unix-manager: block live reload when -s/-S is specified

Currently, when live reload is executed through unix-socket, suri prints in the console the following error message: "Live rule reload not possible if -s or -S option used at runtime." Instead, prints "done" in unix socket, when the live reload is not executed.
10 years ago · e7392a0780
parent f1d372a505
commit e7392a0780
3 changed files with 38 additions and 21 deletions
--- a/src/suricata.c
+++ b/src/suricata.c
@ -230,6 +230,14 @@ int g_disable_randomness = 0;
 int g_disable_randomness = 1;
 #endif

+/** Suricata instance */
+SCInstance suricata;
+
+int SuriHasSigFile(void)
+{
+    return (suricata.sig_file != NULL);
+}
+
 int EngineModeIsIPS(void)
 {
    return (g_engine_mode == ENGINE_MODE_IPS);
@ -2801,8 +2809,7 @@ static void SuricataMainLoop(SCInstance *suri)

 int main(int argc, char **argv)
 {
-    SCInstance suri;
-    SCInstanceInit(&suri, argv[0]);
+    SCInstanceInit(&suricata, argv[0]);

 #ifdef HAVE_RUST
    SuricataContext context;
@ -2843,15 +2850,15 @@ int main(int argc, char **argv)
    /* Initialize the configuration module. */
    ConfInit();

-    if (ParseCommandLine(argc, argv, &suri) != TM_ECODE_OK) {
+    if (ParseCommandLine(argc, argv, &suricata) != TM_ECODE_OK) {
        exit(EXIT_FAILURE);
    }

-    if (FinalizeRunMode(&suri, argv) != TM_ECODE_OK) {
+    if (FinalizeRunMode(&suricata, argv) != TM_ECODE_OK) {
        exit(EXIT_FAILURE);
    }

-    switch (StartInternalRunMode(&suri, argc, argv)) {
+    switch (StartInternalRunMode(&suricata, argc, argv)) {
        case TM_ECODE_DONE:
            exit(EXIT_SUCCESS);
        case TM_ECODE_FAILED:
@ -2862,35 +2869,35 @@ int main(int argc, char **argv)
    GlobalsInitPreConfig();

    /* Load yaml configuration file if provided. */
-    if (LoadYamlConfig(&suri) != TM_ECODE_OK) {
+    if (LoadYamlConfig(&suricata) != TM_ECODE_OK) {
        exit(EXIT_FAILURE);
    }

-    if (suri.run_mode == RUNMODE_DUMP_CONFIG) {
+    if (suricata.run_mode == RUNMODE_DUMP_CONFIG) {
        ConfDump();
        exit(EXIT_SUCCESS);
    }

    /* Since our config is now loaded we can finish configurating the
     * logging module. */
-    SCLogLoadConfig(suri.daemon, suri.verbose);
+    SCLogLoadConfig(suricata.daemon, suricata.verbose);

    LogVersion();
    UtilCpuPrintSummary();

-    if (ParseInterfacesList(suri.run_mode, suri.pcap_dev) != TM_ECODE_OK) {
+    if (ParseInterfacesList(suricata.run_mode, suricata.pcap_dev) != TM_ECODE_OK) {
        exit(EXIT_FAILURE);
    }

-    if (PostConfLoadedSetup(&suri) != TM_ECODE_OK) {
+    if (PostConfLoadedSetup(&suricata) != TM_ECODE_OK) {
        exit(EXIT_FAILURE);
    }
-    PostConfLoadedDetectSetup(&suri);
+    PostConfLoadedDetectSetup(&suricata);

-    SCDropMainThreadCaps(suri.userid, suri.groupid);
-    PreRunPostPrivsDropInit(suri.run_mode);
+    SCDropMainThreadCaps(suricata.userid, suricata.groupid);
+    PreRunPostPrivsDropInit(suricata.run_mode);

-    if (suri.run_mode == RUNMODE_CONF_TEST){
+    if (suricata.run_mode == RUNMODE_CONF_TEST){
        SCLogNotice("Configuration provided was successfully loaded. Exiting.");
 #ifdef HAVE_MAGIC
        MagicDeinit();
@ -2898,9 +2905,9 @@ int main(int argc, char **argv)
        exit(EXIT_SUCCESS);
    }

-    SCSetStartTime(&suri);
-    RunModeDispatch(suri.run_mode, suri.runmode_custom_mode);
-    if (suri.run_mode != RUNMODE_UNIX_SOCKET) {
+    SCSetStartTime(&suricata);
+    RunModeDispatch(suricata.run_mode, suricata.runmode_custom_mode);
+    if (suricata.run_mode != RUNMODE_UNIX_SOCKET) {
        UnixManagerThreadSpawnNonRunmode();
    }

@ -2917,7 +2924,7 @@ int main(int argc, char **argv)
    /* Un-pause all the paused threads */
    TmThreadContinueThreads();

-    PostRunStartedDetectSetup(&suri);
+    PostRunStartedDetectSetup(&suricata);

 #ifdef DBG_MEM_ALLOC
    SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem);
@ -2926,17 +2933,17 @@ int main(int argc, char **argv)
 #endif
 #endif

-    SuricataMainLoop(&suri);
+    SuricataMainLoop(&suricata);

    /* Update the engine stage/status flag */
    (void) SC_ATOMIC_CAS(&engine_stage, SURICATA_RUNTIME, SURICATA_DEINIT);

    UnixSocketKillSocketThread();
-    PostRunDeinit(suri.run_mode, &suri.start_time);
+    PostRunDeinit(suricata.run_mode, &suricata.start_time);
    /* kill remaining threads */
    TmThreadKillThreads();

-    GlobalsDestroy(&suri);
+    GlobalsDestroy(&suricata);

    exit(EXIT_SUCCESS);
 }
--- a/src/suricata.h
+++ b/src/suricata.h
@ -193,6 +193,8 @@ int RunmodeIsUnittests(void);
 int RunmodeGetCurrent(void);
 int IsRuleReloadSet(int quiet);

+int SuriHasSigFile(void);
+
 extern int run_mode;

 void PreRunInit(const int runmode);
--- a/src/unix-manager.c
+++ b/src/unix-manager.c
@ -659,6 +659,14 @@ static TmEcode UnixManagerCaptureModeCommand(json_t *cmd,
 static TmEcode UnixManagerReloadRulesWrapper(json_t *cmd, json_t *server_msg, void *data, int do_wait)
 {
    SCEnter();
+
+    if (SuriHasSigFile()) {
+        json_object_set_new(server_msg, "message",
+                            json_string("Live rule reload not possible if -s "
+                                        "or -S option used at runtime."));
+        SCReturnInt(TM_ECODE_FAILED);
+    }
+
    int r = DetectEngineReloadStart();

    if (r == 0 && do_wait) {