suricata
suricata.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 
26 #if HAVE_GETOPT_H
27 #include <getopt.h>
28 #endif
29 
30 #if HAVE_SIGNAL_H
31 #include <signal.h>
32 #endif
33 #ifndef OS_WIN32
34 #ifdef HAVE_SYS_RESOURCE_H
35 // setrlimit
36 #include <sys/resource.h>
37 #endif
38 #endif
39 
40 #include "suricata.h"
41 
42 #include "conf.h"
43 #include "conf-yaml-loader.h"
44 
45 #include "decode.h"
46 #include "defrag.h"
47 #include "flow.h"
48 #include "stream-tcp.h"
49 #include "ippair.h"
50 
51 #include "detect.h"
52 #include "detect-parse.h"
53 #include "detect-engine.h"
54 #include "detect-engine-address.h"
55 #include "detect-engine-alert.h"
56 #include "detect-engine-port.h"
57 #include "detect-engine-tag.h"
58 #include "detect-engine-threshold.h"
59 #include "detect-fast-pattern.h"
60 
61 #include "datasets.h"
62 
63 #include "feature.h"
64 
65 #include "flow-bypass.h"
66 #include "flow-manager.h"
67 #include "flow-timeout.h"
68 #include "flow-worker.h"
69 
70 #include "flow-bit.h"
71 #include "host-bit.h"
72 #include "ippair-bit.h"
73 
74 #include "app-layer.h"
75 #include "app-layer-parser.h"
76 #include "app-layer-htp.h"
77 #include "app-layer-htp-range.h"
78 
79 #include "output.h"
80 #include "output-filestore.h"
81 
82 #include "respond-reject.h"
83 
84 #include "runmode-af-packet.h"
85 #include "runmode-af-xdp.h"
86 #include "runmode-netmap.h"
87 #include "runmode-unittests.h"
88 
89 #include "source-nfq.h"
90 #include "source-nfq-prototypes.h"
91 #include "source-nflog.h"
92 #include "source-ipfw.h"
93 #include "source-lib.h"
94 #include "source-pcap.h"
95 #include "source-pcap-file.h"
96 #include "source-pcap-file-helper.h"
97 #include "source-erf-file.h"
98 #include "source-erf-dag.h"
99 #include "source-af-packet.h"
100 #include "source-af-xdp.h"
101 #include "source-netmap.h"
102 #include "source-dpdk.h"
103 #include "source-windivert.h"
104 #include "source-windivert-prototypes.h"
105 
106 #include "unix-manager.h"
107 
108 #include "util-classification-config.h"
109 #include "util-threshold-config.h"
110 #include "util-reference-config.h"
111 
112 #include "tmqh-packetpool.h"
113 #include "tm-queuehandlers.h"
114 
115 #include "util-byte.h"
116 #include "util-conf.h"
117 #include "util-coredump-config.h"
118 #include "util-cpu.h"
119 #include "util-daemon.h"
120 #include "util-device-private.h"
121 #include "util-dpdk.h"
122 #include "util-ebpf.h"
123 #include "util-exception-policy.h"
124 #include "util-host-os-info.h"
125 #include "util-hugepages.h"
126 #include "util-ioctl.h"
127 #include "util-landlock.h"
128 #include "util-macset.h"
129 #include "util-flow-rate.h"
130 #include "util-misc.h"
131 #include "util-mpm-hs.h"
132 #include "util-path.h"
133 #include "util-pidfile.h"
134 #include "util-plugin.h"
135 #include "util-privs.h"
136 #include "util-profiling.h"
137 #include "util-proto-name.h"
138 #include "util-running-modes.h"
139 #include "util-signal.h"
140 #include "util-time.h"
141 #include "util-validate.h"
142 #include "util-var-name.h"
143 #ifdef SYSTEMD_NOTIFY
144 #include "util-systemd.h"
145 #endif
146 
147 #ifdef WINDIVERT
148 #include "decode-sll.h"
149 #include "win32-syscall.h"
150 #endif
151 
152 /*
153  * we put this here, because we only use it here in main.
154  */
155 volatile sig_atomic_t sigint_count = 0;
156 volatile sig_atomic_t sighup_count = 0;
157 volatile sig_atomic_t sigterm_count = 0;
158 volatile sig_atomic_t sigusr2_count = 0;
159 
160 /*
161  * Flag to indicate if the engine is at the initialization
162  * or already processing packets. 3 stages: SURICATA_INIT,
163  * SURICATA_RUNTIME and SURICATA_FINALIZE
164  */
165 SC_ATOMIC_DECLARE(unsigned int, engine_stage);
166 
167 /* Max packets processed simultaneously per thread. */
168 #define DEFAULT_MAX_PENDING_PACKETS 1024
169 
170 /** suricata engine control flags */
171 volatile uint8_t suricata_ctl_flags = 0;
172 
173 /** Engine mode: inline (ENGINE_MODE_IPS) or just
174  * detection mode (ENGINE_MODE_IDS by default) */
175 static enum EngineMode g_engine_mode = ENGINE_MODE_UNKNOWN;
176 
177 /** Host mode: set if box is sniffing only
178  * or is a router */
179 uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY;
180 
181 /** Maximum packets to simultaneously process. */
182 uint32_t max_pending_packets;
183 
184 /** global indicating if detection is enabled */
185 int g_detect_disabled = 0;
186 
187 /** set caps or not */
188 bool sc_set_caps = false;
189 
190 bool g_system = false;
191 
192 /** disable randomness to get reproducible results across runs */
193 #ifndef AFLFUZZ_NO_RANDOM
194 int g_disable_randomness = 0;
195 #else
196 int g_disable_randomness = 1;
197 #endif
198 
199 /** determine (without branching) if we include the vlan_ids when hashing or
200  * comparing flows */
201 uint16_t g_vlan_mask = 0xffff;
202 
203 /** determine (without branching) if we include the livedev ids when hashing or
204  * comparing flows */
205 uint16_t g_livedev_mask = 0xffff;
206 
207 /** determine (without branching) if we include the recursion levels when hashing or
208  * comparing flows */
209 uint8_t g_recurlvl_mask = 0xff;
210 
211 /* flag to disable hashing almost globally, to be similar to disabling nss
212  * support */
213 bool g_disable_hashing = false;
214 
215 /* snapshot of the system's hugepages before system intitialization. */
216 SystemHugepageSnapshot *prerun_snap = NULL;
217 
218 /** add per-proto app-layer error counters for exception policies stats? disabled by default */
219 bool g_stats_eps_per_app_proto_errors = false;
220 
221 /** Suricata instance */
222 SCInstance suricata;
223 
224 int SuriHasSigFile(void)
225 {
226  return (suricata.sig_file != NULL);
227 }
228 
229 int EngineModeIsUnknown(void)
230 {
231  return (g_engine_mode == ENGINE_MODE_UNKNOWN);
232 }
233 
234 int EngineModeIsIPS(void)
235 {
236  DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
237  return (g_engine_mode == ENGINE_MODE_IPS);
238 }
239 
240 int EngineModeIsIDS(void)
241 {
242  DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
243  return (g_engine_mode == ENGINE_MODE_IDS);
244 }
245 
246 void EngineModeSetIPS(void)
247 {
248  g_engine_mode = ENGINE_MODE_IPS;
249 }
250 
251 void EngineModeSetIDS(void)
252 {
253  g_engine_mode = ENGINE_MODE_IDS;
254 }
255 
256 #ifdef UNITTESTS
257 int RunmodeIsUnittests(void)
258 {
259  if (suricata.run_mode == RUNMODE_UNITTEST)
260  return 1;
261 
262  return 0;
263 }
264 #endif
265 
266 SCRunMode SCRunmodeGet(void)
267 {
268  return suricata.run_mode;
269 }
270 
271 void SCRunmodeSet(SCRunMode run_mode)
272 {
273  suricata.run_mode = run_mode;
274 }
275 
276 /** signal handlers
277  *
278  * WARNING: don't use the SCLog* API in the handlers. The API is complex
279  * with memory allocation possibly happening, calls to syslog, json message
280  * construction, etc.
281  */
282 
283 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
284 static void SignalHandlerSigint(/*@unused@*/ int sig)
285 {
286  sigint_count = 1;
287 }
288 static void SignalHandlerSigterm(/*@unused@*/ int sig)
289 {
290  sigterm_count = 1;
291 }
292 #ifndef OS_WIN32
293 #if HAVE_LIBUNWIND
294 #define UNW_LOCAL_ONLY
295 #include <libunwind.h>
296 static void SignalHandlerUnexpected(int sig_num, siginfo_t *info, void *context)
297 {
298  char msg[SC_LOG_MAX_LOG_MSG_LEN];
299  unw_cursor_t cursor;
300  /* Restore defaults for signals to avoid loops */
301  signal(SIGABRT, SIG_DFL);
302  signal(SIGSEGV, SIG_DFL);
303  int r;
304  if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
305  SCLogError("unable to obtain stack trace: unw_init_local: %s", unw_strerror(r));
306  goto terminate;
307  }
308 
309  char *temp = msg;
310  int cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "stacktrace:sig %d:", sig_num);
311  temp += cw;
312  r = 1;
313  while (r > 0) {
314  if (unw_is_signal_frame(&cursor) == 0) {
315  unw_word_t off;
316  char name[256];
317  if (unw_get_proc_name(&cursor, name, sizeof(name), &off) == UNW_ENOMEM) {
318  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "[unknown]:");
319  } else {
320  cw = snprintf(
321  temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "%s+0x%08" PRIx64, name, off);
322  }
323  temp += cw;
324  }
325 
326  r = unw_step(&cursor);
327  if (r > 0) {
328  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), ";");
329  temp += cw;
330  }
331  }
332  SCLogError("%s", msg);
333 
334 terminate:
335  // Propagate signal to watchers, if any
336  kill(getpid(), sig_num);
337 }
338 #undef UNW_LOCAL_ONLY
339 #endif /* HAVE_LIBUNWIND */
340 #endif /* !OS_WIN32 */
341 #endif
342 
343 #ifndef OS_WIN32
344 /**
345  * SIGUSR2 handler. Just set sigusr2_count. The main loop will act on
346  * it.
347  */
348 static void SignalHandlerSigusr2(int sig)
349 {
350  if (sigusr2_count < 2)
351  sigusr2_count++;
352 }
353 
354 /**
355  * SIGHUP handler. Just set sighup_count. The main loop will act on
356  * it.
357  */
358 static void SignalHandlerSigHup(/*@unused@*/ int sig)
359 {
360  sighup_count = 1;
361 }
362 #endif
363 
364 void GlobalsInitPreConfig(void)
365 {
366  TimeInit();
367  SupportFastPatternForSigMatchTypes();
368  SCThresholdConfGlobalInit();
369  SCProtoNameInit();
370 }
371 
372 void GlobalsDestroy(void)
373 {
374  SCInstance *suri = &suricata;
375  ThresholdDestroy();
376  HostShutdown();
377  HTPFreeConfig();
378  HTPAtExitPrintStats();
379 
380  AppLayerHtpPrintStats();
381 
382  /* TODO this can do into it's own func */
383  DetectEngineCtx *de_ctx = DetectEngineGetCurrent();
384  if (de_ctx) {
385  DetectEngineMoveToFreeList(de_ctx);
386  DetectEngineDeReference(&de_ctx);
387  }
388  DetectEngineClearMaster();
389 
390  AppLayerDeSetup();
391  DatasetsSave();
392  DatasetsDestroy();
393  OutputTxShutdown();
394  TagDestroyCtx();
395 
396  LiveDeviceListClean();
397  OutputDeregisterAll();
398  FeatureTrackingRelease();
399  SCProtoNameRelease();
400  TimeDeinit();
401  SigTableCleanup();
402  TmqhCleanup();
403  TmModuleRunDeInit();
404  ParseSizeDeinit();
405  DatalinkTableDeinit();
406 
407 #ifdef HAVE_DPDK
408  DPDKCleanupEAL();
409 #endif
410 
411 #ifdef HAVE_AF_PACKET
412  AFPPeersListClean();
413 #endif
414 
415 #ifdef NFQ
416  NFQContextsClean();
417 #endif
418 
419 #ifdef BUILD_HYPERSCAN
420  MpmHSGlobalCleanup();
421 #endif
422 
423  SCConfDeInit();
424 
425  DetectParseFreeRegexes();
426 
427  SCPidfileRemove(suri->pid_filename);
428  SCFree(suri->pid_filename);
429  suri->pid_filename = NULL;
430 
431  VarNameStoreDestroy();
432  SCLogDeInitLogModule();
433 }
434 
435 /**
436  * \brief Used to send OS specific notification of running threads
437  *
438  * \retval TmEcode TM_ECODE_OK on success; TM_ECODE_FAILED on failure.
439  */
440 static void OnNotifyRunning(void)
441 {
442 #ifdef SYSTEMD_NOTIFY
443  if (SystemDNotifyReady() < 0) {
444  SCLogWarning("failed to notify systemd");
445  }
446 #endif
447 }
448 
449 /** \brief make sure threads can stop the engine by calling this
450  * function. Purpose: pcap file mode needs to be able to tell the
451  * engine the file eof is reached. */
452 void EngineStop(void)
453 {
454  suricata_ctl_flags |= SURICATA_STOP;
455 }
456 
457 /**
458  * \brief Used to indicate that the current task is done.
459  *
460  * This is mainly used by pcap-file to tell it has finished
461  * to treat a pcap files when running in unix-socket mode.
462  */
463 void EngineDone(void)
464 {
465  suricata_ctl_flags |= SURICATA_DONE;
466 }
467 
468 static int SetBpfString(int argc, char *argv[])
469 {
470  char *bpf_filter = NULL;
471  uint32_t bpf_len = 0;
472  int tmpindex = 0;
473 
474  /* attempt to parse remaining args as bpf filter */
475  tmpindex = argc;
476  while(argv[tmpindex] != NULL) {
477  bpf_len+=strlen(argv[tmpindex]) + 1;
478  tmpindex++;
479  }
480 
481  if (bpf_len == 0)
482  return TM_ECODE_OK;
483 
484  bpf_filter = SCCalloc(1, bpf_len);
485  if (unlikely(bpf_filter == NULL))
486  return TM_ECODE_FAILED;
487 
488  tmpindex = optind;
489  while(argv[tmpindex] != NULL) {
490  strlcat(bpf_filter, argv[tmpindex],bpf_len);
491  if(argv[tmpindex + 1] != NULL) {
492  strlcat(bpf_filter," ", bpf_len);
493  }
494  tmpindex++;
495  }
496 
497  if(strlen(bpf_filter) > 0) {
498  if (SCConfSetFinal("bpf-filter", bpf_filter) != 1) {
499  SCLogError("Failed to set bpf filter.");
500  SCFree(bpf_filter);
501  return TM_ECODE_FAILED;
502  }
503  }
504  SCFree(bpf_filter);
505 
506  return TM_ECODE_OK;
507 }
508 
509 static void SetBpfStringFromFile(char *filename)
510 {
511  char *bpf_filter = NULL;
512  char *bpf_comment_tmp = NULL;
513  char *bpf_comment_start = NULL;
514  size_t bpf_len = 0;
515  SCStat st;
516  FILE *fp = NULL;
517  size_t nm = 0;
518 
519  fp = fopen(filename, "r");
520  if (fp == NULL) {
521  SCLogError("Failed to open file %s", filename);
522  exit(EXIT_FAILURE);
523  }
524 
525  if (SCFstatFn(fileno(fp), &st) != 0) {
526  SCLogError("Failed to stat file %s", filename);
527  exit(EXIT_FAILURE);
528  }
529  // st.st_size is signed on Windows
530  bpf_len = ((size_t)(st.st_size)) + 1;
531 
532  bpf_filter = SCCalloc(1, bpf_len);
533  if (unlikely(bpf_filter == NULL)) {
534  SCLogError("Failed to allocate buffer for bpf filter in file %s", filename);
535  exit(EXIT_FAILURE);
536  }
537 
538  nm = fread(bpf_filter, 1, bpf_len - 1, fp);
539  if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
540  SCLogError("Failed to read complete BPF file %s", filename);
541  SCFree(bpf_filter);
542  fclose(fp);
543  exit(EXIT_FAILURE);
544  }
545  fclose(fp);
546  bpf_filter[nm] = '\0';
547 
548  if(strlen(bpf_filter) > 0) {
549  /*replace comments with space*/
550  bpf_comment_start = bpf_filter;
551  while((bpf_comment_tmp = strchr(bpf_comment_start, '#')) != NULL) {
552  while((*bpf_comment_tmp !='\0') &&
553  (*bpf_comment_tmp != '\r') && (*bpf_comment_tmp != '\n'))
554  {
555  *bpf_comment_tmp++ = ' ';
556  }
557  bpf_comment_start = bpf_comment_tmp;
558  }
559  /*remove remaining '\r' and '\n' */
560  while((bpf_comment_tmp = strchr(bpf_filter, '\r')) != NULL) {
561  *bpf_comment_tmp = ' ';
562  }
563  while((bpf_comment_tmp = strchr(bpf_filter, '\n')) != NULL) {
564  *bpf_comment_tmp = ' ';
565  }
566  /* cut trailing spaces */
567  while (strlen(bpf_filter) > 0 &&
568  bpf_filter[strlen(bpf_filter)-1] == ' ')
569  {
570  bpf_filter[strlen(bpf_filter)-1] = '\0';
571  }
572  if (strlen(bpf_filter) > 0) {
573  if (SCConfSetFinal("bpf-filter", bpf_filter) != 1) {
574  SCFree(bpf_filter);
575  FatalError("failed to set bpf filter");
576  }
577  }
578  }
579  SCFree(bpf_filter);
580 }
581 
582 static void PrintUsage(const char *progname)
583 {
584 #ifdef REVISION
585  printf("%s %s (%s)\n", PROG_NAME, PROG_VER, xstr(REVISION));
586 #else
587  printf("%s %s\n", PROG_NAME, PROG_VER);
588 #endif
589  printf("USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
590  printf("\t-c <path> : path to configuration file\n");
591  printf("\t-T : test configuration file (use with -c)\n");
592  printf("\t-i <dev or ip> : run in pcap live mode\n");
593  printf("\t-F <bpf filter file> : bpf filter file\n");
594  printf("\t-r <path> : run in pcap file/offline mode\n");
595 #ifdef NFQ
596  printf("\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
597 #endif /* NFQ */
598 #ifdef IPFW
599  printf("\t-d <divert port> : run in inline ipfw divert mode\n");
600 #endif /* IPFW */
601  printf("\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
602  printf("\t-S <path> : path to signature file loaded exclusively (optional)\n");
603  printf("\t-l <dir> : default log directory\n");
604 #ifndef OS_WIN32
605  printf("\t-D : run as daemon\n");
606 #else
607  printf("\t--service-install : install as service\n");
608  printf("\t--service-remove : remove service\n");
609  printf("\t--service-change-params : change service startup parameters\n");
610 #endif /* OS_WIN32 */
611  printf("\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
612  printf("\t-V : display Suricata version\n");
613  printf("\t-v : be more verbose (use multiple times to increase verbosity)\n");
614 #ifdef UNITTESTS
615  printf("\t-u : run the unittests and exit\n");
616  printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
617  printf("\t--list-unittests : list unit tests\n");
618  printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
619  printf("\t--unittests-coverage : display unittest coverage report\n");
620 #endif /* UNITTESTS */
621  printf("\t--firewall-rules-exclusive=<path> : path to firewall rule file loaded "
622  "exclusively\n");
623  printf("\t--list-app-layer-protos : list supported app layer protocols\n");
624  printf("\t--list-app-layer-hooks : list supported app layer hooks for use in "
625  "rules\n");
626  printf("\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
627  printf("\t--list-runmodes : list supported runmodes\n");
628  printf("\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
629  "\t supplied should be the id for the runmode obtained by running\n"
630  "\t --list-runmodes\n");
631  printf("\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
632  "\t Please have a look at the conf parameter engine-analysis on what reports\n"
633  "\t can be printed\n");
634  printf("\t--pidfile <file> : write pid to this file\n");
635  printf("\t--init-errors-fatal : enable fatal failure on signature init error\n");
636  printf("\t--disable-detection : disable detection engine\n");
637  printf("\t--dump-config : show the running configuration\n");
638  printf("\t--dump-features : display provided features\n");
639  printf("\t--build-info : display build information\n");
640  printf("\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
641  printf("\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
642  printf("\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
643  printf("\t--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)\n");
644  printf("\t--pcap-file-buffer-size : set read buffer size (setvbuf)\n");
645 #ifdef HAVE_PCAP_SET_BUFF
646  printf("\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
647 #endif /* HAVE_SET_PCAP_BUFF */
648 #ifdef HAVE_DPDK
649  printf("\t--dpdk : run in dpdk mode, uses interfaces from "
650  "suricata.yaml\n");
651 #endif
652 #ifdef HAVE_AF_PACKET
653  printf("\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
654 #endif
655 #ifdef HAVE_AF_XDP
656  printf("\t--af-xdp[=<dev>] : run in af-xdp mode, no value select "
657  "interfaces from suricata.yaml\n");
658 #endif
659 #ifdef HAVE_NETMAP
660  printf("\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
661 #endif
662 #ifdef HAVE_PFRING
663  printf("\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
664  printf("\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
665  printf("\t--pfring-cluster-id <id> : pfring cluster id \n");
666  printf("\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
667 #endif /* HAVE_PFRING */
668  printf("\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
669 #ifdef HAVE_LIBCAP_NG
670  printf("\t--user <user> : run suricata as this user after init\n");
671  printf("\t--group <group> : run suricata as this group after init\n");
672 #endif /* HAVE_LIBCAP_NG */
673  printf("\t--erf-in <path> : process an ERF file\n");
674 #ifdef HAVE_DAG
675  printf("\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
676 #endif
677 #ifdef BUILD_UNIX_SOCKET
678  printf("\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
679 #endif
680 #ifdef WINDIVERT
681  printf("\t--windivert <filter> : run in inline WinDivert mode\n");
682  printf("\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
683 #endif
684 #ifdef HAVE_LIBNET11
685  printf("\t--reject-dev <dev> : send reject packets from this interface\n");
686 #endif
687  printf("\t--include <path> : additional configuration file\n");
688  printf("\t--set name=value : set a configuration value\n");
689  printf("\n");
690  printf("\nTo run the engine with default configuration on "
691  "interface eth0 with signature file \"signatures.rules\", run the "
692  "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
693  progname);
694 }
695 
696 static void PrintBuildInfo(void)
697 {
698  const char *bits;
699  const char *endian;
700  char features[2048] = "";
701  const char *tls;
702 
703  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
704 #ifdef DEBUG
705  strlcat(features, "DEBUG ", sizeof(features));
706 #endif
707 #ifdef DEBUG_VALIDATION
708  strlcat(features, "DEBUG_VALIDATION ", sizeof(features));
709 #endif
710 #ifdef UNITTESTS
711  strlcat(features, "UNITTESTS ", sizeof(features));
712 #endif
713 #ifdef NFQ
714  strlcat(features, "NFQ ", sizeof(features));
715 #endif
716 #ifdef IPFW
717  strlcat(features, "IPFW ", sizeof(features));
718 #endif
719 #ifdef HAVE_PCAP_SET_BUFF
720  strlcat(features, "PCAP_SET_BUFF ", sizeof(features));
721 #endif
722 #ifdef HAVE_PFRING
723  strlcat(features, "PF_RING ", sizeof(features));
724 #endif
725 #ifdef HAVE_NAPATECH
726  strlcat(features, "NAPATECH ", sizeof(features));
727 #endif
728 #ifdef HAVE_AF_PACKET
729  strlcat(features, "AF_PACKET ", sizeof(features));
730 #endif
731 #ifdef HAVE_NETMAP
732  strlcat(features, "NETMAP ", sizeof(features));
733 #endif
734 #ifdef HAVE_PACKET_FANOUT
735  strlcat(features, "HAVE_PACKET_FANOUT ", sizeof(features));
736 #endif
737 #ifdef HAVE_DAG
738  strlcat(features, "DAG ", sizeof(features));
739 #endif
740 #ifdef HAVE_LIBCAP_NG
741  strlcat(features, "LIBCAP_NG ", sizeof(features));
742 #endif
743 #ifdef HAVE_LIBNET11
744  strlcat(features, "LIBNET1.1 ", sizeof(features));
745 #endif
746  strlcat(features, "HAVE_HTP_URI_NORMALIZE_HOOK ", sizeof(features));
747 #ifdef PCRE2_HAVE_JIT
748  strlcat(features, "PCRE_JIT ", sizeof(features));
749 #endif
750  /* For compatibility, just say we have HAVE_NSS. */
751  strlcat(features, "HAVE_NSS ", sizeof(features));
752  /* HTTP2_DECOMPRESSION is not an optional feature in this major version */
753  strlcat(features, "HTTP2_DECOMPRESSION ", sizeof(features));
754  /* Lua is now vendored in and always available. */
755  strlcat(features, "HAVE_LUA ", sizeof(features));
756 #ifdef HAVE_JA3
757  strlcat(features, "HAVE_JA3 ", sizeof(features));
758 #endif
759 #ifdef HAVE_JA4
760  strlcat(features, "HAVE_JA4 ", sizeof(features));
761 #endif
762  strlcat(features, "HAVE_LIBJANSSON ", sizeof(features));
763 #ifdef PROFILING
764  strlcat(features, "PROFILING ", sizeof(features));
765 #endif
766 #ifdef PROFILE_LOCKING
767  strlcat(features, "PROFILE_LOCKING ", sizeof(features));
768 #endif
769 #if defined(TLS_C11) || defined(TLS_GNU)
770  strlcat(features, "TLS ", sizeof(features));
771 #endif
772 #if defined(TLS_C11)
773  strlcat(features, "TLS_C11 ", sizeof(features));
774 #elif defined(TLS_GNU)
775  strlcat(features, "TLS_GNU ", sizeof(features));
776 #endif
777 #ifdef HAVE_MAGIC
778  strlcat(features, "MAGIC ", sizeof(features));
779 #endif
780  strlcat(features, "RUST ", sizeof(features));
781 #if defined(SC_ADDRESS_SANITIZER)
782  strlcat(features, "ASAN ", sizeof(features));
783 #endif
784 #if defined(HAVE_POPCNT64)
785  strlcat(features, "POPCNT64 ", sizeof(features));
786 #endif
787  if (strlen(features) == 0) {
788  strlcat(features, "none", sizeof(features));
789  }
790 
791  printf("Features: %s\n", features);
792 
793  /* SIMD stuff */
794  memset(features, 0x00, sizeof(features));
795 #if defined(__SSE4_2__)
796  strlcat(features, "SSE_4_2 ", sizeof(features));
797 #endif
798 #if defined(__SSE4_1__)
799  strlcat(features, "SSE_4_1 ", sizeof(features));
800 #endif
801 #if defined(__SSE3__)
802  strlcat(features, "SSE_3 ", sizeof(features));
803 #endif
804 #if defined(__SSE2__)
805  strlcat(features, "SSE_2 ", sizeof(features));
806 #endif
807  if (strlen(features) == 0) {
808  strlcat(features, "none", sizeof(features));
809  }
810  printf("SIMD support: %s\n", features);
811 
812  /* atomics stuff */
813  memset(features, 0x00, sizeof(features));
814 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
815  strlcat(features, "1 ", sizeof(features));
816 #endif
817 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
818  strlcat(features, "2 ", sizeof(features));
819 #endif
820 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
821  strlcat(features, "4 ", sizeof(features));
822 #endif
823 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
824  strlcat(features, "8 ", sizeof(features));
825 #endif
826 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
827  strlcat(features, "16 ", sizeof(features));
828 #endif
829  if (strlen(features) == 0) {
830  strlcat(features, "none", sizeof(features));
831  } else {
832  strlcat(features, "byte(s)", sizeof(features));
833  }
834  printf("Atomic intrinsics: %s\n", features);
835 
836 #if __WORDSIZE == 64
837  bits = "64-bits";
838 #elif __WORDSIZE == 32
839  bits = "32-bits";
840 #else
841  bits = "<unknown>-bits";
842 #endif
843 
844 #if __BYTE_ORDER == __BIG_ENDIAN
845  endian = "Big-endian";
846 #elif __BYTE_ORDER == __LITTLE_ENDIAN
847  endian = "Little-endian";
848 #else
849  endian = "<unknown>-endian";
850 #endif
851 
852  printf("%s, %s architecture\n", bits, endian);
853 #ifdef __GNUC__
854  printf("GCC version %s, C version %"PRIiMAX"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
855 #else
856  printf("C version %"PRIiMAX"\n", (intmax_t)__STDC_VERSION__);
857 #endif
858 
859 #if __SSP__ == 1
860  printf("compiled with -fstack-protector\n");
861 #endif
862 #if __SSP_ALL__ == 2
863  printf("compiled with -fstack-protector-all\n");
864 #endif
865 /*
866  * Workaround for special defines of _FORTIFY_SOURCE like
867  * FORTIFY_SOURCE=((defined __OPTIMIZE && OPTIMIZE > 0) ? 2 : 0)
868  * which is used by Gentoo for example and would result in the error
869  * 'defined' undeclared when _FORTIFY_SOURCE used via %d in printf func
870  *
871  */
872 #if _FORTIFY_SOURCE == 2
873  printf("compiled with _FORTIFY_SOURCE=2\n");
874 #elif _FORTIFY_SOURCE == 1
875  printf("compiled with _FORTIFY_SOURCE=1\n");
876 #elif _FORTIFY_SOURCE == 0
877  printf("compiled with _FORTIFY_SOURCE=0\n");
878 #endif
879 #ifdef CLS
880  printf("L1 cache line size (CLS)=%d\n", CLS);
881 #endif
882 #if defined(TLS_C11)
883  tls = "_Thread_local";
884 #elif defined(TLS_GNU)
885  tls = "__thread";
886 #else
887 #error "Unsupported thread local"
888 #endif
889  printf("thread local storage method: %s\n", tls);
890 
891  printf("compiled with %s\n", htp_get_version());
892  printf("\n");
893 #include "build-info.h"
894 }
895 
896 int coverage_unittests;
897 int g_ut_modules;
898 int g_ut_covered;
899 
900 void RegisterAllModules(void)
901 {
902  /* commanders */
903  TmModuleUnixManagerRegister();
904  /* managers */
905  TmModuleFlowManagerRegister();
906  TmModuleFlowRecyclerRegister();
907  TmModuleBypassedFlowManagerRegister();
908  /* nfq */
909  TmModuleReceiveNFQRegister();
910  TmModuleVerdictNFQRegister();
911  TmModuleDecodeNFQRegister();
912  /* ipfw */
913  TmModuleReceiveIPFWRegister();
914  TmModuleVerdictIPFWRegister();
915  TmModuleDecodeIPFWRegister();
916  /* pcap live */
917  TmModuleReceivePcapRegister();
918  TmModuleDecodePcapRegister();
919  /* pcap file */
920  TmModuleReceivePcapFileRegister();
921  TmModuleDecodePcapFileRegister();
922  /* af-packet */
923  TmModuleReceiveAFPRegister();
924  TmModuleDecodeAFPRegister();
925  /* af-xdp */
926  TmModuleReceiveAFXDPRegister();
927  TmModuleDecodeAFXDPRegister();
928  /* netmap */
929  TmModuleReceiveNetmapRegister();
930  TmModuleDecodeNetmapRegister();
931  /* dag file */
932  TmModuleReceiveErfFileRegister();
933  TmModuleDecodeErfFileRegister();
934  /* dag live */
935  TmModuleReceiveErfDagRegister();
936  TmModuleDecodeErfDagRegister();
937 
938  /* flow worker */
939  TmModuleFlowWorkerRegister();
940  /* respond-reject */
941  TmModuleRespondRejectRegister();
942 
943  /* log api */
944  TmModuleLoggerRegister();
945  TmModuleStatsLoggerRegister();
946 
947  TmModuleDebugList();
948  /* nflog */
949  TmModuleReceiveNFLOGRegister();
950  TmModuleDecodeNFLOGRegister();
951 
952  /* windivert */
953  TmModuleReceiveWinDivertRegister();
954  TmModuleVerdictWinDivertRegister();
955  TmModuleDecodeWinDivertRegister();
956 
957  /* Dpdk */
958  TmModuleReceiveDPDKRegister();
959  TmModuleDecodeDPDKRegister();
960 
961  /* Library */
962  TmModuleDecodeLibRegister();
963 }
964 
965 TmEcode SCLoadYamlConfig(void)
966 {
967  SCEnter();
968 
969  SCInstance *suri = &suricata;
970 
971  if (suri->conf_filename == NULL)
972  suri->conf_filename = DEFAULT_CONF_FILE;
973 
974  if (SCConfYamlLoadFile(suri->conf_filename) != 0) {
975  /* Error already displayed. */
976  SCReturnInt(TM_ECODE_FAILED);
977  }
978 
979  if (suri->additional_configs) {
980  for (int i = 0; suri->additional_configs[i] != NULL; i++) {
981  SCLogConfig("Loading additional configuration file %s", suri->additional_configs[i]);
982  SCConfYamlHandleInclude(SCConfGetRootNode(), suri->additional_configs[i]);
983  }
984  }
985 
986  SCReturnInt(TM_ECODE_OK);
987 }
988 
989 static TmEcode ParseInterfacesList(const int runmode, char *pcap_dev)
990 {
991  SCEnter();
992 
993  /* run the selected runmode */
994  if (runmode == RUNMODE_PCAP_DEV) {
995  if (strlen(pcap_dev) == 0) {
996  int ret = LiveBuildDeviceList("pcap");
997  if (ret == 0) {
998  SCLogError("No interface found in config for pcap");
999  SCReturnInt(TM_ECODE_FAILED);
1000  }
1001  }
1002  } else if (runmode == RUNMODE_PLUGIN) {
1003  if (strcmp(suricata.capture_plugin_name, "pfring") == 0) {
1004  /* Special handling for pfring. */
1005  if (strlen(pcap_dev)) {
1006  if (SCConfSetFinal("pfring.live-interface", pcap_dev) != 1) {
1007  SCLogError("Failed to set pfring.live-interface");
1008  SCReturnInt(TM_ECODE_FAILED);
1009  }
1010  }
1011  }
1012 #ifdef HAVE_DPDK
1013  } else if (runmode == RUNMODE_DPDK) {
1014  char iface_selector[] = "dpdk.interfaces";
1015  int ret = LiveBuildDeviceList(iface_selector);
1016  if (ret == 0) {
1017  SCLogError("No interface found in config for %s", iface_selector);
1018  SCReturnInt(TM_ECODE_FAILED);
1019  }
1020 #endif
1021 #ifdef HAVE_AF_PACKET
1022  } else if (runmode == RUNMODE_AFP_DEV) {
1023  /* iface has been set on command line */
1024  if (strlen(pcap_dev)) {
1025  if (SCConfSetFinal("af-packet.live-interface", pcap_dev) != 1) {
1026  SCLogError("Failed to set af-packet.live-interface");
1027  SCReturnInt(TM_ECODE_FAILED);
1028  }
1029  } else {
1030  int ret = LiveBuildDeviceList("af-packet");
1031  if (ret == 0) {
1032  SCLogError("No interface found in config for af-packet");
1033  SCReturnInt(TM_ECODE_FAILED);
1034  }
1035  }
1036 #endif
1037 #ifdef HAVE_AF_XDP
1038  } else if (runmode == RUNMODE_AFXDP_DEV) {
1039  /* iface has been set on command line */
1040  if (strlen(pcap_dev)) {
1041  if (SCConfSetFinal("af-xdp.live-interface", pcap_dev) != 1) {
1042  SCLogError("Failed to set af-xdp.live-interface");
1043  SCReturnInt(TM_ECODE_FAILED);
1044  }
1045  } else {
1046  int ret = LiveBuildDeviceList("af-xdp");
1047  if (ret == 0) {
1048  SCLogError("No interface found in config for af-xdp");
1049  SCReturnInt(TM_ECODE_FAILED);
1050  }
1051  }
1052 #endif
1053 #ifdef HAVE_NETMAP
1054  } else if (runmode == RUNMODE_NETMAP) {
1055  /* iface has been set on command line */
1056  if (strlen(pcap_dev)) {
1057  if (SCConfSetFinal("netmap.live-interface", pcap_dev) != 1) {
1058  SCLogError("Failed to set netmap.live-interface");
1059  SCReturnInt(TM_ECODE_FAILED);
1060  }
1061  } else {
1062  int ret = LiveBuildDeviceList("netmap");
1063  if (ret == 0) {
1064  SCLogError("No interface found in config for netmap");
1065  SCReturnInt(TM_ECODE_FAILED);
1066  }
1067  }
1068 #endif
1069 #ifdef HAVE_NFLOG
1070  } else if (runmode == RUNMODE_NFLOG) {
1071  int ret = LiveBuildDeviceListCustom("nflog", "group");
1072  if (ret == 0) {
1073  SCLogError("No group found in config for nflog");
1074  SCReturnInt(TM_ECODE_FAILED);
1075  }
1076 #endif
1077  }
1078 
1079  SCReturnInt(TM_ECODE_OK);
1080 }
1081 
1082 static void SCInstanceInit(SCInstance *suri, const char *progname)
1083 {
1084  memset(suri, 0x00, sizeof(*suri));
1085 
1086  suri->progname = progname;
1087  suri->run_mode = RUNMODE_UNKNOWN;
1088 
1089  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1090  suri->sig_file = NULL;
1091  suri->sig_file_exclusive = false;
1092  suri->pid_filename = NULL;
1093  suri->regex_arg = NULL;
1094 
1095  suri->keyword_info = NULL;
1096  suri->runmode_custom_mode = NULL;
1097 #ifndef OS_WIN32
1098  suri->user_name = NULL;
1099  suri->group_name = NULL;
1100  suri->do_setuid = false;
1101  suri->do_setgid = false;
1102 #endif /* OS_WIN32 */
1103  suri->userid = 0;
1104  suri->groupid = 0;
1105  suri->delayed_detect = 0;
1106  suri->daemon = 0;
1107  suri->offline = 0;
1108  suri->verbose = 0;
1109  /* use -1 as unknown */
1110  suri->checksum_validation = -1;
1111 #if HAVE_DETECT_DISABLED==1
1112  g_detect_disabled = suri->disabled_detect = 1;
1113 #else
1114  g_detect_disabled = suri->disabled_detect = 0;
1115 #endif
1116 }
1117 
1118 const char *GetDocURL(void)
1119 {
1120  const char *prog_ver = GetProgramVersion();
1121  if (strstr(prog_ver, "RELEASE") != NULL) {
1122  return DOC_URL "suricata-" PROG_VER;
1123  }
1124  return DOC_URL "latest";
1125 }
1126 
1127 /** \brief get string with program version
1128  *
1129  * Get the program version as passed to us from AC_INIT
1130  *
1131  * Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed
1132  * to us.
1133  *
1134  * Possible outputs:
1135  * release: '5.0.1 RELEASE'
1136  * dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)'
1137  * dev w/o rev: '5.0.1-dev'
1138  */
1139 const char *GetProgramVersion(void)
1140 {
1141  if (strstr(PROG_VER, "-dev") == NULL) {
1142  return PROG_VER " RELEASE";
1143  } else {
1144 #ifdef REVISION
1145  return PROG_VER " (" xstr(REVISION) ")";
1146 #else
1147  return PROG_VER;
1148 #endif
1149  }
1150 }
1151 
1152 static TmEcode PrintVersion(void)
1153 {
1154  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
1155  return TM_ECODE_OK;
1156 }
1157 
1158 static TmEcode LogVersion(SCInstance *suri)
1159 {
1160  const char *mode = suri->system ? "SYSTEM" : "USER";
1161  SCLogNotice("This is %s version %s running in %s mode",
1162  PROG_NAME, GetProgramVersion(), mode);
1163  return TM_ECODE_OK;
1164 }
1165 
1166 static void SCSetStartTime(SCInstance *suri)
1167 {
1168  memset(&suri->start_time, 0, sizeof(suri->start_time));
1169  gettimeofday(&suri->start_time, NULL);
1170 }
1171 
1172 static void SCPrintElapsedTime(struct timeval *start_time)
1173 {
1174  if (start_time == NULL)
1175  return;
1176  struct timeval end_time;
1177  memset(&end_time, 0, sizeof(end_time));
1178  gettimeofday(&end_time, NULL);
1179  uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1180  (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1181  SCLogInfo("time elapsed %.3fs", (float)milliseconds/(float)1000);
1182 }
1183 
1184 static int ParseCommandLineAfpacket(SCInstance *suri, const char *in_arg)
1185 {
1186 #ifdef HAVE_AF_PACKET
1187  if (suri->run_mode == RUNMODE_UNKNOWN) {
1188  suri->run_mode = RUNMODE_AFP_DEV;
1189  if (in_arg) {
1190  LiveRegisterDeviceName(in_arg);
1191  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1192  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1193  }
1194  } else if (suri->run_mode == RUNMODE_AFP_DEV) {
1195  if (in_arg) {
1196  LiveRegisterDeviceName(in_arg);
1197  } else {
1198  SCLogInfo("Multiple af-packet option without interface on each is useless");
1199  }
1200  } else {
1201  SCLogError("more than one run mode "
1202  "has been specified");
1203  PrintUsage(suri->progname);
1204  return TM_ECODE_FAILED;
1205  }
1206  return TM_ECODE_OK;
1207 #else
1208  SCLogError("AF_PACKET not enabled. On Linux "
1209  "host, make sure to pass --enable-af-packet to "
1210  "configure when building.");
1211  return TM_ECODE_FAILED;
1212 #endif
1213 }
1214 
1215 static int ParseCommandLineAfxdp(SCInstance *suri, const char *in_arg)
1216 {
1217 #ifdef HAVE_AF_XDP
1218  if (suri->run_mode == RUNMODE_UNKNOWN) {
1219  suri->run_mode = RUNMODE_AFXDP_DEV;
1220  if (in_arg) {
1221  LiveRegisterDeviceName(in_arg);
1222  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1223  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1224  }
1225  } else if (suri->run_mode == RUNMODE_AFXDP_DEV) {
1226  if (in_arg) {
1227  LiveRegisterDeviceName(in_arg);
1228  } else {
1229  SCLogInfo("Multiple af-xdp options without interface on each is useless");
1230  }
1231  } else {
1232  SCLogError("more than one run mode "
1233  "has been specified");
1234  PrintUsage(suri->progname);
1235  return TM_ECODE_FAILED;
1236  }
1237  return TM_ECODE_OK;
1238 #else
1239  SCLogError("AF_XDP not enabled. On Linux "
1240  "host, make sure correct libraries are installed,"
1241  " see documentation for information.");
1242  return TM_ECODE_FAILED;
1243 #endif
1244 }
1245 
1246 static int ParseCommandLineDpdk(SCInstance *suri, const char *in_arg)
1247 {
1248 #ifdef HAVE_DPDK
1249  if (suri->run_mode == RUNMODE_UNKNOWN) {
1250  suri->run_mode = RUNMODE_DPDK;
1251  } else if (suri->run_mode == RUNMODE_DPDK) {
1252  SCLogInfo("Multiple dpdk options have no effect on Suricata");
1253  } else {
1254  SCLogError("more than one run mode "
1255  "has been specified");
1256  PrintUsage(suri->progname);
1257  return TM_ECODE_FAILED;
1258  }
1259  return TM_ECODE_OK;
1260 #else
1261  SCLogError("DPDK not enabled. On Linux "
1262  "host, make sure to pass --enable-dpdk to "
1263  "configure when building.");
1264  return TM_ECODE_FAILED;
1265 #endif
1266 }
1267 
1268 static int ParseCommandLinePcapLive(SCInstance *suri, const char *in_arg)
1269 {
1270 #if defined(OS_WIN32) && !defined(HAVE_LIBWPCAP)
1271  /* If running on Windows without Npcap, bail early as live capture is not supported. */
1272  FatalError("Live capture not available. To support live capture compile against Npcap.");
1273 #endif
1274  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1275 
1276  if (in_arg != NULL) {
1277  /* some windows shells require escaping of the \ in \Device. Otherwise
1278  * the backslashes are stripped. We put them back here. */
1279  if (strlen(in_arg) > 9 && strncmp(in_arg, "DeviceNPF", 9) == 0) {
1280  snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", in_arg+9);
1281  } else {
1282  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1283  PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev));
1284  }
1285 
1286  if (strcmp(suri->pcap_dev, in_arg) != 0) {
1287  SCLogInfo("translated %s to pcap device %s", in_arg, suri->pcap_dev);
1288  } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) {
1289  SCLogError("failed to find a pcap device for IP %s", in_arg);
1290  return TM_ECODE_FAILED;
1291  }
1292  }
1293 
1294  if (suri->run_mode == RUNMODE_UNKNOWN) {
1295  suri->run_mode = RUNMODE_PCAP_DEV;
1296  if (in_arg) {
1297  LiveRegisterDeviceName(suri->pcap_dev);
1298  }
1299  } else if (suri->run_mode == RUNMODE_PCAP_DEV) {
1300  LiveRegisterDeviceName(suri->pcap_dev);
1301  } else {
1302  SCLogError("more than one run mode "
1303  "has been specified");
1304  PrintUsage(suri->progname);
1305  return TM_ECODE_FAILED;
1306  }
1307  return TM_ECODE_OK;
1308 }
1309 
1310 /**
1311  * Helper function to check if log directory is writable
1312  */
1313 static bool IsLogDirectoryWritable(const char* str)
1314 {
1315  if (access(str, W_OK) == 0)
1316  return true;
1317  return false;
1318 }
1319 
1320 extern int g_skip_prefilter;
1321 
1322 TmEcode SCParseCommandLine(int argc, char **argv)
1323 {
1324  SCInstance *suri = &suricata;
1325  int opt;
1326 
1327  int dump_config = 0;
1328  int dump_features = 0;
1329  int list_app_layer_protocols = 0;
1330  int list_app_layer_hooks = 0;
1331  int list_unittests = 0;
1332  int list_runmodes = 0;
1333  int list_keywords = 0;
1334  int build_info = 0;
1335  int conf_test = 0;
1336  int engine_analysis = 0;
1337  int ret = TM_ECODE_OK;
1338 
1339 #ifdef UNITTESTS
1340  coverage_unittests = 0;
1341  g_ut_modules = 0;
1342  g_ut_covered = 0;
1343 #endif
1344 
1345  // clang-format off
1346  struct option long_opts[] = {
1347  {"dump-config", 0, &dump_config, 1},
1348  {"dump-features", 0, &dump_features, 1},
1349  {"pfring", optional_argument, 0, 0},
1350  {"pfring-int", required_argument, 0, 0},
1351  {"pfring-cluster-id", required_argument, 0, 0},
1352  {"pfring-cluster-type", required_argument, 0, 0},
1353 #ifdef HAVE_DPDK
1354  {"dpdk", 0, 0, 0},
1355 #endif
1356  {"af-packet", optional_argument, 0, 0},
1357  {"af-xdp", optional_argument, 0, 0},
1358  {"netmap", optional_argument, 0, 0},
1359  {"pcap", optional_argument, 0, 0},
1360  {"pcap-file-continuous", 0, 0, 0},
1361  {"pcap-file-delete", 0, 0, 0},
1362  {"pcap-file-recursive", 0, 0, 0},
1363  {"pcap-file-buffer-size", required_argument, 0, 0},
1364  {"simulate-ips", 0, 0 , 0},
1365  {"no-random", 0, &g_disable_randomness, 1},
1366  {"strict-rule-keywords", optional_argument, 0, 0},
1367 
1368  {"capture-plugin", required_argument, 0, 0},
1369  {"capture-plugin-args", required_argument, 0, 0},
1370 
1371 #ifdef BUILD_UNIX_SOCKET
1372  {"unix-socket", optional_argument, 0, 0},
1373 #endif
1374  {"pcap-buffer-size", required_argument, 0, 0},
1375  {"unittest-filter", required_argument, 0, 'U'},
1376  {"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1377  {"list-app-layer-hooks", 0, &list_app_layer_hooks, 1},
1378  {"list-unittests", 0, &list_unittests, 1},
1379  {"list-runmodes", 0, &list_runmodes, 1},
1380  {"list-keywords", optional_argument, &list_keywords, 1},
1381  {"runmode", required_argument, NULL, 0},
1382  {"engine-analysis", 0, &engine_analysis, 1},
1383 #ifdef OS_WIN32
1384  {"service-install", 0, 0, 0},
1385  {"service-remove", 0, 0, 0},
1386  {"service-change-params", 0, 0, 0},
1387 #endif /* OS_WIN32 */
1388  {"pidfile", required_argument, 0, 0},
1389  {"init-errors-fatal", 0, 0, 0},
1390  {"disable-detection", 0, 0, 0},
1391  {"disable-hashing", 0, 0, 0},
1392  {"fatal-unittests", 0, 0, 0},
1393  {"unittests-coverage", 0, &coverage_unittests, 1},
1394  {"user", required_argument, 0, 0},
1395  {"group", required_argument, 0, 0},
1396  {"erf-in", required_argument, 0, 0},
1397  {"dag", required_argument, 0, 0},
1398  {"build-info", 0, &build_info, 1},
1399  {"data-dir", required_argument, 0, 0},
1400 #ifdef WINDIVERT
1401  {"windivert", required_argument, 0, 0},
1402  {"windivert-forward", required_argument, 0, 0},
1403 #endif
1404 #ifdef HAVE_LIBNET11
1405  {"reject-dev", required_argument, 0, 0},
1406 #endif
1407  {"set", required_argument, 0, 0},
1408 #ifdef HAVE_NFLOG
1409  {"nflog", optional_argument, 0, 0},
1410 #endif
1411  {"simulate-packet-flow-memcap", required_argument, 0, 0},
1412  {"simulate-applayer-error-at-offset-ts", required_argument, 0, 0},
1413  {"simulate-applayer-error-at-offset-tc", required_argument, 0, 0},
1414  {"simulate-packet-loss", required_argument, 0, 0},
1415  {"simulate-packet-tcp-reassembly-memcap", required_argument, 0, 0},
1416  {"simulate-packet-tcp-ssn-memcap", required_argument, 0, 0},
1417  {"simulate-packet-defrag-memcap", required_argument, 0, 0},
1418  {"simulate-alert-queue-realloc-failure", 0, 0, 0},
1419 
1420  {"qa-skip-prefilter", 0, &g_skip_prefilter, 1 },
1421 
1422  {"firewall-rules-exclusive", required_argument, 0, 0},
1423 
1424  {"include", required_argument, 0, 0},
1425 
1426  {NULL, 0, NULL, 0}
1427  };
1428  // clang-format on
1429 
1430  /* getopt_long stores the option index here. */
1431  int option_index = 0;
1432 
1433  char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1434 
1435  while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1436  switch (opt) {
1437  case 0:
1438  if (strcmp((long_opts[option_index]).name , "pfring") == 0 ||
1439  strcmp((long_opts[option_index]).name , "pfring-int") == 0) {
1440 #ifdef HAVE_PFRING
1441  /* TODO: Which plugin? */
1442  suri->run_mode = RUNMODE_PLUGIN;
1443  suri->capture_plugin_name = "pfring";
1444  if (optarg != NULL) {
1445  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1446  strlcpy(suri->pcap_dev, optarg,
1447  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1448  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1449  LiveRegisterDeviceName(optarg);
1450  }
1451 #else
1452  SCLogError("PF_RING not enabled. Make sure "
1453  "to pass --enable-pfring to configure when building.");
1454  return TM_ECODE_FAILED;
1455 #endif /* HAVE_PFRING */
1456  }
1457  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-id") == 0){
1458 #ifdef HAVE_PFRING
1459  if (SCConfSetFinal("pfring.cluster-id", optarg) != 1) {
1460  SCLogError("failed to set pfring.cluster-id");
1461  return TM_ECODE_FAILED;
1462  }
1463 #else
1464  SCLogError("PF_RING not enabled. Make sure "
1465  "to pass --enable-pfring to configure when building.");
1466  return TM_ECODE_FAILED;
1467 #endif /* HAVE_PFRING */
1468  }
1469  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-type") == 0){
1470 #ifdef HAVE_PFRING
1471  if (SCConfSetFinal("pfring.cluster-type", optarg) != 1) {
1472  SCLogError("failed to set pfring.cluster-type");
1473  return TM_ECODE_FAILED;
1474  }
1475 #else
1476  SCLogError("PF_RING not enabled. Make sure "
1477  "to pass --enable-pfring to configure when building.");
1478  return TM_ECODE_FAILED;
1479 #endif /* HAVE_PFRING */
1480  }
1481  else if (strcmp((long_opts[option_index]).name , "capture-plugin") == 0){
1482  suri->run_mode = RUNMODE_PLUGIN;
1483  suri->capture_plugin_name = optarg;
1484  }
1485  else if (strcmp((long_opts[option_index]).name , "capture-plugin-args") == 0){
1486  suri->capture_plugin_args = optarg;
1487  } else if (strcmp((long_opts[option_index]).name, "dpdk") == 0) {
1488  if (ParseCommandLineDpdk(suri, optarg) != TM_ECODE_OK) {
1489  return TM_ECODE_FAILED;
1490  }
1491  } else if (strcmp((long_opts[option_index]).name, "af-packet") == 0) {
1492  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1493  return TM_ECODE_FAILED;
1494  }
1495  } else if (strcmp((long_opts[option_index]).name, "af-xdp") == 0) {
1496  if (ParseCommandLineAfxdp(suri, optarg) != TM_ECODE_OK) {
1497  return TM_ECODE_FAILED;
1498  }
1499  } else if (strcmp((long_opts[option_index]).name, "netmap") == 0) {
1500 #ifdef HAVE_NETMAP
1501  if (suri->run_mode == RUNMODE_UNKNOWN) {
1502  suri->run_mode = RUNMODE_NETMAP;
1503  if (optarg) {
1504  LiveRegisterDeviceName(optarg);
1505  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1506  strlcpy(suri->pcap_dev, optarg,
1507  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1508  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1509  }
1510  } else if (suri->run_mode == RUNMODE_NETMAP) {
1511  if (optarg) {
1512  LiveRegisterDeviceName(optarg);
1513  } else {
1514  SCLogInfo("Multiple netmap option without interface on each is useless");
1515  break;
1516  }
1517  } else {
1518  SCLogError("more than one run mode "
1519  "has been specified");
1520  PrintUsage(argv[0]);
1521  return TM_ECODE_FAILED;
1522  }
1523 #else
1524  SCLogError("NETMAP not enabled.");
1525  return TM_ECODE_FAILED;
1526 #endif
1527  } else if (strcmp((long_opts[option_index]).name, "nflog") == 0) {
1528 #ifdef HAVE_NFLOG
1529  if (suri->run_mode == RUNMODE_UNKNOWN) {
1530  suri->run_mode = RUNMODE_NFLOG;
1531  LiveBuildDeviceListCustom("nflog", "group");
1532  }
1533 #else
1534  SCLogError("NFLOG not enabled.");
1535  return TM_ECODE_FAILED;
1536 #endif /* HAVE_NFLOG */
1537  } else if (strcmp((long_opts[option_index]).name, "pcap") == 0) {
1538  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1539  return TM_ECODE_FAILED;
1540  }
1541  } else if (strcmp((long_opts[option_index]).name, "simulate-ips") == 0) {
1542  SCLogInfo("Setting IPS mode");
1543  EngineModeSetIPS();
1544  } else if (strcmp((long_opts[option_index]).name, "init-errors-fatal") == 0) {
1545  if (SCConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1546  SCLogError("failed to set engine init-failure-fatal");
1547  return TM_ECODE_FAILED;
1548  }
1549 #ifdef BUILD_UNIX_SOCKET
1550  } else if (strcmp((long_opts[option_index]).name , "unix-socket") == 0) {
1551  if (suri->run_mode == RUNMODE_UNKNOWN) {
1552  suri->run_mode = RUNMODE_UNIX_SOCKET;
1553  if (optarg) {
1554  if (SCConfSetFinal("unix-command.filename", optarg) != 1) {
1555  SCLogError("failed to set unix-command.filename");
1556  return TM_ECODE_FAILED;
1557  }
1558  }
1559  } else {
1560  SCLogError("more than one run mode "
1561  "has been specified");
1562  PrintUsage(argv[0]);
1563  return TM_ECODE_FAILED;
1564  }
1565 #endif
1566  }
1567  else if(strcmp((long_opts[option_index]).name, "list-app-layer-protocols") == 0) {
1568  /* listing all supported app layer protocols */
1569  } else if (strcmp((long_opts[option_index]).name, "list-app-layer-hooks") == 0) {
1570  /* listing all supported app layer hooks */
1571  } else if (strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
1572 #ifdef UNITTESTS
1573  suri->run_mode = RUNMODE_LIST_UNITTEST;
1574 #else
1575  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to "
1576  "configure when building");
1577  return TM_ECODE_FAILED;
1578 #endif /* UNITTESTS */
1579  } else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
1580  suri->run_mode = RUNMODE_LIST_RUNMODES;
1581  return TM_ECODE_OK;
1582  } else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
1583  if (optarg) {
1584  if (strcmp("short", optarg) != 0) {
1585  suri->keyword_info = optarg;
1586  }
1587  }
1588  } else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
1589  suri->runmode_custom_mode = optarg;
1590  } else if (strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
1591  // do nothing for now
1592  }
1593 #ifdef OS_WIN32
1594  else if (strcmp((long_opts[option_index]).name, "service-install") == 0) {
1595  suri->run_mode = RUNMODE_INSTALL_SERVICE;
1596  return TM_ECODE_OK;
1597  } else if (strcmp((long_opts[option_index]).name, "service-remove") == 0) {
1598  suri->run_mode = RUNMODE_REMOVE_SERVICE;
1599  return TM_ECODE_OK;
1600  } else if (strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
1601  suri->run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1602  return TM_ECODE_OK;
1603  }
1604 #endif /* OS_WIN32 */
1605  else if (strcmp((long_opts[option_index]).name, "pidfile") == 0) {
1606  suri->pid_filename = SCStrdup(optarg);
1607  if (suri->pid_filename == NULL) {
1608  SCLogError("strdup failed: %s", strerror(errno));
1609  return TM_ECODE_FAILED;
1610  }
1611  } else if (strcmp((long_opts[option_index]).name, "disable-detection") == 0) {
1612  g_detect_disabled = suri->disabled_detect = 1;
1613  } else if (strcmp((long_opts[option_index]).name, "disable-hashing") == 0) {
1614  g_disable_hashing = true;
1615  // for rust
1616  SCDisableHashing();
1617  } else if (strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
1618 #ifdef UNITTESTS
1619  unittests_fatal = 1;
1620 #else
1621  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to "
1622  "configure when building");
1623  return TM_ECODE_FAILED;
1624 #endif /* UNITTESTS */
1625  } else if (strcmp((long_opts[option_index]).name, "user") == 0) {
1626 #ifndef HAVE_LIBCAP_NG
1627  SCLogError("libcap-ng is required to"
1628  " drop privileges, but it was not compiled into Suricata.");
1629  return TM_ECODE_FAILED;
1630 #else
1631  suri->user_name = optarg;
1632  suri->do_setuid = true;
1633 #endif /* HAVE_LIBCAP_NG */
1634  } else if (strcmp((long_opts[option_index]).name, "group") == 0) {
1635 #ifndef HAVE_LIBCAP_NG
1636  SCLogError("libcap-ng is required to"
1637  " drop privileges, but it was not compiled into Suricata.");
1638  return TM_ECODE_FAILED;
1639 #else
1640  suri->group_name = optarg;
1641  suri->do_setgid = true;
1642 #endif /* HAVE_LIBCAP_NG */
1643  } else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) {
1644  suri->run_mode = RUNMODE_ERF_FILE;
1645  if (SCConfSetFinal("erf-file.file", optarg) != 1) {
1646  SCLogError("failed to set erf-file.file");
1647  return TM_ECODE_FAILED;
1648  }
1649  } else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
1650 #ifdef HAVE_DAG
1651  if (suri->run_mode == RUNMODE_UNKNOWN) {
1652  suri->run_mode = RUNMODE_DAG;
1653  }
1654  else if (suri->run_mode != RUNMODE_DAG) {
1655  SCLogError("more than one run mode has been specified");
1656  PrintUsage(argv[0]);
1657  return TM_ECODE_FAILED;
1658  }
1659  LiveRegisterDeviceName(optarg);
1660 #else
1661  SCLogError("libdag and a DAG card are required"
1662  " to receive packets using --dag.");
1663  return TM_ECODE_FAILED;
1664 #endif /* HAVE_DAG */
1665  } else if (strcmp((long_opts[option_index]).name, "napatech") == 0) {
1666 #ifdef HAVE_NAPATECH
1667  suri->run_mode = RUNMODE_PLUGIN;
1668 #else
1669  SCLogError("libntapi and a Napatech adapter are required"
1670  " to capture packets using --napatech.");
1671  return TM_ECODE_FAILED;
1672 #endif /* HAVE_NAPATECH */
1673  } else if (strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
1674 #ifdef HAVE_PCAP_SET_BUFF
1675  if (SCConfSetFinal("pcap.buffer-size", optarg) != 1) {
1676  SCLogError("failed to set pcap-buffer-size");
1677  return TM_ECODE_FAILED;
1678  }
1679 #else
1680  SCLogError("The version of libpcap you have"
1681  " doesn't support setting buffer size.");
1682 #endif /* HAVE_PCAP_SET_BUFF */
1683  } else if (strcmp((long_opts[option_index]).name, "build-info") == 0) {
1684  suri->run_mode = RUNMODE_PRINT_BUILDINFO;
1685  return TM_ECODE_OK;
1686  } else if (strcmp((long_opts[option_index]).name, "windivert-forward") == 0) {
1687 #ifdef WINDIVERT
1688  if (suri->run_mode == RUNMODE_UNKNOWN) {
1689  suri->run_mode = RUNMODE_WINDIVERT;
1690  if (WinDivertRegisterQueue(true, optarg) == -1) {
1691  exit(EXIT_FAILURE);
1692  }
1693  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1694  if (WinDivertRegisterQueue(true, optarg) == -1) {
1695  exit(EXIT_FAILURE);
1696  }
1697  } else {
1698  SCLogError("more than one run mode "
1699  "has been specified");
1700  PrintUsage(argv[0]);
1701  exit(EXIT_FAILURE);
1702  }
1703  }
1704  else if(strcmp((long_opts[option_index]).name, "windivert") == 0) {
1705  if (suri->run_mode == RUNMODE_UNKNOWN) {
1706  suri->run_mode = RUNMODE_WINDIVERT;
1707  if (WinDivertRegisterQueue(false, optarg) == -1) {
1708  exit(EXIT_FAILURE);
1709  }
1710  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1711  if (WinDivertRegisterQueue(false, optarg) == -1) {
1712  exit(EXIT_FAILURE);
1713  }
1714  } else {
1715  SCLogError("more than one run mode "
1716  "has been specified");
1717  PrintUsage(argv[0]);
1718  exit(EXIT_FAILURE);
1719  }
1720 #else
1721  SCLogError("WinDivert not enabled. Make sure to pass --enable-windivert to "
1722  "configure when building.");
1723  return TM_ECODE_FAILED;
1724 #endif /* WINDIVERT */
1725  } else if(strcmp((long_opts[option_index]).name, "reject-dev") == 0) {
1726 #ifdef HAVE_LIBNET11
1727  BUG_ON(optarg == NULL); /* for static analysis */
1728  extern char *g_reject_dev;
1729  extern uint16_t g_reject_dev_mtu;
1730  g_reject_dev = optarg;
1731  int mtu = GetIfaceMTU(g_reject_dev);
1732  if (mtu > 0) {
1733  g_reject_dev_mtu = (uint16_t)mtu;
1734  }
1735 #else
1736  SCLogError("Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1737  return TM_ECODE_FAILED;
1738 #endif
1739  }
1740  else if (strcmp((long_opts[option_index]).name, "set") == 0) {
1741  if (optarg != NULL) {
1742  /* Quick validation. */
1743  char *val = strchr(optarg, '=');
1744  if (val == NULL) {
1745  FatalError("Invalid argument for --set, must be key=val.");
1746  }
1747  if (!SCConfSetFromString(optarg, 1)) {
1748  FatalError("failed to set configuration value %s", optarg);
1749  }
1750  }
1751  }
1752  else if (strcmp((long_opts[option_index]).name, "pcap-file-continuous") == 0) {
1753  if (SCConfSetFinal("pcap-file.continuous", "true") != 1) {
1754  SCLogError("Failed to set pcap-file.continuous");
1755  return TM_ECODE_FAILED;
1756  }
1757  }
1758  else if (strcmp((long_opts[option_index]).name, "pcap-file-delete") == 0) {
1759  if (SCConfSetFinal("pcap-file.delete-when-done", "true") != 1) {
1760  SCLogError("Failed to set pcap-file.delete-when-done");
1761  return TM_ECODE_FAILED;
1762  }
1763  }
1764  else if (strcmp((long_opts[option_index]).name, "pcap-file-recursive") == 0) {
1765  if (SCConfSetFinal("pcap-file.recursive", "true") != 1) {
1766  SCLogError("failed to set pcap-file.recursive");
1767  return TM_ECODE_FAILED;
1768  }
1769  } else if (strcmp((long_opts[option_index]).name, "pcap-file-buffer-size") == 0) {
1770  if (SCConfSetFinal("pcap-file.buffer-size", optarg) != 1) {
1771  SCLogError("failed to set pcap-file.buffer-size");
1772  return TM_ECODE_FAILED;
1773  }
1774  } else if (strcmp((long_opts[option_index]).name, "data-dir") == 0) {
1775  if (optarg == NULL) {
1776  SCLogError("no option argument (optarg) for -d");
1777  return TM_ECODE_FAILED;
1778  }
1779 
1780  if (ConfigSetDataDirectory(optarg) != TM_ECODE_OK) {
1781  SCLogError("Failed to set data directory.");
1782  return TM_ECODE_FAILED;
1783  }
1784  if (ConfigCheckDataDirectory(optarg) != TM_ECODE_OK) {
1785  SCLogError("The data directory \"%s\""
1786  " supplied at the command-line (-d %s) doesn't "
1787  "exist. Shutting down the engine.",
1788  optarg, optarg);
1789  return TM_ECODE_FAILED;
1790  }
1791  suri->set_datadir = true;
1792  } else if (strcmp((long_opts[option_index]).name, "strict-rule-keywords") == 0) {
1793  if (optarg == NULL) {
1794  suri->strict_rule_parsing_string = SCStrdup("all");
1795  } else {
1796  suri->strict_rule_parsing_string = SCStrdup(optarg);
1797  }
1798  if (suri->strict_rule_parsing_string == NULL) {
1799  FatalError("failed to duplicate 'strict' string");
1800  }
1801  } else if (strcmp((long_opts[option_index]).name, "include") == 0) {
1802  if (suri->additional_configs == NULL) {
1803  suri->additional_configs = SCCalloc(2, sizeof(char *));
1804  if (suri->additional_configs == NULL) {
1805  FatalError(
1806  "Failed to allocate memory for additional configuration files: %s",
1807  strerror(errno));
1808  }
1809  suri->additional_configs[0] = optarg;
1810  } else {
1811  for (int i = 0;; i++) {
1812  if (suri->additional_configs[i] == NULL) {
1813  const char **additional_configs =
1814  SCRealloc(suri->additional_configs, (i + 2) * sizeof(char *));
1815  if (additional_configs == NULL) {
1816  FatalError("Failed to allocate memory for additional configuration "
1817  "files: %s",
1818  strerror(errno));
1819  } else {
1820  suri->additional_configs = additional_configs;
1821  }
1822  suri->additional_configs[i] = optarg;
1823  suri->additional_configs[i + 1] = NULL;
1824  break;
1825  }
1826  }
1827  }
1828  } else if (strcmp((long_opts[option_index]).name, "firewall-rules-exclusive") == 0) {
1829  if (suri->firewall_rule_file != NULL) {
1830  SCLogError("can't have multiple --firewall-rules-exclusive options");
1831  return TM_ECODE_FAILED;
1832  }
1833  suri->firewall_rule_file = optarg;
1834  suri->firewall_rule_file_exclusive = true;
1835  } else {
1836  int r = ExceptionSimulationCommandLineParser(
1837  (long_opts[option_index]).name, optarg);
1838  if (r < 0)
1839  return TM_ECODE_FAILED;
1840  }
1841  break;
1842  case 'c':
1843  suri->conf_filename = optarg;
1844  break;
1845  case 'T':
1846  conf_test = 1;
1847  if (SCConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1848  SCLogError("failed to set engine init-failure-fatal");
1849  return TM_ECODE_FAILED;
1850  }
1851  break;
1852 #ifndef OS_WIN32
1853  case 'D':
1854  suri->daemon = 1;
1855  break;
1856 #endif /* OS_WIN32 */
1857  case 'h':
1858  suri->run_mode = RUNMODE_PRINT_USAGE;
1859  return TM_ECODE_OK;
1860  case 'i':
1861  if (optarg == NULL) {
1862  SCLogError("no option argument (optarg) for -i");
1863  return TM_ECODE_FAILED;
1864  }
1865 #ifdef HAVE_AF_PACKET
1866  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1867  return TM_ECODE_FAILED;
1868  }
1869 #else /* not afpacket */
1870  /* warn user if netmap is available */
1871 #if defined HAVE_NETMAP
1872  int i = 0;
1873 #ifdef HAVE_NETMAP
1874  i++;
1875 #endif
1876  SCLogWarning("faster capture "
1877  "option%s %s available:"
1878 #ifdef HAVE_NETMAP
1879  " NETMAP (--netmap=%s)"
1880 #endif
1881  ". Use --pcap=%s to suppress this warning",
1882  i == 1 ? "" : "s", i == 1 ? "is" : "are"
1883 #ifdef HAVE_NETMAP
1884  ,
1885  optarg
1886 #endif
1887  ,
1888  optarg);
1889 #endif /* have faster methods */
1890  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1891  return TM_ECODE_FAILED;
1892  }
1893 #endif
1894  break;
1895  case 'l':
1896  if (optarg == NULL) {
1897  SCLogError("no option argument (optarg) for -l");
1898  return TM_ECODE_FAILED;
1899  }
1900 
1901  if (ConfigSetLogDirectory(optarg) != TM_ECODE_OK) {
1902  SCLogError("Failed to set log directory.");
1903  return TM_ECODE_FAILED;
1904  }
1905  if (ConfigCheckLogDirectoryExists(optarg) != TM_ECODE_OK) {
1906  SCLogError("The logging directory \"%s\""
1907  " supplied at the command-line (-l %s) doesn't "
1908  "exist. Shutting down the engine.",
1909  optarg, optarg);
1910  return TM_ECODE_FAILED;
1911  }
1912  if (!IsLogDirectoryWritable(optarg)) {
1913  SCLogError("The logging directory \"%s\""
1914  " supplied at the command-line (-l %s) is not "
1915  "writable. Shutting down the engine.",
1916  optarg, optarg);
1917  return TM_ECODE_FAILED;
1918  }
1919  suri->set_logdir = true;
1920 
1921  break;
1922  case 'q':
1923 #ifdef NFQ
1924  if (suri->run_mode == RUNMODE_UNKNOWN) {
1925  suri->run_mode = RUNMODE_NFQ;
1926  EngineModeSetIPS();
1927  if (NFQParseAndRegisterQueues(optarg) == -1)
1928  return TM_ECODE_FAILED;
1929  } else if (suri->run_mode == RUNMODE_NFQ) {
1930  if (NFQParseAndRegisterQueues(optarg) == -1)
1931  return TM_ECODE_FAILED;
1932  } else {
1933  SCLogError("more than one run mode "
1934  "has been specified");
1935  PrintUsage(argv[0]);
1936  return TM_ECODE_FAILED;
1937  }
1938 #else
1939  SCLogError("NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when "
1940  "building.");
1941  return TM_ECODE_FAILED;
1942 #endif /* NFQ */
1943  break;
1944  case 'd':
1945 #ifdef IPFW
1946  if (suri->run_mode == RUNMODE_UNKNOWN) {
1947  suri->run_mode = RUNMODE_IPFW;
1948  EngineModeSetIPS();
1949  if (IPFWRegisterQueue(optarg) == -1)
1950  return TM_ECODE_FAILED;
1951  } else if (suri->run_mode == RUNMODE_IPFW) {
1952  if (IPFWRegisterQueue(optarg) == -1)
1953  return TM_ECODE_FAILED;
1954  } else {
1955  SCLogError("more than one run mode "
1956  "has been specified");
1957  PrintUsage(argv[0]);
1958  return TM_ECODE_FAILED;
1959  }
1960 #else
1961  SCLogError("IPFW not enabled. Make sure to pass --enable-ipfw to configure when "
1962  "building.");
1963  return TM_ECODE_FAILED;
1964 #endif /* IPFW */
1965  break;
1966  case 'r':
1967  BUG_ON(optarg == NULL); /* for static analysis */
1968  if (suri->run_mode == RUNMODE_UNKNOWN) {
1969  suri->run_mode = RUNMODE_PCAP_FILE;
1970  } else {
1971  SCLogError("more than one run mode "
1972  "has been specified");
1973  PrintUsage(argv[0]);
1974  return TM_ECODE_FAILED;
1975  }
1976  SCStat buf;
1977  if (SCStatFn(optarg, &buf) != 0) {
1978  SCLogError("pcap file '%s': %s", optarg, strerror(errno));
1979  return TM_ECODE_FAILED;
1980  }
1981  if (SCConfSetFinal("pcap-file.file", optarg) != 1) {
1982  SCLogError("ERROR: Failed to set pcap-file.file\n");
1983  return TM_ECODE_FAILED;
1984  }
1985 
1986  break;
1987  case 's':
1988  if (suri->sig_file != NULL) {
1989  SCLogError("can't have multiple -s options or mix -s and -S.");
1990  return TM_ECODE_FAILED;
1991  }
1992  suri->sig_file = optarg;
1993  break;
1994  case 'S':
1995  if (suri->sig_file != NULL) {
1996  SCLogError("can't have multiple -S options or mix -s and -S.");
1997  return TM_ECODE_FAILED;
1998  }
1999  suri->sig_file = optarg;
2000  suri->sig_file_exclusive = true;
2001  break;
2002  case 'u':
2003 #ifdef UNITTESTS
2004  if (suri->run_mode == RUNMODE_UNKNOWN) {
2005  suri->run_mode = RUNMODE_UNITTEST;
2006  } else {
2007  SCLogError("more than one run mode has"
2008  " been specified");
2009  PrintUsage(argv[0]);
2010  return TM_ECODE_FAILED;
2011  }
2012 #else
2013  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to configure "
2014  "when building.");
2015  return TM_ECODE_FAILED;
2016 #endif /* UNITTESTS */
2017  break;
2018  case 'U':
2019 #ifdef UNITTESTS
2020  suri->regex_arg = optarg;
2021 
2022  if(strlen(suri->regex_arg) == 0)
2023  suri->regex_arg = NULL;
2024 #endif
2025  break;
2026  case 'V':
2027  suri->run_mode = RUNMODE_PRINT_VERSION;
2028  return TM_ECODE_OK;
2029  case 'F':
2030  if (optarg == NULL) {
2031  SCLogError("no option argument (optarg) for -F");
2032  return TM_ECODE_FAILED;
2033  }
2034 
2035  SetBpfStringFromFile(optarg);
2036  break;
2037  case 'v':
2038  suri->verbose++;
2039  break;
2040  case 'k':
2041  if (optarg == NULL) {
2042  SCLogError("no option argument (optarg) for -k");
2043  return TM_ECODE_FAILED;
2044  }
2045  if (!strcmp("all", optarg))
2046  suri->checksum_validation = 1;
2047  else if (!strcmp("none", optarg))
2048  suri->checksum_validation = 0;
2049  else {
2050  SCLogError("option '%s' invalid for -k", optarg);
2051  return TM_ECODE_FAILED;
2052  }
2053  break;
2054  default:
2055  PrintUsage(argv[0]);
2056  return TM_ECODE_FAILED;
2057  }
2058  }
2059 
2060  if (suri->disabled_detect && (suri->sig_file != NULL || suri->firewall_rule_file != NULL)) {
2061  SCLogError("can't use -s/-S or --firewall-rules-exclusive when detection is disabled");
2062  return TM_ECODE_FAILED;
2063  }
2064 
2065  /* save the runmode from the command-line (if any) */
2066  suri->aux_run_mode = suri->run_mode;
2067 
2068  if (list_app_layer_protocols)
2069  suri->run_mode = RUNMODE_LIST_APP_LAYERS;
2070  if (list_app_layer_hooks)
2071  suri->run_mode = RUNMODE_LIST_APP_LAYER_HOOKS;
2072  if (list_keywords)
2073  suri->run_mode = RUNMODE_LIST_KEYWORDS;
2074  if (list_unittests)
2075  suri->run_mode = RUNMODE_LIST_UNITTEST;
2076  if (dump_config)
2077  suri->run_mode = RUNMODE_DUMP_CONFIG;
2078  if (dump_features)
2079  suri->run_mode = RUNMODE_DUMP_FEATURES;
2080  if (conf_test)
2081  suri->run_mode = RUNMODE_CONF_TEST;
2082  if (engine_analysis)
2083  suri->run_mode = RUNMODE_ENGINE_ANALYSIS;
2084 
2085  suri->offline = IsRunModeOffline(suri->run_mode);
2086  g_system = suri->system = IsRunModeSystem(suri->run_mode);
2087 
2088  ret = SetBpfString(optind, argv);
2089  if (ret != TM_ECODE_OK)
2090  return ret;
2091 
2092  return TM_ECODE_OK;
2093 }
2094 
2095 #ifdef OS_WIN32
2096 int WindowsInitService(int argc, char **argv)
2097 {
2098  if (SCRunningAsService()) {
2099  char path[MAX_PATH];
2100  char *p = NULL;
2101  strlcpy(path, argv[0], MAX_PATH);
2102  if ((p = strrchr(path, '\\'))) {
2103  *p = '\0';
2104  }
2105  if (!SetCurrentDirectory(path)) {
2106  SCLogError("Can't set current directory to: %s", path);
2107  return -1;
2108  }
2109  SCLogInfo("Current directory is set to: %s", path);
2110  SCServiceInit(argc, argv);
2111  }
2112 
2113  /* Windows socket subsystem initialization */
2114  WSADATA wsaData;
2115  if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
2116  SCLogError("Can't initialize Windows sockets: %d", WSAGetLastError());
2117  return -1;
2118  }
2119 
2120  return 0;
2121 }
2122 #endif /* OS_WIN32 */
2123 
2124 static int MayDaemonize(SCInstance *suri)
2125 {
2126  if (suri->daemon == 1 && suri->pid_filename == NULL) {
2127  const char *pid_filename;
2128 
2129  if (SCConfGet("pid-file", &pid_filename) == 1) {
2130  SCLogInfo("Use pid file %s from config file.", pid_filename);
2131  } else {
2132  pid_filename = DEFAULT_PID_FILENAME;
2133  }
2134  /* The pid file name may be in config memory, but is needed later. */
2135  suri->pid_filename = SCStrdup(pid_filename);
2136  if (suri->pid_filename == NULL) {
2137  SCLogError("strdup failed: %s", strerror(errno));
2138  return TM_ECODE_FAILED;
2139  }
2140  }
2141 
2142  if (suri->pid_filename != NULL && SCPidfileTestRunning(suri->pid_filename) != 0) {
2143  SCFree(suri->pid_filename);
2144  suri->pid_filename = NULL;
2145  return TM_ECODE_FAILED;
2146  }
2147 
2148  if (suri->daemon == 1) {
2149  Daemonize();
2150  }
2151 
2152  if (suri->pid_filename != NULL) {
2153  if (SCPidfileCreate(suri->pid_filename) != 0) {
2154  SCFree(suri->pid_filename);
2155  suri->pid_filename = NULL;
2156  SCLogError("Unable to create PID file, concurrent run of"
2157  " Suricata can occur.");
2158  SCLogError("PID file creation WILL be mandatory for daemon mode"
2159  " in future version");
2160  }
2161  }
2162 
2163  return TM_ECODE_OK;
2164 }
2165 
2166 /* Initialize the user and group Suricata is to run as. */
2167 static int InitRunAs(SCInstance *suri)
2168 {
2169 #ifndef OS_WIN32
2170  /* Try to get user/group to run suricata as if
2171  command line as not decide of that */
2172  if (!suri->do_setuid && !suri->do_setgid) {
2173  const char *id;
2174  if (SCConfGet("run-as.user", &id) == 1) {
2175  suri->do_setuid = true;
2176  suri->user_name = id;
2177  }
2178  if (SCConfGet("run-as.group", &id) == 1) {
2179  suri->do_setgid = true;
2180  suri->group_name = id;
2181  }
2182  }
2183  /* Get the suricata user ID to given user ID */
2184  if (suri->do_setuid) {
2185  SCGetUserID(suri->user_name, suri->group_name, &suri->userid, &suri->groupid);
2186  sc_set_caps = true;
2187  /* Get the suricata group ID to given group ID */
2188  } else if (suri->do_setgid) {
2189  SCGetGroupID(suri->group_name, &suri->groupid);
2190  sc_set_caps = true;
2191  }
2192 #endif
2193  return TM_ECODE_OK;
2194 }
2195 
2196 static int InitSignalHandler(SCInstance *suri)
2197 {
2198  /* registering signals we use */
2199 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2200  UtilSignalHandlerSetup(SIGINT, SignalHandlerSigint);
2201  UtilSignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
2202 #if HAVE_LIBUNWIND
2203  int enabled;
2204  if (SCConfGetBool("logging.stacktrace-on-signal", &enabled) == 0) {
2205  enabled = 1;
2206  }
2207 
2208  if (enabled) {
2209  SCLogInfo("Preparing unexpected signal handling");
2210  struct sigaction stacktrace_action;
2211  memset(&stacktrace_action, 0, sizeof(stacktrace_action));
2212  stacktrace_action.sa_sigaction = SignalHandlerUnexpected;
2213  stacktrace_action.sa_flags = SA_SIGINFO;
2214  sigaction(SIGSEGV, &stacktrace_action, NULL);
2215  sigaction(SIGABRT, &stacktrace_action, NULL);
2216  }
2217 #endif /* HAVE_LIBUNWIND */
2218 #endif
2219 #ifndef OS_WIN32
2220  UtilSignalHandlerSetup(SIGHUP, SignalHandlerSigHup);
2221  UtilSignalHandlerSetup(SIGPIPE, SIG_IGN);
2222  UtilSignalHandlerSetup(SIGSYS, SIG_IGN);
2223 #endif /* OS_WIN32 */
2224 
2225  return TM_ECODE_OK;
2226 }
2227 
2228 /* initialization code for both the main modes and for
2229  * unix socket mode.
2230  *
2231  * Will be run once per pcap in unix-socket mode */
2232 void PreRunInit(const int runmode)
2233 {
2234  if (runmode == RUNMODE_UNIX_SOCKET)
2235  return;
2236 
2237  StatsInit();
2238 #ifdef PROFILE_RULES
2239  SCProfilingRulesGlobalInit();
2240 #endif
2241 #ifdef PROFILING
2242  SCProfilingKeywordsGlobalInit();
2243  SCProfilingPrefilterGlobalInit();
2244  SCProfilingSghsGlobalInit();
2245 #endif /* PROFILING */
2246 #ifdef PROFILE_RULES
2247  SCProfilingInit();
2248 #endif
2249  DefragInit();
2250  FlowInitConfig(FLOW_QUIET);
2251  IPPairInitConfig(FLOW_QUIET);
2252  StreamTcpInitConfig(STREAM_VERBOSE);
2253  AppLayerParserPostStreamSetup();
2254  AppLayerRegisterGlobalCounters();
2255  OutputFilestoreRegisterGlobalCounters();
2256  HttpRangeContainersInit();
2257 }
2258 
2259 /* tasks we need to run before packets start flowing,
2260  * but after we dropped privs */
2261 void PreRunPostPrivsDropInit(const int runmode)
2262 {
2263  if (runmode == RUNMODE_UNIX_SOCKET) {
2264  return;
2265  }
2266 
2267  StatsSetupPostConfigPreOutput();
2268  RunModeInitializeOutputs();
2269  DatasetsInit();
2270  StatsSetupPostConfigPostOutput();
2271 }
2272 
2273 /** \brief clean up / shutdown code for packet modes
2274  *
2275  * Shuts down packet modes, so regular packet runmodes and the
2276  * per pcap mode in the unix socket. */
2277 void PostRunDeinit(const int runmode, struct timeval *start_time)
2278 {
2279  if (runmode == RUNMODE_UNIX_SOCKET)
2280  return;
2281 
2282  TmThreadsUnsealThreads();
2283 
2284  /* needed by FlowWorkToDoCleanup */
2285  PacketPoolInit();
2286 
2287  /* handle graceful shutdown of the flow engine, it's helper
2288  * threads and the packet threads */
2289  FlowDisableFlowManagerThread();
2290  /* disable capture */
2291  TmThreadDisableReceiveThreads();
2292  /* tell packet threads to enter flow timeout loop */
2293  TmThreadDisablePacketThreads(THV_REQ_FLOW_LOOP, THV_FLOW_LOOP);
2294  /* run cleanup on the flow hash */
2295  FlowWorkToDoCleanup();
2296  /* gracefully shut down packet threads */
2297  TmThreadDisablePacketThreads(THV_KILL, THV_RUNNING_DONE);
2298  SCPrintElapsedTime(start_time);
2299  FlowDisableFlowRecyclerThread();
2300 
2301  /* kill the stats threads */
2302  TmThreadKillThreadsFamily(TVT_MGMT);
2303  TmThreadClearThreadsFamily(TVT_MGMT);
2304 
2305  /* kill packet threads -- already in 'disabled' state */
2306  TmThreadKillThreadsFamily(TVT_PPT);
2307  TmThreadClearThreadsFamily(TVT_PPT);
2308 
2309  PacketPoolDestroy();
2310 
2311  /* mgt and ppt threads killed, we can run non thread-safe
2312  * shutdown functions */
2313  StatsReleaseResources();
2314  DecodeUnregisterCounters();
2315  RunModeShutDown();
2316  FlowShutdown();
2317  IPPairShutdown();
2318  HostCleanup();
2319  StreamTcpFreeConfig(STREAM_VERBOSE);
2320  DefragDestroy();
2321  HttpRangeContainersDestroy();
2322 
2323  TmqResetQueues();
2324 #ifdef PROFILING
2325  if (profiling_packets_enabled)
2326  SCProfilingDump();
2327  SCProfilingDestroy();
2328 #endif
2329 }
2330 
2331 int SCStartInternalRunMode(int argc, char **argv)
2332 {
2333  SCInstance *suri = &suricata;
2334  /* Treat internal running mode */
2335  switch (suri->run_mode) {
2336  case RUNMODE_LIST_KEYWORDS:
2337  return ListKeywords(suri->keyword_info);
2338  case RUNMODE_LIST_APP_LAYERS:
2339  if (suri->conf_filename != NULL) {
2340  return ListAppLayerProtocols(suri->conf_filename);
2341  } else {
2342  return ListAppLayerProtocols(DEFAULT_CONF_FILE);
2343  }
2344  case RUNMODE_LIST_APP_LAYER_HOOKS:
2345  if (suri->conf_filename != NULL) {
2346  return ListAppLayerHooks(suri->conf_filename);
2347  } else {
2348  return ListAppLayerHooks(DEFAULT_CONF_FILE);
2349  }
2350  case RUNMODE_PRINT_VERSION:
2351  PrintVersion();
2352  return TM_ECODE_DONE;
2353  case RUNMODE_PRINT_BUILDINFO:
2354  PrintBuildInfo();
2355  return TM_ECODE_DONE;
2356  case RUNMODE_PRINT_USAGE:
2357  PrintUsage(argv[0]);
2358  return TM_ECODE_DONE;
2359  case RUNMODE_LIST_RUNMODES:
2360  RunModeListRunmodes();
2361  return TM_ECODE_DONE;
2362  case RUNMODE_LIST_UNITTEST:
2363  RunUnittests(1, suri->regex_arg);
2364  case RUNMODE_UNITTEST:
2365  RunUnittests(0, suri->regex_arg);
2366 #ifdef OS_WIN32
2367  case RUNMODE_INSTALL_SERVICE:
2368  if (SCServiceInstall(argc, argv)) {
2369  return TM_ECODE_FAILED;
2370  }
2371  SCLogInfo("Suricata service has been successfully installed.");
2372  return TM_ECODE_DONE;
2373  case RUNMODE_REMOVE_SERVICE:
2374  if (SCServiceRemove()) {
2375  return TM_ECODE_FAILED;
2376  }
2377  SCLogInfo("Suricata service has been successfully removed.");
2378  return TM_ECODE_DONE;
2379  case RUNMODE_CHANGE_SERVICE_PARAMS:
2380  if (SCServiceChangeParams(argc, argv)) {
2381  return TM_ECODE_FAILED;
2382  }
2383  SCLogInfo("Suricata service startup parameters has been successfully changed.");
2384  return TM_ECODE_DONE;
2385 #endif /* OS_WIN32 */
2386  default:
2387  /* simply continue for other running mode */
2388  break;
2389  }
2390  return TM_ECODE_OK;
2391 }
2392 
2393 int SCFinalizeRunMode(void)
2394 {
2395  SCInstance *suri = &suricata;
2396  switch (suri->run_mode) {
2397  case RUNMODE_UNKNOWN:
2398  PrintUsage(suri->progname);
2399  return TM_ECODE_FAILED;
2400  default:
2401  break;
2402  }
2403 
2404  if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) {
2405  return TM_ECODE_FAILED;
2406  }
2407 
2408  return TM_ECODE_OK;
2409 }
2410 
2411 static void SetupDelayedDetect(SCInstance *suri)
2412 {
2413  /* In offline mode delayed init of detect is a bad idea */
2414  if (suri->offline) {
2415  suri->delayed_detect = 0;
2416  } else {
2417  if (SCConfGetBool("detect.delayed-detect", &suri->delayed_detect) != 1) {
2418  SCConfNode *denode = NULL;
2419  SCConfNode *decnf = SCConfGetNode("detect-engine");
2420  if (decnf != NULL) {
2421  TAILQ_FOREACH(denode, &decnf->head, next) {
2422  if (strcmp(denode->val, "delayed-detect") == 0) {
2423  (void)SCConfGetChildValueBool(
2424  denode, "delayed-detect", &suri->delayed_detect);
2425  }
2426  }
2427  }
2428  }
2429  }
2430 
2431  SCLogConfig("Delayed detect %s", suri->delayed_detect ? "enabled" : "disabled");
2432  if (suri->delayed_detect) {
2433  SCLogInfo("Packets will start being processed before signatures are active.");
2434  }
2435 
2436 }
2437 
2438 static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri)
2439 {
2440  de_ctx->firewall_rule_file_exclusive = suri->firewall_rule_file;
2441 
2442  if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) {
2443  SCLogError("Loading signatures failed.");
2444  if (de_ctx->failure_fatal)
2445  return TM_ECODE_FAILED;
2446  }
2447 
2448  return TM_ECODE_OK;
2449 }
2450 
2451 static int ConfigGetCaptureValue(SCInstance *suri)
2452 {
2453  /* Pull the max pending packets from the config, if not found fall
2454  * back on a sane default. */
2455  intmax_t tmp_max_pending_packets;
2456  if (SCConfGetInt("max-pending-packets", &tmp_max_pending_packets) != 1)
2457  tmp_max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
2458  if (tmp_max_pending_packets < 1 || tmp_max_pending_packets > 2147483648) {
2459  SCLogError("Maximum max-pending-packets setting is 2147483648 and must be greater than 0. "
2460  "Please check %s for errors",
2461  suri->conf_filename);
2462  return TM_ECODE_FAILED;
2463  } else {
2464  max_pending_packets = (uint32_t)tmp_max_pending_packets;
2465  }
2466 
2467  SCLogDebug("Max pending packets set to %" PRIu32, max_pending_packets);
2468 
2469  /* Pull the default packet size from the config, if not found fall
2470  * back on a sane default. */
2471  const char *temp_default_packet_size;
2472  if ((SCConfGet("default-packet-size", &temp_default_packet_size)) != 1) {
2473  int lthread;
2474  int nlive;
2475  int strip_trailing_plus = 0;
2476  switch (suri->run_mode) {
2477  case RUNMODE_AFP_DEV:
2478  /* For AF_PACKET we delay setting the
2479  * default-packet-size until we know more about the
2480  * configuration. */
2481  break;
2482 #ifdef WINDIVERT
2483  case RUNMODE_WINDIVERT: {
2484  /* by default, WinDivert collects from all devices */
2485  const int mtu = GetGlobalMTUWin32();
2486 
2487  if (mtu > 0) {
2488  /* SLL_HEADER_LEN is the longest header + 8 for VLAN */
2489  default_packet_size = mtu + SLL_HEADER_LEN + 8;
2490  break;
2491  }
2492  default_packet_size = DEFAULT_PACKET_SIZE;
2493  break;
2494  }
2495 #endif /* WINDIVERT */
2496  case RUNMODE_NETMAP:
2497  /* in netmap igb0+ has a special meaning, however the
2498  * interface really is igb0 */
2499  strip_trailing_plus = 1;
2500  /* fall through */
2501  case RUNMODE_PLUGIN:
2502  case RUNMODE_PCAP_DEV:
2503  case RUNMODE_AFXDP_DEV:
2504  nlive = LiveGetDeviceCount();
2505  for (lthread = 0; lthread < nlive; lthread++) {
2506  const char *live_dev = LiveGetDeviceName(lthread);
2507  char dev[128]; /* need to be able to support GUID names on Windows */
2508  (void)strlcpy(dev, live_dev, sizeof(dev));
2509 
2510  if (strip_trailing_plus) {
2511  size_t len = strlen(dev);
2512  if (len &&
2513  (dev[len-1] == '+' ||
2514  dev[len-1] == '^' ||
2515  dev[len-1] == '*'))
2516  {
2517  dev[len-1] = '\0';
2518  }
2519  }
2520  LiveDevice *ld = LiveGetDevice(dev);
2521  unsigned int iface_max_packet_size = GetIfaceMaxPacketSize(ld);
2522  if (iface_max_packet_size > default_packet_size)
2523  default_packet_size = iface_max_packet_size;
2524  }
2525  if (default_packet_size)
2526  break;
2527  /* fall through */
2528  default:
2529  default_packet_size = DEFAULT_PACKET_SIZE;
2530  }
2531  } else {
2532  if (ParseSizeStringU32(temp_default_packet_size, &default_packet_size) < 0) {
2533  SCLogError("Error parsing max-pending-packets "
2534  "from conf file - %s. Killing engine",
2535  temp_default_packet_size);
2536  return TM_ECODE_FAILED;
2537  }
2538  }
2539 
2540  SCLogDebug("Default packet size set to %"PRIu32, default_packet_size);
2541 
2542  return TM_ECODE_OK;
2543 }
2544 
2545 static void PostRunStartedDetectSetup(const SCInstance *suri)
2546 {
2547 #ifndef OS_WIN32
2548  /* registering signal handlers we use. We setup usr2 here, so that one
2549  * can't call it during the first sig load phase or while threads are still
2550  * starting up. */
2551  if (DetectEngineEnabled() && suri->delayed_detect == 0) {
2552  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2553  UtilSignalUnblock(SIGUSR2);
2554  }
2555 #endif
2556  if (suri->delayed_detect) {
2557  /* force 'reload', this will load the rules and swap engines */
2558  DetectEngineReload(suri);
2559  SCLogNotice("Signature(s) loaded, Detect thread(s) activated.");
2560 #ifndef OS_WIN32
2561  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2562  UtilSignalUnblock(SIGUSR2);
2563 #endif
2564  }
2565 }
2566 
2567 void PostConfLoadedDetectSetup(SCInstance *suri)
2568 {
2569  DetectEngineCtx *de_ctx = NULL;
2570  if (!suri->disabled_detect) {
2571  SetupDelayedDetect(suri);
2572  int mt_enabled = 0;
2573  (void)SCConfGetBool("multi-detect.enabled", &mt_enabled);
2574  int default_tenant = 0;
2575  if (mt_enabled)
2576  (void)SCConfGetBool("multi-detect.default", &default_tenant);
2577  if (DetectEngineMultiTenantSetup(suri->unix_socket_enabled) == -1) {
2578  FatalError("initializing multi-detect "
2579  "detection engine contexts failed.");
2580  }
2581  if (suri->delayed_detect && suri->run_mode != RUNMODE_CONF_TEST) {
2582  de_ctx = DetectEngineCtxInitStubForDD();
2583  } else if (mt_enabled && !default_tenant && suri->run_mode != RUNMODE_CONF_TEST) {
2584  de_ctx = DetectEngineCtxInitStubForMT();
2585  } else {
2586  de_ctx = DetectEngineCtxInit();
2587  }
2588  if (de_ctx == NULL) {
2589  FatalError("initializing detection engine failed.");
2590  }
2591 
2592  if (de_ctx->type == DETECT_ENGINE_TYPE_NORMAL) {
2593  if (LoadSignatures(de_ctx, suri) != TM_ECODE_OK)
2594  exit(EXIT_FAILURE);
2595  }
2596 
2597  gettimeofday(&de_ctx->last_reload, NULL);
2598  DetectEngineAddToMaster(de_ctx);
2599  DetectEngineBumpVersion();
2600  }
2601 }
2602 
2603 static void PostConfLoadedSetupHostMode(void)
2604 {
2605  const char *hostmode = NULL;
2606 
2607  if (SCConfGet("host-mode", &hostmode) == 1) {
2608  if (!strcmp(hostmode, "router")) {
2609  host_mode = SURI_HOST_IS_ROUTER;
2610  } else if (!strcmp(hostmode, "sniffer-only")) {
2611  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2612  } else {
2613  if (strcmp(hostmode, "auto") != 0) {
2614  WarnInvalidConfEntry("host-mode", "%s", "auto");
2615  }
2616  if (EngineModeIsIPS()) {
2617  host_mode = SURI_HOST_IS_ROUTER;
2618  } else {
2619  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2620  }
2621  }
2622  } else {
2623  if (EngineModeIsIPS()) {
2624  host_mode = SURI_HOST_IS_ROUTER;
2625  SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
2626  "default setting 'router'");
2627  } else {
2628  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2629  SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
2630  "default setting 'sniffer-only'");
2631  }
2632  }
2633 }
2634 
2635 static void SetupUserMode(SCInstance *suri)
2636 {
2637  /* apply 'user mode' config updates here */
2638  if (!suri->system) {
2639  if (!suri->set_logdir) {
2640  /* override log dir to current work dir" */
2641  if (ConfigSetLogDirectory((char *)".") != TM_ECODE_OK) {
2642  FatalError("could not set USER mode logdir");
2643  }
2644  }
2645  if (!suri->set_datadir) {
2646  /* override data dir to current work dir" */
2647  if (ConfigSetDataDirectory((char *)".") != TM_ECODE_OK) {
2648  FatalError("could not set USER mode datadir");
2649  }
2650  }
2651  }
2652 }
2653 
2654 /**
2655  * This function is meant to contain code that needs
2656  * to be run once the configuration has been loaded.
2657  */
2658 int PostConfLoadedSetup(SCInstance *suri)
2659 {
2660  /* load the pattern matchers */
2661  MpmTableSetup();
2662  SpmTableSetup();
2663 
2664  int disable_offloading;
2665  if (SCConfGetBool("capture.disable-offloading", &disable_offloading) == 0)
2666  disable_offloading = 1;
2667  if (disable_offloading) {
2668  LiveSetOffloadDisable();
2669  } else {
2670  LiveSetOffloadWarn();
2671  }
2672 
2673  if (suri->checksum_validation == -1) {
2674  const char *cv = NULL;
2675  if (SCConfGet("capture.checksum-validation", &cv) == 1) {
2676  if (strcmp(cv, "none") == 0) {
2677  suri->checksum_validation = 0;
2678  } else if (strcmp(cv, "all") == 0) {
2679  suri->checksum_validation = 1;
2680  }
2681  }
2682  }
2683  switch (suri->checksum_validation) {
2684  case 0:
2685  SCConfSet("stream.checksum-validation", "0");
2686  break;
2687  case 1:
2688  SCConfSet("stream.checksum-validation", "1");
2689  break;
2690  }
2691 
2692  if (suri->runmode_custom_mode) {
2693  SCConfSet("runmode", suri->runmode_custom_mode);
2694  }
2695 
2696  StorageInit();
2697 #ifdef HAVE_PACKET_EBPF
2698  if (suri->run_mode == RUNMODE_AFP_DEV) {
2699  EBPFRegisterExtension();
2700  LiveDevRegisterExtension();
2701  }
2702 #endif
2703  RegisterFlowBypassInfo();
2704 
2705  MacSetRegisterFlowStorage();
2706  FlowRateRegisterFlowStorage();
2707 
2708  SigTableInit();
2709 
2710 #ifdef HAVE_PLUGINS
2711  SCPluginsLoad(suri->capture_plugin_name, suri->capture_plugin_args);
2712 #endif
2713 
2714  LiveDeviceFinalize(); // must be after EBPF extension registration
2715 
2716  if (RunModeEngineIsIPS(suricata.run_mode, suricata.runmode_custom_mode,
2717  suricata.capture_plugin_name) < 0) {
2718  FatalError("IPS mode setup failed");
2719  }
2720 
2721  if (EngineModeIsUnknown()) { // if still uninitialized, set the default
2722  SCLogInfo("Setting engine mode to IDS mode by default");
2723  EngineModeSetIDS();
2724  }
2725 
2726  SetMasterExceptionPolicy();
2727 
2728  SCConfNode *eps = SCConfGetNode("stats.exception-policy");
2729  if (eps != NULL) {
2730  if (SCConfNodeChildValueIsTrue(eps, "per-app-proto-errors")) {
2731  g_stats_eps_per_app_proto_errors = true;
2732  }
2733  }
2734 
2735  /* Must occur prior to output mod registration
2736  and app layer setup. */
2737  FeatureTrackingRegister();
2738 
2739  AppLayerSetup();
2740 
2741  /* Suricata will use this umask if provided. By default it will use the
2742  umask passed on from the shell. */
2743  const char *custom_umask;
2744  if (SCConfGet("umask", &custom_umask) == 1) {
2745  uint16_t mask;
2746  if (StringParseUint16(&mask, 8, (uint16_t)strlen(custom_umask), custom_umask) > 0) {
2747  umask((mode_t)mask);
2748  }
2749  }
2750 
2751  if (ConfigGetCaptureValue(suri) != TM_ECODE_OK) {
2752  SCReturnInt(TM_ECODE_FAILED);
2753  }
2754 
2755 #ifdef NFQ
2756  if (suri->run_mode == RUNMODE_NFQ)
2757  NFQInitConfig(false);
2758 #endif
2759 
2760  /* Load the Host-OS lookup. */
2761  SCHInfoLoadFromConfig();
2762 
2763  if (suri->run_mode == RUNMODE_ENGINE_ANALYSIS) {
2764  SCLogInfo("== Carrying out Engine Analysis ==");
2765  const char *temp = NULL;
2766  if (SCConfGet("engine-analysis", &temp) == 0) {
2767  SCLogInfo("no engine-analysis parameter(s) defined in conf file. "
2768  "Please define/enable them in the conf to use this "
2769  "feature.");
2770  SCReturnInt(TM_ECODE_FAILED);
2771  }
2772  }
2773 
2774  /* hardcoded initialization code */
2775  SigTableSetup(); /* load the rule keywords */
2776  SigTableApplyStrictCommandLineOption(suri->strict_rule_parsing_string);
2777  TmqhSetup();
2778 
2779  TagInitCtx();
2780  PacketAlertTagInit();
2781  ThresholdInit();
2782  HostBitInitCtx();
2783  IPPairBitInitCtx();
2784 
2785  if (DetectAddressTestConfVars() < 0) {
2786  SCLogError(
2787  "basic address vars test failed. Please check %s for errors", suri->conf_filename);
2788  SCReturnInt(TM_ECODE_FAILED);
2789  }
2790  if (DetectPortTestConfVars() < 0) {
2791  SCLogError("basic port vars test failed. Please check %s for errors", suri->conf_filename);
2792  SCReturnInt(TM_ECODE_FAILED);
2793  }
2794 
2795  RegisterAllModules();
2796  AppLayerHtpNeedFileInspection();
2797 
2798  StorageFinalize();
2799 
2800  TmModuleRunInit();
2801 
2802  if (MayDaemonize(suri) != TM_ECODE_OK)
2803  SCReturnInt(TM_ECODE_FAILED);
2804 
2805  if (InitSignalHandler(suri) != TM_ECODE_OK)
2806  SCReturnInt(TM_ECODE_FAILED);
2807 
2808  /* Check for the existence of the default logging directory which we pick
2809  * from suricata.yaml. If not found, shut the engine down */
2810  suri->log_dir = SCConfigGetLogDirectory();
2811 
2812  if (ConfigCheckLogDirectoryExists(suri->log_dir) != TM_ECODE_OK) {
2813  SCLogError("The logging directory \"%s\" "
2814  "supplied by %s (default-log-dir) doesn't exist. "
2815  "Shutting down the engine",
2816  suri->log_dir, suri->conf_filename);
2817  SCReturnInt(TM_ECODE_FAILED);
2818  }
2819  if (!IsLogDirectoryWritable(suri->log_dir)) {
2820  SCLogError("The logging directory \"%s\" "
2821  "supplied by %s (default-log-dir) is not writable. "
2822  "Shutting down the engine",
2823  suri->log_dir, suri->conf_filename);
2824  SCReturnInt(TM_ECODE_FAILED);
2825  }
2826 
2827  if (suri->disabled_detect) {
2828  SCLogConfig("detection engine disabled");
2829  /* disable raw reassembly */
2830  (void)SCConfSetFinal("stream.reassembly.raw", "false");
2831  }
2832 
2833  HostInitConfig(HOST_VERBOSE);
2834 
2835  CoredumpLoadConfig();
2836 
2837  DecodeGlobalConfig();
2838 
2839  /* hostmode depends on engine mode being set */
2840  PostConfLoadedSetupHostMode();
2841 
2842  PreRunInit(suri->run_mode);
2843 
2844  SCReturnInt(TM_ECODE_OK);
2845 }
2846 
2847 void SuricataMainLoop(void)
2848 {
2849  SCInstance *suri = &suricata;
2850  while(1) {
2851  if (sigterm_count || sigint_count) {
2852  suricata_ctl_flags |= SURICATA_STOP;
2853  }
2854 
2855  if (suricata_ctl_flags & SURICATA_STOP) {
2856  SCLogNotice("Signal Received. Stopping engine.");
2857  break;
2858  }
2859 
2860  TmThreadCheckThreadState();
2861 
2862  if (sighup_count > 0) {
2863  OutputNotifyFileRotation();
2864  sighup_count--;
2865  }
2866 
2867  if (sigusr2_count > 0) {
2868  if (!(DetectEngineReloadIsStart())) {
2869  DetectEngineReloadStart();
2870  DetectEngineReload(suri);
2871  DetectEngineReloadSetIdle();
2872  sigusr2_count--;
2873  }
2874 
2875  } else if (DetectEngineReloadIsStart()) {
2876  DetectEngineReload(suri);
2877  DetectEngineReloadSetIdle();
2878  }
2879 
2880  usleep(10* 1000);
2881  }
2882 }
2883 
2884 /**
2885  * \brief Global initialization common to all runmodes.
2886  *
2887  * This can be used by fuzz targets.
2888  */
2889 
2890 int InitGlobal(void)
2891 {
2892  SCRustInit(&suricata_context);
2893 
2894  SC_ATOMIC_INIT(engine_stage);
2895 
2896  /* initialize the logging subsys */
2897  SCLogInitLogModule(NULL);
2898 
2899  SCSetThreadName("Suricata-Main");
2900 
2901  /* Ignore SIGUSR2 as early as possible. We redeclare interest
2902  * once we're done launching threads. The goal is to either die
2903  * completely or handle any and all SIGUSR2s correctly.
2904  */
2905 #ifndef OS_WIN32
2906  UtilSignalHandlerSetup(SIGUSR2, SIG_IGN);
2907  if (UtilSignalBlock(SIGUSR2)) {
2908  SCLogError("SIGUSR2 initialization error");
2909  return EXIT_FAILURE;
2910  }
2911 #endif
2912 
2913  ParseSizeInit();
2914  RunModeRegisterRunModes();
2915 
2916  /* Initialize the configuration module. */
2917  SCConfInit();
2918  DatalinkTableInit();
2919 
2920  VarNameStoreInit();
2921 
2922  // zero all module storage
2923  memset(tmm_modules, 0, TMM_SIZE * sizeof(TmModule));
2924 
2925  return 0;
2926 }
2927 
2928 void SuricataPreInit(const char *progname)
2929 {
2930  SCInstanceInit(&suricata, progname);
2931 
2932  if (InitGlobal() != 0) {
2933  exit(EXIT_FAILURE);
2934  }
2935 }
2936 
2937 void SuricataInit(void)
2938 {
2939  /* Initializations for global vars, queues, etc (memsets, mutex init..) */
2940  GlobalsInitPreConfig();
2941 
2942  if (suricata.run_mode == RUNMODE_DUMP_CONFIG) {
2943  SCConfDump();
2944  exit(EXIT_SUCCESS);
2945  }
2946 
2947  int tracking = 1;
2948  if (SCConfGetBool("vlan.use-for-tracking", &tracking) == 1 && !tracking) {
2949  /* Ignore vlan_ids when comparing flows. */
2950  g_vlan_mask = 0x0000;
2951  }
2952  SCLogDebug("vlan tracking is %s", tracking == 1 ? "enabled" : "disabled");
2953  if (SCConfGetBool("livedev.use-for-tracking", &tracking) == 1 && !tracking) {
2954  /* Ignore livedev id when comparing flows. */
2955  g_livedev_mask = 0x0000;
2956  }
2957  if (SCConfGetBool("decoder.recursion-level.use-for-tracking", &tracking) == 1 && !tracking) {
2958  /* Ignore recursion level when comparing flows. */
2959  g_recurlvl_mask = 0x00;
2960  }
2961  SetupUserMode(&suricata);
2962  InitRunAs(&suricata);
2963 
2964  /* Since our config is now loaded we can finish configurating the
2965  * logging module. */
2966  SCLogLoadConfig(suricata.daemon, suricata.verbose, suricata.userid, suricata.groupid);
2967 
2968  LogVersion(&suricata);
2969  UtilCpuPrintSummary();
2970  RunModeInitializeThreadSettings();
2971 
2972  if (suricata.run_mode == RUNMODE_CONF_TEST)
2973  SCLogInfo("Running suricata under test mode");
2974 
2975  if (ParseInterfacesList(suricata.aux_run_mode, suricata.pcap_dev) != TM_ECODE_OK) {
2976  exit(EXIT_FAILURE);
2977  }
2978 
2979  if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) {
2980  exit(EXIT_FAILURE);
2981  }
2982 
2983  SCDropMainThreadCaps(suricata.userid, suricata.groupid);
2984 
2985  /* Re-enable coredumps after privileges are dropped. */
2986  CoredumpEnable();
2987 
2988  if (suricata.run_mode != RUNMODE_UNIX_SOCKET && !suricata.disabled_detect) {
2989  suricata.unix_socket_enabled = ConfUnixSocketIsEnable();
2990  }
2991 
2992  PreRunPostPrivsDropInit(suricata.run_mode);
2993 
2994  LandlockSandboxing(&suricata);
2995 
2996  PostConfLoadedDetectSetup(&suricata);
2997  if (suricata.run_mode == RUNMODE_ENGINE_ANALYSIS) {
2998  goto out;
2999  } else if (suricata.run_mode == RUNMODE_CONF_TEST){
3000  SCLogNotice("Configuration provided was successfully loaded. Exiting.");
3001  goto out;
3002  } else if (suricata.run_mode == RUNMODE_DUMP_FEATURES) {
3003  FeatureDump();
3004  goto out;
3005  }
3006 
3007  if (suricata.run_mode == RUNMODE_DPDK)
3008  prerun_snap = SystemHugepageSnapshotCreate();
3009 
3010  SCSetStartTime(&suricata);
3011  if (suricata.run_mode != RUNMODE_UNIX_SOCKET) {
3012  UnixManagerThreadSpawnNonRunmode(suricata.unix_socket_enabled);
3013  }
3014  RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode, suricata.capture_plugin_name,
3015  suricata.capture_plugin_args);
3016  return;
3017 
3018 out:
3019  GlobalsDestroy();
3020  exit(EXIT_SUCCESS);
3021 }
3022 
3023 void SuricataShutdown(void)
3024 {
3025  /* Update the engine stage/status flag */
3026  SC_ATOMIC_SET(engine_stage, SURICATA_DEINIT);
3027 
3028  UnixSocketKillSocketThread();
3029  PostRunDeinit(suricata.run_mode, &suricata.start_time);
3030  /* kill remaining threads */
3031  TmThreadKillThreads();
3032 }
3033 
3034 void SuricataPostInit(void)
3035 {
3036  /* Wait till all the threads have been initialized */
3037  if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) {
3038  SystemHugepageSnapshotDestroy(prerun_snap);
3039  FatalError("Engine initialization failed, "
3040  "aborting...");
3041  }
3042 
3043  int limit_nproc = 0;
3044  if (SCConfGetBool("security.limit-noproc", &limit_nproc) == 0) {
3045  limit_nproc = 0;
3046  }
3047 
3048 #if defined(SC_ADDRESS_SANITIZER)
3049  if (limit_nproc) {
3050  SCLogWarning(
3051  "\"security.limit-noproc\" (setrlimit()) not set when using address sanitizer");
3052  limit_nproc = 0;
3053  }
3054 #endif
3055 
3056  if (limit_nproc) {
3057 #if defined(HAVE_SYS_RESOURCE_H)
3058 #ifdef linux
3059  if (geteuid() == 0) {
3060  SCLogWarning("setrlimit has no effect when running as root.");
3061  }
3062 #endif
3063  struct rlimit r = { 0, 0 };
3064  if (setrlimit(RLIMIT_NPROC, &r) != 0) {
3065  SCLogWarning("setrlimit failed to prevent process creation.");
3066  }
3067 #else
3068  SCLogWarning("setrlimit unavailable.");
3069 #endif
3070  }
3071 
3072  SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
3073  PacketPoolPostRunmodes();
3074 
3075  /* Un-pause all the paused threads */
3076  TmThreadContinueThreads();
3077 
3078  /* Must ensure all threads are fully operational before continuing with init process */
3079  if (TmThreadWaitOnThreadRunning() != TM_ECODE_OK) {
3080  SystemHugepageSnapshotDestroy(prerun_snap);
3081  exit(EXIT_FAILURE);
3082  }
3083 
3084  /* Print notice and send OS specific notification of threads in running state */
3085  OnNotifyRunning();
3086 
3087  PostRunStartedDetectSetup(&suricata);
3088  if (suricata.run_mode == RUNMODE_DPDK) { // only DPDK uses hpages at the moment
3089  SystemHugepageSnapshot *postrun_snap = SystemHugepageSnapshotCreate();
3090  SystemHugepageEvaluateHugepages(prerun_snap, postrun_snap);
3091  SystemHugepageSnapshotDestroy(prerun_snap);
3092  SystemHugepageSnapshotDestroy(postrun_snap);
3093  }
3094  SCPledge();
3095 }
RUNMODE_LIST_APP_LAYERS
@ RUNMODE_LIST_APP_LAYERS
Definition: runmodes.h:47
SCRunMode
enum SCRunModes SCRunMode
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:56
util-device-private.h
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1129
util-byte.h
TmModuleUnixManagerRegister
void TmModuleUnixManagerRegister(void)
Definition: unix-manager.c:1289
StatsReleaseResources
void StatsReleaseResources(void)
Releases the resources allotted by the Stats API.
Definition: counters.c:1263
source-nflog.h
TagInitCtx
void TagInitCtx(void)
Definition: detect-engine-tag.c:52
TmModuleReceiveIPFWRegister
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
Definition: source-ipfw.c:150
flow-bypass.h
len
uint8_t len
Definition: app-layer-dnp3.h:2
SuricataMainLoop
void SuricataMainLoop(void)
Definition: suricata.c:2847
ExceptionSimulationCommandLineParser
int ExceptionSimulationCommandLineParser(const char *name, const char *arg)
Definition: util-exception-policy.c:384
SCInstance_::run_mode
enum SCRunModes run_mode
Definition: suricata.h:129
ippair.h
g_livedev_mask
uint16_t g_livedev_mask
Definition: suricata.c:205
SCInstance_::firewall_rule_file
char * firewall_rule_file
Definition: suricata.h:137
RUNMODE_AFXDP_DEV
@ RUNMODE_AFXDP_DEV
Definition: runmodes.h:37
app-layer-htp-range.h
AppLayerHtpNeedFileInspection
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
Definition: app-layer-htp.c:574
detect-engine.h
source-pcap.h
SCInstance_::groupid
uint32_t groupid
Definition: suricata.h:149
g_system
bool g_system
Definition: suricata.c:190
win32-syscall.h
SCInstance_::aux_run_mode
enum SCRunModes aux_run_mode
Definition: suricata.h:130
SCInstance_::daemon
int daemon
Definition: suricata.h:158
IPPairInitConfig
void IPPairInitConfig(bool quiet)
initialize the configuration
Definition: ippair.c:162
SCLogInitLogModule
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
Definition: util-debug.c:1390
SLL_HEADER_LEN
#define SLL_HEADER_LEN
Definition: decode-sll.h:27
SCInstance_::checksum_validation
int checksum_validation
Definition: suricata.h:161
SURI_HOST_IS_SNIFFER_ONLY
@ SURI_HOST_IS_SNIFFER_ONLY
Definition: suricata.h:120
LiveDeviceListClean
int LiveDeviceListClean(void)
Definition: util-device.c:319
SCInstance_::do_setuid
bool do_setuid
Definition: suricata.h:145
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:4604
StorageInit
void StorageInit(void)
Definition: util-storage.c:70
SCInstance_::start_time
struct timeval start_time
Definition: suricata.h:164
IsRunModeOffline
bool IsRunModeOffline(enum SCRunModes run_mode_to_check)
Definition: runmodes.c:551
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
prerun_snap
SystemHugepageSnapshot * prerun_snap
Definition: suricata.c:216
TmThreadContinueThreads
void TmThreadContinueThreads(void)
Unpauses all threads present in tv_root.
Definition: tm-threads.c:1950
RUNMODE_NFLOG
@ RUNMODE_NFLOG
Definition: runmodes.h:32
source-pcap-file.h
SCInstance_::do_setgid
bool do_setgid
Definition: suricata.h:146
CLS
#define CLS
Definition: suricata-common.h:69
stream-tcp.h
DetectEngineCtx_::type
enum DetectEngineType type
Definition: detect.h:1040
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:375
runmode-af-packet.h
SCInstance_::group_name
const char * group_name
Definition: suricata.h:144
DetectEngineCtx_::firewall_rule_file_exclusive
const char * firewall_rule_file_exclusive
Definition: detect.h:1131
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
runmode-unittests.h
RUNMODE_UNKNOWN
@ RUNMODE_UNKNOWN
Definition: runmodes.h:28
TmqhSetup
void TmqhSetup(void)
Definition: tm-queuehandlers.c:39
SCConfGetRootNode
SCConfNode * SCConfGetRootNode(void)
Get the root configuration node.
Definition: conf.c:222
DetectEngineCtxInitStubForDD
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
Definition: detect-engine.c:2580
LiveDevRegisterExtension
void LiveDevRegisterExtension(void)
Definition: util-device.c:470
OutputTxShutdown
void OutputTxShutdown(void)
Definition: output-tx.c:659
THV_FLOW_LOOP
#define THV_FLOW_LOOP
Definition: threadvars.h:48
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:270
AppLayerHtpPrintStats
void AppLayerHtpPrintStats(void)
Definition: app-layer-htp.c:2424
util-hugepages.h
StatsSetupPostConfigPreOutput
void StatsSetupPostConfigPreOutput(void)
Definition: counters.c:886
SCInstance_::runmode_custom_mode
char * runmode_custom_mode
Definition: suricata.h:141
util-coredump-config.h
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:522
TmModuleReceiveNFQRegister
void TmModuleReceiveNFQRegister(void)
Definition: source-nfq.c:169
LiveBuildDeviceList
int LiveBuildDeviceList(const char *runmode)
Definition: util-device.c:279
RunModeShutDown
void RunModeShutDown(void)
Definition: runmodes.c:569
SuricataInit
void SuricataInit(void)
Definition: suricata.c:2937
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:83
SCProtoNameInit
void SCProtoNameInit(void)
Definition: util-proto-name.c:417
SuricataPostInit
void SuricataPostInit(void)
Definition: suricata.c:3034
ippair-bit.h
RunModeDispatch
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
Definition: runmodes.c:399
util-macset.h
sigint_count
volatile sig_atomic_t sigint_count
Definition: suricata.c:155
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
RUNMODE_NFQ
@ RUNMODE_NFQ
Definition: runmodes.h:31
TmModuleRunDeInit
void TmModuleRunDeInit(void)
Definition: tm-modules.c:119
TmThreadsUnsealThreads
void TmThreadsUnsealThreads(void)
Definition: tm-threads.c:2141
RegisterFlowBypassInfo
void RegisterFlowBypassInfo(void)
Definition: flow-util.c:240
SCSetThreadName
#define SCSetThreadName(n)
Definition: threads.h:303
SCConfYamlHandleInclude
int SCConfYamlHandleInclude(SCConfNode *parent, const char *filename)
Include a file in the configuration.
Definition: conf-yaml-loader.c:115
sc_set_caps
bool sc_set_caps
Definition: suricata.c:188
SCLogDeInitLogModule
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
Definition: util-debug.c:1594
LiveDevice_
Definition: util-device-private.h:32
util-pidfile.h
TmModuleDecodeErfFileRegister
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
Definition: source-erf-file.c:98
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:919
StringParseUint16
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:337
SigTableInit
void SigTableInit(void)
Definition: detect-engine-register.c:510
DetectEngineReloadSetIdle
void DetectEngineReloadSetIdle(void)
Definition: detect-engine.c:1901
SCInstance_::userid
uint32_t userid
Definition: suricata.h:148
source-windivert-prototypes.h
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:350
DetectEngineGetCurrent
DetectEngineCtx * DetectEngineGetCurrent(void)
Definition: detect-engine.c:3813
EngineModeIsUnknown
int EngineModeIsUnknown(void)
Definition: suricata.c:229
VarNameStoreInit
void VarNameStoreInit(void)
TmModuleFlowRecyclerRegister
void TmModuleFlowRecyclerRegister(void)
Definition: flow-manager.c:1302
g_skip_prefilter
int g_skip_prefilter
Definition: detect-engine-mpm.c:1075
SCConfNodeChildValueIsTrue
int SCConfNodeChildValueIsTrue(const SCConfNode *node, const char *key)
Test if a configuration node has a true value.
Definition: conf.c:868
Daemonize
void Daemonize(void)
Daemonize the process.
Definition: util-daemon.c:101
UtilSignalHandlerSetup
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
Definition: util-signal.c:60
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
TmModuleDecodeAFPRegister
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
Definition: source-af-packet.c:599
TmModuleDecodeWinDivertRegister
void TmModuleDecodeWinDivertRegister(void)
Definition: source-windivert.c:74
SURICATA_STOP
#define SURICATA_STOP
Definition: suricata.h:94
DetectEngineAddToMaster
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4628
SCConfGetChildValueBool
int SCConfGetChildValueBool(const SCConfNode *base, const char *name, int *val)
Definition: conf.c:515
TmModuleStatsLoggerRegister
void TmModuleStatsLoggerRegister(void)
Definition: output-stats.c:169
RegisterAllModules
void RegisterAllModules(void)
Definition: suricata.c:900
ENGINE_MODE_IPS
@ ENGINE_MODE_IPS
Definition: suricata.h:109
DetectEngineMultiTenantSetup
int DetectEngineMultiTenantSetup(const bool unix_socket)
setup multi-detect / multi-tenancy
Definition: detect-engine.c:4265
flow-bit.h
SupportFastPatternForSigMatchTypes
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
Definition: detect-fast-pattern.c:142
util-var-name.h
suricata_context
const SuricataContext suricata_context
Definition: rust-context.c:26
SCParseCommandLine
TmEcode SCParseCommandLine(int argc, char **argv)
Definition: suricata.c:1322
SCPledge
#define SCPledge(...)
Definition: util-privs.h:99
CheckValidDaemonModes
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
Definition: util-daemon.c:177
SCGetGroupID
void SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
Definition: util-privs.c:210
SCConfGetBool
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:497
unittests_fatal
int unittests_fatal
Definition: util-unittest.c:52
TmThreadDisableReceiveThreads
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
Definition: tm-threads.c:1369
StatsInit
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
Definition: counters.c:876
util-privs.h
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:2232
SURICATA_DONE
#define SURICATA_DONE
Definition: suricata.h:96
MacSetRegisterFlowStorage
void MacSetRegisterFlowStorage(void)
Definition: util-macset.c:62
SuricataShutdown
void SuricataShutdown(void)
Definition: suricata.c:3023
SCInstance_::conf_filename
const char * conf_filename
Definition: suricata.h:168
GetIfaceMTU
int GetIfaceMTU(const char *dev)
output the link MTU
Definition: util-ioctl.c:82
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:364
TmModuleReceiveNetmapRegister
void TmModuleReceiveNetmapRegister(void)
Definition: source-netmap.c:75
PacketPoolPostRunmodes
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
Definition: tmqh-packetpool.c:459
NFQInitConfig
void NFQInitConfig(bool quiet)
To initialize the NFQ global configuration data.
Definition: source-nfq.c:206
TmModuleReceiveWinDivertRegister
void TmModuleReceiveWinDivertRegister(void)
Definition: source-windivert.c:61
SystemHugepageSnapshot
Definition: util-hugepages.h:44
TVT_MGMT
@ TVT_MGMT
Definition: tm-threads-common.h:89
REVISION
#define REVISION
Definition: suricata-common.h:61
HOST_VERBOSE
#define HOST_VERBOSE
Definition: host.h:92
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:82
SCProfilingDestroy
void SCProfilingDestroy(void)
Free resources used by profiling.
Definition: util-profiling.c:276
AFPPeersListClean
void AFPPeersListClean(void)
Clean the global peers list.
Definition: source-af-packet.c:581
RunModeInitializeOutputs
void RunModeInitializeOutputs(void)
Definition: runmodes.c:759
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1106
SCThresholdConfGlobalInit
void SCThresholdConfGlobalInit(void)
Definition: util-threshold-config.c:102
DecodeUnregisterCounters
void DecodeUnregisterCounters(void)
Definition: decode.c:576
SCInstance_::capture_plugin_name
const char * capture_plugin_name
Definition: suricata.h:172
SCConfYamlLoadFile
int SCConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
Definition: conf-yaml-loader.c:477
HostBitInitCtx
void HostBitInitCtx(void)
Definition: host-bit.c:49
EngineMode
EngineMode
Definition: suricata.h:106
SURICATA_DEINIT
@ SURICATA_DEINIT
Definition: suricata.h:102
SCInstance_::set_datadir
bool set_datadir
Definition: suricata.h:153
tmqh-packetpool.h
IsRunModeSystem
bool IsRunModeSystem(enum SCRunModes run_mode_to_check)
Definition: runmodes.c:538
g_ut_covered
int g_ut_covered
Definition: suricata.c:898
SCInstance_::capture_plugin_args
const char * capture_plugin_args
Definition: suricata.h:173
g_recurlvl_mask
uint8_t g_recurlvl_mask
Definition: suricata.c:209
TmModuleLoggerRegister
void TmModuleLoggerRegister(void)
Definition: output.c:860
host_mode
uint8_t host_mode
Definition: suricata.c:179
FeatureDump
void FeatureDump(void)
Definition: feature.c:144
PacketPoolInit
void PacketPoolInit(void)
Definition: tmqh-packetpool.c:244
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:81
AppLayerDeSetup
int AppLayerDeSetup(void)
De initializes the app layer.
Definition: app-layer.c:1094
RUNMODE_LIST_APP_LAYER_HOOKS
@ RUNMODE_LIST_APP_LAYER_HOOKS
Definition: runmodes.h:48
RUNMODE_UNIX_SOCKET
@ RUNMODE_UNIX_SOCKET
Definition: runmodes.h:42
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
PcapTranslateIPToDevice
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
Definition: source-pcap.c:656
FlowDisableFlowRecyclerThread
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
Definition: flow-manager.c:1230
SCRunmodeSet
void SCRunmodeSet(SCRunMode run_mode)
Set the current run mode.
Definition: suricata.c:271
ParseSizeInit
void ParseSizeInit(void)
Definition: util-misc.c:35
TmModuleDecodePcapFileRegister
void TmModuleDecodePcapFileRegister(void)
Definition: source-pcap-file.c:129
TmModuleBypassedFlowManagerRegister
void TmModuleBypassedFlowManagerRegister(void)
Definition: flow-bypass.c:218
IPPairShutdown
void IPPairShutdown(void)
shutdown the flow engine
Definition: ippair.c:290
source-erf-dag.h
THV_RUNNING_DONE
#define THV_RUNNING_DONE
Definition: threadvars.h:46
SCConfInit
void SCConfInit(void)
Initialize the configuration system.
Definition: conf.c:120
util-signal.h
DetectParseFreeRegexes
void DetectParseFreeRegexes(void)
Definition: detect-parse.c:3412
SCConfDump
void SCConfDump(void)
Dump configuration to stdout.
Definition: conf.c:761
TmModuleDecodeNFLOGRegister
void TmModuleDecodeNFLOGRegister(void)
Definition: source-nflog.c:55
NFQParseAndRegisterQueues
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
Definition: source-nfq.c:879
RUNMODE_NETMAP
@ RUNMODE_NETMAP
Definition: runmodes.h:38
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:546
AppLayerSetup
int AppLayerSetup(void)
Setup the app layer.
Definition: app-layer.c:1077
FeatureTrackingRegister
void FeatureTrackingRegister(void)
Definition: feature.c:152
TmModuleReceiveDPDKRegister
void TmModuleReceiveDPDKRegister(void)
Definition: source-dpdk.c:51
UnixManagerThreadSpawnNonRunmode
void UnixManagerThreadSpawnNonRunmode(const bool unix_socket_enabled)
Definition: unix-manager.c:1283
RunModeInitializeThreadSettings
void RunModeInitializeThreadSettings(void)
Definition: runmodes.c:944
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition: stream-tcp.c:488
ENGINE_MODE_UNKNOWN
@ ENGINE_MODE_UNKNOWN
Definition: suricata.h:107
app-layer-htp.h
util-flow-rate.h
datasets.h
GetIfaceMaxPacketSize
int GetIfaceMaxPacketSize(LiveDevice *ld)
output max packet size for a link
Definition: util-ioctl.c:121
SCRunmodeGet
SCRunMode SCRunmodeGet(void)
Get the current run mode.
Definition: suricata.c:266
TmModuleDecodeNetmapRegister
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
Definition: source-netmap.c:85
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2261
feature.h
decode.h
SigTableCleanup
void SigTableCleanup(void)
Definition: detect-engine-register.c:470
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4688
sigterm_count
volatile sig_atomic_t sigterm_count
Definition: suricata.c:157
source-nfq.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
TmThreadWaitOnThreadInit
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
Definition: tm-threads.c:1989
TmModuleVerdictNFQRegister
void TmModuleVerdictNFQRegister(void)
Definition: source-nfq.c:184
AppLayerRegisterGlobalCounters
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
Definition: app-layer.c:1158
RunModeListRunmodes
void RunModeListRunmodes(void)
Lists all registered runmodes.
Definition: runmodes.c:247
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
util-cpu.h
suricata
SCInstance suricata
Definition: suricata.c:222
SCInstance_::unix_socket_enabled
bool unix_socket_enabled
Definition: suricata.h:154
LiveSetOffloadDisable
void LiveSetOffloadDisable(void)
Definition: util-device.c:76
StatsSetupPostConfigPostOutput
void StatsSetupPostConfigPostOutput(void)
Definition: counters.c:891
EngineModeSetIDS
void EngineModeSetIDS(void)
Definition: suricata.c:251
RUNMODE_LIST_KEYWORDS
@ RUNMODE_LIST_KEYWORDS
Definition: runmodes.h:46
SpmTableSetup
void SpmTableSetup(void)
Definition: util-spm.c:122
TmModuleReceiveAFPRegister
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
Definition: source-af-packet.c:381
RUNMODE_UNITTEST
@ RUNMODE_UNITTEST
Definition: runmodes.h:41
LiveBuildDeviceListCustom
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
Definition: util-device.c:284
util-exception-policy.h
LiveGetDevice
LiveDevice * LiveGetDevice(const char *name)
Get a pointer to the device at idx.
Definition: util-device.c:253
UnixSocketKillSocketThread
void UnixSocketKillSocketThread(void)
Definition: unix-manager.c:1279
TmModuleVerdictIPFWRegister
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
Definition: source-ipfw.c:171
flow-worker.h
SCConfGetInt
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:414
g_stats_eps_per_app_proto_errors
bool g_stats_eps_per_app_proto_errors
Definition: suricata.c:219
HttpRangeContainersInit
void HttpRangeContainersInit(void)
Definition: app-layer-htp-range.c:171
util-reference-config.h
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:1086
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:156
TmModuleVerdictWinDivertRegister
void TmModuleVerdictWinDivertRegister(void)
Definition: source-windivert.c:68
DetectEngineCtx_::failure_fatal
bool failure_fatal
Definition: detect.h:920
SCInstance_::progname
const char * progname
Definition: suricata.h:167
HostCleanup
void HostCleanup(void)
Cleanup the host engine.
Definition: host.c:332
SCEnter
#define SCEnter(...)
Definition: util-debug.h:272
FlowDisableFlowManagerThread
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
Definition: flow-manager.c:132
RUNMODE_DAG
@ RUNMODE_DAG
Definition: runmodes.h:35
util-ebpf.h
SCInstance_::pcap_dev
char pcap_dev[128]
Definition: suricata.h:132
detect.h
UtilSignalUnblock
int UtilSignalUnblock(int signum)
Definition: util-signal.c:46
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3780
TmThreadClearThreadsFamily
void TmThreadClearThreadsFamily(int family)
Definition: tm-threads.c:1659
THV_KILL
#define THV_KILL
Definition: threadvars.h:40
THV_REQ_FLOW_LOOP
#define THV_REQ_FLOW_LOOP
Definition: threadvars.h:47
FlowRateRegisterFlowStorage
void FlowRateRegisterFlowStorage(void)
Definition: util-flow-rate.c:60
TmModuleRunInit
void TmModuleRunInit(void)
Definition: tm-modules.c:104
detect-engine-port.h
EngineModeSetIPS
void EngineModeSetIPS(void)
Definition: suricata.c:246
SCInstance_::user_name
const char * user_name
Definition: suricata.h:143
HTPAtExitPrintStats
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
Definition: app-layer-htp.c:1579
util-time.h
UtilSignalBlock
int UtilSignalBlock(int signum)
Definition: util-signal.c:29
SCProfilingPrefilterGlobalInit
void SCProfilingPrefilterGlobalInit(void)
Definition: util-profiling-prefilter.c:61
ThresholdDestroy
void ThresholdDestroy(void)
Definition: detect-engine-threshold.c:71
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:250
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2658
GetProgramVersion
const char * GetProgramVersion(void)
get string with program version
Definition: suricata.c:1139
engine_analysis
int engine_analysis
app-layer-parser.h
TmModuleReceivePcapFileRegister
void TmModuleReceivePcapFileRegister(void)
Definition: source-pcap-file.c:116
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:317
runmode-netmap.h
CoredumpLoadConfig
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
Definition: util-coredump-config.c:90
detect-engine-tag.h
IPFWRegisterQueue
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
Definition: source-ipfw.c:698
xstr
#define xstr(s)
Definition: suricata-common.h:307
util-profiling.h
ListAppLayerHooks
int ListAppLayerHooks(const char *conf_filename)
Definition: util-running-modes.c:69
ListAppLayerProtocols
int ListAppLayerProtocols(const char *conf_filename)
Definition: util-running-modes.c:45
SCInstance_::offline
int offline
Definition: suricata.h:159
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:755
UtilCpuPrintSummary
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
Definition: util-cpu.c:140
profiling_packets_enabled
int profiling_packets_enabled
Definition: util-profiling.c:94
SystemDNotifyReady
int SystemDNotifyReady(void)
TmThreadKillThreads
void TmThreadKillThreads(void)
Definition: tm-threads.c:1587
OutputDeregisterAll
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
Definition: output.c:636
source-pcap-file-helper.h
PostConfLoadedDetectSetup
void PostConfLoadedDetectSetup(SCInstance *suri)
Definition: suricata.c:2567
EngineModeIsIDS
int EngineModeIsIDS(void)
Definition: suricata.c:240
RUNMODE_PLUGIN
@ RUNMODE_PLUGIN
Definition: runmodes.h:44
util-systemd.h
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:29
conf-yaml-loader.h
decode-sll.h
SCConfigGetLogDirectory
const char * SCConfigGetLogDirectory(void)
Definition: util-conf.c:38
coverage_unittests
int coverage_unittests
Definition: suricata.c:896
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:833
detect-engine-alert.h
conf.h
util-landlock.h
source-ipfw.h
TMM_SIZE
@ TMM_SIZE
Definition: tm-threads-common.h:76
source-netmap.h
OutputNotifyFileRotation
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
Definition: output.c:713
RUNMODE_WINDIVERT
@ RUNMODE_WINDIVERT
Definition: runmodes.h:43
StorageFinalize
int StorageFinalize(void)
Definition: util-storage.c:140
VarNameStoreDestroy
void VarNameStoreDestroy(void)
Definition: util-var-name.c:116
SCInstance_::verbose
int verbose
Definition: suricata.h:160
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:101
source-lib.h
TmEcode
TmEcode
Definition: tm-threads-common.h:80
source-windivert.h
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:797
name
const char * name
Definition: tm-threads.c:2123
max_pending_packets
uint32_t max_pending_packets
Definition: suricata.c:182
util-plugin.h
SCInstance_::additional_configs
const char ** additional_configs
Definition: suricata.h:169
flow-timeout.h
DEFAULT_PID_FILENAME
#define DEFAULT_PID_FILENAME
Definition: suricata.h:88
RUNMODE_AFP_DEV
@ RUNMODE_AFP_DEV
Definition: runmodes.h:36
sighup_count
volatile sig_atomic_t sighup_count
Definition: suricata.c:156
ConfigSetDataDirectory
TmEcode ConfigSetDataDirectory(char *name)
Definition: util-conf.c:66
TmModuleDecodeErfDagRegister
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
Definition: source-erf-dag.c:151
SCInstance_::set_logdir
bool set_logdir
Definition: suricata.h:152
SCDropMainThreadCaps
#define SCDropMainThreadCaps(...)
Definition: util-privs.h:90
TmModuleDebugList
void TmModuleDebugList(void)
Definition: tm-modules.c:31
TmModuleDecodeNFQRegister
void TmModuleDecodeNFQRegister(void)
Definition: source-nfq.c:192
util-proto-name.h
STREAM_VERBOSE
#define STREAM_VERBOSE
Definition: stream-tcp.h:35
defrag.h
SCProtoNameRelease
void SCProtoNameRelease(void)
Definition: util-proto-name.c:438
MpmTableSetup
void MpmTableSetup(void)
Definition: util-mpm.c:224
SCInstance_::log_dir
const char * log_dir
Definition: suricata.h:166
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:257
source-nfq-prototypes.h
SCPluginsLoad
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args)
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:225
TmModuleReceiveNFLOGRegister
void TmModuleReceiveNFLOGRegister(void)
Definition: source-nflog.c:49
DEFAULT_PACKET_SIZE
#define DEFAULT_PACKET_SIZE
Definition: decode.h:690
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:35
TmThreadDisablePacketThreads
void TmThreadDisablePacketThreads(const uint16_t set, const uint16_t check)
Disable all packet threads.
Definition: tm-threads.c:1507
util-host-os-info.h
TmModuleReceiveErfFileRegister
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-file.c:80
SCConfSetFromString
int SCConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
Definition: conf.c:264
RUNMODE_PRINT_USAGE
@ RUNMODE_PRINT_USAGE
Definition: runmodes.h:52
SCConfSetFinal
int SCConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:318
TmModule_
Definition: tm-modules.h:43
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
TmModuleDecodeAFXDPRegister
void TmModuleDecodeAFXDPRegister(void)
Registration Function for DecodeAFXDP.
Definition: source-af-xdp.c:91
default_packet_size
uint32_t default_packet_size
Definition: decode.c:77
tm-queuehandlers.h
SURI_HOST_IS_ROUTER
@ SURI_HOST_IS_ROUTER
Definition: suricata.h:121
SigTableApplyStrictCommandLineOption
void SigTableApplyStrictCommandLineOption(const char *str)
Definition: detect-parse.c:344
DETECT_ENGINE_TYPE_NORMAL
@ DETECT_ENGINE_TYPE_NORMAL
Definition: detect.h:891
PROG_NAME
#define PROG_NAME
Definition: suricata.h:75
TmThreadKillThreadsFamily
void TmThreadKillThreadsFamily(int family)
Definition: tm-threads.c:1558
detect-fast-pattern.h
FeatureTrackingRelease
void FeatureTrackingRelease(void)
Definition: feature.c:136
TmqhCleanup
void TmqhCleanup(void)
Clean up registration time allocs.
Definition: tm-queuehandlers.c:49
util-dpdk.h
util-conf.h
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition: stream-tcp.c:859
source-dpdk.h
flow-manager.h
DecodeGlobalConfig
void DecodeGlobalConfig(void)
Definition: decode.c:1014
SCInstance_::strict_rule_parsing_string
char * strict_rule_parsing_string
Definition: suricata.h:170
SuriHasSigFile
int SuriHasSigFile(void)
Definition: suricata.c:224
suricata-common.h
DetectEngineCtxInitStubForMT
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
Definition: detect-engine.c:2575
util-path.h
util-daemon.h
LiveGetDeviceName
const char * LiveGetDeviceName(int number)
Get a pointer to the device name at idx.
Definition: util-device.c:189
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:690
SCHInfoLoadFromConfig
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
Definition: util-host-os-info.c:281
DetectEngineBumpVersion
void DetectEngineBumpVersion(void)
Definition: detect-engine.c:3804
source-af-xdp.h
TmModuleFlowManagerRegister
void TmModuleFlowManagerRegister(void)
Definition: flow-manager.c:1288
SCStartInternalRunMode
int SCStartInternalRunMode(int argc, char **argv)
Definition: suricata.c:2331
SCPidfileTestRunning
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
Definition: util-pidfile.c:105
HostShutdown
void HostShutdown(void)
shutdown the flow engine
Definition: host.c:296
DOC_URL
#define DOC_URL
Definition: suricata.h:90
SCFstatFn
#define SCFstatFn(fd, statbuf)
Definition: util-path.h:34
output-filestore.h
LiveSetOffloadWarn
void LiveSetOffloadWarn(void)
Definition: util-device.c:81
ParseSizeDeinit
void ParseSizeDeinit(void)
Definition: util-misc.c:54
TVT_PPT
@ TVT_PPT
Definition: tm-threads-common.h:88
util-classification-config.h
SCConfDeInit
void SCConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:703
RunModeRegisterRunModes
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
Definition: runmodes.c:221
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(...)
Definition: util-debug.h:503
SCProfilingDump
void SCProfilingDump(void)
Definition: util-profiling.c:311
TmModuleReceiveAFXDPRegister
void TmModuleReceiveAFXDPRegister(void)
Definition: source-af-xdp.c:77
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:452
SCInstance_::sig_file
char * sig_file
Definition: suricata.h:133
RUNMODE_PRINT_VERSION
@ RUNMODE_PRINT_VERSION
Definition: runmodes.h:50
ParseSizeStringU32
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:173
TmModuleReceiveErfDagRegister
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-dag.c:133
IPPairBitInitCtx
void IPPairBitInitCtx(void)
Definition: ippair-bit.c:49
ConfigSetLogDirectory
TmEcode ConfigSetLogDirectory(const char *name)
Definition: util-conf.c:33
util-validate.h
TmModuleDecodeIPFWRegister
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
Definition: source-ipfw.c:186
source-af-packet.h
ConfUnixSocketIsEnable
int ConfUnixSocketIsEnable(void)
Definition: util-conf.c:136
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
g_vlan_mask
uint16_t g_vlan_mask
Definition: suricata.c:201
RUNMODE_ERF_FILE
@ RUNMODE_ERF_FILE
Definition: runmodes.h:34
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:603
RUNMODE_DUMP_CONFIG
@ RUNMODE_DUMP_CONFIG
Definition: runmodes.h:53
sigusr2_count
volatile sig_atomic_t sigusr2_count
Definition: suricata.c:158
SystemHugepageSnapshotDestroy
void SystemHugepageSnapshotDestroy(SystemHugepageSnapshot *s)
Definition: util-hugepages.c:304
TmModuleDecodePcapRegister
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
Definition: source-pcap.c:153
util-running-modes.h
SCLoadYamlConfig
TmEcode SCLoadYamlConfig(void)
Definition: suricata.c:965
unix-manager.h
runmode-af-xdp.h
str
#define str(s)
Definition: suricata-common.h:308
ConfigCheckDataDirectory
TmEcode ConfigCheckDataDirectory(const char *data_dir)
Definition: util-conf.c:99
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:181
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:262
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:185
DetectEngineReloadStart
int DetectEngineReloadStart(void)
Definition: detect-engine.c:1875
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DEFAULT_CONF_FILE
#define DEFAULT_CONF_FILE
Definition: suricata.h:84
SC_LOG_MAX_LOG_MSG_LEN
#define SC_LOG_MAX_LOG_MSG_LEN
Definition: util-debug.h:85
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:270
TmModuleReceivePcapRegister
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
Definition: source-pcap.c:135
RUNMODE_DPDK
@ RUNMODE_DPDK
Definition: runmodes.h:39
SCGetUserID
void SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
Definition: util-privs.c:143
util-ioctl.h
detect-parse.h
RUNMODE_PCAP_DEV
@ RUNMODE_PCAP_DEV
Definition: runmodes.h:29
SCInstance_::system
bool system
Definition: suricata.h:151
SCInstance_::pid_filename
char * pid_filename
Definition: suricata.h:135
TmModuleRespondRejectRegister
void TmModuleRespondRejectRegister(void)
Definition: respond-reject.c:50
CoredumpEnable
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
Definition: util-coredump-config.c:57
RunUnittests
void RunUnittests(int list_unittests, const char *regex_arg)
Definition: runmode-unittests.c:231
source-erf-file.h
ConfigCheckLogDirectoryExists
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
Definition: util-conf.c:56
SCConfSet
int SCConfSet(const char *name, const char *val)
Set a configuration value.
Definition: conf.c:239
TimeDeinit
void TimeDeinit(void)
Definition: util-time.c:87
PacketAlertTagInit
void PacketAlertTagInit(void)
Definition: detect-engine-alert.c:45
RunModeEngineIsIPS
int RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
Definition: runmodes.c:369
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2585
TmModuleDecodeLibRegister
void TmModuleDecodeLibRegister(void)
register a "Decode" module for suricata as a library.
Definition: source-lib.c:107
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:234
SCProfilingKeywordsGlobalInit
void SCProfilingKeywordsGlobalInit(void)
Definition: util-profiling-keywords.c:61
suricata.h
EngineDone
void EngineDone(void)
Used to indicate that the current task is done.
Definition: suricata.c:463
SCInstance_::firewall_rule_file_exclusive
bool firewall_rule_file_exclusive
Definition: suricata.h:138
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:43
GetDocURL
const char * GetDocURL(void)
Definition: suricata.c:1118
util-mpm-hs.h
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
clean up / shutdown code for packet modes
Definition: suricata.c:2277
HostInitConfig
void HostInitConfig(bool quiet)
initialize the configuration
Definition: host.c:168
TmThreadWaitOnThreadRunning
TmEcode TmThreadWaitOnThreadRunning(void)
Waits for all threads to be in a running state.
Definition: tm-threads.c:1881
HttpRangeContainersDestroy
void HttpRangeContainersDestroy(void)
Definition: app-layer-htp-range.c:204
RUNMODE_CONF_TEST
@ RUNMODE_CONF_TEST
Definition: runmodes.h:54
SCLogLoadConfig
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
Definition: util-debug.c:1420
DetectEngineReload
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
Definition: detect-engine.c:4755
DEFAULT_MAX_PENDING_PACKETS
#define DEFAULT_MAX_PENDING_PACKETS
Definition: suricata.c:168
SCInstance_
Definition: suricata.h:128
DetectEngineClearMaster
void DetectEngineClearMaster(void)
Definition: detect-engine.c:4728
SetMasterExceptionPolicy
void SetMasterExceptionPolicy(void)
Definition: util-exception-policy.c:63
id
uint32_t id
Definition: detect-flowbits.c:933
TmThreadCheckThreadState
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
Definition: tm-threads.c:1966
OutputFilestoreRegisterGlobalCounters
void OutputFilestoreRegisterGlobalCounters(void)
Definition: output-filestore.c:513
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:2890
SCInstance_::disabled_detect
int disabled_detect
Definition: suricata.h:157
LiveGetDeviceCount
int LiveGetDeviceCount(void)
Get the number of registered devices.
Definition: util-device.c:169
SystemHugepageSnapshotCreate
SystemHugepageSnapshot * SystemHugepageSnapshotCreate(void)
The function creates a snapshot of the system's hugepage usage per NUMA node and per hugepage size....
Definition: util-hugepages.c:323
SCProfilingSghsGlobalInit
void SCProfilingSghsGlobalInit(void)
Definition: util-profiling-rulegroups.c:61
SCPidfileCreate
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
Definition: util-pidfile.c:42
LiveRegisterDeviceName
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
Definition: util-device.c:102
SCStatFn
#define SCStatFn(pathname, statbuf)
Definition: util-path.h:35
ENGINE_MODE_IDS
@ ENGINE_MODE_IDS
Definition: suricata.h:108
LiveDeviceFinalize
void LiveDeviceFinalize(void)
Definition: util-device.c:447
TmModuleDecodeDPDKRegister
void TmModuleDecodeDPDKRegister(void)
Registration Function for DecodeDPDK.
Definition: source-dpdk.c:65
SCInstance_::sig_file_exclusive
bool sig_file_exclusive
Definition: suricata.h:134
PROG_VER
#define PROG_VER
Definition: suricata.h:76
util-misc.h
PacketPoolDestroy
void PacketPoolDestroy(void)
Definition: tmqh-packetpool.c:274
HTPFreeConfig
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
Definition: app-layer-htp.c:1592
flow.h
LandlockSandboxing
void LandlockSandboxing(SCInstance *suri)
Definition: util-landlock.c:36
respond-reject.h
SCInstance_::regex_arg
char * regex_arg
Definition: suricata.h:136
ListKeywords
int ListKeywords(const char *keyword_info)
Definition: util-running-modes.c:33
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:238
SuricataPreInit
void SuricataPreInit(const char *progname)
Definition: suricata.c:2928
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
DPDKCleanupEAL
void DPDKCleanupEAL(void)
Definition: util-dpdk.c:30
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:276
RUNMODE_PRINT_BUILDINFO
@ RUNMODE_PRINT_BUILDINFO
Definition: runmodes.h:51
SCConfNode_
Definition: conf.h:37
SCPidfileRemove
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
Definition: util-pidfile.c:83
SCConfNode_::val
char * val
Definition: conf.h:39
ThresholdInit
void ThresholdInit(void)
Definition: detect-engine-threshold.c:66
TimeInit
void TimeInit(void)
Definition: util-time.c:79
SCInstance_::keyword_info
char * keyword_info
Definition: suricata.h:140
RUNMODE_LIST_UNITTEST
@ RUNMODE_LIST_UNITTEST
Definition: runmodes.h:55
NFQContextsClean
void NFQContextsClean(void)
Clean global contexts. Must be called on exit.
Definition: source-nfq.c:1300
SystemHugepageEvaluateHugepages
void SystemHugepageEvaluateHugepages(SystemHugepageSnapshot *pre_s, SystemHugepageSnapshot *post_s)
The function compares two hugepage snapshots and prints out recommendations for hugepage configuratio...
Definition: util-hugepages.c:363
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
SCFinalizeRunMode
int SCFinalizeRunMode(void)
Definition: suricata.c:2393
SCStat
struct stat SCStat
Definition: util-path.h:33
SCProfilingInit
void SCProfilingInit(void)
Initialize profiling.
Definition: util-profiling.c:133
g_ut_modules
int g_ut_modules
Definition: suricata.c:897
detect-engine-address.h
GlobalsDestroy
void GlobalsDestroy(void)
Definition: suricata.c:372
output.h
util-threshold-config.h
DefragInit
void DefragInit(void)
Definition: defrag.c:1109
DetectEngineReloadIsStart
int DetectEngineReloadIsStart(void)
Definition: detect-engine.c:1889
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:171
RUNMODE_IPFW
@ RUNMODE_IPFW
Definition: runmodes.h:33
host-bit.h
detect-engine-threshold.h
RUNMODE_LIST_RUNMODES
@ RUNMODE_LIST_RUNMODES
Definition: runmodes.h:49
app-layer.h
TagDestroyCtx
void TagDestroyCtx(void)
Destroy tag context hash tables.
Definition: detect-engine-tag.c:72
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1217
g_disable_randomness
int g_disable_randomness
Definition: suricata.c:194
geteuid
#define geteuid()
Definition: win32-misc.h:41
FlowWorkToDoCleanup
void FlowWorkToDoCleanup(void)
Clean up all the flows that have unprocessed segments and have some work to do in the detection engin...
Definition: flow-timeout.c:421
MpmHSGlobalCleanup
void MpmHSGlobalCleanup(void)
RUNMODE_DUMP_FEATURES
@ RUNMODE_DUMP_FEATURES
Definition: runmodes.h:62
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:213
TmqResetQueues
void TmqResetQueues(void)
Definition: tm-queues.c:80