aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

multi-detect: handle missing mappings

Browse Source 
Notify/warn user about missing mappings depending on other settings
like unix socket and init errors fatal.
pull/1760/head
Victor Julien 10 years ago
parent 27783f4c66
commit 906b95eed3
3 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File

28
src/detect-engine.c
Unescape Escape View File

@ -2045,8 +2045,12 @@ int DetectEngineReloadTenantBlocking(uint32_t tenant_id, const char *yaml, int r
*/
void DetectEngineMultiTenantSetup(void)
{
enum DetectEngineTenantSelectors tenant_selector = TENANT_SELECTOR_UNKNOWN;
DetectEngineMasterCtx *master = &g_master_de_ctx;
int unix_socket = 0;
(void)ConfGetBool("unix-command.enabled", &unix_socket);
int failure_fatal = 0;
(void)ConfGetBool("engine.init-failure-fatal", &failure_fatal);
@ -2066,7 +2070,7 @@ void DetectEngineMultiTenantSetup(void)
SCLogInfo("multi-tenant selector type %s", handler);
if (strcmp(handler, "vlan") == 0) {
master->tenant_selector = TENANT_SELECTOR_VLAN;
tenant_selector = master->tenant_selector = TENANT_SELECTOR_VLAN;
int vlanbool = 0;
if ((ConfGetBool("vlan.use-for-tracking", &vlanbool)) == 1 && vlanbool == 0) {
@ -2077,7 +2081,7 @@ void DetectEngineMultiTenantSetup(void)
}
} else if (strcmp(handler, "direct") == 0) {
master->tenant_selector = TENANT_SELECTOR_DIRECT;
tenant_selector = master->tenant_selector = TENANT_SELECTOR_DIRECT;
} else {
SCLogError(SC_ERR_INVALID_VALUE, "unknown value %s "
"multi-detect.selector", handler);
@ -2092,6 +2096,7 @@ void DetectEngineMultiTenantSetup(void)
ConfNode *mappings_root_node = ConfGetNode("multi-detect.mappings");
ConfNode *mapping_node = NULL;
int mapping_cnt = 0;
if (mappings_root_node != NULL) {
TAILQ_FOREACH(mapping_node, &mappings_root_node->head, next) {
if (strcmp(mapping_node->val, "vlan") == 0) {
@ -2129,6 +2134,7 @@ void DetectEngineMultiTenantSetup(void)
goto error;
}
SCLogInfo("vlan %u connected to tenant-id %u", vlan_id, tenant_id);
mapping_cnt++;
} else {
SCLogWarning(SC_ERR_INVALID_VALUE, "multi-detect.mappings expects a list of 'vlan's. Not %s", mapping_node->val);
goto bad_mapping;
@ -2141,6 +2147,24 @@ void DetectEngineMultiTenantSetup(void)
}
}
if (tenant_selector == TENANT_SELECTOR_VLAN && mapping_cnt == 0) {
/* no mappings are valid when we're in unix socket mode,
* they can be added on the fly. Otherwise warn/error
* depending on failure_fatal */
if (unix_socket) {
SCLogNotice("no tenant traffic mappings defined, "
"tenants won't be used until mappings are added");
} else {
if (failure_fatal)
SCLogWarning(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined");
else {
SCLogError(SC_ERR_MT_NO_MAPPING, "no multi-detect mappings defined");
goto error;
}
}
}
/* tenants */
ConfNode *tenants_root_node = ConfGetNode("multi-detect.tenants");
ConfNode *tenant_node = NULL;

1
src/util-error.c
Unescape Escape View File

@ -309,6 +309,7 @@ const char * SCErrorToString(SCError err)
CASE_CODE (SC_ERR_IPPAIR_INIT);
CASE_CODE (SC_ERR_MT_NO_SELECTOR);
CASE_CODE (SC_ERR_MT_DUPLICATE_TENANT);
CASE_CODE (SC_ERR_MT_NO_MAPPING);
CASE_CODE (SC_ERR_NO_JSON_SUPPORT);
CASE_CODE (SC_ERR_INVALID_RULE_ARGUMENT);
}

1
src/util-error.h
Unescape Escape View File

@ -301,6 +301,7 @@ typedef enum {
SC_ERR_NO_JSON_SUPPORT,
SC_ERR_INVALID_RULE_ARGUMENT, /**< Generic error code for invalid
* rule argument. */
SC_ERR_MT_NO_MAPPING,
} SCError;
const char *SCErrorToString(SCError);

Write Preview
Loading…
Cancel
Save