currently enabled
* Adding/removing stream_* inspectors if stream was already configured
-In all of these cases reload will fail, and the original config will remain in use.
+In all of these cases reload will fail with the following message: "reload
+ failed - restart required". The original config will remain in use.
+
{
if (Snort::is_reloading() && !FileService::is_file_capture_enabled())
{
- ParseError("Enabling file capture requires a restart\n");
+ ReloadError("Enabling file capture requires a restart\n");
return false;
}
fp.set_file_capture(true);
if (file_rule.use.capture_enabled && Snort::is_reloading()
&& !FileService::is_file_capture_enabled())
{
- ParseError("Enabling file capture requires a restart\n");
+ ReloadError("Enabling file capture requires a restart\n");
return false;
}
}
return;
if (max_files_cached != conf->max_files_cached)
- ParseError("Changing file_id:max_files_cached requires a restart\n");
+ ReloadError("Changing file_id:max_files_cached requires a restart\n");
if (file_capture_enabled)
{
if (capture_memcap != conf->capture_memcap)
- ParseError("Changing file_id:capture_memcap requires a restart\n");
+ ReloadError("Changing file_id:capture_memcap requires a restart\n");
if (capture_block_size != conf->capture_block_size)
- ParseError("Changing file_id:capture_block_size requires a restart\n");
+ ReloadError("Changing file_id:capture_block_size requires a restart\n");
}
}
static unsigned parse_errors = 0;
static unsigned parse_warnings = 0;
+static unsigned reload_errors = 0;
void reset_parse_errors()
{
parse_errors = 0;
+ reload_errors = 0;
}
unsigned get_parse_errors()
return tmp;
}
+unsigned get_reload_errors()
+{
+ return reload_errors;
+}
+
static void log_message(FILE* file, const char* type, const char* msg)
{
const char* file_name;
parse_errors++;
}
+void ReloadError(const char* format, ...)
+{
+ char buf[STD_BUF+1];
+ va_list ap;
+
+ va_start(ap, format);
+ vsnprintf(buf, STD_BUF, format, ap);
+ va_end(ap);
+
+ buf[STD_BUF] = '\0';
+ log_message(stderr, "ERROR", buf);
+
+ reload_errors++;
+}
+
[[noreturn]] void ParseAbort(const char* format, ...)
{
char buf[STD_BUF+1];
void reset_parse_errors();
unsigned get_parse_errors();
unsigned get_parse_warnings();
+unsigned get_reload_errors();
namespace snort
{
SO_PUBLIC void ParseMessage(const char*, ...) __attribute__((format (printf, 1, 2)));
SO_PUBLIC void ParseWarning(WarningGroup, const char*, ...) __attribute__((format (printf, 2, 3)));
SO_PUBLIC void ParseError(const char*, ...) __attribute__((format (printf, 1, 2)));
+SO_PUBLIC void ReloadError(const char*, ...) __attribute__((format (printf, 1, 2)));
[[noreturn]] SO_PUBLIC void ParseAbort(const char*, ...) __attribute__((format (printf, 1, 2)));
SO_PUBLIC void LogMessage(const char*, ...) __attribute__((format (printf, 1, 2)));
if ( !sc )
{
- current_request->respond("== reload failed\n");
+ if (get_reload_errors())
+ current_request->respond("== reload failed - restart required\n");
+ else
+ current_request->respond("== reload failed - bad config\n");
return 0;
}
if ( !tc )
{
- current_request->respond("== reload failed\n");
+ current_request->respond("== reload failed - bad config\n");
return 0;
}
SnortConfig::set_conf(sc);
clean_exit(0);
}
+void Snort::reload_failure_cleanup(SnortConfig* sc)
+{
+ parser_term(sc);
+ delete sc;
+ reloading = false;
+}
+
// FIXIT-M refactor this so startup and reload call the same core function to
// instantiate things that can be reloaded
SnortConfig* Snort::get_reload_config(const char* fname)
if ( get_parse_errors() || ModuleManager::get_errors() || !sc->verify() )
{
- parser_term(sc);
- delete sc;
- reloading = false;
+ reload_failure_cleanup(sc);
return nullptr;
}
ControlMgmt::reconfigure_controls();
#endif
- FileService::verify_reload(sc);
-
if ( get_parse_errors() or !InspectorManager::configure(sc) )
{
- parser_term(sc);
- delete sc;
- reloading = false;
+ reload_failure_cleanup(sc);
+ return nullptr;
+ }
+
+ FileService::verify_reload(sc);
+ if ( get_reload_errors() )
+ {
+ reload_failure_cleanup(sc);
return nullptr;
}
static void init(int, char**);
static void term();
static void clean_exit(int);
+ static void reload_failure_cleanup(SnortConfig*);
private:
static bool initializing;
state = new std::vector<void*>[num_slots];
}
-// FIXIT-L this is a work around till snort supports adding/removing
+// FIXIT-L this is a work around till snort supports adding/removing
// stream cache during reload
bool SnortConfig::verify_stream_inspectors()
{
const bool in_new = InspectorManager::inspector_exists_in_any_policy(name, this);
if (orig_inspectors[name] != in_new)
{
- ErrorMessage("Snort Reload: Adding/removing %s requires a restart.\n", name);
+ ReloadError("Snort Reload: Adding/removing %s requires a restart.\n", name);
return false;
}
}
{
if (get_conf()->asn1_mem != asn1_mem)
{
- ErrorMessage("Snort Reload: Changing the asn1 memory configuration "
+ ReloadError("Snort Reload: Changing the asn1 memory configuration "
"requires a restart.\n");
return false;
}
if ( bpf_filter != get_conf()->bpf_filter )
{
- ErrorMessage("Snort Reload: Changing the bpf filter configuration "
+ ReloadError("Snort Reload: Changing the bpf filter configuration "
"requires a restart.\n");
return false;
}
if ( respond_attempts != get_conf()->respond_attempts ||
respond_device != get_conf()->respond_device )
{
- ErrorMessage("Snort Reload: Changing config response "
- "requires a restart.\n");
+ ReloadError("Snort Reload: Changing config response requires a restart.\n");
return false;
}
if (get_conf()->chroot_dir != chroot_dir)
{
- ErrorMessage("Snort Reload: Changing the chroot directory "
+ ReloadError("Snort Reload: Changing the chroot directory "
"configuration requires a restart.\n");
return false;
}
if ((get_conf()->run_flags & RUN_FLAG__DAEMON) !=
(run_flags & RUN_FLAG__DAEMON))
{
- ErrorMessage("Snort Reload: Changing to or from daemon mode "
+ ReloadError("Snort Reload: Changing to or from daemon mode "
"requires a restart.\n");
return false;
}
/* Orig log dir because a chroot might have changed it */
if (get_conf()->orig_log_dir != orig_log_dir)
{
- ErrorMessage("Snort Reload: Changing the log directory "
+ ReloadError("Snort Reload: Changing the log directory "
"configuration requires a restart.\n");
return false;
}
if (get_conf()->max_attribute_hosts != max_attribute_hosts)
{
- ErrorMessage("Snort Reload: Changing max_attribute_hosts "
+ ReloadError("Snort Reload: Changing max_attribute_hosts "
"configuration requires a restart.\n");
return false;
}
if (get_conf()->max_attribute_services_per_host != max_attribute_services_per_host)
{
- ErrorMessage("Snort Reload: Changing max_attribute_services_per_host "
+ ReloadError("Snort Reload: Changing max_attribute_services_per_host "
"configuration requires a restart.\n");
return false;
}
if ((get_conf()->run_flags & RUN_FLAG__NO_PROMISCUOUS) !=
(run_flags & RUN_FLAG__NO_PROMISCUOUS))
{
- ErrorMessage("Snort Reload: Changing to or from promiscuous mode "
+ ReloadError("Snort Reload: Changing to or from promiscuous mode "
"requires a restart.\n");
return false;
}
if (get_conf()->group_id != group_id)
{
- ErrorMessage("Snort Reload: Changing the group id "
- "configuration requires a restart.\n");
+ ReloadError("Snort Reload: Changing the group id configuration requires a restart.\n");
return false;
}
if (get_conf()->user_id != user_id)
{
- ErrorMessage("Snort Reload: Changing the user id "
- "configuration requires a restart.\n");
+ ReloadError("Snort Reload: Changing the user id configuration requires a restart.\n");
return false;
}
if (get_conf()->daq_config->mru_size != daq_config->mru_size)
{
- ErrorMessage("Snort Reload: Changing the packet snaplen "
+ ReloadError("Snort Reload: Changing the packet snaplen "
"configuration requires a restart.\n");
return false;
}
if (get_conf()->threshold_config->memcap !=
threshold_config->memcap)
{
- ErrorMessage("Snort Reload: Changing the threshold memcap "
+ ReloadError("Snort Reload: Changing the threshold memcap "
"configuration requires a restart.\n");
return false;
}
if (get_conf()->rate_filter_config->memcap !=
rate_filter_config->memcap)
{
- ErrorMessage("Snort Reload: Changing the rate filter memcap "
+ ReloadError("Snort Reload: Changing the rate filter memcap "
"configuration requires a restart.\n");
return false;
}
if (get_conf()->detection_filter_config->memcap !=
detection_filter_config->memcap)
{
- ErrorMessage("Snort Reload: Changing the detection filter memcap "
+ ReloadError("Snort Reload: Changing the detection filter memcap "
"configuration requires a restart.\n");
return false;
}
or saved_cfg.pruning_timeout != new_cfg.pruning_timeout
or saved_cfg.nominal_timeout != new_cfg.nominal_timeout )
{
- ParseError("Changing of %s requires a restart\n", name);
+ ReloadError("Changing of %s requires a restart\n", name);
ret = 1;
}
}
if ( saved_config.ip_cfg.max_sessions // saved config is valid
and config.footprint != saved_config.footprint )
{
- ParseError("Changing of stream.footprint requires a restart\n");
+ ReloadError("Changing of stream.footprint requires a restart\n");
issue_found++;
}
if ( issue_found == 0 )
projects / thirdparty / snort3.git / commitdiff
