Introduce host-mode.

This variable can be used to indicate to suricata that the host running is running as a router or is in sniffing only mode. This will used at least to determine which interfaces are used to send reject message.
12 years ago · 6cf7da30e2
parent d8cb821875
commit 6cf7da30e2
3 changed files with 62 additions and 0 deletions
--- a/src/suricata.c
+++ b/src/suricata.c
@ -187,6 +187,10 @@ int run_mode = RUNMODE_UNKNOWN;
  * detection mode (ENGINE_MODE_IDS by default) */
 uint8_t engine_mode = ENGINE_MODE_IDS;

+/** Host mode: set if box is sniffing only
+ * or is a router */
+uint8_t host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+
 /** Maximum packets to simultaneously process. */
 intmax_t max_pending_packets;

@ -1673,6 +1677,7 @@ static int FinalizeRunMode(SCInstance *suri, char **argv)
    /* Set the global run mode */
    run_mode = suri->run_mode;

+
    return TM_ECODE_OK;
 }

@ -1759,6 +1764,43 @@ static int ConfigGetCaptureValue(SCInstance *suri)

    return TM_ECODE_OK;
 }
+/**
+ * This function is meant to contain code that needs
+ * to be run once the configuration has been loaded.
+ */
+static int PostConfLoadedSetup(SCInstance *suri)
+{
+    char *hostmode = NULL;
+
+    if (ConfGet("host-mode", &hostmode) == 1) {
+        if (!strcmp(hostmode, "router")) {
+            host_mode = SURI_HOST_IS_ROUTER;
+        } else if (!strcmp(hostmode, "sniffer-only")) {
+            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+        } else {
+            if (strcmp(hostmode, "auto")) {
+                WarnInvalidConfEntry("host-mode", "%s", "auto");
+            }
+            if (IS_ENGINE_MODE_IPS(engine_mode)) {
+                host_mode = SURI_HOST_IS_ROUTER;
+            } else {
+                host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+            }
+        }
+    } else {
+        if (IS_ENGINE_MODE_IPS(engine_mode)) {
+            host_mode = SURI_HOST_IS_ROUTER;
+            SCLogInfo("No 'host-mode': suricata in IPS mode, so"
+                      "automatic setting to 'router'");
+        } else {
+            host_mode = SURI_HOST_IS_SNIFFER_ONLY;
+            SCLogInfo("No 'host-mode': suricata in IDS mode, so"
+                      "automatic setting to 'sniffer-only'");
+        }
+    }
+    return TM_ECODE_OK;
+}
+

 int main(int argc, char **argv)
 {
@ -1873,6 +1915,11 @@ int main(int argc, char **argv)
        exit(EXIT_FAILURE);
    }

+
+    if (PostConfLoadedSetup(&suri) != TM_ECODE_OK) {
+        exit(EXIT_FAILURE);
+    }
+
 #ifdef NFQ
    if (suri.run_mode == RUNMODE_NFQ)
        NFQInitConfig(FALSE);
--- a/src/suricata.h
+++ b/src/suricata.h
@ -115,6 +115,15 @@ enum {
 #define IS_ENGINE_MODE_IPS(engine_mode)  ((engine_mode) == ENGINE_MODE_IPS)
 #define IS_ENGINE_MODE_IDS(engine_mode)  ((engine_mode) == ENGINE_MODE_IDS)

+/* Box is acting as router */
+enum {
+    SURI_HOST_IS_SNIFFER_ONLY,
+    SURI_HOST_IS_ROUTER,
+};
+
+#define IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode)  ((host_mode) == SURI_HOST_IS_SNIFFER_ONLY)
+#define IS_SURI_HOST_MODE_ROUTER(host_mode)  ((host_mode) == SURI_HOST_IS_ROUTER)
+
 /* queue's between various other threads
 * XXX move to the TmQueue structure later
 */
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -32,6 +32,12 @@
 #
 #autofp-scheduler: active-packets

+# If suricata box is a router for the sniffed networks, set it to 'router'. If
+# it is a pure sniffing setup, set it to 'sniffer-only'.
+# If set to auto, the variable is internally switch to 'router' in IPS mode
+# and 'sniffer-only' in IDS mode.
+host-mode: auto
+
 # Run suricata as user and group.
 #run-as:
 #  user: suri