detect-reload: enable unconditionally

Reloading is available unconditionally now.

diff --git a/src/detect.c b/src/detect.c
index 53953d4f2a9be970f167af68377449a60097bab6..ed4d132b4b760e0104aa953b1e4ec904fbf1f79b 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -2718,9 +2718,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx)
 
 #ifdef HAVE_LUAJIT
     /* run this before the mpm states are initialized */
-    if (DetectLuajitSetupStatesPool(de_ctx->detect_luajit_instances,
-                                    IsRuleReloadSet(TRUE))
-            != 0) {
+    if (DetectLuajitSetupStatesPool(de_ctx->detect_luajit_instances, TRUE) != 0) {
         if (de_ctx->failure_fatal)
             return -1;
     }

diff --git a/src/suricata.c b/src/suricata.c
index c999611b2a0b0e2eb9dd32e88f785a5694d92051..e4e3cb5ae14887c7c54330cf222189fda6aa56a1 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -276,11 +276,6 @@ static void SignalHandlerSigterm(/*@unused@*/ int sig)
     suricata_ctl_flags |= SURICATA_KILL;
 }
 
-void SignalHandlerSigusr2Disabled(int sig)
-{
-    SCLogInfo("Live rule reload not enabled in config.");
-}
-
 void SignalHandlerSigusr2StartingUp(int sig)
 {
     SCLogInfo("Live rule reload only possible after engine completely started.");
@@ -920,25 +915,6 @@ TmEcode LoadYamlConfig(char *conf_filename)
     SCReturnInt(TM_ECODE_OK);
 }
 
-int IsRuleReloadSet(int quiet)
-{
-    int rule_reload = 0;
-
-    ConfNode *denode = NULL;
-    ConfNode *decnf = ConfGetNode("detect-engine");
-    if (decnf != NULL) {
-        TAILQ_FOREACH(denode, &decnf->head, next) {
-            if (strcmp(denode->val, "rule-reload") == 0) {
-                (void)ConfGetChildValueBool(denode, "rule-reload", &rule_reload);
-                if (!quiet)
-                    SCLogInfo("Live rule reloads %s",
-                              rule_reload ? "enabled" : "disabled");
-            }
-        }
-    }
-    return rule_reload;
-}
-
 static TmEcode ParseInterfacesList(int run_mode, char *pcap_dev)
 {
     SCEnter();
@@ -2026,8 +2002,6 @@ static int PostConfLoadedSetup(SCInstance *suri)
     MpmCudaEnvironmentSetup();
 #endif
 
-    suri->rule_reload = IsRuleReloadSet(FALSE);
-
     switch (suri->checksum_validation) {
         case 0:
             ConfSet("stream.checksum-validation", "0");
@@ -2140,14 +2114,10 @@ static int PostConfLoadedSetup(SCInstance *suri)
 
     DetectEngineRegisterAppInspectionEngines();
 
-    if (suri->rule_reload) {
-        if (suri->sig_file != NULL)
-            UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2SigFileStartup);
-        else
-            UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2StartingUp);
-    } else {
-        UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2Disabled);
-    }
+    if (suri->sig_file != NULL)
+        UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2SigFileStartup);
+    else
+        UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2StartingUp);
 
     StorageFinalize();
 
@@ -2375,7 +2345,7 @@ int main(int argc, char **argv)
     /* registering singal handlers we use.  We register usr2 here, so that one
      * can't call it during the first sig load phase or while threads are still
      * starting up. */
-    if (DetectEngineEnabled() && suri.sig_file == NULL && suri.rule_reload == 1 &&
+    if (DetectEngineEnabled() && suri.sig_file == NULL &&
             suri.delayed_detect == 0)
         UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
 
@@ -2383,12 +2353,10 @@ int main(int argc, char **argv)
         /* force 'reload', this will load the rules and swap engines */
         DetectEngineReload(NULL);
 
-        if (suri.rule_reload) {
-            if (suri.sig_file != NULL)
-                UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2SigFileStartup);
-            else
-                UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
-        }
+        if (suri.sig_file != NULL)
+            UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2SigFileStartup);
+        else
+            UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
         SCLogNotice("Signature(s) loaded, Detect thread(s) activated.");
     }
 

diff --git a/src/suricata.h b/src/suricata.h
index 573be0bb0aa9fc0790fa86b894aa6abc231a2af1..12e72697a07d3deace52deb66bdd5e9d82b3df0c 100644 (file)
--- a/src/suricata.h
+++ b/src/suricata.h
@@ -146,7 +146,6 @@ typedef struct SCInstance_ {
     uint32_t groupid;
 #endif /* OS_WIN32 */
     int delayed_detect;
-    int rule_reload;
     int disabled_detect;
     int daemon;
     int offline;

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 1681be5559c9f6e1cba54c49fba265712df4d2cd..001d8e61f26bed857d463409fd6b170c680fcad9 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -528,9 +528,6 @@ detect-engine:
       toserver-dp-groups: 25
   - sgh-mpm-context: auto
   - inspection-recursion-limit: 3000
-  # When rule-reload is enabled, sending a USR2 signal to the Suricata process
-  # will trigger a live rule reload. Experimental feature, use with care.
-  #- rule-reload: true
   # If set to yes, the loading of signatures will be made after the capture
   # is started. This will limit the downtime in IPS mode.
   #- delayed-detect: yes