Go to the documentation of this file.
34 #ifdef HAVE_SYS_RESOURCE_H
36 #include <sys/resource.h>
143 #ifdef SYSTEMD_NOTIFY
168 #define DEFAULT_MAX_PENDING_PACKETS 1024
193 #ifndef AFLFUZZ_NO_RANDOM
283 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
284 static void SignalHandlerSigint(
int sig)
288 static void SignalHandlerSigterm(
int sig)
294 #define UNW_LOCAL_ONLY
295 #include <libunwind.h>
296 static void SignalHandlerUnexpected(
int sig_num, siginfo_t *info,
void *context)
301 signal(SIGABRT, SIG_DFL);
302 signal(SIGSEGV, SIG_DFL);
304 if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
305 SCLogError(
"unable to obtain stack trace: unw_init_local: %s", unw_strerror(r));
314 if (unw_is_signal_frame(&cursor) == 0) {
317 if (unw_get_proc_name(&cursor,
name,
sizeof(
name), &off) == UNW_ENOMEM) {
326 r = unw_step(&cursor);
336 kill(getpid(), sig_num);
338 #undef UNW_LOCAL_ONLY
348 static void SignalHandlerSigusr2(
int sig)
358 static void SignalHandlerSigHup(
int sig)
411 #ifdef HAVE_AF_PACKET
419 #ifdef BUILD_HYPERSCAN
440 static void OnNotifyRunning(
void)
442 #ifdef SYSTEMD_NOTIFY
468 static int SetBpfString(
int argc,
char *argv[])
470 char *bpf_filter = NULL;
471 uint32_t bpf_len = 0;
476 while(argv[tmpindex] != NULL) {
477 bpf_len+=strlen(argv[tmpindex]) + 1;
489 while(argv[tmpindex] != NULL) {
490 strlcat(bpf_filter, argv[tmpindex],bpf_len);
491 if(argv[tmpindex + 1] != NULL) {
492 strlcat(bpf_filter,
" ", bpf_len);
497 if(strlen(bpf_filter) > 0) {
509 static void SetBpfStringFromFile(
char *filename)
511 char *bpf_filter = NULL;
512 char *bpf_comment_tmp = NULL;
513 char *bpf_comment_start = NULL;
519 fp = fopen(filename,
"r");
521 SCLogError(
"Failed to open file %s", filename);
526 SCLogError(
"Failed to stat file %s", filename);
530 bpf_len = ((size_t)(st.st_size)) + 1;
534 SCLogError(
"Failed to allocate buffer for bpf filter in file %s", filename);
538 nm = fread(bpf_filter, 1, bpf_len - 1, fp);
539 if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
540 SCLogError(
"Failed to read complete BPF file %s", filename);
546 bpf_filter[nm] =
'\0';
548 if(strlen(bpf_filter) > 0) {
550 bpf_comment_start = bpf_filter;
551 while((bpf_comment_tmp = strchr(bpf_comment_start,
'#')) != NULL) {
552 while((*bpf_comment_tmp !=
'\0') &&
553 (*bpf_comment_tmp !=
'\r') && (*bpf_comment_tmp !=
'\n'))
555 *bpf_comment_tmp++ =
' ';
557 bpf_comment_start = bpf_comment_tmp;
560 while((bpf_comment_tmp = strchr(bpf_filter,
'\r')) != NULL) {
561 *bpf_comment_tmp =
' ';
563 while((bpf_comment_tmp = strchr(bpf_filter,
'\n')) != NULL) {
564 *bpf_comment_tmp =
' ';
567 while (strlen(bpf_filter) > 0 &&
568 bpf_filter[strlen(bpf_filter)-1] ==
' ')
570 bpf_filter[strlen(bpf_filter)-1] =
'\0';
572 if (strlen(bpf_filter) > 0) {
582 static void PrintUsage(
const char *progname)
589 printf(
"USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
590 printf(
"\t-c <path> : path to configuration file\n");
591 printf(
"\t-T : test configuration file (use with -c)\n");
592 printf(
"\t-i <dev or ip> : run in pcap live mode\n");
593 printf(
"\t-F <bpf filter file> : bpf filter file\n");
594 printf(
"\t-r <path> : run in pcap file/offline mode\n");
596 printf(
"\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
599 printf(
"\t-d <divert port> : run in inline ipfw divert mode\n");
601 printf(
"\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
602 printf(
"\t-S <path> : path to signature file loaded exclusively (optional)\n");
603 printf(
"\t-l <dir> : default log directory\n");
605 printf(
"\t-D : run as daemon\n");
607 printf(
"\t--service-install : install as service\n");
608 printf(
"\t--service-remove : remove service\n");
609 printf(
"\t--service-change-params : change service startup parameters\n");
611 printf(
"\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
612 printf(
"\t-V : display Suricata version\n");
613 printf(
"\t-v : be more verbose (use multiple times to increase verbosity)\n");
615 printf(
"\t-u : run the unittests and exit\n");
616 printf(
"\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
617 printf(
"\t--list-unittests : list unit tests\n");
618 printf(
"\t--fatal-unittests : enable fatal failure on unittest error\n");
619 printf(
"\t--unittests-coverage : display unittest coverage report\n");
621 printf(
"\t--firewall-rules-exclusive=<path> : path to firewall rule file loaded "
623 printf(
"\t--list-app-layer-protos : list supported app layer protocols\n");
624 printf(
"\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
625 printf(
"\t--list-runmodes : list supported runmodes\n");
626 printf(
"\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
627 "\t supplied should be the id for the runmode obtained by running\n"
628 "\t --list-runmodes\n");
629 printf(
"\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
630 "\t Please have a look at the conf parameter engine-analysis on what reports\n"
631 "\t can be printed\n");
632 printf(
"\t--pidfile <file> : write pid to this file\n");
633 printf(
"\t--init-errors-fatal : enable fatal failure on signature init error\n");
634 printf(
"\t--disable-detection : disable detection engine\n");
635 printf(
"\t--dump-config : show the running configuration\n");
636 printf(
"\t--dump-features : display provided features\n");
637 printf(
"\t--build-info : display build information\n");
638 printf(
"\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
639 printf(
"\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
640 printf(
"\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
641 printf(
"\t--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)\n");
642 printf(
"\t--pcap-file-buffer-size : set read buffer size (setvbuf)\n");
643 #ifdef HAVE_PCAP_SET_BUFF
644 printf(
"\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
647 printf(
"\t--dpdk : run in dpdk mode, uses interfaces from "
650 #ifdef HAVE_AF_PACKET
651 printf(
"\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
654 printf(
"\t--af-xdp[=<dev>] : run in af-xdp mode, no value select "
655 "interfaces from suricata.yaml\n");
658 printf(
"\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
661 printf(
"\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
662 printf(
"\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
663 printf(
"\t--pfring-cluster-id <id> : pfring cluster id \n");
664 printf(
"\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
666 printf(
"\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
667 #ifdef HAVE_LIBCAP_NG
668 printf(
"\t--user <user> : run suricata as this user after init\n");
669 printf(
"\t--group <group> : run suricata as this group after init\n");
671 printf(
"\t--erf-in <path> : process an ERF file\n");
673 printf(
"\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
675 #ifdef BUILD_UNIX_SOCKET
676 printf(
"\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
679 printf(
"\t--windivert <filter> : run in inline WinDivert mode\n");
680 printf(
"\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
683 printf(
"\t--reject-dev <dev> : send reject packets from this interface\n");
685 printf(
"\t--include <path> : additional configuration file\n");
686 printf(
"\t--set name=value : set a configuration value\n");
688 printf(
"\nTo run the engine with default configuration on "
689 "interface eth0 with signature file \"signatures.rules\", run the "
690 "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
694 static void PrintBuildInfo(
void)
698 char features[2048] =
"";
703 strlcat(features,
"DEBUG ",
sizeof(features));
705 #ifdef DEBUG_VALIDATION
706 strlcat(features,
"DEBUG_VALIDATION ",
sizeof(features));
709 strlcat(features,
"UNITTESTS ",
sizeof(features));
712 strlcat(features,
"NFQ ",
sizeof(features));
715 strlcat(features,
"IPFW ",
sizeof(features));
717 #ifdef HAVE_PCAP_SET_BUFF
718 strlcat(features,
"PCAP_SET_BUFF ",
sizeof(features));
721 strlcat(features,
"PF_RING ",
sizeof(features));
724 strlcat(features,
"NAPATECH ",
sizeof(features));
726 #ifdef HAVE_AF_PACKET
727 strlcat(features,
"AF_PACKET ",
sizeof(features));
730 strlcat(features,
"NETMAP ",
sizeof(features));
732 #ifdef HAVE_PACKET_FANOUT
733 strlcat(features,
"HAVE_PACKET_FANOUT ",
sizeof(features));
736 strlcat(features,
"DAG ",
sizeof(features));
738 #ifdef HAVE_LIBCAP_NG
739 strlcat(features,
"LIBCAP_NG ",
sizeof(features));
742 strlcat(features,
"LIBNET1.1 ",
sizeof(features));
744 strlcat(features,
"HAVE_HTP_URI_NORMALIZE_HOOK ",
sizeof(features));
745 #ifdef PCRE2_HAVE_JIT
746 strlcat(features,
"PCRE_JIT ",
sizeof(features));
749 strlcat(features,
"HAVE_NSS ",
sizeof(features));
751 strlcat(features,
"HTTP2_DECOMPRESSION ",
sizeof(features));
753 strlcat(features,
"HAVE_LUA ",
sizeof(features));
755 strlcat(features,
"HAVE_JA3 ",
sizeof(features));
758 strlcat(features,
"HAVE_JA4 ",
sizeof(features));
760 strlcat(features,
"HAVE_LIBJANSSON ",
sizeof(features));
762 strlcat(features,
"PROFILING ",
sizeof(features));
764 #ifdef PROFILE_LOCKING
765 strlcat(features,
"PROFILE_LOCKING ",
sizeof(features));
767 #if defined(TLS_C11) || defined(TLS_GNU)
768 strlcat(features,
"TLS ",
sizeof(features));
771 strlcat(features,
"TLS_C11 ",
sizeof(features));
772 #elif defined(TLS_GNU)
773 strlcat(features,
"TLS_GNU ",
sizeof(features));
776 strlcat(features,
"MAGIC ",
sizeof(features));
778 strlcat(features,
"RUST ",
sizeof(features));
779 #if defined(SC_ADDRESS_SANITIZER)
780 strlcat(features,
"ASAN ",
sizeof(features));
782 #if defined(HAVE_POPCNT64)
783 strlcat(features,
"POPCNT64 ",
sizeof(features));
785 if (strlen(features) == 0) {
786 strlcat(features,
"none",
sizeof(features));
789 printf(
"Features: %s\n", features);
792 memset(features, 0x00,
sizeof(features));
793 #if defined(__SSE4_2__)
794 strlcat(features,
"SSE_4_2 ",
sizeof(features));
796 #if defined(__SSE4_1__)
797 strlcat(features,
"SSE_4_1 ",
sizeof(features));
799 #if defined(__SSE3__)
800 strlcat(features,
"SSE_3 ",
sizeof(features));
802 #if defined(__SSE2__)
803 strlcat(features,
"SSE_2 ",
sizeof(features));
805 if (strlen(features) == 0) {
806 strlcat(features,
"none",
sizeof(features));
808 printf(
"SIMD support: %s\n", features);
811 memset(features, 0x00,
sizeof(features));
812 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
813 strlcat(features,
"1 ",
sizeof(features));
815 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
816 strlcat(features,
"2 ",
sizeof(features));
818 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
819 strlcat(features,
"4 ",
sizeof(features));
821 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
822 strlcat(features,
"8 ",
sizeof(features));
824 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
825 strlcat(features,
"16 ",
sizeof(features));
827 if (strlen(features) == 0) {
828 strlcat(features,
"none",
sizeof(features));
830 strlcat(features,
"byte(s)",
sizeof(features));
832 printf(
"Atomic intrinsics: %s\n", features);
836 #elif __WORDSIZE == 32
839 bits =
"<unknown>-bits";
842 #if __BYTE_ORDER == __BIG_ENDIAN
843 endian =
"Big-endian";
844 #elif __BYTE_ORDER == __LITTLE_ENDIAN
845 endian =
"Little-endian";
847 endian =
"<unknown>-endian";
850 printf(
"%s, %s architecture\n", bits, endian);
852 printf(
"GCC version %s, C version %"PRIiMAX
"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
854 printf(
"C version %"PRIiMAX
"\n", (intmax_t)__STDC_VERSION__);
858 printf(
"compiled with -fstack-protector\n");
861 printf(
"compiled with -fstack-protector-all\n");
870 #if _FORTIFY_SOURCE == 2
871 printf(
"compiled with _FORTIFY_SOURCE=2\n");
872 #elif _FORTIFY_SOURCE == 1
873 printf(
"compiled with _FORTIFY_SOURCE=1\n");
874 #elif _FORTIFY_SOURCE == 0
875 printf(
"compiled with _FORTIFY_SOURCE=0\n");
878 printf(
"L1 cache line size (CLS)=%d\n",
CLS);
881 tls =
"_Thread_local";
882 #elif defined(TLS_GNU)
885 #error "Unsupported thread local"
887 printf(
"thread local storage method: %s\n", tls);
889 printf(
"compiled with %s\n", htp_get_version());
891 #include "build-info.h"
987 static TmEcode ParseInterfacesList(
const int runmode,
char *pcap_dev)
993 if (strlen(pcap_dev) == 0) {
996 SCLogError(
"No interface found in config for pcap");
1003 if (strlen(pcap_dev)) {
1005 SCLogError(
"Failed to set pfring.live-interface");
1012 char iface_selector[] =
"dpdk.interfaces";
1015 SCLogError(
"No interface found in config for %s", iface_selector);
1019 #ifdef HAVE_AF_PACKET
1022 if (strlen(pcap_dev)) {
1024 SCLogError(
"Failed to set af-packet.live-interface");
1030 SCLogError(
"No interface found in config for af-packet");
1038 if (strlen(pcap_dev)) {
1040 SCLogError(
"Failed to set af-xdp.live-interface");
1046 SCLogError(
"No interface found in config for af-xdp");
1054 if (strlen(pcap_dev)) {
1056 SCLogError(
"Failed to set netmap.live-interface");
1062 SCLogError(
"No interface found in config for netmap");
1071 SCLogError(
"No group found in config for nflog");
1080 static void SCInstanceInit(
SCInstance *suri,
const char *progname)
1082 memset(suri, 0x00,
sizeof(*suri));
1109 #if HAVE_DETECT_DISABLED==1
1119 if (strstr(prog_ver,
"RELEASE") != NULL) {
1139 if (strstr(
PROG_VER,
"-dev") == NULL) {
1150 static TmEcode PrintVersion(
void)
1158 const char *mode = suri->
system ?
"SYSTEM" :
"USER";
1159 SCLogNotice(
"This is %s version %s running in %s mode",
1170 static void SCPrintElapsedTime(
struct timeval *start_time)
1172 if (start_time == NULL)
1174 struct timeval end_time;
1175 memset(&end_time, 0,
sizeof(end_time));
1176 gettimeofday(&end_time, NULL);
1177 uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1178 (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1179 SCLogInfo(
"time elapsed %.3fs", (
float)milliseconds/(
float)1000);
1182 static int ParseCommandLineAfpacket(
SCInstance *suri,
const char *in_arg)
1184 #ifdef HAVE_AF_PACKET
1196 SCLogInfo(
"Multiple af-packet option without interface on each is useless");
1200 "has been specified");
1206 SCLogError(
"AF_PACKET not enabled. On Linux "
1207 "host, make sure to pass --enable-af-packet to "
1208 "configure when building.");
1213 static int ParseCommandLineAfxdp(
SCInstance *suri,
const char *in_arg)
1227 SCLogInfo(
"Multiple af-xdp options without interface on each is useless");
1231 "has been specified");
1238 "host, make sure correct libraries are installed,"
1239 " see documentation for information.");
1244 static int ParseCommandLineDpdk(
SCInstance *suri,
const char *in_arg)
1250 SCLogInfo(
"Multiple dpdk options have no effect on Suricata");
1253 "has been specified");
1260 "host, make sure to pass --enable-dpdk to "
1261 "configure when building.");
1266 static int ParseCommandLinePcapLive(
SCInstance *suri,
const char *in_arg)
1268 #if defined(OS_WIN32) && !defined(HAVE_LIBWPCAP)
1270 FatalError(
"Live capture not available. To support live capture compile against Npcap.");
1274 if (in_arg != NULL) {
1277 if (strlen(in_arg) > 9 && strncmp(in_arg,
"DeviceNPF", 9) == 0) {
1278 snprintf(suri->
pcap_dev,
sizeof(suri->
pcap_dev),
"\\Device\\NPF%s", in_arg+9);
1284 if (strcmp(suri->
pcap_dev, in_arg) != 0) {
1286 }
else if (strlen(suri->
pcap_dev) > 0 && isdigit((
unsigned char)suri->
pcap_dev[0])) {
1287 SCLogError(
"failed to find a pcap device for IP %s", in_arg);
1301 "has been specified");
1311 static bool IsLogDirectoryWritable(
const char*
str)
1313 if (access(
str, W_OK) == 0)
1325 int dump_config = 0;
1326 int dump_features = 0;
1327 int list_app_layer_protocols = 0;
1328 int list_unittests = 0;
1329 int list_runmodes = 0;
1330 int list_keywords = 0;
1343 struct option long_opts[] = {
1344 {
"dump-config", 0, &dump_config, 1},
1345 {
"dump-features", 0, &dump_features, 1},
1346 {
"pfring", optional_argument, 0, 0},
1347 {
"pfring-int", required_argument, 0, 0},
1348 {
"pfring-cluster-id", required_argument, 0, 0},
1349 {
"pfring-cluster-type", required_argument, 0, 0},
1353 {
"af-packet", optional_argument, 0, 0},
1354 {
"af-xdp", optional_argument, 0, 0},
1355 {
"netmap", optional_argument, 0, 0},
1356 {
"pcap", optional_argument, 0, 0},
1357 {
"pcap-file-continuous", 0, 0, 0},
1358 {
"pcap-file-delete", 0, 0, 0},
1359 {
"pcap-file-recursive", 0, 0, 0},
1360 {
"pcap-file-buffer-size", required_argument, 0, 0},
1361 {
"simulate-ips", 0, 0 , 0},
1363 {
"strict-rule-keywords", optional_argument, 0, 0},
1365 {
"capture-plugin", required_argument, 0, 0},
1366 {
"capture-plugin-args", required_argument, 0, 0},
1368 #ifdef BUILD_UNIX_SOCKET
1369 {
"unix-socket", optional_argument, 0, 0},
1371 {
"pcap-buffer-size", required_argument, 0, 0},
1372 {
"unittest-filter", required_argument, 0,
'U'},
1373 {
"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1374 {
"list-unittests", 0, &list_unittests, 1},
1375 {
"list-runmodes", 0, &list_runmodes, 1},
1376 {
"list-keywords", optional_argument, &list_keywords, 1},
1377 {
"runmode", required_argument, NULL, 0},
1380 {
"service-install", 0, 0, 0},
1381 {
"service-remove", 0, 0, 0},
1382 {
"service-change-params", 0, 0, 0},
1384 {
"pidfile", required_argument, 0, 0},
1385 {
"init-errors-fatal", 0, 0, 0},
1386 {
"disable-detection", 0, 0, 0},
1387 {
"disable-hashing", 0, 0, 0},
1388 {
"fatal-unittests", 0, 0, 0},
1390 {
"user", required_argument, 0, 0},
1391 {
"group", required_argument, 0, 0},
1392 {
"erf-in", required_argument, 0, 0},
1393 {
"dag", required_argument, 0, 0},
1394 {
"build-info", 0, &build_info, 1},
1395 {
"data-dir", required_argument, 0, 0},
1397 {
"windivert", required_argument, 0, 0},
1398 {
"windivert-forward", required_argument, 0, 0},
1400 #ifdef HAVE_LIBNET11
1401 {
"reject-dev", required_argument, 0, 0},
1403 {
"set", required_argument, 0, 0},
1405 {
"nflog", optional_argument, 0, 0},
1407 {
"simulate-packet-flow-memcap", required_argument, 0, 0},
1408 {
"simulate-applayer-error-at-offset-ts", required_argument, 0, 0},
1409 {
"simulate-applayer-error-at-offset-tc", required_argument, 0, 0},
1410 {
"simulate-packet-loss", required_argument, 0, 0},
1411 {
"simulate-packet-tcp-reassembly-memcap", required_argument, 0, 0},
1412 {
"simulate-packet-tcp-ssn-memcap", required_argument, 0, 0},
1413 {
"simulate-packet-defrag-memcap", required_argument, 0, 0},
1414 {
"simulate-alert-queue-realloc-failure", 0, 0, 0},
1418 {
"firewall-rules-exclusive", required_argument, 0, 0},
1420 {
"include", required_argument, 0, 0},
1427 int option_index = 0;
1429 char short_opts[] =
"c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1431 while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1434 if (strcmp((long_opts[option_index]).
name ,
"pfring") == 0 ||
1435 strcmp((long_opts[option_index]).
name ,
"pfring-int") == 0) {
1440 if (optarg != NULL) {
1443 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1444 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1449 "to pass --enable-pfring to configure when building.");
1453 else if(strcmp((long_opts[option_index]).
name ,
"pfring-cluster-id") == 0){
1456 SCLogError(
"failed to set pfring.cluster-id");
1461 "to pass --enable-pfring to configure when building.");
1465 else if(strcmp((long_opts[option_index]).
name ,
"pfring-cluster-type") == 0){
1468 SCLogError(
"failed to set pfring.cluster-type");
1473 "to pass --enable-pfring to configure when building.");
1477 else if (strcmp((long_opts[option_index]).
name ,
"capture-plugin") == 0){
1481 else if (strcmp((long_opts[option_index]).
name ,
"capture-plugin-args") == 0){
1483 }
else if (strcmp((long_opts[option_index]).
name,
"dpdk") == 0) {
1484 if (ParseCommandLineDpdk(suri, optarg) !=
TM_ECODE_OK) {
1487 }
else if (strcmp((long_opts[option_index]).
name,
"af-packet") == 0) {
1488 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1491 }
else if (strcmp((long_opts[option_index]).
name,
"af-xdp") == 0) {
1492 if (ParseCommandLineAfxdp(suri, optarg) !=
TM_ECODE_OK) {
1495 }
else if (strcmp((long_opts[option_index]).
name,
"netmap") == 0) {
1503 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1504 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1510 SCLogInfo(
"Multiple netmap option without interface on each is useless");
1515 "has been specified");
1516 PrintUsage(argv[0]);
1523 }
else if (strcmp((long_opts[option_index]).
name,
"nflog") == 0) {
1533 }
else if (strcmp((long_opts[option_index]).
name,
"pcap") == 0) {
1534 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1537 }
else if (strcmp((long_opts[option_index]).
name,
"simulate-ips") == 0) {
1540 }
else if (strcmp((long_opts[option_index]).
name,
"init-errors-fatal") == 0) {
1542 SCLogError(
"failed to set engine init-failure-fatal");
1545 #ifdef BUILD_UNIX_SOCKET
1546 }
else if (strcmp((long_opts[option_index]).
name ,
"unix-socket") == 0) {
1551 SCLogError(
"failed to set unix-command.filename");
1557 "has been specified");
1558 PrintUsage(argv[0]);
1563 else if(strcmp((long_opts[option_index]).
name,
"list-app-layer-protocols") == 0) {
1566 else if(strcmp((long_opts[option_index]).
name,
"list-unittests") == 0) {
1570 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to "
1571 "configure when building");
1574 }
else if (strcmp((long_opts[option_index]).
name,
"list-runmodes") == 0) {
1577 }
else if (strcmp((long_opts[option_index]).
name,
"list-keywords") == 0) {
1579 if (strcmp(
"short", optarg) != 0) {
1583 }
else if (strcmp((long_opts[option_index]).
name,
"runmode") == 0) {
1585 }
else if(strcmp((long_opts[option_index]).
name,
"engine-analysis") == 0) {
1589 else if(strcmp((long_opts[option_index]).
name,
"service-install") == 0) {
1590 suri->
run_mode = RUNMODE_INSTALL_SERVICE;
1593 else if(strcmp((long_opts[option_index]).
name,
"service-remove") == 0) {
1594 suri->
run_mode = RUNMODE_REMOVE_SERVICE;
1597 else if(strcmp((long_opts[option_index]).
name,
"service-change-params") == 0) {
1598 suri->
run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1602 else if(strcmp((long_opts[option_index]).
name,
"pidfile") == 0) {
1605 SCLogError(
"strdup failed: %s", strerror(errno));
1609 else if(strcmp((long_opts[option_index]).
name,
"disable-detection") == 0) {
1611 }
else if (strcmp((long_opts[option_index]).
name,
"disable-hashing") == 0) {
1615 }
else if (strcmp((long_opts[option_index]).
name,
"fatal-unittests") == 0) {
1619 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to "
1620 "configure when building");
1623 }
else if (strcmp((long_opts[option_index]).
name,
"user") == 0) {
1624 #ifndef HAVE_LIBCAP_NG
1626 " drop privileges, but it was not compiled into Suricata.");
1632 }
else if (strcmp((long_opts[option_index]).
name,
"group") == 0) {
1633 #ifndef HAVE_LIBCAP_NG
1635 " drop privileges, but it was not compiled into Suricata.");
1641 }
else if (strcmp((long_opts[option_index]).
name,
"erf-in") == 0) {
1647 }
else if (strcmp((long_opts[option_index]).
name,
"dag") == 0) {
1653 SCLogError(
"more than one run mode has been specified");
1654 PrintUsage(argv[0]);
1659 SCLogError(
"libdag and a DAG card are required"
1660 " to receive packets using --dag.");
1663 }
else if (strcmp((long_opts[option_index]).
name,
"napatech") == 0) {
1664 #ifdef HAVE_NAPATECH
1667 SCLogError(
"libntapi and a Napatech adapter are required"
1668 " to capture packets using --napatech.");
1671 }
else if (strcmp((long_opts[option_index]).
name,
"pcap-buffer-size") == 0) {
1672 #ifdef HAVE_PCAP_SET_BUFF
1674 SCLogError(
"failed to set pcap-buffer-size");
1679 " doesn't support setting buffer size.");
1681 }
else if (strcmp((long_opts[option_index]).
name,
"build-info") == 0) {
1684 }
else if (strcmp((long_opts[option_index]).
name,
"windivert-forward") == 0) {
1688 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1692 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1697 "has been specified");
1698 PrintUsage(argv[0]);
1702 else if(strcmp((long_opts[option_index]).
name,
"windivert") == 0) {
1705 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1709 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1714 "has been specified");
1715 PrintUsage(argv[0]);
1719 SCLogError(
"WinDivert not enabled. Make sure to pass --enable-windivert to "
1720 "configure when building.");
1723 }
else if(strcmp((long_opts[option_index]).
name,
"reject-dev") == 0) {
1724 #ifdef HAVE_LIBNET11
1726 extern char *g_reject_dev;
1727 extern uint16_t g_reject_dev_mtu;
1728 g_reject_dev = optarg;
1731 g_reject_dev_mtu = (uint16_t)mtu;
1734 SCLogError(
"Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1738 else if (strcmp((long_opts[option_index]).
name,
"set") == 0) {
1739 if (optarg != NULL) {
1741 char *val = strchr(optarg,
'=');
1743 FatalError(
"Invalid argument for --set, must be key=val.");
1746 FatalError(
"failed to set configuration value %s", optarg);
1750 else if (strcmp((long_opts[option_index]).
name,
"pcap-file-continuous") == 0) {
1752 SCLogError(
"Failed to set pcap-file.continuous");
1756 else if (strcmp((long_opts[option_index]).
name,
"pcap-file-delete") == 0) {
1758 SCLogError(
"Failed to set pcap-file.delete-when-done");
1762 else if (strcmp((long_opts[option_index]).
name,
"pcap-file-recursive") == 0) {
1764 SCLogError(
"failed to set pcap-file.recursive");
1767 }
else if (strcmp((long_opts[option_index]).
name,
"pcap-file-buffer-size") == 0) {
1769 SCLogError(
"failed to set pcap-file.buffer-size");
1772 }
else if (strcmp((long_opts[option_index]).
name,
"data-dir") == 0) {
1773 if (optarg == NULL) {
1774 SCLogError(
"no option argument (optarg) for -d");
1784 " supplied at the command-line (-d %s) doesn't "
1785 "exist. Shutting down the engine.",
1790 }
else if (strcmp((long_opts[option_index]).
name,
"strict-rule-keywords") == 0) {
1791 if (optarg == NULL) {
1797 FatalError(
"failed to duplicate 'strict' string");
1799 }
else if (strcmp((long_opts[option_index]).
name,
"include") == 0) {
1804 "Failed to allocate memory for additional configuration files: %s",
1809 for (
int i = 0;; i++) {
1811 const char **additional_configs =
1813 if (additional_configs == NULL) {
1814 FatalError(
"Failed to allocate memory for additional configuration "
1826 }
else if (strcmp((long_opts[option_index]).
name,
"firewall-rules-exclusive") == 0) {
1828 SCLogError(
"can't have multiple --firewall-rules-exclusive options");
1835 (long_opts[option_index]).
name, optarg);
1846 SCLogError(
"failed to set engine init-failure-fatal");
1859 if (optarg == NULL) {
1860 SCLogError(
"no option argument (optarg) for -i");
1863 #ifdef HAVE_AF_PACKET
1864 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1869 #if defined HAVE_NETMAP
1875 "option%s %s available:"
1877 " NETMAP (--netmap=%s)"
1879 ". Use --pcap=%s to suppress this warning",
1880 i == 1 ?
"" :
"s", i == 1 ?
"is" :
"are"
1888 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1894 if (optarg == NULL) {
1895 SCLogError(
"no option argument (optarg) for -l");
1905 " supplied at the command-line (-l %s) doesn't "
1906 "exist. Shutting down the engine.",
1910 if (!IsLogDirectoryWritable(optarg)) {
1912 " supplied at the command-line (-l %s) is not "
1913 "writable. Shutting down the engine.",
1932 "has been specified");
1933 PrintUsage(argv[0]);
1937 SCLogError(
"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when "
1954 "has been specified");
1955 PrintUsage(argv[0]);
1959 SCLogError(
"IPFW not enabled. Make sure to pass --enable-ipfw to configure when "
1970 "has been specified");
1971 PrintUsage(argv[0]);
1976 SCLogError(
"pcap file '%s': %s", optarg, strerror(errno));
1980 SCLogError(
"ERROR: Failed to set pcap-file.file\n");
1987 SCLogError(
"can't have multiple -s options or mix -s and -S.");
1994 SCLogError(
"can't have multiple -S options or mix -s and -S.");
2007 PrintUsage(argv[0]);
2011 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to configure "
2028 if (optarg == NULL) {
2029 SCLogError(
"no option argument (optarg) for -F");
2033 SetBpfStringFromFile(optarg);
2039 if (optarg == NULL) {
2040 SCLogError(
"no option argument (optarg) for -k");
2043 if (!strcmp(
"all", optarg))
2045 else if (!strcmp(
"none", optarg))
2048 SCLogError(
"option '%s' invalid for -k", optarg);
2053 PrintUsage(argv[0]);
2059 SCLogError(
"can't use -s/-S or --firewall-rules-exclusive when detection is disabled");
2066 if (list_app_layer_protocols)
2084 ret = SetBpfString(optind, argv);
2092 int WindowsInitService(
int argc,
char **argv)
2094 if (SCRunningAsService()) {
2095 char path[MAX_PATH];
2097 strlcpy(path, argv[0], MAX_PATH);
2098 if ((p = strrchr(path,
'\\'))) {
2101 if (!SetCurrentDirectory(path)) {
2102 SCLogError(
"Can't set current directory to: %s", path);
2105 SCLogInfo(
"Current directory is set to: %s", path);
2106 SCServiceInit(argc, argv);
2111 if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
2112 SCLogError(
"Can't initialize Windows sockets: %d", WSAGetLastError());
2123 const char *pid_filename;
2125 if (
SCConfGet(
"pid-file", &pid_filename) == 1) {
2126 SCLogInfo(
"Use pid file %s from config file.", pid_filename);
2133 SCLogError(
"strdup failed: %s", strerror(errno));
2152 SCLogError(
"Unable to create PID file, concurrent run of"
2153 " Suricata can occur.");
2154 SCLogError(
"PID file creation WILL be mandatory for daemon mode"
2155 " in future version");
2170 if (
SCConfGet(
"run-as.user", &
id) == 1) {
2174 if (
SCConfGet(
"run-as.group", &
id) == 1) {
2192 static int InitSignalHandler(
SCInstance *suri)
2195 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2200 if (
SCConfGetBool(
"logging.stacktrace-on-signal", &enabled) == 0) {
2205 SCLogInfo(
"Preparing unexpected signal handling");
2206 struct sigaction stacktrace_action;
2207 memset(&stacktrace_action, 0,
sizeof(stacktrace_action));
2208 stacktrace_action.sa_sigaction = SignalHandlerUnexpected;
2209 stacktrace_action.sa_flags = SA_SIGINFO;
2210 sigaction(SIGSEGV, &stacktrace_action, NULL);
2211 sigaction(SIGABRT, &stacktrace_action, NULL);
2234 #ifdef PROFILE_RULES
2235 SCProfilingRulesGlobalInit();
2242 #ifdef PROFILE_RULES
2289 SCPrintElapsedTime(start_time);
2342 PrintUsage(argv[0]);
2352 case RUNMODE_INSTALL_SERVICE:
2353 if (SCServiceInstall(argc, argv)) {
2356 SCLogInfo(
"Suricata service has been successfully installed.");
2358 case RUNMODE_REMOVE_SERVICE:
2359 if (SCServiceRemove()) {
2362 SCLogInfo(
"Suricata service has been successfully removed.");
2364 case RUNMODE_CHANGE_SERVICE_PARAMS:
2365 if (SCServiceChangeParams(argc, argv)) {
2368 SCLogInfo(
"Suricata service startup parameters has been successfully changed.");
2396 static void SetupDelayedDetect(
SCInstance *suri)
2405 if (decnf != NULL) {
2407 if (strcmp(denode->
val,
"delayed-detect") == 0) {
2418 SCLogInfo(
"Packets will start being processed before signatures are active.");
2436 static int ConfigGetCaptureValue(
SCInstance *suri)
2440 intmax_t tmp_max_pending_packets;
2441 if (
SCConfGetInt(
"max-pending-packets", &tmp_max_pending_packets) != 1)
2443 if (tmp_max_pending_packets < 1 || tmp_max_pending_packets > 2147483648) {
2444 SCLogError(
"Maximum max-pending-packets setting is 2147483648 and must be greater than 0. "
2445 "Please check %s for errors",
2456 const char *temp_default_packet_size;
2457 if ((
SCConfGet(
"default-packet-size", &temp_default_packet_size)) != 1) {
2460 int strip_trailing_plus = 0;
2470 const int mtu = GetGlobalMTUWin32();
2484 strip_trailing_plus = 1;
2490 for (lthread = 0; lthread < nlive; lthread++) {
2493 (void)
strlcpy(dev, live_dev,
sizeof(dev));
2495 if (strip_trailing_plus) {
2496 size_t len = strlen(dev);
2498 (dev[
len-1] ==
'+' ||
2499 dev[
len-1] ==
'^' ||
2518 SCLogError(
"Error parsing max-pending-packets "
2519 "from conf file - %s. Killing engine",
2520 temp_default_packet_size);
2530 static void PostRunStartedDetectSetup(
const SCInstance *suri)
2544 SCLogNotice(
"Signature(s) loaded, Detect thread(s) activated.");
2556 SetupDelayedDetect(suri);
2559 int default_tenant = 0;
2561 (void)
SCConfGetBool(
"multi-detect.default", &default_tenant);
2564 "detection engine contexts failed.");
2574 FatalError(
"initializing detection engine failed.");
2588 static void PostConfLoadedSetupHostMode(
void)
2590 const char *hostmode = NULL;
2592 if (
SCConfGet(
"host-mode", &hostmode) == 1) {
2593 if (!strcmp(hostmode,
"router")) {
2595 }
else if (!strcmp(hostmode,
"sniffer-only")) {
2598 if (strcmp(hostmode,
"auto") != 0) {
2610 SCLogInfo(
"No 'host-mode': suricata is in IPS mode, using "
2611 "default setting 'router'");
2614 SCLogInfo(
"No 'host-mode': suricata is in IDS mode, using "
2615 "default setting 'sniffer-only'");
2627 FatalError(
"could not set USER mode logdir");
2633 FatalError(
"could not set USER mode datadir");
2649 int disable_offloading;
2650 if (
SCConfGetBool(
"capture.disable-offloading", &disable_offloading) == 0)
2651 disable_offloading = 1;
2652 if (disable_offloading) {
2659 const char *cv = NULL;
2660 if (
SCConfGet(
"capture.checksum-validation", &cv) == 1) {
2661 if (strcmp(cv,
"none") == 0) {
2663 }
else if (strcmp(cv,
"all") == 0) {
2670 SCConfSet(
"stream.checksum-validation",
"0");
2673 SCConfSet(
"stream.checksum-validation",
"1");
2682 #ifdef HAVE_PACKET_EBPF
2684 EBPFRegisterExtension();
2707 SCLogInfo(
"Setting engine mode to IDS mode by default");
2728 const char *custom_umask;
2729 if (
SCConfGet(
"umask", &custom_umask) == 1) {
2731 if (
StringParseUint16(&mask, 8, (uint16_t)strlen(custom_umask), custom_umask) > 0) {
2732 umask((mode_t)mask);
2749 SCLogInfo(
"== Carrying out Engine Analysis ==");
2750 const char *temp = NULL;
2751 if (
SCConfGet(
"engine-analysis", &temp) == 0) {
2752 SCLogInfo(
"no engine-analysis parameter(s) defined in conf file. "
2753 "Please define/enable them in the conf to use this "
2772 "basic address vars test failed. Please check %s for errors", suri->
conf_filename);
2799 "supplied by %s (default-log-dir) doesn't exist. "
2800 "Shutting down the engine",
2804 if (!IsLogDirectoryWritable(suri->
log_dir)) {
2806 "supplied by %s (default-log-dir) is not writable. "
2807 "Shutting down the engine",
2825 PostConfLoadedSetupHostMode();
2894 return EXIT_FAILURE;
2915 SCInstanceInit(&
suricata, progname);
2933 if (
SCConfGetBool(
"vlan.use-for-tracking", &tracking) == 1 && !tracking) {
2937 SCLogDebug(
"vlan tracking is %s", tracking == 1 ?
"enabled" :
"disabled");
2938 if (
SCConfGetBool(
"livedev.use-for-tracking", &tracking) == 1 && !tracking) {
2942 if (
SCConfGetBool(
"decoder.recursion-level.use-for-tracking", &tracking) == 1 && !tracking) {
2958 SCLogInfo(
"Running suricata under test mode");
2985 SCLogNotice(
"Configuration provided was successfully loaded. Exiting.");
3028 int limit_nproc = 0;
3029 if (
SCConfGetBool(
"security.limit-noproc", &limit_nproc) == 0) {
3033 #if defined(SC_ADDRESS_SANITIZER)
3036 "\"security.limit-noproc\" (setrlimit()) not set when using address sanitizer");
3042 #if defined(HAVE_SYS_RESOURCE_H)
3045 SCLogWarning(
"setrlimit has no effect when running as root.");
3048 struct rlimit r = { 0, 0 };
3049 if (setrlimit(RLIMIT_NPROC, &r) != 0) {
3050 SCLogWarning(
"setrlimit failed to prevent process creation.");
3072 PostRunStartedDetectSetup(&
suricata);
@ RUNMODE_LIST_APP_LAYERS
enum SCRunModes SCRunMode
@ RUNMODE_ENGINE_ANALYSIS
void TmModuleUnixManagerRegister(void)
void StatsReleaseResources(void)
Releases the resources allotted by the Stats API.
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
void SuricataMainLoop(void)
int ExceptionSimulationCommandLineParser(const char *name, const char *arg)
char * firewall_rule_file
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
enum SCRunModes aux_run_mode
void IPPairInitConfig(bool quiet)
initialize the configuration
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
int LiveDeviceListClean(void)
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
struct timeval start_time
bool IsRunModeOffline(enum SCRunModes run_mode_to_check)
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
SystemHugepageSnapshot * prerun_snap
void TmThreadContinueThreads(void)
Unpauses all threads present in tv_root.
enum DetectEngineType type
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
const char * firewall_rule_file_exclusive
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
SCConfNode * SCConfGetRootNode(void)
Get the root configuration node.
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
void LiveDevRegisterExtension(void)
void OutputTxShutdown(void)
void AppLayerHtpPrintStats(void)
void StatsSetupPostConfigPreOutput(void)
char * runmode_custom_mode
struct HtpBodyChunk_ * next
void TmModuleReceiveNFQRegister(void)
int LiveBuildDeviceList(const char *runmode)
void RunModeShutDown(void)
void SCProtoNameInit(void)
void SuricataPostInit(void)
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
volatile sig_atomic_t sigint_count
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
void TmModuleRunDeInit(void)
void TmThreadsUnsealThreads(void)
void RegisterFlowBypassInfo(void)
#define SCSetThreadName(n)
int SCConfYamlHandleInclude(SCConfNode *parent, const char *filename)
Include a file in the configuration.
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
main detection engine ctx
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
void DetectEngineReloadSetIdle(void)
void DatalinkTableDeinit(void)
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
DetectEngineCtx * DetectEngineGetCurrent(void)
int EngineModeIsUnknown(void)
void VarNameStoreInit(void)
void TmModuleFlowRecyclerRegister(void)
int SCConfNodeChildValueIsTrue(const SCConfNode *node, const char *key)
Test if a configuration node has a true value.
void DatalinkTableInit(void)
void Daemonize(void)
Daemonize the process.
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
#define TAILQ_FOREACH(var, head, field)
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
void TmModuleDecodeWinDivertRegister(void)
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
int SCConfGetChildValueBool(const SCConfNode *base, const char *name, int *val)
void TmModuleStatsLoggerRegister(void)
void RegisterAllModules(void)
int DetectEngineMultiTenantSetup(const bool unix_socket)
setup multi-detect / multi-tenancy
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
const SuricataContext suricata_context
TmEcode SCParseCommandLine(int argc, char **argv)
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
void SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
void PreRunInit(const int runmode)
void MacSetRegisterFlowStorage(void)
void SuricataShutdown(void)
const char * conf_filename
int GetIfaceMTU(const char *dev)
output the link MTU
void GlobalsInitPreConfig(void)
void TmModuleReceiveNetmapRegister(void)
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
void NFQInitConfig(bool quiet)
To initialize the NFQ global configuration data.
void TmModuleReceiveWinDivertRegister(void)
void SCProfilingDestroy(void)
Free resources used by profiling.
void AFPPeersListClean(void)
Clean the global peers list.
void RunModeInitializeOutputs(void)
int DetectPortTestConfVars(void)
void SCThresholdConfGlobalInit(void)
void DecodeUnregisterCounters(void)
const char * capture_plugin_name
int SCConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
void HostBitInitCtx(void)
bool IsRunModeSystem(enum SCRunModes run_mode_to_check)
const char * capture_plugin_args
void TmModuleLoggerRegister(void)
void TmThreadDisablePacketThreads(void)
Disable all packet threads.
void PacketPoolInit(void)
int AppLayerDeSetup(void)
De initializes the app layer.
size_t strlcpy(char *dst, const char *src, size_t siz)
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
void SCRunmodeSet(SCRunMode run_mode)
Set the current run mode.
void TmModuleDecodePcapFileRegister(void)
void TmModuleBypassedFlowManagerRegister(void)
void IPPairShutdown(void)
shutdown the flow engine
void SCConfInit(void)
Initialize the configuration system.
void DetectParseFreeRegexes(void)
void SCConfDump(void)
Dump configuration to stdout.
void TmModuleDecodeNFLOGRegister(void)
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
void FlowInitConfig(bool quiet)
initialize the configuration
int AppLayerSetup(void)
Setup the app layer.
void FeatureTrackingRegister(void)
void TmModuleReceiveDPDKRegister(void)
void UnixManagerThreadSpawnNonRunmode(const bool unix_socket_enabled)
void RunModeInitializeThreadSettings(void)
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
int GetIfaceMaxPacketSize(LiveDevice *ld)
output max packet size for a link
SCRunMode SCRunmodeGet(void)
Get the current run mode.
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
void PreRunPostPrivsDropInit(const int runmode)
void SigTableCleanup(void)
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
volatile sig_atomic_t sigterm_count
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
void TmModuleVerdictNFQRegister(void)
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
void RunModeListRunmodes(void)
Lists all registered runmodes.
size_t strlcat(char *, const char *src, size_t siz)
void LiveSetOffloadDisable(void)
void StatsSetupPostConfigPostOutput(void)
void EngineModeSetIDS(void)
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
LiveDevice * LiveGetDevice(const char *name)
Get a pointer to the device at idx.
void UnixSocketKillSocketThread(void)
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
bool g_stats_eps_per_app_proto_errors
void HttpRangeContainersInit(void)
struct timeval last_reload
void TmModuleVerdictWinDivertRegister(void)
void HostCleanup(void)
Cleanup the host engine.
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
int UtilSignalUnblock(int signum)
int DetectEngineEnabled(void)
Check if detection is enabled.
void TmThreadClearThreadsFamily(int family)
void FlowRateRegisterFlowStorage(void)
void TmModuleRunInit(void)
void EngineModeSetIPS(void)
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
int UtilSignalBlock(int signum)
void SCProfilingPrefilterGlobalInit(void)
void ThresholdDestroy(void)
#define SCLogWarning(...)
Macro used to log WARNING messages.
int PostConfLoadedSetup(SCInstance *suri)
const char * GetProgramVersion(void)
get string with program version
void TmModuleReceivePcapFileRegister(void)
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
int ListAppLayerProtocols(const char *conf_filename)
void DatasetsDestroy(void)
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
int profiling_packets_enabled
int SystemDNotifyReady(void)
void TmThreadKillThreads(void)
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
void PostConfLoadedDetectSetup(SCInstance *suri)
int EngineModeIsIDS(void)
TmModule tmm_modules[TMM_SIZE]
const char * SCConfigGetLogDirectory(void)
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
int StorageFinalize(void)
void VarNameStoreDestroy(void)
void TmModuleFlowWorkerRegister(void)
uint32_t max_pending_packets
const char ** additional_configs
#define DEFAULT_PID_FILENAME
volatile sig_atomic_t sighup_count
TmEcode ConfigSetDataDirectory(char *name)
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
#define SCDropMainThreadCaps(...)
void TmModuleDebugList(void)
void TmModuleDecodeNFQRegister(void)
void SCProtoNameRelease(void)
int RunmodeIsUnittests(void)
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void TmModuleReceiveNFLOGRegister(void)
#define DEFAULT_PACKET_SIZE
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
int SCConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
int SCConfSetFinal(const char *name, const char *val)
Set a final configuration value.
#define SCRealloc(ptr, sz)
void TmModuleDecodeAFXDPRegister(void)
Registration Function for DecodeAFXDP.
uint32_t default_packet_size
void SigTableApplyStrictCommandLineOption(const char *str)
@ DETECT_ENGINE_TYPE_NORMAL
void TmThreadKillThreadsFamily(int family)
void FeatureTrackingRelease(void)
void TmqhCleanup(void)
Clean up registration time allocs.
void StreamTcpFreeConfig(bool quiet)
void DecodeGlobalConfig(void)
char * strict_rule_parsing_string
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
const char * LiveGetDeviceName(int number)
Get a pointer to the device name at idx.
void FlowShutdown(void)
shutdown the flow engine
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
void DetectEngineBumpVersion(void)
void TmModuleFlowManagerRegister(void)
int SCStartInternalRunMode(int argc, char **argv)
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
void HostShutdown(void)
shutdown the flow engine
#define SCFstatFn(fd, statbuf)
void LiveSetOffloadWarn(void)
void ParseSizeDeinit(void)
void SCConfDeInit(void)
De-initializes the configuration system.
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
void SCProfilingDump(void)
void TmModuleReceiveAFXDPRegister(void)
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
int ParseSizeStringU32(const char *size, uint32_t *res)
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
void IPPairBitInitCtx(void)
TmEcode ConfigSetLogDirectory(const char *name)
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
int ConfUnixSocketIsEnable(void)
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
volatile sig_atomic_t sigusr2_count
void SystemHugepageSnapshotDestroy(SystemHugepageSnapshot *s)
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
TmEcode SCLoadYamlConfig(void)
TmEcode ConfigCheckDataDirectory(const char *data_dir)
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
#define SCLogError(...)
Macro used to log ERROR messages.
int DetectEngineReloadStart(void)
#define DEFAULT_CONF_FILE
#define SC_LOG_MAX_LOG_MSG_LEN
void AppLayerParserPostStreamSetup(void)
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
void SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
void TmModuleRespondRejectRegister(void)
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
void RunUnittests(int list_unittests, const char *regex_arg)
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
@ SURI_HOST_IS_SNIFFER_ONLY
int SCConfSet(const char *name, const char *val)
Set a configuration value.
void PacketAlertTagInit(void)
int RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
DetectEngineCtx * DetectEngineCtxInit(void)
void TmModuleDecodeLibRegister(void)
register a "Decode" module for suricata as a library.
int EngineModeIsIPS(void)
void SCProfilingKeywordsGlobalInit(void)
void EngineDone(void)
Used to indicate that the current task is done.
bool firewall_rule_file_exclusive
const char * GetDocURL(void)
void PostRunDeinit(const int runmode, struct timeval *start_time)
clean up / shutdown code for packet modes
void HostInitConfig(bool quiet)
initialize the configuration
TmEcode TmThreadWaitOnThreadRunning(void)
Waits for all threads to be in a running state.
void HttpRangeContainersDestroy(void)
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
#define DEFAULT_MAX_PENDING_PACKETS
void DetectEngineClearMaster(void)
void SetMasterExceptionPolicy(void)
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
void OutputFilestoreRegisterGlobalCounters(void)
int InitGlobal(void)
Global initialization common to all runmodes.
int LiveGetDeviceCount(void)
Get the number of registered devices.
SystemHugepageSnapshot * SystemHugepageSnapshotCreate(void)
The function creates a snapshot of the system's hugepage usage per NUMA node and per hugepage size....
void SCProfilingSghsGlobalInit(void)
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
#define SCStatFn(pathname, statbuf)
void LiveDeviceFinalize(void)
void TmModuleDecodeDPDKRegister(void)
Registration Function for DecodeDPDK.
void PacketPoolDestroy(void)
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
void LandlockSandboxing(SCInstance *suri)
int ListKeywords(const char *keyword_info)
#define SCLogNotice(...)
Macro used to log NOTICE messages.
void SuricataPreInit(const char *progname)
void DPDKCleanupEAL(void)
@ RUNMODE_PRINT_BUILDINFO
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
void NFQContextsClean(void)
Clean global contexts. Must be called on exit.
void SystemHugepageEvaluateHugepages(SystemHugepageSnapshot *pre_s, SystemHugepageSnapshot *post_s)
The function compares two hugepage snapshots and prints out recommendations for hugepage configuratio...
#define DEBUG_VALIDATE_BUG_ON(exp)
int SCFinalizeRunMode(void)
void SCProfilingInit(void)
Initialize profiling.
void GlobalsDestroy(void)
int DetectEngineReloadIsStart(void)
volatile uint8_t suricata_ctl_flags
void TagDestroyCtx(void)
Destroy tag context hash tables.
int DetectAddressTestConfVars(void)
void FlowWorkToDoCleanup(void)
Clean up all the flows that have unprocessed segments and have some work to do in the detection engin...
void MpmHSGlobalCleanup(void)
void TmqResetQueues(void)