From: Giuseppe Longo Date: Tue, 2 Aug 2016 14:09:41 +0000 (+0200) Subject: unix-manager: block live reload when -s/-S is specified X-Git-Tag: suricata-4.1.0-beta1~484 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7392a0780ac960f49d48c0272af4cd74fdc9ec6;p=thirdparty%2Fsuricata.git unix-manager: block live reload when -s/-S is specified Currently, when live reload is executed through unix-socket, suri prints in the console the following error message: "Live rule reload not possible if -s or -S option used at runtime." Instead, prints "done" in unix socket, when the live reload is not executed. --- diff --git a/src/suricata.c b/src/suricata.c index d978622a2d..339801d350 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -230,6 +230,14 @@ int g_disable_randomness = 0; int g_disable_randomness = 1; #endif +/** Suricata instance */ +SCInstance suricata; + +int SuriHasSigFile(void) +{ + return (suricata.sig_file != NULL); +} + int EngineModeIsIPS(void) { return (g_engine_mode == ENGINE_MODE_IPS); @@ -2801,8 +2809,7 @@ static void SuricataMainLoop(SCInstance *suri) int main(int argc, char **argv) { - SCInstance suri; - SCInstanceInit(&suri, argv[0]); + SCInstanceInit(&suricata, argv[0]); #ifdef HAVE_RUST SuricataContext context; @@ -2843,15 +2850,15 @@ int main(int argc, char **argv) /* Initialize the configuration module. */ ConfInit(); - if (ParseCommandLine(argc, argv, &suri) != TM_ECODE_OK) { + if (ParseCommandLine(argc, argv, &suricata) != TM_ECODE_OK) { exit(EXIT_FAILURE); } - if (FinalizeRunMode(&suri, argv) != TM_ECODE_OK) { + if (FinalizeRunMode(&suricata, argv) != TM_ECODE_OK) { exit(EXIT_FAILURE); } - switch (StartInternalRunMode(&suri, argc, argv)) { + switch (StartInternalRunMode(&suricata, argc, argv)) { case TM_ECODE_DONE: exit(EXIT_SUCCESS); case TM_ECODE_FAILED: @@ -2862,35 +2869,35 @@ int main(int argc, char **argv) GlobalsInitPreConfig(); /* Load yaml configuration file if provided. */ - if (LoadYamlConfig(&suri) != TM_ECODE_OK) { + if (LoadYamlConfig(&suricata) != TM_ECODE_OK) { exit(EXIT_FAILURE); } - if (suri.run_mode == RUNMODE_DUMP_CONFIG) { + if (suricata.run_mode == RUNMODE_DUMP_CONFIG) { ConfDump(); exit(EXIT_SUCCESS); } /* Since our config is now loaded we can finish configurating the * logging module. */ - SCLogLoadConfig(suri.daemon, suri.verbose); + SCLogLoadConfig(suricata.daemon, suricata.verbose); LogVersion(); UtilCpuPrintSummary(); - if (ParseInterfacesList(suri.run_mode, suri.pcap_dev) != TM_ECODE_OK) { + if (ParseInterfacesList(suricata.run_mode, suricata.pcap_dev) != TM_ECODE_OK) { exit(EXIT_FAILURE); } - if (PostConfLoadedSetup(&suri) != TM_ECODE_OK) { + if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) { exit(EXIT_FAILURE); } - PostConfLoadedDetectSetup(&suri); + PostConfLoadedDetectSetup(&suricata); - SCDropMainThreadCaps(suri.userid, suri.groupid); - PreRunPostPrivsDropInit(suri.run_mode); + SCDropMainThreadCaps(suricata.userid, suricata.groupid); + PreRunPostPrivsDropInit(suricata.run_mode); - if (suri.run_mode == RUNMODE_CONF_TEST){ + if (suricata.run_mode == RUNMODE_CONF_TEST){ SCLogNotice("Configuration provided was successfully loaded. Exiting."); #ifdef HAVE_MAGIC MagicDeinit(); @@ -2898,9 +2905,9 @@ int main(int argc, char **argv) exit(EXIT_SUCCESS); } - SCSetStartTime(&suri); - RunModeDispatch(suri.run_mode, suri.runmode_custom_mode); - if (suri.run_mode != RUNMODE_UNIX_SOCKET) { + SCSetStartTime(&suricata); + RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode); + if (suricata.run_mode != RUNMODE_UNIX_SOCKET) { UnixManagerThreadSpawnNonRunmode(); } @@ -2917,7 +2924,7 @@ int main(int argc, char **argv) /* Un-pause all the paused threads */ TmThreadContinueThreads(); - PostRunStartedDetectSetup(&suri); + PostRunStartedDetectSetup(&suricata); #ifdef DBG_MEM_ALLOC SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem); @@ -2926,17 +2933,17 @@ int main(int argc, char **argv) #endif #endif - SuricataMainLoop(&suri); + SuricataMainLoop(&suricata); /* Update the engine stage/status flag */ (void) SC_ATOMIC_CAS(&engine_stage, SURICATA_RUNTIME, SURICATA_DEINIT); UnixSocketKillSocketThread(); - PostRunDeinit(suri.run_mode, &suri.start_time); + PostRunDeinit(suricata.run_mode, &suricata.start_time); /* kill remaining threads */ TmThreadKillThreads(); - GlobalsDestroy(&suri); + GlobalsDestroy(&suricata); exit(EXIT_SUCCESS); } diff --git a/src/suricata.h b/src/suricata.h index c580ba0dfd..65b1df4638 100644 --- a/src/suricata.h +++ b/src/suricata.h @@ -193,6 +193,8 @@ int RunmodeIsUnittests(void); int RunmodeGetCurrent(void); int IsRuleReloadSet(int quiet); +int SuriHasSigFile(void); + extern int run_mode; void PreRunInit(const int runmode); diff --git a/src/unix-manager.c b/src/unix-manager.c index 246ef86116..29f3e9f183 100644 --- a/src/unix-manager.c +++ b/src/unix-manager.c @@ -659,6 +659,14 @@ static TmEcode UnixManagerCaptureModeCommand(json_t *cmd, static TmEcode UnixManagerReloadRulesWrapper(json_t *cmd, json_t *server_msg, void *data, int do_wait) { SCEnter(); + + if (SuriHasSigFile()) { + json_object_set_new(server_msg, "message", + json_string("Live rule reload not possible if -s " + "or -S option used at runtime.")); + SCReturnInt(TM_ECODE_FAILED); + } + int r = DetectEngineReloadStart(); if (r == 0 && do_wait) {