suricata  4.1.4
About: Suricata is a high performance Network Intrusion Detection (IDS) and Prevention (IPS) and Network Security Monitoring engine.
  Fossies Dox: suricata-4.1.4.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

Some Fossies usage hints in advance:

  1. To see the Doxygen generated documentation please click on one of the items in the "quick index" bar above or use the side panel at the left which displays a hierarchical tree-like index structure and is adjustable in width.
  2. If you want to search for something by keyword rather than browse for it you can use the client side search facility (using Javascript and DHTML) that provides live searching, i.e. the search results are presented and adapted as you type in the Search input field at the top right.
  3. Doxygen doesn't incorporate all member files but just a definable subset (basically the main project source code files that are written in a supported language). So to search and browse all member files you may visit the Fossies suricata-4.1.4.tar.gz contents page and use the Fossies standard member browsing features (also with source code highlighting and additionally with optional code folding).
Doxygen documentation

Introduction

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

Developer documentation

You've reach the automically generated documentation of Suricata. This document contains information about architecture and code structure. It is attended for developers wanting to understand or contribute to Suricata.

Modules

Documentation is generate from comments placed in all parts of the code. But you will also find some groups describing specific functional parts:

Architecture

Data structures

Regarding matching, there is three main data structures which are:

  • Packet: Data relative to an individual packet with information about linked structure such as the Flow the Packet belongs to.
  • Flow: Information about a flow for example a TCP session

Running mode

Suricata is multithreaded and running modes define how the different threads are working together. You can see util-runmodes.c for example of running mode.