ips: check for livedev.use-for-tracking

For the capture methods that support livedev and IPS, livedev.use-for-tracking is not supported. This setting causes major flow tracking issues, as both sides of a flow would be tracked in different flows. This patch disables the livedev.use-for-tracking setting if it is set to true. A warning will be issued. Ticket: #6726.
1 year ago · 08841f27ff
parent 2d625cd78e
commit 08841f27ff
1 changed files with 13 additions and 3 deletions
--- a/src/runmodes.c
+++ b/src/runmodes.c
@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2022 Open Information Security Foundation
+/* Copyright (C) 2007-2024 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
@ -70,6 +70,7 @@
 #include "counters.h"

 #include "suricata-plugin.h"
+#include "util-device.h"

 int debuglog_enabled = 0;
 bool threading_set_cpu_affinity = false;
@ -406,10 +407,19 @@ int RunModeEngineIsIPS(int capture_mode, const char *runmode, const char *captur
        return 0;
    }

+    int ips_enabled = 0;
    if (mode->RunModeIsIPSEnabled != NULL) {
-        return mode->RunModeIsIPSEnabled();
+        ips_enabled = mode->RunModeIsIPSEnabled();
+        if (ips_enabled == 1) {
+            extern uint16_t g_livedev_mask;
+            if (g_livedev_mask != 0 && LiveGetDeviceCount() > 0) {
+                SCLogWarning("disabling livedev.use-for-tracking with IPS mode. See ticket #6726.");
+                g_livedev_mask = 0;
+            }
+        }
    }
-    return 0;
+
+    return ips_enabled;
 }

 /**