unix socket: don't loose events when offline

https://redmine.openinfosecfoundation.org/issues/2215

Fixes issue with events being dropped since socket was non-blocking for
offline run modes.

Add a method for determining offline from run mode. Make sure SCInstance
offline is set correctly. Use current run mode to set socket flags.

diff --git a/src/runmodes.c b/src/runmodes.c
index b99d3e95e9cb250f897bd84af3e492aacc71a679..8b5c3ef03bb4ea2be739cd1aca953b5a507eac8f 100644 (file)
--- a/src/runmodes.c
+++ b/src/runmodes.c
@@ -484,6 +484,20 @@ int RunModeOutputFiledataEnabled(void)
     return filedata_logger_count > 0;
 }
 
+bool IsRunModeOffline(int run_mode_to_check)
+{
+    switch(run_mode_to_check) {
+        case RUNMODE_PCAP_FILE:
+        case RUNMODE_ERF_FILE:
+        case RUNMODE_ENGINE_ANALYSIS:
+        case RUNMODE_UNIX_SOCKET:
+            return true;
+            break;
+        default:
+            return false;
+    }
+}
+
 /**
  * Cleanup the run mode.
  */

diff --git a/src/runmodes.h b/src/runmodes.h
index 2a38fb50244efb4bab42d2ec5f9cde81f519ed66..da0091e4115721374973729e057e3b191fa37d9d 100644 (file)
--- a/src/runmodes.h
+++ b/src/runmodes.h
@@ -88,6 +88,8 @@ void RunModeShutDown(void);
 int RunModeOutputFileEnabled(void);
 /* bool indicating if filedata logger is enabled */
 int RunModeOutputFiledataEnabled(void);
+/** bool indicating if run mode is offline */
+bool IsRunModeOffline(int run_mode_to_check);
 
 #include "runmode-pcap.h"
 #include "runmode-pcap-file.h"

diff --git a/src/suricata.c b/src/suricata.c
index c85c8eb8645c3bc7d6d49fca8145452a9c07d8b4..d73492129e06e3869fabc4840f25f8ccec221e92 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -203,9 +203,6 @@ volatile uint8_t suricata_ctl_flags = 0;
 /** Run mode selected */
 int run_mode = RUNMODE_UNKNOWN;
 
-/** Is this an offline run mode. */
-int run_mode_offline = 0;
-
 /** Engine mode: inline (ENGINE_MODE_IPS) or just
   * detection mode (ENGINE_MODE_IDS by default) */
 static enum EngineMode g_engine_mode = ENGINE_MODE_IDS;
@@ -2108,6 +2105,8 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
     if (engine_analysis)
         suri->run_mode = RUNMODE_ENGINE_ANALYSIS;
 
+    suri->offline = IsRunModeOffline(suri->run_mode);
+
     ret = SetBpfString(optind, argv);
     if (ret != TM_ECODE_OK)
         return ret;
@@ -2373,11 +2372,6 @@ static int StartInternalRunMode(SCInstance *suri, int argc, char **argv)
 static int FinalizeRunMode(SCInstance *suri, char **argv)
 {
     switch (suri->run_mode) {
-        case RUNMODE_PCAP_FILE:
-        case RUNMODE_ERF_FILE:
-        case RUNMODE_ENGINE_ANALYSIS:
-            suri->offline = 1;
-            break;
         case RUNMODE_UNKNOWN:
             PrintUsage(argv[0]);
             return TM_ECODE_FAILED;
@@ -2386,7 +2380,6 @@ static int FinalizeRunMode(SCInstance *suri, char **argv)
     }
     /* Set the global run mode and offline flag. */
     run_mode = suri->run_mode;
-    run_mode_offline = suri->offline;
 
     if (!CheckValidDaemonModes(suri->daemon, suri->run_mode)) {
         return TM_ECODE_FAILED;

diff --git a/src/suricata.h b/src/suricata.h
index dcb54b67fa2a8a0c1444281249fdf0c13d8977ad..cc38f5507bf9ecf547ab7c3cd8b94a678e28204c 100644 (file)
--- a/src/suricata.h
+++ b/src/suricata.h
@@ -194,7 +194,6 @@ int RunmodeGetCurrent(void);
 int IsRuleReloadSet(int quiet);
 
 extern int run_mode;
-extern int run_mode_offline;
 
 void PreRunInit(const int runmode);
 void PreRunPostPrivsDropInit(const int runmode);

diff --git a/src/util-logopenfile.c b/src/util-logopenfile.c
index 9424ac35756ce5dac117ac036479708c3c71d7c6..d9b1cc4e0a5294afda7f5955c9faa897ad88a161 100644 (file)
--- a/src/util-logopenfile.c
+++ b/src/util-logopenfile.c
@@ -526,7 +526,7 @@ SCConfLogOpenGeneric(ConfNode *conf,
 
 #ifdef BUILD_WITH_UNIXSOCKET
     /* If a socket and running live, do non-blocking writes. */
-    if (log_ctx->is_sock && run_mode_offline == 0) {
+    if (log_ctx->is_sock && !IsRunModeOffline(RunmodeGetCurrent())) {
         SCLogInfo("Setting logging socket of non-blocking in live mode.");
         log_ctx->send_flags |= MSG_DONTWAIT;
     }