From: Eric Leblond Date: Fri, 13 Sep 2013 10:21:04 +0000 (+0200) Subject: Introduce host-mode. X-Git-Tag: suricata-2.0beta2~260 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6cf7da30e2321740c94e6c43aa7ecb1f92f71043;p=thirdparty%2Fsuricata.git Introduce host-mode. This variable can be used to indicate to suricata that the host running is running as a router or is in sniffing only mode. This will used at least to determine which interfaces are used to send reject message. --- diff --git a/src/suricata.c b/src/suricata.c index b44ed960f1..b2219eb5ff 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -187,6 +187,10 @@ int run_mode = RUNMODE_UNKNOWN; * detection mode (ENGINE_MODE_IDS by default) */ uint8_t engine_mode = ENGINE_MODE_IDS; +/** Host mode: set if box is sniffing only + * or is a router */ +uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY; + /** Maximum packets to simultaneously process. */ intmax_t max_pending_packets; @@ -1673,6 +1677,7 @@ static int FinalizeRunMode(SCInstance *suri, char **argv) /* Set the global run mode */ run_mode = suri->run_mode; + return TM_ECODE_OK; } @@ -1759,6 +1764,43 @@ static int ConfigGetCaptureValue(SCInstance *suri) return TM_ECODE_OK; } +/** + * This function is meant to contain code that needs + * to be run once the configuration has been loaded. + */ +static int PostConfLoadedSetup(SCInstance *suri) +{ + char *hostmode = NULL; + + if (ConfGet("host-mode", &hostmode) == 1) { + if (!strcmp(hostmode, "router")) { + host_mode = SURI_HOST_IS_ROUTER; + } else if (!strcmp(hostmode, "sniffer-only")) { + host_mode = SURI_HOST_IS_SNIFFER_ONLY; + } else { + if (strcmp(hostmode, "auto")) { + WarnInvalidConfEntry("host-mode", "%s", "auto"); + } + if (IS_ENGINE_MODE_IPS(engine_mode)) { + host_mode = SURI_HOST_IS_ROUTER; + } else { + host_mode = SURI_HOST_IS_SNIFFER_ONLY; + } + } + } else { + if (IS_ENGINE_MODE_IPS(engine_mode)) { + host_mode = SURI_HOST_IS_ROUTER; + SCLogInfo("No 'host-mode': suricata in IPS mode, so" + "automatic setting to 'router'"); + } else { + host_mode = SURI_HOST_IS_SNIFFER_ONLY; + SCLogInfo("No 'host-mode': suricata in IDS mode, so" + "automatic setting to 'sniffer-only'"); + } + } + return TM_ECODE_OK; +} + int main(int argc, char **argv) { @@ -1873,6 +1915,11 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } + + if (PostConfLoadedSetup(&suri) != TM_ECODE_OK) { + exit(EXIT_FAILURE); + } + #ifdef NFQ if (suri.run_mode == RUNMODE_NFQ) NFQInitConfig(FALSE); diff --git a/src/suricata.h b/src/suricata.h index 92bc1804e1..d6b02411ed 100644 --- a/src/suricata.h +++ b/src/suricata.h @@ -115,6 +115,15 @@ enum { #define IS_ENGINE_MODE_IPS(engine_mode) ((engine_mode) == ENGINE_MODE_IPS) #define IS_ENGINE_MODE_IDS(engine_mode) ((engine_mode) == ENGINE_MODE_IDS) +/* Box is acting as router */ +enum { + SURI_HOST_IS_SNIFFER_ONLY, + SURI_HOST_IS_ROUTER, +}; + +#define IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) ((host_mode) == SURI_HOST_IS_SNIFFER_ONLY) +#define IS_SURI_HOST_MODE_ROUTER(host_mode) ((host_mode) == SURI_HOST_IS_ROUTER) + /* queue's between various other threads * XXX move to the TmQueue structure later */ diff --git a/suricata.yaml.in b/suricata.yaml.in index af24486c25..4f038917bb 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -32,6 +32,12 @@ # #autofp-scheduler: active-packets +# If suricata box is a router for the sniffed networks, set it to 'router'. If +# it is a pure sniffing setup, set it to 'sniffer-only'. +# If set to auto, the variable is internally switch to 'router' in IPS mode +# and 'sniffer-only' in IDS mode. +host-mode: auto + # Run suricata as user and group. #run-as: # user: suri