From: Eric Leblond Date: Tue, 31 May 2016 13:02:12 +0000 (+0200) Subject: unix-socket: add auto mode X-Git-Tag: suricata-3.2beta1~340 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f2d1e93e653c9498d810b189d5c106f25f4e08c9;p=thirdparty%2Fsuricata.git unix-socket: add auto mode When running in live mode, the new default 'auto' value of unix-command.enabled causes unix-command to be activated. This will allow users of live capture to benefit from the feature and result in no side effect for user running in offline capture. --- diff --git a/src/counters.c b/src/counters.c index e40e225778..494f3a8f30 100644 --- a/src/counters.c +++ b/src/counters.c @@ -244,10 +244,7 @@ static void StatsInitCtx(void) /* if the unix command socket is enabled we do the background * stats sync just in case someone runs 'dump-counters' */ - int unix_socket = 0; - if (ConfGetBool("unix-command.enabled", &unix_socket) != 1) - unix_socket = 0; - if (unix_socket == 0) { + if (!ConfUnixSocketIsEnable()) { SCLogWarning(SC_WARN_NO_STATS_LOGGERS, "stats are enabled but no loggers are active"); stats_enabled = FALSE; SCReturn; diff --git a/src/detect-engine.c b/src/detect-engine.c index 9e54604149..e108258d9c 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2090,8 +2090,7 @@ int DetectEngineMultiTenantSetup(void) enum DetectEngineTenantSelectors tenant_selector = TENANT_SELECTOR_UNKNOWN; DetectEngineMasterCtx *master = &g_master_de_ctx; - int unix_socket = 0; - (void)ConfGetBool("unix-command.enabled", &unix_socket); + int unix_socket = ConfUnixSocketIsEnable(); int failure_fatal = 0; (void)ConfGetBool("engine.init-failure-fatal", &failure_fatal); diff --git a/src/suricata.c b/src/suricata.c index f23820551a..3853d5bee0 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -2520,9 +2520,7 @@ int main(int argc, char **argv) /* In Unix socket runmode, Flow manager is started on demand */ if (suri.run_mode != RUNMODE_UNIX_SOCKET) { /* Spawn the unix socket manager thread */ - int unix_socket = 0; - if (ConfGetBool("unix-command.enabled", &unix_socket) != 1) - unix_socket = 0; + int unix_socket = ConfUnixSocketIsEnable(); if (unix_socket == 1) { UnixManagerThreadSpawn(0); #ifdef BUILD_UNIX_SOCKET diff --git a/src/util-conf.c b/src/util-conf.c index 17f5edfe32..0c81178ec5 100644 --- a/src/util-conf.c +++ b/src/util-conf.c @@ -91,3 +91,31 @@ ConfNode *ConfFindDeviceConfig(ConfNode *node, const char *iface) return NULL; } + +int ConfUnixSocketIsEnable(void) +{ + char *value; + + if (ConfGet("unix-command.enabled", &value) != 1) { + return 0; + } + + if (!strcmp(value, "auto")) { +#ifdef HAVE_LIBJANSSON +#ifdef OS_WIN32 + return 0; +#else + if (TimeModeIsLive()) { + SCLogInfo("Running in live mode, activating unix socket"); + return 1; + } else { + return 0; + } +#endif +#else + return 0; +#endif + } + + return ConfValIsTrue(value); +} diff --git a/src/util-conf.h b/src/util-conf.h index 4f6399af8e..08727567f5 100644 --- a/src/util-conf.h +++ b/src/util-conf.h @@ -33,4 +33,6 @@ TmEcode ConfigCheckLogDirectory(char *log_dir); ConfNode *ConfFindDeviceConfig(ConfNode *node, const char *iface); +int ConfUnixSocketIsEnable(void); + #endif /* __UTIL_UTIL_CONF_H__ */ diff --git a/suricata.yaml.in b/suricata.yaml.in index 3512619627..7f4d075c11 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -911,10 +911,11 @@ host-mode: auto # Unix command socket can be used to pass commands to suricata. # An external tool can then connect to get information from suricata # or trigger some modifications of the engine. Set enabled to yes -# to activate the feature. You can use the filename variable to set +# to activate the feature. In auto mode, the feature will only be +# activated in live capture mode. You can use the filename variable to set # the file name of the socket. unix-command: - enabled: no + enabled: auto #filename: custom.socket # Magic file. The extension .mgc is added to the value here.