From: Victor Julien Date: Thu, 19 Mar 2015 16:20:27 +0000 (+0100) Subject: detect-reload: enable unconditionally X-Git-Tag: suricata-2.1beta4~111 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1389%2Fhead;p=thirdparty%2Fsuricata.git detect-reload: enable unconditionally Reloading is available unconditionally now. --- diff --git a/src/detect.c b/src/detect.c index 53953d4f2a..ed4d132b4b 100644 --- a/src/detect.c +++ b/src/detect.c @@ -2718,9 +2718,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx) #ifdef HAVE_LUAJIT /* run this before the mpm states are initialized */ - if (DetectLuajitSetupStatesPool(de_ctx->detect_luajit_instances, - IsRuleReloadSet(TRUE)) - != 0) { + if (DetectLuajitSetupStatesPool(de_ctx->detect_luajit_instances, TRUE) != 0) { if (de_ctx->failure_fatal) return -1; } diff --git a/src/suricata.c b/src/suricata.c index c999611b2a..e4e3cb5ae1 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -276,11 +276,6 @@ static void SignalHandlerSigterm(/*@unused@*/ int sig) suricata_ctl_flags |= SURICATA_KILL; } -void SignalHandlerSigusr2Disabled(int sig) -{ - SCLogInfo("Live rule reload not enabled in config."); -} - void SignalHandlerSigusr2StartingUp(int sig) { SCLogInfo("Live rule reload only possible after engine completely started."); @@ -920,25 +915,6 @@ TmEcode LoadYamlConfig(char *conf_filename) SCReturnInt(TM_ECODE_OK); } -int IsRuleReloadSet(int quiet) -{ - int rule_reload = 0; - - ConfNode *denode = NULL; - ConfNode *decnf = ConfGetNode("detect-engine"); - if (decnf != NULL) { - TAILQ_FOREACH(denode, &decnf->head, next) { - if (strcmp(denode->val, "rule-reload") == 0) { - (void)ConfGetChildValueBool(denode, "rule-reload", &rule_reload); - if (!quiet) - SCLogInfo("Live rule reloads %s", - rule_reload ? "enabled" : "disabled"); - } - } - } - return rule_reload; -} - static TmEcode ParseInterfacesList(int run_mode, char *pcap_dev) { SCEnter(); @@ -2026,8 +2002,6 @@ static int PostConfLoadedSetup(SCInstance *suri) MpmCudaEnvironmentSetup(); #endif - suri->rule_reload = IsRuleReloadSet(FALSE); - switch (suri->checksum_validation) { case 0: ConfSet("stream.checksum-validation", "0"); @@ -2140,14 +2114,10 @@ static int PostConfLoadedSetup(SCInstance *suri) DetectEngineRegisterAppInspectionEngines(); - if (suri->rule_reload) { - if (suri->sig_file != NULL) - UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2SigFileStartup); - else - UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2StartingUp); - } else { - UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2Disabled); - } + if (suri->sig_file != NULL) + UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2SigFileStartup); + else + UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2StartingUp); StorageFinalize(); @@ -2375,7 +2345,7 @@ int main(int argc, char **argv) /* registering singal handlers we use. We register usr2 here, so that one * can't call it during the first sig load phase or while threads are still * starting up. */ - if (DetectEngineEnabled() && suri.sig_file == NULL && suri.rule_reload == 1 && + if (DetectEngineEnabled() && suri.sig_file == NULL && suri.delayed_detect == 0) UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2); @@ -2383,12 +2353,10 @@ int main(int argc, char **argv) /* force 'reload', this will load the rules and swap engines */ DetectEngineReload(NULL); - if (suri.rule_reload) { - if (suri.sig_file != NULL) - UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2SigFileStartup); - else - UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2); - } + if (suri.sig_file != NULL) + UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2SigFileStartup); + else + UtilSignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2); SCLogNotice("Signature(s) loaded, Detect thread(s) activated."); } diff --git a/src/suricata.h b/src/suricata.h index 573be0bb0a..12e72697a0 100644 --- a/src/suricata.h +++ b/src/suricata.h @@ -146,7 +146,6 @@ typedef struct SCInstance_ { uint32_t groupid; #endif /* OS_WIN32 */ int delayed_detect; - int rule_reload; int disabled_detect; int daemon; int offline; diff --git a/suricata.yaml.in b/suricata.yaml.in index 1681be5559..001d8e61f2 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -528,9 +528,6 @@ detect-engine: toserver-dp-groups: 25 - sgh-mpm-context: auto - inspection-recursion-limit: 3000 - # When rule-reload is enabled, sending a USR2 signal to the Suricata process - # will trigger a live rule reload. Experimental feature, use with care. - #- rule-reload: true # If set to yes, the loading of signatures will be made after the capture # is started. This will limit the downtime in IPS mode. #- delayed-detect: yes