Go to the source code of this file.
Data Structures | |
| struct | SCInstance_ |
Macros | |
| #define | PROG_NAME "Suricata" |
| #define | PROG_VER PACKAGE_VERSION |
| #define | DEFAULT_CONF_FILE CONFIG_DIR "/suricata.yaml" |
| #define | DEFAULT_PID_DIR LOCAL_STATE_DIR "/run/" |
| #define | DEFAULT_PID_BASENAME "suricata.pid" |
| #define | DEFAULT_PID_FILENAME DEFAULT_PID_DIR DEFAULT_PID_BASENAME |
| #define | DOC_URL "https://docs.suricata.io/en/" |
| #define | SURICATA_STOP (1 << 0) |
| #define | SURICATA_DONE (1 << 2) |
| #define | IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) ((host_mode) == SURI_HOST_IS_SNIFFER_ONLY) |
Typedefs | |
| typedef struct SCInstance_ | SCInstance |
Enumerations | |
| enum | { SURICATA_INIT = 0, SURICATA_RUNTIME, SURICATA_DEINIT } |
| enum | EngineMode { ENGINE_MODE_UNKNOWN, ENGINE_MODE_IDS, ENGINE_MODE_IPS } |
| enum | { SURI_HOST_IS_SNIFFER_ONLY, SURI_HOST_IS_ROUTER } |
Functions | |
| const char * | GetDocURL (void) |
| void | EngineModeSetIPS (void) |
| void | EngineModeSetIDS (void) |
| int | EngineModeIsUnknown (void) |
| int | EngineModeIsIPS (void) |
| int | EngineModeIsIDS (void) |
| void | GlobalsInitPreConfig (void) |
| void | EngineStop (void) |
| make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached. More... | |
| void | EngineDone (void) |
| Used to indicate that the current task is done. More... | |
| int | RunmodeIsUnittests (void) |
| SCRunMode | SCRunmodeGet (void) |
| Get the current run mode. More... | |
| void | SCRunmodeSet (SCRunMode run_mode) |
| Set the current run mode. More... | |
| int | SuriHasSigFile (void) |
| void | SuricataPreInit (const char *progname) |
| void | SuricataInit (void) |
| void | SuricataPostInit (void) |
| void | SuricataMainLoop (void) |
| void | SuricataShutdown (void) |
| int | InitGlobal (void) |
| Global initialization common to all runmodes. More... | |
| void | GlobalsDestroy (void) |
| int | PostConfLoadedSetup (SCInstance *suri) |
| void | PostConfLoadedDetectSetup (SCInstance *suri) |
| int | SCFinalizeRunMode (void) |
| TmEcode | SCParseCommandLine (int argc, char **argv) |
| int | SCStartInternalRunMode (int argc, char **argv) |
| TmEcode | SCLoadYamlConfig (void) |
| void | PreRunInit (const int runmode) |
| void | PreRunPostPrivsDropInit (const int runmode) |
| void | PostRunDeinit (const int runmode, struct timeval *start_time) |
| clean up / shutdown code for packet modes More... | |
| void | RegisterAllModules (void) |
| const char * | GetProgramVersion (void) |
| get string with program version More... | |
Variables | |
| volatile uint8_t | suricata_ctl_flags |
| int | g_disable_randomness |
| uint16_t | g_vlan_mask |
| uint16_t | g_livedev_mask |
| uint8_t | g_recurlvl_mask |
| bool | g_disable_hashing |
Detailed Description
Definition in file suricata.h.
Macro Definition Documentation
◆ DEFAULT_CONF_FILE
| #define DEFAULT_CONF_FILE CONFIG_DIR "/suricata.yaml" |
Definition at line 85 of file suricata.h.
◆ DEFAULT_PID_BASENAME
| #define DEFAULT_PID_BASENAME "suricata.pid" |
Definition at line 88 of file suricata.h.
◆ DEFAULT_PID_DIR
| #define DEFAULT_PID_DIR LOCAL_STATE_DIR "/run/" |
Definition at line 87 of file suricata.h.
◆ DEFAULT_PID_FILENAME
| #define DEFAULT_PID_FILENAME DEFAULT_PID_DIR DEFAULT_PID_BASENAME |
Definition at line 89 of file suricata.h.
◆ DOC_URL
| #define DOC_URL "https://docs.suricata.io/en/" |
Definition at line 91 of file suricata.h.
◆ IS_SURI_HOST_MODE_SNIFFER_ONLY
| #define IS_SURI_HOST_MODE_SNIFFER_ONLY | ( | host_mode | ) | ((host_mode) == SURI_HOST_IS_SNIFFER_ONLY) |
Definition at line 125 of file suricata.h.
◆ PROG_NAME
| #define PROG_NAME "Suricata" |
Definition at line 76 of file suricata.h.
◆ PROG_VER
| #define PROG_VER PACKAGE_VERSION |
Definition at line 77 of file suricata.h.
◆ SURICATA_DONE
| #define SURICATA_DONE (1 << 2) |
packets capture ended
Definition at line 97 of file suricata.h.
◆ SURICATA_STOP
| #define SURICATA_STOP (1 << 0) |
gracefully stop the engine: process all outstanding packets first
Definition at line 96 of file suricata.h.
Typedef Documentation
◆ SCInstance
| typedef struct SCInstance_ SCInstance |
Enumeration Type Documentation
◆ anonymous enum
| anonymous enum |
| Enumerator | |
|---|---|
| SURICATA_INIT | |
| SURICATA_RUNTIME | |
| SURICATA_DEINIT | |
Definition at line 99 of file suricata.h.
◆ anonymous enum
| anonymous enum |
| Enumerator | |
|---|---|
| SURI_HOST_IS_SNIFFER_ONLY | |
| SURI_HOST_IS_ROUTER | |
Definition at line 119 of file suricata.h.
◆ EngineMode
| enum EngineMode |
| Enumerator | |
|---|---|
| ENGINE_MODE_UNKNOWN | |
| ENGINE_MODE_IDS | |
| ENGINE_MODE_IPS | |
Definition at line 106 of file suricata.h.
Function Documentation
◆ EngineDone()
| void EngineDone | ( | void | ) |
Used to indicate that the current task is done.
This is mainly used by pcap-file to tell it has finished to treat a pcap files when running in unix-socket mode.
Definition at line 463 of file suricata.c.
References suricata_ctl_flags, and SURICATA_DONE.
◆ EngineModeIsIDS()
| int EngineModeIsIDS | ( | void | ) |
Definition at line 240 of file suricata.c.
References DEBUG_VALIDATE_BUG_ON.
◆ EngineModeIsIPS()
| int EngineModeIsIPS | ( | void | ) |
Definition at line 234 of file suricata.c.
References DEBUG_VALIDATE_BUG_ON.
Referenced by AlertJsonHeader(), CaptureStatsSetup(), CaptureStatsUpdate(), EveAddVerdict(), FlowHandlePacketUpdate(), and StreamTcpInitConfig().
◆ EngineModeIsUnknown()
| int EngineModeIsUnknown | ( | void | ) |
Definition at line 229 of file suricata.c.
Referenced by PostConfLoadedSetup().
◆ EngineModeSetIDS()
| void EngineModeSetIDS | ( | void | ) |
Definition at line 251 of file suricata.c.
Referenced by ListAppLayerProtocols(), ListKeywords(), LLVMFuzzerTestOneInput(), PostConfLoadedSetup(), and RunUnittests().
◆ EngineModeSetIPS()
| void EngineModeSetIPS | ( | void | ) |
Definition at line 246 of file suricata.c.
◆ EngineStop()
| void EngineStop | ( | void | ) |
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached.
Definition at line 452 of file suricata.c.
References suricata_ctl_flags, and SURICATA_STOP.
Referenced by ReceiveErfFileLoop().
◆ GetDocURL()
| const char* GetDocURL | ( | void | ) |
Definition at line 1116 of file suricata.c.
References DOC_URL, GetProgramVersion(), and PROG_VER.
◆ GetProgramVersion()
| const char* GetProgramVersion | ( | void | ) |
get string with program version
Get the program version as passed to us from AC_INIT
Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed to us.
Possible outputs: release: '5.0.1 RELEASE' dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)' dev w/o rev: '5.0.1-dev'
Definition at line 1137 of file suricata.c.
References PROG_VER, REVISION, and xstr.
Referenced by GetDocURL().
◆ GlobalsDestroy()
| void GlobalsDestroy | ( | void | ) |
Definition at line 372 of file suricata.c.
References AFPPeersListClean(), AppLayerDeSetup(), AppLayerHtpPrintStats(), DatalinkTableDeinit(), DatasetsDestroy(), DatasetsSave(), de_ctx, DetectEngineClearMaster(), DetectEngineDeReference(), DetectEngineGetCurrent(), DetectEngineMoveToFreeList(), DetectParseFreeRegexes(), DPDKCleanupEAL(), FeatureTrackingRelease(), HostShutdown(), HTPAtExitPrintStats(), HTPFreeConfig(), LiveDeviceListClean(), MpmHSGlobalCleanup(), NFQContextsClean(), OutputDeregisterAll(), OutputTxShutdown(), ParseSizeDeinit(), SCInstance_::pid_filename, SCConfDeInit(), SCFree, SCLogDeInitLogModule(), SCPidfileRemove(), SCProtoNameRelease(), SigTableCleanup(), suricata, TagDestroyCtx(), ThresholdDestroy(), TimeDeinit(), TmModuleRunDeInit(), TmqhCleanup(), and VarNameStoreDestroy().
Referenced by main().
◆ GlobalsInitPreConfig()
| void GlobalsInitPreConfig | ( | void | ) |
Definition at line 364 of file suricata.c.
References SCProtoNameInit(), SCThresholdConfGlobalInit(), SupportFastPatternForSigMatchTypes(), and TimeInit().
Referenced by LLVMFuzzerTestOneInput(), RunUnittests(), and SuricataInit().
◆ InitGlobal()
| int InitGlobal | ( | void | ) |
Global initialization common to all runmodes.
This can be used by fuzz targets.
Definition at line 2880 of file suricata.c.
References DatalinkTableInit(), ParseSizeInit(), RunModeRegisterRunModes(), SC_ATOMIC_INIT, SCConfInit(), SCLogError, SCLogInitLogModule(), SCSetThreadName, suricata_context, tmm_modules, TMM_SIZE, UtilSignalBlock(), UtilSignalHandlerSetup(), and VarNameStoreInit().
Referenced by LLVMFuzzerTestOneInput().
◆ PostConfLoadedDetectSetup()
| void PostConfLoadedDetectSetup | ( | SCInstance * | suri | ) |
Definition at line 2557 of file suricata.c.
References de_ctx, and SCInstance_::disabled_detect.
◆ PostConfLoadedSetup()
| int PostConfLoadedSetup | ( | SCInstance * | suri | ) |
This function is meant to contain code that needs to be run once the configuration has been loaded.
Definition at line 2648 of file suricata.c.
References AppLayerSetup(), SCInstance_::capture_plugin_args, SCInstance_::capture_plugin_name, SCInstance_::checksum_validation, EngineModeIsUnknown(), EngineModeSetIDS(), FatalError, FeatureTrackingRegister(), FlowRateRegisterFlowStorage(), g_stats_eps_per_app_proto_errors, LiveDeviceFinalize(), LiveDevRegisterExtension(), LiveSetOffloadDisable(), LiveSetOffloadWarn(), MacSetRegisterFlowStorage(), MpmTableSetup(), RegisterFlowBypassInfo(), SCInstance_::run_mode, RUNMODE_AFP_DEV, SCInstance_::runmode_custom_mode, RunModeEngineIsIPS(), SCConfGet(), SCConfGetBool(), SCConfGetNode(), SCConfNodeChildValueIsTrue(), SCConfSet(), SCLogInfo, SCPluginsLoad(), SetMasterExceptionPolicy(), SigTableInit(), SpmTableSetup(), StorageInit(), StringParseUint16(), and suricata.
Referenced by LLVMFuzzerTestOneInput().
◆ PostRunDeinit()
| void PostRunDeinit | ( | const int | runmode, |
| struct timeval * | start_time | ||
| ) |
clean up / shutdown code for packet modes
Shuts down packet modes, so regular packet runmodes and the per pcap mode in the unix socket.
Definition at line 2273 of file suricata.c.
References FlowDisableFlowManagerThread(), FlowWorkToDoCleanup(), PacketPoolInit(), RUNMODE_UNIX_SOCKET, THV_FLOW_LOOP, THV_KILL, THV_REQ_FLOW_LOOP, THV_RUNNING_DONE, TmThreadDisablePacketThreads(), TmThreadDisableReceiveThreads(), and TmThreadsUnsealThreads().
Referenced by SuricataShutdown().
◆ PreRunInit()
| void PreRunInit | ( | const int | runmode | ) |
Definition at line 2228 of file suricata.c.
References AppLayerParserPostStreamSetup(), AppLayerRegisterGlobalCounters(), DefragInit(), FLOW_QUIET, FlowInitConfig(), HttpRangeContainersInit(), IPPairInitConfig(), OutputFilestoreRegisterGlobalCounters(), RUNMODE_UNIX_SOCKET, SCProfilingInit(), SCProfilingKeywordsGlobalInit(), SCProfilingPrefilterGlobalInit(), SCProfilingSghsGlobalInit(), StatsInit(), STREAM_VERBOSE, and StreamTcpInitConfig().
◆ PreRunPostPrivsDropInit()
| void PreRunPostPrivsDropInit | ( | const int | runmode | ) |
Definition at line 2257 of file suricata.c.
References DatasetsInit(), RUNMODE_UNIX_SOCKET, RunModeInitializeOutputs(), StatsSetupPostConfigPostOutput(), and StatsSetupPostConfigPreOutput().
◆ RegisterAllModules()
| void RegisterAllModules | ( | void | ) |
Definition at line 898 of file suricata.c.
References TmModuleBypassedFlowManagerRegister(), TmModuleDebugList(), TmModuleDecodeAFPRegister(), TmModuleDecodeAFXDPRegister(), TmModuleDecodeDPDKRegister(), TmModuleDecodeErfDagRegister(), TmModuleDecodeErfFileRegister(), TmModuleDecodeIPFWRegister(), TmModuleDecodeLibRegister(), TmModuleDecodeNetmapRegister(), TmModuleDecodeNFLOGRegister(), TmModuleDecodeNFQRegister(), TmModuleDecodePcapFileRegister(), TmModuleDecodePcapRegister(), TmModuleDecodeWinDivertRegister(), TmModuleFlowManagerRegister(), TmModuleFlowRecyclerRegister(), TmModuleFlowWorkerRegister(), TmModuleLoggerRegister(), TmModuleReceiveAFPRegister(), TmModuleReceiveAFXDPRegister(), TmModuleReceiveDPDKRegister(), TmModuleReceiveErfDagRegister(), TmModuleReceiveErfFileRegister(), TmModuleReceiveIPFWRegister(), TmModuleReceiveNetmapRegister(), TmModuleReceiveNFLOGRegister(), TmModuleReceiveNFQRegister(), TmModuleReceivePcapFileRegister(), TmModuleReceivePcapRegister(), TmModuleReceiveWinDivertRegister(), TmModuleRespondRejectRegister(), TmModuleStatsLoggerRegister(), TmModuleUnixManagerRegister(), TmModuleVerdictIPFWRegister(), TmModuleVerdictNFQRegister(), and TmModuleVerdictWinDivertRegister().
Referenced by RunUnittests().
◆ RunmodeIsUnittests()
| int RunmodeIsUnittests | ( | void | ) |
Definition at line 257 of file suricata.c.
References SCInstance_::run_mode, RUNMODE_UNITTEST, and suricata.
Referenced by AppLayerParserConfParserEnabled(), AppLayerProtoDetectConfProtoDetectionEnabledDefault(), DetectEngineThreadCtxInit(), RegisterDNP3Parsers(), RegisterTFTPParsers(), StreamTcpDecrMemuse(), StreamTcpInitConfig(), StreamTcpThreadCacheReturnSegment(), and StreamTcpThreadCacheReturnSession().
◆ SCFinalizeRunMode()
| int SCFinalizeRunMode | ( | void | ) |
Definition at line 2383 of file suricata.c.
References SCInstance_::run_mode, RUNMODE_UNKNOWN, and suricata.
Referenced by main().
◆ SCLoadYamlConfig()
| TmEcode SCLoadYamlConfig | ( | void | ) |
Definition at line 963 of file suricata.c.
References SCInstance_::additional_configs, SCInstance_::conf_filename, DEFAULT_CONF_FILE, SCConfGetRootNode(), SCConfYamlHandleInclude(), SCConfYamlLoadFile(), SCEnter, SCReturnInt, suricata, TM_ECODE_FAILED, and TM_ECODE_OK.
Referenced by main().
◆ SCParseCommandLine()
| TmEcode SCParseCommandLine | ( | int | argc, |
| char ** | argv | ||
| ) |
Definition at line 1320 of file suricata.c.
References SCInstance_::capture_plugin_args, SCInstance_::capture_plugin_name, coverage_unittests, engine_analysis, g_disable_randomness, g_skip_prefilter, g_ut_covered, g_ut_modules, LiveRegisterDeviceName(), name, SCInstance_::pcap_dev, SCInstance_::run_mode, RUNMODE_PLUGIN, SCConfSetFinal(), SCLogError, strlcpy(), suricata, TM_ECODE_FAILED, and TM_ECODE_OK.
Referenced by main().
◆ SCRunmodeGet()
| SCRunMode SCRunmodeGet | ( | void | ) |
Get the current run mode.
Definition at line 266 of file suricata.c.
References SCInstance_::run_mode, and suricata.
Referenced by ConfUnixSocketIsEnable(), DPDKCleanupEAL(), DPDKCloseDevice(), DPDKFreeDevice(), RunModeGetMainMode(), and SigLoadSignatures().
◆ SCRunmodeSet()
| void SCRunmodeSet | ( | SCRunMode | run_mode | ) |
Set the current run mode.
Mainly exposed outside of suricata.c as a unit-test helper.
Definition at line 271 of file suricata.c.
References SCInstance_::run_mode, and suricata.
Referenced by LLVMFuzzerTestOneInput(), and main().
◆ SCStartInternalRunMode()
| int SCStartInternalRunMode | ( | int | argc, |
| char ** | argv | ||
| ) |
Definition at line 2327 of file suricata.c.
References SCInstance_::conf_filename, DEFAULT_CONF_FILE, SCInstance_::keyword_info, ListAppLayerProtocols(), ListKeywords(), SCInstance_::run_mode, RUNMODE_LIST_APP_LAYERS, RUNMODE_LIST_KEYWORDS, RUNMODE_PRINT_VERSION, and suricata.
Referenced by main().
◆ SuricataInit()
| void SuricataInit | ( | void | ) |
Definition at line 2927 of file suricata.c.
References g_livedev_mask, g_recurlvl_mask, g_vlan_mask, GlobalsInitPreConfig(), SCInstance_::run_mode, RUNMODE_DUMP_CONFIG, SCConfDump(), SCConfGetBool(), SCLogDebug, and suricata.
Referenced by main().
◆ SuricataMainLoop()
| void SuricataMainLoop | ( | void | ) |
Definition at line 2837 of file suricata.c.
References DetectEngineReload(), DetectEngineReloadIsStart(), DetectEngineReloadSetIdle(), DetectEngineReloadStart(), OutputNotifyFileRotation(), SCLogNotice, sighup_count, sigint_count, sigterm_count, sigusr2_count, suricata, suricata_ctl_flags, SURICATA_STOP, and TmThreadCheckThreadState().
Referenced by main().
◆ SuricataPostInit()
| void SuricataPostInit | ( | void | ) |
Definition at line 3024 of file suricata.c.
References FatalError, geteuid, PacketPoolPostRunmodes(), prerun_snap, SC_ATOMIC_SET, SCConfGetBool(), SCLogWarning, SURICATA_RUNTIME, SystemHugepageSnapshotDestroy(), TM_ECODE_FAILED, TM_ECODE_OK, TmThreadContinueThreads(), TmThreadWaitOnThreadInit(), and TmThreadWaitOnThreadRunning().
Referenced by main().
◆ SuricataPreInit()
| void SuricataPreInit | ( | const char * | progname | ) |
Definition at line 2918 of file suricata.c.
Referenced by main().
◆ SuricataShutdown()
| void SuricataShutdown | ( | void | ) |
Definition at line 3013 of file suricata.c.
References PostRunDeinit(), SCInstance_::run_mode, SC_ATOMIC_SET, SCInstance_::start_time, suricata, SURICATA_DEINIT, TmThreadKillThreads(), and UnixSocketKillSocketThread().
Referenced by main().
◆ SuriHasSigFile()
| int SuriHasSigFile | ( | void | ) |
Definition at line 224 of file suricata.c.
References SCInstance_::sig_file, and suricata.
Variable Documentation
◆ g_disable_hashing
| bool g_disable_hashing |
Definition at line 213 of file suricata.c.
Referenced by FileForceHashParseCfg(), SSLEnableJA3(), and SSLEnableJA4().
◆ g_disable_randomness
| int g_disable_randomness |
disable randomness to get reproducible results across runs
Definition at line 194 of file suricata.c.
Referenced by RandomGet(), and SCParseCommandLine().
◆ g_livedev_mask
| uint16_t g_livedev_mask |
determine (without branching) if we include the livedev ids when hashing or comparing flows
Definition at line 205 of file suricata.c.
Referenced by FlowKeyGetHash(), and SuricataInit().
◆ g_recurlvl_mask
| uint8_t g_recurlvl_mask |
determine (without branching) if we include the recursion levels when hashing or comparing flows
Definition at line 209 of file suricata.c.
Referenced by FlowKeyGetHash(), and SuricataInit().
◆ g_vlan_mask
| uint16_t g_vlan_mask |
determine (without branching) if we include the vlan_ids when hashing or comparing flows
Definition at line 201 of file suricata.c.
Referenced by FlowKeyGetHash(), and SuricataInit().
◆ suricata_ctl_flags
| volatile uint8_t suricata_ctl_flags |
suricata engine control flags
Definition at line 171 of file suricata.c.
Referenced by EngineDone(), EngineStop(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), and SuricataMainLoop().
