int i;
char timebuf[64];
int decoder_event = 0;
- extern uint8_t engine_mode;
CreateTimeString(&p->ts, timebuf, sizeof(timebuf));
}
char *action = "";
- if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
+ if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {
action = "[Drop] ";
} else if (pa->action & ACTION_DROP) {
action = "[wDrop] ";
#define DEFAULT_ALERT_SYSLOG_LEVEL LOG_ERR
#define MODULE_NAME "AlertSyslog"
-extern uint8_t engine_mode;
static int alert_syslog_level = DEFAULT_ALERT_SYSLOG_LEVEL;
typedef struct AlertSyslogThread_ {
PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
- if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
+ if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {
action = "[Drop] ";
} else if (pa->action & ACTION_DROP) {
action = "[wDrop] ";
PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
- if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
+ if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {
action = "[Drop] ";
} else if (pa->action & ACTION_DROP) {
action = "[wDrop] ";
continue;
}
- if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
+ if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {
action = "[Drop] ";
} else if (pa->action & ACTION_DROP) {
action = "[wDrop] ";
#include "runmodes.h"
-extern uint8_t engine_mode;
extern int rule_reload;
extern int engine_analysis;
uint32_t http_buf2_len = sizeof(http_buf1) - 1;
/* Set the engine mode to IPS */
- SET_ENGINE_MODE_IPS(engine_mode);
+ EngineModeSetIPS();
TcpSession ssn;
Packet *p1 = NULL;
UTHFreePackets(&p2, 1);
/* Restore mode to IDS */
- SET_ENGINE_MODE_IDS(engine_mode);
+ EngineModeSetIDS();
return result;
}
* \retval bool TRUE or FALSE
*/
static int LogDropCondition(ThreadVars *tv, const Packet *p) {
- extern uint8_t engine_mode;
- if (!IS_ENGINE_MODE_IPS(engine_mode)) {
+ if (!EngineModeIsIPS()) {
SCLogDebug("engine is not running in inline mode, so returning");
return FALSE;
}
int LogDropLogTest01()
{
int result = 0;
- extern uint8_t engine_mode;
- SET_ENGINE_MODE_IPS(engine_mode);
+ EngineModeSetIPS();
uint8_t *buf = (uint8_t *) "GET /one/ HTTP/1.1\r\n"
"Host: one.example.org\r\n";
DetectEngineCtxFree(de_ctx);
UTHFreePackets(&p, 1);
+ EngineModeSetIDS();
return result;
}
int LogDropLogTest02()
{
int result = 0;
- extern uint8_t engine_mode;
- SET_ENGINE_MODE_IPS(engine_mode);
+ EngineModeSetIPS();
uint8_t *buf = (uint8_t *) "GET";
DetectEngineCtxFree(de_ctx);
UTHFreePackets(&p, 1);
+
+ EngineModeSetIDS();
return result;
}
#ifdef HAVE_LIBJANSSON
-extern int engine_mode;
-
typedef struct JsonAlertLogThread_ {
/** LogFileCtx has the pointer to the file and a mutex to allow multithreading */
LogFileCtx* file_ctx;
char *action = "allowed";
if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
action = "blocked";
- } else if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
+ } else if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {
action = "blocked";
}
char *action = "allowed";
if (pa->action & (ACTION_REJECT|ACTION_REJECT_DST|ACTION_REJECT_BOTH)) {
action = "blocked";
- } else if ((pa->action & ACTION_DROP) && IS_ENGINE_MODE_IPS(engine_mode)) {
+ } else if ((pa->action & ACTION_DROP) && EngineModeIsIPS()) {
action = "blocked";
}
* \retval bool TRUE or FALSE
*/
static int JsonDropLogCondition(ThreadVars *tv, const Packet *p) {
- extern uint8_t engine_mode;
- if (!IS_ENGINE_MODE_IPS(engine_mode)) {
+ if (!EngineModeIsIPS()) {
SCLogDebug("engine is not running in inline mode, so returning");
return FALSE;
}
#define OUTPUT_BUFFER_SIZE 65535
-extern uint8_t engine_mode;
#ifndef OS_WIN32
static int alert_syslog_level = DEFAULT_ALERT_SYSLOG_LEVEL;
#endif /* OS_WIN32 */
static uint64_t ssn_pool_cnt = 0; /** counts ssns, protected by ssn_pool_mutex */
#endif
-extern uint8_t engine_mode;
-
SC_ATOMIC_DECLARE(uint64_t, st_memuse);
/* stream engine running in "inline" mode. */
/* checking for "auto" and falling back to boolean to provide
* backward compatibility */
if (strcmp(temp_stream_inline_str, "auto") == 0) {
- if (IS_ENGINE_MODE_IPS(engine_mode)) {
+ if (EngineModeIsIPS()) {
stream_inline = 1;
} else {
stream_inline = 0;
* \retval 0 if the stream still legal
*/
static inline int StreamTcpCheckFlowDrops(Packet *p) {
- extern uint8_t engine_mode;
/* If we are on IPS mode, and got a drop action triggered from
* the IP only module, or from a reassembled msg and/or from an
* applayer detection, then drop the rest of the packets of the
* same stream and avoid inspecting it any further */
- if (IS_ENGINE_MODE_IPS(engine_mode) && (p->flow->flags & FLOW_ACTION_DROP))
+ if (EngineModeIsIPS() && (p->flow->flags & FLOW_ACTION_DROP))
return 1;
return 0;
/** Engine mode: inline (ENGINE_MODE_IPS) or just
* detection mode (ENGINE_MODE_IDS by default) */
-uint8_t engine_mode = ENGINE_MODE_IDS;
+static enum EngineMode g_engine_mode = ENGINE_MODE_IDS;
/** Host mode: set if box is sniffing only
* or is a router */
char *conf_filename = NULL;
+int EngineModeIsIPS(void)
+{
+ return (g_engine_mode == ENGINE_MODE_IPS);
+}
+
+int EngineModeIsIDS(void)
+{
+ return (g_engine_mode == ENGINE_MODE_IDS);
+}
+
+void EngineModeSetIPS(void)
+{
+ g_engine_mode = ENGINE_MODE_IPS;
+}
+
+void EngineModeSetIDS(void)
+{
+ g_engine_mode = ENGINE_MODE_IDS;
+}
+
int RunmodeIsUnittests(void) {
if (run_mode == RUNMODE_UNITTEST)
return 1;
if (bpf_len == 0)
return TM_ECODE_OK;
- if (IS_ENGINE_MODE_IPS(engine_mode)) {
+ if (EngineModeIsIPS()) {
SCLogError(SC_ERR_NOT_SUPPORTED,
"BPF filter not available in IPS mode."
" Use firewall filtering if possible.");
FILE *fp = NULL;
size_t nm = 0;
- if (IS_ENGINE_MODE_IPS(engine_mode)) {
+ if (EngineModeIsIPS()) {
SCLogError(SC_ERR_NOT_SUPPORTED,
"BPF filter not available in IPS mode."
" Use firewall filtering if possible.");
#ifdef NFQ
if (suri->run_mode == RUNMODE_UNKNOWN) {
suri->run_mode = RUNMODE_NFQ;
- SET_ENGINE_MODE_IPS(engine_mode);
+ EngineModeSetIPS();
if (NFQRegisterQueue(optarg) == -1)
return TM_ECODE_FAILED;
} else if (suri->run_mode == RUNMODE_NFQ) {
#ifdef IPFW
if (suri->run_mode == RUNMODE_UNKNOWN) {
suri->run_mode = RUNMODE_IPFW;
- SET_ENGINE_MODE_IPS(engine_mode);
+ EngineModeSetIPS();
if (IPFWRegisterQueue(optarg) == -1)
return TM_ECODE_FAILED;
} else if (suri->run_mode == RUNMODE_IPFW) {
if (strcmp(hostmode, "auto") != 0) {
WarnInvalidConfEntry("host-mode", "%s", "auto");
}
- if (IS_ENGINE_MODE_IPS(engine_mode)) {
+ if (EngineModeIsIPS()) {
host_mode = SURI_HOST_IS_ROUTER;
} else {
host_mode = SURI_HOST_IS_SNIFFER_ONLY;
}
}
} else {
- if (IS_ENGINE_MODE_IPS(engine_mode)) {
+ if (EngineModeIsIPS()) {
host_mode = SURI_HOST_IS_ROUTER;
SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
"default setting 'router'");
/* By default use IDS mode, but if nfq or ipfw
* are specified, IPS mode will overwrite this */
- SET_ENGINE_MODE_IDS(engine_mode);
+ EngineModeSetIDS();
#ifdef OS_WIN32
};
/* Engine is acting as */
-enum {
+enum EngineMode {
ENGINE_MODE_IDS,
ENGINE_MODE_IPS,
};
-/** You can use this macros to set/check if we have real drop capabilities */
-#define SET_ENGINE_MODE_IPS(engine_mode) do { \
- (engine_mode) = ENGINE_MODE_IPS; \
- } while (0)
-#define SET_ENGINE_MODE_IDS(engine_mode) do { \
- (engine_mode) = ENGINE_MODE_IDS; \
- } while (0)
-#define IS_ENGINE_MODE_IPS(engine_mode) ((engine_mode) == ENGINE_MODE_IPS)
-#define IS_ENGINE_MODE_IDS(engine_mode) ((engine_mode) == ENGINE_MODE_IDS)
+void EngineModeSetIPS(void);
+void EngineModeSetIDS(void);
+int EngineModeIsIPS(void);
+int EngineModeIsIDS(void);
/* Box is acting as router */
enum {
projects / thirdparty / suricata.git / commitdiff
