ips: set host mode only after engine mode

Make sure it is set after the final engine mode update.
7 years ago · 3d4d2ecc0e
parent 0a106fe2ea
commit 3d4d2ecc0e
1 changed files with 37 additions and 29 deletions
--- a/src/suricata.c
+++ b/src/suricata.c
@ -2633,14 +2633,45 @@ static int PostDeviceFinalizedSetup(SCInstance *suri)
    SCReturnInt(TM_ECODE_OK);
 }

+static void PostConfLoadedSetupHostMode(void)
+{
+    const char *hostmode = NULL;
+
+    if (ConfGetValue("host-mode", &hostmode) == 1) {
+        if (!strcmp(hostmode, "router")) {
+            host_mode = SURI_HOST_IS_ROUTER;
+        } else if (!strcmp(hostmode, "sniffer-only")) {
+            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+        } else {
+            if (strcmp(hostmode, "auto") != 0) {
+                WarnInvalidConfEntry("host-mode", "%s", "auto");
+            }
+            if (EngineModeIsIPS()) {
+                host_mode = SURI_HOST_IS_ROUTER;
+            } else {
+                host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+            }
+        }
+    } else {
+        if (EngineModeIsIPS()) {
+            host_mode = SURI_HOST_IS_ROUTER;
+            SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
+                      "default setting 'router'");
+        } else {
+            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+            SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
+                      "default setting 'sniffer-only'");
+        }
+    }
+
+}
+
 /**
 * This function is meant to contain code that needs
 * to be run once the configuration has been loaded.
 */
 static int PostConfLoadedSetup(SCInstance *suri)
 {
-    const char *hostmode = NULL;
-
    /* do this as early as possible #1577 #1955 */
 #ifdef HAVE_LUAJIT
    if (LuajitSetupStatesPool() != 0) {
@ -2716,33 +2747,6 @@ static int PostConfLoadedSetup(SCInstance *suri)
        SCReturnInt(TM_ECODE_FAILED);
    }

-    if (ConfGetValue("host-mode", &hostmode) == 1) {
-        if (!strcmp(hostmode, "router")) {
-            host_mode = SURI_HOST_IS_ROUTER;
-        } else if (!strcmp(hostmode, "sniffer-only")) {
-            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
-        } else {
-            if (strcmp(hostmode, "auto") != 0) {
-                WarnInvalidConfEntry("host-mode", "%s", "auto");
-            }
-            if (EngineModeIsIPS()) {
-                host_mode = SURI_HOST_IS_ROUTER;
-            } else {
-                host_mode = SURI_HOST_IS_SNIFFER_ONLY;
-            }
-        }
-    } else {
-        if (EngineModeIsIPS()) {
-            host_mode = SURI_HOST_IS_ROUTER;
-            SCLogInfo("No 'host-mode': suricata is in IPS mode, using "
-                      "default setting 'router'");
-        } else {
-            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
-            SCLogInfo("No 'host-mode': suricata is in IDS mode, using "
-                      "default setting 'sniffer-only'");
-        }
-    }
-
 #ifdef NFQ
    if (suri->run_mode == RUNMODE_NFQ)
        NFQInitConfig(FALSE);
@ -2829,10 +2833,14 @@ static int PostConfLoadedSetup(SCInstance *suri)

    LiveDeviceFinalize();

+    /* set engine mode if L2 IPS */
    if (PostDeviceFinalizedSetup(&suricata) != TM_ECODE_OK) {
        exit(EXIT_FAILURE);
    }

+    /* hostmode depends on engine mode being set */
+    PostConfLoadedSetupHostMode();
+
    PreRunInit(suri->run_mode);

    SCReturnInt(TM_ECODE_OK);