Project

General

Profile

Download (6.54 KB)

Feature #338 ยป 0001-Add-S-commandline-option-that-loads-a-rule-file-excl.patch

Victor Julien, 11/08/2011 10:55 AM

View differences:

src/detect.c
* \brief Load signatures
* \param de_ctx Pointer to the detection engine context
* \param sig_file Filename holding signatures
* \param sig_file_exclusive File passed in 'sig_file' should be loaded exclusively.
* \retval -1 on error
*/
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file)
int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_exclusive)
{
SCEnter();
......
}
/* ok, let's load signature files from the general config */
rule_files = ConfGetNode("rule-files");
if (rule_files != NULL) {
TAILQ_FOREACH(file, &rule_files->head, next) {
sfile = DetectLoadCompleteSigPath(file->val);
SCLogDebug("Loading rule file: %s", sfile);
r = DetectLoadSigFile(de_ctx, sfile, &sigtotal);
cntf++;
if (r > 0) {
cnt += r;
} else if (r == 0){
SCLogWarning(SC_ERR_NO_RULES, "No rules loaded from %s", sfile);
if (de_ctx->failure_fatal == 1) {
exit(EXIT_FAILURE);
}
} else if (r < 0){
if (de_ctx->failure_fatal == 1) {
exit(EXIT_FAILURE);
if (!(sig_file != NULL && sig_file_exclusive == TRUE)) {
rule_files = ConfGetNode("rule-files");
if (rule_files != NULL) {
TAILQ_FOREACH(file, &rule_files->head, next) {
sfile = DetectLoadCompleteSigPath(file->val);
SCLogDebug("Loading rule file: %s", sfile);
r = DetectLoadSigFile(de_ctx, sfile, &sigtotal);
cntf++;
if (r > 0) {
cnt += r;
} else if (r == 0){
SCLogWarning(SC_ERR_NO_RULES, "No rules loaded from %s", sfile);
if (de_ctx->failure_fatal == 1) {
exit(EXIT_FAILURE);
}
} else if (r < 0){
if (de_ctx->failure_fatal == 1) {
exit(EXIT_FAILURE);
}
}
SCFree(sfile);
}
SCFree(sfile);
}
}
src/detect.h
int SigGroupCleanup (DetectEngineCtx *de_ctx);
void SigAddressPrepareBidirectionals (DetectEngineCtx *);
int SigLoadSignatures (DetectEngineCtx *, char *);
int SigLoadSignatures (DetectEngineCtx *, char *, int);
void SigTableSetup(void);
int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, Packet *p);
src/suricata.c
#ifdef IPFW
printf("\t-d <divert port> : run in inline ipfw divert mode\n");
#endif /* IPFW */
printf("\t-s <path> : path to signature file (optional)\n");
printf("\t-s <path> : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
printf("\t-S <path> : path to signature file loaded exclusively (optional)\n");
printf("\t-l <dir> : default log directory\n");
#ifndef OS_WIN32
printf("\t-D : run as daemon\n");
......
int opt;
char pcap_dev[128];
char *sig_file = NULL;
int sig_file_exclusive = FALSE;
char *conf_filename = NULL;
char *pid_filename = NULL;
#ifdef UNITTESTS
......
/* getopt_long stores the option index here. */
int option_index = 0;
char short_opts[] = "c:Dhi:l:q:d:r:us:U:VF:";
char short_opts[] = "c:Dhi:l:q:d:r:us:S:U:VF:";
while ((opt = getopt_long(argc, argv, short_opts, long_opts, &option_index)) != -1) {
switch (opt) {
......
}
break;
case 's':
if (sig_file != NULL) {
SCLogError(SC_ERR_CMD_LINE, "can't have multiple -s options or mix -s and -S.");
exit(EXIT_FAILURE);
}
sig_file = optarg;
break;
case 'S':
if (sig_file != NULL) {
SCLogError(SC_ERR_CMD_LINE, "can't have multiple -S options or mix -s and -S.");
exit(EXIT_FAILURE);
}
sig_file = optarg;
sig_file_exclusive = TRUE;
break;
case 'u':
#ifdef UNITTESTS
......
ActionInitConfig();
if (SigLoadSignatures(de_ctx, sig_file) < 0) {
if (SigLoadSignatures(de_ctx, sig_file, sig_file_exclusive) < 0) {
if (sig_file == NULL) {
SCLogError(SC_ERR_OPENING_FILE, "Signature file has not been provided");
} else {
src/util-error.c
CASE_CODE (SC_ERR_AFP_CREATE);
CASE_CODE (SC_ERR_AFP_READ);
CASE_CODE (SC_ERR_AFP_DISPATCH);
CASE_CODE (SC_ERR_CMD_LINE);
default:
return "UNKNOWN_ERROR";
src/util-error.h
SC_ERR_AFP_DISPATCH,
SC_ERR_NO_AF_PACKET,
SC_ERR_PCAP_FILE_DELETE_FAILED,
SC_ERR_CMD_LINE,
} SCError;
const char *SCErrorToString(SCError);
    (1-1/1)