From f6eb1a40a00625b7a83984461242e86347e48579 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Wed, 6 Feb 2019 15:59:02 +0100
Subject: [PATCH] aliases.cgi: Handle suricata related actions when dealing
 with aliases

When working with aliases (adding/modifying/removing), the file which
contains the HOME_NET declarations needs to be re-generated and suricata
requires a restart afterwards.

Fixes #11990

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 html/cgi-bin/aliases.cgi | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/html/cgi-bin/aliases.cgi b/html/cgi-bin/aliases.cgi
index 7c3ba91ae0..4e61eb65e6 100644
--- a/html/cgi-bin/aliases.cgi
+++ b/html/cgi-bin/aliases.cgi
@@ -33,6 +33,7 @@ use strict;
 require '/var/ipfire/general-functions.pl';	# replace /var/ipcop with /var/ipcop in case of manual install
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
+require "${General::swroot}/ids-functions.pl";
 
 my $configfwdfw		= "${General::swroot}/firewall/config";
 my $configinput		= "${General::swroot}/firewall/input";
@@ -105,6 +106,9 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 	
 	# Rebuild configuration file if needed
 	&BuildConfiguration;
+
+	# Handle suricata related actions.
+	&HandleSuricata();
     }
 
     ERROR:						# Leave the faulty field untouched
@@ -139,6 +143,9 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
 	
     # Rebuild configuration file
     &BuildConfiguration;
+
+    # Handle Suricata related actions.
+    &HandleSuricata();
 }
 
 if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
@@ -220,6 +227,9 @@ if ($settings{'ACTION'} eq $Lang::tr{'add'}) {
 	&SortDataFile;				# sort newly added/modified entry
 
 	&BuildConfiguration;			# then re-build conf which use new data
+
+	# Handle Suricata related actions.
+	&HandleSuricata();
 	
 ##
 ## if entering data line is repetitive, choose here to not erase fields between each addition
@@ -251,6 +261,9 @@ if ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
     &General::log($Lang::tr{'ip alias removed'});
 
     &BuildConfiguration;				# then re-build conf which use new data
+
+    # Handle Suricata related actions.
+    &HandleSuricata();
 }
 
 
@@ -557,3 +570,16 @@ sub BuildConfiguration {
     system '/usr/local/bin/setaliases';
 }
 
+#
+## Handle Suricata related actions.
+#
+sub HandleSuricata() {
+	# Check if suricata is running.
+	if(&IDS::ids_is_running()) {
+		# Re-generate file which contains the HOME_NET declaration.
+		&IDS::generate_home_net_file();
+
+		# Call suricatactrl to perform a restart of suricata.
+		&IDS::call_suricatactrl("restart");
+	}
+}
-- 
2.39.2