unix-socket: add auto mode

When running in live mode, the new default 'auto' value of
unix-command.enabled causes unix-command to be activated. This
will allow users of live capture to benefit from the feature and
result in no side effect for user running in offline capture.

diff --git a/src/counters.c b/src/counters.c
index e40e225778d56072214ad3fec8aba286ea556501..494f3a8f300b2643a850b91e5464168779f3aa5c 100644 (file)
--- a/src/counters.c
+++ b/src/counters.c
@@ -244,10 +244,7 @@ static void StatsInitCtx(void)
 
         /* if the unix command socket is enabled we do the background
          * stats sync just in case someone runs 'dump-counters' */
-        int unix_socket = 0;
-        if (ConfGetBool("unix-command.enabled", &unix_socket) != 1)
-            unix_socket = 0;
-        if (unix_socket == 0) {
+        if (!ConfUnixSocketIsEnable()) {
             SCLogWarning(SC_WARN_NO_STATS_LOGGERS, "stats are enabled but no loggers are active");
             stats_enabled = FALSE;
             SCReturn;

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 9e54604149d932092ba060c3ca349b83c3f8bfa7..e108258d9c9938654600e7036e64e3fa9808f63b 100644 (file)
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -2090,8 +2090,7 @@ int DetectEngineMultiTenantSetup(void)
     enum DetectEngineTenantSelectors tenant_selector = TENANT_SELECTOR_UNKNOWN;
     DetectEngineMasterCtx *master = &g_master_de_ctx;
 
-    int unix_socket = 0;
-    (void)ConfGetBool("unix-command.enabled", &unix_socket);
+    int unix_socket = ConfUnixSocketIsEnable();
 
     int failure_fatal = 0;
     (void)ConfGetBool("engine.init-failure-fatal", &failure_fatal);

diff --git a/src/suricata.c b/src/suricata.c
index f23820551a4efea17edaf96963a6200eceba4963..3853d5bee05d455e9a8ff1d76f2bdb4d5f666b15 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2520,9 +2520,7 @@ int main(int argc, char **argv)
     /* In Unix socket runmode, Flow manager is started on demand */
     if (suri.run_mode != RUNMODE_UNIX_SOCKET) {
         /* Spawn the unix socket manager thread */
-        int unix_socket = 0;
-        if (ConfGetBool("unix-command.enabled", &unix_socket) != 1)
-            unix_socket = 0;
+        int unix_socket = ConfUnixSocketIsEnable();
         if (unix_socket == 1) {
             UnixManagerThreadSpawn(0);
 #ifdef BUILD_UNIX_SOCKET

diff --git a/src/util-conf.c b/src/util-conf.c
index 17f5edfe32aad88704ed96d89c3375cd1205319b..0c81178ec5c810b13d2dcc053ad94be2b916a25b 100644 (file)
--- a/src/util-conf.c
+++ b/src/util-conf.c
@@ -91,3 +91,31 @@ ConfNode *ConfFindDeviceConfig(ConfNode *node, const char *iface)
 
     return NULL;
 }
+
+int ConfUnixSocketIsEnable(void)
+{
+    char *value;
+
+    if (ConfGet("unix-command.enabled", &value) != 1) {
+        return 0;
+    }
+
+    if (!strcmp(value, "auto")) {
+#ifdef HAVE_LIBJANSSON
+#ifdef OS_WIN32
+        return 0;
+#else
+        if (TimeModeIsLive()) {
+            SCLogInfo("Running in live mode, activating unix socket");
+            return 1;
+        } else {
+            return 0;
+        }
+#endif
+#else
+        return 0;
+#endif
+    }
+
+    return ConfValIsTrue(value);
+}

diff --git a/src/util-conf.h b/src/util-conf.h
index 4f6399af8e1b53e09b16fb77cb47903346dc21cc..08727567f50723a161d2ec0f89d8dadb5dae9f4e 100644 (file)
--- a/src/util-conf.h
+++ b/src/util-conf.h
@@ -33,4 +33,6 @@ TmEcode ConfigCheckLogDirectory(char *log_dir);
 
 ConfNode *ConfFindDeviceConfig(ConfNode *node, const char *iface);
 
+int ConfUnixSocketIsEnable(void);
+
 #endif /* __UTIL_UTIL_CONF_H__ */

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 351261962770f4746bf056e802390b5664f6966f..7f4d075c119eac1b24bce5cde05ee03f4f3a772d 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -911,10 +911,11 @@ host-mode: auto
 # Unix command socket can be used to pass commands to suricata.
 # An external tool can then connect to get information from suricata
 # or trigger some modifications of the engine. Set enabled to yes
-# to activate the feature. You can use the filename variable to set
+# to activate the feature. In auto mode, the feature will only be
+# activated in live capture mode. You can use the filename variable to set
 # the file name of the socket.
 unix-command:
-  enabled: no
+  enabled: auto
   #filename: custom.socket
 
 # Magic file. The extension .mgc is added to the value here.