suricata
suricata.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 
26 #if HAVE_GETOPT_H
27 #include <getopt.h>
28 #endif
29 
30 #if HAVE_SIGNAL_H
31 #include <signal.h>
32 #endif
33 #ifndef OS_WIN32
34 #ifdef HAVE_SYS_RESOURCE_H
35 // setrlimit
36 #include <sys/resource.h>
37 #endif
38 #endif
39 
40 #if HAVE_LIBSYSTEMD
41 #include <systemd/sd-daemon.h>
42 #endif
43 
44 #include "suricata.h"
45 
46 #include "conf.h"
47 #include "conf-yaml-loader.h"
48 
49 #include "decode.h"
50 #include "defrag.h"
51 #include "flow.h"
52 #include "stream-tcp.h"
53 #include "ippair.h"
54 
55 #include "detect.h"
56 #include "detect-parse.h"
57 #include "detect-engine.h"
58 #include "detect-engine-address.h"
59 #include "detect-engine-alert.h"
60 #include "detect-engine-port.h"
61 #include "detect-engine-tag.h"
62 #include "detect-engine-threshold.h"
63 #include "detect-fast-pattern.h"
64 
65 #include "datasets.h"
66 
67 #include "feature.h"
68 
69 #include "flow-bypass.h"
70 #include "flow-manager.h"
71 #include "flow-timeout.h"
72 #include "flow-worker.h"
73 
74 #include "flow-bit.h"
75 #include "host-bit.h"
76 #include "ippair-bit.h"
77 
78 #include "app-layer.h"
79 #include "app-layer-parser.h"
80 #include "app-layer-htp.h"
81 #include "app-layer-htp-range.h"
82 
83 #include "output.h"
84 #include "output-filestore.h"
85 
86 #include "respond-reject.h"
87 
88 #include "runmode-af-packet.h"
89 #include "runmode-af-xdp.h"
90 #include "runmode-netmap.h"
91 #include "runmode-unittests.h"
92 
93 #include "source-nfq.h"
94 #include "source-nfq-prototypes.h"
95 #include "source-nflog.h"
96 #include "source-ipfw.h"
97 #include "source-pcap.h"
98 #include "source-pcap-file.h"
99 #include "source-pcap-file-helper.h"
100 #include "source-pfring.h"
101 #include "source-erf-file.h"
102 #include "source-erf-dag.h"
103 #include "source-napatech.h"
104 #include "source-af-packet.h"
105 #include "source-af-xdp.h"
106 #include "source-netmap.h"
107 #include "source-dpdk.h"
108 #include "source-windivert.h"
109 #include "source-windivert-prototypes.h"
110 
111 #include "unix-manager.h"
112 
113 #include "util-classification-config.h"
114 #include "util-threshold-config.h"
115 #include "util-reference-config.h"
116 
117 #include "tmqh-packetpool.h"
118 #include "tm-queuehandlers.h"
119 
120 #include "util-byte.h"
121 #include "util-conf.h"
122 #include "util-coredump-config.h"
123 #include "util-cpu.h"
124 #include "util-daemon.h"
125 #include "util-device.h"
126 #include "util-dpdk.h"
127 #include "util-ebpf.h"
128 #include "util-host-os-info.h"
129 #include "util-ioctl.h"
130 #include "util-landlock.h"
131 #include "util-luajit.h"
132 #include "util-macset.h"
133 #include "util-misc.h"
134 #include "util-mpm-hs.h"
135 #include "util-pidfile.h"
136 #include "util-plugin.h"
137 #include "util-privs.h"
138 #include "util-profiling.h"
139 #include "util-proto-name.h"
140 #include "util-running-modes.h"
141 #include "util-signal.h"
142 #include "util-time.h"
143 
144 /*
145  * we put this here, because we only use it here in main.
146  */
147 volatile sig_atomic_t sigint_count = 0;
148 volatile sig_atomic_t sighup_count = 0;
149 volatile sig_atomic_t sigterm_count = 0;
150 volatile sig_atomic_t sigusr2_count = 0;
151 
152 /*
153  * Flag to indicate if the engine is at the initialization
154  * or already processing packets. 3 stages: SURICATA_INIT,
155  * SURICATA_RUNTIME and SURICATA_FINALIZE
156  */
157 SC_ATOMIC_DECLARE(unsigned int, engine_stage);
158 
159 /* Max packets processed simultaniously per thread. */
160 #define DEFAULT_MAX_PENDING_PACKETS 1024
161 
162 /** suricata engine control flags */
163 volatile uint8_t suricata_ctl_flags = 0;
164 
165 /** Run mode selected */
166 int run_mode = RUNMODE_UNKNOWN;
167 
168 /** Engine mode: inline (ENGINE_MODE_IPS) or just
169  * detection mode (ENGINE_MODE_IDS by default) */
170 static enum EngineMode g_engine_mode = ENGINE_MODE_IDS;
171 
172 /** Host mode: set if box is sniffing only
173  * or is a router */
174 uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY;
175 
176 /** Maximum packets to simultaneously process. */
177 intmax_t max_pending_packets;
178 
179 /** global indicating if detection is enabled */
180 int g_detect_disabled = 0;
181 
182 /** set caps or not */
183 int sc_set_caps = FALSE;
184 
185 /** highest mtu of the interfaces we monitor */
186 int g_default_mtu = 0;
187 
188 bool g_system = false;
189 
190 /** disable randomness to get reproducible results accross runs */
191 #ifndef AFLFUZZ_NO_RANDOM
192 int g_disable_randomness = 0;
193 #else
194 int g_disable_randomness = 1;
195 #endif
196 
197 /** determine (without branching) if we include the vlan_ids when hashing or
198  * comparing flows */
199 uint16_t g_vlan_mask = 0xffff;
200 
201 /* flag to disable hashing almost globally, to be similar to disabling nss
202  * support */
203 bool g_disable_hashing = false;
204 
205 /** Suricata instance */
206 SCInstance suricata;
207 
208 int SuriHasSigFile(void)
209 {
210  return (suricata.sig_file != NULL);
211 }
212 
213 int EngineModeIsIPS(void)
214 {
215  return (g_engine_mode == ENGINE_MODE_IPS);
216 }
217 
218 int EngineModeIsIDS(void)
219 {
220  return (g_engine_mode == ENGINE_MODE_IDS);
221 }
222 
223 void EngineModeSetIPS(void)
224 {
225  g_engine_mode = ENGINE_MODE_IPS;
226 }
227 
228 void EngineModeSetIDS(void)
229 {
230  g_engine_mode = ENGINE_MODE_IDS;
231 }
232 
233 #ifdef UNITTESTS
234 int RunmodeIsUnittests(void)
235 {
236  if (run_mode == RUNMODE_UNITTEST)
237  return 1;
238 
239  return 0;
240 }
241 #endif
242 
243 int RunmodeGetCurrent(void)
244 {
245  return run_mode;
246 }
247 
248 /** signal handlers
249  *
250  * WARNING: don't use the SCLog* API in the handlers. The API is complex
251  * with memory allocation possibly happening, calls to syslog, json message
252  * construction, etc.
253  */
254 
255 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
256 static void SignalHandlerSigint(/*@unused@*/ int sig)
257 {
258  sigint_count = 1;
259 }
260 static void SignalHandlerSigterm(/*@unused@*/ int sig)
261 {
262  sigterm_count = 1;
263 }
264 #ifndef OS_WIN32
265 #if HAVE_LIBUNWIND
266 #define UNW_LOCAL_ONLY
267 #include <libunwind.h>
268 static void SignalHandlerUnexpected(int sig_num, siginfo_t *info, void *context)
269 {
270  char msg[SC_LOG_MAX_LOG_MSG_LEN];
271  unw_cursor_t cursor;
272  /* Restore defaults for signals to avoid loops */
273  signal(SIGABRT, SIG_DFL);
274  signal(SIGSEGV, SIG_DFL);
275  int r;
276  if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
277  fprintf(stderr, "unable to obtain stack trace: unw_init_local: %s\n", unw_strerror(r));
278  goto terminate;
279  }
280 
281  char *temp = msg;
282  int cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "stacktrace:sig %d:", sig_num);
283  temp += cw;
284  r = 1;
285  while (r > 0) {
286  if (unw_is_signal_frame(&cursor) == 0) {
287  unw_word_t off;
288  char name[256];
289  if (unw_get_proc_name(&cursor, name, sizeof(name), &off) == UNW_ENOMEM) {
290  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "[unknown]:");
291  } else {
292  cw = snprintf(
293  temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "%s+0x%08" PRIx64, name, off);
294  }
295  temp += cw;
296  }
297 
298  r = unw_step(&cursor);
299  if (r > 0) {
300  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), ";");
301  temp += cw;
302  }
303  }
304  SCLogError(SC_ERR_SIGNAL, "%s", msg);
305 
306 terminate:
307  // Propagate signal to watchers, if any
308  kill(getpid(), sig_num);
309 }
310 #undef UNW_LOCAL_ONLY
311 #endif /* HAVE_LIBUNWIND */
312 #endif /* !OS_WIN32 */
313 #endif
314 
315 #ifndef OS_WIN32
316 /**
317  * SIGUSR2 handler. Just set sigusr2_count. The main loop will act on
318  * it.
319  */
320 static void SignalHandlerSigusr2(int sig)
321 {
322  if (sigusr2_count < 2)
323  sigusr2_count++;
324 }
325 
326 /**
327  * SIGHUP handler. Just set sighup_count. The main loop will act on
328  * it.
329  */
330 static void SignalHandlerSigHup(/*@unused@*/ int sig)
331 {
332  sighup_count = 1;
333 }
334 #endif
335 
336 void GlobalsInitPreConfig(void)
337 {
338  TimeInit();
339  SupportFastPatternForSigMatchTypes();
340  SCThresholdConfGlobalInit();
341  SCProtoNameInit();
342 }
343 
344 static void GlobalsDestroy(SCInstance *suri)
345 {
346  HostShutdown();
347  HTPFreeConfig();
348  HTPAtExitPrintStats();
349 
350  AppLayerHtpPrintStats();
351 
352  /* TODO this can do into it's own func */
353  DetectEngineCtx *de_ctx = DetectEngineGetCurrent();
354  if (de_ctx) {
355  DetectEngineMoveToFreeList(de_ctx);
356  DetectEngineDeReference(&de_ctx);
357  }
358  DetectEnginePruneFreeList();
359 
360  AppLayerDeSetup();
361  DatasetsSave();
362  DatasetsDestroy();
363  HttpRangeContainersDestroy();
364  TagDestroyCtx();
365 
366  LiveDeviceListClean();
367  OutputDeregisterAll();
368  FeatureTrackingRelease();
369  SCProtoNameRelease();
370  TimeDeinit();
371  if (!suri->disabled_detect) {
372  SCReferenceConfDeinit();
373  SCClassConfDeinit();
374  }
375  TmqhCleanup();
376  TmModuleRunDeInit();
377  ParseSizeDeinit();
378 
379 #ifdef HAVE_DPDK
380  DPDKCleanupEAL();
381 #endif
382 
383 #ifdef HAVE_AF_PACKET
384  AFPPeersListClean();
385 #endif
386 
387 #ifdef NFQ
388  NFQContextsClean();
389 #endif
390 
391 #ifdef BUILD_HYPERSCAN
392  MpmHSGlobalCleanup();
393 #endif
394 
395  ConfDeInit();
396 #ifdef HAVE_LUAJIT
397  LuajitFreeStatesPool();
398 #endif
399  SCLogDeInitLogModule();
400  DetectParseFreeRegexes();
401  SCThresholdConfGlobalFree();
402 
403  SCPidfileRemove(suri->pid_filename);
404  SCFree(suri->pid_filename);
405  suri->pid_filename = NULL;
406 }
407 
408 /**
409  * \brief Used to send OS specific notification of running threads
410  *
411  * \retval TmEcode TM_ECODE_OK on success; TM_ECODE_FAILED on failure.
412  */
413 static void OnNotifyRunning(void)
414 {
415 #if HAVE_LIBSYSTEMD
416  if (sd_notify(0, "READY=1") < 0) {
417  SCLogWarning(SC_ERR_SYSCALL, "failed to notify systemd");
418  /* Please refer to:
419  * https://www.freedesktop.org/software/systemd/man/sd_notify.html#Return%20Value
420  * for discussion on why failure should not be considered an error */
421  }
422 #endif
423 }
424 
425 /** \brief make sure threads can stop the engine by calling this
426  * function. Purpose: pcap file mode needs to be able to tell the
427  * engine the file eof is reached. */
428 void EngineStop(void)
429 {
430  suricata_ctl_flags |= SURICATA_STOP;
431 }
432 
433 /**
434  * \brief Used to indicate that the current task is done.
435  *
436  * This is mainly used by pcap-file to tell it has finished
437  * to treat a pcap files when running in unix-socket mode.
438  */
439 void EngineDone(void)
440 {
441  suricata_ctl_flags |= SURICATA_DONE;
442 }
443 
444 static int SetBpfString(int argc, char *argv[])
445 {
446  char *bpf_filter = NULL;
447  uint32_t bpf_len = 0;
448  int tmpindex = 0;
449 
450  /* attempt to parse remaining args as bpf filter */
451  tmpindex = argc;
452  while(argv[tmpindex] != NULL) {
453  bpf_len+=strlen(argv[tmpindex]) + 1;
454  tmpindex++;
455  }
456 
457  if (bpf_len == 0)
458  return TM_ECODE_OK;
459 
460  if (EngineModeIsIPS()) {
461  SCLogError(SC_ERR_NOT_SUPPORTED,
462  "BPF filter not available in IPS mode."
463  " Use firewall filtering if possible.");
464  return TM_ECODE_FAILED;
465  }
466 
467  bpf_filter = SCMalloc(bpf_len);
468  if (unlikely(bpf_filter == NULL))
469  return TM_ECODE_OK;
470  memset(bpf_filter, 0x00, bpf_len);
471 
472  tmpindex = optind;
473  while(argv[tmpindex] != NULL) {
474  strlcat(bpf_filter, argv[tmpindex],bpf_len);
475  if(argv[tmpindex + 1] != NULL) {
476  strlcat(bpf_filter," ", bpf_len);
477  }
478  tmpindex++;
479  }
480 
481  if(strlen(bpf_filter) > 0) {
482  if (ConfSetFinal("bpf-filter", bpf_filter) != 1) {
483  SCLogError(SC_ERR_FATAL, "Failed to set bpf filter.");
484  SCFree(bpf_filter);
485  return TM_ECODE_FAILED;
486  }
487  }
488  SCFree(bpf_filter);
489 
490  return TM_ECODE_OK;
491 }
492 
493 static void SetBpfStringFromFile(char *filename)
494 {
495  char *bpf_filter = NULL;
496  char *bpf_comment_tmp = NULL;
497  char *bpf_comment_start = NULL;
498  uint32_t bpf_len = 0;
499 #ifdef OS_WIN32
500  struct _stat st;
501 #else
502  struct stat st;
503 #endif /* OS_WIN32 */
504  FILE *fp = NULL;
505  size_t nm = 0;
506 
507  if (EngineModeIsIPS()) {
508  FatalError(SC_ERR_FATAL,
509  "BPF filter not available in IPS mode."
510  " Use firewall filtering if possible.");
511  }
512 
513  fp = fopen(filename, "r");
514  if (fp == NULL) {
515  SCLogError(SC_ERR_FOPEN, "Failed to open file %s", filename);
516  exit(EXIT_FAILURE);
517  }
518 
519 #ifdef OS_WIN32
520  if (_fstat(_fileno(fp), &st) != 0) {
521 #else
522  if (fstat(fileno(fp), &st) != 0) {
523 #endif /* OS_WIN32 */
524  SCLogError(SC_ERR_FOPEN, "Failed to stat file %s", filename);
525  exit(EXIT_FAILURE);
526  }
527  bpf_len = st.st_size + 1;
528 
529  bpf_filter = SCMalloc(bpf_len);
530  if (unlikely(bpf_filter == NULL)) {
531  SCLogError(SC_ERR_MEM_ALLOC, "Failed to allocate buffer for bpf filter in file %s", filename);
532  exit(EXIT_FAILURE);
533  }
534  memset(bpf_filter, 0x00, bpf_len);
535 
536  nm = fread(bpf_filter, 1, bpf_len - 1, fp);
537  if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
538  SCLogError(SC_ERR_BPF, "Failed to read complete BPF file %s", filename);
539  SCFree(bpf_filter);
540  fclose(fp);
541  exit(EXIT_FAILURE);
542  }
543  fclose(fp);
544  bpf_filter[nm] = '\0';
545 
546  if(strlen(bpf_filter) > 0) {
547  /*replace comments with space*/
548  bpf_comment_start = bpf_filter;
549  while((bpf_comment_tmp = strchr(bpf_comment_start, '#')) != NULL) {
550  while((*bpf_comment_tmp !='\0') &&
551  (*bpf_comment_tmp != '\r') && (*bpf_comment_tmp != '\n'))
552  {
553  *bpf_comment_tmp++ = ' ';
554  }
555  bpf_comment_start = bpf_comment_tmp;
556  }
557  /*remove remaining '\r' and '\n' */
558  while((bpf_comment_tmp = strchr(bpf_filter, '\r')) != NULL) {
559  *bpf_comment_tmp = ' ';
560  }
561  while((bpf_comment_tmp = strchr(bpf_filter, '\n')) != NULL) {
562  *bpf_comment_tmp = ' ';
563  }
564  /* cut trailing spaces */
565  while (strlen(bpf_filter) > 0 &&
566  bpf_filter[strlen(bpf_filter)-1] == ' ')
567  {
568  bpf_filter[strlen(bpf_filter)-1] = '\0';
569  }
570  if (strlen(bpf_filter) > 0) {
571  if(ConfSetFinal("bpf-filter", bpf_filter) != 1) {
572  SCLogError(SC_ERR_FOPEN, "ERROR: Failed to set bpf filter!");
573  SCFree(bpf_filter);
574  exit(EXIT_FAILURE);
575  }
576  }
577  }
578  SCFree(bpf_filter);
579 }
580 
581 static void PrintUsage(const char *progname)
582 {
583 #ifdef REVISION
584  printf("%s %s (%s)\n", PROG_NAME, PROG_VER, xstr(REVISION));
585 #else
586  printf("%s %s\n", PROG_NAME, PROG_VER);
587 #endif
588  printf("USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
589  printf("\t-c <path> : path to configuration file\n");
590  printf("\t-T : test configuration file (use with -c)\n");
591  printf("\t-i <dev or ip> : run in pcap live mode\n");
592  printf("\t-F <bpf filter file> : bpf filter file\n");
593  printf("\t-r <path> : run in pcap file/offline mode\n");
594 #ifdef NFQ
595  printf("\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
596 #endif /* NFQ */
597 #ifdef IPFW
598  printf("\t-d <divert port> : run in inline ipfw divert mode\n");
599 #endif /* IPFW */
600  printf("\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
601  printf("\t-S <path> : path to signature file loaded exclusively (optional)\n");
602  printf("\t-l <dir> : default log directory\n");
603 #ifndef OS_WIN32
604  printf("\t-D : run as daemon\n");
605 #else
606  printf("\t--service-install : install as service\n");
607  printf("\t--service-remove : remove service\n");
608  printf("\t--service-change-params : change service startup parameters\n");
609 #endif /* OS_WIN32 */
610  printf("\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
611  printf("\t-V : display Suricata version\n");
612  printf("\t-v : be more verbose (use multiple times to increase verbosity)\n");
613 #ifdef UNITTESTS
614  printf("\t-u : run the unittests and exit\n");
615  printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
616  printf("\t--list-unittests : list unit tests\n");
617  printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
618  printf("\t--unittests-coverage : display unittest coverage report\n");
619 #endif /* UNITTESTS */
620  printf("\t--list-app-layer-protos : list supported app layer protocols\n");
621  printf("\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
622  printf("\t--list-runmodes : list supported runmodes\n");
623  printf("\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
624  "\t supplied should be the id for the runmode obtained by running\n"
625  "\t --list-runmodes\n");
626  printf("\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
627  "\t Please have a look at the conf parameter engine-analysis on what reports\n"
628  "\t can be printed\n");
629  printf("\t--pidfile <file> : write pid to this file\n");
630  printf("\t--init-errors-fatal : enable fatal failure on signature init error\n");
631  printf("\t--disable-detection : disable detection engine\n");
632  printf("\t--dump-config : show the running configuration\n");
633  printf("\t--dump-features : display provided features\n");
634  printf("\t--build-info : display build information\n");
635  printf("\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
636  printf("\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
637  printf("\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
638  printf("\t--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)\n");
639 #ifdef HAVE_PCAP_SET_BUFF
640  printf("\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
641 #endif /* HAVE_SET_PCAP_BUFF */
642 #ifdef HAVE_DPDK
643  printf("\t--dpdk : run in dpdk mode, uses interfaces from "
644  "suricata.yaml\n");
645 #endif
646 #ifdef HAVE_AF_PACKET
647  printf("\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
648 #endif
649 #ifdef HAVE_AF_XDP
650  printf("\t--af-xdp[=<dev>] : run in af-xdp mode, no value select "
651  "interfaces from suricata.yaml\n");
652 #endif
653 #ifdef HAVE_NETMAP
654  printf("\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
655 #endif
656 #ifdef HAVE_PFRING
657  printf("\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
658  printf("\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
659  printf("\t--pfring-cluster-id <id> : pfring cluster id \n");
660  printf("\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
661 #endif /* HAVE_PFRING */
662  printf("\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
663 #ifdef HAVE_LIBCAP_NG
664  printf("\t--user <user> : run suricata as this user after init\n");
665  printf("\t--group <group> : run suricata as this group after init\n");
666 #endif /* HAVE_LIBCAP_NG */
667  printf("\t--erf-in <path> : process an ERF file\n");
668 #ifdef HAVE_DAG
669  printf("\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
670 #endif
671 #ifdef HAVE_NAPATECH
672  printf("\t--napatech : run Napatech Streams using the API\n");
673 #endif
674 #ifdef BUILD_UNIX_SOCKET
675  printf("\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
676 #endif
677 #ifdef WINDIVERT
678  printf("\t--windivert <filter> : run in inline WinDivert mode\n");
679  printf("\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
680 #endif
681 #ifdef HAVE_LIBNET11
682  printf("\t--reject-dev <dev> : send reject packets from this interface\n");
683 #endif
684  printf("\t--set name=value : set a configuration value\n");
685  printf("\n");
686  printf("\nTo run the engine with default configuration on "
687  "interface eth0 with signature file \"signatures.rules\", run the "
688  "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
689  progname);
690 }
691 
692 static void PrintBuildInfo(void)
693 {
694  const char *bits = "<unknown>-bits";
695  const char *endian = "<unknown>-endian";
696  char features[2048] = "";
697  const char *tls;
698 
699  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
700 #ifdef DEBUG
701  strlcat(features, "DEBUG ", sizeof(features));
702 #endif
703 #ifdef DEBUG_VALIDATION
704  strlcat(features, "DEBUG_VALIDATION ", sizeof(features));
705 #endif
706 #ifdef UNITTESTS
707  strlcat(features, "UNITTESTS ", sizeof(features));
708 #endif
709 #ifdef NFQ
710  strlcat(features, "NFQ ", sizeof(features));
711 #endif
712 #ifdef IPFW
713  strlcat(features, "IPFW ", sizeof(features));
714 #endif
715 #ifdef HAVE_PCAP_SET_BUFF
716  strlcat(features, "PCAP_SET_BUFF ", sizeof(features));
717 #endif
718 #ifdef HAVE_PFRING
719  strlcat(features, "PF_RING ", sizeof(features));
720 #endif
721 #ifdef HAVE_AF_PACKET
722  strlcat(features, "AF_PACKET ", sizeof(features));
723 #endif
724 #ifdef HAVE_NETMAP
725  strlcat(features, "NETMAP ", sizeof(features));
726 #endif
727 #ifdef HAVE_PACKET_FANOUT
728  strlcat(features, "HAVE_PACKET_FANOUT ", sizeof(features));
729 #endif
730 #ifdef HAVE_DAG
731  strlcat(features, "DAG ", sizeof(features));
732 #endif
733 #ifdef HAVE_LIBCAP_NG
734  strlcat(features, "LIBCAP_NG ", sizeof(features));
735 #endif
736 #ifdef HAVE_LIBNET11
737  strlcat(features, "LIBNET1.1 ", sizeof(features));
738 #endif
739 #ifdef HAVE_HTP_URI_NORMALIZE_HOOK
740  strlcat(features, "HAVE_HTP_URI_NORMALIZE_HOOK ", sizeof(features));
741 #endif
742 #ifdef PCRE2_HAVE_JIT
743  strlcat(features, "PCRE_JIT ", sizeof(features));
744 #endif
745  /* For compatibility, just say we have HAVE_NSS. */
746  strlcat(features, "HAVE_NSS ", sizeof(features));
747  /* HTTP2_DECOMPRESSION is not an optional feature in this major version */
748  strlcat(features, "HTTP2_DECOMPRESSION ", sizeof(features));
749 #ifdef HAVE_LUA
750  strlcat(features, "HAVE_LUA ", sizeof(features));
751 #endif
752 #ifdef HAVE_LUAJIT
753  strlcat(features, "HAVE_LUAJIT ", sizeof(features));
754 #endif
755  strlcat(features, "HAVE_LIBJANSSON ", sizeof(features));
756 #ifdef PROFILING
757  strlcat(features, "PROFILING ", sizeof(features));
758 #endif
759 #ifdef PROFILE_LOCKING
760  strlcat(features, "PROFILE_LOCKING ", sizeof(features));
761 #endif
762 #if defined(TLS_C11) || defined(TLS_GNU)
763  strlcat(features, "TLS ", sizeof(features));
764 #endif
765 #if defined(TLS_C11)
766  strlcat(features, "TLS_C11 ", sizeof(features));
767 #elif defined(TLS_GNU)
768  strlcat(features, "TLS_GNU ", sizeof(features));
769 #endif
770 #ifdef HAVE_MAGIC
771  strlcat(features, "MAGIC ", sizeof(features));
772 #endif
773  strlcat(features, "RUST ", sizeof(features));
774 #if defined(SC_ADDRESS_SANITIZER)
775  strlcat(features, "ASAN ", sizeof(features));
776 #endif
777  if (strlen(features) == 0) {
778  strlcat(features, "none", sizeof(features));
779  }
780 
781  printf("Features: %s\n", features);
782 
783  /* SIMD stuff */
784  memset(features, 0x00, sizeof(features));
785 #if defined(__SSE4_2__)
786  strlcat(features, "SSE_4_2 ", sizeof(features));
787 #endif
788 #if defined(__SSE4_1__)
789  strlcat(features, "SSE_4_1 ", sizeof(features));
790 #endif
791 #if defined(__SSE3__)
792  strlcat(features, "SSE_3 ", sizeof(features));
793 #endif
794  if (strlen(features) == 0) {
795  strlcat(features, "none", sizeof(features));
796  }
797  printf("SIMD support: %s\n", features);
798 
799  /* atomics stuff */
800  memset(features, 0x00, sizeof(features));
801 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
802  strlcat(features, "1 ", sizeof(features));
803 #endif
804 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
805  strlcat(features, "2 ", sizeof(features));
806 #endif
807 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
808  strlcat(features, "4 ", sizeof(features));
809 #endif
810 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
811  strlcat(features, "8 ", sizeof(features));
812 #endif
813 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
814  strlcat(features, "16 ", sizeof(features));
815 #endif
816  if (strlen(features) == 0) {
817  strlcat(features, "none", sizeof(features));
818  } else {
819  strlcat(features, "byte(s)", sizeof(features));
820  }
821  printf("Atomic intrinsics: %s\n", features);
822 
823 #if __WORDSIZE == 64
824  bits = "64-bits";
825 #elif __WORDSIZE == 32
826  bits = "32-bits";
827 #endif
828 
829 #if __BYTE_ORDER == __BIG_ENDIAN
830  endian = "Big-endian";
831 #elif __BYTE_ORDER == __LITTLE_ENDIAN
832  endian = "Little-endian";
833 #endif
834 
835  printf("%s, %s architecture\n", bits, endian);
836 #ifdef __GNUC__
837  printf("GCC version %s, C version %"PRIiMAX"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
838 #else
839  printf("C version %"PRIiMAX"\n", (intmax_t)__STDC_VERSION__);
840 #endif
841 
842 #if __SSP__ == 1
843  printf("compiled with -fstack-protector\n");
844 #endif
845 #if __SSP_ALL__ == 2
846  printf("compiled with -fstack-protector-all\n");
847 #endif
848 /*
849  * Workaround for special defines of _FORTIFY_SOURCE like
850  * FORTIFY_SOURCE=((defined __OPTIMIZE && OPTIMIZE > 0) ? 2 : 0)
851  * which is used by Gentoo for example and would result in the error
852  * 'defined' undeclared when _FORTIFY_SOURCE used via %d in printf func
853  *
854  */
855 #if _FORTIFY_SOURCE == 2
856  printf("compiled with _FORTIFY_SOURCE=2\n");
857 #elif _FORTIFY_SOURCE == 1
858  printf("compiled with _FORTIFY_SOURCE=1\n");
859 #elif _FORTIFY_SOURCE == 0
860  printf("compiled with _FORTIFY_SOURCE=0\n");
861 #endif
862 #ifdef CLS
863  printf("L1 cache line size (CLS)=%d\n", CLS);
864 #endif
865 #if defined(TLS_C11)
866  tls = "_Thread_local";
867 #elif defined(TLS_GNU)
868  tls = "__thread";
869 #else
870 #error "Unsupported thread local"
871 #endif
872  printf("thread local storage method: %s\n", tls);
873 
874  printf("compiled with %s, linked against %s\n",
875  HTP_VERSION_STRING_FULL, htp_get_version());
876  printf("\n");
877 #include "build-info.h"
878 }
879 
880 int coverage_unittests;
881 int g_ut_modules;
882 int g_ut_covered;
883 
884 void RegisterAllModules(void)
885 {
886  // zero all module storage
887  memset(tmm_modules, 0, TMM_SIZE * sizeof(TmModule));
888 
889  /* commanders */
890  TmModuleUnixManagerRegister();
891  /* managers */
892  TmModuleFlowManagerRegister();
893  TmModuleFlowRecyclerRegister();
894  TmModuleBypassedFlowManagerRegister();
895  /* nfq */
896  TmModuleReceiveNFQRegister();
897  TmModuleVerdictNFQRegister();
898  TmModuleDecodeNFQRegister();
899  /* ipfw */
900  TmModuleReceiveIPFWRegister();
901  TmModuleVerdictIPFWRegister();
902  TmModuleDecodeIPFWRegister();
903  /* pcap live */
904  TmModuleReceivePcapRegister();
905  TmModuleDecodePcapRegister();
906  /* pcap file */
907  TmModuleReceivePcapFileRegister();
908  TmModuleDecodePcapFileRegister();
909  /* af-packet */
910  TmModuleReceiveAFPRegister();
911  TmModuleDecodeAFPRegister();
912  /* af-xdp */
913  TmModuleReceiveAFXDPRegister();
914  TmModuleDecodeAFXDPRegister();
915  /* netmap */
916  TmModuleReceiveNetmapRegister();
917  TmModuleDecodeNetmapRegister();
918  /* pfring */
919  TmModuleReceivePfringRegister();
920  TmModuleDecodePfringRegister();
921  /* dag file */
922  TmModuleReceiveErfFileRegister();
923  TmModuleDecodeErfFileRegister();
924  /* dag live */
925  TmModuleReceiveErfDagRegister();
926  TmModuleDecodeErfDagRegister();
927  /* napatech */
928  TmModuleNapatechStreamRegister();
929  TmModuleNapatechDecodeRegister();
930 
931  /* flow worker */
932  TmModuleFlowWorkerRegister();
933  /* respond-reject */
934  TmModuleRespondRejectRegister();
935 
936  /* log api */
937  TmModuleLoggerRegister();
938  TmModuleStatsLoggerRegister();
939 
940  TmModuleDebugList();
941  /* nflog */
942  TmModuleReceiveNFLOGRegister();
943  TmModuleDecodeNFLOGRegister();
944 
945  /* windivert */
946  TmModuleReceiveWinDivertRegister();
947  TmModuleVerdictWinDivertRegister();
948  TmModuleDecodeWinDivertRegister();
949 
950  /* Dpdk */
951  TmModuleReceiveDPDKRegister();
952  TmModuleDecodeDPDKRegister();
953 }
954 
955 static TmEcode LoadYamlConfig(SCInstance *suri)
956 {
957  SCEnter();
958 
959  if (suri->conf_filename == NULL)
960  suri->conf_filename = DEFAULT_CONF_FILE;
961 
962  if (ConfYamlLoadFile(suri->conf_filename) != 0) {
963  /* Error already displayed. */
964  SCReturnInt(TM_ECODE_FAILED);
965  }
966 
967  SCReturnInt(TM_ECODE_OK);
968 }
969 
970 static TmEcode ParseInterfacesList(const int runmode, char *pcap_dev)
971 {
972  SCEnter();
973 
974  /* run the selected runmode */
975  if (runmode == RUNMODE_PCAP_DEV) {
976  if (strlen(pcap_dev) == 0) {
977  int ret = LiveBuildDeviceList("pcap");
978  if (ret == 0) {
979  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for pcap");
980  SCReturnInt(TM_ECODE_FAILED);
981  }
982  }
983  } else if (runmode == RUNMODE_PFRING) {
984  /* FIXME add backward compat support */
985  /* iface has been set on command line */
986  if (strlen(pcap_dev)) {
987  if (ConfSetFinal("pfring.live-interface", pcap_dev) != 1) {
988  SCLogError(SC_ERR_INITIALIZATION, "Failed to set pfring.live-interface");
989  SCReturnInt(TM_ECODE_FAILED);
990  }
991  } else {
992  /* not an error condition if we have a 1.0 config */
993  LiveBuildDeviceList("pfring");
994  }
995 #ifdef HAVE_DPDK
996  } else if (runmode == RUNMODE_DPDK) {
997  char iface_selector[] = "dpdk.interfaces";
998  int ret = LiveBuildDeviceList(iface_selector);
999  if (ret == 0) {
1000  SCLogError(
1001  SC_ERR_INITIALIZATION, "No interface found in config for %s", iface_selector);
1002  SCReturnInt(TM_ECODE_FAILED);
1003  }
1004 #endif
1005 #ifdef HAVE_AF_PACKET
1006  } else if (runmode == RUNMODE_AFP_DEV) {
1007  /* iface has been set on command line */
1008  if (strlen(pcap_dev)) {
1009  if (ConfSetFinal("af-packet.live-interface", pcap_dev) != 1) {
1010  SCLogError(SC_ERR_INITIALIZATION, "Failed to set af-packet.live-interface");
1011  SCReturnInt(TM_ECODE_FAILED);
1012  }
1013  } else {
1014  int ret = LiveBuildDeviceList("af-packet");
1015  if (ret == 0) {
1016  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for af-packet");
1017  SCReturnInt(TM_ECODE_FAILED);
1018  }
1019  }
1020 #endif
1021 #ifdef HAVE_AF_XDP
1022  } else if (runmode == RUNMODE_AFXDP_DEV) {
1023  /* iface has been set on command line */
1024  if (strlen(pcap_dev)) {
1025  if (ConfSetFinal("af-xdp.live-interface", pcap_dev) != 1) {
1026  SCLogError(SC_ERR_INITIALIZATION, "Failed to set af-xdp.live-interface");
1027  SCReturnInt(TM_ECODE_FAILED);
1028  }
1029  } else {
1030  int ret = LiveBuildDeviceList("af-xdp");
1031  if (ret == 0) {
1032  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for af-xdp");
1033  SCReturnInt(TM_ECODE_FAILED);
1034  }
1035  }
1036 #endif
1037 #ifdef HAVE_NETMAP
1038  } else if (runmode == RUNMODE_NETMAP) {
1039  /* iface has been set on command line */
1040  if (strlen(pcap_dev)) {
1041  if (ConfSetFinal("netmap.live-interface", pcap_dev) != 1) {
1042  SCLogError(SC_ERR_INITIALIZATION, "Failed to set netmap.live-interface");
1043  SCReturnInt(TM_ECODE_FAILED);
1044  }
1045  } else {
1046  int ret = LiveBuildDeviceList("netmap");
1047  if (ret == 0) {
1048  SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for netmap");
1049  SCReturnInt(TM_ECODE_FAILED);
1050  }
1051  }
1052 #endif
1053 #ifdef HAVE_NFLOG
1054  } else if (runmode == RUNMODE_NFLOG) {
1055  int ret = LiveBuildDeviceListCustom("nflog", "group");
1056  if (ret == 0) {
1057  SCLogError(SC_ERR_INITIALIZATION, "No group found in config for nflog");
1058  SCReturnInt(TM_ECODE_FAILED);
1059  }
1060 #endif
1061  }
1062 
1063  SCReturnInt(TM_ECODE_OK);
1064 }
1065 
1066 static void SCInstanceInit(SCInstance *suri, const char *progname)
1067 {
1068  memset(suri, 0x00, sizeof(*suri));
1069 
1070  suri->progname = progname;
1071  suri->run_mode = RUNMODE_UNKNOWN;
1072 
1073  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1074  suri->sig_file = NULL;
1075  suri->sig_file_exclusive = FALSE;
1076  suri->pid_filename = NULL;
1077  suri->regex_arg = NULL;
1078 
1079  suri->keyword_info = NULL;
1080  suri->runmode_custom_mode = NULL;
1081 #ifndef OS_WIN32
1082  suri->user_name = NULL;
1083  suri->group_name = NULL;
1084  suri->do_setuid = FALSE;
1085  suri->do_setgid = FALSE;
1086 #endif /* OS_WIN32 */
1087  suri->userid = 0;
1088  suri->groupid = 0;
1089  suri->delayed_detect = 0;
1090  suri->daemon = 0;
1091  suri->offline = 0;
1092  suri->verbose = 0;
1093  /* use -1 as unknown */
1094  suri->checksum_validation = -1;
1095 #if HAVE_DETECT_DISABLED==1
1096  g_detect_disabled = suri->disabled_detect = 1;
1097 #else
1098  g_detect_disabled = suri->disabled_detect = 0;
1099 #endif
1100 }
1101 
1102 const char *GetDocURL(void)
1103 {
1104  const char *prog_ver = GetProgramVersion();
1105  if (strstr(prog_ver, "RELEASE") != NULL) {
1106  return DOC_URL "suricata-" PROG_VER;
1107  }
1108  return DOC_URL "latest";
1109 }
1110 
1111 /** \brief get string with program version
1112  *
1113  * Get the program version as passed to us from AC_INIT
1114  *
1115  * Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed
1116  * to us.
1117  *
1118  * Possible outputs:
1119  * release: '5.0.1 RELEASE'
1120  * dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)'
1121  * dev w/o rev: '5.0.1-dev'
1122  */
1123 const char *GetProgramVersion(void)
1124 {
1125  if (strstr(PROG_VER, "-dev") == NULL) {
1126  return PROG_VER " RELEASE";
1127  } else {
1128 #ifdef REVISION
1129  return PROG_VER " (" xstr(REVISION) ")";
1130 #else
1131  return PROG_VER;
1132 #endif
1133  }
1134 }
1135 
1136 static TmEcode PrintVersion(void)
1137 {
1138  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
1139  return TM_ECODE_OK;
1140 }
1141 
1142 static TmEcode LogVersion(SCInstance *suri)
1143 {
1144  const char *mode = suri->system ? "SYSTEM" : "USER";
1145  SCLogNotice("This is %s version %s running in %s mode",
1146  PROG_NAME, GetProgramVersion(), mode);
1147  return TM_ECODE_OK;
1148 }
1149 
1150 static void SCSetStartTime(SCInstance *suri)
1151 {
1152  memset(&suri->start_time, 0, sizeof(suri->start_time));
1153  gettimeofday(&suri->start_time, NULL);
1154 }
1155 
1156 static void SCPrintElapsedTime(struct timeval *start_time)
1157 {
1158  if (start_time == NULL)
1159  return;
1160  struct timeval end_time;
1161  memset(&end_time, 0, sizeof(end_time));
1162  gettimeofday(&end_time, NULL);
1163  uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1164  (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1165  SCLogInfo("time elapsed %.3fs", (float)milliseconds/(float)1000);
1166 }
1167 
1168 static int ParseCommandLineAfpacket(SCInstance *suri, const char *in_arg)
1169 {
1170 #ifdef HAVE_AF_PACKET
1171  if (suri->run_mode == RUNMODE_UNKNOWN) {
1172  suri->run_mode = RUNMODE_AFP_DEV;
1173  if (in_arg) {
1174  LiveRegisterDeviceName(in_arg);
1175  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1176  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1177  }
1178  } else if (suri->run_mode == RUNMODE_AFP_DEV) {
1179  if (in_arg) {
1180  LiveRegisterDeviceName(in_arg);
1181  } else {
1182  SCLogInfo("Multiple af-packet option without interface on each is useless");
1183  }
1184  } else {
1185  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1186  "has been specified");
1187  PrintUsage(suri->progname);
1188  return TM_ECODE_FAILED;
1189  }
1190  return TM_ECODE_OK;
1191 #else
1192  SCLogError(SC_ERR_NO_AF_PACKET,"AF_PACKET not enabled. On Linux "
1193  "host, make sure to pass --enable-af-packet to "
1194  "configure when building.");
1195  return TM_ECODE_FAILED;
1196 #endif
1197 }
1198 
1199 static int ParseCommandLineAfxdp(SCInstance *suri, const char *in_arg)
1200 {
1201 #ifdef HAVE_AF_XDP
1202  if (suri->run_mode == RUNMODE_UNKNOWN) {
1203  suri->run_mode = RUNMODE_AFXDP_DEV;
1204  if (in_arg) {
1205  LiveRegisterDeviceName(in_arg);
1206  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1207  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1208  }
1209  } else if (suri->run_mode == RUNMODE_AFXDP_DEV) {
1210  if (in_arg) {
1211  LiveRegisterDeviceName(in_arg);
1212  } else {
1213  SCLogInfo("Multiple af-xdp options without interface on each is useless");
1214  }
1215  } else {
1216  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1217  "has been specified");
1218  PrintUsage(suri->progname);
1219  return TM_ECODE_FAILED;
1220  }
1221  return TM_ECODE_OK;
1222 #else
1223  SCLogError(SC_ERR_NO_AF_XDP, "AF_XDP not enabled. On Linux "
1224  "host, make sure correct libraries are installed,"
1225  " see documentation for information.");
1226  return TM_ECODE_FAILED;
1227 #endif
1228 }
1229 
1230 static int ParseCommandLineDpdk(SCInstance *suri, const char *in_arg)
1231 {
1232 #ifdef HAVE_DPDK
1233  if (suri->run_mode == RUNMODE_UNKNOWN) {
1234  suri->run_mode = RUNMODE_DPDK;
1235  } else if (suri->run_mode == RUNMODE_DPDK) {
1236  SCLogInfo("Multiple dpdk options have no effect on Suricata");
1237  } else {
1238  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1239  "has been specified");
1240  PrintUsage(suri->progname);
1241  return TM_ECODE_FAILED;
1242  }
1243  return TM_ECODE_OK;
1244 #else
1245  SCLogError(SC_ERR_NO_DPDK, "DPDK not enabled. On Linux "
1246  "host, make sure to pass --enable-dpdk to "
1247  "configure when building.");
1248  return TM_ECODE_FAILED;
1249 #endif
1250 }
1251 
1252 static int ParseCommandLinePcapLive(SCInstance *suri, const char *in_arg)
1253 {
1254 #if defined(OS_WIN32) && !defined(HAVE_LIBWPCAP)
1255  /* If running on Windows without Npcap, bail early as live capture is not supported. */
1256  FatalError(SC_ERR_FATAL,
1257  "Live capture not available. To support live capture compile against Npcap.");
1258 #endif
1259  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1260 
1261  if (in_arg != NULL) {
1262  /* some windows shells require escaping of the \ in \Device. Otherwise
1263  * the backslashes are stripped. We put them back here. */
1264  if (strlen(in_arg) > 9 && strncmp(in_arg, "DeviceNPF", 9) == 0) {
1265  snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", in_arg+9);
1266  } else {
1267  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1268  PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev));
1269  }
1270 
1271  if (strcmp(suri->pcap_dev, in_arg) != 0) {
1272  SCLogInfo("translated %s to pcap device %s", in_arg, suri->pcap_dev);
1273  } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) {
1274  SCLogError(SC_ERR_PCAP_TRANSLATE, "failed to find a pcap device for IP %s", in_arg);
1275  return TM_ECODE_FAILED;
1276  }
1277  }
1278 
1279  if (suri->run_mode == RUNMODE_UNKNOWN) {
1280  suri->run_mode = RUNMODE_PCAP_DEV;
1281  if (in_arg) {
1282  LiveRegisterDeviceName(suri->pcap_dev);
1283  }
1284  } else if (suri->run_mode == RUNMODE_PCAP_DEV) {
1285  LiveRegisterDeviceName(suri->pcap_dev);
1286  } else {
1287  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1288  "has been specified");
1289  PrintUsage(suri->progname);
1290  return TM_ECODE_FAILED;
1291  }
1292  return TM_ECODE_OK;
1293 }
1294 
1295 /**
1296  * Helper function to check if log directory is writable
1297  */
1298 static bool IsLogDirectoryWritable(const char* str)
1299 {
1300  if (access(str, W_OK) == 0)
1301  return true;
1302  return false;
1303 }
1304 
1305 static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
1306 {
1307  int opt;
1308 
1309  int dump_config = 0;
1310  int dump_features = 0;
1311  int list_app_layer_protocols = 0;
1312  int list_unittests = 0;
1313  int list_runmodes = 0;
1314  int list_keywords = 0;
1315  int build_info = 0;
1316  int conf_test = 0;
1317  int engine_analysis = 0;
1318  int ret = TM_ECODE_OK;
1319 
1320 #ifdef UNITTESTS
1321  coverage_unittests = 0;
1322  g_ut_modules = 0;
1323  g_ut_covered = 0;
1324 #endif
1325 
1326  // clang-format off
1327  struct option long_opts[] = {
1328  {"dump-config", 0, &dump_config, 1},
1329  {"dump-features", 0, &dump_features, 1},
1330  {"pfring", optional_argument, 0, 0},
1331  {"pfring-int", required_argument, 0, 0},
1332  {"pfring-cluster-id", required_argument, 0, 0},
1333  {"pfring-cluster-type", required_argument, 0, 0},
1334 #ifdef HAVE_DPDK
1335  {"dpdk", 0, 0, 0},
1336 #endif
1337  {"af-packet", optional_argument, 0, 0},
1338  {"af-xdp", optional_argument, 0, 0},
1339  {"netmap", optional_argument, 0, 0},
1340  {"pcap", optional_argument, 0, 0},
1341  {"pcap-file-continuous", 0, 0, 0},
1342  {"pcap-file-delete", 0, 0, 0},
1343  {"pcap-file-recursive", 0, 0, 0},
1344  {"simulate-ips", 0, 0 , 0},
1345  {"no-random", 0, &g_disable_randomness, 1},
1346  {"strict-rule-keywords", optional_argument, 0, 0},
1347 
1348  {"capture-plugin", required_argument, 0, 0},
1349  {"capture-plugin-args", required_argument, 0, 0},
1350 
1351 #ifdef BUILD_UNIX_SOCKET
1352  {"unix-socket", optional_argument, 0, 0},
1353 #endif
1354  {"pcap-buffer-size", required_argument, 0, 0},
1355  {"unittest-filter", required_argument, 0, 'U'},
1356  {"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1357  {"list-unittests", 0, &list_unittests, 1},
1358  {"list-runmodes", 0, &list_runmodes, 1},
1359  {"list-keywords", optional_argument, &list_keywords, 1},
1360  {"runmode", required_argument, NULL, 0},
1361  {"engine-analysis", 0, &engine_analysis, 1},
1362 #ifdef OS_WIN32
1363  {"service-install", 0, 0, 0},
1364  {"service-remove", 0, 0, 0},
1365  {"service-change-params", 0, 0, 0},
1366 #endif /* OS_WIN32 */
1367  {"pidfile", required_argument, 0, 0},
1368  {"init-errors-fatal", 0, 0, 0},
1369  {"disable-detection", 0, 0, 0},
1370  {"disable-hashing", 0, 0, 0},
1371  {"fatal-unittests", 0, 0, 0},
1372  {"unittests-coverage", 0, &coverage_unittests, 1},
1373  {"user", required_argument, 0, 0},
1374  {"group", required_argument, 0, 0},
1375  {"erf-in", required_argument, 0, 0},
1376  {"dag", required_argument, 0, 0},
1377  {"napatech", 0, 0, 0},
1378  {"build-info", 0, &build_info, 1},
1379  {"data-dir", required_argument, 0, 0},
1380 #ifdef WINDIVERT
1381  {"windivert", required_argument, 0, 0},
1382  {"windivert-forward", required_argument, 0, 0},
1383 #endif
1384 #ifdef HAVE_LIBNET11
1385  {"reject-dev", required_argument, 0, 0},
1386 #endif
1387  {"set", required_argument, 0, 0},
1388 #ifdef HAVE_NFLOG
1389  {"nflog", optional_argument, 0, 0},
1390 #endif
1391  {"simulate-packet-flow-memcap", required_argument, 0, 0},
1392  {"simulate-applayer-error-at-offset-ts", required_argument, 0, 0},
1393  {"simulate-applayer-error-at-offset-tc", required_argument, 0, 0},
1394  {"simulate-packet-loss", required_argument, 0, 0},
1395  {"simulate-packet-tcp-reassembly-memcap", required_argument, 0, 0},
1396  {"simulate-packet-tcp-ssn-memcap", required_argument, 0, 0},
1397  {"simulate-packet-defrag-memcap", required_argument, 0, 0},
1398  {"simulate-alert-queue-realloc-failure", 0, 0, 0},
1399 
1400  {NULL, 0, NULL, 0}
1401  };
1402  // clang-format on
1403 
1404  /* getopt_long stores the option index here. */
1405  int option_index = 0;
1406 
1407  char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1408 
1409  while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1410  switch (opt) {
1411  case 0:
1412  if (strcmp((long_opts[option_index]).name , "pfring") == 0 ||
1413  strcmp((long_opts[option_index]).name , "pfring-int") == 0) {
1414 #ifdef HAVE_PFRING
1415  suri->run_mode = RUNMODE_PFRING;
1416  if (optarg != NULL) {
1417  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1418  strlcpy(suri->pcap_dev, optarg,
1419  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1420  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1421  LiveRegisterDeviceName(optarg);
1422  }
1423 #else
1424  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1425  "to pass --enable-pfring to configure when building.");
1426  return TM_ECODE_FAILED;
1427 #endif /* HAVE_PFRING */
1428  }
1429  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-id") == 0){
1430 #ifdef HAVE_PFRING
1431  if (ConfSetFinal("pfring.cluster-id", optarg) != 1) {
1432  fprintf(stderr, "ERROR: Failed to set pfring.cluster-id.\n");
1433  return TM_ECODE_FAILED;
1434  }
1435 #else
1436  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1437  "to pass --enable-pfring to configure when building.");
1438  return TM_ECODE_FAILED;
1439 #endif /* HAVE_PFRING */
1440  }
1441  else if(strcmp((long_opts[option_index]).name , "pfring-cluster-type") == 0){
1442 #ifdef HAVE_PFRING
1443  if (ConfSetFinal("pfring.cluster-type", optarg) != 1) {
1444  fprintf(stderr, "ERROR: Failed to set pfring.cluster-type.\n");
1445  return TM_ECODE_FAILED;
1446  }
1447 #else
1448  SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
1449  "to pass --enable-pfring to configure when building.");
1450  return TM_ECODE_FAILED;
1451 #endif /* HAVE_PFRING */
1452  }
1453  else if (strcmp((long_opts[option_index]).name , "capture-plugin") == 0){
1454  suri->run_mode = RUNMODE_PLUGIN;
1455  suri->capture_plugin_name = optarg;
1456  }
1457  else if (strcmp((long_opts[option_index]).name , "capture-plugin-args") == 0){
1458  suri->capture_plugin_args = optarg;
1459  } else if (strcmp((long_opts[option_index]).name, "dpdk") == 0) {
1460  if (ParseCommandLineDpdk(suri, optarg) != TM_ECODE_OK) {
1461  return TM_ECODE_FAILED;
1462  }
1463  } else if (strcmp((long_opts[option_index]).name, "af-packet") == 0) {
1464  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1465  return TM_ECODE_FAILED;
1466  }
1467  } else if (strcmp((long_opts[option_index]).name, "af-xdp") == 0) {
1468  if (ParseCommandLineAfxdp(suri, optarg) != TM_ECODE_OK) {
1469  return TM_ECODE_FAILED;
1470  }
1471  } else if (strcmp((long_opts[option_index]).name, "netmap") == 0) {
1472 #ifdef HAVE_NETMAP
1473  if (suri->run_mode == RUNMODE_UNKNOWN) {
1474  suri->run_mode = RUNMODE_NETMAP;
1475  if (optarg) {
1476  LiveRegisterDeviceName(optarg);
1477  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1478  strlcpy(suri->pcap_dev, optarg,
1479  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1480  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1481  }
1482  } else if (suri->run_mode == RUNMODE_NETMAP) {
1483  if (optarg) {
1484  LiveRegisterDeviceName(optarg);
1485  } else {
1486  SCLogInfo("Multiple netmap option without interface on each is useless");
1487  break;
1488  }
1489  } else {
1490  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1491  "has been specified");
1492  PrintUsage(argv[0]);
1493  return TM_ECODE_FAILED;
1494  }
1495 #else
1496  SCLogError(SC_ERR_NO_NETMAP, "NETMAP not enabled.");
1497  return TM_ECODE_FAILED;
1498 #endif
1499  } else if (strcmp((long_opts[option_index]).name, "nflog") == 0) {
1500 #ifdef HAVE_NFLOG
1501  if (suri->run_mode == RUNMODE_UNKNOWN) {
1502  suri->run_mode = RUNMODE_NFLOG;
1503  LiveBuildDeviceListCustom("nflog", "group");
1504  }
1505 #else
1506  SCLogError(SC_ERR_NFLOG_NOSUPPORT, "NFLOG not enabled.");
1507  return TM_ECODE_FAILED;
1508 #endif /* HAVE_NFLOG */
1509  } else if (strcmp((long_opts[option_index]).name, "pcap") == 0) {
1510  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1511  return TM_ECODE_FAILED;
1512  }
1513  } else if (strcmp((long_opts[option_index]).name, "simulate-ips") == 0) {
1514  SCLogInfo("Setting IPS mode");
1515  EngineModeSetIPS();
1516  } else if (strcmp((long_opts[option_index]).name, "init-errors-fatal") == 0) {
1517  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1518  fprintf(stderr, "ERROR: Failed to set engine init-failure-fatal.\n");
1519  return TM_ECODE_FAILED;
1520  }
1521 #ifdef BUILD_UNIX_SOCKET
1522  } else if (strcmp((long_opts[option_index]).name , "unix-socket") == 0) {
1523  if (suri->run_mode == RUNMODE_UNKNOWN) {
1524  suri->run_mode = RUNMODE_UNIX_SOCKET;
1525  if (optarg) {
1526  if (ConfSetFinal("unix-command.filename", optarg) != 1) {
1527  fprintf(stderr, "ERROR: Failed to set unix-command.filename.\n");
1528  return TM_ECODE_FAILED;
1529  }
1530 
1531  }
1532  } else {
1533  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1534  "has been specified");
1535  PrintUsage(argv[0]);
1536  return TM_ECODE_FAILED;
1537  }
1538 #endif
1539  }
1540  else if(strcmp((long_opts[option_index]).name, "list-app-layer-protocols") == 0) {
1541  /* listing all supported app layer protocols */
1542  }
1543  else if(strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
1544 #ifdef UNITTESTS
1545  suri->run_mode = RUNMODE_LIST_UNITTEST;
1546 #else
1547  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1548  return TM_ECODE_FAILED;
1549 #endif /* UNITTESTS */
1550  } else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
1551  suri->run_mode = RUNMODE_LIST_RUNMODES;
1552  return TM_ECODE_OK;
1553  } else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
1554  if (optarg) {
1555  if (strcmp("short",optarg)) {
1556  suri->keyword_info = optarg;
1557  }
1558  }
1559  } else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
1560  suri->runmode_custom_mode = optarg;
1561  } else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
1562  // do nothing for now
1563  }
1564 #ifdef OS_WIN32
1565  else if(strcmp((long_opts[option_index]).name, "service-install") == 0) {
1566  suri->run_mode = RUNMODE_INSTALL_SERVICE;
1567  return TM_ECODE_OK;
1568  }
1569  else if(strcmp((long_opts[option_index]).name, "service-remove") == 0) {
1570  suri->run_mode = RUNMODE_REMOVE_SERVICE;
1571  return TM_ECODE_OK;
1572  }
1573  else if(strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
1574  suri->run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1575  return TM_ECODE_OK;
1576  }
1577 #endif /* OS_WIN32 */
1578  else if(strcmp((long_opts[option_index]).name, "pidfile") == 0) {
1579  suri->pid_filename = SCStrdup(optarg);
1580  if (suri->pid_filename == NULL) {
1581  SCLogError(SC_ERR_MEM_ALLOC, "strdup failed: %s",
1582  strerror(errno));
1583  return TM_ECODE_FAILED;
1584  }
1585  }
1586  else if(strcmp((long_opts[option_index]).name, "disable-detection") == 0) {
1587  g_detect_disabled = suri->disabled_detect = 1;
1588  } else if (strcmp((long_opts[option_index]).name, "disable-hashing") == 0) {
1589  g_disable_hashing = true;
1590  } else if (strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
1591 #ifdef UNITTESTS
1592  unittests_fatal = 1;
1593 #else
1594  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1595  return TM_ECODE_FAILED;
1596 #endif /* UNITTESTS */
1597  } else if (strcmp((long_opts[option_index]).name, "user") == 0) {
1598 #ifndef HAVE_LIBCAP_NG
1599  SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
1600  " drop privileges, but it was not compiled into Suricata.");
1601  return TM_ECODE_FAILED;
1602 #else
1603  suri->user_name = optarg;
1604  suri->do_setuid = TRUE;
1605 #endif /* HAVE_LIBCAP_NG */
1606  } else if (strcmp((long_opts[option_index]).name, "group") == 0) {
1607 #ifndef HAVE_LIBCAP_NG
1608  SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
1609  " drop privileges, but it was not compiled into Suricata.");
1610  return TM_ECODE_FAILED;
1611 #else
1612  suri->group_name = optarg;
1613  suri->do_setgid = TRUE;
1614 #endif /* HAVE_LIBCAP_NG */
1615  } else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) {
1616  suri->run_mode = RUNMODE_ERF_FILE;
1617  if (ConfSetFinal("erf-file.file", optarg) != 1) {
1618  fprintf(stderr, "ERROR: Failed to set erf-file.file\n");
1619  return TM_ECODE_FAILED;
1620  }
1621  } else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
1622 #ifdef HAVE_DAG
1623  if (suri->run_mode == RUNMODE_UNKNOWN) {
1624  suri->run_mode = RUNMODE_DAG;
1625  }
1626  else if (suri->run_mode != RUNMODE_DAG) {
1627  SCLogError(SC_ERR_MULTIPLE_RUN_MODE,
1628  "more than one run mode has been specified");
1629  PrintUsage(argv[0]);
1630  return TM_ECODE_FAILED;
1631  }
1632  LiveRegisterDeviceName(optarg);
1633 #else
1634  SCLogError(SC_ERR_DAG_REQUIRED, "libdag and a DAG card are required"
1635  " to receive packets using --dag.");
1636  return TM_ECODE_FAILED;
1637 #endif /* HAVE_DAG */
1638  } else if (strcmp((long_opts[option_index]).name, "napatech") == 0) {
1639 #ifdef HAVE_NAPATECH
1640  suri->run_mode = RUNMODE_NAPATECH;
1641 #else
1642  SCLogError(SC_ERR_NAPATECH_REQUIRED, "libntapi and a Napatech adapter are required"
1643  " to capture packets using --napatech.");
1644  return TM_ECODE_FAILED;
1645 #endif /* HAVE_NAPATECH */
1646  } else if (strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
1647 #ifdef HAVE_PCAP_SET_BUFF
1648  if (ConfSetFinal("pcap.buffer-size", optarg) != 1) {
1649  fprintf(stderr, "ERROR: Failed to set pcap-buffer-size.\n");
1650  return TM_ECODE_FAILED;
1651  }
1652 #else
1653  SCLogError(SC_ERR_NO_PCAP_SET_BUFFER_SIZE, "The version of libpcap you have"
1654  " doesn't support setting buffer size.");
1655 #endif /* HAVE_PCAP_SET_BUFF */
1656  } else if (strcmp((long_opts[option_index]).name, "build-info") == 0) {
1657  suri->run_mode = RUNMODE_PRINT_BUILDINFO;
1658  return TM_ECODE_OK;
1659  } else if (strcmp((long_opts[option_index]).name, "windivert-forward") == 0) {
1660 #ifdef WINDIVERT
1661  if (suri->run_mode == RUNMODE_UNKNOWN) {
1662  suri->run_mode = RUNMODE_WINDIVERT;
1663  if (WinDivertRegisterQueue(true, optarg) == -1) {
1664  exit(EXIT_FAILURE);
1665  }
1666  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1667  if (WinDivertRegisterQueue(true, optarg) == -1) {
1668  exit(EXIT_FAILURE);
1669  }
1670  } else {
1671  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1672  "has been specified");
1673  PrintUsage(argv[0]);
1674  exit(EXIT_FAILURE);
1675  }
1676  }
1677  else if(strcmp((long_opts[option_index]).name, "windivert") == 0) {
1678  if (suri->run_mode == RUNMODE_UNKNOWN) {
1679  suri->run_mode = RUNMODE_WINDIVERT;
1680  if (WinDivertRegisterQueue(false, optarg) == -1) {
1681  exit(EXIT_FAILURE);
1682  }
1683  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1684  if (WinDivertRegisterQueue(false, optarg) == -1) {
1685  exit(EXIT_FAILURE);
1686  }
1687  } else {
1688  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1689  "has been specified");
1690  PrintUsage(argv[0]);
1691  exit(EXIT_FAILURE);
1692  }
1693 #else
1694  SCLogError(SC_ERR_WINDIVERT_NOSUPPORT,"WinDivert not enabled. Make sure to pass --enable-windivert to configure when building.");
1695  return TM_ECODE_FAILED;
1696 #endif /* WINDIVERT */
1697  } else if(strcmp((long_opts[option_index]).name, "reject-dev") == 0) {
1698 #ifdef HAVE_LIBNET11
1699  BUG_ON(optarg == NULL); /* for static analysis */
1700  extern char *g_reject_dev;
1701  extern uint16_t g_reject_dev_mtu;
1702  g_reject_dev = optarg;
1703  int mtu = GetIfaceMTU(g_reject_dev);
1704  if (mtu > 0) {
1705  g_reject_dev_mtu = (uint16_t)mtu;
1706  }
1707 #else
1708  SCLogError(SC_ERR_LIBNET_NOT_ENABLED,
1709  "Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1710  return TM_ECODE_FAILED;
1711 #endif
1712  }
1713  else if (strcmp((long_opts[option_index]).name, "set") == 0) {
1714  if (optarg != NULL) {
1715  /* Quick validation. */
1716  char *val = strchr(optarg, '=');
1717  if (val == NULL) {
1718  FatalError(SC_ERR_FATAL,
1719  "Invalid argument for --set, must be key=val.");
1720  }
1721  if (!ConfSetFromString(optarg, 1)) {
1722  fprintf(stderr, "Failed to set configuration value %s.",
1723  optarg);
1724  exit(EXIT_FAILURE);
1725  }
1726  }
1727  }
1728  else if (strcmp((long_opts[option_index]).name, "pcap-file-continuous") == 0) {
1729  if (ConfSetFinal("pcap-file.continuous", "true") != 1) {
1730  SCLogError(SC_ERR_CMD_LINE, "Failed to set pcap-file.continuous");
1731  return TM_ECODE_FAILED;
1732  }
1733  }
1734  else if (strcmp((long_opts[option_index]).name, "pcap-file-delete") == 0) {
1735  if (ConfSetFinal("pcap-file.delete-when-done", "true") != 1) {
1736  SCLogError(SC_ERR_CMD_LINE, "Failed to set pcap-file.delete-when-done");
1737  return TM_ECODE_FAILED;
1738  }
1739  }
1740  else if (strcmp((long_opts[option_index]).name, "pcap-file-recursive") == 0) {
1741  if (ConfSetFinal("pcap-file.recursive", "true") != 1) {
1742  SCLogError(SC_ERR_CMD_LINE, "ERROR: Failed to set pcap-file.recursive");
1743  return TM_ECODE_FAILED;
1744  }
1745  }
1746  else if (strcmp((long_opts[option_index]).name, "data-dir") == 0) {
1747  if (optarg == NULL) {
1748  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -d");
1749  return TM_ECODE_FAILED;
1750  }
1751 
1752  if (ConfigSetDataDirectory(optarg) != TM_ECODE_OK) {
1753  SCLogError(SC_ERR_FATAL, "Failed to set data directory.");
1754  return TM_ECODE_FAILED;
1755  }
1756  if (ConfigCheckDataDirectory(optarg) != TM_ECODE_OK) {
1757  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The data directory \"%s\""
1758  " supplied at the commandline (-d %s) doesn't "
1759  "exist. Shutting down the engine.", optarg, optarg);
1760  return TM_ECODE_FAILED;
1761  }
1762  suri->set_datadir = true;
1763  } else if (strcmp((long_opts[option_index]).name , "strict-rule-keywords") == 0){
1764  if (optarg == NULL) {
1765  suri->strict_rule_parsing_string = SCStrdup("all");
1766  } else {
1767  suri->strict_rule_parsing_string = SCStrdup(optarg);
1768  }
1769  if (suri->strict_rule_parsing_string == NULL) {
1770  FatalError(SC_ERR_MEM_ALLOC, "failed to duplicate 'strict' string");
1771  }
1772  } else {
1773  int r = ExceptionSimulationCommandlineParser(
1774  (long_opts[option_index]).name, optarg);
1775  if (r < 0)
1776  return TM_ECODE_FAILED;
1777  }
1778  break;
1779  case 'c':
1780  suri->conf_filename = optarg;
1781  break;
1782  case 'T':
1783  SCLogInfo("Running suricata under test mode");
1784  conf_test = 1;
1785  if (ConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1786  fprintf(stderr, "ERROR: Failed to set engine init-failure-fatal.\n");
1787  return TM_ECODE_FAILED;
1788  }
1789  break;
1790 #ifndef OS_WIN32
1791  case 'D':
1792  suri->daemon = 1;
1793  break;
1794 #endif /* OS_WIN32 */
1795  case 'h':
1796  suri->run_mode = RUNMODE_PRINT_USAGE;
1797  return TM_ECODE_OK;
1798  case 'i':
1799  if (optarg == NULL) {
1800  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -i");
1801  return TM_ECODE_FAILED;
1802  }
1803 #ifdef HAVE_AF_PACKET
1804  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1805  return TM_ECODE_FAILED;
1806  }
1807 #else /* not afpacket */
1808  /* warn user if netmap or pf-ring are available */
1809 #if defined HAVE_PFRING || HAVE_NETMAP
1810  int i = 0;
1811 #ifdef HAVE_PFRING
1812  i++;
1813 #endif
1814 #ifdef HAVE_NETMAP
1815  i++;
1816 #endif
1817  SCLogWarning(SC_WARN_FASTER_CAPTURE_AVAILABLE, "faster capture "
1818  "option%s %s available:"
1819 #ifdef HAVE_PFRING
1820  " PF_RING (--pfring-int=%s)"
1821 #endif
1822 #ifdef HAVE_NETMAP
1823  " NETMAP (--netmap=%s)"
1824 #endif
1825  ". Use --pcap=%s to suppress this warning",
1826  i == 1 ? "" : "s", i == 1 ? "is" : "are"
1827 #ifdef HAVE_PFRING
1828  , optarg
1829 #endif
1830 #ifdef HAVE_NETMAP
1831  , optarg
1832 #endif
1833  , optarg
1834  );
1835 #endif /* have faster methods */
1836  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1837  return TM_ECODE_FAILED;
1838  }
1839 #endif
1840  break;
1841  case 'l':
1842  if (optarg == NULL) {
1843  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -l");
1844  return TM_ECODE_FAILED;
1845  }
1846 
1847  if (ConfigSetLogDirectory(optarg) != TM_ECODE_OK) {
1848  SCLogError(SC_ERR_FATAL, "Failed to set log directory.");
1849  return TM_ECODE_FAILED;
1850  }
1851  if (ConfigCheckLogDirectoryExists(optarg) != TM_ECODE_OK) {
1852  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
1853  " supplied at the commandline (-l %s) doesn't "
1854  "exist. Shutting down the engine.", optarg, optarg);
1855  return TM_ECODE_FAILED;
1856  }
1857  if (!IsLogDirectoryWritable(optarg)) {
1858  SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\""
1859  " supplied at the commandline (-l %s) is not "
1860  "writable. Shutting down the engine.", optarg, optarg);
1861  return TM_ECODE_FAILED;
1862  }
1863  suri->set_logdir = true;
1864 
1865  break;
1866  case 'q':
1867 #ifdef NFQ
1868  if (suri->run_mode == RUNMODE_UNKNOWN) {
1869  suri->run_mode = RUNMODE_NFQ;
1870  EngineModeSetIPS();
1871  if (NFQParseAndRegisterQueues(optarg) == -1)
1872  return TM_ECODE_FAILED;
1873  } else if (suri->run_mode == RUNMODE_NFQ) {
1874  if (NFQParseAndRegisterQueues(optarg) == -1)
1875  return TM_ECODE_FAILED;
1876  } else {
1877  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1878  "has been specified");
1879  PrintUsage(argv[0]);
1880  return TM_ECODE_FAILED;
1881  }
1882 #else
1883  SCLogError(SC_ERR_NFQ_NOSUPPORT,"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when building.");
1884  return TM_ECODE_FAILED;
1885 #endif /* NFQ */
1886  break;
1887  case 'd':
1888 #ifdef IPFW
1889  if (suri->run_mode == RUNMODE_UNKNOWN) {
1890  suri->run_mode = RUNMODE_IPFW;
1891  EngineModeSetIPS();
1892  if (IPFWRegisterQueue(optarg) == -1)
1893  return TM_ECODE_FAILED;
1894  } else if (suri->run_mode == RUNMODE_IPFW) {
1895  if (IPFWRegisterQueue(optarg) == -1)
1896  return TM_ECODE_FAILED;
1897  } else {
1898  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1899  "has been specified");
1900  PrintUsage(argv[0]);
1901  return TM_ECODE_FAILED;
1902  }
1903 #else
1904  SCLogError(SC_ERR_IPFW_NOSUPPORT,"IPFW not enabled. Make sure to pass --enable-ipfw to configure when building.");
1905  return TM_ECODE_FAILED;
1906 #endif /* IPFW */
1907  break;
1908  case 'r':
1909  BUG_ON(optarg == NULL); /* for static analysis */
1910  if (suri->run_mode == RUNMODE_UNKNOWN) {
1911  suri->run_mode = RUNMODE_PCAP_FILE;
1912  } else {
1913  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
1914  "has been specified");
1915  PrintUsage(argv[0]);
1916  return TM_ECODE_FAILED;
1917  }
1918 #ifdef OS_WIN32
1919  struct _stat buf;
1920  if(_stat(optarg, &buf) != 0) {
1921 #else
1922  struct stat buf;
1923  if (stat(optarg, &buf) != 0) {
1924 #endif /* OS_WIN32 */
1925  SCLogError(SC_ERR_INITIALIZATION, "ERROR: Pcap file does not exist\n");
1926  return TM_ECODE_FAILED;
1927  }
1928  if (ConfSetFinal("pcap-file.file", optarg) != 1) {
1929  SCLogError(SC_ERR_INITIALIZATION, "ERROR: Failed to set pcap-file.file\n");
1930  return TM_ECODE_FAILED;
1931  }
1932 
1933  break;
1934  case 's':
1935  if (suri->sig_file != NULL) {
1936  SCLogError(SC_ERR_CMD_LINE, "can't have multiple -s options or mix -s and -S.");
1937  return TM_ECODE_FAILED;
1938  }
1939  suri->sig_file = optarg;
1940  break;
1941  case 'S':
1942  if (suri->sig_file != NULL) {
1943  SCLogError(SC_ERR_CMD_LINE, "can't have multiple -S options or mix -s and -S.");
1944  return TM_ECODE_FAILED;
1945  }
1946  suri->sig_file = optarg;
1947  suri->sig_file_exclusive = TRUE;
1948  break;
1949  case 'u':
1950 #ifdef UNITTESTS
1951  if (suri->run_mode == RUNMODE_UNKNOWN) {
1952  suri->run_mode = RUNMODE_UNITTEST;
1953  } else {
1954  SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode has"
1955  " been specified");
1956  PrintUsage(argv[0]);
1957  return TM_ECODE_FAILED;
1958  }
1959 #else
1960  fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
1961  return TM_ECODE_FAILED;
1962 #endif /* UNITTESTS */
1963  break;
1964  case 'U':
1965 #ifdef UNITTESTS
1966  suri->regex_arg = optarg;
1967 
1968  if(strlen(suri->regex_arg) == 0)
1969  suri->regex_arg = NULL;
1970 #endif
1971  break;
1972  case 'V':
1973  suri->run_mode = RUNMODE_PRINT_VERSION;
1974  return TM_ECODE_OK;
1975  case 'F':
1976  if (optarg == NULL) {
1977  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -F");
1978  return TM_ECODE_FAILED;
1979  }
1980 
1981  SetBpfStringFromFile(optarg);
1982  break;
1983  case 'v':
1984  suri->verbose++;
1985  break;
1986  case 'k':
1987  if (optarg == NULL) {
1988  SCLogError(SC_ERR_INITIALIZATION, "no option argument (optarg) for -k");
1989  return TM_ECODE_FAILED;
1990  }
1991  if (!strcmp("all", optarg))
1992  suri->checksum_validation = 1;
1993  else if (!strcmp("none", optarg))
1994  suri->checksum_validation = 0;
1995  else {
1996  SCLogError(SC_ERR_INITIALIZATION, "option '%s' invalid for -k", optarg);
1997  return TM_ECODE_FAILED;
1998  }
1999  break;
2000  default:
2001  PrintUsage(argv[0]);
2002  return TM_ECODE_FAILED;
2003  }
2004  }
2005 
2006  if (suri->disabled_detect && suri->sig_file != NULL) {
2007  SCLogError(SC_ERR_INITIALIZATION, "can't use -s/-S when detection is disabled");
2008  return TM_ECODE_FAILED;
2009  }
2010 
2011  /* save the runmode from the commandline (if any) */
2012  suri->aux_run_mode = suri->run_mode;
2013 
2014  if (list_app_layer_protocols)
2015  suri->run_mode = RUNMODE_LIST_APP_LAYERS;
2016  if (list_keywords)
2017  suri->run_mode = RUNMODE_LIST_KEYWORDS;
2018  if (list_unittests)
2019  suri->run_mode = RUNMODE_LIST_UNITTEST;
2020  if (dump_config)
2021  suri->run_mode = RUNMODE_DUMP_CONFIG;
2022  if (dump_features)
2023  suri->run_mode = RUNMODE_DUMP_FEATURES;
2024  if (conf_test)
2025  suri->run_mode = RUNMODE_CONF_TEST;
2026  if (engine_analysis)
2027  suri->run_mode = RUNMODE_ENGINE_ANALYSIS;
2028 
2029  suri->offline = IsRunModeOffline(suri->run_mode);
2030  g_system = suri->system = IsRunModeSystem(suri->run_mode);
2031 
2032  ret = SetBpfString(optind, argv);
2033  if (ret != TM_ECODE_OK)
2034  return ret;
2035 
2036  return TM_ECODE_OK;
2037 }
2038 
2039 #ifdef OS_WIN32
2040 static int WindowsInitService(int argc, char **argv)
2041 {
2042  if (SCRunningAsService()) {
2043  char path[MAX_PATH];
2044  char *p = NULL;
2045  strlcpy(path, argv[0], MAX_PATH);
2046  if ((p = strrchr(path, '\\'))) {
2047  *p = '\0';
2048  }
2049  if (!SetCurrentDirectory(path)) {
2050  SCLogError(SC_ERR_FATAL, "Can't set current directory to: %s", path);
2051  return -1;
2052  }
2053  SCLogInfo("Current directory is set to: %s", path);
2054  SCServiceInit(argc, argv);
2055  }
2056 
2057  /* Windows socket subsystem initialization */
2058  WSADATA wsaData;
2059  if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
2060  SCLogError(SC_ERR_FATAL, "Can't initialize Windows sockets: %d", WSAGetLastError());
2061  return -1;
2062  }
2063 
2064  return 0;
2065 }
2066 #endif /* OS_WIN32 */
2067 
2068 static int MayDaemonize(SCInstance *suri)
2069 {
2070  if (suri->daemon == 1 && suri->pid_filename == NULL) {
2071  const char *pid_filename;
2072 
2073  if (ConfGet("pid-file", &pid_filename) == 1) {
2074  SCLogInfo("Use pid file %s from config file.", pid_filename);
2075  } else {
2076  pid_filename = DEFAULT_PID_FILENAME;
2077  }
2078  /* The pid file name may be in config memory, but is needed later. */
2079  suri->pid_filename = SCStrdup(pid_filename);
2080  if (suri->pid_filename == NULL) {
2081  SCLogError(SC_ERR_MEM_ALLOC, "strdup failed: %s", strerror(errno));
2082  return TM_ECODE_FAILED;
2083  }
2084  }
2085 
2086  if (suri->pid_filename != NULL && SCPidfileTestRunning(suri->pid_filename) != 0) {
2087  SCFree(suri->pid_filename);
2088  suri->pid_filename = NULL;
2089  return TM_ECODE_FAILED;
2090  }
2091 
2092  if (suri->daemon == 1) {
2093  Daemonize();
2094  }
2095 
2096  if (suri->pid_filename != NULL) {
2097  if (SCPidfileCreate(suri->pid_filename) != 0) {
2098  SCFree(suri->pid_filename);
2099  suri->pid_filename = NULL;
2100  SCLogError(SC_ERR_PIDFILE_DAEMON,
2101  "Unable to create PID file, concurrent run of"
2102  " Suricata can occur.");
2103  SCLogError(SC_ERR_PIDFILE_DAEMON,
2104  "PID file creation WILL be mandatory for daemon mode"
2105  " in future version");
2106  }
2107  }
2108 
2109  return TM_ECODE_OK;
2110 }
2111 
2112 /* Initialize the user and group Suricata is to run as. */
2113 static int InitRunAs(SCInstance *suri)
2114 {
2115 #ifndef OS_WIN32
2116  /* Try to get user/group to run suricata as if
2117  command line as not decide of that */
2118  if (suri->do_setuid == FALSE && suri->do_setgid == FALSE) {
2119  const char *id;
2120  if (ConfGet("run-as.user", &id) == 1) {
2121  suri->do_setuid = TRUE;
2122  suri->user_name = id;
2123  }
2124  if (ConfGet("run-as.group", &id) == 1) {
2125  suri->do_setgid = TRUE;
2126  suri->group_name = id;
2127  }
2128  }
2129  /* Get the suricata user ID to given user ID */
2130  if (suri->do_setuid == TRUE) {
2131  if (SCGetUserID(suri->user_name, suri->group_name,
2132  &suri->userid, &suri->groupid) != 0) {
2133  SCLogError(SC_ERR_UID_FAILED, "failed in getting user ID");
2134  return TM_ECODE_FAILED;
2135  }
2136 
2137  sc_set_caps = TRUE;
2138  /* Get the suricata group ID to given group ID */
2139  } else if (suri->do_setgid == TRUE) {
2140  if (SCGetGroupID(suri->group_name, &suri->groupid) != 0) {
2141  SCLogError(SC_ERR_GID_FAILED, "failed in getting group ID");
2142  return TM_ECODE_FAILED;
2143  }
2144 
2145  sc_set_caps = TRUE;
2146  }
2147 #endif
2148  return TM_ECODE_OK;
2149 }
2150 
2151 static int InitSignalHandler(SCInstance *suri)
2152 {
2153  /* registering signals we use */
2154 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2155  UtilSignalHandlerSetup(SIGINT, SignalHandlerSigint);
2156  UtilSignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
2157 #if HAVE_LIBUNWIND
2158  int enabled;
2159  if (ConfGetBool("logging.stacktrace-on-signal", &enabled) == 0) {
2160  enabled = 1;
2161  }
2162 
2163  if (enabled) {
2164  SCLogInfo("Preparing unexpected signal handling");
2165  struct sigaction stacktrace_action;
2166  memset(&stacktrace_action, 0, sizeof(stacktrace_action));
2167  stacktrace_action.sa_sigaction = SignalHandlerUnexpected;
2168  stacktrace_action.sa_flags = SA_SIGINFO;
2169  sigaction(SIGSEGV, &stacktrace_action, NULL);
2170  sigaction(SIGABRT, &stacktrace_action, NULL);
2171  }
2172 #endif /* HAVE_LIBUNWIND */
2173 #endif
2174 #ifndef OS_WIN32
2175  UtilSignalHandlerSetup(SIGHUP, SignalHandlerSigHup);
2176  UtilSignalHandlerSetup(SIGPIPE, SIG_IGN);
2177  UtilSignalHandlerSetup(SIGSYS, SIG_IGN);
2178 #endif /* OS_WIN32 */
2179 
2180  return TM_ECODE_OK;
2181 }
2182 
2183 /* initialization code for both the main modes and for
2184  * unix socket mode.
2185  *
2186  * Will be run once per pcap in unix-socket mode */
2187 void PreRunInit(const int runmode)
2188 {
2189  HttpRangeContainersInit();
2190  if (runmode == RUNMODE_UNIX_SOCKET)
2191  return;
2192 
2193  StatsInit();
2194 #ifdef PROFILING
2195  SCProfilingRulesGlobalInit();
2196  SCProfilingKeywordsGlobalInit();
2197  SCProfilingPrefilterGlobalInit();
2198  SCProfilingSghsGlobalInit();
2199  SCProfilingInit();
2200 #endif /* PROFILING */
2201  DefragInit();
2202  FlowInitConfig(FLOW_QUIET);
2203  IPPairInitConfig(FLOW_QUIET);
2204  StreamTcpInitConfig(STREAM_VERBOSE);
2205  AppLayerParserPostStreamSetup();
2206  AppLayerRegisterGlobalCounters();
2207  OutputFilestoreRegisterGlobalCounters();
2208 }
2209 
2210 /* tasks we need to run before packets start flowing,
2211  * but after we dropped privs */
2212 void PreRunPostPrivsDropInit(const int runmode)
2213 {
2214  StatsSetupPostConfigPreOutput();
2215  RunModeInitializeOutputs();
2216  DatasetsInit();
2217 
2218  if (runmode == RUNMODE_UNIX_SOCKET) {
2219  /* As the above did some necessary startup initialization, it
2220  * also setup some outputs where only one is allowed, so
2221  * deinitialize to the state that unix-mode does after every
2222  * pcap. */
2223  PostRunDeinit(RUNMODE_PCAP_FILE, NULL);
2224  return;
2225  }
2226 
2227  StatsSetupPostConfigPostOutput();
2228 }
2229 
2230 /* clean up / shutdown code for both the main modes and for
2231  * unix socket mode.
2232  *
2233  * Will be run once per pcap in unix-socket mode */
2234 void PostRunDeinit(const int runmode, struct timeval *start_time)
2235 {
2236  if (runmode == RUNMODE_UNIX_SOCKET)
2237  return;
2238 
2239  /* needed by FlowForceReassembly */
2240  PacketPoolInit();
2241 
2242  /* handle graceful shutdown of the flow engine, it's helper
2243  * threads and the packet threads */
2244  FlowDisableFlowManagerThread();
2245  TmThreadDisableReceiveThreads();
2246  FlowForceReassembly();
2247  TmThreadDisablePacketThreads();
2248  SCPrintElapsedTime(start_time);
2249  FlowDisableFlowRecyclerThread();
2250 
2251  /* kill the stats threads */
2252  TmThreadKillThreadsFamily(TVT_MGMT);
2253  TmThreadClearThreadsFamily(TVT_MGMT);
2254 
2255  /* kill packet threads -- already in 'disabled' state */
2256  TmThreadKillThreadsFamily(TVT_PPT);
2257  TmThreadClearThreadsFamily(TVT_PPT);
2258 
2259  PacketPoolDestroy();
2260 
2261  /* mgt and ppt threads killed, we can run non thread-safe
2262  * shutdown functions */
2263  StatsReleaseResources();
2264  DecodeUnregisterCounters();
2265  RunModeShutDown();
2266  FlowShutdown();
2267  IPPairShutdown();
2268  HostCleanup();
2269  StreamTcpFreeConfig(STREAM_VERBOSE);
2270  DefragDestroy();
2271 
2272  TmqResetQueues();
2273 #ifdef PROFILING
2274  if (profiling_rules_enabled)
2275  SCProfilingDump();
2276  SCProfilingDestroy();
2277 #endif
2278 }
2279 
2280 
2281 static int StartInternalRunMode(SCInstance *suri, int argc, char **argv)
2282 {
2283  /* Treat internal running mode */
2284  switch(suri->run_mode) {
2285  case RUNMODE_LIST_KEYWORDS:
2286  return ListKeywords(suri->keyword_info);
2287  case RUNMODE_LIST_APP_LAYERS:
2288  if (suri->conf_filename != NULL) {
2289  return ListAppLayerProtocols(suri->conf_filename);
2290  } else {
2291  return ListAppLayerProtocols(DEFAULT_CONF_FILE);
2292  }
2293  case RUNMODE_PRINT_VERSION:
2294  PrintVersion();
2295  return TM_ECODE_DONE;
2296  case RUNMODE_PRINT_BUILDINFO:
2297  PrintBuildInfo();
2298  return TM_ECODE_DONE;
2299  case RUNMODE_PRINT_USAGE:
2300  PrintUsage(argv[0]);
2301  return TM_ECODE_DONE;
2302  case RUNMODE_LIST_RUNMODES:
2303  RunModeListRunmodes();
2304  return TM_ECODE_DONE;
2305  case RUNMODE_LIST_UNITTEST:
2306  RunUnittests(1, suri->regex_arg);
2307  case RUNMODE_UNITTEST:
2308  RunUnittests(0, suri->regex_arg);
2309 #ifdef OS_WIN32
2310  case RUNMODE_INSTALL_SERVICE:
2311  if (SCServiceInstall(argc, argv)) {
2312  return TM_ECODE_FAILED;
2313  }
2314  SCLogInfo("Suricata service has been successfuly installed.");
2315  return TM_ECODE_DONE;
2316  case RUNMODE_REMOVE_SERVICE:
2317  if (SCServiceRemove(argc, argv)) {
2318  return TM_ECODE_FAILED;
2319  }
2320  SCLogInfo("Suricata service has been successfuly removed.");
2321  return TM_ECODE_DONE;
2322  case RUNMODE_CHANGE_SERVICE_PARAMS:
2323  if (SCServiceChangeParams(argc, argv)) {
2324  return TM_ECODE_FAILED;
2325  }
2326  SCLogInfo("Suricata service startup parameters has been successfuly changed.");
2327  return TM_ECODE_DONE;
2328 #endif /* OS_WIN32 */
2329  default:
2330  /* simply continue for other running mode */
2331  break;
2332  }
2333  return TM_ECODE_OK;
2334 }
2335 
2336 static int FinalizeRunMode(SCInstance *suri, char **argv)
2337 {
2338  switch (suri->run_mode) {
2339  case RUNMODE_UNKNOWN:
2340  PrintUsage(argv[0]);
2341  return TM_ECODE_FAILED;
2342  default:
2343  break;
2344  }
2345  /* Set the global run mode and offline flag. */
2346  run_mode = suri->run_mode;
2347 
2348  if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) {
2349  return TM_ECODE_FAILED;
2350  }
2351 
2352  return TM_ECODE_OK;
2353 }
2354 
2355 static void SetupDelayedDetect(SCInstance *suri)
2356 {
2357  /* In offline mode delayed init of detect is a bad idea */
2358  if (suri->offline) {
2359  suri->delayed_detect = 0;
2360  } else {
2361  if (ConfGetBool("detect.delayed-detect", &suri->delayed_detect) != 1) {
2362  ConfNode *denode = NULL;
2363  ConfNode *decnf = ConfGetNode("detect-engine");
2364  if (decnf != NULL) {
2365  TAILQ_FOREACH(denode, &decnf->head, next) {
2366  if (strcmp(denode->val, "delayed-detect") == 0) {
2367  (void)ConfGetChildValueBool(denode, "delayed-detect", &suri->delayed_detect);
2368  }
2369  }
2370  }
2371  }
2372  }
2373 
2374  SCLogConfig("Delayed detect %s", suri->delayed_detect ? "enabled" : "disabled");
2375  if (suri->delayed_detect) {
2376  SCLogInfo("Packets will start being processed before signatures are active.");
2377  }
2378 
2379 }
2380 
2381 static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri)
2382 {
2383  if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) {
2384  SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.");
2385  if (de_ctx->failure_fatal)
2386  return TM_ECODE_FAILED;
2387  }
2388 
2389  return TM_ECODE_OK;
2390 }
2391 
2392 static int ConfigGetCaptureValue(SCInstance *suri)
2393 {
2394  /* Pull the max pending packets from the config, if not found fall
2395  * back on a sane default. */
2396  if (ConfGetInt("max-pending-packets", &max_pending_packets) != 1)
2397  max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
2398  if (max_pending_packets >= 65535) {
2399  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2400  "Maximum max-pending-packets setting is 65534. "
2401  "Please check %s for errors", suri->conf_filename);
2402  return TM_ECODE_FAILED;
2403  }
2404 
2405  SCLogDebug("Max pending packets set to %"PRIiMAX, max_pending_packets);
2406 
2407  /* Pull the default packet size from the config, if not found fall
2408  * back on a sane default. */
2409  const char *temp_default_packet_size;
2410  if ((ConfGet("default-packet-size", &temp_default_packet_size)) != 1) {
2411  int mtu = 0;
2412  int lthread;
2413  int nlive;
2414  int strip_trailing_plus = 0;
2415  switch (suri->run_mode) {
2416 #ifdef WINDIVERT
2417  case RUNMODE_WINDIVERT:
2418  /* by default, WinDivert collects from all devices */
2419  mtu = GetGlobalMTUWin32();
2420 
2421  if (mtu > 0) {
2422  g_default_mtu = mtu;
2423  /* SLL_HEADER_LEN is the longest header + 8 for VLAN */
2424  default_packet_size = mtu + SLL_HEADER_LEN + 8;
2425  break;
2426  }
2427 
2428  g_default_mtu = DEFAULT_MTU;
2429  default_packet_size = DEFAULT_PACKET_SIZE;
2430  break;
2431 #endif /* WINDIVERT */
2432  case RUNMODE_NETMAP:
2433  /* in netmap igb0+ has a special meaning, however the
2434  * interface really is igb0 */
2435  strip_trailing_plus = 1;
2436  /* fall through */
2437  case RUNMODE_PCAP_DEV:
2438  case RUNMODE_AFP_DEV:
2439  case RUNMODE_AFXDP_DEV:
2440  case RUNMODE_PFRING:
2441  nlive = LiveGetDeviceNameCount();
2442  for (lthread = 0; lthread < nlive; lthread++) {
2443  const char *live_dev = LiveGetDeviceNameName(lthread);
2444  char dev[128]; /* need to be able to support GUID names on Windows */
2445  (void)strlcpy(dev, live_dev, sizeof(dev));
2446 
2447  if (strip_trailing_plus) {
2448  size_t len = strlen(dev);
2449  if (len &&
2450  (dev[len-1] == '+' ||
2451  dev[len-1] == '^' ||
2452  dev[len-1] == '*'))
2453  {
2454  dev[len-1] = '\0';
2455  }
2456  }
2457  mtu = GetIfaceMTU(dev);
2458  g_default_mtu = MAX(mtu, g_default_mtu);
2459 
2460  unsigned int iface_max_packet_size = GetIfaceMaxPacketSize(dev);
2461  if (iface_max_packet_size > default_packet_size)
2462  default_packet_size = iface_max_packet_size;
2463  }
2464  if (default_packet_size)
2465  break;
2466  /* fall through */
2467  default:
2468  g_default_mtu = DEFAULT_MTU;
2469  default_packet_size = DEFAULT_PACKET_SIZE;
2470  }
2471  } else {
2472  if (ParseSizeStringU32(temp_default_packet_size, &default_packet_size) < 0) {
2473  SCLogError(SC_ERR_SIZE_PARSE, "Error parsing max-pending-packets "
2474  "from conf file - %s. Killing engine",
2475  temp_default_packet_size);
2476  return TM_ECODE_FAILED;
2477  }
2478  }
2479 
2480  SCLogDebug("Default packet size set to %"PRIu32, default_packet_size);
2481 
2482  return TM_ECODE_OK;
2483 }
2484 
2485 static void PostRunStartedDetectSetup(const SCInstance *suri)
2486 {
2487 #ifndef OS_WIN32
2488  /* registering signal handlers we use. We setup usr2 here, so that one
2489  * can't call it during the first sig load phase or while threads are still
2490  * starting up. */
2491  if (DetectEngineEnabled() && suri->delayed_detect == 0) {
2492  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2493  UtilSignalUnblock(SIGUSR2);
2494  }
2495 #endif
2496  if (suri->delayed_detect) {
2497  /* force 'reload', this will load the rules and swap engines */
2498  DetectEngineReload(suri);
2499  SCLogNotice("Signature(s) loaded, Detect thread(s) activated.");
2500 #ifndef OS_WIN32
2501  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2502  UtilSignalUnblock(SIGUSR2);
2503 #endif
2504  }
2505 }
2506 
2507 void PostConfLoadedDetectSetup(SCInstance *suri)
2508 {
2509  DetectEngineCtx *de_ctx = NULL;
2510  if (!suri->disabled_detect) {
2511  SCClassConfInit();
2512  SCReferenceConfInit();
2513  SetupDelayedDetect(suri);
2514  int mt_enabled = 0;
2515  (void)ConfGetBool("multi-detect.enabled", &mt_enabled);
2516  int default_tenant = 0;
2517  if (mt_enabled)
2518  (void)ConfGetBool("multi-detect.default", &default_tenant);
2519  if (DetectEngineMultiTenantSetup() == -1) {
2520  FatalError(SC_ERR_FATAL, "initializing multi-detect "
2521  "detection engine contexts failed.");
2522  }
2523  if (suri->delayed_detect && suri->run_mode != RUNMODE_CONF_TEST) {
2524  de_ctx = DetectEngineCtxInitStubForDD();
2525  } else if (mt_enabled && !default_tenant && suri->run_mode != RUNMODE_CONF_TEST) {
2526  de_ctx = DetectEngineCtxInitStubForMT();
2527  } else {
2528  de_ctx = DetectEngineCtxInit();
2529  }
2530  if (de_ctx == NULL) {
2531  FatalError(SC_ERR_FATAL, "initializing detection engine "
2532  "context failed.");
2533  }
2534 
2535  if (de_ctx->type == DETECT_ENGINE_TYPE_NORMAL) {
2536  if (LoadSignatures(de_ctx, suri) != TM_ECODE_OK)
2537  exit(EXIT_FAILURE);
2538  }
2539 
2540  gettimeofday(&de_ctx->last_reload, NULL);
2541  DetectEngineAddToMaster(de_ctx);
2542  DetectEngineBumpVersion();
2543  }
2544 }
2545 
2546 static int PostDeviceFinalizedSetup(SCInstance *suri)
2547 {
2548  SCEnter();
2549 
2550 #ifdef HAVE_AF_PACKET
2551  if (suri->run_mode == RUNMODE_AFP_DEV) {
2552  if (AFPRunModeIsIPS()) {
2553  SCLogInfo("AF_PACKET: Setting IPS mode");
2554  EngineModeSetIPS();
2555  }
2556  }
2557 #endif
2558 #ifdef HAVE_NETMAP
2559  if (suri->run_mode == RUNMODE_NETMAP) {
2560  if (NetmapRunModeIsIPS()) {
2561  SCLogInfo("Netmap: Setting IPS mode");
2562  EngineModeSetIPS();
2563  }
2564  }
2565 #endif
2566 
2567  SCReturnInt(TM_ECODE_OK);
2568 }
2569 
2570 static void PostConfLoadedSetupHostMode(void)
2571 {
2572  const char *hostmode = NULL;
2573 
2574  if (ConfGet("host-mode", &hostmode) == 1) {
2575  if (!strcmp(hostmode, "router")) {
2576  host_mode = SURI_HOST_IS_ROUTER;
2577  } else if (!strcmp(hostmode, "sniffer-only")) {
2578  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2579  } else {
2580  if (strcmp(hostmode, "auto") != 0) {
2581  WarnInvalidConfEntry("host-mode", "%s", "auto");
2582  }
2583  if (EngineModeIsIPS()) {
2584  host_mode = SURI_HOST_IS_ROUTER;
2585  } else {
2586  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2587  }
2588  }
2589  } else {
2590  if (EngineModeIsIPS()) {
2591  host_mode = SURI_HOST_IS_ROUTER;
2592  SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
2593  "default setting 'router'");
2594  } else {
2595  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2596  SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
2597  "default setting 'sniffer-only'");
2598  }
2599  }
2600 }
2601 
2602 static void SetupUserMode(SCInstance *suri)
2603 {
2604  /* apply 'user mode' config updates here */
2605  if (suri->system == false) {
2606  if (suri->set_logdir == false) {
2607  /* override log dir to current work dir" */
2608  if (ConfigSetLogDirectory((char *)".") != TM_ECODE_OK) {
2609  FatalError(SC_ERR_LOGDIR_CONFIG, "could not set USER mode logdir");
2610  }
2611  }
2612  if (suri->set_datadir == false) {
2613  /* override data dir to current work dir" */
2614  if (ConfigSetDataDirectory((char *)".") != TM_ECODE_OK) {
2615  FatalError(SC_ERR_LOGDIR_CONFIG, "could not set USER mode datadir");
2616  }
2617  }
2618  }
2619 }
2620 
2621 /**
2622  * This function is meant to contain code that needs
2623  * to be run once the configuration has been loaded.
2624  */
2625 int PostConfLoadedSetup(SCInstance *suri)
2626 {
2627  /* do this as early as possible #1577 #1955 */
2628 #ifdef HAVE_LUAJIT
2629  if (LuajitSetupStatesPool() != 0) {
2630  SCReturnInt(TM_ECODE_FAILED);
2631  }
2632 #endif
2633 
2634  /* load the pattern matchers */
2635  MpmTableSetup();
2636  SpmTableSetup();
2637 
2638  int disable_offloading;
2639  if (ConfGetBool("capture.disable-offloading", &disable_offloading) == 0)
2640  disable_offloading = 1;
2641  if (disable_offloading) {
2642  LiveSetOffloadDisable();
2643  } else {
2644  LiveSetOffloadWarn();
2645  }
2646 
2647  if (suri->checksum_validation == -1) {
2648  const char *cv = NULL;
2649  if (ConfGet("capture.checksum-validation", &cv) == 1) {
2650  if (strcmp(cv, "none") == 0) {
2651  suri->checksum_validation = 0;
2652  } else if (strcmp(cv, "all") == 0) {
2653  suri->checksum_validation = 1;
2654  }
2655  }
2656  }
2657  switch (suri->checksum_validation) {
2658  case 0:
2659  ConfSet("stream.checksum-validation", "0");
2660  break;
2661  case 1:
2662  ConfSet("stream.checksum-validation", "1");
2663  break;
2664  }
2665 
2666  if (suri->runmode_custom_mode) {
2667  ConfSet("runmode", suri->runmode_custom_mode);
2668  }
2669 
2670  StorageInit();
2671 #ifdef HAVE_PACKET_EBPF
2672  if (suri->run_mode == RUNMODE_AFP_DEV) {
2673  EBPFRegisterExtension();
2674  LiveDevRegisterExtension();
2675  }
2676 #endif
2677  RegisterFlowBypassInfo();
2678 
2679  MacSetRegisterFlowStorage();
2680 
2681  AppLayerSetup();
2682 
2683  /* Suricata will use this umask if provided. By default it will use the
2684  umask passed on from the shell. */
2685  const char *custom_umask;
2686  if (ConfGet("umask", &custom_umask) == 1) {
2687  uint16_t mask;
2688  if (StringParseUint16(&mask, 8, (uint16_t)strlen(custom_umask), custom_umask) > 0) {
2689  umask((mode_t)mask);
2690  }
2691  }
2692 
2693 
2694  if (ConfigGetCaptureValue(suri) != TM_ECODE_OK) {
2695  SCReturnInt(TM_ECODE_FAILED);
2696  }
2697 
2698 #ifdef NFQ
2699  if (suri->run_mode == RUNMODE_NFQ)
2700  NFQInitConfig(false);
2701 #endif
2702 
2703  /* Load the Host-OS lookup. */
2704  SCHInfoLoadFromConfig();
2705 
2706  if (suri->run_mode == RUNMODE_ENGINE_ANALYSIS) {
2707  SCLogInfo("== Carrying out Engine Analysis ==");
2708  const char *temp = NULL;
2709  if (ConfGet("engine-analysis", &temp) == 0) {
2710  SCLogInfo("no engine-analysis parameter(s) defined in conf file. "
2711  "Please define/enable them in the conf to use this "
2712  "feature.");
2713  SCReturnInt(TM_ECODE_FAILED);
2714  }
2715  }
2716 
2717  /* hardcoded initialization code */
2718  SigTableSetup(); /* load the rule keywords */
2719  SigTableApplyStrictCommandlineOption(suri->strict_rule_parsing_string);
2720  TmqhSetup();
2721 
2722  TagInitCtx();
2723  PacketAlertTagInit();
2724  ThresholdInit();
2725  HostBitInitCtx();
2726  IPPairBitInitCtx();
2727 
2728  if (DetectAddressTestConfVars() < 0) {
2729  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2730  "basic address vars test failed. Please check %s for errors",
2731  suri->conf_filename);
2732  SCReturnInt(TM_ECODE_FAILED);
2733  }
2734  if (DetectPortTestConfVars() < 0) {
2735  SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY,
2736  "basic port vars test failed. Please check %s for errors",
2737  suri->conf_filename);
2738  SCReturnInt(TM_ECODE_FAILED);
2739  }
2740 
2741  FeatureTrackingRegister(); /* must occur prior to output mod registration */
2742  RegisterAllModules();
2743 #ifdef HAVE_PLUGINS
2744  SCPluginsLoad(suri->capture_plugin_name, suri->capture_plugin_args);
2745 #endif
2746  AppLayerHtpNeedFileInspection();
2747 
2748  StorageFinalize();
2749 
2750  TmModuleRunInit();
2751 
2752  if (MayDaemonize(suri) != TM_ECODE_OK)
2753  SCReturnInt(TM_ECODE_FAILED);
2754 
2755  if (InitSignalHandler(suri) != TM_ECODE_OK)
2756  SCReturnInt(TM_ECODE_FAILED);
2757 
2758  /* Check for the existance of the default logging directory which we pick
2759  * from suricata.yaml. If not found, shut the engine down */
2760  suri->log_dir = ConfigGetLogDirectory();
2761 
2762  if (ConfigCheckLogDirectoryExists(suri->log_dir) != TM_ECODE_OK) {
2763  SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
2764  "supplied by %s (default-log-dir) doesn't exist. "
2765  "Shutting down the engine", suri->log_dir, suri->conf_filename);
2766  SCReturnInt(TM_ECODE_FAILED);
2767  }
2768  if (!IsLogDirectoryWritable(suri->log_dir)) {
2769  SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
2770  "supplied by %s (default-log-dir) is not writable. "
2771  "Shutting down the engine", suri->log_dir, suri->conf_filename);
2772  SCReturnInt(TM_ECODE_FAILED);
2773  }
2774 
2775  if (suri->disabled_detect) {
2776  SCLogConfig("detection engine disabled");
2777  /* disable raw reassembly */
2778  (void)ConfSetFinal("stream.reassembly.raw", "false");
2779  }
2780 
2781  HostInitConfig(HOST_VERBOSE);
2782 
2783  CoredumpLoadConfig();
2784 
2785  DecodeGlobalConfig();
2786 
2787  LiveDeviceFinalize();
2788 
2789  /* set engine mode if L2 IPS */
2790  if (PostDeviceFinalizedSetup(suri) != TM_ECODE_OK) {
2791  exit(EXIT_FAILURE);
2792  }
2793 
2794  /* hostmode depends on engine mode being set */
2795  PostConfLoadedSetupHostMode();
2796 
2797  PreRunInit(suri->run_mode);
2798 
2799  SCReturnInt(TM_ECODE_OK);
2800 }
2801 
2802 static void SuricataMainLoop(SCInstance *suri)
2803 {
2804  while(1) {
2805  if (sigterm_count || sigint_count) {
2806  suricata_ctl_flags |= SURICATA_STOP;
2807  }
2808 
2809  if (suricata_ctl_flags & SURICATA_STOP) {
2810  SCLogNotice("Signal Received. Stopping engine.");
2811  break;
2812  }
2813 
2814  TmThreadCheckThreadState();
2815 
2816  if (sighup_count > 0) {
2817  OutputNotifyFileRotation();
2818  sighup_count--;
2819  }
2820 
2821  if (sigusr2_count > 0) {
2822  if (!(DetectEngineReloadIsStart())) {
2823  DetectEngineReloadStart();
2824  DetectEngineReload(suri);
2825  DetectEngineReloadSetIdle();
2826  sigusr2_count--;
2827  }
2828 
2829  } else if (DetectEngineReloadIsStart()) {
2830  DetectEngineReload(suri);
2831  DetectEngineReloadSetIdle();
2832  }
2833 
2834  usleep(10* 1000);
2835  }
2836 }
2837 
2838 /**
2839  * \brief Global initialization common to all runmodes.
2840  *
2841  * This can be used by fuzz targets.
2842  */
2843 
2844 int InitGlobal(void)
2845 {
2846  rs_init(&suricata_context);
2847 
2848  SC_ATOMIC_INIT(engine_stage);
2849 
2850  /* initialize the logging subsys */
2851  SCLogInitLogModule(NULL);
2852 
2853  SCSetThreadName("Suricata-Main");
2854 
2855  /* Ignore SIGUSR2 as early as possble. We redeclare interest
2856  * once we're done launching threads. The goal is to either die
2857  * completely or handle any and all SIGUSR2s correctly.
2858  */
2859 #ifndef OS_WIN32
2860  UtilSignalHandlerSetup(SIGUSR2, SIG_IGN);
2861  if (UtilSignalBlock(SIGUSR2)) {
2862  SCLogError(SC_ERR_INITIALIZATION, "SIGUSR2 initialization error");
2863  return EXIT_FAILURE;
2864  }
2865 #endif
2866 
2867  ParseSizeInit();
2868  RunModeRegisterRunModes();
2869 
2870  /* Initialize the configuration module. */
2871  ConfInit();
2872 
2873  return 0;
2874 }
2875 
2876 int SuricataMain(int argc, char **argv)
2877 {
2878  SCInstanceInit(&suricata, argv[0]);
2879 
2880  if (InitGlobal() != 0) {
2881  exit(EXIT_FAILURE);
2882  }
2883 
2884 #ifdef OS_WIN32
2885  /* service initialization */
2886  if (WindowsInitService(argc, argv) != 0) {
2887  exit(EXIT_FAILURE);
2888  }
2889 #endif /* OS_WIN32 */
2890 
2891  if (ParseCommandLine(argc, argv, &suricata) != TM_ECODE_OK) {
2892  exit(EXIT_FAILURE);
2893  }
2894 
2895  if (FinalizeRunMode(&suricata, argv) != TM_ECODE_OK) {
2896  exit(EXIT_FAILURE);
2897  }
2898 
2899  switch (StartInternalRunMode(&suricata, argc, argv)) {
2900  case TM_ECODE_DONE:
2901  exit(EXIT_SUCCESS);
2902  case TM_ECODE_FAILED:
2903  exit(EXIT_FAILURE);
2904  }
2905 
2906  /* Initializations for global vars, queues, etc (memsets, mutex init..) */
2907  GlobalsInitPreConfig();
2908 
2909  /* Load yaml configuration file if provided. */
2910  if (LoadYamlConfig(&suricata) != TM_ECODE_OK) {
2911  exit(EXIT_FAILURE);
2912  }
2913 
2914  if (suricata.run_mode == RUNMODE_DUMP_CONFIG) {
2915  ConfDump();
2916  exit(EXIT_SUCCESS);
2917  }
2918 
2919  int vlan_tracking = 1;
2920  if (ConfGetBool("vlan.use-for-tracking", &vlan_tracking) == 1 && !vlan_tracking) {
2921  /* Ignore vlan_ids when comparing flows. */
2922  g_vlan_mask = 0x0000;
2923  }
2924  SCLogDebug("vlan tracking is %s", vlan_tracking == 1 ? "enabled" : "disabled");
2925 
2926  SetupUserMode(&suricata);
2927  InitRunAs(&suricata);
2928 
2929  /* Since our config is now loaded we can finish configurating the
2930  * logging module. */
2931  SCLogLoadConfig(suricata.daemon, suricata.verbose, suricata.userid, suricata.groupid);
2932 
2933  LogVersion(&suricata);
2934  UtilCpuPrintSummary();
2935 
2936  if (ParseInterfacesList(suricata.aux_run_mode, suricata.pcap_dev) != TM_ECODE_OK) {
2937  exit(EXIT_FAILURE);
2938  }
2939 
2940  if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) {
2941  exit(EXIT_FAILURE);
2942  }
2943 
2944  SCDropMainThreadCaps(suricata.userid, suricata.groupid);
2945 
2946  /* Re-enable coredumps after privileges are dropped. */
2947  CoredumpEnable();
2948 
2949  PreRunPostPrivsDropInit(suricata.run_mode);
2950 
2951  LandlockSandboxing(&suricata);
2952 
2953  PostConfLoadedDetectSetup(&suricata);
2954  if (suricata.run_mode == RUNMODE_ENGINE_ANALYSIS) {
2955  goto out;
2956  } else if (suricata.run_mode == RUNMODE_CONF_TEST){
2957  SCLogNotice("Configuration provided was successfully loaded. Exiting.");
2958  goto out;
2959  } else if (suricata.run_mode == RUNMODE_DUMP_FEATURES) {
2960  FeatureDump();
2961  goto out;
2962  }
2963 
2964  SCSetStartTime(&suricata);
2965  RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode,
2966  suricata.capture_plugin_name, suricata.capture_plugin_args);
2967  if (suricata.run_mode != RUNMODE_UNIX_SOCKET) {
2968  UnixManagerThreadSpawnNonRunmode();
2969  }
2970 
2971  /* Wait till all the threads have been initialized */
2972  if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) {
2973  FatalError(SC_ERR_FATAL, "Engine initialization failed, "
2974  "aborting...");
2975  }
2976 
2977  int limit_nproc = 0;
2978  if (ConfGetBool("security.limit-noproc", &limit_nproc) == 0) {
2979  limit_nproc = 0;
2980  }
2981 
2982 #if defined(SC_ADDRESS_SANITIZER)
2983  if (limit_nproc) {
2984  SCLogWarning(SC_ERR_SYSCONF,
2985  "\"security.limit-noproc\" (setrlimit()) not set when using address sanitizer");
2986  limit_nproc = 0;
2987  }
2988 #endif
2989 
2990  if (limit_nproc) {
2991 #if defined(HAVE_SYS_RESOURCE_H)
2992 #ifdef linux
2993  if (geteuid() == 0) {
2994  SCLogWarning(SC_ERR_SYSCONF, "setrlimit has no effet when running as root.");
2995  }
2996 #endif
2997  struct rlimit r = { 0, 0 };
2998  if (setrlimit(RLIMIT_NPROC, &r) != 0) {
2999  SCLogWarning(SC_ERR_SYSCONF, "setrlimit failed to prevent process creation.");
3000  }
3001 #else
3002  SCLogWarning(SC_ERR_SYSCONF, "setrlimit unavailable.");
3003 #endif
3004  }
3005 
3006  SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
3007  PacketPoolPostRunmodes();
3008 
3009  /* Un-pause all the paused threads */
3010  TmThreadContinueThreads();
3011 
3012  /* Must ensure all threads are fully operational before continuing with init process */
3013  if (TmThreadWaitOnThreadRunning() != TM_ECODE_OK) {
3014  exit(EXIT_FAILURE);
3015  }
3016 
3017  /* Print notice and send OS specific notification of threads in running state */
3018  OnNotifyRunning();
3019 
3020  PostRunStartedDetectSetup(&suricata);
3021 
3022  SCPledge();
3023  SuricataMainLoop(&suricata);
3024 
3025  /* Update the engine stage/status flag */
3026  SC_ATOMIC_SET(engine_stage, SURICATA_DEINIT);
3027 
3028  UnixSocketKillSocketThread();
3029  PostRunDeinit(suricata.run_mode, &suricata.start_time);
3030  /* kill remaining threads */
3031  TmThreadKillThreads();
3032 
3033 out:
3034  GlobalsDestroy(&suricata);
3035 
3036  exit(EXIT_SUCCESS);
3037 }
RUNMODE_AFXDP_DEV
@ RUNMODE_AFXDP_DEV
Definition: runmodes.h:38
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1079
util-byte.h
ConfGetInt
int ConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:393
TmModuleUnixManagerRegister
void TmModuleUnixManagerRegister(void)
Definition: unix-manager.c:1270
profiling_rules_enabled
int profiling_rules_enabled
Definition: util-profiling-rules.c:75
source-nflog.h
TagInitCtx
void TagInitCtx(void)
Definition: detect-engine-tag.c:52
TmModuleReceiveIPFWRegister
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
Definition: source-ipfw.c:153
flow-bypass.h
len
uint8_t len
Definition: app-layer-dnp3.h:2
SCReferenceConfDeinit
void SCReferenceConfDeinit(void)
Definition: util-reference-config.c:77
ippair.h
app-layer-htp-range.h
AppLayerHtpNeedFileInspection
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
Definition: app-layer-htp.c:507
SCInstance_::run_mode
enum RunModes run_mode
Definition: suricata.h:123
detect-engine.h
source-pcap.h
SCInstance_::groupid
uint32_t groupid
Definition: suricata.h:141
RUNMODE_UNIX_SOCKET
@ RUNMODE_UNIX_SOCKET
Definition: runmodes.h:43
g_system
bool g_system
Definition: suricata.c:188
SCReferenceConfInit
void SCReferenceConfInit(void)
Definition: util-reference-config.c:56
SCInstance_::daemon
int daemon
Definition: suricata.h:149
max_pending_packets
intmax_t max_pending_packets
Definition: suricata.c:177
IPPairInitConfig
void IPPairInitConfig(bool quiet)
initialize the configuration
Definition: ippair.c:169
SCLogInitLogModule
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
Definition: util-debug.c:1283
SLL_HEADER_LEN
#define SLL_HEADER_LEN
Definition: decode-sll.h:27
SCInstance_::checksum_validation
int checksum_validation
Definition: suricata.h:152
SC_ERR_DAG_REQUIRED
@ SC_ERR_DAG_REQUIRED
Definition: util-error.h:201
SC_ERR_WINDIVERT_NOSUPPORT
@ SC_ERR_WINDIVERT_NOSUPPORT
Definition: util-error.h:346
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:4307
RUNMODE_UNITTEST
@ RUNMODE_UNITTEST
Definition: runmodes.h:41
StorageInit
void StorageInit(void)
Definition: util-storage.c:68
SCInstance_::start_time
struct timeval start_time
Definition: suricata.h:154
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:315
SCThresholdConfGlobalFree
void SCThresholdConfGlobalFree(void)
Definition: util-threshold-config.c:159
TVT_MGMT
@ TVT_MGMT
Definition: tm-threads-common.h:92
source-pcap-file.h
AFPPeersListClean
void AFPPeersListClean()
Clean the global peers list.
Definition: source-af-packet.c:579
ConfNode_::val
char * val
Definition: conf.h:34
CLS
#define CLS
Definition: suricata-common.h:53
ConfGetBool
int ConfGetBool(const char *name, int *val)
Retrieve a configuration value as an boolen.
Definition: conf.c:473
RUNMODE_DPDK
@ RUNMODE_DPDK
Definition: runmodes.h:40
stream-tcp.h
DetectEngineCtx_::type
enum DetectEngineType type
Definition: detect.h:918
DetectEnginePruneFreeList
void DetectEnginePruneFreeList(void)
Definition: detect-engine.c:4398
runmode-af-packet.h
RUNMODE_UNKNOWN
@ RUNMODE_UNKNOWN
Definition: runmodes.h:28
SCInstance_::group_name
const char * group_name
Definition: suricata.h:136
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:387
runmode-unittests.h
SigTableApplyStrictCommandlineOption
void SigTableApplyStrictCommandlineOption(const char *str)
Definition: detect-parse.c:309
TmqhSetup
void TmqhSetup(void)
Definition: tm-queuehandlers.c:39
SC_ERR_GID_FAILED
@ SC_ERR_GID_FAILED
Definition: util-error.h:188
RUNMODE_PRINT_BUILDINFO
@ RUNMODE_PRINT_BUILDINFO
Definition: runmodes.h:51
DetectEngineCtxInitStubForDD
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
Definition: detect-engine.c:2400
LiveDevRegisterExtension
void LiveDevRegisterExtension(void)
Definition: util-device.c:494
SC_ERR_NFQ_NOSUPPORT
@ SC_ERR_NFQ_NOSUPPORT
Definition: util-error.h:97
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:296
AppLayerHtpPrintStats
void AppLayerHtpPrintStats(void)
Definition: app-layer-htp.c:2996
StatsSetupPostConfigPreOutput
void StatsSetupPostConfigPreOutput(void)
Definition: counters.c:889
SCInstance_::runmode_custom_mode
char * runmode_custom_mode
Definition: suricata.h:133
util-coredump-config.h
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:451
TmModuleReceiveNFQRegister
void TmModuleReceiveNFQRegister(void)
Definition: source-nfq.c:169
LiveBuildDeviceList
int LiveBuildDeviceList(const char *runmode)
Definition: util-device.c:309
RunModeShutDown
void RunModeShutDown(void)
Definition: runmodes.c:570
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:86
DEFAULT_MTU
#define DEFAULT_MTU
Definition: decode.h:654
SCProtoNameInit
void SCProtoNameInit(void)
Definition: util-proto-name.c:419
ippair-bit.h
RunModeDispatch
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
Definition: runmodes.c:309
SC_ERR_NOT_SUPPORTED
@ SC_ERR_NOT_SUPPORTED
Definition: util-error.h:257
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
util-macset.h
RUNMODE_LIST_RUNMODES
@ RUNMODE_LIST_RUNMODES
Definition: runmodes.h:49
sigint_count
volatile sig_atomic_t sigint_count
Definition: suricata.c:147
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
TmModuleRunDeInit
void TmModuleRunDeInit(void)
Definition: tm-modules.c:146
RegisterFlowBypassInfo
void RegisterFlowBypassInfo(void)
Definition: flow-util.c:236
SCSetThreadName
#define SCSetThreadName(n)
Definition: threads.h:301
SC_ERR_NO_PCAP_SET_BUFFER_SIZE
@ SC_ERR_NO_PCAP_SET_BUFFER_SIZE
Definition: util-error.h:59
SCLogDeInitLogModule
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
Definition: util-debug.c:1497
util-pidfile.h
TmModuleDecodeErfFileRegister
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
Definition: source-erf-file.c:98
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:784
StringParseUint16
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:336
DetectEngineReloadSetIdle
void DetectEngineReloadSetIdle(void)
Definition: detect-engine.c:1918
SCInstance_::userid
uint32_t userid
Definition: suricata.h:140
RUNMODE_ERF_FILE
@ RUNMODE_ERF_FILE
Definition: runmodes.h:35
source-windivert-prototypes.h
SC_ERR_IPFW_NOSUPPORT
@ SC_ERR_IPFW_NOSUPPORT
Definition: util-error.h:109
DetectEngineGetCurrent
DetectEngineCtx * DetectEngineGetCurrent(void)
Definition: detect-engine.c:3610
TmModuleFlowRecyclerRegister
void TmModuleFlowRecyclerRegister(void)
Definition: flow-manager.c:1267
Daemonize
void Daemonize(void)
Daemonize the process.
Definition: util-daemon.c:101
UtilSignalHandlerSetup
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
Definition: util-signal.c:60
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
TmModuleDecodeAFPRegister
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
Definition: source-af-packet.c:597
RUNMODE_NFLOG
@ RUNMODE_NFLOG
Definition: runmodes.h:33
TmModuleDecodeWinDivertRegister
void TmModuleDecodeWinDivertRegister(void)
Definition: source-windivert.c:74
SURICATA_STOP
#define SURICATA_STOP
Definition: suricata.h:89
FlowForceReassembly
void FlowForceReassembly(void)
Force reassembly for all the flows that have unprocessed segments.
Definition: flow-timeout.c:424
DetectEngineAddToMaster
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4331
TmModuleStatsLoggerRegister
void TmModuleStatsLoggerRegister(void)
Definition: output-stats.c:192
RegisterAllModules
void RegisterAllModules(void)
Definition: suricata.c:884
ENGINE_MODE_IPS
@ ENGINE_MODE_IPS
Definition: suricata.h:103
SCGetUserID
int SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
Definition: util-privs.c:150
RUNMODE_PCAP_DEV
@ RUNMODE_PCAP_DEV
Definition: runmodes.h:29
flow-bit.h
SupportFastPatternForSigMatchTypes
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
Definition: detect-fast-pattern.c:145
ConfDump
void ConfDump(void)
Dump configuration to stdout.
Definition: conf.c:736
suricata_context
const SuricataContext suricata_context
Definition: rust-context.c:25
SCPledge
#define SCPledge(...)
Definition: util-privs.h:99
CheckValidDaemonModes
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
Definition: util-daemon.c:178
SCClassConfDeinit
void SCClassConfDeinit(void)
Definition: util-classification-config.c:85
LiveGetDeviceNameName
const char * LiveGetDeviceNameName(int number)
Get a pointer to the pre device name at idx.
Definition: util-device.c:219
ConfSetFinal
int ConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:299
unittests_fatal
int unittests_fatal
Definition: util-unittest.c:52
TmThreadDisableReceiveThreads
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
Definition: tm-threads.c:1332
StatsInit
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
Definition: counters.c:877
util-privs.h
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:2187
RUNMODE_LIST_KEYWORDS
@ RUNMODE_LIST_KEYWORDS
Definition: runmodes.h:47
SURICATA_DONE
#define SURICATA_DONE
Definition: suricata.h:91
MacSetRegisterFlowStorage
void MacSetRegisterFlowStorage(void)
Definition: util-macset.c:61
SCInstance_::conf_filename
const char * conf_filename
Definition: suricata.h:158
ExceptionSimulationCommandlineParser
int ExceptionSimulationCommandlineParser(const char *name, const char *arg)
Definition: util-exception-policy.c:126
RUNMODE_NAPATECH
@ RUNMODE_NAPATECH
Definition: runmodes.h:42
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:336
TmModuleReceiveNetmapRegister
void TmModuleReceiveNetmapRegister(void)
Definition: source-netmap.c:75
PacketPoolPostRunmodes
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
Definition: tmqh-packetpool.c:499
NFQInitConfig
void NFQInitConfig(bool quiet)
To initialize the NFQ global configuration data.
Definition: source-nfq.c:206
TmModuleReceiveWinDivertRegister
void TmModuleReceiveWinDivertRegister(void)
Definition: source-windivert.c:61
MAX
#define MAX(x, y)
Definition: suricata-common.h:384
TmModuleReceivePfringRegister
void TmModuleReceivePfringRegister(void)
Registration Function for RecievePfring.
Definition: source-pfring.c:162
HOST_VERBOSE
#define HOST_VERBOSE
Definition: host.h:92
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:85
SCProfilingDestroy
void SCProfilingDestroy(void)
Free resources used by profiling.
Definition: util-profiling.c:263
IsRunModeOffline
bool IsRunModeOffline(enum RunModes run_mode_to_check)
Definition: runmodes.c:552
SC_ERR_SYSCONF
@ SC_ERR_SYSCONF
Definition: util-error.h:81
RunModeInitializeOutputs
void RunModeInitializeOutputs(void)
Definition: runmodes.c:773
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1169
SCThresholdConfGlobalInit
void SCThresholdConfGlobalInit(void)
Definition: util-threshold-config.c:107
DecodeUnregisterCounters
void DecodeUnregisterCounters(void)
Definition: decode.c:518
SCInstance_::capture_plugin_name
const char * capture_plugin_name
Definition: suricata.h:161
SURI_HOST_IS_SNIFFER_ONLY
@ SURI_HOST_IS_SNIFFER_ONLY
Definition: suricata.h:113
RUNMODE_DAG
@ RUNMODE_DAG
Definition: runmodes.h:36
HostBitInitCtx
void HostBitInitCtx(void)
Definition: host-bit.c:49
EngineMode
EngineMode
Definition: suricata.h:101
SCInstance_::set_datadir
bool set_datadir
Definition: suricata.h:145
tmqh-packetpool.h
g_ut_covered
int g_ut_covered
Definition: suricata.c:882
SCInstance_::capture_plugin_args
const char * capture_plugin_args
Definition: suricata.h:162
TmModuleLoggerRegister
void TmModuleLoggerRegister(void)
Definition: output.c:1018
SURI_HOST_IS_ROUTER
@ SURI_HOST_IS_ROUTER
Definition: suricata.h:114
TmThreadDisablePacketThreads
void TmThreadDisablePacketThreads(void)
Disable all packet threads.
Definition: tm-threads.c:1464
host_mode
uint8_t host_mode
Definition: suricata.c:174
RUNMODE_NETMAP
@ RUNMODE_NETMAP
Definition: runmodes.h:39
RUNMODE_DUMP_FEATURES
@ RUNMODE_DUMP_FEATURES
Definition: runmodes.h:62
FeatureDump
void FeatureDump(void)
Definition: feature.c:144
PacketPoolInit
void PacketPoolInit(void)
Definition: tmqh-packetpool.c:284
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:84
AppLayerDeSetup
int AppLayerDeSetup(void)
De initializes the app layer.
Definition: app-layer.c:976
TmThreadContinueThreads
void TmThreadContinueThreads()
Unpauses all threads present in tv_root.
Definition: tm-threads.c:1891
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
PcapTranslateIPToDevice
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
Definition: source-pcap.c:656
FlowDisableFlowRecyclerThread
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
Definition: flow-manager.c:1191
ParseSizeInit
void ParseSizeInit(void)
Definition: util-misc.c:35
GetIfaceMaxPacketSize
int GetIfaceMaxPacketSize(const char *pcap_dev)
output max packet size for a link
Definition: util-ioctl.c:132
TmModuleDecodePcapFileRegister
void TmModuleDecodePcapFileRegister(void)
Definition: source-pcap-file.c:127
TmModuleBypassedFlowManagerRegister
void TmModuleBypassedFlowManagerRegister(void)
Definition: flow-bypass.c:215
IPPairShutdown
void IPPairShutdown(void)
shutdown the flow engine
Definition: ippair.c:303
source-erf-dag.h
util-signal.h
DetectParseFreeRegexes
void DetectParseFreeRegexes(void)
Definition: detect-parse.c:2508
SC_ERR_UID_FAILED
@ SC_ERR_UID_FAILED
Definition: util-error.h:187
SC_ERR_SIZE_PARSE
@ SC_ERR_SIZE_PARSE
Definition: util-error.h:230
TmModuleDecodeNFLOGRegister
void TmModuleDecodeNFLOGRegister(void)
Definition: source-nflog.c:55
ConfGet
int ConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:331
NFQParseAndRegisterQueues
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
Definition: source-nfq.c:864
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:543
AppLayerSetup
int AppLayerSetup(void)
Setup the app layer.
Definition: app-layer.c:961
FeatureTrackingRegister
void FeatureTrackingRegister(void)
Definition: feature.c:152
TmModuleReceiveDPDKRegister
void TmModuleReceiveDPDKRegister(void)
Definition: source-dpdk.c:50
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition: stream-tcp.c:361
app-layer-htp.h
UnixManagerThreadSpawnNonRunmode
void UnixManagerThreadSpawnNonRunmode(void)
Definition: unix-manager.c:1263
IsRunModeSystem
bool IsRunModeSystem(enum RunModes run_mode_to_check)
Definition: runmodes.c:539
datasets.h
TmModuleDecodeNetmapRegister
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
Definition: source-netmap.c:85
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2212
feature.h
decode.h
util-device.h
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4347
sigterm_count
volatile sig_atomic_t sigterm_count
Definition: suricata.c:149
run_mode
int run_mode
Definition: suricata.c:166
source-nfq.h
SC_ERR_CMD_LINE
@ SC_ERR_CMD_LINE
Definition: util-error.h:227
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
TmThreadWaitOnThreadInit
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
Definition: tm-threads.c:1932
TmModuleVerdictNFQRegister
void TmModuleVerdictNFQRegister(void)
Definition: source-nfq.c:184
ConfYamlLoadFile
int ConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
Definition: conf-yaml-loader.c:440
RUNMODE_CONF_TEST
@ RUNMODE_CONF_TEST
Definition: runmodes.h:54
AppLayerRegisterGlobalCounters
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
Definition: app-layer.c:1040
RunModeListRunmodes
void RunModeListRunmodes(void)
Lists all registered runmodes.
Definition: runmodes.c:266
RUNMODE_PRINT_USAGE
@ RUNMODE_PRINT_USAGE
Definition: runmodes.h:52
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
RUNMODE_LIST_APP_LAYERS
@ RUNMODE_LIST_APP_LAYERS
Definition: runmodes.h:48
util-cpu.h
suricata
SCInstance suricata
Definition: suricata.c:206
LiveSetOffloadDisable
void LiveSetOffloadDisable(void)
Definition: util-device.c:71
StatsSetupPostConfigPostOutput
void StatsSetupPostConfigPostOutput(void)
Definition: counters.c:894
EngineModeSetIDS
void EngineModeSetIDS(void)
Definition: suricata.c:228
SpmTableSetup
void SpmTableSetup(void)
Definition: util-spm.c:123
TmModuleReceiveAFPRegister
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
Definition: source-af-packet.c:380
LiveBuildDeviceListCustom
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
Definition: util-device.c:314
UnixSocketKillSocketThread
void UnixSocketKillSocketThread(void)
Definition: unix-manager.c:1258
TmModuleVerdictIPFWRegister
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
Definition: source-ipfw.c:174
flow-worker.h
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:283
HttpRangeContainersInit
void HttpRangeContainersInit(void)
Definition: app-layer-htp-range.c:150
util-reference-config.h
source-napatech.h
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:964
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:147
TmModuleVerdictWinDivertRegister
void TmModuleVerdictWinDivertRegister(void)
Definition: source-windivert.c:68
SCInstance_::progname
const char * progname
Definition: suricata.h:157
HostCleanup
void HostCleanup(void)
Cleanup the host engine.
Definition: host.c:343
SCEnter
#define SCEnter(...)
Definition: util-debug.h:298
FlowDisableFlowManagerThread
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
Definition: flow-manager.c:143
util-ebpf.h
SCInstance_::pcap_dev
char pcap_dev[128]
Definition: suricata.h:126
detect.h
SuricataMain
int SuricataMain(int argc, char **argv)
Definition: suricata.c:2876
UtilSignalUnblock
int UtilSignalUnblock(int signum)
Definition: util-signal.c:46
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3577
TmThreadClearThreadsFamily
void TmThreadClearThreadsFamily(int family)
Definition: tm-threads.c:1614
SC_ERR_PIDFILE_DAEMON
@ SC_ERR_PIDFILE_DAEMON
Definition: util-error.h:186
TmModuleRunInit
void TmModuleRunInit(void)
Definition: tm-modules.c:128
detect-engine-port.h
EngineModeSetIPS
void EngineModeSetIPS(void)
Definition: suricata.c:223
SCInstance_::user_name
const char * user_name
Definition: suricata.h:135
HTPAtExitPrintStats
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
Definition: app-layer-htp.c:2034
util-time.h
UtilSignalBlock
int UtilSignalBlock(int signum)
Definition: util-signal.c:29
SCProfilingPrefilterGlobalInit
void SCProfilingPrefilterGlobalInit(void)
Definition: util-profiling-prefilter.c:60
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2625
GetProgramVersion
const char * GetProgramVersion(void)
get string with program version
Definition: suricata.c:1123
engine_analysis
int engine_analysis
app-layer-parser.h
SC_ERR_LIBCAP_NG_REQUIRED
@ SC_ERR_LIBCAP_NG_REQUIRED
Definition: util-error.h:190
TRUE
#define TRUE
Definition: suricata-common.h:33
SCGetGroupID
int SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
Definition: util-privs.c:214
TmModuleReceivePcapFileRegister
void TmModuleReceivePcapFileRegister(void)
Definition: source-pcap-file.c:114
source-pfring.h
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:289
runmode-netmap.h
CoredumpLoadConfig
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
Definition: util-coredump-config.c:90
detect-engine-tag.h
SC_ERR_SYSCALL
@ SC_ERR_SYSCALL
Definition: util-error.h:80
IPFWRegisterQueue
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
Definition: source-ipfw.c:704
xstr
#define xstr(s)
Definition: suricata-common.h:279
util-profiling.h
FALSE
#define FALSE
Definition: suricata-common.h:34
AFPRunModeIsIPS
int AFPRunModeIsIPS()
Definition: runmode-af-packet.c:694
ListAppLayerProtocols
int ListAppLayerProtocols(const char *conf_filename)
Definition: util-running-modes.c:42
SCInstance_::offline
int offline
Definition: suricata.h:150
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:994
UtilCpuPrintSummary
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
Definition: util-cpu.c:169
TmThreadKillThreads
void TmThreadKillThreads(void)
Definition: tm-threads.c:1542
SC_ERR_FOPEN
@ SC_ERR_FOPEN
Definition: util-error.h:74
OutputDeregisterAll
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
Definition: output.c:800
source-pcap-file-helper.h
PostConfLoadedDetectSetup
void PostConfLoadedDetectSetup(SCInstance *suri)
Definition: suricata.c:2507
EngineModeIsIDS
int EngineModeIsIDS(void)
Definition: suricata.c:218
TmModuleNapatechDecodeRegister
void TmModuleNapatechDecodeRegister(void)
Register the Napatech decoder module.
Definition: source-napatech.c:163
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:33
conf-yaml-loader.h
SC_WARN_FASTER_CAPTURE_AVAILABLE
@ SC_WARN_FASTER_CAPTURE_AVAILABLE
Definition: util-error.h:308
coverage_unittests
int coverage_unittests
Definition: suricata.c:880
RUNMODE_DUMP_CONFIG
@ RUNMODE_DUMP_CONFIG
Definition: runmodes.h:53
SURICATA_DEINIT
@ SURICATA_DEINIT
Definition: suricata.h:97
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:1072
detect-engine-alert.h
conf.h
util-landlock.h
source-ipfw.h
TMM_SIZE
@ TMM_SIZE
Definition: tm-threads-common.h:79
source-netmap.h
OutputNotifyFileRotation
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
Definition: output.c:871
StorageFinalize
int StorageFinalize(void)
Definition: util-storage.c:140
SCInstance_::verbose
int verbose
Definition: suricata.h:151
TmEcode
TmEcode
Definition: tm-threads-common.h:83
source-windivert.h
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:656
SCInstance_::aux_run_mode
enum RunModes aux_run_mode
Definition: suricata.h:124
LiveGetDeviceNameCount
int LiveGetDeviceNameCount(void)
Get the number of pre registered devices.
Definition: util-device.c:199
util-plugin.h
flow-timeout.h
DEFAULT_PID_FILENAME
#define DEFAULT_PID_FILENAME
Definition: suricata.h:83
sighup_count
volatile sig_atomic_t sighup_count
Definition: suricata.c:148
ConfigSetDataDirectory
TmEcode ConfigSetDataDirectory(char *name)
Definition: util-conf.c:70
TmModuleDecodeErfDagRegister
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
Definition: source-erf-dag.c:151
SCInstance_::set_logdir
bool set_logdir
Definition: suricata.h:144
SCDropMainThreadCaps
#define SCDropMainThreadCaps(...)
Definition: util-privs.h:90
TmModuleDebugList
void TmModuleDebugList(void)
Definition: tm-modules.c:35
TmModuleDecodeNFQRegister
void TmModuleDecodeNFQRegister(void)
Definition: source-nfq.c:192
util-proto-name.h
STREAM_VERBOSE
#define STREAM_VERBOSE
Definition: stream-tcp.h:34
defrag.h
SCProtoNameRelease
void SCProtoNameRelease(void)
Definition: util-proto-name.c:440
MpmTableSetup
void MpmTableSetup(void)
Definition: util-mpm.c:215
SCInstance_::log_dir
const char * log_dir
Definition: suricata.h:156
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:234
source-nfq-prototypes.h
SCPluginsLoad
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args)
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:215
TmModuleReceiveNFLOGRegister
void TmModuleReceiveNFLOGRegister(void)
Definition: source-nflog.c:49
SC_ERR_INVALID_YAML_CONF_ENTRY
@ SC_ERR_INVALID_YAML_CONF_ENTRY
Definition: util-error.h:169
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:96
DEFAULT_PACKET_SIZE
#define DEFAULT_PACKET_SIZE
Definition: decode.h:657
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:36
util-host-os-info.h
TmModuleReceiveErfFileRegister
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-file.c:80
TmModule_
Definition: tm-modules.h:43
TmModuleDecodeAFXDPRegister
void TmModuleDecodeAFXDPRegister(void)
Registration Function for DecodeAFXDP.
Definition: source-af-xdp.c:90
default_packet_size
uint32_t default_packet_size
Definition: decode.c:72
tm-queuehandlers.h
DETECT_ENGINE_TYPE_NORMAL
@ DETECT_ENGINE_TYPE_NORMAL
Definition: detect.h:771
PROG_NAME
#define PROG_NAME
Definition: suricata.h:70
TmThreadKillThreadsFamily
void TmThreadKillThreadsFamily(int family)
Definition: tm-threads.c:1513
detect-fast-pattern.h
FeatureTrackingRelease
void FeatureTrackingRelease(void)
Definition: feature.c:136
TmqhCleanup
void TmqhCleanup(void)
Clean up registration time allocs.
Definition: tm-queuehandlers.c:49
util-dpdk.h
util-conf.h
RUNMODE_PFRING
@ RUNMODE_PFRING
Definition: runmodes.h:31
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition: stream-tcp.c:669
source-dpdk.h
SC_ERR_NO_RULES_LOADED
@ SC_ERR_NO_RULES_LOADED
Definition: util-error.h:73
flow-manager.h
DecodeGlobalConfig
void DecodeGlobalConfig(void)
Definition: decode.c:844
SCInstance_::strict_rule_parsing_string
char * strict_rule_parsing_string
Definition: suricata.h:159
SuriHasSigFile
int SuriHasSigFile(void)
Definition: suricata.c:208
suricata-common.h
g_default_mtu
int g_default_mtu
Definition: suricata.c:186
sc_set_caps
int sc_set_caps
Definition: suricata.c:183
DetectEngineCtxInitStubForMT
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
Definition: detect-engine.c:2395
util-daemon.h
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:690
SCHInfoLoadFromConfig
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
Definition: util-host-os-info.c:335
DetectEngineBumpVersion
void DetectEngineBumpVersion(void)
Definition: detect-engine.c:3601
source-af-xdp.h
SC_ERR_PCAP_TRANSLATE
@ SC_ERR_PCAP_TRANSLATE
Definition: util-error.h:233
SC_ERR_NO_AF_XDP
@ SC_ERR_NO_AF_XDP
Definition: util-error.h:382
TmModuleFlowManagerRegister
void TmModuleFlowManagerRegister(void)
Definition: flow-manager.c:1253
SCPidfileTestRunning
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
Definition: util-pidfile.c:106
SCLogError
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:255
HostShutdown
void HostShutdown(void)
shutdown the flow engine
Definition: host.c:306
DOC_URL
#define DOC_URL
Definition: suricata.h:85
output-filestore.h
TmModuleDecodePfringRegister
void TmModuleDecodePfringRegister(void)
Registration Function for DecodePfring.
Definition: source-pfring.c:178
LiveSetOffloadWarn
void LiveSetOffloadWarn(void)
Definition: util-device.c:76
ParseSizeDeinit
void ParseSizeDeinit(void)
Definition: util-misc.c:55
util-classification-config.h
RunModeRegisterRunModes
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
Definition: runmodes.c:238
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(x,...)
Definition: util-debug.h:530
ConfGetChildValueBool
int ConfGetChildValueBool(const ConfNode *base, const char *name, int *val)
Definition: conf.c:486
SCProfilingDump
void SCProfilingDump(void)
Definition: util-profiling.c:289
TmModuleReceiveAFXDPRegister
void TmModuleReceiveAFXDPRegister(void)
Definition: source-af-xdp.c:76
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:428
SCInstance_::sig_file
char * sig_file
Definition: suricata.h:127
SC_ERR_NO_AF_PACKET
@ SC_ERR_NO_AF_PACKET
Definition: util-error.h:225
ParseSizeStringU32
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:183
SC_ERR_BPF
@ SC_ERR_BPF
Definition: util-error.h:157
TmModuleReceiveErfDagRegister
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-dag.c:133
DetectEngineMultiTenantSetup
int DetectEngineMultiTenantSetup(void)
setup multi-detect / multi-tenancy
Definition: detect-engine.c:3982
IPPairBitInitCtx
void IPPairBitInitCtx(void)
Definition: ippair-bit.c:49
SCClassConfInit
void SCClassConfInit(void)
Definition: util-classification-config.c:64
RunmodeGetCurrent
int RunmodeGetCurrent(void)
Definition: suricata.c:243
ConfigSetLogDirectory
TmEcode ConfigSetLogDirectory(const char *name)
Definition: util-conf.c:32
TmModuleDecodeIPFWRegister
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
Definition: source-ipfw.c:189
source-af-packet.h
RUNMODE_NFQ
@ RUNMODE_NFQ
Definition: runmodes.h:32
ConfSetFromString
int ConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
Definition: conf.c:245
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
g_vlan_mask
uint16_t g_vlan_mask
Definition: suricata.c:199
ConfInit
void ConfInit(void)
Initialize the configuration system.
Definition: conf.c:114
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:876
sigusr2_count
volatile sig_atomic_t sigusr2_count
Definition: suricata.c:150
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:56
RUNMODE_PRINT_VERSION
@ RUNMODE_PRINT_VERSION
Definition: runmodes.h:50
TmModuleDecodePcapRegister
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
Definition: source-pcap.c:149
util-running-modes.h
unix-manager.h
LiveDeviceListClean
int LiveDeviceListClean()
Definition: util-device.c:349
runmode-af-xdp.h
str
#define str(s)
Definition: suricata-common.h:280
ConfigCheckDataDirectory
TmEcode ConfigCheckDataDirectory(const char *data_dir)
Definition: util-conf.c:103
SCInstance_::sig_file_exclusive
int sig_file_exclusive
Definition: suricata.h:128
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:180
ConfigGetLogDirectory
const char * ConfigGetLogDirectory()
Definition: util-conf.c:37
DetectEngineReloadStart
int DetectEngineReloadStart(void)
Definition: detect-engine.c:1892
SC_ERR_NO_NETMAP
@ SC_ERR_NO_NETMAP
Definition: util-error.h:294
SCLogWarning
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:242
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DEFAULT_CONF_FILE
#define DEFAULT_CONF_FILE
Definition: suricata.h:79
ConfNode_
Definition: conf.h:32
SC_LOG_MAX_LOG_MSG_LEN
#define SC_LOG_MAX_LOG_MSG_LEN
Definition: util-debug.h:84
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:269
SC_ERR_FATAL
@ SC_ERR_FATAL
Definition: util-error.h:203
TmModuleReceivePcapRegister
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
Definition: source-pcap.c:132
util-ioctl.h
detect-parse.h
SCInstance_::system
bool system
Definition: suricata.h:143
SCInstance_::pid_filename
char * pid_filename
Definition: suricata.h:129
TmModuleRespondRejectRegister
void TmModuleRespondRejectRegister(void)
Definition: respond-reject.c:50
CoredumpEnable
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
Definition: util-coredump-config.c:58
RunUnittests
void RunUnittests(int list_unittests, const char *regex_arg)
Definition: runmode-unittests.c:230
source-erf-file.h
ConfigCheckLogDirectoryExists
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
Definition: util-conf.c:55
TimeDeinit
void TimeDeinit(void)
Definition: util-time.c:87
PacketAlertTagInit
void PacketAlertTagInit(void)
Definition: detect-engine-alert.c:45
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2405
RUNMODE_WINDIVERT
@ RUNMODE_WINDIVERT
Definition: runmodes.h:44
TVT_PPT
@ TVT_PPT
Definition: tm-threads-common.h:91
SCProfilingRulesGlobalInit
void SCProfilingRulesGlobalInit(void)
Definition: util-profiling-rules.c:108
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:213
SC_ERR_MEM_ALLOC
@ SC_ERR_MEM_ALLOC
Definition: util-error.h:31
TmModuleNapatechStreamRegister
void TmModuleNapatechStreamRegister(void)
Register the Napatech receiver (reader) module.
Definition: source-napatech.c:131
SCProfilingKeywordsGlobalInit
void SCProfilingKeywordsGlobalInit(void)
Definition: util-profiling-keywords.c:60
suricata.h
SC_ERR_NFLOG_NOSUPPORT
@ SC_ERR_NFLOG_NOSUPPORT
Definition: util-error.h:278
EngineDone
void EngineDone(void)
Used to indicate that the current task is done.
Definition: suricata.c:439
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:40
GetDocURL
const char * GetDocURL(void)
Definition: suricata.c:1102
util-mpm-hs.h
SC_ERR_LOGDIR_CMDLINE
@ SC_ERR_LOGDIR_CMDLINE
Definition: util-error.h:147
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
Definition: suricata.c:2234
HostInitConfig
void HostInitConfig(bool quiet)
initialize the configuration
Definition: host.c:175
TmThreadWaitOnThreadRunning
TmEcode TmThreadWaitOnThreadRunning(void)
Waits for all threads to be in a running state.
Definition: tm-threads.c:1787
ConfDeInit
void ConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:678
SC_ERR_NO_DPDK
@ SC_ERR_NO_DPDK
Definition: util-error.h:372
HttpRangeContainersDestroy
void HttpRangeContainersDestroy(void)
Definition: app-layer-htp-range.c:185
SC_ERR_LIBNET_NOT_ENABLED
@ SC_ERR_LIBNET_NOT_ENABLED
Definition: util-error.h:178
NFQContextsClean
void NFQContextsClean()
Clean global contexts. Must be called on exit.
Definition: source-nfq.c:1282
ConfSet
int ConfSet(const char *name, const char *val)
Set a configuration value.
Definition: conf.c:220
SCLogLoadConfig
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
Definition: util-debug.c:1316
DetectEngineReload
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
Definition: detect-engine.c:4437
SCInstance_::do_setgid
uint8_t do_setgid
Definition: suricata.h:138
DEFAULT_MAX_PENDING_PACKETS
#define DEFAULT_MAX_PENDING_PACKETS
Definition: suricata.c:160
SCInstance_
Definition: suricata.h:122
TmThreadCheckThreadState
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
Definition: tm-threads.c:1908
OutputFilestoreRegisterGlobalCounters
void OutputFilestoreRegisterGlobalCounters(void)
Definition: output-filestore.c:525
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:2844
SC_ERR_INITIALIZATION
@ SC_ERR_INITIALIZATION
Definition: util-error.h:75
SCInstance_::disabled_detect
int disabled_detect
Definition: suricata.h:148
SCProfilingSghsGlobalInit
void SCProfilingSghsGlobalInit(void)
Definition: util-profiling-rulegroups.c:63
SCPidfileCreate
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
Definition: util-pidfile.c:42
LiveRegisterDeviceName
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
Definition: util-device.c:97
ENGINE_MODE_IDS
@ ENGINE_MODE_IDS
Definition: suricata.h:102
LiveDeviceFinalize
void LiveDeviceFinalize(void)
Definition: util-device.c:471
TmModuleDecodeDPDKRegister
void TmModuleDecodeDPDKRegister(void)
Registration Function for DecodeDPDK.
Definition: source-dpdk.c:64
PROG_VER
#define PROG_VER
Definition: suricata.h:71
util-misc.h
PacketPoolDestroy
void PacketPoolDestroy(void)
Definition: tmqh-packetpool.c:317
HTPFreeConfig
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
Definition: app-layer-htp.c:2047
flow.h
LandlockSandboxing
void LandlockSandboxing(SCInstance *suri)
Definition: util-landlock.c:34
respond-reject.h
SCInstance_::regex_arg
char * regex_arg
Definition: suricata.h:130
ListKeywords
int ListKeywords(const char *keyword_info)
Definition: util-running-modes.c:32
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:230
util-luajit.h
msg
const char * msg
Definition: app-layer-htp.c:571
DPDKCleanupEAL
void DPDKCleanupEAL(void)
Definition: util-dpdk.c:28
SC_ERR_SIGNAL
@ SC_ERR_SIGNAL
Definition: util-error.h:378
StatsReleaseResources
void StatsReleaseResources()
Releases the resources alloted by the Stats API.
Definition: counters.c:1268
RUNMODE_AFP_DEV
@ RUNMODE_AFP_DEV
Definition: runmodes.h:37
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:302
SCPidfileRemove
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
Definition: util-pidfile.c:84
SC_ERR_NAPATECH_REQUIRED
@ SC_ERR_NAPATECH_REQUIRED
Definition: util-error.h:249
ThresholdInit
void ThresholdInit(void)
Definition: detect-engine-threshold.c:81
TimeInit
void TimeInit(void)
Definition: util-time.c:79
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
SCInstance_::keyword_info
char * keyword_info
Definition: suricata.h:132
RUNMODE_PLUGIN
@ RUNMODE_PLUGIN
Definition: runmodes.h:45
SC_ERR_LOGDIR_CONFIG
@ SC_ERR_LOGDIR_CONFIG
Definition: util-error.h:146
SC_ERR_MULTIPLE_RUN_MODE
@ SC_ERR_MULTIPLE_RUN_MODE
Definition: util-error.h:156
SCInstance_::do_setuid
uint8_t do_setuid
Definition: suricata.h:137
NetmapRunModeIsIPS
int NetmapRunModeIsIPS(void)
SCProfilingInit
void SCProfilingInit(void)
Initialize profiling.
Definition: util-profiling.c:135
g_ut_modules
int g_ut_modules
Definition: suricata.c:881
detect-engine-address.h
RUNMODE_IPFW
@ RUNMODE_IPFW
Definition: runmodes.h:34
output.h
DetectEngineCtx_::failure_fatal
int failure_fatal
Definition: detect.h:786
util-threshold-config.h
DefragInit
void DefragInit(void)
Definition: defrag.c:1058
DetectEngineReloadIsStart
int DetectEngineReloadIsStart(void)
Definition: detect-engine.c:1906
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:163
host-bit.h
detect-engine-threshold.h
SC_ERR_NO_PF_RING
@ SC_ERR_NO_PF_RING
Definition: util-error.h:60
RUNMODE_LIST_UNITTEST
@ RUNMODE_LIST_UNITTEST
Definition: runmodes.h:55
app-layer.h
TagDestroyCtx
void TagDestroyCtx(void)
Destroy tag context hash tables.
Definition: detect-engine-tag.c:72
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1235
g_disable_randomness
int g_disable_randomness
Definition: suricata.c:192
GetIfaceMTU
int GetIfaceMTU(const char *pcap_dev)
output the link MTU
Definition: util-ioctl.c:91
geteuid
#define geteuid()
Definition: win32-misc.h:41
MpmHSGlobalCleanup
void MpmHSGlobalCleanup(void)
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:203
TmqResetQueues
void TmqResetQueues(void)
Definition: tm-queues.c:80