aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: initialize detection engine by prefix

Browse Source 
Initalize detection engine by configuration prefix.

    DetectEngineCtxInitWithPrefix(const char *prefix)

Takes the detection engine configuration from:
<prefix>.<config>

If prefix is NULL the regular config will be used.

Update sure that DetectLoadCompleteSigPath considers the prefix when
retrieving the configuration.
pull/1389/head
Victor Julien 10 years ago
parent 97d77e3540
commit 7108085d33
6 changed files with 39 additions and 14 deletions
Show Stats Download Patch File Download Diff File

15
src/detect-engine.c
Unescape Escape View File

@ -647,7 +647,7 @@ static int DetectEngineReloadThreads(DetectEngineCtx *new_de_ctx)
return -1; return -1;
} }
static DetectEngineCtx *DetectEngineCtxInitReal(int minimal) static DetectEngineCtx *DetectEngineCtxInitReal(int minimal, const char *prefix)
{ {
DetectEngineCtx *de_ctx; DetectEngineCtx *de_ctx;
@ -668,6 +668,10 @@ static DetectEngineCtx *DetectEngineCtxInitReal(int minimal)
return de_ctx; return de_ctx;
} }
if (prefix != NULL) {
strlcpy(de_ctx->config_prefix, prefix, sizeof(de_ctx->config_prefix));
}
if (ConfGetBool("engine.init-failure-fatal", (int *)&(de_ctx->failure_fatal)) != 1) { if (ConfGetBool("engine.init-failure-fatal", (int *)&(de_ctx->failure_fatal)) != 1) {
SCLogDebug("ConfGetBool could not load the value."); SCLogDebug("ConfGetBool could not load the value.");
} }
@ -747,12 +751,17 @@ error:
DetectEngineCtx *DetectEngineCtxInitMinimal(void) DetectEngineCtx *DetectEngineCtxInitMinimal(void)
{ {
return DetectEngineCtxInitReal(1); return DetectEngineCtxInitReal(1, NULL);
} }
DetectEngineCtx *DetectEngineCtxInit(void) DetectEngineCtx *DetectEngineCtxInit(void)
{ {
return DetectEngineCtxInitReal(0); return DetectEngineCtxInitReal(0, NULL);
}
DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix)
{
return DetectEngineCtxInitReal(0, prefix);
} }
static void DetectEngineCtxFreeThreadKeywordData(DetectEngineCtx *de_ctx) static void DetectEngineCtxFreeThreadKeywordData(DetectEngineCtx *de_ctx)

1
src/detect-engine.h
Unescape Escape View File

@ -55,6 +55,7 @@ extern DetectEngineAppInspectionEngine *app_inspection_engine[FLOW_PROTO_DEFAULT
/* prototypes */ /* prototypes */
void DetectEngineRegisterAppInspectionEngines(void); void DetectEngineRegisterAppInspectionEngines(void);
DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix);
DetectEngineCtx *DetectEngineCtxInit(void); DetectEngineCtx *DetectEngineCtxInit(void);
DetectEngineCtx *DetectEngineCtxInitMinimal(void); DetectEngineCtx *DetectEngineCtxInitMinimal(void);
void DetectEngineCtxFree(DetectEngineCtx *); void DetectEngineCtxFree(DetectEngineCtx *);

6
src/detect-filemd5.c
Unescape Escape View File

@ -211,7 +211,7 @@ static int DetectFileMd5Match (ThreadVars *t, DetectEngineThreadCtx *det_ctx,
* \retval filemd5 pointer to DetectFileMd5Data on success * \retval filemd5 pointer to DetectFileMd5Data on success
* \retval NULL on failure * \retval NULL on failure
*/ */
static DetectFileMd5Data *DetectFileMd5Parse (char *str) static DetectFileMd5Data *DetectFileMd5Parse (const DetectEngineCtx *de_ctx, char *str)
{ {
DetectFileMd5Data *filemd5 = NULL; DetectFileMd5Data *filemd5 = NULL;
FILE *fp = NULL; FILE *fp = NULL;
@ -235,7 +235,7 @@ static DetectFileMd5Data *DetectFileMd5Parse (char *str)
} }
/* get full filename */ /* get full filename */
filename = DetectLoadCompleteSigPath(str); filename = DetectLoadCompleteSigPath(de_ctx, str);
if (filename == NULL) { if (filename == NULL) {
goto error; goto error;
} }
@ -309,7 +309,7 @@ static int DetectFileMd5Setup (DetectEngineCtx *de_ctx, Signature *s, char *str)
DetectFileMd5Data *filemd5 = NULL; DetectFileMd5Data *filemd5 = NULL;
SigMatch *sm = NULL; SigMatch *sm = NULL;
filemd5 = DetectFileMd5Parse(str); filemd5 = DetectFileMd5Parse(de_ctx, str);
if (filemd5 == NULL) if (filemd5 == NULL)
goto error; goto error;

6
src/detect-lua.c
Unescape Escape View File

@ -713,7 +713,7 @@ static void DetectLuaThreadFree(void *ctx)
* \retval luajit pointer to DetectLuaData on success * \retval luajit pointer to DetectLuaData on success
* \retval NULL on failure * \retval NULL on failure
*/ */
static DetectLuaData *DetectLuaParse (char *str) static DetectLuaData *DetectLuaParse (const DetectEngineCtx *de_ctx, char *str)
{ {
DetectLuaData *luajit = NULL; DetectLuaData *luajit = NULL;
@ -730,7 +730,7 @@ static DetectLuaData *DetectLuaParse (char *str)
} }
/* get full filename */ /* get full filename */
luajit->filename = DetectLoadCompleteSigPath(str); luajit->filename = DetectLoadCompleteSigPath(de_ctx, str);
if (luajit->filename == NULL) { if (luajit->filename == NULL) {
goto error; goto error;
} }
@ -987,7 +987,7 @@ static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
DetectLuaData *luajit = NULL; DetectLuaData *luajit = NULL;
SigMatch *sm = NULL; SigMatch *sm = NULL;
luajit = DetectLuaParse(str); luajit = DetectLuaParse(de_ctx, str);
if (luajit == NULL) if (luajit == NULL)
goto error; goto error;

21
src/detect.c
Unescape Escape View File

@ -239,14 +239,20 @@ void DetectExitPrintStats(ThreadVars *tv, void *data)
* \param sig_file The name of the file * \param sig_file The name of the file
* \retval str Pointer to the string path + sig_file * \retval str Pointer to the string path + sig_file
*/ */
char *DetectLoadCompleteSigPath(char *sig_file) char *DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, char *sig_file)
{ {
char *defaultpath = NULL; char *defaultpath = NULL;
char *path = NULL; char *path = NULL;
char varname[128] = "default-rule-path";
if (strlen(de_ctx->config_prefix) > 0) {
snprintf(varname, sizeof(varname), "%s.default-rule-path",
de_ctx->config_prefix);
}
/* Path not specified */ /* Path not specified */
if (PathIsRelative(sig_file)) { if (PathIsRelative(sig_file)) {
if (ConfGet("default-rule-path", &defaultpath) == 1) { if (ConfGet(varname, &defaultpath) == 1) {
SCLogDebug("Default path: %s", defaultpath); SCLogDebug("Default path: %s", defaultpath);
size_t path_len = sizeof(char) * (strlen(defaultpath) + size_t path_len = sizeof(char) * (strlen(defaultpath) +
strlen(sig_file) + 2); strlen(sig_file) + 2);
@ -396,6 +402,13 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
int goodtotal = 0; int goodtotal = 0;
int badtotal = 0; int badtotal = 0;
char varname[128] = "rule-files";
if (strlen(de_ctx->config_prefix) > 0) {
snprintf(varname, sizeof(varname), "%s.rule-files",
de_ctx->config_prefix);
}
if (RunmodeGetCurrent() == RUNMODE_ENGINE_ANALYSIS) { if (RunmodeGetCurrent() == RUNMODE_ENGINE_ANALYSIS) {
fp_engine_analysis_set = SetupFPAnalyzer(); fp_engine_analysis_set = SetupFPAnalyzer();
rule_engine_analysis_set = SetupRuleAnalyzer(); rule_engine_analysis_set = SetupRuleAnalyzer();
@ -403,7 +416,7 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
/* ok, let's load signature files from the general config */ /* ok, let's load signature files from the general config */
if (!(sig_file != NULL && sig_file_exclusive == TRUE)) { if (!(sig_file != NULL && sig_file_exclusive == TRUE)) {
rule_files = ConfGetNode("rule-files"); rule_files = ConfGetNode(varname);
if (rule_files != NULL) { if (rule_files != NULL) {
if (!ConfNodeIsSequence(rule_files)) { if (!ConfNodeIsSequence(rule_files)) {
SCLogWarning(SC_ERR_INVALID_ARGUMENT, SCLogWarning(SC_ERR_INVALID_ARGUMENT,
@ -412,7 +425,7 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
} }
else { else {
TAILQ_FOREACH(file, &rule_files->head, next) { TAILQ_FOREACH(file, &rule_files->head, next) {
sfile = DetectLoadCompleteSigPath(file->val); sfile = DetectLoadCompleteSigPath(de_ctx, file->val);
SCLogDebug("Loading rule file: %s", sfile); SCLogDebug("Loading rule file: %s", sfile);
cntf++; cntf++;

4
src/detect.h
Unescape Escape View File

@ -732,6 +732,8 @@ typedef struct DetectEngineCtx_ {
struct SCProfileKeywordDetectCtx_ *profile_keyword_ctx_per_list[DETECT_SM_LIST_MAX]; struct SCProfileKeywordDetectCtx_ *profile_keyword_ctx_per_list[DETECT_SM_LIST_MAX];
#endif #endif
char config_prefix[64];
/** minimal: essentially a stub */ /** minimal: essentially a stub */
int minimal; int minimal;
@ -1202,7 +1204,7 @@ int SigGroupBuild(DetectEngineCtx *);
int SigGroupCleanup (DetectEngineCtx *de_ctx); int SigGroupCleanup (DetectEngineCtx *de_ctx);
void SigAddressPrepareBidirectionals (DetectEngineCtx *); void SigAddressPrepareBidirectionals (DetectEngineCtx *);
char *DetectLoadCompleteSigPath(char *sig_file); char *DetectLoadCompleteSigPath(const DetectEngineCtx *, char *sig_file);
int SigLoadSignatures (DetectEngineCtx *, char *, int); int SigLoadSignatures (DetectEngineCtx *, char *, int);
void SigTableList(const char *keyword); void SigTableList(const char *keyword);
void SigTableSetup(void); void SigTableSetup(void);

Write Preview
Loading…
Cancel
Save