From f961d3bb950394bb7c60f220155b75d084da1601 Mon Sep 17 00:00:00 2001 From: Lukas Sismis Date: Fri, 31 Mar 2023 14:34:38 +0200 Subject: [PATCH] runmodes: introduce unknown engine mode Querying an engine mode with an unknown value signals a bug when the engine mode has not been determined but is already queried by other functions. Ticket: #5959 --- src/runmode-unittests.c | 1 + src/suricata.c | 14 +++++++++++++- src/suricata.h | 2 ++ src/tests/fuzz/fuzz_applayerprotodetectgetproto.c | 1 + src/tests/fuzz/fuzz_siginit.c | 1 + 5 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c index 41f2b13283..22571f3aa3 100644 --- a/src/runmode-unittests.c +++ b/src/runmode-unittests.c @@ -232,6 +232,7 @@ void RunUnittests(int list_unittests, const char *regex_arg) #ifdef UNITTESTS /* Initializations for global vars, queues, etc (memsets, mutex init..) */ GlobalsInitPreConfig(); + EngineModeSetIDS(); #ifdef HAVE_LUAJIT if (LuajitSetupStatesPool() != 0) { diff --git a/src/suricata.c b/src/suricata.c index f2127d1a2e..78c92e0ae7 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -169,7 +169,7 @@ int run_mode = RUNMODE_UNKNOWN; /** Engine mode: inline (ENGINE_MODE_IPS) or just * detection mode (ENGINE_MODE_IDS by default) */ -static enum EngineMode g_engine_mode = ENGINE_MODE_IDS; +static enum EngineMode g_engine_mode = ENGINE_MODE_UNKNOWN; /** Host mode: set if box is sniffing only * or is a router */ @@ -209,13 +209,20 @@ int SuriHasSigFile(void) return (suricata.sig_file != NULL); } +int EngineModeIsUnknown(void) +{ + return (g_engine_mode == ENGINE_MODE_UNKNOWN); +} + int EngineModeIsIPS(void) { + DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN); return (g_engine_mode == ENGINE_MODE_IPS); } int EngineModeIsIDS(void) { + DEBUG_VALIDATE_BUG_ON(g_engine_mode == ENGINE_MODE_UNKNOWN); return (g_engine_mode == ENGINE_MODE_IDS); } @@ -2676,6 +2683,11 @@ int PostConfLoadedSetup(SCInstance *suri) RunModeEngineIsIPS( suricata.run_mode, suricata.runmode_custom_mode, suricata.capture_plugin_name); + if (EngineModeIsUnknown()) { // if still uninitialized, set the default + SCLogInfo("Setting engine mode to IDS mode by default"); + EngineModeSetIDS(); + } + SetMasterExceptionPolicy(); AppLayerSetup(); diff --git a/src/suricata.h b/src/suricata.h index 20c31c8682..64805476fe 100644 --- a/src/suricata.h +++ b/src/suricata.h @@ -99,12 +99,14 @@ enum { /* Engine is acting as */ enum EngineMode { + ENGINE_MODE_UNKNOWN, ENGINE_MODE_IDS, ENGINE_MODE_IPS, }; void EngineModeSetIPS(void); void EngineModeSetIDS(void); +int EngineModeIsUnknown(void); int EngineModeIsIPS(void); int EngineModeIsIDS(void); diff --git a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c index 6106a5905e..8e2da4b27b 100644 --- a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c +++ b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c @@ -45,6 +45,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } MpmTableSetup(); SpmTableSetup(); + EngineModeSetIDS(); AppLayerProtoDetectSetup(); AppLayerParserSetup(); AppLayerParserRegisterProtocolParsers(); diff --git a/src/tests/fuzz/fuzz_siginit.c b/src/tests/fuzz/fuzz_siginit.c index 0fb46d9040..e649eb070d 100644 --- a/src/tests/fuzz/fuzz_siginit.c +++ b/src/tests/fuzz/fuzz_siginit.c @@ -26,6 +26,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) run_mode = RUNMODE_UNITTEST; MpmTableSetup(); SpmTableSetup(); + EngineModeSetIDS(); SigTableSetup(); SCReferenceConfInit(); SCClassConfInit(); -- 2.47.2