If new ruleset requires any htp callbacks that aren't already set, don't load new ruleset; request user to restart suricata + disable setting fileinsepection flags unconditionally in main

src/app-layer-htp.c

@@ -96,14 +96,14 @@ static uint64_t htp_state_memcnt = 0;
 #endif
 
 /** part of the engine needs the request body (e.g. http_client_body keyword) */
-static uint8_t need_htp_request_body = 0;
+uint8_t need_htp_request_body = 0;
 /** part of the engine needs the request body multipart header (e.g. filename
  *  and / or fileext keywords) */
-static uint8_t need_htp_request_multipart_hdr = 0;
+uint8_t need_htp_request_multipart_hdr = 0;
 /** part of the engine needs the request file (e.g. log-file module) */
-static uint8_t need_htp_request_file = 0;
+uint8_t need_htp_request_file = 0;
 /** part of the engine needs the request body (e.g. file_data keyword) */
-static uint8_t need_htp_response_body = 0;
+uint8_t need_htp_response_body = 0;
 
 SCEnumCharMap http_decoder_event_table[ ] = {
     { "UNKNOWN_ERROR",

src/app-layer-htp.h

@@ -202,6 +202,16 @@ typedef struct HtpState_ {
     FileContainer *files_tc;
 } HtpState;
 
+/** part of the engine needs the request body (e.g. http_client_body keyword) */
+extern uint8_t need_htp_request_body;
+/** part of the engine needs the request body multipart header (e.g. filename
+ *  and / or fileext keywords) */
+extern uint8_t need_htp_request_multipart_hdr;
+/** part of the engine needs the request file (e.g. log-file module) */
+extern uint8_t need_htp_request_file;
+/** part of the engine needs the request body (e.g. file_data keyword) */
+extern uint8_t need_htp_response_body;
+
 void RegisterHTPParsers(void);
 void HTPParserRegisterTests(void);
 void HTPAtExitPrintStats(void);

src/detect-engine.c

@@ -29,6 +29,8 @@
 #include "conf.h"
 #include "conf-yaml-loader.h"
 
+#include "app-layer-htp.h"
+
 #include "detect-parse.h"
 #include "detect-engine-sigorder.h"
 
@@ -126,14 +128,33 @@ static void *DetectEngineLiveRuleSwap(void *arg)
     //if (MagicInit() != 0)
     //    exit(EXIT_FAILURE);
 
+    uint8_t local_need_htp_request_body = need_htp_request_body;
+    uint8_t local_need_htp_request_multipart_hdr = need_htp_request_multipart_hdr;
+    uint8_t local_need_htp_request_file = need_htp_request_file;
+    uint8_t local_need_htp_response_body = need_htp_response_body;
+
     if (SigLoadSignatures(de_ctx, NULL, FALSE) < 0) {
         SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.");
         if (de_ctx->failure_fatal)
             exit(EXIT_FAILURE);
     }
 
-    SCThresholdConfInitContext(de_ctx, NULL);
+    if (local_need_htp_request_body != need_htp_request_body ||
+        local_need_htp_request_multipart_hdr != need_htp_request_multipart_hdr ||
+        local_need_htp_request_file != need_htp_request_file ||
+        local_need_htp_response_body != need_htp_response_body) {
+        SCLogInfo("===== New ruleset requires enabling htp features that "
+                  "can't be enabled at runtime.  You will have to restart "
+                  "engine to load the new ruleset =====");
+        DetectEngineCtxFree(de_ctx);
+        SignalHandlerSetup(SIGUSR2, SignalHandlerSigusr2);
 
+        TmThreadsSetFlag(tv_local, THV_CLOSED);
+
+        pthread_exit(NULL);
+    }
+
+    SCThresholdConfInitContext(de_ctx, NULL);
 
     /* start the process of swapping detect threads ctxs */