From 6ba0956a75f722dfea1eebccf130c4c3f5182bfc Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 8 Aug 2023 19:59:57 +0200 Subject: [PATCH] multi-tenant: allow reload w/o yaml path Store yaml path in de ctx, for reloads w/o path. This allows for a simpler `reload-tenant N`, where the previously used yaml is reloaded. --- doc/userguide/partials/commands-sc.rst | 6 ++++-- python/suricata/sc/specs.py | 2 +- src/detect-engine.c | 27 ++++++++++++++++++++++---- src/detect.h | 2 ++ src/runmode-unix-socket.c | 20 ++++++++++--------- 5 files changed, 41 insertions(+), 16 deletions(-) diff --git a/doc/userguide/partials/commands-sc.rst b/doc/userguide/partials/commands-sc.rst index a21c2f20cad3..c99f67d8e7b8 100644 --- a/doc/userguide/partials/commands-sc.rst +++ b/doc/userguide/partials/commands-sc.rst @@ -82,9 +82,11 @@ Register tenant with a particular ID and filename. -.. describe:: reload-tenant +.. describe:: reload-tenant [filename] - Reload a tenant with specified ID and filename. + Reload a tenant with specified ID. A filename to a tenant yaml can be + specified. If it is omitted, the original yaml that was used to load + / last reload the tenant is used. .. describe:: unregister-tenant diff --git a/python/suricata/sc/specs.py b/python/suricata/sc/specs.py index eec831a2d8bd..c7e045873303 100644 --- a/python/suricata/sc/specs.py +++ b/python/suricata/sc/specs.py @@ -116,7 +116,7 @@ }, { "name": "filename", - "required": 1, + "required": 0, }, ], "add-hostbit": [ diff --git a/src/detect-engine.c b/src/detect-engine.c index 251c586bc061..90296c092721 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2661,6 +2661,10 @@ void DetectEngineCtxFree(DetectEngineCtx *de_ctx) SCClassConfDeinit(de_ctx); SCReferenceConfDeinit(de_ctx); + if (de_ctx->tenant_path) { + SCFree(de_ctx->tenant_path); + } + SCFree(de_ctx); //DetectAddressGroupPrintMemory(); //DetectSigGroupPrintMemory(); @@ -3844,6 +3848,11 @@ static int DetectEngineMultiTenantLoadTenant(uint32_t tenant_id, const char *fil de_ctx->type = DETECT_ENGINE_TYPE_TENANT; de_ctx->tenant_id = tenant_id; de_ctx->loader_id = loader_id; + de_ctx->tenant_path = SCStrdup(filename); + if (de_ctx->tenant_path == NULL) { + SCLogError("Failed to duplicate path"); + goto error; + } if (SigLoadSignatures(de_ctx, NULL, 0) < 0) { SCLogError("Loading signatures failed."); @@ -3869,6 +3878,9 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f return -1; } + if (filename == NULL) + filename = old_de_ctx->tenant_path; + char prefix[64]; snprintf(prefix, sizeof(prefix), "multi-detect.%u.reload.%d", tenant_id, reload_cnt); reload_cnt++; @@ -3896,6 +3908,11 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f new_de_ctx->type = DETECT_ENGINE_TYPE_TENANT; new_de_ctx->tenant_id = tenant_id; new_de_ctx->loader_id = old_de_ctx->loader_id; + new_de_ctx->tenant_path = SCStrdup(filename); + if (new_de_ctx->tenant_path == NULL) { + SCLogError("Failed to duplicate path"); + goto error; + } if (SigLoadSignatures(new_de_ctx, NULL, 0) < 0) { SCLogError("Loading signatures failed."); @@ -3982,10 +3999,12 @@ static int DetectLoaderSetupReloadTenant(uint32_t tenant_id, const char *yaml, i return -ENOMEM; t->tenant_id = tenant_id; - t->yaml = SCStrdup(yaml); - if (t->yaml == NULL) { - SCFree(t); - return -ENOMEM; + if (yaml != NULL) { + t->yaml = SCStrdup(yaml); + if (t->yaml == NULL) { + SCFree(t); + return -ENOMEM; + } } t->reload_cnt = reload_cnt; diff --git a/src/detect.h b/src/detect.h index 8757539e72f5..fd299c5047b2 100644 --- a/src/detect.h +++ b/src/detect.h @@ -1024,6 +1024,8 @@ typedef struct DetectEngineCtx_ { /* --engine-analysis */ struct EngineAnalysisCtx_ *ea; + /* path to the tenant yaml for this engine */ + char *tenant_path; } DetectEngineCtx; /* Engine groups profiles (low, medium, high, custom) */ diff --git a/src/runmode-unix-socket.c b/src/runmode-unix-socket.c index 5216efc2de6c..7de884c9279f 100644 --- a/src/runmode-unix-socket.c +++ b/src/runmode-unix-socket.c @@ -1072,7 +1072,7 @@ static int reload_cnt = 1; */ TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data) { - const char *filename; + const char *filename = NULL; SCStat st; if (!(DetectEngineMultiTenantEnabled())) { @@ -1091,14 +1091,16 @@ TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data) /* 2 get tenant yaml */ jarg = json_object_get(cmd, "filename"); - if (!json_is_string(jarg)) { - json_object_set_new(answer, "message", json_string("command is not a string")); - return TM_ECODE_FAILED; - } - filename = json_string_value(jarg); - if (SCStatFn(filename, &st) != 0) { - json_object_set_new(answer, "message", json_string("file does not exist")); - return TM_ECODE_FAILED; + if (jarg) { + if (!json_is_string(jarg)) { + json_object_set_new(answer, "message", json_string("command is not a string")); + return TM_ECODE_FAILED; + } + filename = json_string_value(jarg); + if (SCStatFn(filename, &st) != 0) { + json_object_set_new(answer, "message", json_string("file does not exist")); + return TM_ECODE_FAILED; + } } SCLogDebug("reload-tenant: %d %s", tenant_id, filename);