);
977 }
978 
979 static TmEcode ParseInterfacesList(const int runmode, char *pcap_dev)
980 {
981  SCEnter();
982 
983  /* run the selected runmode */
984  if (runmode == RUNMODE_PCAP_DEV) {
985  if (strlen(pcap_dev) == 0) {
986  int ret = LiveBuildDeviceList("pcap");
987  if (ret == 0) {
988  SCLogError("No interface found in config for pcap");
989  SCReturnInt(TM_ECODE_FAILED);
990  }
991  }
992  } else if (runmode == RUNMODE_PFRING) {
993  /* FIXME add backward compat support */
994  /* iface has been set on command line */
995  if (strlen(pcap_dev)) {
996  if (ConfSetFinal("pfring.live-interface", pcap_dev) != 1) {
997  SCLogError("Failed to set pfring.live-interface");
998  SCReturnInt(TM_ECODE_FAILED);
999  }
1000  } else {
1001  /* not an error condition if we have a 1.0 config */
1002  LiveBuildDeviceList("pfring");
1003  }
1004 #ifdef HAVE_DPDK
1005  } else if (runmode == RUNMODE_DPDK) {
1006  char iface_selector[] = "dpdk.interfaces";
1007  int ret = LiveBuildDeviceList(iface_selector);
1008  if (ret == 0) {
1009  SCLogError("No interface found in config for %s", iface_selector);
1010  SCReturnInt(TM_ECODE_FAILED);
1011  }
1012 #endif
1013 #ifdef HAVE_AF_PACKET
1014  } else if (runmode == RUNMODE_AFP_DEV) {
1015  /* iface has been set on command line */
1016  if (strlen(pcap_dev)) {
1017  if (ConfSetFinal("af-packet.live-interface", pcap_dev) != 1) {
1018  SCLogError("Failed to set af-packet.live-interface");
1019  SCReturnInt(TM_ECODE_FAILED);
1020  }
1021  } else {
1022  int ret = LiveBuildDeviceList("af-packet");
1023  if (ret == 0) {
1024  SCLogError("No interface found in config for af-packet");
1025  SCReturnInt(TM_ECODE_FAILED);
1026  }
1027  }
1028 #endif
1029 #ifdef HAVE_AF_XDP
1030  } else if (runmode == RUNMODE_AFXDP_DEV) {
1031  /* iface has been set on command line */
1032  if (strlen(pcap_dev)) {
1033  if (ConfSetFinal("af-xdp.live-interface", pcap_dev) != 1) {
1034  SCLogError("Failed to set af-xdp.live-interface");
1035  SCReturnInt(TM_ECODE_FAILED);
1036  }
1037  } else {
1038  int ret = LiveBuildDeviceList("af-xdp");
1039  if (ret == 0) {
1040  SCLogError("No interface found in config for af-xdp");
1041  SCReturnInt(TM_ECODE_FAILED);
1042  }
1043  }
1044 #endif
1045 #ifdef HAVE_NETMAP
1046  } else if (runmode == RUNMODE_NETMAP) {
1047  /* iface has been set on command line */
1048  if (strlen(pcap_dev)) {
1049  if (ConfSetFinal("netmap.live-interface", pcap_dev) != 1) {
1050  SCLogError("Failed to set netmap.live-interface");
1051  SCReturnInt(TM_ECODE_FAILED);
1052  }
1053  } else {
1054  int ret = LiveBuildDeviceList("netmap");
1055  if (ret == 0) {
1056  SCLogError("No interface found in config for netmap");
1057  SCReturnInt(TM_ECODE_FAILED);
1058  }
1059  }
1060 #endif
1061 #ifdef HAVE_NFLOG
1062  } else if (runmode == RUNMODE_NFLOG) {
1063  int ret = LiveBuildDeviceListCustom("nflog", "group");
1064  if (ret == 0) {
1065  SCLogError("No group found in config for nflog");
1066  SCReturnInt(TM_ECODE_FAILED);
1067  }
1068 #endif
1069  }
1070 
1071  SCReturnInt(TM_ECODE_OK);
1072 }
1073 
1074 static void SCInstanceInit(SCInstance *suri, const char *progname)
1075 {
1076  memset(suri, 0x00, sizeof(*suri));
1077 
1078  suri->progname = progname;
1079  suri->run_mode = RUNMODE_UNKNOWN;
1080 
1081  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1082  suri->sig_file = NULL;
1083  suri->sig_file_exclusive = FALSE;
1084  suri->pid_filename = NULL;
1085  suri->regex_arg = NULL;
1086 
1087  suri->keyword_info = NULL;
1088  suri->runmode_custom_mode = NULL;
1089 #ifndef OS_WIN32
1090  suri->user_name = NULL;
1091  suri->group_name = NULL;
1092  suri->do_setuid = FALSE;
1093  suri->do_setgid = FALSE;
1094 #endif /* OS_WIN32 */
1095  suri->userid = 0;
1096  suri->groupid = 0;
1097  suri->delayed_detect = 0;
1098  suri->daemon = 0;
1099  suri->offline = 0;
1100  suri->verbose = 0;
1101  /* use -1 as unknown */
1102  suri->checksum_validation = -1;
1103 #if HAVE_DETECT_DISABLED==1
1104  g_detect_disabled = suri->disabled_detect = 1;
1105 #else
1106  g_detect_disabled = suri->disabled_detect = 0;
1107 #endif
1108 }
1109 
1110 const char *GetDocURL(void)
1111 {
1112  const char *prog_ver = GetProgramVersion();
1113  if (strstr(prog_ver, "RELEASE") != NULL) {
1114  return DOC_URL "suricata-" PROG_VER;
1115  }
1116  return DOC_URL "latest";
1117 }
1118 
1119 /** \brief get string with program version
1120  *
1121  * Get the program version as passed to us from AC_INIT
1122  *
1123  * Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed
1124  * to us.
1125  *
1126  * Possible outputs:
1127  * release: '5.0.1 RELEASE'
1128  * dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)'
1129  * dev w/o rev: '5.0.1-dev'
1130  */
1131 const char *GetProgramVersion(void)
1132 {
1133  if (strstr(PROG_VER, "-dev") == NULL) {
1134  return PROG_VER " RELEASE";
1135  } else {
1136 #ifdef REVISION
1137  return PROG_VER " (" xstr(REVISION) ")";
1138 #else
1139  return PROG_VER;
1140 #endif
1141  }
1142 }
1143 
1144 static TmEcode PrintVersion(void)
1145 {
1146  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
1147  return TM_ECODE_OK;
1148 }
1149 
1150 static TmEcode LogVersion(SCInstance *suri)
1151 {
1152  const char *mode = suri->system ? "SYSTEM" : "USER";
1153  SCLogNotice("This is %s version %s running in %s mode",
1154  PROG_NAME, GetProgramVersion(), mode);
1155  return TM_ECODE_OK;
1156 }
1157 
1158 static void SCSetStartTime(SCInstance *suri)
1159 {
1160  memset(&suri->start_time, 0, sizeof(suri->start_time));
1161  gettimeofday(&suri->start_time, NULL);
1162 }
1163 
1164 static void SCPrintElapsedTime(struct timeval *start_time)
1165 {
1166  if (start_time == NULL)
1167  return;
1168  struct timeval end_time;
1169  memset(&end_time, 0, sizeof(end_time));
1170  gettimeofday(&end_time, NULL);
1171  uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1172  (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1173  SCLogInfo("time elapsed %.3fs", (float)milliseconds/(float)1000);
1174 }
1175 
1176 static int ParseCommandLineAfpacket(SCInstance *suri, const char *in_arg)
1177 {
1178 #ifdef HAVE_AF_PACKET
1179  if (suri->run_mode == RUNMODE_UNKNOWN) {
1180  suri->run_mode = RUNMODE_AFP_DEV;
1181  if (in_arg) {
1182  LiveRegisterDeviceName(in_arg);
1183  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1184  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1185  }
1186  } else if (suri->run_mode == RUNMODE_AFP_DEV) {
1187  if (in_arg) {
1188  LiveRegisterDeviceName(in_arg);
1189  } else {
1190  SCLogInfo("Multiple af-packet option without interface on each is useless");
1191  }
1192  } else {
1193  SCLogError("more than one run mode "
1194  "has been specified");
1195  PrintUsage(suri->progname);
1196  return TM_ECODE_FAILED;
1197  }
1198  return TM_ECODE_OK;
1199 #else
1200  SCLogError("AF_PACKET not enabled. On Linux "
1201  "host, make sure to pass --enable-af-packet to "
1202  "configure when building.");
1203  return TM_ECODE_FAILED;
1204 #endif
1205 }
1206 
1207 static int ParseCommandLineAfxdp(SCInstance *suri, const char *in_arg)
1208 {
1209 #ifdef HAVE_AF_XDP
1210  if (suri->run_mode == RUNMODE_UNKNOWN) {
1211  suri->run_mode = RUNMODE_AFXDP_DEV;
1212  if (in_arg) {
1213  LiveRegisterDeviceName(in_arg);
1214  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1215  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1216  }
1217  } else if (suri->run_mode == RUNMODE_AFXDP_DEV) {
1218  if (in_arg) {
1219  LiveRegisterDeviceName(in_arg);
1220  } else {
1221  SCLogInfo("Multiple af-xdp options without interface on each is useless");
1222  }
1223  } else {
1224  SCLogError("more than one run mode "
1225  "has been specified");
1226  PrintUsage(suri->progname);
1227  return TM_ECODE_FAILED;
1228  }
1229  return TM_ECODE_OK;
1230 #else
1231  SCLogError("AF_XDP not enabled. On Linux "
1232  "host, make sure correct libraries are installed,"
1233  " see documentation for information.");
1234  return TM_ECODE_FAILED;
1235 #endif
1236 }
1237 
1238 static int ParseCommandLineDpdk(SCInstance *suri, const char *in_arg)
1239 {
1240 #ifdef HAVE_DPDK
1241  if (suri->run_mode == RUNMODE_UNKNOWN) {
1242  suri->run_mode = RUNMODE_DPDK;
1243  } else if (suri->run_mode == RUNMODE_DPDK) {
1244  SCLogInfo("Multiple dpdk options have no effect on Suricata");
1245  } else {
1246  SCLogError("more than one run mode "
1247  "has been specified");
1248  PrintUsage(suri->progname);
1249  return TM_ECODE_FAILED;
1250  }
1251  return TM_ECODE_OK;
1252 #else
1253  SCLogError("DPDK not enabled. On Linux "
1254  "host, make sure to pass --enable-dpdk to "
1255  "configure when building.");
1256  return TM_ECODE_FAILED;
1257 #endif
1258 }
1259 
1260 static int ParseCommandLinePcapLive(SCInstance *suri, const char *in_arg)
1261 {
1262 #if defined(OS_WIN32) && !defined(HAVE_LIBWPCAP)
1263  /* If running on Windows without Npcap, bail early as live capture is not supported. */
1264  FatalError("Live capture not available. To support live capture compile against Npcap.");
1265 #endif
1266  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1267 
1268  if (in_arg != NULL) {
1269  /* some windows shells require escaping of the \ in \Device. Otherwise
1270  * the backslashes are stripped. We put them back here. */
1271  if (strlen(in_arg) > 9 && strncmp(in_arg, "DeviceNPF", 9) == 0) {
1272  snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", in_arg+9);
1273  } else {
1274  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1275  PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev));
1276  }
1277 
1278  if (strcmp(suri->pcap_dev, in_arg) != 0) {
1279  SCLogInfo("translated %s to pcap device %s", in_arg, suri->pcap_dev);
1280  } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) {
1281  SCLogError("failed to find a pcap device for IP %s", in_arg);
1282  return TM_ECODE_FAILED;
1283  }
1284  }
1285 
1286  if (suri->run_mode == RUNMODE_UNKNOWN) {
1287  suri->run_mode = RUNMODE_PCAP_DEV;
1288  if (in_arg) {
1289  LiveRegisterDeviceName(suri->pcap_dev);
1290  }
1291  } else if (suri->run_mode == RUNMODE_PCAP_DEV) {
1292  LiveRegisterDeviceName(suri->pcap_dev);
1293  } else {
1294  SCLogError("more than one run mode "
1295  "has been specified");
1296  PrintUsage(suri->progname);
1297  return TM_ECODE_FAILED;
1298  }
1299  return TM_ECODE_OK;
1300 }
1301 
1302 /**
1303  * Helper function to check if log directory is writable
1304  */
1305 static bool IsLogDirectoryWritable(const char* str)
1306 {
1307  if (access(str, W_OK) == 0)
1308  return true;
1309  return false;
1310 }
1311 
1312 static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
1313 {
1314  int opt;
1315 
1316  int dump_config = 0;
1317  int dump_features = 0;
1318  int list_app_layer_protocols = 0;
1319  int list_unittests = 0;
1320  int list_runmodes = 0;
1321  int list_keywords = 0;
1322  int build_info = 0;
1323  int conf_test = 0;
1324  int engine_analysis = 0;
1325  int ret = TM_ECODE_OK;
1326 
1327 #ifdef UNITTESTS
1328  coverage_unittests = 0;
1329  g_ut_modules = 0;
1330  g_ut_covered = 0;
1331 #endif
1332 
1333  // clang-format off
1334  struct option long_opts[] = {
1335  {"dump-config", 0, &dump_config, 1},
1336  {"dump-features", 0, &dump_features, 1},
1337  {"pfring", optional_argument, 0, 0},
1338  {"pfring-int", required_argument, 0, 0},
1339  {"pfring-cluster-id", required_argument, 0, 0},
1340  {"pfring-cluster-type", required_argument, 0, 0},
1341 #ifdef HAVE_DPDK
1342  {"dpdk", 0, 0, 0},
1343 #endif
1344  {"af-packet", optional_argument, 0, 0},
1345  {"af-xdp", optional_argument, 0, 0},
1346  {"netmap", optional_argument, 0, 0},
1347  {"pcap", optional_argument, 0, 0},
1348  {"pcap-file-continuous", 0, 0, 0},
1349  {"pcap-file-delete", 0, 0, 0},
1350  {"pcap-file-recursive", 0, 0, 0},
1351  {"simulate-ips", 0, 0 , 0},
1352  {"no-random", 0, &g_disable_randomness, 1},
1353  {"strict-rule-keywords", optional_argument, 0, 0},
1354 
1355  {"capture-plugin", required_argument, 0, 0},
1356  {"capture-plugin-args", required_argument, 0, 0},
1357 
1358 #ifdef BUILD_UNIX_SOCKET
1359  {"unix-socket", optional_argument, 0, 0},
1360 #endif
1361  {"pcap-buffer-size", required_argument, 0, 0},
1362  {"unittest-filter", required_argument, 0, 'U'},
1363  {"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1364  {"list-unittests", 0, &list_unittests, 1},
1365  {"list-runmodes", 0, &list_runmodes, 1},
1366  {"list-keywords", optional_argument, &list_keywords, 1},
1367  {"runmode", required_argument, NULL, 0},
1368  {"engine-analysis", 0, &engine_analysis, 1},
1369 #ifdef OS_WIN32
1370  {"service-install", 0, 0, 0},
1371  {"service-remove", 0, 0, 0},
1372  {"service-change-params", 0, 0, 0},
1373 #endif /* OS_WIN32 */
1374  {"pidfile", required_argument, 0, 0},
1375  {"init-errors-fatal", 0, 0, 0},
1376  {"disable-detection", 0, 0, 0},
1377  {"disable-hashing", 0, 0, 0},
1378  {"fatal-unittests", 0, 0, 0},
1379  {"unittests-coverage", 0, &coverage_unittests, 1},
1380  {"user", required_argument, 0, 0},
1381  {"group", required_argument, 0, 0},
1382  {"erf-in", required_argument, 0, 0},
1383  {"dag", required_argument, 0, 0},
1384  {"napatech", 0, 0, 0},
1385  {"build-info", 0, &build_info, 1},
1386  {"data-dir", required_argument, 0, 0},
1387 #ifdef WINDIVERT
1388  {"windivert", required_argument, 0, 0},
1389  {"windivert-forward", required_argument, 0, 0},
1390 #endif
1391 #ifdef HAVE_LIBNET11
1392  {"reject-dev", required_argument, 0, 0},
1393 #endif
1394  {"set", required_argument, 0, 0},
1395 #ifdef HAVE_NFLOG
1396  {"nflog", optional_argument, 0, 0},
1397 #endif
1398  {"simulate-packet-flow-memcap", required_argument, 0, 0},
1399  {"simulate-applayer-error-at-offset-ts", required_argument, 0, 0},
1400  {"simulate-applayer-error-at-offset-tc", required_argument, 0, 0},
1401  {"simulate-packet-loss", required_argument, 0, 0},
1402  {"simulate-packet-tcp-reassembly-memcap", required_argument, 0, 0},
1403  {"simulate-packet-tcp-ssn-memcap", required_argument, 0, 0},
1404  {"simulate-packet-defrag-memcap", required_argument, 0, 0},
1405  {"simulate-alert-queue-realloc-failure", 0, 0, 0},
1406  {"include", required_argument, 0, 0},
1407 
1408  {NULL, 0, NULL, 0}
1409  };
1410  // clang-format on
1411 
1412  /* getopt_long stores the option index here. */
1413  int option_index = 0;
1414 
1415  char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1416 
1417  while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1418  switch (opt) {
1419  case 0:
1420  if (strcmp((long_opts[option_index]).name , "pfring") == 0 ||
1421  strcmp((long_opts[option_index]).name , "pfring-int") == 0) {
1422 #ifdef HAVE_PFRING
1423  suri->run_mode = RUNMODE_PFRING;
1424  if (optarg != NULL) {
1425  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1426  strlcpy(suri->pcap_dev, optarg,
1427  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1428  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1429  LiveRegisterDeviceName(optarg);
1430  }
1431 #else
1432  SCLogError("PF_RING not enabled. Make sure "
1433  "to pass --enable-pfring to configure when building.");
1434  return TM_ECODE_FAILED;
1435 #endif /* HAVE_PFRING */
1436  }
1437  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-id") == 0){
1438 #ifdef HAVE_PFRING
1439  if (ConfSetFinal("pfring.cluster-id", optarg) != 1) {
1440  SCLogError("failed to set pfring.cluster-id");
1441  return TM_ECODE_FAILED;
1442  }
1443 #else
1444  SCLogError("PF_RING not enabled. Make sure "
1445  "to pass --enable-pfring to configure when building.");
1446  return TM_ECODE_FAILED;
1447 #endif /* HAVE_PFRING */
1448  }
1449  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-type") == 0){
1450 #ifdef HAVE_PFRING
1451  if (ConfSetFinal("pfring.cluster-type", optarg) != 1) {
1452  SCLogError("failed to set pfring.cluster-type");
1453  return TM_ECODE_FAILED;
1454  }
1455 #else
1456  SCLogError("PF_RING not enabled. Make sure "
1457  "to pass --enable-pfring to configure when building.");
1458  return TM_ECODE_FAILED;
1459 #endif /* HAVE_PFRING */
1460  }
1461  else if (strcmp((long_opts[option_index]).name , "capture-plugin") == 0){
1462  suri->run_mode = RUNMODE_PLUGIN;
1463  suri->capture_plugin_name = optarg;
1464  }
1465  else if (strcmp((long_opts[option_index]).name , "capture-plugin-args") == 0){
1466  suri->capture_plugin_args = optarg;
1467  } else if (strcmp((long_opts[option_index]).name, "dpdk") == 0) {
1468  if (ParseCommandLineDpdk(suri, optarg) != TM_ECODE_OK) {
1469  return TM_ECODE_FAILED;
1470  }
1471  } else if (strcmp((long_opts[option_index]).name, "af-packet") == 0) {
1472  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1473  return TM_ECODE_FAILED;
1474  }
1475  } else if (strcmp((long_opts[option_index]).name, "af-xdp") == 0) {
1476  if (ParseCommandLineAfxdp(suri, optarg) != TM_ECODE_OK) {
1477  return TM_ECODE_FAILED;
1478  }
1479  } else if (strcmp((long_opts[option_index]).name, "netmap") == 0) {
1480 #ifdef HAVE_NETMAP
1481  if (suri->run_mode == RUNMODE_UNKNOWN) {
1482  suri->run_mode = RUNMODE_NETMAP;
1483  if (optarg) {
1484  LiveRegisterDeviceName(optarg);
1485  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1486  strlcpy(suri->pcap_dev, optarg,
1487  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1488  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1489  }
1490  } else if (suri->run_mode == RUNMODE_NETMAP) {
1491  if (optarg) {
1492  LiveRegisterDeviceName(optarg);
1493  } else {
1494  SCLogInfo("Multiple netmap option without interface on each is useless");
1495  break;
1496  }
1497  } else {
1498  SCLogError("more than one run mode "
1499  "has been specified");
1500  PrintUsage(argv[0]);
1501  return TM_ECODE_FAILED;
1502  }
1503 #else
1504  SCLogError("NETMAP not enabled.");
1505  return TM_ECODE_FAILED;
1506 #endif
1507  } else if (strcmp((long_opts[option_index]).name, "nflog") == 0) {
1508 #ifdef HAVE_NFLOG
1509  if (suri->run_mode == RUNMODE_UNKNOWN) {
1510  suri->run_mode = RUNMODE_NFLOG;
1511  LiveBuildDeviceListCustom("nflog", "group");
1512  }
1513 #else
1514  SCLogError("NFLOG not enabled.");
1515  return TM_ECODE_FAILED;
1516 #endif /* HAVE_NFLOG */
1517  } else if (strcmp((long_opts[option_index]).name, "pcap") == 0) {
1518  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1519  return TM_ECODE_FAILED;
1520  }
1521  } else if (strcmp((long_opts[option_index]).name, "simulate-ips") == 0) {
1522  SCLogInfo("Setting IPS mode");
1523  EngineModeSetIPS();
1524  } else if (strcmp((long_opts[option_index]).name, "init-errors-fatal") == 0) {
1525  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1526  SCLogError("failed to set engine init-failure-fatal");
1527  return TM_ECODE_FAILED;
1528  }
1529 #ifdef BUILD_UNIX_SOCKET
1530  } else if (strcmp((long_opts[option_index]).name , "unix-socket") == 0) {
1531  if (suri->run_mode == RUNMODE_UNKNOWN) {
1532  suri->run_mode = RUNMODE_UNIX_SOCKET;
1533  if (optarg) {
1534  if (ConfSetFinal("unix-command.filename", optarg) != 1) {
1535  SCLogError("failed to set unix-command.filename");
1536  return TM_ECODE_FAILED;
1537  }
1538 
1539  }
1540  } else {
1541  SCLogError("more than one run mode "
1542  "has been specified");
1543  PrintUsage(argv[0]);
1544  return TM_ECODE_FAILED;
1545  }
1546 #endif
1547  }
1548  else if(strcmp((long_opts[option_index]).name, "list-app-layer-protocols") == 0) {
1549  /* listing all supported app layer protocols */
1550  }
1551  else if(strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
1552 #ifdef UNITTESTS
1553  suri->run_mode = RUNMODE_LIST_UNITTEST;
1554 #else
1555  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to "
1556  "configure when building");
1557  return TM_ECODE_FAILED;
1558 #endif /* UNITTESTS */
1559  } else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
1560  suri->run_mode = RUNMODE_LIST_RUNMODES;
1561  return TM_ECODE_OK;
1562  } else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
1563  if (optarg) {
1564  if (strcmp("short",optarg)) {
1565  suri->keyword_info = optarg;
1566  }
1567  }
1568  } else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
1569  suri->runmode_custom_mode = optarg;
1570  } else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
1571  // do nothing for now
1572  }
1573 #ifdef OS_WIN32
1574  else if(strcmp((long_opts[option_index]).name, "service-install") == 0) {
1575  suri->run_mode = RUNMODE_INSTALL_SERVICE;
1576  return TM_ECODE_OK;
1577  }
1578  else if(strcmp((long_opts[option_index]).name, "service-remove") == 0) {
1579  suri->run_mode = RUNMODE_REMOVE_SERVICE;
1580  return TM_ECODE_OK;
1581  }
1582  else if(strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
1583  suri->run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1584  return TM_ECODE_OK;
1585  }
1586 #endif /* OS_WIN32 */
1587  else if(strcmp((long_opts[option_index]).name, "pidfile") == 0) {
1588  suri->pid_filename = SCStrdup(optarg);
1589  if (suri->pid_filename == NULL) {
1590  SCLogError("strdup failed: %s", strerror(errno));
1591  return TM_ECODE_FAILED;
1592  }
1593  }
1594  else if(strcmp((long_opts[option_index]).name, "disable-detection") == 0) {
1595  g_detect_disabled = suri->disabled_detect = 1;
1596  } else if (strcmp((long_opts[option_index]).name, "disable-hashing") == 0) {
1597  g_disable_hashing = true;
1598  } else if (strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
1599 #ifdef UNITTESTS
1600  unittests_fatal = 1;
1601 #else
1602  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to "
1603  "configure when building");
1604  return TM_ECODE_FAILED;
1605 #endif /* UNITTESTS */
1606  } else if (strcmp((long_opts[option_index]).name, "user") == 0) {
1607 #ifndef HAVE_LIBCAP_NG
1608  SCLogError("libcap-ng is required to"
1609  " drop privileges, but it was not compiled into Suricata.");
1610  return TM_ECODE_FAILED;
1611 #else
1612  suri->user_name = optarg;
1613  suri->do_setuid = TRUE;
1614 #endif /* HAVE_LIBCAP_NG */
1615  } else if (strcmp((long_opts[option_index]).name, "group") == 0) {
1616 #ifndef HAVE_LIBCAP_NG
1617  SCLogError("libcap-ng is required to"
1618  " drop privileges, but it was not compiled into Suricata.");
1619  return TM_ECODE_FAILED;
1620 #else
1621  suri->group_name = optarg;
1622  suri->do_setgid = TRUE;
1623 #endif /* HAVE_LIBCAP_NG */
1624  } else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) {
1625  suri->run_mode = RUNMODE_ERF_FILE;
1626  if (ConfSetFinal("erf-file.file", optarg) != 1) {
1627  SCLogError("failed to set erf-file.file");
1628  return TM_ECODE_FAILED;
1629  }
1630  } else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
1631 #ifdef HAVE_DAG
1632  if (suri->run_mode == RUNMODE_UNKNOWN) {
1633  suri->run_mode = RUNMODE_DAG;
1634  }
1635  else if (suri->run_mode != RUNMODE_DAG) {
1636  SCLogError("more than one run mode has been specified");
1637  PrintUsage(argv[0]);
1638  return TM_ECODE_FAILED;
1639  }
1640  LiveRegisterDeviceName(optarg);
1641 #else
1642  SCLogError("libdag and a DAG card are required"
1643  " to receive packets using --dag.");
1644  return TM_ECODE_FAILED;
1645 #endif /* HAVE_DAG */
1646  } else if (strcmp((long_opts[option_index]).name, "napatech") == 0) {
1647 #ifdef HAVE_NAPATECH
1648  suri->run_mode = RUNMODE_NAPATECH;
1649 #else
1650  SCLogError("libntapi and a Napatech adapter are required"
1651  " to capture packets using --napatech.");
1652  return TM_ECODE_FAILED;
1653 #endif /* HAVE_NAPATECH */
1654  } else if (strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
1655 #ifdef HAVE_PCAP_SET_BUFF
1656  if (ConfSetFinal("pcap.buffer-size", optarg) != 1) {
1657  SCLogError("failed to set pcap-buffer-size");
1658  return TM_ECODE_FAILED;
1659  }
1660 #else
1661  SCLogError("The version of libpcap you have"
1662  " doesn't support setting buffer size.");
1663 #endif /* HAVE_PCAP_SET_BUFF */
1664  } else if (strcmp((long_opts[option_index]).name, "build-info") == 0) {
1665  suri->run_mode = RUNMODE_PRINT_BUILDINFO;
1666  return TM_ECODE_OK;
1667  } else if (strcmp((long_opts[option_index]).name, "windivert-forward") == 0) {
1668 #ifdef WINDIVERT
1669  if (suri->run_mode == RUNMODE_UNKNOWN) {
1670  suri->run_mode = RUNMODE_WINDIVERT;
1671  if (WinDivertRegisterQueue(true, optarg) == -1) {
1672  exit(EXIT_FAILURE);
1673  }
1674  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1675  if (WinDivertRegisterQueue(true, optarg) == -1) {
1676  exit(EXIT_FAILURE);
1677  }
1678  } else {
1679  SCLogError("more than one run mode "
1680  "has been specified");
1681  PrintUsage(argv[0]);
1682  exit(EXIT_FAILURE);
1683  }
1684  }
1685  else if(strcmp((long_opts[option_index]).name, "windivert") == 0) {
1686  if (suri->run_mode == RUNMODE_UNKNOWN) {
1687  suri->run_mode = RUNMODE_WINDIVERT;
1688  if (WinDivertRegisterQueue(false, optarg) == -1) {
1689  exit(EXIT_FAILURE);
1690  }
1691  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1692  if (WinDivertRegisterQueue(false, optarg) == -1) {
1693  exit(EXIT_FAILURE);
1694  }
1695  } else {
1696  SCLogError("more than one run mode "
1697  "has been specified");
1698  PrintUsage(argv[0]);
1699  exit(EXIT_FAILURE);
1700  }
1701 #else
1702  SCLogError("WinDivert not enabled. Make sure to pass --enable-windivert to "
1703  "configure when building.");
1704  return TM_ECODE_FAILED;
1705 #endif /* WINDIVERT */
1706  } else if(strcmp((long_opts[option_index]).name, "reject-dev") == 0) {
1707 #ifdef HAVE_LIBNET11
1708  BUG_ON(optarg == NULL); /* for static analysis */
1709  extern char *g_reject_dev;
1710  extern uint16_t g_reject_dev_mtu;
1711  g_reject_dev = optarg;
1712  int mtu = GetIfaceMTU(g_reject_dev);
1713  if (mtu > 0) {
1714  g_reject_dev_mtu = (uint16_t)mtu;
1715  }
1716 #else
1717  SCLogError("Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1718  return TM_ECODE_FAILED;
1719 #endif
1720  }
1721  else if (strcmp((long_opts[option_index]).name, "set") == 0) {
1722  if (optarg != NULL) {
1723  /* Quick validation. */
1724  char *val = strchr(optarg, '=');
1725  if (val == NULL) {
1726  FatalError("Invalid argument for --set, must be key=val.");
1727  }
1728  if (!ConfSetFromString(optarg, 1)) {
1729  FatalError("failed to set configuration value %s", optarg);
1730  }
1731  }
1732  }
1733  else if (strcmp((long_opts[option_index]).name, "pcap-file-continuous") == 0) {
1734  if (ConfSetFinal("pcap-file.continuous", "true") != 1) {
1735  SCLogError("Failed to set pcap-file.continuous");
1736  return TM_ECODE_FAILED;
1737  }
1738  }
1739  else if (strcmp((long_opts[option_index]).name, "pcap-file-delete") == 0) {
1740  if (ConfSetFinal("pcap-file.delete-when-done", "true") != 1) {
1741  SCLogError("Failed to set pcap-file.delete-when-done");
1742  return TM_ECODE_FAILED;
1743  }
1744  }
1745  else if (strcmp((long_opts[option_index]).name, "pcap-file-recursive") == 0) {
1746  if (ConfSetFinal("pcap-file.recursive", "true") != 1) {
1747  SCLogError("failed to set pcap-file.recursive");
1748  return TM_ECODE_FAILED;
1749  }
1750  }
1751  else if (strcmp((long_opts[option_index]).name, "data-dir") == 0) {
1752  if (optarg == NULL) {
1753  SCLogError("no option argument (optarg) for -d");
1754  return TM_ECODE_FAILED;
1755  }
1756 
1757  if (ConfigSetDataDirectory(optarg) != TM_ECODE_OK) {
1758  SCLogError("Failed to set data directory.");
1759  return TM_ECODE_FAILED;
1760  }
1761  if (ConfigCheckDataDirectory(optarg) != TM_ECODE_OK) {
1762  SCLogError("The data directory \"%s\""
1763  " supplied at the command-line (-d %s) doesn't "
1764  "exist. Shutting down the engine.",
1765  optarg, optarg);
1766  return TM_ECODE_FAILED;
1767  }
1768  suri->set_datadir = true;
1769  } else if (strcmp((long_opts[option_index]).name , "strict-rule-keywords") == 0){
1770  if (optarg == NULL) {
1771  suri->strict_rule_parsing_string = SCStrdup("all");
1772  } else {
1773  suri->strict_rule_parsing_string = SCStrdup(optarg);
1774  }
1775  if (suri->strict_rule_parsing_string == NULL) {
1776  FatalError("failed to duplicate 'strict' string");
1777  }
1778  } else if (strcmp((long_opts[option_index]).name, "include") == 0) {
1779  if (suri->additional_configs == NULL) {
1780  suri->additional_configs = SCCalloc(2, sizeof(char *));
1781  if (suri->additional_configs == NULL) {
1782  FatalError(
1783  "Failed to allocate memory for additional configuration files: %s",
1784  strerror(errno));
1785  }
1786  suri->additional_configs[0] = optarg;
1787  } else {
1788  for (int i = 0;; i++) {
1789  if (suri->additional_configs[i] == NULL) {
1790  const char **additional_configs =
1791  SCRealloc(suri->additional_configs, (i + 2) * sizeof(char *));
1792  if (additional_configs == NULL) {
1793  FatalError("Failed to allocate memory for additional configuration "
1794  "files: %s",
1795  strerror(errno));
1796  } else {
1797  suri->additional_configs = additional_configs;
1798  }
1799  suri->additional_configs[i] = optarg;
1800  suri->additional_configs[i + 1] = NULL;
1801  break;
1802  }
1803  }
1804  }
1805  } else {
1806  int r = ExceptionSimulationCommandLineParser(
1807  (long_opts[option_index]).name, optarg);
1808  if (r < 0)
1809  return TM_ECODE_FAILED;
1810  }
1811  break;
1812  case 'c':
1813  suri->conf_filename = optarg;
1814  break;
1815  case 'T':
1816  conf_test = 1;
1817  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1818  SCLogError("failed to set engine init-failure-fatal");
1819  return TM_ECODE_FAILED;
1820  }
1821  break;
1822 #ifndef OS_WIN32
1823  case 'D':
1824  suri->daemon = 1;
1825  break;
1826 #endif /* OS_WIN32 */
1827  case 'h':
1828  suri->run_mode = RUNMODE_PRINT_USAGE;
1829  return TM_ECODE_OK;
1830  case 'i':
1831  if (optarg == NULL) {
1832  SCLogError("no option argument (optarg) for -i");
1833  return TM_ECODE_FAILED;
1834  }
1835 #ifdef HAVE_AF_PACKET
1836  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1837  return TM_ECODE_FAILED;
1838  }
1839 #else /* not afpacket */
1840  /* warn user if netmap or pf-ring are available */
1841 #if defined HAVE_PFRING || HAVE_NETMAP
1842  int i = 0;
1843 #ifdef HAVE_PFRING
1844  i++;
1845 #endif
1846 #ifdef HAVE_NETMAP
1847  i++;
1848 #endif
1849  SCLogWarning("faster capture "
1850  "option%s %s available:"
1851 #ifdef HAVE_PFRING
1852  " PF_RING (--pfring-int=%s)"
1853 #endif
1854 #ifdef HAVE_NETMAP
1855  " NETMAP (--netmap=%s)"
1856 #endif
1857  ". Use --pcap=%s to suppress this warning",
1858  i == 1 ? "" : "s", i == 1 ? "is" : "are"
1859 #ifdef HAVE_PFRING
1860  ,
1861  optarg
1862 #endif
1863 #ifdef HAVE_NETMAP
1864  ,
1865  optarg
1866 #endif
1867  ,
1868  optarg);
1869 #endif /* have faster methods */
1870  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1871  return TM_ECODE_FAILED;
1872  }
1873 #endif
1874  break;
1875  case 'l':
1876  if (optarg == NULL) {
1877  SCLogError("no option argument (optarg) for -l");
1878  return TM_ECODE_FAILED;
1879  }
1880 
1881  if (ConfigSetLogDirectory(optarg) != TM_ECODE_OK) {
1882  SCLogError("Failed to set log directory.");
1883  return TM_ECODE_FAILED;
1884  }
1885  if (ConfigCheckLogDirectoryExists(optarg) != TM_ECODE_OK) {
1886  SCLogError("The logging directory \"%s\""
1887  " supplied at the command-line (-l %s) doesn't "
1888  "exist. Shutting down the engine.",
1889  optarg, optarg);
1890  return TM_ECODE_FAILED;
1891  }
1892  if (!IsLogDirectoryWritable(optarg)) {
1893  SCLogError("The logging directory \"%s\""
1894  " supplied at the command-line (-l %s) is not "
1895  "writable. Shutting down the engine.",
1896  optarg, optarg);
1897  return TM_ECODE_FAILED;
1898  }
1899  suri->set_logdir = true;
1900 
1901  break;
1902  case 'q':
1903 #ifdef NFQ
1904  if (suri->run_mode == RUNMODE_UNKNOWN) {
1905  suri->run_mode = RUNMODE_NFQ;
1906  EngineModeSetIPS();
1907  if (NFQParseAndRegisterQueues(optarg) == -1)
1908  return TM_ECODE_FAILED;
1909  } else if (suri->run_mode == RUNMODE_NFQ) {
1910  if (NFQParseAndRegisterQueues(optarg) == -1)
1911  return TM_ECODE_FAILED;
1912  } else {
1913  SCLogError("more than one run mode "
1914  "has been specified");
1915  PrintUsage(argv[0]);
1916  return TM_ECODE_FAILED;
1917  }
1918 #else
1919  SCLogError("NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when "
1920  "building.");
1921  return TM_ECODE_FAILED;
1922 #endif /* NFQ */
1923  break;
1924  case 'd':
1925 #ifdef IPFW
1926  if (suri->run_mode == RUNMODE_UNKNOWN) {
1927  suri->run_mode = RUNMODE_IPFW;
1928  EngineModeSetIPS();
1929  if (IPFWRegisterQueue(optarg) == -1)
1930  return TM_ECODE_FAILED;
1931  } else if (suri->run_mode == RUNMODE_IPFW) {
1932  if (IPFWRegisterQueue(optarg) == -1)
1933  return TM_ECODE_FAILED;
1934  } else {
1935  SCLogError("more than one run mode "
1936  "has been specified");
1937  PrintUsage(argv[0]);
1938  return TM_ECODE_FAILED;
1939  }
1940 #else
1941  SCLogError("IPFW not enabled. Make sure to pass --enable-ipfw to configure when "
1942  "building.");
1943  return TM_ECODE_FAILED;
1944 #endif /* IPFW */
1945  break;
1946  case 'r':
1947  BUG_ON(optarg == NULL); /* for static analysis */
1948  if (suri->run_mode == RUNMODE_UNKNOWN) {
1949  suri->run_mode = RUNMODE_PCAP_FILE;
1950  } else {
1951  SCLogError("more than one run mode "
1952  "has been specified");
1953  PrintUsage(argv[0]);
1954  return TM_ECODE_FAILED;
1955  }
1956 #ifdef OS_WIN32
1957  struct _stat buf;
1958  if(_stat(optarg, &buf) != 0) {
1959 #else
1960  struct stat buf;
1961  if (stat(optarg, &buf) != 0) {
1962 #endif /* OS_WIN32 */
1963  SCLogError("pcap file '%s': %s", optarg, strerror(errno));
1964  return TM_ECODE_FAILED;
1965  }
1966  if (ConfSetFinal("pcap-file.file", optarg) != 1) {
1967  SCLogError("ERROR: Failed to set pcap-file.file\n");
1968  return TM_ECODE_FAILED;
1969  }
1970 
1971  break;
1972  case 's':
1973  if (suri->sig_file != NULL) {
1974  SCLogError("can't have multiple -s options or mix -s and -S.");
1975  return TM_ECODE_FAILED;
1976  }
1977  suri->sig_file = optarg;
1978  break;
1979  case 'S':
1980  if (suri->sig_file != NULL) {
1981  SCLogError("can't have multiple -S options or mix -s and -S.");
1982  return TM_ECODE_FAILED;
1983  }
1984  suri->sig_file = optarg;
1985  suri->sig_file_exclusive = TRUE;
1986  break;
1987  case 'u':
1988 #ifdef UNITTESTS
1989  if (suri->run_mode == RUNMODE_UNKNOWN) {
1990  suri->run_mode = RUNMODE_UNITTEST;
1991  } else {
1992  SCLogError("more than one run mode has"
1993  " been specified");
1994  PrintUsage(argv[0]);
1995  return TM_ECODE_FAILED;
1996  }
1997 #else
1998  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to configure "
1999  "when building.");
2000  return TM_ECODE_FAILED;
2001 #endif /* UNITTESTS */
2002  break;
2003  case 'U':
2004 #ifdef UNITTESTS
2005  suri->regex_arg = optarg;
2006 
2007  if(strlen(suri->regex_arg) == 0)
2008  suri->regex_arg = NULL;
2009 #endif
2010  break;
2011  case 'V':
2012  suri->run_mode = RUNMODE_PRINT_VERSION;
2013  return TM_ECODE_OK;
2014  case 'F':
2015  if (optarg == NULL) {
2016  SCLogError("no option argument (optarg) for -F");
2017  return TM_ECODE_FAILED;
2018  }
2019 
2020  SetBpfStringFromFile(optarg);
2021  break;
2022  case 'v':
2023  suri->verbose++;
2024  break;
2025  case 'k':
2026  if (optarg == NULL) {
2027  SCLogError("no option argument (optarg) for -k");
2028  return TM_ECODE_FAILED;
2029  }
2030  if (!strcmp("all", optarg))
2031  suri->checksum_validation = 1;
2032  else if (!strcmp("none", optarg))
2033  suri->checksum_validation = 0;
2034  else {
2035  SCLogError("option '%s' invalid for -k", optarg);
2036  return TM_ECODE_FAILED;
2037  }
2038  break;
2039  default:
2040  PrintUsage(argv[0]);
2041  return TM_ECODE_FAILED;
2042  }
2043  }
2044 
2045  if (suri->disabled_detect && suri->sig_file != NULL) {
2046  SCLogError("can't use -s/-S when detection is disabled");
2047  return TM_ECODE_FAILED;
2048  }
2049 
2050  /* save the runmode from the command-line (if any) */
2051  suri->aux_run_mode = suri->run_mode;
2052 
2053  if (list_app_layer_protocols)
2054  suri->run_mode = RUNMODE_LIST_APP_LAYERS;
2055  if (list_keywords)
2056  suri->run_mode = RUNMODE_LIST_KEYWORDS;
2057  if (list_unittests)
2058  suri->run_mode = RUNMODE_LIST_UNITTEST;
2059  if (dump_config)
2060  suri->run_mode = RUNMODE_DUMP_CONFIG;
2061  if (dump_features)
2062  suri->run_mode = RUNMODE_DUMP_FEATURES;
2063  if (conf_test)
2064  suri->run_mode = RUNMODE_CONF_TEST;
2065  if (engine_analysis)
2066  suri->run_mode = RUNMODE_ENGINE_ANALYSIS;
2067 
2068  suri->offline = IsRunModeOffline(suri->run_mode);
2069  g_system = suri->system = IsRunModeSystem(suri->run_mode);
2070 
2071  ret = SetBpfString(optind, argv);
2072  if (ret != TM_ECODE_OK)
2073  return ret;
2074 
2075  return TM_ECODE_OK;
2076 }
2077 
2078 #ifdef OS_WIN32
2079 static int WindowsInitService(int argc, char **argv)
2080 {
2081  if (SCRunningAsService()) {
2082  char path[MAX_PATH];
2083  char *p = NULL;
2084  strlcpy(path, argv[0], MAX_PATH);
2085  if ((p = strrchr(path, '\\'))) {
2086  *p = '\0';
2087  }
2088  if (!SetCurrentDirectory(path)) {
2089  SCLogError("Can't set current directory to: %s", path);
2090  return -1;
2091  }
2092  SCLogInfo("Current directory is set to: %s", path);
2093  SCServiceInit(argc, argv);
2094  }
2095 
2096  /* Windows socket subsystem initialization */
2097  WSADATA wsaData;
2098  if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
2099  SCLogError("Can't initialize Windows sockets: %d", WSAGetLastError());
2100  return -1;
2101  }
2102 
2103  return 0;
2104 }
2105 #endif /* OS_WIN32 */
2106 
2107 static int MayDaemonize(SCInstance *suri)
2108 {
2109  if (suri->daemon == 1 && suri->pid_filename == NULL) {
2110  const char *pid_filename;
2111 
2112  if (ConfGet("pid-file", &pid_filename) == 1) {
2113  SCLogInfo("Use pid file %s from config file.", pid_filename);
2114  } else {
2115  pid_filename = DEFAULT_PID_FILENAME;
2116  }
2117  /* The pid file name may be in config memory, but is needed later. */
2118  suri->pid_filename = SCStrdup(pid_filename);
2119  if (suri->pid_filename == NULL) {
2120  SCLogError("strdup failed: %s", strerror(errno));
2121  return TM_ECODE_FAILED;
2122  }
2123  }
2124 
2125  if (suri->pid_filename != NULL && SCPidfileTestRunning(suri->pid_filename) != 0) {
2126  SCFree(suri->pid_filename);
2127  suri->pid_filename = NULL;
2128  return TM_ECODE_FAILED;
2129  }
2130 
2131  if (suri->daemon == 1) {
2132  Daemonize();
2133  }
2134 
2135  if (suri->pid_filename != NULL) {
2136  if (SCPidfileCreate(suri->pid_filename) != 0) {
2137  SCFree(suri->pid_filename);
2138  suri->pid_filename = NULL;
2139  SCLogError("Unable to create PID file, concurrent run of"
2140  " Suricata can occur.");
2141  SCLogError("PID file creation WILL be mandatory for daemon mode"
2142  " in future version");
2143  }
2144  }
2145 
2146  return TM_ECODE_OK;
2147 }
2148 
2149 /* Initialize the user and group Suricata is to run as. */
2150 static int InitRunAs(SCInstance *suri)
2151 {
2152 #ifndef OS_WIN32
2153  /* Try to get user/group to run suricata as if
2154  command line as not decide of that */
2155  if (suri->do_setuid == FALSE && suri->do_setgid == FALSE) {
2156  const char *id;
2157  if (ConfGet("run-as.user", &id) == 1) {
2158  suri->do_setuid = TRUE;
2159  suri->user_name = id;
2160  }
2161  if (ConfGet("run-as.group", &id) == 1) {
2162  suri->do_setgid = TRUE;
2163  suri->group_name = id;
2164  }
2165  }
2166  /* Get the suricata user ID to given user ID */
2167  if (suri->do_setuid == TRUE) {
2168  if (SCGetUserID(suri->user_name, suri->group_name,
2169  &suri->userid, &suri->groupid) != 0) {
2170  SCLogError("failed in getting user ID");
2171  return TM_ECODE_FAILED;
2172  }
2173 
2174  sc_set_caps = TRUE;
2175  /* Get the suricata group ID to given group ID */
2176  } else if (suri->do_setgid == TRUE) {
2177  if (SCGetGroupID(suri->group_name, &suri->groupid) != 0) {
2178  SCLogError("failed in getting group ID");
2179  return TM_ECODE_FAILED;
2180  }
2181 
2182  sc_set_caps = TRUE;
2183  }
2184 #endif
2185  return TM_ECODE_OK;
2186 }
2187 
2188 static int InitSignalHandler(SCInstance *suri)
2189 {
2190  /* registering signals we use */
2191 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2192  UtilSignalHandlerSetup(SIGINT, SignalHandlerSigint);
2193  UtilSignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
2194 #if HAVE_LIBUNWIND
2195  int enabled;
2196  if (ConfGetBool("logging.stacktrace-on-signal", &enabled) == 0) {
2197  enabled = 1;
2198  }
2199 
2200  if (enabled) {
2201  SCLogInfo("Preparing unexpected signal handling");
2202  struct sigaction stacktrace_action;
2203  memset(&stacktrace_action, 0, sizeof(stacktrace_action));
2204  stacktrace_action.sa_sigaction = SignalHandlerUnexpected;
2205  stacktrace_action.sa_flags = SA_SIGINFO;
2206  sigaction(SIGSEGV, &stacktrace_action, NULL);
2207  sigaction(SIGABRT, &stacktrace_action, NULL);
2208  }
2209 #endif /* HAVE_LIBUNWIND */
2210 #endif
2211 #ifndef OS_WIN32
2212  UtilSignalHandlerSetup(SIGHUP, SignalHandlerSigHup);
2213  UtilSignalHandlerSetup(SIGPIPE, SIG_IGN);
2214  UtilSignalHandlerSetup(SIGSYS, SIG_IGN);
2215 #endif /* OS_WIN32 */
2216 
2217  return TM_ECODE_OK;
2218 }
2219 
2220 /* initialization code for both the main modes and for
2221  * unix socket mode.
2222  *
2223  * Will be run once per pcap in unix-socket mode */
2224 void PreRunInit(const int runmode)
2225 {
2226  HttpRangeContainersInit();
2227  if (runmode == RUNMODE_UNIX_SOCKET)
2228  return;
2229 
2230  StatsInit();
2231 #ifdef PROFILE_RULES
2232  SCProfilingRulesGlobalInit();
2233 #endif
2234 #ifdef PROFILING
2235  SCProfilingKeywordsGlobalInit();
2236  SCProfilingPrefilterGlobalInit();
2237  SCProfilingSghsGlobalInit();
2238 #endif /* PROFILING */
2239 #ifdef PROFILE_RULES
2240  SCProfilingInit();
2241 #endif
2242  DefragInit();
2243  FlowInitConfig(FLOW_QUIET);
2244  IPPairInitConfig(FLOW_QUIET);
2245  StreamTcpInitConfig(STREAM_VERBOSE);
2246  AppLayerParserPostStreamSetup();
2247  AppLayerRegisterGlobalCounters();
2248  OutputFilestoreRegisterGlobalCounters();
2249 }
2250 
2251 /* tasks we need to run before packets start flowing,
2252  * but after we dropped privs */
2253 void PreRunPostPrivsDropInit(const int runmode)
2254 {
2255  StatsSetupPostConfigPreOutput();
2256  RunModeInitializeOutputs();
2257  DatasetsInit();
2258 
2259  if (runmode == RUNMODE_UNIX_SOCKET) {
2260  /* As the above did some necessary startup initialization, it
2261  * also setup some outputs where only one is allowed, so
2262  * deinitialize to the state that unix-mode does after every
2263  * pcap. */
2264  PostRunDeinit(RUNMODE_PCAP_FILE, NULL);
2265  return;
2266  }
2267 
2268  StatsSetupPostConfigPostOutput();
2269 }
2270 
2271 /* clean up / shutdown code for both the main modes and for
2272  * unix socket mode.
2273  *
2274  * Will be run once per pcap in unix-socket mode */
2275 void PostRunDeinit(const int runmode, struct timeval *start_time)
2276 {
2277  if (runmode == RUNMODE_UNIX_SOCKET)
2278  return;
2279 
2280  /* needed by FlowForceReassembly */
2281  PacketPoolInit();
2282 
2283  /* handle graceful shutdown of the flow engine, it's helper
2284  * threads and the packet threads */
2285  FlowDisableFlowManagerThread();
2286  TmThreadDisableReceiveThreads();
2287  FlowForceReassembly();
2288  TmThreadDisablePacketThreads();
2289  SCPrintElapsedTime(start_time);
2290  FlowDisableFlowRecyclerThread();
2291 
2292  /* kill the stats threads */
2293  TmThreadKillThreadsFamily(TVT_MGMT);
2294  TmThreadClearThreadsFamily(TVT_MGMT);
2295 
2296  /* kill packet threads -- already in 'disabled' state */
2297  TmThreadKillThreadsFamily(TVT_PPT);
2298  TmThreadClearThreadsFamily(TVT_PPT);
2299 
2300  PacketPoolDestroy();
2301 
2302  /* mgt and ppt threads killed, we can run non thread-safe
2303  * shutdown functions */
2304  StatsReleaseResources();
2305  DecodeUnregisterCounters();
2306  RunModeShutDown();
2307  FlowShutdown();
2308  IPPairShutdown();
2309  HostCleanup();
2310  StreamTcpFreeConfig(STREAM_VERBOSE);
2311  DefragDestroy();
2312  HttpRangeContainersDestroy();
2313 
2314  TmqResetQueues();
2315 #ifdef PROFILING
2316  if (profiling_rules_enabled)
2317  SCProfilingDump();
2318  SCProfilingDestroy();
2319 #endif
2320 }
2321 
2322 
2323 static int StartInternalRunMode(SCInstance *suri, int argc, char **argv)
2324 {
2325  /* Treat internal running mode */
2326  switch(suri->run_mode) {
2327  case RUNMODE_LIST_KEYWORDS:
2328  return ListKeywords(suri->keyword_info);
2329  case RUNMODE_LIST_APP_LAYERS:
2330  if (suri->conf_filename != NULL) {
2331  return ListAppLayerProtocols(suri->conf_filename);
2332  } else {
2333  return ListAppLayerProtocols(DEFAULT_CONF_FILE);
2334  }
2335  case RUNMODE_PRINT_VERSION:
2336  PrintVersion();
2337  return TM_ECODE_DONE;
2338  case RUNMODE_PRINT_BUILDINFO:
2339  PrintBuildInfo();
2340  return TM_ECODE_DONE;
2341  case RUNMODE_PRINT_USAGE:
2342  PrintUsage(argv[0]);
2343  return TM_ECODE_DONE;
2344  case RUNMODE_LIST_RUNMODES:
2345  RunModeListRunmodes();
2346  return TM_ECODE_DONE;
2347  case RUNMODE_LIST_UNITTEST:
2348  RunUnittests(1, suri->regex_arg);
2349  case RUNMODE_UNITTEST:
2350  RunUnittests(0, suri->regex_arg);
2351 #ifdef OS_WIN32
2352  case RUNMODE_INSTALL_SERVICE:
2353  if (SCServiceInstall(argc, argv)) {
2354  return TM_ECODE_FAILED;
2355  }
2356  SCLogInfo("Suricata service has been successfully installed.");
2357  return TM_ECODE_DONE;
2358  case RUNMODE_REMOVE_SERVICE:
2359  if (SCServiceRemove(argc, argv)) {
2360  return TM_ECODE_FAILED;
2361  }
2362  SCLogInfo("Suricata service has been successfully removed.");
2363  return TM_ECODE_DONE;
2364  case RUNMODE_CHANGE_SERVICE_PARAMS:
2365  if (SCServiceChangeParams(argc, argv)) {
2366  return TM_ECODE_FAILED;
2367  }
2368  SCLogInfo("Suricata service startup parameters has been successfully changed.");
2369  return TM_ECODE_DONE;
2370 #endif /* OS_WIN32 */
2371  default:
2372  /* simply continue for other running mode */
2373  break;
2374  }
2375  return TM_ECODE_OK;
2376 }
2377 
2378 static int FinalizeRunMode(SCInstance *suri, char **argv)
2379 {
2380  switch (suri->run_mode) {
2381  case RUNMODE_UNKNOWN:
2382  PrintUsage(argv[0]);
2383  return TM_ECODE_FAILED;
2384  default:
2385  break;
2386  }
2387  /* Set the global run mode and offline flag. */
2388  run_mode = suri->run_mode;
2389 
2390  if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) {
2391  return TM_ECODE_FAILED;
2392  }
2393 
2394  return TM_ECODE_OK;
2395 }
2396 
2397 static void SetupDelayedDetect(SCInstance *suri)
2398 {
2399  /* In offline mode delayed init of detect is a bad idea */
2400  if (suri->offline) {
2401  suri->delayed_detect = 0;
2402  } else {
2403  if (ConfGetBool("detect.delayed-detect", &suri->delayed_detect) != 1) {
2404  ConfNode *denode = NULL;
2405  ConfNode *decnf = ConfGetNode("detect-engine");
2406  if (decnf != NULL) {
2407  TAILQ_FOREACH(denode, &decnf->head, next) {
2408  if (strcmp(denode->val, "delayed-detect") == 0) {
2409  (void)ConfGetChildValueBool(denode, "delayed-detect", &suri->delayed_detect);
2410  }
2411  }
2412  }
2413  }
2414  }
2415 
2416  SCLogConfig("Delayed detect %s", suri->delayed_detect ? "enabled" : "disabled");
2417  if (suri->delayed_detect) {
2418  SCLogInfo("Packets will start being processed before signatures are active.");
2419  }
2420 
2421 }
2422 
2423 static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri)
2424 {
2425  if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) {
2426  SCLogError("Loading signatures failed.");
2427  if (de_ctx->failure_fatal)
2428  return TM_ECODE_FAILED;
2429  }
2430 
2431  return TM_ECODE_OK;
2432 }
2433 
2434 static int ConfigGetCaptureValue(SCInstance *suri)
2435 {
2436  /* Pull the max pending packets from the config, if not found fall
2437  * back on a sane default. */
2438  intmax_t tmp_max_pending_packets;
2439  if (ConfGetInt("max-pending-packets", &tmp_max_pending_packets) != 1)
2440  tmp_max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
2441  if (tmp_max_pending_packets < 1 || tmp_max_pending_packets >= UINT16_MAX) {
2442  SCLogError("Maximum max-pending-packets setting is 65534 and must be greater than 0. "
2443  "Please check %s for errors",
2444  suri->conf_filename);
2445  return TM_ECODE_FAILED;
2446  } else {
2447  max_pending_packets = (uint16_t)tmp_max_pending_packets;
2448  }
2449 
2450  SCLogDebug("Max pending packets set to %" PRIu16, max_pending_packets);
2451 
2452  /* Pull the default packet size from the config, if not found fall
2453  * back on a sane default. */
2454  const char *temp_default_packet_size;
2455  if ((ConfGet("default-packet-size", &temp_default_packet_size)) != 1) {
2456  int lthread;
2457  int nlive;
2458  int strip_trailing_plus = 0;
2459  switch (suri->run_mode) {
2460 #ifdef WINDIVERT
2461  case RUNMODE_WINDIVERT: {
2462  /* by default, WinDivert collects from all devices */
2463  const int mtu = GetGlobalMTUWin32();
2464 
2465  if (mtu > 0) {
2466  /* SLL_HEADER_LEN is the longest header + 8 for VLAN */
2467  default_packet_size = mtu + SLL_HEADER_LEN + 8;
2468  break;
2469  }
2470  default_packet_size = DEFAULT_PACKET_SIZE;
2471  break;
2472  }
2473 #endif /* WINDIVERT */
2474  case RUNMODE_NETMAP:
2475  /* in netmap igb0+ has a special meaning, however the
2476  * interface really is igb0 */
2477  strip_trailing_plus = 1;
2478  /* fall through */
2479  case RUNMODE_PCAP_DEV:
2480  case RUNMODE_AFP_DEV:
2481  case RUNMODE_AFXDP_DEV:
2482  case RUNMODE_PFRING:
2483  nlive = LiveGetDeviceCount();
2484  for (lthread = 0; lthread < nlive; lthread++) {
2485  const char *live_dev = LiveGetDeviceName(lthread);
2486  char dev[128]; /* need to be able to support GUID names on Windows */
2487  (void)strlcpy(dev, live_dev, sizeof(dev));
2488 
2489  if (strip_trailing_plus) {
2490  size_t len = strlen(dev);
2491  if (len &&
2492  (dev[len-1] == '+' ||
2493  dev[len-1] == '^' ||
2494  dev[len-1] == '*'))
2495  {
2496  dev[len-1] = '\0';
2497  }
2498  }
2499  unsigned int iface_max_packet_size = GetIfaceMaxPacketSize(dev);
2500  if (iface_max_packet_size > default_packet_size)
2501  default_packet_size = iface_max_packet_size;
2502  }
2503  if (default_packet_size)
2504  break;
2505  /* fall through */
2506  default:
2507  default_packet_size = DEFAULT_PACKET_SIZE;
2508  }
2509  } else {
2510  if (ParseSizeStringU32(temp_default_packet_size, &default_packet_size) < 0) {
2511  SCLogError("Error parsing max-pending-packets "
2512  "from conf file - %s. Killing engine",
2513  temp_default_packet_size);
2514  return TM_ECODE_FAILED;
2515  }
2516  }
2517 
2518  SCLogDebug("Default packet size set to %"PRIu32, default_packet_size);
2519 
2520  return TM_ECODE_OK;
2521 }
2522 
2523 static void PostRunStartedDetectSetup(const SCInstance *suri)
2524 {
2525 #ifndef OS_WIN32
2526  /* registering signal handlers we use. We setup usr2 here, so that one
2527  * can't call it during the first sig load phase or while threads are still
2528  * starting up. */
2529  if (DetectEngineEnabled() && suri->delayed_detect == 0) {
2530  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2531  UtilSignalUnblock(SIGUSR2);
2532  }
2533 #endif
2534  if (suri->delayed_detect) {
2535  /* force 'reload', this will load the rules and swap engines */
2536  DetectEngineReload(suri);
2537  SCLogNotice("Signature(s) loaded, Detect thread(s) activated.");
2538 #ifndef OS_WIN32
2539  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2540  UtilSignalUnblock(SIGUSR2);
2541 #endif
2542  }
2543 }
2544 
2545 void PostConfLoadedDetectSetup(SCInstance *suri)
2546 {
2547  DetectEngineCtx *de_ctx = NULL;
2548  if (!suri->disabled_detect) {
2549  SCClassConfInit();
2550  SCReferenceConfInit();
2551  SetupDelayedDetect(suri);
2552  int mt_enabled = 0;
2553  (void)ConfGetBool("multi-detect.enabled", &mt_enabled);
2554  int default_tenant = 0;
2555  if (mt_enabled)
2556  (void)ConfGetBool("multi-detect.default", &default_tenant);
2557  if (DetectEngineMultiTenantSetup(suri->unix_socket_enabled) == -1) {
2558  FatalError("initializing multi-detect "
2559  "detection engine contexts failed.");
2560  }
2561  if (suri->delayed_detect && suri->run_mode != RUNMODE_CONF_TEST) {
2562  de_ctx = DetectEngineCtxInitStubForDD();
2563  } else if (mt_enabled && !default_tenant && suri->run_mode != RUNMODE_CONF_TEST) {
2564  de_ctx = DetectEngineCtxInitStubForMT();
2565  } else {
2566  de_ctx = DetectEngineCtxInit();
2567  }
2568  if (de_ctx == NULL) {
2569  FatalError("initializing detection engine failed.");
2570  }
2571 
2572  if (de_ctx->type == DETECT_ENGINE_TYPE_NORMAL) {
2573  if (LoadSignatures(de_ctx, suri) != TM_ECODE_OK)
2574  exit(EXIT_FAILURE);
2575  }
2576 
2577  gettimeofday(&de_ctx->last_reload, NULL);
2578  DetectEngineAddToMaster(de_ctx);
2579  DetectEngineBumpVersion();
2580  }
2581 }
2582 
2583 static void PostConfLoadedSetupHostMode(void)
2584 {
2585  const char *hostmode = NULL;
2586 
2587  if (ConfGet("host-mode", &hostmode) == 1) {
2588  if (!strcmp(hostmode, "router")) {
2589  host_mode = SURI_HOST_IS_ROUTER;
2590  } else if (!strcmp(hostmode, "sniffer-only")) {
2591  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2592  } else {
2593  if (strcmp(hostmode, "auto") != 0) {
2594  WarnInvalidConfEntry("host-mode", "%s", "auto");
2595  }
2596  if (EngineModeIsIPS()) {
2597  host_mode = SURI_HOST_IS_ROUTER;
2598  } else {
2599  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2600  }
2601  }
2602  } else {
2603  if (EngineModeIsIPS()) {
2604  host_mode = SURI_HOST_IS_ROUTER;
2605  SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
2606  "default setting 'router'");
2607  } else {
2608  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2609  SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
2610  "default setting 'sniffer-only'");
2611  }
2612  }
2613 }
2614 
2615 static void SetupUserMode(SCInstance *suri)
2616 {
2617  /* apply 'user mode' config updates here */
2618  if (suri->system == false) {
2619  if (suri->set_logdir == false) {
2620  /* override log dir to current work dir" */
2621  if (ConfigSetLogDirectory((char *)".") != TM_ECODE_OK) {
2622  FatalError("could not set USER mode logdir");
2623  }
2624  }
2625  if (suri->set_datadir == false) {
2626  /* override data dir to current work dir" */
2627  if (ConfigSetDataDirectory((char *)".") != TM_ECODE_OK) {
2628  FatalError("could not set USER mode datadir");
2629  }
2630  }
2631  }
2632 }
2633 
2634 /**
2635  * This function is meant to contain code that needs
2636  * to be run once the configuration has been loaded.
2637  */
2638 int PostConfLoadedSetup(SCInstance *suri)
2639 {
2640  /* do this as early as possible #1577 #1955 */
2641 #ifdef HAVE_LUAJIT
2642  if (LuajitSetupStatesPool() != 0) {
2643  SCReturnInt(TM_ECODE_FAILED);
2644  }
2645 #endif
2646 
2647  /* load the pattern matchers */
2648  MpmTableSetup();
2649  SpmTableSetup();
2650 
2651  int disable_offloading;
2652  if (ConfGetBool("capture.disable-offloading", &disable_offloading) == 0)
2653  disable_offloading = 1;
2654  if (disable_offloading) {
2655  LiveSetOffloadDisable();
2656  } else {
2657  LiveSetOffloadWarn();
2658  }
2659 
2660  if (suri->checksum_validation == -1) {
2661  const char *cv = NULL;
2662  if (ConfGet("capture.checksum-validation", &cv) == 1) {
2663  if (strcmp(cv, "none") == 0) {
2664  suri->checksum_validation = 0;
2665  } else if (strcmp(cv, "all") == 0) {
2666  suri->checksum_validation = 1;
2667  }
2668  }
2669  }
2670  switch (suri->checksum_validation) {
2671  case 0:
2672  ConfSet("stream.checksum-validation", "0");
2673  break;
2674  case 1:
2675  ConfSet("stream.checksum-validation", "1");
2676  break;
2677  }
2678 
2679  if (suri->runmode_custom_mode) {
2680  ConfSet("runmode", suri->runmode_custom_mode);
2681  }
2682 
2683  StorageInit();
2684 #ifdef HAVE_PACKET_EBPF
2685  if (suri->run_mode == RUNMODE_AFP_DEV) {
2686  EBPFRegisterExtension();
2687  LiveDevRegisterExtension();
2688  }
2689 #endif
2690  RegisterFlowBypassInfo();
2691 
2692  MacSetRegisterFlowStorage();
2693 
2694  LiveDeviceFinalize(); // must be after EBPF extension registration
2695 
2696  RunModeEngineIsIPS(
2697  suricata.run_mode, suricata.runmode_custom_mode, suricata.capture_plugin_name);
2698 
2699  if (EngineModeIsUnknown()) { // if still uninitialized, set the default
2700  SCLogInfo("Setting engine mode to IDS mode by default");
2701  EngineModeSetIDS();
2702  }
2703 
2704  SetMasterExceptionPolicy();
2705 
2706  AppLayerSetup();
2707 
2708  /* Suricata will use this umask if provided. By default it will use the
2709  umask passed on from the shell. */
2710  const char *custom_umask;
2711  if (ConfGet("umask", &custom_umask) == 1) {
2712  uint16_t mask;
2713  if (StringParseUint16(&mask, 8, (uint16_t)strlen(custom_umask), custom_umask) > 0) {
2714  umask((mode_t)mask);
2715  }
2716  }
2717 
2718 
2719  if (ConfigGetCaptureValue(suri) != TM_ECODE_OK) {
2720  SCReturnInt(TM_ECODE_FAILED);
2721  }
2722 
2723 #ifdef NFQ
2724  if (suri->run_mode == RUNMODE_NFQ)
2725  NFQInitConfig(false);
2726 #endif
2727 
2728  /* Load the Host-OS lookup. */
2729  SCHInfoLoadFromConfig();
2730 
2731  if (suri->run_mode == RUNMODE_ENGINE_ANALYSIS) {
2732  SCLogInfo("== Carrying out Engine Analysis ==");
2733  const char *temp = NULL;
2734  if (ConfGet("engine-analysis", &temp) == 0) {
2735  SCLogInfo("no engine-analysis parameter(s) defined in conf file. "
2736  "Please define/enable them in the conf to use this "
2737  "feature.");
2738  SCReturnInt(TM_ECODE_FAILED);
2739  }
2740  }
2741 
2742  /* hardcoded initialization code */
2743  SigTableSetup(); /* load the rule keywords */
2744  SigTableApplyStrictCommandLineOption(suri->strict_rule_parsing_string);
2745  TmqhSetup();
2746 
2747  TagInitCtx();
2748  PacketAlertTagInit();
2749  ThresholdInit();
2750  HostBitInitCtx();
2751  IPPairBitInitCtx();
2752 
2753  if (DetectAddressTestConfVars() < 0) {
2754  SCLogError(
2755  "basic address vars test failed. Please check %s for errors", suri->conf_filename);
2756  SCReturnInt(TM_ECODE_FAILED);
2757  }
2758  if (DetectPortTestConfVars() < 0) {
2759  SCLogError("basic port vars test failed. Please check %s for errors", suri->conf_filename);
2760  SCReturnInt(TM_ECODE_FAILED);
2761  }
2762 
2763  FeatureTrackingRegister(); /* must occur prior to output mod registration */
2764  RegisterAllModules();
2765 #ifdef HAVE_PLUGINS
2766  SCPluginsLoad(suri->capture_plugin_name, suri->capture_plugin_args);
2767 #endif
2768  AppLayerHtpNeedFileInspection();
2769 
2770  StorageFinalize();
2771 
2772  TmModuleRunInit();
2773 
2774  if (MayDaemonize(suri) != TM_ECODE_OK)
2775  SCReturnInt(TM_ECODE_FAILED);
2776 
2777  if (InitSignalHandler(suri) != TM_ECODE_OK)
2778  SCReturnInt(TM_ECODE_FAILED);
2779 
2780  /* Check for the existence of the default logging directory which we pick
2781  * from suricata.yaml. If not found, shut the engine down */
2782  suri->log_dir = ConfigGetLogDirectory();
2783 
2784  if (ConfigCheckLogDirectoryExists(suri->log_dir) != TM_ECODE_OK) {
2785  SCLogError("The logging directory \"%s\" "
2786  "supplied by %s (default-log-dir) doesn't exist. "
2787  "Shutting down the engine",
2788  suri->log_dir, suri->conf_filename);
2789  SCReturnInt(TM_ECODE_FAILED);
2790  }
2791  if (!IsLogDirectoryWritable(suri->log_dir)) {
2792  SCLogError("The logging directory \"%s\" "
2793  "supplied by %s (default-log-dir) is not writable. "
2794  "Shutting down the engine",
2795  suri->log_dir, suri->conf_filename);
2796  SCReturnInt(TM_ECODE_FAILED);
2797  }
2798 
2799  if (suri->disabled_detect) {
2800  SCLogConfig("detection engine disabled");
2801  /* disable raw reassembly */
2802  (void)ConfSetFinal("stream.reassembly.raw", "false");
2803  }
2804 
2805  HostInitConfig(HOST_VERBOSE);
2806 
2807  CoredumpLoadConfig();
2808 
2809  DecodeGlobalConfig();
2810 
2811  /* hostmode depends on engine mode being set */
2812  PostConfLoadedSetupHostMode();
2813 
2814  PreRunInit(suri->run_mode);
2815 
2816  SCReturnInt(TM_ECODE_OK);
2817 }
2818 
2819 static void SuricataMainLoop(SCInstance *suri)
2820 {
2821  while(1) {
2822  if (sigterm_count || sigint_count) {
2823  suricata_ctl_flags |= SURICATA_STOP;
2824  }
2825 
2826  if (suricata_ctl_flags & SURICATA_STOP) {
2827  SCLogNotice("Signal Received. Stopping engine.");
2828  break;
2829  }
2830 
2831  TmThreadCheckThreadState();
2832 
2833  if (sighup_count > 0) {
2834  OutputNotifyFileRotation();
2835  sighup_count--;
2836  }
2837 
2838  if (sigusr2_count > 0) {
2839  if (!(DetectEngineReloadIsStart())) {
2840  DetectEngineReloadStart();
2841  DetectEngineReload(suri);
2842  DetectEngineReloadSetIdle();
2843  sigusr2_count--;
2844  }
2845 
2846  } else if (DetectEngineReloadIsStart()) {
2847  DetectEngineReload(suri);
2848  DetectEngineReloadSetIdle();
2849  }
2850 
2851  usleep(10* 1000);
2852  }
2853 }
2854 
2855 /**
2856  * \brief Global initialization common to all runmodes.
2857  *
2858  * This can be used by fuzz targets.
2859  */
2860 
2861 int InitGlobal(void)
2862 {
2863  rs_init(&suricata_context);
2864 
2865  SC_ATOMIC_INIT(engine_stage);
2866 
2867  /* initialize the logging subsys */
2868  SCLogInitLogModule(NULL);
2869 
2870  SCSetThreadName("Suricata-Main");
2871 
2872  /* Ignore SIGUSR2 as early as possible. We redeclare interest
2873  * once we're done launching threads. The goal is to either die
2874  * completely or handle any and all SIGUSR2s correctly.
2875  */
2876 #ifndef OS_WIN32
2877  UtilSignalHandlerSetup(SIGUSR2, SIG_IGN);
2878  if (UtilSignalBlock(SIGUSR2)) {
2879  SCLogError("SIGUSR2 initialization error");
2880  return EXIT_FAILURE;
2881  }
2882 #endif
2883 
2884  ParseSizeInit();
2885  RunModeRegisterRunModes();
2886 
2887  /* Initialize the configuration module. */
2888  ConfInit();
2889 
2890  return 0;
2891 }
2892 
2893 int SuricataMain(int argc, char **argv)
2894 {
2895  SCInstanceInit(&suricata, argv[0]);
2896 
2897  if (InitGlobal() != 0) {
2898  exit(EXIT_FAILURE);
2899  }
2900 
2901 #ifdef OS_WIN32
2902  /* service initialization */
2903  if (WindowsInitService(argc, argv) != 0) {
2904  exit(EXIT_FAILURE);
2905  }
2906 #endif /* OS_WIN32 */
2907 
2908  if (ParseCommandLine(argc, argv, &suricata) != TM_ECODE_OK) {
2909  exit(EXIT_FAILURE);
2910  }
2911 
2912  if (FinalizeRunMode(&suricata, argv) != TM_ECODE_OK) {
2913  exit(EXIT_FAILURE);
2914  }
2915 
2916  switch (StartInternalRunMode(&suricata, argc, argv)) {
2917  case TM_ECODE_DONE:
2918  exit(EXIT_SUCCESS);
2919  case TM_ECODE_FAILED:
2920  exit(EXIT_FAILURE);
2921  }
2922 
2923  /* Initializations for global vars, queues, etc (memsets, mutex init..) */
2924  GlobalsInitPreConfig();
2925 
2926  /* Load yaml configuration file if provided. */
2927  if (LoadYamlConfig(&suricata) != TM_ECODE_OK) {
2928  exit(EXIT_FAILURE);
2929  }
2930 
2931  if (suricata.run_mode == RUNMODE_DUMP_CONFIG) {
2932  ConfDump();
2933  exit(EXIT_SUCCESS);
2934  }
2935 
2936  int vlan_tracking = 1;
2937  if (ConfGetBool("vlan.use-for-tracking", &vlan_tracking) == 1 && !vlan_tracking) {
2938  /* Ignore vlan_ids when comparing flows. */
2939  g_vlan_mask = 0x0000;
2940  }
2941  SCLogDebug("vlan tracking is %s", vlan_tracking == 1 ? "enabled" : "disabled");
2942 
2943  SetupUserMode(&suricata);
2944  InitRunAs(&suricata);
2945 
2946  /* Since our config is now loaded we can finish configurating the
2947  * logging module. */
2948  SCLogLoadConfig(suricata.daemon, suricata.verbose, suricata.userid, suricata.groupid);
2949 
2950  LogVersion(&suricata);
2951  UtilCpuPrintSummary();
2952 
2953  if (suricata.run_mode == RUNMODE_CONF_TEST)
2954  SCLogInfo("Running suricata under test mode");
2955 
2956  if (ParseInterfacesList(suricata.aux_run_mode, suricata.pcap_dev) != TM_ECODE_OK) {
2957  exit(EXIT_FAILURE);
2958  }
2959 
2960  if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) {
2961  exit(EXIT_FAILURE);
2962  }
2963 
2964  SCDropMainThreadCaps(suricata.userid, suricata.groupid);
2965 
2966  /* Re-enable coredumps after privileges are dropped. */
2967  CoredumpEnable();
2968 
2969  if (suricata.run_mode != RUNMODE_UNIX_SOCKET && !suricata.disabled_detect) {
2970  suricata.unix_socket_enabled = ConfUnixSocketIsEnable();
2971  }
2972 
2973  PreRunPostPrivsDropInit(suricata.run_mode);
2974 
2975  LandlockSandboxing(&suricata);
2976 
2977  PostConfLoadedDetectSetup(&suricata);
2978  if (suricata.run_mode == RUNMODE_ENGINE_ANALYSIS) {
2979  goto out;
2980  } else if (suricata.run_mode == RUNMODE_CONF_TEST){
2981  SCLogNotice("Configuration provided was successfully loaded. Exiting.");
2982  goto out;
2983  } else if (suricata.run_mode == RUNMODE_DUMP_FEATURES) {
2984  FeatureDump();
2985  goto out;
2986  }
2987 
2988  SCSetStartTime(&suricata);
2989  RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode,
2990  suricata.capture_plugin_name, suricata.capture_plugin_args);
2991  if (suricata.run_mode != RUNMODE_UNIX_SOCKET) {
2992  UnixManagerThreadSpawnNonRunmode(suricata.unix_socket_enabled);
2993  }
2994 
2995  /* Wait till all the threads have been initialized */
2996  if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) {
2997  FatalError("Engine initialization failed, "
2998  "aborting...");
2999  }
3000 
3001  int limit_nproc = 0;
3002  if (ConfGetBool("security.limit-noproc", &limit_nproc) == 0) {
3003  limit_nproc = 0;
3004  }
3005 
3006 #if defined(SC_ADDRESS_SANITIZER)
3007  if (limit_nproc) {
3008  SCLogWarning(
3009  "\"security.limit-noproc\" (setrlimit()) not set when using address sanitizer");
3010  limit_nproc = 0;
3011  }
3012 #endif
3013 
3014  if (limit_nproc) {
3015 #if defined(HAVE_SYS_RESOURCE_H)
3016 #ifdef linux
3017  if (geteuid() == 0) {
3018  SCLogWarning("setrlimit has no effet when running as root.");
3019  }
3020 #endif
3021  struct rlimit r = { 0, 0 };
3022  if (setrlimit(RLIMIT_NPROC, &r) != 0) {
3023  SCLogWarning("setrlimit failed to prevent process creation.");
3024  }
3025 #else
3026  SCLogWarning("setrlimit unavailable.");
3027 #endif
3028  }
3029 
3030  SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
3031  PacketPoolPostRunmodes();
3032 
3033  /* Un-pause all the paused threads */
3034  TmThreadContinueThreads();
3035 
3036  /* Must ensure all threads are fully operational before continuing with init process */
3037  if (TmThreadWaitOnThreadRunning() != TM_ECODE_OK) {
3038  exit(EXIT_FAILURE);
3039  }
3040 
3041  /* Print notice and send OS specific notification of threads in running state */
3042  OnNotifyRunning();
3043 
3044  PostRunStartedDetectSetup(&suricata);
3045 
3046  SCPledge();
3047  SuricataMainLoop(&suricata);
3048 
3049  /* Update the engine stage/status flag */
3050  SC_ATOMIC_SET(engine_stage, SURICATA_DEINIT);
3051 
3052  UnixSocketKillSocketThread();
3053  PostRunDeinit(suricata.run_mode, &suricata.start_time);
3054  /* kill remaining threads */
3055  TmThreadKillThreads();
3056 
3057 out:
3058  GlobalsDestroy(&suricata);
3059 
3060  exit(EXIT_SUCCESS);
3061 }
RUNMODE_AFXDP_DEV
@ RUNMODE_AFXDP_DEV
Definition: runmodes.h:38
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1074
util-byte.h
ConfGetInt
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:397
TmModuleUnixManagerRegister
void TmModuleUnixManagerRegister(void)
Definition: unix-manager.c:1293
StatsReleaseResources
void StatsReleaseResources(void)
Releases the resources alloted by the Stats API.
Definition: counters.c:1268
max_pending_packets
uint16_t max_pending_packets
Definition: suricata.c:184
source-nflog.h
TagInitCtx
void TagInitCtx(void)
Definition: detect-engine-tag.c:52
TmModuleReceiveIPFWRegister
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
Definition: source-ipfw.c:154
flow-bypass.h
len
uint8_t len
Definition: app-layer-dnp3.h:2
SCReferenceConfDeinit
void SCReferenceConfDeinit(void)
Definition: util-reference-config.c:76
ExceptionSimulationCommandLineParser
int ExceptionSimulationCommandLineParser(const char *name, const char *arg)
Definition: util-exception-policy.c:225
ippair.h
app-layer-htp-range.h
AppLayerHtpNeedFileInspection
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
Definition: app-layer-htp.c:511
SCInstance_::run_mode
enum RunModes run_mode
Definition: suricata.h:124
detect-engine.h
source-pcap.h
SCInstance_::groupid
uint32_t groupid
Definition: suricata.h:142
RUNMODE_UNIX_SOCKET
@ RUNMODE_UNIX_SOCKET
Definition: runmodes.h:43
g_system
bool g_system
Definition: suricata.c:192
SCReferenceConfInit
void SCReferenceConfInit(void)
Definition: util-reference-config.c:56
win32-syscall.h
SCInstance_::daemon
int daemon
Definition: suricata.h:151
IPPairInitConfig
void IPPairInitConfig(bool quiet)
initialize the configuration
Definition: ippair.c:169
SCLogInitLogModule
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
Definition: util-debug.c:1409
SLL_HEADER_LEN
#define SLL_HEADER_LEN
Definition: decode-sll.h:27
SCInstance_::checksum_validation
int checksum_validation
Definition: suricata.h:154
LiveDeviceListClean
int LiveDeviceListClean(void)
Definition: util-device.c:308
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:4479
RunModeEngineIsIPS
void RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
Definition: runmodes.c:396
RUNMODE_UNITTEST
@ RUNMODE_UNITTEST
Definition: runmodes.h:41
StorageInit
void StorageInit(void)
Definition: util-storage.c:68
SCInstance_::start_time
struct timeval start_time
Definition: suricata.h:156
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:315
TmThreadContinueThreads
void TmThreadContinueThreads(void)
Unpauses all threads present in tv_root.
Definition: tm-threads.c:1894
SCThresholdConfGlobalFree
void SCThresholdConfGlobalFree(void)
Definition: util-threshold-config.c:155
source-pcap-file.h
ConfNode_::val
char * val
Definition: conf.h:34
CLS
#define CLS
Definition: suricata-common.h:59
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:481
RUNMODE_DPDK
@ RUNMODE_DPDK
Definition: runmodes.h:40
stream-tcp.h
DetectEngineCtx_::type
enum DetectEngineType type
Definition: detect.h:953
DetectEnginePruneFreeList
void DetectEnginePruneFreeList(void)
Definition: detect-engine.c:4570
runmode-af-packet.h
RUNMODE_UNKNOWN
@ RUNMODE_UNKNOWN
Definition: runmodes.h:28
SCInstance_::group_name
const char * group_name
Definition: suricata.h:137
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:387
runmode-unittests.h
TmqhSetup
void TmqhSetup(void)
Definition: tm-queuehandlers.c:39
SURI_HOST_IS_SNIFFER_ONLY
@ SURI_HOST_IS_SNIFFER_ONLY
Definition: suricata.h:115
RUNMODE_PRINT_BUILDINFO
@ RUNMODE_PRINT_BUILDINFO
Definition: runmodes.h:51
DetectEngineCtxInitStubForDD
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
Definition: detect-engine.c:2568
LiveDevRegisterExtension
void LiveDevRegisterExtension(void)
Definition: util-device.c:453
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
AppLayerHtpPrintStats
void AppLayerHtpPrintStats(void)
Definition: app-layer-htp.c:3016
StatsSetupPostConfigPreOutput
void StatsSetupPostConfigPreOutput(void)
Definition: counters.c:889
SCInstance_::runmode_custom_mode
char * runmode_custom_mode
Definition: suricata.h:134
util-coredump-config.h
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:451
TmModuleReceiveNFQRegister
void TmModuleReceiveNFQRegister(void)
Definition: source-nfq.c:171
LiveBuildDeviceList
int LiveBuildDeviceList(const char *runmode)
Definition: util-device.c:268
RunModeShutDown
void RunModeShutDown(void)
Definition: runmodes.c:592
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:86
SCProtoNameInit
void SCProtoNameInit(void)
Definition: util-proto-name.c:418
ippair-bit.h
RunModeDispatch
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
Definition: runmodes.c:416
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
util-macset.h
RUNMODE_LIST_RUNMODES
@ RUNMODE_LIST_RUNMODES
Definition: runmodes.h:49
sigint_count
volatile sig_atomic_t sigint_count
Definition: suricata.c:154
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
SCProfilingRulesGlobalInit
void SCProfilingRulesGlobalInit(void)
TmModuleRunDeInit
void TmModuleRunDeInit(void)
Definition: tm-modules.c:147
RegisterFlowBypassInfo
void RegisterFlowBypassInfo(void)
Definition: flow-util.c:236
SCSetThreadName
#define SCSetThreadName(n)
Definition: threads.h:303
SCLogDeInitLogModule
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
Definition: util-debug.c:1617
util-pidfile.h
TmModuleDecodeErfFileRegister
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
Definition: source-erf-file.c:98
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:827
StringParseUint16
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:337
DetectEngineReloadSetIdle
void DetectEngineReloadSetIdle(void)
Definition: detect-engine.c:2114
SCInstance_::userid
uint32_t userid
Definition: suricata.h:141
RUNMODE_ERF_FILE
@ RUNMODE_ERF_FILE
Definition: runmodes.h:35
source-windivert-prototypes.h
DetectEngineGetCurrent
DetectEngineCtx * DetectEngineGetCurrent(void)
Definition: detect-engine.c:3781
EngineModeIsUnknown
int EngineModeIsUnknown(void)
Definition: suricata.c:217
TmModuleFlowRecyclerRegister
void TmModuleFlowRecyclerRegister(void)
Definition: flow-manager.c:1261
Daemonize
void Daemonize(void)
Daemonize the process.
Definition: util-daemon.c:101
UtilSignalHandlerSetup
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
Definition: util-signal.c:60
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
TmModuleDecodeAFPRegister
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
Definition: source-af-packet.c:598
RUNMODE_NFLOG
@ RUNMODE_NFLOG
Definition: runmodes.h:33
TmModuleDecodeWinDivertRegister
void TmModuleDecodeWinDivertRegister(void)
Definition: source-windivert.c:74
SURICATA_STOP
#define SURICATA_STOP
Definition: suricata.h:89
FlowForceReassembly
void FlowForceReassembly(void)
Force reassembly for all the flows that have unprocessed segments.
Definition: flow-timeout.c:423
DetectEngineAddToMaster
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4503
TmModuleStatsLoggerRegister
void TmModuleStatsLoggerRegister(void)
Definition: output-stats.c:192
ConfYamlHandleInclude
int ConfYamlHandleInclude(ConfNode *parent, const char *filename)
Include a file in the configuration.
Definition: conf-yaml-loader.c:116
RegisterAllModules
void RegisterAllModules(void)
Definition: suricata.c:886
ENGINE_MODE_IPS
@ ENGINE_MODE_IPS
Definition: suricata.h:104
SCGetUserID
int SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
Definition: util-privs.c:150
RUNMODE_PCAP_DEV
@ RUNMODE_PCAP_DEV
Definition: runmodes.h:29
DetectEngineMultiTenantSetup
int DetectEngineMultiTenantSetup(const bool unix_socket)
setup multi-detect / multi-tenancy
Definition: detect-engine.c:4155
flow-bit.h
SupportFastPatternForSigMatchTypes
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
Definition: detect-fast-pattern.c:145
ConfDump
void ConfDump(void)
Dump configuration to stdout.
Definition: conf.c:749
suricata_context
const SuricataContext suricata_context
Definition: rust-context.c:25
SCPledge
#define SCPledge(...)
Definition: util-privs.h:99
CheckValidDaemonModes
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
Definition: util-daemon.c:177
SCClassConfDeinit
void SCClassConfDeinit(void)
Definition: util-classification-config.c:84
ConfSetFinal
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:303
unittests_fatal
int unittests_fatal
Definition: util-unittest.c:52
TmThreadDisableReceiveThreads
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
Definition: tm-threads.c:1345
StatsInit
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
Definition: counters.c:878
util-privs.h
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:2224
RUNMODE_LIST_KEYWORDS
@ RUNMODE_LIST_KEYWORDS
Definition: runmodes.h:47
SURICATA_DONE
#define SURICATA_DONE
Definition: suricata.h:91
MacSetRegisterFlowStorage
void MacSetRegisterFlowStorage(void)
Definition: util-macset.c:61
SCInstance_::conf_filename
const char * conf_filename
Definition: suricata.h:160
RUNMODE_NAPATECH
@ RUNMODE_NAPATECH
Definition: runmodes.h:42
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:347
TmModuleReceiveNetmapRegister
void TmModuleReceiveNetmapRegister(void)
Definition: source-netmap.c:74
PacketPoolPostRunmodes
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
Definition: tmqh-packetpool.c:500
NFQInitConfig
void NFQInitConfig(bool quiet)
To initialize the NFQ global configuration data.
Definition: source-nfq.c:208
TmModuleReceiveWinDivertRegister
void TmModuleReceiveWinDivertRegister(void)
Definition: source-windivert.c:61
TmModuleReceivePfringRegister
void TmModuleReceivePfringRegister(void)
Registration Function for ReceivePfring.
Definition: source-pfring.c:163
HOST_VERBOSE
#define HOST_VERBOSE
Definition: host.h:92
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:85
SCProfilingDestroy
void SCProfilingDestroy(void)
Free resources used by profiling.
Definition: util-profiling.c:263
IsRunModeOffline
bool IsRunModeOffline(enum RunModes run_mode_to_check)
Definition: runmodes.c:574
AFPPeersListClean
void AFPPeersListClean(void)
Clean the global peers list.
Definition: source-af-packet.c:580
RunModeInitializeOutputs
void RunModeInitializeOutputs(void)
Definition: runmodes.c:791
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1173
SCThresholdConfGlobalInit
void SCThresholdConfGlobalInit(void)
Definition: util-threshold-config.c:107
DecodeUnregisterCounters
void DecodeUnregisterCounters(void)
Definition: decode.c:516
SCInstance_::capture_plugin_name
const char * capture_plugin_name
Definition: suricata.h:164
RUNMODE_DAG
@ RUNMODE_DAG
Definition: runmodes.h:36
HostBitInitCtx
void HostBitInitCtx(void)
Definition: host-bit.c:49
EngineMode
EngineMode
Definition: suricata.h:101
SCInstance_::set_datadir
bool set_datadir
Definition: suricata.h:146
tmqh-packetpool.h
g_ut_covered
int g_ut_covered
Definition: suricata.c:884
SCInstance_::capture_plugin_args
const char * capture_plugin_args
Definition: suricata.h:165
TmModuleLoggerRegister
void TmModuleLoggerRegister(void)
Definition: output.c:1017
TmThreadDisablePacketThreads
void TmThreadDisablePacketThreads(void)
Disable all packet threads.
Definition: tm-threads.c:1473
host_mode
uint8_t host_mode
Definition: suricata.c:181
RUNMODE_NETMAP
@ RUNMODE_NETMAP
Definition: runmodes.h:39
RUNMODE_DUMP_FEATURES
@ RUNMODE_DUMP_FEATURES
Definition: runmodes.h:62
FeatureDump
void FeatureDump(void)
Definition: feature.c:144
PacketPoolInit
void PacketPoolInit(void)
Definition: tmqh-packetpool.c:284
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:84
AppLayerDeSetup
int AppLayerDeSetup(void)
De initializes the app layer.
Definition: app-layer.c:981
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
PcapTranslateIPToDevice
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
Definition: source-pcap.c:653
FlowDisableFlowRecyclerThread
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
Definition: flow-manager.c:1188
ParseSizeInit
void ParseSizeInit(void)
Definition: util-misc.c:35
GetIfaceMaxPacketSize
int GetIfaceMaxPacketSize(const char *pcap_dev)
output max packet size for a link
Definition: util-ioctl.c:130
TmModuleDecodePcapFileRegister
void TmModuleDecodePcapFileRegister(void)
Definition: source-pcap-file.c:127
TmModuleBypassedFlowManagerRegister
void TmModuleBypassedFlowManagerRegister(void)
Definition: flow-bypass.c:215
IPPairShutdown
void IPPairShutdown(void)
shutdown the flow engine
Definition: ippair.c:303
source-erf-dag.h
util-signal.h
DetectParseFreeRegexes
void DetectParseFreeRegexes(void)
Definition: detect-parse.c:2567
TmModuleDecodeNFLOGRegister
void TmModuleDecodeNFLOGRegister(void)
Definition: source-nflog.c:55
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:335
NFQParseAndRegisterQueues
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
Definition: source-nfq.c:862
ConfGetRootNode
ConfNode * ConfGetRootNode(void)
Get the root configuration node.
Definition: conf.c:207
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:543
AppLayerSetup
int AppLayerSetup(void)
Setup the app layer.
Definition: app-layer.c:966
FeatureTrackingRegister
void FeatureTrackingRegister(void)
Definition: feature.c:152
TmModuleReceiveDPDKRegister
void TmModuleReceiveDPDKRegister(void)
Definition: source-dpdk.c:50
UnixManagerThreadSpawnNonRunmode
void UnixManagerThreadSpawnNonRunmode(const bool unix_socket_enabled)
Definition: unix-manager.c:1286
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition: stream-tcp.c:359
ENGINE_MODE_UNKNOWN
@ ENGINE_MODE_UNKNOWN
Definition: suricata.h:102
app-layer-htp.h
IsRunModeSystem
bool IsRunModeSystem(enum RunModes run_mode_to_check)
Definition: runmodes.c:561
datasets.h
TmModuleDecodeNetmapRegister
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
Definition: source-netmap.c:84
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2253
feature.h
decode.h
util-device.h
SURICATA_DEINIT
@ SURICATA_DEINIT
Definition: suricata.h:97
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4519
sigterm_count
volatile sig_atomic_t sigterm_count
Definition: suricata.c:156
run_mode
int run_mode
Definition: suricata.c:173
source-nfq.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
TmThreadWaitOnThreadInit
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
Definition: tm-threads.c:1935
TmModuleVerdictNFQRegister
void TmModuleVerdictNFQRegister(void)
Definition: source-nfq.c:186
ConfYamlLoadFile
int ConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
Definition: conf-yaml-loader.c:463
RUNMODE_CONF_TEST
@ RUNMODE_CONF_TEST
Definition: runmodes.h:54
AppLayerRegisterGlobalCounters
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
Definition: app-layer.c:1045
RunModeListRunmodes
void RunModeListRunmodes(void)
Lists all registered runmodes.
Definition: runmodes.c:267
RUNMODE_PRINT_USAGE
@ RUNMODE_PRINT_USAGE
Definition: runmodes.h:52
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
RUNMODE_LIST_APP_LAYERS
@ RUNMODE_LIST_APP_LAYERS
Definition: runmodes.h:48
util-cpu.h
suricata
SCInstance suricata
Definition: suricata.c:210
SCInstance_::unix_socket_enabled
bool unix_socket_enabled
Definition: suricata.h:147
LiveSetOffloadDisable
void LiveSetOffloadDisable(void)
Definition: util-device.c:71
StatsSetupPostConfigPostOutput
void StatsSetupPostConfigPostOutput(void)
Definition: counters.c:894
TVT_MGMT
@ TVT_MGMT
Definition: tm-threads-common.h:92
EngineModeSetIDS
void EngineModeSetIDS(void)
Definition: suricata.c:239
SpmTableSetup
void SpmTableSetup(void)
Definition: util-spm.c:122
TmModuleReceiveAFPRegister
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
Definition: source-af-packet.c:384
LiveBuildDeviceListCustom
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
Definition: util-device.c:273
util-exception-policy.h
UnixSocketKillSocketThread
void UnixSocketKillSocketThread(void)
Definition: unix-manager.c:1281
TmModuleVerdictIPFWRegister
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
Definition: source-ipfw.c:175
flow-worker.h
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:285
HttpRangeContainersInit
void HttpRangeContainersInit(void)
Definition: app-layer-htp-range.c:150
util-reference-config.h
source-napatech.h
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:999
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:149
TmModuleVerdictWinDivertRegister
void TmModuleVerdictWinDivertRegister(void)
Definition: source-windivert.c:68
SCInstance_::progname
const char * progname
Definition: suricata.h:159
HostCleanup
void HostCleanup(void)
Cleanup the host engine.
Definition: host.c:343
SCEnter
#define SCEnter(...)
Definition: util-debug.h:271
FlowDisableFlowManagerThread
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
Definition: flow-manager.c:142
util-ebpf.h
SCInstance_::pcap_dev
char pcap_dev[128]
Definition: suricata.h:127
detect.h
SuricataMain
int SuricataMain(int argc, char **argv)
Definition: suricata.c:2893
UtilSignalUnblock
int UtilSignalUnblock(int signum)
Definition: util-signal.c:46
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3748
TmThreadClearThreadsFamily
void TmThreadClearThreadsFamily(int family)
Definition: tm-threads.c:1623
TmModuleRunInit
void TmModuleRunInit(void)
Definition: tm-modules.c:129
detect-engine-port.h
EngineModeSetIPS
void EngineModeSetIPS(void)
Definition: suricata.c:234
SCInstance_::user_name
const char * user_name
Definition: suricata.h:136
HTPAtExitPrintStats
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
Definition: app-layer-htp.c:2051
util-time.h
UtilSignalBlock
int UtilSignalBlock(int signum)
Definition: util-signal.c:29
SCProfilingPrefilterGlobalInit
void SCProfilingPrefilterGlobalInit(void)
Definition: util-profiling-prefilter.c:60
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:249
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2638
GetProgramVersion
const char * GetProgramVersion(void)
get string with program version
Definition: suricata.c:1131
engine_analysis
int engine_analysis
app-layer-parser.h
TRUE
#define TRUE
Definition: suricata-common.h:33
SCGetGroupID
int SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
Definition: util-privs.c:214
TmModuleReceivePcapFileRegister
void TmModuleReceivePcapFileRegister(void)
Definition: source-pcap-file.c:114
source-pfring.h
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:295
runmode-netmap.h
CoredumpLoadConfig
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
Definition: util-coredump-config.c:91
detect-engine-tag.h
IPFWRegisterQueue
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
Definition: source-ipfw.c:702
xstr
#define xstr(s)
Definition: suricata-common.h:285
util-profiling.h
FALSE
#define FALSE
Definition: suricata-common.h:34
ListAppLayerProtocols
int ListAppLayerProtocols(const char *conf_filename)
Definition: util-running-modes.c:42
SCInstance_::offline
int offline
Definition: suricata.h:152
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:983
UtilCpuPrintSummary
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
Definition: util-cpu.c:173
TmThreadKillThreads
void TmThreadKillThreads(void)
Definition: tm-threads.c:1551
OutputDeregisterAll
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
Definition: output.c:800
source-pcap-file-helper.h
PostConfLoadedDetectSetup
void PostConfLoadedDetectSetup(SCInstance *suri)
Definition: suricata.c:2545
EngineModeIsIDS
int EngineModeIsIDS(void)
Definition: suricata.c:228
TmModuleNapatechDecodeRegister
void TmModuleNapatechDecodeRegister(void)
Register the Napatech decoder module.
Definition: source-napatech.c:162
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:33
conf-yaml-loader.h
decode-sll.h
coverage_unittests
int coverage_unittests
Definition: suricata.c:882
RUNMODE_DUMP_CONFIG
@ RUNMODE_DUMP_CONFIG
Definition: runmodes.h:53
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:1061
detect-engine-alert.h
conf.h
util-landlock.h
source-ipfw.h
TMM_SIZE
@ TMM_SIZE
Definition: tm-threads-common.h:79
source-netmap.h
OutputNotifyFileRotation
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
Definition: output.c:870
StorageFinalize
int StorageFinalize(void)
Definition: util-storage.c:140
SCInstance_::verbose
int verbose
Definition: suricata.h:153
TmEcode
TmEcode
Definition: tm-threads-common.h:83
source-windivert.h
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:693
SCInstance_::aux_run_mode
enum RunModes aux_run_mode
Definition: suricata.h:125
util-plugin.h
SCInstance_::additional_configs
const char ** additional_configs
Definition: suricata.h:161
flow-timeout.h
DEFAULT_PID_FILENAME
#define DEFAULT_PID_FILENAME
Definition: suricata.h:83
sighup_count
volatile sig_atomic_t sighup_count
Definition: suricata.c:155
ConfigSetDataDirectory
TmEcode ConfigSetDataDirectory(char *name)
Definition: util-conf.c:70
TmModuleDecodeErfDagRegister
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
Definition: source-erf-dag.c:151
SCInstance_::set_logdir
bool set_logdir
Definition: suricata.h:145
SCDropMainThreadCaps
#define SCDropMainThreadCaps(...)
Definition: util-privs.h:90
TmModuleDebugList
void TmModuleDebugList(void)
Definition: tm-modules.c:35
TmModuleDecodeNFQRegister
void TmModuleDecodeNFQRegister(void)
Definition: source-nfq.c:194
util-proto-name.h
STREAM_VERBOSE
#define STREAM_VERBOSE
Definition: stream-tcp.h:34
defrag.h
SCProtoNameRelease
void SCProtoNameRelease(void)
Definition: util-proto-name.c:439
MpmTableSetup
void MpmTableSetup(void)
Definition: util-mpm.c:218
SCInstance_::log_dir
const char * log_dir
Definition: suricata.h:158
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:245
source-nfq-prototypes.h
SCPluginsLoad
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args)
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
TmModuleReceiveNFLOGRegister
void TmModuleReceiveNFLOGRegister(void)
Definition: source-nflog.c:49
DEFAULT_PACKET_SIZE
#define DEFAULT_PACKET_SIZE
Definition: decode.h:657
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:36
util-host-os-info.h
TmModuleReceiveErfFileRegister
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-file.c:80
TmModule_
Definition: tm-modules.h:43
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
TmModuleDecodeAFXDPRegister
void TmModuleDecodeAFXDPRegister(void)
Registration Function for DecodeAFXDP.
Definition: source-af-xdp.c:90
default_packet_size
uint32_t default_packet_size
Definition: decode.c:72
tm-queuehandlers.h
SigTableApplyStrictCommandLineOption
void SigTableApplyStrictCommandLineOption(const char *str)
Definition: detect-parse.c:338
DETECT_ENGINE_TYPE_NORMAL
@ DETECT_ENGINE_TYPE_NORMAL
Definition: detect.h:814
PROG_NAME
#define PROG_NAME
Definition: suricata.h:70
TmThreadKillThreadsFamily
void TmThreadKillThreadsFamily(int family)
Definition: tm-threads.c:1522
detect-fast-pattern.h
FeatureTrackingRelease
void FeatureTrackingRelease(void)
Definition: feature.c:136
TmqhCleanup
void TmqhCleanup(void)
Clean up registration time allocs.
Definition: tm-queuehandlers.c:49
util-dpdk.h
util-conf.h
RUNMODE_PFRING
@ RUNMODE_PFRING
Definition: runmodes.h:31
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition: stream-tcp.c:695
source-dpdk.h
flow-manager.h
DecodeGlobalConfig
void DecodeGlobalConfig(void)
Definition: decode.c:853
SCInstance_::strict_rule_parsing_string
char * strict_rule_parsing_string
Definition: suricata.h:162
SuriHasSigFile
int SuriHasSigFile(void)
Definition: suricata.c:212
suricata-common.h
sc_set_caps
int sc_set_caps
Definition: suricata.c:190
DetectEngineCtxInitStubForMT
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
Definition: detect-engine.c:2563
util-daemon.h
LiveGetDeviceName
const char * LiveGetDeviceName(int number)
Get a pointer to the device name at idx.
Definition: util-device.c:178
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:689
SCHInfoLoadFromConfig
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
Definition: util-host-os-info.c:335
DetectEngineBumpVersion
void DetectEngineBumpVersion(void)
Definition: detect-engine.c:3772
source-af-xdp.h
TmModuleFlowManagerRegister
void TmModuleFlowManagerRegister(void)
Definition: flow-manager.c:1247
SCPidfileTestRunning
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
Definition: util-pidfile.c:105
HostShutdown
void HostShutdown(void)
shutdown the flow engine
Definition: host.c:306
DOC_URL
#define DOC_URL
Definition: suricata.h:85
output-filestore.h
TmModuleDecodePfringRegister
void TmModuleDecodePfringRegister(void)
Registration Function for DecodePfring.
Definition: source-pfring.c:179
LiveSetOffloadWarn
void LiveSetOffloadWarn(void)
Definition: util-device.c:76
ParseSizeDeinit
void ParseSizeDeinit(void)
Definition: util-misc.c:54
SURI_HOST_IS_ROUTER
@ SURI_HOST_IS_ROUTER
Definition: suricata.h:116
util-classification-config.h
RunModeRegisterRunModes
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
Definition: runmodes.c:239
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(...)
Definition: util-debug.h:502
ConfGetChildValueBool
int ConfGetChildValueBool(const ConfNode *base, const char *name, int *val)
Definition: conf.c:499
SCProfilingDump
void SCProfilingDump(void)
Definition: util-profiling.c:289
TmModuleReceiveAFXDPRegister
void TmModuleReceiveAFXDPRegister(void)
Definition: source-af-xdp.c:76
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:439
FrameConfigInit
void FrameConfigInit(void)
Definition: app-layer-frames.c:38
SCInstance_::sig_file
char * sig_file
Definition: suricata.h:128
ParseSizeStringU32
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:181
TmModuleReceiveErfDagRegister
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-dag.c:133
IPPairBitInitCtx
void IPPairBitInitCtx(void)
Definition: ippair-bit.c:49
SCClassConfInit
void SCClassConfInit(void)
Definition: util-classification-config.c:64
RunmodeGetCurrent
int RunmodeGetCurrent(void)
Definition: suricata.c:254
ConfigSetLogDirectory
TmEcode ConfigSetLogDirectory(const char *name)
Definition: util-conf.c:32
util-validate.h
TmModuleDecodeIPFWRegister
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
Definition: source-ipfw.c:190
source-af-packet.h
ConfUnixSocketIsEnable
int ConfUnixSocketIsEnable(void)
Definition: util-conf.c:145
RUNMODE_NFQ
@ RUNMODE_NFQ
Definition: runmodes.h:32
ConfSetFromString
int ConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
Definition: conf.c:249
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
g_vlan_mask
uint16_t g_vlan_mask
Definition: suricata.c:203
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:120
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:849
ConfigGetLogDirectory
const char * ConfigGetLogDirectory(void)
Definition: util-conf.c:37
sigusr2_count
volatile sig_atomic_t sigusr2_count
Definition: suricata.c:157
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:56
RUNMODE_PRINT_VERSION
@ RUNMODE_PRINT_VERSION
Definition: runmodes.h:50
TmModuleDecodePcapRegister
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
Definition: source-pcap.c:149
util-running-modes.h
unix-manager.h
runmode-af-xdp.h
str
#define str(s)
Definition: suricata-common.h:286
ConfigCheckDataDirectory
TmEcode ConfigCheckDataDirectory(const char *data_dir)
Definition: util-conf.c:103
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCInstance_::sig_file_exclusive
int sig_file_exclusive
Definition: suricata.h:129
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:187
DetectEngineReloadStart
int DetectEngineReloadStart(void)
Definition: detect-engine.c:2088
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DEFAULT_CONF_FILE
#define DEFAULT_CONF_FILE
Definition: suricata.h:79
ConfNode_
Definition: conf.h:32
SC_LOG_MAX_LOG_MSG_LEN
#define SC_LOG_MAX_LOG_MSG_LEN
Definition: util-debug.h:84
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:269
TmModuleReceivePcapRegister
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
Definition: source-pcap.c:132
util-ioctl.h
detect-parse.h
SCInstance_::system
bool system
Definition: suricata.h:144
SCInstance_::pid_filename
char * pid_filename
Definition: suricata.h:130
TmModuleRespondRejectRegister
void TmModuleRespondRejectRegister(void)
Definition: respond-reject.c:50
CoredumpEnable
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
Definition: util-coredump-config.c:58
RunUnittests
void RunUnittests(int list_unittests, const char *regex_arg)
Definition: runmode-unittests.c:230
source-erf-file.h
ConfigCheckLogDirectoryExists
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
Definition: util-conf.c:55
TimeDeinit
void TimeDeinit(void)
Definition: util-time.c:87
PacketAlertTagInit
void PacketAlertTagInit(void)
Definition: detect-engine-alert.c:45
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2573
RUNMODE_WINDIVERT
@ RUNMODE_WINDIVERT
Definition: runmodes.h:44
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:222
TmModuleNapatechStreamRegister
void TmModuleNapatechStreamRegister(void)
Register the Napatech receiver (reader) module.
Definition: source-napatech.c:130
SCProfilingKeywordsGlobalInit
void SCProfilingKeywordsGlobalInit(void)
Definition: util-profiling-keywords.c:60
suricata.h
EngineDone
void EngineDone(void)
Used to indicate that the current task is done.
Definition: suricata.c:450
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:41
GetDocURL
const char * GetDocURL(void)
Definition: suricata.c:1110
util-mpm-hs.h
profiling_rules_enabled
int profiling_rules_enabled
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
Definition: suricata.c:2275
HostInitConfig
void HostInitConfig(bool quiet)
initialize the configuration
Definition: host.c:175
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:96
TmThreadWaitOnThreadRunning
TmEcode TmThreadWaitOnThreadRunning(void)
Waits for all threads to be in a running state.
Definition: tm-threads.c:1792
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:691
HttpRangeContainersDestroy
void HttpRangeContainersDestroy(void)
Definition: app-layer-htp-range.c:183
ConfSet
int ConfSet(const char *name, const char *val)
Set a configuration value.
Definition: conf.c:224
SCLogLoadConfig
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
Definition: util-debug.c:1440
DetectEngineReload
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
Definition: detect-engine.c:4609
SCInstance_::do_setgid
uint8_t do_setgid
Definition: suricata.h:139
DEFAULT_MAX_PENDING_PACKETS
#define DEFAULT_MAX_PENDING_PACKETS
Definition: suricata.c:167
SCInstance_
Definition: suricata.h:123
SetMasterExceptionPolicy
void SetMasterExceptionPolicy(void)
Definition: util-exception-policy.c:56
TmThreadCheckThreadState
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
Definition: tm-threads.c:1911
OutputFilestoreRegisterGlobalCounters
void OutputFilestoreRegisterGlobalCounters(void)
Definition: output-filestore.c:520
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:2861
SCInstance_::disabled_detect
int disabled_detect
Definition: suricata.h:150
LiveGetDeviceCount
int LiveGetDeviceCount(void)
Get the number of registered devices.
Definition: util-device.c:158
SCProfilingSghsGlobalInit
void SCProfilingSghsGlobalInit(void)
Definition: util-profiling-rulegroups.c:63
SCPidfileCreate
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
Definition: util-pidfile.c:42
LiveRegisterDeviceName
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
Definition: util-device.c:97
ENGINE_MODE_IDS
@ ENGINE_MODE_IDS
Definition: suricata.h:103
LiveDeviceFinalize
void LiveDeviceFinalize(void)
Definition: util-device.c:430
TmModuleDecodeDPDKRegister
void TmModuleDecodeDPDKRegister(void)
Registration Function for DecodeDPDK.
Definition: source-dpdk.c:64
PROG_VER
#define PROG_VER
Definition: suricata.h:71
util-misc.h
PacketPoolDestroy
void PacketPoolDestroy(void)
Definition: tmqh-packetpool.c:316
HTPFreeConfig
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
Definition: app-layer-htp.c:2064
TVT_PPT
@ TVT_PPT
Definition: tm-threads-common.h:91
flow.h
LandlockSandboxing
void LandlockSandboxing(SCInstance *suri)
Definition: util-landlock.c:34
respond-reject.h
SCInstance_::regex_arg
char * regex_arg
Definition: suricata.h:131
ListKeywords
int ListKeywords(const char *keyword_info)
Definition: util-running-modes.c:32
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:237
util-luajit.h
msg
const char * msg
Definition: app-layer-htp.c:575
DPDKCleanupEAL
void DPDKCleanupEAL(void)
Definition: util-dpdk.c:28
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
RUNMODE_AFP_DEV
@ RUNMODE_AFP_DEV
Definition: runmodes.h:37
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:275
SCPidfileRemove
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
Definition: util-pidfile.c:83
ThresholdInit
void ThresholdInit(void)
Definition: detect-engine-threshold.c:81
TimeInit
void TimeInit(void)
Definition: util-time.c:79
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
SCInstance_::keyword_info
char * keyword_info
Definition: suricata.h:133
RUNMODE_PLUGIN
@ RUNMODE_PLUGIN
Definition: runmodes.h:45
SCInstance_::do_setuid
uint8_t do_setuid
Definition: suricata.h:138
NFQContextsClean
void NFQContextsClean(void)
Clean global contexts. Must be called on exit.
Definition: source-nfq.c:1280
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:104
SCProfilingInit
void SCProfilingInit(void)
Initialize profiling.
Definition: util-profiling.c:135
g_ut_modules
int g_ut_modules
Definition: suricata.c:883
detect-engine-address.h
RUNMODE_IPFW
@ RUNMODE_IPFW
Definition: runmodes.h:34
output.h
DetectEngineCtx_::failure_fatal
int failure_fatal
Definition: detect.h:828
util-threshold-config.h
DefragInit
void DefragInit(void)
Definition: defrag.c:1054
DetectEngineReloadIsStart
int DetectEngineReloadIsStart(void)
Definition: detect-engine.c:2102
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:170
host-bit.h
detect-engine-threshold.h
RUNMODE_LIST_UNITTEST
@ RUNMODE_LIST_UNITTEST
Definition: runmodes.h:55
app-layer.h
TagDestroyCtx
void TagDestroyCtx(void)
Destroy tag context hash tables.
Definition: detect-engine-tag.c:72
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1235
g_disable_randomness
int g_disable_randomness
Definition: suricata.c:196
GetIfaceMTU
int GetIfaceMTU(const char *pcap_dev)
output the link MTU
Definition: util-ioctl.c:91
geteuid
#define geteuid()
Definition: win32-misc.h:41
MpmHSGlobalCleanup
void MpmHSGlobalCleanup(void)
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:207
TmqResetQueues
void TmqResetQueues(void)
Definition: tm-queues.c:80