Go to the documentation of this file.
34 #ifdef HAVE_SYS_RESOURCE_H
36 #include <sys/resource.h>
144 #ifdef SYSTEMD_NOTIFY
169 #define DEFAULT_MAX_PENDING_PACKETS 1024
194 #ifndef AFLFUZZ_NO_RANDOM
280 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
281 static void SignalHandlerSigint(
int sig)
285 static void SignalHandlerSigterm(
int sig)
291 #define UNW_LOCAL_ONLY
292 #include <libunwind.h>
293 static void SignalHandlerUnexpected(
int sig_num, siginfo_t *info,
void *context)
298 signal(SIGABRT, SIG_DFL);
299 signal(SIGSEGV, SIG_DFL);
301 if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
302 SCLogError(
"unable to obtain stack trace: unw_init_local: %s", unw_strerror(r));
311 if (unw_is_signal_frame(&cursor) == 0) {
314 if (unw_get_proc_name(&cursor, name,
sizeof(name), &off) == UNW_ENOMEM) {
323 r = unw_step(&cursor);
333 kill(getpid(), sig_num);
335 #undef UNW_LOCAL_ONLY
345 static void SignalHandlerSigusr2(
int sig)
355 static void SignalHandlerSigHup(
int sig)
405 #ifdef HAVE_AF_PACKET
413 #ifdef BUILD_HYPERSCAN
419 LuajitFreeStatesPool();
436 static void OnNotifyRunning(
void)
438 #ifdef SYSTEMD_NOTIFY
464 static int SetBpfString(
int argc,
char *argv[])
466 char *bpf_filter = NULL;
467 uint32_t bpf_len = 0;
472 while(argv[tmpindex] != NULL) {
473 bpf_len+=strlen(argv[tmpindex]) + 1;
485 while(argv[tmpindex] != NULL) {
486 strlcat(bpf_filter, argv[tmpindex],bpf_len);
487 if(argv[tmpindex + 1] != NULL) {
488 strlcat(bpf_filter,
" ", bpf_len);
493 if(strlen(bpf_filter) > 0) {
505 static void SetBpfStringFromFile(
char *filename)
507 char *bpf_filter = NULL;
508 char *bpf_comment_tmp = NULL;
509 char *bpf_comment_start = NULL;
510 uint32_t bpf_len = 0;
515 fp = fopen(filename,
"r");
517 SCLogError(
"Failed to open file %s", filename);
522 SCLogError(
"Failed to stat file %s", filename);
525 bpf_len = st.st_size + 1;
529 SCLogError(
"Failed to allocate buffer for bpf filter in file %s", filename);
533 nm = fread(bpf_filter, 1, bpf_len - 1, fp);
534 if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
535 SCLogError(
"Failed to read complete BPF file %s", filename);
541 bpf_filter[nm] =
'\0';
543 if(strlen(bpf_filter) > 0) {
545 bpf_comment_start = bpf_filter;
546 while((bpf_comment_tmp = strchr(bpf_comment_start,
'#')) != NULL) {
547 while((*bpf_comment_tmp !=
'\0') &&
548 (*bpf_comment_tmp !=
'\r') && (*bpf_comment_tmp !=
'\n'))
550 *bpf_comment_tmp++ =
' ';
552 bpf_comment_start = bpf_comment_tmp;
555 while((bpf_comment_tmp = strchr(bpf_filter,
'\r')) != NULL) {
556 *bpf_comment_tmp =
' ';
558 while((bpf_comment_tmp = strchr(bpf_filter,
'\n')) != NULL) {
559 *bpf_comment_tmp =
' ';
562 while (strlen(bpf_filter) > 0 &&
563 bpf_filter[strlen(bpf_filter)-1] ==
' ')
565 bpf_filter[strlen(bpf_filter)-1] =
'\0';
567 if (strlen(bpf_filter) > 0) {
577 static void PrintUsage(
const char *progname)
584 printf(
"USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
585 printf(
"\t-c <path> : path to configuration file\n");
586 printf(
"\t-T : test configuration file (use with -c)\n");
587 printf(
"\t-i <dev or ip> : run in pcap live mode\n");
588 printf(
"\t-F <bpf filter file> : bpf filter file\n");
589 printf(
"\t-r <path> : run in pcap file/offline mode\n");
591 printf(
"\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
594 printf(
"\t-d <divert port> : run in inline ipfw divert mode\n");
596 printf(
"\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
597 printf(
"\t-S <path> : path to signature file loaded exclusively (optional)\n");
598 printf(
"\t-l <dir> : default log directory\n");
600 printf(
"\t-D : run as daemon\n");
602 printf(
"\t--service-install : install as service\n");
603 printf(
"\t--service-remove : remove service\n");
604 printf(
"\t--service-change-params : change service startup parameters\n");
606 printf(
"\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
607 printf(
"\t-V : display Suricata version\n");
608 printf(
"\t-v : be more verbose (use multiple times to increase verbosity)\n");
610 printf(
"\t-u : run the unittests and exit\n");
611 printf(
"\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
612 printf(
"\t--list-unittests : list unit tests\n");
613 printf(
"\t--fatal-unittests : enable fatal failure on unittest error\n");
614 printf(
"\t--unittests-coverage : display unittest coverage report\n");
616 printf(
"\t--list-app-layer-protos : list supported app layer protocols\n");
617 printf(
"\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
618 printf(
"\t--list-runmodes : list supported runmodes\n");
619 printf(
"\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
620 "\t supplied should be the id for the runmode obtained by running\n"
621 "\t --list-runmodes\n");
622 printf(
"\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
623 "\t Please have a look at the conf parameter engine-analysis on what reports\n"
624 "\t can be printed\n");
625 printf(
"\t--pidfile <file> : write pid to this file\n");
626 printf(
"\t--init-errors-fatal : enable fatal failure on signature init error\n");
627 printf(
"\t--disable-detection : disable detection engine\n");
628 printf(
"\t--dump-config : show the running configuration\n");
629 printf(
"\t--dump-features : display provided features\n");
630 printf(
"\t--build-info : display build information\n");
631 printf(
"\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
632 printf(
"\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
633 printf(
"\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
634 printf(
"\t--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)\n");
635 #ifdef HAVE_PCAP_SET_BUFF
636 printf(
"\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
639 printf(
"\t--dpdk : run in dpdk mode, uses interfaces from "
642 #ifdef HAVE_AF_PACKET
643 printf(
"\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
646 printf(
"\t--af-xdp[=<dev>] : run in af-xdp mode, no value select "
647 "interfaces from suricata.yaml\n");
650 printf(
"\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
653 printf(
"\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
654 printf(
"\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
655 printf(
"\t--pfring-cluster-id <id> : pfring cluster id \n");
656 printf(
"\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
658 printf(
"\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
659 #ifdef HAVE_LIBCAP_NG
660 printf(
"\t--user <user> : run suricata as this user after init\n");
661 printf(
"\t--group <group> : run suricata as this group after init\n");
663 printf(
"\t--erf-in <path> : process an ERF file\n");
665 printf(
"\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
668 printf(
"\t--napatech : run Napatech Streams using the API\n");
670 #ifdef BUILD_UNIX_SOCKET
671 printf(
"\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
674 printf(
"\t--windivert <filter> : run in inline WinDivert mode\n");
675 printf(
"\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
678 printf(
"\t--reject-dev <dev> : send reject packets from this interface\n");
680 printf(
"\t--include <path> : additional configuration file\n");
681 printf(
"\t--set name=value : set a configuration value\n");
683 printf(
"\nTo run the engine with default configuration on "
684 "interface eth0 with signature file \"signatures.rules\", run the "
685 "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
689 static void PrintBuildInfo(
void)
693 char features[2048] =
"";
698 strlcat(features,
"DEBUG ",
sizeof(features));
700 #ifdef DEBUG_VALIDATION
701 strlcat(features,
"DEBUG_VALIDATION ",
sizeof(features));
704 strlcat(features,
"UNITTESTS ",
sizeof(features));
707 strlcat(features,
"NFQ ",
sizeof(features));
710 strlcat(features,
"IPFW ",
sizeof(features));
712 #ifdef HAVE_PCAP_SET_BUFF
713 strlcat(features,
"PCAP_SET_BUFF ",
sizeof(features));
716 strlcat(features,
"PF_RING ",
sizeof(features));
718 #ifdef HAVE_AF_PACKET
719 strlcat(features,
"AF_PACKET ",
sizeof(features));
722 strlcat(features,
"NETMAP ",
sizeof(features));
724 #ifdef HAVE_PACKET_FANOUT
725 strlcat(features,
"HAVE_PACKET_FANOUT ",
sizeof(features));
728 strlcat(features,
"DAG ",
sizeof(features));
730 #ifdef HAVE_LIBCAP_NG
731 strlcat(features,
"LIBCAP_NG ",
sizeof(features));
734 strlcat(features,
"LIBNET1.1 ",
sizeof(features));
736 #ifdef HAVE_HTP_URI_NORMALIZE_HOOK
737 strlcat(features,
"HAVE_HTP_URI_NORMALIZE_HOOK ",
sizeof(features));
739 #ifdef PCRE2_HAVE_JIT
740 strlcat(features,
"PCRE_JIT ",
sizeof(features));
743 strlcat(features,
"HAVE_NSS ",
sizeof(features));
745 strlcat(features,
"HTTP2_DECOMPRESSION ",
sizeof(features));
747 strlcat(features,
"HAVE_LUA ",
sizeof(features));
750 strlcat(features,
"HAVE_JA3 ",
sizeof(features));
753 strlcat(features,
"HAVE_JA4 ",
sizeof(features));
756 strlcat(features,
"HAVE_LUAJIT ",
sizeof(features));
758 strlcat(features,
"HAVE_LIBJANSSON ",
sizeof(features));
760 strlcat(features,
"PROFILING ",
sizeof(features));
762 #ifdef PROFILE_LOCKING
763 strlcat(features,
"PROFILE_LOCKING ",
sizeof(features));
765 #if defined(TLS_C11) || defined(TLS_GNU)
766 strlcat(features,
"TLS ",
sizeof(features));
769 strlcat(features,
"TLS_C11 ",
sizeof(features));
770 #elif defined(TLS_GNU)
771 strlcat(features,
"TLS_GNU ",
sizeof(features));
774 strlcat(features,
"MAGIC ",
sizeof(features));
776 strlcat(features,
"RUST ",
sizeof(features));
777 #if defined(SC_ADDRESS_SANITIZER)
778 strlcat(features,
"ASAN ",
sizeof(features));
780 #if defined(HAVE_POPCNT64)
781 strlcat(features,
"POPCNT64 ",
sizeof(features));
783 if (strlen(features) == 0) {
784 strlcat(features,
"none",
sizeof(features));
787 printf(
"Features: %s\n", features);
790 memset(features, 0x00,
sizeof(features));
791 #if defined(__SSE4_2__)
792 strlcat(features,
"SSE_4_2 ",
sizeof(features));
794 #if defined(__SSE4_1__)
795 strlcat(features,
"SSE_4_1 ",
sizeof(features));
797 #if defined(__SSE3__)
798 strlcat(features,
"SSE_3 ",
sizeof(features));
800 #if defined(__SSE2__)
801 strlcat(features,
"SSE_2 ",
sizeof(features));
803 if (strlen(features) == 0) {
804 strlcat(features,
"none",
sizeof(features));
806 printf(
"SIMD support: %s\n", features);
809 memset(features, 0x00,
sizeof(features));
810 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
811 strlcat(features,
"1 ",
sizeof(features));
813 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
814 strlcat(features,
"2 ",
sizeof(features));
816 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
817 strlcat(features,
"4 ",
sizeof(features));
819 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
820 strlcat(features,
"8 ",
sizeof(features));
822 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
823 strlcat(features,
"16 ",
sizeof(features));
825 if (strlen(features) == 0) {
826 strlcat(features,
"none",
sizeof(features));
828 strlcat(features,
"byte(s)",
sizeof(features));
830 printf(
"Atomic intrinsics: %s\n", features);
834 #elif __WORDSIZE == 32
837 bits =
"<unknown>-bits";
840 #if __BYTE_ORDER == __BIG_ENDIAN
841 endian =
"Big-endian";
842 #elif __BYTE_ORDER == __LITTLE_ENDIAN
843 endian =
"Little-endian";
845 endian =
"<unknown>-endian";
848 printf(
"%s, %s architecture\n", bits, endian);
850 printf(
"GCC version %s, C version %"PRIiMAX
"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
852 printf(
"C version %"PRIiMAX
"\n", (intmax_t)__STDC_VERSION__);
856 printf(
"compiled with -fstack-protector\n");
859 printf(
"compiled with -fstack-protector-all\n");
868 #if _FORTIFY_SOURCE == 2
869 printf(
"compiled with _FORTIFY_SOURCE=2\n");
870 #elif _FORTIFY_SOURCE == 1
871 printf(
"compiled with _FORTIFY_SOURCE=1\n");
872 #elif _FORTIFY_SOURCE == 0
873 printf(
"compiled with _FORTIFY_SOURCE=0\n");
876 printf(
"L1 cache line size (CLS)=%d\n",
CLS);
879 tls =
"_Thread_local";
880 #elif defined(TLS_GNU)
883 #error "Unsupported thread local"
885 printf(
"thread local storage method: %s\n", tls);
887 printf(
"compiled with %s, linked against %s\n",
888 HTP_VERSION_STRING_FULL, htp_get_version());
890 #include "build-info.h"
989 static TmEcode ParseInterfacesList(
const int runmode,
char *pcap_dev)
995 if (strlen(pcap_dev) == 0) {
998 SCLogError(
"No interface found in config for pcap");
1005 if (strlen(pcap_dev)) {
1006 if (
ConfSetFinal(
"pfring.live-interface", pcap_dev) != 1) {
1007 SCLogError(
"Failed to set pfring.live-interface");
1016 char iface_selector[] =
"dpdk.interfaces";
1019 SCLogError(
"No interface found in config for %s", iface_selector);
1023 #ifdef HAVE_AF_PACKET
1026 if (strlen(pcap_dev)) {
1027 if (
ConfSetFinal(
"af-packet.live-interface", pcap_dev) != 1) {
1028 SCLogError(
"Failed to set af-packet.live-interface");
1034 SCLogError(
"No interface found in config for af-packet");
1042 if (strlen(pcap_dev)) {
1043 if (
ConfSetFinal(
"af-xdp.live-interface", pcap_dev) != 1) {
1044 SCLogError(
"Failed to set af-xdp.live-interface");
1050 SCLogError(
"No interface found in config for af-xdp");
1058 if (strlen(pcap_dev)) {
1059 if (
ConfSetFinal(
"netmap.live-interface", pcap_dev) != 1) {
1060 SCLogError(
"Failed to set netmap.live-interface");
1066 SCLogError(
"No interface found in config for netmap");
1075 SCLogError(
"No group found in config for nflog");
1084 static void SCInstanceInit(
SCInstance *suri,
const char *progname)
1086 memset(suri, 0x00,
sizeof(*suri));
1113 #if HAVE_DETECT_DISABLED==1
1123 if (strstr(prog_ver,
"RELEASE") != NULL) {
1143 if (strstr(
PROG_VER,
"-dev") == NULL) {
1154 static TmEcode PrintVersion(
void)
1162 const char *mode = suri->
system ?
"SYSTEM" :
"USER";
1163 SCLogNotice(
"This is %s version %s running in %s mode",
1174 static void SCPrintElapsedTime(
struct timeval *start_time)
1176 if (start_time == NULL)
1178 struct timeval end_time;
1179 memset(&end_time, 0,
sizeof(end_time));
1180 gettimeofday(&end_time, NULL);
1181 uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1182 (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1183 SCLogInfo(
"time elapsed %.3fs", (
float)milliseconds/(
float)1000);
1186 static int ParseCommandLineAfpacket(
SCInstance *suri,
const char *in_arg)
1188 #ifdef HAVE_AF_PACKET
1200 SCLogInfo(
"Multiple af-packet option without interface on each is useless");
1204 "has been specified");
1210 SCLogError(
"AF_PACKET not enabled. On Linux "
1211 "host, make sure to pass --enable-af-packet to "
1212 "configure when building.");
1217 static int ParseCommandLineAfxdp(
SCInstance *suri,
const char *in_arg)
1231 SCLogInfo(
"Multiple af-xdp options without interface on each is useless");
1235 "has been specified");
1242 "host, make sure correct libraries are installed,"
1243 " see documentation for information.");
1248 static int ParseCommandLineDpdk(
SCInstance *suri,
const char *in_arg)
1254 SCLogInfo(
"Multiple dpdk options have no effect on Suricata");
1257 "has been specified");
1264 "host, make sure to pass --enable-dpdk to "
1265 "configure when building.");
1270 static int ParseCommandLinePcapLive(
SCInstance *suri,
const char *in_arg)
1272 #if defined(OS_WIN32) && !defined(HAVE_LIBWPCAP)
1274 FatalError(
"Live capture not available. To support live capture compile against Npcap.");
1278 if (in_arg != NULL) {
1281 if (strlen(in_arg) > 9 && strncmp(in_arg,
"DeviceNPF", 9) == 0) {
1282 snprintf(suri->
pcap_dev,
sizeof(suri->
pcap_dev),
"\\Device\\NPF%s", in_arg+9);
1288 if (strcmp(suri->
pcap_dev, in_arg) != 0) {
1290 }
else if (strlen(suri->
pcap_dev) > 0 && isdigit((
unsigned char)suri->
pcap_dev[0])) {
1291 SCLogError(
"failed to find a pcap device for IP %s", in_arg);
1305 "has been specified");
1315 static bool IsLogDirectoryWritable(
const char*
str)
1317 if (access(
str, W_OK) == 0)
1329 int dump_config = 0;
1330 int dump_features = 0;
1331 int list_app_layer_protocols = 0;
1332 int list_unittests = 0;
1333 int list_runmodes = 0;
1334 int list_keywords = 0;
1347 struct option long_opts[] = {
1348 {
"dump-config", 0, &dump_config, 1},
1349 {
"dump-features", 0, &dump_features, 1},
1350 {
"pfring", optional_argument, 0, 0},
1351 {
"pfring-int", required_argument, 0, 0},
1352 {
"pfring-cluster-id", required_argument, 0, 0},
1353 {
"pfring-cluster-type", required_argument, 0, 0},
1357 {
"af-packet", optional_argument, 0, 0},
1358 {
"af-xdp", optional_argument, 0, 0},
1359 {
"netmap", optional_argument, 0, 0},
1360 {
"pcap", optional_argument, 0, 0},
1361 {
"pcap-file-continuous", 0, 0, 0},
1362 {
"pcap-file-delete", 0, 0, 0},
1363 {
"pcap-file-recursive", 0, 0, 0},
1364 {
"simulate-ips", 0, 0 , 0},
1366 {
"strict-rule-keywords", optional_argument, 0, 0},
1368 {
"capture-plugin", required_argument, 0, 0},
1369 {
"capture-plugin-args", required_argument, 0, 0},
1371 #ifdef BUILD_UNIX_SOCKET
1372 {
"unix-socket", optional_argument, 0, 0},
1374 {
"pcap-buffer-size", required_argument, 0, 0},
1375 {
"unittest-filter", required_argument, 0,
'U'},
1376 {
"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1377 {
"list-unittests", 0, &list_unittests, 1},
1378 {
"list-runmodes", 0, &list_runmodes, 1},
1379 {
"list-keywords", optional_argument, &list_keywords, 1},
1380 {
"runmode", required_argument, NULL, 0},
1383 {
"service-install", 0, 0, 0},
1384 {
"service-remove", 0, 0, 0},
1385 {
"service-change-params", 0, 0, 0},
1387 {
"pidfile", required_argument, 0, 0},
1388 {
"init-errors-fatal", 0, 0, 0},
1389 {
"disable-detection", 0, 0, 0},
1390 {
"disable-hashing", 0, 0, 0},
1391 {
"fatal-unittests", 0, 0, 0},
1393 {
"user", required_argument, 0, 0},
1394 {
"group", required_argument, 0, 0},
1395 {
"erf-in", required_argument, 0, 0},
1396 {
"dag", required_argument, 0, 0},
1397 {
"napatech", 0, 0, 0},
1398 {
"build-info", 0, &build_info, 1},
1399 {
"data-dir", required_argument, 0, 0},
1401 {
"windivert", required_argument, 0, 0},
1402 {
"windivert-forward", required_argument, 0, 0},
1404 #ifdef HAVE_LIBNET11
1405 {
"reject-dev", required_argument, 0, 0},
1407 {
"set", required_argument, 0, 0},
1409 {
"nflog", optional_argument, 0, 0},
1411 {
"simulate-packet-flow-memcap", required_argument, 0, 0},
1412 {
"simulate-applayer-error-at-offset-ts", required_argument, 0, 0},
1413 {
"simulate-applayer-error-at-offset-tc", required_argument, 0, 0},
1414 {
"simulate-packet-loss", required_argument, 0, 0},
1415 {
"simulate-packet-tcp-reassembly-memcap", required_argument, 0, 0},
1416 {
"simulate-packet-tcp-ssn-memcap", required_argument, 0, 0},
1417 {
"simulate-packet-defrag-memcap", required_argument, 0, 0},
1418 {
"simulate-alert-queue-realloc-failure", 0, 0, 0},
1422 {
"include", required_argument, 0, 0},
1429 int option_index = 0;
1431 char short_opts[] =
"c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1433 while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1436 if (strcmp((long_opts[option_index]).name ,
"pfring") == 0 ||
1437 strcmp((long_opts[option_index]).name ,
"pfring-int") == 0) {
1440 if (optarg != NULL) {
1443 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1444 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1449 "to pass --enable-pfring to configure when building.");
1453 else if(strcmp((long_opts[option_index]).name ,
"pfring-cluster-id") == 0){
1456 SCLogError(
"failed to set pfring.cluster-id");
1461 "to pass --enable-pfring to configure when building.");
1465 else if(strcmp((long_opts[option_index]).name ,
"pfring-cluster-type") == 0){
1467 if (
ConfSetFinal(
"pfring.cluster-type", optarg) != 1) {
1468 SCLogError(
"failed to set pfring.cluster-type");
1473 "to pass --enable-pfring to configure when building.");
1477 else if (strcmp((long_opts[option_index]).name ,
"capture-plugin") == 0){
1481 else if (strcmp((long_opts[option_index]).name ,
"capture-plugin-args") == 0){
1483 }
else if (strcmp((long_opts[option_index]).name,
"dpdk") == 0) {
1484 if (ParseCommandLineDpdk(suri, optarg) !=
TM_ECODE_OK) {
1487 }
else if (strcmp((long_opts[option_index]).name,
"af-packet") == 0) {
1488 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1491 }
else if (strcmp((long_opts[option_index]).name,
"af-xdp") == 0) {
1492 if (ParseCommandLineAfxdp(suri, optarg) !=
TM_ECODE_OK) {
1495 }
else if (strcmp((long_opts[option_index]).name,
"netmap") == 0) {
1503 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1504 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1510 SCLogInfo(
"Multiple netmap option without interface on each is useless");
1515 "has been specified");
1516 PrintUsage(argv[0]);
1523 }
else if (strcmp((long_opts[option_index]).name,
"nflog") == 0) {
1533 }
else if (strcmp((long_opts[option_index]).name,
"pcap") == 0) {
1534 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1537 }
else if (strcmp((long_opts[option_index]).name,
"simulate-ips") == 0) {
1540 }
else if (strcmp((long_opts[option_index]).name,
"init-errors-fatal") == 0) {
1541 if (
ConfSetFinal(
"engine.init-failure-fatal",
"1") != 1) {
1542 SCLogError(
"failed to set engine init-failure-fatal");
1545 #ifdef BUILD_UNIX_SOCKET
1546 }
else if (strcmp((long_opts[option_index]).name ,
"unix-socket") == 0) {
1550 if (
ConfSetFinal(
"unix-command.filename", optarg) != 1) {
1551 SCLogError(
"failed to set unix-command.filename");
1558 "has been specified");
1559 PrintUsage(argv[0]);
1564 else if(strcmp((long_opts[option_index]).name,
"list-app-layer-protocols") == 0) {
1567 else if(strcmp((long_opts[option_index]).name,
"list-unittests") == 0) {
1571 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to "
1572 "configure when building");
1575 }
else if (strcmp((long_opts[option_index]).name,
"list-runmodes") == 0) {
1578 }
else if (strcmp((long_opts[option_index]).name,
"list-keywords") == 0) {
1580 if (strcmp(
"short",optarg)) {
1584 }
else if (strcmp((long_opts[option_index]).name,
"runmode") == 0) {
1586 }
else if(strcmp((long_opts[option_index]).name,
"engine-analysis") == 0) {
1590 else if(strcmp((long_opts[option_index]).name,
"service-install") == 0) {
1591 suri->
run_mode = RUNMODE_INSTALL_SERVICE;
1594 else if(strcmp((long_opts[option_index]).name,
"service-remove") == 0) {
1595 suri->
run_mode = RUNMODE_REMOVE_SERVICE;
1598 else if(strcmp((long_opts[option_index]).name,
"service-change-params") == 0) {
1599 suri->
run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1603 else if(strcmp((long_opts[option_index]).name,
"pidfile") == 0) {
1606 SCLogError(
"strdup failed: %s", strerror(errno));
1610 else if(strcmp((long_opts[option_index]).name,
"disable-detection") == 0) {
1612 }
else if (strcmp((long_opts[option_index]).name,
"disable-hashing") == 0) {
1614 }
else if (strcmp((long_opts[option_index]).name,
"fatal-unittests") == 0) {
1618 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to "
1619 "configure when building");
1622 }
else if (strcmp((long_opts[option_index]).name,
"user") == 0) {
1623 #ifndef HAVE_LIBCAP_NG
1625 " drop privileges, but it was not compiled into Suricata.");
1631 }
else if (strcmp((long_opts[option_index]).name,
"group") == 0) {
1632 #ifndef HAVE_LIBCAP_NG
1634 " drop privileges, but it was not compiled into Suricata.");
1640 }
else if (strcmp((long_opts[option_index]).name,
"erf-in") == 0) {
1646 }
else if (strcmp((long_opts[option_index]).name,
"dag") == 0) {
1652 SCLogError(
"more than one run mode has been specified");
1653 PrintUsage(argv[0]);
1658 SCLogError(
"libdag and a DAG card are required"
1659 " to receive packets using --dag.");
1662 }
else if (strcmp((long_opts[option_index]).name,
"napatech") == 0) {
1663 #ifdef HAVE_NAPATECH
1666 SCLogError(
"libntapi and a Napatech adapter are required"
1667 " to capture packets using --napatech.");
1670 }
else if (strcmp((long_opts[option_index]).name,
"pcap-buffer-size") == 0) {
1671 #ifdef HAVE_PCAP_SET_BUFF
1673 SCLogError(
"failed to set pcap-buffer-size");
1678 " doesn't support setting buffer size.");
1680 }
else if (strcmp((long_opts[option_index]).name,
"build-info") == 0) {
1683 }
else if (strcmp((long_opts[option_index]).name,
"windivert-forward") == 0) {
1687 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1691 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1696 "has been specified");
1697 PrintUsage(argv[0]);
1701 else if(strcmp((long_opts[option_index]).name,
"windivert") == 0) {
1704 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1708 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1713 "has been specified");
1714 PrintUsage(argv[0]);
1718 SCLogError(
"WinDivert not enabled. Make sure to pass --enable-windivert to "
1719 "configure when building.");
1722 }
else if(strcmp((long_opts[option_index]).name,
"reject-dev") == 0) {
1723 #ifdef HAVE_LIBNET11
1725 extern char *g_reject_dev;
1726 extern uint16_t g_reject_dev_mtu;
1727 g_reject_dev = optarg;
1730 g_reject_dev_mtu = (uint16_t)mtu;
1733 SCLogError(
"Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1737 else if (strcmp((long_opts[option_index]).name,
"set") == 0) {
1738 if (optarg != NULL) {
1740 char *val = strchr(optarg,
'=');
1742 FatalError(
"Invalid argument for --set, must be key=val.");
1745 FatalError(
"failed to set configuration value %s", optarg);
1749 else if (strcmp((long_opts[option_index]).name,
"pcap-file-continuous") == 0) {
1750 if (
ConfSetFinal(
"pcap-file.continuous",
"true") != 1) {
1751 SCLogError(
"Failed to set pcap-file.continuous");
1755 else if (strcmp((long_opts[option_index]).name,
"pcap-file-delete") == 0) {
1756 if (
ConfSetFinal(
"pcap-file.delete-when-done",
"true") != 1) {
1757 SCLogError(
"Failed to set pcap-file.delete-when-done");
1761 else if (strcmp((long_opts[option_index]).name,
"pcap-file-recursive") == 0) {
1762 if (
ConfSetFinal(
"pcap-file.recursive",
"true") != 1) {
1763 SCLogError(
"failed to set pcap-file.recursive");
1767 else if (strcmp((long_opts[option_index]).name,
"data-dir") == 0) {
1768 if (optarg == NULL) {
1769 SCLogError(
"no option argument (optarg) for -d");
1779 " supplied at the command-line (-d %s) doesn't "
1780 "exist. Shutting down the engine.",
1785 }
else if (strcmp((long_opts[option_index]).name ,
"strict-rule-keywords") == 0){
1786 if (optarg == NULL) {
1792 FatalError(
"failed to duplicate 'strict' string");
1794 }
else if (strcmp((long_opts[option_index]).name,
"include") == 0) {
1799 "Failed to allocate memory for additional configuration files: %s",
1804 for (
int i = 0;; i++) {
1806 const char **additional_configs =
1808 if (additional_configs == NULL) {
1809 FatalError(
"Failed to allocate memory for additional configuration "
1823 (long_opts[option_index]).name, optarg);
1833 if (
ConfSetFinal(
"engine.init-failure-fatal",
"1") != 1) {
1834 SCLogError(
"failed to set engine init-failure-fatal");
1847 if (optarg == NULL) {
1848 SCLogError(
"no option argument (optarg) for -i");
1851 #ifdef HAVE_AF_PACKET
1852 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1857 #if defined HAVE_PFRING || HAVE_NETMAP
1866 "option%s %s available:"
1868 " PF_RING (--pfring-int=%s)"
1871 " NETMAP (--netmap=%s)"
1873 ". Use --pcap=%s to suppress this warning",
1874 i == 1 ?
"" :
"s", i == 1 ?
"is" :
"are"
1886 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1892 if (optarg == NULL) {
1893 SCLogError(
"no option argument (optarg) for -l");
1903 " supplied at the command-line (-l %s) doesn't "
1904 "exist. Shutting down the engine.",
1908 if (!IsLogDirectoryWritable(optarg)) {
1910 " supplied at the command-line (-l %s) is not "
1911 "writable. Shutting down the engine.",
1930 "has been specified");
1931 PrintUsage(argv[0]);
1935 SCLogError(
"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when "
1952 "has been specified");
1953 PrintUsage(argv[0]);
1957 SCLogError(
"IPFW not enabled. Make sure to pass --enable-ipfw to configure when "
1968 "has been specified");
1969 PrintUsage(argv[0]);
1974 SCLogError(
"pcap file '%s': %s", optarg, strerror(errno));
1978 SCLogError(
"ERROR: Failed to set pcap-file.file\n");
1985 SCLogError(
"can't have multiple -s options or mix -s and -S.");
1992 SCLogError(
"can't have multiple -S options or mix -s and -S.");
2005 PrintUsage(argv[0]);
2009 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to configure "
2026 if (optarg == NULL) {
2027 SCLogError(
"no option argument (optarg) for -F");
2031 SetBpfStringFromFile(optarg);
2037 if (optarg == NULL) {
2038 SCLogError(
"no option argument (optarg) for -k");
2041 if (!strcmp(
"all", optarg))
2043 else if (!strcmp(
"none", optarg))
2046 SCLogError(
"option '%s' invalid for -k", optarg);
2051 PrintUsage(argv[0]);
2057 SCLogError(
"can't use -s/-S when detection is disabled");
2064 if (list_app_layer_protocols)
2082 ret = SetBpfString(optind, argv);
2090 int WindowsInitService(
int argc,
char **argv)
2092 if (SCRunningAsService()) {
2093 char path[MAX_PATH];
2095 strlcpy(path, argv[0], MAX_PATH);
2096 if ((p = strrchr(path,
'\\'))) {
2099 if (!SetCurrentDirectory(path)) {
2100 SCLogError(
"Can't set current directory to: %s", path);
2103 SCLogInfo(
"Current directory is set to: %s", path);
2104 SCServiceInit(argc, argv);
2109 if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
2110 SCLogError(
"Can't initialize Windows sockets: %d", WSAGetLastError());
2121 const char *pid_filename;
2123 if (
ConfGet(
"pid-file", &pid_filename) == 1) {
2124 SCLogInfo(
"Use pid file %s from config file.", pid_filename);
2131 SCLogError(
"strdup failed: %s", strerror(errno));
2150 SCLogError(
"Unable to create PID file, concurrent run of"
2151 " Suricata can occur.");
2152 SCLogError(
"PID file creation WILL be mandatory for daemon mode"
2153 " in future version");
2168 if (
ConfGet(
"run-as.user", &
id) == 1) {
2172 if (
ConfGet(
"run-as.group", &
id) == 1) {
2190 static int InitSignalHandler(
SCInstance *suri)
2193 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2198 if (
ConfGetBool(
"logging.stacktrace-on-signal", &enabled) == 0) {
2203 SCLogInfo(
"Preparing unexpected signal handling");
2204 struct sigaction stacktrace_action;
2205 memset(&stacktrace_action, 0,
sizeof(stacktrace_action));
2206 stacktrace_action.sa_sigaction = SignalHandlerUnexpected;
2207 stacktrace_action.sa_flags = SA_SIGINFO;
2208 sigaction(SIGSEGV, &stacktrace_action, NULL);
2209 sigaction(SIGABRT, &stacktrace_action, NULL);
2233 #ifdef PROFILE_RULES
2241 #ifdef PROFILE_RULES
2291 SCPrintElapsedTime(start_time);
2344 PrintUsage(argv[0]);
2354 case RUNMODE_INSTALL_SERVICE:
2355 if (SCServiceInstall(argc, argv)) {
2358 SCLogInfo(
"Suricata service has been successfully installed.");
2360 case RUNMODE_REMOVE_SERVICE:
2361 if (SCServiceRemove()) {
2364 SCLogInfo(
"Suricata service has been successfully removed.");
2366 case RUNMODE_CHANGE_SERVICE_PARAMS:
2367 if (SCServiceChangeParams(argc, argv)) {
2370 SCLogInfo(
"Suricata service startup parameters has been successfully changed.");
2398 static void SetupDelayedDetect(
SCInstance *suri)
2407 if (decnf != NULL) {
2409 if (strcmp(denode->
val,
"delayed-detect") == 0) {
2419 SCLogInfo(
"Packets will start being processed before signatures are active.");
2435 static int ConfigGetCaptureValue(
SCInstance *suri)
2439 intmax_t tmp_max_pending_packets;
2440 if (
ConfGetInt(
"max-pending-packets", &tmp_max_pending_packets) != 1)
2442 if (tmp_max_pending_packets < 1 || tmp_max_pending_packets >= UINT16_MAX) {
2443 SCLogError(
"Maximum max-pending-packets setting is 65534 and must be greater than 0. "
2444 "Please check %s for errors",
2455 const char *temp_default_packet_size;
2456 if ((
ConfGet(
"default-packet-size", &temp_default_packet_size)) != 1) {
2459 int strip_trailing_plus = 0;
2464 const int mtu = GetGlobalMTUWin32();
2478 strip_trailing_plus = 1;
2485 for (lthread = 0; lthread < nlive; lthread++) {
2488 (void)
strlcpy(dev, live_dev,
sizeof(dev));
2490 if (strip_trailing_plus) {
2491 size_t len = strlen(dev);
2493 (dev[
len-1] ==
'+' ||
2494 dev[
len-1] ==
'^' ||
2513 SCLogError(
"Error parsing max-pending-packets "
2514 "from conf file - %s. Killing engine",
2515 temp_default_packet_size);
2525 static void PostRunStartedDetectSetup(
const SCInstance *suri)
2539 SCLogNotice(
"Signature(s) loaded, Detect thread(s) activated.");
2551 SetupDelayedDetect(suri);
2553 (void)
ConfGetBool(
"multi-detect.enabled", &mt_enabled);
2554 int default_tenant = 0;
2556 (void)
ConfGetBool(
"multi-detect.default", &default_tenant);
2559 "detection engine contexts failed.");
2569 FatalError(
"initializing detection engine failed.");
2583 static void PostConfLoadedSetupHostMode(
void)
2585 const char *hostmode = NULL;
2587 if (
ConfGet(
"host-mode", &hostmode) == 1) {
2588 if (!strcmp(hostmode,
"router")) {
2590 }
else if (!strcmp(hostmode,
"sniffer-only")) {
2593 if (strcmp(hostmode,
"auto") != 0) {
2605 SCLogInfo(
"No 'host-mode': suricata is in IPS mode, using "
2606 "default setting 'router'");
2609 SCLogInfo(
"No 'host-mode': suricata is in IDS mode, using "
2610 "default setting 'sniffer-only'");
2618 if (suri->
system ==
false) {
2622 FatalError(
"could not set USER mode logdir");
2628 FatalError(
"could not set USER mode datadir");
2642 if (LuajitSetupStatesPool() != 0) {
2651 int disable_offloading;
2652 if (
ConfGetBool(
"capture.disable-offloading", &disable_offloading) == 0)
2653 disable_offloading = 1;
2654 if (disable_offloading) {
2661 const char *cv = NULL;
2662 if (
ConfGet(
"capture.checksum-validation", &cv) == 1) {
2663 if (strcmp(cv,
"none") == 0) {
2665 }
else if (strcmp(cv,
"all") == 0) {
2672 ConfSet(
"stream.checksum-validation",
"0");
2675 ConfSet(
"stream.checksum-validation",
"1");
2684 #ifdef HAVE_PACKET_EBPF
2686 EBPFRegisterExtension();
2706 SCLogInfo(
"Setting engine mode to IDS mode by default");
2727 const char *custom_umask;
2728 if (
ConfGet(
"umask", &custom_umask) == 1) {
2730 if (
StringParseUint16(&mask, 8, (uint16_t)strlen(custom_umask), custom_umask) > 0) {
2731 umask((mode_t)mask);
2749 SCLogInfo(
"== Carrying out Engine Analysis ==");
2750 const char *temp = NULL;
2751 if (
ConfGet(
"engine-analysis", &temp) == 0) {
2752 SCLogInfo(
"no engine-analysis parameter(s) defined in conf file. "
2753 "Please define/enable them in the conf to use this "
2772 "basic address vars test failed. Please check %s for errors", suri->
conf_filename);
2799 "supplied by %s (default-log-dir) doesn't exist. "
2800 "Shutting down the engine",
2804 if (!IsLogDirectoryWritable(suri->
log_dir)) {
2806 "supplied by %s (default-log-dir) is not writable. "
2807 "Shutting down the engine",
2825 PostConfLoadedSetupHostMode();
2894 return EXIT_FAILURE;
2914 SCInstanceInit(&
suricata, progname);
2932 if (
ConfGetBool(
"vlan.use-for-tracking", &tracking) == 1 && !tracking) {
2936 SCLogDebug(
"vlan tracking is %s", tracking == 1 ?
"enabled" :
"disabled");
2937 if (
ConfGetBool(
"livedev.use-for-tracking", &tracking) == 1 && !tracking) {
2953 SCLogInfo(
"Running suricata under test mode");
2980 SCLogNotice(
"Configuration provided was successfully loaded. Exiting.");
3024 int limit_nproc = 0;
3025 if (
ConfGetBool(
"security.limit-noproc", &limit_nproc) == 0) {
3029 #if defined(SC_ADDRESS_SANITIZER)
3032 "\"security.limit-noproc\" (setrlimit()) not set when using address sanitizer");
3038 #if defined(HAVE_SYS_RESOURCE_H)
3041 SCLogWarning(
"setrlimit has no effet when running as root.");
3044 struct rlimit r = { 0, 0 };
3045 if (setrlimit(RLIMIT_NPROC, &r) != 0) {
3046 SCLogWarning(
"setrlimit failed to prevent process creation.");
3068 PostRunStartedDetectSetup(&
suricata);
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
void TmModuleUnixManagerRegister(void)
void StatsReleaseResources(void)
Releases the resources allotted by the Stats API.
uint16_t max_pending_packets
@ SURI_HOST_IS_SNIFFER_ONLY
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
void SuricataMainLoop(void)
int ExceptionSimulationCommandLineParser(const char *name, const char *arg)
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
int SCRunmodeGet(void)
Get the current run mode.
int ConfNodeChildValueIsTrue(const ConfNode *node, const char *key)
Test if a configuration node has a true value.
void IPPairInitConfig(bool quiet)
initialize the configuration
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
int LiveDeviceListClean(void)
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
struct timeval start_time
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
SystemHugepageSnapshot * prerun_snap
void TmThreadContinueThreads(void)
Unpauses all threads present in tv_root.
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
enum DetectEngineType type
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
@ RUNMODE_PRINT_BUILDINFO
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
void LiveDevRegisterExtension(void)
void AppLayerHtpPrintStats(void)
void StatsSetupPostConfigPreOutput(void)
char * runmode_custom_mode
struct HtpBodyChunk_ * next
void TmModuleReceiveNFQRegister(void)
int LiveBuildDeviceList(const char *runmode)
void RunModeShutDown(void)
void SCProtoNameInit(void)
void SuricataPostInit(void)
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
volatile sig_atomic_t sigint_count
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
void SCProfilingRulesGlobalInit(void)
void TmModuleRunDeInit(void)
void RegisterFlowBypassInfo(void)
#define SCSetThreadName(n)
void SCRunmodeSet(int run_mode)
Set the current run mode.
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
main detection engine ctx
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
void DetectEngineReloadSetIdle(void)
DetectEngineCtx * DetectEngineGetCurrent(void)
int EngineModeIsUnknown(void)
void VarNameStoreInit(void)
void TmModuleFlowRecyclerRegister(void)
void Daemonize(void)
Daemonize the process.
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
#define TAILQ_FOREACH(var, head, field)
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
void TmModuleDecodeWinDivertRegister(void)
void FlowForceReassembly(void)
Force reassembly for all the flows that have unprocessed segments.
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
void TmModuleStatsLoggerRegister(void)
int ConfYamlHandleInclude(ConfNode *parent, const char *filename)
Include a file in the configuration.
void RegisterAllModules(void)
int DetectEngineMultiTenantSetup(const bool unix_socket)
setup multi-detect / multi-tenancy
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
void ConfDump(void)
Dump configuration to stdout.
const SuricataContext suricata_context
TmEcode SCParseCommandLine(int argc, char **argv)
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
void SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
void PreRunInit(const int runmode)
void MacSetRegisterFlowStorage(void)
void SuricataShutdown(void)
const char * conf_filename
int GetIfaceMTU(const char *dev)
output the link MTU
void GlobalsInitPreConfig(void)
void TmModuleReceiveNetmapRegister(void)
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
void NFQInitConfig(bool quiet)
To initialize the NFQ global configuration data.
void TmModuleReceiveWinDivertRegister(void)
void TmModuleReceivePfringRegister(void)
Registration Function for ReceivePfring.
void SCProfilingDestroy(void)
Free resources used by profiling.
bool IsRunModeOffline(enum RunModes run_mode_to_check)
void AFPPeersListClean(void)
Clean the global peers list.
void RunModeInitializeOutputs(void)
int DetectPortTestConfVars(void)
void SCThresholdConfGlobalInit(void)
void DecodeUnregisterCounters(void)
const char * capture_plugin_name
void HostBitInitCtx(void)
const char * capture_plugin_args
void TmModuleLoggerRegister(void)
void TmThreadDisablePacketThreads(void)
Disable all packet threads.
void PacketPoolInit(void)
int AppLayerDeSetup(void)
De initializes the app layer.
size_t strlcpy(char *dst, const char *src, size_t siz)
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
void TmModuleDecodePcapFileRegister(void)
void TmModuleBypassedFlowManagerRegister(void)
void IPPairShutdown(void)
shutdown the flow engine
void DetectParseFreeRegexes(void)
void TmModuleDecodeNFLOGRegister(void)
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
ConfNode * ConfGetRootNode(void)
Get the root configuration node.
void FlowInitConfig(bool quiet)
initialize the configuration
int AppLayerSetup(void)
Setup the app layer.
void FeatureTrackingRegister(void)
void TmModuleReceiveDPDKRegister(void)
void UnixManagerThreadSpawnNonRunmode(const bool unix_socket_enabled)
void RunModeInitializeThreadSettings(void)
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
bool IsRunModeSystem(enum RunModes run_mode_to_check)
int GetIfaceMaxPacketSize(LiveDevice *ld)
output max packet size for a link
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
void PreRunPostPrivsDropInit(const int runmode)
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
volatile sig_atomic_t sigterm_count
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
void TmModuleVerdictNFQRegister(void)
int ConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
void RunModeListRunmodes(void)
Lists all registered runmodes.
size_t strlcat(char *, const char *src, size_t siz)
@ RUNMODE_LIST_APP_LAYERS
void LiveSetOffloadDisable(void)
void StatsSetupPostConfigPostOutput(void)
void EngineModeSetIDS(void)
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
LiveDevice * LiveGetDevice(const char *name)
Get a pointer to the device at idx.
void UnixSocketKillSocketThread(void)
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
bool g_stats_eps_per_app_proto_errors
void HttpRangeContainersInit(void)
struct timeval last_reload
void TmModuleVerdictWinDivertRegister(void)
void HostCleanup(void)
Cleanup the host engine.
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
int UtilSignalUnblock(int signum)
int DetectEngineEnabled(void)
Check if detection is enabled.
void TmThreadClearThreadsFamily(int family)
void TmModuleRunInit(void)
void EngineModeSetIPS(void)
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
int UtilSignalBlock(int signum)
void SCProfilingPrefilterGlobalInit(void)
#define SCLogWarning(...)
Macro used to log WARNING messages.
int PostConfLoadedSetup(SCInstance *suri)
const char * GetProgramVersion(void)
get string with program version
void TmModuleReceivePcapFileRegister(void)
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
int ListAppLayerProtocols(const char *conf_filename)
void DatasetsDestroy(void)
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
int SystemDNotifyReady(void)
void TmThreadKillThreads(void)
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
void PostConfLoadedDetectSetup(SCInstance *suri)
int EngineModeIsIDS(void)
void TmModuleNapatechDecodeRegister(void)
Register the Napatech decoder module.
TmModule tmm_modules[TMM_SIZE]
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
int StorageFinalize(void)
void VarNameStoreDestroy(void)
void TmModuleFlowWorkerRegister(void)
enum RunModes aux_run_mode
const char ** additional_configs
#define DEFAULT_PID_FILENAME
volatile sig_atomic_t sighup_count
TmEcode ConfigSetDataDirectory(char *name)
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
#define SCDropMainThreadCaps(...)
void TmModuleDebugList(void)
void TmModuleDecodeNFQRegister(void)
void SCProtoNameRelease(void)
int RunmodeIsUnittests(void)
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void TmModuleReceiveNFLOGRegister(void)
#define DEFAULT_PACKET_SIZE
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
#define SCRealloc(ptr, sz)
void TmModuleDecodeAFXDPRegister(void)
Registration Function for DecodeAFXDP.
uint32_t default_packet_size
void SigTableApplyStrictCommandLineOption(const char *str)
@ DETECT_ENGINE_TYPE_NORMAL
void TmThreadKillThreadsFamily(int family)
void FeatureTrackingRelease(void)
void TmqhCleanup(void)
Clean up registration time allocs.
void StreamTcpFreeConfig(bool quiet)
void DecodeGlobalConfig(void)
char * strict_rule_parsing_string
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
const char * LiveGetDeviceName(int number)
Get a pointer to the device name at idx.
void FlowShutdown(void)
shutdown the flow engine
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
void DetectEngineBumpVersion(void)
void TmModuleFlowManagerRegister(void)
int SCStartInternalRunMode(int argc, char **argv)
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
void HostShutdown(void)
shutdown the flow engine
#define SCFstatFn(fd, statbuf)
void TmModuleDecodePfringRegister(void)
Registration Function for DecodePfring.
void LiveSetOffloadWarn(void)
void ParseSizeDeinit(void)
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
int ConfGetChildValueBool(const ConfNode *base, const char *name, int *val)
void SCProfilingDump(void)
void TmModuleReceiveAFXDPRegister(void)
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
void FrameConfigInit(void)
int ParseSizeStringU32(const char *size, uint32_t *res)
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
void IPPairBitInitCtx(void)
TmEcode ConfigSetLogDirectory(const char *name)
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
int ConfUnixSocketIsEnable(void)
int ConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
void ConfInit(void)
Initialize the configuration system.
const char * ConfigGetLogDirectory(void)
volatile sig_atomic_t sigusr2_count
void SystemHugepageSnapshotDestroy(SystemHugepageSnapshot *s)
@ RUNMODE_ENGINE_ANALYSIS
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
TmEcode SCLoadYamlConfig(void)
TmEcode ConfigCheckDataDirectory(const char *data_dir)
#define SCLogError(...)
Macro used to log ERROR messages.
int DetectEngineReloadStart(void)
#define DEFAULT_CONF_FILE
#define SC_LOG_MAX_LOG_MSG_LEN
void AppLayerParserPostStreamSetup(void)
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
void SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
void TmModuleRespondRejectRegister(void)
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
void RunUnittests(int list_unittests, const char *regex_arg)
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
void PacketAlertTagInit(void)
int RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
DetectEngineCtx * DetectEngineCtxInit(void)
int EngineModeIsIPS(void)
void TmModuleNapatechStreamRegister(void)
Register the Napatech receiver (reader) module.
void SCProfilingKeywordsGlobalInit(void)
void EngineDone(void)
Used to indicate that the current task is done.
const char * GetDocURL(void)
int profiling_rules_enabled
void PostRunDeinit(const int runmode, struct timeval *start_time)
void HostInitConfig(bool quiet)
initialize the configuration
TmEcode TmThreadWaitOnThreadRunning(void)
Waits for all threads to be in a running state.
void ConfDeInit(void)
De-initializes the configuration system.
void HttpRangeContainersDestroy(void)
int ConfSet(const char *name, const char *val)
Set a configuration value.
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
#define DEFAULT_MAX_PENDING_PACKETS
void DetectEngineClearMaster(void)
void SetMasterExceptionPolicy(void)
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
void OutputFilestoreRegisterGlobalCounters(void)
int InitGlobal(void)
Global initialization common to all runmodes.
int LiveGetDeviceCount(void)
Get the number of registered devices.
SystemHugepageSnapshot * SystemHugepageSnapshotCreate(void)
The function creates a snapshot of the system's hugepage usage per NUMA node and per hugepage size....
void SCProfilingSghsGlobalInit(void)
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
#define SCStatFn(pathname, statbuf)
void LiveDeviceFinalize(void)
void TmModuleDecodeDPDKRegister(void)
Registration Function for DecodeDPDK.
void PacketPoolDestroy(void)
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
void LandlockSandboxing(SCInstance *suri)
int ListKeywords(const char *keyword_info)
#define SCLogNotice(...)
Macro used to log NOTICE messages.
void SuricataPreInit(const char *progname)
void DPDKCleanupEAL(void)
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
void NFQContextsClean(void)
Clean global contexts. Must be called on exit.
void SystemHugepageEvaluateHugepages(SystemHugepageSnapshot *pre_s, SystemHugepageSnapshot *post_s)
The function compares two hugepage snapshots and prints out recommendations for hugepage configuratio...
#define DEBUG_VALIDATE_BUG_ON(exp)
int SCFinalizeRunMode(void)
void SCProfilingInit(void)
Initialize profiling.
void GlobalsDestroy(void)
int DetectEngineReloadIsStart(void)
volatile uint8_t suricata_ctl_flags
void TagDestroyCtx(void)
Destroy tag context hash tables.
int DetectAddressTestConfVars(void)
void MpmHSGlobalCleanup(void)
void TmqResetQueues(void)