Revision: 1767
http://ipcop.svn.sourceforge.net/ipcop/?rev=1767&view=rev
Author: owes
Date: 2008-09-01 13:34:11 +0000 (Mon, 01 Sep 2008)
Log Message:
-----------
apply CodingStyle.
Will not do more snort changes for some time, better left for someone with more
knowledge / interest in snort.
Modified Paths:
--------------
ipcop/trunk/src/misc-progs/restartsnort.c
Modified: ipcop/trunk/src/misc-progs/restartsnort.c
===================================================================
--- ipcop/trunk/src/misc-progs/restartsnort.c 2008-09-01 13:32:14 UTC (rev
1766)
+++ ipcop/trunk/src/misc-progs/restartsnort.c 2008-09-01 13:34:11 UTC (rev
1767)
@@ -25,403 +25,388 @@
NODEKV *eth_kv = NULL;
NODEKV *snort_kv = NULL;
FILE *varsfile = NULL;
-int pid_green=0;
-int pid_red=0;
-int pid_orange=0;
-int pid_blue=0;
-int verbose=0;
+int pid_green = 0;
+int pid_red = 0;
+int pid_orange = 0;
+int pid_blue = 0;
+int verbose = 0;
void exithandler(void)
{
- if (varsfile)
- fclose (varsfile);
+ if (varsfile)
+ fclose(varsfile);
- if (eth_kv)
- free_kv(ð_kv);
+ if (eth_kv)
+ free_kv(ð_kv);
}
int killsnort(char *interface)
{
- int fd;
- char pidname[STRING_SIZE] = "";
- char buffer[STRING_SIZE] = "";
- int pid;
+ int fd;
+ char pidname[STRING_SIZE] = "";
+ char buffer[STRING_SIZE] = "";
+ int pid;
- sprintf(pidname, "/var/run/snort_%s.pid", interface);
+ sprintf(pidname, "/var/run/snort_%s.pid", interface);
- if ((fd = open(pidname, O_RDONLY)) != -1)
- {
- if (read(fd, buffer, STRING_SIZE - 1) == -1)
- {
- close(fd);
- fprintf(stderr, "Couldn't read from pid file\n");
- }
- else
- {
- close(fd);
- pid = atoi(buffer);
- if (pid <= 1)
- fprintf(stderr, "Bad pid value\n");
- else
- {
- if (kill(pid, SIGTERM) == -1) {
- /* snort has dropped priviledges and
can't remove a pid
- owned root:root during termination.
- So if we stop using one interface
for snort, pid remain forever.
- Clean a pid that is not alive.
- */
- fprintf(stderr, "Unable to send SIGTERM
to %d, cleaning %s\n", pid, pidname);
- unlink(pidname);
- } else {
- /* help not mixing instances in the log
*/
- sleep(2);
- return pid;
- }
- }
- }
- }
- return 0;
+ if ((fd = open(pidname, O_RDONLY)) != -1) {
+ if (read(fd, buffer, STRING_SIZE - 1) == -1) {
+ close(fd);
+ fprintf(stderr, "Couldn't read from pid file\n");
+ }
+ else {
+ close(fd);
+ pid = atoi(buffer);
+ if (pid <= 1)
+ fprintf(stderr, "Bad pid value\n");
+ else {
+ if (kill(pid, SIGTERM) == -1) {
+ /* snort has dropped priviledges and can't remove a pid
+ owned root:root during termination.
+ So if we stop using one interface for snort, pid remain
forever.
+ Clean a pid that is not alive.
+ */
+ fprintf(stderr, "Unable to send SIGTERM to %d, cleaning
%s\n", pid, pidname);
+ unlink(pidname);
+ }
+ else {
+ /* help not mixing instances in the log */
+ sleep(2);
+ return pid;
+ }
+ }
+ }
+ }
+ return 0;
}
/* snort take long to die itself with TERM signal. killsnort() start the dying
process
and here we wait for completion
*/
-void wait_pids_to_die (int signal, int loop)
+void wait_pids_to_die(int signal, int loop)
{
- /* Use SIGCONT when checking if task active
- Note: waitpid() cannot be used because :
- - snorts are not child of this prog,
- - we not always kill all interfaces (on the same pgid)
- */
- do {
- /* pid is non 0 if we want to kill that interface */
- if (pid_green) {
- if (kill(pid_green, signal) != 0 ) pid_green = 0;
/* ok process is dead */
- }
- if (pid_red) {
- if (kill(pid_red, signal) != 0) pid_red = 0;
- }
- if (pid_orange) {
- if (kill(pid_orange, signal) != 0) pid_orange = 0;
- }
- if (pid_blue) {
- if (kill(pid_blue, signal) != 0) pid_blue = 0;
- }
- /* sleep() always returns 0 */
- if (verbose) fprintf(stderr, "%d %d %d %d %d\n", pid_green,
pid_red, pid_orange, pid_blue, loop);
- } while ( (loop--) && (pid_green+pid_red+pid_orange+pid_blue) &&
(sleep(1)==0) );
+ /* Use SIGCONT when checking if task active
+ Note: waitpid() cannot be used because :
+ - snorts are not child of this prog,
+ - we not always kill all interfaces (on the same pgid)
+ */
+ do {
+ /* pid is non 0 if we want to kill that interface */
+ if (pid_green) {
+ if (kill(pid_green, signal) != 0)
+ pid_green = 0; /* ok process is dead */
+ }
+ if (pid_red) {
+ if (kill(pid_red, signal) != 0)
+ pid_red = 0;
+ }
+ if (pid_orange) {
+ if (kill(pid_orange, signal) != 0)
+ pid_orange = 0;
+ }
+ if (pid_blue) {
+ if (kill(pid_blue, signal) != 0)
+ pid_blue = 0;
+ }
+ /* sleep() always returns 0 */
+ if (verbose)
+ fprintf(stderr, "%d %d %d %d %d\n", pid_green, pid_red,
pid_orange, pid_blue, loop);
+ } while ((loop--) && (pid_green + pid_red + pid_orange + pid_blue) &&
(sleep(1) == 0));
}
int main(int argc, char *argv[])
{
- FILE *ifacefile, *ipfile, *dns1file, *dns2file;
- char iface[STRING_SIZE] = "";
- char locip[STRING_SIZE] = "";
- char dns1[STRING_SIZE] = "";
- char dns2[STRING_SIZE] = "";
- char command[STRING_SIZE] = "";
- char greendev[STRING_SIZE] = "";
- char orangedev[STRING_SIZE] = "";
- char bluedev[STRING_SIZE] = "";
- char greenip[STRING_SIZE] = "";
- char orangeip[STRING_SIZE] = "";
- char blueip[STRING_SIZE] = "";
- char * snortconfig;
- struct stat st;
- int i;
- int restartred = 0, restartgreen = 0, restartblue = 0, restartorange =
0;
- int enabledred = 0, enabledgreen = 0, enabledblue = 0, enabledorange = 0;
- char value[STRING_SIZE] = "";
- int start=0; /* collect all start values to return an error if any */
+ FILE *ifacefile, *ipfile, *dns1file, *dns2file;
+ char iface[STRING_SIZE] = "";
+ char locip[STRING_SIZE] = "";
+ char dns1[STRING_SIZE] = "";
+ char dns2[STRING_SIZE] = "";
+ char command[STRING_SIZE] = "";
+ char greendev[STRING_SIZE] = "";
+ char orangedev[STRING_SIZE] = "";
+ char bluedev[STRING_SIZE] = "";
+ char greenip[STRING_SIZE] = "";
+ char orangeip[STRING_SIZE] = "";
+ char blueip[STRING_SIZE] = "";
+ char *snortconfig;
+ struct stat st;
+ int i;
+ int restartred = 0, restartgreen = 0, restartblue = 0, restartorange = 0;
+ int enabledred = 0, enabledgreen = 0, enabledblue = 0, enabledorange = 0;
+ char value[STRING_SIZE] = "";
+ int start = 0; /* collect all start values to return an error
if any */
- if (!(initsetuid()))
- exit(1);
+ if (!(initsetuid()))
+ exit(1);
- atexit(exithandler);
+ atexit(exithandler);
- for (i=0; i<argc; i++) {
- if (!strcmp(argv[i], "red"))
- restartred = 1;
- if (!strcmp(argv[i], "orange"))
- restartorange = 1;
- if (!strcmp(argv[i], "blue"))
- restartblue = 1;
- if (!strcmp(argv[i], "green"))
- restartgreen = 1;
- if (!strcmp(argv[i], "-v"))
- verbose = 1;
- }
+ for (i = 0; i < argc; i++) {
+ if (!strcmp(argv[i], "red"))
+ restartred = 1;
+ if (!strcmp(argv[i], "orange"))
+ restartorange = 1;
+ if (!strcmp(argv[i], "blue"))
+ restartblue = 1;
+ if (!strcmp(argv[i], "green"))
+ restartgreen = 1;
+ if (!strcmp(argv[i], "-v"))
+ verbose = 1;
+ }
- if (read_kv_from_file(&snort_kv, "/var/ipcop/snort/settings") !=
SUCCESS)
- {
- fprintf(stderr, "Couldn't read snort/settings\n");
- exit(1);
- }
- if (read_kv_from_file(ð_kv, "/var/ipcop/ethernet/settings") !=
SUCCESS)
- {
- fprintf(stderr, "Couldn't read ethernet/settings\n");
- exit(1);
- }
+ if (read_kv_from_file(&snort_kv, "/var/ipcop/snort/settings") != SUCCESS) {
+ fprintf(stderr, "Couldn't read snort/settings\n");
+ exit(1);
+ }
+ if (read_kv_from_file(ð_kv, "/var/ipcop/ethernet/settings") != SUCCESS)
{
+ fprintf(stderr, "Couldn't read ethernet/settings\n");
+ exit(1);
+ }
- if (find_kv_default(eth_kv, "GREEN_1_DEV", greendev) != SUCCESS) {
- fprintf(stderr, "Couldn't find GREEN device\n");
- exit(1);
- }
- if (! strlen (greendev) > 0) {
- fprintf(stderr, "Couldn't find GREEN device\n");
- exit(1);
- }
- if (!VALID_DEVICE(greendev))
- {
- fprintf(stderr, "Bad GREEN_1_DEV: %s\n", greendev);
- exit(1);
- }
- if (find_kv_default(eth_kv, "GREEN_1_ADDRESS", greenip) != SUCCESS) {
- fprintf(stderr, "Couldn't find GREEN address\n");
- exit(1);
- }
- if (!VALID_IP(greenip)) {
- fprintf(stderr, "Bad GREEN_1_ADDRESS: %s\n", greenip);
- exit(1);
- }
+ if (find_kv_default(eth_kv, "GREEN_1_DEV", greendev) != SUCCESS) {
+ fprintf(stderr, "Couldn't find GREEN device\n");
+ exit(1);
+ }
+ if (!strlen(greendev) > 0) {
+ fprintf(stderr, "Couldn't find GREEN device\n");
+ exit(1);
+ }
+ if (!VALID_DEVICE(greendev)) {
+ fprintf(stderr, "Bad GREEN_1_DEV: %s\n", greendev);
+ exit(1);
+ }
+ if (find_kv_default(eth_kv, "GREEN_1_ADDRESS", greenip) != SUCCESS) {
+ fprintf(stderr, "Couldn't find GREEN address\n");
+ exit(1);
+ }
+ if (!VALID_IP(greenip)) {
+ fprintf(stderr, "Bad GREEN_1_ADDRESS: %s\n", greenip);
+ exit(1);
+ }
- if ((find_kv_default(eth_kv, "ORANGE_1_DEV", orangedev) == SUCCESS)
- && strlen (orangedev) > 0)
- {
- if (!VALID_DEVICE(orangedev))
- {
- fprintf(stderr, "Bad ORANGE_DEV: %s\n", orangedev);
- exit(1);
- }
- if (find_kv_default(eth_kv, "ORANGE_1_ADDRESS", orangeip) !=
SUCCESS) {
- fprintf(stderr, "Couldn't find ORANGE address\n");
- exit(1);
- }
- if (!VALID_IP(orangeip)) {
- fprintf(stderr, "Bad ORANGE_1_ADDRESS: %s\n", orangeip);
- exit(1);
- }
- }
+ if ((find_kv_default(eth_kv, "ORANGE_1_DEV", orangedev) == SUCCESS)
+ && strlen(orangedev) > 0) {
+ if (!VALID_DEVICE(orangedev)) {
+ fprintf(stderr, "Bad ORANGE_DEV: %s\n", orangedev);
+ exit(1);
+ }
+ if (find_kv_default(eth_kv, "ORANGE_1_ADDRESS", orangeip) != SUCCESS) {
+ fprintf(stderr, "Couldn't find ORANGE address\n");
+ exit(1);
+ }
+ if (!VALID_IP(orangeip)) {
+ fprintf(stderr, "Bad ORANGE_1_ADDRESS: %s\n", orangeip);
+ exit(1);
+ }
+ }
- if ((find_kv_default(eth_kv, "BLUE_1_DEV", bluedev) == SUCCESS)
- && strlen (bluedev) > 0)
- {
- if (!VALID_DEVICE(bluedev))
- {
- fprintf(stderr, "Bad BLUE_DEV: %s\n", bluedev);
- exit(1);
- }
- if (find_kv_default(eth_kv, "BLUE_1_ADDRESS", blueip) !=
SUCCESS) {
- fprintf(stderr, "Couldn't find BLUE address\n");
- exit(1);
- }
- if (!VALID_IP(blueip)) {
- fprintf(stderr, "Bad BLUE_1_ADDRESS: %s\n", blueip);
- exit(1);
- }
- }
+ if ((find_kv_default(eth_kv, "BLUE_1_DEV", bluedev) == SUCCESS)
+ && strlen(bluedev) > 0) {
+ if (!VALID_DEVICE(bluedev)) {
+ fprintf(stderr, "Bad BLUE_DEV: %s\n", bluedev);
+ exit(1);
+ }
+ if (find_kv_default(eth_kv, "BLUE_1_ADDRESS", blueip) != SUCCESS) {
+ fprintf(stderr, "Couldn't find BLUE address\n");
+ exit(1);
+ }
+ if (!VALID_IP(blueip)) {
+ fprintf(stderr, "Bad BLUE_1_ADDRESS: %s\n", blueip);
+ exit(1);
+ }
+ }
- if ( access("/var/ipcop/red/active", F_OK) == 0 ){
- if (!(ifacefile = fopen("/var/ipcop/red/iface", "r")))
- {
- fprintf(stderr, "Couldn't open iface file\n");
- exit(0);
- }
+ if (access("/var/ipcop/red/active", F_OK) == 0) {
+ if (!(ifacefile = fopen("/var/ipcop/red/iface", "r"))) {
+ fprintf(stderr, "Couldn't open iface file\n");
+ exit(0);
+ }
- if (fgets(iface, STRING_SIZE, ifacefile))
- {
- if (iface[strlen(iface) - 1] == '\n')
- iface[strlen(iface) - 1] = '\0';
- }
- fclose(ifacefile);
- if (!VALID_DEVICE(iface))
- {
- fprintf(stderr, "Bad iface: %s\n", iface);
- exit(0);
- }
+ if (fgets(iface, STRING_SIZE, ifacefile)) {
+ if (iface[strlen(iface) - 1] == '\n')
+ iface[strlen(iface) - 1] = '\0';
+ }
+ fclose(ifacefile);
+ if (!VALID_DEVICE(iface)) {
+ fprintf(stderr, "Bad iface: %s\n", iface);
+ exit(0);
+ }
- if (!(ipfile = fopen("/var/ipcop/red/local-ipaddress", "r")))
- {
- fprintf(stderr, "Couldn't open local ip file\n");
- exit(0);
- }
- if (fgets(locip, STRING_SIZE, ipfile))
- {
- if (locip[strlen(locip) - 1] == '\n')
- locip[strlen(locip) - 1] = '\0';
- }
- fclose (ipfile);
- if (strlen(locip) && !VALID_IP(locip))
- {
- fprintf(stderr, "Bad local IP: %s\n", locip);
- exit(1);
- }
+ if (!(ipfile = fopen("/var/ipcop/red/local-ipaddress", "r"))) {
+ fprintf(stderr, "Couldn't open local ip file\n");
+ exit(0);
+ }
+ if (fgets(locip, STRING_SIZE, ipfile)) {
+ if (locip[strlen(locip) - 1] == '\n')
+ locip[strlen(locip) - 1] = '\0';
+ }
+ fclose(ipfile);
+ if (strlen(locip) && !VALID_IP(locip)) {
+ fprintf(stderr, "Bad local IP: %s\n", locip);
+ exit(1);
+ }
- if (!(dns1file = fopen("/var/ipcop/red/dns1", "r")))
- {
- fprintf(stderr, "Couldn't open dns1 file\n");
- exit(0);
- }
- if (fgets(dns1, STRING_SIZE, dns1file))
- {
- if (dns1[strlen(dns1) - 1] == '\n')
- dns1[strlen(dns1) - 1] = '\0';
- }
- fclose (dns1file);
- if (strlen(dns1) && !VALID_IP(dns1))
- {
- fprintf(stderr, "Bad DNS1 IP: %s\n", dns1);
- exit(1);
- }
+ if (!(dns1file = fopen("/var/ipcop/red/dns1", "r"))) {
+ fprintf(stderr, "Couldn't open dns1 file\n");
+ exit(0);
+ }
+ if (fgets(dns1, STRING_SIZE, dns1file)) {
+ if (dns1[strlen(dns1) - 1] == '\n')
+ dns1[strlen(dns1) - 1] = '\0';
+ }
+ fclose(dns1file);
+ if (strlen(dns1) && !VALID_IP(dns1)) {
+ fprintf(stderr, "Bad DNS1 IP: %s\n", dns1);
+ exit(1);
+ }
- if (!(dns2file = fopen("/var/ipcop/red/dns2", "r")))
- {
- fprintf(stderr, "Couldn't open dns2 file\n");
- exit(1);
- }
- if (fgets(dns2, STRING_SIZE, dns2file))
- {
- if (dns2[strlen(dns2) - 1] == '\n')
- dns2[strlen(dns2) - 1] = '\0';
- }
- fclose (dns2file);
- if (strlen(dns2) && !VALID_IP(dns2))
- {
- fprintf(stderr, "Bad DNS2 IP: %s\n", dns2);
- exit(1);
- }
- }
+ if (!(dns2file = fopen("/var/ipcop/red/dns2", "r"))) {
+ fprintf(stderr, "Couldn't open dns2 file\n");
+ exit(1);
+ }
+ if (fgets(dns2, STRING_SIZE, dns2file)) {
+ if (dns2[strlen(dns2) - 1] == '\n')
+ dns2[strlen(dns2) - 1] = '\0';
+ }
+ fclose(dns2file);
+ if (strlen(dns2) && !VALID_IP(dns2)) {
+ fprintf(stderr, "Bad DNS2 IP: %s\n", dns2);
+ exit(1);
+ }
+ }
- if (restartred)
- pid_red = killsnort(iface);
+ if (restartred)
+ pid_red = killsnort(iface);
- if (restartblue)
- pid_blue = killsnort(bluedev);
+ if (restartblue)
+ pid_blue = killsnort(bluedev);
- if (restartorange)
- pid_orange = killsnort(orangedev);
+ if (restartorange)
+ pid_orange = killsnort(orangedev);
- if (restartgreen)
- pid_green = killsnort(greendev);
+ if (restartgreen)
+ pid_green = killsnort(greendev);
- if (!(varsfile = fopen("/etc/snort/vars", "w")))
- {
- fprintf(stderr, "Couldn't create vars file\n");
- exit(1);
- }
- if (strlen(blueip)) {
- if (strlen(orangeip)) {
- if (strlen(locip)) {
- fprintf(varsfile, "var HOME_NET
[%s,%s,%s,%s]\n", greenip, orangeip, blueip, locip);
- } else {
- fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n",
greenip, orangeip, blueip);
- }
- } else {
- if (strlen(locip)) {
- fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n",
greenip, blueip, locip);
- } else {
- fprintf(varsfile, "var HOME_NET [%s,%s]\n",
greenip, blueip);
- }
- }
- } else {
- if (strlen(orangeip)) {
- if (strlen(locip)) {
- fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n",
greenip, orangeip, locip);
- } else {
- fprintf(varsfile, "var HOME_NET [%s,%s]\n",
greenip, orangeip);
- }
- } else {
- if (strlen(locip)) {
- fprintf(varsfile, "var HOME_NET [%s,%s]\n",
greenip, locip);
- } else {
- fprintf(varsfile, "var HOME_NET [%s]\n",
greenip);
- }
- }
- }
- if (strlen(dns1))
- {
- if (strlen(dns2))
- fprintf(varsfile, "var DNS_SERVERS [%s,%s]\n", dns1,
dns2);
- else
- fprintf(varsfile, "var DNS_SERVERS %s\n", dns1);
- } else {
- fprintf(varsfile, "var DNS_SERVERS []\n");
- }
- free_kv (ð_kv);
- eth_kv = NULL;
+ if (!(varsfile = fopen("/etc/snort/vars", "w"))) {
+ fprintf(stderr, "Couldn't create vars file\n");
+ exit(1);
+ }
+ if (strlen(blueip)) {
+ if (strlen(orangeip)) {
+ if (strlen(locip)) {
+ fprintf(varsfile, "var HOME_NET [%s,%s,%s,%s]\n", greenip,
orangeip, blueip, locip);
+ }
+ else {
+ fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip,
orangeip, blueip);
+ }
+ }
+ else {
+ if (strlen(locip)) {
+ fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip,
blueip, locip);
+ }
+ else {
+ fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, blueip);
+ }
+ }
+ }
+ else {
+ if (strlen(orangeip)) {
+ if (strlen(locip)) {
+ fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip,
orangeip, locip);
+ }
+ else {
+ fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, orangeip);
+ }
+ }
+ else {
+ if (strlen(locip)) {
+ fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, locip);
+ }
+ else {
+ fprintf(varsfile, "var HOME_NET [%s]\n", greenip);
+ }
+ }
+ }
+ if (strlen(dns1)) {
+ if (strlen(dns2))
+ fprintf(varsfile, "var DNS_SERVERS [%s,%s]\n", dns1, dns2);
+ else
+ fprintf(varsfile, "var DNS_SERVERS %s\n", dns1);
+ }
+ else {
+ fprintf(varsfile, "var DNS_SERVERS []\n");
+ }
+ free_kv(ð_kv);
+ eth_kv = NULL;
- fprintf (varsfile, "var RULES_LIST /etc/snort/ruleslist.conf\n");
+ fprintf(varsfile, "var RULES_LIST /etc/snort/ruleslist.conf\n");
- fclose(varsfile);
- varsfile = NULL;
+ fclose(varsfile);
+ varsfile = NULL;
- /* todo:
- make 'snortconfig' points different configfiles for snort,
- for example moderate, high memory usage, ...
- */
- snortconfig = "/etc/snort/snort.conf";
- wait_pids_to_die(SIGCONT, 10); /* (SIGCONT because an answer received
equal still alive, wait 10s */
- if (pid_green+pid_red+pid_orange+pid_blue) {
- /* 2.6.1.{3|5} may not correctly handle SIGTERM when no data is
send/receive at an
- interface. That instance will really terminate only when data
flow. Consequently,
- start of the next instance on the same interface will fail
because the first
- instance lock the pid file. So send SIGKILL to terminate.
- No stat will be displayed during termination with SIGKILL.
- */
- if (verbose) {
- fprintf(stderr, "Not all snort PID have terminated,
send SIGKILL %d %d %d %d\n",
- pid_green, pid_red, pid_orange, pid_blue);
- }
- wait_pids_to_die(SIGKILL,1); /* just once is enought */
- wait_pids_to_die(SIGCONT, 10); /* and wait 10s ( in case system
is really busy ) */
- if (pid_green+pid_red+pid_orange+pid_blue) {
- /* should really not happen */
- fprintf(stderr, "Not all snort PID have terminated
after SIGKILL %d %d %d %d\n",
- pid_green, pid_red, pid_orange, pid_blue);
- }
- }
+ /* todo:
+ make 'snortconfig' points different configfiles for snort,
+ for example moderate, high memory usage, ...
+ */
+ snortconfig = "/etc/snort/snort.conf";
+ wait_pids_to_die(SIGCONT, 10); /* (SIGCONT because an answer received
equal still alive, wait 10s */
+ if (pid_green + pid_red + pid_orange + pid_blue) {
+ /* 2.6.1.{3|5} may not correctly handle SIGTERM when no data is
send/receive at an
+ interface. That instance will really terminate only when data flow.
Consequently,
+ start of the next instance on the same interface will fail because
the first
+ instance lock the pid file. So send SIGKILL to terminate.
+ No stat will be displayed during termination with SIGKILL.
+ */
+ if (verbose) {
+ fprintf(stderr, "Not all snort PID have terminated, send SIGKILL
%d %d %d %d\n",
+ pid_green, pid_red, pid_orange, pid_blue);
+ }
+ wait_pids_to_die(SIGKILL, 1); /* just once is enought */
+ wait_pids_to_die(SIGCONT, 10); /* and wait 10s ( in case system is
really busy ) */
+ if (pid_green + pid_red + pid_orange + pid_blue) {
+ /* should really not happen */
+ fprintf(stderr, "Not all snort PID have terminated after SIGKILL
%d %d %d %d\n",
+ pid_green, pid_red, pid_orange, pid_blue);
+ }
+ }
- if (test_kv(snort_kv, "ENABLED_SNORT_RED", "on") == SUCCESS)
enabledred = 1;
- if (test_kv(snort_kv, "ENABLED_SNORT_GREEN", "on") == SUCCESS)
enabledgreen = 1;
- if (test_kv(snort_kv, "ENABLED_SNORT_BLUE", "on") == SUCCESS)
enabledblue = 1;
- if (test_kv(snort_kv, "ENABLED_SNORT_ORANGE", "on") == SUCCESS)
enabledorange = 1;
- if (verbose) fprintf(stderr, "Enabled red %d, green %d, blue %d, orange
%d\n",
- enabledred, enabledgreen, enabledblue, enabledorange);
- free_kv (&snort_kv);
+ if (test_kv(snort_kv, "ENABLED_SNORT_RED", "on") == SUCCESS)
+ enabledred = 1;
+ if (test_kv(snort_kv, "ENABLED_SNORT_GREEN", "on") == SUCCESS)
+ enabledgreen = 1;
+ if (test_kv(snort_kv, "ENABLED_SNORT_BLUE", "on") == SUCCESS)
+ enabledblue = 1;
+ if (test_kv(snort_kv, "ENABLED_SNORT_ORANGE", "on") == SUCCESS)
+ enabledorange = 1;
+ if (verbose)
+ fprintf(stderr, "Enabled red %d, green %d, blue %d, orange %d\n",
+ enabledred, enabledgreen, enabledblue, enabledorange);
+ free_kv(&snort_kv);
- if (restartred && strlen(iface) && enabledred)
- {
- snprintf(command, STRING_SIZE -1,
- "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p
-b -A fast -m 022 -i %s",
- snortconfig,
- iface);
- start=safe_system(command) >> 8;
- }
- if (restartblue && strlen(bluedev) && enabledblue && bluedev)
- {
- snprintf(command, STRING_SIZE -1,
- "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p
-b -A fast -m 022 -i %s",
- snortconfig,
- bluedev);
- start=start+(safe_system(command) >> 8);
- }
- if (restartorange && strlen(orangedev) && enabledorange && orangedev)
- {
- snprintf(command, STRING_SIZE -1,
- "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p
-b -A fast -m 022 -i %s",
- snortconfig,
- orangedev);
- safe_system(command);
- start=start+(safe_system(command) >> 8);
- }
- if (restartgreen && enabledgreen)
- {
- snprintf(command, STRING_SIZE -1,
- "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p
-b -A fast -m 022 -i %s",
- snortconfig,
- greendev);
- start=start+(safe_system(command) >> 8);
- }
+ if (restartred && strlen(iface) && enabledred) {
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p -b -A
fast -m 022 -i %s", snortconfig, iface);
+ start = safe_system(command) >> 8;
+ }
+ if (restartblue && strlen(bluedev) && enabledblue && bluedev) {
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p -b -A
fast -m 022 -i %s",
+ snortconfig, bluedev);
+ start = start + (safe_system(command) >> 8);
+ }
+ if (restartorange && strlen(orangedev) && enabledorange && orangedev) {
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p -b -A
fast -m 022 -i %s",
+ snortconfig, orangedev);
+ safe_system(command);
+ start = start + (safe_system(command) >> 8);
+ }
+ if (restartgreen && enabledgreen) {
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/snort -c %s -D -u snort -g snort -d -e -o -p -b -A
fast -m 022 -i %s",
+ snortconfig, greendev);
+ start = start + (safe_system(command) >> 8);
+ }
- return start;
+ return start;
}
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
