Go to the documentation of this file.
34 #ifdef HAVE_SYS_RESOURCE_H
36 #include <sys/resource.h>
142 #ifdef SYSTEMD_NOTIFY
167 #define DEFAULT_MAX_PENDING_PACKETS 1024
192 #ifndef AFLFUZZ_NO_RANDOM
278 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
279 static void SignalHandlerSigint(
int sig)
283 static void SignalHandlerSigterm(
int sig)
289 #define UNW_LOCAL_ONLY
290 #include <libunwind.h>
291 static void SignalHandlerUnexpected(
int sig_num, siginfo_t *info,
void *context)
296 signal(SIGABRT, SIG_DFL);
297 signal(SIGSEGV, SIG_DFL);
299 if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
300 SCLogError(
"unable to obtain stack trace: unw_init_local: %s", unw_strerror(r));
309 if (unw_is_signal_frame(&cursor) == 0) {
312 if (unw_get_proc_name(&cursor, name,
sizeof(name), &off) == UNW_ENOMEM) {
321 r = unw_step(&cursor);
331 kill(getpid(), sig_num);
333 #undef UNW_LOCAL_ONLY
343 static void SignalHandlerSigusr2(
int sig)
353 static void SignalHandlerSigHup(
int sig)
406 #ifdef HAVE_AF_PACKET
414 #ifdef BUILD_HYPERSCAN
435 static void OnNotifyRunning(
void)
437 #ifdef SYSTEMD_NOTIFY
463 static int SetBpfString(
int argc,
char *argv[])
465 char *bpf_filter = NULL;
466 uint32_t bpf_len = 0;
471 while(argv[tmpindex] != NULL) {
472 bpf_len+=strlen(argv[tmpindex]) + 1;
484 while(argv[tmpindex] != NULL) {
485 strlcat(bpf_filter, argv[tmpindex],bpf_len);
486 if(argv[tmpindex + 1] != NULL) {
487 strlcat(bpf_filter,
" ", bpf_len);
492 if(strlen(bpf_filter) > 0) {
504 static void SetBpfStringFromFile(
char *filename)
506 char *bpf_filter = NULL;
507 char *bpf_comment_tmp = NULL;
508 char *bpf_comment_start = NULL;
509 uint32_t bpf_len = 0;
514 fp = fopen(filename,
"r");
516 SCLogError(
"Failed to open file %s", filename);
521 SCLogError(
"Failed to stat file %s", filename);
524 bpf_len = st.st_size + 1;
528 SCLogError(
"Failed to allocate buffer for bpf filter in file %s", filename);
532 nm = fread(bpf_filter, 1, bpf_len - 1, fp);
533 if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
534 SCLogError(
"Failed to read complete BPF file %s", filename);
540 bpf_filter[nm] =
'\0';
542 if(strlen(bpf_filter) > 0) {
544 bpf_comment_start = bpf_filter;
545 while((bpf_comment_tmp = strchr(bpf_comment_start,
'#')) != NULL) {
546 while((*bpf_comment_tmp !=
'\0') &&
547 (*bpf_comment_tmp !=
'\r') && (*bpf_comment_tmp !=
'\n'))
549 *bpf_comment_tmp++ =
' ';
551 bpf_comment_start = bpf_comment_tmp;
554 while((bpf_comment_tmp = strchr(bpf_filter,
'\r')) != NULL) {
555 *bpf_comment_tmp =
' ';
557 while((bpf_comment_tmp = strchr(bpf_filter,
'\n')) != NULL) {
558 *bpf_comment_tmp =
' ';
561 while (strlen(bpf_filter) > 0 &&
562 bpf_filter[strlen(bpf_filter)-1] ==
' ')
564 bpf_filter[strlen(bpf_filter)-1] =
'\0';
566 if (strlen(bpf_filter) > 0) {
576 static void PrintUsage(
const char *progname)
583 printf(
"USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
584 printf(
"\t-c <path> : path to configuration file\n");
585 printf(
"\t-T : test configuration file (use with -c)\n");
586 printf(
"\t-i <dev or ip> : run in pcap live mode\n");
587 printf(
"\t-F <bpf filter file> : bpf filter file\n");
588 printf(
"\t-r <path> : run in pcap file/offline mode\n");
590 printf(
"\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
593 printf(
"\t-d <divert port> : run in inline ipfw divert mode\n");
595 printf(
"\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
596 printf(
"\t-S <path> : path to signature file loaded exclusively (optional)\n");
597 printf(
"\t-l <dir> : default log directory\n");
599 printf(
"\t-D : run as daemon\n");
601 printf(
"\t--service-install : install as service\n");
602 printf(
"\t--service-remove : remove service\n");
603 printf(
"\t--service-change-params : change service startup parameters\n");
605 printf(
"\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
606 printf(
"\t-V : display Suricata version\n");
607 printf(
"\t-v : be more verbose (use multiple times to increase verbosity)\n");
609 printf(
"\t-u : run the unittests and exit\n");
610 printf(
"\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
611 printf(
"\t--list-unittests : list unit tests\n");
612 printf(
"\t--fatal-unittests : enable fatal failure on unittest error\n");
613 printf(
"\t--unittests-coverage : display unittest coverage report\n");
615 printf(
"\t--list-app-layer-protos : list supported app layer protocols\n");
616 printf(
"\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
617 printf(
"\t--list-runmodes : list supported runmodes\n");
618 printf(
"\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
619 "\t supplied should be the id for the runmode obtained by running\n"
620 "\t --list-runmodes\n");
621 printf(
"\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
622 "\t Please have a look at the conf parameter engine-analysis on what reports\n"
623 "\t can be printed\n");
624 printf(
"\t--pidfile <file> : write pid to this file\n");
625 printf(
"\t--init-errors-fatal : enable fatal failure on signature init error\n");
626 printf(
"\t--disable-detection : disable detection engine\n");
627 printf(
"\t--dump-config : show the running configuration\n");
628 printf(
"\t--dump-features : display provided features\n");
629 printf(
"\t--build-info : display build information\n");
630 printf(
"\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
631 printf(
"\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
632 printf(
"\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
633 printf(
"\t--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)\n");
634 printf(
"\t--pcap-file-buffer-size : set read buffer size (setvbuf)\n");
635 #ifdef HAVE_PCAP_SET_BUFF
636 printf(
"\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
639 printf(
"\t--dpdk : run in dpdk mode, uses interfaces from "
642 #ifdef HAVE_AF_PACKET
643 printf(
"\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
646 printf(
"\t--af-xdp[=<dev>] : run in af-xdp mode, no value select "
647 "interfaces from suricata.yaml\n");
650 printf(
"\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
653 printf(
"\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
654 printf(
"\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
655 printf(
"\t--pfring-cluster-id <id> : pfring cluster id \n");
656 printf(
"\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
658 printf(
"\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
659 #ifdef HAVE_LIBCAP_NG
660 printf(
"\t--user <user> : run suricata as this user after init\n");
661 printf(
"\t--group <group> : run suricata as this group after init\n");
663 printf(
"\t--erf-in <path> : process an ERF file\n");
665 printf(
"\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
668 printf(
"\t--napatech : run Napatech Streams using the API\n");
670 #ifdef BUILD_UNIX_SOCKET
671 printf(
"\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
674 printf(
"\t--windivert <filter> : run in inline WinDivert mode\n");
675 printf(
"\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
678 printf(
"\t--reject-dev <dev> : send reject packets from this interface\n");
680 printf(
"\t--include <path> : additional configuration file\n");
681 printf(
"\t--set name=value : set a configuration value\n");
683 printf(
"\nTo run the engine with default configuration on "
684 "interface eth0 with signature file \"signatures.rules\", run the "
685 "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
689 static void PrintBuildInfo(
void)
693 char features[2048] =
"";
698 strlcat(features,
"DEBUG ",
sizeof(features));
700 #ifdef DEBUG_VALIDATION
701 strlcat(features,
"DEBUG_VALIDATION ",
sizeof(features));
704 strlcat(features,
"UNITTESTS ",
sizeof(features));
707 strlcat(features,
"NFQ ",
sizeof(features));
710 strlcat(features,
"IPFW ",
sizeof(features));
712 #ifdef HAVE_PCAP_SET_BUFF
713 strlcat(features,
"PCAP_SET_BUFF ",
sizeof(features));
716 strlcat(features,
"PF_RING ",
sizeof(features));
718 #ifdef HAVE_AF_PACKET
719 strlcat(features,
"AF_PACKET ",
sizeof(features));
722 strlcat(features,
"NETMAP ",
sizeof(features));
724 #ifdef HAVE_PACKET_FANOUT
725 strlcat(features,
"HAVE_PACKET_FANOUT ",
sizeof(features));
728 strlcat(features,
"DAG ",
sizeof(features));
730 #ifdef HAVE_LIBCAP_NG
731 strlcat(features,
"LIBCAP_NG ",
sizeof(features));
734 strlcat(features,
"LIBNET1.1 ",
sizeof(features));
736 #ifdef HAVE_HTP_URI_NORMALIZE_HOOK
737 strlcat(features,
"HAVE_HTP_URI_NORMALIZE_HOOK ",
sizeof(features));
739 #ifdef PCRE2_HAVE_JIT
740 strlcat(features,
"PCRE_JIT ",
sizeof(features));
743 strlcat(features,
"HAVE_NSS ",
sizeof(features));
745 strlcat(features,
"HTTP2_DECOMPRESSION ",
sizeof(features));
747 strlcat(features,
"HAVE_LUA ",
sizeof(features));
749 strlcat(features,
"HAVE_JA3 ",
sizeof(features));
752 strlcat(features,
"HAVE_JA4 ",
sizeof(features));
754 strlcat(features,
"HAVE_LIBJANSSON ",
sizeof(features));
756 strlcat(features,
"PROFILING ",
sizeof(features));
758 #ifdef PROFILE_LOCKING
759 strlcat(features,
"PROFILE_LOCKING ",
sizeof(features));
761 #if defined(TLS_C11) || defined(TLS_GNU)
762 strlcat(features,
"TLS ",
sizeof(features));
765 strlcat(features,
"TLS_C11 ",
sizeof(features));
766 #elif defined(TLS_GNU)
767 strlcat(features,
"TLS_GNU ",
sizeof(features));
770 strlcat(features,
"MAGIC ",
sizeof(features));
772 strlcat(features,
"RUST ",
sizeof(features));
773 #if defined(SC_ADDRESS_SANITIZER)
774 strlcat(features,
"ASAN ",
sizeof(features));
776 #if defined(HAVE_POPCNT64)
777 strlcat(features,
"POPCNT64 ",
sizeof(features));
779 if (strlen(features) == 0) {
780 strlcat(features,
"none",
sizeof(features));
783 printf(
"Features: %s\n", features);
786 memset(features, 0x00,
sizeof(features));
787 #if defined(__SSE4_2__)
788 strlcat(features,
"SSE_4_2 ",
sizeof(features));
790 #if defined(__SSE4_1__)
791 strlcat(features,
"SSE_4_1 ",
sizeof(features));
793 #if defined(__SSE3__)
794 strlcat(features,
"SSE_3 ",
sizeof(features));
796 #if defined(__SSE2__)
797 strlcat(features,
"SSE_2 ",
sizeof(features));
799 if (strlen(features) == 0) {
800 strlcat(features,
"none",
sizeof(features));
802 printf(
"SIMD support: %s\n", features);
805 memset(features, 0x00,
sizeof(features));
806 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
807 strlcat(features,
"1 ",
sizeof(features));
809 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
810 strlcat(features,
"2 ",
sizeof(features));
812 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
813 strlcat(features,
"4 ",
sizeof(features));
815 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
816 strlcat(features,
"8 ",
sizeof(features));
818 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
819 strlcat(features,
"16 ",
sizeof(features));
821 if (strlen(features) == 0) {
822 strlcat(features,
"none",
sizeof(features));
824 strlcat(features,
"byte(s)",
sizeof(features));
826 printf(
"Atomic intrinsics: %s\n", features);
830 #elif __WORDSIZE == 32
833 bits =
"<unknown>-bits";
836 #if __BYTE_ORDER == __BIG_ENDIAN
837 endian =
"Big-endian";
838 #elif __BYTE_ORDER == __LITTLE_ENDIAN
839 endian =
"Little-endian";
841 endian =
"<unknown>-endian";
844 printf(
"%s, %s architecture\n", bits, endian);
846 printf(
"GCC version %s, C version %"PRIiMAX
"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
848 printf(
"C version %"PRIiMAX
"\n", (intmax_t)__STDC_VERSION__);
852 printf(
"compiled with -fstack-protector\n");
855 printf(
"compiled with -fstack-protector-all\n");
864 #if _FORTIFY_SOURCE == 2
865 printf(
"compiled with _FORTIFY_SOURCE=2\n");
866 #elif _FORTIFY_SOURCE == 1
867 printf(
"compiled with _FORTIFY_SOURCE=1\n");
868 #elif _FORTIFY_SOURCE == 0
869 printf(
"compiled with _FORTIFY_SOURCE=0\n");
872 printf(
"L1 cache line size (CLS)=%d\n",
CLS);
875 tls =
"_Thread_local";
876 #elif defined(TLS_GNU)
879 #error "Unsupported thread local"
881 printf(
"thread local storage method: %s\n", tls);
883 printf(
"compiled with %s, linked against %s\n",
884 HTP_VERSION_STRING_FULL, htp_get_version());
886 #include "build-info.h"
982 static TmEcode ParseInterfacesList(
const int runmode,
char *pcap_dev)
988 if (strlen(pcap_dev) == 0) {
991 SCLogError(
"No interface found in config for pcap");
998 if (strlen(pcap_dev)) {
999 if (
ConfSetFinal(
"pfring.live-interface", pcap_dev) != 1) {
1000 SCLogError(
"Failed to set pfring.live-interface");
1007 char iface_selector[] =
"dpdk.interfaces";
1010 SCLogError(
"No interface found in config for %s", iface_selector);
1014 #ifdef HAVE_AF_PACKET
1017 if (strlen(pcap_dev)) {
1018 if (
ConfSetFinal(
"af-packet.live-interface", pcap_dev) != 1) {
1019 SCLogError(
"Failed to set af-packet.live-interface");
1025 SCLogError(
"No interface found in config for af-packet");
1033 if (strlen(pcap_dev)) {
1034 if (
ConfSetFinal(
"af-xdp.live-interface", pcap_dev) != 1) {
1035 SCLogError(
"Failed to set af-xdp.live-interface");
1041 SCLogError(
"No interface found in config for af-xdp");
1049 if (strlen(pcap_dev)) {
1050 if (
ConfSetFinal(
"netmap.live-interface", pcap_dev) != 1) {
1051 SCLogError(
"Failed to set netmap.live-interface");
1057 SCLogError(
"No interface found in config for netmap");
1066 SCLogError(
"No group found in config for nflog");
1075 static void SCInstanceInit(
SCInstance *suri,
const char *progname)
1077 memset(suri, 0x00,
sizeof(*suri));
1104 #if HAVE_DETECT_DISABLED==1
1114 if (strstr(prog_ver,
"RELEASE") != NULL) {
1134 if (strstr(
PROG_VER,
"-dev") == NULL) {
1145 static TmEcode PrintVersion(
void)
1153 const char *mode = suri->
system ?
"SYSTEM" :
"USER";
1154 SCLogNotice(
"This is %s version %s running in %s mode",
1165 static void SCPrintElapsedTime(
struct timeval *start_time)
1167 if (start_time == NULL)
1169 struct timeval end_time;
1170 memset(&end_time, 0,
sizeof(end_time));
1171 gettimeofday(&end_time, NULL);
1172 uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1173 (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1174 SCLogInfo(
"time elapsed %.3fs", (
float)milliseconds/(
float)1000);
1177 static int ParseCommandLineAfpacket(
SCInstance *suri,
const char *in_arg)
1179 #ifdef HAVE_AF_PACKET
1191 SCLogInfo(
"Multiple af-packet option without interface on each is useless");
1195 "has been specified");
1201 SCLogError(
"AF_PACKET not enabled. On Linux "
1202 "host, make sure to pass --enable-af-packet to "
1203 "configure when building.");
1208 static int ParseCommandLineAfxdp(
SCInstance *suri,
const char *in_arg)
1222 SCLogInfo(
"Multiple af-xdp options without interface on each is useless");
1226 "has been specified");
1233 "host, make sure correct libraries are installed,"
1234 " see documentation for information.");
1239 static int ParseCommandLineDpdk(
SCInstance *suri,
const char *in_arg)
1245 SCLogInfo(
"Multiple dpdk options have no effect on Suricata");
1248 "has been specified");
1255 "host, make sure to pass --enable-dpdk to "
1256 "configure when building.");
1261 static int ParseCommandLinePcapLive(
SCInstance *suri,
const char *in_arg)
1263 #if defined(OS_WIN32) && !defined(HAVE_LIBWPCAP)
1265 FatalError(
"Live capture not available. To support live capture compile against Npcap.");
1269 if (in_arg != NULL) {
1272 if (strlen(in_arg) > 9 && strncmp(in_arg,
"DeviceNPF", 9) == 0) {
1273 snprintf(suri->
pcap_dev,
sizeof(suri->
pcap_dev),
"\\Device\\NPF%s", in_arg+9);
1279 if (strcmp(suri->
pcap_dev, in_arg) != 0) {
1281 }
else if (strlen(suri->
pcap_dev) > 0 && isdigit((
unsigned char)suri->
pcap_dev[0])) {
1282 SCLogError(
"failed to find a pcap device for IP %s", in_arg);
1296 "has been specified");
1306 static bool IsLogDirectoryWritable(
const char*
str)
1308 if (access(
str, W_OK) == 0)
1320 int dump_config = 0;
1321 int dump_features = 0;
1322 int list_app_layer_protocols = 0;
1323 int list_unittests = 0;
1324 int list_runmodes = 0;
1325 int list_keywords = 0;
1338 struct option long_opts[] = {
1339 {
"dump-config", 0, &dump_config, 1},
1340 {
"dump-features", 0, &dump_features, 1},
1341 {
"pfring", optional_argument, 0, 0},
1342 {
"pfring-int", required_argument, 0, 0},
1343 {
"pfring-cluster-id", required_argument, 0, 0},
1344 {
"pfring-cluster-type", required_argument, 0, 0},
1348 {
"af-packet", optional_argument, 0, 0},
1349 {
"af-xdp", optional_argument, 0, 0},
1350 {
"netmap", optional_argument, 0, 0},
1351 {
"pcap", optional_argument, 0, 0},
1352 {
"pcap-file-continuous", 0, 0, 0},
1353 {
"pcap-file-delete", 0, 0, 0},
1354 {
"pcap-file-recursive", 0, 0, 0},
1355 {
"pcap-file-buffer-size", required_argument, 0, 0},
1356 {
"simulate-ips", 0, 0 , 0},
1358 {
"strict-rule-keywords", optional_argument, 0, 0},
1360 {
"capture-plugin", required_argument, 0, 0},
1361 {
"capture-plugin-args", required_argument, 0, 0},
1363 #ifdef BUILD_UNIX_SOCKET
1364 {
"unix-socket", optional_argument, 0, 0},
1366 {
"pcap-buffer-size", required_argument, 0, 0},
1367 {
"unittest-filter", required_argument, 0,
'U'},
1368 {
"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1369 {
"list-unittests", 0, &list_unittests, 1},
1370 {
"list-runmodes", 0, &list_runmodes, 1},
1371 {
"list-keywords", optional_argument, &list_keywords, 1},
1372 {
"runmode", required_argument, NULL, 0},
1375 {
"service-install", 0, 0, 0},
1376 {
"service-remove", 0, 0, 0},
1377 {
"service-change-params", 0, 0, 0},
1379 {
"pidfile", required_argument, 0, 0},
1380 {
"init-errors-fatal", 0, 0, 0},
1381 {
"disable-detection", 0, 0, 0},
1382 {
"disable-hashing", 0, 0, 0},
1383 {
"fatal-unittests", 0, 0, 0},
1385 {
"user", required_argument, 0, 0},
1386 {
"group", required_argument, 0, 0},
1387 {
"erf-in", required_argument, 0, 0},
1388 {
"dag", required_argument, 0, 0},
1389 {
"napatech", 0, 0, 0},
1390 {
"build-info", 0, &build_info, 1},
1391 {
"data-dir", required_argument, 0, 0},
1393 {
"windivert", required_argument, 0, 0},
1394 {
"windivert-forward", required_argument, 0, 0},
1396 #ifdef HAVE_LIBNET11
1397 {
"reject-dev", required_argument, 0, 0},
1399 {
"set", required_argument, 0, 0},
1401 {
"nflog", optional_argument, 0, 0},
1403 {
"simulate-packet-flow-memcap", required_argument, 0, 0},
1404 {
"simulate-applayer-error-at-offset-ts", required_argument, 0, 0},
1405 {
"simulate-applayer-error-at-offset-tc", required_argument, 0, 0},
1406 {
"simulate-packet-loss", required_argument, 0, 0},
1407 {
"simulate-packet-tcp-reassembly-memcap", required_argument, 0, 0},
1408 {
"simulate-packet-tcp-ssn-memcap", required_argument, 0, 0},
1409 {
"simulate-packet-defrag-memcap", required_argument, 0, 0},
1410 {
"simulate-alert-queue-realloc-failure", 0, 0, 0},
1414 {
"include", required_argument, 0, 0},
1421 int option_index = 0;
1423 char short_opts[] =
"c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1425 while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1428 if (strcmp((long_opts[option_index]).name ,
"pfring") == 0 ||
1429 strcmp((long_opts[option_index]).name ,
"pfring-int") == 0) {
1434 if (optarg != NULL) {
1437 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1438 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1443 "to pass --enable-pfring to configure when building.");
1447 else if(strcmp((long_opts[option_index]).name ,
"pfring-cluster-id") == 0){
1450 SCLogError(
"failed to set pfring.cluster-id");
1455 "to pass --enable-pfring to configure when building.");
1459 else if(strcmp((long_opts[option_index]).name ,
"pfring-cluster-type") == 0){
1461 if (
ConfSetFinal(
"pfring.cluster-type", optarg) != 1) {
1462 SCLogError(
"failed to set pfring.cluster-type");
1467 "to pass --enable-pfring to configure when building.");
1471 else if (strcmp((long_opts[option_index]).name ,
"capture-plugin") == 0){
1475 else if (strcmp((long_opts[option_index]).name ,
"capture-plugin-args") == 0){
1477 }
else if (strcmp((long_opts[option_index]).name,
"dpdk") == 0) {
1478 if (ParseCommandLineDpdk(suri, optarg) !=
TM_ECODE_OK) {
1481 }
else if (strcmp((long_opts[option_index]).name,
"af-packet") == 0) {
1482 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1485 }
else if (strcmp((long_opts[option_index]).name,
"af-xdp") == 0) {
1486 if (ParseCommandLineAfxdp(suri, optarg) !=
TM_ECODE_OK) {
1489 }
else if (strcmp((long_opts[option_index]).name,
"netmap") == 0) {
1497 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1498 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1504 SCLogInfo(
"Multiple netmap option without interface on each is useless");
1509 "has been specified");
1510 PrintUsage(argv[0]);
1517 }
else if (strcmp((long_opts[option_index]).name,
"nflog") == 0) {
1527 }
else if (strcmp((long_opts[option_index]).name,
"pcap") == 0) {
1528 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1531 }
else if (strcmp((long_opts[option_index]).name,
"simulate-ips") == 0) {
1534 }
else if (strcmp((long_opts[option_index]).name,
"init-errors-fatal") == 0) {
1535 if (
ConfSetFinal(
"engine.init-failure-fatal",
"1") != 1) {
1536 SCLogError(
"failed to set engine init-failure-fatal");
1539 #ifdef BUILD_UNIX_SOCKET
1540 }
else if (strcmp((long_opts[option_index]).name ,
"unix-socket") == 0) {
1544 if (
ConfSetFinal(
"unix-command.filename", optarg) != 1) {
1545 SCLogError(
"failed to set unix-command.filename");
1552 "has been specified");
1553 PrintUsage(argv[0]);
1558 else if(strcmp((long_opts[option_index]).name,
"list-app-layer-protocols") == 0) {
1561 else if(strcmp((long_opts[option_index]).name,
"list-unittests") == 0) {
1565 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to "
1566 "configure when building");
1569 }
else if (strcmp((long_opts[option_index]).name,
"list-runmodes") == 0) {
1572 }
else if (strcmp((long_opts[option_index]).name,
"list-keywords") == 0) {
1574 if (strcmp(
"short",optarg)) {
1578 }
else if (strcmp((long_opts[option_index]).name,
"runmode") == 0) {
1580 }
else if(strcmp((long_opts[option_index]).name,
"engine-analysis") == 0) {
1584 else if(strcmp((long_opts[option_index]).name,
"service-install") == 0) {
1585 suri->
run_mode = RUNMODE_INSTALL_SERVICE;
1588 else if(strcmp((long_opts[option_index]).name,
"service-remove") == 0) {
1589 suri->
run_mode = RUNMODE_REMOVE_SERVICE;
1592 else if(strcmp((long_opts[option_index]).name,
"service-change-params") == 0) {
1593 suri->
run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1597 else if(strcmp((long_opts[option_index]).name,
"pidfile") == 0) {
1600 SCLogError(
"strdup failed: %s", strerror(errno));
1604 else if(strcmp((long_opts[option_index]).name,
"disable-detection") == 0) {
1606 }
else if (strcmp((long_opts[option_index]).name,
"disable-hashing") == 0) {
1608 }
else if (strcmp((long_opts[option_index]).name,
"fatal-unittests") == 0) {
1612 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to "
1613 "configure when building");
1616 }
else if (strcmp((long_opts[option_index]).name,
"user") == 0) {
1617 #ifndef HAVE_LIBCAP_NG
1619 " drop privileges, but it was not compiled into Suricata.");
1625 }
else if (strcmp((long_opts[option_index]).name,
"group") == 0) {
1626 #ifndef HAVE_LIBCAP_NG
1628 " drop privileges, but it was not compiled into Suricata.");
1634 }
else if (strcmp((long_opts[option_index]).name,
"erf-in") == 0) {
1640 }
else if (strcmp((long_opts[option_index]).name,
"dag") == 0) {
1646 SCLogError(
"more than one run mode has been specified");
1647 PrintUsage(argv[0]);
1652 SCLogError(
"libdag and a DAG card are required"
1653 " to receive packets using --dag.");
1656 }
else if (strcmp((long_opts[option_index]).name,
"napatech") == 0) {
1657 #ifdef HAVE_NAPATECH
1660 SCLogError(
"libntapi and a Napatech adapter are required"
1661 " to capture packets using --napatech.");
1664 }
else if (strcmp((long_opts[option_index]).name,
"pcap-buffer-size") == 0) {
1665 #ifdef HAVE_PCAP_SET_BUFF
1667 SCLogError(
"failed to set pcap-buffer-size");
1672 " doesn't support setting buffer size.");
1674 }
else if (strcmp((long_opts[option_index]).name,
"build-info") == 0) {
1677 }
else if (strcmp((long_opts[option_index]).name,
"windivert-forward") == 0) {
1681 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1685 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1690 "has been specified");
1691 PrintUsage(argv[0]);
1695 else if(strcmp((long_opts[option_index]).name,
"windivert") == 0) {
1698 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1702 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1707 "has been specified");
1708 PrintUsage(argv[0]);
1712 SCLogError(
"WinDivert not enabled. Make sure to pass --enable-windivert to "
1713 "configure when building.");
1716 }
else if(strcmp((long_opts[option_index]).name,
"reject-dev") == 0) {
1717 #ifdef HAVE_LIBNET11
1719 extern char *g_reject_dev;
1720 extern uint16_t g_reject_dev_mtu;
1721 g_reject_dev = optarg;
1724 g_reject_dev_mtu = (uint16_t)mtu;
1727 SCLogError(
"Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1731 else if (strcmp((long_opts[option_index]).name,
"set") == 0) {
1732 if (optarg != NULL) {
1734 char *val = strchr(optarg,
'=');
1736 FatalError(
"Invalid argument for --set, must be key=val.");
1739 FatalError(
"failed to set configuration value %s", optarg);
1743 else if (strcmp((long_opts[option_index]).name,
"pcap-file-continuous") == 0) {
1744 if (
ConfSetFinal(
"pcap-file.continuous",
"true") != 1) {
1745 SCLogError(
"Failed to set pcap-file.continuous");
1749 else if (strcmp((long_opts[option_index]).name,
"pcap-file-delete") == 0) {
1750 if (
ConfSetFinal(
"pcap-file.delete-when-done",
"true") != 1) {
1751 SCLogError(
"Failed to set pcap-file.delete-when-done");
1755 else if (strcmp((long_opts[option_index]).name,
"pcap-file-recursive") == 0) {
1756 if (
ConfSetFinal(
"pcap-file.recursive",
"true") != 1) {
1757 SCLogError(
"failed to set pcap-file.recursive");
1760 }
else if (strcmp((long_opts[option_index]).name,
"pcap-file-buffer-size") == 0) {
1761 if (
ConfSetFinal(
"pcap-file.buffer-size", optarg) != 1) {
1762 SCLogError(
"failed to set pcap-file.buffer-size");
1765 }
else if (strcmp((long_opts[option_index]).name,
"data-dir") == 0) {
1766 if (optarg == NULL) {
1767 SCLogError(
"no option argument (optarg) for -d");
1777 " supplied at the command-line (-d %s) doesn't "
1778 "exist. Shutting down the engine.",
1783 }
else if (strcmp((long_opts[option_index]).name,
"strict-rule-keywords") == 0) {
1784 if (optarg == NULL) {
1790 FatalError(
"failed to duplicate 'strict' string");
1792 }
else if (strcmp((long_opts[option_index]).name,
"include") == 0) {
1797 "Failed to allocate memory for additional configuration files: %s",
1802 for (
int i = 0;; i++) {
1804 const char **additional_configs =
1806 if (additional_configs == NULL) {
1807 FatalError(
"Failed to allocate memory for additional configuration "
1821 (long_opts[option_index]).name, optarg);
1831 if (
ConfSetFinal(
"engine.init-failure-fatal",
"1") != 1) {
1832 SCLogError(
"failed to set engine init-failure-fatal");
1845 if (optarg == NULL) {
1846 SCLogError(
"no option argument (optarg) for -i");
1849 #ifdef HAVE_AF_PACKET
1850 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1855 #if defined HAVE_NETMAP
1861 "option%s %s available:"
1863 " NETMAP (--netmap=%s)"
1865 ". Use --pcap=%s to suppress this warning",
1866 i == 1 ?
"" :
"s", i == 1 ?
"is" :
"are"
1874 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1880 if (optarg == NULL) {
1881 SCLogError(
"no option argument (optarg) for -l");
1891 " supplied at the command-line (-l %s) doesn't "
1892 "exist. Shutting down the engine.",
1896 if (!IsLogDirectoryWritable(optarg)) {
1898 " supplied at the command-line (-l %s) is not "
1899 "writable. Shutting down the engine.",
1918 "has been specified");
1919 PrintUsage(argv[0]);
1923 SCLogError(
"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when "
1940 "has been specified");
1941 PrintUsage(argv[0]);
1945 SCLogError(
"IPFW not enabled. Make sure to pass --enable-ipfw to configure when "
1956 "has been specified");
1957 PrintUsage(argv[0]);
1962 SCLogError(
"pcap file '%s': %s", optarg, strerror(errno));
1966 SCLogError(
"ERROR: Failed to set pcap-file.file\n");
1973 SCLogError(
"can't have multiple -s options or mix -s and -S.");
1980 SCLogError(
"can't have multiple -S options or mix -s and -S.");
1993 PrintUsage(argv[0]);
1997 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to configure "
2014 if (optarg == NULL) {
2015 SCLogError(
"no option argument (optarg) for -F");
2019 SetBpfStringFromFile(optarg);
2025 if (optarg == NULL) {
2026 SCLogError(
"no option argument (optarg) for -k");
2029 if (!strcmp(
"all", optarg))
2031 else if (!strcmp(
"none", optarg))
2034 SCLogError(
"option '%s' invalid for -k", optarg);
2039 PrintUsage(argv[0]);
2045 SCLogError(
"can't use -s/-S when detection is disabled");
2052 if (list_app_layer_protocols)
2070 ret = SetBpfString(optind, argv);
2078 int WindowsInitService(
int argc,
char **argv)
2080 if (SCRunningAsService()) {
2081 char path[MAX_PATH];
2083 strlcpy(path, argv[0], MAX_PATH);
2084 if ((p = strrchr(path,
'\\'))) {
2087 if (!SetCurrentDirectory(path)) {
2088 SCLogError(
"Can't set current directory to: %s", path);
2091 SCLogInfo(
"Current directory is set to: %s", path);
2092 SCServiceInit(argc, argv);
2097 if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
2098 SCLogError(
"Can't initialize Windows sockets: %d", WSAGetLastError());
2109 const char *pid_filename;
2111 if (
ConfGet(
"pid-file", &pid_filename) == 1) {
2112 SCLogInfo(
"Use pid file %s from config file.", pid_filename);
2119 SCLogError(
"strdup failed: %s", strerror(errno));
2138 SCLogError(
"Unable to create PID file, concurrent run of"
2139 " Suricata can occur.");
2140 SCLogError(
"PID file creation WILL be mandatory for daemon mode"
2141 " in future version");
2156 if (
ConfGet(
"run-as.user", &
id) == 1) {
2160 if (
ConfGet(
"run-as.group", &
id) == 1) {
2178 static int InitSignalHandler(
SCInstance *suri)
2181 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2186 if (
ConfGetBool(
"logging.stacktrace-on-signal", &enabled) == 0) {
2191 SCLogInfo(
"Preparing unexpected signal handling");
2192 struct sigaction stacktrace_action;
2193 memset(&stacktrace_action, 0,
sizeof(stacktrace_action));
2194 stacktrace_action.sa_sigaction = SignalHandlerUnexpected;
2195 stacktrace_action.sa_flags = SA_SIGINFO;
2196 sigaction(SIGSEGV, &stacktrace_action, NULL);
2197 sigaction(SIGABRT, &stacktrace_action, NULL);
2221 #ifdef PROFILE_RULES
2229 #ifdef PROFILE_RULES
2279 SCPrintElapsedTime(start_time);
2332 PrintUsage(argv[0]);
2342 case RUNMODE_INSTALL_SERVICE:
2343 if (SCServiceInstall(argc, argv)) {
2346 SCLogInfo(
"Suricata service has been successfully installed.");
2348 case RUNMODE_REMOVE_SERVICE:
2349 if (SCServiceRemove()) {
2352 SCLogInfo(
"Suricata service has been successfully removed.");
2354 case RUNMODE_CHANGE_SERVICE_PARAMS:
2355 if (SCServiceChangeParams(argc, argv)) {
2358 SCLogInfo(
"Suricata service startup parameters has been successfully changed.");
2386 static void SetupDelayedDetect(
SCInstance *suri)
2395 if (decnf != NULL) {
2397 if (strcmp(denode->
val,
"delayed-detect") == 0) {
2407 SCLogInfo(
"Packets will start being processed before signatures are active.");
2423 static int ConfigGetCaptureValue(
SCInstance *suri)
2427 intmax_t tmp_max_pending_packets;
2428 if (
ConfGetInt(
"max-pending-packets", &tmp_max_pending_packets) != 1)
2430 if (tmp_max_pending_packets < 1 || tmp_max_pending_packets > 2147483648) {
2431 SCLogError(
"Maximum max-pending-packets setting is 2147483648 and must be greater than 0. "
2432 "Please check %s for errors",
2443 const char *temp_default_packet_size;
2444 if ((
ConfGet(
"default-packet-size", &temp_default_packet_size)) != 1) {
2447 int strip_trailing_plus = 0;
2452 const int mtu = GetGlobalMTUWin32();
2466 strip_trailing_plus = 1;
2473 for (lthread = 0; lthread < nlive; lthread++) {
2476 (void)
strlcpy(dev, live_dev,
sizeof(dev));
2478 if (strip_trailing_plus) {
2479 size_t len = strlen(dev);
2481 (dev[
len-1] ==
'+' ||
2482 dev[
len-1] ==
'^' ||
2501 SCLogError(
"Error parsing max-pending-packets "
2502 "from conf file - %s. Killing engine",
2503 temp_default_packet_size);
2513 static void PostRunStartedDetectSetup(
const SCInstance *suri)
2527 SCLogNotice(
"Signature(s) loaded, Detect thread(s) activated.");
2539 SetupDelayedDetect(suri);
2541 (void)
ConfGetBool(
"multi-detect.enabled", &mt_enabled);
2542 int default_tenant = 0;
2544 (void)
ConfGetBool(
"multi-detect.default", &default_tenant);
2547 "detection engine contexts failed.");
2557 FatalError(
"initializing detection engine failed.");
2571 static void PostConfLoadedSetupHostMode(
void)
2573 const char *hostmode = NULL;
2575 if (
ConfGet(
"host-mode", &hostmode) == 1) {
2576 if (!strcmp(hostmode,
"router")) {
2578 }
else if (!strcmp(hostmode,
"sniffer-only")) {
2581 if (strcmp(hostmode,
"auto") != 0) {
2593 SCLogInfo(
"No 'host-mode': suricata is in IPS mode, using "
2594 "default setting 'router'");
2597 SCLogInfo(
"No 'host-mode': suricata is in IDS mode, using "
2598 "default setting 'sniffer-only'");
2606 if (suri->
system ==
false) {
2610 FatalError(
"could not set USER mode logdir");
2616 FatalError(
"could not set USER mode datadir");
2632 int disable_offloading;
2633 if (
ConfGetBool(
"capture.disable-offloading", &disable_offloading) == 0)
2634 disable_offloading = 1;
2635 if (disable_offloading) {
2642 const char *cv = NULL;
2643 if (
ConfGet(
"capture.checksum-validation", &cv) == 1) {
2644 if (strcmp(cv,
"none") == 0) {
2646 }
else if (strcmp(cv,
"all") == 0) {
2653 ConfSet(
"stream.checksum-validation",
"0");
2656 ConfSet(
"stream.checksum-validation",
"1");
2665 #ifdef HAVE_PACKET_EBPF
2667 EBPFRegisterExtension();
2687 SCLogInfo(
"Setting engine mode to IDS mode by default");
2708 const char *custom_umask;
2709 if (
ConfGet(
"umask", &custom_umask) == 1) {
2711 if (
StringParseUint16(&mask, 8, (uint16_t)strlen(custom_umask), custom_umask) > 0) {
2712 umask((mode_t)mask);
2730 SCLogInfo(
"== Carrying out Engine Analysis ==");
2731 const char *temp = NULL;
2732 if (
ConfGet(
"engine-analysis", &temp) == 0) {
2733 SCLogInfo(
"no engine-analysis parameter(s) defined in conf file. "
2734 "Please define/enable them in the conf to use this "
2753 "basic address vars test failed. Please check %s for errors", suri->
conf_filename);
2780 "supplied by %s (default-log-dir) doesn't exist. "
2781 "Shutting down the engine",
2785 if (!IsLogDirectoryWritable(suri->
log_dir)) {
2787 "supplied by %s (default-log-dir) is not writable. "
2788 "Shutting down the engine",
2806 PostConfLoadedSetupHostMode();
2875 return EXIT_FAILURE;
2895 SCInstanceInit(&
suricata, progname);
2913 if (
ConfGetBool(
"vlan.use-for-tracking", &tracking) == 1 && !tracking) {
2917 SCLogDebug(
"vlan tracking is %s", tracking == 1 ?
"enabled" :
"disabled");
2918 if (
ConfGetBool(
"livedev.use-for-tracking", &tracking) == 1 && !tracking) {
2934 SCLogInfo(
"Running suricata under test mode");
2961 SCLogNotice(
"Configuration provided was successfully loaded. Exiting.");
3005 int limit_nproc = 0;
3006 if (
ConfGetBool(
"security.limit-noproc", &limit_nproc) == 0) {
3010 #if defined(SC_ADDRESS_SANITIZER)
3013 "\"security.limit-noproc\" (setrlimit()) not set when using address sanitizer");
3019 #if defined(HAVE_SYS_RESOURCE_H)
3022 SCLogWarning(
"setrlimit has no effet when running as root.");
3025 struct rlimit r = { 0, 0 };
3026 if (setrlimit(RLIMIT_NPROC, &r) != 0) {
3027 SCLogWarning(
"setrlimit failed to prevent process creation.");
3049 PostRunStartedDetectSetup(&
suricata);
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
void TmModuleUnixManagerRegister(void)
void StatsReleaseResources(void)
Releases the resources allotted by the Stats API.
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
void SuricataMainLoop(void)
int ExceptionSimulationCommandLineParser(const char *name, const char *arg)
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
int SCRunmodeGet(void)
Get the current run mode.
int ConfNodeChildValueIsTrue(const ConfNode *node, const char *key)
Test if a configuration node has a true value.
void IPPairInitConfig(bool quiet)
initialize the configuration
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
int LiveDeviceListClean(void)
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
struct timeval start_time
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
SystemHugepageSnapshot * prerun_snap
void TmThreadContinueThreads(void)
Unpauses all threads present in tv_root.
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
enum DetectEngineType type
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
@ RUNMODE_PRINT_BUILDINFO
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
void LiveDevRegisterExtension(void)
void OutputTxShutdown(void)
void AppLayerHtpPrintStats(void)
void StatsSetupPostConfigPreOutput(void)
char * runmode_custom_mode
struct HtpBodyChunk_ * next
void TmModuleReceiveNFQRegister(void)
int LiveBuildDeviceList(const char *runmode)
void RunModeShutDown(void)
void SCProtoNameInit(void)
void SuricataPostInit(void)
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
volatile sig_atomic_t sigint_count
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
void SCProfilingRulesGlobalInit(void)
void TmModuleRunDeInit(void)
void RegisterFlowBypassInfo(void)
#define SCSetThreadName(n)
void SCRunmodeSet(int run_mode)
Set the current run mode.
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
main detection engine ctx
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
void DetectEngineReloadSetIdle(void)
DetectEngineCtx * DetectEngineGetCurrent(void)
int EngineModeIsUnknown(void)
void VarNameStoreInit(void)
void TmModuleFlowRecyclerRegister(void)
void Daemonize(void)
Daemonize the process.
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
#define TAILQ_FOREACH(var, head, field)
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
void TmModuleDecodeWinDivertRegister(void)
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
void TmModuleStatsLoggerRegister(void)
int ConfYamlHandleInclude(ConfNode *parent, const char *filename)
Include a file in the configuration.
void RegisterAllModules(void)
int DetectEngineMultiTenantSetup(const bool unix_socket)
setup multi-detect / multi-tenancy
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
void ConfDump(void)
Dump configuration to stdout.
const SuricataContext suricata_context
TmEcode SCParseCommandLine(int argc, char **argv)
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
void SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
void PreRunInit(const int runmode)
void MacSetRegisterFlowStorage(void)
void SuricataShutdown(void)
const char * conf_filename
int GetIfaceMTU(const char *dev)
output the link MTU
void GlobalsInitPreConfig(void)
void TmModuleReceiveNetmapRegister(void)
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
void NFQInitConfig(bool quiet)
To initialize the NFQ global configuration data.
void TmModuleReceiveWinDivertRegister(void)
void SCProfilingDestroy(void)
Free resources used by profiling.
bool IsRunModeOffline(enum RunModes run_mode_to_check)
void AFPPeersListClean(void)
Clean the global peers list.
void RunModeInitializeOutputs(void)
int DetectPortTestConfVars(void)
void SCThresholdConfGlobalInit(void)
void DecodeUnregisterCounters(void)
const char * capture_plugin_name
void HostBitInitCtx(void)
const char * capture_plugin_args
void TmModuleLoggerRegister(void)
void TmThreadDisablePacketThreads(void)
Disable all packet threads.
void PacketPoolInit(void)
int AppLayerDeSetup(void)
De initializes the app layer.
size_t strlcpy(char *dst, const char *src, size_t siz)
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
void TmModuleDecodePcapFileRegister(void)
void TmModuleBypassedFlowManagerRegister(void)
void IPPairShutdown(void)
shutdown the flow engine
void DetectParseFreeRegexes(void)
void TmModuleDecodeNFLOGRegister(void)
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
ConfNode * ConfGetRootNode(void)
Get the root configuration node.
void FlowInitConfig(bool quiet)
initialize the configuration
int AppLayerSetup(void)
Setup the app layer.
void FeatureTrackingRegister(void)
void TmModuleReceiveDPDKRegister(void)
void UnixManagerThreadSpawnNonRunmode(const bool unix_socket_enabled)
void RunModeInitializeThreadSettings(void)
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
bool IsRunModeSystem(enum RunModes run_mode_to_check)
int GetIfaceMaxPacketSize(LiveDevice *ld)
output max packet size for a link
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
void PreRunPostPrivsDropInit(const int runmode)
void SigTableCleanup(void)
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
volatile sig_atomic_t sigterm_count
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
void TmModuleVerdictNFQRegister(void)
int ConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
void RunModeListRunmodes(void)
Lists all registered runmodes.
size_t strlcat(char *, const char *src, size_t siz)
@ RUNMODE_LIST_APP_LAYERS
void LiveSetOffloadDisable(void)
void StatsSetupPostConfigPostOutput(void)
void EngineModeSetIDS(void)
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
LiveDevice * LiveGetDevice(const char *name)
Get a pointer to the device at idx.
void UnixSocketKillSocketThread(void)
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
bool g_stats_eps_per_app_proto_errors
void HttpRangeContainersInit(void)
struct timeval last_reload
void TmModuleVerdictWinDivertRegister(void)
void HostCleanup(void)
Cleanup the host engine.
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
int UtilSignalUnblock(int signum)
int DetectEngineEnabled(void)
Check if detection is enabled.
void TmThreadClearThreadsFamily(int family)
void TmModuleRunInit(void)
void EngineModeSetIPS(void)
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
int UtilSignalBlock(int signum)
void SCProfilingPrefilterGlobalInit(void)
void ThresholdDestroy(void)
#define SCLogWarning(...)
Macro used to log WARNING messages.
int PostConfLoadedSetup(SCInstance *suri)
const char * GetProgramVersion(void)
get string with program version
void TmModuleReceivePcapFileRegister(void)
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
int ListAppLayerProtocols(const char *conf_filename)
void DatasetsDestroy(void)
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
int profiling_packets_enabled
int SystemDNotifyReady(void)
void TmThreadKillThreads(void)
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
void PostConfLoadedDetectSetup(SCInstance *suri)
int EngineModeIsIDS(void)
void TmModuleNapatechDecodeRegister(void)
Register the Napatech decoder module.
TmModule tmm_modules[TMM_SIZE]
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
int StorageFinalize(void)
void VarNameStoreDestroy(void)
void TmModuleFlowWorkerRegister(void)
enum RunModes aux_run_mode
uint32_t max_pending_packets
const char ** additional_configs
#define DEFAULT_PID_FILENAME
volatile sig_atomic_t sighup_count
TmEcode ConfigSetDataDirectory(char *name)
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
#define SCDropMainThreadCaps(...)
void TmModuleDebugList(void)
void TmModuleDecodeNFQRegister(void)
void SCProtoNameRelease(void)
int RunmodeIsUnittests(void)
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void TmModuleReceiveNFLOGRegister(void)
#define DEFAULT_PACKET_SIZE
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
#define SCRealloc(ptr, sz)
void TmModuleDecodeAFXDPRegister(void)
Registration Function for DecodeAFXDP.
uint32_t default_packet_size
void SigTableApplyStrictCommandLineOption(const char *str)
@ DETECT_ENGINE_TYPE_NORMAL
void TmThreadKillThreadsFamily(int family)
void FeatureTrackingRelease(void)
void TmqhCleanup(void)
Clean up registration time allocs.
void StreamTcpFreeConfig(bool quiet)
void DecodeGlobalConfig(void)
char * strict_rule_parsing_string
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
const char * LiveGetDeviceName(int number)
Get a pointer to the device name at idx.
void FlowShutdown(void)
shutdown the flow engine
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
void DetectEngineBumpVersion(void)
void TmModuleFlowManagerRegister(void)
int SCStartInternalRunMode(int argc, char **argv)
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
void HostShutdown(void)
shutdown the flow engine
#define SCFstatFn(fd, statbuf)
void LiveSetOffloadWarn(void)
void ParseSizeDeinit(void)
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
int ConfGetChildValueBool(const ConfNode *base, const char *name, int *val)
void SCProfilingDump(void)
void TmModuleReceiveAFXDPRegister(void)
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
void FrameConfigInit(void)
int ParseSizeStringU32(const char *size, uint32_t *res)
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
void IPPairBitInitCtx(void)
TmEcode ConfigSetLogDirectory(const char *name)
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
int ConfUnixSocketIsEnable(void)
int ConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
void ConfInit(void)
Initialize the configuration system.
const char * ConfigGetLogDirectory(void)
volatile sig_atomic_t sigusr2_count
void SystemHugepageSnapshotDestroy(SystemHugepageSnapshot *s)
@ RUNMODE_ENGINE_ANALYSIS
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
TmEcode SCLoadYamlConfig(void)
TmEcode ConfigCheckDataDirectory(const char *data_dir)
#define SCLogError(...)
Macro used to log ERROR messages.
int DetectEngineReloadStart(void)
#define DEFAULT_CONF_FILE
#define SC_LOG_MAX_LOG_MSG_LEN
void AppLayerParserPostStreamSetup(void)
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
void SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
void TmModuleRespondRejectRegister(void)
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
void RunUnittests(int list_unittests, const char *regex_arg)
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
void PacketAlertTagInit(void)
int RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
DetectEngineCtx * DetectEngineCtxInit(void)
int EngineModeIsIPS(void)
void TmModuleNapatechStreamRegister(void)
Register the Napatech receiver (reader) module.
void SCProfilingKeywordsGlobalInit(void)
void EngineDone(void)
Used to indicate that the current task is done.
const char * GetDocURL(void)
void PostRunDeinit(const int runmode, struct timeval *start_time)
void HostInitConfig(bool quiet)
initialize the configuration
TmEcode TmThreadWaitOnThreadRunning(void)
Waits for all threads to be in a running state.
void ConfDeInit(void)
De-initializes the configuration system.
void HttpRangeContainersDestroy(void)
int ConfSet(const char *name, const char *val)
Set a configuration value.
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
#define DEFAULT_MAX_PENDING_PACKETS
void DetectEngineClearMaster(void)
void SetMasterExceptionPolicy(void)
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
void OutputFilestoreRegisterGlobalCounters(void)
int InitGlobal(void)
Global initialization common to all runmodes.
int LiveGetDeviceCount(void)
Get the number of registered devices.
SystemHugepageSnapshot * SystemHugepageSnapshotCreate(void)
The function creates a snapshot of the system's hugepage usage per NUMA node and per hugepage size....
void SCProfilingSghsGlobalInit(void)
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
#define SCStatFn(pathname, statbuf)
void LiveDeviceFinalize(void)
void TmModuleDecodeDPDKRegister(void)
Registration Function for DecodeDPDK.
void PacketPoolDestroy(void)
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
void LandlockSandboxing(SCInstance *suri)
int ListKeywords(const char *keyword_info)
#define SCLogNotice(...)
Macro used to log NOTICE messages.
void SuricataPreInit(const char *progname)
void DPDKCleanupEAL(void)
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
@ SURI_HOST_IS_SNIFFER_ONLY
void NFQContextsClean(void)
Clean global contexts. Must be called on exit.
void SystemHugepageEvaluateHugepages(SystemHugepageSnapshot *pre_s, SystemHugepageSnapshot *post_s)
The function compares two hugepage snapshots and prints out recommendations for hugepage configuratio...
#define DEBUG_VALIDATE_BUG_ON(exp)
int SCFinalizeRunMode(void)
void SCProfilingInit(void)
Initialize profiling.
void GlobalsDestroy(void)
int DetectEngineReloadIsStart(void)
volatile uint8_t suricata_ctl_flags
void TagDestroyCtx(void)
Destroy tag context hash tables.
int DetectAddressTestConfVars(void)
void FlowWorkToDoCleanup(void)
Clean up all the flows that have unprocessed segments and have some work to do in the detection engin...
void MpmHSGlobalCleanup(void)
void TmqResetQueues(void)