suricata  3.1.2
About: Suricata is a high performance Network Intrusion Detection (IDS) and Prevention (IPS) and Network Security Monitoring engine.
  Fossies Dox: suricata-3.1.2.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

Doxygen documentation


The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

Developer documentation

You've reach the automically generated documentation of Suricata. This document contains information about architecture and code structure. It is attended for developers wanting to understand or contribute to Suricata.


Documentation is generate from comments placed in all parts of the code. But you will also find some groups describing specific functional parts:


Data structures

Regarding matching, there is three main data structures which are:

  • Packet: Data relative to an individual packet with information about linked structure such as the Flow the Packet belongs to.
  • Flow: Information about a flow for example a TCP session
  • StreamMsg: structure containing the reassembled data

Running mode

Suricata is multithreaded and running modes define how the different threads are working together. You can see util-runmodes.c for example of running mode.