multi-tenant: allow reload w/o yaml path

Store yaml path in de ctx, for reloads w/o path. This allows for a simpler `reload-tenant N`, where the previously used yaml is reloaded.
catenacyber · Aug 11, 2023 · 6ba0956 · 6ba0956
1 parent 227caf1
commit 6ba0956
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 16 deletions.
diff --git a/doc/userguide/partials/commands-sc.rst b/doc/userguide/partials/commands-sc.rst
@@ -82,9 +82,11 @@
 
    Register tenant with a particular ID and filename.
 
-.. describe:: reload-tenant <id> <filename>
+.. describe:: reload-tenant <id> [filename]
 
-   Reload a tenant with specified ID and filename.
+   Reload a tenant with specified ID. A filename to a tenant yaml can be
+   specified. If it is omitted, the original yaml that was used to load
+   / last reload the tenant is used.
 
 .. describe:: unregister-tenant <id>
 

diff --git a/python/suricata/sc/specs.py b/python/suricata/sc/specs.py
@@ -116,7 +116,7 @@
         },
         {
             "name": "filename",
-            "required": 1,
+            "required": 0,
         },
     ],
     "add-hostbit": [

diff --git a/src/detect-engine.c b/src/detect-engine.c
@@ -2661,6 +2661,10 @@ void DetectEngineCtxFree(DetectEngineCtx *de_ctx)
     SCClassConfDeinit(de_ctx);
     SCReferenceConfDeinit(de_ctx);
 
+    if (de_ctx->tenant_path) {
+        SCFree(de_ctx->tenant_path);
+    }
+
     SCFree(de_ctx);
     //DetectAddressGroupPrintMemory();
     //DetectSigGroupPrintMemory();
@@ -3844,6 +3848,11 @@ static int DetectEngineMultiTenantLoadTenant(uint32_t tenant_id, const char *fil
     de_ctx->type = DETECT_ENGINE_TYPE_TENANT;
     de_ctx->tenant_id = tenant_id;
     de_ctx->loader_id = loader_id;
+    de_ctx->tenant_path = SCStrdup(filename);
+    if (de_ctx->tenant_path == NULL) {
+        SCLogError("Failed to duplicate path");
+        goto error;
+    }
 
     if (SigLoadSignatures(de_ctx, NULL, 0) < 0) {
         SCLogError("Loading signatures failed.");
@@ -3869,6 +3878,9 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
         return -1;
     }
 
+    if (filename == NULL)
+        filename = old_de_ctx->tenant_path;
+
     char prefix[64];
     snprintf(prefix, sizeof(prefix), "multi-detect.%u.reload.%d", tenant_id, reload_cnt);
     reload_cnt++;
@@ -3896,6 +3908,11 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
     new_de_ctx->type = DETECT_ENGINE_TYPE_TENANT;
     new_de_ctx->tenant_id = tenant_id;
     new_de_ctx->loader_id = old_de_ctx->loader_id;
+    new_de_ctx->tenant_path = SCStrdup(filename);
+    if (new_de_ctx->tenant_path == NULL) {
+        SCLogError("Failed to duplicate path");
+        goto error;
+    }
 
     if (SigLoadSignatures(new_de_ctx, NULL, 0) < 0) {
         SCLogError("Loading signatures failed.");
@@ -3982,10 +3999,12 @@ static int DetectLoaderSetupReloadTenant(uint32_t tenant_id, const char *yaml, i
         return -ENOMEM;
 
     t->tenant_id = tenant_id;
-    t->yaml = SCStrdup(yaml);
-    if (t->yaml == NULL) {
-        SCFree(t);
-        return -ENOMEM;
+    if (yaml != NULL) {
+        t->yaml = SCStrdup(yaml);
+        if (t->yaml == NULL) {
+            SCFree(t);
+            return -ENOMEM;
+        }
     }
     t->reload_cnt = reload_cnt;
 

diff --git a/src/detect.h b/src/detect.h
@@ -1024,6 +1024,8 @@ typedef struct DetectEngineCtx_ {
     /* --engine-analysis */
     struct EngineAnalysisCtx_ *ea;
 
+    /* path to the tenant yaml for this engine */
+    char *tenant_path;
 } DetectEngineCtx;
 
 /* Engine groups profiles (low, medium, high, custom) */

diff --git a/src/runmode-unix-socket.c b/src/runmode-unix-socket.c
@@ -1072,7 +1072,7 @@ static int reload_cnt = 1;
  */
 TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data)
 {
-    const char *filename;
+    const char *filename = NULL;
     SCStat st;
 
     if (!(DetectEngineMultiTenantEnabled())) {
@@ -1091,14 +1091,16 @@ TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data)
 
     /* 2 get tenant yaml */
     jarg = json_object_get(cmd, "filename");
-    if (!json_is_string(jarg)) {
-        json_object_set_new(answer, "message", json_string("command is not a string"));
-        return TM_ECODE_FAILED;
-    }
-    filename = json_string_value(jarg);
-    if (SCStatFn(filename, &st) != 0) {
-        json_object_set_new(answer, "message", json_string("file does not exist"));
-        return TM_ECODE_FAILED;
+    if (jarg) {
+        if (!json_is_string(jarg)) {
+            json_object_set_new(answer, "message", json_string("command is not a string"));
+            return TM_ECODE_FAILED;
+        }
+        filename = json_string_value(jarg);
+        if (SCStatFn(filename, &st) != 0) {
+            json_object_set_new(answer, "message", json_string("file does not exist"));
+            return TM_ECODE_FAILED;
+        }
     }
 
     SCLogDebug("reload-tenant: %d %s", tenant_id, filename);