diff options
author | Ashlee Young <ashlee@onosfw.com> | 2015-09-09 22:21:41 -0700 |
---|---|---|
committer | Ashlee Young <ashlee@onosfw.com> | 2015-09-09 22:21:41 -0700 |
commit | 8879b125d26e8db1a5633de5a9c692eb2d1c4f83 (patch) | |
tree | c7259d85a991b83dfa85ab2e339360669fc1f58e /framework/src/suricata/src/suricata.h | |
parent | 13d05bc8458758ee39cb829098241e89616717ee (diff) |
suricata checkin based on commit id a4bce14770beee46a537eda3c3f6e8e8565d5d0a
Change-Id: I9a214fa0ee95e58fc640e50bd604dac7f42db48f
Diffstat (limited to 'framework/src/suricata/src/suricata.h')
-rw-r--r-- | framework/src/suricata/src/suricata.h | 197 |
1 files changed, 197 insertions, 0 deletions
diff --git a/framework/src/suricata/src/suricata.h b/framework/src/suricata/src/suricata.h new file mode 100644 index 00000000..12e72697 --- /dev/null +++ b/framework/src/suricata/src/suricata.h @@ -0,0 +1,197 @@ +/* Copyright (C) 2007-2014 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** \mainpage Doxygen documentation + * + * \section intro_sec Introduction + * + * The Suricata Engine is an Open Source Next Generation Intrusion Detection + * and Prevention Engine. This engine is not intended to just replace or + * emulate the existing tools in the industry, but will bring new ideas and + * technologies to the field. + * + * \section dev_doc Developer documentation + * + * You've reach the automically generated documentation of Suricata. This + * document contains information about architecture and code structure. It + * is attended for developers wanting to understand or contribute to Suricata. + * + * \subsection modules Modules + * + * Documentation is generate from comments placed in all parts of the code. + * But you will also find some groups describing specific functional parts: + * - \ref decode + * - \ref httplayer + * - \ref sigstate + * - \ref threshold + * + * \section archi Architecture + * + * \subsection datastruct Data structures + * + * Regarding matching, there is three main data structures which are: + * - ::Packet: Data relative to an individual packet with information about + * linked structure such as the ::Flow the ::Packet belongs to. + * - ::Flow: Information about a flow for example a TCP session + * - ::StreamMsg: structure containing the reassembled data + * + * \subsection runmode Running mode + * + * Suricata is multithreaded and running modes define how the different + * threads are working together. You can see util-runmodes.c for example + * of running mode. + */ + +/** + * \file + * + * \author Victor Julien <victor@inliniac.net> + */ + +#ifndef __SURICATA_H__ +#define __SURICATA_H__ + +#include "suricata-common.h" +#include "packet-queue.h" +#include "data-queue.h" + +/* the name of our binary */ +#define PROG_NAME "Suricata" +#define PROG_VER "2.1dev" + +/* workaround SPlint error (don't know __gnuc_va_list) */ +#ifdef S_SPLINT_S +# include <err.h> +# define CONFIG_DIR "/etc/suricata" +#endif + +#define DEFAULT_CONF_FILE CONFIG_DIR "/suricata.yaml" + +#define DEFAULT_PID_DIR LOCAL_STATE_DIR "/run/" +#define DEFAULT_PID_BASENAME "suricata.pid" +#define DEFAULT_PID_FILENAME DEFAULT_PID_DIR DEFAULT_PID_BASENAME + +/* runtime engine control flags */ +#define SURICATA_STOP (1 << 0) /**< gracefully stop the engine: process all + outstanding packets first */ +#define SURICATA_KILL (1 << 1) /**< shut down asap, discarding outstanding + packets. */ +#define SURICATA_DONE (1 << 2) /**< packets capture ended */ + +/* Engine stage/status*/ +enum { + SURICATA_INIT = 0, + SURICATA_RUNTIME, + SURICATA_DEINIT +}; + +/* Engine is acting as */ +enum EngineMode { + ENGINE_MODE_IDS, + ENGINE_MODE_IPS, +}; + +void EngineModeSetIPS(void); +void EngineModeSetIDS(void); +int EngineModeIsIPS(void); +int EngineModeIsIDS(void); + +/* Box is acting as router */ +enum { + SURI_HOST_IS_SNIFFER_ONLY, + SURI_HOST_IS_ROUTER, +}; + +#define IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) ((host_mode) == SURI_HOST_IS_SNIFFER_ONLY) +#define IS_SURI_HOST_MODE_ROUTER(host_mode) ((host_mode) == SURI_HOST_IS_ROUTER) + +/* queue's between various other threads + * XXX move to the TmQueue structure later + */ +PacketQueue trans_q[256]; + +SCDQDataQueue data_queues[256]; + +typedef struct SCInstance_ { + int run_mode; + + char pcap_dev[128]; + char *sig_file; + int sig_file_exclusive; + char *pid_filename; + char *regex_arg; + + char *keyword_info; + char *runmode_custom_mode; +#ifndef OS_WIN32 + char *user_name; + char *group_name; + uint8_t do_setuid; + uint8_t do_setgid; + uint32_t userid; + uint32_t groupid; +#endif /* OS_WIN32 */ + int delayed_detect; + int disabled_detect; + int daemon; + int offline; + int verbose; + int checksum_validation; + + struct timeval start_time; + + char *log_dir; +} SCInstance; + + +/* memset to zeros, and mutex init! */ +void GlobalInits(); + +extern volatile uint8_t suricata_ctl_flags; + +/* uppercase to lowercase conversion lookup table */ +uint8_t g_u8_lowercasetable[256]; + +extern char *conf_filename; + +/* marco to do the actual lookup */ +//#define u8_tolower(c) g_u8_lowercasetable[(c)] +// these 2 are slower: +//#define u8_tolower(c) ((c) >= 'A' && (c) <= 'Z') ? g_u8_lowercasetable[(c)] : (c) +//#define u8_tolower(c) (((c) >= 'A' && (c) <= 'Z') ? ((c) + ('a' - 'A')) : (c)) + +/* this is faster than the table lookup */ +#include <ctype.h> +#define u8_tolower(c) tolower((uint8_t)(c)) + +void EngineStop(void); +void EngineKill(void); +void EngineDone(void); + +/* live rule swap required this to be made static */ +void SignalHandlerSigusr2(int); +void SignalHandlerSigusr2EngineShutdown(int); +void SignalHandlerSigusr2Idle(int sig); + +int RunmodeIsUnittests(void); +int RunmodeGetCurrent(void); +int IsRuleReloadSet(int quiet); + +extern int run_mode; + +#endif /* __SURICATA_H__ */ + |