180 #include "rust-core-gen.h" 198 #define DEFAULT_MAX_PENDING_PACKETS 1024 229 #ifndef AFLFUZZ_NO_RANDOM 287 static void SignalHandlerSigint(
int sig)
291 static void SignalHandlerSigterm(
int sig)
300 static void SignalHandlerSigusr2(
int sig)
310 static void SignalHandlerSigHup(
int sig)
321 size_t global_mem = 0;
322 #ifdef DBG_MEM_ALLOC_SKIP_STARTUP 323 uint8_t print_mem_flag = 0;
325 uint8_t print_mem_flag = 1;
337 for(blah=0;blah<256;blah++) {
343 SCLogInfo(
"Trans_Q Mutex not initialized correctly");
359 SCLogInfo(
"Total memory used (without SCFree()): %"PRIdMAX, (intmax_t)global_mem);
360 #ifdef DBG_MEM_ALLOC_SKIP_STARTUP 395 if (NSS_IsInitialized()) {
401 #ifdef HAVE_AF_PACKET 411 #ifdef BUILD_HYPERSCAN 417 LuajitFreeStatesPool();
447 static int SetBpfString(
int argc,
char *argv[])
449 char *bpf_filter = NULL;
450 uint32_t bpf_len = 0;
455 while(argv[tmpindex] != NULL) {
456 bpf_len+=strlen(argv[tmpindex]) + 1;
465 "BPF filter not available in IPS mode." 466 " Use firewall filtering if possible.");
473 memset(bpf_filter, 0x00, bpf_len);
476 while(argv[tmpindex] != NULL) {
477 strlcat(bpf_filter, argv[tmpindex],bpf_len);
478 if(argv[tmpindex + 1] != NULL) {
479 strlcat(bpf_filter,
" ", bpf_len);
484 if(strlen(bpf_filter) > 0) {
496 static void SetBpfStringFromFile(
char *filename)
498 char *bpf_filter = NULL;
499 char *bpf_comment_tmp = NULL;
500 char *bpf_comment_start = NULL;
501 uint32_t bpf_len = 0;
512 "BPF filter not available in IPS mode." 513 " Use firewall filtering if possible.");
518 if(_stat(filename, &st) != 0) {
520 if(stat(filename, &st) != 0) {
525 bpf_len = st.st_size + 1;
528 fp = fopen(filename,
"r");
534 bpf_filter =
SCMalloc(bpf_len *
sizeof(
char));
539 memset(bpf_filter, 0x00, bpf_len);
541 nm = fread(bpf_filter, 1, bpf_len - 1, fp);
542 if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
549 bpf_filter[nm] =
'\0';
551 if(strlen(bpf_filter) > 0) {
553 bpf_comment_start = bpf_filter;
554 while((bpf_comment_tmp = strchr(bpf_comment_start,
'#')) != NULL) {
555 while((*bpf_comment_tmp !=
'\0') &&
556 (*bpf_comment_tmp !=
'\r') && (*bpf_comment_tmp !=
'\n'))
558 *bpf_comment_tmp++ =
' ';
560 bpf_comment_start = bpf_comment_tmp;
563 while((bpf_comment_tmp = strchr(bpf_filter,
'\r')) != NULL) {
564 *bpf_comment_tmp =
' ';
566 while((bpf_comment_tmp = strchr(bpf_filter,
'\n')) != NULL) {
567 *bpf_comment_tmp =
' ';
570 while (strlen(bpf_filter) > 0 &&
571 bpf_filter[strlen(bpf_filter)-1] ==
' ')
573 bpf_filter[strlen(bpf_filter)-1] =
'\0';
575 if (strlen(bpf_filter) > 0) {
586 static void PrintUsage(
const char *progname)
593 printf(
"USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
594 printf(
"\t-c <path> : path to configuration file\n");
595 printf(
"\t-T : test configuration file (use with -c)\n");
596 printf(
"\t-i <dev or ip> : run in pcap live mode\n");
597 printf(
"\t-F <bpf filter file> : bpf filter file\n");
598 printf(
"\t-r <path> : run in pcap file/offline mode\n");
600 printf(
"\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
603 printf(
"\t-d <divert port> : run in inline ipfw divert mode\n");
605 printf(
"\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
606 printf(
"\t-S <path> : path to signature file loaded exclusively (optional)\n");
607 printf(
"\t-l <dir> : default log directory\n");
609 printf(
"\t-D : run as daemon\n");
611 printf(
"\t--service-install : install as service\n");
612 printf(
"\t--service-remove : remove service\n");
613 printf(
"\t--service-change-params : change service startup parameters\n");
615 printf(
"\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
616 printf(
"\t-V : display Suricata version\n");
617 printf(
"\t-v : be more verbose (use multiple times to increase verbosity)\n");
619 printf(
"\t-u : run the unittests and exit\n");
620 printf(
"\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
621 printf(
"\t--list-unittests : list unit tests\n");
622 printf(
"\t--fatal-unittests : enable fatal failure on unittest error\n");
623 printf(
"\t--unittests-coverage : display unittest coverage report\n");
625 printf(
"\t--list-app-layer-protos : list supported app layer protocols\n");
626 printf(
"\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
627 printf(
"\t--list-runmodes : list supported runmodes\n");
628 printf(
"\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n" 629 "\t supplied should be the id for the runmode obtained by running\n" 630 "\t --list-runmodes\n");
631 printf(
"\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n" 632 "\t Please have a look at the conf parameter engine-analysis on what reports\n" 633 "\t can be printed\n");
634 printf(
"\t--pidfile <file> : write pid to this file\n");
635 printf(
"\t--init-errors-fatal : enable fatal failure on signature init error\n");
636 printf(
"\t--disable-detection : disable detection engine\n");
637 printf(
"\t--dump-config : show the running configuration\n");
638 printf(
"\t--build-info : display build information\n");
639 printf(
"\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
640 printf(
"\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
641 printf(
"\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
642 #ifdef HAVE_PCAP_SET_BUFF 643 printf(
"\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
645 #ifdef HAVE_AF_PACKET 646 printf(
"\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
649 printf(
"\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
652 printf(
"\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
653 printf(
"\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
654 printf(
"\t--pfring-cluster-id <id> : pfring cluster id \n");
655 printf(
"\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
657 printf(
"\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
658 #ifdef HAVE_LIBCAP_NG 659 printf(
"\t--user <user> : run suricata as this user after init\n");
660 printf(
"\t--group <group> : run suricata as this group after init\n");
662 printf(
"\t--erf-in <path> : process an ERF file\n");
664 printf(
"\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
667 printf(
"\t--napatech : run Napatech Streams using the API\n");
669 #ifdef BUILD_UNIX_SOCKET 670 printf(
"\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
673 printf(
"\t--windivert <filter> : run in inline WinDivert mode\n");
674 printf(
"\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
676 printf(
"\t--set name=value : set a configuration value\n");
678 printf(
"\nTo run the engine with default configuration on " 679 "interface eth0 with signature file \"signatures.rules\", run the " 680 "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
684 static void PrintBuildInfo(
void)
686 const char *bits =
"<unknown>-bits";
687 const char *endian =
"<unknown>-endian";
688 char features[2048] =
"";
689 const char *tls =
"pthread key";
694 strlcat(features,
"DEBUG ",
sizeof(features));
696 #ifdef DEBUG_VALIDATION 697 strlcat(features,
"DEBUG_VALIDATION ",
sizeof(features));
700 strlcat(features,
"UNITTESTS ",
sizeof(features));
703 strlcat(features,
"NFQ ",
sizeof(features));
706 strlcat(features,
"IPFW ",
sizeof(features));
708 #ifdef HAVE_PCAP_SET_BUFF 709 strlcat(features,
"PCAP_SET_BUFF ",
sizeof(features));
712 strlcat(features,
"PF_RING ",
sizeof(features));
714 #ifdef HAVE_AF_PACKET 715 strlcat(features,
"AF_PACKET ",
sizeof(features));
718 strlcat(features,
"NETMAP ",
sizeof(features));
720 #ifdef HAVE_PACKET_FANOUT 721 strlcat(features,
"HAVE_PACKET_FANOUT ",
sizeof(features));
724 strlcat(features,
"DAG ",
sizeof(features));
726 #ifdef HAVE_LIBCAP_NG 727 strlcat(features,
"LIBCAP_NG ",
sizeof(features));
730 strlcat(features,
"LIBNET1.1 ",
sizeof(features));
732 #ifdef HAVE_HTP_URI_NORMALIZE_HOOK 733 strlcat(features,
"HAVE_HTP_URI_NORMALIZE_HOOK ",
sizeof(features));
736 strlcat(features,
"PCRE_JIT ",
sizeof(features));
739 strlcat(features,
"HAVE_NSS ",
sizeof(features));
742 strlcat(features,
"HAVE_LUA ",
sizeof(features));
745 strlcat(features,
"HAVE_LUAJIT ",
sizeof(features));
747 strlcat(features,
"HAVE_LIBJANSSON ",
sizeof(features));
749 strlcat(features,
"PROFILING ",
sizeof(features));
751 #ifdef PROFILE_LOCKING 752 strlcat(features,
"PROFILE_LOCKING ",
sizeof(features));
755 strlcat(features,
"TLS ",
sizeof(features));
758 strlcat(features,
"MAGIC ",
sizeof(features));
760 strlcat(features,
"RUST ",
sizeof(features));
761 if (strlen(features) == 0) {
762 strlcat(features,
"none",
sizeof(features));
765 printf(
"Features: %s\n", features);
768 memset(features, 0x00,
sizeof(features));
769 #if defined(__SSE4_2__) 770 strlcat(features,
"SSE_4_2 ",
sizeof(features));
772 #if defined(__SSE4_1__) 773 strlcat(features,
"SSE_4_1 ",
sizeof(features));
775 #if defined(__SSE3__) 776 strlcat(features,
"SSE_3 ",
sizeof(features));
778 if (strlen(features) == 0) {
779 strlcat(features,
"none",
sizeof(features));
781 printf(
"SIMD support: %s\n", features);
784 memset(features, 0x00,
sizeof(features));
785 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1) 786 strlcat(features,
"1 ",
sizeof(features));
788 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2) 789 strlcat(features,
"2 ",
sizeof(features));
791 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4) 792 strlcat(features,
"4 ",
sizeof(features));
794 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8) 795 strlcat(features,
"8 ",
sizeof(features));
797 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16) 798 strlcat(features,
"16 ",
sizeof(features));
800 if (strlen(features) == 0) {
801 strlcat(features,
"none",
sizeof(features));
803 strlcat(features,
"byte(s)",
sizeof(features));
805 printf(
"Atomic intrinsics: %s\n", features);
809 #elif __WORDSIZE == 32 813 #if __BYTE_ORDER == __BIG_ENDIAN 814 endian =
"Big-endian";
815 #elif __BYTE_ORDER == __LITTLE_ENDIAN 816 endian =
"Little-endian";
819 printf(
"%s, %s architecture\n", bits, endian);
821 printf(
"GCC version %s, C version %"PRIiMAX
"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
823 printf(
"C version %"PRIiMAX
"\n", (intmax_t)__STDC_VERSION__);
827 printf(
"compiled with -fstack-protector\n");
830 printf(
"compiled with -fstack-protector-all\n");
839 #if _FORTIFY_SOURCE == 2 840 printf(
"compiled with _FORTIFY_SOURCE=2\n");
841 #elif _FORTIFY_SOURCE == 1 842 printf(
"compiled with _FORTIFY_SOURCE=1\n");
843 #elif _FORTIFY_SOURCE == 0 844 printf(
"compiled with _FORTIFY_SOURCE=0\n");
847 printf(
"L1 cache line size (CLS)=%d\n",
CLS);
852 printf(
"thread local storage method: %s\n", tls);
854 printf(
"compiled with %s, linked against %s\n",
855 HTP_VERSION_STRING_FULL, htp_get_version());
857 #include "build-info.h" 943 static TmEcode ParseInterfacesList(
const int runmode,
char *pcap_dev)
949 if (strlen(pcap_dev) == 0) {
959 if (strlen(pcap_dev)) {
960 if (
ConfSetFinal(
"pfring.live-interface", pcap_dev) != 1) {
968 #ifdef HAVE_AF_PACKET 971 if (strlen(pcap_dev)) {
972 if (
ConfSetFinal(
"af-packet.live-interface", pcap_dev) != 1) {
987 if (strlen(pcap_dev)) {
988 if (
ConfSetFinal(
"netmap.live-interface", pcap_dev) != 1) {
1013 static void SCInstanceInit(
SCInstance *suri,
const char *progname)
1015 memset(suri, 0x00,
sizeof(*suri));
1042 #if HAVE_DETECT_DISABLED==1 1063 if (strstr(
PROG_VER,
"-dev") == NULL) {
1074 static TmEcode PrintVersion(
void)
1082 const char *mode = suri->
system ?
"SYSTEM" :
"USER";
1083 SCLogNotice(
"This is %s version %s running in %s mode",
1094 static void SCPrintElapsedTime(
struct timeval *start_time)
1096 if (start_time == NULL)
1098 struct timeval end_time;
1099 memset(&end_time, 0,
sizeof(end_time));
1100 gettimeofday(&end_time, NULL);
1101 uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1102 (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1103 SCLogInfo(
"time elapsed %.3fs", (
float)milliseconds/(
float)1000);
1106 static int ParseCommandLineAfpacket(
SCInstance *suri,
const char *in_arg)
1108 #ifdef HAVE_AF_PACKET 1120 SCLogInfo(
"Multiple af-packet option without interface on each is useless");
1124 "has been specified");
1131 "host, make sure to pass --enable-af-packet to " 1132 "configure when building.");
1137 static int ParseCommandLinePcapLive(
SCInstance *suri,
const char *in_arg)
1141 if (in_arg != NULL) {
1144 if (strlen(in_arg) > 9 && strncmp(in_arg,
"DeviceNPF", 9) == 0) {
1145 snprintf(suri->
pcap_dev,
sizeof(suri->
pcap_dev),
"\\Device\\NPF%s", in_arg+9);
1151 if (strcmp(suri->
pcap_dev, in_arg) != 0) {
1153 }
else if (strlen(suri->
pcap_dev) > 0 && isdigit((
unsigned char)suri->
pcap_dev[0])) {
1168 "has been specified");
1178 static bool IsLogDirectoryWritable(
const char*
str)
1180 if (access(str, W_OK) == 0)
1185 static void ParseCommandLineAFL(
const char *opt_name,
char *opt_arg)
1187 #ifdef AFLFUZZ_RULES 1188 if(strcmp(opt_name,
"afl-rules") == 0) {
1191 exit(RuleParseDataFromFile(opt_arg));
1194 #ifdef AFLFUZZ_APPLAYER 1195 if(strcmp(opt_name,
"afl-http-request") == 0) {
1202 exit(AppLayerParserRequestFromFile(IPPROTO_TCP,
ALPROTO_HTTP, opt_arg));
1203 }
else if(strcmp(opt_name,
"afl-http") == 0) {
1210 exit(AppLayerParserFromFile(IPPROTO_TCP,
ALPROTO_HTTP, opt_arg));
1212 }
else if(strcmp(opt_name,
"afl-tls-request") == 0) {
1219 exit(AppLayerParserRequestFromFile(IPPROTO_TCP,
ALPROTO_TLS, opt_arg));
1220 }
else if(strcmp(opt_name,
"afl-tls") == 0) {
1227 exit(AppLayerParserFromFile(IPPROTO_TCP,
ALPROTO_TLS, opt_arg));
1229 }
else if(strcmp(opt_name,
"afl-dns-request") == 0) {
1232 exit(AppLayerParserRequestFromFile(IPPROTO_UDP,
ALPROTO_DNS, opt_arg));
1233 }
else if(strcmp(opt_name,
"afl-dns") == 0) {
1237 exit(AppLayerParserFromFile(IPPROTO_UDP,
ALPROTO_DNS, opt_arg));
1239 }
else if(strcmp(opt_name,
"afl-dnstcp-request") == 0) {
1242 exit(AppLayerParserRequestFromFile(IPPROTO_TCP,
ALPROTO_DNS, opt_arg));
1243 }
else if(strcmp(opt_name,
"afl-dnstcp") == 0) {
1247 exit(AppLayerParserFromFile(IPPROTO_TCP,
ALPROTO_DNS, opt_arg));
1249 }
else if(strcmp(opt_name,
"afl-ssh-request") == 0) {
1255 exit(AppLayerParserRequestFromFile(IPPROTO_TCP,
ALPROTO_SSH, opt_arg));
1256 }
else if(strcmp(opt_name,
"afl-ssh") == 0) {
1263 exit(AppLayerParserFromFile(IPPROTO_TCP,
ALPROTO_SSH, opt_arg));
1265 }
else if(strcmp(opt_name,
"afl-ftp-request") == 0) {
1273 exit(AppLayerParserRequestFromFile(IPPROTO_TCP,
ALPROTO_FTP, opt_arg));
1274 }
else if(strcmp(opt_name,
"afl-ftp") == 0) {
1282 exit(AppLayerParserFromFile(IPPROTO_TCP,
ALPROTO_FTP, opt_arg));
1284 }
else if(strcmp(opt_name,
"afl-smtp-request") == 0) {
1291 exit(AppLayerParserRequestFromFile(IPPROTO_TCP,
ALPROTO_SMTP, opt_arg));
1292 }
else if(strcmp(opt_name,
"afl-smtp") == 0) {
1299 exit(AppLayerParserFromFile(IPPROTO_TCP,
ALPROTO_SMTP, opt_arg));
1301 }
else if(strcmp(opt_name,
"afl-smb-request") == 0) {
1307 exit(AppLayerParserRequestFromFile(IPPROTO_TCP,
ALPROTO_SMB, opt_arg));
1308 }
else if(strcmp(opt_name,
"afl-smb") == 0) {
1315 exit(AppLayerParserFromFile(IPPROTO_TCP,
ALPROTO_SMB, opt_arg));
1316 }
else if(strstr(opt_name,
"afl-dcerpc-request") != NULL) {
1323 if (strcmp(opt_name,
"afl-dcerpc-request") == 0)
1324 exit(AppLayerParserRequestFromFile(IPPROTO_TCP,
ALPROTO_DCERPC, opt_arg));
1326 exit(AppLayerParserRequestFromFileSerie(IPPROTO_TCP,
ALPROTO_DCERPC, opt_arg));
1327 }
else if(strstr(opt_name,
"afl-dcerpc") != NULL) {
1334 if (strcmp(opt_name,
"afl-dcerpc") == 0)
1335 exit(AppLayerParserFromFile(IPPROTO_TCP,
ALPROTO_DCERPC, opt_arg));
1337 exit(AppLayerParserFromFileSerie(IPPROTO_TCP,
ALPROTO_DCERPC, opt_arg));
1338 }
else if(strcmp(opt_name,
"afl-modbus-request") == 0) {
1342 exit(AppLayerParserRequestFromFile(IPPROTO_TCP,
ALPROTO_MODBUS, opt_arg));
1343 }
else if(strcmp(opt_name,
"afl-modbus") == 0) {
1347 exit(AppLayerParserFromFile(IPPROTO_TCP,
ALPROTO_MODBUS, opt_arg));
1348 }
else if(strcmp(opt_name,
"afl-enip-request") == 0) {
1352 exit(AppLayerParserRequestFromFile(IPPROTO_TCP,
ALPROTO_ENIP, opt_arg));
1353 }
else if(strcmp(opt_name,
"afl-enip") == 0) {
1357 exit(AppLayerParserFromFile(IPPROTO_TCP,
ALPROTO_ENIP, opt_arg));
1358 }
else if(strcmp(opt_name,
"afl-dnp3-request") == 0) {
1361 exit(AppLayerParserRequestFromFile(IPPROTO_TCP,
ALPROTO_DNP3, opt_arg));
1362 }
else if(strcmp(opt_name,
"afl-dnp3") == 0) {
1365 exit(AppLayerParserFromFile(IPPROTO_TCP,
ALPROTO_DNP3, opt_arg));
1369 if(strcmp(opt_name,
"afl-mime") == 0) {
1371 exit(MimeParserDataFromFile(opt_arg));
1374 #ifdef AFLFUZZ_DECODER 1375 if(strstr(opt_name,
"afl-decoder-ppp") != NULL) {
1380 if (strcmp(opt_name,
"afl-decoder-ppp") == 0)
1381 exit(DecoderParseDataFromFile(opt_arg,
DecodePPP));
1383 exit(DecoderParseDataFromFileSerie(opt_arg,
DecodePPP));
1384 }
else if(strstr(opt_name,
"afl-decoder-ipv4") != NULL) {
1389 if (strcmp(opt_name,
"afl-decoder-ipv4") == 0)
1390 exit(DecoderParseDataFromFile(opt_arg, AFLDecodeIPV4));
1392 exit(DecoderParseDataFromFileSerie(opt_arg, AFLDecodeIPV4));
1393 }
else if(strstr(opt_name,
"afl-decoder-ipv6") != NULL) {
1398 if (strcmp(opt_name,
"afl-decoder-ipv6") == 0)
1399 exit(DecoderParseDataFromFile(opt_arg, AFLDecodeIPV6));
1401 exit(DecoderParseDataFromFileSerie(opt_arg, AFLDecodeIPV6));
1402 }
else if(strstr(opt_name,
"afl-decoder-ethernet") != NULL) {
1407 if (strcmp(opt_name,
"afl-decoder-ethernet") == 0)
1411 }
else if(strstr(opt_name,
"afl-decoder-erspan") != NULL) {
1416 if (strcmp(opt_name,
"afl-decoder-erspan") == 0)
1419 exit(DecoderParseDataFromFileSerie(opt_arg,
DecodeERSPAN));
1423 if(strcmp(opt_name,
"afl-der") == 0) {
1425 exit(DerParseDataFromFile(opt_arg));
1437 int dump_config = 0;
1438 int list_app_layer_protocols = 0;
1439 int list_unittests = 0;
1440 int list_runmodes = 0;
1441 int list_keywords = 0;
1444 #ifdef AFLFUZZ_CONF_TEST 1445 int conf_test_force_success = 0;
1451 coverage_unittests = 0;
1456 struct option long_opts[] = {
1457 {
"dump-config", 0, &dump_config, 1},
1458 {
"pfring", optional_argument, 0, 0},
1459 {
"pfring-int", required_argument, 0, 0},
1460 {
"pfring-cluster-id", required_argument, 0, 0},
1461 {
"pfring-cluster-type", required_argument, 0, 0},
1462 {
"af-packet", optional_argument, 0, 0},
1463 {
"netmap", optional_argument, 0, 0},
1464 {
"pcap", optional_argument, 0, 0},
1465 {
"pcap-file-continuous", 0, 0, 0},
1466 {
"pcap-file-delete", 0, 0, 0},
1467 {
"simulate-ips", 0, 0 , 0},
1469 {
"strict-rule-keywords", optional_argument, 0, 0},
1472 {
"afl-http-request", required_argument, 0 , 0},
1473 {
"afl-http", required_argument, 0 , 0},
1474 {
"afl-tls-request", required_argument, 0 , 0},
1475 {
"afl-tls", required_argument, 0 , 0},
1476 {
"afl-dns-request", required_argument, 0 , 0},
1477 {
"afl-dns", required_argument, 0 , 0},
1478 {
"afl-ssh-request", required_argument, 0 , 0},
1479 {
"afl-ssh", required_argument, 0 , 0},
1480 {
"afl-ftp-request", required_argument, 0 , 0},
1481 {
"afl-ftp", required_argument, 0 , 0},
1482 {
"afl-smtp-request", required_argument, 0 , 0},
1483 {
"afl-smtp", required_argument, 0 , 0},
1484 {
"afl-smb-request", required_argument, 0 , 0},
1485 {
"afl-smb", required_argument, 0 , 0},
1486 {
"afl-modbus-request", required_argument, 0 , 0},
1487 {
"afl-modbus", required_argument, 0 , 0},
1488 {
"afl-enip-request", required_argument, 0 , 0},
1489 {
"afl-enip", required_argument, 0 , 0},
1490 {
"afl-mime", required_argument, 0 , 0},
1491 {
"afl-dnp3-request", required_argument, 0, 0},
1492 {
"afl-dnp3", required_argument, 0, 0},
1493 {
"afl-dcerpc", required_argument, 0, 0},
1494 {
"afl-dcerpc-serie", required_argument, 0, 0},
1495 {
"afl-dcerpc-request", required_argument, 0, 0},
1496 {
"afl-dcerpc-request-serie", required_argument, 0, 0},
1499 {
"afl-rules", required_argument, 0 , 0},
1500 {
"afl-mime", required_argument, 0 , 0},
1501 {
"afl-decoder-ppp", required_argument, 0 , 0},
1502 {
"afl-decoder-ppp-serie", required_argument, 0 , 0},
1503 {
"afl-decoder-ethernet", required_argument, 0 , 0},
1504 {
"afl-decoder-ethernet-serie", required_argument, 0 , 0},
1505 {
"afl-decoder-erspan", required_argument, 0 , 0},
1506 {
"afl-decoder-erspan-serie", required_argument, 0 , 0},
1507 {
"afl-decoder-ipv4", required_argument, 0 , 0},
1508 {
"afl-decoder-ipv4-serie", required_argument, 0 , 0},
1509 {
"afl-decoder-ipv6", required_argument, 0 , 0},
1510 {
"afl-decoder-ipv6-serie", required_argument, 0 , 0},
1511 {
"afl-der", required_argument, 0, 0},
1513 #ifdef BUILD_UNIX_SOCKET 1514 {
"unix-socket", optional_argument, 0, 0},
1516 {
"pcap-buffer-size", required_argument, 0, 0},
1517 {
"unittest-filter", required_argument, 0,
'U'},
1518 {
"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1519 {
"list-unittests", 0, &list_unittests, 1},
1520 {
"list-runmodes", 0, &list_runmodes, 1},
1521 {
"list-keywords", optional_argument, &list_keywords, 1},
1522 {
"runmode", required_argument, NULL, 0},
1525 {
"service-install", 0, 0, 0},
1526 {
"service-remove", 0, 0, 0},
1527 {
"service-change-params", 0, 0, 0},
1529 {
"pidfile", required_argument, 0, 0},
1530 {
"init-errors-fatal", 0, 0, 0},
1531 {
"disable-detection", 0, 0, 0},
1532 {
"fatal-unittests", 0, 0, 0},
1534 {
"user", required_argument, 0, 0},
1535 {
"group", required_argument, 0, 0},
1536 {
"erf-in", required_argument, 0, 0},
1537 {
"dag", required_argument, 0, 0},
1538 {
"napatech", 0, 0, 0},
1539 {
"build-info", 0, &build_info, 1},
1540 {
"data-dir", required_argument, 0, 0},
1542 {
"windivert", required_argument, 0, 0},
1543 {
"windivert-forward", required_argument, 0, 0},
1545 {
"set", required_argument, 0, 0},
1547 {
"nflog", optional_argument, 0, 0},
1549 #ifdef AFLFUZZ_CONF_TEST 1550 {
"afl-parse-rules", 0, &conf_test_force_success, 1},
1556 int option_index = 0;
1558 char short_opts[] =
"c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1560 while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1563 if (strcmp((long_opts[option_index]).name ,
"pfring") == 0 ||
1564 strcmp((long_opts[option_index]).name ,
"pfring-int") == 0) {
1567 if (optarg != NULL) {
1570 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1571 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1576 "to pass --enable-pfring to configure when building.");
1580 else if(strcmp((long_opts[option_index]).name ,
"pfring-cluster-id") == 0){
1583 fprintf(stderr,
"ERROR: Failed to set pfring.cluster-id.\n");
1588 "to pass --enable-pfring to configure when building.");
1592 else if(strcmp((long_opts[option_index]).name ,
"pfring-cluster-type") == 0){
1594 if (
ConfSetFinal(
"pfring.cluster-type", optarg) != 1) {
1595 fprintf(stderr,
"ERROR: Failed to set pfring.cluster-type.\n");
1600 "to pass --enable-pfring to configure when building.");
1604 else if (strcmp((long_opts[option_index]).name ,
"af-packet") == 0)
1606 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1609 }
else if (strcmp((long_opts[option_index]).name ,
"netmap") == 0){
1617 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1618 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1624 SCLogInfo(
"Multiple netmap option without interface on each is useless");
1629 "has been specified");
1630 PrintUsage(argv[0]);
1637 }
else if (strcmp((long_opts[option_index]).name,
"nflog") == 0) {
1647 }
else if (strcmp((long_opts[option_index]).name ,
"pcap") == 0) {
1648 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1651 }
else if(strncmp((long_opts[option_index]).name,
"afl-", 4) == 0) {
1652 ParseCommandLineAFL((long_opts[option_index]).name, optarg);
1653 }
else if(strcmp((long_opts[option_index]).name,
"simulate-ips") == 0) {
1656 }
else if(strcmp((long_opts[option_index]).name,
"init-errors-fatal") == 0) {
1657 if (
ConfSetFinal(
"engine.init-failure-fatal",
"1") != 1) {
1658 fprintf(stderr,
"ERROR: Failed to set engine init-failure-fatal.\n");
1661 #ifdef BUILD_UNIX_SOCKET 1662 }
else if (strcmp((long_opts[option_index]).name ,
"unix-socket") == 0) {
1666 if (
ConfSetFinal(
"unix-command.filename", optarg) != 1) {
1667 fprintf(stderr,
"ERROR: Failed to set unix-command.filename.\n");
1674 "has been specified");
1675 PrintUsage(argv[0]);
1680 else if(strcmp((long_opts[option_index]).name,
"list-app-layer-protocols") == 0) {
1683 else if(strcmp((long_opts[option_index]).name,
"list-unittests") == 0) {
1687 fprintf(stderr,
"ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1690 }
else if (strcmp((long_opts[option_index]).name,
"list-runmodes") == 0) {
1693 }
else if (strcmp((long_opts[option_index]).name,
"list-keywords") == 0) {
1695 if (strcmp(
"short",optarg)) {
1699 }
else if (strcmp((long_opts[option_index]).name,
"runmode") == 0) {
1701 }
else if(strcmp((long_opts[option_index]).name,
"engine-analysis") == 0) {
1705 else if(strcmp((long_opts[option_index]).name,
"service-install") == 0) {
1706 suri->
run_mode = RUNMODE_INSTALL_SERVICE;
1709 else if(strcmp((long_opts[option_index]).name,
"service-remove") == 0) {
1710 suri->
run_mode = RUNMODE_REMOVE_SERVICE;
1713 else if(strcmp((long_opts[option_index]).name,
"service-change-params") == 0) {
1714 suri->
run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1718 else if(strcmp((long_opts[option_index]).name,
"pidfile") == 0) {
1726 else if(strcmp((long_opts[option_index]).name,
"disable-detection") == 0) {
1729 else if(strcmp((long_opts[option_index]).name,
"fatal-unittests") == 0) {
1733 fprintf(stderr,
"ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1737 else if(strcmp((long_opts[option_index]).name,
"user") == 0) {
1738 #ifndef HAVE_LIBCAP_NG 1740 " drop privileges, but it was not compiled into Suricata.");
1747 else if(strcmp((long_opts[option_index]).name,
"group") == 0) {
1748 #ifndef HAVE_LIBCAP_NG 1750 " drop privileges, but it was not compiled into Suricata.");
1757 else if (strcmp((long_opts[option_index]).name,
"erf-in") == 0) {
1760 fprintf(stderr,
"ERROR: Failed to set erf-file.file\n");
1764 else if (strcmp((long_opts[option_index]).name,
"dag") == 0) {
1771 "more than one run mode has been specified");
1772 PrintUsage(argv[0]);
1778 " to receive packets using --dag.");
1782 else if (strcmp((long_opts[option_index]).name,
"napatech") == 0) {
1783 #ifdef HAVE_NAPATECH 1787 " to capture packets using --napatech.");
1791 else if(strcmp((long_opts[option_index]).name,
"pcap-buffer-size") == 0) {
1792 #ifdef HAVE_PCAP_SET_BUFF 1794 fprintf(stderr,
"ERROR: Failed to set pcap-buffer-size.\n");
1799 " doesn't support setting buffer size.");
1802 else if(strcmp((long_opts[option_index]).name,
"build-info") == 0) {
1806 else if(strcmp((long_opts[option_index]).name,
"windivert-forward") == 0) {
1810 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1814 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1819 "has been specified");
1820 PrintUsage(argv[0]);
1824 else if(strcmp((long_opts[option_index]).name,
"windivert") == 0) {
1827 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1831 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1836 "has been specified");
1837 PrintUsage(argv[0]);
1845 else if (strcmp((long_opts[option_index]).name,
"set") == 0) {
1846 if (optarg != NULL) {
1848 char *val = strchr(optarg,
'=');
1851 "Invalid argument for --set, must be key=val.");
1855 fprintf(stderr,
"Failed to set configuration value %s.",
1861 else if (strcmp((long_opts[option_index]).name,
"pcap-file-continuous") == 0) {
1862 if (
ConfSetFinal(
"pcap-file.continuous",
"true") != 1) {
1867 else if (strcmp((long_opts[option_index]).name,
"pcap-file-delete") == 0) {
1868 if (
ConfSetFinal(
"pcap-file.delete-when-done",
"true") != 1) {
1873 else if (strcmp((long_opts[option_index]).name,
"data-dir") == 0) {
1874 if (optarg == NULL) {
1885 " supplied at the commandline (-d %s) doesn't " 1886 "exist. Shutting down the engine.", optarg, optarg);
1890 }
else if (strcmp((long_opts[option_index]).name ,
"strict-rule-keywords") == 0){
1891 if (optarg == NULL) {
1905 SCLogInfo(
"Running suricata under test mode");
1907 if (
ConfSetFinal(
"engine.init-failure-fatal",
"1") != 1) {
1908 fprintf(stderr,
"ERROR: Failed to set engine init-failure-fatal.\n");
1921 if (optarg == NULL) {
1925 #ifdef HAVE_AF_PACKET 1926 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1931 #if defined HAVE_PFRING || HAVE_NETMAP 1940 "option%s %s available:" 1942 " PF_RING (--pfring-int=%s)" 1945 " NETMAP (--netmap=%s)" 1947 ". Use --pcap=%s to suppress this warning",
1948 i == 1 ?
"" :
"s", i == 1 ?
"is" :
"are" 1958 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1964 if (optarg == NULL) {
1975 " supplied at the commandline (-l %s) doesn't " 1976 "exist. Shutting down the engine.", optarg, optarg);
1979 if (!IsLogDirectoryWritable(optarg)) {
1981 " supplied at the commandline (-l %s) is not " 1982 "writable. Shutting down the engine.", optarg, optarg);
2000 "has been specified");
2001 PrintUsage(argv[0]);
2021 "has been specified");
2022 PrintUsage(argv[0]);
2035 "has been specified");
2036 PrintUsage(argv[0]);
2041 if(_stat(optarg, &buf) != 0) {
2044 if (stat(optarg, &buf) != 0) {
2077 PrintUsage(argv[0]);
2081 fprintf(stderr,
"ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
2097 if (optarg == NULL) {
2102 SetBpfStringFromFile(optarg);
2108 if (optarg == NULL) {
2112 if (!strcmp(
"all", optarg))
2114 else if (!strcmp(
"none", optarg))
2122 PrintUsage(argv[0]);
2131 #ifdef AFLFUZZ_CONF_TEST 2132 if (conf_test && conf_test_force_success) {
2139 "can't use -l and unix socket runmode at the same time");
2146 if (list_app_layer_protocols)
2156 if (engine_analysis)
2162 ret = SetBpfString(optind, argv);
2170 static int WindowsInitService(
int argc,
char **argv)
2172 if (SCRunningAsService()) {
2173 char path[MAX_PATH];
2175 strlcpy(path, argv[0], MAX_PATH);
2176 if ((p = strrchr(path,
'\\'))) {
2179 if (!SetCurrentDirectory(path)) {
2183 SCLogInfo(
"Current directory is set to: %s", path);
2184 SCServiceInit(argc, argv);
2189 if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
2201 const char *pid_filename;
2203 if (
ConfGet(
"pid-file", &pid_filename) == 1) {
2204 SCLogInfo(
"Use pid file %s from config file.", pid_filename);
2231 "Unable to create PID file, concurrent run of" 2232 " Suricata can occur.");
2234 "PID file creation WILL be mandatory for daemon mode" 2235 " in future version");
2242 static int InitSignalHandler(
SCInstance *suri)
2256 if (
ConfGet(
"run-as.user", &
id) == 1) {
2260 if (
ConfGet(
"run-as.group", &
id) == 1) {
2344 SCPrintElapsedTime(start_time);
2377 static int StartInternalRunMode(
SCInstance *suri,
int argc,
char **argv)
2394 PrintUsage(argv[0]);
2404 case RUNMODE_INSTALL_SERVICE:
2405 if (SCServiceInstall(argc, argv)) {
2408 SCLogInfo(
"Suricata service has been successfuly installed.");
2410 case RUNMODE_REMOVE_SERVICE:
2411 if (SCServiceRemove(argc, argv)) {
2414 SCLogInfo(
"Suricata service has been successfuly removed.");
2416 case RUNMODE_CHANGE_SERVICE_PARAMS:
2417 if (SCServiceChangeParams(argc, argv)) {
2420 SCLogInfo(
"Suricata service startup parameters has been successfuly changed.");
2430 static int FinalizeRunMode(
SCInstance *suri,
char **argv)
2434 PrintUsage(argv[0]);
2449 static void SetupDelayedDetect(
SCInstance *suri)
2458 if (decnf != NULL) {
2460 if (strcmp(denode->
val,
"delayed-detect") == 0) {
2470 SCLogInfo(
"Packets will start being processed before signatures are active.");
2486 static int ConfigGetCaptureValue(
SCInstance *suri)
2494 "Maximum max-pending-packets setting is 65534. " 2503 const char *temp_default_packet_size;
2504 if ((
ConfGet(
"default-packet-size", &temp_default_packet_size)) != 1) {
2508 int strip_trailing_plus = 0;
2513 mtu = GetGlobalMTUWin32();
2529 strip_trailing_plus = 1;
2535 for (lthread = 0; lthread < nlive; lthread++) {
2538 (void)
strlcpy(dev, live_dev,
sizeof(dev));
2540 if (strip_trailing_plus) {
2541 size_t len = strlen(dev);
2543 (dev[len-1] ==
'+' ||
2544 dev[len-1] ==
'^' ||
2567 "from conf file - %s. Killing engine",
2568 temp_default_packet_size);
2578 static void PostRunStartedDetectSetup(
const SCInstance *suri)
2592 SCLogNotice(
"Signature(s) loaded, Detect thread(s) activated.");
2600 static void PostConfLoadedDetectSetup(
SCInstance *suri)
2606 SetupDelayedDetect(suri);
2608 (void)
ConfGetBool(
"multi-detect.enabled", &mt_enabled);
2609 int default_tenant = 0;
2611 (void)
ConfGetBool(
"multi-detect.default", &default_tenant);
2614 "detection engine contexts failed.");
2624 if (de_ctx == NULL) {
2641 static int PostDeviceFinalizedSetup(
SCInstance *suri)
2645 #ifdef HAVE_AF_PACKET 2648 SCLogInfo(
"AF_PACKET: Setting IPS mode");
2665 static void PostConfLoadedSetupHostMode(
void)
2667 const char *hostmode = NULL;
2670 if (!strcmp(hostmode,
"router")) {
2672 }
else if (!strcmp(hostmode,
"sniffer-only")) {
2675 if (strcmp(hostmode,
"auto") != 0) {
2687 SCLogInfo(
"No 'host-mode': suricata is in IPS mode, using " 2688 "default setting 'router'");
2691 SCLogInfo(
"No 'host-mode': suricata is in IDS mode, using " 2692 "default setting 'sniffer-only'");
2701 if (suri->
system ==
false) {
2721 static int PostConfLoadedSetup(
SCInstance *suri)
2725 if (LuajitSetupStatesPool() != 0) {
2734 int disable_offloading;
2735 if (
ConfGetBool(
"capture.disable-offloading", &disable_offloading) == 0)
2736 disable_offloading = 1;
2737 if (disable_offloading) {
2744 const char *cv = NULL;
2745 if (
ConfGetValue(
"capture.checksum-validation", &cv) == 1) {
2746 if (strcmp(cv,
"none") == 0) {
2748 }
else if (strcmp(cv,
"all") == 0) {
2755 ConfSet(
"stream.checksum-validation",
"0");
2758 ConfSet(
"stream.checksum-validation",
"1");
2767 #ifdef HAVE_PACKET_EBPF 2768 EBPFRegisterExtension();
2776 const char *custom_umask;
2777 if (
ConfGet(
"umask", &custom_umask) == 1) {
2780 custom_umask) > 0) {
2781 umask((mode_t)mask);
2799 SCLogInfo(
"== Carrying out Engine Analysis ==");
2800 const char *temp = NULL;
2801 if (
ConfGet(
"engine-analysis", &temp) == 0) {
2802 SCLogInfo(
"no engine-analysis parameter(s) defined in conf file. " 2803 "Please define/enable them in the conf to use this " 2825 "basic address vars test failed. Please check %s for errors",
2831 "basic port vars test failed. Please check %s for errors",
2856 "supplied by %s (default-log-dir) doesn't exist. " 2860 if (!IsLogDirectoryWritable(suri->
log_dir)) {
2862 "supplied by %s (default-log-dir) is not writable. " 2871 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
2872 NSS_NoDB_Init(NULL);
2884 if (MagicInit() != 0)
2896 if (PostDeviceFinalizedSetup(&suricata) !=
TM_ECODE_OK) {
2901 PostConfLoadedSetupHostMode();
2908 static void SuricataMainLoop(
SCInstance *suri)
2946 SCInstanceInit(&suricata, argv[0]);
2989 if (WindowsInitService(argc, argv) != 0) {
2997 if (ParseCommandLine(argc, argv, &suricata) !=
TM_ECODE_OK) {
3001 if (FinalizeRunMode(&suricata, argv) !=
TM_ECODE_OK) {
3005 switch (StartInternalRunMode(&suricata, argc, argv)) {
3025 int vlan_tracking = 1;
3026 if (
ConfGetBool(
"vlan.use-for-tracking", &vlan_tracking) == 1 && !vlan_tracking) {
3030 SCLogDebug(
"vlan tracking is %s", vlan_tracking == 1 ?
"enabled" :
"disabled");
3032 SetupUserMode(&suricata);
3038 LogVersion(&suricata);
3045 if (PostConfLoadedSetup(&suricata) !=
TM_ECODE_OK) {
3056 PostConfLoadedDetectSetup(&suricata);
3060 SCLogNotice(
"Configuration provided was successfully loaded. Exiting.");
3064 SCSetStartTime(&suricata);
3083 PostRunStartedDetectSetup(&suricata);
3085 #ifdef DBG_MEM_ALLOC 3086 SCLogInfo(
"Memory used at startup: %"PRIdMAX, (intmax_t)global_mem);
3087 #ifdef DBG_MEM_ALLOC_SKIP_STARTUP 3093 SuricataMainLoop(&suricata);
3104 GlobalsDestroy(&suricata);
void(* AppLayerDecoderEventsFreeEvents)(AppLayerDecoderEvents **)
void HostShutdown(void)
shutdown the flow engine
void RegisterSMBParsers(void)
void AppLayerParserPostStreamSetup(void)
void SCThresholdConfGlobalFree(void)
TmEcode ConfigSetLogDirectory(char *name)
void AppLayerHtpPrintStats(void)
int DecodePPP(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len, PacketQueue *pq)
int ConfSet(const char *name, const char *val)
Set a configuration value.
void TmqResetQueues(void)
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
void DatasetsDestroy(void)
void RegisterSMTPParsers(void)
Register the SMTP Protocol parser.
void EngineDone(void)
Used to indicate that the current task is done.
void SCReferenceConfInit(void)
void SCProfilingRulesGlobalInit(void)
void DetectEnginePruneFreeList(void)
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
void HostCleanup(void)
Cleanup the host engine.
int AppLayerProtoDetectSetup(void)
The first function to be called. This initializes a global protocol detection context.
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
#define TAILQ_FOREACH(var, head, field)
void StatsReleaseResources()
Releases the resources alloted by the Stats API.
void FlowForceReassembly(void)
Force reassembly for all the flows that have unprocessed segments.
struct HtpBodyChunk_ * next
TmEcode ConfigCheckDataDirectory(const char *data_dir)
size_t strlcpy(char *dst, const char *src, size_t siz)
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
char * runmode_custom_mode
void HostBitInitCtx(void)
int StorageFinalize(void)
volatile sig_atomic_t sigint_count
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
void NFQContextsClean()
Clean global contexts. Must be called on exit.
void SCProfilingDestroy(void)
Free resources used by profiling.
void TmModuleReceiveWinDivertRegister(void)
void DetectParseFreeRegexes(void)
int AppLayerDeSetup(void)
De initializes the app layer.
#define SCSetThreadName(n)
int(* FileAppendGAPById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len)
void TmThreadDisablePacketThreads(void)
Disable all threads having the specified TMs.
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
void ConfDeInit(void)
De-initializes the configuration system.
void RunUnittests(int list_unittests, const char *regex_arg)
const char * LiveGetDeviceNameName(int number)
Get a pointer to the pre device name at idx.
void AFPPeersListClean()
Clean the global peers list.
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
DetectEngineCtx * DetectEngineGetCurrent(void)
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as an boolen.
void SCThresholdConfGlobalInit(void)
void SCProtoNameInit()
Function to load the protocol names from the specified protocol file.
void RegisterSSHParsers(void)
Function to register the SSH protocol parsers and other functions.
bool IsRunModeOffline(enum RunModes run_mode_to_check)
int GetIfaceMaxPacketSize(const char *pcap_dev)
output max packet size for a link
size_t strlcat(char *, const char *src, size_t siz)
void TmModuleReceiveNFLOGRegister(void)
void TmqhCleanup(void)
Clean up registration time allocs.
void TmModuleDecodeNFLOGRegister(void)
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
void RegisterDNSTCPParsers(void)
int LiveBuildDeviceList(const char *runmode)
void SigTableApplyStrictCommandlineOption(const char *str)
void AppLayerDecoderEventsSetEventRaw(AppLayerDecoderEvents **sevents, uint8_t event)
Set an app layer decoder event.
int ConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
void TmModuleRunInit(void)
int AppLayerSetup(void)
Setup the app layer.
void RegisterAllModules(void)
volatile uint8_t suricata_ctl_flags
void DetectEngineReloadSetIdle(void)
void StreamTcpFreeConfig(char quiet)
void DecodeGlobalConfig(void)
void TagDestroyCtx(void)
Destroy tag context hash tables.
void TmThreadClearThreadsFamily(int family)
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
void NFQInitConfig(char quiet)
To initialize the NFQ global configuration data.
void FileContainerSetTx(FileContainer *ffc, uint64_t tx_id)
int EngineModeIsIPS(void)
int profiling_rules_enabled
int FileCloseFileById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)
void TmModuleNapatechStreamRegister(void)
Register the Napatech receiver (reader) module.
void TmModuleVerdictWinDivertRegister(void)
void MpmHSGlobalCleanup(void)
void RunModeInitializeOutputs(void)
void TmModuleReceivePcapFileRegister(void)
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread...
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
void SCLogLoadConfig(int daemon, int verbose)
#define SC_ATOMIC_DESTROY(name)
Destroy the lock used to protect this variable.
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
void IPPairBitInitCtx(void)
void TmModuleNapatechDecodeRegister(void)
Register the Napatech decoder module.
void TmModuleDecodeNFQRegister(void)
volatile sig_atomic_t sigterm_count
void LiveDevRegisterExtension(void)
main detection engine ctx
void HostInitConfig(char quiet)
initialize the configuration
int ByteExtractStringUint16(uint16_t *res, int base, uint16_t len, const char *str)
const char * GetProgramVersion(void)
get string with program version
void IPPairInitConfig(char quiet)
initialize the configuration
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
void TmModuleDecodePcapFileRegister(void)
int EngineModeIsIDS(void)
void LiveDeviceFinalize(void)
#define DEFAULT_PID_FILENAME
#define SC_ATOMIC_INIT(name)
Initialize the previously declared atomic variable and it's lock.
void(* FilePrune)(FileContainer *ffc)
int(* FileAppendDataById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len)
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
int LiveDeviceListClean()
int(* FileOpenFileWithId)(FileContainer *, const StreamingBufferConfig *, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags)
intmax_t max_pending_packets
void ConfDump(void)
Dump configuration to stdout.
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
int ConfGetChildValueBool(const ConfNode *base, const char *name, int *val)
void PreRunInit(const int runmode)
void TmModuleFlowManagerRegister(void)
void SCClassConfInit(void)
void RunModeDispatch(int runmode, const char *custom_mode)
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
struct timeval last_reload
void TmThreadKillThreadsFamily(int family)
void TmModuleReceiveNetmapRegister(void)
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
int(* FileCloseFileById)(FileContainer *, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)
void SCProfilingPrefilterGlobalInit(void)
int SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
void ConfInit(void)
Initialize the configuration system.
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
void ParseSizeDeinit(void)
void RegisterFTPParsers(void)
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
void GlobalsInitPreConfig(void)
#define SCDropMainThreadCaps(...)
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
volatile sig_atomic_t sigusr2_count
void StreamTcpInitConfig(char)
To initialize the stream global configuration data.
int DetectAddressTestConfVars(void)
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
int ConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
const char * conf_filename
int GetIfaceMTU(const char *pcap_dev)
output the link MTU
void RegisterHTPParsers(void)
Register the HTTP protocol and state handling functions to APP layer of the engine.
int DecodeERSPAN(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len, PacketQueue *pq)
Function to decode ERSPAN packets.
int DetectEngineEnabled(void)
Check if detection is enabled.
void TmModuleLoggerRegister(void)
void TmThreadContinueThreads()
Unpauses all threads present in tv_root.
void TmModuleFlowWorkerRegister(void)
void DetectEngineStateFree(DetectEngineState *state)
Frees a DetectEngineState object.
int ConfGetValue(const char *name, const char **vptr)
Retrieve the value of a configuration node.
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
int RunmodeIsUnittests(void)
void StatsSetupPostConfigPreOutput(void)
#define SCMutexInit(mut, mutattrs)
void StatsSetupPostConfigPostOutput(void)
void PacketPoolDestroy(void)
void FilePrune(FileContainer *ffc)
int AppLayerParserSetup(void)
int SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
void UnixSocketKillSocketThread(void)
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
enum RunModes aux_run_mode
void TmModuleDecodeWinDivertRegister(void)
void(* FileContainerRecycle)(FileContainer *ffc)
void PacketPoolInit(void)
void TmThreadKillThreads(void)
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
void AppLayerDecoderEventsFreeEvents(AppLayerDecoderEvents **events)
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
void RegisterENIPTCPParsers(void)
Function to register the ENIP protocol parsers and other functions.
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
void RunModeShutDown(void)
void DetectEngineBumpVersion(void)
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
TmEcode ConfigSetDataDirectory(char *name)
int ListKeywords(const char *keyword_info)
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
const char * ConfigGetLogDirectory()
void TmModuleRespondRejectRegister(void)
int ListAppLayerProtocols()
int FileAppendGAPById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer...
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
#define DEFAULT_CONF_FILE
void TmModuleStatsLoggerRegister(void)
void TmModuleUnixManagerRegister(void)
void RunModeListRunmodes(void)
Lists all registered runmodes.
void TmModuleVerdictNFQRegister(void)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void FileContainerRecycle(FileContainer *ffc)
Recycle a FileContainer.
#define SC_ATOMIC_CAS(name, cmpval, newval)
atomic Compare and Switch
int UtilSignalUnblock(int signum)
int DetectEngineMultiTenantSetup(void)
setup multi-detect / multi-tenancy
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
#define SCLogNotice(...)
Macro used to log NOTICE messages.
TmModule tmm_modules[TMM_SIZE]
#define DEFAULT_MAX_PENDING_PACKETS
void SCProfilingInit(void)
Initialize profiling.
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
enum DetectEngineType type
void(* FileSetTx)(FileContainer *, uint64_t)
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
#define DEFAULT_PACKET_SIZE
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
void EngineModeSetIDS(void)
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
uint32_t default_packet_size
void FlowShutdown(void)
shutdown the flow engine
int DetectPortTestConfVars(void)
void TmModuleReceivePcapRegister(void)
Registration Function for RecievePcap.
void TmModuleRunDeInit(void)
void SCProfilingKeywordsGlobalInit(void)
#define FatalError(x,...)
int RunmodeGetCurrent(void)
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
int main(int argc, char **argv)
void RegisterModbusParsers(void)
Function to register the Modbus protocol parsers and other functions.
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
int FileOpenFileWithId(FileContainer *ffc, const StreamingBufferConfig *sbcfg, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags)
Open a new File.
void(* AppLayerDecoderEventsSetEventRaw)(AppLayerDecoderEvents **, uint8_t)
void PostRunDeinit(const int runmode, struct timeval *start_time)
void Daemonize(void)
Daemonize the process.
void LiveSetOffloadWarn(void)
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
bool IsRunModeSystem(enum RunModes run_mode_to_check)
int UtilSignalBlock(int signum)
void TmModuleDecodePfringRegister(void)
Registration Function for DecodePfring.
int DetectEngineReloadStart(void)
int FileAppendDataById(FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer...
void RegisterDCERPCParsers(void)
void RegisterDNP3Parsers(void)
Register the DNP3 application protocol parser.
void TmModuleFlowRecyclerRegister(void)
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
volatile sig_atomic_t sighup_count
void TmModuleBypassedFlowManagerRegister(void)
void SCProfilingDump(void)
int DecodeEthernet(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len, PacketQueue *pq)
void LiveSetOffloadDisable(void)
void RegisterFlowBypassInfo(void)
void(* DetectEngineStateFree)(DetectEngineState *)
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
Load signatures.
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
void PacketAlertTagInit(void)
int ParseSizeStringU32(const char *size, uint32_t *res)
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
void RegisterDNSUDPParsers(void)
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
char * strict_rule_parsing_string
void SCProfilingSghsGlobalInit(void)
void PreRunPostPrivsDropInit(const int runmode)
int DetectEngineReloadIsStart(void)
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
void SCClassConfDeinit(void)
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
void UnixManagerThreadSpawnNonRunmode(void)
void TmModuleReceiveNFQRegister(void)
void SCReferenceConfDeinit(void)
struct timeval start_time
int LiveGetDeviceNameCount(void)
Get the number of pre registered devices.
void EngineModeSetIPS(void)
SCError(* SCLogMessage)(const SCLogLevel, const char *, const unsigned int, const char *, const SCError, const char *message)
int NetmapRunModeIsIPS(void)
void TmModuleDebugList(void)
void SCProtoNameDeInit()
Function to clears the memory used in storing the protocol names.
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
void TmModuleReceivePfringRegister(void)
Registration Function for RecievePfring.
void DecodeUnregisterCounters(void)
SCError SCLogMessage(const SCLogLevel log_level, const char *file, const unsigned int line, const char *function, const SCError error_code, const char *message)
Adds the global log_format to the outgoing buffer.
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
void IPPairShutdown(void)
shutdown the flow engine
DetectEngineCtx * DetectEngineCtxInit(void)
void FlowInitConfig(char quiet)
initialize the configuration
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
1.8.11 
