suricata
suricata.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2025 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  */
23 
24 #include "suricata-common.h"
25 
26 #if HAVE_GETOPT_H
27 #include <getopt.h>
28 #endif
29 
30 #if HAVE_SIGNAL_H
31 #include <signal.h>
32 #endif
33 #ifndef OS_WIN32
34 #ifdef HAVE_SYS_RESOURCE_H
35 // setrlimit
36 #include <sys/resource.h>
37 #endif
38 #endif
39 
40 #include "suricata.h"
41 
42 #include "conf.h"
43 #include "conf-yaml-loader.h"
44 
45 #include "decode.h"
46 #include "defrag.h"
47 #include "flow.h"
48 #include "stream-tcp.h"
49 #include "ippair.h"
50 
51 #include "detect.h"
52 #include "detect-parse.h"
53 #include "detect-engine.h"
54 #include "detect-engine-address.h"
55 #include "detect-engine-alert.h"
56 #include "detect-engine-port.h"
57 #include "detect-engine-tag.h"
58 #include "detect-engine-threshold.h"
59 #include "detect-fast-pattern.h"
60 
61 #include "datasets.h"
62 
63 #include "feature.h"
64 
65 #include "flow-bypass.h"
66 #include "flow-manager.h"
67 #include "flow-timeout.h"
68 #include "flow-worker.h"
69 
70 #include "flow-bit.h"
71 #include "host-bit.h"
72 #include "ippair-bit.h"
73 
74 #include "app-layer.h"
75 #include "app-layer-parser.h"
76 #include "app-layer-htp.h"
77 #include "app-layer-htp-range.h"
78 
79 #include "output.h"
80 #include "output-filestore.h"
81 
82 #include "respond-reject.h"
83 
84 #include "runmode-af-packet.h"
85 #include "runmode-af-xdp.h"
86 #include "runmode-netmap.h"
87 #include "runmode-unittests.h"
88 
89 #include "source-nfq.h"
90 #include "source-nfq-prototypes.h"
91 #include "source-nflog.h"
92 #include "source-ipfw.h"
93 #include "source-lib.h"
94 #include "source-pcap.h"
95 #include "source-pcap-file.h"
96 #include "source-pcap-file-helper.h"
97 #include "source-erf-file.h"
98 #include "source-erf-dag.h"
99 #include "source-af-packet.h"
100 #include "source-af-xdp.h"
101 #include "source-netmap.h"
102 #include "source-dpdk.h"
103 #include "source-windivert.h"
104 #include "source-windivert-prototypes.h"
105 
106 #include "unix-manager.h"
107 
108 #include "util-classification-config.h"
109 #include "util-threshold-config.h"
110 #include "util-reference-config.h"
111 
112 #include "tmqh-packetpool.h"
113 #include "tm-queuehandlers.h"
114 
115 #include "util-affinity.h"
116 #include "util-byte.h"
117 #include "util-conf.h"
118 #include "util-coredump-config.h"
119 #include "util-cpu.h"
120 #include "util-daemon.h"
121 #include "util-device-private.h"
122 #include "util-dpdk.h"
123 #include "util-ebpf.h"
124 #include "util-exception-policy.h"
125 #include "util-host-os-info.h"
126 #include "util-hugepages.h"
127 #include "util-ioctl.h"
128 #include "util-landlock.h"
129 #include "util-macset.h"
130 #include "util-flow-rate.h"
131 #include "util-misc.h"
132 #include "util-mpm-hs.h"
133 #include "util-path.h"
134 #include "util-pidfile.h"
135 #include "util-plugin.h"
136 #include "util-privs.h"
137 #include "util-profiling.h"
138 #include "util-proto-name.h"
139 #include "util-running-modes.h"
140 #include "util-signal.h"
141 #include "util-time.h"
142 #include "util-validate.h"
143 #include "util-var-name.h"
144 #ifdef SYSTEMD_NOTIFY
145 #include "util-systemd.h"
146 #endif
147 
148 #ifdef WINDIVERT
149 #include "decode-sll.h"
150 #include "win32-syscall.h"
151 #endif
152 
153 /*
154  * we put this here, because we only use it here in main.
155  */
156 volatile sig_atomic_t sigint_count = 0;
157 volatile sig_atomic_t sighup_count = 0;
158 volatile sig_atomic_t sigterm_count = 0;
159 volatile sig_atomic_t sigusr2_count = 0;
160 
161 /*
162  * Flag to indicate if the engine is at the initialization
163  * or already processing packets. 3 stages: SURICATA_INIT,
164  * SURICATA_RUNTIME and SURICATA_FINALIZE
165  */
166 SC_ATOMIC_DECLARE(unsigned int, engine_stage);
167 
168 /* Max packets processed simultaneously per thread. */
169 #define DEFAULT_MAX_PENDING_PACKETS 1024
170 
171 /** suricata engine control flags */
172 volatile uint8_t suricata_ctl_flags = 0;
173 
174 /** Engine mode: inline (ENGINE_MODE_IPS) or just
175  * detection mode (ENGINE_MODE_IDS by default) */
176 static enum EngineMode g_engine_mode = ENGINE_MODE_UNKNOWN;
177 
178 /** Host mode: set if box is sniffing only
179  * or is a router */
180 uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY;
181 
182 /** Maximum packets to simultaneously process. */
183 uint32_t max_pending_packets;
184 
185 /** global indicating if detection is enabled */
186 int g_detect_disabled = 0;
187 
188 /** set caps or not */
189 bool sc_set_caps = false;
190 
191 bool g_system = false;
192 
193 /** disable randomness to get reproducible results across runs */
194 #ifndef AFLFUZZ_NO_RANDOM
195 int g_disable_randomness = 0;
196 #else
197 int g_disable_randomness = 1;
198 #endif
199 
200 /** determine (without branching) if we include the vlan_ids when hashing or
201  * comparing flows */
202 uint16_t g_vlan_mask = 0xffff;
203 
204 /** determine (without branching) if we include the livedev ids when hashing or
205  * comparing flows */
206 uint16_t g_livedev_mask = 0xffff;
207 
208 /** determine (without branching) if we include the recursion levels when hashing or
209  * comparing flows */
210 uint8_t g_recurlvl_mask = 0xff;
211 
212 /* flag to disable hashing almost globally, to be similar to disabling nss
213  * support */
214 bool g_disable_hashing = false;
215 
216 /* snapshot of the system's hugepages before system intitialization. */
217 SystemHugepageSnapshot *prerun_snap = NULL;
218 
219 /** add per-proto app-layer error counters for exception policies stats? disabled by default */
220 bool g_stats_eps_per_app_proto_errors = false;
221 
222 /** Suricata instance */
223 SCInstance suricata;
224 
225 int SuriHasSigFile(void)
226 {
227  return (suricata.sig_file != NULL);
228 }
229 
230 int EngineModeIsUnknown(void)
231 {
232  return (g_engine_mode == ENGINE_MODE_UNKNOWN);
233 }
234 
235 bool EngineModeIsFirewall(void)
236 {
237  DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
238  return (g_engine_mode == ENGINE_MODE_FIREWALL);
239 }
240 
241 /* this returns true for firewall mode as well */
242 int EngineModeIsIPS(void)
243 {
244  DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
245  return (g_engine_mode >= ENGINE_MODE_IPS);
246 }
247 
248 int EngineModeIsIDS(void)
249 {
250  DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
251  return (g_engine_mode == ENGINE_MODE_IDS);
252 }
253 
254 void EngineModeSetFirewall(void)
255 {
256  g_engine_mode = ENGINE_MODE_FIREWALL;
257 }
258 
259 void EngineModeSetIPS(void)
260 {
261  g_engine_mode = ENGINE_MODE_IPS;
262 }
263 
264 void EngineModeSetIDS(void)
265 {
266  g_engine_mode = ENGINE_MODE_IDS;
267 }
268 
269 #ifdef UNITTESTS
270 int RunmodeIsUnittests(void)
271 {
272  if (suricata.run_mode == RUNMODE_UNITTEST)
273  return 1;
274 
275  return 0;
276 }
277 #endif
278 
279 SCRunMode SCRunmodeGet(void)
280 {
281  return suricata.run_mode;
282 }
283 
284 void SCRunmodeSet(SCRunMode run_mode)
285 {
286  suricata.run_mode = run_mode;
287 }
288 
289 /** signal handlers
290  *
291  * WARNING: don't use the SCLog* API in the handlers. The API is complex
292  * with memory allocation possibly happening, calls to syslog, json message
293  * construction, etc.
294  */
295 
296 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
297 static void SignalHandlerSigint(/*@unused@*/ int sig)
298 {
299  sigint_count = 1;
300 }
301 static void SignalHandlerSigterm(/*@unused@*/ int sig)
302 {
303  sigterm_count = 1;
304 }
305 #ifndef OS_WIN32
306 #if HAVE_LIBUNWIND
307 #define UNW_LOCAL_ONLY
308 #include <libunwind.h>
309 static void SignalHandlerUnexpected(int sig_num, siginfo_t *info, void *context)
310 {
311  char msg[SC_LOG_MAX_LOG_MSG_LEN];
312  unw_cursor_t cursor;
313  /* Restore defaults for signals to avoid loops */
314  signal(SIGABRT, SIG_DFL);
315  signal(SIGSEGV, SIG_DFL);
316  int r;
317  if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
318  SCLogError("unable to obtain stack trace: unw_init_local: %s", unw_strerror(r));
319  goto terminate;
320  }
321 
322  char *temp = msg;
323  int cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "stacktrace:sig %d:", sig_num);
324  temp += cw;
325  r = 1;
326  while (r > 0) {
327  if (unw_is_signal_frame(&cursor) == 0) {
328  unw_word_t off;
329  char name[256];
330  if (unw_get_proc_name(&cursor, name, sizeof(name), &off) == UNW_ENOMEM) {
331  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "[unknown]:");
332  } else {
333  cw = snprintf(
334  temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), "%s+0x%08" PRIx64, name, off);
335  }
336  temp += cw;
337  }
338 
339  r = unw_step(&cursor);
340  if (r > 0) {
341  cw = snprintf(temp, SC_LOG_MAX_LOG_MSG_LEN - (temp - msg), ";");
342  temp += cw;
343  }
344  }
345  SCLogError("%s", msg);
346 
347 terminate:
348  // Propagate signal to watchers, if any
349  kill(getpid(), sig_num);
350 }
351 #undef UNW_LOCAL_ONLY
352 #endif /* HAVE_LIBUNWIND */
353 #endif /* !OS_WIN32 */
354 #endif
355 
356 #ifndef OS_WIN32
357 /**
358  * SIGUSR2 handler. Just set sigusr2_count. The main loop will act on
359  * it.
360  */
361 static void SignalHandlerSigusr2(int sig)
362 {
363  if (sigusr2_count < 2)
364  sigusr2_count++;
365 }
366 
367 /**
368  * SIGHUP handler. Just set sighup_count. The main loop will act on
369  * it.
370  */
371 static void SignalHandlerSigHup(/*@unused@*/ int sig)
372 {
373  sighup_count = 1;
374 }
375 #endif
376 
377 void GlobalsInitPreConfig(void)
378 {
379  TimeInit();
380  SupportFastPatternForSigMatchTypes();
381  SCThresholdConfGlobalInit();
382  SCProtoNameInit();
383 }
384 
385 void GlobalsDestroy(void)
386 {
387  SCInstance *suri = &suricata;
388  ThresholdDestroy();
389  HostShutdown();
390  HTPFreeConfig();
391  HTPAtExitPrintStats();
392 
393  AppLayerHtpPrintStats();
394 
395  /* TODO this can do into it's own func */
396  DetectEngineCtx *de_ctx = DetectEngineGetCurrent();
397  if (de_ctx) {
398  DetectEngineMoveToFreeList(de_ctx);
399  DetectEngineDeReference(&de_ctx);
400  }
401  DetectEngineClearMaster();
402 
403  AppLayerDeSetup();
404  DatasetsSave();
405  DatasetsDestroy();
406  OutputTxShutdown();
407  TagDestroyCtx();
408 
409  LiveDeviceListClean();
410  OutputDeregisterAll();
411  FeatureTrackingRelease();
412  SCProtoNameRelease();
413  TimeDeinit();
414  SigTableCleanup();
415  TmqhCleanup();
416  TmModuleRunDeInit();
417  ParseSizeDeinit();
418  DatalinkTableDeinit();
419 
420 #ifdef HAVE_DPDK
421  DPDKCleanupEAL();
422 #endif
423 
424 #ifdef HAVE_AF_PACKET
425  AFPPeersListClean();
426 #endif
427 
428 #ifdef NFQ
429  NFQContextsClean();
430 #endif
431 
432 #ifdef BUILD_HYPERSCAN
433  MpmHSGlobalCleanup();
434 #endif
435 
436  SCConfDeInit();
437 
438  DetectParseFreeRegexes();
439 
440  SCPidfileRemove(suri->pid_filename);
441  SCFree(suri->pid_filename);
442  suri->pid_filename = NULL;
443 
444  VarNameStoreDestroy();
445  SCLogDeInitLogModule();
446 }
447 
448 /**
449  * \brief Used to send OS specific notification of running threads
450  *
451  * \retval TmEcode TM_ECODE_OK on success; TM_ECODE_FAILED on failure.
452  */
453 static void OnNotifyRunning(void)
454 {
455 #ifdef SYSTEMD_NOTIFY
456  if (SystemDNotifyReady() < 0) {
457  SCLogWarning("failed to notify systemd");
458  }
459 #endif
460 }
461 
462 /** \brief make sure threads can stop the engine by calling this
463  * function. Purpose: pcap file mode needs to be able to tell the
464  * engine the file eof is reached. */
465 void EngineStop(void)
466 {
467  suricata_ctl_flags |= SURICATA_STOP;
468 }
469 
470 /**
471  * \brief Used to indicate that the current task is done.
472  *
473  * This is mainly used by pcap-file to tell it has finished
474  * to treat a pcap files when running in unix-socket mode.
475  */
476 void EngineDone(void)
477 {
478  suricata_ctl_flags |= SURICATA_DONE;
479 }
480 
481 static int SetBpfString(int argc, char *argv[])
482 {
483  char *bpf_filter = NULL;
484  uint32_t bpf_len = 0;
485  int tmpindex = 0;
486 
487  /* attempt to parse remaining args as bpf filter */
488  tmpindex = argc;
489  while(argv[tmpindex] != NULL) {
490  bpf_len+=strlen(argv[tmpindex]) + 1;
491  tmpindex++;
492  }
493 
494  if (bpf_len == 0)
495  return TM_ECODE_OK;
496 
497  bpf_filter = SCCalloc(1, bpf_len);
498  if (unlikely(bpf_filter == NULL))
499  return TM_ECODE_FAILED;
500 
501  tmpindex = optind;
502  while(argv[tmpindex] != NULL) {
503  strlcat(bpf_filter, argv[tmpindex],bpf_len);
504  if(argv[tmpindex + 1] != NULL) {
505  strlcat(bpf_filter," ", bpf_len);
506  }
507  tmpindex++;
508  }
509 
510  if(strlen(bpf_filter) > 0) {
511  if (SCConfSetFinal("bpf-filter", bpf_filter) != 1) {
512  SCLogError("Failed to set bpf filter.");
513  SCFree(bpf_filter);
514  return TM_ECODE_FAILED;
515  }
516  }
517  SCFree(bpf_filter);
518 
519  return TM_ECODE_OK;
520 }
521 
522 static void SetBpfStringFromFile(char *filename)
523 {
524  char *bpf_filter = NULL;
525  char *bpf_comment_tmp = NULL;
526  char *bpf_comment_start = NULL;
527  size_t bpf_len = 0;
528  SCStat st;
529  FILE *fp = NULL;
530  size_t nm = 0;
531 
532  fp = fopen(filename, "r");
533  if (fp == NULL) {
534  SCLogError("Failed to open file %s", filename);
535  exit(EXIT_FAILURE);
536  }
537 
538  if (SCFstatFn(fileno(fp), &st) != 0) {
539  SCLogError("Failed to stat file %s", filename);
540  exit(EXIT_FAILURE);
541  }
542  // st.st_size is signed on Windows
543  bpf_len = ((size_t)(st.st_size)) + 1;
544 
545  bpf_filter = SCCalloc(1, bpf_len);
546  if (unlikely(bpf_filter == NULL)) {
547  SCLogError("Failed to allocate buffer for bpf filter in file %s", filename);
548  exit(EXIT_FAILURE);
549  }
550 
551  nm = fread(bpf_filter, 1, bpf_len - 1, fp);
552  if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
553  SCLogError("Failed to read complete BPF file %s", filename);
554  SCFree(bpf_filter);
555  fclose(fp);
556  exit(EXIT_FAILURE);
557  }
558  fclose(fp);
559  bpf_filter[nm] = '\0';
560 
561  if(strlen(bpf_filter) > 0) {
562  /*replace comments with space*/
563  bpf_comment_start = bpf_filter;
564  while((bpf_comment_tmp = strchr(bpf_comment_start, '#')) != NULL) {
565  while((*bpf_comment_tmp !='\0') &&
566  (*bpf_comment_tmp != '\r') && (*bpf_comment_tmp != '\n'))
567  {
568  *bpf_comment_tmp++ = ' ';
569  }
570  bpf_comment_start = bpf_comment_tmp;
571  }
572  /*remove remaining '\r' and '\n' */
573  while((bpf_comment_tmp = strchr(bpf_filter, '\r')) != NULL) {
574  *bpf_comment_tmp = ' ';
575  }
576  while((bpf_comment_tmp = strchr(bpf_filter, '\n')) != NULL) {
577  *bpf_comment_tmp = ' ';
578  }
579  /* cut trailing spaces */
580  while (strlen(bpf_filter) > 0 &&
581  bpf_filter[strlen(bpf_filter)-1] == ' ')
582  {
583  bpf_filter[strlen(bpf_filter)-1] = '\0';
584  }
585  if (strlen(bpf_filter) > 0) {
586  if (SCConfSetFinal("bpf-filter", bpf_filter) != 1) {
587  SCFree(bpf_filter);
588  FatalError("failed to set bpf filter");
589  }
590  }
591  }
592  SCFree(bpf_filter);
593 }
594 
595 static void PrintUsage(const char *progname)
596 {
597 #ifdef REVISION
598  printf("%s %s (%s)\n", PROG_NAME, PROG_VER, xstr(REVISION));
599 #else
600  printf("%s %s\n", PROG_NAME, PROG_VER);
601 #endif
602  printf("USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
603 
604  printf("\n General:\n");
605  printf("\t-v : be more verbose (use multiple times to "
606  "increase verbosity)\n");
607  printf("\t-c <path> : path to configuration file\n");
608  printf("\t-l <dir> : default log directory\n");
609  printf("\t--include <path> : additional configuration file\n");
610  printf("\t--set name=value : set a configuration value\n");
611  printf("\t--pidfile <file> : write pid to this file\n");
612  printf("\t-T : test configuration file (use with -c)\n");
613  printf("\t--init-errors-fatal : enable fatal failure on signature init "
614  "error\n");
615 #ifndef OS_WIN32
616  printf("\t-D : run as daemon\n");
617 #else
618  printf("\t--service-install : install as service\n");
619  printf("\t--service-remove : remove service\n");
620  printf("\t--service-change-params : change service startup parameters\n");
621 #endif /* OS_WIN32 */
622 #ifdef HAVE_LIBCAP_NG
623  printf("\t--user <user> : run suricata as this user after init\n");
624  printf("\t--group <group> : run suricata as this group after init\n");
625 #endif /* HAVE_LIBCAP_NG */
626 #ifdef BUILD_UNIX_SOCKET
627  printf("\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
628 #endif
629  printf("\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
630  "\t supplied should be the id for the runmode obtained by running\n"
631  "\t --list-runmodes\n");
632 
633  printf("\n Capture and IPS:\n");
634 
635  printf("\t-F <bpf filter file> : bpf filter file\n");
636  printf("\t-k [all|none] : force checksum check (all) or disabled it "
637  "(none)\n");
638  printf("\t-i <dev or ip> : run in pcap live mode\n");
639  printf("\t--pcap[=<dev>] : run in pcap mode, no value select interfaces "
640  "from suricata.yaml\n");
641 #ifdef HAVE_PCAP_SET_BUFF
642  printf("\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
643 #endif /* HAVE_SET_PCAP_BUFF */
644 #ifdef NFQ
645  printf("\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to "
646  "specify a range of queues)\n");
647 #endif /* NFQ */
648 #ifdef IPFW
649  printf("\t-d <divert port> : run in inline ipfw divert mode\n");
650 #endif /* IPFW */
651 #ifdef HAVE_AF_PACKET
652  printf("\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
653 #endif
654 #ifdef HAVE_AF_XDP
655  printf("\t--af-xdp[=<dev>] : run in af-xdp mode, no value select "
656  "interfaces from suricata.yaml\n");
657 #endif
658 #ifdef HAVE_NETMAP
659  printf("\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
660 #endif
661 #ifdef HAVE_PFRING
662  printf("\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
663  printf("\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
664  printf("\t--pfring-cluster-id <id> : pfring cluster id \n");
665  printf("\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
666 #endif /* HAVE_PFRING */
667 #ifdef HAVE_DPDK
668  printf("\t--dpdk : run in dpdk mode, uses interfaces from "
669  "suricata.yaml\n");
670 #endif
671 #ifdef HAVE_DAG
672  printf("\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
673 #endif
674 #ifdef WINDIVERT
675  printf("\t--windivert <filter> : run in inline WinDivert mode\n");
676  printf("\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
677 #endif
678 #ifdef HAVE_LIBNET11
679  printf("\t--reject-dev <dev> : send reject packets from this interface\n");
680 #endif
681 
682  printf("\n Capture Files:\n");
683  printf("\t-r <path> : run in pcap file/offline mode\n");
684  printf("\t--pcap-file-continuous : when running in pcap mode with a directory, "
685  "continue checking directory for pcaps until interrupted\n");
686  printf("\t--pcap-file-delete : when running in replay mode (-r with "
687  "directory or file), will delete pcap files that have been processed when done\n");
688  printf("\t--pcap-file-recursive : will descend into subdirectories when running "
689  "in replay mode (-r)\n");
690  printf("\t--pcap-file-buffer-size : set read buffer size (setvbuf)\n");
691  printf("\t--erf-in <path> : process an ERF file\n");
692 
693  printf("\n Detection:\n");
694  printf("\t-s <path> : path to signature file loaded in addition to "
695  "suricata.yaml settings (optional)\n");
696  printf("\t-S <path> : path to signature file loaded exclusively "
697  "(optional)\n");
698  printf("\t--disable-detection : disable detection engine\n");
699  printf("\t--engine-analysis : print reports on analysis of different "
700  "sections in the engine and exit.\n"
701  "\t Please have a look at the conf parameter "
702  "engine-analysis on what reports\n"
703  "\t can be printed\n");
704 
705  printf("\n Firewall:\n");
706  printf("\t--firewall : enable firewall mode\n");
707  printf("\t--firewall-rules-exclusive=<path> : path to firewall rule file loaded "
708  "exclusively\n");
709 
710  printf("\n Info:\n");
711  printf("\t-V : display Suricata version\n");
712  printf("\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
713  printf("\t--list-runmodes : list supported runmodes\n");
714  printf("\t--list-app-layer-protos : list supported app layer protocols\n");
715  printf("\t--list-app-layer-hooks : list supported app layer hooks for use in "
716  "rules\n");
717  printf("\t--dump-config : show the running configuration\n");
718  printf("\t--dump-features : display provided features\n");
719  printf("\t--build-info : display build information\n");
720 
721  printf("\n Testing:\n");
722  printf("\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
723 #ifdef UNITTESTS
724  printf("\t-u : run the unittests and exit\n");
725  printf("\t-U=REGEX, --unittest-filter=REGEX : filter unittests with a pcre compatible "
726  "regex\n");
727  printf("\t--list-unittests : list unit tests\n");
728  printf("\t--fatal-unittests : enable fatal failure on unittest error\n");
729  printf("\t--unittests-coverage : display unittest coverage report\n");
730 #endif /* UNITTESTS */
731  printf("\n");
732  printf("\nTo run " PROG_NAME " with default configuration on "
733  "interface eth0 with signature file \"signatures.rules\", run the "
734  "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
735  progname);
736 }
737 
738 static void PrintBuildInfo(void)
739 {
740  const char *bits;
741  const char *endian;
742  char features[2048] = "";
743  const char *tls;
744 
745  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
746 #ifdef DEBUG
747  strlcat(features, "DEBUG ", sizeof(features));
748 #endif
749 #ifdef DEBUG_VALIDATION
750  strlcat(features, "DEBUG_VALIDATION ", sizeof(features));
751 #endif
752 #ifdef UNITTESTS
753  strlcat(features, "UNITTESTS ", sizeof(features));
754 #endif
755 #ifdef NFQ
756  strlcat(features, "NFQ ", sizeof(features));
757 #endif
758 #ifdef IPFW
759  strlcat(features, "IPFW ", sizeof(features));
760 #endif
761 #ifdef HAVE_PCAP_SET_BUFF
762  strlcat(features, "PCAP_SET_BUFF ", sizeof(features));
763 #endif
764 #ifdef HAVE_PFRING
765  strlcat(features, "PF_RING ", sizeof(features));
766 #endif
767 #ifdef HAVE_NAPATECH
768  strlcat(features, "NAPATECH ", sizeof(features));
769 #endif
770 #ifdef HAVE_AF_PACKET
771  strlcat(features, "AF_PACKET ", sizeof(features));
772 #endif
773 #ifdef HAVE_NETMAP
774  strlcat(features, "NETMAP ", sizeof(features));
775 #endif
776 #ifdef HAVE_PACKET_FANOUT
777  strlcat(features, "HAVE_PACKET_FANOUT ", sizeof(features));
778 #endif
779 #ifdef HAVE_DAG
780  strlcat(features, "DAG ", sizeof(features));
781 #endif
782 #ifdef HAVE_LIBCAP_NG
783  strlcat(features, "LIBCAP_NG ", sizeof(features));
784 #endif
785 #ifdef HAVE_LIBNET11
786  strlcat(features, "LIBNET1.1 ", sizeof(features));
787 #endif
788  strlcat(features, "HAVE_HTP_URI_NORMALIZE_HOOK ", sizeof(features));
789 #ifdef PCRE2_HAVE_JIT
790  strlcat(features, "PCRE_JIT ", sizeof(features));
791 #endif
792  /* For compatibility, just say we have HAVE_NSS. */
793  strlcat(features, "HAVE_NSS ", sizeof(features));
794  /* HTTP2_DECOMPRESSION is not an optional feature in this major version */
795  strlcat(features, "HTTP2_DECOMPRESSION ", sizeof(features));
796  /* Lua is now vendored in and always available. */
797  strlcat(features, "HAVE_LUA ", sizeof(features));
798 #ifdef HAVE_JA3
799  strlcat(features, "HAVE_JA3 ", sizeof(features));
800 #endif
801 #ifdef HAVE_JA4
802  strlcat(features, "HAVE_JA4 ", sizeof(features));
803 #endif
804  strlcat(features, "HAVE_LIBJANSSON ", sizeof(features));
805 #ifdef PROFILING
806  strlcat(features, "PROFILING ", sizeof(features));
807 #endif
808 #ifdef PROFILE_LOCKING
809  strlcat(features, "PROFILE_LOCKING ", sizeof(features));
810 #endif
811 #if defined(TLS_C11) || defined(TLS_GNU)
812  strlcat(features, "TLS ", sizeof(features));
813 #endif
814 #if defined(TLS_C11)
815  strlcat(features, "TLS_C11 ", sizeof(features));
816 #elif defined(TLS_GNU)
817  strlcat(features, "TLS_GNU ", sizeof(features));
818 #endif
819 #ifdef HAVE_MAGIC
820  strlcat(features, "MAGIC ", sizeof(features));
821 #endif
822  strlcat(features, "RUST ", sizeof(features));
823 #if defined(SC_ADDRESS_SANITIZER)
824  strlcat(features, "ASAN ", sizeof(features));
825 #endif
826 #if defined(HAVE_POPCNT64)
827  strlcat(features, "POPCNT64 ", sizeof(features));
828 #endif
829  if (strlen(features) == 0) {
830  strlcat(features, "none", sizeof(features));
831  }
832 
833  printf("Features: %s\n", features);
834 
835  /* SIMD stuff */
836  memset(features, 0x00, sizeof(features));
837 #if defined(__SSE4_2__)
838  strlcat(features, "SSE_4_2 ", sizeof(features));
839 #endif
840 #if defined(__SSE4_1__)
841  strlcat(features, "SSE_4_1 ", sizeof(features));
842 #endif
843 #if defined(__SSE3__)
844  strlcat(features, "SSE_3 ", sizeof(features));
845 #endif
846 #if defined(__SSE2__)
847  strlcat(features, "SSE_2 ", sizeof(features));
848 #endif
849  if (strlen(features) == 0) {
850  strlcat(features, "none", sizeof(features));
851  }
852  printf("SIMD support: %s\n", features);
853 
854  /* atomics stuff */
855  memset(features, 0x00, sizeof(features));
856 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
857  strlcat(features, "1 ", sizeof(features));
858 #endif
859 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
860  strlcat(features, "2 ", sizeof(features));
861 #endif
862 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
863  strlcat(features, "4 ", sizeof(features));
864 #endif
865 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
866  strlcat(features, "8 ", sizeof(features));
867 #endif
868 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
869  strlcat(features, "16 ", sizeof(features));
870 #endif
871  if (strlen(features) == 0) {
872  strlcat(features, "none", sizeof(features));
873  } else {
874  strlcat(features, "byte(s)", sizeof(features));
875  }
876  printf("Atomic intrinsics: %s\n", features);
877 
878 #if __WORDSIZE == 64
879  bits = "64-bits";
880 #elif __WORDSIZE == 32
881  bits = "32-bits";
882 #else
883  bits = "<unknown>-bits";
884 #endif
885 
886 #if __BYTE_ORDER == __BIG_ENDIAN
887  endian = "Big-endian";
888 #elif __BYTE_ORDER == __LITTLE_ENDIAN
889  endian = "Little-endian";
890 #else
891  endian = "<unknown>-endian";
892 #endif
893 
894  printf("%s, %s architecture\n", bits, endian);
895 #ifdef __GNUC__
896  printf("GCC version %s, C version %"PRIiMAX"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
897 #else
898  printf("C version %"PRIiMAX"\n", (intmax_t)__STDC_VERSION__);
899 #endif
900 
901 #if __SSP__ == 1
902  printf("compiled with -fstack-protector\n");
903 #endif
904 #if __SSP_ALL__ == 2
905  printf("compiled with -fstack-protector-all\n");
906 #endif
907 /*
908  * Workaround for special defines of _FORTIFY_SOURCE like
909  * FORTIFY_SOURCE=((defined __OPTIMIZE && OPTIMIZE > 0) ? 2 : 0)
910  * which is used by Gentoo for example and would result in the error
911  * 'defined' undeclared when _FORTIFY_SOURCE used via %d in printf func
912  *
913  */
914 #if _FORTIFY_SOURCE == 2
915  printf("compiled with _FORTIFY_SOURCE=2\n");
916 #elif _FORTIFY_SOURCE == 1
917  printf("compiled with _FORTIFY_SOURCE=1\n");
918 #elif _FORTIFY_SOURCE == 0
919  printf("compiled with _FORTIFY_SOURCE=0\n");
920 #endif
921 #ifdef CLS
922  printf("L1 cache line size (CLS)=%d\n", CLS);
923 #endif
924 #if defined(TLS_C11)
925  tls = "_Thread_local";
926 #elif defined(TLS_GNU)
927  tls = "__thread";
928 #else
929 #error "Unsupported thread local"
930 #endif
931  printf("thread local storage method: %s\n", tls);
932 
933  printf("compiled with %s\n", htp_get_version());
934  printf("\n");
935 #include "build-info.h"
936 }
937 
938 int coverage_unittests;
939 int g_ut_modules;
940 int g_ut_covered;
941 
942 void RegisterAllModules(void)
943 {
944  /* commanders */
945  TmModuleUnixManagerRegister();
946  /* managers */
947  TmModuleFlowManagerRegister();
948  TmModuleFlowRecyclerRegister();
949  TmModuleBypassedFlowManagerRegister();
950  /* nfq */
951  TmModuleReceiveNFQRegister();
952  TmModuleVerdictNFQRegister();
953  TmModuleDecodeNFQRegister();
954  /* ipfw */
955  TmModuleReceiveIPFWRegister();
956  TmModuleVerdictIPFWRegister();
957  TmModuleDecodeIPFWRegister();
958  /* pcap live */
959  TmModuleReceivePcapRegister();
960  TmModuleDecodePcapRegister();
961  /* pcap file */
962  TmModuleReceivePcapFileRegister();
963  TmModuleDecodePcapFileRegister();
964  /* af-packet */
965  TmModuleReceiveAFPRegister();
966  TmModuleDecodeAFPRegister();
967  /* af-xdp */
968  TmModuleReceiveAFXDPRegister();
969  TmModuleDecodeAFXDPRegister();
970  /* netmap */
971  TmModuleReceiveNetmapRegister();
972  TmModuleDecodeNetmapRegister();
973  /* dag file */
974  TmModuleReceiveErfFileRegister();
975  TmModuleDecodeErfFileRegister();
976  /* dag live */
977  TmModuleReceiveErfDagRegister();
978  TmModuleDecodeErfDagRegister();
979 
980  /* flow worker */
981  TmModuleFlowWorkerRegister();
982  /* respond-reject */
983  TmModuleRespondRejectRegister();
984 
985  /* log api */
986  TmModuleLoggerRegister();
987  TmModuleStatsLoggerRegister();
988 
989  TmModuleDebugList();
990  /* nflog */
991  TmModuleReceiveNFLOGRegister();
992  TmModuleDecodeNFLOGRegister();
993 
994  /* windivert */
995  TmModuleReceiveWinDivertRegister();
996  TmModuleVerdictWinDivertRegister();
997  TmModuleDecodeWinDivertRegister();
998 
999  /* Dpdk */
1000  TmModuleReceiveDPDKRegister();
1001  TmModuleDecodeDPDKRegister();
1002 
1003  /* Library */
1004  TmModuleDecodeLibRegister();
1005 }
1006 
1007 TmEcode SCLoadYamlConfig(void)
1008 {
1009  SCEnter();
1010 
1011  SCInstance *suri = &suricata;
1012 
1013  if (suri->conf_filename == NULL)
1014  suri->conf_filename = DEFAULT_CONF_FILE;
1015 
1016  if (SCConfYamlLoadFile(suri->conf_filename) != 0) {
1017  /* Error already displayed. */
1018  SCReturnInt(TM_ECODE_FAILED);
1019  }
1020 
1021  if (suri->additional_configs) {
1022  for (int i = 0; suri->additional_configs[i] != NULL; i++) {
1023  SCLogConfig("Loading additional configuration file %s", suri->additional_configs[i]);
1024  SCConfYamlHandleInclude(SCConfGetRootNode(), suri->additional_configs[i]);
1025  }
1026  }
1027 
1028  SCReturnInt(TM_ECODE_OK);
1029 }
1030 
1031 static TmEcode ParseInterfacesList(const int runmode, char *pcap_dev)
1032 {
1033  SCEnter();
1034 
1035  /* run the selected runmode */
1036  if (runmode == RUNMODE_PCAP_DEV) {
1037  if (strlen(pcap_dev) == 0) {
1038  int ret = LiveBuildDeviceList("pcap");
1039  if (ret == 0) {
1040  SCLogError("No interface found in config for pcap");
1041  SCReturnInt(TM_ECODE_FAILED);
1042  }
1043  }
1044  } else if (runmode == RUNMODE_PLUGIN) {
1045  if (strcmp(suricata.capture_plugin_name, "pfring") == 0) {
1046  /* Special handling for pfring. */
1047  if (strlen(pcap_dev)) {
1048  if (SCConfSetFinal("pfring.live-interface", pcap_dev) != 1) {
1049  SCLogError("Failed to set pfring.live-interface");
1050  SCReturnInt(TM_ECODE_FAILED);
1051  }
1052  }
1053  }
1054 #ifdef HAVE_DPDK
1055  } else if (runmode == RUNMODE_DPDK) {
1056  char iface_selector[] = "dpdk.interfaces";
1057  int ret = LiveBuildDeviceList(iface_selector);
1058  if (ret == 0) {
1059  SCLogError("No interface found in config for %s", iface_selector);
1060  SCReturnInt(TM_ECODE_FAILED);
1061  }
1062 #endif
1063 #ifdef HAVE_AF_PACKET
1064  } else if (runmode == RUNMODE_AFP_DEV) {
1065  /* iface has been set on command line */
1066  if (strlen(pcap_dev)) {
1067  if (SCConfSetFinal("af-packet.live-interface", pcap_dev) != 1) {
1068  SCLogError("Failed to set af-packet.live-interface");
1069  SCReturnInt(TM_ECODE_FAILED);
1070  }
1071  } else {
1072  int ret = LiveBuildDeviceList("af-packet");
1073  if (ret == 0) {
1074  SCLogError("No interface found in config for af-packet");
1075  SCReturnInt(TM_ECODE_FAILED);
1076  }
1077  }
1078 #endif
1079 #ifdef HAVE_AF_XDP
1080  } else if (runmode == RUNMODE_AFXDP_DEV) {
1081  /* iface has been set on command line */
1082  if (strlen(pcap_dev)) {
1083  if (SCConfSetFinal("af-xdp.live-interface", pcap_dev) != 1) {
1084  SCLogError("Failed to set af-xdp.live-interface");
1085  SCReturnInt(TM_ECODE_FAILED);
1086  }
1087  } else {
1088  int ret = LiveBuildDeviceList("af-xdp");
1089  if (ret == 0) {
1090  SCLogError("No interface found in config for af-xdp");
1091  SCReturnInt(TM_ECODE_FAILED);
1092  }
1093  }
1094 #endif
1095 #ifdef HAVE_NETMAP
1096  } else if (runmode == RUNMODE_NETMAP) {
1097  /* iface has been set on command line */
1098  if (strlen(pcap_dev)) {
1099  if (SCConfSetFinal("netmap.live-interface", pcap_dev) != 1) {
1100  SCLogError("Failed to set netmap.live-interface");
1101  SCReturnInt(TM_ECODE_FAILED);
1102  }
1103  } else {
1104  int ret = LiveBuildDeviceList("netmap");
1105  if (ret == 0) {
1106  SCLogError("No interface found in config for netmap");
1107  SCReturnInt(TM_ECODE_FAILED);
1108  }
1109  }
1110 #endif
1111 #ifdef HAVE_NFLOG
1112  } else if (runmode == RUNMODE_NFLOG) {
1113  int ret = LiveBuildDeviceListCustom("nflog", "group");
1114  if (ret == 0) {
1115  SCLogError("No group found in config for nflog");
1116  SCReturnInt(TM_ECODE_FAILED);
1117  }
1118 #endif
1119  }
1120 
1121  SCReturnInt(TM_ECODE_OK);
1122 }
1123 
1124 static void SCInstanceInit(SCInstance *suri, const char *progname)
1125 {
1126  memset(suri, 0x00, sizeof(*suri));
1127 
1128  suri->progname = progname;
1129  suri->run_mode = RUNMODE_UNKNOWN;
1130 
1131  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1132  suri->sig_file = NULL;
1133  suri->sig_file_exclusive = false;
1134  suri->pid_filename = NULL;
1135  suri->regex_arg = NULL;
1136 
1137  suri->keyword_info = NULL;
1138  suri->runmode_custom_mode = NULL;
1139 #ifndef OS_WIN32
1140  suri->user_name = NULL;
1141  suri->group_name = NULL;
1142  suri->do_setuid = false;
1143  suri->do_setgid = false;
1144 #endif /* OS_WIN32 */
1145  suri->userid = 0;
1146  suri->groupid = 0;
1147  suri->delayed_detect = 0;
1148  suri->daemon = 0;
1149  suri->offline = 0;
1150  suri->verbose = 0;
1151  /* use -1 as unknown */
1152  suri->checksum_validation = -1;
1153 #if HAVE_DETECT_DISABLED==1
1154  g_detect_disabled = suri->disabled_detect = 1;
1155 #else
1156  g_detect_disabled = suri->disabled_detect = 0;
1157 #endif
1158 }
1159 
1160 const char *GetDocURL(void)
1161 {
1162  const char *prog_ver = GetProgramVersion();
1163  if (strstr(prog_ver, "RELEASE") != NULL) {
1164  return DOC_URL "suricata-" PROG_VER;
1165  }
1166  return DOC_URL "latest";
1167 }
1168 
1169 /** \brief get string with program version
1170  *
1171  * Get the program version as passed to us from AC_INIT
1172  *
1173  * Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed
1174  * to us.
1175  *
1176  * Possible outputs:
1177  * release: '5.0.1 RELEASE'
1178  * dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)'
1179  * dev w/o rev: '5.0.1-dev'
1180  */
1181 const char *GetProgramVersion(void)
1182 {
1183  if (strstr(PROG_VER, "-dev") == NULL) {
1184  return PROG_VER " RELEASE";
1185  } else {
1186 #ifdef REVISION
1187  return PROG_VER " (" xstr(REVISION) ")";
1188 #else
1189  return PROG_VER;
1190 #endif
1191  }
1192 }
1193 
1194 static TmEcode PrintVersion(void)
1195 {
1196  printf("This is %s version %s\n", PROG_NAME, GetProgramVersion());
1197  return TM_ECODE_OK;
1198 }
1199 
1200 static TmEcode LogVersion(SCInstance *suri)
1201 {
1202  const char *mode = suri->system ? "SYSTEM" : "USER";
1203  SCLogNotice("This is %s version %s running in %s mode",
1204  PROG_NAME, GetProgramVersion(), mode);
1205  return TM_ECODE_OK;
1206 }
1207 
1208 static void SCSetStartTime(SCInstance *suri)
1209 {
1210  memset(&suri->start_time, 0, sizeof(suri->start_time));
1211  gettimeofday(&suri->start_time, NULL);
1212 }
1213 
1214 static void SCPrintElapsedTime(struct timeval *start_time)
1215 {
1216  if (start_time == NULL)
1217  return;
1218  struct timeval end_time;
1219  memset(&end_time, 0, sizeof(end_time));
1220  gettimeofday(&end_time, NULL);
1221  uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1222  (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1223  SCLogInfo("time elapsed %.3fs", (float)milliseconds/(float)1000);
1224 }
1225 
1226 static int ParseCommandLineAfpacket(SCInstance *suri, const char *in_arg)
1227 {
1228 #ifdef HAVE_AF_PACKET
1229  if (suri->run_mode == RUNMODE_UNKNOWN) {
1230  suri->run_mode = RUNMODE_AFP_DEV;
1231  if (in_arg) {
1232  LiveRegisterDeviceName(in_arg);
1233  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1234  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1235  }
1236  } else if (suri->run_mode == RUNMODE_AFP_DEV) {
1237  if (in_arg) {
1238  LiveRegisterDeviceName(in_arg);
1239  } else {
1240  SCLogInfo("Multiple af-packet option without interface on each is useless");
1241  }
1242  } else {
1243  SCLogError("more than one run mode "
1244  "has been specified");
1245  PrintUsage(suri->progname);
1246  return TM_ECODE_FAILED;
1247  }
1248  return TM_ECODE_OK;
1249 #else
1250  SCLogError("AF_PACKET not enabled. On Linux "
1251  "host, make sure to pass --enable-af-packet to "
1252  "configure when building.");
1253  return TM_ECODE_FAILED;
1254 #endif
1255 }
1256 
1257 static int ParseCommandLineAfxdp(SCInstance *suri, const char *in_arg)
1258 {
1259 #ifdef HAVE_AF_XDP
1260  if (suri->run_mode == RUNMODE_UNKNOWN) {
1261  suri->run_mode = RUNMODE_AFXDP_DEV;
1262  if (in_arg) {
1263  LiveRegisterDeviceName(in_arg);
1264  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1265  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1266  }
1267  } else if (suri->run_mode == RUNMODE_AFXDP_DEV) {
1268  if (in_arg) {
1269  LiveRegisterDeviceName(in_arg);
1270  } else {
1271  SCLogInfo("Multiple af-xdp options without interface on each is useless");
1272  }
1273  } else {
1274  SCLogError("more than one run mode "
1275  "has been specified");
1276  PrintUsage(suri->progname);
1277  return TM_ECODE_FAILED;
1278  }
1279  return TM_ECODE_OK;
1280 #else
1281  SCLogError("AF_XDP not enabled. On Linux "
1282  "host, make sure correct libraries are installed,"
1283  " see documentation for information.");
1284  return TM_ECODE_FAILED;
1285 #endif
1286 }
1287 
1288 static int ParseCommandLineDpdk(SCInstance *suri, const char *in_arg)
1289 {
1290 #ifdef HAVE_DPDK
1291  if (suri->run_mode == RUNMODE_UNKNOWN) {
1292  suri->run_mode = RUNMODE_DPDK;
1293  } else if (suri->run_mode == RUNMODE_DPDK) {
1294  SCLogInfo("Multiple dpdk options have no effect on Suricata");
1295  } else {
1296  SCLogError("more than one run mode "
1297  "has been specified");
1298  PrintUsage(suri->progname);
1299  return TM_ECODE_FAILED;
1300  }
1301  return TM_ECODE_OK;
1302 #else
1303  SCLogError("DPDK not enabled. On Linux "
1304  "host, make sure to pass --enable-dpdk to "
1305  "configure when building.");
1306  return TM_ECODE_FAILED;
1307 #endif
1308 }
1309 
1310 static int ParseCommandLinePcapLive(SCInstance *suri, const char *in_arg)
1311 {
1312 #if defined(OS_WIN32) && !defined(HAVE_LIBWPCAP)
1313  /* If running on Windows without Npcap, bail early as live capture is not supported. */
1314  FatalError("Live capture not available. To support live capture compile against Npcap.");
1315 #endif
1316  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1317 
1318  if (in_arg != NULL) {
1319  /* some windows shells require escaping of the \ in \Device. Otherwise
1320  * the backslashes are stripped. We put them back here. */
1321  if (strlen(in_arg) > 9 && strncmp(in_arg, "DeviceNPF", 9) == 0) {
1322  snprintf(suri->pcap_dev, sizeof(suri->pcap_dev), "\\Device\\NPF%s", in_arg+9);
1323  } else {
1324  strlcpy(suri->pcap_dev, in_arg, sizeof(suri->pcap_dev));
1325  PcapTranslateIPToDevice(suri->pcap_dev, sizeof(suri->pcap_dev));
1326  }
1327 
1328  if (strcmp(suri->pcap_dev, in_arg) != 0) {
1329  SCLogInfo("translated %s to pcap device %s", in_arg, suri->pcap_dev);
1330  } else if (strlen(suri->pcap_dev) > 0 && isdigit((unsigned char)suri->pcap_dev[0])) {
1331  SCLogError("failed to find a pcap device for IP %s", in_arg);
1332  return TM_ECODE_FAILED;
1333  }
1334  }
1335 
1336  if (suri->run_mode == RUNMODE_UNKNOWN) {
1337  suri->run_mode = RUNMODE_PCAP_DEV;
1338  if (in_arg) {
1339  LiveRegisterDeviceName(suri->pcap_dev);
1340  }
1341  } else if (suri->run_mode == RUNMODE_PCAP_DEV) {
1342  LiveRegisterDeviceName(suri->pcap_dev);
1343  } else {
1344  SCLogError("more than one run mode "
1345  "has been specified");
1346  PrintUsage(suri->progname);
1347  return TM_ECODE_FAILED;
1348  }
1349  return TM_ECODE_OK;
1350 }
1351 
1352 /**
1353  * Helper function to check if log directory is writable
1354  */
1355 static bool IsLogDirectoryWritable(const char* str)
1356 {
1357  if (access(str, W_OK) == 0)
1358  return true;
1359  return false;
1360 }
1361 
1362 extern int g_skip_prefilter;
1363 
1364 TmEcode SCParseCommandLine(int argc, char **argv)
1365 {
1366  SCInstance *suri = &suricata;
1367  int opt;
1368 
1369  int dump_config = 0;
1370  int dump_features = 0;
1371  int list_app_layer_protocols = 0;
1372  int list_app_layer_hooks = 0;
1373  int list_unittests = 0;
1374  int list_runmodes = 0;
1375  int list_keywords = 0;
1376  int build_info = 0;
1377  int conf_test = 0;
1378  int engine_analysis = 0;
1379  int ret = TM_ECODE_OK;
1380  int is_firewall = 0;
1381 
1382 #ifdef UNITTESTS
1383  coverage_unittests = 0;
1384  g_ut_modules = 0;
1385  g_ut_covered = 0;
1386 #endif
1387 
1388  // clang-format off
1389  struct option long_opts[] = {
1390  {"help", 0, 0, 0},
1391  {"dump-config", 0, &dump_config, 1},
1392  {"dump-features", 0, &dump_features, 1},
1393  {"pfring", optional_argument, 0, 0},
1394  {"pfring-int", required_argument, 0, 0},
1395  {"pfring-cluster-id", required_argument, 0, 0},
1396  {"pfring-cluster-type", required_argument, 0, 0},
1397 #ifdef HAVE_DPDK
1398  {"dpdk", 0, 0, 0},
1399 #endif
1400  {"af-packet", optional_argument, 0, 0},
1401  {"af-xdp", optional_argument, 0, 0},
1402  {"netmap", optional_argument, 0, 0},
1403  {"pcap", optional_argument, 0, 0},
1404  {"pcap-file-continuous", 0, 0, 0},
1405  {"pcap-file-delete", 0, 0, 0},
1406  {"pcap-file-recursive", 0, 0, 0},
1407  {"pcap-file-buffer-size", required_argument, 0, 0},
1408  {"simulate-ips", 0, 0 , 0},
1409  {"no-random", 0, &g_disable_randomness, 1},
1410  {"strict-rule-keywords", optional_argument, 0, 0},
1411 
1412  {"capture-plugin", required_argument, 0, 0},
1413  {"capture-plugin-args", required_argument, 0, 0},
1414 
1415 #ifdef BUILD_UNIX_SOCKET
1416  {"unix-socket", optional_argument, 0, 0},
1417 #endif
1418  {"pcap-buffer-size", required_argument, 0, 0},
1419  {"unittest-filter", required_argument, 0, 'U'},
1420  {"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1421  {"list-app-layer-hooks", 0, &list_app_layer_hooks, 1},
1422  {"list-unittests", 0, &list_unittests, 1},
1423  {"list-runmodes", 0, &list_runmodes, 1},
1424  {"list-keywords", optional_argument, &list_keywords, 1},
1425  {"runmode", required_argument, NULL, 0},
1426  {"engine-analysis", 0, &engine_analysis, 1},
1427 #ifdef OS_WIN32
1428  {"service-install", 0, 0, 0},
1429  {"service-remove", 0, 0, 0},
1430  {"service-change-params", 0, 0, 0},
1431 #endif /* OS_WIN32 */
1432  {"pidfile", required_argument, 0, 0},
1433  {"init-errors-fatal", 0, 0, 0},
1434  {"disable-detection", 0, 0, 0},
1435  {"disable-hashing", 0, 0, 0},
1436  {"fatal-unittests", 0, 0, 0},
1437  {"unittests-coverage", 0, &coverage_unittests, 1},
1438  {"user", required_argument, 0, 0},
1439  {"group", required_argument, 0, 0},
1440  {"erf-in", required_argument, 0, 0},
1441  {"dag", required_argument, 0, 0},
1442  {"build-info", 0, &build_info, 1},
1443  {"data-dir", required_argument, 0, 0},
1444 #ifdef WINDIVERT
1445  {"windivert", required_argument, 0, 0},
1446  {"windivert-forward", required_argument, 0, 0},
1447 #endif
1448 #ifdef HAVE_LIBNET11
1449  {"reject-dev", required_argument, 0, 0},
1450 #endif
1451  {"set", required_argument, 0, 0},
1452 #ifdef HAVE_NFLOG
1453  {"nflog", optional_argument, 0, 0},
1454 #endif
1455  {"simulate-packet-flow-memcap", required_argument, 0, 0},
1456  {"simulate-applayer-error-at-offset-ts", required_argument, 0, 0},
1457  {"simulate-applayer-error-at-offset-tc", required_argument, 0, 0},
1458  {"simulate-packet-loss", required_argument, 0, 0},
1459  {"simulate-packet-tcp-reassembly-memcap", required_argument, 0, 0},
1460  {"simulate-packet-tcp-ssn-memcap", required_argument, 0, 0},
1461  {"simulate-packet-defrag-memcap", required_argument, 0, 0},
1462  {"simulate-alert-queue-realloc-failure", 0, 0, 0},
1463 
1464  {"qa-skip-prefilter", 0, &g_skip_prefilter, 1 },
1465 
1466  {"firewall", 0, &is_firewall, 1 },
1467  {"firewall-rules-exclusive", required_argument, 0, 0},
1468 
1469  {"include", required_argument, 0, 0},
1470 
1471  {NULL, 0, NULL, 0}
1472  };
1473  // clang-format on
1474 
1475  /* getopt_long stores the option index here. */
1476  int option_index = 0;
1477 
1478  char short_opts[] = "c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1479 
1480  while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1481  switch (opt) {
1482  case 0:
1483  if (strcmp((long_opts[option_index]).name, "help") == 0) {
1484  suri->run_mode = RUNMODE_PRINT_USAGE;
1485  return TM_ECODE_OK;
1486  } else if (strcmp((long_opts[option_index]).name, "pfring") == 0 ||
1487  strcmp((long_opts[option_index]).name, "pfring-int") == 0) {
1488 #ifdef HAVE_PFRING
1489  /* TODO: Which plugin? */
1490  suri->run_mode = RUNMODE_PLUGIN;
1491  suri->capture_plugin_name = "pfring";
1492  if (optarg != NULL) {
1493  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1494  strlcpy(suri->pcap_dev, optarg,
1495  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1496  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1497  LiveRegisterDeviceName(optarg);
1498  }
1499 #else
1500  SCLogError("PF_RING not enabled. Make sure "
1501  "to pass --enable-pfring to configure when building.");
1502  return TM_ECODE_FAILED;
1503 #endif /* HAVE_PFRING */
1504  } else if (strcmp((long_opts[option_index]).name, "pfring-cluster-id") == 0) {
1505 #ifdef HAVE_PFRING
1506  if (SCConfSetFinal("pfring.cluster-id", optarg) != 1) {
1507  SCLogError("failed to set pfring.cluster-id");
1508  return TM_ECODE_FAILED;
1509  }
1510 #else
1511  SCLogError("PF_RING not enabled. Make sure "
1512  "to pass --enable-pfring to configure when building.");
1513  return TM_ECODE_FAILED;
1514 #endif /* HAVE_PFRING */
1515  } else if (strcmp((long_opts[option_index]).name, "pfring-cluster-type") == 0) {
1516 #ifdef HAVE_PFRING
1517  if (SCConfSetFinal("pfring.cluster-type", optarg) != 1) {
1518  SCLogError("failed to set pfring.cluster-type");
1519  return TM_ECODE_FAILED;
1520  }
1521 #else
1522  SCLogError("PF_RING not enabled. Make sure "
1523  "to pass --enable-pfring to configure when building.");
1524  return TM_ECODE_FAILED;
1525 #endif /* HAVE_PFRING */
1526  } else if (strcmp((long_opts[option_index]).name, "capture-plugin") == 0) {
1527  suri->run_mode = RUNMODE_PLUGIN;
1528  suri->capture_plugin_name = optarg;
1529  } else if (strcmp((long_opts[option_index]).name, "capture-plugin-args") == 0) {
1530  suri->capture_plugin_args = optarg;
1531  } else if (strcmp((long_opts[option_index]).name, "dpdk") == 0) {
1532  if (ParseCommandLineDpdk(suri, optarg) != TM_ECODE_OK) {
1533  return TM_ECODE_FAILED;
1534  }
1535  } else if (strcmp((long_opts[option_index]).name, "af-packet") == 0) {
1536  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1537  return TM_ECODE_FAILED;
1538  }
1539  } else if (strcmp((long_opts[option_index]).name, "af-xdp") == 0) {
1540  if (ParseCommandLineAfxdp(suri, optarg) != TM_ECODE_OK) {
1541  return TM_ECODE_FAILED;
1542  }
1543  } else if (strcmp((long_opts[option_index]).name, "netmap") == 0) {
1544 #ifdef HAVE_NETMAP
1545  if (suri->run_mode == RUNMODE_UNKNOWN) {
1546  suri->run_mode = RUNMODE_NETMAP;
1547  if (optarg) {
1548  LiveRegisterDeviceName(optarg);
1549  memset(suri->pcap_dev, 0, sizeof(suri->pcap_dev));
1550  strlcpy(suri->pcap_dev, optarg,
1551  ((strlen(optarg) < sizeof(suri->pcap_dev)) ?
1552  (strlen(optarg) + 1) : sizeof(suri->pcap_dev)));
1553  }
1554  } else if (suri->run_mode == RUNMODE_NETMAP) {
1555  if (optarg) {
1556  LiveRegisterDeviceName(optarg);
1557  } else {
1558  SCLogInfo("Multiple netmap option without interface on each is useless");
1559  break;
1560  }
1561  } else {
1562  SCLogError("more than one run mode "
1563  "has been specified");
1564  PrintUsage(argv[0]);
1565  return TM_ECODE_FAILED;
1566  }
1567 #else
1568  SCLogError("NETMAP not enabled.");
1569  return TM_ECODE_FAILED;
1570 #endif
1571  } else if (strcmp((long_opts[option_index]).name, "nflog") == 0) {
1572 #ifdef HAVE_NFLOG
1573  if (suri->run_mode == RUNMODE_UNKNOWN) {
1574  suri->run_mode = RUNMODE_NFLOG;
1575  LiveBuildDeviceListCustom("nflog", "group");
1576  }
1577 #else
1578  SCLogError("NFLOG not enabled.");
1579  return TM_ECODE_FAILED;
1580 #endif /* HAVE_NFLOG */
1581  } else if (strcmp((long_opts[option_index]).name, "pcap") == 0) {
1582  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1583  return TM_ECODE_FAILED;
1584  }
1585  } else if (strcmp((long_opts[option_index]).name, "simulate-ips") == 0) {
1586  SCLogInfo("Setting IPS mode");
1587  EngineModeSetIPS();
1588  } else if (strcmp((long_opts[option_index]).name, "init-errors-fatal") == 0) {
1589  if (SCConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1590  SCLogError("failed to set engine init-failure-fatal");
1591  return TM_ECODE_FAILED;
1592  }
1593 #ifdef BUILD_UNIX_SOCKET
1594  } else if (strcmp((long_opts[option_index]).name , "unix-socket") == 0) {
1595  if (suri->run_mode == RUNMODE_UNKNOWN) {
1596  suri->run_mode = RUNMODE_UNIX_SOCKET;
1597  if (optarg) {
1598  if (SCConfSetFinal("unix-command.filename", optarg) != 1) {
1599  SCLogError("failed to set unix-command.filename");
1600  return TM_ECODE_FAILED;
1601  }
1602  }
1603  } else {
1604  SCLogError("more than one run mode "
1605  "has been specified");
1606  PrintUsage(argv[0]);
1607  return TM_ECODE_FAILED;
1608  }
1609 #endif
1610  }
1611  else if(strcmp((long_opts[option_index]).name, "list-app-layer-protocols") == 0) {
1612  /* listing all supported app layer protocols */
1613  } else if (strcmp((long_opts[option_index]).name, "list-app-layer-hooks") == 0) {
1614  /* listing all supported app layer hooks */
1615  } else if (strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
1616 #ifdef UNITTESTS
1617  suri->run_mode = RUNMODE_LIST_UNITTEST;
1618 #else
1619  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to "
1620  "configure when building");
1621  return TM_ECODE_FAILED;
1622 #endif /* UNITTESTS */
1623  } else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
1624  suri->run_mode = RUNMODE_LIST_RUNMODES;
1625  return TM_ECODE_OK;
1626  } else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
1627  if (optarg) {
1628  if (strcmp("short", optarg) != 0) {
1629  suri->keyword_info = optarg;
1630  }
1631  }
1632  } else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
1633  suri->runmode_custom_mode = optarg;
1634  } else if (strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
1635  // do nothing for now
1636  }
1637 #ifdef OS_WIN32
1638  else if (strcmp((long_opts[option_index]).name, "service-install") == 0) {
1639  suri->run_mode = RUNMODE_INSTALL_SERVICE;
1640  return TM_ECODE_OK;
1641  } else if (strcmp((long_opts[option_index]).name, "service-remove") == 0) {
1642  suri->run_mode = RUNMODE_REMOVE_SERVICE;
1643  return TM_ECODE_OK;
1644  } else if (strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
1645  suri->run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1646  return TM_ECODE_OK;
1647  }
1648 #endif /* OS_WIN32 */
1649  else if (strcmp((long_opts[option_index]).name, "pidfile") == 0) {
1650  suri->pid_filename = SCStrdup(optarg);
1651  if (suri->pid_filename == NULL) {
1652  SCLogError("strdup failed: %s", strerror(errno));
1653  return TM_ECODE_FAILED;
1654  }
1655  } else if (strcmp((long_opts[option_index]).name, "disable-detection") == 0) {
1656  g_detect_disabled = suri->disabled_detect = 1;
1657  } else if (strcmp((long_opts[option_index]).name, "disable-hashing") == 0) {
1658  g_disable_hashing = true;
1659  // for rust
1660  SCDisableHashing();
1661  } else if (strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
1662 #ifdef UNITTESTS
1663  unittests_fatal = 1;
1664 #else
1665  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to "
1666  "configure when building");
1667  return TM_ECODE_FAILED;
1668 #endif /* UNITTESTS */
1669  } else if (strcmp((long_opts[option_index]).name, "user") == 0) {
1670 #ifndef HAVE_LIBCAP_NG
1671  SCLogError("libcap-ng is required to"
1672  " drop privileges, but it was not compiled into Suricata.");
1673  return TM_ECODE_FAILED;
1674 #else
1675  suri->user_name = optarg;
1676  suri->do_setuid = true;
1677 #endif /* HAVE_LIBCAP_NG */
1678  } else if (strcmp((long_opts[option_index]).name, "group") == 0) {
1679 #ifndef HAVE_LIBCAP_NG
1680  SCLogError("libcap-ng is required to"
1681  " drop privileges, but it was not compiled into Suricata.");
1682  return TM_ECODE_FAILED;
1683 #else
1684  suri->group_name = optarg;
1685  suri->do_setgid = true;
1686 #endif /* HAVE_LIBCAP_NG */
1687  } else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) {
1688  suri->run_mode = RUNMODE_ERF_FILE;
1689  if (SCConfSetFinal("erf-file.file", optarg) != 1) {
1690  SCLogError("failed to set erf-file.file");
1691  return TM_ECODE_FAILED;
1692  }
1693  } else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
1694 #ifdef HAVE_DAG
1695  if (suri->run_mode == RUNMODE_UNKNOWN) {
1696  suri->run_mode = RUNMODE_DAG;
1697  }
1698  else if (suri->run_mode != RUNMODE_DAG) {
1699  SCLogError("more than one run mode has been specified");
1700  PrintUsage(argv[0]);
1701  return TM_ECODE_FAILED;
1702  }
1703  LiveRegisterDeviceName(optarg);
1704 #else
1705  SCLogError("libdag and a DAG card are required"
1706  " to receive packets using --dag.");
1707  return TM_ECODE_FAILED;
1708 #endif /* HAVE_DAG */
1709  } else if (strcmp((long_opts[option_index]).name, "napatech") == 0) {
1710 #ifdef HAVE_NAPATECH
1711  suri->run_mode = RUNMODE_PLUGIN;
1712 #else
1713  SCLogError("libntapi and a Napatech adapter are required"
1714  " to capture packets using --napatech.");
1715  return TM_ECODE_FAILED;
1716 #endif /* HAVE_NAPATECH */
1717  } else if (strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
1718 #ifdef HAVE_PCAP_SET_BUFF
1719  if (SCConfSetFinal("pcap.buffer-size", optarg) != 1) {
1720  SCLogError("failed to set pcap-buffer-size");
1721  return TM_ECODE_FAILED;
1722  }
1723 #else
1724  SCLogError("The version of libpcap you have"
1725  " doesn't support setting buffer size.");
1726 #endif /* HAVE_PCAP_SET_BUFF */
1727  } else if (strcmp((long_opts[option_index]).name, "build-info") == 0) {
1728  suri->run_mode = RUNMODE_PRINT_BUILDINFO;
1729  return TM_ECODE_OK;
1730  } else if (strcmp((long_opts[option_index]).name, "windivert-forward") == 0) {
1731 #ifdef WINDIVERT
1732  if (suri->run_mode == RUNMODE_UNKNOWN) {
1733  suri->run_mode = RUNMODE_WINDIVERT;
1734  if (WinDivertRegisterQueue(true, optarg) == -1) {
1735  exit(EXIT_FAILURE);
1736  }
1737  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1738  if (WinDivertRegisterQueue(true, optarg) == -1) {
1739  exit(EXIT_FAILURE);
1740  }
1741  } else {
1742  SCLogError("more than one run mode "
1743  "has been specified");
1744  PrintUsage(argv[0]);
1745  exit(EXIT_FAILURE);
1746  }
1747  }
1748  else if(strcmp((long_opts[option_index]).name, "windivert") == 0) {
1749  if (suri->run_mode == RUNMODE_UNKNOWN) {
1750  suri->run_mode = RUNMODE_WINDIVERT;
1751  if (WinDivertRegisterQueue(false, optarg) == -1) {
1752  exit(EXIT_FAILURE);
1753  }
1754  } else if (suri->run_mode == RUNMODE_WINDIVERT) {
1755  if (WinDivertRegisterQueue(false, optarg) == -1) {
1756  exit(EXIT_FAILURE);
1757  }
1758  } else {
1759  SCLogError("more than one run mode "
1760  "has been specified");
1761  PrintUsage(argv[0]);
1762  exit(EXIT_FAILURE);
1763  }
1764 #else
1765  SCLogError("WinDivert not enabled. Make sure to pass --enable-windivert to "
1766  "configure when building.");
1767  return TM_ECODE_FAILED;
1768 #endif /* WINDIVERT */
1769  } else if(strcmp((long_opts[option_index]).name, "reject-dev") == 0) {
1770 #ifdef HAVE_LIBNET11
1771  BUG_ON(optarg == NULL); /* for static analysis */
1772  extern char *g_reject_dev;
1773  extern uint16_t g_reject_dev_mtu;
1774  g_reject_dev = optarg;
1775  int mtu = GetIfaceMTU(g_reject_dev);
1776  if (mtu > 0) {
1777  g_reject_dev_mtu = (uint16_t)mtu;
1778  }
1779 #else
1780  SCLogError("Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1781  return TM_ECODE_FAILED;
1782 #endif
1783  }
1784  else if (strcmp((long_opts[option_index]).name, "set") == 0) {
1785  if (optarg != NULL) {
1786  /* Quick validation. */
1787  char *val = strchr(optarg, '=');
1788  if (val == NULL) {
1789  FatalError("Invalid argument for --set, must be key=val.");
1790  }
1791  if (!SCConfSetFromString(optarg, 1)) {
1792  FatalError("failed to set configuration value %s", optarg);
1793  }
1794  }
1795  }
1796  else if (strcmp((long_opts[option_index]).name, "pcap-file-continuous") == 0) {
1797  if (SCConfSetFinal("pcap-file.continuous", "true") != 1) {
1798  SCLogError("Failed to set pcap-file.continuous");
1799  return TM_ECODE_FAILED;
1800  }
1801  }
1802  else if (strcmp((long_opts[option_index]).name, "pcap-file-delete") == 0) {
1803  if (SCConfSetFinal("pcap-file.delete-when-done", "true") != 1) {
1804  SCLogError("Failed to set pcap-file.delete-when-done");
1805  return TM_ECODE_FAILED;
1806  }
1807  }
1808  else if (strcmp((long_opts[option_index]).name, "pcap-file-recursive") == 0) {
1809  if (SCConfSetFinal("pcap-file.recursive", "true") != 1) {
1810  SCLogError("failed to set pcap-file.recursive");
1811  return TM_ECODE_FAILED;
1812  }
1813  } else if (strcmp((long_opts[option_index]).name, "pcap-file-buffer-size") == 0) {
1814  if (SCConfSetFinal("pcap-file.buffer-size", optarg) != 1) {
1815  SCLogError("failed to set pcap-file.buffer-size");
1816  return TM_ECODE_FAILED;
1817  }
1818  } else if (strcmp((long_opts[option_index]).name, "data-dir") == 0) {
1819  if (optarg == NULL) {
1820  SCLogError("no option argument (optarg) for -d");
1821  return TM_ECODE_FAILED;
1822  }
1823 
1824  if (ConfigSetDataDirectory(optarg) != TM_ECODE_OK) {
1825  SCLogError("Failed to set data directory.");
1826  return TM_ECODE_FAILED;
1827  }
1828  if (ConfigCheckDataDirectory(optarg) != TM_ECODE_OK) {
1829  SCLogError("The data directory \"%s\""
1830  " supplied at the command-line (-d %s) doesn't "
1831  "exist. Shutting down the engine.",
1832  optarg, optarg);
1833  return TM_ECODE_FAILED;
1834  }
1835  suri->set_datadir = true;
1836  } else if (strcmp((long_opts[option_index]).name, "strict-rule-keywords") == 0) {
1837  if (optarg == NULL) {
1838  suri->strict_rule_parsing_string = SCStrdup("all");
1839  } else {
1840  suri->strict_rule_parsing_string = SCStrdup(optarg);
1841  }
1842  if (suri->strict_rule_parsing_string == NULL) {
1843  FatalError("failed to duplicate 'strict' string");
1844  }
1845  } else if (strcmp((long_opts[option_index]).name, "include") == 0) {
1846  if (suri->additional_configs == NULL) {
1847  suri->additional_configs = SCCalloc(2, sizeof(char *));
1848  if (suri->additional_configs == NULL) {
1849  FatalError(
1850  "Failed to allocate memory for additional configuration files: %s",
1851  strerror(errno));
1852  }
1853  suri->additional_configs[0] = optarg;
1854  } else {
1855  for (int i = 0;; i++) {
1856  if (suri->additional_configs[i] == NULL) {
1857  const char **additional_configs =
1858  SCRealloc(suri->additional_configs, (i + 2) * sizeof(char *));
1859  if (additional_configs == NULL) {
1860  FatalError("Failed to allocate memory for additional configuration "
1861  "files: %s",
1862  strerror(errno));
1863  } else {
1864  suri->additional_configs = additional_configs;
1865  }
1866  suri->additional_configs[i] = optarg;
1867  suri->additional_configs[i + 1] = NULL;
1868  break;
1869  }
1870  }
1871  }
1872  } else if (strcmp((long_opts[option_index]).name, "firewall-rules-exclusive") == 0) {
1873  if (suri->firewall_rule_file != NULL) {
1874  SCLogError("can't have multiple --firewall-rules-exclusive options");
1875  return TM_ECODE_FAILED;
1876  }
1877  suri->firewall_rule_file = optarg;
1878  suri->firewall_rule_file_exclusive = true;
1879  suri->is_firewall = true;
1880  } else {
1881  int r = ExceptionSimulationCommandLineParser(
1882  (long_opts[option_index]).name, optarg);
1883  if (r < 0)
1884  return TM_ECODE_FAILED;
1885  }
1886  break;
1887  case 'c':
1888  suri->conf_filename = optarg;
1889  break;
1890  case 'T':
1891  conf_test = 1;
1892  if (SCConfSetFinal("engine.init-failure-fatal", "1") != 1) {
1893  SCLogError("failed to set engine init-failure-fatal");
1894  return TM_ECODE_FAILED;
1895  }
1896  break;
1897 #ifndef OS_WIN32
1898  case 'D':
1899  suri->daemon = 1;
1900  break;
1901 #endif /* OS_WIN32 */
1902  case 'h':
1903  suri->run_mode = RUNMODE_PRINT_USAGE;
1904  return TM_ECODE_OK;
1905  case 'i':
1906  if (optarg == NULL) {
1907  SCLogError("no option argument (optarg) for -i");
1908  return TM_ECODE_FAILED;
1909  }
1910 #ifdef HAVE_AF_PACKET
1911  if (ParseCommandLineAfpacket(suri, optarg) != TM_ECODE_OK) {
1912  return TM_ECODE_FAILED;
1913  }
1914 #else /* not afpacket */
1915  /* warn user if netmap is available */
1916 #if defined HAVE_NETMAP
1917  int i = 0;
1918 #ifdef HAVE_NETMAP
1919  i++;
1920 #endif
1921  SCLogWarning("faster capture "
1922  "option%s %s available:"
1923 #ifdef HAVE_NETMAP
1924  " NETMAP (--netmap=%s)"
1925 #endif
1926  ". Use --pcap=%s to suppress this warning",
1927  i == 1 ? "" : "s", i == 1 ? "is" : "are"
1928 #ifdef HAVE_NETMAP
1929  ,
1930  optarg
1931 #endif
1932  ,
1933  optarg);
1934 #endif /* have faster methods */
1935  if (ParseCommandLinePcapLive(suri, optarg) != TM_ECODE_OK) {
1936  return TM_ECODE_FAILED;
1937  }
1938 #endif
1939  break;
1940  case 'l':
1941  if (optarg == NULL) {
1942  SCLogError("no option argument (optarg) for -l");
1943  return TM_ECODE_FAILED;
1944  }
1945 
1946  if (ConfigSetLogDirectory(optarg) != TM_ECODE_OK) {
1947  SCLogError("Failed to set log directory.");
1948  return TM_ECODE_FAILED;
1949  }
1950  if (ConfigCheckLogDirectoryExists(optarg) != TM_ECODE_OK) {
1951  SCLogError("The logging directory \"%s\""
1952  " supplied at the command-line (-l %s) doesn't "
1953  "exist. Shutting down the engine.",
1954  optarg, optarg);
1955  return TM_ECODE_FAILED;
1956  }
1957  if (!IsLogDirectoryWritable(optarg)) {
1958  SCLogError("The logging directory \"%s\""
1959  " supplied at the command-line (-l %s) is not "
1960  "writable. Shutting down the engine.",
1961  optarg, optarg);
1962  return TM_ECODE_FAILED;
1963  }
1964  suri->set_logdir = true;
1965 
1966  break;
1967  case 'q':
1968 #ifdef NFQ
1969  if (suri->run_mode == RUNMODE_UNKNOWN) {
1970  suri->run_mode = RUNMODE_NFQ;
1971  EngineModeSetIPS();
1972  if (NFQParseAndRegisterQueues(optarg) == -1)
1973  return TM_ECODE_FAILED;
1974  } else if (suri->run_mode == RUNMODE_NFQ) {
1975  if (NFQParseAndRegisterQueues(optarg) == -1)
1976  return TM_ECODE_FAILED;
1977  } else {
1978  SCLogError("more than one run mode "
1979  "has been specified");
1980  PrintUsage(argv[0]);
1981  return TM_ECODE_FAILED;
1982  }
1983 #else
1984  SCLogError("NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when "
1985  "building.");
1986  return TM_ECODE_FAILED;
1987 #endif /* NFQ */
1988  break;
1989  case 'd':
1990 #ifdef IPFW
1991  if (suri->run_mode == RUNMODE_UNKNOWN) {
1992  suri->run_mode = RUNMODE_IPFW;
1993  EngineModeSetIPS();
1994  if (IPFWRegisterQueue(optarg) == -1)
1995  return TM_ECODE_FAILED;
1996  } else if (suri->run_mode == RUNMODE_IPFW) {
1997  if (IPFWRegisterQueue(optarg) == -1)
1998  return TM_ECODE_FAILED;
1999  } else {
2000  SCLogError("more than one run mode "
2001  "has been specified");
2002  PrintUsage(argv[0]);
2003  return TM_ECODE_FAILED;
2004  }
2005 #else
2006  SCLogError("IPFW not enabled. Make sure to pass --enable-ipfw to configure when "
2007  "building.");
2008  return TM_ECODE_FAILED;
2009 #endif /* IPFW */
2010  break;
2011  case 'r':
2012  BUG_ON(optarg == NULL); /* for static analysis */
2013  if (suri->run_mode == RUNMODE_UNKNOWN) {
2014  suri->run_mode = RUNMODE_PCAP_FILE;
2015  } else {
2016  SCLogError("more than one run mode "
2017  "has been specified");
2018  PrintUsage(argv[0]);
2019  return TM_ECODE_FAILED;
2020  }
2021  SCStat buf;
2022  if (SCStatFn(optarg, &buf) != 0) {
2023  SCLogError("pcap file '%s': %s", optarg, strerror(errno));
2024  return TM_ECODE_FAILED;
2025  }
2026  if (SCConfSetFinal("pcap-file.file", optarg) != 1) {
2027  SCLogError("ERROR: Failed to set pcap-file.file\n");
2028  return TM_ECODE_FAILED;
2029  }
2030 
2031  break;
2032  case 's':
2033  if (suri->sig_file != NULL) {
2034  SCLogError("can't have multiple -s options or mix -s and -S.");
2035  return TM_ECODE_FAILED;
2036  }
2037  suri->sig_file = optarg;
2038  break;
2039  case 'S':
2040  if (suri->sig_file != NULL) {
2041  SCLogError("can't have multiple -S options or mix -s and -S.");
2042  return TM_ECODE_FAILED;
2043  }
2044  suri->sig_file = optarg;
2045  suri->sig_file_exclusive = true;
2046  break;
2047  case 'u':
2048 #ifdef UNITTESTS
2049  if (suri->run_mode == RUNMODE_UNKNOWN) {
2050  suri->run_mode = RUNMODE_UNITTEST;
2051  } else {
2052  SCLogError("more than one run mode has"
2053  " been specified");
2054  PrintUsage(argv[0]);
2055  return TM_ECODE_FAILED;
2056  }
2057 #else
2058  SCLogError("unit tests not enabled. Make sure to pass --enable-unittests to configure "
2059  "when building.");
2060  return TM_ECODE_FAILED;
2061 #endif /* UNITTESTS */
2062  break;
2063  case 'U':
2064 #ifdef UNITTESTS
2065  suri->regex_arg = optarg;
2066 
2067  if(strlen(suri->regex_arg) == 0)
2068  suri->regex_arg = NULL;
2069 #endif
2070  break;
2071  case 'V':
2072  suri->run_mode = RUNMODE_PRINT_VERSION;
2073  return TM_ECODE_OK;
2074  case 'F':
2075  if (optarg == NULL) {
2076  SCLogError("no option argument (optarg) for -F");
2077  return TM_ECODE_FAILED;
2078  }
2079 
2080  SetBpfStringFromFile(optarg);
2081  break;
2082  case 'v':
2083  suri->verbose++;
2084  break;
2085  case 'k':
2086  if (optarg == NULL) {
2087  SCLogError("no option argument (optarg) for -k");
2088  return TM_ECODE_FAILED;
2089  }
2090  if (!strcmp("all", optarg))
2091  suri->checksum_validation = 1;
2092  else if (!strcmp("none", optarg))
2093  suri->checksum_validation = 0;
2094  else {
2095  SCLogError("option '%s' invalid for -k", optarg);
2096  return TM_ECODE_FAILED;
2097  }
2098  break;
2099  default:
2100  PrintUsage(argv[0]);
2101  return TM_ECODE_FAILED;
2102  }
2103  }
2104 
2105  if (is_firewall) {
2106  suri->is_firewall = true;
2107  }
2108 
2109  if (suri->disabled_detect && (suri->sig_file != NULL || suri->firewall_rule_file != NULL)) {
2110  SCLogError("can't use -s/-S or --firewall-rules-exclusive when detection is disabled");
2111  return TM_ECODE_FAILED;
2112  }
2113 
2114  /* save the runmode from the command-line (if any) */
2115  suri->aux_run_mode = suri->run_mode;
2116 
2117  if (list_app_layer_protocols)
2118  suri->run_mode = RUNMODE_LIST_APP_LAYERS;
2119  if (list_app_layer_hooks)
2120  suri->run_mode = RUNMODE_LIST_APP_LAYER_HOOKS;
2121  if (list_keywords)
2122  suri->run_mode = RUNMODE_LIST_KEYWORDS;
2123  if (list_unittests)
2124  suri->run_mode = RUNMODE_LIST_UNITTEST;
2125  if (dump_config)
2126  suri->run_mode = RUNMODE_DUMP_CONFIG;
2127  if (dump_features)
2128  suri->run_mode = RUNMODE_DUMP_FEATURES;
2129  if (conf_test)
2130  suri->run_mode = RUNMODE_CONF_TEST;
2131  if (engine_analysis)
2132  suri->run_mode = RUNMODE_ENGINE_ANALYSIS;
2133 
2134  suri->offline = IsRunModeOffline(suri->run_mode);
2135  g_system = suri->system = IsRunModeSystem(suri->run_mode);
2136 
2137  ret = SetBpfString(optind, argv);
2138  if (ret != TM_ECODE_OK)
2139  return ret;
2140 
2141  return TM_ECODE_OK;
2142 }
2143 
2144 #ifdef OS_WIN32
2145 int WindowsInitService(int argc, char **argv)
2146 {
2147  if (SCRunningAsService()) {
2148  char path[MAX_PATH];
2149  char *p = NULL;
2150  strlcpy(path, argv[0], MAX_PATH);
2151  if ((p = strrchr(path, '\\'))) {
2152  *p = '\0';
2153  }
2154  if (!SetCurrentDirectory(path)) {
2155  SCLogError("Can't set current directory to: %s", path);
2156  return -1;
2157  }
2158  SCLogInfo("Current directory is set to: %s", path);
2159  SCServiceInit(argc, argv);
2160  }
2161 
2162  /* Windows socket subsystem initialization */
2163  WSADATA wsaData;
2164  if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
2165  SCLogError("Can't initialize Windows sockets: %d", WSAGetLastError());
2166  return -1;
2167  }
2168 
2169  return 0;
2170 }
2171 #endif /* OS_WIN32 */
2172 
2173 static int MayDaemonize(SCInstance *suri)
2174 {
2175  if (suri->daemon == 1 && suri->pid_filename == NULL) {
2176  const char *pid_filename;
2177 
2178  if (SCConfGet("pid-file", &pid_filename) == 1) {
2179  SCLogInfo("Use pid file %s from config file.", pid_filename);
2180  } else {
2181  pid_filename = DEFAULT_PID_FILENAME;
2182  }
2183  /* The pid file name may be in config memory, but is needed later. */
2184  suri->pid_filename = SCStrdup(pid_filename);
2185  if (suri->pid_filename == NULL) {
2186  SCLogError("strdup failed: %s", strerror(errno));
2187  return TM_ECODE_FAILED;
2188  }
2189  }
2190 
2191  if (suri->pid_filename != NULL && SCPidfileTestRunning(suri->pid_filename) != 0) {
2192  SCFree(suri->pid_filename);
2193  suri->pid_filename = NULL;
2194  return TM_ECODE_FAILED;
2195  }
2196 
2197  if (suri->daemon == 1) {
2198  Daemonize();
2199  }
2200 
2201  if (suri->pid_filename != NULL) {
2202  if (SCPidfileCreate(suri->pid_filename) != 0) {
2203  SCFree(suri->pid_filename);
2204  suri->pid_filename = NULL;
2205  SCLogError("Unable to create PID file, concurrent run of"
2206  " Suricata can occur.");
2207  SCLogError("PID file creation WILL be mandatory for daemon mode"
2208  " in future version");
2209  }
2210  }
2211 
2212  return TM_ECODE_OK;
2213 }
2214 
2215 /* Initialize the user and group Suricata is to run as. */
2216 static int InitRunAs(SCInstance *suri)
2217 {
2218 #ifndef OS_WIN32
2219  /* Try to get user/group to run suricata as if
2220  command line as not decide of that */
2221  if (!suri->do_setuid && !suri->do_setgid) {
2222  const char *id;
2223  if (SCConfGet("run-as.user", &id) == 1) {
2224  suri->do_setuid = true;
2225  suri->user_name = id;
2226  }
2227  if (SCConfGet("run-as.group", &id) == 1) {
2228  suri->do_setgid = true;
2229  suri->group_name = id;
2230  }
2231  }
2232  /* Get the suricata user ID to given user ID */
2233  if (suri->do_setuid) {
2234  SCGetUserID(suri->user_name, suri->group_name, &suri->userid, &suri->groupid);
2235  sc_set_caps = true;
2236  /* Get the suricata group ID to given group ID */
2237  } else if (suri->do_setgid) {
2238  SCGetGroupID(suri->group_name, &suri->groupid);
2239  sc_set_caps = true;
2240  }
2241 #endif
2242  return TM_ECODE_OK;
2243 }
2244 
2245 static int InitSignalHandler(SCInstance *suri)
2246 {
2247  /* registering signals we use */
2248 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2249  UtilSignalHandlerSetup(SIGINT, SignalHandlerSigint);
2250  UtilSignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
2251 #if HAVE_LIBUNWIND
2252  int enabled;
2253  if (SCConfGetBool("logging.stacktrace-on-signal", &enabled) == 0) {
2254  enabled = 1;
2255  }
2256 
2257  if (enabled) {
2258  SCLogInfo("Preparing unexpected signal handling");
2259  struct sigaction stacktrace_action;
2260  memset(&stacktrace_action, 0, sizeof(stacktrace_action));
2261  stacktrace_action.sa_sigaction = SignalHandlerUnexpected;
2262  stacktrace_action.sa_flags = SA_SIGINFO;
2263  sigaction(SIGSEGV, &stacktrace_action, NULL);
2264  sigaction(SIGABRT, &stacktrace_action, NULL);
2265  }
2266 #endif /* HAVE_LIBUNWIND */
2267 #endif
2268 #ifndef OS_WIN32
2269  UtilSignalHandlerSetup(SIGHUP, SignalHandlerSigHup);
2270  UtilSignalHandlerSetup(SIGPIPE, SIG_IGN);
2271  UtilSignalHandlerSetup(SIGSYS, SIG_IGN);
2272 #endif /* OS_WIN32 */
2273 
2274  return TM_ECODE_OK;
2275 }
2276 
2277 /* initialization code for both the main modes and for
2278  * unix socket mode.
2279  *
2280  * Will be run once per pcap in unix-socket mode */
2281 void PreRunInit(const int runmode)
2282 {
2283  if (runmode == RUNMODE_UNIX_SOCKET)
2284  return;
2285 
2286  StatsInit();
2287 #ifdef PROFILE_RULES
2288  SCProfilingRulesGlobalInit();
2289 #endif
2290 #ifdef PROFILING
2291  SCProfilingKeywordsGlobalInit();
2292  SCProfilingPrefilterGlobalInit();
2293  SCProfilingSghsGlobalInit();
2294 #endif /* PROFILING */
2295 #ifdef PROFILE_RULES
2296  SCProfilingInit();
2297 #endif
2298  DefragInit();
2299  FlowInitConfig(FLOW_QUIET);
2300  IPPairInitConfig(FLOW_QUIET);
2301  StreamTcpInitConfig(STREAM_VERBOSE);
2302  AppLayerParserPostStreamSetup();
2303  AppLayerRegisterGlobalCounters();
2304  OutputFilestoreRegisterGlobalCounters();
2305  HttpRangeContainersInit();
2306 }
2307 
2308 /* tasks we need to run before packets start flowing,
2309  * but after we dropped privs */
2310 void PreRunPostPrivsDropInit(const int runmode)
2311 {
2312  if (runmode == RUNMODE_UNIX_SOCKET) {
2313  return;
2314  }
2315 
2316  StatsSetupPostConfigPreOutput();
2317  RunModeInitializeOutputs();
2318  DatasetsInit();
2319  StatsSetupPostConfigPostOutput();
2320 }
2321 
2322 /** \brief clean up / shutdown code for packet modes
2323  *
2324  * Shuts down packet modes, so regular packet runmodes and the
2325  * per pcap mode in the unix socket. */
2326 void PostRunDeinit(const int runmode, struct timeval *start_time)
2327 {
2328  if (runmode == RUNMODE_UNIX_SOCKET)
2329  return;
2330 
2331  TmThreadsUnsealThreads();
2332 
2333  /* needed by FlowWorkToDoCleanup */
2334  PacketPoolInit();
2335 
2336  /* handle graceful shutdown of the flow engine, it's helper
2337  * threads and the packet threads */
2338  FlowDisableFlowManagerThread();
2339  /* disable capture */
2340  TmThreadDisableReceiveThreads();
2341  /* tell relevant packet threads to enter flow timeout loop */
2342  TmThreadDisablePacketThreads(
2343  THV_REQ_FLOW_LOOP, THV_FLOW_LOOP, (TM_FLAG_RECEIVE_TM | TM_FLAG_FLOWWORKER_TM));
2344  /* run cleanup on the flow hash */
2345  FlowWorkToDoCleanup();
2346  /* gracefully shut down all packet threads */
2347  TmThreadDisablePacketThreads(THV_KILL, THV_RUNNING_DONE, TM_FLAG_PACKET_ALL);
2348  SCPrintElapsedTime(start_time);
2349  FlowDisableFlowRecyclerThread();
2350 
2351  /* kill the stats threads */
2352  TmThreadKillThreadsFamily(TVT_MGMT);
2353  TmThreadClearThreadsFamily(TVT_MGMT);
2354 
2355  /* kill packet threads -- already in 'disabled' state */
2356  TmThreadKillThreadsFamily(TVT_PPT);
2357  TmThreadClearThreadsFamily(TVT_PPT);
2358 
2359  PacketPoolDestroy();
2360 
2361  /* mgt and ppt threads killed, we can run non thread-safe
2362  * shutdown functions */
2363  StatsReleaseResources();
2364  DecodeUnregisterCounters();
2365  RunModeShutDown();
2366  FlowShutdown();
2367  IPPairShutdown();
2368  HostCleanup();
2369  StreamTcpFreeConfig(STREAM_VERBOSE);
2370  DefragDestroy();
2371  HttpRangeContainersDestroy();
2372 #ifdef HAVE_HWLOC
2373  TopologyDestroy();
2374 #endif /* HAVE_HWLOC */
2375 
2376  TmqResetQueues();
2377 #ifdef PROFILING
2378  if (profiling_packets_enabled)
2379  SCProfilingDump();
2380  SCProfilingDestroy();
2381 #endif
2382 }
2383 
2384 int SCStartInternalRunMode(int argc, char **argv)
2385 {
2386  SCInstance *suri = &suricata;
2387  /* Treat internal running mode */
2388  switch (suri->run_mode) {
2389  case RUNMODE_LIST_KEYWORDS:
2390  return ListKeywords(suri->keyword_info);
2391  case RUNMODE_LIST_APP_LAYERS:
2392  if (suri->conf_filename != NULL) {
2393  return ListAppLayerProtocols(suri->conf_filename);
2394  } else {
2395  return ListAppLayerProtocols(DEFAULT_CONF_FILE);
2396  }
2397  case RUNMODE_LIST_APP_LAYER_HOOKS:
2398  if (suri->conf_filename != NULL) {
2399  return ListAppLayerHooks(suri->conf_filename);
2400  } else {
2401  return ListAppLayerHooks(DEFAULT_CONF_FILE);
2402  }
2403  case RUNMODE_PRINT_VERSION:
2404  PrintVersion();
2405  return TM_ECODE_DONE;
2406  case RUNMODE_PRINT_BUILDINFO:
2407  PrintBuildInfo();
2408  return TM_ECODE_DONE;
2409  case RUNMODE_PRINT_USAGE:
2410  PrintUsage(argv[0]);
2411  return TM_ECODE_DONE;
2412  case RUNMODE_LIST_RUNMODES:
2413  RunModeListRunmodes();
2414  return TM_ECODE_DONE;
2415  case RUNMODE_LIST_UNITTEST:
2416  RunUnittests(1, suri->regex_arg);
2417  case RUNMODE_UNITTEST:
2418  RunUnittests(0, suri->regex_arg);
2419 #ifdef OS_WIN32
2420  case RUNMODE_INSTALL_SERVICE:
2421  if (SCServiceInstall(argc, argv)) {
2422  return TM_ECODE_FAILED;
2423  }
2424  SCLogInfo("Suricata service has been successfully installed.");
2425  return TM_ECODE_DONE;
2426  case RUNMODE_REMOVE_SERVICE:
2427  if (SCServiceRemove()) {
2428  return TM_ECODE_FAILED;
2429  }
2430  SCLogInfo("Suricata service has been successfully removed.");
2431  return TM_ECODE_DONE;
2432  case RUNMODE_CHANGE_SERVICE_PARAMS:
2433  if (SCServiceChangeParams(argc, argv)) {
2434  return TM_ECODE_FAILED;
2435  }
2436  SCLogInfo("Suricata service startup parameters has been successfully changed.");
2437  return TM_ECODE_DONE;
2438 #endif /* OS_WIN32 */
2439  default:
2440  /* simply continue for other running mode */
2441  break;
2442  }
2443  return TM_ECODE_OK;
2444 }
2445 
2446 int SCFinalizeRunMode(void)
2447 {
2448  SCInstance *suri = &suricata;
2449  switch (suri->run_mode) {
2450  case RUNMODE_UNKNOWN:
2451  PrintUsage(suri->progname);
2452  return TM_ECODE_FAILED;
2453  default:
2454  break;
2455  }
2456 
2457  if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) {
2458  return TM_ECODE_FAILED;
2459  }
2460 
2461  return TM_ECODE_OK;
2462 }
2463 
2464 static void SetupDelayedDetect(SCInstance *suri)
2465 {
2466  /* In offline mode delayed init of detect is a bad idea */
2467  if (suri->offline) {
2468  suri->delayed_detect = 0;
2469  } else {
2470  if (SCConfGetBool("detect.delayed-detect", &suri->delayed_detect) != 1) {
2471  SCConfNode *denode = NULL;
2472  SCConfNode *decnf = SCConfGetNode("detect-engine");
2473  if (decnf != NULL) {
2474  TAILQ_FOREACH(denode, &decnf->head, next) {
2475  if (strcmp(denode->val, "delayed-detect") == 0) {
2476  (void)SCConfGetChildValueBool(
2477  denode, "delayed-detect", &suri->delayed_detect);
2478  }
2479  }
2480  }
2481  }
2482  }
2483 
2484  SCLogConfig("Delayed detect %s", suri->delayed_detect ? "enabled" : "disabled");
2485  if (suri->delayed_detect) {
2486  SCLogInfo("Packets will start being processed before signatures are active.");
2487  }
2488 
2489 }
2490 
2491 static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri)
2492 {
2493  de_ctx->firewall_rule_file_exclusive = suri->firewall_rule_file;
2494 
2495  if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) {
2496  SCLogError("Loading signatures failed.");
2497  if (de_ctx->failure_fatal)
2498  return TM_ECODE_FAILED;
2499  }
2500 
2501  return TM_ECODE_OK;
2502 }
2503 
2504 static int ConfigGetCaptureValue(SCInstance *suri)
2505 {
2506  /* Pull the max pending packets from the config, if not found fall
2507  * back on a sane default. */
2508  intmax_t tmp_max_pending_packets;
2509  if (SCConfGetInt("max-pending-packets", &tmp_max_pending_packets) != 1)
2510  tmp_max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
2511  if (tmp_max_pending_packets < 1 || tmp_max_pending_packets > 2147483648) {
2512  SCLogError("Maximum max-pending-packets setting is 2147483648 and must be greater than 0. "
2513  "Please check %s for errors",
2514  suri->conf_filename);
2515  return TM_ECODE_FAILED;
2516  } else {
2517  max_pending_packets = (uint32_t)tmp_max_pending_packets;
2518  }
2519 
2520  SCLogDebug("Max pending packets set to %" PRIu32, max_pending_packets);
2521 
2522  /* Pull the default packet size from the config, if not found fall
2523  * back on a sane default. */
2524  const char *temp_default_packet_size;
2525  if ((SCConfGet("default-packet-size", &temp_default_packet_size)) != 1) {
2526  int lthread;
2527  int nlive;
2528  int strip_trailing_plus = 0;
2529  switch (suri->run_mode) {
2530  case RUNMODE_AFP_DEV:
2531  /* For AF_PACKET we delay setting the
2532  * default-packet-size until we know more about the
2533  * configuration. */
2534  break;
2535 #ifdef WINDIVERT
2536  case RUNMODE_WINDIVERT: {
2537  /* by default, WinDivert collects from all devices */
2538  const int mtu = GetGlobalMTUWin32();
2539 
2540  if (mtu > 0) {
2541  /* SLL_HEADER_LEN is the longest header + 8 for VLAN */
2542  default_packet_size = mtu + SLL_HEADER_LEN + 8;
2543  break;
2544  }
2545  default_packet_size = DEFAULT_PACKET_SIZE;
2546  break;
2547  }
2548 #endif /* WINDIVERT */
2549  case RUNMODE_NETMAP:
2550  /* in netmap igb0+ has a special meaning, however the
2551  * interface really is igb0 */
2552  strip_trailing_plus = 1;
2553  /* fall through */
2554  case RUNMODE_PLUGIN:
2555  case RUNMODE_PCAP_DEV:
2556  case RUNMODE_AFXDP_DEV:
2557  nlive = LiveGetDeviceCount();
2558  for (lthread = 0; lthread < nlive; lthread++) {
2559  const char *live_dev = LiveGetDeviceName(lthread);
2560  char dev[128]; /* need to be able to support GUID names on Windows */
2561  (void)strlcpy(dev, live_dev, sizeof(dev));
2562 
2563  if (strip_trailing_plus) {
2564  size_t len = strlen(dev);
2565  if (len &&
2566  (dev[len-1] == '+' ||
2567  dev[len-1] == '^' ||
2568  dev[len-1] == '*'))
2569  {
2570  dev[len-1] = '\0';
2571  }
2572  }
2573  LiveDevice *ld = LiveGetDevice(dev);
2574  unsigned int iface_max_packet_size = GetIfaceMaxPacketSize(ld);
2575  if (iface_max_packet_size > default_packet_size)
2576  default_packet_size = iface_max_packet_size;
2577  }
2578  if (default_packet_size)
2579  break;
2580  /* fall through */
2581  default:
2582  default_packet_size = DEFAULT_PACKET_SIZE;
2583  }
2584  } else {
2585  if (ParseSizeStringU32(temp_default_packet_size, &default_packet_size) < 0) {
2586  SCLogError("Error parsing max-pending-packets "
2587  "from conf file - %s. Killing engine",
2588  temp_default_packet_size);
2589  return TM_ECODE_FAILED;
2590  }
2591  }
2592 
2593  SCLogDebug("Default packet size set to %"PRIu32, default_packet_size);
2594 
2595  return TM_ECODE_OK;
2596 }
2597 
2598 static void PostRunStartedDetectSetup(const SCInstance *suri)
2599 {
2600 #ifndef OS_WIN32
2601  /* registering signal handlers we use. We setup usr2 here, so that one
2602  * can't call it during the first sig load phase or while threads are still
2603  * starting up. */
2604  if (DetectEngineEnabled() && suri->delayed_detect == 0) {
2605  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2606  UtilSignalUnblock(SIGUSR2);
2607  }
2608 #endif
2609  if (suri->delayed_detect) {
2610  /* force 'reload', this will load the rules and swap engines */
2611  DetectEngineReload(suri);
2612  SCLogNotice("Signature(s) loaded, Detect thread(s) activated.");
2613 #ifndef OS_WIN32
2614  UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
2615  UtilSignalUnblock(SIGUSR2);
2616 #endif
2617  }
2618 }
2619 
2620 void PostConfLoadedDetectSetup(SCInstance *suri)
2621 {
2622  DetectEngineCtx *de_ctx = NULL;
2623  if (!suri->disabled_detect) {
2624  SetupDelayedDetect(suri);
2625  int mt_enabled = 0;
2626  (void)SCConfGetBool("multi-detect.enabled", &mt_enabled);
2627  int default_tenant = 0;
2628  if (mt_enabled)
2629  (void)SCConfGetBool("multi-detect.default", &default_tenant);
2630  if (DetectEngineMultiTenantSetup(suri->unix_socket_enabled) == -1) {
2631  FatalError("initializing multi-detect "
2632  "detection engine contexts failed.");
2633  }
2634  if (suri->delayed_detect && suri->run_mode != RUNMODE_CONF_TEST) {
2635  de_ctx = DetectEngineCtxInitStubForDD();
2636  } else if (mt_enabled && !default_tenant && suri->run_mode != RUNMODE_CONF_TEST) {
2637  de_ctx = DetectEngineCtxInitStubForMT();
2638  } else {
2639  de_ctx = DetectEngineCtxInit();
2640  }
2641  if (de_ctx == NULL) {
2642  FatalError("initializing detection engine failed.");
2643  }
2644 
2645  if (de_ctx->type == DETECT_ENGINE_TYPE_NORMAL) {
2646  if (LoadSignatures(de_ctx, suri) != TM_ECODE_OK)
2647  exit(EXIT_FAILURE);
2648  }
2649 
2650  gettimeofday(&de_ctx->last_reload, NULL);
2651  DetectEngineAddToMaster(de_ctx);
2652  DetectEngineBumpVersion();
2653  }
2654 }
2655 
2656 static void PostConfLoadedSetupHostMode(void)
2657 {
2658  const char *hostmode = NULL;
2659 
2660  if (SCConfGet("host-mode", &hostmode) == 1) {
2661  if (!strcmp(hostmode, "router")) {
2662  host_mode = SURI_HOST_IS_ROUTER;
2663  } else if (!strcmp(hostmode, "sniffer-only")) {
2664  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2665  } else {
2666  if (strcmp(hostmode, "auto") != 0) {
2667  WarnInvalidConfEntry("host-mode", "%s", "auto");
2668  }
2669  if (EngineModeIsIPS()) {
2670  host_mode = SURI_HOST_IS_ROUTER;
2671  } else {
2672  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2673  }
2674  }
2675  } else {
2676  if (EngineModeIsIPS()) {
2677  host_mode = SURI_HOST_IS_ROUTER;
2678  SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
2679  "default setting 'router'");
2680  } else {
2681  host_mode = SURI_HOST_IS_SNIFFER_ONLY;
2682  SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
2683  "default setting 'sniffer-only'");
2684  }
2685  }
2686 }
2687 
2688 static void SetupUserMode(SCInstance *suri)
2689 {
2690  /* apply 'user mode' config updates here */
2691  if (!suri->system) {
2692  if (!suri->set_logdir) {
2693  /* override log dir to current work dir" */
2694  if (ConfigSetLogDirectory((char *)".") != TM_ECODE_OK) {
2695  FatalError("could not set USER mode logdir");
2696  }
2697  }
2698  if (!suri->set_datadir) {
2699  /* override data dir to current work dir" */
2700  if (ConfigSetDataDirectory((char *)".") != TM_ECODE_OK) {
2701  FatalError("could not set USER mode datadir");
2702  }
2703  }
2704  }
2705 }
2706 
2707 /**
2708  * This function is meant to contain code that needs
2709  * to be run once the configuration has been loaded.
2710  */
2711 int PostConfLoadedSetup(SCInstance *suri)
2712 {
2713  int cnf_firewall_enabled = 0;
2714  if (SCConfGetBool("firewall.enabled", &cnf_firewall_enabled) == 1) {
2715  if (cnf_firewall_enabled == 1) {
2716  suri->is_firewall = true;
2717  } else {
2718  if (suri->is_firewall) {
2719  FatalError("firewall mode enabled through commandline, but disabled in config");
2720  }
2721  }
2722  }
2723  if (suri->is_firewall) {
2724  SCLogWarning("firewall mode is EXPERIMENTAL and subject to change");
2725  EngineModeSetFirewall();
2726  }
2727 
2728  /* load the pattern matchers */
2729  MpmTableSetup();
2730  SpmTableSetup();
2731 
2732  int disable_offloading;
2733  if (SCConfGetBool("capture.disable-offloading", &disable_offloading) == 0)
2734  disable_offloading = 1;
2735  if (disable_offloading) {
2736  LiveSetOffloadDisable();
2737  } else {
2738  LiveSetOffloadWarn();
2739  }
2740 
2741  if (suri->checksum_validation == -1) {
2742  const char *cv = NULL;
2743  if (SCConfGet("capture.checksum-validation", &cv) == 1) {
2744  if (strcmp(cv, "none") == 0) {
2745  suri->checksum_validation = 0;
2746  } else if (strcmp(cv, "all") == 0) {
2747  suri->checksum_validation = 1;
2748  }
2749  }
2750  }
2751  switch (suri->checksum_validation) {
2752  case 0:
2753  SCConfSet("stream.checksum-validation", "0");
2754  break;
2755  case 1:
2756  SCConfSet("stream.checksum-validation", "1");
2757  break;
2758  }
2759 
2760  if (suri->runmode_custom_mode) {
2761  SCConfSet("runmode", suri->runmode_custom_mode);
2762  }
2763 
2764  StorageInit();
2765 #ifdef HAVE_PACKET_EBPF
2766  if (suri->run_mode == RUNMODE_AFP_DEV) {
2767  EBPFRegisterExtension();
2768  LiveDevRegisterExtension();
2769  }
2770 #endif
2771  RegisterFlowBypassInfo();
2772 
2773  MacSetRegisterFlowStorage();
2774  FlowRateRegisterFlowStorage();
2775 
2776  SigTableInit();
2777 
2778 #ifdef HAVE_PLUGINS
2779  SCPluginsLoad(suri->capture_plugin_name, suri->capture_plugin_args);
2780 #endif
2781 
2782  LiveDeviceFinalize(); // must be after EBPF extension registration
2783 
2784  if (RunModeEngineIsIPS(suricata.run_mode, suricata.runmode_custom_mode,
2785  suricata.capture_plugin_name) < 0) {
2786  FatalError("IPS mode setup failed");
2787  }
2788 
2789  if (EngineModeIsUnknown()) { // if still uninitialized, set the default
2790  SCLogInfo("Setting engine mode to IDS mode by default");
2791  EngineModeSetIDS();
2792  }
2793 
2794  SetMasterExceptionPolicy();
2795 
2796  SCConfNode *eps = SCConfGetNode("stats.exception-policy");
2797  if (eps != NULL) {
2798  if (SCConfNodeChildValueIsTrue(eps, "per-app-proto-errors")) {
2799  g_stats_eps_per_app_proto_errors = true;
2800  }
2801  }
2802 
2803  /* Must occur prior to output mod registration
2804  and app layer setup. */
2805  FeatureTrackingRegister();
2806 
2807  AppLayerSetup();
2808 
2809  /* Suricata will use this umask if provided. By default it will use the
2810  umask passed on from the shell. */
2811  const char *custom_umask;
2812  if (SCConfGet("umask", &custom_umask) == 1) {
2813  uint16_t mask;
2814  if (StringParseUint16(&mask, 8, (uint16_t)strlen(custom_umask), custom_umask) > 0) {
2815  umask((mode_t)mask);
2816  }
2817  }
2818 
2819  if (ConfigGetCaptureValue(suri) != TM_ECODE_OK) {
2820  SCReturnInt(TM_ECODE_FAILED);
2821  }
2822 
2823 #ifdef NFQ
2824  if (suri->run_mode == RUNMODE_NFQ)
2825  NFQInitConfig(false);
2826 #endif
2827 
2828  /* Load the Host-OS lookup. */
2829  SCHInfoLoadFromConfig();
2830 
2831  if (suri->run_mode == RUNMODE_ENGINE_ANALYSIS) {
2832  SCLogInfo("== Carrying out Engine Analysis ==");
2833  const char *temp = NULL;
2834  if (SCConfGet("engine-analysis", &temp) == 0) {
2835  SCLogInfo("no engine-analysis parameter(s) defined in conf file. "
2836  "Please define/enable them in the conf to use this "
2837  "feature.");
2838  SCReturnInt(TM_ECODE_FAILED);
2839  }
2840  }
2841 
2842  /* hardcoded initialization code */
2843  SigTableSetup(); /* load the rule keywords */
2844  SigTableApplyStrictCommandLineOption(suri->strict_rule_parsing_string);
2845  TmqhSetup();
2846 
2847  TagInitCtx();
2848  PacketAlertTagInit();
2849  ThresholdInit();
2850  HostBitInitCtx();
2851  IPPairBitInitCtx();
2852 
2853  if (DetectAddressTestConfVars() < 0) {
2854  SCLogError(
2855  "basic address vars test failed. Please check %s for errors", suri->conf_filename);
2856  SCReturnInt(TM_ECODE_FAILED);
2857  }
2858  if (DetectPortTestConfVars() < 0) {
2859  SCLogError("basic port vars test failed. Please check %s for errors", suri->conf_filename);
2860  SCReturnInt(TM_ECODE_FAILED);
2861  }
2862 
2863  RegisterAllModules();
2864  AppLayerHtpNeedFileInspection();
2865 
2866  StorageFinalize();
2867 
2868  TmModuleRunInit();
2869 
2870  if (MayDaemonize(suri) != TM_ECODE_OK)
2871  SCReturnInt(TM_ECODE_FAILED);
2872 
2873  if (InitSignalHandler(suri) != TM_ECODE_OK)
2874  SCReturnInt(TM_ECODE_FAILED);
2875 
2876  /* Check for the existence of the default logging directory which we pick
2877  * from suricata.yaml. If not found, shut the engine down */
2878  suri->log_dir = SCConfigGetLogDirectory();
2879 
2880  if (ConfigCheckLogDirectoryExists(suri->log_dir) != TM_ECODE_OK) {
2881  SCLogError("The logging directory \"%s\" "
2882  "supplied by %s (default-log-dir) doesn't exist. "
2883  "Shutting down the engine",
2884  suri->log_dir, suri->conf_filename);
2885  SCReturnInt(TM_ECODE_FAILED);
2886  }
2887  if (!IsLogDirectoryWritable(suri->log_dir)) {
2888  SCLogError("The logging directory \"%s\" "
2889  "supplied by %s (default-log-dir) is not writable. "
2890  "Shutting down the engine",
2891  suri->log_dir, suri->conf_filename);
2892  SCReturnInt(TM_ECODE_FAILED);
2893  }
2894 
2895  if (suri->disabled_detect) {
2896  SCLogConfig("detection engine disabled");
2897  /* disable raw reassembly */
2898  (void)SCConfSetFinal("stream.reassembly.raw", "false");
2899  }
2900 
2901  HostInitConfig(HOST_VERBOSE);
2902 
2903  CoredumpLoadConfig();
2904 
2905  DecodeGlobalConfig();
2906 
2907  /* hostmode depends on engine mode being set */
2908  PostConfLoadedSetupHostMode();
2909 
2910  PreRunInit(suri->run_mode);
2911 
2912  SCReturnInt(TM_ECODE_OK);
2913 }
2914 
2915 void SuricataMainLoop(void)
2916 {
2917  SCInstance *suri = &suricata;
2918  while(1) {
2919  if (sigterm_count || sigint_count) {
2920  suricata_ctl_flags |= SURICATA_STOP;
2921  }
2922 
2923  if (suricata_ctl_flags & SURICATA_STOP) {
2924  SCLogNotice("Signal Received. Stopping engine.");
2925  break;
2926  }
2927 
2928  TmThreadCheckThreadState();
2929 
2930  if (sighup_count > 0) {
2931  OutputNotifyFileRotation();
2932  sighup_count--;
2933  }
2934 
2935  if (sigusr2_count > 0) {
2936  if (!(DetectEngineReloadIsStart())) {
2937  DetectEngineReloadStart();
2938  DetectEngineReload(suri);
2939  DetectEngineReloadSetIdle();
2940  sigusr2_count--;
2941  }
2942 
2943  } else if (DetectEngineReloadIsStart()) {
2944  DetectEngineReload(suri);
2945  DetectEngineReloadSetIdle();
2946  }
2947 
2948  usleep(10* 1000);
2949  }
2950 }
2951 
2952 /**
2953  * \brief Global initialization common to all runmodes.
2954  *
2955  * This can be used by fuzz targets.
2956  */
2957 
2958 int InitGlobal(void)
2959 {
2960  SCRustInit(&suricata_context);
2961 
2962  SC_ATOMIC_INIT(engine_stage);
2963 
2964  /* initialize the logging subsys */
2965  SCLogInitLogModule(NULL);
2966 
2967  SCSetThreadName("Suricata-Main");
2968 
2969  /* Ignore SIGUSR2 as early as possible. We redeclare interest
2970  * once we're done launching threads. The goal is to either die
2971  * completely or handle any and all SIGUSR2s correctly.
2972  */
2973 #ifndef OS_WIN32
2974  UtilSignalHandlerSetup(SIGUSR2, SIG_IGN);
2975  if (UtilSignalBlock(SIGUSR2)) {
2976  SCLogError("SIGUSR2 initialization error");
2977  return EXIT_FAILURE;
2978  }
2979 #endif
2980 
2981  ParseSizeInit();
2982  RunModeRegisterRunModes();
2983 
2984  /* Initialize the configuration module. */
2985  SCConfInit();
2986  DatalinkTableInit();
2987 
2988  VarNameStoreInit();
2989 
2990  // zero all module storage
2991  memset(tmm_modules, 0, TMM_SIZE * sizeof(TmModule));
2992 
2993  return 0;
2994 }
2995 
2996 void SuricataPreInit(const char *progname)
2997 {
2998  SCInstanceInit(&suricata, progname);
2999 
3000  if (InitGlobal() != 0) {
3001  exit(EXIT_FAILURE);
3002  }
3003 }
3004 
3005 void SuricataInit(void)
3006 {
3007  /* Initializations for global vars, queues, etc (memsets, mutex init..) */
3008  GlobalsInitPreConfig();
3009 
3010  if (suricata.run_mode == RUNMODE_DUMP_CONFIG) {
3011  SCConfDump();
3012  exit(EXIT_SUCCESS);
3013  }
3014 
3015  int tracking = 1;
3016  if (SCConfGetBool("vlan.use-for-tracking", &tracking) == 1 && !tracking) {
3017  /* Ignore vlan_ids when comparing flows. */
3018  g_vlan_mask = 0x0000;
3019  }
3020  SCLogDebug("vlan tracking is %s", tracking == 1 ? "enabled" : "disabled");
3021  if (SCConfGetBool("livedev.use-for-tracking", &tracking) == 1 && !tracking) {
3022  /* Ignore livedev id when comparing flows. */
3023  g_livedev_mask = 0x0000;
3024  }
3025  if (SCConfGetBool("decoder.recursion-level.use-for-tracking", &tracking) == 1 && !tracking) {
3026  /* Ignore recursion level when comparing flows. */
3027  g_recurlvl_mask = 0x00;
3028  }
3029  SetupUserMode(&suricata);
3030  InitRunAs(&suricata);
3031 
3032  /* Since our config is now loaded we can finish configurating the
3033  * logging module. */
3034  SCLogLoadConfig(suricata.daemon, suricata.verbose, suricata.userid, suricata.groupid);
3035 
3036  LogVersion(&suricata);
3037  UtilCpuPrintSummary();
3038  RunModeInitializeThreadSettings();
3039 
3040  if (suricata.run_mode == RUNMODE_CONF_TEST)
3041  SCLogInfo("Running suricata under test mode");
3042 
3043  if (ParseInterfacesList(suricata.aux_run_mode, suricata.pcap_dev) != TM_ECODE_OK) {
3044  exit(EXIT_FAILURE);
3045  }
3046 
3047  if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) {
3048  exit(EXIT_FAILURE);
3049  }
3050 
3051  SCDropMainThreadCaps(suricata.userid, suricata.groupid);
3052 
3053  /* Re-enable coredumps after privileges are dropped. */
3054  CoredumpEnable();
3055 
3056  if (suricata.run_mode != RUNMODE_UNIX_SOCKET && !suricata.disabled_detect) {
3057  suricata.unix_socket_enabled = ConfUnixSocketIsEnable();
3058  }
3059 
3060  PreRunPostPrivsDropInit(suricata.run_mode);
3061 
3062  SCOnLoggingReady();
3063 
3064  LandlockSandboxing(&suricata);
3065 
3066  PostConfLoadedDetectSetup(&suricata);
3067  if (suricata.run_mode == RUNMODE_ENGINE_ANALYSIS) {
3068  goto out;
3069  } else if (suricata.run_mode == RUNMODE_CONF_TEST){
3070  SCLogNotice("Configuration provided was successfully loaded. Exiting.");
3071  goto out;
3072  } else if (suricata.run_mode == RUNMODE_DUMP_FEATURES) {
3073  FeatureDump();
3074  goto out;
3075  }
3076 
3077  if (suricata.run_mode == RUNMODE_DPDK)
3078  prerun_snap = SystemHugepageSnapshotCreate();
3079 
3080  SCSetStartTime(&suricata);
3081  if (suricata.run_mode != RUNMODE_UNIX_SOCKET) {
3082  UnixManagerThreadSpawnNonRunmode(suricata.unix_socket_enabled);
3083  }
3084  RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode, suricata.capture_plugin_name,
3085  suricata.capture_plugin_args);
3086  return;
3087 
3088 out:
3089  GlobalsDestroy();
3090  exit(EXIT_SUCCESS);
3091 }
3092 
3093 void SuricataShutdown(void)
3094 {
3095  /* Update the engine stage/status flag */
3096  SC_ATOMIC_SET(engine_stage, SURICATA_DEINIT);
3097 
3098  UnixSocketKillSocketThread();
3099  PostRunDeinit(suricata.run_mode, &suricata.start_time);
3100  /* kill remaining threads */
3101  TmThreadKillThreads();
3102 }
3103 
3104 void SuricataPostInit(void)
3105 {
3106  /* Wait till all the threads have been initialized */
3107  if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) {
3108  SystemHugepageSnapshotDestroy(prerun_snap);
3109  FatalError("Engine initialization failed, "
3110  "aborting...");
3111  }
3112 
3113  int limit_nproc = 0;
3114  if (SCConfGetBool("security.limit-noproc", &limit_nproc) == 0) {
3115  limit_nproc = 0;
3116  }
3117 
3118 #if defined(SC_ADDRESS_SANITIZER)
3119  if (limit_nproc) {
3120  SCLogWarning(
3121  "\"security.limit-noproc\" (setrlimit()) not set when using address sanitizer");
3122  limit_nproc = 0;
3123  }
3124 #endif
3125 
3126  if (limit_nproc) {
3127 #if defined(HAVE_SYS_RESOURCE_H)
3128 #ifdef linux
3129  if (geteuid() == 0) {
3130  SCLogWarning("setrlimit has no effect when running as root.");
3131  }
3132 #endif
3133  struct rlimit r = { 0, 0 };
3134  if (setrlimit(RLIMIT_NPROC, &r) != 0) {
3135  SCLogWarning("setrlimit failed to prevent process creation.");
3136  }
3137 #else
3138  SCLogWarning("setrlimit unavailable.");
3139 #endif
3140  }
3141 
3142  SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
3143  PacketPoolPostRunmodes();
3144 
3145  /* Un-pause all the paused threads */
3146  TmThreadContinueThreads();
3147 
3148  /* Must ensure all threads are fully operational before continuing with init process */
3149  if (TmThreadWaitOnThreadRunning() != TM_ECODE_OK) {
3150  SystemHugepageSnapshotDestroy(prerun_snap);
3151  exit(EXIT_FAILURE);
3152  }
3153 
3154  /* Print notice and send OS specific notification of threads in running state */
3155  OnNotifyRunning();
3156 
3157  PostRunStartedDetectSetup(&suricata);
3158  if (suricata.run_mode == RUNMODE_DPDK) { // only DPDK uses hpages at the moment
3159  SystemHugepageSnapshot *postrun_snap = SystemHugepageSnapshotCreate();
3160  SystemHugepageEvaluateHugepages(prerun_snap, postrun_snap);
3161  SystemHugepageSnapshotDestroy(prerun_snap);
3162  SystemHugepageSnapshotDestroy(postrun_snap);
3163  }
3164  SCPledge();
3165 }
RUNMODE_LIST_APP_LAYERS
@ RUNMODE_LIST_APP_LAYERS
Definition: runmodes.h:47
SCRunMode
enum SCRunModes SCRunMode
RUNMODE_ENGINE_ANALYSIS
@ RUNMODE_ENGINE_ANALYSIS
Definition: runmodes.h:56
util-device-private.h
DefragDestroy
void DefragDestroy(void)
Definition: defrag.c:1129
util-byte.h
SCInstance_::is_firewall
bool is_firewall
Definition: suricata.h:145
TmModuleUnixManagerRegister
void TmModuleUnixManagerRegister(void)
Definition: unix-manager.c:1291
StatsReleaseResources
void StatsReleaseResources(void)
Releases the resources allotted by the Stats API.
Definition: counters.c:1263
source-nflog.h
TagInitCtx
void TagInitCtx(void)
Definition: detect-engine-tag.c:52
TmModuleReceiveIPFWRegister
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
Definition: source-ipfw.c:151
flow-bypass.h
len
uint8_t len
Definition: app-layer-dnp3.h:2
SuricataMainLoop
void SuricataMainLoop(void)
Definition: suricata.c:2915
ExceptionSimulationCommandLineParser
int ExceptionSimulationCommandLineParser(const char *name, const char *arg)
Definition: util-exception-policy.c:384
SCInstance_::run_mode
enum SCRunModes run_mode
Definition: suricata.h:134
ippair.h
g_livedev_mask
uint16_t g_livedev_mask
Definition: suricata.c:206
SCInstance_::firewall_rule_file
char * firewall_rule_file
Definition: suricata.h:142
RUNMODE_AFXDP_DEV
@ RUNMODE_AFXDP_DEV
Definition: runmodes.h:37
app-layer-htp-range.h
AppLayerHtpNeedFileInspection
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
Definition: app-layer-htp.c:575
detect-engine.h
source-pcap.h
SCInstance_::groupid
uint32_t groupid
Definition: suricata.h:156
g_system
bool g_system
Definition: suricata.c:191
TmThreadDisablePacketThreads
void TmThreadDisablePacketThreads(const uint16_t set, const uint16_t check, const uint8_t module_flags)
Disable all packet threads.
Definition: tm-threads.c:1536
win32-syscall.h
SCInstance_::aux_run_mode
enum SCRunModes aux_run_mode
Definition: suricata.h:135
SCInstance_::daemon
int daemon
Definition: suricata.h:165
IPPairInitConfig
void IPPairInitConfig(bool quiet)
initialize the configuration
Definition: ippair.c:162
SCLogInitLogModule
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
Definition: util-debug.c:1390
SLL_HEADER_LEN
#define SLL_HEADER_LEN
Definition: decode-sll.h:27
SCInstance_::checksum_validation
int checksum_validation
Definition: suricata.h:168
LiveDeviceListClean
int LiveDeviceListClean(void)
Definition: util-device.c:334
SCInstance_::do_setuid
bool do_setuid
Definition: suricata.h:152
DetectEngineDeReference
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
Definition: detect-engine.c:4633
StorageInit
void StorageInit(void)
Definition: util-storage.c:70
SCInstance_::start_time
struct timeval start_time
Definition: suricata.h:171
IsRunModeOffline
bool IsRunModeOffline(enum SCRunModes run_mode_to_check)
Definition: runmodes.c:561
SC_ATOMIC_INIT
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
Definition: util-atomic.h:314
prerun_snap
SystemHugepageSnapshot * prerun_snap
Definition: suricata.c:217
TmThreadContinueThreads
void TmThreadContinueThreads(void)
Unpauses all threads present in tv_root.
Definition: tm-threads.c:1990
RUNMODE_NFLOG
@ RUNMODE_NFLOG
Definition: runmodes.h:32
source-pcap-file.h
SCInstance_::do_setgid
bool do_setgid
Definition: suricata.h:153
CLS
#define CLS
Definition: suricata-common.h:69
stream-tcp.h
DetectEngineCtx_::type
enum DetectEngineType type
Definition: detect.h:1053
SigLoadSignatures
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
Definition: detect-engine-loader.c:372
runmode-af-packet.h
SCInstance_::group_name
const char * group_name
Definition: suricata.h:151
DetectEngineCtx_::firewall_rule_file_exclusive
const char * firewall_rule_file_exclusive
Definition: detect.h:1144
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SC_ATOMIC_SET
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
Definition: util-atomic.h:386
runmode-unittests.h
RUNMODE_UNKNOWN
@ RUNMODE_UNKNOWN
Definition: runmodes.h:28
TmqhSetup
void TmqhSetup(void)
Definition: tm-queuehandlers.c:39
SCConfGetRootNode
SCConfNode * SCConfGetRootNode(void)
Get the root configuration node.
Definition: conf.c:222
ENGINE_MODE_FIREWALL
@ ENGINE_MODE_FIREWALL
Definition: suricata.h:111
DetectEngineCtxInitStubForDD
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
Definition: detect-engine.c:2599
LiveDevRegisterExtension
void LiveDevRegisterExtension(void)
Definition: util-device.c:485
OutputTxShutdown
void OutputTxShutdown(void)
Definition: output-tx.c:660
THV_FLOW_LOOP
#define THV_FLOW_LOOP
Definition: threadvars.h:48
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:275
AppLayerHtpPrintStats
void AppLayerHtpPrintStats(void)
Definition: app-layer-htp.c:2422
util-hugepages.h
StatsSetupPostConfigPreOutput
void StatsSetupPostConfigPreOutput(void)
Definition: counters.c:886
SCInstance_::runmode_custom_mode
char * runmode_custom_mode
Definition: suricata.h:148
util-coredump-config.h
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SigTableSetup
void SigTableSetup(void)
Definition: detect-engine-register.c:522
TmModuleReceiveNFQRegister
void TmModuleReceiveNFQRegister(void)
Definition: source-nfq.c:170
LiveBuildDeviceList
int LiveBuildDeviceList(const char *runmode)
Definition: util-device.c:294
RunModeShutDown
void RunModeShutDown(void)
Definition: runmodes.c:579
SuricataInit
void SuricataInit(void)
Definition: suricata.c:3005
TM_ECODE_DONE
@ TM_ECODE_DONE
Definition: tm-threads-common.h:83
SCProtoNameInit
void SCProtoNameInit(void)
Definition: util-proto-name.c:417
SuricataPostInit
void SuricataPostInit(void)
Definition: suricata.c:3104
ippair-bit.h
RunModeDispatch
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
Definition: runmodes.c:409
util-macset.h
sigint_count
volatile sig_atomic_t sigint_count
Definition: suricata.c:156
SC_ATOMIC_DECLARE
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
RUNMODE_NFQ
@ RUNMODE_NFQ
Definition: runmodes.h:31
TmModuleRunDeInit
void TmModuleRunDeInit(void)
Definition: tm-modules.c:119
TmThreadsUnsealThreads
void TmThreadsUnsealThreads(void)
Definition: tm-threads.c:2181
RegisterFlowBypassInfo
void RegisterFlowBypassInfo(void)
Definition: flow-util.c:240
SCSetThreadName
#define SCSetThreadName(n)
Definition: threads.h:304
SCConfYamlHandleInclude
int SCConfYamlHandleInclude(SCConfNode *parent, const char *filename)
Include a file in the configuration.
Definition: conf-yaml-loader.c:115
SURI_HOST_IS_ROUTER
@ SURI_HOST_IS_ROUTER
Definition: suricata.h:126
sc_set_caps
bool sc_set_caps
Definition: suricata.c:189
SCLogDeInitLogModule
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
Definition: util-debug.c:1594
LiveDevice_
Definition: util-device-private.h:32
SURICATA_DEINIT
@ SURICATA_DEINIT
Definition: suricata.h:102
util-pidfile.h
TmModuleDecodeErfFileRegister
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
Definition: source-erf-file.c:98
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:932
StringParseUint16
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:337
SigTableInit
void SigTableInit(void)
Definition: detect-engine-register.c:510
DetectEngineReloadSetIdle
void DetectEngineReloadSetIdle(void)
Definition: detect-engine.c:1924
SCInstance_::userid
uint32_t userid
Definition: suricata.h:155
source-windivert-prototypes.h
SCConfGet
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
Definition: conf.c:350
DetectEngineGetCurrent
DetectEngineCtx * DetectEngineGetCurrent(void)
Definition: detect-engine.c:3842
EngineModeIsUnknown
int EngineModeIsUnknown(void)
Definition: suricata.c:230
VarNameStoreInit
void VarNameStoreInit(void)
TmModuleFlowRecyclerRegister
void TmModuleFlowRecyclerRegister(void)
Definition: flow-manager.c:1302
g_skip_prefilter
int g_skip_prefilter
Definition: detect-engine-mpm.c:1075
SCConfNodeChildValueIsTrue
int SCConfNodeChildValueIsTrue(const SCConfNode *node, const char *key)
Test if a configuration node has a true value.
Definition: conf.c:868
Daemonize
void Daemonize(void)
Daemonize the process.
Definition: util-daemon.c:101
UtilSignalHandlerSetup
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
Definition: util-signal.c:60
TAILQ_FOREACH
#define TAILQ_FOREACH(var, head, field)
Definition: queue.h:252
TmModuleDecodeAFPRegister
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
Definition: source-af-packet.c:599
TmModuleDecodeWinDivertRegister
void TmModuleDecodeWinDivertRegister(void)
Definition: source-windivert.c:75
SURICATA_STOP
#define SURICATA_STOP
Definition: suricata.h:94
DetectEngineAddToMaster
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4657
SCConfGetChildValueBool
int SCConfGetChildValueBool(const SCConfNode *base, const char *name, int *val)
Definition: conf.c:515
TmModuleStatsLoggerRegister
void TmModuleStatsLoggerRegister(void)
Definition: output-stats.c:169
RegisterAllModules
void RegisterAllModules(void)
Definition: suricata.c:942
ENGINE_MODE_IPS
@ ENGINE_MODE_IPS
Definition: suricata.h:110
DetectEngineMultiTenantSetup
int DetectEngineMultiTenantSetup(const bool unix_socket)
setup multi-detect / multi-tenancy
Definition: detect-engine.c:4294
flow-bit.h
SupportFastPatternForSigMatchTypes
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
Definition: detect-fast-pattern.c:142
util-var-name.h
suricata_context
const SuricataContext suricata_context
Definition: rust-context.c:27
SCParseCommandLine
TmEcode SCParseCommandLine(int argc, char **argv)
Definition: suricata.c:1364
SCPledge
#define SCPledge(...)
Definition: util-privs.h:99
CheckValidDaemonModes
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
Definition: util-daemon.c:177
SCGetGroupID
void SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
Definition: util-privs.c:210
SCConfGetBool
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
Definition: conf.c:497
unittests_fatal
int unittests_fatal
Definition: util-unittest.c:52
TmThreadDisableReceiveThreads
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
Definition: tm-threads.c:1385
StatsInit
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
Definition: counters.c:876
util-privs.h
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:2281
SURICATA_DONE
#define SURICATA_DONE
Definition: suricata.h:96
MacSetRegisterFlowStorage
void MacSetRegisterFlowStorage(void)
Definition: util-macset.c:62
EngineModeSetFirewall
void EngineModeSetFirewall(void)
Definition: suricata.c:254
SuricataShutdown
void SuricataShutdown(void)
Definition: suricata.c:3093
SCInstance_::conf_filename
const char * conf_filename
Definition: suricata.h:175
GetIfaceMTU
int GetIfaceMTU(const char *dev)
output the link MTU
Definition: util-ioctl.c:82
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:377
TmModuleReceiveNetmapRegister
void TmModuleReceiveNetmapRegister(void)
Definition: source-netmap.c:75
PacketPoolPostRunmodes
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
Definition: tmqh-packetpool.c:459
NFQInitConfig
void NFQInitConfig(bool quiet)
To initialize the NFQ global configuration data.
Definition: source-nfq.c:208
TmModuleReceiveWinDivertRegister
void TmModuleReceiveWinDivertRegister(void)
Definition: source-windivert.c:61
SystemHugepageSnapshot
Definition: util-hugepages.h:44
TVT_PPT
@ TVT_PPT
Definition: tm-threads-common.h:88
EngineModeIsFirewall
bool EngineModeIsFirewall(void)
Definition: suricata.c:235
REVISION
#define REVISION
Definition: suricata-common.h:61
HOST_VERBOSE
#define HOST_VERBOSE
Definition: host.h:92
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:82
SCProfilingDestroy
void SCProfilingDestroy(void)
Free resources used by profiling.
Definition: util-profiling.c:276
AFPPeersListClean
void AFPPeersListClean(void)
Clean the global peers list.
Definition: source-af-packet.c:581
RunModeInitializeOutputs
void RunModeInitializeOutputs(void)
Definition: runmodes.c:769
DetectPortTestConfVars
int DetectPortTestConfVars(void)
Definition: detect-engine-port.c:1106
SCThresholdConfGlobalInit
void SCThresholdConfGlobalInit(void)
Definition: util-threshold-config.c:102
DecodeUnregisterCounters
void DecodeUnregisterCounters(void)
Definition: decode.c:602
SCInstance_::capture_plugin_name
const char * capture_plugin_name
Definition: suricata.h:179
SCConfYamlLoadFile
int SCConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
Definition: conf-yaml-loader.c:477
HostBitInitCtx
void HostBitInitCtx(void)
Definition: host-bit.c:49
EngineMode
EngineMode
Definition: suricata.h:106
SCInstance_::set_datadir
bool set_datadir
Definition: suricata.h:160
tmqh-packetpool.h
IsRunModeSystem
bool IsRunModeSystem(enum SCRunModes run_mode_to_check)
Definition: runmodes.c:548
g_ut_covered
int g_ut_covered
Definition: suricata.c:940
SCInstance_::capture_plugin_args
const char * capture_plugin_args
Definition: suricata.h:180
g_recurlvl_mask
uint8_t g_recurlvl_mask
Definition: suricata.c:210
TmModuleLoggerRegister
void TmModuleLoggerRegister(void)
Definition: output.c:925
host_mode
uint8_t host_mode
Definition: suricata.c:180
FeatureDump
void FeatureDump(void)
Definition: feature.c:144
PacketPoolInit
void PacketPoolInit(void)
Definition: tmqh-packetpool.c:244
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:81
AppLayerDeSetup
int AppLayerDeSetup(void)
De initializes the app layer.
Definition: app-layer.c:1095
RUNMODE_LIST_APP_LAYER_HOOKS
@ RUNMODE_LIST_APP_LAYER_HOOKS
Definition: runmodes.h:48
RUNMODE_UNIX_SOCKET
@ RUNMODE_UNIX_SOCKET
Definition: runmodes.h:42
strlcpy
size_t strlcpy(char *dst, const char *src, size_t siz)
Definition: util-strlcpyu.c:43
PcapTranslateIPToDevice
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
Definition: source-pcap.c:656
FlowDisableFlowRecyclerThread
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
Definition: flow-manager.c:1230
SCRunmodeSet
void SCRunmodeSet(SCRunMode run_mode)
Set the current run mode.
Definition: suricata.c:284
ParseSizeInit
void ParseSizeInit(void)
Definition: util-misc.c:35
TmModuleDecodePcapFileRegister
void TmModuleDecodePcapFileRegister(void)
Definition: source-pcap-file.c:129
TmModuleBypassedFlowManagerRegister
void TmModuleBypassedFlowManagerRegister(void)
Definition: flow-bypass.c:218
IPPairShutdown
void IPPairShutdown(void)
shutdown the flow engine
Definition: ippair.c:290
source-erf-dag.h
THV_RUNNING_DONE
#define THV_RUNNING_DONE
Definition: threadvars.h:46
SCConfInit
void SCConfInit(void)
Initialize the configuration system.
Definition: conf.c:120
util-signal.h
DetectParseFreeRegexes
void DetectParseFreeRegexes(void)
Definition: detect-parse.c:3511
SCConfDump
void SCConfDump(void)
Dump configuration to stdout.
Definition: conf.c:761
TmModuleDecodeNFLOGRegister
void TmModuleDecodeNFLOGRegister(void)
Definition: source-nflog.c:55
NFQParseAndRegisterQueues
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
Definition: source-nfq.c:881
RUNMODE_NETMAP
@ RUNMODE_NETMAP
Definition: runmodes.h:38
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:547
AppLayerSetup
int AppLayerSetup(void)
Setup the app layer.
Definition: app-layer.c:1078
FeatureTrackingRegister
void FeatureTrackingRegister(void)
Definition: feature.c:152
TmModuleReceiveDPDKRegister
void TmModuleReceiveDPDKRegister(void)
Definition: source-dpdk.c:51
UnixManagerThreadSpawnNonRunmode
void UnixManagerThreadSpawnNonRunmode(const bool unix_socket_enabled)
Definition: unix-manager.c:1285
RunModeInitializeThreadSettings
void RunModeInitializeThreadSettings(void)
Definition: runmodes.c:954
StreamTcpInitConfig
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
Definition: stream-tcp.c:488
ENGINE_MODE_UNKNOWN
@ ENGINE_MODE_UNKNOWN
Definition: suricata.h:107
app-layer-htp.h
util-flow-rate.h
datasets.h
GetIfaceMaxPacketSize
int GetIfaceMaxPacketSize(LiveDevice *ld)
output max packet size for a link
Definition: util-ioctl.c:121
SCRunmodeGet
SCRunMode SCRunmodeGet(void)
Get the current run mode.
Definition: suricata.c:279
TmModuleDecodeNetmapRegister
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
Definition: source-netmap.c:85
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2310
feature.h
decode.h
SigTableCleanup
void SigTableCleanup(void)
Definition: detect-engine-register.c:470
DetectEngineMoveToFreeList
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
Definition: detect-engine.c:4717
sigterm_count
volatile sig_atomic_t sigterm_count
Definition: suricata.c:158
source-nfq.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
TmThreadWaitOnThreadInit
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
Definition: tm-threads.c:2029
TmModuleVerdictNFQRegister
void TmModuleVerdictNFQRegister(void)
Definition: source-nfq.c:185
AppLayerRegisterGlobalCounters
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
Definition: app-layer.c:1159
RunModeListRunmodes
void RunModeListRunmodes(void)
Lists all registered runmodes.
Definition: runmodes.c:257
strlcat
size_t strlcat(char *, const char *src, size_t siz)
Definition: util-strlcatu.c:45
util-cpu.h
suricata
SCInstance suricata
Definition: suricata.c:223
SCInstance_::unix_socket_enabled
bool unix_socket_enabled
Definition: suricata.h:161
LiveSetOffloadDisable
void LiveSetOffloadDisable(void)
Definition: util-device.c:77
StatsSetupPostConfigPostOutput
void StatsSetupPostConfigPostOutput(void)
Definition: counters.c:891
EngineModeSetIDS
void EngineModeSetIDS(void)
Definition: suricata.c:264
RUNMODE_LIST_KEYWORDS
@ RUNMODE_LIST_KEYWORDS
Definition: runmodes.h:46
SpmTableSetup
void SpmTableSetup(void)
Definition: util-spm.c:122
TmModuleReceiveAFPRegister
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
Definition: source-af-packet.c:381
RUNMODE_UNITTEST
@ RUNMODE_UNITTEST
Definition: runmodes.h:41
LiveBuildDeviceListCustom
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
Definition: util-device.c:299
util-exception-policy.h
LiveGetDevice
LiveDevice * LiveGetDevice(const char *name)
Get a pointer to the device at idx.
Definition: util-device.c:268
UnixSocketKillSocketThread
void UnixSocketKillSocketThread(void)
Definition: unix-manager.c:1281
TmModuleVerdictIPFWRegister
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
Definition: source-ipfw.c:172
flow-worker.h
SCConfGetInt
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
Definition: conf.c:414
g_stats_eps_per_app_proto_errors
bool g_stats_eps_per_app_proto_errors
Definition: suricata.c:220
HttpRangeContainersInit
void HttpRangeContainersInit(void)
Definition: app-layer-htp-range.c:171
util-reference-config.h
DetectEngineCtx_::last_reload
struct timeval last_reload
Definition: detect.h:1099
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:163
TmModuleVerdictWinDivertRegister
void TmModuleVerdictWinDivertRegister(void)
Definition: source-windivert.c:68
DetectEngineCtx_::failure_fatal
bool failure_fatal
Definition: detect.h:933
SCInstance_::progname
const char * progname
Definition: suricata.h:174
HostCleanup
void HostCleanup(void)
Cleanup the host engine.
Definition: host.c:332
SCEnter
#define SCEnter(...)
Definition: util-debug.h:277
FlowDisableFlowManagerThread
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
Definition: flow-manager.c:132
RUNMODE_DAG
@ RUNMODE_DAG
Definition: runmodes.h:35
util-ebpf.h
SCInstance_::pcap_dev
char pcap_dev[128]
Definition: suricata.h:137
detect.h
util-affinity.h
UtilSignalUnblock
int UtilSignalUnblock(int signum)
Definition: util-signal.c:46
DetectEngineEnabled
int DetectEngineEnabled(void)
Check if detection is enabled.
Definition: detect-engine.c:3809
TmThreadClearThreadsFamily
void TmThreadClearThreadsFamily(int family)
Definition: tm-threads.c:1699
THV_KILL
#define THV_KILL
Definition: threadvars.h:40
THV_REQ_FLOW_LOOP
#define THV_REQ_FLOW_LOOP
Definition: threadvars.h:47
FlowRateRegisterFlowStorage
void FlowRateRegisterFlowStorage(void)
Definition: util-flow-rate.c:60
TmModuleRunInit
void TmModuleRunInit(void)
Definition: tm-modules.c:104
detect-engine-port.h
EngineModeSetIPS
void EngineModeSetIPS(void)
Definition: suricata.c:259
SCInstance_::user_name
const char * user_name
Definition: suricata.h:150
HTPAtExitPrintStats
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
Definition: app-layer-htp.c:1578
util-time.h
UtilSignalBlock
int UtilSignalBlock(int signum)
Definition: util-signal.c:29
SCProfilingPrefilterGlobalInit
void SCProfilingPrefilterGlobalInit(void)
Definition: util-profiling-prefilter.c:61
ThresholdDestroy
void ThresholdDestroy(void)
Definition: detect-engine-threshold.c:71
SCLogWarning
#define SCLogWarning(...)
Macro used to log WARNING messages.
Definition: util-debug.h:255
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2711
GetProgramVersion
const char * GetProgramVersion(void)
get string with program version
Definition: suricata.c:1181
engine_analysis
int engine_analysis
app-layer-parser.h
TmModuleReceivePcapFileRegister
void TmModuleReceivePcapFileRegister(void)
Definition: source-pcap-file.c:116
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:317
runmode-netmap.h
CoredumpLoadConfig
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
Definition: util-coredump-config.c:90
detect-engine-tag.h
IPFWRegisterQueue
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
Definition: source-ipfw.c:700
xstr
#define xstr(s)
Definition: suricata-common.h:307
util-profiling.h
ListAppLayerHooks
int ListAppLayerHooks(const char *conf_filename)
Definition: util-running-modes.c:69
ListAppLayerProtocols
int ListAppLayerProtocols(const char *conf_filename)
Definition: util-running-modes.c:45
SCInstance_::offline
int offline
Definition: suricata.h:166
DatasetsDestroy
void DatasetsDestroy(void)
Definition: datasets.c:774
UtilCpuPrintSummary
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
Definition: util-cpu.c:140
profiling_packets_enabled
int profiling_packets_enabled
Definition: util-profiling.c:94
SystemDNotifyReady
int SystemDNotifyReady(void)
TmThreadKillThreads
void TmThreadKillThreads(void)
Definition: tm-threads.c:1623
OutputDeregisterAll
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
Definition: output.c:658
source-pcap-file-helper.h
PostConfLoadedDetectSetup
void PostConfLoadedDetectSetup(SCInstance *suri)
Definition: suricata.c:2620
EngineModeIsIDS
int EngineModeIsIDS(void)
Definition: suricata.c:248
RUNMODE_PLUGIN
@ RUNMODE_PLUGIN
Definition: runmodes.h:44
util-systemd.h
tmm_modules
TmModule tmm_modules[TMM_SIZE]
Definition: tm-modules.c:29
conf-yaml-loader.h
decode-sll.h
SCConfigGetLogDirectory
const char * SCConfigGetLogDirectory(void)
Definition: util-conf.c:38
coverage_unittests
int coverage_unittests
Definition: suricata.c:938
DatasetsSave
void DatasetsSave(void)
Definition: datasets.c:852
detect-engine-alert.h
conf.h
util-landlock.h
source-ipfw.h
TMM_SIZE
@ TMM_SIZE
Definition: tm-threads-common.h:76
source-netmap.h
OutputNotifyFileRotation
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
Definition: output.c:735
RUNMODE_WINDIVERT
@ RUNMODE_WINDIVERT
Definition: runmodes.h:43
StorageFinalize
int StorageFinalize(void)
Definition: util-storage.c:140
VarNameStoreDestroy
void VarNameStoreDestroy(void)
Definition: util-var-name.c:116
SCInstance_::verbose
int verbose
Definition: suricata.h:167
source-lib.h
TmEcode
TmEcode
Definition: tm-threads-common.h:80
source-windivert.h
TmModuleFlowWorkerRegister
void TmModuleFlowWorkerRegister(void)
Definition: flow-worker.c:814
name
const char * name
Definition: tm-threads.c:2163
max_pending_packets
uint32_t max_pending_packets
Definition: suricata.c:183
util-plugin.h
SCInstance_::additional_configs
const char ** additional_configs
Definition: suricata.h:176
flow-timeout.h
DEFAULT_PID_FILENAME
#define DEFAULT_PID_FILENAME
Definition: suricata.h:88
RUNMODE_AFP_DEV
@ RUNMODE_AFP_DEV
Definition: runmodes.h:36
sighup_count
volatile sig_atomic_t sighup_count
Definition: suricata.c:157
ConfigSetDataDirectory
TmEcode ConfigSetDataDirectory(char *name)
Definition: util-conf.c:66
TmModuleDecodeErfDagRegister
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
Definition: source-erf-dag.c:151
SCInstance_::set_logdir
bool set_logdir
Definition: suricata.h:159
SCDropMainThreadCaps
#define SCDropMainThreadCaps(...)
Definition: util-privs.h:90
TmModuleDebugList
void TmModuleDebugList(void)
Definition: tm-modules.c:31
TmModuleDecodeNFQRegister
void TmModuleDecodeNFQRegister(void)
Definition: source-nfq.c:194
util-proto-name.h
STREAM_VERBOSE
#define STREAM_VERBOSE
Definition: stream-tcp.h:35
defrag.h
TVT_MGMT
@ TVT_MGMT
Definition: tm-threads-common.h:89
SCProtoNameRelease
void SCProtoNameRelease(void)
Definition: util-proto-name.c:438
MpmTableSetup
void MpmTableSetup(void)
Definition: util-mpm.c:224
SCInstance_::log_dir
const char * log_dir
Definition: suricata.h:173
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:270
source-nfq-prototypes.h
SCPluginsLoad
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args)
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:225
TmModuleReceiveNFLOGRegister
void TmModuleReceiveNFLOGRegister(void)
Definition: source-nflog.c:49
DEFAULT_PACKET_SIZE
#define DEFAULT_PACKET_SIZE
Definition: decode.h:699
WarnInvalidConfEntry
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
Definition: util-misc.h:35
TM_FLAG_RECEIVE_TM
#define TM_FLAG_RECEIVE_TM
Definition: tm-modules.h:32
util-host-os-info.h
TmModuleReceiveErfFileRegister
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-file.c:80
SCConfSetFromString
int SCConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
Definition: conf.c:264
RUNMODE_PRINT_USAGE
@ RUNMODE_PRINT_USAGE
Definition: runmodes.h:52
SCConfSetFinal
int SCConfSetFinal(const char *name, const char *val)
Set a final configuration value.
Definition: conf.c:318
TmModule_
Definition: tm-modules.h:47
SCRealloc
#define SCRealloc(ptr, sz)
Definition: util-mem.h:50
TmModuleDecodeAFXDPRegister
void TmModuleDecodeAFXDPRegister(void)
Registration Function for DecodeAFXDP.
Definition: source-af-xdp.c:91
default_packet_size
uint32_t default_packet_size
Definition: decode.c:77
tm-queuehandlers.h
SigTableApplyStrictCommandLineOption
void SigTableApplyStrictCommandLineOption(const char *str)
Definition: detect-parse.c:344
SURI_HOST_IS_SNIFFER_ONLY
@ SURI_HOST_IS_SNIFFER_ONLY
Definition: suricata.h:125
DETECT_ENGINE_TYPE_NORMAL
@ DETECT_ENGINE_TYPE_NORMAL
Definition: detect.h:902
PROG_NAME
#define PROG_NAME
Definition: suricata.h:75
TmThreadKillThreadsFamily
void TmThreadKillThreadsFamily(int family)
Definition: tm-threads.c:1594
detect-fast-pattern.h
FeatureTrackingRelease
void FeatureTrackingRelease(void)
Definition: feature.c:136
TmqhCleanup
void TmqhCleanup(void)
Clean up registration time allocs.
Definition: tm-queuehandlers.c:49
util-dpdk.h
util-conf.h
StreamTcpFreeConfig
void StreamTcpFreeConfig(bool quiet)
Definition: stream-tcp.c:859
source-dpdk.h
flow-manager.h
DecodeGlobalConfig
void DecodeGlobalConfig(void)
Definition: decode.c:1048
SCInstance_::strict_rule_parsing_string
char * strict_rule_parsing_string
Definition: suricata.h:177
SuriHasSigFile
int SuriHasSigFile(void)
Definition: suricata.c:225
suricata-common.h
DetectEngineCtxInitStubForMT
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
Definition: detect-engine.c:2594
util-path.h
util-daemon.h
LiveGetDeviceName
const char * LiveGetDeviceName(int number)
Get a pointer to the device name at idx.
Definition: util-device.c:204
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:691
SCHInfoLoadFromConfig
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
Definition: util-host-os-info.c:281
DetectEngineBumpVersion
void DetectEngineBumpVersion(void)
Definition: detect-engine.c:3833
source-af-xdp.h
TmModuleFlowManagerRegister
void TmModuleFlowManagerRegister(void)
Definition: flow-manager.c:1288
SCStartInternalRunMode
int SCStartInternalRunMode(int argc, char **argv)
Definition: suricata.c:2384
SCPidfileTestRunning
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
Definition: util-pidfile.c:105
HostShutdown
void HostShutdown(void)
shutdown the flow engine
Definition: host.c:296
DOC_URL
#define DOC_URL
Definition: suricata.h:90
SCFstatFn
#define SCFstatFn(fd, statbuf)
Definition: util-path.h:34
output-filestore.h
LiveSetOffloadWarn
void LiveSetOffloadWarn(void)
Definition: util-device.c:82
ParseSizeDeinit
void ParseSizeDeinit(void)
Definition: util-misc.c:54
util-classification-config.h
SCConfDeInit
void SCConfDeInit(void)
De-initializes the configuration system.
Definition: conf.c:703
RunModeRegisterRunModes
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
Definition: runmodes.c:231
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(...)
Definition: util-debug.h:510
SCProfilingDump
void SCProfilingDump(void)
Definition: util-profiling.c:311
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:101
TmModuleReceiveAFXDPRegister
void TmModuleReceiveAFXDPRegister(void)
Definition: source-af-xdp.c:77
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:465
SCInstance_::sig_file
char * sig_file
Definition: suricata.h:138
RUNMODE_PRINT_VERSION
@ RUNMODE_PRINT_VERSION
Definition: runmodes.h:50
ParseSizeStringU32
int ParseSizeStringU32(const char *size, uint32_t *res)
Definition: util-misc.c:173
TmModuleReceiveErfDagRegister
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
Definition: source-erf-dag.c:133
IPPairBitInitCtx
void IPPairBitInitCtx(void)
Definition: ippair-bit.c:49
ConfigSetLogDirectory
TmEcode ConfigSetLogDirectory(const char *name)
Definition: util-conf.c:33
util-validate.h
TmModuleDecodeIPFWRegister
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
Definition: source-ipfw.c:188
source-af-packet.h
ConfUnixSocketIsEnable
int ConfUnixSocketIsEnable(void)
Definition: util-conf.c:136
TM_FLAG_PACKET_ALL
#define TM_FLAG_PACKET_ALL
Definition: tm-modules.h:40
SCLogConfig
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
g_vlan_mask
uint16_t g_vlan_mask
Definition: suricata.c:202
RUNMODE_ERF_FILE
@ RUNMODE_ERF_FILE
Definition: runmodes.h:34
DatasetsInit
int DatasetsInit(void)
Definition: datasets.c:622
RUNMODE_DUMP_CONFIG
@ RUNMODE_DUMP_CONFIG
Definition: runmodes.h:53
sigusr2_count
volatile sig_atomic_t sigusr2_count
Definition: suricata.c:159
SystemHugepageSnapshotDestroy
void SystemHugepageSnapshotDestroy(SystemHugepageSnapshot *s)
Definition: util-hugepages.c:304
TmModuleDecodePcapRegister
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
Definition: source-pcap.c:153
util-running-modes.h
SCLoadYamlConfig
TmEcode SCLoadYamlConfig(void)
Definition: suricata.c:1007
unix-manager.h
runmode-af-xdp.h
str
#define str(s)
Definition: suricata-common.h:308
ConfigCheckDataDirectory
TmEcode ConfigCheckDataDirectory(const char *data_dir)
Definition: util-conf.c:99
SCConfGetNode
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
Definition: conf.c:181
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:267
g_detect_disabled
int g_detect_disabled
Definition: suricata.c:186
DetectEngineReloadStart
int DetectEngineReloadStart(void)
Definition: detect-engine.c:1898
SCFree
#define SCFree(p)
Definition: util-mem.h:61
TopologyDestroy
void TopologyDestroy(void)
DEFAULT_CONF_FILE
#define DEFAULT_CONF_FILE
Definition: suricata.h:84
SC_LOG_MAX_LOG_MSG_LEN
#define SC_LOG_MAX_LOG_MSG_LEN
Definition: util-debug.h:85
AppLayerParserPostStreamSetup
void AppLayerParserPostStreamSetup(void)
Definition: app-layer-parser.c:272
TmModuleReceivePcapRegister
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
Definition: source-pcap.c:135
RUNMODE_DPDK
@ RUNMODE_DPDK
Definition: runmodes.h:39
SCGetUserID
void SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
Definition: util-privs.c:143
util-ioctl.h
detect-parse.h
RUNMODE_PCAP_DEV
@ RUNMODE_PCAP_DEV
Definition: runmodes.h:29
SCInstance_::system
bool system
Definition: suricata.h:158
SCInstance_::pid_filename
char * pid_filename
Definition: suricata.h:140
TmModuleRespondRejectRegister
void TmModuleRespondRejectRegister(void)
Definition: respond-reject.c:50
CoredumpEnable
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
Definition: util-coredump-config.c:57
RunUnittests
void RunUnittests(int list_unittests, const char *regex_arg)
Definition: runmode-unittests.c:233
source-erf-file.h
ConfigCheckLogDirectoryExists
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
Definition: util-conf.c:56
SCConfSet
int SCConfSet(const char *name, const char *val)
Set a configuration value.
Definition: conf.c:239
TimeDeinit
void TimeDeinit(void)
Definition: util-time.c:87
PacketAlertTagInit
void PacketAlertTagInit(void)
Definition: detect-engine-alert.c:46
RunModeEngineIsIPS
int RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
Definition: runmodes.c:379
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2604
SCOnLoggingReady
void SCOnLoggingReady(void)
Invokes all registered logging ready callbacks.
Definition: output.c:778
TmModuleDecodeLibRegister
void TmModuleDecodeLibRegister(void)
register a "Decode" module for suricata as a library.
Definition: source-lib.c:107
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:242
SCProfilingKeywordsGlobalInit
void SCProfilingKeywordsGlobalInit(void)
Definition: util-profiling-keywords.c:61
suricata.h
EngineDone
void EngineDone(void)
Used to indicate that the current task is done.
Definition: suricata.c:476
SCInstance_::firewall_rule_file_exclusive
bool firewall_rule_file_exclusive
Definition: suricata.h:143
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:43
GetDocURL
const char * GetDocURL(void)
Definition: suricata.c:1160
util-mpm-hs.h
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
clean up / shutdown code for packet modes
Definition: suricata.c:2326
HostInitConfig
void HostInitConfig(bool quiet)
initialize the configuration
Definition: host.c:168
TmThreadWaitOnThreadRunning
TmEcode TmThreadWaitOnThreadRunning(void)
Waits for all threads to be in a running state.
Definition: tm-threads.c:1921
HttpRangeContainersDestroy
void HttpRangeContainersDestroy(void)
Definition: app-layer-htp-range.c:204
RUNMODE_CONF_TEST
@ RUNMODE_CONF_TEST
Definition: runmodes.h:54
SCLogLoadConfig
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
Definition: util-debug.c:1420
DetectEngineReload
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
Definition: detect-engine.c:4784
DEFAULT_MAX_PENDING_PACKETS
#define DEFAULT_MAX_PENDING_PACKETS
Definition: suricata.c:169
SCInstance_
Definition: suricata.h:133
DetectEngineClearMaster
void DetectEngineClearMaster(void)
Definition: detect-engine.c:4757
SetMasterExceptionPolicy
void SetMasterExceptionPolicy(void)
Definition: util-exception-policy.c:63
id
uint32_t id
Definition: detect-flowbits.c:938
TmThreadCheckThreadState
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
Definition: tm-threads.c:2006
OutputFilestoreRegisterGlobalCounters
void OutputFilestoreRegisterGlobalCounters(void)
Definition: output-filestore.c:513
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:2958
SCInstance_::disabled_detect
int disabled_detect
Definition: suricata.h:164
LiveGetDeviceCount
int LiveGetDeviceCount(void)
Get the number of registered devices.
Definition: util-device.c:170
SystemHugepageSnapshotCreate
SystemHugepageSnapshot * SystemHugepageSnapshotCreate(void)
The function creates a snapshot of the system's hugepage usage per NUMA node and per hugepage size....
Definition: util-hugepages.c:323
SCProfilingSghsGlobalInit
void SCProfilingSghsGlobalInit(void)
Definition: util-profiling-rulegroups.c:61
SCPidfileCreate
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
Definition: util-pidfile.c:42
LiveRegisterDeviceName
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
Definition: util-device.c:103
SCStatFn
#define SCStatFn(pathname, statbuf)
Definition: util-path.h:35
ENGINE_MODE_IDS
@ ENGINE_MODE_IDS
Definition: suricata.h:108
LiveDeviceFinalize
void LiveDeviceFinalize(void)
Definition: util-device.c:462
TmModuleDecodeDPDKRegister
void TmModuleDecodeDPDKRegister(void)
Registration Function for DecodeDPDK.
Definition: source-dpdk.c:65
SCInstance_::sig_file_exclusive
bool sig_file_exclusive
Definition: suricata.h:139
PROG_VER
#define PROG_VER
Definition: suricata.h:76
util-misc.h
PacketPoolDestroy
void PacketPoolDestroy(void)
Definition: tmqh-packetpool.c:274
HTPFreeConfig
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
Definition: app-layer-htp.c:1591
flow.h
LandlockSandboxing
void LandlockSandboxing(SCInstance *suri)
Definition: util-landlock.c:36
respond-reject.h
SCInstance_::regex_arg
char * regex_arg
Definition: suricata.h:141
ListKeywords
int ListKeywords(const char *keyword_info)
Definition: util-running-modes.c:33
SCLogNotice
#define SCLogNotice(...)
Macro used to log NOTICE messages.
Definition: util-debug.h:243
SuricataPreInit
void SuricataPreInit(const char *progname)
Definition: suricata.c:2996
RUNMODE_PCAP_FILE
@ RUNMODE_PCAP_FILE
Definition: runmodes.h:30
DPDKCleanupEAL
void DPDKCleanupEAL(void)
Definition: util-dpdk.c:30
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
SCReturnInt
#define SCReturnInt(x)
Definition: util-debug.h:281
RUNMODE_PRINT_BUILDINFO
@ RUNMODE_PRINT_BUILDINFO
Definition: runmodes.h:51
SCConfNode_
Definition: conf.h:37
SCPidfileRemove
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
Definition: util-pidfile.c:83
SCConfNode_::val
char * val
Definition: conf.h:39
ThresholdInit
void ThresholdInit(void)
Definition: detect-engine-threshold.c:66
TimeInit
void TimeInit(void)
Definition: util-time.c:79
SCInstance_::keyword_info
char * keyword_info
Definition: suricata.h:147
RUNMODE_LIST_UNITTEST
@ RUNMODE_LIST_UNITTEST
Definition: runmodes.h:55
NFQContextsClean
void NFQContextsClean(void)
Clean global contexts. Must be called on exit.
Definition: source-nfq.c:1302
SystemHugepageEvaluateHugepages
void SystemHugepageEvaluateHugepages(SystemHugepageSnapshot *pre_s, SystemHugepageSnapshot *post_s)
The function compares two hugepage snapshots and prints out recommendations for hugepage configuratio...
Definition: util-hugepages.c:363
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
SCFinalizeRunMode
int SCFinalizeRunMode(void)
Definition: suricata.c:2446
SCStat
struct stat SCStat
Definition: util-path.h:33
SCProfilingInit
void SCProfilingInit(void)
Initialize profiling.
Definition: util-profiling.c:133
g_ut_modules
int g_ut_modules
Definition: suricata.c:939
detect-engine-address.h
GlobalsDestroy
void GlobalsDestroy(void)
Definition: suricata.c:385
output.h
util-threshold-config.h
DefragInit
void DefragInit(void)
Definition: defrag.c:1109
DetectEngineReloadIsStart
int DetectEngineReloadIsStart(void)
Definition: detect-engine.c:1912
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:172
RUNMODE_IPFW
@ RUNMODE_IPFW
Definition: runmodes.h:33
host-bit.h
detect-engine-threshold.h
TM_FLAG_FLOWWORKER_TM
#define TM_FLAG_FLOWWORKER_TM
Definition: tm-modules.h:34
RUNMODE_LIST_RUNMODES
@ RUNMODE_LIST_RUNMODES
Definition: runmodes.h:49
app-layer.h
TagDestroyCtx
void TagDestroyCtx(void)
Destroy tag context hash tables.
Definition: detect-engine-tag.c:72
DetectAddressTestConfVars
int DetectAddressTestConfVars(void)
Definition: detect-engine-address.c:1217
g_disable_randomness
int g_disable_randomness
Definition: suricata.c:195
geteuid
#define geteuid()
Definition: win32-misc.h:41
FlowWorkToDoCleanup
void FlowWorkToDoCleanup(void)
Clean up all the flows that have unprocessed segments and have some work to do in the detection engin...
Definition: flow-timeout.c:421
MpmHSGlobalCleanup
void MpmHSGlobalCleanup(void)
RUNMODE_DUMP_FEATURES
@ RUNMODE_DUMP_FEATURES
Definition: runmodes.h:62
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:214
TmqResetQueues
void TmqResetQueues(void)
Definition: tm-queues.c:80