lib: opt-in signal handlers

Instead of enabling signal handlers by default, require the user of
the library to opt-in. This is done with the call to
SCEnableDefaultSignalHandlers, which sets a flag to add the default
signal handlers.

This seems like the least invasive way to do this at this time, but it
will require some re-thinking for 9.0, especially if migrate globals
to engine instances, signal handling will need to be re-thought.

Ticket: #6814

diff --git a/examples/lib/custom/main.c b/examples/lib/custom/main.c
index 200936cae06c39f3b8a5bb7e784921321a3ba100..0f0616690fd28b3a77eed7b8f2f7d101edaa1ccd 100644 (file)
--- a/examples/lib/custom/main.c
+++ b/examples/lib/custom/main.c
@@ -202,6 +202,12 @@ int main(int argc, char **argv)
         exit(EXIT_FAILURE);
     }
 
+    /* Enable default signal handlers including SIGHUP for log file rotation,
+     * and SIGUSR2 for reloading rules. This should be done with care by a
+     * library user as the application may already have signal handlers
+     * loaded. */
+    SCEnableDefaultSignalHandlers();
+
     /* Set "offline" runmode to replay a pcap in library mode. */
     if (!SCConfSetFromString("runmode=offline", 1)) {
         exit(EXIT_FAILURE);

diff --git a/examples/lib/simple/main.c b/examples/lib/simple/main.c
index f9c09fb0f55085e5ca147a7f6df3d8f96bbb4437..f8bead08c94b372f519d3d8027425c4c0e6a35e9 100644 (file)
--- a/examples/lib/simple/main.c
+++ b/examples/lib/simple/main.c
@@ -47,6 +47,9 @@ int main(int argc, char **argv)
         exit(EXIT_FAILURE);
     }
 
+    /* Enable default signal handlers just like Suricata. */
+    SCEnableDefaultSignalHandlers();
+
     SuricataInit();
     SuricataPostInit();
 

diff --git a/src/main.c b/src/main.c
index f9fcbf5e2c0445df13d3cc0e7f9425fc778dba76..86367c1ef1a6e10d8dfa0c6aa635d7a7f54e8837 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -49,6 +49,9 @@ int main(int argc, char **argv)
         exit(EXIT_FAILURE);
     }
 
+    /* Enable default signal handlers */
+    SCEnableDefaultSignalHandlers();
+
     /* Initialization tasks: apply configuration, drop privileges,
      * etc. */
     SuricataInit();

diff --git a/src/suricata.c b/src/suricata.c
index 57bbf17552bbae4fa78605c3b8cb593d9113169a..f7b62c9dd2cc068e8c2db5eae27eecf9ca67bea7 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -286,6 +286,11 @@ void SCRunmodeSet(SCRunMode run_mode)
     suricata.run_mode = run_mode;
 }
 
+void SCEnableDefaultSignalHandlers(void)
+{
+    suricata.install_signal_handlers = true;
+}
+
 /** signal handlers
  *
  *  WARNING: don't use the SCLog* API in the handlers. The API is complex
@@ -2870,8 +2875,10 @@ int PostConfLoadedSetup(SCInstance *suri)
     if (MayDaemonize(suri) != TM_ECODE_OK)
         SCReturnInt(TM_ECODE_FAILED);
 
-    if (InitSignalHandler(suri) != TM_ECODE_OK)
-        SCReturnInt(TM_ECODE_FAILED);
+    if (suri->install_signal_handlers) {
+        if (InitSignalHandler(suri) != TM_ECODE_OK)
+            SCReturnInt(TM_ECODE_FAILED);
+    }
 
     /* Check for the existence of the default logging directory which we pick
      * from suricata.yaml.  If not found, shut the engine down */

diff --git a/src/suricata.h b/src/suricata.h
index 5e1e72259c598b956548f2d668fa97e19b20dd88..6344e4ee7199737de783bf4d90a58dacd3573f36 100644 (file)
--- a/src/suricata.h
+++ b/src/suricata.h
@@ -160,6 +160,8 @@ typedef struct SCInstance_ {
     bool set_datadir;
     bool unix_socket_enabled;
 
+    bool install_signal_handlers; /**< Install default signal handlers */
+
     int delayed_detect;
     int disabled_detect;
     int daemon;
@@ -214,6 +216,11 @@ SCRunMode SCRunmodeGet(void);
  */
 void SCRunmodeSet(SCRunMode run_mode);
 
+/**
+ * \brief Enable default signal handlers.
+ */
+void SCEnableDefaultSignalHandlers(void);
+
 int SuriHasSigFile(void);
 
 void SuricataPreInit(const char *progname);