From: Anoop Saldanha Date: Fri, 22 Jun 2012 16:21:32 +0000 (+0530) Subject: If new ruleset requires any htp callbacks that aren't already set, don't load new... X-Git-Tag: suricata-1.3rc1~29 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fa46d7526fb416a17082e3da437cf9d23994a76;p=thirdparty%2Fsuricata.git If new ruleset requires any htp callbacks that aren't already set, don't load new ruleset; request user to restart suricata + disable setting fileinsepection flags unconditionally in main --- diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index d44a9f22e0..f5fdd76b59 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -96,14 +96,14 @@ static uint64_t htp_state_memcnt = 0; #endif /** part of the engine needs the request body (e.g. http_client_body keyword) */ -static uint8_t need_htp_request_body = 0; +uint8_t need_htp_request_body = 0; /** part of the engine needs the request body multipart header (e.g. filename * and / or fileext keywords) */ -static uint8_t need_htp_request_multipart_hdr = 0; +uint8_t need_htp_request_multipart_hdr = 0; /** part of the engine needs the request file (e.g. log-file module) */ -static uint8_t need_htp_request_file = 0; +uint8_t need_htp_request_file = 0; /** part of the engine needs the request body (e.g. file_data keyword) */ -static uint8_t need_htp_response_body = 0; +uint8_t need_htp_response_body = 0; SCEnumCharMap http_decoder_event_table[ ] = { { "UNKNOWN_ERROR", diff --git a/src/app-layer-htp.h b/src/app-layer-htp.h index 2579b9229a..24f3d4d631 100644 --- a/src/app-layer-htp.h +++ b/src/app-layer-htp.h @@ -202,6 +202,16 @@ typedef struct HtpState_ { FileContainer *files_tc; } HtpState; +/** part of the engine needs the request body (e.g. http_client_body keyword) */ +extern uint8_t need_htp_request_body; +/** part of the engine needs the request body multipart header (e.g. filename + * and / or fileext keywords) */ +extern uint8_t need_htp_request_multipart_hdr; +/** part of the engine needs the request file (e.g. log-file module) */ +extern uint8_t need_htp_request_file; +/** part of the engine needs the request body (e.g. file_data keyword) */ +extern uint8_t need_htp_response_body; + void RegisterHTPParsers(void); void HTPParserRegisterTests(void); void HTPAtExitPrintStats(void); diff --git a/src/detect-engine.c b/src/detect-engine.c index 06ae579323..3099b17b7e 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -29,6 +29,8 @@ #include "conf.h" #include "conf-yaml-loader.h" +#include "app-layer-htp.h" + #include "detect-parse.h" #include "detect-engine-sigorder.h" @@ -126,14 +128,33 @@ static void *DetectEngineLiveRuleSwap(void *arg) //if (MagicInit() != 0) // exit(EXIT_FAILURE); + uint8_t local_need_htp_request_body = need_htp_request_body; + uint8_t local_need_htp_request_multipart_hdr = need_htp_request_multipart_hdr; + uint8_t local_need_htp_request_file = need_htp_request_file; + uint8_t local_need_htp_response_body = need_htp_response_body; + if (SigLoadSignatures(de_ctx, NULL, FALSE) < 0) { SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed."); if (de_ctx->failure_fatal) exit(EXIT_FAILURE); } - SCThresholdConfInitContext(de_ctx, NULL); + if (local_need_htp_request_body != need_htp_request_body || + local_need_htp_request_multipart_hdr != need_htp_request_multipart_hdr || + local_need_htp_request_file != need_htp_request_file || + local_need_htp_response_body != need_htp_response_body) { + SCLogInfo("===== New ruleset requires enabling htp features that " + "can't be enabled at runtime. You will have to restart " + "engine to load the new ruleset ====="); + DetectEngineCtxFree(de_ctx); + SignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2); + TmThreadsSetFlag(tv_local, THV_CLOSED); + + pthread_exit(NULL); + } + + SCThresholdConfInitContext(de_ctx, NULL); /* start the process of swapping detect threads ctxs */