From b653479815175aa12377b4293f37b5476a437ff7 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 29 Jan 2015 14:39:01 +0100 Subject: [PATCH] detect: make multi tenancy a global switch At start up we will set this flag based on "multi-detect.enabled". --- src/detect-engine.c | 21 ++++++++++++++++++++- src/detect-engine.h | 2 ++ src/detect.h | 3 +++ src/runmode-unix-socket.c | 12 ++++++++++++ src/suricata.c | 1 + 5 files changed, 38 insertions(+), 1 deletion(-) diff --git a/src/detect-engine.c b/src/detect-engine.c index b83e5e6475..61c7409228 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -103,7 +103,7 @@ static DetectEngineThreadCtx *DetectEngineThreadCtxInitForReload( static uint8_t DetectEngineCtxLoadConf(DetectEngineCtx *); -static DetectEngineMasterCtx g_master_de_ctx = { SCMUTEX_INITIALIZER, NULL, NULL, }; +static DetectEngineMasterCtx g_master_de_ctx = { SCMUTEX_INITIALIZER, 0, NULL, NULL, }; static DetectEngineThreadCtx *DetectEngineThreadCtxInitForMT(ThreadVars *tv); @@ -1658,6 +1658,25 @@ DetectEngineCtx *DetectEngineReference(DetectEngineCtx *de_ctx) return de_ctx; } +/** TODO locking? Not needed if this is a one time setting at startup */ +int DetectEngineMultiTenantEnabled(void) +{ + DetectEngineMasterCtx *master = &g_master_de_ctx; + return (master->multi_tenant_enabled); +} + +void DetectEngineMultiTenantSetup(void) +{ + DetectEngineMasterCtx *master = &g_master_de_ctx; + int enabled = 0; + (void)ConfGetBool("multi-detect.enabled", &enabled); + if (enabled == 1) { + master->multi_tenant_enabled = 1; + } + SCLogInfo("multi-detect is %s (multi tenancy)", + master->multi_tenant_enabled ? "enabled" : "disabled"); +} + DetectEngineCtx *DetectEngineGetByTenantId(int tenant_id) { DetectEngineMasterCtx *master = &g_master_de_ctx; diff --git a/src/detect-engine.h b/src/detect-engine.h index 01c0b85876..70f5f1f758 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -78,6 +78,8 @@ void DetectEngineDeReference(DetectEngineCtx **de_ctx); int DetectEngineReload(const char *filename); int DetectEngineEnabled(void); int DetectEngineMTApply(void); +int DetectEngineMultiTenantEnabled(void); +void DetectEngineMultiTenantSetup(void); int DetectEngineReloadStart(void); int DetectEngineReloadIsStart(void); diff --git a/src/detect.h b/src/detect.h index 7cca9ffe26..7095eec82c 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1047,6 +1047,9 @@ typedef struct SigGroupHead_ { typedef struct DetectEngineMasterCtx_ { SCMutex lock; + /** enable multi tenant mode */ + int multi_tenant_enabled; + /** list of active detection engines. This list is used to generate the * threads det_ctx's */ DetectEngineCtx *list; diff --git a/src/runmode-unix-socket.c b/src/runmode-unix-socket.c index 2a0d651a2d..75ab1eed36 100644 --- a/src/runmode-unix-socket.c +++ b/src/runmode-unix-socket.c @@ -418,6 +418,12 @@ TmEcode UnixSocketRegisterTenant(json_t *cmd, json_t* answer, void *data) struct stat st; #endif /* OS_WIN32 */ + if (!(DetectEngineMultiTenantEnabled())) { + SCLogInfo("error: multi-tenant support not enabled"); + json_object_set_new(answer, "message", json_string("multi-tenant support not enabled")); + return TM_ECODE_FAILED; + } + /* 1 get tenant id */ json_t *jarg = json_object_get(cmd, "id"); if (!json_is_integer(jarg)) { @@ -498,6 +504,12 @@ TmEcode UnixSocketRegisterTenant(json_t *cmd, json_t* answer, void *data) */ TmEcode UnixSocketUnregisterTenant(json_t *cmd, json_t* answer, void *data) { + if (!(DetectEngineMultiTenantEnabled())) { + SCLogInfo("error: multi-tenant support not enabled"); + json_object_set_new(answer, "message", json_string("multi-tenant support not enabled")); + return TM_ECODE_FAILED; + } + /* 1 get tenant id */ json_t *jarg = json_object_get(cmd, "id"); if (!json_is_integer(jarg)) { diff --git a/src/suricata.c b/src/suricata.c index e571c796bc..7c661e1938 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -2270,6 +2270,7 @@ int main(int argc, char **argv) if (!suri.disabled_detect) { SCClassConfInit(); SCReferenceConfInit(); + DetectEngineMultiTenantSetup(); SetupDelayedDetect(&suri); if (!suri.delayed_detect) { de_ctx = DetectEngineCtxInit(); -- 2.47.2