aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

multi-tenant: allow reload w/o yaml path

Browse Source 
Store yaml path in de ctx, for reloads w/o path.

This allows for a simpler `reload-tenant N`, where the previously
used yaml is reloaded.
pull/9380/head
Victor Julien 2 years ago
parent 227caf1315
commit 6ba0956a75
5 changed files with 41 additions and 16 deletions
Show Stats Download Patch File Download Diff File

6
doc/userguide/partials/commands-sc.rst
Unescape Escape View File

@ -82,9 +82,11 @@
Register tenant with a particular ID and filename. Register tenant with a particular ID and filename.
.. describe:: reload-tenant <id> <filename> .. describe:: reload-tenant <id> [filename]
Reload a tenant with specified ID and filename. Reload a tenant with specified ID. A filename to a tenant yaml can be
specified. If it is omitted, the original yaml that was used to load
/ last reload the tenant is used.
.. describe:: unregister-tenant <id> .. describe:: unregister-tenant <id>

2
python/suricata/sc/specs.py
Unescape Escape View File

@ -116,7 +116,7 @@ argsd = {
}, },
{ {
"name": "filename", "name": "filename",
"required": 1, "required": 0,
}, },
], ],
"add-hostbit": [ "add-hostbit": [

19
src/detect-engine.c
Unescape Escape View File

@ -2661,6 +2661,10 @@ void DetectEngineCtxFree(DetectEngineCtx *de_ctx)
SCClassConfDeinit(de_ctx); SCClassConfDeinit(de_ctx);
SCReferenceConfDeinit(de_ctx); SCReferenceConfDeinit(de_ctx);
if (de_ctx->tenant_path) {
SCFree(de_ctx->tenant_path);
}
SCFree(de_ctx); SCFree(de_ctx);
//DetectAddressGroupPrintMemory(); //DetectAddressGroupPrintMemory();
//DetectSigGroupPrintMemory(); //DetectSigGroupPrintMemory();
@ -3844,6 +3848,11 @@ static int DetectEngineMultiTenantLoadTenant(uint32_t tenant_id, const char *fil
de_ctx->type = DETECT_ENGINE_TYPE_TENANT; de_ctx->type = DETECT_ENGINE_TYPE_TENANT;
de_ctx->tenant_id = tenant_id; de_ctx->tenant_id = tenant_id;
de_ctx->loader_id = loader_id; de_ctx->loader_id = loader_id;
de_ctx->tenant_path = SCStrdup(filename);
if (de_ctx->tenant_path == NULL) {
SCLogError("Failed to duplicate path");
goto error;
}
if (SigLoadSignatures(de_ctx, NULL, 0) < 0) { if (SigLoadSignatures(de_ctx, NULL, 0) < 0) {
SCLogError("Loading signatures failed."); SCLogError("Loading signatures failed.");
@ -3869,6 +3878,9 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
return -1; return -1;
} }
if (filename == NULL)
filename = old_de_ctx->tenant_path;
char prefix[64]; char prefix[64];
snprintf(prefix, sizeof(prefix), "multi-detect.%u.reload.%d", tenant_id, reload_cnt); snprintf(prefix, sizeof(prefix), "multi-detect.%u.reload.%d", tenant_id, reload_cnt);
reload_cnt++; reload_cnt++;
@ -3896,6 +3908,11 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
new_de_ctx->type = DETECT_ENGINE_TYPE_TENANT; new_de_ctx->type = DETECT_ENGINE_TYPE_TENANT;
new_de_ctx->tenant_id = tenant_id; new_de_ctx->tenant_id = tenant_id;
new_de_ctx->loader_id = old_de_ctx->loader_id; new_de_ctx->loader_id = old_de_ctx->loader_id;
new_de_ctx->tenant_path = SCStrdup(filename);
if (new_de_ctx->tenant_path == NULL) {
SCLogError("Failed to duplicate path");
goto error;
}
if (SigLoadSignatures(new_de_ctx, NULL, 0) < 0) { if (SigLoadSignatures(new_de_ctx, NULL, 0) < 0) {
SCLogError("Loading signatures failed."); SCLogError("Loading signatures failed.");
@ -3982,11 +3999,13 @@ static int DetectLoaderSetupReloadTenant(uint32_t tenant_id, const char *yaml, i
return -ENOMEM; return -ENOMEM;
t->tenant_id = tenant_id; t->tenant_id = tenant_id;
if (yaml != NULL) {
t->yaml = SCStrdup(yaml); t->yaml = SCStrdup(yaml);
if (t->yaml == NULL) { if (t->yaml == NULL) {
SCFree(t); SCFree(t);
return -ENOMEM; return -ENOMEM;
} }
}
t->reload_cnt = reload_cnt; t->reload_cnt = reload_cnt;
SCLogDebug("loader_id %d", loader_id); SCLogDebug("loader_id %d", loader_id);

2
src/detect.h
Unescape Escape View File

@ -1024,6 +1024,8 @@ typedef struct DetectEngineCtx_ {
/* --engine-analysis */ /* --engine-analysis */
struct EngineAnalysisCtx_ *ea; struct EngineAnalysisCtx_ *ea;
/* path to the tenant yaml for this engine */
char *tenant_path;
} DetectEngineCtx; } DetectEngineCtx;
/* Engine groups profiles (low, medium, high, custom) */ /* Engine groups profiles (low, medium, high, custom) */

4
src/runmode-unix-socket.c
Unescape Escape View File

@ -1072,7 +1072,7 @@ static int reload_cnt = 1;
*/ */
TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data) TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data)
{ {
const char *filename; const char *filename = NULL;
SCStat st; SCStat st;
if (!(DetectEngineMultiTenantEnabled())) { if (!(DetectEngineMultiTenantEnabled())) {
@ -1091,6 +1091,7 @@ TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data)
/* 2 get tenant yaml */ /* 2 get tenant yaml */
jarg = json_object_get(cmd, "filename"); jarg = json_object_get(cmd, "filename");
if (jarg) {
if (!json_is_string(jarg)) { if (!json_is_string(jarg)) {
json_object_set_new(answer, "message", json_string("command is not a string")); json_object_set_new(answer, "message", json_string("command is not a string"));
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
@ -1100,6 +1101,7 @@ TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data)
json_object_set_new(answer, "message", json_string("file does not exist")); json_object_set_new(answer, "message", json_string("file does not exist"));
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }
}
SCLogDebug("reload-tenant: %d %s", tenant_id, filename); SCLogDebug("reload-tenant: %d %s", tenant_id, filename);

Write Preview
Loading…
Cancel
Save