From a67bd2457b2c4aab060cdf15d988d91bb90f19ed Mon Sep 17 00:00:00 2001 From: Pablo Rincon Date: Thu, 17 Dec 2009 21:56:19 +0100 Subject: [PATCH] Loading rules from config support --- src/detect.c | 25 ++++++++++++++++--------- src/eidps.c | 3 +-- src/util-error.c | 4 ++++ src/util-error.h | 3 +++ 4 files changed, 24 insertions(+), 11 deletions(-) diff --git a/src/detect.c b/src/detect.c index a3bdcb39dd..37664b8570 100644 --- a/src/detect.c +++ b/src/detect.c @@ -208,9 +208,15 @@ int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file) { Signature *sig = NULL; int good = 0, bad = 0; + if (sig_file == NULL) { + SCLogError(SC_INVALID_ARGUMENT, "ERROR opening rule file null."); + return -1; + } + FILE *fp = fopen(sig_file, "r"); if (fp == NULL) { - printf("ERROR, could not open sigs file\n"); + SCLogError(SC_ERR_OPENING_RULE_FILE, "ERROR opening rule file %s." + " Check the path and perms.", sig_file); return -1; } char line[8192] = ""; @@ -243,6 +249,7 @@ int SigLoadSignatures (DetectEngineCtx *de_ctx, char *sig_file) Signature *prevsig = NULL, *sig; ConfNode *rule_files; ConfNode *file = NULL; + int ret = 0; int r = 0; int cnt = 0; int cntf = 0; @@ -284,11 +291,11 @@ int SigLoadSignatures (DetectEngineCtx *de_ctx, char *sig_file) sfile = DetectLoadCompleteSigPath(file->val); SCLogInfo("Loading rule file: %s", sfile); r = DetectLoadSigFile(de_ctx, sfile); + cntf++; if (r > 0) { cnt += r; - cntf++; - } else { - SCLogInfo("Problems loading rule file: %s", sfile); + } else if (r == 0){ + SCLogError(SC_ERR_NO_RULES, "No rules loaded from %s", sfile); } free(sfile); } @@ -298,18 +305,18 @@ int SigLoadSignatures (DetectEngineCtx *de_ctx, char *sig_file) if (sig_file != NULL) { SCLogInfo("Loading rule file: %s", sig_file); r = DetectLoadSigFile(de_ctx, sig_file); + cntf++; if (r > 0) { cnt += r; - cntf++; - } else { - SCLogInfo("Problems loading rule file: %s", sig_file); + } else if (r == 0) { + SCLogError(SC_ERR_NO_RULES, "No rules loaded from %s", sig_file); } } /* now we should have signatures to work with */ if (cnt <= 0) { - SCLogInfo("No rule file loaded!"); - return -1; + SCLogError(SC_ERR_NO_RULES_LOADED, "%d rule files specified, but no rule was loaded at all!", cntf); + ret = -1; } else { SCLogInfo("%d rules loaded from %d files.", cnt, cntf); } diff --git a/src/eidps.c b/src/eidps.c index c9fcb0dc9a..b25b8ea9e7 100644 --- a/src/eidps.c +++ b/src/eidps.c @@ -585,8 +585,7 @@ int main(int argc, char **argv) LogFileCtx *au2a_logfile_ctx = Unified2AlertInitCtx(NULL); if (SigLoadSignatures(de_ctx, sig_file) < 0) { - printf("ERROR: loading signatures failed.\n"); - exit(EXIT_FAILURE); + SCLogError(SC_ERR_NO_RULES_LOADED, "Loading signatures failed.\n"); } struct timeval start_time; diff --git a/src/util-error.c b/src/util-error.c index 0aac067ae6..040bc68d4f 100644 --- a/src/util-error.c +++ b/src/util-error.c @@ -25,6 +25,10 @@ const char * SCErrorToString(SCError err) CASE_CODE (SC_PCRE_PARSE_FAILED); CASE_CODE (SC_LOG_MODULE_NOT_INIT); CASE_CODE (SC_LOG_FG_FILTER_MATCH_FAILED); + CASE_CODE (SC_ERR_OPENING_FILE); + CASE_CODE (SC_ERR_OPENING_RULE_FILE); + CASE_CODE (SC_ERR_NO_RULES); + CASE_CODE (SC_ERR_NO_RULES_LOADED); CASE_CODE (SC_COUNTER_EXCEEDED); CASE_CODE (SC_INVALID_CHECKSUM); CASE_CODE (SC_SPRINTF_ERROR); diff --git a/src/util-error.h b/src/util-error.h index 7bc8173f3c..54476e9fb9 100644 --- a/src/util-error.h +++ b/src/util-error.h @@ -28,6 +28,9 @@ typedef enum { SC_INVALID_IPV6_ADDR, SC_ERR_INVALID_SIGNATURE, SC_ERR_OPENING_FILE, + SC_ERR_OPENING_RULE_FILE, + SC_ERR_NO_RULES, + SC_ERR_NO_RULES_LOADED, SC_ERR_FOPEN, SC_INITIALIZATION_ERROR, SC_THREAD_SPAWN_FAILED,