mirror of https://github.com/OISF/suricata
				
				
				
			
			You cannot select more than 25 topics
			Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
		
		
		
		
		
			
		
			
				
	
	
		
			1514 lines
		
	
	
		
			48 KiB
		
	
	
	
		
			C
		
	
			
		
		
	
	
			1514 lines
		
	
	
		
			48 KiB
		
	
	
	
		
			C
		
	
| /* Copyright (C) 2007-2010 Open Information Security Foundation
 | |
|  *
 | |
|  * You can copy, redistribute or modify this Program under the terms of
 | |
|  * the GNU General Public License version 2 as published by the Free
 | |
|  * Software Foundation.
 | |
|  *
 | |
|  * This program is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|  * GNU General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU General Public License
 | |
|  * version 2 along with this program; if not, write to the Free Software
 | |
|  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 | |
|  * 02110-1301, USA.
 | |
|  */
 | |
| 
 | |
| /**
 | |
|  * \file
 | |
|  *
 | |
|  * \author Victor Julien <victor@inliniac.net>
 | |
|  */
 | |
| 
 | |
| #include "suricata-common.h"
 | |
| 
 | |
| #include <getopt.h>
 | |
| #include <signal.h>
 | |
| #include <pthread.h>
 | |
| 
 | |
| #include "suricata.h"
 | |
| #include "decode.h"
 | |
| #include "detect.h"
 | |
| #include "packet-queue.h"
 | |
| #include "threads.h"
 | |
| #include "threadvars.h"
 | |
| 
 | |
| #include "util-atomic.h"
 | |
| #include "util-spm.h"
 | |
| #include "util-hash.h"
 | |
| #include "util-hashlist.h"
 | |
| #include "util-bloomfilter.h"
 | |
| #include "util-bloomfilter-counting.h"
 | |
| #include "util-pool.h"
 | |
| #include "util-byte.h"
 | |
| #include "util-cpu.h"
 | |
| #include "util-action.h"
 | |
| #include "util-pidfile.h"
 | |
| #include "util-ioctl.h"
 | |
| 
 | |
| #include "detect-parse.h"
 | |
| #include "detect-engine.h"
 | |
| #include "detect-engine-mpm.h"
 | |
| #include "detect-engine-sigorder.h"
 | |
| #include "detect-engine-payload.h"
 | |
| #include "detect-engine-dcepayload.h"
 | |
| #include "detect-engine-uri.h"
 | |
| #include "detect-engine-hcbd.h"
 | |
| #include "detect-engine-hhd.h"
 | |
| #include "detect-engine-hrhd.h"
 | |
| #include "detect-engine-hmd.h"
 | |
| #include "detect-engine-hcd.h"
 | |
| #include "detect-engine-hrud.h"
 | |
| #include "detect-engine-state.h"
 | |
| #include "detect-engine-tag.h"
 | |
| #include "detect-fast-pattern.h"
 | |
| 
 | |
| #include "tm-queuehandlers.h"
 | |
| #include "tm-queues.h"
 | |
| #include "tm-modules.h"
 | |
| #include "tm-threads.h"
 | |
| 
 | |
| #include "tmqh-flow.h"
 | |
| 
 | |
| #include "conf.h"
 | |
| #include "conf-yaml-loader.h"
 | |
| 
 | |
| #include "alert-fastlog.h"
 | |
| #include "alert-unified-log.h"
 | |
| #include "alert-unified-alert.h"
 | |
| #include "alert-unified2-alert.h"
 | |
| #include "alert-debuglog.h"
 | |
| #include "alert-prelude.h"
 | |
| #include "alert-syslog.h"
 | |
| #include "log-droplog.h"
 | |
| 
 | |
| #include "log-httplog.h"
 | |
| #include "log-pcap.h"
 | |
| 
 | |
| #include "stream-tcp.h"
 | |
| 
 | |
| #include "source-nfq.h"
 | |
| #include "source-nfq-prototypes.h"
 | |
| 
 | |
| #include "source-ipfw.h"
 | |
| 
 | |
| #include "source-pcap.h"
 | |
| #include "source-pcap-file.h"
 | |
| 
 | |
| #include "source-pfring.h"
 | |
| 
 | |
| #include "source-erf-file.h"
 | |
| #include "source-erf-dag.h"
 | |
| 
 | |
| #include "respond-reject.h"
 | |
| 
 | |
| #include "flow.h"
 | |
| #include "flow-var.h"
 | |
| #include "flow-bit.h"
 | |
| #include "flow-alert-sid.h"
 | |
| #include "pkt-var.h"
 | |
| 
 | |
| #include "app-layer-detect-proto.h"
 | |
| #include "app-layer-parser.h"
 | |
| #include "app-layer-smb.h"
 | |
| #include "app-layer-dcerpc.h"
 | |
| #include "app-layer-dcerpc-udp.h"
 | |
| #include "app-layer-htp.h"
 | |
| #include "app-layer-ftp.h"
 | |
| #include "app-layer-ssl.h"
 | |
| #include "app-layer-ssh.h"
 | |
| 
 | |
| #include "util-radix-tree.h"
 | |
| #include "util-host-os-info.h"
 | |
| #include "util-cidr.h"
 | |
| #include "util-unittest.h"
 | |
| #include "util-unittest-helper.h"
 | |
| #include "util-time.h"
 | |
| #include "util-rule-vars.h"
 | |
| #include "util-classification-config.h"
 | |
| #include "util-threshold-config.h"
 | |
| #include "util-reference-config.h"
 | |
| #include "util-profiling.h"
 | |
| 
 | |
| #include "defrag.h"
 | |
| 
 | |
| #include "runmodes.h"
 | |
| 
 | |
| #include "util-cuda.h"
 | |
| #include "util-decode-asn1.h"
 | |
| #include "util-debug.h"
 | |
| #include "util-error.h"
 | |
| #include "detect-engine-siggroup.h"
 | |
| #include "util-daemon.h"
 | |
| #include "reputation.h"
 | |
| 
 | |
| /* holds the cuda b2g module */
 | |
| #include "util-mpm-b2g-cuda.h"
 | |
| #include "util-cuda-handlers.h"
 | |
| #include "cuda-packet-batcher.h"
 | |
| 
 | |
| #include "output.h"
 | |
| #include "util-privs.h"
 | |
| 
 | |
| #include "tmqh-packetpool.h"
 | |
| 
 | |
| #include "util-ringbuffer.h"
 | |
| #include "util-mem.h"
 | |
| #include "util-memcmp.h"
 | |
| #include "util-proto-name.h"
 | |
| 
 | |
| /*
 | |
|  * we put this here, because we only use it here in main.
 | |
|  */
 | |
| volatile sig_atomic_t sigint_count = 0;
 | |
| volatile sig_atomic_t sighup_count = 0;
 | |
| volatile sig_atomic_t sigterm_count = 0;
 | |
| 
 | |
| /*
 | |
|  * Flag to indicate if the engine is at the initialization
 | |
|  * or already processing packets. 2 stages: SURICATA_INIT,
 | |
|  * SURICATA_RUNTIME and SURICATA_FINALIZE
 | |
|  */
 | |
| SC_ATOMIC_DECLARE(unsigned int, engine_stage);
 | |
| 
 | |
| /* Max packets processed simultaniously. */
 | |
| #define DEFAULT_MAX_PENDING_PACKETS 50
 | |
| 
 | |
| /** suricata engine control flags */
 | |
| uint8_t suricata_ctl_flags = 0;
 | |
| 
 | |
| /** Run mode selected */
 | |
| int run_mode = RUNMODE_UNKNOWN;
 | |
| 
 | |
| /** engine_analysis.  disabled(0) by default, unless enabled by the user by
 | |
|   * running the engine with --engine-analysis */
 | |
| int engine_analysis = 0;
 | |
| 
 | |
| /** Engine mode: inline (ENGINE_MODE_IPS) or just
 | |
|   * detection mode (ENGINE_MODE_IDS by default) */
 | |
| uint8_t engine_mode = ENGINE_MODE_IDS;
 | |
| 
 | |
| /** Maximum packets to simultaneously process. */
 | |
| intmax_t max_pending_packets;
 | |
| 
 | |
| /** set caps or not */
 | |
| int sc_set_caps;
 | |
| 
 | |
| int RunmodeIsUnittests(void) {
 | |
|     if (run_mode == RUNMODE_UNITTEST)
 | |
|         return 1;
 | |
| 
 | |
|     return 0;
 | |
| }
 | |
| 
 | |
| static void SignalHandlerSigint(/*@unused@*/ int sig) {
 | |
|     sigint_count = 1;
 | |
|     suricata_ctl_flags |= SURICATA_STOP;
 | |
| }
 | |
| static void SignalHandlerSigterm(/*@unused@*/ int sig) {
 | |
|     sigterm_count = 1;
 | |
|     suricata_ctl_flags |= SURICATA_KILL;
 | |
| }
 | |
| #if 0
 | |
| static void SignalHandlerSighup(/*@unused@*/ int sig) {
 | |
|     sighup_count = 1;
 | |
|     suricata_ctl_flags |= SURICATA_SIGHUP;
 | |
| }
 | |
| #endif
 | |
| 
 | |
| #ifdef DBG_MEM_ALLOC
 | |
| #ifndef _GLOBAL_MEM_
 | |
| #define _GLOBAL_MEM_
 | |
| /* This counter doesn't complain realloc's(), it's gives
 | |
|  * an aproximation for the startup */
 | |
| size_t global_mem = 0;
 | |
| #ifdef DBG_MEM_ALLOC_SKIP_STARTUP
 | |
| uint8_t print_mem_flag = 0;
 | |
| #else
 | |
| uint8_t print_mem_flag = 1;
 | |
| #endif
 | |
| #endif
 | |
| #endif
 | |
| 
 | |
| static void
 | |
| SignalHandlerSetup(int sig, void (*handler)())
 | |
| {
 | |
| #if defined (OS_WIN32)
 | |
| 	signal(sig, handler);
 | |
| #else
 | |
|     struct sigaction action;
 | |
| 
 | |
|     action.sa_handler = handler;
 | |
|     sigemptyset(&(action.sa_mask));
 | |
|     sigaddset(&(action.sa_mask),sig);
 | |
|     action.sa_flags = 0;
 | |
|     sigaction(sig, &action, 0);
 | |
| #endif /* OS_WIN32 */
 | |
| }
 | |
| 
 | |
| void GlobalInits()
 | |
| {
 | |
|     memset(trans_q, 0, sizeof(trans_q));
 | |
|     memset(data_queues, 0, sizeof(data_queues));
 | |
| 
 | |
|     /* Initialize the trans_q mutex */
 | |
|     int blah;
 | |
|     int r = 0;
 | |
|     for(blah=0;blah<256;blah++) {
 | |
|         r |= SCMutexInit(&trans_q[blah].mutex_q, NULL);
 | |
|         r |= SCCondInit(&trans_q[blah].cond_q, NULL);
 | |
| 
 | |
|         r |= SCMutexInit(&data_queues[blah].mutex_q, NULL);
 | |
|         r |= SCCondInit(&data_queues[blah].cond_q, NULL);
 | |
|    }
 | |
| 
 | |
|     if (r != 0) {
 | |
|         SCLogInfo("Trans_Q Mutex not initialized correctly");
 | |
|         exit(EXIT_FAILURE);
 | |
|     }
 | |
| }
 | |
| 
 | |
| /* XXX hack: make sure threads can stop the engine by calling this
 | |
|    function. Purpose: pcap file mode needs to be able to tell the
 | |
|    engine the file eof is reached. */
 | |
| void EngineStop(void) {
 | |
|     suricata_ctl_flags |= SURICATA_STOP;
 | |
| }
 | |
| 
 | |
| void EngineKill(void) {
 | |
|     suricata_ctl_flags |= SURICATA_KILL;
 | |
| }
 | |
| 
 | |
| static void SetBpfString(int optind, char *argv[]) {
 | |
|     char *bpf_filter = NULL;
 | |
|     uint32_t bpf_len = 0;
 | |
|     int tmpindex = 0;
 | |
| 
 | |
|     /* attempt to parse remaining args as bpf filter */
 | |
|     tmpindex = optind;
 | |
|     while(argv[tmpindex] != NULL) {
 | |
|         bpf_len+=strlen(argv[tmpindex]) + 1;
 | |
|         tmpindex++;
 | |
|     }
 | |
| 
 | |
|     if (bpf_len == 0)
 | |
|         return;
 | |
| 
 | |
|     bpf_filter = SCMalloc(bpf_len);
 | |
|     if (bpf_filter == NULL)
 | |
|         return;
 | |
|     memset(bpf_filter, 0x00, bpf_len);
 | |
| 
 | |
|     tmpindex = optind;
 | |
|     while(argv[tmpindex] != NULL) {
 | |
|         strlcat(bpf_filter, argv[tmpindex],bpf_len);
 | |
|         if(argv[tmpindex + 1] != NULL) {
 | |
|             strlcat(bpf_filter," ", bpf_len);
 | |
|         }
 | |
|         tmpindex++;
 | |
|     }
 | |
| 
 | |
|     if(strlen(bpf_filter) > 0) {
 | |
|         if (ConfSet("bpf-filter", bpf_filter, 0) != 1) {
 | |
|             fprintf(stderr, "ERROR: Failed to set bpf filter.\n");
 | |
|             exit(EXIT_FAILURE);
 | |
|         }
 | |
|     }
 | |
| }
 | |
| 
 | |
| void usage(const char *progname)
 | |
| {
 | |
| #ifdef REVISION
 | |
|     printf("%s %s (rev %s)\n", PROG_NAME, PROG_VER, xstr(REVISION));
 | |
| #else
 | |
|     printf("%s %s\n", PROG_NAME, PROG_VER);
 | |
| #endif
 | |
|     printf("USAGE: %s\n\n", progname);
 | |
|     printf("\t-c <path>                    : path to configuration file\n");
 | |
|     printf("\t-i <dev or ip>               : run in pcap live mode\n");
 | |
|     printf("\t-r <path>                    : run in pcap file/offline mode\n");
 | |
| #ifdef NFQ
 | |
|     printf("\t-q <qid>                     : run in inline nfqueue mode\n");
 | |
| #endif /* NFQ */
 | |
| #ifdef IPFW
 | |
|     printf("\t-d <divert port>             : run in inline ipfw divert mode\n");
 | |
| #endif /* IPFW */
 | |
|     printf("\t-s <path>                    : path to signature file (optional)\n");
 | |
|     printf("\t-l <dir>                     : default log directory\n");
 | |
| #ifndef OS_WIN32
 | |
|     printf("\t-D                           : run as daemon\n");
 | |
| #else
 | |
| 	printf("\t--service-install            : install as service\n");
 | |
| 	printf("\t--service-remove             : remove service\n");
 | |
| 	printf("\t--service-change-params      : change service startup parameters\n");
 | |
| #endif /* OS_WIN32 */
 | |
| #ifdef UNITTESTS
 | |
|     printf("\t-u                           : run the unittests and exit\n");
 | |
|     printf("\t-U, --unittest-filter=REGEX  : filter unittests with a regex\n");
 | |
|     printf("\t--list-unittests             : list unit tests\n");
 | |
|     printf("\t--fatal-unittests            : enable fatal failure on unittest error\n");
 | |
| #endif /* UNITTESTS */
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|     printf("\t--list-cuda-cards            : list cuda supported cards\n");
 | |
| #endif
 | |
|     printf("\t--list-runmodes              : list supported runmodes\n");
 | |
|     printf("\t--runmode <runmode_id>       : specific runmode modification the engine should run.  The argument\n"
 | |
|            "\t                               supplied should be the id for the runmode obtained by running\n"
 | |
|            "\t                               --list-runmodes\n");
 | |
|     printf("\t--engine-analysis            : print reports on analysis of different sections in the engine and exit.\n"
 | |
|            "\t                               Please have a look at the conf parameter engine-analysis on what reports\n"
 | |
|            "\t                               can be printed\n");
 | |
|     printf("\t--pidfile <file>             : write pid to this file (only for daemon mode)\n");
 | |
|     printf("\t--init-errors-fatal          : enable fatal failure on signature init error\n");
 | |
|     printf("\t--dump-config                : show the running configuration\n");
 | |
| #ifdef HAVE_PCAP_SET_BUFF
 | |
|     printf("\t--pcap-buffer-size           : size of the pcap buffer value from 0 - %i\n",INT_MAX);
 | |
| #endif /* HAVE_SET_PCAP_BUFF */
 | |
| #ifdef HAVE_PFRING
 | |
|     printf("\t--pfring                     : run in pfring mode, use interface from suricata.yaml\n");
 | |
|     printf("\t--pfring-int <dev>           : run in pfring mode, use interface <dev>\n");
 | |
|     printf("\t--pfring-cluster-id <id>     : pfring cluster id \n");
 | |
|     printf("\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
 | |
| #endif /* HAVE_PFRING */
 | |
| #ifdef HAVE_LIBCAP_NG
 | |
|     printf("\t--user <user>                : run suricata as this user after init\n");
 | |
|     printf("\t--group <group>              : run suricata as this group after init\n");
 | |
| #endif /* HAVE_LIBCAP_NG */
 | |
|     printf("\t--erf-in <path>              : process an ERF file\n");
 | |
| #ifdef HAVE_DAG
 | |
|     printf("\t--dag <dag0,dag1,...>        : process ERF records from 0,1,...,n DAG input streams\n");
 | |
| #endif
 | |
|     printf("\n");
 | |
|     printf("\nTo run the engine with default configuration on "
 | |
|             "interface eth0 with signature file \"signatures.rules\", run the "
 | |
|             "command as:\n\n%s -c suricata.yaml -s signatures.rules -i eth0 \n\n",
 | |
|             progname);
 | |
| }
 | |
| 
 | |
| void SCPrintBuildInfo(void) {
 | |
|     char *bits = "<unknown>-bits";
 | |
|     char *endian = "<unknown>-endian";
 | |
|     char features[2048] = "";
 | |
| 
 | |
| #ifdef DEBUG
 | |
|     strlcat(features, "DEBUG ", sizeof(features));
 | |
| #endif
 | |
| #ifdef DEBUG_VALIDATION
 | |
|     strlcat(features, "DEBUG_VALIDATION ", sizeof(features));
 | |
| #endif
 | |
| #ifdef UNITTESTS
 | |
|     strlcat(features, "UNITTESTS ", sizeof(features));
 | |
| #endif
 | |
| #ifdef NFQ
 | |
|     strlcat(features, "NFQ ", sizeof(features));
 | |
| #endif
 | |
| #ifdef IPFW
 | |
|     strlcat(features, "IPFW ", sizeof(features));
 | |
| #endif
 | |
| #ifdef HAVE_PCAP_SET_BUFF
 | |
|     strlcat(features, "PCAP_SET_BUFF ", sizeof(features));
 | |
| #endif
 | |
| #if LIBPCAP_VERSION_MAJOR == 1
 | |
|     strlcat(features, "LIBPCAP_VERSION_MAJOR=1 ", sizeof(features));
 | |
| #elif LIBPCAP_VERSION_MAJOR == 0
 | |
|     strlcat(features, "LIBPCAP_VERSION_MAJOR=0 ", sizeof(features));
 | |
| #endif
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|     strlcat(features, "CUDA ", sizeof(features));
 | |
| #endif
 | |
| #ifdef HAVE_PFRING
 | |
|     strlcat(features, "PF_RING ", sizeof(features));
 | |
| #endif
 | |
| #ifdef HAVE_DAG
 | |
|     strlcat(features, "DAG ", sizeof(features));
 | |
| #endif
 | |
| #ifdef HAVE_LIBCAP_NG
 | |
|     strlcat(features, "LIBCAP_NG ", sizeof(features));
 | |
| #endif
 | |
| #ifdef HAVE_LIBNET11
 | |
|     strlcat(features, "LIBNET1.1 ", sizeof(features));
 | |
| #endif
 | |
|     if (strlen(features) == 0) {
 | |
|         strlcat(features, "none", sizeof(features));
 | |
|     }
 | |
| 
 | |
|     SCLogInfo("Features: %s", features);
 | |
| 
 | |
| #if __WORDSIZE == 64
 | |
|     bits = "64-bits";
 | |
| #elif __WORDSIZE == 32
 | |
|     bits = "32-bits";
 | |
| #endif
 | |
| 
 | |
| #if __BYTE_ORDER == __BIG_ENDIAN
 | |
|     endian = "Big-endian";
 | |
| #elif __BYTE_ORDER == __LITTLE_ENDIAN
 | |
|     endian = "Little-endian";
 | |
| #endif
 | |
| 
 | |
|     SCLogInfo("%s, %s architecture", bits, endian);
 | |
| #ifdef __GNUC__
 | |
|     SCLogInfo("GCC version %s, C version %"PRIiMAX, __VERSION__, (intmax_t)__STDC_VERSION__);
 | |
| #else
 | |
|     SCLogInfo("C version %"PRIiMAX, (intmax_t)__STDC_VERSION__);
 | |
| #endif
 | |
| 
 | |
| #ifdef __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1
 | |
|     SCLogInfo("__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1");
 | |
| #endif
 | |
| #ifdef __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2
 | |
|     SCLogInfo("__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2");
 | |
| #endif
 | |
| #ifdef __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4
 | |
|     SCLogInfo("__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4");
 | |
| #endif
 | |
| #ifdef __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8
 | |
|     SCLogInfo("__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8");
 | |
| #endif
 | |
| #ifdef __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16
 | |
|     SCLogInfo("__GCC_HAVE_SYNC_COMPARE_AND_SWAP_16");
 | |
| #endif
 | |
| 
 | |
| #if __SSP__ == 1
 | |
|     SCLogInfo("compiled with -fstack-protector");
 | |
| #endif
 | |
| #if __SSP_ALL__ == 2
 | |
|     SCLogInfo("compiled with -fstack-protector-all");
 | |
| #endif
 | |
| #ifdef _FORTIFY_SOURCE
 | |
|     SCLogInfo("compiled with _FORTIFY_SOURCE=%d", _FORTIFY_SOURCE);
 | |
| #endif
 | |
| }
 | |
| 
 | |
| int main(int argc, char **argv)
 | |
| {
 | |
|     int opt;
 | |
|     char pcap_dev[128];
 | |
|     char *sig_file = NULL;
 | |
|     char *conf_filename = NULL;
 | |
|     char *pid_filename = NULL;
 | |
| #ifdef UNITTESTS
 | |
|     char *regex_arg = NULL;
 | |
| #endif
 | |
|     int dump_config = 0;
 | |
|     int list_unittests = 0;
 | |
|     int list_cuda_cards = 0;
 | |
|     int list_runmodes = 0;
 | |
|     const char *runmode_custom_mode = NULL;
 | |
|     int daemon = 0;
 | |
|     char *user_name = NULL;
 | |
|     char *group_name = NULL;
 | |
|     uint8_t do_setuid = FALSE;
 | |
|     uint8_t do_setgid = FALSE;
 | |
|     uint32_t userid = 0;
 | |
|     uint32_t groupid = 0;
 | |
|     int build_info = 0;
 | |
| 
 | |
|     char *log_dir;
 | |
|     struct stat buf;
 | |
| 
 | |
|     sc_set_caps = FALSE;
 | |
| 
 | |
|     SC_ATOMIC_INIT(engine_stage);
 | |
| 
 | |
|     /* initialize the logging subsys */
 | |
|     SCLogInitLogModule(NULL);
 | |
| 
 | |
|     RunModeRegisterRunModes();
 | |
| 
 | |
|     /* By default use IDS mode, but if nfq or ipfw
 | |
|      * are specified, IPS mode will overwrite this */
 | |
|     SET_ENGINE_MODE_IDS(engine_mode);
 | |
| 
 | |
| #ifdef OS_WIN32
 | |
| 	/* service initialization */
 | |
| 	if (SCRunningAsService()) {
 | |
| 		char path[MAX_PATH];
 | |
| 		char *p = NULL;
 | |
| 		strlcpy(path, argv[0], MAX_PATH);
 | |
| 		if ((p = strrchr(path, '\\'))) {
 | |
| 			*p = '\0';
 | |
| 		}
 | |
| 		if (!SetCurrentDirectory(path)) {
 | |
| 			SCLogError(SC_ERR_FATAL, "Can't set current directory to: %s", path);
 | |
| 			return -1;
 | |
| 		}
 | |
| 		SCLogInfo("Current directory is set to: %s", path);
 | |
| 		daemon = 1;
 | |
| 		SCServiceInit(argc, argv);
 | |
| 	}
 | |
| 
 | |
| 	/* Windows socket subsystem initialization */
 | |
| 	WSADATA wsaData;
 | |
| 	if (0 != WSAStartup(MAKEWORD(2, 2), &wsaData)) {
 | |
| 		SCLogError(SC_ERR_FATAL, "Can't initialize Windows sockets: %d", WSAGetLastError());
 | |
| 		exit(EXIT_FAILURE);
 | |
| 	}
 | |
| #endif /* OS_WIN32 */
 | |
| 
 | |
| #ifdef REVISION
 | |
|     SCLogInfo("This is %s version %s (rev %s)", PROG_NAME, PROG_VER, xstr(REVISION));
 | |
| #else
 | |
|     SCLogInfo("This is %s version %s", PROG_NAME, PROG_VER);
 | |
| #endif
 | |
| 
 | |
|     /* Initialize the configuration module. */
 | |
|     ConfInit();
 | |
| 
 | |
|     struct option long_opts[] = {
 | |
|         {"dump-config", 0, &dump_config, 1},
 | |
|         {"pfring", optional_argument, 0, 0},
 | |
|         {"pfring-int", required_argument, 0, 0},
 | |
|         {"pfring-cluster-id", required_argument, 0, 0},
 | |
|         {"pfring-cluster-type", required_argument, 0, 0},
 | |
|         {"pcap-buffer-size", required_argument, 0, 0},
 | |
|         {"unittest-filter", required_argument, 0, 'U'},
 | |
|         {"list-unittests", 0, &list_unittests, 1},
 | |
|         {"list-cuda-cards", 0, &list_cuda_cards, 1},
 | |
|         {"list-runmodes", 0, &list_runmodes, 1},
 | |
|         {"runmode", required_argument, NULL, 0},
 | |
|         {"engine-analysis", 0, &engine_analysis, 1},
 | |
| #ifdef OS_WIN32
 | |
| 		{"service-install", 0, 0, 0},
 | |
| 		{"service-remove", 0, 0, 0},
 | |
| 		{"service-change-params", 0, 0, 0},
 | |
| #endif /* OS_WIN32 */
 | |
|         {"pidfile", required_argument, 0, 0},
 | |
|         {"init-errors-fatal", 0, 0, 0},
 | |
|         {"fatal-unittests", 0, 0, 0},
 | |
|         {"user", required_argument, 0, 0},
 | |
|         {"group", required_argument, 0, 0},
 | |
|         {"erf-in", required_argument, 0, 0},
 | |
|         {"dag", required_argument, 0, 0},
 | |
|         {"build-info", 0, &build_info, 1},
 | |
|         {NULL, 0, NULL, 0}
 | |
|     };
 | |
| 
 | |
|     /* getopt_long stores the option index here. */
 | |
|     int option_index = 0;
 | |
| 
 | |
|     char short_opts[] = "c:Dhi:l:q:d:r:us:U:V";
 | |
| 
 | |
|     while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
 | |
|         switch (opt) {
 | |
|         case 0:
 | |
|             if (strcmp((long_opts[option_index]).name , "pfring") == 0 ||
 | |
|                 strcmp((long_opts[option_index]).name , "pfring-int") == 0) {
 | |
| #ifdef HAVE_PFRING
 | |
|                 run_mode = RUNMODE_PFRING;
 | |
|                 if (optarg != NULL) {
 | |
|                     if (ConfSet("pfring.interface", optarg, 0) != 1) {
 | |
|                         fprintf(stderr, "ERROR: Failed to set pfring.interface.\n");
 | |
|                         exit(EXIT_FAILURE);
 | |
|                     }
 | |
|                 }
 | |
| #else
 | |
|                 SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
 | |
|                         "to pass --enable-pfring to configure when building.");
 | |
|                 exit(EXIT_FAILURE);
 | |
| #endif /* HAVE_PFRING */
 | |
|             }
 | |
|             else if(strcmp((long_opts[option_index]).name , "pfring-cluster-id") == 0){
 | |
| #ifdef HAVE_PFRING
 | |
|                 if (ConfSet("pfring.cluster-id", optarg, 0) != 1) {
 | |
|                     fprintf(stderr, "ERROR: Failed to set pfring.cluster-id.\n");
 | |
|                     exit(EXIT_FAILURE);
 | |
|                 }
 | |
| #else
 | |
|                 SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
 | |
|                         "to pass --enable-pfring to configure when building.");
 | |
|                 exit(EXIT_FAILURE);
 | |
| #endif /* HAVE_PFRING */
 | |
|             }
 | |
|             else if(strcmp((long_opts[option_index]).name , "pfring-cluster-type") == 0){
 | |
| #ifdef HAVE_PFRING
 | |
|                 if (ConfSet("pfring.cluster-type", optarg, 0) != 1) {
 | |
|                     fprintf(stderr, "ERROR: Failed to set pfring.cluster-type.\n");
 | |
|                     exit(EXIT_FAILURE);
 | |
|                 }
 | |
| #else
 | |
|                 SCLogError(SC_ERR_NO_PF_RING,"PF_RING not enabled. Make sure "
 | |
|                         "to pass --enable-pfring to configure when building.");
 | |
|                 exit(EXIT_FAILURE);
 | |
| #endif /* HAVE_PFRING */
 | |
|             }
 | |
|             else if(strcmp((long_opts[option_index]).name, "init-errors-fatal") == 0) {
 | |
|                 if (ConfSet("engine.init_failure_fatal", "1", 0) != 1) {
 | |
|                     fprintf(stderr, "ERROR: Failed to set engine init_failure_fatal.\n");
 | |
|                     exit(EXIT_FAILURE);
 | |
|                 }
 | |
|             }
 | |
|             else if(strcmp((long_opts[option_index]).name, "list-unittests") == 0) {
 | |
| #ifdef UNITTESTS
 | |
|                 /* Set run_mode to unit tests. */
 | |
|                 run_mode = RUNMODE_UNITTEST;
 | |
| #else
 | |
|                 fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
 | |
|                 exit(EXIT_FAILURE);
 | |
| #endif /* UNITTESTS */
 | |
|             } else if(strcmp((long_opts[option_index]).name, "list-cuda-cards") == 0) {
 | |
| #ifndef __SC_CUDA_SUPPORT__
 | |
|                 fprintf(stderr, "ERROR: Cuda not enabled. Make sure to pass "
 | |
|                         "--enable-cuda to configure when building.\n");
 | |
|                 exit(EXIT_FAILURE);
 | |
| #endif /* UNITTESTS */
 | |
|             } else if (strcmp((long_opts[option_index]).name, "list-runmodes") == 0) {
 | |
|                 RunModeListRunmodes();
 | |
|                 exit(EXIT_SUCCESS);
 | |
|             } else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
 | |
|                 runmode_custom_mode = optarg;
 | |
|             } else if(strcmp((long_opts[option_index]).name, "engine-analysis") == 0) {
 | |
|                 // do nothing for now
 | |
|             }
 | |
| #ifdef OS_WIN32
 | |
|             else if(strcmp((long_opts[option_index]).name, "service-install") == 0) {
 | |
| 				if (SCServiceInstall(argc, argv)) {
 | |
| 					exit(EXIT_FAILURE);
 | |
| 				}
 | |
| 				SCLogInfo("Suricata service has been successfuly installed.");
 | |
| 				exit(EXIT_SUCCESS);
 | |
|             }
 | |
|             else if(strcmp((long_opts[option_index]).name, "service-remove") == 0) {
 | |
| 				if (SCServiceRemove(argc, argv)) {
 | |
| 					exit(EXIT_FAILURE);
 | |
| 				}
 | |
| 				SCLogInfo("Suricata service has been successfuly removed.");
 | |
| 				exit(EXIT_SUCCESS);
 | |
|             }
 | |
|             else if(strcmp((long_opts[option_index]).name, "service-change-params") == 0) {
 | |
| 				if (SCServiceChangeParams(argc, argv)) {
 | |
| 					exit(EXIT_FAILURE);
 | |
| 				}
 | |
| 				SCLogInfo("Suricata service startup parameters has been successfuly changed.");
 | |
| 				exit(EXIT_SUCCESS);
 | |
|             }
 | |
| #endif /* OS_WIN32 */
 | |
|             else if(strcmp((long_opts[option_index]).name, "pidfile") == 0) {
 | |
|                 pid_filename = optarg;
 | |
|             }
 | |
|             else if(strcmp((long_opts[option_index]).name, "fatal-unittests") == 0) {
 | |
| #ifdef UNITTESTS
 | |
|                 if (ConfSet("unittests.failure_fatal", "1", 0) != 1) {
 | |
|                     fprintf(stderr, "ERROR: Failed to set unittests failure_fatal.\n");
 | |
|                     exit(EXIT_FAILURE);
 | |
|                 }
 | |
| #else
 | |
|                 fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
 | |
|                 exit(EXIT_FAILURE);
 | |
| #endif /* UNITTESTS */
 | |
|             }
 | |
|             else if(strcmp((long_opts[option_index]).name, "user") == 0) {
 | |
| #ifndef HAVE_LIBCAP_NG
 | |
|                 SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
 | |
|                         " drop privileges, but it was not compiled into Suricata.");
 | |
|                 exit(EXIT_FAILURE);
 | |
| #else
 | |
|                 user_name = optarg;
 | |
|                 do_setuid = TRUE;
 | |
| #endif /* HAVE_LIBCAP_NG */
 | |
|             }
 | |
|             else if(strcmp((long_opts[option_index]).name, "group") == 0) {
 | |
| #ifndef HAVE_LIBCAP_NG
 | |
|                 SCLogError(SC_ERR_LIBCAP_NG_REQUIRED, "libcap-ng is required to"
 | |
|                         " drop privileges, but it was not compiled into Suricata.");
 | |
|                 exit(EXIT_FAILURE);
 | |
| #else
 | |
|                 group_name = optarg;
 | |
|                 do_setgid = TRUE;
 | |
| #endif /* HAVE_LIBCAP_NG */
 | |
|             }
 | |
|             else if (strcmp((long_opts[option_index]).name, "erf-in") == 0) {
 | |
|                 run_mode = RUNMODE_ERF_FILE;
 | |
|                 if (ConfSet("erf_file.file", optarg, 0) != 1) {
 | |
|                     fprintf(stderr, "ERROR: Failed to set erf_file.file\n");
 | |
|                     exit(EXIT_FAILURE);
 | |
|                 }
 | |
|             }
 | |
| 			else if (strcmp((long_opts[option_index]).name, "dag") == 0) {
 | |
| #ifdef HAVE_DAG
 | |
| 				run_mode = RUNMODE_DAG;
 | |
|                 if (ConfSet("erf_dag.iface", optarg, 0) != 1) {
 | |
|                     fprintf(stderr, "ERROR: Failed to set erf_dag.iface\n");
 | |
|                     exit(EXIT_FAILURE);
 | |
|                 }
 | |
| #else
 | |
| 				SCLogError(SC_ERR_DAG_REQUIRED, "libdag and a DAG card are required"
 | |
| 						" to receieve packets using --dag.");
 | |
| 				exit(EXIT_FAILURE);
 | |
| #endif /* HAVE_DAG */
 | |
| 			}
 | |
|             else if(strcmp((long_opts[option_index]).name, "pcap-buffer-size") == 0) {
 | |
| #ifdef HAVE_PCAP_SET_BUFF
 | |
|                 if (ConfSet("pcap.buffer-size", optarg, 0) != 1) {
 | |
|                     fprintf(stderr, "ERROR: Failed to set pcap-buffer-size.\n");
 | |
|                     exit(EXIT_FAILURE);
 | |
|                 }
 | |
| #else
 | |
|                 SCLogError(SC_ERR_NO_PCAP_SET_BUFFER_SIZE, "The version of libpcap you have"
 | |
|                         " doesn't support setting buffer size.");
 | |
| #endif /* HAVE_PCAP_SET_BUFF */
 | |
|             }
 | |
|             else if(strcmp((long_opts[option_index]).name, "build-info") == 0) {
 | |
|                 SCPrintBuildInfo();
 | |
|                 exit(EXIT_SUCCESS);
 | |
|             }
 | |
|             break;
 | |
|         case 'c':
 | |
|             conf_filename = optarg;
 | |
|             break;
 | |
| #ifndef OS_WIN32
 | |
|         case 'D':
 | |
|             daemon = 1;
 | |
|             break;
 | |
| #endif /* OS_WIN32 */
 | |
|         case 'h':
 | |
|             usage(argv[0]);
 | |
|             exit(EXIT_SUCCESS);
 | |
|             break;
 | |
|         case 'i':
 | |
|             if (run_mode == RUNMODE_UNKNOWN) {
 | |
|                 run_mode = RUNMODE_PCAP_DEV;
 | |
|                 PcapLiveRegisterDevice(optarg);
 | |
|             } else if (run_mode == RUNMODE_PCAP_DEV) {
 | |
| #ifdef OS_WIN32
 | |
|                 SCLogError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT, "pcap multi dev "
 | |
|                         "support is not (yet) supported on Windows.");
 | |
|                 exit(EXIT_FAILURE);
 | |
| #else
 | |
|                 SCLogWarning(SC_WARN_PCAP_MULTI_DEV_EXPERIMENTAL, "using "
 | |
|                         "multiple pcap devices to get packets is experimental.");
 | |
|                 PcapLiveRegisterDevice(optarg);
 | |
| #endif
 | |
|             } else {
 | |
|                 SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
 | |
|                                                      "has been specified");
 | |
|                 usage(argv[0]);
 | |
|                 exit(EXIT_FAILURE);
 | |
|             }
 | |
| 			memset(pcap_dev, 0, sizeof(pcap_dev));
 | |
|             strlcpy(pcap_dev, optarg, ((strlen(optarg) < sizeof(pcap_dev)) ? (strlen(optarg)+1) : (sizeof(pcap_dev))));
 | |
|             break;
 | |
|         case 'l':
 | |
|             if (ConfSet("default-log-dir", optarg, 0) != 1) {
 | |
|                 fprintf(stderr, "ERROR: Failed to set log directory.\n");
 | |
|                 exit(EXIT_FAILURE);
 | |
|             }
 | |
|             if (stat(optarg, &buf) != 0) {
 | |
|                 SCLogError(SC_ERR_LOGDIR_CMDLINE, "The logging directory \"%s\" "
 | |
|                         "supplied at the commandline (-l %s) doesn't "
 | |
|                         "exist. Shutting down the engine.", optarg, optarg);
 | |
|                 exit(EXIT_FAILURE);
 | |
|             }
 | |
|             break;
 | |
|         case 'q':
 | |
| #ifdef NFQ
 | |
|             if (run_mode == RUNMODE_UNKNOWN) {
 | |
|                 run_mode = RUNMODE_NFQ;
 | |
|                 SET_ENGINE_MODE_IPS(engine_mode);
 | |
|                 if (NFQRegisterQueue(optarg) == -1)
 | |
|                     exit(EXIT_FAILURE);
 | |
|             } else if (run_mode == RUNMODE_NFQ) {
 | |
|                 if (NFQRegisterQueue(optarg) == -1)
 | |
|                     exit(EXIT_FAILURE);
 | |
|             } else {
 | |
|                 SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
 | |
|                                                      "has been specified");
 | |
|                 usage(argv[0]);
 | |
|                 exit(EXIT_FAILURE);
 | |
|             }
 | |
| #else
 | |
|             SCLogError(SC_ERR_NFQ_NOSUPPORT,"NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when building.");
 | |
|             exit(EXIT_FAILURE);
 | |
| #endif /* NFQ */
 | |
|             break;
 | |
|         case 'd':
 | |
| #ifdef IPFW
 | |
|             if (run_mode == RUNMODE_UNKNOWN) {
 | |
|                 run_mode = RUNMODE_IPFW;
 | |
|                 SET_ENGINE_MODE_IPS(engine_mode);
 | |
|             } else {
 | |
|                 SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
 | |
|                                                      "has been specified");
 | |
|                 usage(argv[0]);
 | |
|                 exit(EXIT_SUCCESS);
 | |
|             }
 | |
|             if (ConfSet("ipfw.ipfw_divert_port", optarg, 0) != 1) {
 | |
|                 fprintf(stderr, "ERROR: Failed to set ipfw_divert_port\n");
 | |
|                 exit(EXIT_FAILURE);
 | |
|             }
 | |
| #else
 | |
|             SCLogError(SC_ERR_IPFW_NOSUPPORT,"IPFW not enabled. Make sure to pass --enable-ipfw to configure when building.");
 | |
|             exit(EXIT_FAILURE);
 | |
| #endif /* IPFW */
 | |
|             break;
 | |
|         case 'r':
 | |
|             if (run_mode == RUNMODE_UNKNOWN) {
 | |
|                 run_mode = RUNMODE_PCAP_FILE;
 | |
|             } else {
 | |
|                 SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode "
 | |
|                                                      "has been specified");
 | |
|                 usage(argv[0]);
 | |
|                 exit(EXIT_SUCCESS);
 | |
|             }
 | |
|             if (ConfSet("pcap_file.file", optarg, 0) != 1) {
 | |
|                 fprintf(stderr, "ERROR: Failed to set pcap_file.file\n");
 | |
|                 exit(EXIT_FAILURE);
 | |
|             }
 | |
|             break;
 | |
|         case 's':
 | |
|             sig_file = optarg;
 | |
|             break;
 | |
|         case 'u':
 | |
| #ifdef UNITTESTS
 | |
|             if (run_mode == RUNMODE_UNKNOWN) {
 | |
|                 run_mode = RUNMODE_UNITTEST;
 | |
|             } else {
 | |
|                 SCLogError(SC_ERR_MULTIPLE_RUN_MODE, "more than one run mode has"
 | |
|                                                      " been specified");
 | |
|                 usage(argv[0]);
 | |
|                 exit(EXIT_SUCCESS);
 | |
|             }
 | |
| #else
 | |
|             fprintf(stderr, "ERROR: Unit tests not enabled. Make sure to pass --enable-unittests to configure when building.\n");
 | |
|             exit(EXIT_FAILURE);
 | |
| #endif /* UNITTESTS */
 | |
|             break;
 | |
|         case 'U':
 | |
| #ifdef UNITTESTS
 | |
|             regex_arg = optarg;
 | |
| 
 | |
|             if(strlen(regex_arg) == 0)
 | |
|             regex_arg = NULL;
 | |
| #endif
 | |
|             break;
 | |
|         case 'V':
 | |
| #ifdef REVISION
 | |
|             printf("\nThis is %s version %s (rev %s)\n\n", PROG_NAME, PROG_VER, xstr(REVISION));
 | |
| #else
 | |
|             printf("\nThis is %s version %s\n\n", PROG_NAME, PROG_VER);
 | |
| #endif
 | |
|             exit(EXIT_SUCCESS);
 | |
|         default:
 | |
|             usage(argv[0]);
 | |
|             exit(EXIT_FAILURE);
 | |
|         }
 | |
|     }
 | |
|     SetBpfString(optind, argv);
 | |
| 
 | |
|     UtilCpuPrintSummary();
 | |
| 
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|     /* Init the CUDA environment */
 | |
|     SCCudaInitCudaEnvironment();
 | |
|     if (list_cuda_cards) {
 | |
|         SCCudaListCards();
 | |
|         exit(EXIT_SUCCESS);
 | |
|     }
 | |
| #endif
 | |
| 
 | |
|     if (!CheckValidDaemonModes(daemon, run_mode)) {
 | |
|         exit(EXIT_FAILURE);
 | |
|     }
 | |
| 
 | |
|     /* Initializations for global vars, queues, etc (memsets, mutex init..) */
 | |
|     GlobalInits();
 | |
|     TimeInit();
 | |
|     SupportFastPatternForSigMatchTypes();
 | |
| 
 | |
|     /* Load yaml configuration file if provided. */
 | |
|     if (conf_filename != NULL) {
 | |
|         if (ConfYamlLoadFile(conf_filename) != 0) {
 | |
|             /* Error already displayed. */
 | |
|             exit(EXIT_FAILURE);
 | |
|         }
 | |
|     } else if (run_mode != RUNMODE_UNITTEST){
 | |
|         SCLogError(SC_ERR_OPENING_FILE, "Configuration file has not been provided");
 | |
|         usage(argv[0]);
 | |
|         exit(EXIT_FAILURE);
 | |
|     }
 | |
| 
 | |
|     if (dump_config) {
 | |
|         ConfDump();
 | |
|         exit(EXIT_SUCCESS);
 | |
|     }
 | |
| 
 | |
|     /* Check for the existance of the default logging directory which we pick
 | |
|      * from suricata.yaml.  If not found, shut the engine down */
 | |
|     if (ConfGet("default-log-dir", &log_dir) != 1)
 | |
|         log_dir = DEFAULT_LOG_DIR;
 | |
|     if (stat(log_dir, &buf) != 0) {
 | |
|         SCLogError(SC_ERR_LOGDIR_CONFIG, "The logging directory \"%s\" "
 | |
|                     "supplied by %s (default-log-dir) doesn't exist. "
 | |
|                     "Shutting down the engine", log_dir, conf_filename);
 | |
|         exit(EXIT_FAILURE);
 | |
|     }
 | |
| 
 | |
|     /* Pull the max pending packets from the config, if not found fall
 | |
|      * back on a sane default. */
 | |
|     if (ConfGetInt("max-pending-packets", &max_pending_packets) != 1)
 | |
|         max_pending_packets = DEFAULT_MAX_PENDING_PACKETS;
 | |
|     SCLogDebug("Max pending packets set to %"PRIiMAX, max_pending_packets);
 | |
| 
 | |
|     /* Pull the default packet size from the config, if not found fall
 | |
|      * back on a sane default. */
 | |
|     if (ConfGetInt("default-packet-size", &default_packet_size) != 1) {
 | |
|         switch (run_mode) {
 | |
|             case RUNMODE_PCAP_DEV:
 | |
|             case RUNMODE_PFRING:
 | |
|                 /* find payload for interface and use it */
 | |
|                 default_packet_size = GetIfaceMaxPayloadSize(pcap_dev);
 | |
|                 if (default_packet_size)
 | |
|                     break;
 | |
|             default:
 | |
|                 default_packet_size = DEFAULT_PACKET_SIZE;
 | |
|         }
 | |
|     }
 | |
|     SCLogDebug("Default packet size set to %"PRIiMAX, default_packet_size);
 | |
| 
 | |
| #ifdef NFQ
 | |
|     if (run_mode == RUNMODE_NFQ)
 | |
|         NFQInitConfig(FALSE);
 | |
| #endif
 | |
| 
 | |
|     /* Since our config is now loaded we can finish configurating the
 | |
|      * logging module. */
 | |
|     SCLogLoadConfig();
 | |
| 
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|     /* load the cuda configuration */
 | |
|     SCCudaHlGetYamlConf();
 | |
| #endif /* __SC_CUDA_SUPPORT__ */
 | |
| 
 | |
|     /* Load the Host-OS lookup. */
 | |
|     SCHInfoLoadFromConfig();
 | |
|     DefragInit();
 | |
| 
 | |
|     if (run_mode == RUNMODE_UNKNOWN) {
 | |
|         if (!engine_analysis) {
 | |
|             usage(argv[0]);
 | |
|             exit(EXIT_FAILURE);
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     if (engine_analysis) {
 | |
|         SCLogInfo("== Carrying out Engine Analysis ==");
 | |
|         char *temp = NULL;
 | |
|         if (ConfGet("engine-analysis", &temp) == 0) {
 | |
|             SCLogInfo("no engine-analysis parameter(s) defined in conf file.  "
 | |
|                       "Please define/enable them in the conf to use this "
 | |
|                       "feature.");
 | |
|             exit(EXIT_FAILURE);
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     /* create table for O(1) lowercase conversion lookup.  It was removed, but
 | |
|      * we still need it for cuda.  So resintalling it back into the codebase */
 | |
|     uint8_t c = 0;
 | |
|     memset(g_u8_lowercasetable, 0x00, sizeof(g_u8_lowercasetable));
 | |
|     for ( ; c < 255; c++) {
 | |
|         if (c >= 'A' && c <= 'Z')
 | |
|             g_u8_lowercasetable[c] = (c + ('a' - 'A'));
 | |
|         else
 | |
|             g_u8_lowercasetable[c] = c;
 | |
|     }
 | |
| 
 | |
|     /* hardcoded initialization code */
 | |
|     MpmTableSetup(); /* load the pattern matchers */
 | |
|     SigTableSetup(); /* load the rule keywords */
 | |
|     TmqhSetup();
 | |
| 
 | |
|     CIDRInit();
 | |
|     SigParsePrepare();
 | |
|     //PatternMatchPrepare(mpm_ctx, MPM_B2G);
 | |
|     SCPerfInitCounterApi();
 | |
| #ifdef PROFILING
 | |
|     SCProfilingInit();
 | |
| #endif /* PROFILING */
 | |
|     SCReputationInitCtx();
 | |
|     SCProtoNameInit();
 | |
| 
 | |
|     TagInitCtx();
 | |
| 
 | |
|     TmModuleReceiveNFQRegister();
 | |
|     TmModuleVerdictNFQRegister();
 | |
|     TmModuleDecodeNFQRegister();
 | |
|     TmModuleReceiveIPFWRegister();
 | |
|     TmModuleVerdictIPFWRegister();
 | |
|     TmModuleDecodeIPFWRegister();
 | |
|     TmModuleReceivePcapRegister();
 | |
|     TmModuleDecodePcapRegister();
 | |
|     TmModuleReceivePfringRegister();
 | |
|     TmModuleDecodePfringRegister();
 | |
|     TmModuleReceivePcapFileRegister();
 | |
|     TmModuleDecodePcapFileRegister();
 | |
|     TmModuleDetectRegister();
 | |
|     TmModuleAlertFastLogRegister();
 | |
|     TmModuleAlertDebugLogRegister();
 | |
|     TmModuleAlertPreludeRegister();
 | |
|     TmModuleRespondRejectRegister();
 | |
|     TmModuleAlertFastLogIPv4Register();
 | |
|     TmModuleAlertFastLogIPv6Register();
 | |
|     TmModuleAlertSyslogIPv4Register();
 | |
|     TmModuleAlertSyslogIPv6Register();
 | |
|     TmModuleAlertUnifiedLogRegister();
 | |
|     TmModuleAlertUnifiedAlertRegister();
 | |
|     TmModuleUnified2AlertRegister();
 | |
|     TmModuleAlertSyslogRegister();
 | |
|     TmModuleLogDropLogRegister();
 | |
|     TmModuleStreamTcpRegister();
 | |
|     TmModuleLogHttpLogRegister();
 | |
|     TmModuleLogHttpLogIPv4Register();
 | |
|     TmModuleLogHttpLogIPv6Register();
 | |
|     TmModulePcapLogRegister();
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|     TmModuleCudaMpmB2gRegister();
 | |
|     TmModuleCudaPacketBatcherRegister();
 | |
| #endif
 | |
|     TmModuleReceiveErfFileRegister();
 | |
|     TmModuleDecodeErfFileRegister();
 | |
|     TmModuleReceiveErfDagRegister();
 | |
|     TmModuleDecodeErfDagRegister();
 | |
|     TmModuleDebugList();
 | |
| 
 | |
|     /** \todo we need an api for these */
 | |
|     AppLayerDetectProtoThreadInit();
 | |
|     RegisterAppLayerParsers();
 | |
|     RegisterHTPParsers();
 | |
|     RegisterSSLParsers();
 | |
|     RegisterSMBParsers();
 | |
|     RegisterDCERPCParsers();
 | |
|     RegisterDCERPCUDPParsers();
 | |
|     RegisterFTPParsers();
 | |
|     RegisterSSHParsers();
 | |
|     AppLayerParsersInitPostProcess();
 | |
| 
 | |
| #ifdef UNITTESTS
 | |
| 
 | |
|     if (run_mode == RUNMODE_UNITTEST) {
 | |
| #ifdef DBG_MEM_ALLOC
 | |
|     SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem);
 | |
| #endif
 | |
|         /* test and initialize the unittesting subsystem */
 | |
|         if(regex_arg == NULL){
 | |
|             regex_arg = ".*";
 | |
|             UtRunSelftest(regex_arg); /* inits and cleans up again */
 | |
|         }
 | |
| 
 | |
|         AppLayerHtpEnableRequestBodyCallback();
 | |
|         AppLayerHtpRegisterExtraCallbacks();
 | |
| 
 | |
|         UtInitialize();
 | |
|         UTHRegisterTests();
 | |
|         SCReputationRegisterTests();
 | |
|         TmModuleRegisterTests();
 | |
|         SigTableRegisterTests();
 | |
|         HashTableRegisterTests();
 | |
|         HashListTableRegisterTests();
 | |
|         BloomFilterRegisterTests();
 | |
|         BloomFilterCountingRegisterTests();
 | |
|         PoolRegisterTests();
 | |
|         ByteRegisterTests();
 | |
|         MpmRegisterTests();
 | |
|         FlowBitRegisterTests();
 | |
|         FlowAlertSidRegisterTests();
 | |
|         SCPerfRegisterTests();
 | |
|         DecodePPPRegisterTests();
 | |
|         DecodeVLANRegisterTests();
 | |
|         HTPParserRegisterTests();
 | |
|         SSLParserRegisterTests();
 | |
|         SSHParserRegisterTests();
 | |
|         SMBParserRegisterTests();
 | |
|         DCERPCParserRegisterTests();
 | |
|         DCERPCUDPParserRegisterTests();
 | |
|         FTPParserRegisterTests();
 | |
|         DecodeRawRegisterTests();
 | |
|         DecodePPPOERegisterTests();
 | |
|         DecodeICMPV4RegisterTests();
 | |
|         DecodeICMPV6RegisterTests();
 | |
|         DecodeIPV4RegisterTests();
 | |
|         DecodeTCPRegisterTests();
 | |
|         DecodeUDPV4RegisterTests();
 | |
|         DecodeGRERegisterTests();
 | |
|         DecodeAsn1RegisterTests();
 | |
|         AlpDetectRegisterTests();
 | |
|         ConfRegisterTests();
 | |
|         ConfYamlRegisterTests();
 | |
|         TmqhFlowRegisterTests();
 | |
|         FlowRegisterTests();
 | |
|         SCSigRegisterSignatureOrderingTests();
 | |
|         SCRadixRegisterTests();
 | |
|         DefragRegisterTests();
 | |
|         SigGroupHeadRegisterTests();
 | |
|         SCHInfoRegisterTests();
 | |
|         SCRuleVarsRegisterTests();
 | |
|         AppLayerParserRegisterTests();
 | |
|         ThreadMacrosRegisterTests();
 | |
|         UtilSpmSearchRegistertests();
 | |
|         UtilActionRegisterTests();
 | |
|         SCClassConfRegisterTests();
 | |
|         SCThresholdConfRegisterTests();
 | |
|         SCRConfRegisterTests();
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|         SCCudaRegisterTests();
 | |
| #endif
 | |
|         PayloadRegisterTests();
 | |
|         DcePayloadRegisterTests();
 | |
|         UriRegisterTests();
 | |
| #ifdef PROFILING
 | |
|         SCProfilingRegisterTests();
 | |
| #endif
 | |
|         DeStateRegisterTests();
 | |
|         DetectRingBufferRegisterTests();
 | |
|         MemcmpRegisterTests();
 | |
|         DetectEngineHttpClientBodyRegisterTests();
 | |
|         DetectEngineHttpHeaderRegisterTests();
 | |
|         DetectEngineHttpRawHeaderRegisterTests();
 | |
|         DetectEngineHttpMethodRegisterTests();
 | |
|         DetectEngineHttpCookieRegisterTests();
 | |
|         DetectEngineHttpRawUriRegisterTests();
 | |
|         DetectEngineRegisterTests();
 | |
|         SCLogRegisterTests();
 | |
|         if (list_unittests) {
 | |
|             UtListTests(regex_arg);
 | |
|         }
 | |
|         else {
 | |
|             uint32_t failed = UtRunTests(regex_arg);
 | |
|             UtCleanup();
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|             /* need this in case any of the cuda dispatcher threads are still
 | |
|              * running, kill them, so that we can free the cuda contexts.  We
 | |
|              * need to free those cuda contexts so that next when we call
 | |
|              * deregister functions, we will need to attach to those contexts
 | |
|              * the contexts and its associated data */
 | |
|             TmThreadKillThreads();
 | |
|             SCCudaHlDeRegisterAllRegisteredModules();
 | |
| #endif
 | |
|             if (failed) {
 | |
|                 exit(EXIT_FAILURE);
 | |
|             }
 | |
|         }
 | |
| 
 | |
| #ifdef DBG_MEM_ALLOC
 | |
|         SCLogInfo("Total memory used (without SCFree()): %"PRIdMAX, (intmax_t)global_mem);
 | |
| #endif
 | |
| 
 | |
|         exit(EXIT_SUCCESS);
 | |
|     }
 | |
| #endif /* UNITTESTS */
 | |
| 
 | |
|     if (daemon == 1) {
 | |
|         Daemonize();
 | |
|         if (pid_filename != NULL) {
 | |
|             if (SCPidfileCreate(pid_filename) != 0) {
 | |
|                 pid_filename = NULL;
 | |
|                 exit(EXIT_FAILURE);
 | |
|             }
 | |
|         }
 | |
|     } else {
 | |
|         if (pid_filename != NULL) {
 | |
|             SCLogError(SC_ERR_PIDFILE_DAEMON, "The pidfile file option applies "
 | |
|                     "only to the daemon modes");
 | |
|             pid_filename = NULL;
 | |
|             exit(EXIT_FAILURE);
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     /* registering signals we use */
 | |
|     SignalHandlerSetup(SIGINT, SignalHandlerSigint);
 | |
|     SignalHandlerSetup(SIGTERM, SignalHandlerSigterm);
 | |
| 
 | |
| #ifndef OS_WIN32
 | |
| 	/* SIGHUP is not implemnetd on WIN32 */
 | |
|     //SignalHandlerSetup(SIGHUP, SignalHandlerSighup);
 | |
| 
 | |
|     /* Get the suricata user ID to given user ID */
 | |
|     if (do_setuid == TRUE) {
 | |
|         if (SCGetUserID(user_name, group_name, &userid, &groupid) != 0) {
 | |
|             SCLogError(SC_ERR_UID_FAILED, "failed in getting user ID");
 | |
|             exit(EXIT_FAILURE);
 | |
|         }
 | |
| 
 | |
|         sc_set_caps = TRUE;
 | |
|     /* Get the suricata group ID to given group ID */
 | |
|     } else if (do_setgid == TRUE) {
 | |
|         if (SCGetGroupID(group_name, &groupid) != 0) {
 | |
|             SCLogError(SC_ERR_GID_FAILED, "failed in getting group ID");
 | |
|             exit(EXIT_FAILURE);
 | |
|         }
 | |
| 
 | |
|         sc_set_caps = TRUE;
 | |
|     }
 | |
| #endif /* OS_WIN32 */
 | |
| 
 | |
|     /* pre allocate packets */
 | |
|     SCLogDebug("preallocating packets... packet size %" PRIuMAX "", (uintmax_t)SIZE_OF_PACKET);
 | |
|     int i = 0;
 | |
|     for (i = 0; i < max_pending_packets; i++) {
 | |
|         /* XXX pkt alloc function */
 | |
|         Packet *p = SCMalloc(SIZE_OF_PACKET);
 | |
|         if (p == NULL) {
 | |
|             SCLogError(SC_ERR_FATAL, "Fatal error encountered while allocating a packet. Exiting...");
 | |
|             exit(EXIT_FAILURE);
 | |
|         }
 | |
|         PACKET_INITIALIZE(p);
 | |
| 
 | |
|         PacketPoolStorePacket(p);
 | |
|     }
 | |
|     SCLogInfo("preallocated %"PRIiMAX" packets. Total memory %"PRIuMAX"",
 | |
|         max_pending_packets, (uintmax_t)(max_pending_packets*SIZE_OF_PACKET));
 | |
| 
 | |
|     FlowInitConfig(FLOW_VERBOSE);
 | |
| 
 | |
|     DetectEngineCtx *de_ctx = DetectEngineCtxInit();
 | |
| 
 | |
|     SCClassConfLoadClassficationConfigFile(de_ctx);
 | |
|     SCRConfLoadReferenceConfigFile(de_ctx);
 | |
| 
 | |
|     ActionInitConfig();
 | |
| 
 | |
|     if (SigLoadSignatures(de_ctx, sig_file) < 0) {
 | |
|         if (sig_file == NULL) {
 | |
|             SCLogError(SC_ERR_OPENING_FILE, "Signature file has not been provided");
 | |
|         } else {
 | |
|             SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.");
 | |
|         }
 | |
|         if (de_ctx->failure_fatal)
 | |
|             exit(EXIT_FAILURE);
 | |
|     }
 | |
| 
 | |
|     if (engine_analysis) {
 | |
|         exit(EXIT_SUCCESS);
 | |
|     }
 | |
| 
 | |
| #ifdef PROFILING
 | |
|     SCProfilingInitRuleCounters(de_ctx);
 | |
| #endif /* PROFILING */
 | |
| 
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|     SCCudaPBSetUpQueuesAndBuffers();
 | |
| #endif /* __SC_CUDA_SUPPORT__ */
 | |
| 
 | |
|     AppLayerHtpRegisterExtraCallbacks();
 | |
|     SCThresholdConfInitContext(de_ctx,NULL);
 | |
|     SCAsn1LoadConfig();
 | |
| 
 | |
|     struct timeval start_time;
 | |
|     memset(&start_time, 0, sizeof(start_time));
 | |
|     gettimeofday(&start_time, NULL);
 | |
| 
 | |
|     SCDropMainThreadCaps(userid, groupid);
 | |
| 
 | |
|     RunModeInitializeOutputs();
 | |
| 
 | |
|     /* run the selected runmode */
 | |
|     if (run_mode == RUNMODE_PCAP_DEV) {
 | |
|         PcapTranslateIPToDevice(pcap_dev, sizeof(pcap_dev));
 | |
|         if (ConfSet("pcap.single_pcap_dev", pcap_dev, 0) != 1) {
 | |
|             fprintf(stderr, "ERROR: Failed to set pcap.single_pcap_dev\n");
 | |
|             exit(EXIT_FAILURE);
 | |
|         }
 | |
| #ifdef HAVE_PFRING
 | |
|     } else if (run_mode == RUNMODE_PFRING) {
 | |
|         PfringLoadConfig();
 | |
| #endif /* HAVE_PFRING */
 | |
|     }
 | |
| 
 | |
|     RunModeDispatch(run_mode, runmode_custom_mode, de_ctx);
 | |
| 
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|     if (PatternMatchDefaultMatcher() == MPM_B2G_CUDA) {
 | |
|         /* start the dispatcher thread for this module */
 | |
|         if (B2gCudaStartDispatcherThreadRC("SC_RULES_CONTENT_B2G_CUDA") == -1)
 | |
|             exit(EXIT_FAILURE);
 | |
|     }
 | |
| #endif
 | |
| 
 | |
|     /* Spawn the flow manager thread */
 | |
|     FlowManagerThreadSpawn();
 | |
| 
 | |
|     StreamTcpInitConfig(STREAM_VERBOSE);
 | |
| 
 | |
|     /* Spawn the L7 App Detect thread */
 | |
|     //AppLayerDetectProtoThreadSpawn();
 | |
| 
 | |
|     /* Spawn the perf counter threads.  Let these be the last one spawned */
 | |
|     SCPerfSpawnThreads();
 | |
| 
 | |
|     /* Check if the alloted queues have at least 1 reader and writer */
 | |
|     TmValidateQueueState();
 | |
| 
 | |
|     /* Wait till all the threads have been initialized */
 | |
|     if (TmThreadWaitOnThreadInit() == TM_ECODE_FAILED) {
 | |
|         SCLogError(SC_ERR_INITIALIZATION, "Engine initialization failed, "
 | |
|                    "aborting...");
 | |
|         exit(EXIT_FAILURE);
 | |
|     }
 | |
| 
 | |
|     SC_ATOMIC_CAS(&engine_stage, SURICATA_INIT, SURICATA_RUNTIME);
 | |
| 
 | |
|     /* Un-pause all the paused threads */
 | |
|     TmThreadContinueThreads();
 | |
| 
 | |
| #ifdef DBG_MEM_ALLOC
 | |
|     SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem);
 | |
| #ifdef DBG_MEM_ALLOC_SKIP_STARTUP
 | |
|     print_mem_flag = 1;
 | |
| #endif
 | |
| #endif
 | |
| 
 | |
|     int engine_retval = EXIT_SUCCESS;
 | |
|     while(1) {
 | |
|         if (suricata_ctl_flags != 0) {
 | |
|             SCLogInfo("signal received");
 | |
| 
 | |
|             if (suricata_ctl_flags & SURICATA_STOP)  {
 | |
|                 struct timeval ts_start;
 | |
|                 struct timeval ts_cur;
 | |
| 
 | |
|                 memset(&ts_start, 0x00, sizeof(ts_start));
 | |
|                 gettimeofday(&ts_start, NULL);
 | |
| 
 | |
|                 SCLogInfo("EngineStop received");
 | |
| 
 | |
|                 /* Stop the engine so it quits after processing the pcap file
 | |
|                  * but first make sure all packets are processed by all other
 | |
|                  * threads. */
 | |
|                 char done = 0;
 | |
|                 do {
 | |
|                     if (suricata_ctl_flags & SURICATA_KILL)
 | |
|                         break;
 | |
| 
 | |
|                     /* if all packets are returned to the packetpool
 | |
|                      * we are done */
 | |
|                     if (PacketPoolSize() == max_pending_packets)
 | |
|                         done = 1;
 | |
| 
 | |
|                     if (done == 0) {
 | |
|                         memset(&ts_cur, 0x00, sizeof(ts_cur));
 | |
|                         gettimeofday(&ts_cur, NULL);
 | |
| 
 | |
|                         if (ts_cur.tv_sec - ts_start.tv_sec >= 30) {
 | |
|                             SCLogError(SC_ERR_SHUTDOWN, "shutdown taking too "
 | |
|                                     "long, likely a bug! (%"PRIuMAX
 | |
|                                     " != %"PRIuMAX").", (uintmax_t)PacketPoolSize(),
 | |
|                                     (uintmax_t)max_pending_packets);
 | |
| #ifdef DEBUG
 | |
|                             BUG_ON(1);
 | |
| #endif
 | |
|                             engine_retval = EXIT_FAILURE;
 | |
|                             break;
 | |
|                         }
 | |
| 
 | |
|                         usleep(100);
 | |
|                     }
 | |
|                 } while (done == 0);
 | |
| 
 | |
|                 SCLogInfo("all packets processed by threads, stopping engine");
 | |
|             }
 | |
| 
 | |
|             struct timeval end_time;
 | |
|             memset(&end_time, 0, sizeof(end_time));
 | |
|             gettimeofday(&end_time, NULL);
 | |
| 
 | |
|             SCLogInfo("time elapsed %" PRIuMAX "s", (uintmax_t)(end_time.tv_sec - start_time.tv_sec));
 | |
| 
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|             SCCudaPBKillBatchingPackets();
 | |
| #endif
 | |
| 
 | |
|             TmThreadKillThreads();
 | |
|             SCPerfReleaseResources();
 | |
|             break;
 | |
|         }
 | |
| 
 | |
|         TmThreadCheckThreadState();
 | |
| 
 | |
|         usleep(10* 1000);
 | |
|     }
 | |
| 
 | |
|     /* Update the engine stage/status flag */
 | |
|     SC_ATOMIC_CAS(&engine_stage, SURICATA_RUNTIME, SURICATA_DEINIT);
 | |
| 
 | |
| 
 | |
|     FlowShutdown();
 | |
|     FlowPrintQueueInfo();
 | |
|     StreamTcpFreeConfig(STREAM_VERBOSE);
 | |
|     HTPFreeConfig();
 | |
|     HTPAtExitPrintStats();
 | |
| 
 | |
| #ifdef DBG_MEM_ALLOC
 | |
|     SCLogInfo("Total memory used (without SCFree()): %"PRIdMAX, (intmax_t)global_mem);
 | |
| #ifdef DBG_MEM_ALLOC_SKIP_STARTUP
 | |
|     print_mem_flag = 0;
 | |
| #endif
 | |
| #endif
 | |
| 
 | |
|     SCPidfileRemove(pid_filename);
 | |
| 
 | |
|     /** \todo review whats needed here */
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|     if (PatternMatchDefaultMatcher() == MPM_B2G_CUDA) {
 | |
|         /* all threadvars related to cuda should be free by now, which means
 | |
|          * the cuda contexts would be floating */
 | |
|         if (SCCudaHlPushCudaContextFromModule("SC_RULES_CONTENT_B2G_CUDA") == -1) {
 | |
|             SCLogError(SC_ERR_CUDA_HANDLER_ERROR, "Call to "
 | |
|                        "SCCudaHlPushCudaContextForModule() failed during the "
 | |
|                        "shutdown phase just before the call to SigGroupCleanup()");
 | |
|         }
 | |
|     }
 | |
| #endif
 | |
|     SigGroupCleanup(de_ctx);
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|     if (PatternMatchDefaultMatcher() == MPM_B2G_CUDA) {
 | |
|         /* pop the cuda context we just pushed before the call to SigGroupCleanup() */
 | |
|         if (SCCudaCtxPopCurrent(NULL) == -1) {
 | |
|             SCLogError(SC_ERR_CUDA_HANDLER_ERROR, "Call to SCCudaCtxPopCurrent() "
 | |
|                        "during the shutdown phase just before the call to "
 | |
|                        "SigGroupCleanup()");
 | |
|             return 0;
 | |
|         }
 | |
|     }
 | |
| #endif
 | |
| 
 | |
|     AppLayerHtpPrintStats();
 | |
| 
 | |
|     SigCleanSignatures(de_ctx);
 | |
|     if (de_ctx->sgh_mpm_context == ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE) {
 | |
|         MpmFactoryDeRegisterAllMpmCtxProfiles();
 | |
|     }
 | |
|     DetectEngineCtxFree(de_ctx);
 | |
|     AlpProtoDestroy();
 | |
| 
 | |
|     TagDestroyCtx();
 | |
| 
 | |
|     RunModeShutDown();
 | |
|     OutputDeregisterAll();
 | |
|     TimeDeinit();
 | |
|     SCProtoNameDeInit();
 | |
|     DefragDestroy();
 | |
|     TmqhPacketpoolDestroy();
 | |
| 
 | |
| #ifdef PROFILING
 | |
|     if (profiling_rules_enabled)
 | |
|         SCProfilingDump(stdout);
 | |
|     SCProfilingDestroy();
 | |
| #endif
 | |
| 
 | |
| #ifdef __SC_CUDA_SUPPORT__
 | |
|     /* all cuda contexts attached to any threads should be free by now.
 | |
|      * if any host_thread is still attached to any cuda_context, they need
 | |
|      * to pop them by the time we reach here, if they aren't using those
 | |
|      * cuda contexts in any way */
 | |
|     SCCudaHlDeRegisterAllRegisteredModules();
 | |
| #endif
 | |
| #ifdef OS_WIN32
 | |
| 	if (daemon) {
 | |
| 		return 0;
 | |
| 	}
 | |
| #endif /* OS_WIN32 */
 | |
| 
 | |
|     SC_ATOMIC_DESTROY(engine_stage);
 | |
|     exit(engine_retval);
 | |
| }
 |