Go to the documentation of this file.
34 #ifdef HAVE_SYS_RESOURCE_H
36 #include <sys/resource.h>
143 #ifdef SYSTEMD_NOTIFY
168 #define DEFAULT_MAX_PENDING_PACKETS 1024
193 #ifndef AFLFUZZ_NO_RANDOM
283 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
284 static void SignalHandlerSigint(
int sig)
288 static void SignalHandlerSigterm(
int sig)
294 #define UNW_LOCAL_ONLY
295 #include <libunwind.h>
296 static void SignalHandlerUnexpected(
int sig_num, siginfo_t *info,
void *context)
301 signal(SIGABRT, SIG_DFL);
302 signal(SIGSEGV, SIG_DFL);
304 if ((r = unw_init_local(&cursor, (unw_context_t *)(context)) != 0)) {
305 SCLogError(
"unable to obtain stack trace: unw_init_local: %s", unw_strerror(r));
314 if (unw_is_signal_frame(&cursor) == 0) {
317 if (unw_get_proc_name(&cursor,
name,
sizeof(
name), &off) == UNW_ENOMEM) {
326 r = unw_step(&cursor);
336 kill(getpid(), sig_num);
338 #undef UNW_LOCAL_ONLY
348 static void SignalHandlerSigusr2(
int sig)
358 static void SignalHandlerSigHup(
int sig)
411 #ifdef HAVE_AF_PACKET
419 #ifdef BUILD_HYPERSCAN
440 static void OnNotifyRunning(
void)
442 #ifdef SYSTEMD_NOTIFY
468 static int SetBpfString(
int argc,
char *argv[])
470 char *bpf_filter = NULL;
471 uint32_t bpf_len = 0;
476 while(argv[tmpindex] != NULL) {
477 bpf_len+=strlen(argv[tmpindex]) + 1;
489 while(argv[tmpindex] != NULL) {
490 strlcat(bpf_filter, argv[tmpindex],bpf_len);
491 if(argv[tmpindex + 1] != NULL) {
492 strlcat(bpf_filter,
" ", bpf_len);
497 if(strlen(bpf_filter) > 0) {
509 static void SetBpfStringFromFile(
char *filename)
511 char *bpf_filter = NULL;
512 char *bpf_comment_tmp = NULL;
513 char *bpf_comment_start = NULL;
519 fp = fopen(filename,
"r");
521 SCLogError(
"Failed to open file %s", filename);
526 SCLogError(
"Failed to stat file %s", filename);
530 bpf_len = ((size_t)(st.st_size)) + 1;
534 SCLogError(
"Failed to allocate buffer for bpf filter in file %s", filename);
538 nm = fread(bpf_filter, 1, bpf_len - 1, fp);
539 if ((ferror(fp) != 0) || (nm != (bpf_len - 1))) {
540 SCLogError(
"Failed to read complete BPF file %s", filename);
546 bpf_filter[nm] =
'\0';
548 if(strlen(bpf_filter) > 0) {
550 bpf_comment_start = bpf_filter;
551 while((bpf_comment_tmp = strchr(bpf_comment_start,
'#')) != NULL) {
552 while((*bpf_comment_tmp !=
'\0') &&
553 (*bpf_comment_tmp !=
'\r') && (*bpf_comment_tmp !=
'\n'))
555 *bpf_comment_tmp++ =
' ';
557 bpf_comment_start = bpf_comment_tmp;
560 while((bpf_comment_tmp = strchr(bpf_filter,
'\r')) != NULL) {
561 *bpf_comment_tmp =
' ';
563 while((bpf_comment_tmp = strchr(bpf_filter,
'\n')) != NULL) {
564 *bpf_comment_tmp =
' ';
567 while (strlen(bpf_filter) > 0 &&
568 bpf_filter[strlen(bpf_filter)-1] ==
' ')
570 bpf_filter[strlen(bpf_filter)-1] =
'\0';
572 if (strlen(bpf_filter) > 0) {
582 static void PrintUsage(
const char *progname)
589 printf(
"USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
590 printf(
"\t-c <path> : path to configuration file\n");
591 printf(
"\t-T : test configuration file (use with -c)\n");
592 printf(
"\t-i <dev or ip> : run in pcap live mode\n");
593 printf(
"\t-F <bpf filter file> : bpf filter file\n");
594 printf(
"\t-r <path> : run in pcap file/offline mode\n");
596 printf(
"\t-q <qid[:qid]> : run in inline nfqueue mode (use colon to specify a range of queues)\n");
599 printf(
"\t-d <divert port> : run in inline ipfw divert mode\n");
601 printf(
"\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
602 printf(
"\t-S <path> : path to signature file loaded exclusively (optional)\n");
603 printf(
"\t-l <dir> : default log directory\n");
605 printf(
"\t-D : run as daemon\n");
607 printf(
"\t--service-install : install as service\n");
608 printf(
"\t--service-remove : remove service\n");
609 printf(
"\t--service-change-params : change service startup parameters\n");
611 printf(
"\t-k [all|none] : force checksum check (all) or disabled it (none)\n");
612 printf(
"\t-V : display Suricata version\n");
613 printf(
"\t-v : be more verbose (use multiple times to increase verbosity)\n");
615 printf(
"\t-u : run the unittests and exit\n");
616 printf(
"\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
617 printf(
"\t--list-unittests : list unit tests\n");
618 printf(
"\t--fatal-unittests : enable fatal failure on unittest error\n");
619 printf(
"\t--unittests-coverage : display unittest coverage report\n");
621 printf(
"\t--firewall-rules-exclusive=<path> : path to firewall rule file loaded "
623 printf(
"\t--list-app-layer-protos : list supported app layer protocols\n");
624 printf(
"\t--list-app-layer-hooks : list supported app layer hooks for use in "
626 printf(
"\t--list-keywords[=all|csv|<kword>] : list keywords implemented by the engine\n");
627 printf(
"\t--list-runmodes : list supported runmodes\n");
628 printf(
"\t--runmode <runmode_id> : specific runmode modification the engine should run. The argument\n"
629 "\t supplied should be the id for the runmode obtained by running\n"
630 "\t --list-runmodes\n");
631 printf(
"\t--engine-analysis : print reports on analysis of different sections in the engine and exit.\n"
632 "\t Please have a look at the conf parameter engine-analysis on what reports\n"
633 "\t can be printed\n");
634 printf(
"\t--pidfile <file> : write pid to this file\n");
635 printf(
"\t--init-errors-fatal : enable fatal failure on signature init error\n");
636 printf(
"\t--disable-detection : disable detection engine\n");
637 printf(
"\t--dump-config : show the running configuration\n");
638 printf(
"\t--dump-features : display provided features\n");
639 printf(
"\t--build-info : display build information\n");
640 printf(
"\t--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml\n");
641 printf(
"\t--pcap-file-continuous : when running in pcap mode with a directory, continue checking directory for pcaps until interrupted\n");
642 printf(
"\t--pcap-file-delete : when running in replay mode (-r with directory or file), will delete pcap files that have been processed when done\n");
643 printf(
"\t--pcap-file-recursive : will descend into subdirectories when running in replay mode (-r)\n");
644 printf(
"\t--pcap-file-buffer-size : set read buffer size (setvbuf)\n");
645 #ifdef HAVE_PCAP_SET_BUFF
646 printf(
"\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
649 printf(
"\t--dpdk : run in dpdk mode, uses interfaces from "
652 #ifdef HAVE_AF_PACKET
653 printf(
"\t--af-packet[=<dev>] : run in af-packet mode, no value select interfaces from suricata.yaml\n");
656 printf(
"\t--af-xdp[=<dev>] : run in af-xdp mode, no value select "
657 "interfaces from suricata.yaml\n");
660 printf(
"\t--netmap[=<dev>] : run in netmap mode, no value select interfaces from suricata.yaml\n");
663 printf(
"\t--pfring[=<dev>] : run in pfring mode, use interfaces from suricata.yaml\n");
664 printf(
"\t--pfring-int <dev> : run in pfring mode, use interface <dev>\n");
665 printf(
"\t--pfring-cluster-id <id> : pfring cluster id \n");
666 printf(
"\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
668 printf(
"\t--simulate-ips : force engine into IPS mode. Useful for QA\n");
669 #ifdef HAVE_LIBCAP_NG
670 printf(
"\t--user <user> : run suricata as this user after init\n");
671 printf(
"\t--group <group> : run suricata as this group after init\n");
673 printf(
"\t--erf-in <path> : process an ERF file\n");
675 printf(
"\t--dag <dagX:Y> : process ERF records from DAG interface X, stream Y\n");
677 #ifdef BUILD_UNIX_SOCKET
678 printf(
"\t--unix-socket[=<file>] : use unix socket to control suricata work\n");
681 printf(
"\t--windivert <filter> : run in inline WinDivert mode\n");
682 printf(
"\t--windivert-forward <filter> : run in inline WinDivert mode, as a gateway\n");
685 printf(
"\t--reject-dev <dev> : send reject packets from this interface\n");
687 printf(
"\t--include <path> : additional configuration file\n");
688 printf(
"\t--set name=value : set a configuration value\n");
690 printf(
"\nTo run the engine with default configuration on "
691 "interface eth0 with signature file \"signatures.rules\", run the "
692 "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
696 static void PrintBuildInfo(
void)
700 char features[2048] =
"";
705 strlcat(features,
"DEBUG ",
sizeof(features));
707 #ifdef DEBUG_VALIDATION
708 strlcat(features,
"DEBUG_VALIDATION ",
sizeof(features));
711 strlcat(features,
"UNITTESTS ",
sizeof(features));
714 strlcat(features,
"NFQ ",
sizeof(features));
717 strlcat(features,
"IPFW ",
sizeof(features));
719 #ifdef HAVE_PCAP_SET_BUFF
720 strlcat(features,
"PCAP_SET_BUFF ",
sizeof(features));
723 strlcat(features,
"PF_RING ",
sizeof(features));
726 strlcat(features,
"NAPATECH ",
sizeof(features));
728 #ifdef HAVE_AF_PACKET
729 strlcat(features,
"AF_PACKET ",
sizeof(features));
732 strlcat(features,
"NETMAP ",
sizeof(features));
734 #ifdef HAVE_PACKET_FANOUT
735 strlcat(features,
"HAVE_PACKET_FANOUT ",
sizeof(features));
738 strlcat(features,
"DAG ",
sizeof(features));
740 #ifdef HAVE_LIBCAP_NG
741 strlcat(features,
"LIBCAP_NG ",
sizeof(features));
744 strlcat(features,
"LIBNET1.1 ",
sizeof(features));
746 strlcat(features,
"HAVE_HTP_URI_NORMALIZE_HOOK ",
sizeof(features));
747 #ifdef PCRE2_HAVE_JIT
748 strlcat(features,
"PCRE_JIT ",
sizeof(features));
751 strlcat(features,
"HAVE_NSS ",
sizeof(features));
753 strlcat(features,
"HTTP2_DECOMPRESSION ",
sizeof(features));
755 strlcat(features,
"HAVE_LUA ",
sizeof(features));
757 strlcat(features,
"HAVE_JA3 ",
sizeof(features));
760 strlcat(features,
"HAVE_JA4 ",
sizeof(features));
762 strlcat(features,
"HAVE_LIBJANSSON ",
sizeof(features));
764 strlcat(features,
"PROFILING ",
sizeof(features));
766 #ifdef PROFILE_LOCKING
767 strlcat(features,
"PROFILE_LOCKING ",
sizeof(features));
769 #if defined(TLS_C11) || defined(TLS_GNU)
770 strlcat(features,
"TLS ",
sizeof(features));
773 strlcat(features,
"TLS_C11 ",
sizeof(features));
774 #elif defined(TLS_GNU)
775 strlcat(features,
"TLS_GNU ",
sizeof(features));
778 strlcat(features,
"MAGIC ",
sizeof(features));
780 strlcat(features,
"RUST ",
sizeof(features));
781 #if defined(SC_ADDRESS_SANITIZER)
782 strlcat(features,
"ASAN ",
sizeof(features));
784 #if defined(HAVE_POPCNT64)
785 strlcat(features,
"POPCNT64 ",
sizeof(features));
787 if (strlen(features) == 0) {
788 strlcat(features,
"none",
sizeof(features));
791 printf(
"Features: %s\n", features);
794 memset(features, 0x00,
sizeof(features));
795 #if defined(__SSE4_2__)
796 strlcat(features,
"SSE_4_2 ",
sizeof(features));
798 #if defined(__SSE4_1__)
799 strlcat(features,
"SSE_4_1 ",
sizeof(features));
801 #if defined(__SSE3__)
802 strlcat(features,
"SSE_3 ",
sizeof(features));
804 #if defined(__SSE2__)
805 strlcat(features,
"SSE_2 ",
sizeof(features));
807 if (strlen(features) == 0) {
808 strlcat(features,
"none",
sizeof(features));
810 printf(
"SIMD support: %s\n", features);
813 memset(features, 0x00,
sizeof(features));
814 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1)
815 strlcat(features,
"1 ",
sizeof(features));
817 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2)
818 strlcat(features,
"2 ",
sizeof(features));
820 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
821 strlcat(features,
"4 ",
sizeof(features));
823 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
824 strlcat(features,
"8 ",
sizeof(features));
826 #if defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16)
827 strlcat(features,
"16 ",
sizeof(features));
829 if (strlen(features) == 0) {
830 strlcat(features,
"none",
sizeof(features));
832 strlcat(features,
"byte(s)",
sizeof(features));
834 printf(
"Atomic intrinsics: %s\n", features);
838 #elif __WORDSIZE == 32
841 bits =
"<unknown>-bits";
844 #if __BYTE_ORDER == __BIG_ENDIAN
845 endian =
"Big-endian";
846 #elif __BYTE_ORDER == __LITTLE_ENDIAN
847 endian =
"Little-endian";
849 endian =
"<unknown>-endian";
852 printf(
"%s, %s architecture\n", bits, endian);
854 printf(
"GCC version %s, C version %"PRIiMAX
"\n", __VERSION__, (intmax_t)__STDC_VERSION__);
856 printf(
"C version %"PRIiMAX
"\n", (intmax_t)__STDC_VERSION__);
860 printf(
"compiled with -fstack-protector\n");
863 printf(
"compiled with -fstack-protector-all\n");
872 #if _FORTIFY_SOURCE == 2
873 printf(
"compiled with _FORTIFY_SOURCE=2\n");
874 #elif _FORTIFY_SOURCE == 1
875 printf(
"compiled with _FORTIFY_SOURCE=1\n");
876 #elif _FORTIFY_SOURCE == 0
877 printf(
"compiled with _FORTIFY_SOURCE=0\n");
880 printf(
"L1 cache line size (CLS)=%d\n",
CLS);
883 tls =
"_Thread_local";
884 #elif defined(TLS_GNU)
887 #error "Unsupported thread local"
889 printf(
"thread local storage method: %s\n", tls);
891 printf(
"compiled with %s\n", htp_get_version());
893 #include "build-info.h"
989 static TmEcode ParseInterfacesList(
const int runmode,
char *pcap_dev)
995 if (strlen(pcap_dev) == 0) {
998 SCLogError(
"No interface found in config for pcap");
1005 if (strlen(pcap_dev)) {
1007 SCLogError(
"Failed to set pfring.live-interface");
1014 char iface_selector[] =
"dpdk.interfaces";
1017 SCLogError(
"No interface found in config for %s", iface_selector);
1021 #ifdef HAVE_AF_PACKET
1024 if (strlen(pcap_dev)) {
1026 SCLogError(
"Failed to set af-packet.live-interface");
1032 SCLogError(
"No interface found in config for af-packet");
1040 if (strlen(pcap_dev)) {
1042 SCLogError(
"Failed to set af-xdp.live-interface");
1048 SCLogError(
"No interface found in config for af-xdp");
1056 if (strlen(pcap_dev)) {
1058 SCLogError(
"Failed to set netmap.live-interface");
1064 SCLogError(
"No interface found in config for netmap");
1073 SCLogError(
"No group found in config for nflog");
1082 static void SCInstanceInit(
SCInstance *suri,
const char *progname)
1084 memset(suri, 0x00,
sizeof(*suri));
1111 #if HAVE_DETECT_DISABLED==1
1121 if (strstr(prog_ver,
"RELEASE") != NULL) {
1141 if (strstr(
PROG_VER,
"-dev") == NULL) {
1152 static TmEcode PrintVersion(
void)
1160 const char *mode = suri->
system ?
"SYSTEM" :
"USER";
1161 SCLogNotice(
"This is %s version %s running in %s mode",
1172 static void SCPrintElapsedTime(
struct timeval *start_time)
1174 if (start_time == NULL)
1176 struct timeval end_time;
1177 memset(&end_time, 0,
sizeof(end_time));
1178 gettimeofday(&end_time, NULL);
1179 uint64_t milliseconds = ((end_time.tv_sec - start_time->tv_sec) * 1000) +
1180 (((1000000 + end_time.tv_usec - start_time->tv_usec) / 1000) - 1000);
1181 SCLogInfo(
"time elapsed %.3fs", (
float)milliseconds/(
float)1000);
1184 static int ParseCommandLineAfpacket(
SCInstance *suri,
const char *in_arg)
1186 #ifdef HAVE_AF_PACKET
1198 SCLogInfo(
"Multiple af-packet option without interface on each is useless");
1202 "has been specified");
1208 SCLogError(
"AF_PACKET not enabled. On Linux "
1209 "host, make sure to pass --enable-af-packet to "
1210 "configure when building.");
1215 static int ParseCommandLineAfxdp(
SCInstance *suri,
const char *in_arg)
1229 SCLogInfo(
"Multiple af-xdp options without interface on each is useless");
1233 "has been specified");
1240 "host, make sure correct libraries are installed,"
1241 " see documentation for information.");
1246 static int ParseCommandLineDpdk(
SCInstance *suri,
const char *in_arg)
1252 SCLogInfo(
"Multiple dpdk options have no effect on Suricata");
1255 "has been specified");
1262 "host, make sure to pass --enable-dpdk to "
1263 "configure when building.");
1268 static int ParseCommandLinePcapLive(
SCInstance *suri,
const char *in_arg)
1270 #if defined(OS_WIN32) && !defined(HAVE_LIBWPCAP)
1272 FatalError(
"Live capture not available. To support live capture compile against Npcap.");
1276 if (in_arg != NULL) {
1279 if (strlen(in_arg) > 9 && strncmp(in_arg,
"DeviceNPF", 9) == 0) {
1280 snprintf(suri->
pcap_dev,
sizeof(suri->
pcap_dev),
"\\Device\\NPF%s", in_arg+9);
1286 if (strcmp(suri->
pcap_dev, in_arg) != 0) {
1288 }
else if (strlen(suri->
pcap_dev) > 0 && isdigit((
unsigned char)suri->
pcap_dev[0])) {
1289 SCLogError(
"failed to find a pcap device for IP %s", in_arg);
1303 "has been specified");
1313 static bool IsLogDirectoryWritable(
const char*
str)
1315 if (access(
str, W_OK) == 0)
1327 int dump_config = 0;
1328 int dump_features = 0;
1329 int list_app_layer_protocols = 0;
1330 int list_app_layer_hooks = 0;
1331 int list_unittests = 0;
1332 int list_runmodes = 0;
1333 int list_keywords = 0;
1346 struct option long_opts[] = {
1347 {
"dump-config", 0, &dump_config, 1},
1348 {
"dump-features", 0, &dump_features, 1},
1349 {
"pfring", optional_argument, 0, 0},
1350 {
"pfring-int", required_argument, 0, 0},
1351 {
"pfring-cluster-id", required_argument, 0, 0},
1352 {
"pfring-cluster-type", required_argument, 0, 0},
1356 {
"af-packet", optional_argument, 0, 0},
1357 {
"af-xdp", optional_argument, 0, 0},
1358 {
"netmap", optional_argument, 0, 0},
1359 {
"pcap", optional_argument, 0, 0},
1360 {
"pcap-file-continuous", 0, 0, 0},
1361 {
"pcap-file-delete", 0, 0, 0},
1362 {
"pcap-file-recursive", 0, 0, 0},
1363 {
"pcap-file-buffer-size", required_argument, 0, 0},
1364 {
"simulate-ips", 0, 0 , 0},
1366 {
"strict-rule-keywords", optional_argument, 0, 0},
1368 {
"capture-plugin", required_argument, 0, 0},
1369 {
"capture-plugin-args", required_argument, 0, 0},
1371 #ifdef BUILD_UNIX_SOCKET
1372 {
"unix-socket", optional_argument, 0, 0},
1374 {
"pcap-buffer-size", required_argument, 0, 0},
1375 {
"unittest-filter", required_argument, 0,
'U'},
1376 {
"list-app-layer-protos", 0, &list_app_layer_protocols, 1},
1377 {
"list-app-layer-hooks", 0, &list_app_layer_hooks, 1},
1378 {
"list-unittests", 0, &list_unittests, 1},
1379 {
"list-runmodes", 0, &list_runmodes, 1},
1380 {
"list-keywords", optional_argument, &list_keywords, 1},
1381 {
"runmode", required_argument, NULL, 0},
1384 {
"service-install", 0, 0, 0},
1385 {
"service-remove", 0, 0, 0},
1386 {
"service-change-params", 0, 0, 0},
1388 {
"pidfile", required_argument, 0, 0},
1389 {
"init-errors-fatal", 0, 0, 0},
1390 {
"disable-detection", 0, 0, 0},
1391 {
"disable-hashing", 0, 0, 0},
1392 {
"fatal-unittests", 0, 0, 0},
1394 {
"user", required_argument, 0, 0},
1395 {
"group", required_argument, 0, 0},
1396 {
"erf-in", required_argument, 0, 0},
1397 {
"dag", required_argument, 0, 0},
1398 {
"build-info", 0, &build_info, 1},
1399 {
"data-dir", required_argument, 0, 0},
1401 {
"windivert", required_argument, 0, 0},
1402 {
"windivert-forward", required_argument, 0, 0},
1404 #ifdef HAVE_LIBNET11
1405 {
"reject-dev", required_argument, 0, 0},
1407 {
"set", required_argument, 0, 0},
1409 {
"nflog", optional_argument, 0, 0},
1411 {
"simulate-packet-flow-memcap", required_argument, 0, 0},
1412 {
"simulate-applayer-error-at-offset-ts", required_argument, 0, 0},
1413 {
"simulate-applayer-error-at-offset-tc", required_argument, 0, 0},
1414 {
"simulate-packet-loss", required_argument, 0, 0},
1415 {
"simulate-packet-tcp-reassembly-memcap", required_argument, 0, 0},
1416 {
"simulate-packet-tcp-ssn-memcap", required_argument, 0, 0},
1417 {
"simulate-packet-defrag-memcap", required_argument, 0, 0},
1418 {
"simulate-alert-queue-realloc-failure", 0, 0, 0},
1422 {
"firewall-rules-exclusive", required_argument, 0, 0},
1424 {
"include", required_argument, 0, 0},
1431 int option_index = 0;
1433 char short_opts[] =
"c:TDhi:l:q:d:r:us:S:U:VF:vk:";
1435 while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
1438 if (strcmp((long_opts[option_index]).
name ,
"pfring") == 0 ||
1439 strcmp((long_opts[option_index]).
name ,
"pfring-int") == 0) {
1444 if (optarg != NULL) {
1447 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1448 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1453 "to pass --enable-pfring to configure when building.");
1457 else if(strcmp((long_opts[option_index]).
name ,
"pfring-cluster-id") == 0){
1460 SCLogError(
"failed to set pfring.cluster-id");
1465 "to pass --enable-pfring to configure when building.");
1469 else if(strcmp((long_opts[option_index]).
name ,
"pfring-cluster-type") == 0){
1472 SCLogError(
"failed to set pfring.cluster-type");
1477 "to pass --enable-pfring to configure when building.");
1481 else if (strcmp((long_opts[option_index]).
name ,
"capture-plugin") == 0){
1485 else if (strcmp((long_opts[option_index]).
name ,
"capture-plugin-args") == 0){
1487 }
else if (strcmp((long_opts[option_index]).
name,
"dpdk") == 0) {
1488 if (ParseCommandLineDpdk(suri, optarg) !=
TM_ECODE_OK) {
1491 }
else if (strcmp((long_opts[option_index]).
name,
"af-packet") == 0) {
1492 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1495 }
else if (strcmp((long_opts[option_index]).
name,
"af-xdp") == 0) {
1496 if (ParseCommandLineAfxdp(suri, optarg) !=
TM_ECODE_OK) {
1499 }
else if (strcmp((long_opts[option_index]).
name,
"netmap") == 0) {
1507 ((strlen(optarg) <
sizeof(suri->
pcap_dev)) ?
1508 (strlen(optarg) + 1) :
sizeof(suri->
pcap_dev)));
1514 SCLogInfo(
"Multiple netmap option without interface on each is useless");
1519 "has been specified");
1520 PrintUsage(argv[0]);
1527 }
else if (strcmp((long_opts[option_index]).
name,
"nflog") == 0) {
1537 }
else if (strcmp((long_opts[option_index]).
name,
"pcap") == 0) {
1538 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1541 }
else if (strcmp((long_opts[option_index]).
name,
"simulate-ips") == 0) {
1544 }
else if (strcmp((long_opts[option_index]).
name,
"init-errors-fatal") == 0) {
1546 SCLogError(
"failed to set engine init-failure-fatal");
1549 #ifdef BUILD_UNIX_SOCKET
1550 }
else if (strcmp((long_opts[option_index]).
name ,
"unix-socket") == 0) {
1555 SCLogError(
"failed to set unix-command.filename");
1561 "has been specified");
1562 PrintUsage(argv[0]);
1567 else if(strcmp((long_opts[option_index]).
name,
"list-app-layer-protocols") == 0) {
1569 }
else if (strcmp((long_opts[option_index]).
name,
"list-app-layer-hooks") == 0) {
1571 }
else if (strcmp((long_opts[option_index]).
name,
"list-unittests") == 0) {
1575 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to "
1576 "configure when building");
1579 }
else if (strcmp((long_opts[option_index]).
name,
"list-runmodes") == 0) {
1582 }
else if (strcmp((long_opts[option_index]).
name,
"list-keywords") == 0) {
1584 if (strcmp(
"short", optarg) != 0) {
1588 }
else if (strcmp((long_opts[option_index]).
name,
"runmode") == 0) {
1590 }
else if (strcmp((long_opts[option_index]).
name,
"engine-analysis") == 0) {
1594 else if (strcmp((long_opts[option_index]).
name,
"service-install") == 0) {
1595 suri->
run_mode = RUNMODE_INSTALL_SERVICE;
1597 }
else if (strcmp((long_opts[option_index]).
name,
"service-remove") == 0) {
1598 suri->
run_mode = RUNMODE_REMOVE_SERVICE;
1600 }
else if (strcmp((long_opts[option_index]).
name,
"service-change-params") == 0) {
1601 suri->
run_mode = RUNMODE_CHANGE_SERVICE_PARAMS;
1605 else if (strcmp((long_opts[option_index]).
name,
"pidfile") == 0) {
1608 SCLogError(
"strdup failed: %s", strerror(errno));
1611 }
else if (strcmp((long_opts[option_index]).
name,
"disable-detection") == 0) {
1613 }
else if (strcmp((long_opts[option_index]).
name,
"disable-hashing") == 0) {
1617 }
else if (strcmp((long_opts[option_index]).
name,
"fatal-unittests") == 0) {
1621 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to "
1622 "configure when building");
1625 }
else if (strcmp((long_opts[option_index]).
name,
"user") == 0) {
1626 #ifndef HAVE_LIBCAP_NG
1628 " drop privileges, but it was not compiled into Suricata.");
1634 }
else if (strcmp((long_opts[option_index]).
name,
"group") == 0) {
1635 #ifndef HAVE_LIBCAP_NG
1637 " drop privileges, but it was not compiled into Suricata.");
1643 }
else if (strcmp((long_opts[option_index]).
name,
"erf-in") == 0) {
1649 }
else if (strcmp((long_opts[option_index]).
name,
"dag") == 0) {
1655 SCLogError(
"more than one run mode has been specified");
1656 PrintUsage(argv[0]);
1661 SCLogError(
"libdag and a DAG card are required"
1662 " to receive packets using --dag.");
1665 }
else if (strcmp((long_opts[option_index]).
name,
"napatech") == 0) {
1666 #ifdef HAVE_NAPATECH
1669 SCLogError(
"libntapi and a Napatech adapter are required"
1670 " to capture packets using --napatech.");
1673 }
else if (strcmp((long_opts[option_index]).
name,
"pcap-buffer-size") == 0) {
1674 #ifdef HAVE_PCAP_SET_BUFF
1676 SCLogError(
"failed to set pcap-buffer-size");
1681 " doesn't support setting buffer size.");
1683 }
else if (strcmp((long_opts[option_index]).
name,
"build-info") == 0) {
1686 }
else if (strcmp((long_opts[option_index]).
name,
"windivert-forward") == 0) {
1690 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1694 if (WinDivertRegisterQueue(
true, optarg) == -1) {
1699 "has been specified");
1700 PrintUsage(argv[0]);
1704 else if(strcmp((long_opts[option_index]).
name,
"windivert") == 0) {
1707 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1711 if (WinDivertRegisterQueue(
false, optarg) == -1) {
1716 "has been specified");
1717 PrintUsage(argv[0]);
1721 SCLogError(
"WinDivert not enabled. Make sure to pass --enable-windivert to "
1722 "configure when building.");
1725 }
else if(strcmp((long_opts[option_index]).
name,
"reject-dev") == 0) {
1726 #ifdef HAVE_LIBNET11
1728 extern char *g_reject_dev;
1729 extern uint16_t g_reject_dev_mtu;
1730 g_reject_dev = optarg;
1733 g_reject_dev_mtu = (uint16_t)mtu;
1736 SCLogError(
"Libnet 1.1 support not enabled. Compile Suricata with libnet support.");
1740 else if (strcmp((long_opts[option_index]).
name,
"set") == 0) {
1741 if (optarg != NULL) {
1743 char *val = strchr(optarg,
'=');
1745 FatalError(
"Invalid argument for --set, must be key=val.");
1748 FatalError(
"failed to set configuration value %s", optarg);
1752 else if (strcmp((long_opts[option_index]).
name,
"pcap-file-continuous") == 0) {
1754 SCLogError(
"Failed to set pcap-file.continuous");
1758 else if (strcmp((long_opts[option_index]).
name,
"pcap-file-delete") == 0) {
1760 SCLogError(
"Failed to set pcap-file.delete-when-done");
1764 else if (strcmp((long_opts[option_index]).
name,
"pcap-file-recursive") == 0) {
1766 SCLogError(
"failed to set pcap-file.recursive");
1769 }
else if (strcmp((long_opts[option_index]).
name,
"pcap-file-buffer-size") == 0) {
1771 SCLogError(
"failed to set pcap-file.buffer-size");
1774 }
else if (strcmp((long_opts[option_index]).
name,
"data-dir") == 0) {
1775 if (optarg == NULL) {
1776 SCLogError(
"no option argument (optarg) for -d");
1786 " supplied at the command-line (-d %s) doesn't "
1787 "exist. Shutting down the engine.",
1792 }
else if (strcmp((long_opts[option_index]).
name,
"strict-rule-keywords") == 0) {
1793 if (optarg == NULL) {
1799 FatalError(
"failed to duplicate 'strict' string");
1801 }
else if (strcmp((long_opts[option_index]).
name,
"include") == 0) {
1806 "Failed to allocate memory for additional configuration files: %s",
1811 for (
int i = 0;; i++) {
1813 const char **additional_configs =
1815 if (additional_configs == NULL) {
1816 FatalError(
"Failed to allocate memory for additional configuration "
1828 }
else if (strcmp((long_opts[option_index]).
name,
"firewall-rules-exclusive") == 0) {
1830 SCLogError(
"can't have multiple --firewall-rules-exclusive options");
1837 (long_opts[option_index]).
name, optarg);
1848 SCLogError(
"failed to set engine init-failure-fatal");
1861 if (optarg == NULL) {
1862 SCLogError(
"no option argument (optarg) for -i");
1865 #ifdef HAVE_AF_PACKET
1866 if (ParseCommandLineAfpacket(suri, optarg) !=
TM_ECODE_OK) {
1871 #if defined HAVE_NETMAP
1877 "option%s %s available:"
1879 " NETMAP (--netmap=%s)"
1881 ". Use --pcap=%s to suppress this warning",
1882 i == 1 ?
"" :
"s", i == 1 ?
"is" :
"are"
1890 if (ParseCommandLinePcapLive(suri, optarg) !=
TM_ECODE_OK) {
1896 if (optarg == NULL) {
1897 SCLogError(
"no option argument (optarg) for -l");
1907 " supplied at the command-line (-l %s) doesn't "
1908 "exist. Shutting down the engine.",
1912 if (!IsLogDirectoryWritable(optarg)) {
1914 " supplied at the command-line (-l %s) is not "
1915 "writable. Shutting down the engine.",
1934 "has been specified");
1935 PrintUsage(argv[0]);
1939 SCLogError(
"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when "
1956 "has been specified");
1957 PrintUsage(argv[0]);
1961 SCLogError(
"IPFW not enabled. Make sure to pass --enable-ipfw to configure when "
1972 "has been specified");
1973 PrintUsage(argv[0]);
1978 SCLogError(
"pcap file '%s': %s", optarg, strerror(errno));
1982 SCLogError(
"ERROR: Failed to set pcap-file.file\n");
1989 SCLogError(
"can't have multiple -s options or mix -s and -S.");
1996 SCLogError(
"can't have multiple -S options or mix -s and -S.");
2009 PrintUsage(argv[0]);
2013 SCLogError(
"unit tests not enabled. Make sure to pass --enable-unittests to configure "
2030 if (optarg == NULL) {
2031 SCLogError(
"no option argument (optarg) for -F");
2035 SetBpfStringFromFile(optarg);
2041 if (optarg == NULL) {
2042 SCLogError(
"no option argument (optarg) for -k");
2045 if (!strcmp(
"all", optarg))
2047 else if (!strcmp(
"none", optarg))
2050 SCLogError(
"option '%s' invalid for -k", optarg);
2055 PrintUsage(argv[0]);
2061 SCLogError(
"can't use -s/-S or --firewall-rules-exclusive when detection is disabled");
2068 if (list_app_layer_protocols)
2070 if (list_app_layer_hooks)
2088 ret = SetBpfString(optind, argv);
2096 int WindowsInitService(
int argc,
char **argv)
2098 if (SCRunningAsService()) {
2099 char path[MAX_PATH];
2101 strlcpy(path, argv[0], MAX_PATH);
2102 if ((p = strrchr(path,
'\\'))) {
2105 if (!SetCurrentDirectory(path)) {
2106 SCLogError(
"Can't set current directory to: %s", path);
2109 SCLogInfo(
"Current directory is set to: %s", path);
2110 SCServiceInit(argc, argv);
2115 if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
2116 SCLogError(
"Can't initialize Windows sockets: %d", WSAGetLastError());
2127 const char *pid_filename;
2129 if (
SCConfGet(
"pid-file", &pid_filename) == 1) {
2130 SCLogInfo(
"Use pid file %s from config file.", pid_filename);
2137 SCLogError(
"strdup failed: %s", strerror(errno));
2156 SCLogError(
"Unable to create PID file, concurrent run of"
2157 " Suricata can occur.");
2158 SCLogError(
"PID file creation WILL be mandatory for daemon mode"
2159 " in future version");
2174 if (
SCConfGet(
"run-as.user", &
id) == 1) {
2178 if (
SCConfGet(
"run-as.group", &
id) == 1) {
2196 static int InitSignalHandler(
SCInstance *suri)
2199 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2204 if (
SCConfGetBool(
"logging.stacktrace-on-signal", &enabled) == 0) {
2209 SCLogInfo(
"Preparing unexpected signal handling");
2210 struct sigaction stacktrace_action;
2211 memset(&stacktrace_action, 0,
sizeof(stacktrace_action));
2212 stacktrace_action.sa_sigaction = SignalHandlerUnexpected;
2213 stacktrace_action.sa_flags = SA_SIGINFO;
2214 sigaction(SIGSEGV, &stacktrace_action, NULL);
2215 sigaction(SIGABRT, &stacktrace_action, NULL);
2238 #ifdef PROFILE_RULES
2239 SCProfilingRulesGlobalInit();
2246 #ifdef PROFILE_RULES
2298 SCPrintElapsedTime(start_time);
2357 PrintUsage(argv[0]);
2367 case RUNMODE_INSTALL_SERVICE:
2368 if (SCServiceInstall(argc, argv)) {
2371 SCLogInfo(
"Suricata service has been successfully installed.");
2373 case RUNMODE_REMOVE_SERVICE:
2374 if (SCServiceRemove()) {
2377 SCLogInfo(
"Suricata service has been successfully removed.");
2379 case RUNMODE_CHANGE_SERVICE_PARAMS:
2380 if (SCServiceChangeParams(argc, argv)) {
2383 SCLogInfo(
"Suricata service startup parameters has been successfully changed.");
2411 static void SetupDelayedDetect(
SCInstance *suri)
2420 if (decnf != NULL) {
2422 if (strcmp(denode->
val,
"delayed-detect") == 0) {
2433 SCLogInfo(
"Packets will start being processed before signatures are active.");
2451 static int ConfigGetCaptureValue(
SCInstance *suri)
2455 intmax_t tmp_max_pending_packets;
2456 if (
SCConfGetInt(
"max-pending-packets", &tmp_max_pending_packets) != 1)
2458 if (tmp_max_pending_packets < 1 || tmp_max_pending_packets > 2147483648) {
2459 SCLogError(
"Maximum max-pending-packets setting is 2147483648 and must be greater than 0. "
2460 "Please check %s for errors",
2471 const char *temp_default_packet_size;
2472 if ((
SCConfGet(
"default-packet-size", &temp_default_packet_size)) != 1) {
2475 int strip_trailing_plus = 0;
2485 const int mtu = GetGlobalMTUWin32();
2499 strip_trailing_plus = 1;
2505 for (lthread = 0; lthread < nlive; lthread++) {
2508 (void)
strlcpy(dev, live_dev,
sizeof(dev));
2510 if (strip_trailing_plus) {
2511 size_t len = strlen(dev);
2513 (dev[
len-1] ==
'+' ||
2514 dev[
len-1] ==
'^' ||
2533 SCLogError(
"Error parsing max-pending-packets "
2534 "from conf file - %s. Killing engine",
2535 temp_default_packet_size);
2545 static void PostRunStartedDetectSetup(
const SCInstance *suri)
2559 SCLogNotice(
"Signature(s) loaded, Detect thread(s) activated.");
2571 SetupDelayedDetect(suri);
2574 int default_tenant = 0;
2576 (void)
SCConfGetBool(
"multi-detect.default", &default_tenant);
2579 "detection engine contexts failed.");
2589 FatalError(
"initializing detection engine failed.");
2603 static void PostConfLoadedSetupHostMode(
void)
2605 const char *hostmode = NULL;
2607 if (
SCConfGet(
"host-mode", &hostmode) == 1) {
2608 if (!strcmp(hostmode,
"router")) {
2610 }
else if (!strcmp(hostmode,
"sniffer-only")) {
2613 if (strcmp(hostmode,
"auto") != 0) {
2625 SCLogInfo(
"No 'host-mode': suricata is in IPS mode, using "
2626 "default setting 'router'");
2629 SCLogInfo(
"No 'host-mode': suricata is in IDS mode, using "
2630 "default setting 'sniffer-only'");
2642 FatalError(
"could not set USER mode logdir");
2648 FatalError(
"could not set USER mode datadir");
2664 int disable_offloading;
2665 if (
SCConfGetBool(
"capture.disable-offloading", &disable_offloading) == 0)
2666 disable_offloading = 1;
2667 if (disable_offloading) {
2674 const char *cv = NULL;
2675 if (
SCConfGet(
"capture.checksum-validation", &cv) == 1) {
2676 if (strcmp(cv,
"none") == 0) {
2678 }
else if (strcmp(cv,
"all") == 0) {
2685 SCConfSet(
"stream.checksum-validation",
"0");
2688 SCConfSet(
"stream.checksum-validation",
"1");
2697 #ifdef HAVE_PACKET_EBPF
2699 EBPFRegisterExtension();
2722 SCLogInfo(
"Setting engine mode to IDS mode by default");
2743 const char *custom_umask;
2744 if (
SCConfGet(
"umask", &custom_umask) == 1) {
2746 if (
StringParseUint16(&mask, 8, (uint16_t)strlen(custom_umask), custom_umask) > 0) {
2747 umask((mode_t)mask);
2764 SCLogInfo(
"== Carrying out Engine Analysis ==");
2765 const char *temp = NULL;
2766 if (
SCConfGet(
"engine-analysis", &temp) == 0) {
2767 SCLogInfo(
"no engine-analysis parameter(s) defined in conf file. "
2768 "Please define/enable them in the conf to use this "
2787 "basic address vars test failed. Please check %s for errors", suri->
conf_filename);
2814 "supplied by %s (default-log-dir) doesn't exist. "
2815 "Shutting down the engine",
2819 if (!IsLogDirectoryWritable(suri->
log_dir)) {
2821 "supplied by %s (default-log-dir) is not writable. "
2822 "Shutting down the engine",
2840 PostConfLoadedSetupHostMode();
2909 return EXIT_FAILURE;
2930 SCInstanceInit(&
suricata, progname);
2948 if (
SCConfGetBool(
"vlan.use-for-tracking", &tracking) == 1 && !tracking) {
2952 SCLogDebug(
"vlan tracking is %s", tracking == 1 ?
"enabled" :
"disabled");
2953 if (
SCConfGetBool(
"livedev.use-for-tracking", &tracking) == 1 && !tracking) {
2957 if (
SCConfGetBool(
"decoder.recursion-level.use-for-tracking", &tracking) == 1 && !tracking) {
2973 SCLogInfo(
"Running suricata under test mode");
3000 SCLogNotice(
"Configuration provided was successfully loaded. Exiting.");
3043 int limit_nproc = 0;
3044 if (
SCConfGetBool(
"security.limit-noproc", &limit_nproc) == 0) {
3048 #if defined(SC_ADDRESS_SANITIZER)
3051 "\"security.limit-noproc\" (setrlimit()) not set when using address sanitizer");
3057 #if defined(HAVE_SYS_RESOURCE_H)
3060 SCLogWarning(
"setrlimit has no effect when running as root.");
3063 struct rlimit r = { 0, 0 };
3064 if (setrlimit(RLIMIT_NPROC, &r) != 0) {
3065 SCLogWarning(
"setrlimit failed to prevent process creation.");
3087 PostRunStartedDetectSetup(&
suricata);
@ RUNMODE_LIST_APP_LAYERS
enum SCRunModes SCRunMode
@ RUNMODE_ENGINE_ANALYSIS
void TmModuleUnixManagerRegister(void)
void StatsReleaseResources(void)
Releases the resources allotted by the Stats API.
void TmModuleReceiveIPFWRegister(void)
Registration Function for RecieveIPFW.
void SuricataMainLoop(void)
int ExceptionSimulationCommandLineParser(const char *name, const char *arg)
char * firewall_rule_file
void AppLayerHtpNeedFileInspection(void)
Sets a flag that informs the HTP app layer that some module in the engine needs the http request file...
enum SCRunModes aux_run_mode
void IPPairInitConfig(bool quiet)
initialize the configuration
void SCLogInitLogModule(SCLogInitData *sc_lid)
Initializes the logging module.
@ SURI_HOST_IS_SNIFFER_ONLY
int LiveDeviceListClean(void)
void DetectEngineDeReference(DetectEngineCtx **de_ctx)
struct timeval start_time
bool IsRunModeOffline(enum SCRunModes run_mode_to_check)
#define SC_ATOMIC_INIT(name)
wrapper for initializing an atomic variable.
SystemHugepageSnapshot * prerun_snap
void TmThreadContinueThreads(void)
Unpauses all threads present in tv_root.
enum DetectEngineType type
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exclusive)
Load signatures.
const char * firewall_rule_file_exclusive
#define SC_ATOMIC_SET(name, val)
Set the value for the atomic variable.
SCConfNode * SCConfGetRootNode(void)
Get the root configuration node.
DetectEngineCtx * DetectEngineCtxInitStubForDD(void)
void LiveDevRegisterExtension(void)
void OutputTxShutdown(void)
void AppLayerHtpPrintStats(void)
void StatsSetupPostConfigPreOutput(void)
char * runmode_custom_mode
struct HtpBodyChunk_ * next
void TmModuleReceiveNFQRegister(void)
int LiveBuildDeviceList(const char *runmode)
void RunModeShutDown(void)
void SCProtoNameInit(void)
void SuricataPostInit(void)
void RunModeDispatch(int runmode, const char *custom_mode, const char *capture_plugin_name, const char *capture_plugin_args)
volatile sig_atomic_t sigint_count
SC_ATOMIC_DECLARE(unsigned int, engine_stage)
void TmModuleRunDeInit(void)
void TmThreadsUnsealThreads(void)
void RegisterFlowBypassInfo(void)
#define SCSetThreadName(n)
int SCConfYamlHandleInclude(SCConfNode *parent, const char *filename)
Include a file in the configuration.
void SCLogDeInitLogModule(void)
De-Initializes the logging module.
void TmModuleDecodeErfFileRegister(void)
Register the ERF file decoder module.
main detection engine ctx
int StringParseUint16(uint16_t *res, int base, size_t len, const char *str)
void DetectEngineReloadSetIdle(void)
void DatalinkTableDeinit(void)
int SCConfGet(const char *name, const char **vptr)
Retrieve the value of a configuration node.
DetectEngineCtx * DetectEngineGetCurrent(void)
int EngineModeIsUnknown(void)
void VarNameStoreInit(void)
void TmModuleFlowRecyclerRegister(void)
int SCConfNodeChildValueIsTrue(const SCConfNode *node, const char *key)
Test if a configuration node has a true value.
void DatalinkTableInit(void)
void Daemonize(void)
Daemonize the process.
void UtilSignalHandlerSetup(int sig, void(*handler)(int))
#define TAILQ_FOREACH(var, head, field)
void TmModuleDecodeAFPRegister(void)
Registration Function for DecodeAFP.
void TmModuleDecodeWinDivertRegister(void)
int DetectEngineAddToMaster(DetectEngineCtx *de_ctx)
int SCConfGetChildValueBool(const SCConfNode *base, const char *name, int *val)
void TmModuleStatsLoggerRegister(void)
void RegisterAllModules(void)
int DetectEngineMultiTenantSetup(const bool unix_socket)
setup multi-detect / multi-tenancy
void SupportFastPatternForSigMatchTypes(void)
Registers the keywords(SMs) that should be given fp support.
const SuricataContext suricata_context
TmEcode SCParseCommandLine(int argc, char **argv)
int CheckValidDaemonModes(int daemon, int mode)
Check for a valid combination daemon/mode.
void SCGetGroupID(const char *group_name, uint32_t *gid)
Function to get the group ID from the specified group name.
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
void TmThreadDisableReceiveThreads(void)
Disable all threads having the specified TMs.
void StatsInit(void)
Initializes the perf counter api. Things are hard coded currently. More work to be done when we imple...
void PreRunInit(const int runmode)
void MacSetRegisterFlowStorage(void)
void SuricataShutdown(void)
const char * conf_filename
int GetIfaceMTU(const char *dev)
output the link MTU
void GlobalsInitPreConfig(void)
void TmModuleReceiveNetmapRegister(void)
void PacketPoolPostRunmodes(void)
Set the max_pending_return_packets value.
void NFQInitConfig(bool quiet)
To initialize the NFQ global configuration data.
void TmModuleReceiveWinDivertRegister(void)
void SCProfilingDestroy(void)
Free resources used by profiling.
void AFPPeersListClean(void)
Clean the global peers list.
void RunModeInitializeOutputs(void)
int DetectPortTestConfVars(void)
void SCThresholdConfGlobalInit(void)
void DecodeUnregisterCounters(void)
const char * capture_plugin_name
int SCConfYamlLoadFile(const char *filename)
Load configuration from a YAML file.
void HostBitInitCtx(void)
bool IsRunModeSystem(enum SCRunModes run_mode_to_check)
const char * capture_plugin_args
void TmModuleLoggerRegister(void)
void PacketPoolInit(void)
int AppLayerDeSetup(void)
De initializes the app layer.
@ RUNMODE_LIST_APP_LAYER_HOOKS
size_t strlcpy(char *dst, const char *src, size_t siz)
void PcapTranslateIPToDevice(char *pcap_dev, size_t len)
void FlowDisableFlowRecyclerThread(void)
Used to disable flow recycler thread(s).
void SCRunmodeSet(SCRunMode run_mode)
Set the current run mode.
void TmModuleDecodePcapFileRegister(void)
void TmModuleBypassedFlowManagerRegister(void)
void IPPairShutdown(void)
shutdown the flow engine
void SCConfInit(void)
Initialize the configuration system.
void DetectParseFreeRegexes(void)
void SCConfDump(void)
Dump configuration to stdout.
void TmModuleDecodeNFLOGRegister(void)
int NFQParseAndRegisterQueues(const char *queues)
Parses and adds Netfilter queue(s).
void FlowInitConfig(bool quiet)
initialize the configuration
int AppLayerSetup(void)
Setup the app layer.
void FeatureTrackingRegister(void)
void TmModuleReceiveDPDKRegister(void)
void UnixManagerThreadSpawnNonRunmode(const bool unix_socket_enabled)
void RunModeInitializeThreadSettings(void)
void StreamTcpInitConfig(bool)
To initialize the stream global configuration data.
int GetIfaceMaxPacketSize(LiveDevice *ld)
output max packet size for a link
SCRunMode SCRunmodeGet(void)
Get the current run mode.
void TmModuleDecodeNetmapRegister(void)
Registration Function for DecodeNetmap.
void PreRunPostPrivsDropInit(const int runmode)
void SigTableCleanup(void)
int DetectEngineMoveToFreeList(DetectEngineCtx *de_ctx)
volatile sig_atomic_t sigterm_count
TmEcode TmThreadWaitOnThreadInit(void)
Used to check if all threads have finished their initialization. On finding an un-initialized thread,...
void TmModuleVerdictNFQRegister(void)
void AppLayerRegisterGlobalCounters(void)
HACK to work around our broken unix manager (re)init loop.
void RunModeListRunmodes(void)
Lists all registered runmodes.
size_t strlcat(char *, const char *src, size_t siz)
void LiveSetOffloadDisable(void)
void StatsSetupPostConfigPostOutput(void)
void EngineModeSetIDS(void)
void TmModuleReceiveAFPRegister(void)
Registration Function for RecieveAFP.
int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)
LiveDevice * LiveGetDevice(const char *name)
Get a pointer to the device at idx.
void UnixSocketKillSocketThread(void)
void TmModuleVerdictIPFWRegister(void)
Registration Function for VerdictIPFW.
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
bool g_stats_eps_per_app_proto_errors
void HttpRangeContainersInit(void)
struct timeval last_reload
void TmModuleVerdictWinDivertRegister(void)
void HostCleanup(void)
Cleanup the host engine.
void FlowDisableFlowManagerThread(void)
Used to disable flow manager thread(s).
int UtilSignalUnblock(int signum)
int DetectEngineEnabled(void)
Check if detection is enabled.
void TmThreadClearThreadsFamily(int family)
#define THV_REQ_FLOW_LOOP
void FlowRateRegisterFlowStorage(void)
void TmModuleRunInit(void)
void EngineModeSetIPS(void)
void HTPAtExitPrintStats(void)
Print the stats of the HTTP requests.
int UtilSignalBlock(int signum)
void SCProfilingPrefilterGlobalInit(void)
void ThresholdDestroy(void)
#define SCLogWarning(...)
Macro used to log WARNING messages.
int PostConfLoadedSetup(SCInstance *suri)
const char * GetProgramVersion(void)
get string with program version
void TmModuleReceivePcapFileRegister(void)
int32_t CoredumpLoadConfig(void)
Configures the core dump size.
int IPFWRegisterQueue(char *queue)
Add an IPFW divert.
int ListAppLayerHooks(const char *conf_filename)
int ListAppLayerProtocols(const char *conf_filename)
void DatasetsDestroy(void)
void UtilCpuPrintSummary(void)
Print a summary of CPUs detected (configured and online)
int profiling_packets_enabled
int SystemDNotifyReady(void)
void TmThreadKillThreads(void)
void OutputDeregisterAll(void)
Deregister all modules. Useful for a memory clean exit.
void PostConfLoadedDetectSetup(SCInstance *suri)
int EngineModeIsIDS(void)
TmModule tmm_modules[TMM_SIZE]
const char * SCConfigGetLogDirectory(void)
void OutputNotifyFileRotation(void)
Notifies all registered file rotation notification flags.
int StorageFinalize(void)
void VarNameStoreDestroy(void)
void TmModuleFlowWorkerRegister(void)
uint32_t max_pending_packets
const char ** additional_configs
#define DEFAULT_PID_FILENAME
volatile sig_atomic_t sighup_count
TmEcode ConfigSetDataDirectory(char *name)
void TmModuleDecodeErfDagRegister(void)
Register the ERF file decoder module.
#define SCDropMainThreadCaps(...)
void TmModuleDebugList(void)
void TmModuleDecodeNFQRegister(void)
void SCProtoNameRelease(void)
int RunmodeIsUnittests(void)
void SCPluginsLoad(const char *capture_plugin_name, const char *capture_plugin_args)
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
void TmModuleReceiveNFLOGRegister(void)
#define DEFAULT_PACKET_SIZE
#define WarnInvalidConfEntry(param_name, format, value)
Generic API that can be used by all to log an invalid conf entry.
void TmThreadDisablePacketThreads(const uint16_t set, const uint16_t check)
Disable all packet threads.
void TmModuleReceiveErfFileRegister(void)
Register the ERF file receiver (reader) module.
int SCConfSetFromString(const char *input, int final)
Set a configuration parameter from a string.
int SCConfSetFinal(const char *name, const char *val)
Set a final configuration value.
#define SCRealloc(ptr, sz)
void TmModuleDecodeAFXDPRegister(void)
Registration Function for DecodeAFXDP.
uint32_t default_packet_size
void SigTableApplyStrictCommandLineOption(const char *str)
@ DETECT_ENGINE_TYPE_NORMAL
void TmThreadKillThreadsFamily(int family)
void FeatureTrackingRelease(void)
void TmqhCleanup(void)
Clean up registration time allocs.
void StreamTcpFreeConfig(bool quiet)
void DecodeGlobalConfig(void)
char * strict_rule_parsing_string
DetectEngineCtx * DetectEngineCtxInitStubForMT(void)
const char * LiveGetDeviceName(int number)
Get a pointer to the device name at idx.
void FlowShutdown(void)
shutdown the flow engine
void SCHInfoLoadFromConfig(void)
Load the host os policy information from the configuration.
void DetectEngineBumpVersion(void)
void TmModuleFlowManagerRegister(void)
int SCStartInternalRunMode(int argc, char **argv)
int SCPidfileTestRunning(const char *pid_filename)
Check the Suricata pid file (used at the startup)
void HostShutdown(void)
shutdown the flow engine
#define SCFstatFn(fd, statbuf)
void LiveSetOffloadWarn(void)
void ParseSizeDeinit(void)
void SCConfDeInit(void)
De-initializes the configuration system.
void RunModeRegisterRunModes(void)
Register all runmodes in the engine.
void SCProfilingDump(void)
void TmModuleReceiveAFXDPRegister(void)
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
int ParseSizeStringU32(const char *size, uint32_t *res)
void TmModuleReceiveErfDagRegister(void)
Register the ERF file receiver (reader) module.
void IPPairBitInitCtx(void)
TmEcode ConfigSetLogDirectory(const char *name)
void TmModuleDecodeIPFWRegister(void)
Registration Function for DecodeIPFW.
int ConfUnixSocketIsEnable(void)
struct SCLogConfig_ SCLogConfig
Holds the config state used by the logging api.
volatile sig_atomic_t sigusr2_count
void SystemHugepageSnapshotDestroy(SystemHugepageSnapshot *s)
void TmModuleDecodePcapRegister(void)
Registration Function for DecodePcap.
TmEcode SCLoadYamlConfig(void)
TmEcode ConfigCheckDataDirectory(const char *data_dir)
SCConfNode * SCConfGetNode(const char *name)
Get a SCConfNode by name.
#define SCLogError(...)
Macro used to log ERROR messages.
int DetectEngineReloadStart(void)
#define DEFAULT_CONF_FILE
#define SC_LOG_MAX_LOG_MSG_LEN
void AppLayerParserPostStreamSetup(void)
void TmModuleReceivePcapRegister(void)
Registration Function for ReceivePcap.
void SCGetUserID(const char *user_name, const char *group_name, uint32_t *uid, uint32_t *gid)
Function to get the user and group ID from the specified user name.
void TmModuleRespondRejectRegister(void)
void CoredumpEnable(void)
Enable coredumps on systems where coredumps can and need to be enabled.
void RunUnittests(int list_unittests, const char *regex_arg)
TmEcode ConfigCheckLogDirectoryExists(const char *log_dir)
int SCConfSet(const char *name, const char *val)
Set a configuration value.
void PacketAlertTagInit(void)
int RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *capture_plugin_name)
DetectEngineCtx * DetectEngineCtxInit(void)
void TmModuleDecodeLibRegister(void)
register a "Decode" module for suricata as a library.
int EngineModeIsIPS(void)
void SCProfilingKeywordsGlobalInit(void)
void EngineDone(void)
Used to indicate that the current task is done.
bool firewall_rule_file_exclusive
const char * GetDocURL(void)
void PostRunDeinit(const int runmode, struct timeval *start_time)
clean up / shutdown code for packet modes
void HostInitConfig(bool quiet)
initialize the configuration
TmEcode TmThreadWaitOnThreadRunning(void)
Waits for all threads to be in a running state.
void HttpRangeContainersDestroy(void)
void SCLogLoadConfig(int daemon, int verbose, uint32_t userid, uint32_t groupid)
int DetectEngineReload(const SCInstance *suri)
Reload the detection engine.
#define DEFAULT_MAX_PENDING_PACKETS
void DetectEngineClearMaster(void)
void SetMasterExceptionPolicy(void)
void TmThreadCheckThreadState(void)
Used to check the thread for certain conditions of failure.
void OutputFilestoreRegisterGlobalCounters(void)
int InitGlobal(void)
Global initialization common to all runmodes.
int LiveGetDeviceCount(void)
Get the number of registered devices.
SystemHugepageSnapshot * SystemHugepageSnapshotCreate(void)
The function creates a snapshot of the system's hugepage usage per NUMA node and per hugepage size....
void SCProfilingSghsGlobalInit(void)
int SCPidfileCreate(const char *pidfile)
Write a pid file (used at the startup) This commonly needed by the init scripts.
int LiveRegisterDeviceName(const char *dev)
Add a device for monitoring.
#define SCStatFn(pathname, statbuf)
void LiveDeviceFinalize(void)
void TmModuleDecodeDPDKRegister(void)
Registration Function for DecodeDPDK.
void PacketPoolDestroy(void)
void HTPFreeConfig(void)
Clears the HTTP server configuration memory used by HTP library.
void LandlockSandboxing(SCInstance *suri)
int ListKeywords(const char *keyword_info)
#define SCLogNotice(...)
Macro used to log NOTICE messages.
void SuricataPreInit(const char *progname)
void DPDKCleanupEAL(void)
@ RUNMODE_PRINT_BUILDINFO
void SCPidfileRemove(const char *pid_filename)
Remove the pid file (used at the startup)
void NFQContextsClean(void)
Clean global contexts. Must be called on exit.
void SystemHugepageEvaluateHugepages(SystemHugepageSnapshot *pre_s, SystemHugepageSnapshot *post_s)
The function compares two hugepage snapshots and prints out recommendations for hugepage configuratio...
#define DEBUG_VALIDATE_BUG_ON(exp)
int SCFinalizeRunMode(void)
void SCProfilingInit(void)
Initialize profiling.
void GlobalsDestroy(void)
int DetectEngineReloadIsStart(void)
volatile uint8_t suricata_ctl_flags
void TagDestroyCtx(void)
Destroy tag context hash tables.
int DetectAddressTestConfVars(void)
void FlowWorkToDoCleanup(void)
Clean up all the flows that have unprocessed segments and have some work to do in the detection engin...
void MpmHSGlobalCleanup(void)
void TmqResetQueues(void)