multi-detect: handle missing mappings

author Victor Julien <victor@inliniac.net>

Mon, 23 Nov 2015 13:05:21 +0000 (14:05 +0100)

committer Victor Julien <victor@inliniac.net>

Mon, 23 Nov 2015 15:58:32 +0000 (16:58 +0100)
author Victor Julien <victor@inliniac.net>
Mon, 23 Nov 2015 13:05:21 +0000 (14:05 +0100)
committer Victor Julien <victor@inliniac.net>
Mon, 23 Nov 2015 15:58:32 +0000 (16:58 +0100)
diff --git a/src/detect-engine.c b/src/detect-engine.c

index 04aad76745db3be6541f00152deae5569de87bfc..63c1dafb4561eeebca55dae69af9af9826a28c5b 100644 (file)
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -2045,8 +2045,12 @@ int DetectEngineReloadTenantBlocking(uint32_t tenant_id, const char *yaml, int r
   */
  void DetectEngineMultiTenantSetup(void)
  {
+    enum DetectEngineTenantSelectors tenant_selector = TENANT_SELECTOR_UNKNOWN;
      DetectEngineMasterCtx *master = &g_master_de_ctx;
  
+    int unix_socket = 0;
+    (void)ConfGetBool("unix-command.enabled", &unix_socket);
+
      int failure_fatal = 0;
      (void)ConfGetBool("engine.init-failure-fatal", &failure_fatal);
  
@@ -2066,7 +2070,7 @@ void DetectEngineMultiTenantSetup(void)
              SCLogInfo("multi-tenant selector type %s", handler);
  
              if (strcmp(handler, "vlan") == 0) {
-                master->tenant_selector = TENANT_SELECTOR_VLAN;
+                tenant_selector = master->tenant_selector = TENANT_SELECTOR_VLAN;
  
                  int vlanbool = 0;
                  if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
@@ -2077,7 +2081,7 @@ void DetectEngineMultiTenantSetup(void)
                  }
  
              } else if (strcmp(handler, "direct") == 0) {
-                master->tenant_selector = TENANT_SELECTOR_DIRECT;
+                tenant_selector = master->tenant_selector = TENANT_SELECTOR_DIRECT;
              } else {
                  SCLogError(SC_ERR_INVALID_VALUE, "unknown value %s "
                                                   "multi-detect.selector", handler);
@@ -2092,6 +2096,7 @@ void DetectEngineMultiTenantSetup(void)
          ConfNode *mappings_root_node = ConfGetNode("multi-detect.mappings");
          ConfNode *mapping_node = NULL;
  
+        int mapping_cnt = 0;
          if (mappings_root_node != NULL) {
              TAILQ_FOREACH(mapping_node, &mappings_root_node->head, next) {
                  if (strcmp(mapping_node->val, "vlan") == 0) {
@@ -2129,6 +2134,7 @@ void DetectEngineMultiTenantSetup(void)
                          goto error;
                      }
                      SCLogInfo("vlan %u connected to tenant-id %u", vlan_id, tenant_id);
+                    mapping_cnt++;
                  } else {
                      SCLogWarning(SC_ERR_INVALID_VALUE, "multi-detect.mappings expects a list of 'vlan's. Not %s", mapping_node->val);
                      goto bad_mapping;
@@ -2141,6 +2147,24 @@ void DetectEngineMultiTenantSetup(void)
              }
          }
  
+        if (tenant_selector == TENANT_SELECTOR_VLAN && mapping_cnt == 0) {
+            /* no mappings are valid when we're in unix socket mode,
+             * they can be added on the fly. Otherwise warn/error
+             * depending on failure_fatal */
+
+            if (unix_socket) {
+                SCLogNotice("no tenant traffic mappings defined, "
+                        "tenants won't be used until mappings are added");
+            } else {
+                if (failure_fatal)
+                    SCLogWarning(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined");
+                else {
+                    SCLogError(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined");
+                    goto error;
+                }
+            }
+        }
+
          /* tenants */
          ConfNode *tenants_root_node = ConfGetNode("multi-detect.tenants");
          ConfNode *tenant_node = NULL;
diff --git a/src/util-error.c b/src/util-error.c

index af266d334fea448c0768ddc5026c32fddf455861..7f2caf00d25949c07cdfb97e046a5854da6268f5 100644 (file)
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -309,6 +309,7 @@ const char * SCErrorToString(SCError err)
          CASE_CODE (SC_ERR_IPPAIR_INIT);
          CASE_CODE (SC_ERR_MT_NO_SELECTOR);
          CASE_CODE (SC_ERR_MT_DUPLICATE_TENANT);
+        CASE_CODE (SC_ERR_MT_NO_MAPPING);
          CASE_CODE (SC_ERR_NO_JSON_SUPPORT);
          CASE_CODE (SC_ERR_INVALID_RULE_ARGUMENT);
      }
diff --git a/src/util-error.h b/src/util-error.h

index d0b2471567905dd9b197bca20ccfa1d5d7116db9..cd2ce24927c6593eb7fda4fecafded6f54b68f75 100644 (file)
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -301,6 +301,7 @@ typedef enum {
      SC_ERR_NO_JSON_SUPPORT,
      SC_ERR_INVALID_RULE_ARGUMENT, /**< Generic error code for invalid
                                     * rule argument. */
+    SC_ERR_MT_NO_MAPPING,
  } SCError;
  
  const char *SCErrorToString(SCError);
author	Victor Julien <victor@inliniac.net>
	Mon, 23 Nov 2015 13:05:21 +0000 (14:05 +0100)
committer	Victor Julien <victor@inliniac.net>
	Mon, 23 Nov 2015 15:58:32 +0000 (16:58 +0100)
src/detect-engine.c		patch \| blob \| blame \| history
src/util-error.c		patch \| blob \| blame \| history
src/util-error.h		patch \| blob \| blame \| history