suricata: fix init process for layer 2 IPS

4474889667 did break the logic of IPS mode detection for layer 2 IPS mode like Netmap and AF_PACKET. This pach fixes the issue by calling the IPS detection mode after complete registration of the interfaces. Reported-by: Alexander Gozman <a.gozman@securitycode.ru>
7 years ago · 023bb72cc6
parent 44daf84321
commit 023bb72cc6
1 changed files with 28 additions and 8 deletions
--- a/src/suricata.c
+++ b/src/suricata.c
@ -999,10 +999,6 @@ static TmEcode ParseInterfacesList(int runmode, char *pcap_dev)
                SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for af-packet");
                SCReturnInt(TM_ECODE_FAILED);
            }
-            if (AFPRunModeIsIPS()) {
-                SCLogInfo("AF_PACKET: Setting IPS mode");
-                EngineModeSetIPS();
-            }
        }
 #endif
 #ifdef HAVE_NETMAP
@ -1019,10 +1015,6 @@ static TmEcode ParseInterfacesList(int runmode, char *pcap_dev)
                SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for netmap");
                SCReturnInt(TM_ECODE_FAILED);
            }
-            if (NetmapRunModeIsIPS()) {
-                SCLogInfo("Netmap: Setting IPS mode");
-                EngineModeSetIPS();
-            }
        }
 #endif
 #ifdef HAVE_NFLOG
@ -2806,6 +2798,30 @@ static int PostConfLoadedSetup(SCInstance *suri)
    SCReturnInt(TM_ECODE_OK);
 }

+static int PostDeviceFinalizedSetup(SCInstance *suri)
+{
+	SCEnter();
+
+#ifdef HAVE_AF_PACKET
+	if (suri->run_mode == RUNMODE_AFP_DEV) {
+        if (AFPRunModeIsIPS()) {
+            SCLogInfo("AF_PACKET: Setting IPS mode");
+            EngineModeSetIPS();
+        }
+    }
+#endif
+#ifdef HAVE_NETMAP
+    if (suri->run_mode == RUNMODE_NETMAP) {
+        if (NetmapRunModeIsIPS()) {
+            SCLogInfo("Netmap: Setting IPS mode");
+            EngineModeSetIPS();
+        }
+    }
+#endif
+
+    SCReturnInt(TM_ECODE_OK);
+}
+
 static void SuricataMainLoop(SCInstance *suri)
 {
    while(1) {
@ -2954,6 +2970,10 @@ int main(int argc, char **argv)

    LiveDeviceFinalize();

+    if (PostDeviceFinalizedSetup(&suricata) != TM_ECODE_OK) {
+        exit(EXIT_FAILURE);
+    }
+
    SCDropMainThreadCaps(suricata.userid, suricata.groupid);
    PreRunPostPrivsDropInit(suricata.run_mode);