From: Lukas Sismis Date: Wed, 3 May 2023 07:41:55 +0000 (+0200) Subject: runmodes: earlier evaluation of IPS mode X-Git-Tag: suricata-6.0.12~27 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c4bdf08de0dc1e67a7ab96b8bfd963ff6982cf3;p=thirdparty%2Fsuricata.git runmodes: earlier evaluation of IPS mode Move evaluation of engine runmode to an earlier phase so that dependend modules rely on properly configured engine runmode. Ticket: #5958 --- diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c index e15203b3c0..27a6bd26c2 100644 --- a/src/runmode-af-packet.c +++ b/src/runmode-af-packet.c @@ -702,7 +702,7 @@ static int AFPConfigGeThreadsCount(void *conf) int AFPRunModeIsIPS(void) { - int nlive = LiveGetDeviceCount(); + int nlive = LiveGetDeviceNameCount(); int ldev; ConfNode *if_root; ConfNode *if_default = NULL; @@ -719,7 +719,7 @@ int AFPRunModeIsIPS(void) if_default = ConfNodeLookupKeyValue(af_packet_node, "interface", "default"); for (ldev = 0; ldev < nlive; ldev++) { - const char *live_dev = LiveGetDeviceName(ldev); + const char *live_dev = LiveGetDeviceNameName(ldev); if (live_dev == NULL) { SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file"); return 0; @@ -751,7 +751,7 @@ int AFPRunModeIsIPS(void) "AF_PACKET using both IPS and TAP/IDS mode, this will not " "be allowed in Suricata 8 due to undefined behavior. See ticket #5588."); for (ldev = 0; ldev < nlive; ldev++) { - const char *live_dev = LiveGetDeviceName(ldev); + const char *live_dev = LiveGetDeviceNameName(ldev); if (live_dev == NULL) { SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file"); return 0; diff --git a/src/runmode-netmap.c b/src/runmode-netmap.c index 794a623d66..6746e77d48 100644 --- a/src/runmode-netmap.c +++ b/src/runmode-netmap.c @@ -360,7 +360,7 @@ static int NetmapConfigGeThreadsCount(void *conf) int NetmapRunModeIsIPS(void) { - int nlive = LiveGetDeviceCount(); + int nlive = LiveGetDeviceNameCount(); int ldev; ConfNode *if_root; ConfNode *if_default = NULL; @@ -377,7 +377,7 @@ int NetmapRunModeIsIPS(void) if_default = ConfNodeLookupKeyValue(netmap_node, "interface", "default"); for (ldev = 0; ldev < nlive; ldev++) { - const char *live_dev = LiveGetDeviceName(ldev); + const char *live_dev = LiveGetDeviceNameName(ldev); if (live_dev == NULL) { SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file"); return 0; @@ -409,7 +409,7 @@ int NetmapRunModeIsIPS(void) "Netmap using both IPS and TAP/IDS mode, this will not be " "allowed in Suricata 8 due to undefined behavior. See ticket #5588."); for (ldev = 0; ldev < nlive; ldev++) { - const char *live_dev = LiveGetDeviceName(ldev); + const char *live_dev = LiveGetDeviceNameName(ldev); if (live_dev == NULL) { SCLogError(SC_ERR_INVALID_VALUE, "Problem with config file"); return 0; diff --git a/src/suricata.c b/src/suricata.c index e7f6f72d9e..04eb3d400f 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -2453,10 +2453,8 @@ void PostConfLoadedDetectSetup(SCInstance *suri) } } -static int PostDeviceFinalizedSetup(SCInstance *suri) +static void RunModeEngineIsIPS(SCInstance *suri) { - SCEnter(); - #ifdef HAVE_AF_PACKET if (suri->run_mode == RUNMODE_AFP_DEV) { if (AFPRunModeIsIPS()) { @@ -2599,6 +2597,9 @@ int PostConfLoadedSetup(SCInstance *suri) MacSetRegisterFlowStorage(); + /* set engine mode if L2 IPS */ + RunModeEngineIsIPS(suri); + AppLayerSetup(); /* Suricata will use this umask if provided. By default it will use the @@ -2718,11 +2719,6 @@ int PostConfLoadedSetup(SCInstance *suri) LiveDeviceFinalize(); - /* set engine mode if L2 IPS */ - if (PostDeviceFinalizedSetup(suri) != TM_ECODE_OK) { - exit(EXIT_FAILURE); - } - /* hostmode depends on engine mode being set */ PostConfLoadedSetupHostMode();