suricata
suricata.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 
26 #if HAVE_GETOPT_H
27 #include <getopt.h>
28 #endif
29 
30 #if HAVE_SIGNAL_H
31 #include <signal.h>
32 #endif
33 
34 #include "suricata.h"
35 #include "decode.h"
36 #include "feature.h"
37 #include "detect.h"
38 #include "packet-queue.h"
39 #include "threads.h"
40 #include "threadvars.h"
41 #include "flow-worker.h"
42 
43 #include "util-atomic.h"
44 #include "util-spm.h"
45 #include "util-cpu.h"
46 #include "util-action.h"
47 #include "util-pidfile.h"
48 #include "util-ioctl.h"
49 #include "util-device.h"
50 #include "util-misc.h"
51 #include "util-running-modes.h"
52 
53 #include "detect-engine.h"
54 #include "detect-parse.h"
55 #include "detect-fast-pattern.h"
56 #include "detect-engine-tag.h"
57 #include "detect-engine-threshold.h"
58 #include "detect-engine-address.h"
59 #include "detect-engine-port.h"
60 #include "detect-engine-mpm.h"
61 
62 #include "tm-queuehandlers.h"
63 #include "tm-queues.h"
64 #include "tm-threads.h"
65 
66 #include "tmqh-flow.h"
67 
68 #include "conf.h"
69 #include "conf-yaml-loader.h"
70 
71 #include "app-layer-htp-range.h"
72 #include "datasets.h"
73 
74 #include "stream-tcp.h"
75 
76 #include "source-nfq.h"
77 #include "source-nfq-prototypes.h"
78 
79 #include "source-nflog.h"
80 
81 #include "source-ipfw.h"
82 
83 #include "source-pcap.h"
84 #include "source-pcap-file.h"
85 
86 #include "source-pfring.h"
87 
88 #include "source-erf-file.h"
89 #include "source-erf-dag.h"
90 #include "source-napatech.h"
91 
92 #include "source-af-packet.h"
93 #include "source-netmap.h"
94 
95 #include "source-dpdk.h"
96 
97 #include "source-windivert.h"
98 #include "source-windivert-prototypes.h"
99 
100 #include "respond-reject.h"
101 
102 #include "flow.h"
103 #include "flow-timeout.h"
104 #include "flow-manager.h"
105 #include "flow-bypass.h"
106 #include "flow-var.h"
107 #include "flow-bit.h"
108 #include "pkt-var.h"
109 #include "host-bit.h"
110 
111 #include "ippair.h"
112 #include "ippair-bit.h"
113 
114 #include "host.h"
115 #include "unix-manager.h"
116 
117 #include "app-layer.h"
118 #include "app-layer-parser.h"
119 #include "app-layer-register.h"
120 #include "app-layer-htp.h"
121 #include "app-layer-ssl.h"
122 #include "app-layer-ssh.h"
123 #include "app-layer-ftp.h"
124 #include "app-layer-smtp.h"
125 #include "app-layer-enip.h"
126 #include "app-layer-dnp3.h"
127 #include "app-layer-smb.h"
128 #include "app-layer-htp-file.h"
129 
130 #include "output-filestore.h"
131 
132 #include "util-ebpf.h"
133 #include "util-radix-tree.h"
134 #include "util-host-os-info.h"
135 #include "util-cidr.h"
136 #include "util-unittest.h"
137 #include "util-unittest-helper.h"
138 #include "util-time.h"
139 #include "util-rule-vars.h"
140 #include "util-classification-config.h"
141 #include "util-threshold-config.h"
142 #include "util-reference-config.h"
143 #include "util-profiling.h"
144 #include "util-magic.h"
145 #include "util-signal.h"
146 
147 #include "util-coredump-config.h"
148 
149 #include "util-decode-mime.h"
150 
151 #include "defrag.h"
152 
153 #include "runmodes.h"
154 #include "runmode-unittests.h"
155 
156 #include "util-debug.h"
157 #include "util-error.h"
158 #include "util-daemon.h"
159 #include "util-byte.h"
160 #include "reputation.h"
161 
162 #include "output.h"
163 
164 #include "util-privs.h"
165 
166 #include "tmqh-packetpool.h"
167 
168 #include "util-proto-name.h"
169 #include "util-mpm-hs.h"
170 #include "util-storage.h"
171 #include "host-storage.h"
172 
173 #include "util-lua.h"
174 
175 #include "util-plugin.h"
176 
177 #include "util-dpdk.h"
178 
179 #include "rust.h"
180 
181 /*
182  * we put this here, because we only use it here in main.
183  */
184 volatile sig_atomic_t sigint_count = 0;
185 volatile sig_atomic_t sighup_count = 0;
186 volatile sig_atomic_t sigterm_count = 0;
187 volatile sig_atomic_t sigusr2_count = 0;
188 
189 /*
190  * Flag to indicate if the engine is at the initialization
191  * or already processing packets. 3 stages: SURICATA_INIT,
192  * SURICATA_RUNTIME and SURICATA_FINALIZE
193  */
194 SC_ATOMIC_DECLARE(unsigned int, engine_stage);
195 
196 /* Max packets processed simultaniously per thread. */
197 #define DEFAULT_MAX_PENDING_PACKETS 1024
198 
199 /** suricata engine control flags */
200 volatile uint8_t suricata_ctl_flags = 0;
201 
202 /** Run mode selected */
203 int run_mode = RUNMODE_UNKNOWN;
204 
205 /** Engine mode: inline (ENGINE_MODE_IPS) or just
206  * detection mode (ENGINE_MODE_IDS by default) */
207 static enum EngineMode g_engine_mode = ENGINE_MODE_IDS;
208 
209 /** Host mode: set if box is sniffing only
210  * or is a router */
211 uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY;
212 
213 /** Maximum packets to simultaneously process. */
214 intmax_t max_pending_packets;
215 
216 /** global indicating if detection is enabled */
217 int g_detect_disabled = 0;
218 
219 /** set caps or not */
220 int sc_set_caps = FALSE;
221 
222 /** highest mtu of the interfaces we monitor */
223 int g_default_mtu = 0;
224 
225 bool g_system = false;
226 
227 /** disable randomness to get reproducible results accross runs */
228 #ifndef AFLFUZZ_NO_RANDOM
229 int g_disable_randomness = 0;
230 #else
231 int g_disable_randomness = 1;
232 #endif
233 
234 /** determine (without branching) if we include the vlan_ids when hashing or
235  * comparing flows */
236 uint16_t g_vlan_mask = 0xffff;
237 
238 /* flag to disable hashing almost globally, to be similar to disabling nss
239  * support */
240 bool g_disable_hashing = false;
241 
242 /** Suricata instance */
243 SCInstance suricata;
244 
245 int SuriHasSigFile(void)
246 {
247  return (suricata.sig_file != NULL);
248 }
249 
250 int EngineModeIsIPS(void)
251 {
252  return (g_engine_mode == ENGINE_MODE_IPS);
253 }
254 
255 int EngineModeIsIDS(void)
256 {
257  return (g_engine_mode == ENGINE_MODE_IDS);
258 }
259 
260 void EngineModeSetIPS(void)
261 {
262  g_engine_mode = ENGINE_MODE_IPS;
263 }
264 
265 void EngineModeSetIDS(void)
266 {
267  g_engine_mode = ENGINE_MODE_IDS;
268 }
269 
270 #ifdef UNITTESTS
271 int RunmodeIsUnittests(void)
272 {
273  if (run_mode == RUNMODE_UNITTEST)
274  return 1;
275 
276  return 0;
277 }
278 #endif
279 
280 int RunmodeGetCurrent(void)
281 {
282  return run_mode;
283 }
284 
285 /** signal handlers
286  *
287  * WARNING: don't use the SCLog* API in the handlers. The API is complex
288  * with memory allocation possibly happening, calls to syslog, json message
289  * construction, etc.
290  */
291 
292 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
293 static void SignalHandlerSigint(/*@unused@*/ int sig)
294 {
295  sigint_count = 1;
296 }
297 static void SignalHandlerSigterm(/*@unused@*/ int sig)
298 {
299  sigterm_count = 1;
300 }
301 #ifndef OS_WIN32
302 #if HAVE_LIBUNWIND
303 #define UNW_LOCAL_ONLY
304 #include <libunwind.h>
305 static void SignalHandlerUnexpected(int sig_num, siginfo_t *info, void *context)
306 {
307  char msg[SC_LOG_MAX_LOG_MSG_LEN];
308  unw_cursor_t cursor;
309  int r;
310  if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
311  fprintf(stderr, "unable to obtain stack trace: unw_init_local: %s\n", unw_strerror(r));
312  goto terminate;
313  }
314 
315  char *temp = msg;
316  int cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "stacktrace:sig %d:", sig_num);
317  temp += cw;
318  r = 1;
319  while (r > 0) {
320  if (unw_is_signal_frame(&cursor) == 0) {
321  unw_word_t off;
322  char name[256];
323  if (unw_get_proc_name(&cursor, name, sizeof(name), &off) == UNW_ENOMEM) {
324  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "[unknown]:");
325  } else {
326  cw = snprintf(
327  temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "%s+0x%08" PRIx64, name, off);
328  }
329  temp += cw;
330  }
331 
332  r = unw_step(&cursor);
333  if (r > 0) {
334  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), ";");
335  temp += cw;
336  }
337  }
338  SCLogError(SC_ERR_SIGNAL, "%s", msg);
339 
340 terminate:
341  // Terminate with SIGABRT ... but first, restore that signal's default handling
342  signal(SIGABRT, SIG_DFL);
343  abort();
344 }
345 #undef UNW_LOCAL_ONLY
346 #endif /* HAVE_LIBUNWIND */
347 #endif /* !OS_WIN32 */
348 #endif
349 
350 #ifndef OS_WIN32
351 /**
352  * SIGUSR2 handler. Just set sigusr2_count. The main loop will act on
353  * it.
354  */
355 static void SignalHandlerSigusr2(int sig)
356 {
357  if (sigusr2_count < 2)
358  sigusr2_count++;
359 }
360 
361 /**
362  * SIGHUP handler. Just set sighup_count. The main loop will act on
363  * it.
364  */
365 static void SignalHandlerSigHup(/*@unused@*/ int sig)
366 {
367  sighup_count = 1;
368 }
369 #endif
370 
371 void GlobalsInitPreConfig(void)
372 {
373  TimeInit();
374  SupportFastPatternForSigMatchTypes();
375  SCThresholdConfGlobalInit();
376 }
377 
378 static void GlobalsDestroy(SCInstance *suri)
379 {
380  HostShutdown();
381  HTPFreeConfig();
382  HTPAtExitPrintStats();
383 
384  AppLayerHtpPrintStats();
385 
386  /* TODO this can do into it's own func */
387  DetectEngineCtx *de_ctx = DetectEngineGetCurrent();
388  if (de_ctx) {
389  DetectEngineMoveToFreeList(de_ctx);
390  DetectEngineDeReference(&de_ctx);
391  }
392  DetectEnginePruneFreeList();
393 
394  AppLayerDeSetup();
395  DatasetsSave();
396  DatasetsDestroy();
397  HttpRangeContainersDestroy();
398  TagDestroyCtx();
399 
400  LiveDeviceListClean();
401  OutputDeregisterAll();
402  FeatureTrackingRelease();
403  TimeDeinit();
404  if (!suri->disabled_detect) {
405  SCReferenceConfDeinit();
406  SCClassConfDeinit();
407  }
408  TmqhCleanup();
409  TmModuleRunDeInit();
410  ParseSizeDeinit();
411 
412 #ifdef HAVE_DPDK
413  DPDKCleanupEAL();
414 #endif
415 
416 #ifdef HAVE_AF_PACKET
417  AFPPeersListClean();
418 #endif
419 
420 #ifdef NFQ
421  NFQContextsClean();
422 #endif
423 
424 #ifdef BUILD_HYPERSCAN
425  MpmHSGlobalCleanup();
426 #endif
427 
428  ConfDeInit();
429 #ifdef HAVE_LUAJIT
430  LuajitFreeStatesPool();
431 #endif
432  SCLogDeInitLogModule();
433  DetectParseFreeRegexes();
434  SCThresholdConfGlobalFree();
435 
436  SCPidfileRemove(suri->pid_filename);
437  SCFree(suri->pid_filename);
438  suri->pid_filename = NULL;
439 }
440 
441 /** \brief make sure threads can stop the engine by calling this
442  * function. Purpose: pcap file mode needs to be able to tell the
443  * engine the file eof is reached. */
444 void EngineStop(void)
445 {
446  suricata_ctl_flags |= SURICATA_STOP;
447 }
448 
449 /**
450  * \brief Used to indicate that the current task is done.
451  *
452  * This is mainly used by pcap-file to tell it has finished
453  * to treat a pcap files when running in unix-socket mode.
454  */
455 void EngineDone(void)
456 {
457  suricata_ctl_flags |= SURICATA_DONE;
458 }
459 
460 static int SetBpfString(int argc, char *argv[])
461 {
462  char *bpf_filter = NULL;
463  uint32_t bpf_len = 0;
464  int tmpindex = 0;
465 
466  /* attempt to parse remaining args as bpf filter */
467  tmpindex = argc;
468  while(argv[tmpindex] != NULL) {
469  bpf_len+=strlen(argv[tmpindex]) + 1;
470  tmpindex++;
471  }
472 
473  if (bpf_len == 0)
474  return TM_ECODE_OK;
475 
476  if (EngineModeIsIPS()) {
477  SCLogError(SC_ERR_NOT_SUPPORTED,
478  "BPF filter not available in IPS mode."
479  " Use firewall filtering if possible.");
480  return TM_ECODE_FAILED;
481  }
482 
483  bpf_filter = SCMalloc(bpf_len);
484  if (unlikely(bpf_filter == NULL))
485  return TM_ECODE_OK;
486  memset(bpf_filter, 0x00, bpf_len);
487 
488  tmpindex = optind;
489  while(argv[tmpindex] != NULL) {
490  strlcat(bpf_filter, argv[tmpindex],bpf_len);
491  if(argv[tmpindex + 1] != NULL) {
492  strlcat(bpf_filter," ", bpf_len);
493  }
494  tmpindex++;
495  }
496 
497  if(strlen(bpf_filter) > 0) {
498  if (ConfSetFinal("bpf-filter", bpf_filter) != 1) {
499  SCLogError(SC_ERR_FATAL, "Failed to set bpf filter.");
500  SCFree(bpf_filter);
501  return TM_ECODE_FAILED;
502  }
503  }
504  SCFree(bpf_filter);
505 
506  return TM_ECODE_OK;
507 }
508 
509 static void SetBpfStringFromFile(char *filename)
510 {
511  char *bpf_filter = NULL;
512  char *bpf_comment_tmp = NULL;
513  char *bpf_comment_start = NULL;
514  uint32_t bpf_len = 0;
515 #ifdef OS_WIN32
516  struct _stat st;
517 #else
518  struct stat st;
519 #endif /* OS_WIN32 */
520  FILE *fp = NULL;
521  size_t nm = 0;
522 
523  if (EngineModeIsIPS()) {
524  FatalError(SC_ERR_FATAL,
525  "BPF filter not available in IPS mode."
526  " Use firewall filtering if possible.");
527  }
528 
529 #ifdef OS_WIN32
530  if(_stat(filename, &st) != 0) {
531 #else
532  if(stat(filename, &st) != 0) {
533 #endif /* OS_WIN32 */
534  SCLogError(SC_ERR_FOPEN, "Failed to stat file %s", filename);
535  exit(EXIT_FAILURE);
536  }
537  bpf_len = st.st_size + 1;
538 
539  // coverity[toctou : FALSE]
540  fp = fopen(filename,"r");
541  if (fp == NULL) {
542  SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
543  exit(EXIT_FAILURE);
544  }
545 
546  bpf_filter = SCMalloc(bpf_len * sizeof(char));
547  if (unlikely(bpf_filter == NULL)) {
548  SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate buffer for bpf filter in file %s", filename);
549  exit(EXIT_FAILURE);
550  }
551  memset(bpf_filter, 0x00, bpf_len);
552 
553  nm = fread(bpf_filter, 1, bpf_len - 1, fp);
554  if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
555  SCLogError(SC_ERR_BPF, "Failed to read complete BPF file %s", filename);
556  SCFree(bpf_filter);
557  fclose(fp);
558  exit(EXIT_FAILURE);
559  }
560  fclose(fp);
561  bpf_filter[nm] = '\0';
562 
563  if(strlen(bpf_filter) > 0) {
564  /*replace comments with space*/
565  bpf_comment_start = bpf_filter;
566  while((bpf_comment_tmp = strchr(bpf_comment_start, '#')) != NULL) {
567  while((*bpf_comment_tmp !='\0') &&
568  (*bpf_comment_tmp != '\r') && (*bpf_comment_tmp != '\n'))
569  {
570  *bpf_comment_tmp++ = ' ';
571  }
572  bpf_comment_start = bpf_comment_tmp;
573  }
574  /*remove remaining '\r' and '\n' */
575  while((bpf_comment_tmp = strchr(bpf_filter, '\r')) != NULL) {
576  *bpf_comment_tmp = ' ';
577  }
578  while((bpf_comment_tmp = strchr(bpf_filter, '\n')) != NULL) {
579  *bpf_comment_tmp = ' ';
580  }
581  /* cut trailing spaces */
582  while (strlen(bpf_filter) > 0 &&
583  bpf_filter[strlen(bpf_filter)-1] == ' ')
584  {
585  bpf_filter[strlen(bpf_filter)-1] = '\0';
586  }
587  if (strlen(bpf_filter) > 0) {
588  if(ConfSetFinal("bpf-filter", bpf_filter) != 1) {
589  SCLogError(SC_ERR_FOPEN, "ERROR: Failed to set bpf filter!");
590  SCFree(bpf_filter);
591  exit(EXIT_FAILURE);
592  }
593  }
594  }
595  SCFree(bpf_filter);
596 }
597 
598 static void PrintUsage(const char *progname)
599 {
600 #ifdef REVISION
601  printf("%s %s (%s)\n", PROG_NAME, PROG_VER, xstr(REVISION));
602 #else
603  printf("%s %s\n", PROG_NAME, PROG_VER);
604 #endif
605  printf("USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
606  printf("\t-c <path> : path to configuration file\n");
607  printf("\t-T : test configuration file (use with -c)\n");
608  printf("\t-i <dev or ip> : run in pcap live mode\n");
609  printf("\t-F <bpf filter file> : bpf filter file\n");
610  printf("\t-r <path> : run in pcap file/offline mode\n");
611 #ifdef NFQ
612  printf("\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
613 #endif /* NFQ */
614 #ifdef IPFW
615  printf("\t-d <divert port> : run in inline ipfw divert mode\n");
616 #endif /* IPFW */
617  printf("\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
618  printf("\t-S <path> : path to signature file loaded exclusively (optional)\n");
619  printf("\t-l <dir> : default log directory\n");
620 #ifndef OS_WIN32
621  printf("\t-D : run as daemon\n");
622 #else
623  printf("\t--service-install : install as service\n");
624  printf("\t--service-remove : remove service\n");
625  printf("\t--service-change-params : change service startup parameters\n");
626 #endif /* OS_WIN32 */
627  printf("\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
628  printf("\t-V : display Suricata version\n");
629  printf("\t-v : be more verbose (use multiple times to increase verbosity)\n");
630 #ifdef UNITTESTS
631  printf("\t-u : run the unittests and exit\n");
632  printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
633  printf("\t--list-unittests : list unit tests\n");
634  printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
635  printf("\t--unittests-coverage : display unittest coverage report\n");
636 #endif /* UNITTESTS */
637  printf("\t--list-app-layer-protos : list supported app layer protocols\n");
638  printf("\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
639  printf("\t--list-runmodes : list supported runmodes\n");
640  printf("\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
641  "\t supplied should be the id for the runmode obtained by running\n"
642  "\t --list-runmodes\n");
643  printf("\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
644  "\t Please have a look at the conf parameter engine-analysis on what reports\n"
645  "\t can be printed\n");
646  printf("\t--pidfile <file> : write pid to this file\n");
647  printf("\t--init-errors-fatal : enable fatal failure on signature init error\n");
648  printf("\t--disable-detection : disable detection engine\n");
649  printf("\t--dump-config : show the running configuration\n");
650  printf("\t--dump-features : display provided features\n");
651  printf("\t--build-info : display build information\n");
652  printf("\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
653  printf("\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
654  printf("\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
655  printf("\t--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)\n");
656 #ifdef HAVE_PCAP_SET_BUFF
657  printf("\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
658 #endif /* HAVE_SET_PCAP_BUFF */
659 #ifdef HAVE_DPDK
660  printf("\t--dpdk : run in dpdk mode, uses interfaces from "
661  "suricata.yaml\n");
662 #endif
663 #ifdef HAVE_AF_PACKET
664  printf("\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
665 #endif
666 #ifdef HAVE_NETMAP
667  printf("\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
668 #endif
669 #ifdef HAVE_PFRING
670  printf("\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
671  printf("\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
672  printf("\t--pfring-cluster-id <id> : pfring cluster id \n");
673  printf("\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
674 #endif /* HAVE_PFRING */
675  printf("\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
676 #ifdef HAVE_LIBCAP_NG
677  printf("\t--user <user> : run suricata as this user after init\n");
678  printf("\t--group <group> : run suricata as this group after init\n");
679 #endif /* HAVE_LIBCAP_NG */
680  printf("\t--erf-in <path> : process an ERF file\n");
681 #ifdef HAVE_DAG
682  printf("\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
683 #endif
684 #ifdef HAVE_NAPATECH
685  printf("\t--napatech : run Napatech Streams using the API\n");
686 #endif
687 #ifdef BUILD_UNIX_SOCKET
688  printf("\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
689 #endif
690 #ifdef WINDIVERT
691  printf("\t--windivert <filter> : run in inline WinDivert mode\n");
692  printf("\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
693 #endif
694 #ifdef HAVE_LIBNET11
695  printf("\t--reject-dev <dev> : send reject packets from this interface\n");
696 #endif
697  printf("\t--set name=value : set a configuration value\n");
698  printf("\n");
699  printf("\nTo run the engine with default configuration on "
700  "interface eth0 with signature file \"signatures.rules\", run the "
701  "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
702  progname);
703 }
704 
705 static void PrintBuildInfo(void)
706 {
707  const char *bits = "<unknown>-bits";
708  const char *endian = "<unknown>-endian";
709  char features[2048] = "";
710  const char *tls;
711 
712  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
713 
714 #ifdef DEBUG
715  strlcat(features, "DEBUG ", sizeof(features));
716 #endif
717 #ifdef DEBUG_VALIDATION
718  strlcat(features, "DEBUG_VALIDATION ", sizeof(features));
719 #endif
720 #ifdef UNITTESTS
721  strlcat(features, "UNITTESTS ", sizeof(features));
722 #endif
723 #ifdef NFQ
724  strlcat(features, "NFQ ", sizeof(features));
725 #endif
726 #ifdef IPFW
727  strlcat(features, "IPFW ", sizeof(features));
728 #endif
729 #ifdef HAVE_PCAP_SET_BUFF
730  strlcat(features, "PCAP_SET_BUFF ", sizeof(features));
731 #endif
732 #ifdef HAVE_PFRING
733  strlcat(features, "PF_RING ", sizeof(features));
734 #endif
735 #ifdef HAVE_AF_PACKET
736  strlcat(features, "AF_PACKET ", sizeof(features));
737 #endif
738 #ifdef HAVE_NETMAP
739  strlcat(features, "NETMAP ", sizeof(features));
740 #endif
741 #ifdef HAVE_PACKET_FANOUT
742  strlcat(features, "HAVE_PACKET_FANOUT ", sizeof(features));
743 #endif
744 #ifdef HAVE_DAG
745  strlcat(features, "DAG ", sizeof(features));
746 #endif
747 #ifdef HAVE_LIBCAP_NG
748  strlcat(features, "LIBCAP_NG ", sizeof(features));
749 #endif
750 #ifdef HAVE_LIBNET11
751  strlcat(features, "LIBNET1.1 ", sizeof(features));
752 #endif
753 #ifdef HAVE_HTP_URI_NORMALIZE_HOOK
754  strlcat(features, "HAVE_HTP_URI_NORMALIZE_HOOK ", sizeof(features));
755 #endif
756 #ifdef PCRE2_HAVE_JIT
757  strlcat(features, "PCRE_JIT ", sizeof(features));
758 #endif
759  /* For compatibility, just say we have HAVE_NSS. */
760  strlcat(features, "HAVE_NSS ", sizeof(features));
761  /* HTTP2_DECOMPRESSION is not an optional feature in this major version */
762  strlcat(features, "HTTP2_DECOMPRESSION ", sizeof(features));
763 #ifdef HAVE_LUA
764  strlcat(features, "HAVE_LUA ", sizeof(features));
765 #endif
766 #ifdef HAVE_LUAJIT
767  strlcat(features, "HAVE_LUAJIT ", sizeof(features));
768 #endif
769  strlcat(features, "HAVE_LIBJANSSON ", sizeof(features));
770 #ifdef PROFILING
771  strlcat(features, "PROFILING ", sizeof(features));
772 #endif
773 #ifdef PROFILE_LOCKING
774  strlcat(features, "PROFILE_LOCKING ", sizeof(features));
775 #endif
776 #if defined(TLS_C11) || defined(TLS_GNU)
777  strlcat(features, "TLS ", sizeof(features));
778 #endif
779 #if defined(TLS_C11)
780  strlcat(features, "TLS_C11 ", sizeof(features));
781 #elif defined(TLS_GNU)
782  strlcat(features, "TLS_GNU ", sizeof(features));
783 #endif
784 #ifdef HAVE_MAGIC
785  strlcat(features, "MAGIC ", sizeof(features));
786 #endif
787  strlcat(features, "RUST ", sizeof(features));
788  if (strlen(features) == 0) {
789  strlcat(features, "none", sizeof(features));
790  }
791 
792  printf("Features: %s\n", features);
793 
794  /* SIMD stuff */
795  memset(features, 0x00, sizeof(features));
796 #if defined(__SSE4_2__)
797  strlcat(features, "SSE_4_2 ", sizeof(features));
798 #endif
799 #if defined(__SSE4_1__)
800  strlcat(features, "SSE_4_1 ", sizeof(features));
801 #endif
802 #if defined(__SSE3__)
803  strlcat(features, "SSE_3 ", sizeof(features));
804 #endif
805  if (strlen(features) == 0) {
806  strlcat(features, "none", sizeof(features));
807  }
808  printf("SIMD support: %s\n", features);
809 
810  /* atomics stuff */
811  memset(features, 0x00, sizeof(features));
812 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
813  strlcat(features, "1 ", sizeof(features));
814 #endif
815 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
816  strlcat(features, "2 ", sizeof(features));
817 #endif
818 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
819  strlcat(features, "4 ", sizeof(features));
820 #endif
821 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
822  strlcat(features, "8 ", sizeof(features));
823 #endif
824 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
825  strlcat(features, "16 ", sizeof(features));
826 #endif
827  if (strlen(features) == 0) {
828  strlcat(features, "none", sizeof(features));
829  } else {
830  strlcat(features, "byte(s)", sizeof(features));
831  }
832  printf("Atomic intrinsics: %s\n", features);
833 
834 #if __WORDSIZE == 64
835  bits = "64-bits";
836 #elif __WORDSIZE == 32
837  bits = "32-bits";
838 #endif
839 
840 #if __BYTE_ORDER == __BIG_ENDIAN
841  endian = "Big-endian";
842 #elif __BYTE_ORDER == __LITTLE_ENDIAN
843  endian = "Little-endian";
844 #endif
845 
846  printf("%s, %s architecture\n", bits, endian);
847 #ifdef __GNUC__
848  printf("GCC version %s, C version %"PRIiMAX"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
849 #else
850  printf("C version %"PRIiMAX"\n", (intmax_t)__STDC_VERSION__);
851 #endif
852 
853 #if __SSP__ == 1
854  printf("compiled with -fstack-protector\n");
855 #endif
856 #if __SSP_ALL__ == 2
857  printf("compiled with -fstack-protector-all\n");
858 #endif
859 /*
860  * Workaround for special defines of _FORTIFY_SOURCE like
861  * FORTIFY_SOURCE=((defined __OPTIMIZE && OPTIMIZE > 0) ? 2 : 0)
862  * which is used by Gentoo for example and would result in the error
863  * 'defined' undeclared when _FORTIFY_SOURCE used via %d in printf func
864  *
865  */
866 #if _FORTIFY_SOURCE == 2
867  printf("compiled with _FORTIFY_SOURCE=2\n");
868 #elif _FORTIFY_SOURCE == 1
869  printf("compiled with _FORTIFY_SOURCE=1\n");
870 #elif _FORTIFY_SOURCE == 0
871  printf("compiled with _FORTIFY_SOURCE=0\n");
872 #endif
873 #ifdef CLS
874  printf("L1 cache line size (CLS)=%d\n", CLS);
875 #endif
876 #if defined(TLS_C11)
877  tls = "_Thread_local";
878 #elif defined(TLS_GNU)
879  tls = "__thread";
880 #else
881 #error "Unsupported thread local"
882 #endif
883  printf("thread local storage method: %s\n", tls);
884 
885  printf("compiled with %s, linked against %s\n",
886  HTP_VERSION_STRING_FULL, htp_get_version());
887  printf("\n");
888 #include "build-info.h"
889 }
890 
891 int coverage_unittests;
892 int g_ut_modules;
893 int g_ut_covered;
894 
895 void RegisterAllModules(void)
896 {
897  // zero all module storage
898  memset(tmm_modules, 0, TMM_SIZE * sizeof(TmModule));
899 
900  /* commanders */
901  TmModuleUnixManagerRegister();
902  /* managers */
903  TmModuleFlowManagerRegister();
904  TmModuleFlowRecyclerRegister();
905  TmModuleBypassedFlowManagerRegister();
906  /* nfq */
907  TmModuleReceiveNFQRegister();
908  TmModuleVerdictNFQRegister();
909  TmModuleDecodeNFQRegister();
910  /* ipfw */
911  TmModuleReceiveIPFWRegister();
912  TmModuleVerdictIPFWRegister();
913  TmModuleDecodeIPFWRegister();
914  /* pcap live */
915  TmModuleReceivePcapRegister();
916  TmModuleDecodePcapRegister();
917  /* pcap file */
918  TmModuleReceivePcapFileRegister();
919  TmModuleDecodePcapFileRegister();
920  /* af-packet */
921  TmModuleReceiveAFPRegister();
922  TmModuleDecodeAFPRegister();
923  /* netmap */
924  TmModuleReceiveNetmapRegister();
925  TmModuleDecodeNetmapRegister();
926  /* pfring */
927  TmModuleReceivePfringRegister();
928  TmModuleDecodePfringRegister();
929  /* dag file */
930  TmModuleReceiveErfFileRegister();
931  TmModuleDecodeErfFileRegister();
932  /* dag live */
933  TmModuleReceiveErfDagRegister();
934  TmModuleDecodeErfDagRegister();
935  /* napatech */
936  TmModuleNapatechStreamRegister();
937  TmModuleNapatechDecodeRegister();
938 
939  /* flow worker */
940  TmModuleFlowWorkerRegister();
941  /* respond-reject */
942  TmModuleRespondRejectRegister();
943 
944  /* log api */
945  TmModuleLoggerRegister();
946  TmModuleStatsLoggerRegister();
947 
948  TmModuleDebugList();
949  /* nflog */
950  TmModuleReceiveNFLOGRegister();
951  TmModuleDecodeNFLOGRegister();
952 
953  /* windivert */
954  TmModuleReceiveWinDivertRegister();
955  TmModuleVerdictWinDivertRegister();
956  TmModuleDecodeWinDivertRegister();
957 
958  /* Dpdk */
959  TmModuleReceiveDPDKRegister();
960  TmModuleDecodeDPDKRegister();
961 }
962 
963 static TmEcode LoadYamlConfig(SCInstance *suri)
964 {
965  SCEnter();
966 
967  if (suri->conf_filename == NULL)
968  suri->conf_filename = DEFAULT_CONF_FILE;
969 
970  if (ConfYamlLoadFile(suri->conf_filename) != 0) {
971  /* Error already displayed. */
972  SCReturnInt(TM_ECODE_FAILED);
973  }
974 
975  SCReturnInt(TM_ECODE_OK);
976 }
977 
978 static TmEcode ParseInterfacesList(const int runmode, char *pcap_dev)
979 {
980  SCEnter();
981 
982  /* run the selected runmode */
983  if (runmode == RUNMODE_PCAP_DEV) {
984  if (strlen(pcap_dev) == 0) {
985  int ret = LiveBuildDeviceList("pcap");
986  if (ret == 0) {
987  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for pcap");
988  SCReturnInt(TM_ECODE_FAILED);
989  }
990  }
991  } else if (runmode == RUNMODE_PFRING) {
992  /* FIXME add backward compat support */
993  /* iface has been set on command line */
994  if (strlen(pcap_dev)) {
995  if (ConfSetFinal("pfring.live-interface", pcap_dev) != 1) {
996  SCLogError(SC_ERR_INITIALIZATION, "Failed to set pfring.live-interface");
997  SCReturnInt(TM_ECODE_FAILED);
998  }
999  } else {
1000  /* not an error condition if we have a 1.0 config */
1001  LiveBuildDeviceList("pfring");
1002  }
1003 #ifdef HAVE_DPDK
1004  } else if (runmode == RUNMODE_DPDK) {
1005  char iface_selector[] = "dpdk.interfaces";
1006  int ret = LiveBuildDeviceList(iface_selector);
1007  if (ret == 0) {
1008  SCLogError(
1009  SC_ERR_INITIALIZATION, "No interface found in config for %s", iface_selector);
1010  SCReturnInt(TM_ECODE_FAILED);
1011  }
1012 #endif
1013 #ifdef HAVE_AF_PACKET
1014  } else if (runmode == RUNMODE_AFP_DEV) {
1015  /* iface has been set on command line */
1016  if (strlen(pcap_dev)) {
1017  if (ConfSetFinal("af-packet.live-interface", pcap_dev) != 1) {
1018  SCLogError(SC_ERR_INITIALIZATION, "Failed to set af-packet.live-interface");
1019  SCReturnInt(TM_ECODE_FAILED);
1020  }
1021  } else {
1022  int ret = LiveBuildDeviceList("af-packet");
1023  if (ret == 0) {
1024  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for af-packet");
1025  SCReturnInt(TM_ECODE_FAILED);
1026  }
1027  }
1028 #endif
1029 #ifdef HAVE_NETMAP
1030  } else if (runmode == RUNMODE_NETMAP) {
1031  /* iface has been set on command line */
1032  if (strlen(pcap_dev)) {
1033  if (ConfSetFinal("netmap.live-interface", pcap_dev) != 1) {
1034  SCLogError(SC_ERR_INITIALIZATION, "Failed to set netmap.live-interface");
1035  SCReturnInt(TM_ECODE_FAILED);
1036  }
1037  } else {
1038  int ret = LiveBuildDeviceList("netmap");
1039  if (ret == 0) {
1040  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for netmap");
1041  SCReturnInt(TM_ECODE_FAILED);
1042  }
1043  }
1044 #endif
1045 #ifdef HAVE_NFLOG
1046  } else if (runmode == RUNMODE_NFLOG) {
1047  int ret = LiveBuildDeviceListCustom("nflog", "group");
1048  if (ret == 0) {
1049  SCLogError(SC_ERR_INITIALIZATION, "No group found in config for nflog");
1050  SCReturnInt(TM_ECODE_FAILED);
1051  }
1052 #endif
1053  }
1054 
1055  SCReturnInt(TM_ECODE_OK);
1056 }
1057 
1058 static void SCInstanceInit(SCInstance *suri, const char *progname)
1059 {
1060  memset(suri, 0x00, sizeof(*suri));
1061 
1062  suri->progname = progname;
1063  suri->run_mode = RUNMODE_UNKNOWN;
1064 
1065  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1066  suri->sig_file = NULL;
1067  suri->sig_file_exclusive = FALSE;
1068  suri->pid_filename = NULL;
1069  suri->regex_arg = NULL;
1070 
1071  suri->keyword_info = NULL;
1072  suri->runmode_custom_mode = NULL;
1073 #ifndef OS_WIN32
1074  suri->user_name = NULL;
1075  suri->group_name = NULL;
1076  suri->do_setuid = FALSE;
1077  suri->do_setgid = FALSE;
1078 #endif /* OS_WIN32 */
1079  suri->userid = 0;
1080  suri->groupid = 0;
1081  suri->delayed_detect = 0;
1082  suri->daemon = 0;
1083  suri->offline = 0;
1084  suri->verbose = 0;
1085  /* use -1 as unknown */
1086  suri->checksum_validation = -1;
1087 #if HAVE_DETECT_DISABLED==1
1088  g_detect_disabled = suri->disabled_detect = 1;
1089 #else
1090  g_detect_disabled = suri->disabled_detect = 0;
1091 #endif
1092 }
1093 
1094 const char *GetDocURL(void)
1095 {
1096  const char *prog_ver = GetProgramVersion();
1097  if (strstr(prog_ver, "RELEASE") != NULL) {
1098  return DOC_URL "suricata-" PROG_VER;
1099  }
1100  return DOC_URL "latest";
1101 }
1102 
1103 /** \brief get string with program version
1104  *
1105  * Get the program version as passed to us from AC_INIT
1106  *
1107  * Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed
1108  * to us.
1109  *
1110  * Possible outputs:
1111  * release: '5.0.1 RELEASE'
1112  * dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)'
1113  * dev w/o rev: '5.0.1-dev'
1114  */
1115 const char *GetProgramVersion(void)
1116 {
1117  if (strstr(PROG_VER, "-dev") == NULL) {
1118  return PROG_VER " RELEASE";
1119  } else {
1120 #ifdef REVISION
1121  return PROG_VER " (" xstr(REVISION) ")";
1122 #else
1123  return PROG_VER;
1124 #endif
1125  }
1126 }
1127 
1128 static TmEcode PrintVersion(void)
1129 {
1130  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
1131  return TM_ECODE_OK;
1132 }
1133 
1134 static TmEcode LogVersion(SCInstance *suri)
1135 {
1136  const char *mode = suri->system ? "SYSTEM" : "USER";
1137  SCLogNotice("This is %s version %s running in %s mode",
1138  PROG_NAME, GetProgramVersion(), mode);
1139  return TM_ECODE_OK;
1140 }
1141 
1142 static void SCSetStartTime(SCInstance *suri)
1143 {
1144  memset(&suri->start_time, 0, sizeof(suri->start_time));
1145  gettimeofday(&suri->start_time, NULL);
1146 }
1147 
1148 static void SCPrintElapsedTime(struct timeval *start_time)
1149 {
1150  if (start_time == NULL)
1151  return;
1152  struct timeval end_time;
1153  memset(&end_time, 0, sizeof(end_time));
1154  gettimeofday(&end_time, NULL);
1155  uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1156  (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1157  SCLogInfo("time elapsed %.3fs", (float)milliseconds/(float)1000);
1158 }
1159 
1160 static int ParseCommandLineAfpacket(SCInstance *suri, const char *in_arg)
1161 {
1162 #ifdef HAVE_AF_PACKET
1163  if (suri->run_mode == RUNMODE_UNKNOWN) {
1164  suri->run_mode = RUNMODE_AFP_DEV;
1165  if (in_arg) {
1166  LiveRegisterDeviceName(in_arg);
1167  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1168  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1169  }
1170  } else if (suri->run_mode == RUNMODE_AFP_DEV) {
1171  if (in_arg) {
1172  LiveRegisterDeviceName(in_arg);
1173  } else {
1174  SCLogInfo("Multiple af-packet option without interface on each is useless");
1175  }
1176  } else {
1177  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1178  "has been specified");
1179  PrintUsage(suri->progname);
1180  return TM_ECODE_FAILED;
1181  }
1182  return TM_ECODE_OK;
1183 #else
1184  SCLogError(SC_ERR_NO_AF_PACKET,"AF_PACKET not enabled. On Linux "
1185  "host, make sure to pass --enable-af-packet to "
1186  "configure when building.");
1187  return TM_ECODE_FAILED;
1188 #endif
1189 }
1190 
1191 static int ParseCommandLineDpdk(SCInstance *suri, const char *in_arg)
1192 {
1193 #ifdef HAVE_DPDK
1194  if (suri->run_mode == RUNMODE_UNKNOWN) {
1195  suri->run_mode = RUNMODE_DPDK;
1196  } else if (suri->run_mode == RUNMODE_DPDK) {
1197  SCLogInfo("Multiple dpdk options have no effect on Suricata");
1198  } else {
1199  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1200  "has been specified");
1201  PrintUsage(suri->progname);
1202  return TM_ECODE_FAILED;
1203  }
1204  return TM_ECODE_OK;
1205 #else
1206  SCLogError(SC_ERR_NO_DPDK, "DPDK not enabled. On Linux "
1207  "host, make sure to pass --enable-dpdk to "
1208  "configure when building.");
1209  return TM_ECODE_FAILED;
1210 #endif
1211 }
1212 
1213 static int ParseCommandLinePcapLive(SCInstance *suri, const char *in_arg)
1214 {
1215  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1216 
1217  if (in_arg != NULL) {
1218  /* some windows shells require escaping of the \ in \Device. Otherwise
1219  * the backslashes are stripped. We put them back here. */
1220  if (strlen(in_arg) > 9 && strncmp(in_arg, "DeviceNPF", 9) == 0) {
1221  snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", in_arg+9);
1222  } else {
1223  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1224  PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev));
1225  }
1226 
1227  if (strcmp(suri->pcap_dev, in_arg) != 0) {
1228  SCLogInfo("translated %s to pcap device %s", in_arg, suri->pcap_dev);
1229  } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) {
1230  SCLogError(SC_ERR_PCAP_TRANSLATE, "failed to find a pcap device for IP %s", in_arg);
1231  return TM_ECODE_FAILED;
1232  }
1233  }
1234 
1235  if (suri->run_mode == RUNMODE_UNKNOWN) {
1236  suri->run_mode = RUNMODE_PCAP_DEV;
1237  if (in_arg) {
1238  LiveRegisterDeviceName(suri->pcap_dev);
1239  }
1240  } else if (suri->run_mode == RUNMODE_PCAP_DEV) {
1241  LiveRegisterDeviceName(suri->pcap_dev);
1242  } else {
1243  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1244  "has been specified");
1245  PrintUsage(suri->progname);
1246  return TM_ECODE_FAILED;
1247  }
1248  return TM_ECODE_OK;
1249 }
1250 
1251 /**
1252  * Helper function to check if log directory is writable
1253  */
1254 static bool IsLogDirectoryWritable(const char* str)
1255 {
1256  if (access(str, W_OK) == 0)
1257  return true;
1258  return false;
1259 }
1260 
1261 static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
1262 {
1263  int opt;
1264 
1265  int dump_config = 0;
1266  int dump_features = 0;
1267  int list_app_layer_protocols = 0;
1268  int list_unittests = 0;
1269  int list_runmodes = 0;
1270  int list_keywords = 0;
1271  int build_info = 0;
1272  int conf_test = 0;
1273  int engine_analysis = 0;
1274  int ret = TM_ECODE_OK;
1275 
1276 #ifdef UNITTESTS
1277  coverage_unittests = 0;
1278  g_ut_modules = 0;
1279  g_ut_covered = 0;
1280 #endif
1281 
1282  // clang-format off
1283  struct option long_opts[] = {
1284  {"dump-config", 0, &dump_config, 1},
1285  {"dump-features", 0, &dump_features, 1},
1286  {"pfring", optional_argument, 0, 0},
1287  {"pfring-int", required_argument, 0, 0},
1288  {"pfring-cluster-id", required_argument, 0, 0},
1289  {"pfring-cluster-type", required_argument, 0, 0},
1290 #ifdef HAVE_DPDK
1291  {"dpdk", 0, 0, 0},
1292 #endif
1293  {"af-packet", optional_argument, 0, 0},
1294  {"netmap", optional_argument, 0, 0},
1295  {"pcap", optional_argument, 0, 0},
1296  {"pcap-file-continuous", 0, 0, 0},
1297  {"pcap-file-delete", 0, 0, 0},
1298  {"pcap-file-recursive", 0, 0, 0},
1299  {"simulate-ips", 0, 0 , 0},
1300  {"no-random", 0, &g_disable_randomness, 1},
1301  {"strict-rule-keywords", optional_argument, 0, 0},
1302 
1303  {"capture-plugin", required_argument, 0, 0},
1304  {"capture-plugin-args", required_argument, 0, 0},
1305 
1306 #ifdef BUILD_UNIX_SOCKET
1307  {"unix-socket", optional_argument, 0, 0},
1308 #endif
1309  {"pcap-buffer-size", required_argument, 0, 0},
1310  {"unittest-filter", required_argument, 0, 'U'},
1311  {"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1312  {"list-unittests", 0, &list_unittests, 1},
1313  {"list-runmodes", 0, &list_runmodes, 1},
1314  {"list-keywords", optional_argument, &list_keywords, 1},
1315  {"runmode", required_argument, NULL, 0},
1316  {"engine-analysis", 0, &engine_analysis, 1},
1317 #ifdef OS_WIN32
1318  {"service-install", 0, 0, 0},
1319  {"service-remove", 0, 0, 0},
1320  {"service-change-params", 0, 0, 0},
1321 #endif /* OS_WIN32 */
1322  {"pidfile", required_argument, 0, 0},
1323  {"init-errors-fatal", 0, 0, 0},
1324  {"disable-detection", 0, 0, 0},
1325  {"disable-hashing", 0, 0, 0},
1326  {"fatal-unittests", 0, 0, 0},
1327  {"unittests-coverage", 0, &coverage_unittests, 1},
1328  {"user", required_argument, 0, 0},
1329  {"group", required_argument, 0, 0},
1330  {"erf-in", required_argument, 0, 0},
1331  {"dag", required_argument, 0, 0},
1332  {"napatech", 0, 0, 0},
1333  {"build-info", 0, &build_info, 1},
1334  {"data-dir", required_argument, 0, 0},
1335 #ifdef WINDIVERT
1336  {"windivert", required_argument, 0, 0},
1337  {"windivert-forward", required_argument, 0, 0},
1338 #endif
1339 #ifdef HAVE_LIBNET11
1340  {"reject-dev", required_argument, 0, 0},
1341 #endif
1342  {"set", required_argument, 0, 0},
1343 #ifdef HAVE_NFLOG
1344  {"nflog", optional_argument, 0, 0},
1345 #endif
1346  {NULL, 0, NULL, 0}
1347  };
1348  // clang-format on
1349 
1350  /* getopt_long stores the option index here. */
1351  int option_index = 0;
1352 
1353  char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1354 
1355  while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1356  switch (opt) {
1357  case 0:
1358  if (strcmp((long_opts[option_index]).name , "pfring") == 0 ||
1359  strcmp((long_opts[option_index]).name , "pfring-int") == 0) {
1360 #ifdef HAVE_PFRING
1361  suri->run_mode = RUNMODE_PFRING;
1362  if (optarg != NULL) {
1363  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1364  strlcpy(suri->pcap_dev, optarg,
1365  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1366  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1367  LiveRegisterDeviceName(optarg);
1368  }
1369 #else
1370  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1371  "to pass --enable-pfring to configure when building.");
1372  return TM_ECODE_FAILED;
1373 #endif /* HAVE_PFRING */
1374  }
1375  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-id") == 0){
1376 #ifdef HAVE_PFRING
1377  if (ConfSetFinal("pfring.cluster-id", optarg) != 1) {
1378  fprintf(stderr, "ERROR: Failed to set pfring.cluster-id.\n");
1379  return TM_ECODE_FAILED;
1380  }
1381 #else
1382  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1383  "to pass --enable-pfring to configure when building.");
1384  return TM_ECODE_FAILED;
1385 #endif /* HAVE_PFRING */
1386  }
1387  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-type") == 0){
1388 #ifdef HAVE_PFRING
1389  if (ConfSetFinal("pfring.cluster-type", optarg) != 1) {
1390  fprintf(stderr, "ERROR: Failed to set pfring.cluster-type.\n");
1391  return TM_ECODE_FAILED;
1392  }
1393 #else
1394  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1395  "to pass --enable-pfring to configure when building.");
1396  return TM_ECODE_FAILED;
1397 #endif /* HAVE_PFRING */
1398  }
1399  else if (strcmp((long_opts[option_index]).name , "capture-plugin") == 0){
1400  suri->run_mode = RUNMODE_PLUGIN;
1401  suri->capture_plugin_name = optarg;
1402  }
1403  else if (strcmp((long_opts[option_index]).name , "capture-plugin-args") == 0){
1404  suri->capture_plugin_args = optarg;
1405  } else if (strcmp((long_opts[option_index]).name, "dpdk") == 0) {
1406  if (ParseCommandLineDpdk(suri, optarg) != TM_ECODE_OK) {
1407  return TM_ECODE_FAILED;
1408  }
1409  } else if (strcmp((long_opts[option_index]).name, "af-packet") == 0) {
1410  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1411  return TM_ECODE_FAILED;
1412  }
1413  } else if (strcmp((long_opts[option_index]).name, "netmap") == 0) {
1414 #ifdef HAVE_NETMAP
1415  if (suri->run_mode == RUNMODE_UNKNOWN) {
1416  suri->run_mode = RUNMODE_NETMAP;
1417  if (optarg) {
1418  LiveRegisterDeviceName(optarg);
1419  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1420  strlcpy(suri->pcap_dev, optarg,
1421  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1422  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1423  }
1424  } else if (suri->run_mode == RUNMODE_NETMAP) {
1425  if (optarg) {
1426  LiveRegisterDeviceName(optarg);
1427  } else {
1428  SCLogInfo("Multiple netmap option without interface on each is useless");
1429  break;
1430  }
1431  } else {
1432  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1433  "has been specified");
1434  PrintUsage(argv[0]);
1435  return TM_ECODE_FAILED;
1436  }
1437 #else
1438  SCLogError(SC_ERR_NO_NETMAP, "NETMAP not enabled.");
1439  return TM_ECODE_FAILED;
1440 #endif
1441  } else if (strcmp((long_opts[option_index]).name, "nflog") == 0) {
1442 #ifdef HAVE_NFLOG
1443  if (suri->run_mode == RUNMODE_UNKNOWN) {
1444  suri->run_mode = RUNMODE_NFLOG;
1445  LiveBuildDeviceListCustom("nflog", "group");
1446  }
1447 #else
1448  SCLogError(SC_ERR_NFLOG_NOSUPPORT, "NFLOG not enabled.");
1449  return TM_ECODE_FAILED;
1450 #endif /* HAVE_NFLOG */
1451  } else if (strcmp((long_opts[option_index]).name, "pcap") == 0) {
1452  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1453  return TM_ECODE_FAILED;
1454  }
1455  } else if (strcmp((long_opts[option_index]).name, "simulate-ips") == 0) {
1456  SCLogInfo("Setting IPS mode");
1457  EngineModeSetIPS();
1458  } else if (strcmp((long_opts[option_index]).name, "init-errors-fatal") == 0) {
1459  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1460  fprintf(stderr, "ERROR: Failed to set engine init-failure-fatal.\n");
1461  return TM_ECODE_FAILED;
1462  }
1463 #ifdef BUILD_UNIX_SOCKET
1464  } else if (strcmp((long_opts[option_index]).name , "unix-socket") == 0) {
1465  if (suri->run_mode == RUNMODE_UNKNOWN) {
1466  suri->run_mode = RUNMODE_UNIX_SOCKET;
1467  if (optarg) {
1468  if (ConfSetFinal("unix-command.filename", optarg) != 1) {
1469  fprintf(stderr, "ERROR: Failed to set unix-command.filename.\n");
1470  return TM_ECODE_FAILED;
1471  }
1472 
1473  }
1474  } else {
1475  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1476  "has been specified");
1477  PrintUsage(argv[0]);
1478  return TM_ECODE_FAILED;
1479  }
1480 #endif
1481  }
1482  else if(strcmp((long_opts[option_index]).name, "list-app-layer-protocols") == 0) {
1483  /* listing all supported app layer protocols */
1484  }
1485  else if(strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
1486 #ifdef UNITTESTS
1487  suri->run_mode = RUNMODE_LIST_UNITTEST;
1488 #else
1489  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1490  return TM_ECODE_FAILED;
1491 #endif /* UNITTESTS */
1492  } else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
1493  suri->run_mode = RUNMODE_LIST_RUNMODES;
1494  return TM_ECODE_OK;
1495  } else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
1496  if (optarg) {
1497  if (strcmp("short",optarg)) {
1498  suri->keyword_info = optarg;
1499  }
1500  }
1501  } else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
1502  suri->runmode_custom_mode = optarg;
1503  } else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
1504  // do nothing for now
1505  }
1506 #ifdef OS_WIN32
1507  else if(strcmp((long_opts[option_index]).name, "service-install") == 0) {
1508  suri->run_mode = RUNMODE_INSTALL_SERVICE;
1509  return TM_ECODE_OK;
1510  }
1511  else if(strcmp((long_opts[option_index]).name, "service-remove") == 0) {
1512  suri->run_mode = RUNMODE_REMOVE_SERVICE;
1513  return TM_ECODE_OK;
1514  }
1515  else if(strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
1516  suri->run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1517  return TM_ECODE_OK;
1518  }
1519 #endif /* OS_WIN32 */
1520  else if(strcmp((long_opts[option_index]).name, "pidfile") == 0) {
1521  suri->pid_filename = SCStrdup(optarg);
1522  if (suri->pid_filename == NULL) {
1523  SCLogError(SC_ERR_MEM_ALLOC, "strdup failed: %s",
1524  strerror(errno));
1525  return TM_ECODE_FAILED;
1526  }
1527  }
1528  else if(strcmp((long_opts[option_index]).name, "disable-detection") == 0) {
1529  g_detect_disabled = suri->disabled_detect = 1;
1530  } else if (strcmp((long_opts[option_index]).name, "disable-hashing") == 0) {
1531  g_disable_hashing = true;
1532  } else if (strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
1533 #ifdef UNITTESTS
1534  unittests_fatal = 1;
1535 #else
1536  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1537  return TM_ECODE_FAILED;
1538 #endif /* UNITTESTS */
1539  } else if (strcmp((long_opts[option_index]).name, "user") == 0) {
1540 #ifndef HAVE_LIBCAP_NG
1541  SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
1542  " drop privileges, but it was not compiled into Suricata.");
1543  return TM_ECODE_FAILED;
1544 #else
1545  suri->user_name = optarg;
1546  suri->do_setuid = TRUE;
1547 #endif /* HAVE_LIBCAP_NG */
1548  } else if (strcmp((long_opts[option_index]).name, "group") == 0) {
1549 #ifndef HAVE_LIBCAP_NG
1550  SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
1551  " drop privileges, but it was not compiled into Suricata.");
1552  return TM_ECODE_FAILED;
1553 #else
1554  suri->group_name = optarg;
1555  suri->do_setgid = TRUE;
1556 #endif /* HAVE_LIBCAP_NG */
1557  } else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) {
1558  suri->run_mode = RUNMODE_ERF_FILE;
1559  if (ConfSetFinal("erf-file.file", optarg) != 1) {
1560  fprintf(stderr, "ERROR: Failed to set erf-file.file\n");
1561  return TM_ECODE_FAILED;
1562  }
1563  } else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
1564 #ifdef HAVE_DAG
1565  if (suri->run_mode == RUNMODE_UNKNOWN) {
1566  suri->run_mode = RUNMODE_DAG;
1567  }
1568  else if (suri->run_mode != RUNMODE_DAG) {
1569  SCLogError(SC_ERR_MULTIPLE_RUN_MODE,
1570  "more than one run mode has been specified");
1571  PrintUsage(argv[0]);
1572  return TM_ECODE_FAILED;
1573  }
1574  LiveRegisterDeviceName(optarg);
1575 #else
1576  SCLogError(SC_ERR_DAG_REQUIRED, "libdag and a DAG card are required"
1577  " to receive packets using --dag.");
1578  return TM_ECODE_FAILED;
1579 #endif /* HAVE_DAG */
1580  } else if (strcmp((long_opts[option_index]).name, "napatech") == 0) {
1581 #ifdef HAVE_NAPATECH
1582  suri->run_mode = RUNMODE_NAPATECH;
1583 #else
1584  SCLogError(SC_ERR_NAPATECH_REQUIRED, "libntapi and a Napatech adapter are required"
1585  " to capture packets using --napatech.");
1586  return TM_ECODE_FAILED;
1587 #endif /* HAVE_NAPATECH */
1588  } else if (strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
1589 #ifdef HAVE_PCAP_SET_BUFF
1590  if (ConfSetFinal("pcap.buffer-size", optarg) != 1) {
1591  fprintf(stderr, "ERROR: Failed to set pcap-buffer-size.\n");
1592  return TM_ECODE_FAILED;
1593  }
1594 #else
1595  SCLogError(SC_ERR_NO_PCAP_SET_BUFFER_SIZE, "The version of libpcap you have"
1596  " doesn't support setting buffer size.");
1597 #endif /* HAVE_PCAP_SET_BUFF */
1598  } else if (strcmp((long_opts[option_index]).name, "build-info") == 0) {
1599  suri->run_mode = RUNMODE_PRINT_BUILDINFO;
1600  return TM_ECODE_OK;
1601  } else if (strcmp((long_opts[option_index]).name, "windivert-forward") == 0) {
1602 #ifdef WINDIVERT
1603  if (suri->run_mode == RUNMODE_UNKNOWN) {
1604  suri->run_mode = RUNMODE_WINDIVERT;
1605  if (WinDivertRegisterQueue(true, optarg) == -1) {
1606  exit(EXIT_FAILURE);
1607  }
1608  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1609  if (WinDivertRegisterQueue(true, optarg) == -1) {
1610  exit(EXIT_FAILURE);
1611  }
1612  } else {
1613  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1614  "has been specified");
1615  PrintUsage(argv[0]);
1616  exit(EXIT_FAILURE);
1617  }
1618  }
1619  else if(strcmp((long_opts[option_index]).name, "windivert") == 0) {
1620  if (suri->run_mode == RUNMODE_UNKNOWN) {
1621  suri->run_mode = RUNMODE_WINDIVERT;
1622  if (WinDivertRegisterQueue(false, optarg) == -1) {
1623  exit(EXIT_FAILURE);
1624  }
1625  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1626  if (WinDivertRegisterQueue(false, optarg) == -1) {
1627  exit(EXIT_FAILURE);
1628  }
1629  } else {
1630  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1631  "has been specified");
1632  PrintUsage(argv[0]);
1633  exit(EXIT_FAILURE);
1634  }
1635 #else
1636  SCLogError(SC_ERR_WINDIVERT_NOSUPPORT,"WinDivert not enabled. Make sure to pass --enable-windivert to configure when building.");
1637  return TM_ECODE_FAILED;
1638 #endif /* WINDIVERT */
1639  } else if(strcmp((long_opts[option_index]).name, "reject-dev") == 0) {
1640 #ifdef HAVE_LIBNET11
1641  BUG_ON(optarg == NULL); /* for static analysis */
1642  extern char *g_reject_dev;
1643  extern uint16_t g_reject_dev_mtu;
1644  g_reject_dev = optarg;
1645  int mtu = GetIfaceMTU(g_reject_dev);
1646  if (mtu > 0) {
1647  g_reject_dev_mtu = (uint16_t)mtu;
1648  }
1649 #else
1650  SCLogError(SC_ERR_LIBNET_NOT_ENABLED,
1651  "Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1652  return TM_ECODE_FAILED;
1653 #endif
1654  }
1655  else if (strcmp((long_opts[option_index]).name, "set") == 0) {
1656  if (optarg != NULL) {
1657  /* Quick validation. */
1658  char *val = strchr(optarg, '=');
1659  if (val == NULL) {
1660  FatalError(SC_ERR_FATAL,
1661  "Invalid argument for --set, must be key=val.");
1662  }
1663  if (!ConfSetFromString(optarg, 1)) {
1664  fprintf(stderr, "Failed to set configuration value %s.",
1665  optarg);
1666  exit(EXIT_FAILURE);
1667  }
1668  }
1669  }
1670  else if (strcmp((long_opts[option_index]).name, "pcap-file-continuous") == 0) {
1671  if (ConfSetFinal("pcap-file.continuous", "true") != 1) {
1672  SCLogError(SC_ERR_CMD_LINE, "Failed to set pcap-file.continuous");
1673  return TM_ECODE_FAILED;
1674  }
1675  }
1676  else if (strcmp((long_opts[option_index]).name, "pcap-file-delete") == 0) {
1677  if (ConfSetFinal("pcap-file.delete-when-done", "true") != 1) {
1678  SCLogError(SC_ERR_CMD_LINE, "Failed to set pcap-file.delete-when-done");
1679  return TM_ECODE_FAILED;
1680  }
1681  }
1682  else if (strcmp((long_opts[option_index]).name, "pcap-file-recursive") == 0) {
1683  if (ConfSetFinal("pcap-file.recursive", "true") != 1) {
1684  SCLogError(SC_ERR_CMD_LINE, "ERROR: Failed to set pcap-file.recursive");
1685  return TM_ECODE_FAILED;
1686  }
1687  }
1688  else if (strcmp((long_opts[option_index]).name, "data-dir") == 0) {
1689  if (optarg == NULL) {
1690  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -d");
1691  return TM_ECODE_FAILED;
1692  }
1693 
1694  if (ConfigSetDataDirectory(optarg) != TM_ECODE_OK) {
1695  SCLogError(SC_ERR_FATAL, "Failed to set data directory.");
1696  return TM_ECODE_FAILED;
1697  }
1698  if (ConfigCheckDataDirectory(optarg) != TM_ECODE_OK) {
1699  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The data directory \"%s\""
1700  " supplied at the commandline (-d %s) doesn't "
1701  "exist. Shutting down the engine.", optarg, optarg);
1702  return TM_ECODE_FAILED;
1703  }
1704  suri->set_datadir = true;
1705  } else if (strcmp((long_opts[option_index]).name , "strict-rule-keywords") == 0){
1706  if (optarg == NULL) {
1707  suri->strict_rule_parsing_string = SCStrdup("all");
1708  } else {
1709  suri->strict_rule_parsing_string = SCStrdup(optarg);
1710  }
1711  if (suri->strict_rule_parsing_string == NULL) {
1712  FatalError(SC_ERR_MEM_ALLOC, "failed to duplicate 'strict' string");
1713  }
1714  }
1715  break;
1716  case 'c':
1717  suri->conf_filename = optarg;
1718  break;
1719  case 'T':
1720  SCLogInfo("Running suricata under test mode");
1721  conf_test = 1;
1722  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1723  fprintf(stderr, "ERROR: Failed to set engine init-failure-fatal.\n");
1724  return TM_ECODE_FAILED;
1725  }
1726  break;
1727 #ifndef OS_WIN32
1728  case 'D':
1729  suri->daemon = 1;
1730  break;
1731 #endif /* OS_WIN32 */
1732  case 'h':
1733  suri->run_mode = RUNMODE_PRINT_USAGE;
1734  return TM_ECODE_OK;
1735  case 'i':
1736  if (optarg == NULL) {
1737  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -i");
1738  return TM_ECODE_FAILED;
1739  }
1740 #ifdef HAVE_AF_PACKET
1741  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1742  return TM_ECODE_FAILED;
1743  }
1744 #else /* not afpacket */
1745  /* warn user if netmap or pf-ring are available */
1746 #if defined HAVE_PFRING || HAVE_NETMAP
1747  int i = 0;
1748 #ifdef HAVE_PFRING
1749  i++;
1750 #endif
1751 #ifdef HAVE_NETMAP
1752  i++;
1753 #endif
1754  SCLogWarning(SC_WARN_FASTER_CAPTURE_AVAILABLE, "faster capture "
1755  "option%s %s available:"
1756 #ifdef HAVE_PFRING
1757  " PF_RING (--pfring-int=%s)"
1758 #endif
1759 #ifdef HAVE_NETMAP
1760  " NETMAP (--netmap=%s)"
1761 #endif
1762  ". Use --pcap=%s to suppress this warning",
1763  i == 1 ? "" : "s", i == 1 ? "is" : "are"
1764 #ifdef HAVE_PFRING
1765  , optarg
1766 #endif
1767 #ifdef HAVE_NETMAP
1768  , optarg
1769 #endif
1770  , optarg
1771  );
1772 #endif /* have faster methods */
1773  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1774  return TM_ECODE_FAILED;
1775  }
1776 #endif
1777  break;
1778  case 'l':
1779  if (optarg == NULL) {
1780  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -l");
1781  return TM_ECODE_FAILED;
1782  }
1783 
1784  if (ConfigSetLogDirectory(optarg) != TM_ECODE_OK) {
1785  SCLogError(SC_ERR_FATAL, "Failed to set log directory.");
1786  return TM_ECODE_FAILED;
1787  }
1788  if (ConfigCheckLogDirectoryExists(optarg) != TM_ECODE_OK) {
1789  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
1790  " supplied at the commandline (-l %s) doesn't "
1791  "exist. Shutting down the engine.", optarg, optarg);
1792  return TM_ECODE_FAILED;
1793  }
1794  if (!IsLogDirectoryWritable(optarg)) {
1795  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
1796  " supplied at the commandline (-l %s) is not "
1797  "writable. Shutting down the engine.", optarg, optarg);
1798  return TM_ECODE_FAILED;
1799  }
1800  suri->set_logdir = true;
1801 
1802  break;
1803  case 'q':
1804 #ifdef NFQ
1805  if (suri->run_mode == RUNMODE_UNKNOWN) {
1806  suri->run_mode = RUNMODE_NFQ;
1807  EngineModeSetIPS();
1808  if (NFQParseAndRegisterQueues(optarg) == -1)
1809  return TM_ECODE_FAILED;
1810  } else if (suri->run_mode == RUNMODE_NFQ) {
1811  if (NFQParseAndRegisterQueues(optarg) == -1)
1812  return TM_ECODE_FAILED;
1813  } else {
1814  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1815  "has been specified");
1816  PrintUsage(argv[0]);
1817  return TM_ECODE_FAILED;
1818  }
1819 #else
1820  SCLogError(SC_ERR_NFQ_NOSUPPORT,"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when building.");
1821  return TM_ECODE_FAILED;
1822 #endif /* NFQ */
1823  break;
1824  case 'd':
1825 #ifdef IPFW
1826  if (suri->run_mode == RUNMODE_UNKNOWN) {
1827  suri->run_mode = RUNMODE_IPFW;
1828  EngineModeSetIPS();
1829  if (IPFWRegisterQueue(optarg) == -1)
1830  return TM_ECODE_FAILED;
1831  } else if (suri->run_mode == RUNMODE_IPFW) {
1832  if (IPFWRegisterQueue(optarg) == -1)
1833  return TM_ECODE_FAILED;
1834  } else {
1835  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1836  "has been specified");
1837  PrintUsage(argv[0]);
1838  return TM_ECODE_FAILED;
1839  }
1840 #else
1841  SCLogError(SC_ERR_IPFW_NOSUPPORT,"IPFW not enabled. Make sure to pass --enable-ipfw to configure when building.");
1842  return TM_ECODE_FAILED;
1843 #endif /* IPFW */
1844  break;
1845  case 'r':
1846  BUG_ON(optarg == NULL); /* for static analysis */
1847  if (suri->run_mode == RUNMODE_UNKNOWN) {
1848  suri->run_mode = RUNMODE_PCAP_FILE;
1849  } else {
1850  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1851  "has been specified");
1852  PrintUsage(argv[0]);
1853  return TM_ECODE_FAILED;
1854  }
1855 #ifdef OS_WIN32
1856  struct _stat buf;
1857  if(_stat(optarg, &buf) != 0) {
1858 #else
1859  struct stat buf;
1860  if (stat(optarg, &buf) != 0) {
1861 #endif /* OS_WIN32 */
1862  SCLogError(SC_ERR_INITIALIZATION, "ERROR: Pcap file does not exist\n");
1863  return TM_ECODE_FAILED;
1864  }
1865  if (ConfSetFinal("pcap-file.file", optarg) != 1) {
1866  SCLogError(SC_ERR_INITIALIZATION, "ERROR: Failed to set pcap-file.file\n");
1867  return TM_ECODE_FAILED;
1868  }
1869 
1870  break;
1871  case 's':
1872  if (suri->sig_file != NULL) {
1873  SCLogError(SC_ERR_CMD_LINE, "can't have multiple -s options or mix -s and -S.");
1874  return TM_ECODE_FAILED;
1875  }
1876  suri->sig_file = optarg;
1877  break;
1878  case 'S':
1879  if (suri->sig_file != NULL) {
1880  SCLogError(SC_ERR_CMD_LINE, "can't have multiple -S options or mix -s and -S.");
1881  return TM_ECODE_FAILED;
1882  }
1883  suri->sig_file = optarg;
1884  suri->sig_file_exclusive = TRUE;
1885  break;
1886  case 'u':
1887 #ifdef UNITTESTS
1888  if (suri->run_mode == RUNMODE_UNKNOWN) {
1889  suri->run_mode = RUNMODE_UNITTEST;
1890  } else {
1891  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode has"
1892  " been specified");
1893  PrintUsage(argv[0]);
1894  return TM_ECODE_FAILED;
1895  }
1896 #else
1897  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1898  return TM_ECODE_FAILED;
1899 #endif /* UNITTESTS */
1900  break;
1901  case 'U':
1902 #ifdef UNITTESTS
1903  suri->regex_arg = optarg;
1904 
1905  if(strlen(suri->regex_arg) == 0)
1906  suri->regex_arg = NULL;
1907 #endif
1908  break;
1909  case 'V':
1910  suri->run_mode = RUNMODE_PRINT_VERSION;
1911  return TM_ECODE_OK;
1912  case 'F':
1913  if (optarg == NULL) {
1914  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -F");
1915  return TM_ECODE_FAILED;
1916  }
1917 
1918  SetBpfStringFromFile(optarg);
1919  break;
1920  case 'v':
1921  suri->verbose++;
1922  break;
1923  case 'k':
1924  if (optarg == NULL) {
1925  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -k");
1926  return TM_ECODE_FAILED;
1927  }
1928  if (!strcmp("all", optarg))
1929  suri->checksum_validation = 1;
1930  else if (!strcmp("none", optarg))
1931  suri->checksum_validation = 0;
1932  else {
1933  SCLogError(SC_ERR_INITIALIZATION, "option '%s' invalid for -k", optarg);
1934  return TM_ECODE_FAILED;
1935  }
1936  break;
1937  default:
1938  PrintUsage(argv[0]);
1939  return TM_ECODE_FAILED;
1940  }
1941  }
1942 
1943  if (suri->disabled_detect && suri->sig_file != NULL) {
1944  SCLogError(SC_ERR_INITIALIZATION, "can't use -s/-S when detection is disabled");
1945  return TM_ECODE_FAILED;
1946  }
1947 
1948  /* save the runmode from the commandline (if any) */
1949  suri->aux_run_mode = suri->run_mode;
1950 
1951  if (list_app_layer_protocols)
1952  suri->run_mode = RUNMODE_LIST_APP_LAYERS;
1953  if (list_keywords)
1954  suri->run_mode = RUNMODE_LIST_KEYWORDS;
1955  if (list_unittests)
1956  suri->run_mode = RUNMODE_LIST_UNITTEST;
1957  if (dump_config)
1958  suri->run_mode = RUNMODE_DUMP_CONFIG;
1959  if (dump_features)
1960  suri->run_mode = RUNMODE_DUMP_FEATURES;
1961  if (conf_test)
1962  suri->run_mode = RUNMODE_CONF_TEST;
1963  if (engine_analysis)
1964  suri->run_mode = RUNMODE_ENGINE_ANALYSIS;
1965 
1966  suri->offline = IsRunModeOffline(suri->run_mode);
1967  g_system = suri->system = IsRunModeSystem(suri->run_mode);
1968 
1969  ret = SetBpfString(optind, argv);
1970  if (ret != TM_ECODE_OK)
1971  return ret;
1972 
1973  return TM_ECODE_OK;
1974 }
1975 
1976 #ifdef OS_WIN32
1977 static int WindowsInitService(int argc, char **argv)
1978 {
1979  if (SCRunningAsService()) {
1980  char path[MAX_PATH];
1981  char *p = NULL;
1982  strlcpy(path, argv[0], MAX_PATH);
1983  if ((p = strrchr(path, '\\'))) {
1984  *p = '\0';
1985  }
1986  if (!SetCurrentDirectory(path)) {
1987  SCLogError(SC_ERR_FATAL, "Can't set current directory to: %s", path);
1988  return -1;
1989  }
1990  SCLogInfo("Current directory is set to: %s", path);
1991  SCServiceInit(argc, argv);
1992  }
1993 
1994  /* Windows socket subsystem initialization */
1995  WSADATA wsaData;
1996  if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
1997  SCLogError(SC_ERR_FATAL, "Can't initialize Windows sockets: %d", WSAGetLastError());
1998  return -1;
1999  }
2000 
2001  return 0;
2002 }
2003 #endif /* OS_WIN32 */
2004 
2005 static int MayDaemonize(SCInstance *suri)
2006 {
2007  if (suri->daemon == 1 && suri->pid_filename == NULL) {
2008  const char *pid_filename;
2009 
2010  if (ConfGet("pid-file", &pid_filename) == 1) {
2011  SCLogInfo("Use pid file %s from config file.", pid_filename);
2012  } else {
2013  pid_filename = DEFAULT_PID_FILENAME;
2014  }
2015  /* The pid file name may be in config memory, but is needed later. */
2016  suri->pid_filename = SCStrdup(pid_filename);
2017  if (suri->pid_filename == NULL) {
2018  SCLogError(SC_ERR_MEM_ALLOC, "strdup failed: %s", strerror(errno));
2019  return TM_ECODE_FAILED;
2020  }
2021  }
2022 
2023  if (suri->pid_filename != NULL && SCPidfileTestRunning(suri->pid_filename) != 0) {
2024  SCFree(suri->pid_filename);
2025  suri->pid_filename = NULL;
2026  return TM_ECODE_FAILED;
2027  }
2028 
2029  if (suri->daemon == 1) {
2030  Daemonize();
2031  }
2032 
2033  if (suri->pid_filename != NULL) {
2034  if (SCPidfileCreate(suri->pid_filename) != 0) {
2035  SCFree(suri->pid_filename);
2036  suri->pid_filename = NULL;
2037  SCLogError(SC_ERR_PIDFILE_DAEMON,
2038  "Unable to create PID file, concurrent run of"
2039  " Suricata can occur.");
2040  SCLogError(SC_ERR_PIDFILE_DAEMON,
2041  "PID file creation WILL be mandatory for daemon mode"
2042  " in future version");
2043  }
2044  }
2045 
2046  return TM_ECODE_OK;
2047 }
2048 
2049 /* Initialize the user and group Suricata is to run as. */
2050 static int InitRunAs(SCInstance *suri)
2051 {
2052 #ifndef OS_WIN32
2053  /* Try to get user/group to run suricata as if
2054  command line as not decide of that */
2055  if (suri->do_setuid == FALSE && suri->do_setgid == FALSE) {
2056  const char *id;
2057  if (ConfGet("run-as.user", &id) == 1) {
2058  suri->do_setuid = TRUE;
2059  suri->user_name = id;
2060  }
2061  if (ConfGet("run-as.group", &id) == 1) {
2062  suri->do_setgid = TRUE;
2063  suri->group_name = id;
2064  }
2065  }
2066  /* Get the suricata user ID to given user ID */
2067  if (suri->do_setuid == TRUE) {
2068  if (SCGetUserID(suri->user_name, suri->group_name,
2069  &suri->userid, &suri->groupid) != 0) {
2070  SCLogError(SC_ERR_UID_FAILED, "failed in getting user ID");
2071  return TM_ECODE_FAILED;
2072  }
2073 
2074  sc_set_caps = TRUE;
2075  /* Get the suricata group ID to given group ID */
2076  } else if (suri->do_setgid == TRUE) {
2077  if (SCGetGroupID(suri->group_name, &suri->groupid) != 0) {
2078  SCLogError(SC_ERR_GID_FAILED, "failed in getting group ID");
2079  return TM_ECODE_FAILED;
2080  }
2081 
2082  sc_set_caps = TRUE;
2083  }
2084 #endif
2085  return TM_ECODE_OK;
2086 }
2087 
2088 static int InitSignalHandler(SCInstance *suri)
2089 {
2090  /* registering signals we use */
2091 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2092  UtilSignalHandlerSetup(SIGINT, SignalHandlerSigint);
2093  UtilSignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
2094 #if HAVE_LIBUNWIND
2095  int enabled;
2096  if (ConfGetBool("logging.stacktrace-on-signal", &enabled) == 0) {
2097  enabled = 1;
2098  }
2099 
2100  if (enabled) {
2101  SCLogInfo("Preparing unexpected signal handling");
2102  struct sigaction stacktrace_action;
2103  memset(&stacktrace_action, 0, sizeof(stacktrace_action));
2104  stacktrace_action.sa_sigaction = SignalHandlerUnexpected;
2105  stacktrace_action.sa_flags = SA_SIGINFO;
2106  sigaction(SIGSEGV, &stacktrace_action, NULL);
2107  sigaction(SIGABRT, &stacktrace_action, NULL);
2108  }
2109 #endif /* HAVE_LIBUNWIND */
2110 #endif
2111 #ifndef OS_WIN32
2112  UtilSignalHandlerSetup(SIGHUP, SignalHandlerSigHup);
2113  UtilSignalHandlerSetup(SIGPIPE, SIG_IGN);
2114  UtilSignalHandlerSetup(SIGSYS, SIG_IGN);
2115 #endif /* OS_WIN32 */
2116 
2117  return TM_ECODE_OK;
2118 }
2119 
2120 /* initialization code for both the main modes and for
2121  * unix socket mode.
2122  *
2123  * Will be run once per pcap in unix-socket mode */
2124 void PreRunInit(const int runmode)
2125 {
2126  HttpRangeContainersInit();
2127  if (runmode == RUNMODE_UNIX_SOCKET)
2128  return;
2129 
2130  StatsInit();
2131 #ifdef PROFILING
2132  SCProfilingRulesGlobalInit();
2133  SCProfilingKeywordsGlobalInit();
2134  SCProfilingPrefilterGlobalInit();
2135  SCProfilingSghsGlobalInit();
2136  SCProfilingInit();
2137 #endif /* PROFILING */
2138  DefragInit();
2139  FlowInitConfig(FLOW_QUIET);
2140  IPPairInitConfig(FLOW_QUIET);
2141  StreamTcpInitConfig(STREAM_VERBOSE);
2142  AppLayerParserPostStreamSetup();
2143  AppLayerRegisterGlobalCounters();
2144  OutputFilestoreRegisterGlobalCounters();
2145 }
2146 
2147 /* tasks we need to run before packets start flowing,
2148  * but after we dropped privs */
2149 void PreRunPostPrivsDropInit(const int runmode)
2150 {
2151  StatsSetupPostConfigPreOutput();
2152  RunModeInitializeOutputs();
2153  DatasetsInit();
2154 
2155  if (runmode == RUNMODE_UNIX_SOCKET) {
2156  /* As the above did some necessary startup initialization, it
2157  * also setup some outputs where only one is allowed, so
2158  * deinitialize to the state that unix-mode does after every
2159  * pcap. */
2160  PostRunDeinit(RUNMODE_PCAP_FILE, NULL);
2161  return;
2162  }
2163 
2164  StatsSetupPostConfigPostOutput();
2165 }
2166 
2167 /* clean up / shutdown code for both the main modes and for
2168  * unix socket mode.
2169  *
2170  * Will be run once per pcap in unix-socket mode */
2171 void PostRunDeinit(const int runmode, struct timeval *start_time)
2172 {
2173  if (runmode == RUNMODE_UNIX_SOCKET)
2174  return;
2175 
2176  /* needed by FlowForceReassembly */
2177  PacketPoolInit();
2178 
2179  /* handle graceful shutdown of the flow engine, it's helper
2180  * threads and the packet threads */
2181  FlowDisableFlowManagerThread();
2182  TmThreadDisableReceiveThreads();
2183  FlowForceReassembly();
2184  TmThreadDisablePacketThreads();
2185  SCPrintElapsedTime(start_time);
2186  FlowDisableFlowRecyclerThread();
2187 
2188  /* kill the stats threads */
2189  TmThreadKillThreadsFamily(TVT_MGMT);
2190  TmThreadClearThreadsFamily(TVT_MGMT);
2191 
2192  /* kill packet threads -- already in 'disabled' state */
2193  TmThreadKillThreadsFamily(TVT_PPT);
2194  TmThreadClearThreadsFamily(TVT_PPT);
2195 
2196  PacketPoolDestroy();
2197 
2198  /* mgt and ppt threads killed, we can run non thread-safe
2199  * shutdown functions */
2200  StatsReleaseResources();
2201  DecodeUnregisterCounters();
2202  RunModeShutDown();
2203  FlowShutdown();
2204  IPPairShutdown();
2205  HostCleanup();
2206  StreamTcpFreeConfig(STREAM_VERBOSE);
2207  DefragDestroy();
2208 
2209  TmqResetQueues();
2210 #ifdef PROFILING
2211  if (profiling_rules_enabled)
2212  SCProfilingDump();
2213  SCProfilingDestroy();
2214 #endif
2215 }
2216 
2217 
2218 static int StartInternalRunMode(SCInstance *suri, int argc, char **argv)
2219 {
2220  /* Treat internal running mode */
2221  switch(suri->run_mode) {
2222  case RUNMODE_LIST_KEYWORDS:
2223  return ListKeywords(suri->keyword_info);
2224  case RUNMODE_LIST_APP_LAYERS:
2225  if (suri->conf_filename != NULL) {
2226  return ListAppLayerProtocols(suri->conf_filename);
2227  } else {
2228  return ListAppLayerProtocols(DEFAULT_CONF_FILE);
2229  }
2230  case RUNMODE_PRINT_VERSION:
2231  PrintVersion();
2232  return TM_ECODE_DONE;
2233  case RUNMODE_PRINT_BUILDINFO:
2234  PrintBuildInfo();
2235  return TM_ECODE_DONE;
2236  case RUNMODE_PRINT_USAGE:
2237  PrintUsage(argv[0]);
2238  return TM_ECODE_DONE;
2239  case RUNMODE_LIST_RUNMODES:
2240  RunModeListRunmodes();
2241  return TM_ECODE_DONE;
2242  case RUNMODE_LIST_UNITTEST:
2243  RunUnittests(1, suri->regex_arg);
2244  case RUNMODE_UNITTEST:
2245  RunUnittests(0, suri->regex_arg);
2246 #ifdef OS_WIN32
2247  case RUNMODE_INSTALL_SERVICE:
2248  if (SCServiceInstall(argc, argv)) {
2249  return TM_ECODE_FAILED;
2250  }
2251  SCLogInfo("Suricata service has been successfuly installed.");
2252  return TM_ECODE_DONE;
2253  case RUNMODE_REMOVE_SERVICE:
2254  if (SCServiceRemove(argc, argv)) {
2255  return TM_ECODE_FAILED;
2256  }
2257  SCLogInfo("Suricata service has been successfuly removed.");
2258  return TM_ECODE_DONE;
2259  case RUNMODE_CHANGE_SERVICE_PARAMS:
2260  if (SCServiceChangeParams(argc, argv)) {
2261  return TM_ECODE_FAILED;
2262  }
2263  SCLogInfo("Suricata service startup parameters has been successfuly changed.");
2264  return TM_ECODE_DONE;
2265 #endif /* OS_WIN32 */
2266  default:
2267  /* simply continue for other running mode */
2268  break;
2269  }
2270  return TM_ECODE_OK;
2271 }
2272 
2273 static int FinalizeRunMode(SCInstance *suri, char **argv)
2274 {
2275  switch (suri->run_mode) {
2276  case RUNMODE_UNKNOWN:
2277  PrintUsage(argv[0]);
2278  return TM_ECODE_FAILED;
2279  default:
2280  break;
2281  }
2282  /* Set the global run mode and offline flag. */
2283  run_mode = suri->run_mode;
2284 
2285  if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) {
2286  return TM_ECODE_FAILED;
2287  }
2288 
2289  return TM_ECODE_OK;
2290 }
2291 
2292 static void SetupDelayedDetect(SCInstance *suri)
2293 {
2294  /* In offline mode delayed init of detect is a bad idea */
2295  if (suri->offline) {
2296  suri->delayed_detect = 0;
2297  } else {
2298  if (ConfGetBool("detect.delayed-detect", &suri->delayed_detect) != 1) {
2299  ConfNode *denode = NULL;
2300  ConfNode *decnf = ConfGetNode("detect-engine");
2301  if (decnf != NULL) {
2302  TAILQ_FOREACH(denode, &decnf->head, next) {
2303  if (strcmp(denode->val, "delayed-detect") == 0) {
2304  (void)ConfGetChildValueBool(denode, "delayed-detect", &suri->delayed_detect);
2305  }
2306  }
2307  }
2308  }
2309  }
2310 
2311  SCLogConfig("Delayed detect %s", suri->delayed_detect ? "enabled" : "disabled");
2312  if (suri->delayed_detect) {
2313  SCLogInfo("Packets will start being processed before signatures are active.");
2314  }
2315 
2316 }
2317 
2318 static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri)
2319 {
2320  if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) {
2321  SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.");
2322  if (de_ctx->failure_fatal)
2323  return TM_ECODE_FAILED;
2324  }
2325 
2326  return TM_ECODE_OK;
2327 }
2328 
2329 static int ConfigGetCaptureValue(SCInstance *suri)
2330 {
2331  /* Pull the max pending packets from the config, if not found fall
2332  * back on a sane default. */
2333  if (ConfGetInt("max-pending-packets", &max_pending_packets) != 1)
2334  max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
2335  if (max_pending_packets >= 65535) {
2336  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2337  "Maximum max-pending-packets setting is 65534. "
2338  "Please check %s for errors", suri->conf_filename);
2339  return TM_ECODE_FAILED;
2340  }
2341 
2342  SCLogDebug("Max pending packets set to %"PRIiMAX, max_pending_packets);
2343 
2344  /* Pull the default packet size from the config, if not found fall
2345  * back on a sane default. */
2346  const char *temp_default_packet_size;
2347  if ((ConfGet("default-packet-size", &temp_default_packet_size)) != 1) {
2348  int mtu = 0;
2349  int lthread;
2350  int nlive;
2351  int strip_trailing_plus = 0;
2352  switch (suri->run_mode) {
2353 #ifdef WINDIVERT
2354  case RUNMODE_WINDIVERT:
2355  /* by default, WinDivert collects from all devices */
2356  mtu = GetGlobalMTUWin32();
2357 
2358  if (mtu > 0) {
2359  g_default_mtu = mtu;
2360  /* SLL_HEADER_LEN is the longest header + 8 for VLAN */
2361  default_packet_size = mtu + SLL_HEADER_LEN + 8;
2362  break;
2363  }
2364 
2365  g_default_mtu = DEFAULT_MTU;
2366  default_packet_size = DEFAULT_PACKET_SIZE;
2367  break;
2368 #endif /* WINDIVERT */
2369  case RUNMODE_NETMAP:
2370  /* in netmap igb0+ has a special meaning, however the
2371  * interface really is igb0 */
2372  strip_trailing_plus = 1;
2373  /* fall through */
2374  case RUNMODE_PCAP_DEV:
2375  case RUNMODE_AFP_DEV:
2376  case RUNMODE_PFRING:
2377  nlive = LiveGetDeviceNameCount();
2378  for (lthread = 0; lthread < nlive; lthread++) {
2379  const char *live_dev = LiveGetDeviceNameName(lthread);
2380  char dev[128]; /* need to be able to support GUID names on Windows */
2381  (void)strlcpy(dev, live_dev, sizeof(dev));
2382 
2383  if (strip_trailing_plus) {
2384  size_t len = strlen(dev);
2385  if (len &&
2386  (dev[len-1] == '+' ||
2387  dev[len-1] == '^' ||
2388  dev[len-1] == '*'))
2389  {
2390  dev[len-1] = '\0';
2391  }
2392  }
2393  mtu = GetIfaceMTU(dev);
2394  g_default_mtu = MAX(mtu, g_default_mtu);
2395 
2396  unsigned int iface_max_packet_size = GetIfaceMaxPacketSize(dev);
2397  if (iface_max_packet_size > default_packet_size)
2398  default_packet_size = iface_max_packet_size;
2399  }
2400  if (default_packet_size)
2401  break;
2402  /* fall through */
2403  default:
2404  g_default_mtu = DEFAULT_MTU;
2405  default_packet_size = DEFAULT_PACKET_SIZE;
2406  }
2407  } else {
2408  if (ParseSizeStringU32(temp_default_packet_size, &default_packet_size) < 0) {
2409  SCLogError(SC_ERR_SIZE_PARSE, "Error parsing max-pending-packets "
2410  "from conf file - %s. Killing engine",
2411  temp_default_packet_size);
2412  return TM_ECODE_FAILED;
2413  }
2414  }
2415 
2416  SCLogDebug("Default packet size set to %"PRIu32, default_packet_size);
2417 
2418  return TM_ECODE_OK;
2419 }
2420 
2421 static void PostRunStartedDetectSetup(const SCInstance *suri)
2422 {
2423 #ifndef OS_WIN32
2424  /* registering signal handlers we use. We setup usr2 here, so that one
2425  * can't call it during the first sig load phase or while threads are still
2426  * starting up. */
2427  if (DetectEngineEnabled() && suri->delayed_detect == 0) {
2428  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2429  UtilSignalUnblock(SIGUSR2);
2430  }
2431 #endif
2432  if (suri->delayed_detect) {
2433  /* force 'reload', this will load the rules and swap engines */
2434  DetectEngineReload(suri);
2435  SCLogNotice("Signature(s) loaded, Detect thread(s) activated.");
2436 #ifndef OS_WIN32
2437  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2438  UtilSignalUnblock(SIGUSR2);
2439 #endif
2440  }
2441 }
2442 
2443 void PostConfLoadedDetectSetup(SCInstance *suri)
2444 {
2445  DetectEngineCtx *de_ctx = NULL;
2446  if (!suri->disabled_detect) {
2447  SCClassConfInit();
2448  SCReferenceConfInit();
2449  SetupDelayedDetect(suri);
2450  int mt_enabled = 0;
2451  (void)ConfGetBool("multi-detect.enabled", &mt_enabled);
2452  int default_tenant = 0;
2453  if (mt_enabled)
2454  (void)ConfGetBool("multi-detect.default", &default_tenant);
2455  if (DetectEngineMultiTenantSetup() == -1) {
2456  FatalError(SC_ERR_FATAL, "initializing multi-detect "
2457  "detection engine contexts failed.");
2458  }
2459  if (suri->delayed_detect && suri->run_mode != RUNMODE_CONF_TEST) {
2460  de_ctx = DetectEngineCtxInitStubForDD();
2461  } else if (mt_enabled && !default_tenant && suri->run_mode != RUNMODE_CONF_TEST) {
2462  de_ctx = DetectEngineCtxInitStubForMT();
2463  } else {
2464  de_ctx = DetectEngineCtxInit();
2465  }
2466  if (de_ctx == NULL) {
2467  FatalError(SC_ERR_FATAL, "initializing detection engine "
2468  "context failed.");
2469  }
2470 
2471  if (de_ctx->type == DETECT_ENGINE_TYPE_NORMAL) {
2472  if (LoadSignatures(de_ctx, suri) != TM_ECODE_OK)
2473  exit(EXIT_FAILURE);
2474  }
2475 
2476  gettimeofday(&de_ctx->last_reload, NULL);
2477  DetectEngineAddToMaster(de_ctx);
2478  DetectEngineBumpVersion();
2479  }
2480 }
2481 
2482 static int PostDeviceFinalizedSetup(SCInstance *suri)
2483 {
2484  SCEnter();
2485 
2486 #ifdef HAVE_AF_PACKET
2487  if (suri->run_mode == RUNMODE_AFP_DEV) {
2488  if (AFPRunModeIsIPS()) {
2489  SCLogInfo("AF_PACKET: Setting IPS mode");
2490  EngineModeSetIPS();
2491  }
2492  }
2493 #endif
2494 #ifdef HAVE_NETMAP
2495  if (suri->run_mode == RUNMODE_NETMAP) {
2496  if (NetmapRunModeIsIPS()) {
2497  SCLogInfo("Netmap: Setting IPS mode");
2498  EngineModeSetIPS();
2499  }
2500  }
2501 #endif
2502 
2503  SCReturnInt(TM_ECODE_OK);
2504 }
2505 
2506 static void PostConfLoadedSetupHostMode(void)
2507 {
2508  const char *hostmode = NULL;
2509 
2510  if (ConfGetValue("host-mode", &hostmode) == 1) {
2511  if (!strcmp(hostmode, "router")) {
2512  host_mode = SURI_HOST_IS_ROUTER;
2513  } else if (!strcmp(hostmode, "sniffer-only")) {
2514  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2515  } else {
2516  if (strcmp(hostmode, "auto") != 0) {
2517  WarnInvalidConfEntry("host-mode", "%s", "auto");
2518  }
2519  if (EngineModeIsIPS()) {
2520  host_mode = SURI_HOST_IS_ROUTER;
2521  } else {
2522  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2523  }
2524  }
2525  } else {
2526  if (EngineModeIsIPS()) {
2527  host_mode = SURI_HOST_IS_ROUTER;
2528  SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
2529  "default setting 'router'");
2530  } else {
2531  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2532  SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
2533  "default setting 'sniffer-only'");
2534  }
2535  }
2536 
2537 }
2538 
2539 static void SetupUserMode(SCInstance *suri)
2540 {
2541  /* apply 'user mode' config updates here */
2542  if (suri->system == false) {
2543  if (suri->set_logdir == false) {
2544  /* override log dir to current work dir" */
2545  if (ConfigSetLogDirectory((char *)".") != TM_ECODE_OK) {
2546  FatalError(SC_ERR_LOGDIR_CONFIG, "could not set USER mode logdir");
2547  }
2548  }
2549  if (suri->set_datadir == false) {
2550  /* override data dir to current work dir" */
2551  if (ConfigSetDataDirectory((char *)".") != TM_ECODE_OK) {
2552  FatalError(SC_ERR_LOGDIR_CONFIG, "could not set USER mode datadir");
2553  }
2554  }
2555  }
2556 }
2557 
2558 /**
2559  * This function is meant to contain code that needs
2560  * to be run once the configuration has been loaded.
2561  */
2562 int PostConfLoadedSetup(SCInstance *suri)
2563 {
2564  /* do this as early as possible #1577 #1955 */
2565 #ifdef HAVE_LUAJIT
2566  if (LuajitSetupStatesPool() != 0) {
2567  SCReturnInt(TM_ECODE_FAILED);
2568  }
2569 #endif
2570 
2571  /* load the pattern matchers */
2572  MpmTableSetup();
2573  SpmTableSetup();
2574 
2575  int disable_offloading;
2576  if (ConfGetBool("capture.disable-offloading", &disable_offloading) == 0)
2577  disable_offloading = 1;
2578  if (disable_offloading) {
2579  LiveSetOffloadDisable();
2580  } else {
2581  LiveSetOffloadWarn();
2582  }
2583 
2584  if (suri->checksum_validation == -1) {
2585  const char *cv = NULL;
2586  if (ConfGetValue("capture.checksum-validation", &cv) == 1) {
2587  if (strcmp(cv, "none") == 0) {
2588  suri->checksum_validation = 0;
2589  } else if (strcmp(cv, "all") == 0) {
2590  suri->checksum_validation = 1;
2591  }
2592  }
2593  }
2594  switch (suri->checksum_validation) {
2595  case 0:
2596  ConfSet("stream.checksum-validation", "0");
2597  break;
2598  case 1:
2599  ConfSet("stream.checksum-validation", "1");
2600  break;
2601  }
2602 
2603  if (suri->runmode_custom_mode) {
2604  ConfSet("runmode", suri->runmode_custom_mode);
2605  }
2606 
2607  StorageInit();
2608 #ifdef HAVE_PACKET_EBPF
2609  if (suri->run_mode == RUNMODE_AFP_DEV) {
2610  EBPFRegisterExtension();
2611  LiveDevRegisterExtension();
2612  }
2613 #endif
2614  RegisterFlowBypassInfo();
2615 
2616  MacSetRegisterFlowStorage();
2617 
2618  AppLayerSetup();
2619 
2620  /* Suricata will use this umask if provided. By default it will use the
2621  umask passed on from the shell. */
2622  const char *custom_umask;
2623  if (ConfGet("umask", &custom_umask) == 1) {
2624  uint16_t mask;
2625  if (StringParseUint16(&mask, 8, strlen(custom_umask),
2626  custom_umask) > 0) {
2627  umask((mode_t)mask);
2628  }
2629  }
2630 
2631 
2632  if (ConfigGetCaptureValue(suri) != TM_ECODE_OK) {
2633  SCReturnInt(TM_ECODE_FAILED);
2634  }
2635 
2636 #ifdef NFQ
2637  if (suri->run_mode == RUNMODE_NFQ)
2638  NFQInitConfig(false);
2639 #endif
2640 
2641  /* Load the Host-OS lookup. */
2642  SCHInfoLoadFromConfig();
2643 
2644  if (suri->run_mode == RUNMODE_ENGINE_ANALYSIS) {
2645  SCLogInfo("== Carrying out Engine Analysis ==");
2646  const char *temp = NULL;
2647  if (ConfGet("engine-analysis", &temp) == 0) {
2648  SCLogInfo("no engine-analysis parameter(s) defined in conf file. "
2649  "Please define/enable them in the conf to use this "
2650  "feature.");
2651  SCReturnInt(TM_ECODE_FAILED);
2652  }
2653  }
2654 
2655  /* hardcoded initialization code */
2656  SigTableSetup(); /* load the rule keywords */
2657  SigTableApplyStrictCommandlineOption(suri->strict_rule_parsing_string);
2658  TmqhSetup();
2659 
2660  CIDRInit();
2661 
2662  TagInitCtx();
2663  PacketAlertTagInit();
2664  ThresholdInit();
2665  HostBitInitCtx();
2666  IPPairBitInitCtx();
2667 
2668  if (DetectAddressTestConfVars() < 0) {
2669  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2670  "basic address vars test failed. Please check %s for errors",
2671  suri->conf_filename);
2672  SCReturnInt(TM_ECODE_FAILED);
2673  }
2674  if (DetectPortTestConfVars() < 0) {
2675  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2676  "basic port vars test failed. Please check %s for errors",
2677  suri->conf_filename);
2678  SCReturnInt(TM_ECODE_FAILED);
2679  }
2680 
2681  FeatureTrackingRegister(); /* must occur prior to output mod registration */
2682  RegisterAllModules();
2683 #ifdef HAVE_PLUGINS
2684  SCPluginsLoad(suri->capture_plugin_name, suri->capture_plugin_args);
2685 #endif
2686  AppLayerHtpNeedFileInspection();
2687 
2688  StorageFinalize();
2689 
2690  TmModuleRunInit();
2691 
2692  if (MayDaemonize(suri) != TM_ECODE_OK)
2693  SCReturnInt(TM_ECODE_FAILED);
2694 
2695  if (InitSignalHandler(suri) != TM_ECODE_OK)
2696  SCReturnInt(TM_ECODE_FAILED);
2697 
2698  /* Check for the existance of the default logging directory which we pick
2699  * from suricata.yaml. If not found, shut the engine down */
2700  suri->log_dir = ConfigGetLogDirectory();
2701 
2702  if (ConfigCheckLogDirectoryExists(suri->log_dir) != TM_ECODE_OK) {
2703  SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
2704  "supplied by %s (default-log-dir) doesn't exist. "
2705  "Shutting down the engine", suri->log_dir, suri->conf_filename);
2706  SCReturnInt(TM_ECODE_FAILED);
2707  }
2708  if (!IsLogDirectoryWritable(suri->log_dir)) {
2709  SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
2710  "supplied by %s (default-log-dir) is not writable. "
2711  "Shutting down the engine", suri->log_dir, suri->conf_filename);
2712  SCReturnInt(TM_ECODE_FAILED);
2713  }
2714 
2715  if (suri->disabled_detect) {
2716  SCLogConfig("detection engine disabled");
2717  /* disable raw reassembly */
2718  (void)ConfSetFinal("stream.reassembly.raw", "false");
2719  }
2720 
2721  HostInitConfig(HOST_VERBOSE);
2722 
2723  CoredumpLoadConfig();
2724 
2725  DecodeGlobalConfig();
2726 
2727  LiveDeviceFinalize();
2728 
2729  /* set engine mode if L2 IPS */
2730  if (PostDeviceFinalizedSetup(suri) != TM_ECODE_OK) {
2731  exit(EXIT_FAILURE);
2732  }
2733 
2734  /* hostmode depends on engine mode being set */
2735  PostConfLoadedSetupHostMode();
2736 
2737  PreRunInit(suri->run_mode);
2738 
2739  SCReturnInt(TM_ECODE_OK);
2740 }
2741 
2742 static void SuricataMainLoop(SCInstance *suri)
2743 {
2744  while(1) {
2745  if (sigterm_count || sigint_count) {
2746  suricata_ctl_flags |= SURICATA_STOP;
2747  }
2748 
2749  if (suricata_ctl_flags & SURICATA_STOP) {
2750  SCLogNotice("Signal Received. Stopping engine.");
2751  break;
2752  }
2753 
2754  TmThreadCheckThreadState();
2755 
2756  if (sighup_count > 0) {
2757  OutputNotifyFileRotation();
2758  sighup_count--;
2759  }
2760 
2761  if (sigusr2_count > 0) {
2762  if (!(DetectEngineReloadIsStart())) {
2763  DetectEngineReloadStart();
2764  DetectEngineReload(suri);
2765  DetectEngineReloadSetIdle();
2766  sigusr2_count--;
2767  }
2768 
2769  } else if (DetectEngineReloadIsStart()) {
2770  DetectEngineReload(suri);
2771  DetectEngineReloadSetIdle();
2772  }
2773 
2774  usleep(10* 1000);
2775  }
2776 }
2777 
2778 /**
2779  * \brief Global initialization common to all runmodes.
2780  *
2781  * This can be used by fuzz targets.
2782  */
2783 
2784 int InitGlobal(void) {
2785  suricata_context.SCLogMessage = SCLogMessage;
2786  suricata_context.DetectEngineStateFree = DetectEngineStateFree;
2787  suricata_context.AppLayerDecoderEventsSetEventRaw = AppLayerDecoderEventsSetEventRaw;
2788  suricata_context.AppLayerDecoderEventsFreeEvents = AppLayerDecoderEventsFreeEvents;
2789  suricata_context.AppLayerParserTriggerRawStreamReassembly =
2790  AppLayerParserTriggerRawStreamReassembly;
2791 
2792  suricata_context.HttpRangeFreeBlock = HttpRangeFreeBlock;
2793  suricata_context.HTPFileCloseHandleRange = HTPFileCloseHandleRange;
2794 
2795  suricata_context.FileOpenFileWithId = FileOpenFileWithId;
2796  suricata_context.FileCloseFileById = FileCloseFileById;
2797  suricata_context.FileAppendDataById = FileAppendDataById;
2798  suricata_context.FileAppendGAPById = FileAppendGAPById;
2799  suricata_context.FileContainerRecycle = FileContainerRecycle;
2800  suricata_context.FilePrune = FilePrune;
2801  suricata_context.FileSetTx = FileContainerSetTx;
2802 
2803  suricata_context.AppLayerRegisterParser = AppLayerRegisterParser;
2804 
2805  rs_init(&suricata_context);
2806 
2807  SC_ATOMIC_INIT(engine_stage);
2808 
2809  /* initialize the logging subsys */
2810  SCLogInitLogModule(NULL);
2811 
2812  (void)SCSetThreadName("Suricata-Main");
2813 
2814  /* Ignore SIGUSR2 as early as possble. We redeclare interest
2815  * once we're done launching threads. The goal is to either die
2816  * completely or handle any and all SIGUSR2s correctly.
2817  */
2818 #ifndef OS_WIN32
2819  UtilSignalHandlerSetup(SIGUSR2, SIG_IGN);
2820  if (UtilSignalBlock(SIGUSR2)) {
2821  SCLogError(SC_ERR_INITIALIZATION, "SIGUSR2 initialization error");
2822  return EXIT_FAILURE;
2823  }
2824 #endif
2825 
2826  ParseSizeInit();
2827  RunModeRegisterRunModes();
2828 
2829  /* Initialize the configuration module. */
2830  ConfInit();
2831 
2832  return 0;
2833 }
2834 
2835 int SuricataMain(int argc, char **argv)
2836 {
2837  SCInstanceInit(&suricata, argv[0]);
2838 
2839  if (InitGlobal() != 0) {
2840  exit(EXIT_FAILURE);
2841  }
2842 
2843 #ifdef OS_WIN32
2844  /* service initialization */
2845  if (WindowsInitService(argc, argv) != 0) {
2846  exit(EXIT_FAILURE);
2847  }
2848 #endif /* OS_WIN32 */
2849 
2850  if (ParseCommandLine(argc, argv, &suricata) != TM_ECODE_OK) {
2851  exit(EXIT_FAILURE);
2852  }
2853 
2854  if (FinalizeRunMode(&suricata, argv) != TM_ECODE_OK) {
2855  exit(EXIT_FAILURE);
2856  }
2857 
2858  switch (StartInternalRunMode(&suricata, argc, argv)) {
2859  case TM_ECODE_DONE:
2860  exit(EXIT_SUCCESS);
2861  case TM_ECODE_FAILED:
2862  exit(EXIT_FAILURE);
2863  }
2864 
2865  /* Initializations for global vars, queues, etc (memsets, mutex init..) */
2866  GlobalsInitPreConfig();
2867 
2868  /* Load yaml configuration file if provided. */
2869  if (LoadYamlConfig(&suricata) != TM_ECODE_OK) {
2870  exit(EXIT_FAILURE);
2871  }
2872 
2873  if (suricata.run_mode == RUNMODE_DUMP_CONFIG) {
2874  ConfDump();
2875  exit(EXIT_SUCCESS);
2876  }
2877 
2878  int vlan_tracking = 1;
2879  if (ConfGetBool("vlan.use-for-tracking", &vlan_tracking) == 1 && !vlan_tracking) {
2880  /* Ignore vlan_ids when comparing flows. */
2881  g_vlan_mask = 0x0000;
2882  }
2883  SCLogDebug("vlan tracking is %s", vlan_tracking == 1 ? "enabled" : "disabled");
2884 
2885  SetupUserMode(&suricata);
2886  InitRunAs(&suricata);
2887 
2888  /* Since our config is now loaded we can finish configurating the
2889  * logging module. */
2890  SCLogLoadConfig(suricata.daemon, suricata.verbose, suricata.userid, suricata.groupid);
2891 
2892  LogVersion(&suricata);
2893  UtilCpuPrintSummary();
2894 
2895  if (ParseInterfacesList(suricata.aux_run_mode, suricata.pcap_dev) != TM_ECODE_OK) {
2896  exit(EXIT_FAILURE);
2897  }
2898 
2899  if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) {
2900  exit(EXIT_FAILURE);
2901  }
2902 
2903  SCDropMainThreadCaps(suricata.userid, suricata.groupid);
2904 
2905  /* Re-enable coredumps after privileges are dropped. */
2906  CoredumpEnable();
2907 
2908  PreRunPostPrivsDropInit(suricata.run_mode);
2909 
2910  PostConfLoadedDetectSetup(&suricata);
2911  if (suricata.run_mode == RUNMODE_ENGINE_ANALYSIS) {
2912  goto out;
2913  } else if (suricata.run_mode == RUNMODE_CONF_TEST){
2914  SCLogNotice("Configuration provided was successfully loaded. Exiting.");
2915  goto out;
2916  } else if (suricata.run_mode == RUNMODE_DUMP_FEATURES) {
2917  FeatureDump();
2918  goto out;
2919  }
2920 
2921  SCSetStartTime(&suricata);
2922  RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode,
2923  suricata.capture_plugin_name, suricata.capture_plugin_args);
2924  if (suricata.run_mode != RUNMODE_UNIX_SOCKET) {
2925  UnixManagerThreadSpawnNonRunmode();
2926  }
2927 
2928  /* Wait till all the threads have been initialized */
2929  if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) {
2930  FatalError(SC_ERR_FATAL, "Engine initialization failed, "
2931  "aborting...");
2932  }
2933 
2934  SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
2935  PacketPoolPostRunmodes();
2936 
2937  /* Un-pause all the paused threads */
2938  TmThreadContinueThreads();
2939 
2940  PostRunStartedDetectSetup(&suricata);
2941 
2942  SCPledge();
2943  SuricataMainLoop(&suricata);
2944 
2945  /* Update the engine stage/status flag */
2946  SC_ATOMIC_SET(engine_stage, SURICATA_DEINIT);
2947 
2948  UnixSocketKillSocketThread();
2949  PostRunDeinit(suricata.run_mode, &suricata.start_time);
2950  /* kill remaining threads */
2951  TmThreadKillThreads();
2952 
2953 out:
2954  GlobalsDestroy(&suricata);
2955 
2956  exit(EXIT_SUCCESS);
2957 }
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1074
util-byte.h
host.h
tm-threads.h
ConfGetInt
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:436
TmModuleUnixManagerRegister
void TmModuleUnixManagerRegister(void)
Definition: unix-manager.c:1259
profiling_rules_enabled
int profiling_rules_enabled
Definition: util-profiling-rules.c:81
SuricataContext_::DetectEngineStateFree
void(* DetectEngineStateFree)(DetectEngineState *)
Definition: rust-context.h:36
source-nflog.h
TagInitCtx
void TagInitCtx(void)
Definition: detect-engine-tag.c:51
TmModuleReceiveIPFWRegister
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
Definition: source-ipfw.c:150
flow-bypass.h
len
uint8_t len
Definition: app-layer-dnp3.h:2
SCReferenceConfDeinit
void SCReferenceConfDeinit(void)
Definition: util-reference-config.c:77
ippair.h
app-layer-htp-range.h
AppLayerHtpNeedFileInspection
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
Definition: app-layer-htp.c:502
SCInstance_::run_mode
enum RunModes run_mode
Definition: suricata.h:124
detect-engine.h
StringParseUint16
int StringParseUint16(uint16_t *res, int base, uint16_t len, const char *str)
Definition: util-byte.c:336
source-pcap.h
SCInstance_::groupid
uint32_t groupid
Definition: suricata.h:142
RUNMODE_UNIX_SOCKET
@ RUNMODE_UNIX_SOCKET
Definition: runmodes.h:42
g_system
bool g_system
Definition: suricata.c:225
SCReferenceConfInit
void SCReferenceConfInit(void)
Definition: util-reference-config.c:56
host-storage.h
SCInstance_::daemon
int daemon
Definition: suricata.h:150
max_pending_packets
intmax_t max_pending_packets
Definition: suricata.c:214
SuricataContext_::SCLogMessage
SCError(* SCLogMessage)(const SCLogLevel, const char *, const unsigned int, const char *, const SCError, const char *message)
Definition: rust-context.h:34
app-layer-ssh.h
IPPairInitConfig
void IPPairInitConfig(bool quiet)
initialize the configuration
Definition: ippair.c:168
SCLogInitLogModule
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
Definition: util-debug.c:1303
SLL_HEADER_LEN
#define SLL_HEADER_LEN
Definition: decode-sll.h:27
SCInstance_::checksum_validation
int checksum_validation
Definition: suricata.h:153
SC_ERR_DAG_REQUIRED
@ SC_ERR_DAG_REQUIRED
Definition: util-error.h:201
app-layer-register.h
SC_ERR_WINDIVERT_NOSUPPORT
@ SC_ERR_WINDIVERT_NOSUPPORT
Definition: util-error.h:346
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:4283
RUNMODE_UNITTEST
@ RUNMODE_UNITTEST
Definition: runmodes.h:40
StorageInit
void StorageInit(void)
Definition: util-storage.c:67
SCInstance_::start_time
struct timeval start_time
Definition: suricata.h:155
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:315
FileAppendGAPById
int FileAppendGAPById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer...
Definition: util-file.c:775
SCThresholdConfGlobalFree
void SCThresholdConfGlobalFree(void)
Definition: util-threshold-config.c:156
source-pcap-file.h
AFPPeersListClean
void AFPPeersListClean()
Clean the global peers list.
Definition: source-af-packet.c:578
ConfNode_::val
char * val
Definition: conf.h:34
CLS
#define CLS
Definition: suricata-common.h:45
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as an boolen.
Definition: conf.c:516
RUNMODE_DPDK
@ RUNMODE_DPDK
Definition: runmodes.h:39
stream-tcp.h
DetectEngineCtx_::type
enum DetectEngineType type
Definition: detect.h:935
DetectEnginePruneFreeList
void DetectEnginePruneFreeList(void)
Definition: detect-engine.c:4374
RUNMODE_UNKNOWN
@ RUNMODE_UNKNOWN
Definition: runmodes.h:28
SuricataContext_::AppLayerDecoderEventsSetEventRaw
void(* AppLayerDecoderEventsSetEventRaw)(AppLayerDecoderEvents **, uint8_t)
Definition: rust-context.h:37
SCInstance_::group_name
const char * group_name
Definition: suricata.h:137
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:387
runmode-unittests.h
SigTableApplyStrictCommandlineOption
void SigTableApplyStrictCommandlineOption(const char *str)
Definition: detect-parse.c:306
TmqhSetup
void TmqhSetup(void)
Definition: tm-queuehandlers.c:39
SC_ERR_GID_FAILED
@ SC_ERR_GID_FAILED
Definition: util-error.h:188
RUNMODE_PRINT_BUILDINFO
@ RUNMODE_PRINT_BUILDINFO
Definition: runmodes.h:50
DetectEngineCtxInitStubForDD
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
Definition: detect-engine.c:2392
LiveDevRegisterExtension
void LiveDevRegisterExtension(void)
Definition: util-device.c:493
SC_ERR_NFQ_NOSUPPORT
@ SC_ERR_NFQ_NOSUPPORT
Definition: util-error.h:97
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
AppLayerHtpPrintStats
void AppLayerHtpPrintStats(void)
Definition: app-layer-htp.c:2988
StatsSetupPostConfigPreOutput
void StatsSetupPostConfigPreOutput(void)
Definition: counters.c:876
SCInstance_::runmode_custom_mode
char * runmode_custom_mode
Definition: suricata.h:134
util-coredump-config.h
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:444
TmModuleReceiveNFQRegister
void TmModuleReceiveNFQRegister(void)
Definition: source-nfq.c:167
LiveBuildDeviceList
int LiveBuildDeviceList(const char *runmode)
Definition: util-device.c:308
util-lua.h
RunModeShutDown
void RunModeShutDown(void)
Definition: runmodes.c:548
AppLayerParserTriggerRawStreamReassembly
void AppLayerParserTriggerRawStreamReassembly(Flow *f, int direction)
Definition: app-layer-parser.c:1474
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:84
DEFAULT_MTU
#define DEFAULT_MTU
Definition: decode.h:636
ippair-bit.h
RunModeDispatch
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
Definition: runmodes.c:290
SC_ERR_NOT_SUPPORTED
@ SC_ERR_NOT_SUPPORTED
Definition: util-error.h:257
SuricataContext_::AppLayerDecoderEventsFreeEvents
void(* AppLayerDecoderEventsFreeEvents)(AppLayerDecoderEvents **)
Definition: rust-context.h:39
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:175
threads.h
SuricataContext_::HttpRangeFreeBlock
void(* HttpRangeFreeBlock)(HttpRangeContainerBlock *)
Definition: rust-context.h:42
RUNMODE_LIST_RUNMODES
@ RUNMODE_LIST_RUNMODES
Definition: runmodes.h:48
sigint_count
volatile sig_atomic_t sigint_count
Definition: suricata.c:184
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
TmModuleRunDeInit
void TmModuleRunDeInit(void)
Definition: tm-modules.c:146
RegisterFlowBypassInfo
void RegisterFlowBypassInfo(void)
Definition: flow-util.c:238
SCSetThreadName
#define SCSetThreadName(n)
Definition: threads.h:303
SC_ERR_NO_PCAP_SET_BUFFER_SIZE
@ SC_ERR_NO_PCAP_SET_BUFFER_SIZE
Definition: util-error.h:59
SCLogDeInitLogModule
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
Definition: util-debug.c:1517
util-pidfile.h
TmModuleDecodeErfFileRegister
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
Definition: source-erf-file.c:97
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:801
DetectEngineReloadSetIdle
void DetectEngineReloadSetIdle(void)
Definition: detect-engine.c:1915
SCInstance_::userid
uint32_t userid
Definition: suricata.h:141
RUNMODE_ERF_FILE
@ RUNMODE_ERF_FILE
Definition: runmodes.h:35
source-windivert-prototypes.h
SC_ERR_IPFW_NOSUPPORT
@ SC_ERR_IPFW_NOSUPPORT
Definition: util-error.h:109
DetectEngineGetCurrent
DetectEngineCtx * DetectEngineGetCurrent(void)
Definition: detect-engine.c:3582
TmModuleFlowRecyclerRegister
void TmModuleFlowRecyclerRegister(void)
Definition: flow-manager.c:1326
packet-queue.h
Daemonize
void Daemonize(void)
Daemonize the process.
Definition: util-daemon.c:101
UtilSignalHandlerSetup
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
Definition: util-signal.c:60
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:253
TmModuleDecodeAFPRegister
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
Definition: source-af-packet.c:596
RUNMODE_NFLOG
@ RUNMODE_NFLOG
Definition: runmodes.h:33
TmModuleDecodeWinDivertRegister
void TmModuleDecodeWinDivertRegister(void)
Definition: source-windivert.c:74
SURICATA_STOP
#define SURICATA_STOP
Definition: suricata.h:90
FlowForceReassembly
void FlowForceReassembly(void)
Force reassembly for all the flows that have unprocessed segments.
Definition: flow-timeout.c:423
DetectEngineAddToMaster
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4307
TmModuleStatsLoggerRegister
void TmModuleStatsLoggerRegister(void)
Definition: output-stats.c:197
RegisterAllModules
void RegisterAllModules(void)
Definition: suricata.c:895
ENGINE_MODE_IPS
@ ENGINE_MODE_IPS
Definition: suricata.h:104
SCGetUserID
int SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
Definition: util-privs.c:149
RUNMODE_PCAP_DEV
@ RUNMODE_PCAP_DEV
Definition: runmodes.h:29
flow-bit.h
SupportFastPatternForSigMatchTypes
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
Definition: detect-fast-pattern.c:144
ConfDump
void ConfDump(void)
Dump configuration to stdout.
Definition: conf.c:779
rust.h
SCPledge
#define SCPledge(...)
Definition: util-privs.h:100
CheckValidDaemonModes
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
Definition: util-daemon.c:171
AppLayerDecoderEventsFreeEvents
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
Definition: app-layer-events.c:148
SCClassConfDeinit
void SCClassConfDeinit(void)
Definition: util-classification-config.c:85
LiveGetDeviceNameName
const char * LiveGetDeviceNameName(int number)
Get a pointer to the pre device name at idx.
Definition: util-device.c:218
ConfSetFinal
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:298
unittests_fatal
int unittests_fatal
Definition: util-unittest.c:52
TmThreadDisableReceiveThreads
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
Definition: tm-threads.c:1386
StatsInit
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
Definition: counters.c:864
util-privs.h
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:2124
RUNMODE_LIST_KEYWORDS
@ RUNMODE_LIST_KEYWORDS
Definition: runmodes.h:46
SURICATA_DONE
#define SURICATA_DONE
Definition: suricata.h:92
SuricataContext_::AppLayerRegisterParser
int(* AppLayerRegisterParser)(const struct AppLayerParser *p, AppProto alproto)
Definition: rust-context.h:59
MacSetRegisterFlowStorage
void MacSetRegisterFlowStorage(void)
Definition: util-macset.c:61
SCInstance_::conf_filename
const char * conf_filename
Definition: suricata.h:159
RUNMODE_NAPATECH
@ RUNMODE_NAPATECH
Definition: runmodes.h:41
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:371
TmModuleReceiveNetmapRegister
void TmModuleReceiveNetmapRegister(void)
Definition: source-netmap.c:73
PacketPoolPostRunmodes
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
Definition: tmqh-packetpool.c:512
NFQInitConfig
void NFQInitConfig(bool quiet)
To initialize the NFQ global configuration data.
Definition: source-nfq.c:204
TmModuleReceiveWinDivertRegister
void TmModuleReceiveWinDivertRegister(void)
Definition: source-windivert.c:61
app-layer-ftp.h
MAX
#define MAX(x, y)
Definition: suricata-common.h:376
TmModuleReceivePfringRegister
void TmModuleReceivePfringRegister(void)
Registration Function for RecievePfring.
Definition: source-pfring.c:161
HOST_VERBOSE
#define HOST_VERBOSE
Definition: host.h:92
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:83
SCProfilingDestroy
void SCProfilingDestroy(void)
Free resources used by profiling.
Definition: util-profiling.c:268
IsRunModeOffline
bool IsRunModeOffline(enum RunModes run_mode_to_check)
Definition: runmodes.c:530
SuricataContext_::FileSetTx
void(* FileSetTx)(FileContainer *, uint64_t)
Definition: rust-context.h:57
RunModeInitializeOutputs
void RunModeInitializeOutputs(void)
Definition: runmodes.c:748
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1169
SCThresholdConfGlobalInit
void SCThresholdConfGlobalInit(void)
Definition: util-threshold-config.c:104
DecodeUnregisterCounters
void DecodeUnregisterCounters(void)
Definition: decode.c:485
SCInstance_::capture_plugin_name
const char * capture_plugin_name
Definition: suricata.h:162
SURI_HOST_IS_SNIFFER_ONLY
@ SURI_HOST_IS_SNIFFER_ONLY
Definition: suricata.h:114
RUNMODE_DAG
@ RUNMODE_DAG
Definition: runmodes.h:36
HostBitInitCtx
void HostBitInitCtx(void)
Definition: host-bit.c:49
EngineMode
EngineMode
Definition: suricata.h:102
SCInstance_::set_datadir
bool set_datadir
Definition: suricata.h:146
tmqh-packetpool.h
FileContainerSetTx
void FileContainerSetTx(FileContainer *ffc, uint64_t tx_id)
Definition: util-file.c:575
g_ut_covered
int g_ut_covered
Definition: suricata.c:893
util-unittest.h
SCInstance_::capture_plugin_args
const char * capture_plugin_args
Definition: suricata.h:163
TmModuleLoggerRegister
void TmModuleLoggerRegister(void)
Definition: output.c:1020
SURI_HOST_IS_ROUTER
@ SURI_HOST_IS_ROUTER
Definition: suricata.h:115
TmThreadDisablePacketThreads
void TmThreadDisablePacketThreads(void)
Disable all packet threads.
Definition: tm-threads.c:1514
host_mode
uint8_t host_mode
Definition: suricata.c:211
RUNMODE_NETMAP
@ RUNMODE_NETMAP
Definition: runmodes.h:38
util-unittest-helper.h
RUNMODE_DUMP_FEATURES
@ RUNMODE_DUMP_FEATURES
Definition: runmodes.h:61
FeatureDump
void FeatureDump(void)
Definition: feature.c:142
PacketPoolInit
void PacketPoolInit(void)
Definition: tmqh-packetpool.c:302
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:82
AppLayerDeSetup
int AppLayerDeSetup(void)
De initializes the app layer.
Definition: app-layer.c:866
TmThreadContinueThreads
void TmThreadContinueThreads()
Unpauses all threads present in tv_root.
Definition: tm-threads.c:1843
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
app-layer-htp-file.h
PcapTranslateIPToDevice
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
Definition: source-pcap.c:649
FlowDisableFlowRecyclerThread
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
Definition: flow-manager.c:1252
ParseSizeInit
void ParseSizeInit(void)
Definition: util-misc.c:35
GetIfaceMaxPacketSize
int GetIfaceMaxPacketSize(const char *pcap_dev)
output max packet size for a link
Definition: util-ioctl.c:132
TmModuleDecodePcapFileRegister
void TmModuleDecodePcapFileRegister(void)
Definition: source-pcap-file.c:125
TmModuleBypassedFlowManagerRegister
void TmModuleBypassedFlowManagerRegister(void)
Definition: flow-bypass.c:214
IPPairShutdown
void IPPairShutdown(void)
shutdown the flow engine
Definition: ippair.c:300
source-erf-dag.h
util-signal.h
DetectParseFreeRegexes
void DetectParseFreeRegexes(void)
Definition: detect-parse.c:2487
SC_ERR_UID_FAILED
@ SC_ERR_UID_FAILED
Definition: util-error.h:187
SC_ERR_SIZE_PARSE
@ SC_ERR_SIZE_PARSE
Definition: util-error.h:230
TmModuleDecodeNFLOGRegister
void TmModuleDecodeNFLOGRegister(void)
Definition: source-nflog.c:54
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:330
NFQParseAndRegisterQueues
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
Definition: source-nfq.c:860
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:523
AppLayerSetup
int AppLayerSetup(void)
Setup the app layer.
Definition: app-layer.c:851
FeatureTrackingRegister
void FeatureTrackingRegister(void)
Definition: feature.c:150
TmModuleReceiveDPDKRegister
void TmModuleReceiveDPDKRegister(void)
Definition: source-dpdk.c:47
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition: stream-tcp.c:365
util-cidr.h
FilePrune
void FilePrune(FileContainer *ffc)
Definition: util-file.c:391
app-layer-htp.h
UnixManagerThreadSpawnNonRunmode
void UnixManagerThreadSpawnNonRunmode(void)
Definition: unix-manager.c:1252
IsRunModeSystem
bool IsRunModeSystem(enum RunModes run_mode_to_check)
Definition: runmodes.c:517
datasets.h
TmModuleDecodeNetmapRegister
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
Definition: source-netmap.c:83
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2149
feature.h
decode.h
util-device.h
util-debug.h
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4323
sigterm_count
volatile sig_atomic_t sigterm_count
Definition: suricata.c:186
run_mode
int run_mode
Definition: suricata.c:203
source-nfq.h
SC_ERR_CMD_LINE
@ SC_ERR_CMD_LINE
Definition: util-error.h:227
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
TmThreadWaitOnThreadInit
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
Definition: tm-threads.c:1913
TmModuleVerdictNFQRegister
void TmModuleVerdictNFQRegister(void)
Definition: source-nfq.c:182
ConfYamlLoadFile
int ConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
Definition: conf-yaml-loader.c:440
RUNMODE_CONF_TEST
@ RUNMODE_CONF_TEST
Definition: runmodes.h:53
AppLayerRegisterGlobalCounters
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
Definition: app-layer.c:928
RunModeListRunmodes
void RunModeListRunmodes(void)
Lists all registered runmodes.
Definition: runmodes.c:247
RUNMODE_PRINT_USAGE
@ RUNMODE_PRINT_USAGE
Definition: runmodes.h:51
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
RUNMODE_LIST_APP_LAYERS
@ RUNMODE_LIST_APP_LAYERS
Definition: runmodes.h:47
util-cpu.h
suricata
SCInstance suricata
Definition: suricata.c:243
LiveSetOffloadDisable
void LiveSetOffloadDisable(void)
Definition: util-device.c:70
app-layer-dnp3.h
StatsSetupPostConfigPostOutput
void StatsSetupPostConfigPostOutput(void)
Definition: counters.c:881
TVT_MGMT
@ TVT_MGMT
Definition: tm-threads-common.h:90
EngineModeSetIDS
void EngineModeSetIDS(void)
Definition: suricata.c:265
SpmTableSetup
void SpmTableSetup(void)
Definition: util-spm.c:123
TmModuleReceiveAFPRegister
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
Definition: source-af-packet.c:378
LiveBuildDeviceListCustom
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
Definition: util-device.c:313
UnixSocketKillSocketThread
void UnixSocketKillSocketThread(void)
Definition: unix-manager.c:1247
TmModuleVerdictIPFWRegister
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
Definition: source-ipfw.c:171
flow-worker.h
SuricataContext_::FileAppendDataById
int(* FileAppendDataById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Definition: rust-context.h:51
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:276
HttpRangeContainersInit
void HttpRangeContainersInit(void)
Definition: app-layer-htp-range.c:150
util-reference-config.h
source-napatech.h
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:981
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:148
TmModuleVerdictWinDivertRegister
void TmModuleVerdictWinDivertRegister(void)
Definition: source-windivert.c:68
SCInstance_::progname
const char * progname
Definition: suricata.h:158
HostCleanup
void HostCleanup(void)
Cleanup the host engine.
Definition: host.c:343
SCEnter
#define SCEnter(...)
Definition: util-debug.h:300
FlowDisableFlowManagerThread
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
Definition: flow-manager.c:140
detect-engine-mpm.h
util-ebpf.h
SCInstance_::pcap_dev
char pcap_dev[128]
Definition: suricata.h:127
detect.h
SuricataMain
int SuricataMain(int argc, char **argv)
Definition: suricata.c:2835
UtilSignalUnblock
int UtilSignalUnblock(int signum)
Definition: util-signal.c:46
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3549
pkt-var.h
TmThreadClearThreadsFamily
void TmThreadClearThreadsFamily(int family)
Definition: tm-threads.c:1695
SC_ERR_PIDFILE_DAEMON
@ SC_ERR_PIDFILE_DAEMON
Definition: util-error.h:186
TmModuleRunInit
void TmModuleRunInit(void)
Definition: tm-modules.c:128
detect-engine-port.h
EngineModeSetIPS
void EngineModeSetIPS(void)
Definition: suricata.c:260
util-atomic.h
SCInstance_::user_name
const char * user_name
Definition: suricata.h:136
HTPAtExitPrintStats
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
Definition: app-layer-htp.c:2021
util-time.h
UtilSignalBlock
int UtilSignalBlock(int signum)
Definition: util-signal.c:29
SCProfilingPrefilterGlobalInit
void SCProfilingPrefilterGlobalInit(void)
Definition: util-profiling-prefilter.c:63
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2562
GetProgramVersion
const char * GetProgramVersion(void)
get string with program version
Definition: suricata.c:1115
engine_analysis
int engine_analysis
app-layer-parser.h
SC_ERR_LIBCAP_NG_REQUIRED
@ SC_ERR_LIBCAP_NG_REQUIRED
Definition: util-error.h:190
TRUE
#define TRUE
Definition: suricata-common.h:33
SCGetGroupID
int SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
Definition: util-privs.c:213
TmModuleReceivePcapFileRegister
void TmModuleReceivePcapFileRegister(void)
Definition: source-pcap-file.c:112
source-pfring.h
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:281
SuricataContext_::FileCloseFileById
int(* FileCloseFileById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: rust-context.h:49
CoredumpLoadConfig
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
Definition: util-coredump-config.c:85
detect-engine-tag.h
IPFWRegisterQueue
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
Definition: source-ipfw.c:701
xstr
#define xstr(s)
Definition: suricata-common.h:271
util-profiling.h
util-rule-vars.h
FALSE
#define FALSE
Definition: suricata-common.h:34
AFPRunModeIsIPS
int AFPRunModeIsIPS()
Definition: runmode-af-packet.c:693
ListAppLayerProtocols
int ListAppLayerProtocols(const char *conf_filename)
Definition: util-running-modes.c:42
SCInstance_::offline
int offline
Definition: suricata.h:151
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:736
UtilCpuPrintSummary
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
Definition: util-cpu.c:169
TmThreadKillThreads
void TmThreadKillThreads(void)
Definition: tm-threads.c:1623
SC_ERR_FOPEN
@ SC_ERR_FOPEN
Definition: util-error.h:74
OutputDeregisterAll
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
Definition: output.c:801
PostConfLoadedDetectSetup
void PostConfLoadedDetectSetup(SCInstance *suri)
Definition: suricata.c:2443
EngineModeIsIDS
int EngineModeIsIDS(void)
Definition: suricata.c:255
TmModuleNapatechDecodeRegister
void TmModuleNapatechDecodeRegister(void)
Register the Napatech decoder module.
Definition: source-napatech.c:160
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:33
SuricataContext_::AppLayerParserTriggerRawStreamReassembly
void(* AppLayerParserTriggerRawStreamReassembly)(Flow *, int direction)
Definition: rust-context.h:40
conf-yaml-loader.h
SC_WARN_FASTER_CAPTURE_AVAILABLE
@ SC_WARN_FASTER_CAPTURE_AVAILABLE
Definition: util-error.h:308
coverage_unittests
int coverage_unittests
Definition: suricata.c:891
RUNMODE_DUMP_CONFIG
@ RUNMODE_DUMP_CONFIG
Definition: runmodes.h:52
SURICATA_DEINIT
@ SURICATA_DEINIT
Definition: suricata.h:98
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:791
conf.h
source-ipfw.h
TMM_SIZE
@ TMM_SIZE
Definition: tm-threads-common.h:77
source-netmap.h
OutputNotifyFileRotation
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
Definition: output.c:872
util-magic.h
StorageFinalize
int StorageFinalize(void)
Definition: util-storage.c:139
SCInstance_::verbose
int verbose
Definition: suricata.h:152
util-radix-tree.h
TmEcode
TmEcode
Definition: tm-threads-common.h:81
source-windivert.h
FileOpenFileWithId
int FileOpenFileWithId(FileContainer *ffc, const StreamingBufferConfig *sbcfg, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags)
Open a new File.
Definition: util-file.c:920
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:641
SCInstance_::aux_run_mode
enum RunModes aux_run_mode
Definition: suricata.h:125
LiveGetDeviceNameCount
int LiveGetDeviceNameCount(void)
Get the number of pre registered devices.
Definition: util-device.c:198
util-plugin.h
flow-timeout.h
DEFAULT_PID_FILENAME
#define DEFAULT_PID_FILENAME
Definition: suricata.h:84
reputation.h
util-action.h
sighup_count
volatile sig_atomic_t sighup_count
Definition: suricata.c:185
ConfigSetDataDirectory
TmEcode ConfigSetDataDirectory(char *name)
Definition: util-conf.c:68
TmModuleDecodeErfDagRegister
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
Definition: source-erf-dag.c:150
SCInstance_::set_logdir
bool set_logdir
Definition: suricata.h:145
SCDropMainThreadCaps
#define SCDropMainThreadCaps(...)
Definition: util-privs.h:38
TmModuleDebugList
void TmModuleDebugList(void)
Definition: tm-modules.c:35
TmModuleDecodeNFQRegister
void TmModuleDecodeNFQRegister(void)
Definition: source-nfq.c:190
util-proto-name.h
STREAM_VERBOSE
#define STREAM_VERBOSE
Definition: stream-tcp.h:33
defrag.h
MpmTableSetup
void MpmTableSetup(void)
Definition: util-mpm.c:215
SCInstance_::log_dir
const char * log_dir
Definition: suricata.h:157
runmodes.h
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:271
source-nfq-prototypes.h
FileAppendDataById
int FileAppendDataById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer...
Definition: util-file.c:744
SCPluginsLoad
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args)
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:217
TmModuleReceiveNFLOGRegister
void TmModuleReceiveNFLOGRegister(void)
Definition: source-nflog.c:48
SC_ERR_INVALID_YAML_CONF_ENTRY
@ SC_ERR_INVALID_YAML_CONF_ENTRY
Definition: util-error.h:169
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:97
SCLogMessage
SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigned int line, const char *function, const SCError error_code, const char *message)
Adds the global log_format to the outgoing buffer.
Definition: util-debug.c:535
DEFAULT_PACKET_SIZE
#define DEFAULT_PACKET_SIZE
Definition: decode.h:639
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:37
DetectEngineStateFree
void DetectEngineStateFree(DetectEngineState *state)
Frees a DetectEngineState object.
Definition: detect-engine-state.c:173
util-host-os-info.h
TmModuleReceiveErfFileRegister
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-file.c:79
TmModule_
Definition: tm-modules.h:43
default_packet_size
uint32_t default_packet_size
Definition: decode.c:72
tm-queuehandlers.h
SuricataContext_::FilePrune
void(* FilePrune)(FileContainer *ffc)
Definition: rust-context.h:56
DETECT_ENGINE_TYPE_NORMAL
@ DETECT_ENGINE_TYPE_NORMAL
Definition: detect.h:788
PROG_NAME
#define PROG_NAME
Definition: suricata.h:71
TmThreadKillThreadsFamily
void TmThreadKillThreadsFamily(int family)
Definition: tm-threads.c:1594
detect-fast-pattern.h
FeatureTrackingRelease
void FeatureTrackingRelease(void)
Definition: feature.c:134
SuricataContext_::FileAppendGAPById
int(* FileAppendGAPById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Definition: rust-context.h:53
app-layer-enip.h
TmqhCleanup
void TmqhCleanup(void)
Clean up registration time allocs.
Definition: tm-queuehandlers.c:49
util-dpdk.h
RUNMODE_PFRING
@ RUNMODE_PFRING
Definition: runmodes.h:31
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition: stream-tcp.c:670
source-dpdk.h
SC_ERR_NO_RULES_LOADED
@ SC_ERR_NO_RULES_LOADED
Definition: util-error.h:73
flow-manager.h
DecodeGlobalConfig
void DecodeGlobalConfig(void)
Definition: decode.c:770
SCInstance_::strict_rule_parsing_string
char * strict_rule_parsing_string
Definition: suricata.h:160
SuriHasSigFile
int SuriHasSigFile(void)
Definition: suricata.c:245
suricata-common.h
g_default_mtu
int g_default_mtu
Definition: suricata.c:223
sc_set_caps
int sc_set_caps
Definition: suricata.c:220
DetectEngineCtxInitStubForMT
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
Definition: detect-engine.c:2387
tm-queues.h
util-daemon.h
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:651
SCHInfoLoadFromConfig
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
Definition: util-host-os-info.c:333
DetectEngineBumpVersion
void DetectEngineBumpVersion(void)
Definition: detect-engine.c:3573
util-decode-mime.h
AppLayerDecoderEventsSetEventRaw
void AppLayerDecoderEventsSetEventRaw(AppLayerDecoderEvents **sevents, uint8_t event)
Set an app layer decoder event.
Definition: app-layer-events.c:89
SC_ERR_PCAP_TRANSLATE
@ SC_ERR_PCAP_TRANSLATE
Definition: util-error.h:233
TmModuleFlowManagerRegister
void TmModuleFlowManagerRegister(void)
Definition: flow-manager.c:1312
util-spm.h
SCPidfileTestRunning
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
Definition: util-pidfile.c:105
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:257
HostShutdown
void HostShutdown(void)
shutdown the flow engine
Definition: host.c:305
DOC_URL
#define DOC_URL
Definition: suricata.h:86
output-filestore.h
TmModuleDecodePfringRegister
void TmModuleDecodePfringRegister(void)
Registration Function for DecodePfring.
Definition: source-pfring.c:177
LiveSetOffloadWarn
void LiveSetOffloadWarn(void)
Definition: util-device.c:75
ParseSizeDeinit
void ParseSizeDeinit(void)
Definition: util-misc.c:55
util-classification-config.h
RunModeRegisterRunModes
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
Definition: runmodes.c:220
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(x,...)
Definition: util-debug.h:532
ConfGetChildValueBool
int ConfGetChildValueBool(const ConfNode *base, const char *name, int *val)
Definition: conf.c:529
SCProfilingDump
void SCProfilingDump(void)
Definition: util-profiling.c:294
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:444
SCInstance_::sig_file
char * sig_file
Definition: suricata.h:128
SC_ERR_NO_AF_PACKET
@ SC_ERR_NO_AF_PACKET
Definition: util-error.h:225
ParseSizeStringU32
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:183
SC_ERR_BPF
@ SC_ERR_BPF
Definition: util-error.h:157
TmModuleReceiveErfDagRegister
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-dag.c:132
DetectEngineMultiTenantSetup
int DetectEngineMultiTenantSetup(void)
setup multi-detect / multi-tenancy
Definition: detect-engine.c:3957
IPPairBitInitCtx
void IPPairBitInitCtx(void)
Definition: ippair-bit.c:49
SCClassConfInit
void SCClassConfInit(void)
Definition: util-classification-config.c:64
RunmodeGetCurrent
int RunmodeGetCurrent(void)
Definition: suricata.c:280
ConfigSetLogDirectory
TmEcode ConfigSetLogDirectory(const char *name)
Definition: util-conf.c:30
CIDRInit
void CIDRInit(void)
Definition: util-cidr.c:31
threadvars.h
TmModuleDecodeIPFWRegister
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
Definition: source-ipfw.c:186
source-af-packet.h
RUNMODE_NFQ
@ RUNMODE_NFQ
Definition: runmodes.h:32
ConfSetFromString
int ConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
Definition: conf.c:244
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
g_vlan_mask
uint16_t g_vlan_mask
Definition: suricata.c:236
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:113
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:625
sigusr2_count
volatile sig_atomic_t sigusr2_count
Definition: suricata.c:187
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:55
RUNMODE_PRINT_VERSION
@ RUNMODE_PRINT_VERSION
Definition: runmodes.h:49
TmModuleDecodePcapRegister
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
Definition: source-pcap.c:147
util-running-modes.h
HttpRangeFreeBlock
void HttpRangeFreeBlock(HttpRangeContainerBlock *b)
Definition: app-layer-htp-range.c:605
unix-manager.h
LiveDeviceListClean
int LiveDeviceListClean()
Definition: util-device.c:348
str
#define str(s)
Definition: suricata-common.h:272
ConfigCheckDataDirectory
TmEcode ConfigCheckDataDirectory(const char *data_dir)
Definition: util-conf.c:101
SCInstance_::sig_file_exclusive
int sig_file_exclusive
Definition: suricata.h:129
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:217
ConfigGetLogDirectory
const char * ConfigGetLogDirectory()
Definition: util-conf.c:35
DetectEngineReloadStart
int DetectEngineReloadStart(void)
Definition: detect-engine.c:1889
SC_ERR_NO_NETMAP
@ SC_ERR_NO_NETMAP
Definition: util-error.h:294
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:244
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DEFAULT_CONF_FILE
#define DEFAULT_CONF_FILE
Definition: suricata.h:80
ConfNode_
Definition: conf.h:32
SC_LOG_MAX_LOG_MSG_LEN
#define SC_LOG_MAX_LOG_MSG_LEN
Definition: util-debug.h:86
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:273
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
TmModuleReceivePcapRegister
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
Definition: source-pcap.c:130
util-ioctl.h
detect-parse.h
SCInstance_::system
bool system
Definition: suricata.h:144
SCInstance_::pid_filename
char * pid_filename
Definition: suricata.h:130
TmModuleRespondRejectRegister
void TmModuleRespondRejectRegister(void)
Definition: respond-reject.c:49
CoredumpEnable
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
Definition: util-coredump-config.c:53
RunUnittests
void RunUnittests(int list_unittests, const char *regex_arg)
Definition: runmode-unittests.c:217
source-erf-file.h
ConfigCheckLogDirectoryExists
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
Definition: util-conf.c:53
TimeDeinit
void TimeDeinit(void)
Definition: util-time.c:85
PacketAlertTagInit
void PacketAlertTagInit(void)
Definition: detect-engine-alert.c:37
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2397
AppLayerRegisterParser
int AppLayerRegisterParser(const struct AppLayerParser *p, AppProto alproto)
App layer protocol registration function.
Definition: app-layer-register.c:94
tmqh-flow.h
RUNMODE_WINDIVERT
@ RUNMODE_WINDIVERT
Definition: runmodes.h:43
SCProfilingRulesGlobalInit
void SCProfilingRulesGlobalInit(void)
Definition: util-profiling-rules.c:114
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:250
SuricataContext_::HTPFileCloseHandleRange
void(* HTPFileCloseHandleRange)(FileContainer *, const uint16_t, HttpRangeContainerBlock *, const uint8_t *, uint32_t)
Definition: rust-context.h:43
SC_ERR_MEM_ALLOC
@ SC_ERR_MEM_ALLOC
Definition: util-error.h:31
TmModuleNapatechStreamRegister
void TmModuleNapatechStreamRegister(void)
Register the Napatech receiver (reader) module.
Definition: source-napatech.c:128
SCProfilingKeywordsGlobalInit
void SCProfilingKeywordsGlobalInit(void)
Definition: util-profiling-keywords.c:69
suricata.h
ConfGetValue
int ConfGetValue(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:359
SC_ERR_NFLOG_NOSUPPORT
@ SC_ERR_NFLOG_NOSUPPORT
Definition: util-error.h:278
EngineDone
void EngineDone(void)
Used to indicate that the current task is done.
Definition: suricata.c:455
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:42
app-layer-smb.h
GetDocURL
const char * GetDocURL(void)
Definition: suricata.c:1094
util-mpm-hs.h
SC_ERR_LOGDIR_CMDLINE
@ SC_ERR_LOGDIR_CMDLINE
Definition: util-error.h:147
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
Definition: suricata.c:2171
HostInitConfig
void HostInitConfig(bool quiet)
initialize the configuration
Definition: host.c:173
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:721
SuricataContext_::FileOpenFileWithId
int(* FileOpenFileWithId)(FileContainer *, const StreamingBufferConfig *, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: rust-context.h:46
SC_ERR_NO_DPDK
@ SC_ERR_NO_DPDK
Definition: util-error.h:372
HttpRangeContainersDestroy
void HttpRangeContainersDestroy(void)
Definition: app-layer-htp-range.c:185
SC_ERR_LIBNET_NOT_ENABLED
@ SC_ERR_LIBNET_NOT_ENABLED
Definition: util-error.h:178
NFQContextsClean
void NFQContextsClean()
Clean global contexts. Must be called on exit.
Definition: source-nfq.c:1274
SuricataContext_::FileContainerRecycle
void(* FileContainerRecycle)(FileContainer *ffc)
Definition: rust-context.h:55
ConfSet
int ConfSet(const char *name, const char *val)
Set a configuration value.
Definition: conf.c:219
SCLogLoadConfig
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
Definition: util-debug.c:1336
DetectEngineReload
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
Definition: detect-engine.c:4413
SCInstance_::do_setgid
uint8_t do_setgid
Definition: suricata.h:139
DEFAULT_MAX_PENDING_PACKETS
#define DEFAULT_MAX_PENDING_PACKETS
Definition: suricata.c:197
SCInstance_
Definition: suricata.h:123
TmThreadCheckThreadState
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
Definition: tm-threads.c:1889
OutputFilestoreRegisterGlobalCounters
void OutputFilestoreRegisterGlobalCounters(void)
Definition: output-filestore.c:544
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:2784
SC_ERR_INITIALIZATION
@ SC_ERR_INITIALIZATION
Definition: util-error.h:75
SCInstance_::disabled_detect
int disabled_detect
Definition: suricata.h:149
app-layer-smtp.h
FileCloseFileById
int FileCloseFileById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)
Definition: util-file.c:1024
SCProfilingSghsGlobalInit
void SCProfilingSghsGlobalInit(void)
Definition: util-profiling-rulegroups.c:71
SCPidfileCreate
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
Definition: util-pidfile.c:41
LiveRegisterDeviceName
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
Definition: util-device.c:96
ENGINE_MODE_IDS
@ ENGINE_MODE_IDS
Definition: suricata.h:103
LiveDeviceFinalize
void LiveDeviceFinalize(void)
Definition: util-device.c:470
TmModuleDecodeDPDKRegister
void TmModuleDecodeDPDKRegister(void)
Registration Function for DecodeDPDK.
Definition: source-dpdk.c:61
PROG_VER
#define PROG_VER
Definition: suricata.h:72
util-misc.h
PacketPoolDestroy
void PacketPoolDestroy(void)
Definition: tmqh-packetpool.c:335
HTPFreeConfig
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
Definition: app-layer-htp.c:2034
TVT_PPT
@ TVT_PPT
Definition: tm-threads-common.h:89
flow.h
suricata_context
SuricataContext suricata_context
Definition: rust-context.c:21
respond-reject.h
SCInstance_::regex_arg
char * regex_arg
Definition: suricata.h:131
ListKeywords
int ListKeywords(const char *keyword_info)
Definition: util-running-modes.c:32
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:232
msg
const char * msg
Definition: app-layer-htp.c:561
FileContainerRecycle
void FileContainerRecycle(FileContainer *ffc)
Recycle a FileContainer.
Definition: util-file.c:443
DPDKCleanupEAL
void DPDKCleanupEAL(void)
Definition: util-dpdk.c:27
SC_ERR_SIGNAL
@ SC_ERR_SIGNAL
Definition: util-error.h:378
StatsReleaseResources
void StatsReleaseResources()
Releases the resources alloted by the Stats API.
Definition: counters.c:1255
RUNMODE_AFP_DEV
@ RUNMODE_AFP_DEV
Definition: runmodes.h:37
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:304
SCPidfileRemove
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
Definition: util-pidfile.c:83
flow-var.h
SC_ERR_NAPATECH_REQUIRED
@ SC_ERR_NAPATECH_REQUIRED
Definition: util-error.h:249
ThresholdInit
void ThresholdInit(void)
Definition: detect-engine-threshold.c:80
TimeInit
void TimeInit(void)
Definition: util-time.c:77
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
SCInstance_::keyword_info
char * keyword_info
Definition: suricata.h:133
RUNMODE_PLUGIN
@ RUNMODE_PLUGIN
Definition: runmodes.h:44
SC_ERR_LOGDIR_CONFIG
@ SC_ERR_LOGDIR_CONFIG
Definition: util-error.h:146
SC_ERR_MULTIPLE_RUN_MODE
@ SC_ERR_MULTIPLE_RUN_MODE
Definition: util-error.h:156
SCInstance_::do_setuid
uint8_t do_setuid
Definition: suricata.h:138
app-layer-ssl.h
NetmapRunModeIsIPS
int NetmapRunModeIsIPS(void)
SCProfilingInit
void SCProfilingInit(void)
Initialize profiling.
Definition: util-profiling.c:140
g_ut_modules
int g_ut_modules
Definition: suricata.c:892
detect-engine-address.h
RUNMODE_IPFW
@ RUNMODE_IPFW
Definition: runmodes.h:34
output.h
util-storage.h
DetectEngineCtx_::failure_fatal
int failure_fatal
Definition: detect.h:803
util-threshold-config.h
DefragInit
void DefragInit(void)
Definition: defrag.c:1053
DetectEngineReloadIsStart
int DetectEngineReloadIsStart(void)
Definition: detect-engine.c:1903
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:200
host-bit.h
detect-engine-threshold.h
SC_ERR_NO_PF_RING
@ SC_ERR_NO_PF_RING
Definition: util-error.h:60
RUNMODE_LIST_UNITTEST
@ RUNMODE_LIST_UNITTEST
Definition: runmodes.h:54
app-layer.h
TagDestroyCtx
void TagDestroyCtx(void)
Destroy tag context hash tables.
Definition: detect-engine-tag.c:71
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1263
g_disable_randomness
int g_disable_randomness
Definition: suricata.c:229
GetIfaceMTU
int GetIfaceMTU(const char *pcap_dev)
output the link MTU
Definition: util-ioctl.c:91
MpmHSGlobalCleanup
void MpmHSGlobalCleanup(void)
HTPFileCloseHandleRange
void HTPFileCloseHandleRange(FileContainer *files, const uint16_t flags, HttpRangeContainerBlock *c, const uint8_t *data, uint32_t data_len)
Definition: app-layer-htp-file.c:347
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:240
TmqResetQueues
void TmqResetQueues(void)
Definition: tm-queues.c:80