From: Jason Ish <jason.ish@oisf.net>
Date: Thu, 25 Feb 2021 17:16:28 +0000 (-0600)
Subject: unix-socket: reset to ready state on startup
X-Git-Tag: suricata-5.0.7~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4bf3f88a420cddcfc4417f4eb5f592792906cab5;p=thirdparty%2Fsuricata.git

unix-socket: reset to ready state on startup

As part of commit ea15282f47c6ff781533e3a063f9c903dd6f1afb,
some initialization was moved to happen even in unix socket mode,
however, this initialization does setup some loggers that can only have
one instance enabled (anomaly, drop, file-store).

This will cause these loggers to error out on the first pcap, but work
on subsequent runs of the pcap as some deinitialization is done after
each pcap.

This fix just runs the post pcap-file deinitialization routine to
reset some of the initialization done on startup, like is done after
running each pcap in unix socket mode.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4225

Additionally this prevents alerts from being logged two times
on the first run of a pcap through the unix socket:

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4434

(cherry picked from commit 488d5fb34284f7e5be760edeca7607209cfa4b5e)
---

diff --git a/src/suricata.c b/src/suricata.c
index 96d48ce0ff..4fc609f16a 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2330,8 +2330,14 @@ void PreRunPostPrivsDropInit(const int runmode)
     StatsSetupPostConfigPreOutput();
     RunModeInitializeOutputs();
 
-    if (runmode == RUNMODE_UNIX_SOCKET)
+    if (runmode == RUNMODE_UNIX_SOCKET) {
+        /* As the above did some necessary startup initialization, it
+         * also setup some outputs where only one is allowed, so
+         * deinitialize to the state that unix-mode does after every
+         * pcap. */
+        PostRunDeinit(RUNMODE_PCAP_FILE, NULL);
         return;
+    }
 
     StatsSetupPostConfigPostOutput();
 }