suricata
suricata.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /** \mainpage Doxygen documentation
19  *
20  * \section intro_sec Introduction
21  *
22  * The Suricata Engine is an Open Source Next Generation Intrusion Detection
23  * and Prevention Engine. This engine is not intended to just replace or
24  * emulate the existing tools in the industry, but will bring new ideas and
25  * technologies to the field.
26  *
27  * \section dev_doc Developer documentation
28  *
29  * You've reach the automically generated documentation of Suricata. This
30  * document contains information about architecture and code structure. It
31  * is attended for developers wanting to understand or contribute to Suricata.
32  *
33  * \subsection modules Modules
34  *
35  * Documentation is generate from comments placed in all parts of the code.
36  * But you will also find some groups describing specific functional parts:
37  * - \ref decode
38  * - \ref httplayer
39  * - \ref sigstate
40  * - \ref threshold
41  *
42  * \section archi Architecture
43  *
44  * \subsection datastruct Data structures
45  *
46  * Regarding matching, there is three main data structures which are:
47  * - ::Packet: Data relative to an individual packet with information about
48  * linked structure such as the ::Flow the ::Packet belongs to.
49  * - ::Flow: Information about a flow for example a TCP session
50  *
51  * \subsection runmode Running mode
52  *
53  * Suricata is multithreaded and running modes define how the different
54  * threads are working together. You can see util-runmodes.c for example
55  * of running mode.
56  */
57 
58 /**
59  * \file
60  *
61  * \author Victor Julien <victor@inliniac.net>
62  */
63 
64 #ifndef __SURICATA_H__
65 #define __SURICATA_H__
66 
67 #include "suricata-common.h"
68 
69 /* the name of our binary */
70 #define PROG_NAME "Suricata"
71 #define PROG_VER PACKAGE_VERSION
72 
73 /* workaround SPlint error (don't know __gnuc_va_list) */
74 #ifdef S_SPLINT_S
75 # include <err.h>
76 # define CONFIG_DIR "/etc/suricata"
77 #endif
78 
79 #define DEFAULT_CONF_FILE CONFIG_DIR "/suricata.yaml"
80 
81 #define DEFAULT_PID_DIR LOCAL_STATE_DIR "/run/"
82 #define DEFAULT_PID_BASENAME "suricata.pid"
83 #define DEFAULT_PID_FILENAME DEFAULT_PID_DIR DEFAULT_PID_BASENAME
84 
85 #define DOC_URL "https://suricata.readthedocs.io/en/"
86 const char *GetDocURL(void);
87 
88 /* runtime engine control flags */
89 #define SURICATA_STOP (1 << 0) /**< gracefully stop the engine: process all
90  outstanding packets first */
91 #define SURICATA_DONE (1 << 2) /**< packets capture ended */
92 
93 /* Engine stage/status*/
94 enum {
95  SURICATA_INIT = 0,
96  SURICATA_RUNTIME,
97  SURICATA_DEINIT
98 };
99 
100 /* Engine is acting as */
101 enum EngineMode {
102  ENGINE_MODE_IDS,
103  ENGINE_MODE_IPS,
104 };
105 
106 void EngineModeSetIPS(void);
107 void EngineModeSetIDS(void);
108 int EngineModeIsIPS(void);
109 int EngineModeIsIDS(void);
110 
111 /* Box is acting as router */
112 enum {
113  SURI_HOST_IS_SNIFFER_ONLY,
114  SURI_HOST_IS_ROUTER,
115 };
116 
117 #define IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) ((host_mode) == SURI_HOST_IS_SNIFFER_ONLY)
118 #define IS_SURI_HOST_MODE_ROUTER(host_mode) ((host_mode) == SURI_HOST_IS_ROUTER)
119 
120 #include "runmodes.h"
121 
122 typedef struct SCInstance_ {
123  enum RunModes run_mode;
124  enum RunModes aux_run_mode;
125 
126  char pcap_dev[128];
127  char *sig_file;
128  int sig_file_exclusive;
129  char *pid_filename;
130  char *regex_arg;
131 
132  char *keyword_info;
133  char *runmode_custom_mode;
134 #ifndef OS_WIN32
135  const char *user_name;
136  const char *group_name;
137  uint8_t do_setuid;
138  uint8_t do_setgid;
139 #endif /* OS_WIN32 */
140  uint32_t userid;
141  uint32_t groupid;
142 
143  bool system;
144  bool set_logdir;
145  bool set_datadir;
146  bool unix_socket_enabled;
147 
148  int delayed_detect;
149  int disabled_detect;
150  int daemon;
151  int offline;
152  int verbose;
153  int checksum_validation;
154 
155  struct timeval start_time;
156 
157  const char *log_dir;
158  const char *progname; /**< pointer to argv[0] */
159  const char *conf_filename;
160  const char **additional_configs;
161  char *strict_rule_parsing_string;
162 
163  const char *capture_plugin_name;
164  const char *capture_plugin_args;
165 } SCInstance;
166 
167 
168 /* memset to zeros, and mutex init! */
169 void GlobalsInitPreConfig(void);
170 
171 extern volatile uint8_t suricata_ctl_flags;
172 extern int g_disable_randomness;
173 extern uint16_t g_vlan_mask;
174 
175 /* Flag to disable hashing (almost) globally. */
176 extern bool g_disable_hashing;
177 
178 void EngineStop(void);
179 void EngineDone(void);
180 
181 #ifdef UNITTESTS
182 int RunmodeIsUnittests(void);
183 #else
184 #define RunmodeIsUnittests() 0
185 #endif
186 int RunmodeGetCurrent(void);
187 int IsRuleReloadSet(int quiet);
188 
189 int SuriHasSigFile(void);
190 
191 extern int run_mode;
192 
193 int SuricataMain(int argc, char **argv);
194 int InitGlobal(void);
195 int PostConfLoadedSetup(SCInstance *suri);
196 void PostConfLoadedDetectSetup(SCInstance *suri);
197 
198 void PreRunInit(const int runmode);
199 void PreRunPostPrivsDropInit(const int runmode);
200 void PostRunDeinit(const int runmode, struct timeval *start_time);
201 void RegisterAllModules(void);
202 
203 const char *GetProgramVersion(void);
204 
205 #endif /* __SURICATA_H__ */
206 
SCInstance_::run_mode
enum RunModes run_mode
Definition: suricata.h:123
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:201
SCInstance_::groupid
uint32_t groupid
Definition: suricata.h:141
SCInstance_::daemon
int daemon
Definition: suricata.h:150
SCInstance_::checksum_validation
int checksum_validation
Definition: suricata.h:153
SCInstance_::start_time
struct timeval start_time
Definition: suricata.h:155
g_vlan_mask
uint16_t g_vlan_mask
Definition: suricata.c:197
SCInstance
struct SCInstance_ SCInstance
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:232
SCInstance_::group_name
const char * group_name
Definition: suricata.h:136
SCInstance_::runmode_custom_mode
char * runmode_custom_mode
Definition: suricata.h:133
SCInstance_::userid
uint32_t userid
Definition: suricata.h:140
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:2842
ENGINE_MODE_IPS
@ ENGINE_MODE_IPS
Definition: suricata.h:103
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:427
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2244
SCInstance_::conf_filename
const char * conf_filename
Definition: suricata.h:159
SURICATA_INIT
@ SURICATA_INIT
Definition: suricata.h:95
SCInstance_::capture_plugin_name
const char * capture_plugin_name
Definition: suricata.h:163
SURI_HOST_IS_SNIFFER_ONLY
@ SURI_HOST_IS_SNIFFER_ONLY
Definition: suricata.h:113
EngineMode
EngineMode
Definition: suricata.h:101
SCInstance_::set_datadir
bool set_datadir
Definition: suricata.h:145
SCInstance_::capture_plugin_args
const char * capture_plugin_args
Definition: suricata.h:164
SURI_HOST_IS_ROUTER
@ SURI_HOST_IS_ROUTER
Definition: suricata.h:114
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:211
EngineDone
void EngineDone(void)
Used to indicate that the current task is done.
Definition: suricata.c:438
RunModes
RunModes
Definition: runmodes.h:27
PostConfLoadedDetectSetup
void PostConfLoadedDetectSetup(SCInstance *suri)
Definition: suricata.c:2531
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:334
SCInstance_::unix_socket_enabled
bool unix_socket_enabled
Definition: suricata.h:146
RunmodeGetCurrent
int RunmodeGetCurrent(void)
Definition: suricata.c:241
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:148
SCInstance_::progname
const char * progname
Definition: suricata.h:158
SCInstance_::pcap_dev
char pcap_dev[128]
Definition: suricata.h:126
SCInstance_::user_name
const char * user_name
Definition: suricata.h:135
SCInstance_::offline
int offline
Definition: suricata.h:151
GetProgramVersion
const char * GetProgramVersion(void)
get string with program version
Definition: suricata.c:1126
SURICATA_DEINIT
@ SURICATA_DEINIT
Definition: suricata.h:97
EngineModeSetIDS
void EngineModeSetIDS(void)
Definition: suricata.c:226
SCInstance_::verbose
int verbose
Definition: suricata.h:152
SCInstance_::aux_run_mode
enum RunModes aux_run_mode
Definition: suricata.h:124
SCInstance_::additional_configs
const char ** additional_configs
Definition: suricata.h:160
SCInstance_::set_logdir
bool set_logdir
Definition: suricata.h:144
SCInstance_::log_dir
const char * log_dir
Definition: suricata.h:157
runmodes.h
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:96
EngineModeSetIPS
void EngineModeSetIPS(void)
Definition: suricata.c:221
SCInstance_::strict_rule_parsing_string
char * strict_rule_parsing_string
Definition: suricata.h:161
suricata-common.h
IsRuleReloadSet
int IsRuleReloadSet(int quiet)
SCInstance_::sig_file
char * sig_file
Definition: suricata.h:127
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:2219
SCInstance_::sig_file_exclusive
int sig_file_exclusive
Definition: suricata.h:128
SCInstance_::system
bool system
Definition: suricata.h:143
SCInstance_::pid_filename
char * pid_filename
Definition: suricata.h:129
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
Definition: suricata.c:2266
EngineModeIsIDS
int EngineModeIsIDS(void)
Definition: suricata.c:216
SCInstance_::do_setgid
uint8_t do_setgid
Definition: suricata.h:138
SCInstance_
Definition: suricata.h:122
SCInstance_::disabled_detect
int disabled_detect
Definition: suricata.h:149
run_mode
int run_mode
Definition: suricata.c:167
ENGINE_MODE_IDS
@ ENGINE_MODE_IDS
Definition: suricata.h:102
RegisterAllModules
void RegisterAllModules(void)
Definition: suricata.c:881
SCInstance_::regex_arg
char * regex_arg
Definition: suricata.h:130
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:164
g_disable_randomness
int g_disable_randomness
Definition: suricata.c:190
SCInstance_::keyword_info
char * keyword_info
Definition: suricata.h:132
SCInstance_::do_setuid
uint8_t do_setuid
Definition: suricata.h:137
SuricataMain
int SuricataMain(int argc, char **argv)
Definition: suricata.c:2874
SuriHasSigFile
int SuriHasSigFile(void)
Definition: suricata.c:206
GetDocURL
const char * GetDocURL(void)
Definition: suricata.c:1105
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2624