unix-socket: add auto mode

When running in live mode, the new default 'auto' value of unix-command.enabled causes unix-command to be activated. This will allow users of live capture to benefit from the feature and result in no side effect for user running in offline capture.
9 years ago · f2d1e93e65
parent f6c3845397
commit f2d1e93e65
6 changed files with 36 additions and 11 deletions
--- a/src/counters.c
+++ b/src/counters.c
@ -244,10 +244,7 @@ static void StatsInitCtx(void)

        /* if the unix command socket is enabled we do the background
         * stats sync just in case someone runs 'dump-counters' */
-        int unix_socket = 0;
-        if (ConfGetBool("unix-command.enabled", &unix_socket) != 1)
-            unix_socket = 0;
-        if (unix_socket == 0) {
+        if (!ConfUnixSocketIsEnable()) {
            SCLogWarning(SC_WARN_NO_STATS_LOGGERS, "stats are enabled but no loggers are active");
            stats_enabled = FALSE;
            SCReturn;
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@ -2090,8 +2090,7 @@ int DetectEngineMultiTenantSetup(void)
    enum DetectEngineTenantSelectors tenant_selector = TENANT_SELECTOR_UNKNOWN;
    DetectEngineMasterCtx *master = &g_master_de_ctx;

-    int unix_socket = 0;
-    (void)ConfGetBool("unix-command.enabled", &unix_socket);
+    int unix_socket = ConfUnixSocketIsEnable();

    int failure_fatal = 0;
    (void)ConfGetBool("engine.init-failure-fatal", &failure_fatal);
--- a/src/suricata.c
+++ b/src/suricata.c
@ -2520,9 +2520,7 @@ int main(int argc, char **argv)
    /* In Unix socket runmode, Flow manager is started on demand */
    if (suri.run_mode != RUNMODE_UNIX_SOCKET) {
        /* Spawn the unix socket manager thread */
-        int unix_socket = 0;
-        if (ConfGetBool("unix-command.enabled", &unix_socket) != 1)
-            unix_socket = 0;
+        int unix_socket = ConfUnixSocketIsEnable();
        if (unix_socket == 1) {
            UnixManagerThreadSpawn(0);
 #ifdef BUILD_UNIX_SOCKET
--- a/src/util-conf.c
+++ b/src/util-conf.c
@ -91,3 +91,31 @@ ConfNode *ConfFindDeviceConfig(ConfNode *node, const char *iface)

    return NULL;
 }
+
+int ConfUnixSocketIsEnable(void)
+{
+    char *value;
+
+    if (ConfGet("unix-command.enabled", &value) != 1) {
+        return 0;
+    }
+
+    if (!strcmp(value, "auto")) {
+#ifdef HAVE_LIBJANSSON
+#ifdef OS_WIN32
+        return 0;
+#else
+        if (TimeModeIsLive()) {
+            SCLogInfo("Running in live mode, activating unix socket");
+            return 1;
+        } else {
+            return 0;
+        }
+#endif
+#else
+        return 0;
+#endif
+    }
+
+    return ConfValIsTrue(value);
+}
--- a/src/util-conf.h
+++ b/src/util-conf.h
@ -33,4 +33,6 @@ TmEcode ConfigCheckLogDirectory(char *log_dir);

 ConfNode *ConfFindDeviceConfig(ConfNode *node, const char *iface);

+int ConfUnixSocketIsEnable(void);
+
 #endif /* __UTIL_UTIL_CONF_H__ */
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -911,10 +911,11 @@ host-mode: auto
 # Unix command socket can be used to pass commands to suricata.
 # An external tool can then connect to get information from suricata
 # or trigger some modifications of the engine. Set enabled to yes
-# to activate the feature. You can use the filename variable to set
+# to activate the feature. In auto mode, the feature will only be
+# activated in live capture mode. You can use the filename variable to set
 # the file name of the socket.
 unix-command:
-  enabled: no
+  enabled: auto
  #filename: custom.socket

 # Magic file. The extension .mgc is added to the value here.