aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ips: set host mode only after engine mode

Browse Source 
Make sure it is set after the final engine mode update.
pull/3661/head
Victor Julien 7 years ago
parent 0a106fe2ea
commit 3d4d2ecc0e
1 changed files with 37 additions and 29 deletions
Show Stats Download Patch File Download Diff File

66
src/suricata.c
Unescape Escape View File

@ -2633,14 +2633,45 @@ static int PostDeviceFinalizedSetup(SCInstance *suri)
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);
} }
static void PostConfLoadedSetupHostMode(void)
{
const char *hostmode = NULL;
if (ConfGetValue("host-mode", &hostmode) == 1) {
if (!strcmp(hostmode, "router")) {
host_mode = SURI_HOST_IS_ROUTER;
} else if (!strcmp(hostmode, "sniffer-only")) {
host_mode = SURI_HOST_IS_SNIFFER_ONLY;
} else {
if (strcmp(hostmode, "auto") != 0) {
WarnInvalidConfEntry("host-mode", "%s", "auto");
}
if (EngineModeIsIPS()) {
host_mode = SURI_HOST_IS_ROUTER;
} else {
host_mode = SURI_HOST_IS_SNIFFER_ONLY;
}
}
} else {
if (EngineModeIsIPS()) {
host_mode = SURI_HOST_IS_ROUTER;
SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
"default setting 'router'");
} else {
host_mode = SURI_HOST_IS_SNIFFER_ONLY;
SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
"default setting 'sniffer-only'");
}
}
}
/** /**
* This function is meant to contain code that needs * This function is meant to contain code that needs
* to be run once the configuration has been loaded. * to be run once the configuration has been loaded.
*/ */
static int PostConfLoadedSetup(SCInstance *suri) static int PostConfLoadedSetup(SCInstance *suri)
{ {
const char *hostmode = NULL;
/* do this as early as possible #1577 #1955 */ /* do this as early as possible #1577 #1955 */
#ifdef HAVE_LUAJIT #ifdef HAVE_LUAJIT
if (LuajitSetupStatesPool() != 0) { if (LuajitSetupStatesPool() != 0) {
@ -2716,33 +2747,6 @@ static int PostConfLoadedSetup(SCInstance *suri)
SCReturnInt(TM_ECODE_FAILED); SCReturnInt(TM_ECODE_FAILED);
} }
if (ConfGetValue("host-mode", &hostmode) == 1) {
if (!strcmp(hostmode, "router")) {
host_mode = SURI_HOST_IS_ROUTER;
} else if (!strcmp(hostmode, "sniffer-only")) {
host_mode = SURI_HOST_IS_SNIFFER_ONLY;
} else {
if (strcmp(hostmode, "auto") != 0) {
WarnInvalidConfEntry("host-mode", "%s", "auto");
}
if (EngineModeIsIPS()) {
host_mode = SURI_HOST_IS_ROUTER;
} else {
host_mode = SURI_HOST_IS_SNIFFER_ONLY;
}
}
} else {
if (EngineModeIsIPS()) {
host_mode = SURI_HOST_IS_ROUTER;
SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
"default setting 'router'");
} else {
host_mode = SURI_HOST_IS_SNIFFER_ONLY;
SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
"default setting 'sniffer-only'");
}
}
#ifdef NFQ #ifdef NFQ
if (suri->run_mode == RUNMODE_NFQ) if (suri->run_mode == RUNMODE_NFQ)
NFQInitConfig(FALSE); NFQInitConfig(FALSE);
@ -2829,10 +2833,14 @@ static int PostConfLoadedSetup(SCInstance *suri)
LiveDeviceFinalize(); LiveDeviceFinalize();
/* set engine mode if L2 IPS */
if (PostDeviceFinalizedSetup(&suricata) != TM_ECODE_OK) { if (PostDeviceFinalizedSetup(&suricata) != TM_ECODE_OK) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
/* hostmode depends on engine mode being set */
PostConfLoadedSetupHostMode();
PreRunInit(suri->run_mode); PreRunInit(suri->run_mode);
SCReturnInt(TM_ECODE_OK); SCReturnInt(TM_ECODE_OK);

Write Preview
Loading…
Cancel
Save