Go to the source code of this file.
Data Structures | |
| struct | SCInstance_ |
Macros | |
| #define | PROG_NAME "Suricata" |
| #define | PROG_VER PACKAGE_VERSION |
| #define | DEFAULT_CONF_FILE CONFIG_DIR "/suricata.yaml" |
| #define | DEFAULT_PID_DIR LOCAL_STATE_DIR "/run/" |
| #define | DEFAULT_PID_BASENAME "suricata.pid" |
| #define | DEFAULT_PID_FILENAME DEFAULT_PID_DIR DEFAULT_PID_BASENAME |
| #define | DOC_URL "https://docs.suricata.io/en/" |
| #define | SURICATA_STOP (1 << 0) |
| #define | SURICATA_DONE (1 << 2) |
| #define | IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) ((host_mode) == SURI_HOST_IS_SNIFFER_ONLY) |
Typedefs | |
| typedef struct SCInstance_ | SCInstance |
Enumerations | |
| enum | { SURICATA_INIT = 0, SURICATA_RUNTIME, SURICATA_DEINIT } |
| enum | EngineMode { ENGINE_MODE_UNKNOWN, ENGINE_MODE_IDS, ENGINE_MODE_IPS } |
| enum | { SURI_HOST_IS_SNIFFER_ONLY, SURI_HOST_IS_ROUTER } |
Functions | |
| const char * | GetDocURL (void) |
| void | EngineModeSetIPS (void) |
| void | EngineModeSetIDS (void) |
| int | EngineModeIsUnknown (void) |
| int | EngineModeIsIPS (void) |
| int | EngineModeIsIDS (void) |
| void | GlobalsInitPreConfig (void) |
| void | EngineStop (void) |
| make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached. More... | |
| void | EngineDone (void) |
| Used to indicate that the current task is done. More... | |
| int | RunmodeIsUnittests (void) |
| int | RunmodeGetCurrent (void) |
| int | SuriHasSigFile (void) |
| int | SuricataMain (int argc, char **argv) |
| int | InitGlobal (void) |
| Global initialization common to all runmodes. More... | |
| int | PostConfLoadedSetup (SCInstance *suri) |
| void | PostConfLoadedDetectSetup (SCInstance *suri) |
| void | PreRunInit (const int runmode) |
| void | PreRunPostPrivsDropInit (const int runmode) |
| void | PostRunDeinit (const int runmode, struct timeval *start_time) |
| void | RegisterAllModules (void) |
| const char * | GetProgramVersion (void) |
| get string with program version More... | |
Variables | |
| volatile uint8_t | suricata_ctl_flags |
| int | g_disable_randomness |
| uint16_t | g_vlan_mask |
| uint16_t | g_livedev_mask |
| bool | g_disable_hashing |
| int | run_mode |
Detailed Description
Definition in file suricata.h.
Macro Definition Documentation
◆ DEFAULT_CONF_FILE
| #define DEFAULT_CONF_FILE CONFIG_DIR "/suricata.yaml" |
Definition at line 80 of file suricata.h.
◆ DEFAULT_PID_BASENAME
| #define DEFAULT_PID_BASENAME "suricata.pid" |
Definition at line 83 of file suricata.h.
◆ DEFAULT_PID_DIR
| #define DEFAULT_PID_DIR LOCAL_STATE_DIR "/run/" |
Definition at line 82 of file suricata.h.
◆ DEFAULT_PID_FILENAME
| #define DEFAULT_PID_FILENAME DEFAULT_PID_DIR DEFAULT_PID_BASENAME |
Definition at line 84 of file suricata.h.
◆ DOC_URL
| #define DOC_URL "https://docs.suricata.io/en/" |
Definition at line 86 of file suricata.h.
◆ IS_SURI_HOST_MODE_SNIFFER_ONLY
| #define IS_SURI_HOST_MODE_SNIFFER_ONLY | ( | host_mode | ) | ((host_mode) == SURI_HOST_IS_SNIFFER_ONLY) |
Definition at line 120 of file suricata.h.
◆ PROG_NAME
| #define PROG_NAME "Suricata" |
Definition at line 71 of file suricata.h.
◆ PROG_VER
| #define PROG_VER PACKAGE_VERSION |
Definition at line 72 of file suricata.h.
◆ SURICATA_DONE
| #define SURICATA_DONE (1 << 2) |
packets capture ended
Definition at line 92 of file suricata.h.
◆ SURICATA_STOP
| #define SURICATA_STOP (1 << 0) |
gracefully stop the engine: process all outstanding packets first
Definition at line 91 of file suricata.h.
Typedef Documentation
◆ SCInstance
| typedef struct SCInstance_ SCInstance |
Enumeration Type Documentation
◆ anonymous enum
| anonymous enum |
| Enumerator | |
|---|---|
| SURICATA_INIT | |
| SURICATA_RUNTIME | |
| SURICATA_DEINIT | |
Definition at line 94 of file suricata.h.
◆ anonymous enum
| anonymous enum |
| Enumerator | |
|---|---|
| SURI_HOST_IS_SNIFFER_ONLY | |
| SURI_HOST_IS_ROUTER | |
Definition at line 114 of file suricata.h.
◆ EngineMode
| enum EngineMode |
| Enumerator | |
|---|---|
| ENGINE_MODE_UNKNOWN | |
| ENGINE_MODE_IDS | |
| ENGINE_MODE_IPS | |
Definition at line 101 of file suricata.h.
Function Documentation
◆ EngineDone()
| void EngineDone | ( | void | ) |
Used to indicate that the current task is done.
This is mainly used by pcap-file to tell it has finished to treat a pcap files when running in unix-socket mode.
Definition at line 453 of file suricata.c.
References suricata_ctl_flags, and SURICATA_DONE.
◆ EngineModeIsIDS()
| int EngineModeIsIDS | ( | void | ) |
Definition at line 234 of file suricata.c.
References DEBUG_VALIDATE_BUG_ON.
◆ EngineModeIsIPS()
| int EngineModeIsIPS | ( | void | ) |
Definition at line 228 of file suricata.c.
References DEBUG_VALIDATE_BUG_ON.
Referenced by AlertFastLogger(), AlertJsonHeader(), CaptureStatsSetup(), CaptureStatsUpdate(), EveAddVerdict(), ExceptionPolicyParse(), FlowHandlePacketUpdate(), and StreamTcpInitConfig().
◆ EngineModeIsUnknown()
| int EngineModeIsUnknown | ( | void | ) |
Definition at line 223 of file suricata.c.
Referenced by PostConfLoadedSetup().
◆ EngineModeSetIDS()
| void EngineModeSetIDS | ( | void | ) |
Definition at line 245 of file suricata.c.
Referenced by ListAppLayerProtocols(), ListKeywords(), LLVMFuzzerTestOneInput(), PostConfLoadedSetup(), and RunUnittests().
◆ EngineModeSetIPS()
| void EngineModeSetIPS | ( | void | ) |
Definition at line 240 of file suricata.c.
◆ EngineStop()
| void EngineStop | ( | void | ) |
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be able to tell the engine the file eof is reached.
Definition at line 442 of file suricata.c.
References suricata_ctl_flags, and SURICATA_STOP.
Referenced by ReceiveErfFileLoop().
◆ GetDocURL()
| const char* GetDocURL | ( | void | ) |
Definition at line 1105 of file suricata.c.
References DOC_URL, GetProgramVersion(), and PROG_VER.
◆ GetProgramVersion()
| const char* GetProgramVersion | ( | void | ) |
get string with program version
Get the program version as passed to us from AC_INIT
Add 'RELEASE' is no '-dev' in the version. Add the REVISION if passed to us.
Possible outputs: release: '5.0.1 RELEASE' dev with rev: '5.0.1-dev (64a789bbf 2019-10-18)' dev w/o rev: '5.0.1-dev'
Definition at line 1126 of file suricata.c.
References PROG_VER, and xstr.
Referenced by GetDocURL().
◆ GlobalsInitPreConfig()
| void GlobalsInitPreConfig | ( | void | ) |
Definition at line 353 of file suricata.c.
References FrameConfigInit(), SCProtoNameInit(), SCThresholdConfGlobalInit(), SupportFastPatternForSigMatchTypes(), and TimeInit().
Referenced by LLVMFuzzerTestOneInput(), and RunUnittests().
◆ InitGlobal()
| int InitGlobal | ( | void | ) |
Global initialization common to all runmodes.
This can be used by fuzz targets.
Definition at line 2850 of file suricata.c.
References ConfInit(), ParseSizeInit(), RunModeRegisterRunModes(), SC_ATOMIC_INIT, SCLogError, SCLogInitLogModule(), SCSetThreadName, suricata_context, UtilSignalBlock(), UtilSignalHandlerSetup(), and VarNameStoreInit().
Referenced by LLVMFuzzerTestOneInput().
◆ PostConfLoadedDetectSetup()
| void PostConfLoadedDetectSetup | ( | SCInstance * | suri | ) |
Definition at line 2536 of file suricata.c.
References de_ctx, and SCInstance_::disabled_detect.
◆ PostConfLoadedSetup()
| int PostConfLoadedSetup | ( | SCInstance * | suri | ) |
This function is meant to contain code that needs to be run once the configuration has been loaded.
Definition at line 2627 of file suricata.c.
References AppLayerSetup(), SCInstance_::capture_plugin_name, SCInstance_::checksum_validation, ConfGet(), ConfGetBool(), ConfSet(), EngineModeIsUnknown(), EngineModeSetIDS(), LiveDeviceFinalize(), LiveDevRegisterExtension(), LiveSetOffloadDisable(), LiveSetOffloadWarn(), MacSetRegisterFlowStorage(), MpmTableSetup(), RegisterFlowBypassInfo(), SCInstance_::run_mode, RUNMODE_AFP_DEV, SCInstance_::runmode_custom_mode, RunModeEngineIsIPS(), SCLogInfo, SCReturnInt, SetMasterExceptionPolicy(), SpmTableSetup(), StorageInit(), StringParseUint16(), suricata, and TM_ECODE_FAILED.
Referenced by LLVMFuzzerTestOneInput().
◆ PostRunDeinit()
| void PostRunDeinit | ( | const int | runmode, |
| struct timeval * | start_time | ||
| ) |
Definition at line 2265 of file suricata.c.
References FlowDisableFlowManagerThread(), FlowForceReassembly(), PacketPoolInit(), RUNMODE_UNIX_SOCKET, TmThreadDisablePacketThreads(), and TmThreadDisableReceiveThreads().
Referenced by PreRunPostPrivsDropInit().
◆ PreRunInit()
| void PreRunInit | ( | const int | runmode | ) |
Definition at line 2214 of file suricata.c.
References AppLayerParserPostStreamSetup(), AppLayerRegisterGlobalCounters(), DefragInit(), FLOW_QUIET, FlowInitConfig(), HttpRangeContainersInit(), IPPairInitConfig(), OutputFilestoreRegisterGlobalCounters(), RUNMODE_UNIX_SOCKET, SCProfilingInit(), SCProfilingKeywordsGlobalInit(), SCProfilingPrefilterGlobalInit(), SCProfilingRulesGlobalInit(), SCProfilingSghsGlobalInit(), StatsInit(), STREAM_VERBOSE, and StreamTcpInitConfig().
◆ PreRunPostPrivsDropInit()
| void PreRunPostPrivsDropInit | ( | const int | runmode | ) |
Definition at line 2243 of file suricata.c.
References DatasetsInit(), PostRunDeinit(), RUNMODE_PCAP_FILE, RUNMODE_UNIX_SOCKET, RunModeInitializeOutputs(), StatsSetupPostConfigPostOutput(), and StatsSetupPostConfigPreOutput().
◆ RegisterAllModules()
| void RegisterAllModules | ( | void | ) |
Definition at line 881 of file suricata.c.
References tmm_modules, TMM_SIZE, TmModuleBypassedFlowManagerRegister(), TmModuleDebugList(), TmModuleDecodeAFPRegister(), TmModuleDecodeAFXDPRegister(), TmModuleDecodeDPDKRegister(), TmModuleDecodeErfDagRegister(), TmModuleDecodeErfFileRegister(), TmModuleDecodeIPFWRegister(), TmModuleDecodeNetmapRegister(), TmModuleDecodeNFLOGRegister(), TmModuleDecodeNFQRegister(), TmModuleDecodePcapFileRegister(), TmModuleDecodePcapRegister(), TmModuleDecodePfringRegister(), TmModuleDecodeWinDivertRegister(), TmModuleFlowManagerRegister(), TmModuleFlowRecyclerRegister(), TmModuleFlowWorkerRegister(), TmModuleLoggerRegister(), TmModuleNapatechDecodeRegister(), TmModuleNapatechStreamRegister(), TmModuleReceiveAFPRegister(), TmModuleReceiveAFXDPRegister(), TmModuleReceiveDPDKRegister(), TmModuleReceiveErfDagRegister(), TmModuleReceiveErfFileRegister(), TmModuleReceiveIPFWRegister(), TmModuleReceiveNetmapRegister(), TmModuleReceiveNFLOGRegister(), TmModuleReceiveNFQRegister(), TmModuleReceivePcapFileRegister(), TmModuleReceivePcapRegister(), TmModuleReceivePfringRegister(), TmModuleReceiveWinDivertRegister(), TmModuleRespondRejectRegister(), TmModuleStatsLoggerRegister(), TmModuleUnixManagerRegister(), TmModuleVerdictIPFWRegister(), TmModuleVerdictNFQRegister(), and TmModuleVerdictWinDivertRegister().
Referenced by RunUnittests().
◆ RunmodeGetCurrent()
| int RunmodeGetCurrent | ( | void | ) |
Definition at line 260 of file suricata.c.
References run_mode.
Referenced by ConfUnixSocketIsEnable(), RunModeGetMainMode(), and SigLoadSignatures().
◆ RunmodeIsUnittests()
| int RunmodeIsUnittests | ( | void | ) |
Definition at line 251 of file suricata.c.
References run_mode, and RUNMODE_UNITTEST.
Referenced by AppLayerParserConfParserEnabled(), AppLayerProtoDetectConfProtoDetectionEnabledDefault(), DetectEngineThreadCtxInit(), RegisterDNP3Parsers(), RegisterENIPTCPParsers(), RegisterENIPUDPParsers(), RegisterTFTPParsers(), StreamTcpDecrMemuse(), StreamTcpInitConfig(), StreamTcpReassembleDecrMemuse(), StreamTcpThreadCacheReturnSegment(), and StreamTcpThreadCacheReturnSession().
◆ SuricataMain()
| int SuricataMain | ( | int | argc, |
| char ** | argv | ||
| ) |
Definition at line 2883 of file suricata.c.
Referenced by main().
◆ SuriHasSigFile()
| int SuriHasSigFile | ( | void | ) |
Definition at line 218 of file suricata.c.
References SCInstance_::sig_file, and suricata.
Variable Documentation
◆ g_disable_hashing
| bool g_disable_hashing |
Definition at line 213 of file suricata.c.
Referenced by FileForceHashParseCfg(), and SSLEnableJA3().
◆ g_disable_randomness
| int g_disable_randomness |
disable randomness to get reproducible results across runs
Definition at line 198 of file suricata.c.
Referenced by RandomGet().
◆ g_livedev_mask
| uint16_t g_livedev_mask |
determine (without branching) if we include the livedev ids when hashing or comparing flows
Definition at line 209 of file suricata.c.
Referenced by FlowKeyGetHash().
◆ g_vlan_mask
| uint16_t g_vlan_mask |
determine (without branching) if we include the vlan_ids when hashing or comparing flows
Definition at line 205 of file suricata.c.
Referenced by FlowGetIpPairProtoHash(), and FlowKeyGetHash().
◆ run_mode
| int run_mode |
Run mode selected
Definition at line 175 of file suricata.c.
Referenced by RunmodeGetCurrent(), and RunmodeIsUnittests().
◆ suricata_ctl_flags
| volatile uint8_t suricata_ctl_flags |
suricata engine control flags
Definition at line 172 of file suricata.c.
Referenced by EngineDone(), EngineStop(), ReceiveErfDagLoop(), ReceiveErfFileLoop(), and ReceivePfringLoop().
