suricata
suricata.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2014 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /** \mainpage Doxygen documentation
19  *
20  * \section intro_sec Introduction
21  *
22  * The Suricata Engine is an Open Source Next Generation Intrusion Detection
23  * and Prevention Engine. This engine is not intended to just replace or
24  * emulate the existing tools in the industry, but will bring new ideas and
25  * technologies to the field.
26  *
27  * \section dev_doc Developer documentation
28  *
29  * You've reach the automatically generated documentation of Suricata. This
30  * document contains information about architecture and code structure. It
31  * is attended for developers wanting to understand or contribute to Suricata.
32  *
33  * \subsection modules Modules
34  *
35  * Documentation is generate from comments placed in all parts of the code.
36  * But you will also find some groups describing specific functional parts:
37  * - \ref decode
38  * - \ref httplayer
39  * - \ref sigstate
40  * - \ref threshold
41  *
42  * \section archi Architecture
43  *
44  * \subsection datastruct Data structures
45  *
46  * Regarding matching, there is three main data structures which are:
47  * - ::Packet: Data relative to an individual packet with information about
48  * linked structure such as the ::Flow the ::Packet belongs to.
49  * - ::Flow: Information about a flow for example a TCP session
50  *
51  * \subsection runmode Running mode
52  *
53  * Suricata is multithreaded and running modes define how the different
54  * threads are working together. You can see util-runmodes.c for example
55  * of running mode.
56  */
57 
58 /**
59  * \file
60  *
61  * \author Victor Julien <victor@inliniac.net>
62  */
63 
64 #ifndef __SURICATA_H__
65 #define __SURICATA_H__
66 
67 #include "suricata-common.h"
68 
69 /* the name of our binary */
70 #define PROG_NAME "Suricata"
71 #define PROG_VER PACKAGE_VERSION
72 
73 /* workaround SPlint error (don't know __gnuc_va_list) */
74 #ifdef S_SPLINT_S
75 # include <err.h>
76 # define CONFIG_DIR "/etc/suricata"
77 #endif
78 
79 #define DEFAULT_CONF_FILE CONFIG_DIR "/suricata.yaml"
80 
81 #define DEFAULT_PID_DIR LOCAL_STATE_DIR "/run/"
82 #define DEFAULT_PID_BASENAME "suricata.pid"
83 #define DEFAULT_PID_FILENAME DEFAULT_PID_DIR DEFAULT_PID_BASENAME
84 
85 #define DOC_URL "https://docs.suricata.io/en/"
86 const char *GetDocURL(void);
87 
88 /* runtime engine control flags */
89 #define SURICATA_STOP (1 << 0) /**< gracefully stop the engine: process all
90  outstanding packets first */
91 #define SURICATA_DONE (1 << 2) /**< packets capture ended */
92 
93 /* Engine stage/status*/
94 enum {
95  SURICATA_INIT = 0,
96  SURICATA_RUNTIME,
97  SURICATA_DEINIT
98 };
99 
100 /* Engine is acting as */
101 enum EngineMode {
102  ENGINE_MODE_UNKNOWN,
103  ENGINE_MODE_IDS,
104  ENGINE_MODE_IPS,
105 };
106 
107 void EngineModeSetIPS(void);
108 void EngineModeSetIDS(void);
109 int EngineModeIsUnknown(void);
110 int EngineModeIsIPS(void);
111 int EngineModeIsIDS(void);
112 
113 /* Box is acting as router */
114 enum {
115  SURI_HOST_IS_SNIFFER_ONLY,
116  SURI_HOST_IS_ROUTER,
117 };
118 
119 #define IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) ((host_mode) == SURI_HOST_IS_SNIFFER_ONLY)
120 
121 #include "runmodes.h"
122 
123 typedef struct SCInstance_ {
124  enum RunModes run_mode;
125  enum RunModes aux_run_mode;
126 
127  char pcap_dev[128];
128  char *sig_file;
129  int sig_file_exclusive;
130  char *pid_filename;
131  char *regex_arg;
132 
133  char *keyword_info;
134  char *runmode_custom_mode;
135 #ifndef OS_WIN32
136  const char *user_name;
137  const char *group_name;
138  uint8_t do_setuid;
139  uint8_t do_setgid;
140 #endif /* OS_WIN32 */
141  uint32_t userid;
142  uint32_t groupid;
143 
144  bool system;
145  bool set_logdir;
146  bool set_datadir;
147  bool unix_socket_enabled;
148 
149  int delayed_detect;
150  int disabled_detect;
151  int daemon;
152  int offline;
153  int verbose;
154  int checksum_validation;
155 
156  struct timeval start_time;
157 
158  const char *log_dir;
159  const char *progname; /**< pointer to argv[0] */
160  const char *conf_filename;
161  const char **additional_configs;
162  char *strict_rule_parsing_string;
163 
164  const char *capture_plugin_name;
165  const char *capture_plugin_args;
166 } SCInstance;
167 
168 
169 /* memset to zeros, and mutex init! */
170 void GlobalsInitPreConfig(void);
171 
172 extern volatile uint8_t suricata_ctl_flags;
173 extern int g_disable_randomness;
174 extern uint16_t g_vlan_mask;
175 extern uint16_t g_livedev_mask;
176 
177 /* Flag to disable hashing (almost) globally. */
178 extern bool g_disable_hashing;
179 
180 void EngineStop(void);
181 void EngineDone(void);
182 
183 #ifdef UNITTESTS
184 int RunmodeIsUnittests(void);
185 #else
186 #define RunmodeIsUnittests() 0
187 #endif
188 int RunmodeGetCurrent(void);
189 
190 int SuriHasSigFile(void);
191 
192 extern int run_mode;
193 
194 int SuricataMain(int argc, char **argv);
195 int InitGlobal(void);
196 int PostConfLoadedSetup(SCInstance *suri);
197 void PostConfLoadedDetectSetup(SCInstance *suri);
198 
199 void PreRunInit(const int runmode);
200 void PreRunPostPrivsDropInit(const int runmode);
201 void PostRunDeinit(const int runmode, struct timeval *start_time);
202 void RegisterAllModules(void);
203 
204 const char *GetProgramVersion(void);
205 
206 #endif /* __SURICATA_H__ */
207 
SCInstance_::run_mode
enum RunModes run_mode
Definition: suricata.h:124
g_disable_hashing
bool g_disable_hashing
Definition: suricata.c:213
SCInstance_::groupid
uint32_t groupid
Definition: suricata.h:142
SCInstance_::daemon
int daemon
Definition: suricata.h:151
SCInstance_::checksum_validation
int checksum_validation
Definition: suricata.h:154
SCInstance_::start_time
struct timeval start_time
Definition: suricata.h:156
g_vlan_mask
uint16_t g_vlan_mask
Definition: suricata.c:205
g_livedev_mask
uint16_t g_livedev_mask
Definition: suricata.c:209
SCInstance
struct SCInstance_ SCInstance
RunmodeIsUnittests
int RunmodeIsUnittests(void)
Definition: suricata.c:251
SCInstance_::group_name
const char * group_name
Definition: suricata.h:137
SURI_HOST_IS_SNIFFER_ONLY
@ SURI_HOST_IS_SNIFFER_ONLY
Definition: suricata.h:115
SCInstance_::runmode_custom_mode
char * runmode_custom_mode
Definition: suricata.h:134
SCInstance_::userid
uint32_t userid
Definition: suricata.h:141
InitGlobal
int InitGlobal(void)
Global initialization common to all runmodes.
Definition: suricata.c:2850
ENGINE_MODE_IPS
@ ENGINE_MODE_IPS
Definition: suricata.h:104
EngineStop
void EngineStop(void)
make sure threads can stop the engine by calling this function. Purpose: pcap file mode needs to be a...
Definition: suricata.c:442
PreRunPostPrivsDropInit
void PreRunPostPrivsDropInit(const int runmode)
Definition: suricata.c:2243
SCInstance_::conf_filename
const char * conf_filename
Definition: suricata.h:160
SCInstance_::capture_plugin_name
const char * capture_plugin_name
Definition: suricata.h:164
EngineMode
EngineMode
Definition: suricata.h:101
SCInstance_::set_datadir
bool set_datadir
Definition: suricata.h:146
SCInstance_::capture_plugin_args
const char * capture_plugin_args
Definition: suricata.h:165
EngineModeIsIPS
int EngineModeIsIPS(void)
Definition: suricata.c:228
EngineDone
void EngineDone(void)
Used to indicate that the current task is done.
Definition: suricata.c:453
ENGINE_MODE_UNKNOWN
@ ENGINE_MODE_UNKNOWN
Definition: suricata.h:102
RunModes
RunModes
Definition: runmodes.h:27
SURICATA_DEINIT
@ SURICATA_DEINIT
Definition: suricata.h:97
PostConfLoadedDetectSetup
void PostConfLoadedDetectSetup(SCInstance *suri)
Definition: suricata.c:2536
GlobalsInitPreConfig
void GlobalsInitPreConfig(void)
Definition: suricata.c:353
SCInstance_::unix_socket_enabled
bool unix_socket_enabled
Definition: suricata.h:147
RunmodeGetCurrent
int RunmodeGetCurrent(void)
Definition: suricata.c:260
SCInstance_::delayed_detect
int delayed_detect
Definition: suricata.h:149
SCInstance_::progname
const char * progname
Definition: suricata.h:159
SCInstance_::pcap_dev
char pcap_dev[128]
Definition: suricata.h:127
SCInstance_::user_name
const char * user_name
Definition: suricata.h:136
SCInstance_::offline
int offline
Definition: suricata.h:152
GetProgramVersion
const char * GetProgramVersion(void)
get string with program version
Definition: suricata.c:1126
EngineModeSetIDS
void EngineModeSetIDS(void)
Definition: suricata.c:245
SCInstance_::verbose
int verbose
Definition: suricata.h:153
SCInstance_::aux_run_mode
enum RunModes aux_run_mode
Definition: suricata.h:125
SCInstance_::additional_configs
const char ** additional_configs
Definition: suricata.h:161
SCInstance_::set_logdir
bool set_logdir
Definition: suricata.h:145
SCInstance_::log_dir
const char * log_dir
Definition: suricata.h:158
runmodes.h
EngineModeSetIPS
void EngineModeSetIPS(void)
Definition: suricata.c:240
SCInstance_::strict_rule_parsing_string
char * strict_rule_parsing_string
Definition: suricata.h:162
suricata-common.h
EngineModeIsUnknown
int EngineModeIsUnknown(void)
Definition: suricata.c:223
SURI_HOST_IS_ROUTER
@ SURI_HOST_IS_ROUTER
Definition: suricata.h:116
SCInstance_::sig_file
char * sig_file
Definition: suricata.h:128
PreRunInit
void PreRunInit(const int runmode)
Definition: suricata.c:2214
SCInstance_::sig_file_exclusive
int sig_file_exclusive
Definition: suricata.h:129
SCInstance_::system
bool system
Definition: suricata.h:144
SCInstance_::pid_filename
char * pid_filename
Definition: suricata.h:130
PostRunDeinit
void PostRunDeinit(const int runmode, struct timeval *start_time)
Definition: suricata.c:2265
EngineModeIsIDS
int EngineModeIsIDS(void)
Definition: suricata.c:234
SURICATA_RUNTIME
@ SURICATA_RUNTIME
Definition: suricata.h:96
SCInstance_::do_setgid
uint8_t do_setgid
Definition: suricata.h:139
SCInstance_
Definition: suricata.h:123
SCInstance_::disabled_detect
int disabled_detect
Definition: suricata.h:150
run_mode
int run_mode
Definition: suricata.c:175
ENGINE_MODE_IDS
@ ENGINE_MODE_IDS
Definition: suricata.h:103
RegisterAllModules
void RegisterAllModules(void)
Definition: suricata.c:881
SCInstance_::regex_arg
char * regex_arg
Definition: suricata.h:131
suricata_ctl_flags
volatile uint8_t suricata_ctl_flags
Definition: suricata.c:172
g_disable_randomness
int g_disable_randomness
Definition: suricata.c:198
SCInstance_::keyword_info
char * keyword_info
Definition: suricata.h:133
SCInstance_::do_setuid
uint8_t do_setuid
Definition: suricata.h:138
SuricataMain
int SuricataMain(int argc, char **argv)
Definition: suricata.c:2883
SuriHasSigFile
int SuriHasSigFile(void)
Definition: suricata.c:218
GetDocURL
const char * GetDocURL(void)
Definition: suricata.c:1105
SURICATA_INIT
@ SURICATA_INIT
Definition: suricata.h:95
PostConfLoadedSetup
int PostConfLoadedSetup(SCInstance *suri)
Definition: suricata.c:2627