From: Lukas Sismis <lsismis@oisf.net>
Date: Wed, 3 May 2023 07:43:00 +0000 (+0200)
Subject: runmodes: introduce unknown engine runmode
X-Git-Tag: suricata-6.0.12~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a025070cc4b3f380ff2eb58c385be6feb507d0f7;p=thirdparty%2Fsuricata.git

runmodes: introduce unknown engine runmode

To prevent unset values of engine runmode,
this commit introduces unknown runmode which
can detect when engine runmode is being used
uninitialized.

Ticket: #6033
---

diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c
index bb548ff333..dfe1437ad4 100644
--- a/src/runmode-unittests.c
+++ b/src/runmode-unittests.c
@@ -228,6 +228,7 @@ void RunUnittests(int list_unittests, const char *regex_arg)
 #ifdef UNITTESTS
     /* Initializations for global vars, queues, etc (memsets, mutex init..) */
     GlobalsInitPreConfig();
+    EngineModeSetIDS();
 
 #ifdef HAVE_LUAJIT
     if (LuajitSetupStatesPool() != 0) {
diff --git a/src/suricata.c b/src/suricata.c
index 04eb3d400f..fac1ccdda8 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -54,6 +54,7 @@
 #include "util-device.h"
 #include "util-misc.h"
 #include "util-running-modes.h"
+#include "util-validate.h"
 
 #include "detect-engine.h"
 #include "detect-parse.h"
@@ -207,7 +208,7 @@ int run_mode = RUNMODE_UNKNOWN;
 
 /** Engine mode: inline (ENGINE_MODE_IPS) or just
   * detection mode (ENGINE_MODE_IDS by default) */
-static enum EngineMode g_engine_mode = ENGINE_MODE_IDS;
+static enum EngineMode g_engine_mode = ENGINE_MODE_UNKNOWN;
 
 /** Host mode: set if box is sniffing only
  * or is a router */
@@ -246,13 +247,20 @@ int SuriHasSigFile(void)
     return (suricata.sig_file != NULL);
 }
 
+int EngineModeIsUnknown(void)
+{
+    return (g_engine_mode == ENGINE_MODE_UNKNOWN);
+}
+
 int EngineModeIsIPS(void)
 {
+    DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
     return (g_engine_mode == ENGINE_MODE_IPS);
 }
 
 int EngineModeIsIDS(void)
 {
+    DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN);
     return (g_engine_mode == ENGINE_MODE_IDS);
 }
 
@@ -511,12 +519,6 @@ static void SetBpfStringFromFile(char *filename)
     FILE *fp = NULL;
     size_t nm = 0;
 
-    if (EngineModeIsIPS()) {
-                   FatalError(SC_ERR_FATAL,
-                              "BPF filter not available in IPS mode."
-                              " Use firewall filtering if possible.");
-    }
-
 #ifdef OS_WIN32
     if(_stat(filename, &st) != 0) {
 #else
@@ -2460,6 +2462,7 @@ static void RunModeEngineIsIPS(SCInstance *suri)
         if (AFPRunModeIsIPS()) {
             SCLogInfo("AF_PACKET: Setting IPS mode");
             EngineModeSetIPS();
+            return;
         }
     }
 #endif
@@ -2468,11 +2471,10 @@ static void RunModeEngineIsIPS(SCInstance *suri)
         if (NetmapRunModeIsIPS()) {
             SCLogInfo("Netmap: Setting IPS mode");
             EngineModeSetIPS();
+            return;
         }
     }
 #endif
-
-    SCReturnInt(TM_ECODE_OK);
 }
 
 static void PostConfLoadedSetupHostMode(void)
@@ -2600,6 +2602,11 @@ int PostConfLoadedSetup(SCInstance *suri)
     /* set engine mode if L2 IPS */
     RunModeEngineIsIPS(suri);
 
+    if (EngineModeIsUnknown()) { // if still uninitialized the set the default
+        SCLogInfo("Setting engine mode to IDS mode by default");
+        EngineModeSetIDS();
+    }
+
     AppLayerSetup();
 
     /* Suricata will use this umask if provided. By default it will use the
diff --git a/src/suricata.h b/src/suricata.h
index a8c1998835..8410fd7708 100644
--- a/src/suricata.h
+++ b/src/suricata.h
@@ -100,12 +100,14 @@ enum {
 
 /* Engine is acting as */
 enum EngineMode {
+    ENGINE_MODE_UNKNOWN,
     ENGINE_MODE_IDS,
     ENGINE_MODE_IPS,
 };
 
 void EngineModeSetIPS(void);
 void EngineModeSetIDS(void);
+int EngineModeIsUnknown(void);
 int EngineModeIsIPS(void);
 int EngineModeIsIDS(void);
 
diff --git a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c
index 8efe51eb6e..25a8620880 100644
--- a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c
+++ b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c
@@ -44,6 +44,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         }
         MpmTableSetup();
         SpmTableSetup();
+        EngineModeSetIDS();
         AppLayerProtoDetectSetup();
         AppLayerParserSetup();
         AppLayerParserRegisterProtocolParsers();
diff --git a/src/tests/fuzz/fuzz_siginit.c b/src/tests/fuzz/fuzz_siginit.c
index 0fb46d9040..e649eb070d 100644
--- a/src/tests/fuzz/fuzz_siginit.c
+++ b/src/tests/fuzz/fuzz_siginit.c
@@ -26,6 +26,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         run_mode = RUNMODE_UNITTEST;
         MpmTableSetup();
         SpmTableSetup();
+        EngineModeSetIDS();
         SigTableSetup();
         SCReferenceConfInit();
         SCClassConfInit();