return 0;
}
-int main_reload_module(lua_State* L)
-{
- const char* fname = nullptr;
-
- if ( L )
- {
- Lua::ManageStack(L, 1);
- if (lua_gettop(L) >= 1)
- fname = luaL_checkstring(L, 1);
- }
-
- ControlConn* ctrlcon = ControlConn::query_from_lua(L);
- if ( !fname or *fname == '\0' )
- {
- send_response(ctrlcon, "== module name required\n");
- return 0;
- }
-
- if ( !ReloadTracker::start(ctrlcon) )
- {
- send_response(ctrlcon, "== reload pending; retry\n");
- return 0;
- }
-
- send_response(ctrlcon, ".. reloading module\n");
-
- SnortConfig* old = SnortConfig::get_main_conf();
- SnortConfig* sc = Snort::get_updated_module(old, fname);
-
- if ( !sc )
- {
- ReloadTracker::failed(ctrlcon, "failed to update module");
- send_response(ctrlcon, "== reload failed\n");
- return 0;
- }
- SnortConfig::set_conf(sc);
- proc_stats.policy_reloads++;
-
- ReloadTracker::update(ctrlcon, "start swapping configuration ...");
- send_response(ctrlcon, ".. swapping module\n");
- main_broadcast_command(new ACSwap(new Swapper(old, sc), ctrlcon), ctrlcon);
-
- return 0;
-}
-
int main_reload_daq(lua_State* L)
{
ControlConn* ctrlcon = ControlConn::query_from_lua(L);
int main_rotate_stats(lua_State* = nullptr);
int main_reload_config(lua_State* = nullptr);
int main_reload_policy(lua_State* = nullptr);
-int main_reload_module(lua_State* = nullptr);
int main_reload_daq(lua_State* = nullptr);
int main_reload_hosts(lua_State* = nullptr);
int main_process(lua_State* = nullptr);
return sc;
}
-SnortConfig* Snort::get_updated_module(SnortConfig* other_conf, const char* name)
-{
- reloading = true;
-
- SnortConfig* sc = new SnortConfig(other_conf, name);
- sc->global_dbus->clone(*other_conf->global_dbus, name);
-
- if ( name )
- {
- reset_parse_errors();
- ModuleManager::reset_errors();
- ModuleManager::reload_module(name, sc);
- if ( ModuleManager::get_errors() || !sc->verify() )
- {
- sc->cloned = true;
- InspectorManager::update_policy(other_conf);
- delete sc;
- set_default_policy(other_conf);
- reloading = false;
- return nullptr;
- }
- }
-
- if ( !InspectorManager::configure(sc, true) )
- {
- sc->cloned = true;
- InspectorManager::update_policy(other_conf);
- delete sc;
- set_default_policy(other_conf);
- reloading = false;
- return nullptr;
- }
-
- InspectorManager::reconcile_inspectors(other_conf, sc, true);
- InspectorManager::prepare_inspectors(sc);
- InspectorManager::prepare_controls(sc);
-
- other_conf->cloned = true;
- InspectorManager::update_policy(sc);
- reloading = false;
- return sc;
-}
-
OopsHandlerSuspend::OopsHandlerSuspend()
{
remove_oops_handler();
static SnortConfig* get_reload_config(const char* fname, const char* plugin_path,
const SnortConfig* old);
static SnortConfig* get_updated_policy(SnortConfig*, const char* fname, const char* iname);
- static SnortConfig* get_updated_module(SnortConfig*, const char* name);
static void setup(int argc, char* argv[]);
static bool drop_privileges();
static void do_pidfile();
{ "rotate_stats", main_rotate_stats, nullptr, "roll perfmonitor log files" },
{ "reload_config", main_reload_config, s_reload_w_path, "load new configuration" },
{ "reload_policy", main_reload_policy, s_reload, "reload part or all of the default policy" },
- { "reload_module", main_reload_module, s_module, "reload module" },
{ "reload_daq", main_reload_daq, nullptr, "reload daq module" },
{ "reload_hosts", main_reload_hosts, s_reload, "load a new hosts table" },
cout << "no match" << endl;
}
-void ModuleManager::reload_module(const char* name, SnortConfig* sc)
-{
- ModHook* h = get_hook(name);
-
- // Most of the modules don't support yet reload_module.
- // This list contains the ones that do, and should be updated as
- // more modules support reload_module.
- const vector<string> supported_modules =
- {
- "dns_si", "firewall", "identity", "qos", "reputation", "url_si", "rt_network"
- };
- auto it = find(supported_modules.begin(), supported_modules.end(), name);
-
- // FIXIT-L: we can check that h->api is not null here or inside instantiate.
- // Both alternatives prevent crashing in instantiate(). However,
- // checking it here might be too aggressive, because we are also saying it
- // is an error. That makes the caller of this function
- // (get_updated_module()) discard other legitimate reload operations, e.g.
- // the newly read configuration. We should decide on this when proper
- // reload functionality gets implemented.
- if ( it != supported_modules.end() and h and h->api and h->mod and sc )
- {
- PluginManager::instantiate(h->api, h->mod, sc);
- s_errors += get_parse_errors();
- }
- else
- {
- cout << "Module " << name <<" doesn't exist or reload not implemented.";
- cout << endl;
- ++s_errors;
- }
-}
-
static bool selected(const Module* m, const char* pfx, bool exact)
{
if ( !pfx )
static void load_commands(Shell*);
static void load_rules(SnortConfig*);
static void set_config(SnortConfig*);
- static void reload_module(const char*, SnortConfig*);
static void reset_errors();
static unsigned get_errors();
projects / thirdparty / snort3.git / commitdiff
