suricata
suricata.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2020 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 #include "config.h"
26 
27 #if HAVE_GETOPT_H
28 #include <getopt.h>
29 #endif
30 
31 #if HAVE_SIGNAL_H
32 #include <signal.h>
33 #endif
34 
35 #ifdef HAVE_NSS
36 #include <prinit.h>
37 #include <nss.h>
38 #endif
39 
40 #include "suricata.h"
41 #include "decode.h"
42 #include "feature.h"
43 #include "detect.h"
44 #include "packet-queue.h"
45 #include "threads.h"
46 #include "threadvars.h"
47 #include "flow-worker.h"
48 
49 #include "util-atomic.h"
50 #include "util-spm.h"
51 #include "util-cpu.h"
52 #include "util-action.h"
53 #include "util-pidfile.h"
54 #include "util-ioctl.h"
55 #include "util-device.h"
56 #include "util-misc.h"
57 #include "util-running-modes.h"
58 
59 #include "detect-engine.h"
60 #include "detect-parse.h"
61 #include "detect-fast-pattern.h"
62 #include "detect-engine-tag.h"
63 #include "detect-engine-threshold.h"
64 #include "detect-engine-address.h"
65 #include "detect-engine-port.h"
66 #include "detect-engine-mpm.h"
67 
68 #include "tm-queuehandlers.h"
69 #include "tm-queues.h"
70 #include "tm-threads.h"
71 
72 #include "tmqh-flow.h"
73 
74 #include "conf.h"
75 #include "conf-yaml-loader.h"
76 
77 #include "datasets.h"
78 
79 #include "stream-tcp.h"
80 
81 #include "source-nfq.h"
82 #include "source-nfq-prototypes.h"
83 
84 #include "source-nflog.h"
85 
86 #include "source-ipfw.h"
87 
88 #include "source-pcap.h"
89 #include "source-pcap-file.h"
90 
91 #include "source-pfring.h"
92 
93 #include "source-erf-file.h"
94 #include "source-erf-dag.h"
95 #include "source-napatech.h"
96 
97 #include "source-af-packet.h"
98 #include "source-netmap.h"
99 
100 #include "source-windivert.h"
101 #include "source-windivert-prototypes.h"
102 
103 #include "respond-reject.h"
104 
105 #include "flow.h"
106 #include "flow-timeout.h"
107 #include "flow-manager.h"
108 #include "flow-bypass.h"
109 #include "flow-var.h"
110 #include "flow-bit.h"
111 #include "pkt-var.h"
112 #include "host-bit.h"
113 
114 #include "ippair.h"
115 #include "ippair-bit.h"
116 
117 #include "host.h"
118 #include "unix-manager.h"
119 
120 #include "app-layer.h"
121 #include "app-layer-parser.h"
122 #include "app-layer-htp.h"
123 #include "app-layer-ssl.h"
124 #include "app-layer-ssh.h"
125 #include "app-layer-ftp.h"
126 #include "app-layer-smtp.h"
127 #include "app-layer-modbus.h"
128 #include "app-layer-enip.h"
129 #include "app-layer-dnp3.h"
130 #include "app-layer-smb.h"
131 #include "app-layer-dcerpc.h"
132 
133 #include "util-ebpf.h"
134 #include "util-radix-tree.h"
135 #include "util-host-os-info.h"
136 #include "util-cidr.h"
137 #include "util-unittest.h"
138 #include "util-unittest-helper.h"
139 #include "util-time.h"
140 #include "util-rule-vars.h"
141 #include "util-classification-config.h"
142 #include "util-threshold-config.h"
143 #include "util-reference-config.h"
144 #include "util-profiling.h"
145 #include "util-magic.h"
146 #include "util-signal.h"
147 
148 #include "util-coredump-config.h"
149 
150 #include "util-decode-mime.h"
151 
152 #include "defrag.h"
153 
154 #include "runmodes.h"
155 #include "runmode-unittests.h"
156 
157 #include "util-debug.h"
158 #include "util-error.h"
159 #include "util-daemon.h"
160 #include "util-byte.h"
161 #include "reputation.h"
162 
163 #include "output.h"
164 
165 #include "util-privs.h"
166 
167 #include "tmqh-packetpool.h"
168 
169 #include "util-proto-name.h"
170 #include "util-mpm-hs.h"
171 #include "util-storage.h"
172 #include "host-storage.h"
173 
174 #include "util-lua.h"
175 
176 #include "rust.h"
177 
178 /*
179  * we put this here, because we only use it here in main.
180  */
181 volatile sig_atomic_t sigint_count = 0;
182 volatile sig_atomic_t sighup_count = 0;
183 volatile sig_atomic_t sigterm_count = 0;
184 volatile sig_atomic_t sigusr2_count = 0;
185 
186 /*
187  * Flag to indicate if the engine is at the initialization
188  * or already processing packets. 3 stages: SURICATA_INIT,
189  * SURICATA_RUNTIME and SURICATA_FINALIZE
190  */
191 SC_ATOMIC_DECLARE(unsigned int, engine_stage);
192 
193 /* Max packets processed simultaniously per thread. */
194 #define DEFAULT_MAX_PENDING_PACKETS 1024
195 
196 /** suricata engine control flags */
197 volatile uint8_t suricata_ctl_flags = 0;
198 
199 /** Run mode selected */
200 int run_mode = RUNMODE_UNKNOWN;
201 
202 /** Engine mode: inline (ENGINE_MODE_IPS) or just
203  * detection mode (ENGINE_MODE_IDS by default) */
204 static enum EngineMode g_engine_mode = ENGINE_MODE_IDS;
205 
206 /** Host mode: set if box is sniffing only
207  * or is a router */
208 uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY;
209 
210 /** Maximum packets to simultaneously process. */
211 intmax_t max_pending_packets;
212 
213 /** global indicating if detection is enabled */
214 int g_detect_disabled = 0;
215 
216 /** set caps or not */
217 int sc_set_caps = FALSE;
218 
219 /** highest mtu of the interfaces we monitor */
220 int g_default_mtu = 0;
221 
222 bool g_system = false;
223 
224 /** disable randomness to get reproducible results accross runs */
225 #ifndef AFLFUZZ_NO_RANDOM
226 int g_disable_randomness = 0;
227 #else
228 int g_disable_randomness = 1;
229 #endif
230 
231 /** determine (without branching) if we include the vlan_ids when hashing or
232  * comparing flows */
233 uint16_t g_vlan_mask = 0xffff;
234 
235 /** Suricata instance */
236 SCInstance suricata;
237 
238 int SuriHasSigFile(void)
239 {
240  return (suricata.sig_file != NULL);
241 }
242 
243 int EngineModeIsIPS(void)
244 {
245  return (g_engine_mode == ENGINE_MODE_IPS);
246 }
247 
248 int EngineModeIsIDS(void)
249 {
250  return (g_engine_mode == ENGINE_MODE_IDS);
251 }
252 
253 void EngineModeSetIPS(void)
254 {
255  g_engine_mode = ENGINE_MODE_IPS;
256 }
257 
258 void EngineModeSetIDS(void)
259 {
260  g_engine_mode = ENGINE_MODE_IDS;
261 }
262 
263 int RunmodeIsUnittests(void)
264 {
265  if (run_mode == RUNMODE_UNITTEST)
266  return 1;
267 
268  return 0;
269 }
270 
271 int RunmodeGetCurrent(void)
272 {
273  return run_mode;
274 }
275 
276 /** signal handlers
277  *
278  * WARNING: don't use the SCLog* API in the handlers. The API is complex
279  * with memory allocation possibly happening, calls to syslog, json message
280  * construction, etc.
281  */
282 
283 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
284 static void SignalHandlerSigint(/*@unused@*/ int sig)
285 {
286  sigint_count = 1;
287 }
288 static void SignalHandlerSigterm(/*@unused@*/ int sig)
289 {
290  sigterm_count = 1;
291 }
292 #endif
293 
294 #ifndef OS_WIN32
295 /**
296  * SIGUSR2 handler. Just set sigusr2_count. The main loop will act on
297  * it.
298  */
299 static void SignalHandlerSigusr2(int sig)
300 {
301  if (sigusr2_count < 2)
302  sigusr2_count++;
303 }
304 
305 /**
306  * SIGHUP handler. Just set sighup_count. The main loop will act on
307  * it.
308  */
309 static void SignalHandlerSigHup(/*@unused@*/ int sig)
310 {
311  sighup_count = 1;
312 }
313 #endif
314 
315 void GlobalsInitPreConfig(void)
316 {
317  TimeInit();
318  SupportFastPatternForSigMatchTypes();
319  SCThresholdConfGlobalInit();
320 }
321 
322 static void GlobalsDestroy(SCInstance *suri)
323 {
324  HostShutdown();
325  HTPFreeConfig();
326  HTPAtExitPrintStats();
327 
328  AppLayerHtpPrintStats();
329 
330  /* TODO this can do into it's own func */
331  DetectEngineCtx *de_ctx = DetectEngineGetCurrent();
332  if (de_ctx) {
333  DetectEngineMoveToFreeList(de_ctx);
334  DetectEngineDeReference(&de_ctx);
335  }
336  DetectEnginePruneFreeList();
337 
338  AppLayerDeSetup();
339  DatasetsSave();
340  DatasetsDestroy();
341  TagDestroyCtx();
342 
343  LiveDeviceListClean();
344  OutputDeregisterAll();
345  FeatureTrackingRelease();
346  TimeDeinit();
347  SCProtoNameDeInit();
348  if (!suri->disabled_detect) {
349  SCReferenceConfDeinit();
350  SCClassConfDeinit();
351  }
352  TmqhCleanup();
353  TmModuleRunDeInit();
354  ParseSizeDeinit();
355 #ifdef HAVE_NSS
356  if (NSS_IsInitialized()) {
357  NSS_Shutdown();
358  PR_Cleanup();
359  }
360 #endif
361 
362 #ifdef HAVE_AF_PACKET
363  AFPPeersListClean();
364 #endif
365 
366 #ifdef NFQ
367  NFQContextsClean();
368 #endif
369 
370 #ifdef BUILD_HYPERSCAN
371  MpmHSGlobalCleanup();
372 #endif
373 
374  ConfDeInit();
375 #ifdef HAVE_LUAJIT
376  LuajitFreeStatesPool();
377 #endif
378  SCLogDeInitLogModule();
379  DetectParseFreeRegexes();
380  SCThresholdConfGlobalFree();
381 
382  SCPidfileRemove(suri->pid_filename);
383  SCFree(suri->pid_filename);
384  suri->pid_filename = NULL;
385 }
386 
387 /** \brief make sure threads can stop the engine by calling this
388  * function. Purpose: pcap file mode needs to be able to tell the
389  * engine the file eof is reached. */
390 void EngineStop(void)
391 {
392  suricata_ctl_flags |= SURICATA_STOP;
393 }
394 
395 /**
396  * \brief Used to indicate that the current task is done.
397  *
398  * This is mainly used by pcap-file to tell it has finished
399  * to treat a pcap files when running in unix-socket mode.
400  */
401 void EngineDone(void)
402 {
403  suricata_ctl_flags |= SURICATA_DONE;
404 }
405 
406 static int SetBpfString(int argc, char *argv[])
407 {
408  char *bpf_filter = NULL;
409  uint32_t bpf_len = 0;
410  int tmpindex = 0;
411 
412  /* attempt to parse remaining args as bpf filter */
413  tmpindex = argc;
414  while(argv[tmpindex] != NULL) {
415  bpf_len+=strlen(argv[tmpindex]) + 1;
416  tmpindex++;
417  }
418 
419  if (bpf_len == 0)
420  return TM_ECODE_OK;
421 
422  if (EngineModeIsIPS()) {
423  SCLogError(SC_ERR_NOT_SUPPORTED,
424  "BPF filter not available in IPS mode."
425  " Use firewall filtering if possible.");
426  return TM_ECODE_FAILED;
427  }
428 
429  bpf_filter = SCMalloc(bpf_len);
430  if (unlikely(bpf_filter == NULL))
431  return TM_ECODE_OK;
432  memset(bpf_filter, 0x00, bpf_len);
433 
434  tmpindex = optind;
435  while(argv[tmpindex] != NULL) {
436  strlcat(bpf_filter, argv[tmpindex],bpf_len);
437  if(argv[tmpindex + 1] != NULL) {
438  strlcat(bpf_filter," ", bpf_len);
439  }
440  tmpindex++;
441  }
442 
443  if(strlen(bpf_filter) > 0) {
444  if (ConfSetFinal("bpf-filter", bpf_filter) != 1) {
445  SCLogError(SC_ERR_FATAL, "Failed to set bpf filter.");
446  SCFree(bpf_filter);
447  return TM_ECODE_FAILED;
448  }
449  }
450  SCFree(bpf_filter);
451 
452  return TM_ECODE_OK;
453 }
454 
455 static void SetBpfStringFromFile(char *filename)
456 {
457  char *bpf_filter = NULL;
458  char *bpf_comment_tmp = NULL;
459  char *bpf_comment_start = NULL;
460  uint32_t bpf_len = 0;
461 #ifdef OS_WIN32
462  struct _stat st;
463 #else
464  struct stat st;
465 #endif /* OS_WIN32 */
466  FILE *fp = NULL;
467  size_t nm = 0;
468 
469  if (EngineModeIsIPS()) {
470  FatalError(SC_ERR_FATAL,
471  "BPF filter not available in IPS mode."
472  " Use firewall filtering if possible.");
473  }
474 
475 #ifdef OS_WIN32
476  if(_stat(filename, &st) != 0) {
477 #else
478  if(stat(filename, &st) != 0) {
479 #endif /* OS_WIN32 */
480  SCLogError(SC_ERR_FOPEN, "Failed to stat file %s", filename);
481  exit(EXIT_FAILURE);
482  }
483  bpf_len = st.st_size + 1;
484 
485  // coverity[toctou : FALSE]
486  fp = fopen(filename,"r");
487  if (fp == NULL) {
488  SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
489  exit(EXIT_FAILURE);
490  }
491 
492  bpf_filter = SCMalloc(bpf_len * sizeof(char));
493  if (unlikely(bpf_filter == NULL)) {
494  SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate buffer for bpf filter in file %s", filename);
495  exit(EXIT_FAILURE);
496  }
497  memset(bpf_filter, 0x00, bpf_len);
498 
499  nm = fread(bpf_filter, 1, bpf_len - 1, fp);
500  if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
501  SCLogError(SC_ERR_BPF, "Failed to read complete BPF file %s", filename);
502  SCFree(bpf_filter);
503  fclose(fp);
504  exit(EXIT_FAILURE);
505  }
506  fclose(fp);
507  bpf_filter[nm] = '\0';
508 
509  if(strlen(bpf_filter) > 0) {
510  /*replace comments with space*/
511  bpf_comment_start = bpf_filter;
512  while((bpf_comment_tmp = strchr(bpf_comment_start, '#')) != NULL) {
513  while((*bpf_comment_tmp !='\0') &&
514  (*bpf_comment_tmp != '\r') && (*bpf_comment_tmp != '\n'))
515  {
516  *bpf_comment_tmp++ = ' ';
517  }
518  bpf_comment_start = bpf_comment_tmp;
519  }
520  /*remove remaining '\r' and '\n' */
521  while((bpf_comment_tmp = strchr(bpf_filter, '\r')) != NULL) {
522  *bpf_comment_tmp = ' ';
523  }
524  while((bpf_comment_tmp = strchr(bpf_filter, '\n')) != NULL) {
525  *bpf_comment_tmp = ' ';
526  }
527  /* cut trailing spaces */
528  while (strlen(bpf_filter) > 0 &&
529  bpf_filter[strlen(bpf_filter)-1] == ' ')
530  {
531  bpf_filter[strlen(bpf_filter)-1] = '\0';
532  }
533  if (strlen(bpf_filter) > 0) {
534  if(ConfSetFinal("bpf-filter", bpf_filter) != 1) {
535  SCLogError(SC_ERR_FOPEN, "ERROR: Failed to set bpf filter!");
536  SCFree(bpf_filter);
537  exit(EXIT_FAILURE);
538  }
539  }
540  }
541  SCFree(bpf_filter);
542 }
543 
544 static void PrintUsage(const char *progname)
545 {
546 #ifdef REVISION
547  printf("%s %s (%s)\n", PROG_NAME, PROG_VER, xstr(REVISION));
548 #else
549  printf("%s %s\n", PROG_NAME, PROG_VER);
550 #endif
551  printf("USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
552  printf("\t-c <path> : path to configuration file\n");
553  printf("\t-T : test configuration file (use with -c)\n");
554  printf("\t-i <dev or ip> : run in pcap live mode\n");
555  printf("\t-F <bpf filter file> : bpf filter file\n");
556  printf("\t-r <path> : run in pcap file/offline mode\n");
557 #ifdef NFQ
558  printf("\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
559 #endif /* NFQ */
560 #ifdef IPFW
561  printf("\t-d <divert port> : run in inline ipfw divert mode\n");
562 #endif /* IPFW */
563  printf("\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
564  printf("\t-S <path> : path to signature file loaded exclusively (optional)\n");
565  printf("\t-l <dir> : default log directory\n");
566 #ifndef OS_WIN32
567  printf("\t-D : run as daemon\n");
568 #else
569  printf("\t--service-install : install as service\n");
570  printf("\t--service-remove : remove service\n");
571  printf("\t--service-change-params : change service startup parameters\n");
572 #endif /* OS_WIN32 */
573  printf("\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
574  printf("\t-V : display Suricata version\n");
575  printf("\t-v : be more verbose (use multiple times to increase verbosity)\n");
576 #ifdef UNITTESTS
577  printf("\t-u : run the unittests and exit\n");
578  printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
579  printf("\t--list-unittests : list unit tests\n");
580  printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
581  printf("\t--unittests-coverage : display unittest coverage report\n");
582 #endif /* UNITTESTS */
583  printf("\t--list-app-layer-protos : list supported app layer protocols\n");
584  printf("\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
585  printf("\t--list-runmodes : list supported runmodes\n");
586  printf("\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
587  "\t supplied should be the id for the runmode obtained by running\n"
588  "\t --list-runmodes\n");
589  printf("\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
590  "\t Please have a look at the conf parameter engine-analysis on what reports\n"
591  "\t can be printed\n");
592  printf("\t--pidfile <file> : write pid to this file\n");
593  printf("\t--init-errors-fatal : enable fatal failure on signature init error\n");
594  printf("\t--disable-detection : disable detection engine\n");
595  printf("\t--dump-config : show the running configuration\n");
596  printf("\t--dump-features : display provided features\n");
597  printf("\t--build-info : display build information\n");
598  printf("\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
599  printf("\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
600  printf("\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
601 #ifdef HAVE_PCAP_SET_BUFF
602  printf("\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
603 #endif /* HAVE_SET_PCAP_BUFF */
604 #ifdef HAVE_AF_PACKET
605  printf("\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
606 #endif
607 #ifdef HAVE_NETMAP
608  printf("\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
609 #endif
610 #ifdef HAVE_PFRING
611  printf("\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
612  printf("\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
613  printf("\t--pfring-cluster-id <id> : pfring cluster id \n");
614  printf("\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
615 #endif /* HAVE_PFRING */
616  printf("\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
617 #ifdef HAVE_LIBCAP_NG
618  printf("\t--user <user> : run suricata as this user after init\n");
619  printf("\t--group <group> : run suricata as this group after init\n");
620 #endif /* HAVE_LIBCAP_NG */
621  printf("\t--erf-in <path> : process an ERF file\n");
622 #ifdef HAVE_DAG
623  printf("\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
624 #endif
625 #ifdef HAVE_NAPATECH
626  printf("\t--napatech : run Napatech Streams using the API\n");
627 #endif
628 #ifdef BUILD_UNIX_SOCKET
629  printf("\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
630 #endif
631 #ifdef WINDIVERT
632  printf("\t--windivert <filter> : run in inline WinDivert mode\n");
633  printf("\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
634 #endif
635 #ifdef HAVE_LIBNET11
636  printf("\t--reject-dev <dev> : send reject packets from this interface\n");
637 #endif
638  printf("\t--set name=value : set a configuration value\n");
639  printf("\n");
640  printf("\nTo run the engine with default configuration on "
641  "interface eth0 with signature file \"signatures.rules\", run the "
642  "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
643  progname);
644 }
645 
646 static void PrintBuildInfo(void)
647 {
648  const char *bits = "<unknown>-bits";
649  const char *endian = "<unknown>-endian";
650  char features[2048] = "";
651  const char *tls;
652 
653  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
654 
655 #ifdef DEBUG
656  strlcat(features, "DEBUG ", sizeof(features));
657 #endif
658 #ifdef DEBUG_VALIDATION
659  strlcat(features, "DEBUG_VALIDATION ", sizeof(features));
660 #endif
661 #ifdef UNITTESTS
662  strlcat(features, "UNITTESTS ", sizeof(features));
663 #endif
664 #ifdef NFQ
665  strlcat(features, "NFQ ", sizeof(features));
666 #endif
667 #ifdef IPFW
668  strlcat(features, "IPFW ", sizeof(features));
669 #endif
670 #ifdef HAVE_PCAP_SET_BUFF
671  strlcat(features, "PCAP_SET_BUFF ", sizeof(features));
672 #endif
673 #ifdef HAVE_PFRING
674  strlcat(features, "PF_RING ", sizeof(features));
675 #endif
676 #ifdef HAVE_AF_PACKET
677  strlcat(features, "AF_PACKET ", sizeof(features));
678 #endif
679 #ifdef HAVE_NETMAP
680  strlcat(features, "NETMAP ", sizeof(features));
681 #endif
682 #ifdef HAVE_PACKET_FANOUT
683  strlcat(features, "HAVE_PACKET_FANOUT ", sizeof(features));
684 #endif
685 #ifdef HAVE_DAG
686  strlcat(features, "DAG ", sizeof(features));
687 #endif
688 #ifdef HAVE_LIBCAP_NG
689  strlcat(features, "LIBCAP_NG ", sizeof(features));
690 #endif
691 #ifdef HAVE_LIBNET11
692  strlcat(features, "LIBNET1.1 ", sizeof(features));
693 #endif
694 #ifdef HAVE_HTP_URI_NORMALIZE_HOOK
695  strlcat(features, "HAVE_HTP_URI_NORMALIZE_HOOK ", sizeof(features));
696 #endif
697 #ifdef PCRE_HAVE_JIT
698  strlcat(features, "PCRE_JIT ", sizeof(features));
699 #endif
700 #ifdef HAVE_NSS
701  strlcat(features, "HAVE_NSS ", sizeof(features));
702 #endif
703 #ifdef HAVE_LUA
704  strlcat(features, "HAVE_LUA ", sizeof(features));
705 #endif
706 #ifdef HAVE_LUAJIT
707  strlcat(features, "HAVE_LUAJIT ", sizeof(features));
708 #endif
709  strlcat(features, "HAVE_LIBJANSSON ", sizeof(features));
710 #ifdef PROFILING
711  strlcat(features, "PROFILING ", sizeof(features));
712 #endif
713 #ifdef PROFILE_LOCKING
714  strlcat(features, "PROFILE_LOCKING ", sizeof(features));
715 #endif
716 #if defined(TLS_C11) || defined(TLS_GNU)
717  strlcat(features, "TLS ", sizeof(features));
718 #endif
719 #if defined(TLS_C11)
720  strlcat(features, "TLS_C11 ", sizeof(features));
721 #elif defined(TLS_GNU)
722  strlcat(features, "TLS_GNU ", sizeof(features));
723 #endif
724 #ifdef HAVE_MAGIC
725  strlcat(features, "MAGIC ", sizeof(features));
726 #endif
727  strlcat(features, "RUST ", sizeof(features));
728  if (strlen(features) == 0) {
729  strlcat(features, "none", sizeof(features));
730  }
731 
732  printf("Features: %s\n", features);
733 
734  /* SIMD stuff */
735  memset(features, 0x00, sizeof(features));
736 #if defined(__SSE4_2__)
737  strlcat(features, "SSE_4_2 ", sizeof(features));
738 #endif
739 #if defined(__SSE4_1__)
740  strlcat(features, "SSE_4_1 ", sizeof(features));
741 #endif
742 #if defined(__SSE3__)
743  strlcat(features, "SSE_3 ", sizeof(features));
744 #endif
745  if (strlen(features) == 0) {
746  strlcat(features, "none", sizeof(features));
747  }
748  printf("SIMD support: %s\n", features);
749 
750  /* atomics stuff */
751  memset(features, 0x00, sizeof(features));
752 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
753  strlcat(features, "1 ", sizeof(features));
754 #endif
755 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
756  strlcat(features, "2 ", sizeof(features));
757 #endif
758 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
759  strlcat(features, "4 ", sizeof(features));
760 #endif
761 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
762  strlcat(features, "8 ", sizeof(features));
763 #endif
764 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
765  strlcat(features, "16 ", sizeof(features));
766 #endif
767  if (strlen(features) == 0) {
768  strlcat(features, "none", sizeof(features));
769  } else {
770  strlcat(features, "byte(s)", sizeof(features));
771  }
772  printf("Atomic intrinsics: %s\n", features);
773 
774 #if __WORDSIZE == 64
775  bits = "64-bits";
776 #elif __WORDSIZE == 32
777  bits = "32-bits";
778 #endif
779 
780 #if __BYTE_ORDER == __BIG_ENDIAN
781  endian = "Big-endian";
782 #elif __BYTE_ORDER == __LITTLE_ENDIAN
783  endian = "Little-endian";
784 #endif
785 
786  printf("%s, %s architecture\n", bits, endian);
787 #ifdef __GNUC__
788  printf("GCC version %s, C version %"PRIiMAX"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
789 #else
790  printf("C version %"PRIiMAX"\n", (intmax_t)__STDC_VERSION__);
791 #endif
792 
793 #if __SSP__ == 1
794  printf("compiled with -fstack-protector\n");
795 #endif
796 #if __SSP_ALL__ == 2
797  printf("compiled with -fstack-protector-all\n");
798 #endif
799 /*
800  * Workaround for special defines of _FORTIFY_SOURCE like
801  * FORTIFY_SOURCE=((defined __OPTIMIZE && OPTIMIZE > 0) ? 2 : 0)
802  * which is used by Gentoo for example and would result in the error
803  * 'defined' undeclared when _FORTIFY_SOURCE used via %d in printf func
804  *
805  */
806 #if _FORTIFY_SOURCE == 2
807  printf("compiled with _FORTIFY_SOURCE=2\n");
808 #elif _FORTIFY_SOURCE == 1
809  printf("compiled with _FORTIFY_SOURCE=1\n");
810 #elif _FORTIFY_SOURCE == 0
811  printf("compiled with _FORTIFY_SOURCE=0\n");
812 #endif
813 #ifdef CLS
814  printf("L1 cache line size (CLS)=%d\n", CLS);
815 #endif
816 #if defined(TLS_C11)
817  tls = "_Thread_local";
818 #elif defined(TLS_GNU)
819  tls = "__thread";
820 #else
821 #error "Unsupported thread local"
822 #endif
823  printf("thread local storage method: %s\n", tls);
824 
825  printf("compiled with %s, linked against %s\n",
826  HTP_VERSION_STRING_FULL, htp_get_version());
827  printf("\n");
828 #include "build-info.h"
829 }
830 
831 int coverage_unittests;
832 int g_ut_modules;
833 int g_ut_covered;
834 
835 void RegisterAllModules(void)
836 {
837  // zero all module storage
838  memset(tmm_modules, 0, TMM_SIZE * sizeof(TmModule));
839 
840  /* commanders */
841  TmModuleUnixManagerRegister();
842  /* managers */
843  TmModuleFlowManagerRegister();
844  TmModuleFlowRecyclerRegister();
845  TmModuleBypassedFlowManagerRegister();
846  /* nfq */
847  TmModuleReceiveNFQRegister();
848  TmModuleVerdictNFQRegister();
849  TmModuleDecodeNFQRegister();
850  /* ipfw */
851  TmModuleReceiveIPFWRegister();
852  TmModuleVerdictIPFWRegister();
853  TmModuleDecodeIPFWRegister();
854  /* pcap live */
855  TmModuleReceivePcapRegister();
856  TmModuleDecodePcapRegister();
857  /* pcap file */
858  TmModuleReceivePcapFileRegister();
859  TmModuleDecodePcapFileRegister();
860  /* af-packet */
861  TmModuleReceiveAFPRegister();
862  TmModuleDecodeAFPRegister();
863  /* netmap */
864  TmModuleReceiveNetmapRegister();
865  TmModuleDecodeNetmapRegister();
866  /* pfring */
867  TmModuleReceivePfringRegister();
868  TmModuleDecodePfringRegister();
869  /* dag file */
870  TmModuleReceiveErfFileRegister();
871  TmModuleDecodeErfFileRegister();
872  /* dag live */
873  TmModuleReceiveErfDagRegister();
874  TmModuleDecodeErfDagRegister();
875  /* napatech */
876  TmModuleNapatechStreamRegister();
877  TmModuleNapatechDecodeRegister();
878 
879  /* flow worker */
880  TmModuleFlowWorkerRegister();
881  /* respond-reject */
882  TmModuleRespondRejectRegister();
883 
884  /* log api */
885  TmModuleLoggerRegister();
886  TmModuleStatsLoggerRegister();
887 
888  TmModuleDebugList();
889  /* nflog */
890  TmModuleReceiveNFLOGRegister();
891  TmModuleDecodeNFLOGRegister();
892 
893  /* windivert */
894  TmModuleReceiveWinDivertRegister();
895  TmModuleVerdictWinDivertRegister();
896  TmModuleDecodeWinDivertRegister();
897 }
898 
899 static TmEcode LoadYamlConfig(SCInstance *suri)
900 {
901  SCEnter();
902 
903  if (suri->conf_filename == NULL)
904  suri->conf_filename = DEFAULT_CONF_FILE;
905 
906  if (ConfYamlLoadFile(suri->conf_filename) != 0) {
907  /* Error already displayed. */
908  SCReturnInt(TM_ECODE_FAILED);
909  }
910 
911  SCReturnInt(TM_ECODE_OK);
912 }
913 
914 static TmEcode ParseInterfacesList(const int runmode, char *pcap_dev)
915 {
916  SCEnter();
917 
918  /* run the selected runmode */
919  if (runmode == RUNMODE_PCAP_DEV) {
920  if (strlen(pcap_dev) == 0) {
921  int ret = LiveBuildDeviceList("pcap");
922  if (ret == 0) {
923  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for pcap");
924  SCReturnInt(TM_ECODE_FAILED);
925  }
926  }
927  } else if (runmode == RUNMODE_PFRING) {
928  /* FIXME add backward compat support */
929  /* iface has been set on command line */
930  if (strlen(pcap_dev)) {
931  if (ConfSetFinal("pfring.live-interface", pcap_dev) != 1) {
932  SCLogError(SC_ERR_INITIALIZATION, "Failed to set pfring.live-interface");
933  SCReturnInt(TM_ECODE_FAILED);
934  }
935  } else {
936  /* not an error condition if we have a 1.0 config */
937  LiveBuildDeviceList("pfring");
938  }
939 #ifdef HAVE_AF_PACKET
940  } else if (runmode == RUNMODE_AFP_DEV) {
941  /* iface has been set on command line */
942  if (strlen(pcap_dev)) {
943  if (ConfSetFinal("af-packet.live-interface", pcap_dev) != 1) {
944  SCLogError(SC_ERR_INITIALIZATION, "Failed to set af-packet.live-interface");
945  SCReturnInt(TM_ECODE_FAILED);
946  }
947  } else {
948  int ret = LiveBuildDeviceList("af-packet");
949  if (ret == 0) {
950  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for af-packet");
951  SCReturnInt(TM_ECODE_FAILED);
952  }
953  }
954 #endif
955 #ifdef HAVE_NETMAP
956  } else if (runmode == RUNMODE_NETMAP) {
957  /* iface has been set on command line */
958  if (strlen(pcap_dev)) {
959  if (ConfSetFinal("netmap.live-interface", pcap_dev) != 1) {
960  SCLogError(SC_ERR_INITIALIZATION, "Failed to set netmap.live-interface");
961  SCReturnInt(TM_ECODE_FAILED);
962  }
963  } else {
964  int ret = LiveBuildDeviceList("netmap");
965  if (ret == 0) {
966  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for netmap");
967  SCReturnInt(TM_ECODE_FAILED);
968  }
969  }
970 #endif
971 #ifdef HAVE_NFLOG
972  } else if (runmode == RUNMODE_NFLOG) {
973  int ret = LiveBuildDeviceListCustom("nflog", "group");
974  if (ret == 0) {
975  SCLogError(SC_ERR_INITIALIZATION, "No group found in config for nflog");
976  SCReturnInt(TM_ECODE_FAILED);
977  }
978 #endif
979  }
980 
981  SCReturnInt(TM_ECODE_OK);
982 }
983 
984 static void SCInstanceInit(SCInstance *suri, const char *progname)
985 {
986  memset(suri, 0x00, sizeof(*suri));
987 
988  suri->progname = progname;
989  suri->run_mode = RUNMODE_UNKNOWN;
990 
991  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
992  suri->sig_file = NULL;
993  suri->sig_file_exclusive = FALSE;
994  suri->pid_filename = NULL;
995  suri->regex_arg = NULL;
996 
997  suri->keyword_info = NULL;
998  suri->runmode_custom_mode = NULL;
999 #ifndef OS_WIN32
1000  suri->user_name = NULL;
1001  suri->group_name = NULL;
1002  suri->do_setuid = FALSE;
1003  suri->do_setgid = FALSE;
1004  suri->userid = 0;
1005  suri->groupid = 0;
1006 #endif /* OS_WIN32 */
1007  suri->delayed_detect = 0;
1008  suri->daemon = 0;
1009  suri->offline = 0;
1010  suri->verbose = 0;
1011  /* use -1 as unknown */
1012  suri->checksum_validation = -1;
1013 #if HAVE_DETECT_DISABLED==1
1014  g_detect_disabled = suri->disabled_detect = 1;
1015 #else
1016  g_detect_disabled = suri->disabled_detect = 0;
1017 #endif
1018 }
1019 
1020 const char *GetDocURL(void)
1021 {
1022  const char *prog_ver = GetProgramVersion();
1023  if (strstr(prog_ver, "RELEASE") != NULL) {
1024  return DOC_URL "suricata-" PROG_VER;
1025  }
1026  return DOC_URL "latest";
1027 }
1028 
1029 /** \brief get string with program version
1030  *
1031  * Get the program version as passed to us from AC_INIT
1032  *
1033  * Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed
1034  * to us.
1035  *
1036  * Possible outputs:
1037  * release: '5.0.1 RELEASE'
1038  * dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)'
1039  * dev w/o rev: '5.0.1-dev'
1040  */
1041 const char *GetProgramVersion(void)
1042 {
1043  if (strstr(PROG_VER, "-dev") == NULL) {
1044  return PROG_VER " RELEASE";
1045  } else {
1046 #ifdef REVISION
1047  return PROG_VER " (" xstr(REVISION) ")";
1048 #else
1049  return PROG_VER;
1050 #endif
1051  }
1052 }
1053 
1054 static TmEcode PrintVersion(void)
1055 {
1056  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
1057  return TM_ECODE_OK;
1058 }
1059 
1060 static TmEcode LogVersion(SCInstance *suri)
1061 {
1062  const char *mode = suri->system ? "SYSTEM" : "USER";
1063  SCLogNotice("This is %s version %s running in %s mode",
1064  PROG_NAME, GetProgramVersion(), mode);
1065  return TM_ECODE_OK;
1066 }
1067 
1068 static void SCSetStartTime(SCInstance *suri)
1069 {
1070  memset(&suri->start_time, 0, sizeof(suri->start_time));
1071  gettimeofday(&suri->start_time, NULL);
1072 }
1073 
1074 static void SCPrintElapsedTime(struct timeval *start_time)
1075 {
1076  if (start_time == NULL)
1077  return;
1078  struct timeval end_time;
1079  memset(&end_time, 0, sizeof(end_time));
1080  gettimeofday(&end_time, NULL);
1081  uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1082  (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1083  SCLogInfo("time elapsed %.3fs", (float)milliseconds/(float)1000);
1084 }
1085 
1086 static int ParseCommandLineAfpacket(SCInstance *suri, const char *in_arg)
1087 {
1088 #ifdef HAVE_AF_PACKET
1089  if (suri->run_mode == RUNMODE_UNKNOWN) {
1090  suri->run_mode = RUNMODE_AFP_DEV;
1091  if (in_arg) {
1092  LiveRegisterDeviceName(in_arg);
1093  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1094  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1095  }
1096  } else if (suri->run_mode == RUNMODE_AFP_DEV) {
1097  if (in_arg) {
1098  LiveRegisterDeviceName(in_arg);
1099  } else {
1100  SCLogInfo("Multiple af-packet option without interface on each is useless");
1101  }
1102  } else {
1103  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1104  "has been specified");
1105  PrintUsage(suri->progname);
1106  return TM_ECODE_FAILED;
1107  }
1108  return TM_ECODE_OK;
1109 #else
1110  SCLogError(SC_ERR_NO_AF_PACKET,"AF_PACKET not enabled. On Linux "
1111  "host, make sure to pass --enable-af-packet to "
1112  "configure when building.");
1113  return TM_ECODE_FAILED;
1114 #endif
1115 }
1116 
1117 static int ParseCommandLinePcapLive(SCInstance *suri, const char *in_arg)
1118 {
1119  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1120 
1121  if (in_arg != NULL) {
1122  /* some windows shells require escaping of the \ in \Device. Otherwise
1123  * the backslashes are stripped. We put them back here. */
1124  if (strlen(in_arg) > 9 && strncmp(in_arg, "DeviceNPF", 9) == 0) {
1125  snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", in_arg+9);
1126  } else {
1127  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1128  PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev));
1129  }
1130 
1131  if (strcmp(suri->pcap_dev, in_arg) != 0) {
1132  SCLogInfo("translated %s to pcap device %s", in_arg, suri->pcap_dev);
1133  } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) {
1134  SCLogError(SC_ERR_PCAP_TRANSLATE, "failed to find a pcap device for IP %s", in_arg);
1135  return TM_ECODE_FAILED;
1136  }
1137  }
1138 
1139  if (suri->run_mode == RUNMODE_UNKNOWN) {
1140  suri->run_mode = RUNMODE_PCAP_DEV;
1141  if (in_arg) {
1142  LiveRegisterDeviceName(suri->pcap_dev);
1143  }
1144  } else if (suri->run_mode == RUNMODE_PCAP_DEV) {
1145  LiveRegisterDeviceName(suri->pcap_dev);
1146  } else {
1147  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1148  "has been specified");
1149  PrintUsage(suri->progname);
1150  return TM_ECODE_FAILED;
1151  }
1152  return TM_ECODE_OK;
1153 }
1154 
1155 /**
1156  * Helper function to check if log directory is writable
1157  */
1158 static bool IsLogDirectoryWritable(const char* str)
1159 {
1160  if (access(str, W_OK) == 0)
1161  return true;
1162  return false;
1163 }
1164 
1165 static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
1166 {
1167  int opt;
1168 
1169  int dump_config = 0;
1170  int dump_features = 0;
1171  int list_app_layer_protocols = 0;
1172  int list_unittests = 0;
1173  int list_runmodes = 0;
1174  int list_keywords = 0;
1175  int build_info = 0;
1176  int conf_test = 0;
1177  int engine_analysis = 0;
1178  int ret = TM_ECODE_OK;
1179 
1180 #ifdef UNITTESTS
1181  coverage_unittests = 0;
1182  g_ut_modules = 0;
1183  g_ut_covered = 0;
1184 #endif
1185 
1186  struct option long_opts[] = {
1187  {"dump-config", 0, &dump_config, 1},
1188  {"dump-features", 0, &dump_features, 1},
1189  {"pfring", optional_argument, 0, 0},
1190  {"pfring-int", required_argument, 0, 0},
1191  {"pfring-cluster-id", required_argument, 0, 0},
1192  {"pfring-cluster-type", required_argument, 0, 0},
1193  {"af-packet", optional_argument, 0, 0},
1194  {"netmap", optional_argument, 0, 0},
1195  {"pcap", optional_argument, 0, 0},
1196  {"pcap-file-continuous", 0, 0, 0},
1197  {"pcap-file-delete", 0, 0, 0},
1198  {"simulate-ips", 0, 0 , 0},
1199  {"no-random", 0, &g_disable_randomness, 1},
1200  {"strict-rule-keywords", optional_argument, 0, 0},
1201 
1202 #ifdef BUILD_UNIX_SOCKET
1203  {"unix-socket", optional_argument, 0, 0},
1204 #endif
1205  {"pcap-buffer-size", required_argument, 0, 0},
1206  {"unittest-filter", required_argument, 0, 'U'},
1207  {"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1208  {"list-unittests", 0, &list_unittests, 1},
1209  {"list-runmodes", 0, &list_runmodes, 1},
1210  {"list-keywords", optional_argument, &list_keywords, 1},
1211  {"runmode", required_argument, NULL, 0},
1212  {"engine-analysis", 0, &engine_analysis, 1},
1213 #ifdef OS_WIN32
1214  {"service-install", 0, 0, 0},
1215  {"service-remove", 0, 0, 0},
1216  {"service-change-params", 0, 0, 0},
1217 #endif /* OS_WIN32 */
1218  {"pidfile", required_argument, 0, 0},
1219  {"init-errors-fatal", 0, 0, 0},
1220  {"disable-detection", 0, 0, 0},
1221  {"fatal-unittests", 0, 0, 0},
1222  {"unittests-coverage", 0, &coverage_unittests, 1},
1223  {"user", required_argument, 0, 0},
1224  {"group", required_argument, 0, 0},
1225  {"erf-in", required_argument, 0, 0},
1226  {"dag", required_argument, 0, 0},
1227  {"napatech", 0, 0, 0},
1228  {"build-info", 0, &build_info, 1},
1229  {"data-dir", required_argument, 0, 0},
1230 #ifdef WINDIVERT
1231  {"windivert", required_argument, 0, 0},
1232  {"windivert-forward", required_argument, 0, 0},
1233 #endif
1234 #ifdef HAVE_LIBNET11
1235  {"reject-dev", required_argument, 0, 0},
1236 #endif
1237  {"set", required_argument, 0, 0},
1238 #ifdef HAVE_NFLOG
1239  {"nflog", optional_argument, 0, 0},
1240 #endif
1241  {NULL, 0, NULL, 0}
1242  };
1243 
1244  /* getopt_long stores the option index here. */
1245  int option_index = 0;
1246 
1247  char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1248 
1249  while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1250  switch (opt) {
1251  case 0:
1252  if (strcmp((long_opts[option_index]).name , "pfring") == 0 ||
1253  strcmp((long_opts[option_index]).name , "pfring-int") == 0) {
1254 #ifdef HAVE_PFRING
1255  suri->run_mode = RUNMODE_PFRING;
1256  if (optarg != NULL) {
1257  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1258  strlcpy(suri->pcap_dev, optarg,
1259  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1260  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1261  LiveRegisterDeviceName(optarg);
1262  }
1263 #else
1264  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1265  "to pass --enable-pfring to configure when building.");
1266  return TM_ECODE_FAILED;
1267 #endif /* HAVE_PFRING */
1268  }
1269  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-id") == 0){
1270 #ifdef HAVE_PFRING
1271  if (ConfSetFinal("pfring.cluster-id", optarg) != 1) {
1272  fprintf(stderr, "ERROR: Failed to set pfring.cluster-id.\n");
1273  return TM_ECODE_FAILED;
1274  }
1275 #else
1276  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1277  "to pass --enable-pfring to configure when building.");
1278  return TM_ECODE_FAILED;
1279 #endif /* HAVE_PFRING */
1280  }
1281  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-type") == 0){
1282 #ifdef HAVE_PFRING
1283  if (ConfSetFinal("pfring.cluster-type", optarg) != 1) {
1284  fprintf(stderr, "ERROR: Failed to set pfring.cluster-type.\n");
1285  return TM_ECODE_FAILED;
1286  }
1287 #else
1288  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1289  "to pass --enable-pfring to configure when building.");
1290  return TM_ECODE_FAILED;
1291 #endif /* HAVE_PFRING */
1292  }
1293  else if (strcmp((long_opts[option_index]).name , "af-packet") == 0)
1294  {
1295  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1296  return TM_ECODE_FAILED;
1297  }
1298  } else if (strcmp((long_opts[option_index]).name , "netmap") == 0){
1299 #ifdef HAVE_NETMAP
1300  if (suri->run_mode == RUNMODE_UNKNOWN) {
1301  suri->run_mode = RUNMODE_NETMAP;
1302  if (optarg) {
1303  LiveRegisterDeviceName(optarg);
1304  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1305  strlcpy(suri->pcap_dev, optarg,
1306  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1307  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1308  }
1309  } else if (suri->run_mode == RUNMODE_NETMAP) {
1310  if (optarg) {
1311  LiveRegisterDeviceName(optarg);
1312  } else {
1313  SCLogInfo("Multiple netmap option without interface on each is useless");
1314  break;
1315  }
1316  } else {
1317  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1318  "has been specified");
1319  PrintUsage(argv[0]);
1320  return TM_ECODE_FAILED;
1321  }
1322 #else
1323  SCLogError(SC_ERR_NO_NETMAP, "NETMAP not enabled.");
1324  return TM_ECODE_FAILED;
1325 #endif
1326  } else if (strcmp((long_opts[option_index]).name, "nflog") == 0) {
1327 #ifdef HAVE_NFLOG
1328  if (suri->run_mode == RUNMODE_UNKNOWN) {
1329  suri->run_mode = RUNMODE_NFLOG;
1330  LiveBuildDeviceListCustom("nflog", "group");
1331  }
1332 #else
1333  SCLogError(SC_ERR_NFLOG_NOSUPPORT, "NFLOG not enabled.");
1334  return TM_ECODE_FAILED;
1335 #endif /* HAVE_NFLOG */
1336  } else if (strcmp((long_opts[option_index]).name , "pcap") == 0) {
1337  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1338  return TM_ECODE_FAILED;
1339  }
1340  } else if(strcmp((long_opts[option_index]).name, "simulate-ips") == 0) {
1341  SCLogInfo("Setting IPS mode");
1342  EngineModeSetIPS();
1343  } else if(strcmp((long_opts[option_index]).name, "init-errors-fatal") == 0) {
1344  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1345  fprintf(stderr, "ERROR: Failed to set engine init-failure-fatal.\n");
1346  return TM_ECODE_FAILED;
1347  }
1348 #ifdef BUILD_UNIX_SOCKET
1349  } else if (strcmp((long_opts[option_index]).name , "unix-socket") == 0) {
1350  if (suri->run_mode == RUNMODE_UNKNOWN) {
1351  suri->run_mode = RUNMODE_UNIX_SOCKET;
1352  if (optarg) {
1353  if (ConfSetFinal("unix-command.filename", optarg) != 1) {
1354  fprintf(stderr, "ERROR: Failed to set unix-command.filename.\n");
1355  return TM_ECODE_FAILED;
1356  }
1357 
1358  }
1359  } else {
1360  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1361  "has been specified");
1362  PrintUsage(argv[0]);
1363  return TM_ECODE_FAILED;
1364  }
1365 #endif
1366  }
1367  else if(strcmp((long_opts[option_index]).name, "list-app-layer-protocols") == 0) {
1368  /* listing all supported app layer protocols */
1369  }
1370  else if(strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
1371 #ifdef UNITTESTS
1372  suri->run_mode = RUNMODE_LIST_UNITTEST;
1373 #else
1374  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1375  return TM_ECODE_FAILED;
1376 #endif /* UNITTESTS */
1377  } else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
1378  suri->run_mode = RUNMODE_LIST_RUNMODES;
1379  return TM_ECODE_OK;
1380  } else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
1381  if (optarg) {
1382  if (strcmp("short",optarg)) {
1383  suri->keyword_info = optarg;
1384  }
1385  }
1386  } else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
1387  suri->runmode_custom_mode = optarg;
1388  } else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
1389  // do nothing for now
1390  }
1391 #ifdef OS_WIN32
1392  else if(strcmp((long_opts[option_index]).name, "service-install") == 0) {
1393  suri->run_mode = RUNMODE_INSTALL_SERVICE;
1394  return TM_ECODE_OK;
1395  }
1396  else if(strcmp((long_opts[option_index]).name, "service-remove") == 0) {
1397  suri->run_mode = RUNMODE_REMOVE_SERVICE;
1398  return TM_ECODE_OK;
1399  }
1400  else if(strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
1401  suri->run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1402  return TM_ECODE_OK;
1403  }
1404 #endif /* OS_WIN32 */
1405  else if(strcmp((long_opts[option_index]).name, "pidfile") == 0) {
1406  suri->pid_filename = SCStrdup(optarg);
1407  if (suri->pid_filename == NULL) {
1408  SCLogError(SC_ERR_MEM_ALLOC, "strdup failed: %s",
1409  strerror(errno));
1410  return TM_ECODE_FAILED;
1411  }
1412  }
1413  else if(strcmp((long_opts[option_index]).name, "disable-detection") == 0) {
1414  g_detect_disabled = suri->disabled_detect = 1;
1415  }
1416  else if(strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
1417 #ifdef UNITTESTS
1418  unittests_fatal = 1;
1419 #else
1420  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1421  return TM_ECODE_FAILED;
1422 #endif /* UNITTESTS */
1423  }
1424  else if(strcmp((long_opts[option_index]).name, "user") == 0) {
1425 #ifndef HAVE_LIBCAP_NG
1426  SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
1427  " drop privileges, but it was not compiled into Suricata.");
1428  return TM_ECODE_FAILED;
1429 #else
1430  suri->user_name = optarg;
1431  suri->do_setuid = TRUE;
1432 #endif /* HAVE_LIBCAP_NG */
1433  }
1434  else if(strcmp((long_opts[option_index]).name, "group") == 0) {
1435 #ifndef HAVE_LIBCAP_NG
1436  SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
1437  " drop privileges, but it was not compiled into Suricata.");
1438  return TM_ECODE_FAILED;
1439 #else
1440  suri->group_name = optarg;
1441  suri->do_setgid = TRUE;
1442 #endif /* HAVE_LIBCAP_NG */
1443  }
1444  else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) {
1445  suri->run_mode = RUNMODE_ERF_FILE;
1446  if (ConfSetFinal("erf-file.file", optarg) != 1) {
1447  fprintf(stderr, "ERROR: Failed to set erf-file.file\n");
1448  return TM_ECODE_FAILED;
1449  }
1450  }
1451  else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
1452 #ifdef HAVE_DAG
1453  if (suri->run_mode == RUNMODE_UNKNOWN) {
1454  suri->run_mode = RUNMODE_DAG;
1455  }
1456  else if (suri->run_mode != RUNMODE_DAG) {
1457  SCLogError(SC_ERR_MULTIPLE_RUN_MODE,
1458  "more than one run mode has been specified");
1459  PrintUsage(argv[0]);
1460  return TM_ECODE_FAILED;
1461  }
1462  LiveRegisterDeviceName(optarg);
1463 #else
1464  SCLogError(SC_ERR_DAG_REQUIRED, "libdag and a DAG card are required"
1465  " to receive packets using --dag.");
1466  return TM_ECODE_FAILED;
1467 #endif /* HAVE_DAG */
1468  }
1469  else if (strcmp((long_opts[option_index]).name, "napatech") == 0) {
1470 #ifdef HAVE_NAPATECH
1471  suri->run_mode = RUNMODE_NAPATECH;
1472 #else
1473  SCLogError(SC_ERR_NAPATECH_REQUIRED, "libntapi and a Napatech adapter are required"
1474  " to capture packets using --napatech.");
1475  return TM_ECODE_FAILED;
1476 #endif /* HAVE_NAPATECH */
1477  }
1478  else if(strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
1479 #ifdef HAVE_PCAP_SET_BUFF
1480  if (ConfSetFinal("pcap.buffer-size", optarg) != 1) {
1481  fprintf(stderr, "ERROR: Failed to set pcap-buffer-size.\n");
1482  return TM_ECODE_FAILED;
1483  }
1484 #else
1485  SCLogError(SC_ERR_NO_PCAP_SET_BUFFER_SIZE, "The version of libpcap you have"
1486  " doesn't support setting buffer size.");
1487 #endif /* HAVE_PCAP_SET_BUFF */
1488  }
1489  else if(strcmp((long_opts[option_index]).name, "build-info") == 0) {
1490  suri->run_mode = RUNMODE_PRINT_BUILDINFO;
1491  return TM_ECODE_OK;
1492  }
1493  else if(strcmp((long_opts[option_index]).name, "windivert-forward") == 0) {
1494 #ifdef WINDIVERT
1495  if (suri->run_mode == RUNMODE_UNKNOWN) {
1496  suri->run_mode = RUNMODE_WINDIVERT;
1497  if (WinDivertRegisterQueue(true, optarg) == -1) {
1498  exit(EXIT_FAILURE);
1499  }
1500  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1501  if (WinDivertRegisterQueue(true, optarg) == -1) {
1502  exit(EXIT_FAILURE);
1503  }
1504  } else {
1505  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1506  "has been specified");
1507  PrintUsage(argv[0]);
1508  exit(EXIT_FAILURE);
1509  }
1510  }
1511  else if(strcmp((long_opts[option_index]).name, "windivert") == 0) {
1512  if (suri->run_mode == RUNMODE_UNKNOWN) {
1513  suri->run_mode = RUNMODE_WINDIVERT;
1514  if (WinDivertRegisterQueue(false, optarg) == -1) {
1515  exit(EXIT_FAILURE);
1516  }
1517  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1518  if (WinDivertRegisterQueue(false, optarg) == -1) {
1519  exit(EXIT_FAILURE);
1520  }
1521  } else {
1522  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1523  "has been specified");
1524  PrintUsage(argv[0]);
1525  exit(EXIT_FAILURE);
1526  }
1527 #else
1528  SCLogError(SC_ERR_WINDIVERT_NOSUPPORT,"WinDivert not enabled. Make sure to pass --enable-windivert to configure when building.");
1529  return TM_ECODE_FAILED;
1530 #endif /* WINDIVERT */
1531  } else if(strcmp((long_opts[option_index]).name, "reject-dev") == 0) {
1532 #ifdef HAVE_LIBNET11
1533  extern char *g_reject_dev;
1534  extern uint16_t g_reject_dev_mtu;
1535  g_reject_dev = optarg;
1536  int mtu = GetIfaceMTU(g_reject_dev);
1537  if (mtu > 0) {
1538  g_reject_dev_mtu = (uint16_t)mtu;
1539  }
1540 #else
1541  SCLogError(SC_ERR_LIBNET_NOT_ENABLED,
1542  "Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1543  return TM_ECODE_FAILED;
1544 #endif
1545  }
1546  else if (strcmp((long_opts[option_index]).name, "set") == 0) {
1547  if (optarg != NULL) {
1548  /* Quick validation. */
1549  char *val = strchr(optarg, '=');
1550  if (val == NULL) {
1551  FatalError(SC_ERR_FATAL,
1552  "Invalid argument for --set, must be key=val.");
1553  }
1554  if (!ConfSetFromString(optarg, 1)) {
1555  fprintf(stderr, "Failed to set configuration value %s.",
1556  optarg);
1557  exit(EXIT_FAILURE);
1558  }
1559  }
1560  }
1561  else if (strcmp((long_opts[option_index]).name, "pcap-file-continuous") == 0) {
1562  if (ConfSetFinal("pcap-file.continuous", "true") != 1) {
1563  SCLogError(SC_ERR_CMD_LINE, "Failed to set pcap-file.continuous");
1564  return TM_ECODE_FAILED;
1565  }
1566  }
1567  else if (strcmp((long_opts[option_index]).name, "pcap-file-delete") == 0) {
1568  if (ConfSetFinal("pcap-file.delete-when-done", "true") != 1) {
1569  SCLogError(SC_ERR_CMD_LINE, "Failed to set pcap-file.delete-when-done");
1570  return TM_ECODE_FAILED;
1571  }
1572  }
1573  else if (strcmp((long_opts[option_index]).name, "data-dir") == 0) {
1574  if (optarg == NULL) {
1575  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -d");
1576  return TM_ECODE_FAILED;
1577  }
1578 
1579  if (ConfigSetDataDirectory(optarg) != TM_ECODE_OK) {
1580  SCLogError(SC_ERR_FATAL, "Failed to set data directory.");
1581  return TM_ECODE_FAILED;
1582  }
1583  if (ConfigCheckDataDirectory(optarg) != TM_ECODE_OK) {
1584  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The data directory \"%s\""
1585  " supplied at the commandline (-d %s) doesn't "
1586  "exist. Shutting down the engine.", optarg, optarg);
1587  return TM_ECODE_FAILED;
1588  }
1589  suri->set_datadir = true;
1590  } else if (strcmp((long_opts[option_index]).name , "strict-rule-keywords") == 0){
1591  if (optarg == NULL) {
1592  suri->strict_rule_parsing_string = SCStrdup("all");
1593  } else {
1594  suri->strict_rule_parsing_string = SCStrdup(optarg);
1595  }
1596  if (suri->strict_rule_parsing_string == NULL) {
1597  FatalError(SC_ERR_MEM_ALLOC, "failed to duplicate 'strict' string");
1598  }
1599  }
1600  break;
1601  case 'c':
1602  suri->conf_filename = optarg;
1603  break;
1604  case 'T':
1605  SCLogInfo("Running suricata under test mode");
1606  conf_test = 1;
1607  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1608  fprintf(stderr, "ERROR: Failed to set engine init-failure-fatal.\n");
1609  return TM_ECODE_FAILED;
1610  }
1611  break;
1612 #ifndef OS_WIN32
1613  case 'D':
1614  suri->daemon = 1;
1615  break;
1616 #endif /* OS_WIN32 */
1617  case 'h':
1618  suri->run_mode = RUNMODE_PRINT_USAGE;
1619  return TM_ECODE_OK;
1620  case 'i':
1621  if (optarg == NULL) {
1622  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -i");
1623  return TM_ECODE_FAILED;
1624  }
1625 #ifdef HAVE_AF_PACKET
1626  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1627  return TM_ECODE_FAILED;
1628  }
1629 #else /* not afpacket */
1630  /* warn user if netmap or pf-ring are available */
1631 #if defined HAVE_PFRING || HAVE_NETMAP
1632  int i = 0;
1633 #ifdef HAVE_PFRING
1634  i++;
1635 #endif
1636 #ifdef HAVE_NETMAP
1637  i++;
1638 #endif
1639  SCLogWarning(SC_WARN_FASTER_CAPTURE_AVAILABLE, "faster capture "
1640  "option%s %s available:"
1641 #ifdef HAVE_PFRING
1642  " PF_RING (--pfring-int=%s)"
1643 #endif
1644 #ifdef HAVE_NETMAP
1645  " NETMAP (--netmap=%s)"
1646 #endif
1647  ". Use --pcap=%s to suppress this warning",
1648  i == 1 ? "" : "s", i == 1 ? "is" : "are"
1649 #ifdef HAVE_PFRING
1650  , optarg
1651 #endif
1652 #ifdef HAVE_NETMAP
1653  , optarg
1654 #endif
1655  , optarg
1656  );
1657 #endif /* have faster methods */
1658  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1659  return TM_ECODE_FAILED;
1660  }
1661 #endif
1662  break;
1663  case 'l':
1664  if (optarg == NULL) {
1665  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -l");
1666  return TM_ECODE_FAILED;
1667  }
1668 
1669  if (ConfigSetLogDirectory(optarg) != TM_ECODE_OK) {
1670  SCLogError(SC_ERR_FATAL, "Failed to set log directory.");
1671  return TM_ECODE_FAILED;
1672  }
1673  if (ConfigCheckLogDirectoryExists(optarg) != TM_ECODE_OK) {
1674  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
1675  " supplied at the commandline (-l %s) doesn't "
1676  "exist. Shutting down the engine.", optarg, optarg);
1677  return TM_ECODE_FAILED;
1678  }
1679  if (!IsLogDirectoryWritable(optarg)) {
1680  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
1681  " supplied at the commandline (-l %s) is not "
1682  "writable. Shutting down the engine.", optarg, optarg);
1683  return TM_ECODE_FAILED;
1684  }
1685  suri->set_logdir = true;
1686 
1687  break;
1688  case 'q':
1689 #ifdef NFQ
1690  if (suri->run_mode == RUNMODE_UNKNOWN) {
1691  suri->run_mode = RUNMODE_NFQ;
1692  EngineModeSetIPS();
1693  if (NFQParseAndRegisterQueues(optarg) == -1)
1694  return TM_ECODE_FAILED;
1695  } else if (suri->run_mode == RUNMODE_NFQ) {
1696  if (NFQParseAndRegisterQueues(optarg) == -1)
1697  return TM_ECODE_FAILED;
1698  } else {
1699  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1700  "has been specified");
1701  PrintUsage(argv[0]);
1702  return TM_ECODE_FAILED;
1703  }
1704 #else
1705  SCLogError(SC_ERR_NFQ_NOSUPPORT,"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when building.");
1706  return TM_ECODE_FAILED;
1707 #endif /* NFQ */
1708  break;
1709  case 'd':
1710 #ifdef IPFW
1711  if (suri->run_mode == RUNMODE_UNKNOWN) {
1712  suri->run_mode = RUNMODE_IPFW;
1713  EngineModeSetIPS();
1714  if (IPFWRegisterQueue(optarg) == -1)
1715  return TM_ECODE_FAILED;
1716  } else if (suri->run_mode == RUNMODE_IPFW) {
1717  if (IPFWRegisterQueue(optarg) == -1)
1718  return TM_ECODE_FAILED;
1719  } else {
1720  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1721  "has been specified");
1722  PrintUsage(argv[0]);
1723  return TM_ECODE_FAILED;
1724  }
1725 #else
1726  SCLogError(SC_ERR_IPFW_NOSUPPORT,"IPFW not enabled. Make sure to pass --enable-ipfw to configure when building.");
1727  return TM_ECODE_FAILED;
1728 #endif /* IPFW */
1729  break;
1730  case 'r':
1731  if (suri->run_mode == RUNMODE_UNKNOWN) {
1732  suri->run_mode = RUNMODE_PCAP_FILE;
1733  } else {
1734  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1735  "has been specified");
1736  PrintUsage(argv[0]);
1737  return TM_ECODE_FAILED;
1738  }
1739 #ifdef OS_WIN32
1740  struct _stat buf;
1741  if(_stat(optarg, &buf) != 0) {
1742 #else
1743  struct stat buf;
1744  if (stat(optarg, &buf) != 0) {
1745 #endif /* OS_WIN32 */
1746  SCLogError(SC_ERR_INITIALIZATION, "ERROR: Pcap file does not exist\n");
1747  return TM_ECODE_FAILED;
1748  }
1749  if (ConfSetFinal("pcap-file.file", optarg) != 1) {
1750  SCLogError(SC_ERR_INITIALIZATION, "ERROR: Failed to set pcap-file.file\n");
1751  return TM_ECODE_FAILED;
1752  }
1753 
1754  break;
1755  case 's':
1756  if (suri->sig_file != NULL) {
1757  SCLogError(SC_ERR_CMD_LINE, "can't have multiple -s options or mix -s and -S.");
1758  return TM_ECODE_FAILED;
1759  }
1760  suri->sig_file = optarg;
1761  break;
1762  case 'S':
1763  if (suri->sig_file != NULL) {
1764  SCLogError(SC_ERR_CMD_LINE, "can't have multiple -S options or mix -s and -S.");
1765  return TM_ECODE_FAILED;
1766  }
1767  suri->sig_file = optarg;
1768  suri->sig_file_exclusive = TRUE;
1769  break;
1770  case 'u':
1771 #ifdef UNITTESTS
1772  if (suri->run_mode == RUNMODE_UNKNOWN) {
1773  suri->run_mode = RUNMODE_UNITTEST;
1774  } else {
1775  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode has"
1776  " been specified");
1777  PrintUsage(argv[0]);
1778  return TM_ECODE_FAILED;
1779  }
1780 #else
1781  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1782  return TM_ECODE_FAILED;
1783 #endif /* UNITTESTS */
1784  break;
1785  case 'U':
1786 #ifdef UNITTESTS
1787  suri->regex_arg = optarg;
1788 
1789  if(strlen(suri->regex_arg) == 0)
1790  suri->regex_arg = NULL;
1791 #endif
1792  break;
1793  case 'V':
1794  suri->run_mode = RUNMODE_PRINT_VERSION;
1795  return TM_ECODE_OK;
1796  case 'F':
1797  if (optarg == NULL) {
1798  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -F");
1799  return TM_ECODE_FAILED;
1800  }
1801 
1802  SetBpfStringFromFile(optarg);
1803  break;
1804  case 'v':
1805  suri->verbose++;
1806  break;
1807  case 'k':
1808  if (optarg == NULL) {
1809  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -k");
1810  return TM_ECODE_FAILED;
1811  }
1812  if (!strcmp("all", optarg))
1813  suri->checksum_validation = 1;
1814  else if (!strcmp("none", optarg))
1815  suri->checksum_validation = 0;
1816  else {
1817  SCLogError(SC_ERR_INITIALIZATION, "option '%s' invalid for -k", optarg);
1818  return TM_ECODE_FAILED;
1819  }
1820  break;
1821  default:
1822  PrintUsage(argv[0]);
1823  return TM_ECODE_FAILED;
1824  }
1825  }
1826 
1827  if (suri->disabled_detect && suri->sig_file != NULL) {
1828  SCLogError(SC_ERR_INITIALIZATION, "can't use -s/-S when detection is disabled");
1829  return TM_ECODE_FAILED;
1830  }
1831 
1832  if ((suri->run_mode == RUNMODE_UNIX_SOCKET) && suri->set_logdir) {
1833  SCLogError(SC_ERR_INITIALIZATION,
1834  "can't use -l and unix socket runmode at the same time");
1835  return TM_ECODE_FAILED;
1836  }
1837 
1838  /* save the runmode from the commandline (if any) */
1839  suri->aux_run_mode = suri->run_mode;
1840 
1841  if (list_app_layer_protocols)
1842  suri->run_mode = RUNMODE_LIST_APP_LAYERS;
1843  if (list_keywords)
1844  suri->run_mode = RUNMODE_LIST_KEYWORDS;
1845  if (list_unittests)
1846  suri->run_mode = RUNMODE_LIST_UNITTEST;
1847  if (dump_config)
1848  suri->run_mode = RUNMODE_DUMP_CONFIG;
1849  if (dump_features)
1850  suri->run_mode = RUNMODE_DUMP_FEATURES;
1851  if (conf_test)
1852  suri->run_mode = RUNMODE_CONF_TEST;
1853  if (engine_analysis)
1854  suri->run_mode = RUNMODE_ENGINE_ANALYSIS;
1855 
1856  suri->offline = IsRunModeOffline(suri->run_mode);
1857  g_system = suri->system = IsRunModeSystem(suri->run_mode);
1858 
1859  ret = SetBpfString(optind, argv);
1860  if (ret != TM_ECODE_OK)
1861  return ret;
1862 
1863  return TM_ECODE_OK;
1864 }
1865 
1866 #ifdef OS_WIN32
1867 static int WindowsInitService(int argc, char **argv)
1868 {
1869  if (SCRunningAsService()) {
1870  char path[MAX_PATH];
1871  char *p = NULL;
1872  strlcpy(path, argv[0], MAX_PATH);
1873  if ((p = strrchr(path, '\\'))) {
1874  *p = '\0';
1875  }
1876  if (!SetCurrentDirectory(path)) {
1877  SCLogError(SC_ERR_FATAL, "Can't set current directory to: %s", path);
1878  return -1;
1879  }
1880  SCLogInfo("Current directory is set to: %s", path);
1881  SCServiceInit(argc, argv);
1882  }
1883 
1884  /* Windows socket subsystem initialization */
1885  WSADATA wsaData;
1886  if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
1887  SCLogError(SC_ERR_FATAL, "Can't initialize Windows sockets: %d", WSAGetLastError());
1888  return -1;
1889  }
1890 
1891  return 0;
1892 }
1893 #endif /* OS_WIN32 */
1894 
1895 static int MayDaemonize(SCInstance *suri)
1896 {
1897  if (suri->daemon == 1 && suri->pid_filename == NULL) {
1898  const char *pid_filename;
1899 
1900  if (ConfGet("pid-file", &pid_filename) == 1) {
1901  SCLogInfo("Use pid file %s from config file.", pid_filename);
1902  } else {
1903  pid_filename = DEFAULT_PID_FILENAME;
1904  }
1905  /* The pid file name may be in config memory, but is needed later. */
1906  suri->pid_filename = SCStrdup(pid_filename);
1907  if (suri->pid_filename == NULL) {
1908  SCLogError(SC_ERR_MEM_ALLOC, "strdup failed: %s", strerror(errno));
1909  return TM_ECODE_FAILED;
1910  }
1911  }
1912 
1913  if (suri->pid_filename != NULL && SCPidfileTestRunning(suri->pid_filename) != 0) {
1914  SCFree(suri->pid_filename);
1915  suri->pid_filename = NULL;
1916  return TM_ECODE_FAILED;
1917  }
1918 
1919  if (suri->daemon == 1) {
1920  Daemonize();
1921  }
1922 
1923  if (suri->pid_filename != NULL) {
1924  if (SCPidfileCreate(suri->pid_filename) != 0) {
1925  SCFree(suri->pid_filename);
1926  suri->pid_filename = NULL;
1927  SCLogError(SC_ERR_PIDFILE_DAEMON,
1928  "Unable to create PID file, concurrent run of"
1929  " Suricata can occur.");
1930  SCLogError(SC_ERR_PIDFILE_DAEMON,
1931  "PID file creation WILL be mandatory for daemon mode"
1932  " in future version");
1933  }
1934  }
1935 
1936  return TM_ECODE_OK;
1937 }
1938 
1939 static int InitSignalHandler(SCInstance *suri)
1940 {
1941  /* registering signals we use */
1942 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
1943  UtilSignalHandlerSetup(SIGINT, SignalHandlerSigint);
1944  UtilSignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
1945 #endif
1946 #ifndef OS_WIN32
1947  UtilSignalHandlerSetup(SIGHUP, SignalHandlerSigHup);
1948  UtilSignalHandlerSetup(SIGPIPE, SIG_IGN);
1949  UtilSignalHandlerSetup(SIGSYS, SIG_IGN);
1950 
1951  /* Try to get user/group to run suricata as if
1952  command line as not decide of that */
1953  if (suri->do_setuid == FALSE && suri->do_setgid == FALSE) {
1954  const char *id;
1955  if (ConfGet("run-as.user", &id) == 1) {
1956  suri->do_setuid = TRUE;
1957  suri->user_name = id;
1958  }
1959  if (ConfGet("run-as.group", &id) == 1) {
1960  suri->do_setgid = TRUE;
1961  suri->group_name = id;
1962  }
1963  }
1964  /* Get the suricata user ID to given user ID */
1965  if (suri->do_setuid == TRUE) {
1966  if (SCGetUserID(suri->user_name, suri->group_name,
1967  &suri->userid, &suri->groupid) != 0) {
1968  SCLogError(SC_ERR_UID_FAILED, "failed in getting user ID");
1969  return TM_ECODE_FAILED;
1970  }
1971 
1972  sc_set_caps = TRUE;
1973  /* Get the suricata group ID to given group ID */
1974  } else if (suri->do_setgid == TRUE) {
1975  if (SCGetGroupID(suri->group_name, &suri->groupid) != 0) {
1976  SCLogError(SC_ERR_GID_FAILED, "failed in getting group ID");
1977  return TM_ECODE_FAILED;
1978  }
1979 
1980  sc_set_caps = TRUE;
1981  }
1982 #endif /* OS_WIN32 */
1983 
1984  return TM_ECODE_OK;
1985 }
1986 
1987 /* initialization code for both the main modes and for
1988  * unix socket mode.
1989  *
1990  * Will be run once per pcap in unix-socket mode */
1991 void PreRunInit(const int runmode)
1992 {
1993  if (runmode == RUNMODE_UNIX_SOCKET)
1994  return;
1995 
1996  StatsInit();
1997 #ifdef PROFILING
1998  SCProfilingRulesGlobalInit();
1999  SCProfilingKeywordsGlobalInit();
2000  SCProfilingPrefilterGlobalInit();
2001  SCProfilingSghsGlobalInit();
2002  SCProfilingInit();
2003 #endif /* PROFILING */
2004  DatasetsInit();
2005  DefragInit();
2006  FlowInitConfig(FLOW_QUIET);
2007  IPPairInitConfig(FLOW_QUIET);
2008  StreamTcpInitConfig(STREAM_VERBOSE);
2009  AppLayerParserPostStreamSetup();
2010  AppLayerRegisterGlobalCounters();
2011 }
2012 
2013 /* tasks we need to run before packets start flowing,
2014  * but after we dropped privs */
2015 void PreRunPostPrivsDropInit(const int runmode)
2016 {
2017  if (runmode == RUNMODE_UNIX_SOCKET)
2018  return;
2019 
2020  StatsSetupPostConfigPreOutput();
2021  RunModeInitializeOutputs();
2022  StatsSetupPostConfigPostOutput();
2023 }
2024 
2025 /* clean up / shutdown code for both the main modes and for
2026  * unix socket mode.
2027  *
2028  * Will be run once per pcap in unix-socket mode */
2029 void PostRunDeinit(const int runmode, struct timeval *start_time)
2030 {
2031  if (runmode == RUNMODE_UNIX_SOCKET)
2032  return;
2033 
2034  /* needed by FlowForceReassembly */
2035  PacketPoolInit();
2036 
2037  /* handle graceful shutdown of the flow engine, it's helper
2038  * threads and the packet threads */
2039  FlowDisableFlowManagerThread();
2040  TmThreadDisableReceiveThreads();
2041  FlowForceReassembly();
2042  TmThreadDisablePacketThreads();
2043  SCPrintElapsedTime(start_time);
2044  FlowDisableFlowRecyclerThread();
2045 
2046  /* kill the stats threads */
2047  TmThreadKillThreadsFamily(TVT_MGMT);
2048  TmThreadClearThreadsFamily(TVT_MGMT);
2049 
2050  /* kill packet threads -- already in 'disabled' state */
2051  TmThreadKillThreadsFamily(TVT_PPT);
2052  TmThreadClearThreadsFamily(TVT_PPT);
2053 
2054  PacketPoolDestroy();
2055 
2056  /* mgt and ppt threads killed, we can run non thread-safe
2057  * shutdown functions */
2058  StatsReleaseResources();
2059  DecodeUnregisterCounters();
2060  RunModeShutDown();
2061  FlowShutdown();
2062  IPPairShutdown();
2063  HostCleanup();
2064  StreamTcpFreeConfig(STREAM_VERBOSE);
2065  DefragDestroy();
2066 
2067  TmqResetQueues();
2068 #ifdef PROFILING
2069  if (profiling_rules_enabled)
2070  SCProfilingDump();
2071  SCProfilingDestroy();
2072 #endif
2073 }
2074 
2075 
2076 static int StartInternalRunMode(SCInstance *suri, int argc, char **argv)
2077 {
2078  /* Treat internal running mode */
2079  switch(suri->run_mode) {
2080  case RUNMODE_LIST_KEYWORDS:
2081  ListKeywords(suri->keyword_info);
2082  return TM_ECODE_DONE;
2083  case RUNMODE_LIST_APP_LAYERS:
2084  if (suri->conf_filename != NULL) {
2085  ListAppLayerProtocols(suri->conf_filename);
2086  } else {
2087  ListAppLayerProtocols(DEFAULT_CONF_FILE);
2088  }
2089  return TM_ECODE_DONE;
2090  case RUNMODE_PRINT_VERSION:
2091  PrintVersion();
2092  return TM_ECODE_DONE;
2093  case RUNMODE_PRINT_BUILDINFO:
2094  PrintBuildInfo();
2095  return TM_ECODE_DONE;
2096  case RUNMODE_PRINT_USAGE:
2097  PrintUsage(argv[0]);
2098  return TM_ECODE_DONE;
2099  case RUNMODE_LIST_RUNMODES:
2100  RunModeListRunmodes();
2101  return TM_ECODE_DONE;
2102  case RUNMODE_LIST_UNITTEST:
2103  RunUnittests(1, suri->regex_arg);
2104  case RUNMODE_UNITTEST:
2105  RunUnittests(0, suri->regex_arg);
2106 #ifdef OS_WIN32
2107  case RUNMODE_INSTALL_SERVICE:
2108  if (SCServiceInstall(argc, argv)) {
2109  return TM_ECODE_FAILED;
2110  }
2111  SCLogInfo("Suricata service has been successfuly installed.");
2112  return TM_ECODE_DONE;
2113  case RUNMODE_REMOVE_SERVICE:
2114  if (SCServiceRemove(argc, argv)) {
2115  return TM_ECODE_FAILED;
2116  }
2117  SCLogInfo("Suricata service has been successfuly removed.");
2118  return TM_ECODE_DONE;
2119  case RUNMODE_CHANGE_SERVICE_PARAMS:
2120  if (SCServiceChangeParams(argc, argv)) {
2121  return TM_ECODE_FAILED;
2122  }
2123  SCLogInfo("Suricata service startup parameters has been successfuly changed.");
2124  return TM_ECODE_DONE;
2125 #endif /* OS_WIN32 */
2126  default:
2127  /* simply continue for other running mode */
2128  break;
2129  }
2130  return TM_ECODE_OK;
2131 }
2132 
2133 static int FinalizeRunMode(SCInstance *suri, char **argv)
2134 {
2135  switch (suri->run_mode) {
2136  case RUNMODE_UNKNOWN:
2137  PrintUsage(argv[0]);
2138  return TM_ECODE_FAILED;
2139  default:
2140  break;
2141  }
2142  /* Set the global run mode and offline flag. */
2143  run_mode = suri->run_mode;
2144 
2145  if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) {
2146  return TM_ECODE_FAILED;
2147  }
2148 
2149  return TM_ECODE_OK;
2150 }
2151 
2152 static void SetupDelayedDetect(SCInstance *suri)
2153 {
2154  /* In offline mode delayed init of detect is a bad idea */
2155  if (suri->offline) {
2156  suri->delayed_detect = 0;
2157  } else {
2158  if (ConfGetBool("detect.delayed-detect", &suri->delayed_detect) != 1) {
2159  ConfNode *denode = NULL;
2160  ConfNode *decnf = ConfGetNode("detect-engine");
2161  if (decnf != NULL) {
2162  TAILQ_FOREACH(denode, &decnf->head, next) {
2163  if (strcmp(denode->val, "delayed-detect") == 0) {
2164  (void)ConfGetChildValueBool(denode, "delayed-detect", &suri->delayed_detect);
2165  }
2166  }
2167  }
2168  }
2169  }
2170 
2171  SCLogConfig("Delayed detect %s", suri->delayed_detect ? "enabled" : "disabled");
2172  if (suri->delayed_detect) {
2173  SCLogInfo("Packets will start being processed before signatures are active.");
2174  }
2175 
2176 }
2177 
2178 static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri)
2179 {
2180  if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) {
2181  SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.");
2182  if (de_ctx->failure_fatal)
2183  return TM_ECODE_FAILED;
2184  }
2185 
2186  return TM_ECODE_OK;
2187 }
2188 
2189 static int ConfigGetCaptureValue(SCInstance *suri)
2190 {
2191  /* Pull the max pending packets from the config, if not found fall
2192  * back on a sane default. */
2193  if (ConfGetInt("max-pending-packets", &max_pending_packets) != 1)
2194  max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
2195  if (max_pending_packets >= 65535) {
2196  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2197  "Maximum max-pending-packets setting is 65534. "
2198  "Please check %s for errors", suri->conf_filename);
2199  return TM_ECODE_FAILED;
2200  }
2201 
2202  SCLogDebug("Max pending packets set to %"PRIiMAX, max_pending_packets);
2203 
2204  /* Pull the default packet size from the config, if not found fall
2205  * back on a sane default. */
2206  const char *temp_default_packet_size;
2207  if ((ConfGet("default-packet-size", &temp_default_packet_size)) != 1) {
2208  int mtu = 0;
2209  int lthread;
2210  int nlive;
2211  int strip_trailing_plus = 0;
2212  switch (suri->run_mode) {
2213 #ifdef WINDIVERT
2214  case RUNMODE_WINDIVERT:
2215  /* by default, WinDivert collects from all devices */
2216  mtu = GetGlobalMTUWin32();
2217 
2218  if (mtu > 0) {
2219  g_default_mtu = mtu;
2220  /* SLL_HEADER_LEN is the longest header + 8 for VLAN */
2221  default_packet_size = mtu + SLL_HEADER_LEN + 8;
2222  break;
2223  }
2224 
2225  g_default_mtu = DEFAULT_MTU;
2226  default_packet_size = DEFAULT_PACKET_SIZE;
2227  break;
2228 #endif /* WINDIVERT */
2229  case RUNMODE_NETMAP:
2230  /* in netmap igb0+ has a special meaning, however the
2231  * interface really is igb0 */
2232  strip_trailing_plus = 1;
2233  /* fall through */
2234  case RUNMODE_PCAP_DEV:
2235  case RUNMODE_AFP_DEV:
2236  case RUNMODE_PFRING:
2237  nlive = LiveGetDeviceNameCount();
2238  for (lthread = 0; lthread < nlive; lthread++) {
2239  const char *live_dev = LiveGetDeviceNameName(lthread);
2240  char dev[128]; /* need to be able to support GUID names on Windows */
2241  (void)strlcpy(dev, live_dev, sizeof(dev));
2242 
2243  if (strip_trailing_plus) {
2244  size_t len = strlen(dev);
2245  if (len &&
2246  (dev[len-1] == '+' ||
2247  dev[len-1] == '^' ||
2248  dev[len-1] == '*'))
2249  {
2250  dev[len-1] = '\0';
2251  }
2252  }
2253  mtu = GetIfaceMTU(dev);
2254  g_default_mtu = MAX(mtu, g_default_mtu);
2255 
2256  unsigned int iface_max_packet_size = GetIfaceMaxPacketSize(dev);
2257  if (iface_max_packet_size > default_packet_size)
2258  default_packet_size = iface_max_packet_size;
2259  }
2260  if (default_packet_size)
2261  break;
2262  /* fall through */
2263  default:
2264  g_default_mtu = DEFAULT_MTU;
2265  default_packet_size = DEFAULT_PACKET_SIZE;
2266  }
2267  } else {
2268  if (ParseSizeStringU32(temp_default_packet_size, &default_packet_size) < 0) {
2269  SCLogError(SC_ERR_SIZE_PARSE, "Error parsing max-pending-packets "
2270  "from conf file - %s. Killing engine",
2271  temp_default_packet_size);
2272  return TM_ECODE_FAILED;
2273  }
2274  }
2275 
2276  SCLogDebug("Default packet size set to %"PRIu32, default_packet_size);
2277 
2278  return TM_ECODE_OK;
2279 }
2280 
2281 static void PostRunStartedDetectSetup(const SCInstance *suri)
2282 {
2283 #ifndef OS_WIN32
2284  /* registering signal handlers we use. We setup usr2 here, so that one
2285  * can't call it during the first sig load phase or while threads are still
2286  * starting up. */
2287  if (DetectEngineEnabled() && suri->delayed_detect == 0) {
2288  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2289  UtilSignalUnblock(SIGUSR2);
2290  }
2291 #endif
2292  if (suri->delayed_detect) {
2293  /* force 'reload', this will load the rules and swap engines */
2294  DetectEngineReload(suri);
2295  SCLogNotice("Signature(s) loaded, Detect thread(s) activated.");
2296 #ifndef OS_WIN32
2297  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2298  UtilSignalUnblock(SIGUSR2);
2299 #endif
2300  }
2301 }
2302 
2303 void PostConfLoadedDetectSetup(SCInstance *suri)
2304 {
2305  DetectEngineCtx *de_ctx = NULL;
2306  if (!suri->disabled_detect) {
2307  SCClassConfInit();
2308  SCReferenceConfInit();
2309  SetupDelayedDetect(suri);
2310  int mt_enabled = 0;
2311  (void)ConfGetBool("multi-detect.enabled", &mt_enabled);
2312  int default_tenant = 0;
2313  if (mt_enabled)
2314  (void)ConfGetBool("multi-detect.default", &default_tenant);
2315  if (DetectEngineMultiTenantSetup() == -1) {
2316  FatalError(SC_ERR_FATAL, "initializing multi-detect "
2317  "detection engine contexts failed.");
2318  }
2319  if (suri->delayed_detect && suri->run_mode != RUNMODE_CONF_TEST) {
2320  de_ctx = DetectEngineCtxInitStubForDD();
2321  } else if (mt_enabled && !default_tenant && suri->run_mode != RUNMODE_CONF_TEST) {
2322  de_ctx = DetectEngineCtxInitStubForMT();
2323  } else {
2324  de_ctx = DetectEngineCtxInit();
2325  }
2326  if (de_ctx == NULL) {
2327  FatalError(SC_ERR_FATAL, "initializing detection engine "
2328  "context failed.");
2329  }
2330 
2331  if (de_ctx->type == DETECT_ENGINE_TYPE_NORMAL) {
2332  if (LoadSignatures(de_ctx, suri) != TM_ECODE_OK)
2333  exit(EXIT_FAILURE);
2334  }
2335 
2336  gettimeofday(&de_ctx->last_reload, NULL);
2337  DetectEngineAddToMaster(de_ctx);
2338  DetectEngineBumpVersion();
2339  }
2340 }
2341 
2342 static int PostDeviceFinalizedSetup(SCInstance *suri)
2343 {
2344  SCEnter();
2345 
2346 #ifdef HAVE_AF_PACKET
2347  if (suri->run_mode == RUNMODE_AFP_DEV) {
2348  if (AFPRunModeIsIPS()) {
2349  SCLogInfo("AF_PACKET: Setting IPS mode");
2350  EngineModeSetIPS();
2351  }
2352  }
2353 #endif
2354 #ifdef HAVE_NETMAP
2355  if (suri->run_mode == RUNMODE_NETMAP) {
2356  if (NetmapRunModeIsIPS()) {
2357  SCLogInfo("Netmap: Setting IPS mode");
2358  EngineModeSetIPS();
2359  }
2360  }
2361 #endif
2362 
2363  SCReturnInt(TM_ECODE_OK);
2364 }
2365 
2366 static void PostConfLoadedSetupHostMode(void)
2367 {
2368  const char *hostmode = NULL;
2369 
2370  if (ConfGetValue("host-mode", &hostmode) == 1) {
2371  if (!strcmp(hostmode, "router")) {
2372  host_mode = SURI_HOST_IS_ROUTER;
2373  } else if (!strcmp(hostmode, "sniffer-only")) {
2374  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2375  } else {
2376  if (strcmp(hostmode, "auto") != 0) {
2377  WarnInvalidConfEntry("host-mode", "%s", "auto");
2378  }
2379  if (EngineModeIsIPS()) {
2380  host_mode = SURI_HOST_IS_ROUTER;
2381  } else {
2382  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2383  }
2384  }
2385  } else {
2386  if (EngineModeIsIPS()) {
2387  host_mode = SURI_HOST_IS_ROUTER;
2388  SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
2389  "default setting 'router'");
2390  } else {
2391  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2392  SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
2393  "default setting 'sniffer-only'");
2394  }
2395  }
2396 
2397 }
2398 
2399 static void SetupUserMode(SCInstance *suri)
2400 {
2401  /* apply 'user mode' config updates here */
2402  if (suri->system == false) {
2403  if (suri->set_logdir == false) {
2404  /* override log dir to current work dir" */
2405  if (ConfigSetLogDirectory((char *)".") != TM_ECODE_OK) {
2406  FatalError(SC_ERR_LOGDIR_CONFIG, "could not set USER mode logdir");
2407  }
2408  }
2409  if (suri->set_datadir == false) {
2410  /* override data dir to current work dir" */
2411  if (ConfigSetDataDirectory((char *)".") != TM_ECODE_OK) {
2412  FatalError(SC_ERR_LOGDIR_CONFIG, "could not set USER mode datadir");
2413  }
2414  }
2415  }
2416 }
2417 
2418 /**
2419  * This function is meant to contain code that needs
2420  * to be run once the configuration has been loaded.
2421  */
2422 int PostConfLoadedSetup(SCInstance *suri)
2423 {
2424  /* do this as early as possible #1577 #1955 */
2425 #ifdef HAVE_LUAJIT
2426  if (LuajitSetupStatesPool() != 0) {
2427  SCReturnInt(TM_ECODE_FAILED);
2428  }
2429 #endif
2430 
2431  /* load the pattern matchers */
2432  MpmTableSetup();
2433  SpmTableSetup();
2434 
2435  int disable_offloading;
2436  if (ConfGetBool("capture.disable-offloading", &disable_offloading) == 0)
2437  disable_offloading = 1;
2438  if (disable_offloading) {
2439  LiveSetOffloadDisable();
2440  } else {
2441  LiveSetOffloadWarn();
2442  }
2443 
2444  if (suri->checksum_validation == -1) {
2445  const char *cv = NULL;
2446  if (ConfGetValue("capture.checksum-validation", &cv) == 1) {
2447  if (strcmp(cv, "none") == 0) {
2448  suri->checksum_validation = 0;
2449  } else if (strcmp(cv, "all") == 0) {
2450  suri->checksum_validation = 1;
2451  }
2452  }
2453  }
2454  switch (suri->checksum_validation) {
2455  case 0:
2456  ConfSet("stream.checksum-validation", "0");
2457  break;
2458  case 1:
2459  ConfSet("stream.checksum-validation", "1");
2460  break;
2461  }
2462 
2463  if (suri->runmode_custom_mode) {
2464  ConfSet("runmode", suri->runmode_custom_mode);
2465  }
2466 
2467  StorageInit();
2468 #ifdef HAVE_PACKET_EBPF
2469  EBPFRegisterExtension();
2470  LiveDevRegisterExtension();
2471 #endif
2472  RegisterFlowBypassInfo();
2473  AppLayerSetup();
2474 
2475  /* Suricata will use this umask if provided. By default it will use the
2476  umask passed on from the shell. */
2477  const char *custom_umask;
2478  if (ConfGet("umask", &custom_umask) == 1) {
2479  uint16_t mask;
2480  if (StringParseUint16(&mask, 8, strlen(custom_umask),
2481  custom_umask) > 0) {
2482  umask((mode_t)mask);
2483  }
2484  }
2485 
2486 
2487  if (ConfigGetCaptureValue(suri) != TM_ECODE_OK) {
2488  SCReturnInt(TM_ECODE_FAILED);
2489  }
2490 
2491 #ifdef NFQ
2492  if (suri->run_mode == RUNMODE_NFQ)
2493  NFQInitConfig(FALSE);
2494 #endif
2495 
2496  /* Load the Host-OS lookup. */
2497  SCHInfoLoadFromConfig();
2498 
2499  if (suri->run_mode == RUNMODE_ENGINE_ANALYSIS) {
2500  SCLogInfo("== Carrying out Engine Analysis ==");
2501  const char *temp = NULL;
2502  if (ConfGet("engine-analysis", &temp) == 0) {
2503  SCLogInfo("no engine-analysis parameter(s) defined in conf file. "
2504  "Please define/enable them in the conf to use this "
2505  "feature.");
2506  SCReturnInt(TM_ECODE_FAILED);
2507  }
2508  }
2509 
2510  /* hardcoded initialization code */
2511  SigTableSetup(); /* load the rule keywords */
2512  SigTableApplyStrictCommandlineOption(suri->strict_rule_parsing_string);
2513  TmqhSetup();
2514 
2515  CIDRInit();
2516  SCProtoNameInit();
2517 
2518  TagInitCtx();
2519  PacketAlertTagInit();
2520  ThresholdInit();
2521  HostBitInitCtx();
2522  IPPairBitInitCtx();
2523 
2524  if (DetectAddressTestConfVars() < 0) {
2525  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2526  "basic address vars test failed. Please check %s for errors",
2527  suri->conf_filename);
2528  SCReturnInt(TM_ECODE_FAILED);
2529  }
2530  if (DetectPortTestConfVars() < 0) {
2531  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2532  "basic port vars test failed. Please check %s for errors",
2533  suri->conf_filename);
2534  SCReturnInt(TM_ECODE_FAILED);
2535  }
2536 
2537  FeatureTrackingRegister(); /* must occur prior to output mod registration */
2538  RegisterAllModules();
2539 
2540  AppLayerHtpNeedFileInspection();
2541 
2542  StorageFinalize();
2543 
2544  TmModuleRunInit();
2545 
2546  if (MayDaemonize(suri) != TM_ECODE_OK)
2547  SCReturnInt(TM_ECODE_FAILED);
2548 
2549  if (InitSignalHandler(suri) != TM_ECODE_OK)
2550  SCReturnInt(TM_ECODE_FAILED);
2551 
2552  /* Check for the existance of the default logging directory which we pick
2553  * from suricata.yaml. If not found, shut the engine down */
2554  suri->log_dir = ConfigGetLogDirectory();
2555 
2556  if (ConfigCheckLogDirectoryExists(suri->log_dir) != TM_ECODE_OK) {
2557  SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
2558  "supplied by %s (default-log-dir) doesn't exist. "
2559  "Shutting down the engine", suri->log_dir, suri->conf_filename);
2560  SCReturnInt(TM_ECODE_FAILED);
2561  }
2562  if (!IsLogDirectoryWritable(suri->log_dir)) {
2563  SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
2564  "supplied by %s (default-log-dir) is not writable. "
2565  "Shutting down the engine", suri->log_dir, suri->conf_filename);
2566  SCReturnInt(TM_ECODE_FAILED);
2567  }
2568 
2569 
2570 #ifdef HAVE_NSS
2571  if (suri->run_mode != RUNMODE_CONF_TEST) {
2572  /* init NSS for hashing */
2573  PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
2574  NSS_NoDB_Init(NULL);
2575  }
2576 #endif
2577 
2578  if (suri->disabled_detect) {
2579  SCLogConfig("detection engine disabled");
2580  /* disable raw reassembly */
2581  (void)ConfSetFinal("stream.reassembly.raw", "false");
2582  }
2583 
2584  HostInitConfig(HOST_VERBOSE);
2585 
2586  CoredumpLoadConfig();
2587 
2588  DecodeGlobalConfig();
2589 
2590  LiveDeviceFinalize();
2591 
2592  /* set engine mode if L2 IPS */
2593  if (PostDeviceFinalizedSetup(suri) != TM_ECODE_OK) {
2594  exit(EXIT_FAILURE);
2595  }
2596 
2597  /* hostmode depends on engine mode being set */
2598  PostConfLoadedSetupHostMode();
2599 
2600  PreRunInit(suri->run_mode);
2601 
2602  SCReturnInt(TM_ECODE_OK);
2603 }
2604 
2605 static void SuricataMainLoop(SCInstance *suri)
2606 {
2607  while(1) {
2608  if (sigterm_count || sigint_count) {
2609  suricata_ctl_flags |= SURICATA_STOP;
2610  }
2611 
2612  if (suricata_ctl_flags & SURICATA_STOP) {
2613  SCLogNotice("Signal Received. Stopping engine.");
2614  break;
2615  }
2616 
2617  TmThreadCheckThreadState();
2618 
2619  if (sighup_count > 0) {
2620  OutputNotifyFileRotation();
2621  sighup_count--;
2622  }
2623 
2624  if (sigusr2_count > 0) {
2625  if (!(DetectEngineReloadIsStart())) {
2626  DetectEngineReloadStart();
2627  DetectEngineReload(suri);
2628  DetectEngineReloadSetIdle();
2629  sigusr2_count--;
2630  }
2631 
2632  } else if (DetectEngineReloadIsStart()) {
2633  DetectEngineReload(suri);
2634  DetectEngineReloadSetIdle();
2635  }
2636 
2637  usleep(10* 1000);
2638  }
2639 }
2640 
2641 SuricataContext context;
2642 
2643 /**
2644  * \brief Global initialization common to all runmodes.
2645  *
2646  * This can be used by fuzz targets.
2647  */
2648 
2649 int InitGlobal(void) {
2650  context.SCLogMessage = SCLogMessage;
2651  context.DetectEngineStateFree = DetectEngineStateFree;
2652  context.AppLayerDecoderEventsSetEventRaw =
2653  AppLayerDecoderEventsSetEventRaw;
2654  context.AppLayerDecoderEventsFreeEvents = AppLayerDecoderEventsFreeEvents;
2655 
2656  context.FileOpenFileWithId = FileOpenFileWithId;
2657  context.FileCloseFileById = FileCloseFileById;
2658  context.FileAppendDataById = FileAppendDataById;
2659  context.FileAppendGAPById = FileAppendGAPById;
2660  context.FileContainerRecycle = FileContainerRecycle;
2661  context.FilePrune = FilePrune;
2662  context.FileSetTx = FileContainerSetTx;
2663 
2664  rs_init(&context);
2665 
2666  SC_ATOMIC_INIT(engine_stage);
2667 
2668  /* initialize the logging subsys */
2669  SCLogInitLogModule(NULL);
2670 
2671  (void)SCSetThreadName("Suricata-Main");
2672 
2673  /* Ignore SIGUSR2 as early as possble. We redeclare interest
2674  * once we're done launching threads. The goal is to either die
2675  * completely or handle any and all SIGUSR2s correctly.
2676  */
2677 #ifndef OS_WIN32
2678  UtilSignalHandlerSetup(SIGUSR2, SIG_IGN);
2679  if (UtilSignalBlock(SIGUSR2)) {
2680  SCLogError(SC_ERR_INITIALIZATION, "SIGUSR2 initialization error");
2681  return EXIT_FAILURE;
2682  }
2683 #endif
2684 
2685  ParseSizeInit();
2686  RunModeRegisterRunModes();
2687 
2688  /* Initialize the configuration module. */
2689  ConfInit();
2690 
2691  return 0;
2692 }
2693 
2694 int SuricataMain(int argc, char **argv)
2695 {
2696  SCInstanceInit(&suricata, argv[0]);
2697 
2698  if (InitGlobal() != 0) {
2699  exit(EXIT_FAILURE);
2700  }
2701 
2702 #ifdef OS_WIN32
2703  /* service initialization */
2704  if (WindowsInitService(argc, argv) != 0) {
2705  exit(EXIT_FAILURE);
2706  }
2707 #endif /* OS_WIN32 */
2708 
2709  if (ParseCommandLine(argc, argv, &suricata) != TM_ECODE_OK) {
2710  exit(EXIT_FAILURE);
2711  }
2712 
2713  if (FinalizeRunMode(&suricata, argv) != TM_ECODE_OK) {
2714  exit(EXIT_FAILURE);
2715  }
2716 
2717  switch (StartInternalRunMode(&suricata, argc, argv)) {
2718  case TM_ECODE_DONE:
2719  exit(EXIT_SUCCESS);
2720  case TM_ECODE_FAILED:
2721  exit(EXIT_FAILURE);
2722  }
2723 
2724  /* Initializations for global vars, queues, etc (memsets, mutex init..) */
2725  GlobalsInitPreConfig();
2726 
2727  /* Load yaml configuration file if provided. */
2728  if (LoadYamlConfig(&suricata) != TM_ECODE_OK) {
2729  exit(EXIT_FAILURE);
2730  }
2731 
2732  if (suricata.run_mode == RUNMODE_DUMP_CONFIG) {
2733  ConfDump();
2734  exit(EXIT_SUCCESS);
2735  }
2736 
2737  int vlan_tracking = 1;
2738  if (ConfGetBool("vlan.use-for-tracking", &vlan_tracking) == 1 && !vlan_tracking) {
2739  /* Ignore vlan_ids when comparing flows. */
2740  g_vlan_mask = 0x0000;
2741  }
2742  SCLogDebug("vlan tracking is %s", vlan_tracking == 1 ? "enabled" : "disabled");
2743 
2744  SetupUserMode(&suricata);
2745 
2746  /* Since our config is now loaded we can finish configurating the
2747  * logging module. */
2748  SCLogLoadConfig(suricata.daemon, suricata.verbose);
2749 
2750  LogVersion(&suricata);
2751  UtilCpuPrintSummary();
2752 
2753  if (ParseInterfacesList(suricata.aux_run_mode, suricata.pcap_dev) != TM_ECODE_OK) {
2754  exit(EXIT_FAILURE);
2755  }
2756 
2757  if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) {
2758  exit(EXIT_FAILURE);
2759  }
2760 
2761  SCDropMainThreadCaps(suricata.userid, suricata.groupid);
2762 
2763  /* Re-enable coredumps after privileges are dropped. */
2764  CoredumpEnable();
2765 
2766  PreRunPostPrivsDropInit(suricata.run_mode);
2767 
2768  PostConfLoadedDetectSetup(&suricata);
2769  if (suricata.run_mode == RUNMODE_ENGINE_ANALYSIS) {
2770  goto out;
2771  } else if (suricata.run_mode == RUNMODE_CONF_TEST){
2772  SCLogNotice("Configuration provided was successfully loaded. Exiting.");
2773  goto out;
2774  } else if (suricata.run_mode == RUNMODE_DUMP_FEATURES) {
2775  FeatureDump();
2776  goto out;
2777  }
2778 
2779  SCSetStartTime(&suricata);
2780  RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode);
2781  if (suricata.run_mode != RUNMODE_UNIX_SOCKET) {
2782  UnixManagerThreadSpawnNonRunmode();
2783  }
2784 
2785  /* Wait till all the threads have been initialized */
2786  if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) {
2787  FatalError(SC_ERR_FATAL, "Engine initialization failed, "
2788  "aborting...");
2789  }
2790 
2791  SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
2792  PacketPoolPostRunmodes();
2793 
2794  /* Un-pause all the paused threads */
2795  TmThreadContinueThreads();
2796 
2797  PostRunStartedDetectSetup(&suricata);
2798 
2799  SCPledge();
2800  SuricataMainLoop(&suricata);
2801 
2802  /* Update the engine stage/status flag */
2803  SC_ATOMIC_SET(engine_stage, SURICATA_DEINIT);
2804 
2805  UnixSocketKillSocketThread();
2806  PostRunDeinit(suricata.run_mode, &suricata.start_time);
2807  /* kill remaining threads */
2808  TmThreadKillThreads();
2809 
2810 out:
2811  GlobalsDestroy(&suricata);
2812 
2813  exit(EXIT_SUCCESS);
2814 }
SCProtoNameInit
void SCProtoNameInit()
Function to load the protocol names from the specified protocol file.
Definition: util-proto-name.c:40
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1085
util-byte.h
host.h
tm-threads.h
ConfGetInt
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:436
TmModuleUnixManagerRegister
void TmModuleUnixManagerRegister(void)
Definition: unix-manager.c:1259
profiling_rules_enabled
int profiling_rules_enabled
Definition: util-profiling-rules.c:81
app-layer-dcerpc.h
SuricataContext_::DetectEngineStateFree
void(* DetectEngineStateFree)(DetectEngineState *)
Definition: rust-context.h:31
source-nflog.h
TagInitCtx
void TagInitCtx(void)
Definition: detect-engine-tag.c:51
TmModuleReceiveIPFWRegister
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
Definition: source-ipfw.c:153
flow-bypass.h
len
uint8_t len
Definition: app-layer-dnp3.h:2
SCReferenceConfDeinit
void SCReferenceConfDeinit(void)
Definition: util-reference-config.c:80
ippair.h
AppLayerHtpNeedFileInspection
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
Definition: app-layer-htp.c:512
SCInstance_::run_mode
enum RunModes run_mode
Definition: suricata.h:124
detect-engine.h
StringParseUint16
int StringParseUint16(uint16_t *res, int base, uint16_t len, const char *str)
Definition: util-byte.c:336
source-pcap.h
SCInstance_::groupid
uint32_t groupid
Definition: suricata.h:141
RUNMODE_UNIX_SOCKET
@ RUNMODE_UNIX_SOCKET
Definition: runmodes.h:41
g_system
bool g_system
Definition: suricata.c:222
SCReferenceConfInit
void SCReferenceConfInit(void)
Definition: util-reference-config.c:56
host-storage.h
SCInstance_::daemon
int daemon
Definition: suricata.h:150
max_pending_packets
intmax_t max_pending_packets
Definition: suricata.c:211
SuricataContext_::SCLogMessage
SCError(* SCLogMessage)(const SCLogLevel, const char *, const unsigned int, const char *, const SCError, const char *message)
Definition: rust-context.h:29
app-layer-ssh.h
SCLogInitLogModule
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
Definition: util-debug.c:1299
SLL_HEADER_LEN
#define SLL_HEADER_LEN
Definition: decode-sll.h:27
SCInstance_::checksum_validation
int checksum_validation
Definition: suricata.h:153
SC_ERR_DAG_REQUIRED
@ SC_ERR_DAG_REQUIRED
Definition: util-error.h:201
SC_ERR_WINDIVERT_NOSUPPORT
@ SC_ERR_WINDIVERT_NOSUPPORT
Definition: util-error.h:346
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:3932
RUNMODE_UNITTEST
@ RUNMODE_UNITTEST
Definition: runmodes.h:39
StorageInit
void StorageInit(void)
Definition: util-storage.c:67
SCInstance_::start_time
struct timeval start_time
Definition: suricata.h:155
SCLogLoadConfig
void SCLogLoadConfig(int daemon, int verbose)
Definition: util-debug.c:1332
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:286
FileAppendGAPById
int FileAppendGAPById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer...
Definition: util-file.c:762
SCThresholdConfGlobalFree
void SCThresholdConfGlobalFree(void)
Definition: util-threshold-config.c:152
source-pcap-file.h
AFPPeersListClean
void AFPPeersListClean()
Clean the global peers list.
Definition: source-af-packet.c:528
ConfNode_::val
char * val
Definition: conf.h:34
CLS
#define CLS
Definition: suricata-common.h:45
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as an boolen.
Definition: conf.c:516
stream-tcp.h
DetectEngineCtx_::type
enum DetectEngineType type
Definition: detect.h:899
DetectEnginePruneFreeList
void DetectEnginePruneFreeList(void)
Definition: detect-engine.c:4023
RUNMODE_UNKNOWN
@ RUNMODE_UNKNOWN
Definition: runmodes.h:28
SuricataContext_::AppLayerDecoderEventsSetEventRaw
void(* AppLayerDecoderEventsSetEventRaw)(AppLayerDecoderEvents **, uint8_t)
Definition: rust-context.h:32
SCInstance_::group_name
const char * group_name
Definition: suricata.h:137
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:355
runmode-unittests.h
SigTableApplyStrictCommandlineOption
void SigTableApplyStrictCommandlineOption(const char *str)
Definition: detect-parse.c:306
TmqhSetup
void TmqhSetup(void)
Definition: tm-queuehandlers.c:39
SC_ERR_GID_FAILED
@ SC_ERR_GID_FAILED
Definition: util-error.h:188
RUNMODE_PRINT_BUILDINFO
@ RUNMODE_PRINT_BUILDINFO
Definition: runmodes.h:48
DetectEngineCtxInitStubForDD
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
Definition: detect-engine.c:2042
LiveDevRegisterExtension
void LiveDevRegisterExtension(void)
Definition: util-device.c:492
SC_ERR_NFQ_NOSUPPORT
@ SC_ERR_NFQ_NOSUPPORT
Definition: util-error.h:97
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
AppLayerHtpPrintStats
void AppLayerHtpPrintStats(void)
Definition: app-layer-htp.c:2935
StatsSetupPostConfigPreOutput
void StatsSetupPostConfigPreOutput(void)
Definition: counters.c:873
SCInstance_::runmode_custom_mode
char * runmode_custom_mode
Definition: suricata.h:134
util-coredump-config.h
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:407
TmModuleReceiveNFQRegister
void TmModuleReceiveNFQRegister(void)
Definition: source-nfq.c:171
LiveBuildDeviceList
int LiveBuildDeviceList(const char *runmode)
Definition: util-device.c:307
util-lua.h
RunModeShutDown
void RunModeShutDown(void)
Definition: runmodes.c:519
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:80
DEFAULT_MTU
#define DEFAULT_MTU
Definition: decode.h:614
ippair-bit.h
SC_ERR_NOT_SUPPORTED
@ SC_ERR_NOT_SUPPORTED
Definition: util-error.h:257
SuricataContext_::AppLayerDecoderEventsFreeEvents
void(* AppLayerDecoderEventsFreeEvents)(AppLayerDecoderEvents **)
Definition: rust-context.h:34
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
threads.h
RUNMODE_LIST_RUNMODES
@ RUNMODE_LIST_RUNMODES
Definition: runmodes.h:46
sigint_count
volatile sig_atomic_t sigint_count
Definition: suricata.c:181
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
TmModuleRunDeInit
void TmModuleRunDeInit(void)
Definition: tm-modules.c:146
RegisterFlowBypassInfo
void RegisterFlowBypassInfo(void)
Definition: flow-util.c:223
SCSetThreadName
#define SCSetThreadName(n)
Definition: threads.h:307
HostInitConfig
void HostInitConfig(char quiet)
initialize the configuration
Definition: host.c:173
SC_ERR_NO_PCAP_SET_BUFFER_SIZE
@ SC_ERR_NO_PCAP_SET_BUFFER_SIZE
Definition: util-error.h:59
SCLogDeInitLogModule
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
Definition: util-debug.c:1513
util-pidfile.h
TmModuleDecodeErfFileRegister
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
Definition: source-erf-file.c:98
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:766
FlowInitConfig
void FlowInitConfig(char quiet)
initialize the configuration
Definition: flow.c:531
DetectEngineReloadSetIdle
void DetectEngineReloadSetIdle(void)
Definition: detect-engine.c:1563
SCInstance_::userid
uint32_t userid
Definition: suricata.h:140
RUNMODE_ERF_FILE
@ RUNMODE_ERF_FILE
Definition: runmodes.h:35
source-windivert-prototypes.h
SC_ERR_IPFW_NOSUPPORT
@ SC_ERR_IPFW_NOSUPPORT
Definition: util-error.h:109
DetectEngineGetCurrent
DetectEngineCtx * DetectEngineGetCurrent(void)
Definition: detect-engine.c:3231
TmModuleFlowRecyclerRegister
void TmModuleFlowRecyclerRegister(void)
Definition: flow-manager.c:1144
packet-queue.h
Daemonize
void Daemonize(void)
Daemonize the process.
Definition: util-daemon.c:101
UtilSignalHandlerSetup
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
Definition: util-signal.c:60
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:350
TmModuleDecodeAFPRegister
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
Definition: source-af-packet.c:546
RUNMODE_NFLOG
@ RUNMODE_NFLOG
Definition: runmodes.h:33
TmModuleDecodeWinDivertRegister
void TmModuleDecodeWinDivertRegister(void)
Definition: source-windivert.c:74
SURICATA_DEINIT
@ SURICATA_DEINIT
Definition: suricata.h:98
SURICATA_STOP
#define SURICATA_STOP
Definition: suricata.h:90
FlowForceReassembly
void FlowForceReassembly(void)
Force reassembly for all the flows that have unprocessed segments.
Definition: flow-timeout.c:468
DetectEngineAddToMaster
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:3956
TmModuleStatsLoggerRegister
void TmModuleStatsLoggerRegister(void)
Definition: output-stats.c:197
RegisterAllModules
void RegisterAllModules(void)
Definition: suricata.c:835
ENGINE_MODE_IPS
@ ENGINE_MODE_IPS
Definition: suricata.h:104
SCGetUserID
int SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
Definition: util-privs.c:149
RUNMODE_PCAP_DEV
@ RUNMODE_PCAP_DEV
Definition: runmodes.h:29
flow-bit.h
SupportFastPatternForSigMatchTypes
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
Definition: detect-fast-pattern.c:144
ConfDump
void ConfDump(void)
Dump configuration to stdout.
Definition: conf.c:779
rust.h
SCPledge
#define SCPledge(...)
Definition: util-privs.h:100
CheckValidDaemonModes
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
Definition: util-daemon.c:171
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:148
SCClassConfDeinit
void SCClassConfDeinit(void)
Definition: util-classification-config.c:87
LiveGetDeviceNameName
const char * LiveGetDeviceNameName(int number)
Get a pointer to the pre device name at idx.
Definition: util-device.c:217
ConfSetFinal
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:298
unittests_fatal
int unittests_fatal
Definition: util-unittest.c:52
TmThreadDisableReceiveThreads
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
Definition: tm-threads.c:1325
StatsInit
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
Definition: counters.c:861
util-privs.h
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:1991
RUNMODE_LIST_KEYWORDS
@ RUNMODE_LIST_KEYWORDS
Definition: runmodes.h:44
SURICATA_DONE
#define SURICATA_DONE
Definition: suricata.h:92
SCInstance_::conf_filename
const char * conf_filename
Definition: suricata.h:159
RUNMODE_NAPATECH
@ RUNMODE_NAPATECH
Definition: runmodes.h:40
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:315
TmModuleReceiveNetmapRegister
void TmModuleReceiveNetmapRegister(void)
Definition: source-netmap.c:90
PacketPoolPostRunmodes
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
Definition: tmqh-packetpool.c:512
TmModuleReceiveWinDivertRegister
void TmModuleReceiveWinDivertRegister(void)
Definition: source-windivert.c:61
app-layer-ftp.h
MAX
#define MAX(x, y)
Definition: suricata-common.h:381
TmModuleReceivePfringRegister
void TmModuleReceivePfringRegister(void)
Registration Function for RecievePfring.
Definition: source-pfring.c:163
HOST_VERBOSE
#define HOST_VERBOSE
Definition: host.h:92
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:79
SCProfilingDestroy
void SCProfilingDestroy(void)
Free resources used by profiling.
Definition: util-profiling.c:268
IsRunModeOffline
bool IsRunModeOffline(enum RunModes run_mode_to_check)
Definition: runmodes.c:501
SuricataContext_::FileSetTx
void(* FileSetTx)(FileContainer *, uint64_t)
Definition: rust-context.h:47
RunModeInitializeOutputs
void RunModeInitializeOutputs(void)
Definition: runmodes.c:713
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1165
SCThresholdConfGlobalInit
void SCThresholdConfGlobalInit(void)
Definition: util-threshold-config.c:104
DecodeUnregisterCounters
void DecodeUnregisterCounters(void)
Definition: decode.c:468
NFQInitConfig
void NFQInitConfig(char quiet)
To initialize the NFQ global configuration data.
Definition: source-nfq.c:209
RUNMODE_DAG
@ RUNMODE_DAG
Definition: runmodes.h:36
HostBitInitCtx
void HostBitInitCtx(void)
Definition: host-bit.c:49
EngineMode
EngineMode
Definition: suricata.h:102
SCInstance_::set_datadir
bool set_datadir
Definition: suricata.h:146
tmqh-packetpool.h
FileContainerSetTx
void FileContainerSetTx(FileContainer *ffc, uint64_t tx_id)
Definition: util-file.c:574
g_ut_covered
int g_ut_covered
Definition: suricata.c:833
util-unittest.h
TmModuleLoggerRegister
void TmModuleLoggerRegister(void)
Definition: output.c:1052
TmThreadDisablePacketThreads
void TmThreadDisablePacketThreads(void)
Disable all packet threads.
Definition: tm-threads.c:1429
host_mode
uint8_t host_mode
Definition: suricata.c:208
RUNMODE_NETMAP
@ RUNMODE_NETMAP
Definition: runmodes.h:38
util-unittest-helper.h
RUNMODE_DUMP_FEATURES
@ RUNMODE_DUMP_FEATURES
Definition: runmodes.h:59
FeatureDump
void FeatureDump(void)
Definition: feature.c:142
PacketPoolInit
void PacketPoolInit(void)
Definition: tmqh-packetpool.c:302
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:78
AppLayerDeSetup
int AppLayerDeSetup(void)
De initializes the app layer.
Definition: app-layer.c:818
TmThreadContinueThreads
void TmThreadContinueThreads()
Unpauses all threads present in tv_root.
Definition: tm-threads.c:1753
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
PcapTranslateIPToDevice
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
Definition: source-pcap.c:580
FlowDisableFlowRecyclerThread
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
Definition: flow-manager.c:1069
ParseSizeInit
void ParseSizeInit(void)
Definition: util-misc.c:36
GetIfaceMaxPacketSize
int GetIfaceMaxPacketSize(const char *pcap_dev)
output max packet size for a link
Definition: util-ioctl.c:132
TmModuleDecodePcapFileRegister
void TmModuleDecodePcapFileRegister(void)
Definition: source-pcap-file.c:126
TmModuleBypassedFlowManagerRegister
void TmModuleBypassedFlowManagerRegister(void)
Definition: flow-bypass.c:214
IPPairShutdown
void IPPairShutdown(void)
shutdown the flow engine
Definition: ippair.c:300
source-erf-dag.h
util-signal.h
DetectParseFreeRegexes
void DetectParseFreeRegexes(void)
Definition: detect-parse.c:2420
SC_ERR_UID_FAILED
@ SC_ERR_UID_FAILED
Definition: util-error.h:187
SC_ERR_SIZE_PARSE
@ SC_ERR_SIZE_PARSE
Definition: util-error.h:230
TmModuleDecodeNFLOGRegister
void TmModuleDecodeNFLOGRegister(void)
Definition: source-nflog.c:54
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:330
NFQParseAndRegisterQueues
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
Definition: source-nfq.c:865
AppLayerSetup
int AppLayerSetup(void)
Setup the app layer.
Definition: app-layer.c:803
FeatureTrackingRegister
void FeatureTrackingRegister(void)
Definition: feature.c:150
util-cidr.h
FilePrune
void FilePrune(FileContainer *ffc)
Definition: util-file.c:388
app-layer-htp.h
UnixManagerThreadSpawnNonRunmode
void UnixManagerThreadSpawnNonRunmode(void)
Definition: unix-manager.c:1252
IsRunModeSystem
bool IsRunModeSystem(enum RunModes run_mode_to_check)
Definition: runmodes.c:488
datasets.h
TmModuleDecodeNetmapRegister
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
Definition: source-netmap.c:100
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2015
feature.h
decode.h
util-device.h
util-debug.h
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:3972
sigterm_count
volatile sig_atomic_t sigterm_count
Definition: suricata.c:183
run_mode
int run_mode
Definition: suricata.c:200
source-nfq.h
SC_ERR_CMD_LINE
@ SC_ERR_CMD_LINE
Definition: util-error.h:227
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
TmThreadWaitOnThreadInit
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
Definition: tm-threads.c:1823
TmModuleVerdictNFQRegister
void TmModuleVerdictNFQRegister(void)
Definition: source-nfq.c:186
SURI_HOST_IS_ROUTER
@ SURI_HOST_IS_ROUTER
Definition: suricata.h:115
ConfYamlLoadFile
int ConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
Definition: conf-yaml-loader.c:416
RUNMODE_CONF_TEST
@ RUNMODE_CONF_TEST
Definition: runmodes.h:51
AppLayerRegisterGlobalCounters
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
Definition: app-layer.c:880
RunModeListRunmodes
void RunModeListRunmodes(void)
Lists all registered runmodes.
Definition: runmodes.c:235
RUNMODE_PRINT_USAGE
@ RUNMODE_PRINT_USAGE
Definition: runmodes.h:49
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
RUNMODE_LIST_APP_LAYERS
@ RUNMODE_LIST_APP_LAYERS
Definition: runmodes.h:45
util-cpu.h
suricata
SCInstance suricata
Definition: suricata.c:236
LiveSetOffloadDisable
void LiveSetOffloadDisable(void)
Definition: util-device.c:69
app-layer-dnp3.h
StatsSetupPostConfigPostOutput
void StatsSetupPostConfigPostOutput(void)
Definition: counters.c:878
EngineModeSetIDS
void EngineModeSetIDS(void)
Definition: suricata.c:258
TVT_PPT
@ TVT_PPT
Definition: tm-threads-common.h:85
SpmTableSetup
void SpmTableSetup(void)
Definition: util-spm.c:123
TmModuleReceiveAFPRegister
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
Definition: source-af-packet.c:326
LiveBuildDeviceListCustom
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
Definition: util-device.c:312
UnixSocketKillSocketThread
void UnixSocketKillSocketThread(void)
Definition: unix-manager.c:1247
TmModuleVerdictIPFWRegister
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
Definition: source-ipfw.c:175
flow-worker.h
SuricataContext_::FileAppendDataById
int(* FileAppendDataById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Definition: rust-context.h:41
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:276
util-reference-config.h
source-napatech.h
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:944
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:148
TmModuleVerdictWinDivertRegister
void TmModuleVerdictWinDivertRegister(void)
Definition: source-windivert.c:68
SCInstance_::progname
const char * progname
Definition: suricata.h:158
HostCleanup
void HostCleanup(void)
Cleanup the host engine.
Definition: host.c:343
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
FlowDisableFlowManagerThread
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
Definition: flow-manager.c:146
detect-engine-mpm.h
util-ebpf.h
SCInstance_::pcap_dev
char pcap_dev[128]
Definition: suricata.h:127
detect.h
SuricataMain
int SuricataMain(int argc, char **argv)
Definition: suricata.c:2694
UtilSignalUnblock
int UtilSignalUnblock(int signum)
Definition: util-signal.c:46
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3198
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:97
pkt-var.h
TmThreadClearThreadsFamily
void TmThreadClearThreadsFamily(int family)
Definition: tm-threads.c:1605
SC_ERR_PIDFILE_DAEMON
@ SC_ERR_PIDFILE_DAEMON
Definition: util-error.h:186
TmModuleRunInit
void TmModuleRunInit(void)
Definition: tm-modules.c:128
detect-engine-port.h
EngineModeSetIPS
void EngineModeSetIPS(void)
Definition: suricata.c:253
util-atomic.h
TVT_MGMT
@ TVT_MGMT
Definition: tm-threads-common.h:86
SCInstance_::user_name
const char * user_name
Definition: suricata.h:136
HTPAtExitPrintStats
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
Definition: app-layer-htp.c:2056
util-time.h
UtilSignalBlock
int UtilSignalBlock(int signum)
Definition: util-signal.c:29
SCProfilingPrefilterGlobalInit
void SCProfilingPrefilterGlobalInit(void)
Definition: util-profiling-prefilter.c:63
IPPairInitConfig
void IPPairInitConfig(char quiet)
initialize the configuration
Definition: ippair.c:168
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2422
GetProgramVersion
const char * GetProgramVersion(void)
get string with program version
Definition: suricata.c:1041
engine_analysis
int engine_analysis
app-layer-parser.h
SC_ERR_LIBCAP_NG_REQUIRED
@ SC_ERR_LIBCAP_NG_REQUIRED
Definition: util-error.h:190
TRUE
#define TRUE
Definition: suricata-common.h:33
SCGetGroupID
int SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
Definition: util-privs.c:213
TmModuleReceivePcapFileRegister
void TmModuleReceivePcapFileRegister(void)
Definition: source-pcap-file.c:112
source-pfring.h
SuricataContext_::FileCloseFileById
int(* FileCloseFileById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: rust-context.h:39
CoredumpLoadConfig
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
Definition: util-coredump-config.c:85
detect-engine-tag.h
IPFWRegisterQueue
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
Definition: source-ipfw.c:707
xstr
#define xstr(s)
Definition: suricata-common.h:272
util-profiling.h
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
AFPRunModeIsIPS
int AFPRunModeIsIPS()
Definition: runmode-af-packet.c:719
ListAppLayerProtocols
int ListAppLayerProtocols(const char *conf_filename)
Definition: util-running-modes.c:44
SCInstance_::offline
int offline
Definition: suricata.h:151
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:612
UtilCpuPrintSummary
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
Definition: util-cpu.c:169
TmThreadKillThreads
void TmThreadKillThreads(void)
Definition: tm-threads.c:1538
SC_ERR_FOPEN
@ SC_ERR_FOPEN
Definition: util-error.h:74
OutputDeregisterAll
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
Definition: output.c:833
PostConfLoadedDetectSetup
void PostConfLoadedDetectSetup(SCInstance *suri)
Definition: suricata.c:2303
EngineModeIsIDS
int EngineModeIsIDS(void)
Definition: suricata.c:248
TmModuleNapatechDecodeRegister
void TmModuleNapatechDecodeRegister(void)
Register the Napatech decoder module.
Definition: source-napatech.c:163
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:33
conf-yaml-loader.h
StreamTcpFreeConfig
void StreamTcpFreeConfig(char quiet)
Definition: stream-tcp.c:668
SC_WARN_FASTER_CAPTURE_AVAILABLE
@ SC_WARN_FASTER_CAPTURE_AVAILABLE
Definition: util-error.h:308
coverage_unittests
int coverage_unittests
Definition: suricata.c:831
RUNMODE_DUMP_CONFIG
@ RUNMODE_DUMP_CONFIG
Definition: runmodes.h:50
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:667
conf.h
source-ipfw.h
TMM_SIZE
@ TMM_SIZE
Definition: tm-threads-common.h:73
source-netmap.h
OutputNotifyFileRotation
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
Definition: output.c:904
util-magic.h
StorageFinalize
int StorageFinalize(void)
Definition: util-storage.c:139
SCInstance_::verbose
int verbose
Definition: suricata.h:152
util-radix-tree.h
TmEcode
TmEcode
Definition: tm-threads-common.h:77
source-windivert.h
FileOpenFileWithId
int FileOpenFileWithId(FileContainer *ffc, const StreamingBufferConfig *sbcfg, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags)
Open a new File.
Definition: util-file.c:918
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:352
SCInstance_::aux_run_mode
enum RunModes aux_run_mode
Definition: suricata.h:125
LiveGetDeviceNameCount
int LiveGetDeviceNameCount(void)
Get the number of pre registered devices.
Definition: util-device.c:197
flow-timeout.h
DEFAULT_PID_FILENAME
#define DEFAULT_PID_FILENAME
Definition: suricata.h:84
reputation.h
util-action.h
sighup_count
volatile sig_atomic_t sighup_count
Definition: suricata.c:182
ConfigSetDataDirectory
TmEcode ConfigSetDataDirectory(char *name)
Definition: util-conf.c:69
TmModuleDecodeErfDagRegister
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
Definition: source-erf-dag.c:153
SCInstance_::set_logdir
bool set_logdir
Definition: suricata.h:145
SCDropMainThreadCaps
#define SCDropMainThreadCaps(...)
Definition: util-privs.h:38
TmModuleDebugList
void TmModuleDebugList(void)
Definition: tm-modules.c:35
TmModuleDecodeNFQRegister
void TmModuleDecodeNFQRegister(void)
Definition: source-nfq.c:195
util-proto-name.h
STREAM_VERBOSE
#define STREAM_VERBOSE
Definition: stream-tcp.h:33
defrag.h
MpmTableSetup
void MpmTableSetup(void)
Definition: util-mpm.c:269
SCInstance_::log_dir
const char * log_dir
Definition: suricata.h:157
runmodes.h
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:263
source-nfq-prototypes.h
FileAppendDataById
int FileAppendDataById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer...
Definition: util-file.c:731
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
TmModuleReceiveNFLOGRegister
void TmModuleReceiveNFLOGRegister(void)
Definition: source-nflog.c:48
SC_ERR_INVALID_YAML_CONF_ENTRY
@ SC_ERR_INVALID_YAML_CONF_ENTRY
Definition: util-error.h:169
SCLogMessage
SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigned int line, const char *function, const SCError error_code, const char *message)
Adds the global log_format to the outgoing buffer.
Definition: util-debug.c:541
DEFAULT_PACKET_SIZE
#define DEFAULT_PACKET_SIZE
Definition: decode.h:617
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:37
DetectEngineStateFree
void DetectEngineStateFree(DetectEngineState *state)
Frees a DetectEngineState object.
Definition: detect-engine-state.c:175
util-host-os-info.h
TmModuleReceiveErfFileRegister
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-file.c:79
TmModule_
Definition: tm-modules.h:43
default_packet_size
uint32_t default_packet_size
Definition: decode.c:71
tm-queuehandlers.h
SuricataContext_::FilePrune
void(* FilePrune)(FileContainer *ffc)
Definition: rust-context.h:46
DETECT_ENGINE_TYPE_NORMAL
@ DETECT_ENGINE_TYPE_NORMAL
Definition: detect.h:753
PROG_NAME
#define PROG_NAME
Definition: suricata.h:71
TmThreadKillThreadsFamily
void TmThreadKillThreadsFamily(int family)
Definition: tm-threads.c:1509
detect-fast-pattern.h
app-layer-modbus.h
FeatureTrackingRelease
void FeatureTrackingRelease(void)
Definition: feature.c:134
SuricataContext_::FileAppendGAPById
int(* FileAppendGAPById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Definition: rust-context.h:43
app-layer-enip.h
TmqhCleanup
void TmqhCleanup(void)
Clean up registration time allocs.
Definition: tm-queuehandlers.c:49
RUNMODE_PFRING
@ RUNMODE_PFRING
Definition: runmodes.h:31
SC_ERR_NO_RULES_LOADED
@ SC_ERR_NO_RULES_LOADED
Definition: util-error.h:73
flow-manager.h
DecodeGlobalConfig
void DecodeGlobalConfig(void)
Definition: decode.c:733
SCInstance_::strict_rule_parsing_string
char * strict_rule_parsing_string
Definition: suricata.h:160
SuriHasSigFile
int SuriHasSigFile(void)
Definition: suricata.c:238
suricata-common.h
g_default_mtu
int g_default_mtu
Definition: suricata.c:220
sc_set_caps
int sc_set_caps
Definition: suricata.c:217
DetectEngineCtxInitStubForMT
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
Definition: detect-engine.c:2037
tm-queues.h
util-daemon.h
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:683
SCHInfoLoadFromConfig
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
Definition: util-host-os-info.c:333
DetectEngineBumpVersion
void DetectEngineBumpVersion(void)
Definition: detect-engine.c:3222
util-decode-mime.h
AppLayerDecoderEventsSetEventRaw
void AppLayerDecoderEventsSetEventRaw(AppLayerDecoderEvents **sevents, uint8_t event)
Set an app layer decoder event.
Definition: app-layer-events.c:89
SC_ERR_PCAP_TRANSLATE
@ SC_ERR_PCAP_TRANSLATE
Definition: util-error.h:233
TmModuleFlowManagerRegister
void TmModuleFlowManagerRegister(void)
Definition: flow-manager.c:1130
util-spm.h
SCPidfileTestRunning
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
Definition: util-pidfile.c:105
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
HostShutdown
void HostShutdown(void)
shutdown the flow engine
Definition: host.c:305
DOC_URL
#define DOC_URL
Definition: suricata.h:86
TmModuleDecodePfringRegister
void TmModuleDecodePfringRegister(void)
Registration Function for DecodePfring.
Definition: source-pfring.c:180
LiveSetOffloadWarn
void LiveSetOffloadWarn(void)
Definition: util-device.c:74
ParseSizeDeinit
void ParseSizeDeinit(void)
Definition: util-misc.c:55
util-classification-config.h
RunModeRegisterRunModes
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
Definition: runmodes.c:209
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(x,...)
Definition: util-debug.h:532
ConfGetChildValueBool
int ConfGetChildValueBool(const ConfNode *base, const char *name, int *val)
Definition: conf.c:529
SCProfilingDump
void SCProfilingDump(void)
Definition: util-profiling.c:294
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:390
SCInstance_::sig_file
char * sig_file
Definition: suricata.h:128
SC_ERR_NO_AF_PACKET
@ SC_ERR_NO_AF_PACKET
Definition: util-error.h:225
ParseSizeStringU32
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:186
SC_ERR_BPF
@ SC_ERR_BPF
Definition: util-error.h:157
TmModuleReceiveErfDagRegister
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-dag.c:134
DetectEngineMultiTenantSetup
int DetectEngineMultiTenantSetup(void)
setup multi-detect / multi-tenancy
Definition: detect-engine.c:3606
IPPairBitInitCtx
void IPPairBitInitCtx(void)
Definition: ippair-bit.c:49
SCClassConfInit
void SCClassConfInit(void)
Definition: util-classification-config.c:64
RunmodeGetCurrent
int RunmodeGetCurrent(void)
Definition: suricata.c:271
ConfigSetLogDirectory
TmEcode ConfigSetLogDirectory(const char *name)
Definition: util-conf.c:31
CIDRInit
void CIDRInit(void)
Definition: util-cidr.c:31
threadvars.h
TmModuleDecodeIPFWRegister
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
Definition: source-ipfw.c:191
source-af-packet.h
RUNMODE_NFQ
@ RUNMODE_NFQ
Definition: runmodes.h:32
ConfSetFromString
int ConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
Definition: conf.c:244
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
g_vlan_mask
uint16_t g_vlan_mask
Definition: suricata.c:233
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:535
sigusr2_count
volatile sig_atomic_t sigusr2_count
Definition: suricata.c:184
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:53
RUNMODE_PRINT_VERSION
@ RUNMODE_PRINT_VERSION
Definition: runmodes.h:47
TmModuleDecodePcapRegister
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
Definition: source-pcap.c:123
util-running-modes.h
unix-manager.h
LiveDeviceListClean
int LiveDeviceListClean()
Definition: util-device.c:347
str
#define str(s)
Definition: suricata-common.h:273
ConfigCheckDataDirectory
TmEcode ConfigCheckDataDirectory(const char *data_dir)
Definition: util-conf.c:102
SCInstance_::sig_file_exclusive
int sig_file_exclusive
Definition: suricata.h:129
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:214
ConfigGetLogDirectory
const char * ConfigGetLogDirectory()
Definition: util-conf.c:36
DetectEngineReloadStart
int DetectEngineReloadStart(void)
Definition: detect-engine.c:1537
SC_ERR_NO_NETMAP
@ SC_ERR_NO_NETMAP
Definition: util-error.h:294
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:244
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DEFAULT_CONF_FILE
#define DEFAULT_CONF_FILE
Definition: suricata.h:80
ConfNode_
Definition: conf.h:32
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:223
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
TmModuleReceivePcapRegister
void TmModuleReceivePcapRegister(void)
Registration Function for RecievePcap.
Definition: source-pcap.c:109
util-ioctl.h
detect-parse.h
SCInstance_::system
bool system
Definition: suricata.h:144
SCInstance_::pid_filename
char * pid_filename
Definition: suricata.h:130
TmModuleRespondRejectRegister
void TmModuleRespondRejectRegister(void)
Definition: respond-reject.c:49
CoredumpEnable
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
Definition: util-coredump-config.c:53
RunUnittests
void RunUnittests(int list_unittests, const char *regex_arg)
Definition: runmode-unittests.c:219
source-erf-file.h
ConfigCheckLogDirectoryExists
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
Definition: util-conf.c:54
StreamTcpInitConfig
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
TimeDeinit
void TimeDeinit(void)
Definition: util-time.c:85
PacketAlertTagInit
void PacketAlertTagInit(void)
Definition: detect-engine-alert.c:37
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2047
tmqh-flow.h
RUNMODE_WINDIVERT
@ RUNMODE_WINDIVERT
Definition: runmodes.h:42
SCProfilingRulesGlobalInit
void SCProfilingRulesGlobalInit(void)
Definition: util-profiling-rules.c:114
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:243
SC_ERR_MEM_ALLOC
@ SC_ERR_MEM_ALLOC
Definition: util-error.h:31
TmModuleNapatechStreamRegister
void TmModuleNapatechStreamRegister(void)
Register the Napatech receiver (reader) module.
Definition: source-napatech.c:130
SCProfilingKeywordsGlobalInit
void SCProfilingKeywordsGlobalInit(void)
Definition: util-profiling-keywords.c:69
suricata.h
ConfGetValue
int ConfGetValue(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:359
SC_ERR_NFLOG_NOSUPPORT
@ SC_ERR_NFLOG_NOSUPPORT
Definition: util-error.h:278
EngineDone
void EngineDone(void)
Used to indicate that the current task is done.
Definition: suricata.c:401
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:38
app-layer-smb.h
GetDocURL
const char * GetDocURL(void)
Definition: suricata.c:1020
util-mpm-hs.h
SC_ERR_LOGDIR_CMDLINE
@ SC_ERR_LOGDIR_CMDLINE
Definition: util-error.h:147
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
Definition: suricata.c:2029
context
SuricataContext context
Definition: suricata.c:2641
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:721
SuricataContext_::FileOpenFileWithId
int(* FileOpenFileWithId)(FileContainer *, const StreamingBufferConfig *, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: rust-context.h:36
SC_ERR_LIBNET_NOT_ENABLED
@ SC_ERR_LIBNET_NOT_ENABLED
Definition: util-error.h:178
NFQContextsClean
void NFQContextsClean()
Clean global contexts. Must be called on exit.
Definition: source-nfq.c:1279
SuricataContext_::FileContainerRecycle
void(* FileContainerRecycle)(FileContainer *ffc)
Definition: rust-context.h:45
ConfSet
int ConfSet(const char *name, const char *val)
Set a configuration value.
Definition: conf.c:219
DetectEngineReload
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
Definition: detect-engine.c:4062
SCInstance_::do_setgid
uint8_t do_setgid
Definition: suricata.h:139
DEFAULT_MAX_PENDING_PACKETS
#define DEFAULT_MAX_PENDING_PACKETS
Definition: suricata.c:194
SCInstance_
Definition: suricata.h:123
TmThreadCheckThreadState
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
Definition: tm-threads.c:1799
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:2649
SC_ERR_INITIALIZATION
@ SC_ERR_INITIALIZATION
Definition: util-error.h:75
SCInstance_::disabled_detect
int disabled_detect
Definition: suricata.h:149
app-layer-smtp.h
FileCloseFileById
int FileCloseFileById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: util-file.c:1028
SCProfilingSghsGlobalInit
void SCProfilingSghsGlobalInit(void)
Definition: util-profiling-rulegroups.c:71
SCPidfileCreate
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
Definition: util-pidfile.c:41
LiveRegisterDeviceName
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
Definition: util-device.c:95
ENGINE_MODE_IDS
@ ENGINE_MODE_IDS
Definition: suricata.h:103
LiveDeviceFinalize
void LiveDeviceFinalize(void)
Definition: util-device.c:469
PROG_VER
#define PROG_VER
Definition: suricata.h:72
util-misc.h
PacketPoolDestroy
void PacketPoolDestroy(void)
Definition: tmqh-packetpool.c:335
HTPFreeConfig
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
Definition: app-layer-htp.c:2069
flow.h
respond-reject.h
SCInstance_::regex_arg
char * regex_arg
Definition: suricata.h:131
ListKeywords
int ListKeywords(const char *keyword_info)
Definition: util-running-modes.c:33
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:232
SCProtoNameDeInit
void SCProtoNameDeInit()
Function to clears the memory used in storing the protocol names.
Definition: util-proto-name.c:106
FileContainerRecycle
void FileContainerRecycle(FileContainer *ffc)
Recycle a FileContainer.
Definition: util-file.c:440
StatsReleaseResources
void StatsReleaseResources()
Releases the resources alloted by the Stats API.
Definition: counters.c:1252
RUNMODE_AFP_DEV
@ RUNMODE_AFP_DEV
Definition: runmodes.h:37
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
SCPidfileRemove
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
Definition: util-pidfile.c:83
flow-var.h
SC_ERR_NAPATECH_REQUIRED
@ SC_ERR_NAPATECH_REQUIRED
Definition: util-error.h:249
ThresholdInit
void ThresholdInit(void)
Definition: detect-engine-threshold.c:80
SuricataContext_
Definition: rust-context.h:28
TimeInit
void TimeInit(void)
Definition: util-time.c:77
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
SCInstance_::keyword_info
char * keyword_info
Definition: suricata.h:133
SC_ERR_LOGDIR_CONFIG
@ SC_ERR_LOGDIR_CONFIG
Definition: util-error.h:146
SC_ERR_MULTIPLE_RUN_MODE
@ SC_ERR_MULTIPLE_RUN_MODE
Definition: util-error.h:156
SCInstance_::do_setuid
uint8_t do_setuid
Definition: suricata.h:138
SURI_HOST_IS_SNIFFER_ONLY
@ SURI_HOST_IS_SNIFFER_ONLY
Definition: suricata.h:114
app-layer-ssl.h
NetmapRunModeIsIPS
int NetmapRunModeIsIPS(void)
SCProfilingInit
void SCProfilingInit(void)
Initialize profiling.
Definition: util-profiling.c:140
g_ut_modules
int g_ut_modules
Definition: suricata.c:832
detect-engine-address.h
RUNMODE_IPFW
@ RUNMODE_IPFW
Definition: runmodes.h:34
output.h
util-storage.h
DetectEngineCtx_::failure_fatal
int failure_fatal
Definition: detect.h:768
util-threshold-config.h
DefragInit
void DefragInit(void)
Definition: defrag.c:1064
DetectEngineReloadIsStart
int DetectEngineReloadIsStart(void)
Definition: detect-engine.c:1551
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:197
host-bit.h
detect-engine-threshold.h
RunModeDispatch
void RunModeDispatch(int runmode, const char *custom_mode)
Definition: runmodes.c:278
SC_ERR_NO_PF_RING
@ SC_ERR_NO_PF_RING
Definition: util-error.h:60
RUNMODE_LIST_UNITTEST
@ RUNMODE_LIST_UNITTEST
Definition: runmodes.h:52
app-layer.h
TagDestroyCtx
void TagDestroyCtx(void)
Destroy tag context hash tables.
Definition: detect-engine-tag.c:71
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1226
g_disable_randomness
int g_disable_randomness
Definition: suricata.c:226
GetIfaceMTU
int GetIfaceMTU(const char *pcap_dev)
output the link MTU
Definition: util-ioctl.c:91
MpmHSGlobalCleanup
void MpmHSGlobalCleanup(void)
TmqResetQueues
void TmqResetQueues(void)
Definition: tm-queues.c:80