suricata
suricata.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2025 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 
26 #if HAVE_GETOPT_H
27 #include <getopt.h>
28 #endif
29 
30 #if HAVE_SIGNAL_H
31 #include <signal.h>
32 #endif
33 #ifndef OS_WIN32
34 #ifdef HAVE_SYS_RESOURCE_H
35 // setrlimit
36 #include <sys/resource.h>
37 #endif
38 #endif
39 
40 #include "suricata.h"
41 
42 #include "conf.h"
43 #include "conf-yaml-loader.h"
44 
45 #include "decode.h"
46 #include "defrag.h"
47 #include "flow.h"
48 #include "stream-tcp.h"
49 #include "ippair.h"
50 
51 #include "detect.h"
52 #include "detect-parse.h"
53 #include "detect-engine.h"
54 #include "detect-engine-address.h"
55 #include "detect-engine-alert.h"
56 #include "detect-engine-port.h"
57 #include "detect-engine-tag.h"
58 #include "detect-engine-threshold.h"
59 #include "detect-fast-pattern.h"
60 
61 #include "datasets.h"
62 
63 #include "feature.h"
64 
65 #include "flow-bypass.h"
66 #include "flow-manager.h"
67 #include "flow-timeout.h"
68 #include "flow-worker.h"
69 
70 #include "flow-bit.h"
71 #include "host-bit.h"
72 #include "ippair-bit.h"
73 
74 #include "app-layer.h"
75 #include "app-layer-parser.h"
76 #include "app-layer-htp.h"
77 #include "app-layer-htp-range.h"
78 
79 #include "output.h"
80 #include "output-filestore.h"
81 
82 #include "respond-reject.h"
83 
84 #include "runmode-af-packet.h"
85 #include "runmode-af-xdp.h"
86 #include "runmode-netmap.h"
87 #include "runmode-unittests.h"
88 
89 #include "source-nfq.h"
90 #include "source-nfq-prototypes.h"
91 #include "source-nflog.h"
92 #include "source-ipfw.h"
93 #include "source-lib.h"
94 #include "source-pcap.h"
95 #include "source-pcap-file.h"
96 #include "source-pcap-file-helper.h"
97 #include "source-erf-file.h"
98 #include "source-erf-dag.h"
99 #include "source-af-packet.h"
100 #include "source-af-xdp.h"
101 #include "source-netmap.h"
102 #include "source-dpdk.h"
103 #include "source-windivert.h"
104 #include "source-windivert-prototypes.h"
105 
106 #include "unix-manager.h"
107 
108 #include "util-classification-config.h"
109 #include "util-threshold-config.h"
110 #include "util-reference-config.h"
111 
112 #include "tmqh-packetpool.h"
113 #include "tm-queuehandlers.h"
114 
115 #include "util-affinity.h"
116 #include "util-byte.h"
117 #include "util-conf.h"
118 #include "util-coredump-config.h"
119 #include "util-cpu.h"
120 #include "util-daemon.h"
121 #include "util-device-private.h"
122 #include "util-dpdk.h"
123 #include "util-ebpf.h"
124 #include "util-enum.h"
125 #include "util-exception-policy.h"
126 #include "util-host-os-info.h"
127 #include "util-hugepages.h"
128 #include "util-ioctl.h"
129 #include "util-landlock.h"
130 #include "util-macset.h"
131 #include "util-flow-rate.h"
132 #include "util-misc.h"
133 #include "util-mpm-hs.h"
134 #include "util-path.h"
135 #include "util-pidfile.h"
136 #include "util-plugin.h"
137 #include "util-privs.h"
138 #include "util-profiling.h"
139 #include "util-proto-name.h"
140 #include "util-running-modes.h"
141 #include "util-signal.h"
142 #include "util-time.h"
143 #include "util-validate.h"
144 #include "util-var-name.h"
145 #ifdef SYSTEMD_NOTIFY
146 #include "util-systemd.h"
147 #endif
148 
149 #ifdef WINDIVERT
150 #include "decode-sll.h"
151 #include "win32-syscall.h"
152 #endif
153 
154 /*
155  * we put this here, because we only use it here in main.
156  */
157 volatile sig_atomic_t sigint_count = 0;
158 volatile sig_atomic_t sighup_count = 0;
159 volatile sig_atomic_t sigterm_count = 0;
160 volatile sig_atomic_t sigusr2_count = 0;
161 
162 /*
163  * Flag to indicate if the engine is at the initialization
164  * or already processing packets. 3 stages: SURICATA_INIT,
165  * SURICATA_RUNTIME and SURICATA_FINALIZE
166  */
167 SC_ATOMIC_DECLARE(unsigned int, engine_stage);
168 
169 /* Max packets processed simultaneously per thread. */
170 #define DEFAULT_MAX_PENDING_PACKETS 1024
171 
172 /* Maximum number of v's supported */
173 #define VERBOSE_MAX (SC_LOG_DEBUG - SC_LOG_NOTICE)
174 
175 /** suricata engine control flags */
176 volatile uint8_t suricata_ctl_flags = 0;
177 
178 /** Engine mode: inline (ENGINE_MODE_IPS) or just
179  * detection mode (ENGINE_MODE_IDS by default) */
180 static enum EngineMode g_engine_mode = ENGINE_MODE_UNKNOWN;
181 
182 /** Host mode: set if box is sniffing only
183  * or is a router */
184 enum EngineHostMode g_engine_host_mode = ENGINE_HOST_IS_SNIFFER_ONLY;
185 
186 /** Maximum packets to simultaneously process. */
187 uint32_t max_pending_packets;
188 
189 /** global indicating if detection is enabled */
190 int g_detect_disabled = 0;
191 
192 /** set caps or not */
193 bool sc_set_caps = false;
194 
195 bool g_system = false;
196 
197 /** disable randomness to get reproducible results across runs */
198 #ifndef AFLFUZZ_NO_RANDOM
199 int g_disable_randomness = 0;
200 #else
201 int g_disable_randomness = 1;
202 #endif
203 
204 /** determine (without branching) if we include the vlan_ids when hashing or
205  * comparing flows */
206 uint16_t g_vlan_mask = 0xffff;
207 
208 /** determine (without branching) if we include the livedev ids when hashing or
209  * comparing flows */
210 uint16_t g_livedev_mask = 0xffff;
211 
212 /** determine (without branching) if we include the recursion levels when hashing or
213  * comparing flows */
214 uint8_t g_recurlvl_mask = 0xff;
215 
216 /* flag to disable hashing almost globally, to be similar to disabling nss
217  * support */
218 bool g_disable_hashing = false;
219 
220 /* snapshot of the system's hugepages before system initialization. */
221 SystemHugepageSnapshot *prerun_snap = NULL;
222 
223 /** add per-proto app-layer error counters for exception policies stats? disabled by default */
224 bool g_stats_eps_per_app_proto_errors = false;
225 
226 /** Suricata instance */
227 SCInstance suricata;
228 
229 int SuriHasSigFile(void)
230 {
231  return (suricata.sig_file != NULL);
232 }
233 
234 int EngineModeIsUnknown(void)
235 {
236  return (g_engine_mode == ENGINE_MODE_UNKNOWN);
237 }
238 
239 bool EngineModeIsFirewall(void)
240 {
241  DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
242  return (g_engine_mode == ENGINE_MODE_FIREWALL);
243 }
244 
245 /* this returns true for firewall mode as well */
246 int EngineModeIsIPS(void)
247 {
248  DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
249  return (g_engine_mode >= ENGINE_MODE_IPS);
250 }
251 
252 int EngineModeIsIDS(void)
253 {
254  DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
255  return (g_engine_mode == ENGINE_MODE_IDS);
256 }
257 
258 void EngineModeSetFirewall(const enum EngineHostMode mode)
259 {
260  g_engine_host_mode = mode;
261  g_engine_mode = ENGINE_MODE_FIREWALL;
262 }
263 
264 void EngineModeSetIPS(const enum EngineHostMode mode)
265 {
266  g_engine_host_mode = mode;
267 #ifndef UNITTESTS
268  if (g_engine_mode == ENGINE_MODE_UNKNOWN)
269  g_engine_mode = ENGINE_MODE_IPS;
270 #else
271  if (RunmodeIsUnittests() || g_engine_mode == ENGINE_MODE_UNKNOWN)
272  g_engine_mode = ENGINE_MODE_IPS;
273 #endif
274 }
275 
276 void EngineModeSetIDS(void)
277 {
278  g_engine_mode = ENGINE_MODE_IDS;
279 }
280 
281 bool EngineHostModeIsSniffer(void)
282 {
283  return (g_engine_host_mode == ENGINE_HOST_IS_SNIFFER_ONLY);
284 }
285 
286 bool EngineHostModeIsBridge(void)
287 {
288  return (g_engine_host_mode == ENGINE_HOST_IS_BRIDGE);
289 }
290 
291 #ifdef UNITTESTS
292 int RunmodeIsUnittests(void)
293 {
294  if (suricata.run_mode == RUNMODE_UNITTEST)
295  return 1;
296 
297  return 0;
298 }
299 #endif
300 
301 SCRunMode SCRunmodeGet(void)
302 {
303  return suricata.run_mode;
304 }
305 
306 void SCRunmodeSet(SCRunMode run_mode)
307 {
308  suricata.run_mode = run_mode;
309 }
310 
311 void SCEnableDefaultSignalHandlers(void)
312 {
313  suricata.install_signal_handlers = true;
314 }
315 
316 /** signal handlers
317  *
318  * WARNING: don't use the SCLog* API in the handlers. The API is complex
319  * with memory allocation possibly happening, calls to syslog, json message
320  * construction, etc.
321  */
322 
323 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
324 static void SignalHandlerSigint(/*@unused@*/ int sig)
325 {
326  sigint_count = 1;
327 }
328 static void SignalHandlerSigterm(/*@unused@*/ int sig)
329 {
330  sigterm_count = 1;
331 }
332 #ifndef OS_WIN32
333 #if HAVE_LIBUNWIND
334 #define UNW_LOCAL_ONLY
335 #include <libunwind.h>
336 static void SignalHandlerUnexpected(int sig_num, siginfo_t *info, void *context)
337 {
338  char msg[SC_LOG_MAX_LOG_MSG_LEN];
339  unw_cursor_t cursor;
340  /* Restore defaults for signals to avoid loops */
341  signal(SIGABRT, SIG_DFL);
342  signal(SIGSEGV, SIG_DFL);
343  int r;
344  if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
345  SCLogError("unable to obtain stack trace: unw_init_local: %s", unw_strerror(r));
346  goto terminate;
347  }
348 
349  char *temp = msg;
350  int cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "stacktrace:sig %d:", sig_num);
351  temp += cw;
352  r = 1;
353  while (r > 0) {
354  if (unw_is_signal_frame(&cursor) == 0) {
355  unw_word_t off;
356  char name[256];
357  if (unw_get_proc_name(&cursor, name, sizeof(name), &off) == UNW_ENOMEM) {
358  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "[unknown]:");
359  } else {
360  cw = snprintf(
361  temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "%s+0x%08" PRIx64, name, off);
362  }
363  temp += cw;
364  }
365 
366  r = unw_step(&cursor);
367  if (r > 0) {
368  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), ";");
369  temp += cw;
370  }
371  }
372  SCLogError("%s", msg);
373 
374 terminate:
375  // Propagate signal to watchers, if any
376  kill(getpid(), sig_num);
377 }
378 #undef UNW_LOCAL_ONLY
379 #endif /* HAVE_LIBUNWIND */
380 #endif /* !OS_WIN32 */
381 #endif
382 
383 #ifndef OS_WIN32
384 /**
385  * SIGUSR2 handler. Just set sigusr2_count. The main loop will act on
386  * it.
387  */
388 static void SignalHandlerSigusr2(int sig)
389 {
390  if (sigusr2_count < 2)
391  sigusr2_count++;
392 }
393 
394 /**
395  * SIGHUP handler. Just set sighup_count. The main loop will act on
396  * it.
397  */
398 static void SignalHandlerSigHup(/*@unused@*/ int sig)
399 {
400  sighup_count = 1;
401 }
402 #endif
403 
404 void GlobalsInitPreConfig(void)
405 {
406  TimeInit();
407  SupportFastPatternForSigMatchTypes();
408  SCThresholdConfGlobalInit();
409  SCProtoNameInit();
410 }
411 
412 void GlobalsDestroy(void)
413 {
414  SCInstance *suri = &suricata;
415  ThresholdDestroy();
416  HostShutdown();
417  HTPFreeConfig();
418  HTPAtExitPrintStats();
419 
420  AppLayerHtpPrintStats();
421 
422  /* TODO this can do into it's own func */
423  DetectEngineCtx *de_ctx = DetectEngineGetCurrent();
424  if (de_ctx) {
425  DetectEngineMoveToFreeList(de_ctx);
426  DetectEngineDeReference(&de_ctx);
427  }
428  DetectEngineClearMaster();
429 
430  AppLayerDeSetup();
431  DatasetsSave();
432  DatasetsDestroy();
433  OutputTxShutdown();
434  TagDestroyCtx();
435 
436  LiveDeviceListClean();
437  OutputDeregisterAll();
438  FeatureTrackingRelease();
439  SCProtoNameRelease();
440  TimeDeinit();
441  SigTableCleanup();
442  TmqhCleanup();
443  TmModuleRunDeInit();
444  ParseSizeDeinit();
445  DatalinkTableDeinit();
446 
447 #ifdef HAVE_DPDK
448  DPDKCleanupEAL();
449 #endif
450 
451 #ifdef HAVE_AF_PACKET
452  AFPPeersListClean();
453 #endif
454 
455 #ifdef NFQ
456  NFQContextsClean();
457 #endif
458 
459 #ifdef BUILD_HYPERSCAN
460  MpmHSGlobalCleanup();
461 #endif
462 
463  SCConfDeInit();
464 
465  DetectParseFreeRegexes();
466 
467  SCPidfileRemove(suri->pid_filename);
468  SCFree(suri->pid_filename);
469  suri->pid_filename = NULL;
470 
471  VarNameStoreDestroy();
472  SCLogDeInitLogModule();
473 }
474 
475 /**
476  * \brief Used to send OS specific notification of running threads
477  *
478  * \retval TmEcode TM_ECODE_OK on success; TM_ECODE_FAILED on failure.
479  */
480 static void OnNotifyRunning(void)
481 {
482 #ifdef SYSTEMD_NOTIFY
483  if (SystemDNotifyReady() < 0) {
484  SCLogWarning("failed to notify systemd");
485  }
486 #endif
487 }
488 
489 /** \brief make sure threads can stop the engine by calling this
490  * function. Purpose: pcap file mode needs to be able to tell the
491  * engine the file eof is reached. */
492 void EngineStop(void)
493 {
494  suricata_ctl_flags |= SURICATA_STOP;
495 }
496 
497 /**
498  * \brief Used to indicate that the current task is done.
499  *
500  * This is mainly used by pcap-file to tell it has finished
501  * to treat a pcap files when running in unix-socket mode.
502  */
503 void EngineDone(void)
504 {
505  suricata_ctl_flags |= SURICATA_DONE;
506 }
507 
508 static int SetBpfString(int argc, char *argv[])
509 {
510  char *bpf_filter = NULL;
511  uint32_t bpf_len = 0;
512  int tmpindex = 0;
513 
514  /* attempt to parse remaining args as bpf filter */
515  tmpindex = argc;
516  while(argv[tmpindex] != NULL) {
517  bpf_len+=strlen(argv[tmpindex]) + 1;
518  tmpindex++;
519  }
520 
521  if (bpf_len == 0)
522  return TM_ECODE_OK;
523 
524  bpf_filter = SCCalloc(1, bpf_len);
525  if (unlikely(bpf_filter == NULL))
526  return TM_ECODE_FAILED;
527 
528  tmpindex = optind;
529  while(argv[tmpindex] != NULL) {
530  strlcat(bpf_filter, argv[tmpindex],bpf_len);
531  if(argv[tmpindex + 1] != NULL) {
532  strlcat(bpf_filter," ", bpf_len);
533  }
534  tmpindex++;
535  }
536 
537  if(strlen(bpf_filter) > 0) {
538  if (SCConfSetFinal("bpf-filter", bpf_filter) != 1) {
539  SCLogError("Failed to set bpf filter.");
540  SCFree(bpf_filter);
541  return TM_ECODE_FAILED;
542  }
543  }
544  SCFree(bpf_filter);
545 
546  return TM_ECODE_OK;
547 }
548 
549 static void SetBpfStringFromFile(char *filename)
550 {
551  char *bpf_filter = NULL;
552  char *bpf_comment_tmp = NULL;
553  char *bpf_comment_start = NULL;
554  size_t bpf_len = 0;
555  SCStat st;
556  FILE *fp = NULL;
557  size_t nm = 0;
558 
559  fp = fopen(filename, "r");
560  if (fp == NULL) {
561  SCLogError("Failed to open file %s", filename);
562  exit(EXIT_FAILURE);
563  }
564 
565  if (SCFstatFn(fileno(fp), &st) != 0) {
566  SCLogError("Failed to stat file %s", filename);
567  exit(EXIT_FAILURE);
568  }
569  // st.st_size is signed on Windows
570  bpf_len = ((size_t)(st.st_size)) + 1;
571 
572  bpf_filter = SCCalloc(1, bpf_len);
573  if (unlikely(bpf_filter == NULL)) {
574  SCLogError("Failed to allocate buffer for bpf filter in file %s", filename);
575  exit(EXIT_FAILURE);
576  }
577 
578  nm = fread(bpf_filter, 1, bpf_len - 1, fp);
579  if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
580  SCLogError("Failed to read complete BPF file %s", filename);
581  SCFree(bpf_filter);
582  fclose(fp);
583  exit(EXIT_FAILURE);
584  }
585  fclose(fp);
586  DEBUG_VALIDATE_BUG_ON(nm >= bpf_len); // help scan-build
587  bpf_filter[nm] = '\0';
588 
589  if(strlen(bpf_filter) > 0) {
590  /*replace comments with space*/
591  bpf_comment_start = bpf_filter;
592  while((bpf_comment_tmp = strchr(bpf_comment_start, '#')) != NULL) {
593  while((*bpf_comment_tmp !='\0') &&
594  (*bpf_comment_tmp != '\r') && (*bpf_comment_tmp != '\n'))
595  {
596  *bpf_comment_tmp++ = ' ';
597  }
598  bpf_comment_start = bpf_comment_tmp;
599  }
600  /*remove remaining '\r' and '\n' */
601  while((bpf_comment_tmp = strchr(bpf_filter, '\r')) != NULL) {
602  *bpf_comment_tmp = ' ';
603  }
604  while((bpf_comment_tmp = strchr(bpf_filter, '\n')) != NULL) {
605  *bpf_comment_tmp = ' ';
606  }
607  /* cut trailing spaces */
608  while (strlen(bpf_filter) > 0 &&
609  bpf_filter[strlen(bpf_filter)-1] == ' ')
610  {
611  bpf_filter[strlen(bpf_filter)-1] = '\0';
612  }
613  if (strlen(bpf_filter) > 0) {
614  if (SCConfSetFinal("bpf-filter", bpf_filter) != 1) {
615  SCFree(bpf_filter);
616  FatalError("failed to set bpf filter");
617  }
618  }
619  }
620  SCFree(bpf_filter);
621 }
622 
623 static void PrintUsage(const char *progname)
624 {
625 #ifdef REVISION
626  printf("%s %s (%s)\n", PROG_NAME, PROG_VER, xstr(REVISION));
627 #else
628  printf("%s %s\n", PROG_NAME, PROG_VER);
629 #endif
630  printf("USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
631 
632  printf("\n General:\n");
633  printf("\t-v : be more verbose (use multiple times to "
634  "increase verbosity)\n");
635  printf("\t-c <path> : path to configuration file\n");
636  printf("\t-l <dir> : default log directory\n");
637  printf("\t--include <path> : additional configuration file\n");
638  printf("\t--set name=value : set a configuration value\n");
639  printf("\t--pidfile <file> : write pid to this file\n");
640  printf("\t-T : test configuration file (use with -c)\n");
641  printf("\t--init-errors-fatal : enable fatal failure on signature init "
642  "error\n");
643 #ifndef OS_WIN32
644  printf("\t-D : run as daemon\n");
645 #else
646  printf("\t--service-install : install as service\n");
647  printf("\t--service-remove : remove service\n");
648  printf("\t--service-change-params : change service startup parameters\n");
649 #endif /* OS_WIN32 */
650 #ifdef HAVE_LIBCAP_NG
651  printf("\t--user <user> : run suricata as this user after init\n");
652  printf("\t--group <group> : run suricata as this group after init\n");
653 #endif /* HAVE_LIBCAP_NG */
654 #ifdef BUILD_UNIX_SOCKET
655  printf("\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
656 #endif
657  printf("\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
658  "\t supplied should be the id for the runmode obtained by running\n"
659  "\t --list-runmodes\n");
660  printf("\t--plugin <path> : load plugin in addition to config\n");
661 
662  printf("\n Capture and IPS:\n");
663 
664  printf("\t-F <bpf filter file> : bpf filter file\n");
665  printf("\t-k [all|none] : force checksum check (all) or disabled it "
666  "(none)\n");
667  printf("\t-i <dev or ip> : run in pcap live mode\n");
668  printf("\t--pcap[=<dev>] : run in pcap mode, no value select interfaces "
669  "from suricata.yaml\n");
670 #ifdef HAVE_PCAP_SET_BUFF
671  printf("\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
672 #endif /* HAVE_SET_PCAP_BUFF */
673 #ifdef NFQ
674  printf("\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to "
675  "specify a range of queues)\n");
676 #endif /* NFQ */
677 #ifdef IPFW
678  printf("\t-d <divert port> : run in inline ipfw divert mode\n");
679 #endif /* IPFW */
680 #ifdef HAVE_AF_PACKET
681  printf("\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
682 #endif
683 #ifdef HAVE_AF_XDP
684  printf("\t--af-xdp[=<dev>] : run in af-xdp mode, no value select "
685  "interfaces from suricata.yaml\n");
686 #endif
687 #ifdef HAVE_NETMAP
688  printf("\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
689 #endif
690 #ifdef HAVE_PFRING
691  printf("\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
692  printf("\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
693  printf("\t--pfring-cluster-id <id> : pfring cluster id \n");
694  printf("\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
695 #endif /* HAVE_PFRING */
696 #ifdef HAVE_DPDK
697  printf("\t--dpdk : run in dpdk mode, uses interfaces from "
698  "suricata.yaml\n");
699 #endif
700 #ifdef HAVE_DAG
701  printf("\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
702 #endif
703 #ifdef WINDIVERT
704  printf("\t--windivert <filter> : run in inline WinDivert mode\n");
705  printf("\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
706 #endif
707 #ifdef HAVE_LIBNET11
708  printf("\t--reject-dev <dev> : send reject packets from this interface\n");
709 #endif
710 
711  printf("\n Capture Files:\n");
712  printf("\t-r <path> : run in pcap file/offline mode\n");
713  printf("\t--pcap-file-continuous : when running in pcap mode with a directory, "
714  "continue checking directory for pcaps until interrupted\n");
715  printf("\t--pcap-file-delete : when running in replay mode (-r with "
716  "directory or file), will delete pcap files that have been processed when done\n");
717  printf("\t--pcap-file-recursive : will descend into subdirectories when running "
718  "in replay mode (-r)\n");
719  printf("\t--pcap-file-buffer-size : set read buffer size (setvbuf)\n");
720  printf("\t--erf-in <path> : process an ERF file\n");
721 
722  printf("\n Detection:\n");
723  printf("\t-s <path> : path to signature file loaded in addition to "
724  "suricata.yaml settings (optional)\n");
725  printf("\t-S <path> : path to signature file loaded exclusively "
726  "(optional)\n");
727  printf("\t--disable-detection : disable detection engine\n");
728  printf("\t--engine-analysis : print reports on analysis of different "
729  "sections in the engine and exit.\n"
730  "\t Please have a look at the conf parameter "
731  "engine-analysis on what reports\n"
732  "\t can be printed\n");
733 
734  printf("\n Firewall:\n");
735  printf("\t--firewall : enable firewall mode\n");
736  printf("\t--firewall-rules-exclusive=<path> : path to firewall rule file loaded "
737  "exclusively\n");
738 
739  printf("\n Info:\n");
740  printf("\t-V : display Suricata version\n");
741  printf("\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
742  printf("\t--list-runmodes : list supported runmodes\n");
743  printf("\t--list-app-layer-protos : list supported app layer protocols\n");
744  printf("\t--list-rule-protos : list supported rule protocols\n");
745  printf("\t--list-app-layer-hooks : list supported app layer hooks for use in "
746  "rules\n");
747  printf("\t--list-app-layer-frames : list supported app layer frames for use with "
748  "'frame' keyword\n");
749  printf("\t--dump-config : show the running configuration\n");
750  printf("\t--dump-features : display provided features\n");
751  printf("\t--build-info : display build information\n");
752 
753  printf("\n Testing:\n");
754  printf("\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
755 #ifdef UNITTESTS
756  printf("\t-u : run the unittests and exit\n");
757  printf("\t-U=REGEX, --unittest-filter=REGEX : filter unittests with a pcre compatible "
758  "regex\n");
759  printf("\t--list-unittests : list unit tests\n");
760  printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
761  printf("\t--unittests-coverage : display unittest coverage report\n");
762 #endif /* UNITTESTS */
763  printf("\n");
764  printf("\nTo run " PROG_NAME " with default configuration on "
765  "interface eth0 with signature file \"signatures.rules\", run the "
766  "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
767  progname);
768 }
769 
770 static void PrintBuildInfo(void)
771 {
772  const char *bits;
773  const char *endian;
774  /* If all current features are enabled, features string would be 341 characters long */
775  char features[2048] = "";
776  const char *tls;
777 
778  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
779 #ifdef DEBUG
780  strlcat(features, "DEBUG ", sizeof(features));
781 #endif
782 #ifdef DEBUG_VALIDATION
783  strlcat(features, "DEBUG_VALIDATION ", sizeof(features));
784 #endif
785 #ifdef QA_SIMULATION
786  strlcat(features, "QA_SIMULATION ", sizeof(features));
787 #endif
788 #ifdef UNITTESTS
789  strlcat(features, "UNITTESTS ", sizeof(features));
790 #endif
791 #ifdef NFQ
792  strlcat(features, "NFQ ", sizeof(features));
793 #endif
794 #ifdef IPFW
795  strlcat(features, "IPFW ", sizeof(features));
796 #endif
797 #ifdef HAVE_PCAP_SET_BUFF
798  strlcat(features, "PCAP_SET_BUFF ", sizeof(features));
799 #endif
800 #ifdef HAVE_PFRING
801  strlcat(features, "PF_RING ", sizeof(features));
802 #endif
803 #ifdef HAVE_NAPATECH
804  strlcat(features, "NAPATECH ", sizeof(features));
805 #endif
806 #ifdef HAVE_AF_PACKET
807  strlcat(features, "AF_PACKET ", sizeof(features));
808 #endif
809 #ifdef HAVE_NETMAP
810  strlcat(features, "NETMAP ", sizeof(features));
811 #endif
812 #ifdef HAVE_PACKET_FANOUT
813  strlcat(features, "HAVE_PACKET_FANOUT ", sizeof(features));
814 #endif
815 #ifdef HAVE_DAG
816  strlcat(features, "DAG ", sizeof(features));
817 #endif
818 #ifdef HAVE_LIBCAP_NG
819  strlcat(features, "LIBCAP_NG ", sizeof(features));
820 #endif
821 #ifdef HAVE_LIBNET11
822  strlcat(features, "LIBNET1.1 ", sizeof(features));
823 #endif
824  strlcat(features, "HAVE_HTP_URI_NORMALIZE_HOOK ", sizeof(features));
825 #ifdef PCRE2_HAVE_JIT
826  strlcat(features, "PCRE_JIT ", sizeof(features));
827 #endif
828  /* For compatibility, just say we have HAVE_NSS. */
829  strlcat(features, "HAVE_NSS ", sizeof(features));
830  /* HTTP2_DECOMPRESSION is not an optional feature in this major version */
831  strlcat(features, "HTTP2_DECOMPRESSION ", sizeof(features));
832  /* Lua is now vendored in and always available. */
833  strlcat(features, "HAVE_LUA ", sizeof(features));
834 #ifdef HAVE_JA3
835  strlcat(features, "HAVE_JA3 ", sizeof(features));
836 #endif
837 #ifdef HAVE_JA4
838  strlcat(features, "HAVE_JA4 ", sizeof(features));
839 #endif
840  strlcat(features, "HAVE_LIBJANSSON ", sizeof(features));
841 #ifdef PROFILING
842  strlcat(features, "PROFILING ", sizeof(features));
843 #endif
844 #ifdef PROFILE_LOCKING
845  strlcat(features, "PROFILE_LOCKING ", sizeof(features));
846 #endif
847 #ifdef BUILD_UNIX_SOCKET
848  strlcat(features, "UNIX_SOCKET ", sizeof(features));
849 #endif
850 #if defined(TLS_C11) || defined(TLS_GNU)
851  strlcat(features, "TLS ", sizeof(features));
852 #endif
853 #if defined(TLS_C11)
854  strlcat(features, "TLS_C11 ", sizeof(features));
855 #elif defined(TLS_GNU)
856  strlcat(features, "TLS_GNU ", sizeof(features));
857 #endif
858 #ifdef HAVE_MAGIC
859  strlcat(features, "MAGIC ", sizeof(features));
860 #endif
861  strlcat(features, "RUST ", sizeof(features));
862 #if defined(SC_ADDRESS_SANITIZER)
863  strlcat(features, "ASAN ", sizeof(features));
864 #endif
865 #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
866  strlcat(features, "FUZZ ", sizeof(features));
867 #endif
868 #if defined(HAVE_POPCNT64)
869  strlcat(features, "POPCNT64 ", sizeof(features));
870 #endif
871  if (strlen(features) == 0) {
872  strlcat(features, "none", sizeof(features));
873  }
874 
875  printf("Features: %s\n", features);
876 
877  /* SIMD stuff */
878  memset(features, 0x00, sizeof(features));
879 #if defined(__SSE4_2__)
880  strlcat(features, "SSE_4_2 ", sizeof(features));
881 #endif
882 #if defined(__SSE4_1__)
883  strlcat(features, "SSE_4_1 ", sizeof(features));
884 #endif
885 #if defined(__SSE3__)
886  strlcat(features, "SSE_3 ", sizeof(features));
887 #endif
888 #if defined(__SSE2__)
889  strlcat(features, "SSE_2 ", sizeof(features));
890 #endif
891  if (strlen(features) == 0) {
892  strlcat(features, "none", sizeof(features));
893  }
894  printf("SIMD support: %s\n", features);
895 
896  /* atomics stuff */
897  memset(features, 0x00, sizeof(features));
898 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
899  strlcat(features, "1 ", sizeof(features));
900 #endif
901 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
902  strlcat(features, "2 ", sizeof(features));
903 #endif
904 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
905  strlcat(features, "4 ", sizeof(features));
906 #endif
907 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
908  strlcat(features, "8 ", sizeof(features));
909 #endif
910 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
911  strlcat(features, "16 ", sizeof(features));
912 #endif
913  if (strlen(features) == 0) {
914  strlcat(features, "none", sizeof(features));
915  } else {
916  strlcat(features, "byte(s)", sizeof(features));
917  }
918  printf("Atomic intrinsics: %s\n", features);
919 
920 #if __WORDSIZE == 64
921  bits = "64-bits";
922 #elif __WORDSIZE == 32
923  bits = "32-bits";
924 #else
925  bits = "<unknown>-bits";
926 #endif
927 
928 #if __BYTE_ORDER == __BIG_ENDIAN
929  endian = "Big-endian";
930 #elif __BYTE_ORDER == __LITTLE_ENDIAN
931  endian = "Little-endian";
932 #else
933  endian = "<unknown>-endian";
934 #endif
935 
936  printf("%s, %s architecture\n", bits, endian);
937 #ifdef __GNUC__
938  printf("GCC version %s, C version %"PRIiMAX"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
939 #else
940  printf("C version %"PRIiMAX"\n", (intmax_t)__STDC_VERSION__);
941 #endif
942 
943 #if __SSP__ == 1
944  printf("compiled with -fstack-protector\n");
945 #endif
946 #if __SSP_ALL__ == 2
947  printf("compiled with -fstack-protector-all\n");
948 #endif
949 /*
950  * Workaround for special defines of _FORTIFY_SOURCE like
951  * FORTIFY_SOURCE=((defined __OPTIMIZE && OPTIMIZE > 0) ? 2 : 0)
952  * which is used by Gentoo for example and would result in the error
953  * 'defined' undeclared when _FORTIFY_SOURCE used via %d in printf func
954  *
955  */
956 #if _FORTIFY_SOURCE == 2
957  printf("compiled with _FORTIFY_SOURCE=2\n");
958 #elif _FORTIFY_SOURCE == 1
959  printf("compiled with _FORTIFY_SOURCE=1\n");
960 #elif _FORTIFY_SOURCE == 0
961  printf("compiled with _FORTIFY_SOURCE=0\n");
962 #endif
963 #ifdef CLS
964  printf("L1 cache line size (CLS)=%d\n", CLS);
965 #endif
966 #if defined(TLS_C11)
967  tls = "_Thread_local";
968 #elif defined(TLS_GNU)
969  tls = "__thread";
970 #else
971 #error "Unsupported thread local"
972 #endif
973  printf("thread local storage method: %s\n", tls);
974 
975  printf("compiled with %s\n", htp_get_version());
976  printf("\n");
977 #include "build-info.h"
978 }
979 
980 int coverage_unittests;
981 int g_ut_modules;
982 int g_ut_covered;
983 
984 void RegisterAllModules(void)
985 {
986  /* commanders */
987  TmModuleUnixManagerRegister();
988  /* managers */
989  TmModuleFlowManagerRegister();
990  TmModuleFlowRecyclerRegister();
991  TmModuleBypassedFlowManagerRegister();
992  /* nfq */
993  TmModuleReceiveNFQRegister();
994  TmModuleVerdictNFQRegister();
995  TmModuleDecodeNFQRegister();
996  /* ipfw */
997  TmModuleReceiveIPFWRegister();
998  TmModuleVerdictIPFWRegister();
999  TmModuleDecodeIPFWRegister();
1000  /* pcap live */
1001  TmModuleReceivePcapRegister();
1002  TmModuleDecodePcapRegister();
1003  /* pcap file */
1004  TmModuleReceivePcapFileRegister();
1005  TmModuleDecodePcapFileRegister();
1006  /* af-packet */
1007  TmModuleReceiveAFPRegister();
1008  TmModuleDecodeAFPRegister();
1009  /* af-xdp */
1010  TmModuleReceiveAFXDPRegister();
1011  TmModuleDecodeAFXDPRegister();
1012  /* netmap */
1013  TmModuleReceiveNetmapRegister();
1014  TmModuleDecodeNetmapRegister();
1015  /* dag file */
1016  TmModuleReceiveErfFileRegister();
1017  TmModuleDecodeErfFileRegister();
1018  /* dag live */
1019  TmModuleReceiveErfDagRegister();
1020  TmModuleDecodeErfDagRegister();
1021 
1022  /* flow worker */
1023  TmModuleFlowWorkerRegister();
1024  /* respond-reject */
1025  TmModuleRespondRejectRegister();
1026 
1027  /* log api */
1028  TmModuleLoggerRegister();
1029  TmModuleStatsLoggerRegister();
1030 
1031  TmModuleDebugList();
1032  /* nflog */
1033  TmModuleReceiveNFLOGRegister();
1034  TmModuleDecodeNFLOGRegister();
1035 
1036  /* windivert */
1037  TmModuleReceiveWinDivertRegister();
1038  TmModuleVerdictWinDivertRegister();
1039  TmModuleDecodeWinDivertRegister();
1040 
1041  /* Dpdk */
1042  TmModuleReceiveDPDKRegister();
1043  TmModuleDecodeDPDKRegister();
1044 
1045  /* Library */
1046  TmModuleDecodeLibRegister();
1047 }
1048 
1049 TmEcode SCLoadYamlConfig(void)
1050 {
1051  SCEnter();
1052 
1053  SCInstance *suri = &suricata;
1054 
1055  if (suri->conf_filename == NULL)
1056  suri->conf_filename = DEFAULT_CONF_FILE;
1057 
1058  if (SCConfYamlLoadFile(suri->conf_filename) != 0) {
1059  /* Error already displayed. */
1060  SCReturnInt(TM_ECODE_FAILED);
1061  }
1062 
1063  if (suri->additional_configs) {
1064  for (int i = 0; suri->additional_configs[i] != NULL; i++) {
1065  SCLogConfig("Loading additional configuration file %s", suri->additional_configs[i]);
1066  SCConfYamlHandleInclude(SCConfGetRootNode(), suri->additional_configs[i]);
1067  }
1068  }
1069 
1070  SCReturnInt(TM_ECODE_OK);
1071 }
1072 
1073 static TmEcode ParseInterfacesList(const int runmode, char *pcap_dev)
1074 {
1075  SCEnter();
1076 
1077  /* run the selected runmode */
1078  if (runmode == RUNMODE_PCAP_DEV) {
1079  if (strlen(pcap_dev) == 0) {
1080  int ret = LiveBuildDeviceList("pcap");
1081  if (ret == 0) {
1082  SCLogError("No interface found in config for pcap");
1083  SCReturnInt(TM_ECODE_FAILED);
1084  }
1085  }
1086  } else if (runmode == RUNMODE_PLUGIN) {
1087  if (strcmp(suricata.capture_plugin_name, "pfring") == 0) {
1088  /* Special handling for pfring. */
1089  if (strlen(pcap_dev)) {
1090  if (SCConfSetFinal("pfring.live-interface", pcap_dev) != 1) {
1091  SCLogError("Failed to set pfring.live-interface");
1092  SCReturnInt(TM_ECODE_FAILED);
1093  }
1094  }
1095  }
1096 #ifdef HAVE_DPDK
1097  } else if (runmode == RUNMODE_DPDK) {
1098  char iface_selector[] = "dpdk.interfaces";
1099  int ret = LiveBuildDeviceList(iface_selector);
1100  if (ret == 0) {
1101  SCLogError("No interface found in config for %s", iface_selector);
1102  SCReturnInt(TM_ECODE_FAILED);
1103  }
1104 #endif
1105 #ifdef HAVE_AF_PACKET
1106  } else if (runmode == RUNMODE_AFP_DEV) {
1107  /* iface has been set on command line */
1108  if (strlen(pcap_dev)) {
1109  if (SCConfSetFinal("af-packet.live-interface", pcap_dev) != 1) {
1110  SCLogError("Failed to set af-packet.live-interface");
1111  SCReturnInt(TM_ECODE_FAILED);
1112  }
1113  } else {
1114  int ret = LiveBuildDeviceList("af-packet");
1115  if (ret == 0) {
1116  SCLogError("No interface found in config for af-packet");
1117  SCReturnInt(TM_ECODE_FAILED);
1118  }
1119  }
1120 #endif
1121 #ifdef HAVE_AF_XDP
1122  } else if (runmode == RUNMODE_AFXDP_DEV) {
1123  /* iface has been set on command line */
1124  if (strlen(pcap_dev)) {
1125  if (SCConfSetFinal("af-xdp.live-interface", pcap_dev) != 1) {
1126  SCLogError("Failed to set af-xdp.live-interface");
1127  SCReturnInt(TM_ECODE_FAILED);
1128  }
1129  } else {
1130  int ret = LiveBuildDeviceList("af-xdp");
1131  if (ret == 0) {
1132  SCLogError("No interface found in config for af-xdp");
1133  SCReturnInt(TM_ECODE_FAILED);
1134  }
1135  }
1136 #endif
1137 #ifdef HAVE_NETMAP
1138  } else if (runmode == RUNMODE_NETMAP) {
1139  /* iface has been set on command line */
1140  if (strlen(pcap_dev)) {
1141  if (SCConfSetFinal("netmap.live-interface", pcap_dev) != 1) {
1142  SCLogError("Failed to set netmap.live-interface");
1143  SCReturnInt(TM_ECODE_FAILED);
1144  }
1145  } else {
1146  int ret = LiveBuildDeviceList("netmap");
1147  if (ret == 0) {
1148  SCLogError("No interface found in config for netmap");
1149  SCReturnInt(TM_ECODE_FAILED);
1150  }
1151  }
1152 #endif
1153 #ifdef HAVE_NFLOG
1154  } else if (runmode == RUNMODE_NFLOG) {
1155  int ret = LiveBuildDeviceListCustom("nflog", "group");
1156  if (ret == 0) {
1157  SCLogError("No group found in config for nflog");
1158  SCReturnInt(TM_ECODE_FAILED);
1159  }
1160 #endif
1161  }
1162 
1163  SCReturnInt(TM_ECODE_OK);
1164 }
1165 
1166 static void SCInstanceInit(SCInstance *suri, const char *progname)
1167 {
1168  memset(suri, 0x00, sizeof(*suri));
1169 
1170  suri->progname = progname;
1171  suri->run_mode = RUNMODE_UNKNOWN;
1172 
1173  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1174  suri->sig_file = NULL;
1175  suri->sig_file_exclusive = false;
1176  suri->pid_filename = NULL;
1177  suri->regex_arg = NULL;
1178 
1179  suri->keyword_info = NULL;
1180  suri->runmode_custom_mode = NULL;
1181 #ifndef OS_WIN32
1182  suri->user_name = NULL;
1183  suri->group_name = NULL;
1184  suri->do_setuid = false;
1185  suri->do_setgid = false;
1186 #endif /* OS_WIN32 */
1187  suri->userid = 0;
1188  suri->groupid = 0;
1189  suri->delayed_detect = 0;
1190  suri->daemon = 0;
1191  suri->offline = 0;
1192  suri->verbose = 0;
1193  /* use -1 as unknown */
1194  suri->checksum_validation = -1;
1195 #if HAVE_DETECT_DISABLED==1
1196  g_detect_disabled = suri->disabled_detect = 1;
1197 #else
1198  g_detect_disabled = suri->disabled_detect = 0;
1199 #endif
1200 }
1201 
1202 const char *GetDocURL(void)
1203 {
1204  const char *prog_ver = GetProgramVersion();
1205  if (strstr(prog_ver, "RELEASE") != NULL) {
1206  return DOC_URL "suricata-" PROG_VER;
1207  }
1208  return DOC_URL "latest";
1209 }
1210 
1211 /** \brief get string with program version
1212  *
1213  * Get the program version as passed to us from AC_INIT
1214  *
1215  * Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed
1216  * to us.
1217  *
1218  * Possible outputs:
1219  * release: '5.0.1 RELEASE'
1220  * dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)'
1221  * dev w/o rev: '5.0.1-dev'
1222  */
1223 const char *GetProgramVersion(void)
1224 {
1225  if (strstr(PROG_VER, "-dev") == NULL) {
1226  return PROG_VER " RELEASE";
1227  } else {
1228 #ifdef REVISION
1229  return PROG_VER " (" xstr(REVISION) ")";
1230 #else
1231  return PROG_VER;
1232 #endif
1233  }
1234 }
1235 
1236 static TmEcode PrintVersion(void)
1237 {
1238  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
1239  return TM_ECODE_OK;
1240 }
1241 
1242 static TmEcode LogVersion(SCInstance *suri)
1243 {
1244  const char *mode = suri->system ? "SYSTEM" : "USER";
1245  SCLogNotice("This is %s version %s running in %s mode",
1246  PROG_NAME, GetProgramVersion(), mode);
1247  return TM_ECODE_OK;
1248 }
1249 
1250 static void SCSetStartTime(SCInstance *suri)
1251 {
1252  memset(&suri->start_time, 0, sizeof(suri->start_time));
1253  gettimeofday(&suri->start_time, NULL);
1254 }
1255 
1256 static void SCPrintElapsedTime(struct timeval *start_time)
1257 {
1258  if (start_time == NULL)
1259  return;
1260  struct timeval end_time;
1261  memset(&end_time, 0, sizeof(end_time));
1262  gettimeofday(&end_time, NULL);
1263  uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1264  (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1265  SCLogInfo("time elapsed %.3fs", (float)milliseconds/(float)1000);
1266 }
1267 
1268 static int ParseCommandLineAfpacket(SCInstance *suri, const char *in_arg)
1269 {
1270 #ifdef HAVE_AF_PACKET
1271  if (suri->run_mode == RUNMODE_UNKNOWN) {
1272  suri->run_mode = RUNMODE_AFP_DEV;
1273  if (in_arg) {
1274  LiveRegisterDeviceName(in_arg);
1275  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1276  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1277  }
1278  } else if (suri->run_mode == RUNMODE_AFP_DEV) {
1279  if (in_arg) {
1280  LiveRegisterDeviceName(in_arg);
1281  } else {
1282  SCLogInfo("Multiple af-packet option without interface on each is useless");
1283  }
1284  } else {
1285  SCLogError("more than one run mode "
1286  "has been specified");
1287  PrintUsage(suri->progname);
1288  return TM_ECODE_FAILED;
1289  }
1290  return TM_ECODE_OK;
1291 #else
1292  SCLogError("AF_PACKET not enabled. On Linux "
1293  "host, make sure to pass --enable-af-packet to "
1294  "configure when building.");
1295  return TM_ECODE_FAILED;
1296 #endif
1297 }
1298 
1299 static int ParseCommandLineAfxdp(SCInstance *suri, const char *in_arg)
1300 {
1301 #ifdef HAVE_AF_XDP
1302  if (suri->run_mode == RUNMODE_UNKNOWN) {
1303  suri->run_mode = RUNMODE_AFXDP_DEV;
1304  if (in_arg) {
1305  LiveRegisterDeviceName(in_arg);
1306  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1307  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1308  }
1309  } else if (suri->run_mode == RUNMODE_AFXDP_DEV) {
1310  if (in_arg) {
1311  LiveRegisterDeviceName(in_arg);
1312  } else {
1313  SCLogInfo("Multiple af-xdp options without interface on each is useless");
1314  }
1315  } else {
1316  SCLogError("more than one run mode "
1317  "has been specified");
1318  PrintUsage(suri->progname);
1319  return TM_ECODE_FAILED;
1320  }
1321  return TM_ECODE_OK;
1322 #else
1323  SCLogError("AF_XDP not enabled. On Linux "
1324  "host, make sure correct libraries are installed,"
1325  " see documentation for information.");
1326  return TM_ECODE_FAILED;
1327 #endif
1328 }
1329 
1330 static int ParseCommandLineDpdk(SCInstance *suri, const char *in_arg)
1331 {
1332 #ifdef HAVE_DPDK
1333  if (suri->run_mode == RUNMODE_UNKNOWN) {
1334  suri->run_mode = RUNMODE_DPDK;
1335  } else if (suri->run_mode == RUNMODE_DPDK) {
1336  SCLogInfo("Multiple dpdk options have no effect on Suricata");
1337  } else {
1338  SCLogError("more than one run mode "
1339  "has been specified");
1340  PrintUsage(suri->progname);
1341  return TM_ECODE_FAILED;
1342  }
1343  return TM_ECODE_OK;
1344 #else
1345  SCLogError("DPDK not enabled. On Linux "
1346  "host, make sure to pass --enable-dpdk to "
1347  "configure when building.");
1348  return TM_ECODE_FAILED;
1349 #endif
1350 }
1351 
1352 static int ParseCommandLinePcapLive(SCInstance *suri, const char *in_arg)
1353 {
1354 #if defined(OS_WIN32) && !defined(HAVE_LIBWPCAP)
1355  /* If running on Windows without Npcap, bail early as live capture is not supported. */
1356  FatalError("Live capture not available. To support live capture compile against Npcap.");
1357 #endif
1358  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1359 
1360  if (in_arg != NULL) {
1361  /* some windows shells require escaping of the \ in \Device. Otherwise
1362  * the backslashes are stripped. We put them back here. */
1363  if (strlen(in_arg) > 9 && strncmp(in_arg, "DeviceNPF", 9) == 0) {
1364  snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", in_arg+9);
1365  } else {
1366  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1367  PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev));
1368  }
1369 
1370  if (strcmp(suri->pcap_dev, in_arg) != 0) {
1371  SCLogInfo("translated %s to pcap device %s", in_arg, suri->pcap_dev);
1372  } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) {
1373  SCLogError("failed to find a pcap device for IP %s", in_arg);
1374  return TM_ECODE_FAILED;
1375  }
1376  }
1377 
1378  if (suri->run_mode == RUNMODE_UNKNOWN) {
1379  suri->run_mode = RUNMODE_PCAP_DEV;
1380  if (in_arg) {
1381  LiveRegisterDeviceName(suri->pcap_dev);
1382  }
1383  } else if (suri->run_mode == RUNMODE_PCAP_DEV) {
1384  LiveRegisterDeviceName(suri->pcap_dev);
1385  } else {
1386  SCLogError("more than one run mode "
1387  "has been specified");
1388  PrintUsage(suri->progname);
1389  return TM_ECODE_FAILED;
1390  }
1391  return TM_ECODE_OK;
1392 }
1393 
1394 /**
1395  * Helper function to check if log directory is writable
1396  */
1397 static bool IsLogDirectoryWritable(const char* str)
1398 {
1399  return access(str, W_OK) == 0;
1400 }
1401 
1402 /**
1403  * Helper functions to append option values to an array where the
1404  * option is allowed multiple times. For example:
1405  * - --include
1406  * - --plugin
1407  */
1408 static void AddCommandLineOptionValue(
1409  const char ***values, const char *value, const char *description)
1410 {
1411  if (*values == NULL) {
1412  *values = SCCalloc(2, sizeof(char *));
1413  if (*values == NULL) {
1414  FatalError("Failed to allocate memory for %s: %s", description, strerror(errno));
1415  }
1416  (*values)[0] = value;
1417  } else {
1418  for (int i = 0;; i++) {
1419  if ((*values)[i] == NULL) {
1420  const char **new_values = SCRealloc(*values, (i + 2) * sizeof(char *));
1421  if (new_values == NULL) {
1422  FatalError(
1423  "Failed to allocate memory for %s: %s", description, strerror(errno));
1424  }
1425  *values = new_values;
1426  (*values)[i] = value;
1427  (*values)[i + 1] = NULL;
1428  break;
1429  }
1430  }
1431  }
1432 }
1433 
1434 extern int g_skip_prefilter;
1435 
1436 TmEcode SCParseCommandLine(int argc, char **argv)
1437 {
1438  SCInstance *suri = &suricata;
1439  int opt;
1440 
1441  int dump_config = 0;
1442  int dump_features = 0;
1443  int list_app_layer_protocols = 0;
1444  int list_rule_protocols = 0;
1445  int list_app_layer_hooks = 0;
1446  int list_app_layer_frames = 0;
1447  int list_unittests = 0;
1448  int list_runmodes = 0;
1449  int list_keywords = 0;
1450  int build_info = 0;
1451  int conf_test = 0;
1452  int engine_analysis = 0;
1453  int ret = TM_ECODE_OK;
1454  int is_firewall = 0;
1455 
1456 #ifdef UNITTESTS
1457  coverage_unittests = 0;
1458  g_ut_modules = 0;
1459  g_ut_covered = 0;
1460 #endif
1461 
1462  // clang-format off
1463  struct option long_opts[] = {
1464  {"help", 0, 0, 0},
1465  {"dump-config", 0, &dump_config, 1},
1466  {"dump-features", 0, &dump_features, 1},
1467  {"pfring", optional_argument, 0, 0},
1468  {"pfring-int", required_argument, 0, 0},
1469  {"pfring-cluster-id", required_argument, 0, 0},
1470  {"pfring-cluster-type", required_argument, 0, 0},
1471 #ifdef HAVE_DPDK
1472  {"dpdk", 0, 0, 0},
1473 #endif
1474  {"af-packet", optional_argument, 0, 0},
1475  {"af-xdp", optional_argument, 0, 0},
1476  {"netmap", optional_argument, 0, 0},
1477  {"pcap", optional_argument, 0, 0},
1478  {"pcap-file-continuous", 0, 0, 0},
1479  {"pcap-file-delete", 0, 0, 0},
1480  {"pcap-file-recursive", 0, 0, 0},
1481  {"pcap-file-buffer-size", required_argument, 0, 0},
1482  {"simulate-ips", 0, 0 , 0},
1483  {"no-random", 0, &g_disable_randomness, 1},
1484  {"strict-rule-keywords", optional_argument, 0, 0},
1485 
1486  {"plugin", required_argument, 0, 0},
1487  {"capture-plugin", required_argument, 0, 0},
1488  {"capture-plugin-args", required_argument, 0, 0},
1489 
1490 #ifdef BUILD_UNIX_SOCKET
1491  {"unix-socket", optional_argument, 0, 0},
1492 #endif
1493  {"pcap-buffer-size", required_argument, 0, 0},
1494  {"unittest-filter", required_argument, 0, 'U'},
1495  {"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1496  {"list-rule-protos", 0, &list_rule_protocols, 1},
1497  {"list-app-layer-hooks", 0, &list_app_layer_hooks, 1},
1498  {"list-app-layer-frames", 0, &list_app_layer_frames, 1},
1499  {"list-unittests", 0, &list_unittests, 1},
1500  {"list-runmodes", 0, &list_runmodes, 1},
1501  {"list-keywords", optional_argument, &list_keywords, 1},
1502  {"runmode", required_argument, NULL, 0},
1503  {"engine-analysis", 0, &engine_analysis, 1},
1504 #ifdef OS_WIN32
1505  {"service-install", 0, 0, 0},
1506  {"service-remove", 0, 0, 0},
1507  {"service-change-params", 0, 0, 0},
1508 #endif /* OS_WIN32 */
1509  {"pidfile", required_argument, 0, 0},
1510  {"init-errors-fatal", 0, 0, 0},
1511  {"disable-detection", 0, 0, 0},
1512  {"disable-hashing", 0, 0, 0},
1513  {"fatal-unittests", 0, 0, 0},
1514  {"unittests-coverage", 0, &coverage_unittests, 1},
1515  {"user", required_argument, 0, 0},
1516  {"group", required_argument, 0, 0},
1517  {"erf-in", required_argument, 0, 0},
1518  {"dag", required_argument, 0, 0},
1519  {"build-info", 0, &build_info, 1},
1520  {"data-dir", required_argument, 0, 0},
1521 #ifdef WINDIVERT
1522  {"windivert", required_argument, 0, 0},
1523  {"windivert-forward", required_argument, 0, 0},
1524 #endif
1525 #ifdef HAVE_LIBNET11
1526  {"reject-dev", required_argument, 0, 0},
1527 #endif
1528  {"set", required_argument, 0, 0},
1529 #ifdef HAVE_NFLOG
1530  {"nflog", optional_argument, 0, 0},
1531 #endif
1532  {"simulate-packet-flow-memcap", required_argument, 0, 0},
1533  {"simulate-applayer-error-at-offset-ts", required_argument, 0, 0},
1534  {"simulate-applayer-error-at-offset-tc", required_argument, 0, 0},
1535  {"simulate-packet-loss", required_argument, 0, 0},
1536  {"simulate-packet-tcp-reassembly-memcap", required_argument, 0, 0},
1537  {"simulate-packet-tcp-ssn-memcap", required_argument, 0, 0},
1538  {"simulate-packet-defrag-memcap", required_argument, 0, 0},
1539  {"simulate-alert-queue-realloc-failure", 0, 0, 0},
1540 
1541  {"qa-skip-prefilter", 0, &g_skip_prefilter, 1 },
1542 
1543  {"firewall", 0, &is_firewall, 1 },
1544  {"firewall-rules-exclusive", required_argument, 0, 0},
1545 
1546  {"include", required_argument, 0, 0},
1547 
1548  {NULL, 0, NULL, 0}
1549  };
1550  // clang-format on
1551 
1552  /* getopt_long stores the option index here. */
1553  int option_index = 0;
1554 
1555  char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1556 
1557  while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1558  switch (opt) {
1559  case 0:
1560  if (strcmp((long_opts[option_index]).name, "help") == 0) {
1561  suri->run_mode = RUNMODE_PRINT_USAGE;
1562  return TM_ECODE_OK;
1563  } else if (strcmp((long_opts[option_index]).name, "pfring") == 0 ||
1564  strcmp((long_opts[option_index]).name, "pfring-int") == 0) {
1565 #ifdef HAVE_PFRING
1566  /* TODO: Which plugin? */
1567  suri->run_mode = RUNMODE_PLUGIN;
1568  suri->capture_plugin_name = "pfring";
1569  if (optarg != NULL) {
1570  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1571  strlcpy(suri->pcap_dev, optarg,
1572  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1573  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1574  LiveRegisterDeviceName(optarg);
1575  }
1576 #else
1577  SCLogError("PF_RING not enabled. Make sure "
1578  "to pass --enable-pfring to configure when building.");
1579  return TM_ECODE_FAILED;
1580 #endif /* HAVE_PFRING */
1581  } else if (strcmp((long_opts[option_index]).name, "pfring-cluster-id") == 0) {
1582 #ifdef HAVE_PFRING
1583  if (SCConfSetFinal("pfring.cluster-id", optarg) != 1) {
1584  SCLogError("failed to set pfring.cluster-id");
1585  return TM_ECODE_FAILED;
1586  }
1587 #else
1588  SCLogError("PF_RING not enabled. Make sure "
1589  "to pass --enable-pfring to configure when building.");
1590  return TM_ECODE_FAILED;
1591 #endif /* HAVE_PFRING */
1592  } else if (strcmp((long_opts[option_index]).name, "pfring-cluster-type") == 0) {
1593 #ifdef HAVE_PFRING
1594  if (SCConfSetFinal("pfring.cluster-type", optarg) != 1) {
1595  SCLogError("failed to set pfring.cluster-type");
1596  return TM_ECODE_FAILED;
1597  }
1598 #else
1599  SCLogError("PF_RING not enabled. Make sure "
1600  "to pass --enable-pfring to configure when building.");
1601  return TM_ECODE_FAILED;
1602 #endif /* HAVE_PFRING */
1603  } else if (strcmp((long_opts[option_index]).name, "plugin") == 0) {
1604  AddCommandLineOptionValue(&suri->additional_plugins, optarg, "additional plugins");
1605  } else if (strcmp((long_opts[option_index]).name, "capture-plugin") == 0) {
1606  suri->run_mode = RUNMODE_PLUGIN;
1607  suri->capture_plugin_name = optarg;
1608  } else if (strcmp((long_opts[option_index]).name, "capture-plugin-args") == 0) {
1609  suri->capture_plugin_args = optarg;
1610  } else if (strcmp((long_opts[option_index]).name, "dpdk") == 0) {
1611  if (ParseCommandLineDpdk(suri, optarg) != TM_ECODE_OK) {
1612  return TM_ECODE_FAILED;
1613  }
1614  } else if (strcmp((long_opts[option_index]).name, "af-packet") == 0) {
1615  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1616  return TM_ECODE_FAILED;
1617  }
1618  } else if (strcmp((long_opts[option_index]).name, "af-xdp") == 0) {
1619  if (ParseCommandLineAfxdp(suri, optarg) != TM_ECODE_OK) {
1620  return TM_ECODE_FAILED;
1621  }
1622  } else if (strcmp((long_opts[option_index]).name, "netmap") == 0) {
1623 #ifdef HAVE_NETMAP
1624  if (suri->run_mode == RUNMODE_UNKNOWN) {
1625  suri->run_mode = RUNMODE_NETMAP;
1626  if (optarg) {
1627  LiveRegisterDeviceName(optarg);
1628  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1629  strlcpy(suri->pcap_dev, optarg,
1630  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1631  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1632  }
1633  } else if (suri->run_mode == RUNMODE_NETMAP) {
1634  if (optarg) {
1635  LiveRegisterDeviceName(optarg);
1636  } else {
1637  SCLogInfo("Multiple netmap option without interface on each is useless");
1638  break;
1639  }
1640  } else {
1641  SCLogError("more than one run mode "
1642  "has been specified");
1643  PrintUsage(argv[0]);
1644  return TM_ECODE_FAILED;
1645  }
1646 #else
1647  SCLogError("NETMAP not enabled.");
1648  return TM_ECODE_FAILED;
1649 #endif
1650  } else if (strcmp((long_opts[option_index]).name, "nflog") == 0) {
1651 #ifdef HAVE_NFLOG
1652  if (suri->run_mode == RUNMODE_UNKNOWN) {
1653  suri->run_mode = RUNMODE_NFLOG;
1654  LiveBuildDeviceListCustom("nflog", "group");
1655  }
1656 #else
1657  SCLogError("NFLOG not enabled.");
1658  return TM_ECODE_FAILED;
1659 #endif /* HAVE_NFLOG */
1660  } else if (strcmp((long_opts[option_index]).name, "pcap") == 0) {
1661  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1662  return TM_ECODE_FAILED;
1663  }
1664  } else if (strcmp((long_opts[option_index]).name, "simulate-ips") == 0) {
1665  SCLogInfo("Setting IPS mode");
1666  EngineModeSetIPS(ENGINE_HOST_IS_ROUTER);
1667  } else if (strcmp((long_opts[option_index]).name, "init-errors-fatal") == 0) {
1668  if (SCConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1669  SCLogError("failed to set engine init-failure-fatal");
1670  return TM_ECODE_FAILED;
1671  }
1672 #ifdef BUILD_UNIX_SOCKET
1673  } else if (strcmp((long_opts[option_index]).name , "unix-socket") == 0) {
1674  if (suri->run_mode == RUNMODE_UNKNOWN) {
1675  suri->run_mode = RUNMODE_UNIX_SOCKET;
1676  if (optarg) {
1677  if (SCConfSetFinal("unix-command.filename", optarg) != 1) {
1678  SCLogError("failed to set unix-command.filename");
1679  return TM_ECODE_FAILED;
1680  }
1681  }
1682  } else {
1683  SCLogError("more than one run mode "
1684  "has been specified");
1685  PrintUsage(argv[0]);
1686  return TM_ECODE_FAILED;
1687  }
1688 #endif
1689  }
1690  else if(strcmp((long_opts[option_index]).name, "list-app-layer-protocols") == 0) {
1691  /* listing all supported app layer protocols */
1692  } else if (strcmp((long_opts[option_index]).name, "list-app-layer-hooks") == 0) {
1693  /* listing all supported app layer hooks */
1694  } else if (strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
1695 #ifdef UNITTESTS
1696  suri->run_mode = RUNMODE_LIST_UNITTEST;
1697 #else
1698  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to "
1699  "configure when building");
1700  return TM_ECODE_FAILED;
1701 #endif /* UNITTESTS */
1702  } else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
1703  suri->run_mode = RUNMODE_LIST_RUNMODES;
1704  return TM_ECODE_OK;
1705  } else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
1706  if (optarg) {
1707  if (strcmp("short", optarg) != 0) {
1708  suri->keyword_info = optarg;
1709  }
1710  }
1711  } else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
1712  suri->runmode_custom_mode = optarg;
1713  } else if (strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
1714  // do nothing for now
1715  }
1716 #ifdef OS_WIN32
1717  else if (strcmp((long_opts[option_index]).name, "service-install") == 0) {
1718  suri->run_mode = RUNMODE_INSTALL_SERVICE;
1719  return TM_ECODE_OK;
1720  } else if (strcmp((long_opts[option_index]).name, "service-remove") == 0) {
1721  suri->run_mode = RUNMODE_REMOVE_SERVICE;
1722  return TM_ECODE_OK;
1723  } else if (strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
1724  suri->run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1725  return TM_ECODE_OK;
1726  }
1727 #endif /* OS_WIN32 */
1728  else if (strcmp((long_opts[option_index]).name, "pidfile") == 0) {
1729  suri->pid_filename = SCStrdup(optarg);
1730  if (suri->pid_filename == NULL) {
1731  SCLogError("strdup failed: %s", strerror(errno));
1732  return TM_ECODE_FAILED;
1733  }
1734  } else if (strcmp((long_opts[option_index]).name, "disable-detection") == 0) {
1735  g_detect_disabled = suri->disabled_detect = 1;
1736  } else if (strcmp((long_opts[option_index]).name, "disable-hashing") == 0) {
1737  g_disable_hashing = true;
1738  // for rust
1739  SCDisableHashing();
1740  } else if (strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
1741 #ifdef UNITTESTS
1742  unittests_fatal = 1;
1743 #else
1744  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to "
1745  "configure when building");
1746  return TM_ECODE_FAILED;
1747 #endif /* UNITTESTS */
1748  } else if (strcmp((long_opts[option_index]).name, "user") == 0) {
1749 #ifndef HAVE_LIBCAP_NG
1750  SCLogError("libcap-ng is required to"
1751  " drop privileges, but it was not compiled into Suricata.");
1752  return TM_ECODE_FAILED;
1753 #else
1754  suri->user_name = optarg;
1755  suri->do_setuid = true;
1756 #endif /* HAVE_LIBCAP_NG */
1757  } else if (strcmp((long_opts[option_index]).name, "group") == 0) {
1758 #ifndef HAVE_LIBCAP_NG
1759  SCLogError("libcap-ng is required to"
1760  " drop privileges, but it was not compiled into Suricata.");
1761  return TM_ECODE_FAILED;
1762 #else
1763  suri->group_name = optarg;
1764  suri->do_setgid = true;
1765 #endif /* HAVE_LIBCAP_NG */
1766  } else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) {
1767  suri->run_mode = RUNMODE_ERF_FILE;
1768  if (SCConfSetFinal("erf-file.file", optarg) != 1) {
1769  SCLogError("failed to set erf-file.file");
1770  return TM_ECODE_FAILED;
1771  }
1772  } else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
1773 #ifdef HAVE_DAG
1774  if (suri->run_mode == RUNMODE_UNKNOWN) {
1775  suri->run_mode = RUNMODE_DAG;
1776  }
1777  else if (suri->run_mode != RUNMODE_DAG) {
1778  SCLogError("more than one run mode has been specified");
1779  PrintUsage(argv[0]);
1780  return TM_ECODE_FAILED;
1781  }
1782  LiveRegisterDeviceName(optarg);
1783 #else
1784  SCLogError("libdag and a DAG card are required"
1785  " to receive packets using --dag.");
1786  return TM_ECODE_FAILED;
1787 #endif /* HAVE_DAG */
1788  } else if (strcmp((long_opts[option_index]).name, "napatech") == 0) {
1789 #ifdef HAVE_NAPATECH
1790  suri->run_mode = RUNMODE_PLUGIN;
1791 #else
1792  SCLogError("libntapi and a Napatech adapter are required"
1793  " to capture packets using --napatech.");
1794  return TM_ECODE_FAILED;
1795 #endif /* HAVE_NAPATECH */
1796  } else if (strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
1797 #ifdef HAVE_PCAP_SET_BUFF
1798  if (SCConfSetFinal("pcap.buffer-size", optarg) != 1) {
1799  SCLogError("failed to set pcap-buffer-size");
1800  return TM_ECODE_FAILED;
1801  }
1802 #else
1803  SCLogError("The version of libpcap you have"
1804  " doesn't support setting buffer size.");
1805 #endif /* HAVE_PCAP_SET_BUFF */
1806  } else if (strcmp((long_opts[option_index]).name, "build-info") == 0) {
1807  suri->run_mode = RUNMODE_PRINT_BUILDINFO;
1808  return TM_ECODE_OK;
1809  } else if (strcmp((long_opts[option_index]).name, "windivert-forward") == 0) {
1810 #ifdef WINDIVERT
1811  if (suri->run_mode == RUNMODE_UNKNOWN) {
1812  suri->run_mode = RUNMODE_WINDIVERT;
1813  if (WinDivertRegisterQueue(true, optarg) == -1) {
1814  exit(EXIT_FAILURE);
1815  }
1816  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1817  if (WinDivertRegisterQueue(true, optarg) == -1) {
1818  exit(EXIT_FAILURE);
1819  }
1820  } else {
1821  SCLogError("more than one run mode "
1822  "has been specified");
1823  PrintUsage(argv[0]);
1824  exit(EXIT_FAILURE);
1825  }
1826  }
1827  else if(strcmp((long_opts[option_index]).name, "windivert") == 0) {
1828  if (suri->run_mode == RUNMODE_UNKNOWN) {
1829  suri->run_mode = RUNMODE_WINDIVERT;
1830  if (WinDivertRegisterQueue(false, optarg) == -1) {
1831  exit(EXIT_FAILURE);
1832  }
1833  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1834  if (WinDivertRegisterQueue(false, optarg) == -1) {
1835  exit(EXIT_FAILURE);
1836  }
1837  } else {
1838  SCLogError("more than one run mode "
1839  "has been specified");
1840  PrintUsage(argv[0]);
1841  exit(EXIT_FAILURE);
1842  }
1843 #else
1844  SCLogError("WinDivert not enabled. Make sure to pass --enable-windivert to "
1845  "configure when building.");
1846  return TM_ECODE_FAILED;
1847 #endif /* WINDIVERT */
1848  } else if(strcmp((long_opts[option_index]).name, "reject-dev") == 0) {
1849 #ifdef HAVE_LIBNET11
1850  BUG_ON(optarg == NULL); /* for static analysis */
1851  extern char *g_reject_dev;
1852  extern uint16_t g_reject_dev_mtu;
1853  g_reject_dev = optarg;
1854  int mtu = GetIfaceMTU(g_reject_dev);
1855  if (mtu > 0) {
1856  g_reject_dev_mtu = (uint16_t)mtu;
1857  }
1858 #else
1859  SCLogError("Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1860  return TM_ECODE_FAILED;
1861 #endif
1862  }
1863  else if (strcmp((long_opts[option_index]).name, "set") == 0) {
1864  if (optarg != NULL) {
1865  /* Quick validation. */
1866  char *val = strchr(optarg, '=');
1867  if (val == NULL) {
1868  FatalError("Invalid argument for --set, must be key=val.");
1869  }
1870  if (!SCConfSetFromString(optarg, 1)) {
1871  FatalError("failed to set configuration value %s", optarg);
1872  }
1873  }
1874  }
1875  else if (strcmp((long_opts[option_index]).name, "pcap-file-continuous") == 0) {
1876  if (SCConfSetFinal("pcap-file.continuous", "true") != 1) {
1877  SCLogError("Failed to set pcap-file.continuous");
1878  return TM_ECODE_FAILED;
1879  }
1880  }
1881  else if (strcmp((long_opts[option_index]).name, "pcap-file-delete") == 0) {
1882  if (SCConfSetFinal("pcap-file.delete-when-done", "true") != 1) {
1883  SCLogError("Failed to set pcap-file.delete-when-done");
1884  return TM_ECODE_FAILED;
1885  }
1886  }
1887  else if (strcmp((long_opts[option_index]).name, "pcap-file-recursive") == 0) {
1888  if (SCConfSetFinal("pcap-file.recursive", "true") != 1) {
1889  SCLogError("failed to set pcap-file.recursive");
1890  return TM_ECODE_FAILED;
1891  }
1892  } else if (strcmp((long_opts[option_index]).name, "pcap-file-buffer-size") == 0) {
1893  if (SCConfSetFinal("pcap-file.buffer-size", optarg) != 1) {
1894  SCLogError("failed to set pcap-file.buffer-size");
1895  return TM_ECODE_FAILED;
1896  }
1897  } else if (strcmp((long_opts[option_index]).name, "data-dir") == 0) {
1898  if (optarg == NULL) {
1899  SCLogError("no option argument (optarg) for -d");
1900  return TM_ECODE_FAILED;
1901  }
1902 
1903  if (ConfigSetDataDirectory(optarg) != TM_ECODE_OK) {
1904  SCLogError("Failed to set data directory.");
1905  return TM_ECODE_FAILED;
1906  }
1907  if (ConfigCheckDataDirectory(optarg) != TM_ECODE_OK) {
1908  SCLogError("The data directory \"%s\""
1909  " supplied at the command-line (-d %s) doesn't "
1910  "exist. Shutting down the engine.",
1911  optarg, optarg);
1912  return TM_ECODE_FAILED;
1913  }
1914  suri->set_datadir = true;
1915  } else if (strcmp((long_opts[option_index]).name, "strict-rule-keywords") == 0) {
1916  if (optarg == NULL) {
1917  suri->strict_rule_parsing_string = SCStrdup("all");
1918  } else {
1919  suri->strict_rule_parsing_string = SCStrdup(optarg);
1920  }
1921  if (suri->strict_rule_parsing_string == NULL) {
1922  FatalError("failed to duplicate 'strict' string");
1923  }
1924  } else if (strcmp((long_opts[option_index]).name, "include") == 0) {
1925  AddCommandLineOptionValue(
1926  &suri->additional_configs, optarg, "additional configuration files");
1927  } else if (strcmp((long_opts[option_index]).name, "firewall-rules-exclusive") == 0) {
1928  if (suri->firewall_rule_file != NULL) {
1929  SCLogError("can't have multiple --firewall-rules-exclusive options");
1930  return TM_ECODE_FAILED;
1931  }
1932  suri->firewall_rule_file = optarg;
1933  suri->firewall_rule_file_exclusive = true;
1934  suri->is_firewall = true;
1935  } else {
1936  int r = ExceptionSimulationCommandLineParser(
1937  (long_opts[option_index]).name, optarg);
1938  if (r < 0)
1939  return TM_ECODE_FAILED;
1940  }
1941  break;
1942  case 'c':
1943  suri->conf_filename = optarg;
1944  break;
1945  case 'T':
1946  conf_test = 1;
1947  if (SCConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1948  SCLogError("failed to set engine init-failure-fatal");
1949  return TM_ECODE_FAILED;
1950  }
1951  break;
1952 #ifndef OS_WIN32
1953  case 'D':
1954  suri->daemon = 1;
1955  break;
1956 #endif /* OS_WIN32 */
1957  case 'h':
1958  suri->run_mode = RUNMODE_PRINT_USAGE;
1959  return TM_ECODE_OK;
1960  case 'i':
1961  if (optarg == NULL) {
1962  SCLogError("no option argument (optarg) for -i");
1963  return TM_ECODE_FAILED;
1964  }
1965 #ifdef HAVE_AF_PACKET
1966  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1967  return TM_ECODE_FAILED;
1968  }
1969 #else /* not afpacket */
1970  /* warn user if netmap is available */
1971 #if defined HAVE_NETMAP
1972  int i = 0;
1973 #ifdef HAVE_NETMAP
1974  i++;
1975 #endif
1976  SCLogWarning("faster capture "
1977  "option%s %s available:"
1978 #ifdef HAVE_NETMAP
1979  " NETMAP (--netmap=%s)"
1980 #endif
1981  ". Use --pcap=%s to suppress this warning",
1982  i == 1 ? "" : "s", i == 1 ? "is" : "are"
1983 #ifdef HAVE_NETMAP
1984  ,
1985  optarg
1986 #endif
1987  ,
1988  optarg);
1989 #endif /* have faster methods */
1990  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1991  return TM_ECODE_FAILED;
1992  }
1993 #endif
1994  break;
1995  case 'l':
1996  if (optarg == NULL) {
1997  SCLogError("no option argument (optarg) for -l");
1998  return TM_ECODE_FAILED;
1999  }
2000 
2001  if (ConfigSetLogDirectory(optarg) != TM_ECODE_OK) {
2002  SCLogError("Failed to set log directory.");
2003  return TM_ECODE_FAILED;
2004  }
2005  if (ConfigCheckLogDirectoryExists(optarg) != TM_ECODE_OK) {
2006  SCLogError("The logging directory \"%s\""
2007  " supplied at the command-line (-l %s) doesn't "
2008  "exist. Shutting down the engine.",
2009  optarg, optarg);
2010  return TM_ECODE_FAILED;
2011  }
2012  if (!IsLogDirectoryWritable(optarg)) {
2013  SCLogError("The logging directory \"%s\""
2014  " supplied at the command-line (-l %s) is not "
2015  "writable. Shutting down the engine.",
2016  optarg, optarg);
2017  return TM_ECODE_FAILED;
2018  }
2019  suri->set_logdir = true;
2020 
2021  break;
2022  case 'q':
2023 #ifdef NFQ
2024  if (suri->run_mode == RUNMODE_UNKNOWN) {
2025  suri->run_mode = RUNMODE_NFQ;
2026  EngineModeSetIPS(ENGINE_HOST_IS_ROUTER);
2027  if (NFQParseAndRegisterQueues(optarg) == -1)
2028  return TM_ECODE_FAILED;
2029  } else if (suri->run_mode == RUNMODE_NFQ) {
2030  if (NFQParseAndRegisterQueues(optarg) == -1)
2031  return TM_ECODE_FAILED;
2032  } else {
2033  SCLogError("more than one run mode "
2034  "has been specified");
2035  PrintUsage(argv[0]);
2036  return TM_ECODE_FAILED;
2037  }
2038 #else
2039  SCLogError("NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when "
2040  "building.");
2041  return TM_ECODE_FAILED;
2042 #endif /* NFQ */
2043  break;
2044  case 'd':
2045 #ifdef IPFW
2046  if (suri->run_mode == RUNMODE_UNKNOWN) {
2047  suri->run_mode = RUNMODE_IPFW;
2048  EngineModeSetIPS(ENGINE_HOST_IS_ROUTER);
2049  if (IPFWRegisterQueue(optarg) == -1)
2050  return TM_ECODE_FAILED;
2051  } else if (suri->run_mode == RUNMODE_IPFW) {
2052  if (IPFWRegisterQueue(optarg) == -1)
2053  return TM_ECODE_FAILED;
2054  } else {
2055  SCLogError("more than one run mode "
2056  "has been specified");
2057  PrintUsage(argv[0]);
2058  return TM_ECODE_FAILED;
2059  }
2060 #else
2061  SCLogError("IPFW not enabled. Make sure to pass --enable-ipfw to configure when "
2062  "building.");
2063  return TM_ECODE_FAILED;
2064 #endif /* IPFW */
2065  break;
2066  case 'r':
2067  BUG_ON(optarg == NULL); /* for static analysis */
2068  if (suri->run_mode == RUNMODE_UNKNOWN) {
2069  suri->run_mode = RUNMODE_PCAP_FILE;
2070  } else {
2071  SCLogError("more than one run mode "
2072  "has been specified");
2073  PrintUsage(argv[0]);
2074  return TM_ECODE_FAILED;
2075  }
2076  SCStat buf;
2077  if (SCStatFn(optarg, &buf) != 0) {
2078  SCLogError("pcap file '%s': %s", optarg, strerror(errno));
2079  return TM_ECODE_FAILED;
2080  }
2081  if (SCConfSetFinal("pcap-file.file", optarg) != 1) {
2082  SCLogError("ERROR: Failed to set pcap-file.file\n");
2083  return TM_ECODE_FAILED;
2084  }
2085 
2086  break;
2087  case 's':
2088  if (suri->sig_file != NULL) {
2089  SCLogError("can't have multiple -s options or mix -s and -S.");
2090  return TM_ECODE_FAILED;
2091  }
2092  suri->sig_file = optarg;
2093  break;
2094  case 'S':
2095  if (suri->sig_file != NULL) {
2096  SCLogError("can't have multiple -S options or mix -s and -S.");
2097  return TM_ECODE_FAILED;
2098  }
2099  suri->sig_file = optarg;
2100  suri->sig_file_exclusive = true;
2101  break;
2102  case 'u':
2103 #ifdef UNITTESTS
2104  if (suri->run_mode == RUNMODE_UNKNOWN) {
2105  suri->run_mode = RUNMODE_UNITTEST;
2106  } else {
2107  SCLogError("more than one run mode has"
2108  " been specified");
2109  PrintUsage(argv[0]);
2110  return TM_ECODE_FAILED;
2111  }
2112 #else
2113  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to configure "
2114  "when building.");
2115  return TM_ECODE_FAILED;
2116 #endif /* UNITTESTS */
2117  break;
2118  case 'U':
2119 #ifdef UNITTESTS
2120  suri->regex_arg = optarg;
2121 
2122  if(strlen(suri->regex_arg) == 0)
2123  suri->regex_arg = NULL;
2124 #endif
2125  break;
2126  case 'V':
2127  suri->run_mode = RUNMODE_PRINT_VERSION;
2128  return TM_ECODE_OK;
2129  case 'F':
2130  if (optarg == NULL) {
2131  SCLogError("no option argument (optarg) for -F");
2132  return TM_ECODE_FAILED;
2133  }
2134 
2135  SetBpfStringFromFile(optarg);
2136  break;
2137  case 'v': {
2138  static bool ignore_extra = false;
2139  if (suri->verbose < VERBOSE_MAX)
2140  suri->verbose++;
2141  else if (!ignore_extra) {
2142  SCLogNotice("extraneous verbose option(s) ignored");
2143  ignore_extra = true;
2144  }
2145  } break;
2146  case 'k':
2147  if (optarg == NULL) {
2148  SCLogError("no option argument (optarg) for -k");
2149  return TM_ECODE_FAILED;
2150  }
2151  if (!strcmp("all", optarg))
2152  suri->checksum_validation = 1;
2153  else if (!strcmp("none", optarg))
2154  suri->checksum_validation = 0;
2155  else {
2156  SCLogError("option '%s' invalid for -k", optarg);
2157  return TM_ECODE_FAILED;
2158  }
2159  break;
2160  default:
2161  PrintUsage(argv[0]);
2162  return TM_ECODE_FAILED;
2163  }
2164  }
2165 
2166  if (is_firewall) {
2167  suri->is_firewall = true;
2168  }
2169 
2170  if (suri->disabled_detect && (suri->sig_file != NULL || suri->firewall_rule_file != NULL)) {
2171  SCLogError("can't use -s/-S or --firewall-rules-exclusive when detection is disabled");
2172  return TM_ECODE_FAILED;
2173  }
2174 
2175  /* save the runmode from the command-line (if any) */
2176  suri->aux_run_mode = suri->run_mode;
2177 
2178  if (list_app_layer_protocols)
2179  suri->run_mode = RUNMODE_LIST_APP_LAYERS;
2180  if (list_rule_protocols)
2181  suri->run_mode = RUNMODE_LIST_RULE_PROTOS;
2182  if (list_app_layer_hooks)
2183  suri->run_mode = RUNMODE_LIST_APP_LAYER_HOOKS;
2184  if (list_app_layer_frames)
2185  suri->run_mode = RUNMODE_LIST_APP_LAYER_FRAMES;
2186  if (list_keywords)
2187  suri->run_mode = RUNMODE_LIST_KEYWORDS;
2188  if (list_unittests)
2189  suri->run_mode = RUNMODE_LIST_UNITTEST;
2190  if (dump_config)
2191  suri->run_mode = RUNMODE_DUMP_CONFIG;
2192  if (dump_features)
2193  suri->run_mode = RUNMODE_DUMP_FEATURES;
2194  if (conf_test)
2195  suri->run_mode = RUNMODE_CONF_TEST;
2196  if (engine_analysis)
2197  suri->run_mode = RUNMODE_ENGINE_ANALYSIS;
2198 
2199  suri->offline = IsRunModeOffline(suri->run_mode);
2200  g_system = suri->system = IsRunModeSystem(suri->run_mode);
2201 
2202  ret = SetBpfString(optind, argv);
2203  if (ret != TM_ECODE_OK)
2204  return ret;
2205 
2206  return TM_ECODE_OK;
2207 }
2208 
2209 #ifdef OS_WIN32
2210 int WindowsInitService(int argc, char **argv)
2211 {
2212  if (SCRunningAsService()) {
2213  char path[MAX_PATH];
2214  char *p = NULL;
2215  strlcpy(path, argv[0], MAX_PATH);
2216  if ((p = strrchr(path, '\\'))) {
2217  *p = '\0';
2218  }
2219  if (!SetCurrentDirectory(path)) {
2220  SCLogError("Can't set current directory to: %s", path);
2221  return -1;
2222  }
2223  SCLogInfo("Current directory is set to: %s", path);
2224  SCServiceInit(argc, argv);
2225  }
2226 
2227  /* Windows socket subsystem initialization */
2228  WSADATA wsaData;
2229  if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
2230  SCLogError("Can't initialize Windows sockets: %d", WSAGetLastError());
2231  return -1;
2232  }
2233 
2234  return 0;
2235 }
2236 #endif /* OS_WIN32 */
2237 
2238 static int MayDaemonize(SCInstance *suri)
2239 {
2240  if (suri->daemon == 1 && suri->pid_filename == NULL) {
2241  const char *pid_filename;
2242 
2243  if (SCConfGetNonNull("pid-file", &pid_filename) == 1) {
2244  SCLogInfo("Use pid file %s from config file.", pid_filename);
2245  } else {
2246  pid_filename = DEFAULT_PID_FILENAME;
2247  }
2248  /* The pid file name may be in config memory, but is needed later. */
2249  suri->pid_filename = SCStrdup(pid_filename);
2250  if (suri->pid_filename == NULL) {
2251  SCLogError("strdup failed: %s", strerror(errno));
2252  return TM_ECODE_FAILED;
2253  }
2254  }
2255 
2256  if (suri->pid_filename != NULL && SCPidfileTestRunning(suri->pid_filename) != 0) {
2257  SCFree(suri->pid_filename);
2258  suri->pid_filename = NULL;
2259  return TM_ECODE_FAILED;
2260  }
2261 
2262  if (suri->daemon == 1) {
2263  Daemonize();
2264  }
2265 
2266  if (suri->pid_filename != NULL) {
2267  if (SCPidfileCreate(suri->pid_filename) != 0) {
2268  SCFree(suri->pid_filename);
2269  suri->pid_filename = NULL;
2270  SCLogError("Unable to create PID file, concurrent run of"
2271  " Suricata can occur.");
2272  SCLogError("PID file creation WILL be mandatory for daemon mode"
2273  " in future version");
2274  }
2275  }
2276 
2277  return TM_ECODE_OK;
2278 }
2279 
2280 /* Initialize the user and group Suricata is to run as. */
2281 static int InitRunAs(SCInstance *suri)
2282 {
2283 #ifndef OS_WIN32
2284  /* Try to get user/group to run suricata as if
2285  command line as not decide of that */
2286  if (!suri->do_setuid && !suri->do_setgid) {
2287  const char *id;
2288  if (SCConfGet("run-as.user", &id) == 1) {
2289  suri->do_setuid = true;
2290  suri->user_name = id;
2291  }
2292  if (SCConfGet("run-as.group", &id) == 1) {
2293  suri->do_setgid = true;
2294  suri->group_name = id;
2295  }
2296  }
2297  /* Get the suricata user ID to given user ID */
2298  if (suri->do_setuid) {
2299  SCGetUserID(suri->user_name, suri->group_name, &suri->userid, &suri->groupid);
2300  sc_set_caps = true;
2301  /* Get the suricata group ID to given group ID */
2302  } else if (suri->do_setgid) {
2303  SCGetGroupID(suri->group_name, &suri->groupid);
2304  sc_set_caps = true;
2305  }
2306 #endif
2307  return TM_ECODE_OK;
2308 }
2309 
2310 static int InitSignalHandler(SCInstance *suri)
2311 {
2312  /* registering signals we use */
2313 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2314  UtilSignalHandlerSetup(SIGINT, SignalHandlerSigint);
2315  UtilSignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
2316 #if HAVE_LIBUNWIND
2317  int enabled;
2318  if (SCConfGetBool("logging.stacktrace-on-signal", &enabled) == 0) {
2319  enabled = 1;
2320  }
2321 
2322  if (enabled) {
2323  SCLogInfo("Preparing unexpected signal handling");
2324  struct sigaction stacktrace_action;
2325  memset(&stacktrace_action, 0, sizeof(stacktrace_action));
2326  stacktrace_action.sa_sigaction = SignalHandlerUnexpected;
2327  stacktrace_action.sa_flags = SA_SIGINFO;
2328  sigaction(SIGSEGV, &stacktrace_action, NULL);
2329  sigaction(SIGABRT, &stacktrace_action, NULL);
2330  }
2331 #endif /* HAVE_LIBUNWIND */
2332 #endif
2333 #ifndef OS_WIN32
2334  UtilSignalHandlerSetup(SIGHUP, SignalHandlerSigHup);
2335  UtilSignalHandlerSetup(SIGPIPE, SIG_IGN);
2336  UtilSignalHandlerSetup(SIGSYS, SIG_IGN);
2337 #endif /* OS_WIN32 */
2338 
2339  return TM_ECODE_OK;
2340 }
2341 
2342 /* initialization code for both the main modes and for
2343  * unix socket mode.
2344  *
2345  * Will be run once per pcap in unix-socket mode */
2346 void PreRunInit(const int runmode)
2347 {
2348  if (runmode == RUNMODE_UNIX_SOCKET)
2349  return;
2350 
2351  StatsInit();
2352 #ifdef PROFILE_RULES
2353  SCProfilingRulesGlobalInit();
2354 #endif
2355 #ifdef PROFILING
2356  SCProfilingKeywordsGlobalInit();
2357  SCProfilingPrefilterGlobalInit();
2358  SCProfilingSghsGlobalInit();
2359 #endif /* PROFILING */
2360 #ifdef PROFILE_RULES
2361  SCProfilingInit();
2362 #endif
2363  DefragInit();
2364  FlowInitConfig(FLOW_QUIET);
2365  IPPairInitConfig(FLOW_QUIET);
2366  StreamTcpInitConfig(STREAM_VERBOSE);
2367  AppLayerParserPostStreamSetup();
2368  AppLayerRegisterGlobalCounters();
2369  OutputFilestoreRegisterGlobalCounters();
2370  ThresholdRegisterGlobalCounters();
2371  HttpRangeContainersInit();
2372 }
2373 
2374 /* tasks we need to run before packets start flowing,
2375  * but after we dropped privs */
2376 void PreRunPostPrivsDropInit(const int runmode)
2377 {
2378  if (runmode == RUNMODE_UNIX_SOCKET) {
2379  return;
2380  }
2381 
2382  StatsSetupPostConfigPreOutput();
2383  RunModeInitializeOutputs();
2384  DatasetsInit();
2385  StatsSetupPostConfigPostOutput();
2386 }
2387 
2388 /** \brief clean up / shutdown code for packet modes
2389  *
2390  * Shuts down packet modes, so regular packet runmodes and the
2391  * per pcap mode in the unix socket. */
2392 void PostRunDeinit(const int runmode, struct timeval *start_time)
2393 {
2394  if (runmode == RUNMODE_UNIX_SOCKET)
2395  return;
2396 
2397  TmThreadsUnsealThreads();
2398 
2399  /* needed by FlowWorkToDoCleanup */
2400  PacketPoolInit();
2401 
2402  /* handle graceful shutdown of the flow engine, it's helper
2403  * threads and the packet threads */
2404  FlowDisableFlowManagerThread();
2405  /* disable capture */
2406  TmThreadDisableReceiveThreads();
2407  /* tell relevant packet threads to enter flow timeout loop */
2408  TmThreadDisablePacketThreads(
2409  THV_REQ_FLOW_LOOP, THV_FLOW_LOOP, (TM_FLAG_RECEIVE_TM | TM_FLAG_FLOWWORKER_TM));
2410  /* run cleanup on the flow hash */
2411  FlowWorkToDoCleanup();
2412  /* gracefully shut down all packet threads */
2413  TmThreadDisablePacketThreads(THV_KILL, THV_RUNNING_DONE, TM_FLAG_PACKET_ALL);
2414  SCPrintElapsedTime(start_time);
2415  FlowDisableFlowRecyclerThread();
2416 
2417  /* kill the stats threads */
2418  TmThreadKillThreadsFamily(TVT_MGMT);
2419  TmThreadClearThreadsFamily(TVT_MGMT);
2420 
2421  /* kill packet threads -- already in 'disabled' state */
2422  TmThreadKillThreadsFamily(TVT_PPT);
2423  TmThreadClearThreadsFamily(TVT_PPT);
2424 
2425  PacketPoolDestroy();
2426 
2427  /* mgt and ppt threads killed, we can run non thread-safe
2428  * shutdown functions */
2429  StatsReleaseResources();
2430  DecodeUnregisterCounters();
2431  RunModeShutDown();
2432  FlowShutdown();
2433  IPPairShutdown();
2434  HostCleanup();
2435  StreamTcpFreeConfig(STREAM_VERBOSE);
2436  DefragDestroy();
2437  HttpRangeContainersDestroy();
2438 #ifdef HAVE_HWLOC
2439  TopologyDestroy();
2440 #endif /* HAVE_HWLOC */
2441 
2442  TmqResetQueues();
2443 #ifdef PROFILING
2444  if (profiling_packets_enabled)
2445  SCProfilingDump();
2446  SCProfilingDestroy();
2447 #endif
2448 }
2449 
2450 int SCStartInternalRunMode(int argc, char **argv)
2451 {
2452  SCInstance *suri = &suricata;
2453  /* Treat internal running mode */
2454  switch (suri->run_mode) {
2455  case RUNMODE_LIST_KEYWORDS:
2456  return ListKeywords(suri->keyword_info);
2457  case RUNMODE_LIST_RULE_PROTOS:
2458  if (suri->conf_filename != NULL) {
2459  return ListRuleProtocols(suri->conf_filename);
2460  } else {
2461  return ListRuleProtocols(DEFAULT_CONF_FILE);
2462  }
2463  case RUNMODE_LIST_APP_LAYERS:
2464  if (suri->conf_filename != NULL) {
2465  return ListAppLayerProtocols(suri->conf_filename);
2466  } else {
2467  return ListAppLayerProtocols(DEFAULT_CONF_FILE);
2468  }
2469  case RUNMODE_LIST_APP_LAYER_HOOKS:
2470  if (suri->conf_filename != NULL) {
2471  return ListAppLayerHooks(suri->conf_filename);
2472  } else {
2473  return ListAppLayerHooks(DEFAULT_CONF_FILE);
2474  }
2475  case RUNMODE_LIST_APP_LAYER_FRAMES:
2476  if (suri->conf_filename != NULL) {
2477  return ListAppLayerFrames(suri->conf_filename);
2478  } else {
2479  return ListAppLayerFrames(DEFAULT_CONF_FILE);
2480  }
2481  case RUNMODE_PRINT_VERSION:
2482  PrintVersion();
2483  return TM_ECODE_DONE;
2484  case RUNMODE_PRINT_BUILDINFO:
2485  PrintBuildInfo();
2486  return TM_ECODE_DONE;
2487  case RUNMODE_PRINT_USAGE:
2488  PrintUsage(argv[0]);
2489  return TM_ECODE_DONE;
2490  case RUNMODE_LIST_RUNMODES:
2491  RunModeListRunmodes();
2492  return TM_ECODE_DONE;
2493  case RUNMODE_LIST_UNITTEST:
2494  RunUnittests(1, suri->regex_arg);
2495  case RUNMODE_UNITTEST:
2496  RunUnittests(0, suri->regex_arg);
2497 #ifdef OS_WIN32
2498  case RUNMODE_INSTALL_SERVICE:
2499  if (SCServiceInstall(argc, argv)) {
2500  return TM_ECODE_FAILED;
2501  }
2502  SCLogInfo("Suricata service has been successfully installed.");
2503  return TM_ECODE_DONE;
2504  case RUNMODE_REMOVE_SERVICE:
2505  if (SCServiceRemove()) {
2506  return TM_ECODE_FAILED;
2507  }
2508  SCLogInfo("Suricata service has been successfully removed.");
2509  return TM_ECODE_DONE;
2510  case RUNMODE_CHANGE_SERVICE_PARAMS:
2511  if (SCServiceChangeParams(argc, argv)) {
2512  return TM_ECODE_FAILED;
2513  }
2514  SCLogInfo("Suricata service startup parameters has been successfully changed.");
2515  return TM_ECODE_DONE;
2516 #endif /* OS_WIN32 */
2517  default:
2518  /* simply continue for other running mode */
2519  break;
2520  }
2521  return TM_ECODE_OK;
2522 }
2523 
2524 int SCFinalizeRunMode(int argc)
2525 {
2526  SCInstance *suri = &suricata;
2527  switch (suri->run_mode) {
2528  case RUNMODE_UNKNOWN:
2529  /* Only warn if user passed arguments */
2530  if (argc > 1) {
2531  SCLogError("Please specify a runmode or capture option. "
2532  "Use --list-runmodes to see available runmodes.");
2533  }
2534  PrintUsage(suri->progname);
2535  return TM_ECODE_FAILED;
2536  default:
2537  break;
2538  }
2539 
2540  if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) {
2541  return TM_ECODE_FAILED;
2542  }
2543 
2544  return TM_ECODE_OK;
2545 }
2546 
2547 static void SetupDelayedDetect(SCInstance *suri)
2548 {
2549  /* In offline mode delayed init of detect is a bad idea */
2550  if (suri->offline) {
2551  suri->delayed_detect = 0;
2552  } else {
2553  if (SCConfGetBool("detect.delayed-detect", &suri->delayed_detect) != 1) {
2554  SCConfNode *denode = NULL;
2555  SCConfNode *decnf = SCConfGetNode("detect-engine");
2556  if (decnf != NULL) {
2557  TAILQ_FOREACH(denode, &decnf->head, next) {
2558  if (strcmp(denode->val, "delayed-detect") == 0) {
2559  (void)SCConfGetChildValueBool(
2560  denode, "delayed-detect", &suri->delayed_detect);
2561  }
2562  }
2563  }
2564  }
2565  }
2566 
2567  SCLogConfig("Delayed detect %s", suri->delayed_detect ? "enabled" : "disabled");
2568  if (suri->delayed_detect) {
2569  SCLogInfo("Packets will start being processed before signatures are active.");
2570  }
2571 
2572 }
2573 
2574 static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri)
2575 {
2576  de_ctx->firewall_rule_file_exclusive = suri->firewall_rule_file;
2577 
2578  if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) {
2579  SCLogError("Loading signatures failed.");
2580  if (de_ctx->failure_fatal)
2581  return TM_ECODE_FAILED;
2582  }
2583 
2584  return TM_ECODE_OK;
2585 }
2586 
2587 static int ConfigGetCaptureValue(SCInstance *suri)
2588 {
2589  /* Pull the max pending packets from the config, if not found fall
2590  * back on a sane default. */
2591  intmax_t tmp_max_pending_packets;
2592  if (SCConfGetInt("max-pending-packets", &tmp_max_pending_packets) != 1)
2593  tmp_max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
2594  if (tmp_max_pending_packets < 1 || tmp_max_pending_packets > 2147483648) {
2595  SCLogError("Maximum max-pending-packets setting is 2147483648 and must be greater than 0. "
2596  "Please check %s for errors",
2597  suri->conf_filename);
2598  return TM_ECODE_FAILED;
2599  } else {
2600  max_pending_packets = (uint32_t)tmp_max_pending_packets;
2601  }
2602 
2603  SCLogDebug("Max pending packets set to %" PRIu32, max_pending_packets);
2604 
2605  /* Pull the default packet size from the config, if not found fall
2606  * back on a sane default. */
2607  const char *temp_default_packet_size;
2608  if ((SCConfGetNonNull("default-packet-size", &temp_default_packet_size)) != 1) {
2609  int lthread;
2610  int nlive;
2611  int strip_trailing_plus = 0;
2612  switch (suri->run_mode) {
2613  case RUNMODE_AFP_DEV:
2614  /* For AF_PACKET we delay setting the
2615  * default-packet-size until we know more about the
2616  * configuration. */
2617  break;
2618 #ifdef WINDIVERT
2619  case RUNMODE_WINDIVERT: {
2620  /* by default, WinDivert collects from all devices */
2621  const int mtu = GetGlobalMTUWin32();
2622 
2623  if (mtu > 0) {
2624  /* SLL_HEADER_LEN is the longest header + 8 for VLAN */
2625  default_packet_size = mtu + SLL_HEADER_LEN + 8;
2626  break;
2627  }
2628  default_packet_size = DEFAULT_PACKET_SIZE;
2629  break;
2630  }
2631 #endif /* WINDIVERT */
2632  case RUNMODE_NETMAP:
2633  /* in netmap igb0+ has a special meaning, however the
2634  * interface really is igb0 */
2635  strip_trailing_plus = 1;
2636  /* fall through */
2637  case RUNMODE_PLUGIN:
2638  case RUNMODE_PCAP_DEV:
2639  case RUNMODE_AFXDP_DEV:
2640  nlive = LiveGetDeviceCount();
2641  for (lthread = 0; lthread < nlive; lthread++) {
2642  const char *live_dev = LiveGetDeviceName(lthread);
2643  char dev[128]; /* need to be able to support GUID names on Windows */
2644  (void)strlcpy(dev, live_dev, sizeof(dev));
2645 
2646  if (strip_trailing_plus) {
2647  size_t len = strlen(dev);
2648  if (len &&
2649  (dev[len-1] == '+' ||
2650  dev[len-1] == '^' ||
2651  dev[len-1] == '*'))
2652  {
2653  dev[len-1] = '\0';
2654  }
2655  }
2656  LiveDevice *ld = LiveGetDevice(dev);
2657  unsigned int iface_max_packet_size = GetIfaceMaxPacketSize(ld);
2658  if (iface_max_packet_size > default_packet_size)
2659  default_packet_size = iface_max_packet_size;
2660  }
2661  if (default_packet_size)
2662  break;
2663  /* fall through */
2664  default:
2665  default_packet_size = DEFAULT_PACKET_SIZE;
2666  }
2667  } else {
2668  if (ParseSizeStringU32(temp_default_packet_size, &default_packet_size) < 0) {
2669  SCLogError("Error parsing max-pending-packets "
2670  "from conf file - %s. Killing engine",
2671  temp_default_packet_size);
2672  return TM_ECODE_FAILED;
2673  }
2674  }
2675 
2676  SCLogDebug("Default packet size set to %"PRIu32, default_packet_size);
2677 
2678  return TM_ECODE_OK;
2679 }
2680 
2681 static void PostRunStartedDetectSetup(const SCInstance *suri)
2682 {
2683 #ifndef OS_WIN32
2684  /* registering signal handlers we use. We setup usr2 here, so that one
2685  * can't call it during the first sig load phase or while threads are still
2686  * starting up. */
2687  if (DetectEngineEnabled() && suri->delayed_detect == 0) {
2688  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2689  UtilSignalUnblock(SIGUSR2);
2690  }
2691 #endif
2692  if (suri->delayed_detect) {
2693  /* force 'reload', this will load the rules and swap engines */
2694  DetectEngineReload(suri);
2695  SCLogNotice("Signature(s) loaded, Detect thread(s) activated.");
2696 #ifndef OS_WIN32
2697  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2698  UtilSignalUnblock(SIGUSR2);
2699 #endif
2700  }
2701 }
2702 
2703 void PostConfLoadedDetectSetup(SCInstance *suri)
2704 {
2705  DetectEngineCtx *de_ctx = NULL;
2706  if (!suri->disabled_detect) {
2707  SetupDelayedDetect(suri);
2708  int mt_enabled = 0;
2709  (void)SCConfGetBool("multi-detect.enabled", &mt_enabled);
2710  int default_tenant = 0;
2711  if (mt_enabled)
2712  (void)SCConfGetBool("multi-detect.default", &default_tenant);
2713  if (DetectEngineMultiTenantSetup(suri->unix_socket_enabled) == -1) {
2714  FatalError("initializing multi-detect "
2715  "detection engine contexts failed.");
2716  }
2717  if (suri->delayed_detect && suri->run_mode != RUNMODE_CONF_TEST) {
2718  de_ctx = DetectEngineCtxInitStubForDD();
2719  } else if (mt_enabled && !default_tenant && suri->run_mode != RUNMODE_CONF_TEST) {
2720  de_ctx = DetectEngineCtxInitStubForMT();
2721  } else {
2722  de_ctx = DetectEngineCtxInit();
2723  }
2724  if (de_ctx == NULL) {
2725  FatalError("initializing detection engine failed.");
2726  }
2727 
2728  if (de_ctx->type == DETECT_ENGINE_TYPE_NORMAL) {
2729  if (LoadSignatures(de_ctx, suri) != TM_ECODE_OK)
2730  exit(EXIT_FAILURE);
2731  }
2732 
2733  gettimeofday(&de_ctx->last_reload, NULL);
2734  DetectEngineAddToMaster(de_ctx);
2735  DetectEngineBumpVersion();
2736  DetectEngineMpmCacheService(
2737  DETECT_ENGINE_MPM_CACHE_OP_SAVE | DETECT_ENGINE_MPM_CACHE_OP_PRUNE);
2738  }
2739 }
2740 
2741 static void PostConfLoadedSetupHostMode(void)
2742 {
2743  const char *hostmode = NULL;
2744 
2745  if (SCConfGetNonNull("host-mode", &hostmode) == 1) {
2746  if (!strcmp(hostmode, "router")) {
2747  g_engine_host_mode = ENGINE_HOST_IS_ROUTER;
2748  } else if (!strcmp(hostmode, "bridge")) {
2749  g_engine_host_mode = ENGINE_HOST_IS_BRIDGE;
2750  } else if (!strcmp(hostmode, "sniffer-only")) {
2751  g_engine_host_mode = ENGINE_HOST_IS_SNIFFER_ONLY;
2752  } else {
2753  if (strcmp(hostmode, "auto") != 0) {
2754  WarnInvalidConfEntry("host-mode", "%s", "auto");
2755  }
2756  if (EngineModeIsIPS()) {
2757  /* only set if not already set by the runmode */
2758  if (g_engine_host_mode == ENGINE_HOST_IS_SNIFFER_ONLY) {
2759  SCLogDebug("host mode set to %u setting to %u", g_engine_host_mode,
2760  ENGINE_HOST_IS_ROUTER);
2761  g_engine_host_mode = ENGINE_HOST_IS_ROUTER;
2762  }
2763  } else {
2764  g_engine_host_mode = ENGINE_HOST_IS_SNIFFER_ONLY;
2765  }
2766  }
2767  } else {
2768  if (EngineModeIsIPS()) {
2769  /* only set if not already set by the runmode */
2770  if (g_engine_host_mode == ENGINE_HOST_IS_SNIFFER_ONLY) {
2771  SCLogDebug("host mode set to %u setting to %u", g_engine_host_mode,
2772  ENGINE_HOST_IS_ROUTER);
2773  g_engine_host_mode = ENGINE_HOST_IS_ROUTER;
2774  SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
2775  "default setting 'router'");
2776  }
2777  } else {
2778  g_engine_host_mode = ENGINE_HOST_IS_SNIFFER_ONLY;
2779  SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
2780  "default setting 'sniffer-only'");
2781  }
2782  }
2783 }
2784 
2785 static void SetupUserMode(SCInstance *suri)
2786 {
2787  /* apply 'user mode' config updates here */
2788  if (!suri->system) {
2789  if (!suri->set_logdir) {
2790  /* override log dir to current work dir" */
2791  if (ConfigSetLogDirectory((char *)".") != TM_ECODE_OK) {
2792  FatalError("could not set USER mode logdir");
2793  }
2794  }
2795  if (!suri->set_datadir) {
2796  /* override data dir to current work dir" */
2797  if (ConfigSetDataDirectory((char *)".") != TM_ECODE_OK) {
2798  FatalError("could not set USER mode datadir");
2799  }
2800  }
2801  }
2802 }
2803 
2804 /**
2805  * This function is meant to contain code that needs
2806  * to be run once the configuration has been loaded.
2807  */
2808 int PostConfLoadedSetup(SCInstance *suri)
2809 {
2810  int cnf_firewall_enabled = 0;
2811  if (SCConfGetBool("firewall.enabled", &cnf_firewall_enabled) == 1) {
2812  if (cnf_firewall_enabled == 1) {
2813  suri->is_firewall = true;
2814  } else {
2815  if (suri->is_firewall) {
2816  FatalError("firewall mode enabled through commandline, but disabled in config");
2817  }
2818  }
2819  }
2820  if (suri->is_firewall) {
2821  SCLogWarning("firewall mode is EXPERIMENTAL and subject to change");
2822  EngineModeSetFirewall(g_engine_host_mode);
2823  }
2824 
2825  /* load the pattern matchers */
2826  MpmTableSetup();
2827  SpmTableSetup();
2828 
2829  int disable_offloading;
2830  if (SCConfGetBool("capture.disable-offloading", &disable_offloading) == 0)
2831  disable_offloading = 1;
2832  if (disable_offloading) {
2833  LiveSetOffloadDisable();
2834  } else {
2835  LiveSetOffloadWarn();
2836  }
2837 
2838  if (suri->checksum_validation == -1) {
2839  const char *cv = NULL;
2840  if (SCConfGetNonNull("capture.checksum-validation", &cv) == 1) {
2841  if (strcmp(cv, "none") == 0) {
2842  suri->checksum_validation = 0;
2843  } else if (strcmp(cv, "all") == 0) {
2844  suri->checksum_validation = 1;
2845  }
2846  }
2847  }
2848  switch (suri->checksum_validation) {
2849  case 0:
2850  SCConfSet("stream.checksum-validation", "0");
2851  break;
2852  case 1:
2853  SCConfSet("stream.checksum-validation", "1");
2854  break;
2855  }
2856 
2857  if (suri->runmode_custom_mode) {
2858  SCConfSet("runmode", suri->runmode_custom_mode);
2859  }
2860 
2861  SCStorageInit();
2862 #ifdef HAVE_PACKET_EBPF
2863  if (suri->run_mode == RUNMODE_AFP_DEV) {
2864  EBPFRegisterExtension();
2865  LiveDevRegisterExtension();
2866  }
2867 #endif
2868  RegisterFlowBypassInfo();
2869 
2870  MacSetRegisterFlowStorage();
2871  FlowRateRegisterFlowStorage();
2872 
2873  SigTableInit();
2874 
2875 #ifdef HAVE_PLUGINS
2876  SCPluginsLoad(suri->capture_plugin_name, suri->capture_plugin_args, suri->additional_plugins);
2877 #endif
2878 
2879  LiveDeviceFinalize(); // must be after EBPF extension registration
2880 
2881  if (RunModeEngineIsIPS(suricata.run_mode, suricata.runmode_custom_mode,
2882  suricata.capture_plugin_name) < 0) {
2883  FatalError("IPS mode setup failed");
2884  }
2885 
2886  if (EngineModeIsUnknown()) { // if still uninitialized, set the default
2887  SCLogInfo("Setting engine mode to IDS mode by default");
2888  EngineModeSetIDS();
2889  }
2890 
2891  SetMasterExceptionPolicy();
2892 
2893  SCConfNode *eps = SCConfGetNode("stats.exception-policy");
2894  if (eps != NULL) {
2895  if (SCConfNodeChildValueIsTrue(eps, "per-app-proto-errors")) {
2896  g_stats_eps_per_app_proto_errors = true;
2897  }
2898  }
2899 
2900  /* Must occur prior to output mod registration
2901  and app layer setup. */
2902  FeatureTrackingRegister();
2903 
2904  AppLayerSetup();
2905 
2906  /* Suricata will use this umask if provided. By default it will use the
2907  umask passed on from the shell. */
2908  const char *custom_umask;
2909  if (SCConfGetNonNull("umask", &custom_umask) == 1) {
2910  uint16_t mask;
2911  if (StringParseUint16(&mask, 8, (uint16_t)strlen(custom_umask), custom_umask) > 0) {
2912  umask((mode_t)mask);
2913  }
2914  }
2915 
2916  if (ConfigGetCaptureValue(suri) != TM_ECODE_OK) {
2917  SCReturnInt(TM_ECODE_FAILED);
2918  }
2919 
2920 #ifdef NFQ
2921  if (suri->run_mode == RUNMODE_NFQ)
2922  NFQInitConfig(false);
2923 #endif
2924 
2925  /* Load the Host-OS lookup. */
2926  SCHInfoLoadFromConfig();
2927 
2928  if (suri->run_mode == RUNMODE_ENGINE_ANALYSIS) {
2929  SCLogInfo("== Carrying out Engine Analysis ==");
2930  const char *temp = NULL;
2931  if (SCConfGet("engine-analysis", &temp) == 0) {
2932  SCLogInfo("no engine-analysis parameter(s) defined in conf file. "
2933  "Please define/enable them in the conf to use this "
2934  "feature.");
2935  SCReturnInt(TM_ECODE_FAILED);
2936  }
2937  }
2938 
2939  /* hardcoded initialization code */
2940  SigTableSetup(); /* load the rule keywords */
2941  SigTableApplyStrictCommandLineOption(suri->strict_rule_parsing_string);
2942  TmqhSetup();
2943 
2944  TagInitCtx();
2945  PacketAlertTagInit();
2946  ThresholdInit();
2947  HostBitInitCtx();
2948  IPPairBitInitCtx();
2949 
2950  if (DetectAddressTestConfVars() < 0) {
2951  SCLogError(
2952  "basic address vars test failed. Please check %s for errors", suri->conf_filename);
2953  SCReturnInt(TM_ECODE_FAILED);
2954  }
2955  if (DetectPortTestConfVars() < 0) {
2956  SCLogError("basic port vars test failed. Please check %s for errors", suri->conf_filename);
2957  SCReturnInt(TM_ECODE_FAILED);
2958  }
2959 
2960  RegisterAllModules();
2961  AppLayerHtpNeedFileInspection();
2962 
2963  SCStorageFinalize();
2964 
2965  TmModuleRunInit();
2966 
2967  if (MayDaemonize(suri) != TM_ECODE_OK)
2968  SCReturnInt(TM_ECODE_FAILED);
2969 
2970  if (suri->install_signal_handlers) {
2971  if (InitSignalHandler(suri) != TM_ECODE_OK)
2972  SCReturnInt(TM_ECODE_FAILED);
2973  }
2974 
2975  /* Check for the existence of the default logging directory which we pick
2976  * from suricata.yaml. If not found, shut the engine down */
2977  suri->log_dir = SCConfigGetLogDirectory();
2978 
2979  if (ConfigCheckLogDirectoryExists(suri->log_dir) != TM_ECODE_OK) {
2980  SCLogError("The logging directory \"%s\" "
2981  "supplied by %s (default-log-dir) doesn't exist. "
2982  "Shutting down the engine",
2983  suri->log_dir, suri->conf_filename);
2984  SCReturnInt(TM_ECODE_FAILED);
2985  }
2986  if (!IsLogDirectoryWritable(suri->log_dir)) {
2987  SCLogError("The logging directory \"%s\" "
2988  "supplied by %s (default-log-dir) is not writable. "
2989  "Shutting down the engine",
2990  suri->log_dir, suri->conf_filename);
2991  SCReturnInt(TM_ECODE_FAILED);
2992  }
2993 
2994  if (suri->disabled_detect) {
2995  SCLogConfig("detection engine disabled");
2996  /* disable raw reassembly */
2997  (void)SCConfSetFinal("stream.reassembly.raw", "false");
2998  }
2999 
3000  HostInitConfig(HOST_VERBOSE);
3001 
3002  CoredumpLoadConfig();
3003 
3004  DecodeGlobalConfig();
3005 
3006  /* hostmode depends on engine mode being set */
3007  PostConfLoadedSetupHostMode();
3008 
3009  PreRunInit(suri->run_mode);
3010 
3011  SCReturnInt(TM_ECODE_OK);
3012 }
3013 
3014 void SuricataMainLoop(void)
3015 {
3016  SCInstance *suri = &suricata;
3017  while(1) {
3018  if (sigterm_count || sigint_count) {
3019  suricata_ctl_flags |= SURICATA_STOP;
3020  }
3021 
3022  if (suricata_ctl_flags & SURICATA_STOP) {
3023  SCLogNotice("Signal Received. Stopping engine.");
3024  break;
3025  }
3026 
3027  TmThreadCheckThreadState();
3028 
3029  if (sighup_count > 0) {
3030  OutputNotifyFileRotation();
3031  sighup_count--;
3032  }
3033 
3034  if (sigusr2_count > 0) {
3035  if (!(DetectEngineReloadIsStart())) {
3036  DetectEngineReloadStart();
3037  DetectEngineReload(suri);
3038  DetectEngineReloadSetIdle();
3039  sigusr2_count--;
3040  }
3041 
3042  } else if (DetectEngineReloadIsStart()) {
3043  DetectEngineReload(suri);
3044  DetectEngineReloadSetIdle();
3045  }
3046 
3047  usleep(10* 1000);
3048  }
3049 }
3050 
3051 /**
3052  * \brief Global initialization common to all runmodes.
3053  *
3054  * This can be used by fuzz targets.
3055  */
3056 
3057 int InitGlobal(void)
3058 {
3059  SC_ATOMIC_INIT(engine_stage);
3060 
3061  /* initialize the logging subsys */
3062  SCLogInitLogModule(NULL);
3063 
3064  SCSetThreadName("Suricata-Main");
3065 
3066  /* Ignore SIGUSR2 as early as possible. We redeclare interest
3067  * once we're done launching threads. The goal is to either die
3068  * completely or handle any and all SIGUSR2s correctly.
3069  */
3070 #ifndef OS_WIN32
3071  UtilSignalHandlerSetup(SIGUSR2, SIG_IGN);
3072  if (UtilSignalBlock(SIGUSR2)) {
3073  SCLogError("SIGUSR2 initialization error");
3074  return EXIT_FAILURE;
3075  }
3076 #endif
3077 
3078  ParseSizeInit();
3079  RunModeRegisterRunModes();
3080 
3081  /* Initialize the configuration module. */
3082  SCConfInit();
3083  DatalinkTableInit();
3084 
3085  VarNameStoreInit();
3086 
3087  // zero all module storage
3088  memset(tmm_modules, 0, TMM_SIZE * sizeof(TmModule));
3089 
3090  return 0;
3091 }
3092 
3093 void SuricataPreInit(const char *progname)
3094 {
3095  UtilCpuEnableSparcMisalignEmulation();
3096 
3097  SCInstanceInit(&suricata, progname);
3098 
3099  if (InitGlobal() != 0) {
3100  exit(EXIT_FAILURE);
3101  }
3102 }
3103 
3104 void SuricataInit(void)
3105 {
3106  /* Initializations for global vars, queues, etc (memsets, mutex init..) */
3107  GlobalsInitPreConfig();
3108 
3109  if (suricata.run_mode == RUNMODE_DUMP_CONFIG) {
3110  SCConfDump();
3111  exit(EXIT_SUCCESS);
3112  }
3113 
3114  int tracking = 1;
3115  if (SCConfGetBool("vlan.use-for-tracking", &tracking) == 1 && !tracking) {
3116  /* Ignore vlan_ids when comparing flows. */
3117  g_vlan_mask = 0x0000;
3118  }
3119  SCLogDebug("vlan tracking is %s", tracking == 1 ? "enabled" : "disabled");
3120  if (SCConfGetBool("livedev.use-for-tracking", &tracking) == 1 && !tracking) {
3121  /* Ignore livedev id when comparing flows. */
3122  g_livedev_mask = 0x0000;
3123  }
3124  if (SCConfGetBool("decoder.recursion-level.use-for-tracking", &tracking) == 1 && !tracking) {
3125  /* Ignore recursion level when comparing flows. */
3126  g_recurlvl_mask = 0x00;
3127  }
3128  SetupUserMode(&suricata);
3129  InitRunAs(&suricata);
3130 
3131  /* Since our config is now loaded we can finish configuring the
3132  * logging module. */
3133  SCLogLoadConfig(suricata.daemon, suricata.verbose, suricata.userid, suricata.groupid);
3134 
3135  LogVersion(&suricata);
3136  UtilCpuPrintSummary();
3137  RunModeInitializeThreadSettings();
3138 
3139  if (suricata.run_mode == RUNMODE_CONF_TEST)
3140  SCLogInfo("Running suricata under test mode");
3141 
3142  if (suricata.verbose) {
3143  SCLogInfo(
3144  "Running with verbose level %s", SCLogLevel2Name(suricata.verbose + SC_LOG_NOTICE));
3145  }
3146 
3147  if (ParseInterfacesList(suricata.aux_run_mode, suricata.pcap_dev) != TM_ECODE_OK) {
3148  exit(EXIT_FAILURE);
3149  }
3150 
3151  if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) {
3152  exit(EXIT_FAILURE);
3153  }
3154 
3155  SCDropMainThreadCaps(suricata.userid, suricata.groupid);
3156 
3157  /* Re-enable coredumps after privileges are dropped. */
3158  CoredumpEnable();
3159 
3160  if (suricata.run_mode != RUNMODE_UNIX_SOCKET && !suricata.disabled_detect) {
3161  suricata.unix_socket_enabled = ConfUnixSocketIsEnable();
3162  }
3163 
3164  PreRunPostPrivsDropInit(suricata.run_mode);
3165 
3166  SCOnLoggingReady();
3167 
3168  LandlockSandboxing(&suricata);
3169 
3170  PostConfLoadedDetectSetup(&suricata);
3171  if (suricata.run_mode == RUNMODE_ENGINE_ANALYSIS) {
3172  goto out;
3173  } else if (suricata.run_mode == RUNMODE_CONF_TEST){
3174  SCLogNotice("Configuration provided was successfully loaded. Exiting.");
3175  goto out;
3176  } else if (suricata.run_mode == RUNMODE_DUMP_FEATURES) {
3177  FeatureDump();
3178  goto out;
3179  }
3180 
3181  if (suricata.run_mode == RUNMODE_DPDK)
3182  prerun_snap = SystemHugepageSnapshotCreate();
3183 
3184  SCSetStartTime(&suricata);
3185  if (suricata.run_mode != RUNMODE_UNIX_SOCKET) {
3186  UnixManagerThreadSpawnNonRunmode(suricata.unix_socket_enabled);
3187  }
3188  RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode, suricata.capture_plugin_name,
3189  suricata.capture_plugin_args);
3190  return;
3191 
3192 out:
3193  GlobalsDestroy();
3194  exit(EXIT_SUCCESS);
3195 }
3196 
3197 void SuricataShutdown(void)
3198 {
3199  /* Update the engine stage/status flag */
3200  SC_ATOMIC_SET(engine_stage, SURICATA_DEINIT);
3201 
3202  UnixSocketKillSocketThread();
3203  PostRunDeinit(suricata.run_mode, &suricata.start_time);
3204  /* kill remaining threads */
3205  TmThreadKillThreads();
3206 }
3207 
3208 void SuricataPostInit(void)
3209 {
3210  /* Wait till all the threads have been initialized */
3211  if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) {
3212  SystemHugepageSnapshotDestroy(prerun_snap);
3213  FatalError("Engine initialization failed, "
3214  "aborting...");
3215  }
3216 
3217  int limit_nproc = 0;
3218  if (SCConfGetBool("security.limit-noproc", &limit_nproc) == 0) {
3219  limit_nproc = 0;
3220  }
3221 
3222 #if defined(SC_ADDRESS_SANITIZER)
3223  if (limit_nproc) {
3224  SCLogWarning(
3225  "\"security.limit-noproc\" (setrlimit()) not set when using address sanitizer");
3226  limit_nproc = 0;
3227  }
3228 #endif
3229 
3230  if (limit_nproc) {
3231 #if defined(HAVE_SYS_RESOURCE_H) && defined(RLIMIT_NPROC)
3232 #ifdef linux
3233  if (geteuid() == 0) {
3234  SCLogWarning("setrlimit has no effect when running as root.");
3235  }
3236 #endif
3237  struct rlimit r = { 0, 0 };
3238  if (setrlimit(RLIMIT_NPROC, &r) != 0) {
3239  SCLogWarning("setrlimit failed to prevent process creation.");
3240  }
3241 #else
3242  SCLogWarning("setrlimit unavailable.");
3243 #endif
3244  }
3245 
3246  SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
3247  PacketPoolPostRunmodes();
3248 
3249  /* pledge before allowing threads to continue to avoid an issue with pcap file directory mode,
3250  * see ticket #8300. */
3251  SCPledge();
3252 
3253  /* Un-pause all the paused threads */
3254  TmThreadContinueThreads();
3255 
3256  /* Must ensure all threads are fully operational before continuing with init process */
3257  if (TmThreadWaitOnThreadRunning() != TM_ECODE_OK) {
3258  SystemHugepageSnapshotDestroy(prerun_snap);
3259  exit(EXIT_FAILURE);
3260  }
3261 
3262  /* Print notice and send OS specific notification of threads in running state */
3263  OnNotifyRunning();
3264 
3265  PostRunStartedDetectSetup(&suricata);
3266  if (suricata.run_mode == RUNMODE_DPDK) { // only DPDK uses hpages at the moment
3267  SystemHugepageSnapshot *postrun_snap = SystemHugepageSnapshotCreate();
3268  SystemHugepageEvaluateHugepages(prerun_snap, postrun_snap);
3269  SystemHugepageSnapshotDestroy(prerun_snap);
3270  SystemHugepageSnapshotDestroy(postrun_snap);
3271  }
3272 }
RUNMODE_LIST_APP_LAYERS
@ RUNMODE_LIST_APP_LAYERS
Definition: runmodes.h:47
SCRunMode
enum SCRunModes SCRunMode
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:58
util-device-private.h
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1127
util-byte.h
SCInstance_::is_firewall
bool is_firewall
Definition: suricata.h:146
TmModuleUnixManagerRegister
void TmModuleUnixManagerRegister(void)
Definition: unix-manager.c:1289
StatsReleaseResources
void StatsReleaseResources(void)
Releases the resources allotted by the Stats API.
Definition: counters.c:1388
DETECT_ENGINE_MPM_CACHE_OP_PRUNE
#define DETECT_ENGINE_MPM_CACHE_OP_PRUNE
Definition: detect.h:1753
source-nflog.h
TagInitCtx
void TagInitCtx(void)
Definition: detect-engine-tag.c:52
TmModuleReceiveIPFWRegister
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
Definition: source-ipfw.c:151
flow-bypass.h
len
uint8_t len
Definition: app-layer-dnp3.h:2
SuricataMainLoop
void SuricataMainLoop(void)
Definition: suricata.c:3014
ExceptionSimulationCommandLineParser
int ExceptionSimulationCommandLineParser(const char *name, const char *arg)
Definition: util-exception-policy.c:396
SCInstance_::run_mode
enum SCRunModes run_mode
Definition: suricata.h:135
ippair.h
g_livedev_mask
uint16_t g_livedev_mask
Definition: suricata.c:210
SCInstance_::firewall_rule_file
char * firewall_rule_file
Definition: suricata.h:143
RUNMODE_AFXDP_DEV
@ RUNMODE_AFXDP_DEV
Definition: runmodes.h:37
app-layer-htp-range.h
AppLayerHtpNeedFileInspection
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
Definition: app-layer-htp.c:579
detect-engine.h
source-pcap.h
SCInstance_::groupid
uint32_t groupid
Definition: suricata.h:157
g_system
bool g_system
Definition: suricata.c:195
TmThreadDisablePacketThreads
void TmThreadDisablePacketThreads(const uint16_t set, const uint16_t check, const uint8_t module_flags)
Disable all packet threads.
Definition: tm-threads.c:1536
win32-syscall.h
SCInstance_::aux_run_mode
enum SCRunModes aux_run_mode
Definition: suricata.h:136
SCInstance_::daemon
int daemon
Definition: suricata.h:168
SCStorageInit
void SCStorageInit(void)
Definition: util-storage.c:68
IPPairInitConfig
void IPPairInitConfig(bool quiet)
initialize the configuration
Definition: ippair.c:162
SCLogInitLogModule
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
Definition: util-debug.c:1396
EngineModeSetIPS
void EngineModeSetIPS(const enum EngineHostMode mode)
Definition: suricata.c:264
SLL_HEADER_LEN
#define SLL_HEADER_LEN
Definition: decode-sll.h:27
SCInstance_::checksum_validation
int checksum_validation
Definition: suricata.h:171
SCEnableDefaultSignalHandlers
void SCEnableDefaultSignalHandlers(void)
Enable default signal handlers.
Definition: suricata.c:311
LiveDeviceListClean
int LiveDeviceListClean(void)
Definition: util-device.c:335
SCInstance_::do_setuid
bool do_setuid
Definition: suricata.h:153
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:4789
SCInstance_::start_time
struct timeval start_time
Definition: suricata.h:174
IsRunModeOffline
bool IsRunModeOffline(enum SCRunModes run_mode_to_check)
Definition: runmodes.c:558
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
prerun_snap
SystemHugepageSnapshot * prerun_snap
Definition: suricata.c:221
TmThreadContinueThreads
void TmThreadContinueThreads(void)
Unpauses all threads present in tv_root.
Definition: tm-threads.c:1968
RUNMODE_NFLOG
@ RUNMODE_NFLOG
Definition: runmodes.h:32
source-pcap-file.h
SCInstance_::do_setgid
bool do_setgid
Definition: suricata.h:154
CLS
#define CLS
Definition: suricata-common.h:77
stream-tcp.h
DetectEngineCtx_::type
enum DetectEngineType type
Definition: detect.h:1100
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:384
runmode-af-packet.h
SCInstance_::group_name
const char * group_name
Definition: suricata.h:152
DetectEngineCtx_::firewall_rule_file_exclusive
const char * firewall_rule_file_exclusive
Definition: detect.h:1191
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
runmode-unittests.h
RUNMODE_UNKNOWN
@ RUNMODE_UNKNOWN
Definition: runmodes.h:28
TmqhSetup
void TmqhSetup(void)
Definition: tm-queuehandlers.c:39
RUNMODE_LIST_APP_LAYER_FRAMES
@ RUNMODE_LIST_APP_LAYER_FRAMES
Definition: runmodes.h:50
SCConfGetRootNode
SCConfNode * SCConfGetRootNode(void)
Get the root configuration node.
Definition: conf.c:225
ENGINE_MODE_FIREWALL
@ ENGINE_MODE_FIREWALL
Definition: suricata.h:111
DetectEngineCtxInitStubForDD
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
Definition: detect-engine.c:2715
LiveDevRegisterExtension
void LiveDevRegisterExtension(void)
Definition: util-device.c:533
OutputTxShutdown
void OutputTxShutdown(void)
Definition: output-tx.c:667
THV_FLOW_LOOP
#define THV_FLOW_LOOP
Definition: threadvars.h:48
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:282
AppLayerHtpPrintStats
void AppLayerHtpPrintStats(void)
Definition: app-layer-htp.c:2430
util-hugepages.h
StatsSetupPostConfigPreOutput
void StatsSetupPostConfigPreOutput(void)
Definition: counters.c:973
SCInstance_::runmode_custom_mode
char * runmode_custom_mode
Definition: suricata.h:149
util-coredump-config.h
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:537
name
const char * name
Definition: detect-engine-proto.c:48
TmModuleReceiveNFQRegister
void TmModuleReceiveNFQRegister(void)
Definition: source-nfq.c:170
DetectEngineMpmCacheService
void DetectEngineMpmCacheService(uint32_t op_flags)
Definition: detect-engine.c:2559
LiveBuildDeviceList
int LiveBuildDeviceList(const char *runmode)
Definition: util-device.c:295
RunModeShutDown
void RunModeShutDown(void)
Definition: runmodes.c:576
SuricataInit
void SuricataInit(void)
Definition: suricata.c:3104
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:83
SCProtoNameInit
void SCProtoNameInit(void)
Definition: util-proto-name.c:414
SuricataPostInit
void SuricataPostInit(void)
Definition: suricata.c:3208
ippair-bit.h
RunModeDispatch
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
Definition: runmodes.c:405
util-macset.h
sigint_count
volatile sig_atomic_t sigint_count
Definition: suricata.c:157
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
RUNMODE_NFQ
@ RUNMODE_NFQ
Definition: runmodes.h:31
TmModuleRunDeInit
void TmModuleRunDeInit(void)
Definition: tm-modules.c:119
TmThreadsUnsealThreads
void TmThreadsUnsealThreads(void)
Definition: tm-threads.c:2159
RegisterFlowBypassInfo
void RegisterFlowBypassInfo(void)
Definition: flow-util.c:241
SCSetThreadName
#define SCSetThreadName(n)
Definition: threads.h:305
SCConfYamlHandleInclude
int SCConfYamlHandleInclude(SCConfNode *parent, const char *filename)
Include a file in the configuration.
Definition: conf-yaml-loader.c:115
sc_set_caps
bool sc_set_caps
Definition: suricata.c:193
SCLogDeInitLogModule
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
Definition: util-debug.c:1600
LiveDevice_
Definition: util-device-private.h:32
util-pidfile.h
TmModuleDecodeErfFileRegister
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
Definition: source-erf-file.c:98
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:973
StringParseUint16
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:296
SigTableInit
void SigTableInit(void)
Definition: detect-engine-register.c:525
DetectEngineReloadSetIdle
void DetectEngineReloadSetIdle(void)
Definition: detect-engine.c:2019
SCInstance_::userid
uint32_t userid
Definition: suricata.h:156
source-windivert-prototypes.h
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:353
DetectEngineGetCurrent
DetectEngineCtx * DetectEngineGetCurrent(void)
Definition: detect-engine.c:3987
EngineModeIsUnknown
int EngineModeIsUnknown(void)
Definition: suricata.c:234
VarNameStoreInit
void VarNameStoreInit(void)
TmModuleFlowRecyclerRegister
void TmModuleFlowRecyclerRegister(void)
Definition: flow-manager.c:1313
g_skip_prefilter
int g_skip_prefilter
Definition: detect-engine-mpm.c:1134
SCConfNodeChildValueIsTrue
int SCConfNodeChildValueIsTrue(const SCConfNode *node, const char *key)
Test if a configuration node has a true value.
Definition: conf.c:922
Daemonize
void Daemonize(void)
Daemonize the process.
Definition: util-daemon.c:101
UtilSignalHandlerSetup
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
Definition: util-signal.c:60
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
EngineModeSetFirewall
void EngineModeSetFirewall(const enum EngineHostMode mode)
Definition: suricata.c:258
TmModuleDecodeAFPRegister
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
Definition: source-af-packet.c:603
TmModuleDecodeWinDivertRegister
void TmModuleDecodeWinDivertRegister(void)
Definition: source-windivert.c:75
SURICATA_STOP
#define SURICATA_STOP
Definition: suricata.h:94
UtilCpuEnableSparcMisalignEmulation
void UtilCpuEnableSparcMisalignEmulation(void)
Handle memory access miss align on SPARC processors.
Definition: util-cpu.c:211
DetectEngineAddToMaster
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4813
SCConfGetChildValueBool
int SCConfGetChildValueBool(const SCConfNode *base, const char *name, int *val)
Definition: conf.c:542
TmModuleStatsLoggerRegister
void TmModuleStatsLoggerRegister(void)
Definition: output-stats.c:169
RegisterAllModules
void RegisterAllModules(void)
Definition: suricata.c:984
ENGINE_MODE_IPS
@ ENGINE_MODE_IPS
Definition: suricata.h:110
DetectEngineMultiTenantSetup
int DetectEngineMultiTenantSetup(const bool unix_socket)
setup multi-detect / multi-tenancy
Definition: detect-engine.c:4447
flow-bit.h
SC_LOG_NOTICE
@ SC_LOG_NOTICE
Definition: util-debug.h:40
SupportFastPatternForSigMatchTypes
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
Definition: detect-fast-pattern.c:142
EngineHostModeIsSniffer
bool EngineHostModeIsSniffer(void)
Definition: suricata.c:281
util-var-name.h
SCParseCommandLine
TmEcode SCParseCommandLine(int argc, char **argv)
Definition: suricata.c:1436
SCPledge
#define SCPledge(...)
Definition: util-privs.h:99
CheckValidDaemonModes
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
Definition: util-daemon.c:177
SCGetGroupID
void SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
Definition: util-privs.c:210
SCConfGetBool
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:524
unittests_fatal
int unittests_fatal
Definition: util-unittest.c:52
g_engine_host_mode
enum EngineHostMode g_engine_host_mode
Definition: suricata.c:184
TmThreadDisableReceiveThreads
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
Definition: tm-threads.c:1384
StatsInit
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
Definition: counters.c:963
util-privs.h
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:2346
SURICATA_DONE
#define SURICATA_DONE
Definition: suricata.h:96
MacSetRegisterFlowStorage
void MacSetRegisterFlowStorage(void)
Definition: util-macset.c:61
SuricataShutdown
void SuricataShutdown(void)
Definition: suricata.c:3197
SCInstance_::conf_filename
const char * conf_filename
Definition: suricata.h:178
GetIfaceMTU
int GetIfaceMTU(const char *dev)
output the link MTU
Definition: util-ioctl.c:82
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:404
p
Packet * p
Definition: fuzz_iprep.c:21
TmModuleReceiveNetmapRegister
void TmModuleReceiveNetmapRegister(void)
Definition: source-netmap.c:75
PacketPoolPostRunmodes
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
Definition: tmqh-packetpool.c:450
NFQInitConfig
void NFQInitConfig(bool quiet)
To initialize the NFQ global configuration data.
Definition: source-nfq.c:208
TmModuleReceiveWinDivertRegister
void TmModuleReceiveWinDivertRegister(void)
Definition: source-windivert.c:61
SystemHugepageSnapshot
Definition: util-hugepages.h:44
EngineModeIsFirewall
bool EngineModeIsFirewall(void)
Definition: suricata.c:239
REVISION
#define REVISION
Definition: suricata-common.h:69
HOST_VERBOSE
#define HOST_VERBOSE
Definition: host.h:92
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:82
SCProfilingDestroy
void SCProfilingDestroy(void)
Free resources used by profiling.
Definition: util-profiling.c:276
AFPPeersListClean
void AFPPeersListClean(void)
Clean the global peers list.
Definition: source-af-packet.c:585
RunModeInitializeOutputs
void RunModeInitializeOutputs(void)
Definition: runmodes.c:769
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1058
SCThresholdConfGlobalInit
void SCThresholdConfGlobalInit(void)
Definition: util-threshold-config.c:102
DecodeUnregisterCounters
void DecodeUnregisterCounters(void)
Definition: decode.c:608
SCInstance_::capture_plugin_name
const char * capture_plugin_name
Definition: suricata.h:183
SCConfYamlLoadFile
int SCConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
Definition: conf-yaml-loader.c:490
HostBitInitCtx
void HostBitInitCtx(void)
Definition: host-bit.c:49
EngineMode
EngineMode
Definition: suricata.h:106
SCInstance_::set_datadir
bool set_datadir
Definition: suricata.h:161
tmqh-packetpool.h
IsRunModeSystem
bool IsRunModeSystem(enum SCRunModes run_mode_to_check)
Definition: runmodes.c:545
g_ut_covered
int g_ut_covered
Definition: suricata.c:982
SCInstance_::capture_plugin_args
const char * capture_plugin_args
Definition: suricata.h:184
g_recurlvl_mask
uint8_t g_recurlvl_mask
Definition: suricata.c:214
ThresholdRegisterGlobalCounters
void ThresholdRegisterGlobalCounters(void)
Definition: detect-engine-threshold.c:136
TmModuleLoggerRegister
void TmModuleLoggerRegister(void)
Definition: output.c:907
FeatureDump
void FeatureDump(void)
Definition: feature.c:139
PacketPoolInit
void PacketPoolInit(void)
Definition: tmqh-packetpool.c:235
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:81
AppLayerDeSetup
int AppLayerDeSetup(void)
De initializes the app layer.
Definition: app-layer.c:1101
RUNMODE_LIST_APP_LAYER_HOOKS
@ RUNMODE_LIST_APP_LAYER_HOOKS
Definition: runmodes.h:49
RUNMODE_UNIX_SOCKET
@ RUNMODE_UNIX_SOCKET
Definition: runmodes.h:42
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
PcapTranslateIPToDevice
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
Definition: source-pcap.c:651
FlowDisableFlowRecyclerThread
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
Definition: flow-manager.c:1241
SCRunmodeSet
void SCRunmodeSet(SCRunMode run_mode)
Set the current run mode.
Definition: suricata.c:306
ParseSizeInit
void ParseSizeInit(void)
Definition: util-misc.c:36
TmModuleDecodePcapFileRegister
void TmModuleDecodePcapFileRegister(void)
Definition: source-pcap-file.c:130
TmModuleBypassedFlowManagerRegister
void TmModuleBypassedFlowManagerRegister(void)
Definition: flow-bypass.c:220
IPPairShutdown
void IPPairShutdown(void)
shutdown the flow engine
Definition: ippair.c:290
source-erf-dag.h
THV_RUNNING_DONE
#define THV_RUNNING_DONE
Definition: threadvars.h:46
SCConfInit
void SCConfInit(void)
Initialize the configuration system.
Definition: conf.c:121
util-signal.h
DetectParseFreeRegexes
void DetectParseFreeRegexes(void)
Definition: detect-parse.c:3669
SCConfDump
void SCConfDump(void)
Dump configuration to stdout.
Definition: conf.c:818
TmModuleDecodeNFLOGRegister
void TmModuleDecodeNFLOGRegister(void)
Definition: source-nflog.c:55
NFQParseAndRegisterQueues
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
Definition: source-nfq.c:882
RUNMODE_NETMAP
@ RUNMODE_NETMAP
Definition: runmodes.h:38
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:577
AppLayerSetup
int AppLayerSetup(void)
Setup the app layer.
Definition: app-layer.c:1084
FeatureTrackingRegister
void FeatureTrackingRegister(void)
Definition: feature.c:147
TmModuleReceiveDPDKRegister
void TmModuleReceiveDPDKRegister(void)
Definition: source-dpdk.c:51
UnixManagerThreadSpawnNonRunmode
void UnixManagerThreadSpawnNonRunmode(const bool unix_socket_enabled)
Definition: unix-manager.c:1283
RunModeInitializeThreadSettings
void RunModeInitializeThreadSettings(void)
Definition: runmodes.c:954
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition: stream-tcp.c:498
ENGINE_MODE_UNKNOWN
@ ENGINE_MODE_UNKNOWN
Definition: suricata.h:107
app-layer-htp.h
util-flow-rate.h
datasets.h
GetIfaceMaxPacketSize
int GetIfaceMaxPacketSize(LiveDevice *ld)
output max packet size for a link
Definition: util-ioctl.c:121
SCRunmodeGet
SCRunMode SCRunmodeGet(void)
Get the current run mode.
Definition: suricata.c:301
TmModuleDecodeNetmapRegister
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
Definition: source-netmap.c:85
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2376
feature.h
decode.h
SigTableCleanup
void SigTableCleanup(void)
Definition: detect-engine-register.c:485
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4873
sigterm_count
volatile sig_atomic_t sigterm_count
Definition: suricata.c:159
source-nfq.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:22
TmThreadWaitOnThreadInit
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
Definition: tm-threads.c:2007
SCLogLevel2Name
const char * SCLogLevel2Name(const SCLogLevel lvl)
Definition: util-debug.c:1071
TmModuleVerdictNFQRegister
void TmModuleVerdictNFQRegister(void)
Definition: source-nfq.c:185
AppLayerRegisterGlobalCounters
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
Definition: app-layer.c:1165
SCFinalizeRunMode
int SCFinalizeRunMode(int argc)
Definition: suricata.c:2524
RunModeListRunmodes
void RunModeListRunmodes(void)
Lists all registered runmodes.
Definition: runmodes.c:256
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
util-cpu.h
suricata
SCInstance suricata
Definition: suricata.c:227
SCInstance_::unix_socket_enabled
bool unix_socket_enabled
Definition: suricata.h:162
LiveSetOffloadDisable
void LiveSetOffloadDisable(void)
Definition: util-device.c:77
StatsSetupPostConfigPostOutput
void StatsSetupPostConfigPostOutput(void)
Definition: counters.c:978
EngineModeSetIDS
void EngineModeSetIDS(void)
Definition: suricata.c:276
RUNMODE_LIST_KEYWORDS
@ RUNMODE_LIST_KEYWORDS
Definition: runmodes.h:46
SpmTableSetup
void SpmTableSetup(void)
Definition: util-spm.c:131
TmModuleReceiveAFPRegister
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
Definition: source-af-packet.c:381
RUNMODE_UNITTEST
@ RUNMODE_UNITTEST
Definition: runmodes.h:41
LiveBuildDeviceListCustom
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
Definition: util-device.c:300
util-exception-policy.h
LiveGetDevice
LiveDevice * LiveGetDevice(const char *name)
Get a pointer to the device at idx.
Definition: util-device.c:269
UnixSocketKillSocketThread
void UnixSocketKillSocketThread(void)
Definition: unix-manager.c:1279
TmModuleVerdictIPFWRegister
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
Definition: source-ipfw.c:172
flow-worker.h
SCConfGetInt
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:441
g_stats_eps_per_app_proto_errors
bool g_stats_eps_per_app_proto_errors
Definition: suricata.c:224
ENGINE_HOST_IS_ROUTER
@ ENGINE_HOST_IS_ROUTER
Definition: suricata.h:117
HttpRangeContainersInit
void HttpRangeContainersInit(void)
Definition: app-layer-htp-range.c:169
util-reference-config.h
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:1146
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:166
TmModuleVerdictWinDivertRegister
void TmModuleVerdictWinDivertRegister(void)
Definition: source-windivert.c:68
DetectEngineCtx_::failure_fatal
bool failure_fatal
Definition: detect.h:974
SCInstance_::progname
const char * progname
Definition: suricata.h:177
HostCleanup
void HostCleanup(void)
Cleanup the host engine.
Definition: host.c:332
SCEnter
#define SCEnter(...)
Definition: util-debug.h:284
FlowDisableFlowManagerThread
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
Definition: flow-manager.c:133
RUNMODE_DAG
@ RUNMODE_DAG
Definition: runmodes.h:35
util-ebpf.h
SCInstance_::pcap_dev
char pcap_dev[128]
Definition: suricata.h:138
SCConfGetNonNull
int SCConfGetNonNull(const char *name, const char **vptr)
Retrieve the non-null value of a configuration node.
Definition: conf.c:381
detect.h
util-affinity.h
UtilSignalUnblock
int UtilSignalUnblock(int signum)
Definition: util-signal.c:46
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3954
TmThreadClearThreadsFamily
void TmThreadClearThreadsFamily(int family)
Definition: tm-threads.c:1677
THV_KILL
#define THV_KILL
Definition: threadvars.h:40
THV_REQ_FLOW_LOOP
#define THV_REQ_FLOW_LOOP
Definition: threadvars.h:47
FlowRateRegisterFlowStorage
void FlowRateRegisterFlowStorage(void)
Definition: util-flow-rate.c:60
TmModuleRunInit
void TmModuleRunInit(void)
Definition: tm-modules.c:104
detect-engine-port.h
SCInstance_::user_name
const char * user_name
Definition: suricata.h:151
HTPAtExitPrintStats
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
Definition: app-layer-htp.c:1586
util-time.h
UtilSignalBlock
int UtilSignalBlock(int signum)
Definition: util-signal.c:29
SCProfilingPrefilterGlobalInit
void SCProfilingPrefilterGlobalInit(void)
Definition: util-profiling-prefilter.c:61
ThresholdDestroy
void ThresholdDestroy(void)
Definition: detect-engine-threshold.c:145
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:262
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2808
GetProgramVersion
const char * GetProgramVersion(void)
get string with program version
Definition: suricata.c:1223
engine_analysis
int engine_analysis
app-layer-parser.h
TmModuleReceivePcapFileRegister
void TmModuleReceivePcapFileRegister(void)
Definition: source-pcap-file.c:117
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:325
runmode-netmap.h
CoredumpLoadConfig
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
Definition: util-coredump-config.c:95
detect-engine-tag.h
IPFWRegisterQueue
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
Definition: source-ipfw.c:700
xstr
#define xstr(s)
Definition: suricata-common.h:315
util-profiling.h
ListAppLayerHooks
int ListAppLayerHooks(const char *conf_filename)
Definition: util-running-modes.c:78
ListAppLayerProtocols
int ListAppLayerProtocols(const char *conf_filename)
Definition: util-running-modes.c:46
SCInstance_::offline
int offline
Definition: suricata.h:169
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:770
UtilCpuPrintSummary
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
Definition: util-cpu.c:140
profiling_packets_enabled
int profiling_packets_enabled
Definition: util-profiling.c:94
SystemDNotifyReady
int SystemDNotifyReady(void)
TmThreadKillThreads
void TmThreadKillThreads(void)
Definition: tm-threads.c:1623
OutputDeregisterAll
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
Definition: output.c:653
source-pcap-file-helper.h
PostConfLoadedDetectSetup
void PostConfLoadedDetectSetup(SCInstance *suri)
Definition: suricata.c:2703
EngineModeIsIDS
int EngineModeIsIDS(void)
Definition: suricata.c:252
RUNMODE_PLUGIN
@ RUNMODE_PLUGIN
Definition: runmodes.h:44
util-systemd.h
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:29
conf-yaml-loader.h
SURICATA_DEINIT
@ SURICATA_DEINIT
Definition: suricata.h:102
decode-sll.h
SCConfigGetLogDirectory
const char * SCConfigGetLogDirectory(void)
Definition: util-conf.c:38
coverage_unittests
int coverage_unittests
Definition: suricata.c:980
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:848
detect-engine-alert.h
conf.h
util-landlock.h
source-ipfw.h
TMM_SIZE
@ TMM_SIZE
Definition: tm-threads-common.h:76
source-netmap.h
OutputNotifyFileRotation
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
Definition: output.c:731
RUNMODE_WINDIVERT
@ RUNMODE_WINDIVERT
Definition: runmodes.h:43
VarNameStoreDestroy
void VarNameStoreDestroy(void)
Definition: util-var-name.c:116
SCInstance_::verbose
int verbose
Definition: suricata.h:170
source-lib.h
TmEcode
TmEcode
Definition: tm-threads-common.h:80
source-windivert.h
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:798
max_pending_packets
uint32_t max_pending_packets
Definition: suricata.c:187
util-plugin.h
SCInstance_::additional_configs
const char ** additional_configs
Definition: suricata.h:179
flow-timeout.h
DEFAULT_PID_FILENAME
#define DEFAULT_PID_FILENAME
Definition: suricata.h:88
RUNMODE_AFP_DEV
@ RUNMODE_AFP_DEV
Definition: runmodes.h:36
sighup_count
volatile sig_atomic_t sighup_count
Definition: suricata.c:158
ConfigSetDataDirectory
TmEcode ConfigSetDataDirectory(char *name)
Definition: util-conf.c:66
TmModuleDecodeErfDagRegister
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
Definition: source-erf-dag.c:151
SCInstance_::set_logdir
bool set_logdir
Definition: suricata.h:160
SCDropMainThreadCaps
#define SCDropMainThreadCaps(...)
Definition: util-privs.h:90
TmModuleDebugList
void TmModuleDebugList(void)
Definition: tm-modules.c:31
TmModuleDecodeNFQRegister
void TmModuleDecodeNFQRegister(void)
Definition: source-nfq.c:194
util-proto-name.h
STREAM_VERBOSE
#define STREAM_VERBOSE
Definition: stream-tcp.h:35
defrag.h
SCProtoNameRelease
void SCProtoNameRelease(void)
Definition: util-proto-name.c:435
MpmTableSetup
void MpmTableSetup(void)
Definition: util-mpm.c:224
SCInstance_::log_dir
const char * log_dir
Definition: suricata.h:176
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:292
source-nfq-prototypes.h
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:232
TmModuleReceiveNFLOGRegister
void TmModuleReceiveNFLOGRegister(void)
Definition: source-nflog.c:49
DEFAULT_PACKET_SIZE
#define DEFAULT_PACKET_SIZE
Definition: decode.h:711
TVT_MGMT
@ TVT_MGMT
Definition: tm-threads-common.h:89
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:35
TM_FLAG_RECEIVE_TM
#define TM_FLAG_RECEIVE_TM
Definition: tm-modules.h:32
util-host-os-info.h
TmModuleReceiveErfFileRegister
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-file.c:80
SCConfSetFromString
int SCConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
Definition: conf.c:267
RUNMODE_PRINT_USAGE
@ RUNMODE_PRINT_USAGE
Definition: runmodes.h:54
SCConfSetFinal
int SCConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:321
TmModule_
Definition: tm-modules.h:47
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
TmModuleDecodeAFXDPRegister
void TmModuleDecodeAFXDPRegister(void)
Registration Function for DecodeAFXDP.
Definition: source-af-xdp.c:91
default_packet_size
uint32_t default_packet_size
Definition: decode.c:77
tm-queuehandlers.h
SigTableApplyStrictCommandLineOption
void SigTableApplyStrictCommandLineOption(const char *str)
Definition: detect-parse.c:343
DETECT_ENGINE_TYPE_NORMAL
@ DETECT_ENGINE_TYPE_NORMAL
Definition: detect.h:910
PROG_NAME
#define PROG_NAME
Definition: suricata.h:75
TmThreadKillThreadsFamily
void TmThreadKillThreadsFamily(int family)
Definition: tm-threads.c:1594
detect-fast-pattern.h
FeatureTrackingRelease
void FeatureTrackingRelease(void)
Definition: feature.c:131
TmqhCleanup
void TmqhCleanup(void)
Clean up registration time allocs.
Definition: tm-queuehandlers.c:49
util-dpdk.h
util-conf.h
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition: stream-tcp.c:866
source-dpdk.h
flow-manager.h
DecodeGlobalConfig
void DecodeGlobalConfig(void)
Definition: decode.c:1144
SCInstance_::strict_rule_parsing_string
char * strict_rule_parsing_string
Definition: suricata.h:181
SuriHasSigFile
int SuriHasSigFile(void)
Definition: suricata.c:229
suricata-common.h
DetectEngineCtxInitStubForMT
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
Definition: detect-engine.c:2710
util-path.h
util-daemon.h
LiveGetDeviceName
const char * LiveGetDeviceName(int number)
Get a pointer to the device name at idx.
Definition: util-device.c:205
VERBOSE_MAX
#define VERBOSE_MAX
Definition: suricata.c:173
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:721
SCHInfoLoadFromConfig
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
Definition: util-host-os-info.c:281
DetectEngineBumpVersion
void DetectEngineBumpVersion(void)
Definition: detect-engine.c:3978
source-af-xdp.h
TVT_PPT
@ TVT_PPT
Definition: tm-threads-common.h:88
TmModuleFlowManagerRegister
void TmModuleFlowManagerRegister(void)
Definition: flow-manager.c:1299
SCStartInternalRunMode
int SCStartInternalRunMode(int argc, char **argv)
Definition: suricata.c:2450
SCPidfileTestRunning
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
Definition: util-pidfile.c:105
HostShutdown
void HostShutdown(void)
shutdown the flow engine
Definition: host.c:296
DOC_URL
#define DOC_URL
Definition: suricata.h:90
SCFstatFn
#define SCFstatFn(fd, statbuf)
Definition: util-path.h:34
output-filestore.h
LiveSetOffloadWarn
void LiveSetOffloadWarn(void)
Definition: util-device.c:82
ParseSizeDeinit
void ParseSizeDeinit(void)
Definition: util-misc.c:55
util-classification-config.h
SCConfDeInit
void SCConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:760
RunModeRegisterRunModes
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
Definition: runmodes.c:231
ListRuleProtocols
int ListRuleProtocols(const char *conf_filename)
Definition: util-running-modes.c:59
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(...)
Definition: util-debug.h:517
SCProfilingDump
void SCProfilingDump(void)
Definition: util-profiling.c:311
TmModuleReceiveAFXDPRegister
void TmModuleReceiveAFXDPRegister(void)
Definition: source-af-xdp.c:77
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:492
SCInstance_::sig_file
char * sig_file
Definition: suricata.h:139
RUNMODE_PRINT_VERSION
@ RUNMODE_PRINT_VERSION
Definition: runmodes.h:52
ParseSizeStringU32
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:174
EngineHostModeIsBridge
bool EngineHostModeIsBridge(void)
Definition: suricata.c:286
TmModuleReceiveErfDagRegister
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-dag.c:133
IPPairBitInitCtx
void IPPairBitInitCtx(void)
Definition: ippair-bit.c:49
ConfigSetLogDirectory
TmEcode ConfigSetLogDirectory(const char *name)
Definition: util-conf.c:33
util-validate.h
TmModuleDecodeIPFWRegister
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
Definition: source-ipfw.c:188
source-af-packet.h
ConfUnixSocketIsEnable
int ConfUnixSocketIsEnable(void)
Definition: util-conf.c:141
TM_FLAG_PACKET_ALL
#define TM_FLAG_PACKET_ALL
Definition: tm-modules.h:40
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
DETECT_ENGINE_MPM_CACHE_OP_SAVE
#define DETECT_ENGINE_MPM_CACHE_OP_SAVE
Definition: detect.h:1754
g_vlan_mask
uint16_t g_vlan_mask
Definition: suricata.c:206
RUNMODE_ERF_FILE
@ RUNMODE_ERF_FILE
Definition: runmodes.h:34
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:618
RUNMODE_DUMP_CONFIG
@ RUNMODE_DUMP_CONFIG
Definition: runmodes.h:55
sigusr2_count
volatile sig_atomic_t sigusr2_count
Definition: suricata.c:160
SystemHugepageSnapshotDestroy
void SystemHugepageSnapshotDestroy(SystemHugepageSnapshot *s)
Definition: util-hugepages.c:302
TmModuleDecodePcapRegister
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
Definition: source-pcap.c:153
util-running-modes.h
SCLoadYamlConfig
TmEcode SCLoadYamlConfig(void)
Definition: suricata.c:1049
unix-manager.h
runmode-af-xdp.h
str
#define str(s)
Definition: suricata-common.h:316
ConfigCheckDataDirectory
TmEcode ConfigCheckDataDirectory(const char *data_dir)
Definition: util-conf.c:104
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:184
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:274
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:190
DetectEngineReloadStart
int DetectEngineReloadStart(void)
Definition: detect-engine.c:1993
SCFree
#define SCFree(p)
Definition: util-mem.h:61
TopologyDestroy
void TopologyDestroy(void)
DEFAULT_CONF_FILE
#define DEFAULT_CONF_FILE
Definition: suricata.h:84
SC_LOG_MAX_LOG_MSG_LEN
#define SC_LOG_MAX_LOG_MSG_LEN
Definition: util-debug.h:92
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:272
TmModuleReceivePcapRegister
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
Definition: source-pcap.c:135
RUNMODE_DPDK
@ RUNMODE_DPDK
Definition: runmodes.h:39
SCGetUserID
void SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
Definition: util-privs.c:143
util-ioctl.h
detect-parse.h
RUNMODE_PCAP_DEV
@ RUNMODE_PCAP_DEV
Definition: runmodes.h:29
SCInstance_::system
bool system
Definition: suricata.h:159
SCInstance_::pid_filename
char * pid_filename
Definition: suricata.h:141
SCInstance_::install_signal_handlers
bool install_signal_handlers
Definition: suricata.h:164
TmModuleRespondRejectRegister
void TmModuleRespondRejectRegister(void)
Definition: respond-reject.c:50
CoredumpEnable
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
Definition: util-coredump-config.c:62
RunUnittests
void RunUnittests(int list_unittests, const char *regex_arg)
Definition: runmode-unittests.c:239
source-erf-file.h
ConfigCheckLogDirectoryExists
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
Definition: util-conf.c:56
SCConfSet
int SCConfSet(const char *name, const char *val)
Set a configuration value.
Definition: conf.c:242
TimeDeinit
void TimeDeinit(void)
Definition: util-time.c:88
PacketAlertTagInit
void PacketAlertTagInit(void)
Definition: detect-engine-alert.c:48
RunModeEngineIsIPS
int RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
Definition: runmodes.c:375
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:101
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2720
SCOnLoggingReady
void SCOnLoggingReady(void)
Invokes all registered logging ready callbacks.
Definition: output.c:774
TmModuleDecodeLibRegister
void TmModuleDecodeLibRegister(void)
register a "Decode" module for suricata as a library.
Definition: source-lib.c:107
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:246
ListAppLayerFrames
int ListAppLayerFrames(const char *conf_filename)
Definition: util-running-modes.c:128
SCProfilingKeywordsGlobalInit
void SCProfilingKeywordsGlobalInit(void)
Definition: util-profiling-keywords.c:61
suricata.h
EngineDone
void EngineDone(void)
Used to indicate that the current task is done.
Definition: suricata.c:503
SCInstance_::firewall_rule_file_exclusive
bool firewall_rule_file_exclusive
Definition: suricata.h:144
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:43
GetDocURL
const char * GetDocURL(void)
Definition: suricata.c:1202
util-mpm-hs.h
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
clean up / shutdown code for packet modes
Definition: suricata.c:2392
HostInitConfig
void HostInitConfig(bool quiet)
initialize the configuration
Definition: host.c:168
TmThreadWaitOnThreadRunning
TmEcode TmThreadWaitOnThreadRunning(void)
Waits for all threads to be in a running state.
Definition: tm-threads.c:1899
HttpRangeContainersDestroy
void HttpRangeContainersDestroy(void)
Definition: app-layer-htp-range.c:202
RUNMODE_CONF_TEST
@ RUNMODE_CONF_TEST
Definition: runmodes.h:56
SCLogLoadConfig
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
Definition: util-debug.c:1426
DetectEngineReload
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
Definition: detect-engine.c:4940
DEFAULT_MAX_PENDING_PACKETS
#define DEFAULT_MAX_PENDING_PACKETS
Definition: suricata.c:170
SCInstance_
Definition: suricata.h:134
DetectEngineClearMaster
void DetectEngineClearMaster(void)
Definition: detect-engine.c:4913
SetMasterExceptionPolicy
void SetMasterExceptionPolicy(void)
Definition: util-exception-policy.c:65
TmThreadCheckThreadState
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
Definition: tm-threads.c:1984
OutputFilestoreRegisterGlobalCounters
void OutputFilestoreRegisterGlobalCounters(void)
Definition: output-filestore.c:547
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:3057
SCInstance_::disabled_detect
int disabled_detect
Definition: suricata.h:167
LiveGetDeviceCount
int LiveGetDeviceCount(void)
Get the number of registered devices.
Definition: util-device.c:171
SystemHugepageSnapshotCreate
SystemHugepageSnapshot * SystemHugepageSnapshotCreate(void)
The function creates a snapshot of the system's hugepage usage per NUMA node and per hugepage size....
Definition: util-hugepages.c:321
SCProfilingSghsGlobalInit
void SCProfilingSghsGlobalInit(void)
Definition: util-profiling-rulegroups.c:61
EngineHostMode
EngineHostMode
Definition: suricata.h:115
RUNMODE_LIST_RULE_PROTOS
@ RUNMODE_LIST_RULE_PROTOS
Definition: runmodes.h:48
SCPidfileCreate
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
Definition: util-pidfile.c:42
LiveRegisterDeviceName
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
Definition: util-device.c:103
SCStatFn
#define SCStatFn(pathname, statbuf)
Definition: util-path.h:35
ENGINE_HOST_IS_BRIDGE
@ ENGINE_HOST_IS_BRIDGE
Definition: suricata.h:118
ENGINE_MODE_IDS
@ ENGINE_MODE_IDS
Definition: suricata.h:108
LiveDeviceFinalize
void LiveDeviceFinalize(void)
Definition: util-device.c:509
TmModuleDecodeDPDKRegister
void TmModuleDecodeDPDKRegister(void)
Registration Function for DecodeDPDK.
Definition: source-dpdk.c:65
SCInstance_::sig_file_exclusive
bool sig_file_exclusive
Definition: suricata.h:140
PROG_VER
#define PROG_VER
Definition: suricata.h:76
util-misc.h
PacketPoolDestroy
void PacketPoolDestroy(void)
Definition: tmqh-packetpool.c:265
HTPFreeConfig
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
Definition: app-layer-htp.c:1599
flow.h
LandlockSandboxing
void LandlockSandboxing(SCInstance *suri)
Definition: util-landlock.c:36
respond-reject.h
SCInstance_::regex_arg
char * regex_arg
Definition: suricata.h:142
ListKeywords
int ListKeywords(const char *keyword_info)
Definition: util-running-modes.c:34
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:250
SuricataPreInit
void SuricataPreInit(const char *progname)
Definition: suricata.c:3093
SCInstance_::additional_plugins
const char ** additional_plugins
Definition: suricata.h:180
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
DPDKCleanupEAL
void DPDKCleanupEAL(void)
Definition: util-dpdk.c:30
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
util-enum.h
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:288
RUNMODE_PRINT_BUILDINFO
@ RUNMODE_PRINT_BUILDINFO
Definition: runmodes.h:53
SCConfNode_
Definition: conf.h:37
SCPidfileRemove
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
Definition: util-pidfile.c:83
SCConfNode_::val
char * val
Definition: conf.h:39
ThresholdInit
void ThresholdInit(void)
Definition: detect-engine-threshold.c:128
TimeInit
void TimeInit(void)
Definition: util-time.c:80
SCInstance_::keyword_info
char * keyword_info
Definition: suricata.h:148
RUNMODE_LIST_UNITTEST
@ RUNMODE_LIST_UNITTEST
Definition: runmodes.h:57
NFQContextsClean
void NFQContextsClean(void)
Clean global contexts. Must be called on exit.
Definition: source-nfq.c:1306
SystemHugepageEvaluateHugepages
void SystemHugepageEvaluateHugepages(SystemHugepageSnapshot *pre_s, SystemHugepageSnapshot *post_s)
The function compares two hugepage snapshots and prints out recommendations for hugepage configuratio...
Definition: util-hugepages.c:361
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:109
SCStat
struct stat SCStat
Definition: util-path.h:33
SCProfilingInit
void SCProfilingInit(void)
Initialize profiling.
Definition: util-profiling.c:133
g_ut_modules
int g_ut_modules
Definition: suricata.c:981
detect-engine-address.h
GlobalsDestroy
void GlobalsDestroy(void)
Definition: suricata.c:412
ENGINE_HOST_IS_SNIFFER_ONLY
@ ENGINE_HOST_IS_SNIFFER_ONLY
Definition: suricata.h:116
output.h
util-threshold-config.h
DefragInit
void DefragInit(void)
Definition: defrag.c:1107
DetectEngineReloadIsStart
int DetectEngineReloadIsStart(void)
Definition: detect-engine.c:2007
SCStorageFinalize
int SCStorageFinalize(void)
Definition: util-storage.c:135
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:176
RUNMODE_IPFW
@ RUNMODE_IPFW
Definition: runmodes.h:33
host-bit.h
detect-engine-threshold.h
TM_FLAG_FLOWWORKER_TM
#define TM_FLAG_FLOWWORKER_TM
Definition: tm-modules.h:34
RUNMODE_LIST_RUNMODES
@ RUNMODE_LIST_RUNMODES
Definition: runmodes.h:51
app-layer.h
TagDestroyCtx
void TagDestroyCtx(void)
Destroy tag context hash tables.
Definition: detect-engine-tag.c:72
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1214
g_disable_randomness
int g_disable_randomness
Definition: suricata.c:199
geteuid
#define geteuid()
Definition: win32-misc.h:41
FlowWorkToDoCleanup
void FlowWorkToDoCleanup(void)
Clean up all the flows that have unprocessed segments and have some work to do in the detection engin...
Definition: flow-timeout.c:423
MpmHSGlobalCleanup
void MpmHSGlobalCleanup(void)
SCPluginsLoad
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args, const char **additional_plugins)
RUNMODE_DUMP_FEATURES
@ RUNMODE_DUMP_FEATURES
Definition: runmodes.h:64
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:218
TmqResetQueues
void TmqResetQueues(void)
Definition: tm-queues.c:81