aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/tenants: Add tenant context to rule loads

Browse Source 
Issue: 1520

This commit adds the tenant id for context to rule and .config file
loads.
pull/9816/head
Jeff Lucovsky 3 years ago committed by Victor Julien
parent 9d8eec453a
commit 6a41843035
7 changed files with 54 additions and 23 deletions
Show Stats Download Patch File Download Diff File

16
src/detect-engine-build.c
Unescape Escape View File

@ -1496,11 +1496,17 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx)
}
if (!(de_ctx->flags & DE_QUIET)) {
SCLogInfo("%" PRIu32 " signatures processed. %" PRIu32 " are IP-only "
"rules, %" PRIu32 " are inspecting packet payload, %"PRIu32
" inspect application layer, %"PRIu32" are decoder event only",
de_ctx->sig_cnt, cnt_iponly, cnt_payload, cnt_applayer,
cnt_deonly);
if (strlen(de_ctx->config_prefix) > 0)
SCLogInfo("tenant id %d: %" PRIu32 " signatures processed. %" PRIu32 " are IP-only "
"rules, %" PRIu32 " are inspecting packet payload, %" PRIu32
" inspect application layer, %" PRIu32 " are decoder event only",
de_ctx->tenant_id, de_ctx->sig_cnt, cnt_iponly, cnt_payload, cnt_applayer,
cnt_deonly);
else
SCLogInfo("%" PRIu32 " signatures processed. %" PRIu32 " are IP-only "
"rules, %" PRIu32 " are inspecting packet payload, %" PRIu32
" inspect application layer, %" PRIu32 " are decoder event only",
de_ctx->sig_cnt, cnt_iponly, cnt_payload, cnt_applayer, cnt_deonly);
SCLogConfig("building signature grouping structure, stage 1: "
"preprocessing rules... complete");

17
src/detect-engine-loader.c
Unescape Escape View File

@ -245,7 +245,11 @@ static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern,
if (strcmp("/dev/null", fname) == 0)
return 0;
#endif
SCLogConfig("Loading rule file: %s", fname);
if (strlen(de_ctx->config_prefix) > 0) {
SCLogConfig("tenant id %d: Loading rule file: %s", de_ctx->tenant_id, fname);
} else {
SCLogConfig("Loading rule file: %s", fname);
}
r = DetectLoadSigFile(de_ctx, fname, good_sigs, bad_sigs);
if (r < 0) {
++(st->bad_files);
@ -347,8 +351,15 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
}
} else {
/* we report the total of files and rules successfully loaded and failed */
SCLogInfo("%" PRId32 " rule files processed. %" PRId32 " rules successfully loaded, %" PRId32 " rules failed",
sig_stat->total_files, sig_stat->good_sigs_total, sig_stat->bad_sigs_total);
if (strlen(de_ctx->config_prefix) > 0)
SCLogInfo("tenant id %d: %" PRId32 " rule files processed. %" PRId32
" rules successfully loaded, %" PRId32 " rules failed",
de_ctx->tenant_id, sig_stat->total_files, sig_stat->good_sigs_total,
sig_stat->bad_sigs_total);
else
SCLogInfo("%" PRId32 " rule files processed. %" PRId32
" rules successfully loaded, %" PRId32 " rules failed",
sig_stat->total_files, sig_stat->good_sigs_total, sig_stat->bad_sigs_total);
}
if ((sig_stat->bad_sigs_total || sig_stat->bad_files) && de_ctx->failure_fatal) {

20
src/detect-engine.c
Unescape Escape View File

@ -2462,7 +2462,8 @@ retry:
return -1;
}
static DetectEngineCtx *DetectEngineCtxInitReal(enum DetectEngineType type, const char *prefix)
static DetectEngineCtx *DetectEngineCtxInitReal(
enum DetectEngineType type, const char *prefix, uint32_t tenant_id)
{
DetectEngineCtx *de_ctx = SCMalloc(sizeof(DetectEngineCtx));
if (unlikely(de_ctx == NULL))
@ -2474,6 +2475,7 @@ static DetectEngineCtx *DetectEngineCtxInitReal(enum DetectEngineType type, cons
de_ctx->sigerror = NULL;
de_ctx->type = type;
de_ctx->filemagic_thread_ctx_id = -1;
de_ctx->tenant_id = tenant_id;
if (type == DETECT_ENGINE_TYPE_DD_STUB || type == DETECT_ENGINE_TYPE_MT_STUB) {
de_ctx->version = DetectEngineGetVersion();
@ -2547,25 +2549,25 @@ error:
DetectEngineCtx *DetectEngineCtxInitStubForMT(void)
{
return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_MT_STUB, NULL);
return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_MT_STUB, NULL, 0);
}
DetectEngineCtx *DetectEngineCtxInitStubForDD(void)
{
return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_DD_STUB, NULL);
return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_DD_STUB, NULL, 0);
}
DetectEngineCtx *DetectEngineCtxInit(void)
{
return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_NORMAL, NULL);
return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_NORMAL, NULL, 0);
}
DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix)
DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix, uint32_t tenant_id)
{
if (prefix == NULL || strlen(prefix) == 0)
return DetectEngineCtxInit();
else
return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_NORMAL, prefix);
return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_NORMAL, prefix, tenant_id);
}
static void DetectEngineCtxFreeThreadKeywordData(DetectEngineCtx *de_ctx)
@ -3841,7 +3843,7 @@ static int DetectEngineMultiTenantLoadTenant(uint32_t tenant_id, const char *fil
goto error;
}
de_ctx = DetectEngineCtxInitWithPrefix(prefix);
de_ctx = DetectEngineCtxInitWithPrefix(prefix, tenant_id);
if (de_ctx == NULL) {
SCLogError("initializing detection engine "
"context failed.");
@ -3901,7 +3903,7 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
goto error;
}
DetectEngineCtx *new_de_ctx = DetectEngineCtxInitWithPrefix(prefix);
DetectEngineCtx *new_de_ctx = DetectEngineCtxInitWithPrefix(prefix, tenant_id);
if (new_de_ctx == NULL) {
SCLogError("initializing detection engine "
"context failed.");
@ -4759,7 +4761,7 @@ int DetectEngineReload(const SCInstance *suri)
}
/* get new detection engine */
new_de_ctx = DetectEngineCtxInitWithPrefix(prefix);
new_de_ctx = DetectEngineCtxInitWithPrefix(prefix, old_de_ctx->tenant_id);
if (new_de_ctx == NULL) {
SCLogError("initializing detection engine "
"context failed.");

2
src/detect-engine.h
Unescape Escape View File

@ -88,7 +88,7 @@ void DetectEngineBufferTypeSupportsMpm(DetectEngineCtx *de_ctx, const char *name
void DetectEngineBufferTypeSupportsTransformations(DetectEngineCtx *de_ctx, const char *name);
/* prototypes */
DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix);
DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix, uint32_t tenant_id);
DetectEngineCtx *DetectEngineCtxInit(void);
DetectEngineCtx *DetectEngineCtxInitStubForDD(void);
DetectEngineCtx *DetectEngineCtxInitStubForMT(void);

8
src/util-classification-config.c
Unescape Escape View File

@ -363,8 +363,12 @@ static bool SCClassConfParseFile(DetectEngineCtx *de_ctx, FILE *fd)
}
#ifdef UNITTESTS
SCLogInfo("Added \"%d\" classification types from the classification file",
de_ctx->class_conf_ht->count);
if (de_ctx != NULL && strlen(de_ctx->config_prefix) > 0)
SCLogInfo("tenant id %d: Added \"%d\" classification types from the classification file",
de_ctx->tenant_id, de_ctx->class_conf_ht->count);
else
SCLogInfo("Added \"%d\" classification types from the classification file",
de_ctx->class_conf_ht->count);
#endif
return errors == 0;

8
src/util-reference-config.c
Unescape Escape View File

@ -335,8 +335,12 @@ static bool SCRConfParseFile(DetectEngineCtx *de_ctx, FILE *fd)
}
#ifdef UNITTESTS
SCLogInfo("Added \"%d\" reference types from the reference.config file",
de_ctx->reference_conf_ht->count);
if (de_ctx != NULL && strlen(de_ctx->config_prefix) > 0)
SCLogInfo("tenant id %d: Added \"%d\" reference types from the reference.config file",
de_ctx->tenant_id, de_ctx->reference_conf_ht->count);
else
SCLogInfo("Added \"%d\" reference types from the reference.config file",
de_ctx->reference_conf_ht->count);
#endif /* UNITTESTS */
return true;
}

6
src/util-threshold-config.c
Unescape Escape View File

@ -1042,7 +1042,11 @@ int SCThresholdConfParseFile(DetectEngineCtx *de_ctx, FILE *fp)
}
}
SCLogInfo("Threshold config parsed: %d rule(s) found", rule_num);
if (de_ctx != NULL && strlen(de_ctx->config_prefix) > 0)
SCLogInfo("tenant id %d: Threshold config parsed: %d rule(s) found", de_ctx->tenant_id,
rule_num);
else
SCLogInfo("Threshold config parsed: %d rule(s) found", rule_num);
return 0;
}

Write Preview
Loading…
Cancel
Save