From 2c665c4b2437909b6561d4b28b267e397bb5aceb Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Sun, 22 Oct 2023 10:05:49 -0400 Subject: [PATCH] detect/tenants: Add tenant context to rule loads Issue: 1520 This commit adds the tenant id for context to rule and .config file loads. --- src/detect-engine-build.c | 16 +++++++++++----- src/detect-engine-loader.c | 17 ++++++++++++++--- src/detect-engine.c | 20 +++++++++++--------- src/detect-engine.h | 2 +- src/util-classification-config.c | 8 ++++++-- src/util-reference-config.c | 8 ++++++-- src/util-threshold-config.c | 6 +++++- 7 files changed, 54 insertions(+), 23 deletions(-) diff --git a/src/detect-engine-build.c b/src/detect-engine-build.c index 8b7621271983..af59884cced1 100644 --- a/src/detect-engine-build.c +++ b/src/detect-engine-build.c @@ -1496,11 +1496,17 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx) } if (!(de_ctx->flags & DE_QUIET)) { - SCLogInfo("%" PRIu32 " signatures processed. %" PRIu32 " are IP-only " - "rules, %" PRIu32 " are inspecting packet payload, %"PRIu32 - " inspect application layer, %"PRIu32" are decoder event only", - de_ctx->sig_cnt, cnt_iponly, cnt_payload, cnt_applayer, - cnt_deonly); + if (strlen(de_ctx->config_prefix) > 0) + SCLogInfo("tenant id %d: %" PRIu32 " signatures processed. %" PRIu32 " are IP-only " + "rules, %" PRIu32 " are inspecting packet payload, %" PRIu32 + " inspect application layer, %" PRIu32 " are decoder event only", + de_ctx->tenant_id, de_ctx->sig_cnt, cnt_iponly, cnt_payload, cnt_applayer, + cnt_deonly); + else + SCLogInfo("%" PRIu32 " signatures processed. %" PRIu32 " are IP-only " + "rules, %" PRIu32 " are inspecting packet payload, %" PRIu32 + " inspect application layer, %" PRIu32 " are decoder event only", + de_ctx->sig_cnt, cnt_iponly, cnt_payload, cnt_applayer, cnt_deonly); SCLogConfig("building signature grouping structure, stage 1: " "preprocessing rules... complete"); diff --git a/src/detect-engine-loader.c b/src/detect-engine-loader.c index 3ef29b9b40f1..ae01f406e9ec 100644 --- a/src/detect-engine-loader.c +++ b/src/detect-engine-loader.c @@ -245,7 +245,11 @@ static int ProcessSigFiles(DetectEngineCtx *de_ctx, char *pattern, if (strcmp("/dev/null", fname) == 0) return 0; #endif - SCLogConfig("Loading rule file: %s", fname); + if (strlen(de_ctx->config_prefix) > 0) { + SCLogConfig("tenant id %d: Loading rule file: %s", de_ctx->tenant_id, fname); + } else { + SCLogConfig("Loading rule file: %s", fname); + } r = DetectLoadSigFile(de_ctx, fname, good_sigs, bad_sigs); if (r < 0) { ++(st->bad_files); @@ -347,8 +351,15 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl } } else { /* we report the total of files and rules successfully loaded and failed */ - SCLogInfo("%" PRId32 " rule files processed. %" PRId32 " rules successfully loaded, %" PRId32 " rules failed", - sig_stat->total_files, sig_stat->good_sigs_total, sig_stat->bad_sigs_total); + if (strlen(de_ctx->config_prefix) > 0) + SCLogInfo("tenant id %d: %" PRId32 " rule files processed. %" PRId32 + " rules successfully loaded, %" PRId32 " rules failed", + de_ctx->tenant_id, sig_stat->total_files, sig_stat->good_sigs_total, + sig_stat->bad_sigs_total); + else + SCLogInfo("%" PRId32 " rule files processed. %" PRId32 + " rules successfully loaded, %" PRId32 " rules failed", + sig_stat->total_files, sig_stat->good_sigs_total, sig_stat->bad_sigs_total); } if ((sig_stat->bad_sigs_total || sig_stat->bad_files) && de_ctx->failure_fatal) { diff --git a/src/detect-engine.c b/src/detect-engine.c index d8f9f1880e56..e50a6fa505ad 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2462,7 +2462,8 @@ static int DetectEngineReloadThreads(DetectEngineCtx *new_de_ctx) return -1; } -static DetectEngineCtx *DetectEngineCtxInitReal(enum DetectEngineType type, const char *prefix) +static DetectEngineCtx *DetectEngineCtxInitReal( + enum DetectEngineType type, const char *prefix, uint32_t tenant_id) { DetectEngineCtx *de_ctx = SCMalloc(sizeof(DetectEngineCtx)); if (unlikely(de_ctx == NULL)) @@ -2474,6 +2475,7 @@ static DetectEngineCtx *DetectEngineCtxInitReal(enum DetectEngineType type, cons de_ctx->sigerror = NULL; de_ctx->type = type; de_ctx->filemagic_thread_ctx_id = -1; + de_ctx->tenant_id = tenant_id; if (type == DETECT_ENGINE_TYPE_DD_STUB || type == DETECT_ENGINE_TYPE_MT_STUB) { de_ctx->version = DetectEngineGetVersion(); @@ -2547,25 +2549,25 @@ static DetectEngineCtx *DetectEngineCtxInitReal(enum DetectEngineType type, cons DetectEngineCtx *DetectEngineCtxInitStubForMT(void) { - return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_MT_STUB, NULL); + return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_MT_STUB, NULL, 0); } DetectEngineCtx *DetectEngineCtxInitStubForDD(void) { - return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_DD_STUB, NULL); + return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_DD_STUB, NULL, 0); } DetectEngineCtx *DetectEngineCtxInit(void) { - return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_NORMAL, NULL); + return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_NORMAL, NULL, 0); } -DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix) +DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix, uint32_t tenant_id) { if (prefix == NULL || strlen(prefix) == 0) return DetectEngineCtxInit(); else - return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_NORMAL, prefix); + return DetectEngineCtxInitReal(DETECT_ENGINE_TYPE_NORMAL, prefix, tenant_id); } static void DetectEngineCtxFreeThreadKeywordData(DetectEngineCtx *de_ctx) @@ -3841,7 +3843,7 @@ static int DetectEngineMultiTenantLoadTenant(uint32_t tenant_id, const char *fil goto error; } - de_ctx = DetectEngineCtxInitWithPrefix(prefix); + de_ctx = DetectEngineCtxInitWithPrefix(prefix, tenant_id); if (de_ctx == NULL) { SCLogError("initializing detection engine " "context failed."); @@ -3901,7 +3903,7 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f goto error; } - DetectEngineCtx *new_de_ctx = DetectEngineCtxInitWithPrefix(prefix); + DetectEngineCtx *new_de_ctx = DetectEngineCtxInitWithPrefix(prefix, tenant_id); if (new_de_ctx == NULL) { SCLogError("initializing detection engine " "context failed."); @@ -4759,7 +4761,7 @@ int DetectEngineReload(const SCInstance *suri) } /* get new detection engine */ - new_de_ctx = DetectEngineCtxInitWithPrefix(prefix); + new_de_ctx = DetectEngineCtxInitWithPrefix(prefix, old_de_ctx->tenant_id); if (new_de_ctx == NULL) { SCLogError("initializing detection engine " "context failed."); diff --git a/src/detect-engine.h b/src/detect-engine.h index a1732b16a993..02e784ee973c 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -88,7 +88,7 @@ void DetectEngineBufferTypeSupportsMpm(DetectEngineCtx *de_ctx, const char *name void DetectEngineBufferTypeSupportsTransformations(DetectEngineCtx *de_ctx, const char *name); /* prototypes */ -DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix); +DetectEngineCtx *DetectEngineCtxInitWithPrefix(const char *prefix, uint32_t tenant_id); DetectEngineCtx *DetectEngineCtxInit(void); DetectEngineCtx *DetectEngineCtxInitStubForDD(void); DetectEngineCtx *DetectEngineCtxInitStubForMT(void); diff --git a/src/util-classification-config.c b/src/util-classification-config.c index be42469e6d4a..9d7ed05bde32 100644 --- a/src/util-classification-config.c +++ b/src/util-classification-config.c @@ -363,8 +363,12 @@ static bool SCClassConfParseFile(DetectEngineCtx *de_ctx, FILE *fd) } #ifdef UNITTESTS - SCLogInfo("Added \"%d\" classification types from the classification file", - de_ctx->class_conf_ht->count); + if (de_ctx != NULL && strlen(de_ctx->config_prefix) > 0) + SCLogInfo("tenant id %d: Added \"%d\" classification types from the classification file", + de_ctx->tenant_id, de_ctx->class_conf_ht->count); + else + SCLogInfo("Added \"%d\" classification types from the classification file", + de_ctx->class_conf_ht->count); #endif return errors == 0; diff --git a/src/util-reference-config.c b/src/util-reference-config.c index 0a3109825229..0e5c51ea141e 100644 --- a/src/util-reference-config.c +++ b/src/util-reference-config.c @@ -335,8 +335,12 @@ static bool SCRConfParseFile(DetectEngineCtx *de_ctx, FILE *fd) } #ifdef UNITTESTS - SCLogInfo("Added \"%d\" reference types from the reference.config file", - de_ctx->reference_conf_ht->count); + if (de_ctx != NULL && strlen(de_ctx->config_prefix) > 0) + SCLogInfo("tenant id %d: Added \"%d\" reference types from the reference.config file", + de_ctx->tenant_id, de_ctx->reference_conf_ht->count); + else + SCLogInfo("Added \"%d\" reference types from the reference.config file", + de_ctx->reference_conf_ht->count); #endif /* UNITTESTS */ return true; } diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c index 5d762a8f7091..0e5caf83265f 100644 --- a/src/util-threshold-config.c +++ b/src/util-threshold-config.c @@ -1042,7 +1042,11 @@ int SCThresholdConfParseFile(DetectEngineCtx *de_ctx, FILE *fp) } } - SCLogInfo("Threshold config parsed: %d rule(s) found", rule_num); + if (de_ctx != NULL && strlen(de_ctx->config_prefix) > 0) + SCLogInfo("tenant id %d: Threshold config parsed: %d rule(s) found", de_ctx->tenant_id, + rule_num); + else + SCLogInfo("Threshold config parsed: %d rule(s) found", rule_num); return 0; }