50
50
#include "detect-engine-mpm.h"
51
51
#include "detect-engine-sigorder.h"
52
52
#include "detect-engine-payload.h"
53
#include "detect-engine-dcepayload.h"
53
54
#include "detect-engine-state.h"
55
56
#include "tm-queuehandlers.h"
142
144
/* Max packets processed simultaniously. */
143
145
#define DEFAULT_MAX_PENDING_PACKETS 50
145
#define SURICATA_SIGINT 0x01
146
#define SURICATA_SIGHUP 0x02
147
#define SURICATA_SIGTERM 0x04
148
#define SURICATA_STOP 0x08
149
#define SURICATA_KILL 0x10
151
static uint8_t sigflags = 0;
147
/** suricata engine control flags */
148
uint8_t suricata_ctl_flags = 0;
153
150
/** Run mode selected */
154
151
int run_mode = MODE_UNKNOWN;
169
static void SignalHandlerSigint(/*@unused@*/ int sig) { sigint_count = 1; sigflags |= SURICATA_SIGINT; }
170
static void SignalHandlerSigterm(/*@unused@*/ int sig) { sigterm_count = 1; sigflags |= SURICATA_SIGTERM; }
171
static void SignalHandlerSighup(/*@unused@*/ int sig) { sighup_count = 1; sigflags |= SURICATA_SIGHUP; }
166
static void SignalHandlerSigint(/*@unused@*/ int sig) {
168
suricata_ctl_flags |= SURICATA_STOP;
170
static void SignalHandlerSigterm(/*@unused@*/ int sig) {
172
suricata_ctl_flags |= SURICATA_KILL;
175
static void SignalHandlerSighup(/*@unused@*/ int sig) {
177
suricata_ctl_flags |= SURICATA_SIGHUP;
173
181
#ifdef DBG_MEM_ALLOC
174
182
#ifndef _GLOBAL_MEM_
225
235
function. Purpose: pcap file mode needs to be able to tell the
226
236
engine the file eof is reached. */
227
237
void EngineStop(void) {
228
sigflags |= SURICATA_STOP;
238
suricata_ctl_flags |= SURICATA_STOP;
231
241
void EngineKill(void) {
232
sigflags |= SURICATA_KILL;
242
suricata_ctl_flags |= SURICATA_KILL;
235
245
static void SetBpfString(int optind, char *argv[]) {
284
294
#endif /* IPFW */
285
295
printf("\t-s <path> : path to signature file (optional)\n");
286
296
printf("\t-l <dir> : default log directory\n");
287
298
printf("\t-D : run as daemon\n");
300
printf("\t--service-install : install as service\n");
301
printf("\t--service-remove : remove service\n");
302
printf("\t--service-change-params : change service startup parameters\n");
303
#endif /* OS_WIN32 */
289
305
printf("\t-u : run the unittests and exit\n");
290
306
printf("\t-U, --unittest-filter=REGEX : filter unittests with a regex\n");
294
310
printf("\t--pidfile <file> : write pid to this file (only for daemon mode)\n");
295
311
printf("\t--init-errors-fatal : enable fatal failure on signature init error\n");
296
312
printf("\t--dump-config : show the running configuration\n");
313
#ifdef HAVE_PCAP_SET_BUFF
314
printf("\t--pcap-buffer-size : size of the pcap buffer value from 0 - %i\n",INT_MAX);
315
#endif /* HAVE_SET_PCAP_BUFF */
297
316
#ifdef HAVE_PFRING
298
317
printf("\t--pfring-int <dev> : run in pfring mode\n");
299
318
printf("\t--pfring-cluster-id <id> : pfring cluster id \n");
304
323
printf("\t--group <group> : run suricata as this group after init\n");
305
324
#endif /* HAVE_LIBCAP_NG */
306
325
printf("\t--erf-in <path> : process an ERF file\n");
327
printf("\t--dag <dag0,dag1,...> : process ERF records from 0,1,...,n DAG input streams\n");
308
330
printf("\nTo run the engine with default configuration on "
309
331
"interface eth0 with signature file \"signatures.rules\", run the "
334
356
uint32_t userid = 0;
335
357
uint32_t groupid = 0;
336
358
char *erf_file = NULL;
359
char *dag_input = NULL;
341
364
sc_set_caps = FALSE;
366
/* initialize the logging subsys */
367
SCLogInitLogModule(NULL);
370
/* service initialization */
371
if (SCRunningAsService()) {
374
strlcpy(path, argv[0], MAX_PATH);
375
if ((p = strrchr(path, '\\'))) {
378
if (!SetCurrentDirectory(path)) {
379
SCLogError(SC_ERR_FATAL, "Can't set current directory to: %s", path);
382
SCLogInfo("Current directory is set to: %s", path);
384
SCServiceInit(argc, argv);
387
/* Windows socket subsystem initialization */
345
389
if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
346
fprintf(stderr, "ERROR: Failed to initialize Windows sockets.\n");
390
SCLogError(SC_ERR_FATAL, "Can't initialize Windows sockets: %d", WSAGetLastError());
347
391
exit(EXIT_FAILURE);
351
/* initialize the logging subsys */
352
SCLogInitLogModule(NULL);
393
#endif /* OS_WIN32 */
354
395
SCLogInfo("This is %s version %s", PROG_NAME, PROG_VER);
361
402
{"pfring-int", required_argument, 0, 0},
362
403
{"pfring-cluster-id", required_argument, 0, 0},
363
404
{"pfring-cluster-type", required_argument, 0, 0},
405
{"pcap-buffer-size", required_argument, 0, 0},
364
406
{"unittest-filter", required_argument, 0, 'U'},
365
407
{"list-unittests", 0, &list_unittests, 1},
409
{"service-install", 0, 0, 0},
410
{"service-remove", 0, 0, 0},
411
{"service-change-params", 0, 0, 0},
412
#endif /* OS_WIN32 */
366
413
{"pidfile", required_argument, 0, 0},
367
414
{"init-errors-fatal", 0, 0, 0},
368
415
{"fatal-unittests", 0, 0, 0},
369
416
{"user", required_argument, 0, 0},
370
417
{"group", required_argument, 0, 0},
371
418
{"erf-in", required_argument, 0, 0},
419
{"dag", required_argument, 0, 0},
372
420
{NULL, 0, NULL, 0}
429
477
exit(EXIT_FAILURE);
430
478
#endif /* UNITTESTS */
481
else if(strcmp((long_opts[option_index]).name, "service-install") == 0) {
482
if (SCServiceInstall(argc, argv)) {
485
SCLogInfo("Suricata service has been successfuly installed.");
488
else if(strcmp((long_opts[option_index]).name, "service-remove") == 0) {
489
if (SCServiceRemove(argc, argv)) {
492
SCLogInfo("Suricata service has been successfuly removed.");
495
else if(strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
496
if (SCServiceChangeParams(argc, argv)) {
499
SCLogInfo("Suricata service startup parameters has been successfuly changed.");
502
#endif /* OS_WIN32 */
432
503
else if(strcmp((long_opts[option_index]).name, "pidfile") == 0) {
433
504
pid_filename = optarg;
467
538
run_mode = MODE_ERF_FILE;
468
539
erf_file = optarg;
541
else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
546
SCLogError(SC_ERR_DAG_REQUIRED, "libdag and a DAG card are required"
547
" to receieve packets using --dag.");
549
#endif /* HAVE_DAG */
551
else if(strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
552
#ifdef HAVE_PCAP_SET_BUFF
553
if (ConfSet("pcap.buffer-size", optarg, 0) != 1) {
554
fprintf(stderr, "ERROR: Failed to set pcap-buffer-size.\n");
558
SCLogError(SC_ERR_NO_PCAP_SET_BUFFER_SIZE, "The version of libpcap you have"
559
" doesn't support setting buffer size.");
560
#endif /* HAVE_PCAP_SET_BUFF */
472
564
conf_filename = optarg;
570
#endif /* OS_WIN32 */
479
573
exit(EXIT_SUCCESS);
833
929
/* registering signals we use */
834
930
SignalHandlerSetup(SIGINT, SignalHandlerSigint);
835
931
SignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
836
SignalHandlerSetup(SIGHUP, SignalHandlerSighup);
934
/* SIGHUP is not implemnetd on WIN32 */
935
//SignalHandlerSetup(SIGHUP, SignalHandlerSighup);
838
937
/* Get the suricata user ID to given user ID */
839
938
if (do_setuid == TRUE) {
916
1015
//RunModeFilePcap(de_ctx, pcap_file);
917
1016
//RunModeFilePcap2(de_ctx, pcap_file);
918
1017
RunModeFilePcapAuto(de_ctx, pcap_file);
1018
//RunModeFilePcapAuto2(de_ctx, pcap_file);
920
1020
else if (run_mode == MODE_PFRING) {
921
1021
//RunModeIdsPfring3(de_ctx, pfring_dev);
935
1035
else if (run_mode == MODE_ERF_FILE) {
936
1036
RunModeErfFileAuto(de_ctx, erf_file);
1038
else if (run_mode == MODE_DAG) {
1039
RunModeErfDagAuto(de_ctx, dag_input);
939
1042
SCLogError(SC_ERR_UNKNOWN_RUN_MODE, "Unknown runtime mode. Aborting");
940
1043
exit(EXIT_FAILURE);
1087
if (suricata_ctl_flags != 0) {
985
1088
SCLogInfo("signal received");
987
if (sigflags & SURICATA_STOP) {
988
SCLogInfo("SIGINT or EngineStop received");
1090
if (suricata_ctl_flags & SURICATA_STOP) {
1091
SCLogInfo("EngineStop received");
990
1093
/* Stop the engine so it quits after processing the pcap file
991
1094
* but first make sure all packets are processed by all other
995
if (sigflags & SURICATA_SIGTERM || sigflags & SURICATA_KILL)
1098
if (suricata_ctl_flags & SURICATA_KILL)
998
1101
SCMutexLock(&packet_q.mutex_q);
1008
1111
SCLogInfo("all packets processed by threads, stopping engine");
1010
if (sigflags & SURICATA_SIGHUP) {
1011
SCLogInfo("SIGHUP received");
1013
if (sigflags & SURICATA_SIGTERM) {
1014
SCLogInfo("SIGTERM received");
1017
1114
struct timeval end_time;
1018
1115
memset(&end_time, 0, sizeof(end_time));
added
removed
src/suricata.c
