stream.inline: add 'auto' mode

stream.inline YAML configuration variable now support the 'auto' value.
In this case, inline mode is activated for IPS running mode (NFQ and
IPFW) and is deactivated for IDS mode. This patch should fix bug #592.

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index f25379d0dac862e74a23e616ed568cc16b107c38..32f61b14ff7eb87359f9d43023f0878cb2d45979 100644 (file)
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -396,8 +396,20 @@ void StreamTcpInitConfig(char quiet)
 
     int inl = 0;
 
-    if (ConfGetBool("stream.inline", &inl) == 1) {
+
+    char *temp_stream_inline_str;
+    if (ConfGet("stream.inline", &temp_stream_inline_str) == 1) {
+        /* checking for "auto" and falling back to boolean to provide
+         * backward compatibility */
+        if (strcmp(temp_stream_inline_str, "auto") == 0) {
+            if (IS_ENGINE_MODE_IPS(engine_mode)) {
+                stream_inline = 1;
+            } else {
+                stream_inline = 0;
+            }
+        } else if (ConfGetBool("stream.inline", &inl) == 1) {
             stream_inline = inl;
+        }
     }
 
     if (!quiet) {

diff --git a/suricata.yaml.in b/suricata.yaml.in
index d68075cd852abe7ee257a86d9c12ab23f3c085ae..57e93e3323d2ede57192bbf116d5fea5ec9567ee 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -570,7 +570,7 @@ flow-timeouts:
 stream:
   memcap: 32mb
   checksum-validation: yes      # reject wrong csums
-  inline: no                    # no inline mode
+  inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
   reassembly:
     memcap: 64mb
     depth: 1mb                  # reassemble 1mb into a stream