aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug 977: -T / --init-errors-fatal to process all rules

Browse Source 
Have -T / --init-errors-fatal process all rules so that it's easier
to debug problems in ruleset. Otherwise it can be a lengthy fix, test
error cycle if multiple rules have issues.

Convert empty rulefile error into a warning.

Bug #977
pull/1239/head
Victor Julien 11 years ago
parent e951afb911
commit d951de2f19
3 changed files with 39 additions and 57 deletions
Show Stats Download Patch File Download Diff File

13
src/detect-parse.c
Unescape Escape View File

@ -1535,12 +1535,6 @@ error:
if (sig != NULL) { if (sig != NULL) {
SigFree(sig); SigFree(sig);
} }
if (de_ctx->failure_fatal == 1) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature parsing failed: "
"\"%s\"", sigstr);
exit(EXIT_FAILURE);
}
return NULL; return NULL;
} }
@ -1578,13 +1572,6 @@ error:
if (sig != NULL) { if (sig != NULL) {
SigFree(sig); SigFree(sig);
} }
if (de_ctx->failure_fatal == 1) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature parsing failed: "
"\"%s\"", sigstr);
exit(EXIT_FAILURE);
}
/* if something failed, restore the old signum count /* if something failed, restore the old signum count
* since we didn't install it */ * since we didn't install it */
de_ctx->signum = oldsignum; de_ctx->signum = oldsignum;

75
src/detect.c
Unescape Escape View File

@ -282,7 +282,8 @@ char *DetectLoadCompleteSigPath(char *sig_file)
* \param sigs_tot Will store number of signatures processed in the file * \param sigs_tot Will store number of signatures processed in the file
* \retval Number of rules loaded successfully, -1 on error * \retval Number of rules loaded successfully, -1 on error
*/ */
int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file, int *sigs_tot) static int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file,
int *goodsigs, int *badsigs)
{ {
Signature *sig = NULL; Signature *sig = NULL;
int good = 0, bad = 0; int good = 0, bad = 0;
@ -290,6 +291,9 @@ int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file, int *sigs_tot)
size_t offset = 0; size_t offset = 0;
int lineno = 0, multiline = 0; int lineno = 0, multiline = 0;
(*goodsigs) = 0;
(*badsigs) = 0;
if (sig_file == NULL) { if (sig_file == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "opening rule file null"); SCLogError(SC_ERR_INVALID_ARGUMENT, "opening rule file null");
return -1; return -1;
@ -336,7 +340,6 @@ int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file, int *sigs_tot)
de_ctx->rule_line = lineno - multiline; de_ctx->rule_line = lineno - multiline;
sig = DetectEngineAppendSig(de_ctx, line); sig = DetectEngineAppendSig(de_ctx, line);
(*sigs_tot)++;
if (sig != NULL) { if (sig != NULL) {
if (rule_engine_analysis_set || fp_engine_analysis_set) { if (rule_engine_analysis_set || fp_engine_analysis_set) {
sig->mpm_sm = RetrieveFPForSigV2(sig); sig->mpm_sm = RetrieveFPForSigV2(sig);
@ -356,16 +359,15 @@ int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file, int *sigs_tot)
if (rule_engine_analysis_set) { if (rule_engine_analysis_set) {
EngineAnalysisRulesFailure(line, sig_file, lineno - multiline); EngineAnalysisRulesFailure(line, sig_file, lineno - multiline);
} }
if (de_ctx->failure_fatal == 1) {
exit(EXIT_FAILURE);
}
bad++; bad++;
} }
multiline = 0; multiline = 0;
} }
fclose(fp); fclose(fp);
return good; (*goodsigs) = good;
(*badsigs) = bad;
return 0;
} }
/** /**
@ -383,11 +385,17 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
ConfNode *file = NULL; ConfNode *file = NULL;
int ret = 0; int ret = 0;
int r = 0; int r = 0;
int cnt = 0;
int cntf = 0; int cntf = 0;
int sigtotal = 0;
char *sfile = NULL; char *sfile = NULL;
int goodsigs = 0;
int badsigs = 0;
int badfiles = 0;
int goodtotal = 0;
int badtotal = 0;
if (RunmodeGetCurrent() == RUNMODE_ENGINE_ANALYSIS) { if (RunmodeGetCurrent() == RUNMODE_ENGINE_ANALYSIS) {
fp_engine_analysis_set = SetupFPAnalyzer(); fp_engine_analysis_set = SetupFPAnalyzer();
rule_engine_analysis_set = SetupRuleAnalyzer(); rule_engine_analysis_set = SetupRuleAnalyzer();
@ -401,21 +409,18 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
sfile = DetectLoadCompleteSigPath(file->val); sfile = DetectLoadCompleteSigPath(file->val);
SCLogDebug("Loading rule file: %s", sfile); SCLogDebug("Loading rule file: %s", sfile);
r = DetectLoadSigFile(de_ctx, sfile, &sigtotal);
cntf++; cntf++;
if (r > 0) { r = DetectLoadSigFile(de_ctx, sfile, &goodsigs, &badsigs);
cnt += r; if (r < 0) {
} else if (r == 0){ badfiles++;
SCLogWarning(SC_ERR_NO_RULES, "No rules loaded from %s", sfile);
if (de_ctx->failure_fatal == 1) {
exit(EXIT_FAILURE);
}
} else if (r < 0){
if (de_ctx->failure_fatal == 1) {
exit(EXIT_FAILURE);
} }
if (goodsigs == 0) {
SCLogWarning(SC_ERR_NO_RULES, "No rules loaded from %s", sfile);
} }
SCFree(sfile); SCFree(sfile);
goodtotal += goodsigs;
badtotal += badsigs;
} }
} }
} }
@ -423,40 +428,34 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
/* If a Signature file is specified from commandline, parse it too */ /* If a Signature file is specified from commandline, parse it too */
if (sig_file != NULL) { if (sig_file != NULL) {
SCLogInfo("Loading rule file: %s", sig_file); SCLogInfo("Loading rule file: %s", sig_file);
r = DetectLoadSigFile(de_ctx, sig_file, &sigtotal);
cntf++; cntf++;
if (r > 0) { r = DetectLoadSigFile(de_ctx, sig_file, &goodsigs, &badsigs);
cnt += r; if (r < 0) {
} else if (r == 0) { badfiles++;
SCLogError(SC_ERR_NO_RULES, "No rules loaded from %s", sig_file);
if (de_ctx->failure_fatal == 1) {
exit(EXIT_FAILURE);
}
} else if (r < 0){
if (de_ctx->failure_fatal == 1) {
exit(EXIT_FAILURE);
} }
if (goodsigs == 0) {
SCLogWarning(SC_ERR_NO_RULES, "No rules loaded from %s", sig_file);
} }
goodtotal += goodsigs;
badtotal += badsigs;
} }
/* now we should have signatures to work with */ /* now we should have signatures to work with */
if (cnt <= 0) { if (goodsigs <= 0) {
if (cntf > 0) { if (cntf > 0) {
SCLogError(SC_ERR_NO_RULES_LOADED, "%d rule files specified, but no rule was loaded at all!", cntf); SCLogWarning(SC_ERR_NO_RULES_LOADED, "%d rule files specified, but no rule was loaded at all!", cntf);
if (de_ctx->failure_fatal == 1) {
exit(EXIT_FAILURE);
}
ret = -1;
} else { } else {
SCLogInfo("No signatures supplied."); SCLogInfo("No signatures supplied.");
goto end; goto end;
} }
} else { } else {
/* we report the total of files and rules successfully loaded and failed */ /* we report the total of files and rules successfully loaded and failed */
SCLogInfo("%" PRId32 " rule files processed. %" PRId32 " rules successfully loaded, %" PRId32 " rules failed", cntf, cnt, sigtotal-cnt); SCLogInfo("%" PRId32 " rule files processed. %" PRId32 " rules successfully loaded, %" PRId32 " rules failed", cntf, goodtotal, badtotal);
} }
if (ret < 0 && de_ctx->failure_fatal) { if ((badtotal || badfiles) && de_ctx->failure_fatal) {
ret = -1;
goto end; goto end;
} }

4
src/suricata.c
Unescape Escape View File

@ -1917,11 +1917,7 @@ static void SetupDelayedDetect(DetectEngineCtx *de_ctx, SCInstance *suri)
static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri) static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri)
{ {
if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) { if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) {
if (suri->sig_file == NULL) {
SCLogError(SC_ERR_OPENING_FILE, "Signature file has not been provided");
} else {
SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed."); SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.");
}
if (de_ctx->failure_fatal) if (de_ctx->failure_fatal)
return TM_ECODE_FAILED; return TM_ECODE_FAILED;
} }

Write Preview
Loading…
Cancel
Save