From: Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>
Date: Fri, 9 Feb 2024 15:45:35 +0000 (+0000)
Subject: Pull request #4184: appid: log error message instead of fatal error if appid stats... 
X-Git-Tag: 3.1.81.0~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=793f60eb4a80b5a32472ebe1d902f6d546cdeb24;p=thirdparty%2Fsnort3.git

Pull request #4184: appid: log error message instead of fatal error if appid stats logfile is not accessible

Merge in SNORT/snort3 from ~SATHIRKA/snort3:appid_stats_fatalerr_fix to master

Squashed commit of the following:

commit c1e4352680234f9dcd5e7a2a9747798fe45983d7
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Mon Jan 29 14:39:14 2024 -0500

    appid: log error message instead of fatal error if appid stats logfile is not accessible
---

diff --git a/src/log/log.cc b/src/log/log.cc
index 1ce93e4a6..47b4cd083 100644
--- a/src/log/log.cc
+++ b/src/log/log.cc
@@ -68,7 +68,7 @@ void CreateTCPFlagString(const tcp::TCPHdr* const tcph, char* flagBuffer)
  * Returns: file handle
  *
  ***************************************************************************/
-FILE* OpenAlertFile(const char* filearg)
+FILE* OpenAlertFile(const char* filearg, bool is_critical)
 {
     FILE* file;
 
@@ -80,8 +80,10 @@ FILE* OpenAlertFile(const char* filearg)
 
     if ((file = fopen(filename, "a")) == nullptr)
     {
-        FatalError("OpenAlertFile() => fopen() alert file %s: %s\n",
-            filename, get_error(errno));
+        if (is_critical)
+            FatalError("OpenAlertFile() => fopen() alert file %s: %s\n", filename, get_error(errno));
+        else
+            ErrorMessage("OpenAlertFile() => fopen() alert file %s: %s\n", filename, get_error(errno));
     }
     else
         setvbuf(file, (char*)nullptr, _IOLBF, (size_t)0);
diff --git a/src/log/log.h b/src/log/log.h
index 54de25fba..8fbd38f14 100644
--- a/src/log/log.h
+++ b/src/log/log.h
@@ -33,7 +33,7 @@ struct Packet;
 SO_PUBLIC void CreateTCPFlagString(const tcp::TCPHdr* const, char*);
 }
 
-FILE* OpenAlertFile(const char*);
+FILE* OpenAlertFile(const char*, bool is_critical=true);
 int RollAlertFile(const char*);
 
 void OpenLogger();
diff --git a/src/log/text_log.cc b/src/log/text_log.cc
index a0c0b574d..d71146adc 100644
--- a/src/log/text_log.cc
+++ b/src/log/text_log.cc
@@ -67,7 +67,7 @@ struct TextLog
  * TextLog_Open/Close: open/close associated log file
  *-------------------------------------------------------------------
  */
-static FILE* TextLog_Open(const char* name)
+static FILE* TextLog_Open(const char* name, bool is_critical=true)
 {
     if ( name && !strcasecmp(name, "stdout") )
     {
@@ -79,7 +79,7 @@ static FILE* TextLog_Open(const char* name)
 #endif
     }
 
-    return OpenAlertFile(name);
+    return OpenAlertFile(name, is_critical);
 }
 
 static void TextLog_Close(FILE* file)
@@ -116,7 +116,7 @@ void TextLog_Reset(TextLog* const txt)
  *-------------------------------------------------------------------
  */
 TextLog* TextLog_Init(
-    const char* name, unsigned int maxBuf, size_t maxFile)
+    const char* name, unsigned int maxBuf, size_t maxFile, bool is_critical)
 {
     TextLog* txt;
 
@@ -126,7 +126,14 @@ TextLog* TextLog_Init(
     txt = (TextLog*)snort_alloc(sizeof(TextLog)+maxBuf);
 
     txt->name = name ? snort_strdup(name) : nullptr;
-    txt->file = TextLog_Open(txt->name);
+    txt->file = TextLog_Open(txt->name, is_critical);
+    if (!txt->file)
+    {
+        if ( txt->name )
+            snort_free(txt->name);
+        snort_free(txt);
+        return nullptr;
+    }
     txt->size = TextLog_Size(txt->file);
     txt->last = time(nullptr);
     txt->maxFile = maxFile;
diff --git a/src/log/text_log.h b/src/log/text_log.h
index 079cd558e..1f3010dd2 100644
--- a/src/log/text_log.h
+++ b/src/log/text_log.h
@@ -49,7 +49,7 @@ struct TextLog;
 namespace snort
 {
 SO_PUBLIC TextLog* TextLog_Init(
-    const char* name, unsigned int maxBuf = 0, size_t maxFile = 0);
+    const char* name, unsigned int maxBuf = 0, size_t maxFile = 0, bool is_critical=true);
 SO_PUBLIC void TextLog_Term(TextLog*);
 
 SO_PUBLIC bool TextLog_Putc(TextLog* const, char);
diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc
index aaca7171b..ec6e3a134 100644
--- a/src/network_inspectors/appid/appid_stats.cc
+++ b/src/network_inspectors/appid/appid_stats.cc
@@ -89,12 +89,14 @@ StatsBucket* AppIdStatistics::get_stats_bucket(time_t start_time)
 
 void AppIdStatistics::open_stats_log_file()
 {
-    log = TextLog_Init(appid_stats_filename, 4096, roll_size);
+    log = TextLog_Init(appid_stats_filename, 4096, roll_size, false);
+    if (!log)
+        log_err = true;
 }
 
 void AppIdStatistics::dump_statistics()
 {
-    if ( !log_buckets )
+    if ( !log_buckets or log_err )
         return;
 
     if ( !log )
@@ -104,6 +106,11 @@ void AppIdStatistics::dump_statistics()
 
     while ((bucket = (struct StatsBucket*)sflist_remove_head(log_buckets)) != nullptr)
     {
+        if (log_err)
+        {
+            delete bucket;
+            continue;
+        }
         if ( bucket->app_record_cnt )
         {
             for (auto& it : bucket->apps_tree)
diff --git a/src/network_inspectors/appid/appid_stats.h b/src/network_inspectors/appid/appid_stats.h
index ca8b44a0e..4e6fc54d4 100644
--- a/src/network_inspectors/appid/appid_stats.h
+++ b/src/network_inspectors/appid/appid_stats.h
@@ -96,6 +96,7 @@ private:
     time_t bucket_interval = 0;
     time_t bucket_end = 0;
     size_t roll_size = 0;
+    bool log_err = false;
 };
 
 #endif