From 7108085d33b2848f0eccd8c82244f671ed10e793 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Fri, 16 Jan 2015 17:46:16 +0100 Subject: [PATCH] detect: initialize detection engine by prefix Initalize detection engine by configuration prefix. DetectEngineCtxInitWithPrefix(const char *prefix) Takes the detection engine configuration from: . If prefix is NULL the regular config will be used. Update sure that DetectLoadCompleteSigPath considers the prefix when retrieving the configuration. --- src/detect-engine.c | 15 ++++++++++++--- src/detect-engine.h | 1 + src/detect-filemd5.c | 6 +++--- src/detect-lua.c | 6 +++--- src/detect.c | 21 +++++++++++++++++---- src/detect.h | 4 +++- 6 files changed, 39 insertions(+), 14 deletions(-) diff --git a/src/detect-engine.c b/src/detect-engine.c index e42e896174..688c419615 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -647,7 +647,7 @@ static int DetectEngineReloadThreads(DetectEngineCtx *new_de_ctx) return -1; } -static DetectEngineCtx *DetectEngineCtxInitReal(int minimal) +static DetectEngineCtx *DetectEngineCtxInitReal(int minimal, const char *prefix) { DetectEngineCtx *de_ctx; @@ -668,6 +668,10 @@ static DetectEngineCtx *DetectEngineCtxInitReal(int minimal) return de_ctx; } + if (prefix != NULL) { + strlcpy(de_ctx->config_prefix, prefix, sizeof(de_ctx->config_prefix)); + } + if (ConfGetBool("engine.init-failure-fatal", (int *)&(de_ctx->failure_fatal)) != 1) { SCLogDebug("ConfGetBool could not load the value."); } @@ -747,12 +751,17 @@ error: DetectEngineCtx *DetectEngineCtxInitMinimal(void) { - return DetectEngineCtxInitReal(1); + return DetectEngineCtxInitReal(1, NULL); } DetectEngineCtx *DetectEngineCtxInit(void) { - return DetectEngineCtxInitReal(0); + return DetectEngineCtxInitReal(0, NULL); +} + +DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix) +{ + return DetectEngineCtxInitReal(0, prefix); } static void DetectEngineCtxFreeThreadKeywordData(DetectEngineCtx *de_ctx) diff --git a/src/detect-engine.h b/src/detect-engine.h index b95f509ebb..c664f50e26 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -55,6 +55,7 @@ extern DetectEngineAppInspectionEngine *app_inspection_engine[FLOW_PROTO_DEFAULT /* prototypes */ void DetectEngineRegisterAppInspectionEngines(void); +DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix); DetectEngineCtx *DetectEngineCtxInit(void); DetectEngineCtx *DetectEngineCtxInitMinimal(void); void DetectEngineCtxFree(DetectEngineCtx *); diff --git a/src/detect-filemd5.c b/src/detect-filemd5.c index 1bb0cf3ac8..87f3f35e9b 100644 --- a/src/detect-filemd5.c +++ b/src/detect-filemd5.c @@ -211,7 +211,7 @@ static int DetectFileMd5Match (ThreadVars *t, DetectEngineThreadCtx *det_ctx, * \retval filemd5 pointer to DetectFileMd5Data on success * \retval NULL on failure */ -static DetectFileMd5Data *DetectFileMd5Parse (char *str) +static DetectFileMd5Data *DetectFileMd5Parse (const DetectEngineCtx *de_ctx, char *str) { DetectFileMd5Data *filemd5 = NULL; FILE *fp = NULL; @@ -235,7 +235,7 @@ static DetectFileMd5Data *DetectFileMd5Parse (char *str) } /* get full filename */ - filename = DetectLoadCompleteSigPath(str); + filename = DetectLoadCompleteSigPath(de_ctx, str); if (filename == NULL) { goto error; } @@ -309,7 +309,7 @@ static int DetectFileMd5Setup (DetectEngineCtx *de_ctx, Signature *s, char *str) DetectFileMd5Data *filemd5 = NULL; SigMatch *sm = NULL; - filemd5 = DetectFileMd5Parse(str); + filemd5 = DetectFileMd5Parse(de_ctx, str); if (filemd5 == NULL) goto error; diff --git a/src/detect-lua.c b/src/detect-lua.c index 8d2b35abe4..8a957ccac9 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -713,7 +713,7 @@ static void DetectLuaThreadFree(void *ctx) * \retval luajit pointer to DetectLuaData on success * \retval NULL on failure */ -static DetectLuaData *DetectLuaParse (char *str) +static DetectLuaData *DetectLuaParse (const DetectEngineCtx *de_ctx, char *str) { DetectLuaData *luajit = NULL; @@ -730,7 +730,7 @@ static DetectLuaData *DetectLuaParse (char *str) } /* get full filename */ - luajit->filename = DetectLoadCompleteSigPath(str); + luajit->filename = DetectLoadCompleteSigPath(de_ctx, str); if (luajit->filename == NULL) { goto error; } @@ -987,7 +987,7 @@ static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) DetectLuaData *luajit = NULL; SigMatch *sm = NULL; - luajit = DetectLuaParse(str); + luajit = DetectLuaParse(de_ctx, str); if (luajit == NULL) goto error; diff --git a/src/detect.c b/src/detect.c index 2d5ff98224..53953d4f2a 100644 --- a/src/detect.c +++ b/src/detect.c @@ -239,14 +239,20 @@ void DetectExitPrintStats(ThreadVars *tv, void *data) * \param sig_file The name of the file * \retval str Pointer to the string path + sig_file */ -char *DetectLoadCompleteSigPath(char *sig_file) +char *DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, char *sig_file) { char *defaultpath = NULL; char *path = NULL; + char varname[128] = "default-rule-path"; + + if (strlen(de_ctx->config_prefix) > 0) { + snprintf(varname, sizeof(varname), "%s.default-rule-path", + de_ctx->config_prefix); + } /* Path not specified */ if (PathIsRelative(sig_file)) { - if (ConfGet("default-rule-path", &defaultpath) == 1) { + if (ConfGet(varname, &defaultpath) == 1) { SCLogDebug("Default path: %s", defaultpath); size_t path_len = sizeof(char) * (strlen(defaultpath) + strlen(sig_file) + 2); @@ -396,6 +402,13 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl int goodtotal = 0; int badtotal = 0; + char varname[128] = "rule-files"; + + if (strlen(de_ctx->config_prefix) > 0) { + snprintf(varname, sizeof(varname), "%s.rule-files", + de_ctx->config_prefix); + } + if (RunmodeGetCurrent() == RUNMODE_ENGINE_ANALYSIS) { fp_engine_analysis_set = SetupFPAnalyzer(); rule_engine_analysis_set = SetupRuleAnalyzer(); @@ -403,7 +416,7 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl /* ok, let's load signature files from the general config */ if (!(sig_file != NULL && sig_file_exclusive == TRUE)) { - rule_files = ConfGetNode("rule-files"); + rule_files = ConfGetNode(varname); if (rule_files != NULL) { if (!ConfNodeIsSequence(rule_files)) { SCLogWarning(SC_ERR_INVALID_ARGUMENT, @@ -412,7 +425,7 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl } else { TAILQ_FOREACH(file, &rule_files->head, next) { - sfile = DetectLoadCompleteSigPath(file->val); + sfile = DetectLoadCompleteSigPath(de_ctx, file->val); SCLogDebug("Loading rule file: %s", sfile); cntf++; diff --git a/src/detect.h b/src/detect.h index 5d87616137..973f7f87cf 100644 --- a/src/detect.h +++ b/src/detect.h @@ -732,6 +732,8 @@ typedef struct DetectEngineCtx_ { struct SCProfileKeywordDetectCtx_ *profile_keyword_ctx_per_list[DETECT_SM_LIST_MAX]; #endif + char config_prefix[64]; + /** minimal: essentially a stub */ int minimal; @@ -1202,7 +1204,7 @@ int SigGroupBuild(DetectEngineCtx *); int SigGroupCleanup (DetectEngineCtx *de_ctx); void SigAddressPrepareBidirectionals (DetectEngineCtx *); -char *DetectLoadCompleteSigPath(char *sig_file); +char *DetectLoadCompleteSigPath(const DetectEngineCtx *, char *sig_file); int SigLoadSignatures (DetectEngineCtx *, char *, int); void SigTableList(const char *keyword); void SigTableSetup(void);