unix-socket: reset to ready state on startup

As part of commit ea15282f47c6ff781533e3a063f9c903dd6f1afb,
some initialization was moved to happen even in unix socket mode,
however, this initialization does setup some loggers that can only have
one instance enabled (anomaly, drop, file-store).

This will cause these loggers to error out on the first pcap, but work
on subsequent runs of the pcap as some deinitialization is done after
each pcap.

This fix just runs the post pcap-file deinitialization routine to
reset some of the initialization done on startup, like is done after
running each pcap in unix socket mode.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4225

Additionally this prevents alerts from being logged two times
on the first run of a pcap through the unix socket:

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4434

(cherry picked from commit 488d5fb34284f7e5be760edeca7607209cfa4b5e)

diff --git a/src/suricata.c b/src/suricata.c
index 712a2b387e2b46a447d172b7282f70183825d971..80aae67c2d7052b6ac7723c6d83c83bc9b10131e 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2041,8 +2041,14 @@ void PreRunPostPrivsDropInit(const int runmode)
     StatsSetupPostConfigPreOutput();
     RunModeInitializeOutputs();
 
-    if (runmode == RUNMODE_UNIX_SOCKET)
+    if (runmode == RUNMODE_UNIX_SOCKET) {
+        /* As the above did some necessary startup initialization, it
+         * also setup some outputs where only one is allowed, so
+         * deinitialize to the state that unix-mode does after every
+         * pcap. */
+        PostRunDeinit(RUNMODE_PCAP_FILE, NULL);
         return;
+    }
 
     StatsSetupPostConfigPostOutput();
 }