]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0a106fe)
ips: set host mode only after engine mode
authorVictor Julien <victor@inliniac.net>
Fri, 15 Feb 2019 09:45:12 +0000 (10:45 +0100)
committerVictor Julien <victor@inliniac.net>
Fri, 15 Feb 2019 09:57:50 +0000 (10:57 +0100)
Make sure it is set after the final engine mode update.

src/suricata.c patch | blob | blame | history

diff --git a/src/suricata.c b/src/suricata.c
index 9d551d95ebd7f4fe5a0d9008ea47d3a1ddeb1723..9ce104761208cf250e32bc4cf6759f160317d47f 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2633,14 +2633,45 @@ static int PostDeviceFinalizedSetup(SCInstance *suri)
     SCReturnInt(TM_ECODE_OK);
 }
 
+static void PostConfLoadedSetupHostMode(void)
+{
+    const char *hostmode = NULL;
+
+    if (ConfGetValue("host-mode", &hostmode) == 1) {
+        if (!strcmp(hostmode, "router")) {
+            host_mode = SURI_HOST_IS_ROUTER;
+        } else if (!strcmp(hostmode, "sniffer-only")) {
+            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+        } else {
+            if (strcmp(hostmode, "auto") != 0) {
+                WarnInvalidConfEntry("host-mode", "%s", "auto");
+            }
+            if (EngineModeIsIPS()) {
+                host_mode = SURI_HOST_IS_ROUTER;
+            } else {
+                host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+            }
+        }
+    } else {
+        if (EngineModeIsIPS()) {
+            host_mode = SURI_HOST_IS_ROUTER;
+            SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
+                      "default setting 'router'");
+        } else {
+            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+            SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
+                      "default setting 'sniffer-only'");
+        }
+    }
+
+}
+
 /**
  * This function is meant to contain code that needs
  * to be run once the configuration has been loaded.
  */
 static int PostConfLoadedSetup(SCInstance *suri)
 {
-    const char *hostmode = NULL;
-
     /* do this as early as possible #1577 #1955 */
 #ifdef HAVE_LUAJIT
     if (LuajitSetupStatesPool() != 0) {
@@ -2716,33 +2747,6 @@ static int PostConfLoadedSetup(SCInstance *suri)
         SCReturnInt(TM_ECODE_FAILED);
     }
 
-    if (ConfGetValue("host-mode", &hostmode) == 1) {
-        if (!strcmp(hostmode, "router")) {
-            host_mode = SURI_HOST_IS_ROUTER;
-        } else if (!strcmp(hostmode, "sniffer-only")) {
-            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
-        } else {
-            if (strcmp(hostmode, "auto") != 0) {
-                WarnInvalidConfEntry("host-mode", "%s", "auto");
-            }
-            if (EngineModeIsIPS()) {
-                host_mode = SURI_HOST_IS_ROUTER;
-            } else {
-                host_mode = SURI_HOST_IS_SNIFFER_ONLY;
-            }
-        }
-    } else {
-        if (EngineModeIsIPS()) {
-            host_mode = SURI_HOST_IS_ROUTER;
-            SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
-                      "default setting 'router'");
-        } else {
-            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
-            SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
-                      "default setting 'sniffer-only'");
-        }
-    }
-
 #ifdef NFQ
     if (suri->run_mode == RUNMODE_NFQ)
         NFQInitConfig(FALSE);
@@ -2829,10 +2833,14 @@ static int PostConfLoadedSetup(SCInstance *suri)
 
     LiveDeviceFinalize();
 
+    /* set engine mode if L2 IPS */
     if (PostDeviceFinalizedSetup(&suricata) != TM_ECODE_OK) {
         exit(EXIT_FAILURE);
     }
 
+    /* hostmode depends on engine mode being set */
+    PostConfLoadedSetupHostMode();
+
     PreRunInit(suri->run_mode);
 
     SCReturnInt(TM_ECODE_OK);
Mirror of https://github.com/OISF/suricata.git