From: Victor Julien <victor@inliniac.net>
Date: Mon, 23 Nov 2015 13:05:21 +0000 (+0100)
Subject: multi-detect: handle missing mappings
X-Git-Tag: suricata-3.0RC1~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=906b95eed3cafcae4ebef1cbbc012e441948ce70;p=thirdparty%2Fsuricata.git

multi-detect: handle missing mappings

Notify/warn user about missing mappings depending on other settings
like unix socket and init errors fatal.
---

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 04aad76745..63c1dafb45 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -2045,8 +2045,12 @@ int DetectEngineReloadTenantBlocking(uint32_t tenant_id, const char *yaml, int r
  */
 void DetectEngineMultiTenantSetup(void)
 {
+    enum DetectEngineTenantSelectors tenant_selector = TENANT_SELECTOR_UNKNOWN;
     DetectEngineMasterCtx *master = &g_master_de_ctx;
 
+    int unix_socket = 0;
+    (void)ConfGetBool("unix-command.enabled", &unix_socket);
+
     int failure_fatal = 0;
     (void)ConfGetBool("engine.init-failure-fatal", &failure_fatal);
 
@@ -2066,7 +2070,7 @@ void DetectEngineMultiTenantSetup(void)
             SCLogInfo("multi-tenant selector type %s", handler);
 
             if (strcmp(handler, "vlan") == 0) {
-                master->tenant_selector = TENANT_SELECTOR_VLAN;
+                tenant_selector = master->tenant_selector = TENANT_SELECTOR_VLAN;
 
                 int vlanbool = 0;
                 if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
@@ -2077,7 +2081,7 @@ void DetectEngineMultiTenantSetup(void)
                 }
 
             } else if (strcmp(handler, "direct") == 0) {
-                master->tenant_selector = TENANT_SELECTOR_DIRECT;
+                tenant_selector = master->tenant_selector = TENANT_SELECTOR_DIRECT;
             } else {
                 SCLogError(SC_ERR_INVALID_VALUE, "unknown value %s "
                                                  "multi-detect.selector", handler);
@@ -2092,6 +2096,7 @@ void DetectEngineMultiTenantSetup(void)
         ConfNode *mappings_root_node = ConfGetNode("multi-detect.mappings");
         ConfNode *mapping_node = NULL;
 
+        int mapping_cnt = 0;
         if (mappings_root_node != NULL) {
             TAILQ_FOREACH(mapping_node, &mappings_root_node->head, next) {
                 if (strcmp(mapping_node->val, "vlan") == 0) {
@@ -2129,6 +2134,7 @@ void DetectEngineMultiTenantSetup(void)
                         goto error;
                     }
                     SCLogInfo("vlan %u connected to tenant-id %u", vlan_id, tenant_id);
+                    mapping_cnt++;
                 } else {
                     SCLogWarning(SC_ERR_INVALID_VALUE, "multi-detect.mappings expects a list of 'vlan's. Not %s", mapping_node->val);
                     goto bad_mapping;
@@ -2141,6 +2147,24 @@ void DetectEngineMultiTenantSetup(void)
             }
         }
 
+        if (tenant_selector == TENANT_SELECTOR_VLAN && mapping_cnt == 0) {
+            /* no mappings are valid when we're in unix socket mode,
+             * they can be added on the fly. Otherwise warn/error
+             * depending on failure_fatal */
+
+            if (unix_socket) {
+                SCLogNotice("no tenant traffic mappings defined, "
+                        "tenants won't be used until mappings are added");
+            } else {
+                if (failure_fatal)
+                    SCLogWarning(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined");
+                else {
+                    SCLogError(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined");
+                    goto error;
+                }
+            }
+        }
+
         /* tenants */
         ConfNode *tenants_root_node = ConfGetNode("multi-detect.tenants");
         ConfNode *tenant_node = NULL;
diff --git a/src/util-error.c b/src/util-error.c
index af266d334f..7f2caf00d2 100644
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -309,6 +309,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_IPPAIR_INIT);
         CASE_CODE (SC_ERR_MT_NO_SELECTOR);
         CASE_CODE (SC_ERR_MT_DUPLICATE_TENANT);
+        CASE_CODE (SC_ERR_MT_NO_MAPPING);
         CASE_CODE (SC_ERR_NO_JSON_SUPPORT);
         CASE_CODE (SC_ERR_INVALID_RULE_ARGUMENT);
     }
diff --git a/src/util-error.h b/src/util-error.h
index d0b2471567..cd2ce24927 100644
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -301,6 +301,7 @@ typedef enum {
     SC_ERR_NO_JSON_SUPPORT,
     SC_ERR_INVALID_RULE_ARGUMENT, /**< Generic error code for invalid
                                    * rule argument. */
+    SC_ERR_MT_NO_MAPPING,
 } SCError;
 
 const char *SCErrorToString(SCError);