From efc12b24ae802de6bd925fd8d6374b5e8744a9ce Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Wed, 11 Sep 2013 17:58:28 +0200
Subject: [PATCH] reject: use host-mode to set interface

This patch update reject code to send the packet on the interface
it comes from when 'host-mode' is set to 'sniffer-only'. When
'host-mode' is set to 'router', the reject packet is sent via
the routing interface.

This should fix #957.
---
 src/respond-reject-libnet11.c | 16 ++++++++++++++--
 suricata.yaml.in              |  1 +
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/respond-reject-libnet11.c b/src/respond-reject-libnet11.c
index 4f914cf8bc..e0ff22d49d 100644
--- a/src/respond-reject-libnet11.c
+++ b/src/respond-reject-libnet11.c
@@ -47,6 +47,7 @@
 #include "action-globals.h"
 #include "respond-reject.h"
 #include "respond-reject-libnet11.h"
+#include "util-device.h"
 
 #ifdef HAVE_LIBNET11
 
@@ -56,6 +57,7 @@ extern int sc_set_caps;
 
 #include <libnet.h>
 
+extern uint8_t host_mode;
 
 typedef struct Libnet11Packet_ {
     uint32_t ack, seq;
@@ -77,6 +79,7 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir)
     libnet_t *c; /* libnet context */
     char ebuf[LIBNET_ERRBUF_SIZE];
     int result;
+    char *devname = NULL;
 
     /* fill in struct defaults */
     lpacket.ttl = 0;
@@ -84,7 +87,11 @@ int RejectSendLibnet11L3IPv4TCP(ThreadVars *tv, Packet *p, void *data, int dir)
     lpacket.flow = 0;
     lpacket.class = 0;
 
-    if ((c = libnet_init(LIBNET_RAW4, NULL, ebuf)) == NULL) {
+    if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) {
+        devname = p->livedev->dev;
+        SCLogDebug("Will emit reject packet on dev %s", devname);
+    }
+    if ((c = libnet_init(LIBNET_RAW4, devname, ebuf)) == NULL) {
         SCLogError(SC_ERR_LIBNET_INIT,"libnet_inint failed: %s", ebuf);
         return 1;
     }
@@ -187,6 +194,7 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir)
     libnet_t *c; /* libnet context */
     char ebuf[LIBNET_ERRBUF_SIZE];
     int result;
+    char *devname = NULL;
 
     /* fill in struct defaults */
     lpacket.ttl = 0;
@@ -195,7 +203,11 @@ int RejectSendLibnet11L3IPv4ICMP(ThreadVars *tv, Packet *p, void *data, int dir)
     lpacket.class = 0;
 
     lpacket.len = (IPV4_GET_HLEN(p) + p->payload_len);
-    if ((c = libnet_init(LIBNET_RAW4, NULL, ebuf)) == NULL) {
+
+    if (IS_SURI_HOST_MODE_SNIFFER_ONLY(host_mode) && (p->livedev)) {
+        devname = p->livedev->dev;
+    }
+    if ((c = libnet_init(LIBNET_RAW4, devname, ebuf)) == NULL) {
         SCLogError(SC_ERR_LIBNET_INIT,"libnet_inint failed: %s", ebuf);
         return 1;
     }
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 4f038917bb..e428d80664 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -36,6 +36,7 @@
 # it is a pure sniffing setup, set it to 'sniffer-only'.
 # If set to auto, the variable is internally switch to 'router' in IPS mode
 # and 'sniffer-only' in IDS mode.
+# This feature is currently only used by the reject* keywords.
 host-mode: auto
 
 # Run suricata as user and group.