"pcap-last-processed",
"pcap-interrupt",
"iface-list",
+ "reload-tenants",
]
self.fn_commands = [
"pcap-file",
return 0;
}
+static int DetectLoaderSetupReloadTenants(const int reload_cnt)
+{
+ int ret = 0;
+ DetectEngineMasterCtx *master = &g_master_de_ctx;
+ SCMutexLock(&master->lock);
+
+ DetectEngineCtx *de_ctx = master->list;
+ while (de_ctx) {
+ if (de_ctx->type == DETECT_ENGINE_TYPE_TENANT) {
+ TenantLoaderCtx *t = SCCalloc(1, sizeof(*t));
+ if (t == NULL) {
+ ret = -1;
+ goto error;
+ }
+ t->tenant_id = de_ctx->tenant_id;
+ t->reload_cnt = reload_cnt;
+ int loader_id = de_ctx->loader_id;
+
+ int r = DetectLoaderQueueTask(
+ loader_id, DetectLoaderFuncReloadTenant, t, DetectLoaderFreeTenant);
+ if (r < 0) {
+ ret = -2;
+ goto error;
+ }
+ }
+
+ de_ctx = de_ctx->next;
+ }
+error:
+ SCMutexUnlock(&master->lock);
+ return ret;
+}
+
static int DetectLoaderSetupReloadTenant(uint32_t tenant_id, const char *yaml, int reload_cnt)
{
DetectEngineCtx *old_de_ctx = DetectEngineGetByTenantId(tenant_id);
return 0;
}
+/** \brief Reload all tenants and wait for loading to complete
+ */
+int DetectEngineReloadTenantsBlocking(const int reload_cnt)
+{
+ int r = DetectLoaderSetupReloadTenants(reload_cnt);
+ if (r < 0)
+ return r;
+
+ if (DetectLoadersSync() != 0)
+ return -1;
+
+ return 0;
+}
+
static int DetectEngineMultiTenantSetupLoadLivedevMappings(const ConfNode *mappings_root_node,
bool failure_fatal)
{
int DetectEngineLoadTenantBlocking(uint32_t tenant_id, const char *yaml);
int DetectEngineReloadTenantBlocking(uint32_t tenant_id, const char *yaml, int reload_cnt);
+int DetectEngineReloadTenantsBlocking(const int reload_cnt);
int DetectEngineTenantRegisterLivedev(uint32_t tenant_id, int device_id);
int DetectEngineTenantRegisterVlanId(uint32_t tenant_id, uint16_t vlan_id);
return TM_ECODE_OK;
}
+/**
+ * \brief Command to reload all tenants
+ *
+ * \param cmd the content of command Arguments as a json_t object
+ * \param answer the json_t object that has to be used to answer
+ * \param data pointer to data defining the context here a PcapCommand::
+ */
+TmEcode UnixSocketReloadTenants(json_t *cmd, json_t *answer, void *data)
+{
+ if (!(DetectEngineMultiTenantEnabled())) {
+ SCLogInfo("error: multi-tenant support not enabled");
+ json_object_set_new(answer, "message", json_string("multi-tenant support not enabled"));
+ return TM_ECODE_FAILED;
+ }
+
+ if (DetectEngineReloadTenantsBlocking(reload_cnt) != 0) {
+ json_object_set_new(answer, "message", json_string("reload tenants failed"));
+ return TM_ECODE_FAILED;
+ }
+
+ reload_cnt++;
+
+ /* apply to the running system */
+ if (DetectEngineMTApply() < 0) {
+ json_object_set_new(answer, "message", json_string("couldn't apply settings"));
+ // TODO cleanup
+ return TM_ECODE_FAILED;
+ }
+
+ SCLogNotice("reload-tenants complete");
+
+ json_object_set_new(answer, "message", json_string("reloading tenants succeeded"));
+ return TM_ECODE_OK;
+}
+
/**
* \brief Command to remove a tenant
*
TmEcode UnixSocketUnregisterTenantHandler(json_t *cmd, json_t* answer, void *data);
TmEcode UnixSocketRegisterTenant(json_t *cmd, json_t* answer, void *data);
TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data);
+TmEcode UnixSocketReloadTenants(json_t *cmd, json_t *answer, void *data);
TmEcode UnixSocketUnregisterTenant(json_t *cmd, json_t* answer, void *data);
TmEcode UnixSocketHostbitAdd(json_t *cmd, json_t* answer, void *data);
TmEcode UnixSocketHostbitRemove(json_t *cmd, json_t* answer, void *data);
UnixManagerRegisterCommand("unregister-tenant-handler", UnixSocketUnregisterTenantHandler, &command, UNIX_CMD_TAKE_ARGS);
UnixManagerRegisterCommand("register-tenant", UnixSocketRegisterTenant, &command, UNIX_CMD_TAKE_ARGS);
UnixManagerRegisterCommand("reload-tenant", UnixSocketReloadTenant, &command, UNIX_CMD_TAKE_ARGS);
+ UnixManagerRegisterCommand("reload-tenants", UnixSocketReloadTenants, &command, 0);
UnixManagerRegisterCommand("unregister-tenant", UnixSocketUnregisterTenant, &command, UNIX_CMD_TAKE_ARGS);
UnixManagerRegisterCommand("add-hostbit", UnixSocketHostbitAdd, &command, UNIX_CMD_TAKE_ARGS);
UnixManagerRegisterCommand("remove-hostbit", UnixSocketHostbitRemove, &command, UNIX_CMD_TAKE_ARGS);
projects / thirdparty / suricata.git / commitdiff
