From: Victor Julien <victor@inliniac.net>
Date: Mon, 23 Nov 2015 12:38:59 +0000 (+0100)
Subject: multi-detect: consider vlan tracking
X-Git-Tag: suricata-3.0RC1~11
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=27783f4c667262a7bbb6e962678ebaf0146e30d6;p=thirdparty%2Fsuricata.git

multi-detect: consider vlan tracking

Refuse to use vlan selector if vlan tracking is disabled.
---

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 585e3f7c9f..04aad76745 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -2067,6 +2067,15 @@ void DetectEngineMultiTenantSetup(void)
 
             if (strcmp(handler, "vlan") == 0) {
                 master->tenant_selector = TENANT_SELECTOR_VLAN;
+
+                int vlanbool = 0;
+                if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
+                    SCLogError(SC_ERR_INVALID_VALUE, "vlan tracking is disabled, "
+                            "can't use multi-detect selector 'vlan'");
+                    SCMutexUnlock(&master->lock);
+                    goto error;
+                }
+
             } else if (strcmp(handler, "direct") == 0) {
                 master->tenant_selector = TENANT_SELECTOR_DIRECT;
             } else {