From 023bb72cc6a340bd07af7a6ac5be46eaa9e9c5c6 Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Tue, 24 Jul 2018 17:28:47 +0200
Subject: [PATCH] suricata: fix init process for layer 2 IPS

4474889667d664a66c1c123f4f7d2756e8a7fbb9 did break the logic of IPS
mode detection for layer 2 IPS mode like Netmap and AF_PACKET. This
pach fixes the issue by calling the IPS detection mode after
complete registration of the interfaces.

Reported-by: Alexander Gozman <a.gozman@securitycode.ru>
---
 src/suricata.c | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/src/suricata.c b/src/suricata.c
index 4124babe7d..60dd2ee052 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -999,10 +999,6 @@ static TmEcode ParseInterfacesList(int runmode, char *pcap_dev)
                 SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for af-packet");
                 SCReturnInt(TM_ECODE_FAILED);
             }
-            if (AFPRunModeIsIPS()) {
-                SCLogInfo("AF_PACKET: Setting IPS mode");
-                EngineModeSetIPS();
-            }
         }
 #endif
 #ifdef HAVE_NETMAP
@@ -1019,10 +1015,6 @@ static TmEcode ParseInterfacesList(int runmode, char *pcap_dev)
                 SCLogError(SC_ERR_INITIALIZATION, "No interface found in config for netmap");
                 SCReturnInt(TM_ECODE_FAILED);
             }
-            if (NetmapRunModeIsIPS()) {
-                SCLogInfo("Netmap: Setting IPS mode");
-                EngineModeSetIPS();
-            }
         }
 #endif
 #ifdef HAVE_NFLOG
@@ -2806,6 +2798,30 @@ static int PostConfLoadedSetup(SCInstance *suri)
     SCReturnInt(TM_ECODE_OK);
 }
 
+static int PostDeviceFinalizedSetup(SCInstance *suri)
+{
+	SCEnter();
+
+#ifdef HAVE_AF_PACKET
+	if (suri->run_mode == RUNMODE_AFP_DEV) {
+        if (AFPRunModeIsIPS()) {
+            SCLogInfo("AF_PACKET: Setting IPS mode");
+            EngineModeSetIPS();
+        }
+    }
+#endif
+#ifdef HAVE_NETMAP
+    if (suri->run_mode == RUNMODE_NETMAP) {
+        if (NetmapRunModeIsIPS()) {
+            SCLogInfo("Netmap: Setting IPS mode");
+            EngineModeSetIPS();
+        }
+    }
+#endif
+
+    SCReturnInt(TM_ECODE_OK);
+}
+
 static void SuricataMainLoop(SCInstance *suri)
 {
     while(1) {
@@ -2954,6 +2970,10 @@ int main(int argc, char **argv)
 
     LiveDeviceFinalize();
 
+    if (PostDeviceFinalizedSetup(&suricata) != TM_ECODE_OK) {
+        exit(EXIT_FAILURE);
+    }
+
     SCDropMainThreadCaps(suricata.userid, suricata.groupid);
     PreRunPostPrivsDropInit(suricata.run_mode);