Introduce host-mode.

This variable can be used to indicate to suricata that the host
running is running as a router or is in sniffing only mode.
This will used at least to determine which interfaces are used to
send reject message.

diff --git a/src/suricata.c b/src/suricata.c
index b44ed960f19e45d47b674d85b03fbca9db2010fd..b2219eb5ff9aa9a829f1bc68e2a1641a18698db0 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -187,6 +187,10 @@ int run_mode = RUNMODE_UNKNOWN;
   * detection mode (ENGINE_MODE_IDS by default) */
 uint8_t engine_mode = ENGINE_MODE_IDS;
 
+/** Host mode: set if box is sniffing only
+ * or is a router */
+uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+
 /** Maximum packets to simultaneously process. */
 intmax_t max_pending_packets;
 
@@ -1673,6 +1677,7 @@ static int FinalizeRunMode(SCInstance *suri, char **argv)
     /* Set the global run mode */
     run_mode = suri->run_mode;
 
+
     return TM_ECODE_OK;
 }
 
@@ -1759,6 +1764,43 @@ static int ConfigGetCaptureValue(SCInstance *suri)
 
     return TM_ECODE_OK;
 }
+/**
+ * This function is meant to contain code that needs
+ * to be run once the configuration has been loaded.
+ */
+static int PostConfLoadedSetup(SCInstance *suri)
+{
+    char *hostmode = NULL;
+
+    if (ConfGet("host-mode", &hostmode) == 1) {
+        if (!strcmp(hostmode, "router")) {
+            host_mode = SURI_HOST_IS_ROUTER;
+        } else if (!strcmp(hostmode, "sniffer-only")) {
+            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+        } else {
+            if (strcmp(hostmode, "auto")) {
+                WarnInvalidConfEntry("host-mode", "%s", "auto");
+            }
+            if (IS_ENGINE_MODE_IPS(engine_mode)) {
+                host_mode = SURI_HOST_IS_ROUTER;
+            } else {
+                host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+            }
+        }
+    } else {
+        if (IS_ENGINE_MODE_IPS(engine_mode)) {
+            host_mode = SURI_HOST_IS_ROUTER;
+            SCLogInfo("No 'host-mode': suricata in IPS mode, so"
+                      "automatic setting to 'router'");
+        } else {
+            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+            SCLogInfo("No 'host-mode': suricata in IDS mode, so"
+                      "automatic setting to 'sniffer-only'");
+        }
+    }
+    return TM_ECODE_OK;
+}
+
 
 int main(int argc, char **argv)
 {
@@ -1873,6 +1915,11 @@ int main(int argc, char **argv)
         exit(EXIT_FAILURE);
     }
 
+
+    if (PostConfLoadedSetup(&suri) != TM_ECODE_OK) {
+        exit(EXIT_FAILURE);
+    }
+
 #ifdef NFQ
     if (suri.run_mode == RUNMODE_NFQ)
         NFQInitConfig(FALSE);

diff --git a/src/suricata.h b/src/suricata.h
index 92bc1804e18ffb4c0351110419e24dfefefffdcd..d6b02411ed7c843509d8bcbac17db7d78dc246ae 100644 (file)
--- a/src/suricata.h
+++ b/src/suricata.h
@@ -115,6 +115,15 @@ enum {
 #define IS_ENGINE_MODE_IPS(engine_mode)  ((engine_mode) == ENGINE_MODE_IPS)
 #define IS_ENGINE_MODE_IDS(engine_mode)  ((engine_mode) == ENGINE_MODE_IDS)
 
+/* Box is acting as router */
+enum {
+    SURI_HOST_IS_SNIFFER_ONLY,
+    SURI_HOST_IS_ROUTER,
+};
+
+#define IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode)  ((host_mode) == SURI_HOST_IS_SNIFFER_ONLY)
+#define IS_SURI_HOST_MODE_ROUTER(host_mode)  ((host_mode) == SURI_HOST_IS_ROUTER)
+
 /* queue's between various other threads
  * XXX move to the TmQueue structure later
  */

diff --git a/suricata.yaml.in b/suricata.yaml.in
index af24486c25b7219f404472a54511945d9b974251..4f038917bbcc3f85a1cac364ca09220e5b5f94b0 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -32,6 +32,12 @@
 #
 #autofp-scheduler: active-packets
 
+# If suricata box is a router for the sniffed networks, set it to 'router'. If
+# it is a pure sniffing setup, set it to 'sniffer-only'.
+# If set to auto, the variable is internally switch to 'router' in IPS mode
+# and 'sniffer-only' in IDS mode.
+host-mode: auto
+
 # Run suricata as user and group.
 #run-as:
 #  user: suri