unix-manager: block live reload when -s/-S is specified

Currently, when live reload is executed through
unix-socket, suri prints in the console the following
error message:
"Live rule reload not possible if -s or -S option used at runtime."

Instead, prints "done" in unix socket,
when the live reload is not executed.

diff --git a/src/suricata.c b/src/suricata.c
index d978622a2d1ae87b64de193a16004daa3c0caae0..339801d3500db3be4629eda6e7c2c096f6c44449 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -230,6 +230,14 @@ int g_disable_randomness = 0;
 int g_disable_randomness = 1;
 #endif
 
+/** Suricata instance */
+SCInstance suricata;
+
+int SuriHasSigFile(void)
+{
+    return (suricata.sig_file != NULL);
+}
+
 int EngineModeIsIPS(void)
 {
     return (g_engine_mode == ENGINE_MODE_IPS);
@@ -2801,8 +2809,7 @@ static void SuricataMainLoop(SCInstance *suri)
 
 int main(int argc, char **argv)
 {
-    SCInstance suri;
-    SCInstanceInit(&suri, argv[0]);
+    SCInstanceInit(&suricata, argv[0]);
 
 #ifdef HAVE_RUST
     SuricataContext context;
@@ -2843,15 +2850,15 @@ int main(int argc, char **argv)
     /* Initialize the configuration module. */
     ConfInit();
 
-    if (ParseCommandLine(argc, argv, &suri) != TM_ECODE_OK) {
+    if (ParseCommandLine(argc, argv, &suricata) != TM_ECODE_OK) {
         exit(EXIT_FAILURE);
     }
 
-    if (FinalizeRunMode(&suri, argv) != TM_ECODE_OK) {
+    if (FinalizeRunMode(&suricata, argv) != TM_ECODE_OK) {
         exit(EXIT_FAILURE);
     }
 
-    switch (StartInternalRunMode(&suri, argc, argv)) {
+    switch (StartInternalRunMode(&suricata, argc, argv)) {
         case TM_ECODE_DONE:
             exit(EXIT_SUCCESS);
         case TM_ECODE_FAILED:
@@ -2862,35 +2869,35 @@ int main(int argc, char **argv)
     GlobalsInitPreConfig();
 
     /* Load yaml configuration file if provided. */
-    if (LoadYamlConfig(&suri) != TM_ECODE_OK) {
+    if (LoadYamlConfig(&suricata) != TM_ECODE_OK) {
         exit(EXIT_FAILURE);
     }
 
-    if (suri.run_mode == RUNMODE_DUMP_CONFIG) {
+    if (suricata.run_mode == RUNMODE_DUMP_CONFIG) {
         ConfDump();
         exit(EXIT_SUCCESS);
     }
 
     /* Since our config is now loaded we can finish configurating the
      * logging module. */
-    SCLogLoadConfig(suri.daemon, suri.verbose);
+    SCLogLoadConfig(suricata.daemon, suricata.verbose);
 
     LogVersion();
     UtilCpuPrintSummary();
 
-    if (ParseInterfacesList(suri.run_mode, suri.pcap_dev) != TM_ECODE_OK) {
+    if (ParseInterfacesList(suricata.run_mode, suricata.pcap_dev) != TM_ECODE_OK) {
         exit(EXIT_FAILURE);
     }
 
-    if (PostConfLoadedSetup(&suri) != TM_ECODE_OK) {
+    if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) {
         exit(EXIT_FAILURE);
     }
-    PostConfLoadedDetectSetup(&suri);
+    PostConfLoadedDetectSetup(&suricata);
 
-    SCDropMainThreadCaps(suri.userid, suri.groupid);
-    PreRunPostPrivsDropInit(suri.run_mode);
+    SCDropMainThreadCaps(suricata.userid, suricata.groupid);
+    PreRunPostPrivsDropInit(suricata.run_mode);
 
-    if (suri.run_mode == RUNMODE_CONF_TEST){
+    if (suricata.run_mode == RUNMODE_CONF_TEST){
         SCLogNotice("Configuration provided was successfully loaded. Exiting.");
 #ifdef HAVE_MAGIC
         MagicDeinit();
@@ -2898,9 +2905,9 @@ int main(int argc, char **argv)
         exit(EXIT_SUCCESS);
     }
 
-    SCSetStartTime(&suri);
-    RunModeDispatch(suri.run_mode, suri.runmode_custom_mode);
-    if (suri.run_mode != RUNMODE_UNIX_SOCKET) {
+    SCSetStartTime(&suricata);
+    RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode);
+    if (suricata.run_mode != RUNMODE_UNIX_SOCKET) {
         UnixManagerThreadSpawnNonRunmode();
     }
 
@@ -2917,7 +2924,7 @@ int main(int argc, char **argv)
     /* Un-pause all the paused threads */
     TmThreadContinueThreads();
 
-    PostRunStartedDetectSetup(&suri);
+    PostRunStartedDetectSetup(&suricata);
 
 #ifdef DBG_MEM_ALLOC
     SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem);
@@ -2926,17 +2933,17 @@ int main(int argc, char **argv)
 #endif
 #endif
 
-    SuricataMainLoop(&suri);
+    SuricataMainLoop(&suricata);
 
     /* Update the engine stage/status flag */
     (void) SC_ATOMIC_CAS(&engine_stage, SURICATA_RUNTIME, SURICATA_DEINIT);
 
     UnixSocketKillSocketThread();
-    PostRunDeinit(suri.run_mode, &suri.start_time);
+    PostRunDeinit(suricata.run_mode, &suricata.start_time);
     /* kill remaining threads */
     TmThreadKillThreads();
 
-    GlobalsDestroy(&suri);
+    GlobalsDestroy(&suricata);
 
     exit(EXIT_SUCCESS);
 }

diff --git a/src/suricata.h b/src/suricata.h
index c580ba0dfdf1c8d4d0fe446d30bdaeb29874018e..65b1df46380e61fe1677445046a19c50e3ad5564 100644 (file)
--- a/src/suricata.h
+++ b/src/suricata.h
@@ -193,6 +193,8 @@ int RunmodeIsUnittests(void);
 int RunmodeGetCurrent(void);
 int IsRuleReloadSet(int quiet);
 
+int SuriHasSigFile(void);
+
 extern int run_mode;
 
 void PreRunInit(const int runmode);

diff --git a/src/unix-manager.c b/src/unix-manager.c
index 246ef861168563329568022df9248fba8baa9724..29f3e9f18392717546381307797a1f7e5b0ddb02 100644 (file)
--- a/src/unix-manager.c
+++ b/src/unix-manager.c
@@ -659,6 +659,14 @@ static TmEcode UnixManagerCaptureModeCommand(json_t *cmd,
 static TmEcode UnixManagerReloadRulesWrapper(json_t *cmd, json_t *server_msg, void *data, int do_wait)
 {
     SCEnter();
+
+    if (SuriHasSigFile()) {
+        json_object_set_new(server_msg, "message",
+                            json_string("Live rule reload not possible if -s "
+                                        "or -S option used at runtime."));
+        SCReturnInt(TM_ECODE_FAILED);
+    }
+
     int r = DetectEngineReloadStart();
 
     if (r == 0 && do_wait) {