Project

General

Profile

Actions

Bug #5196

open

Suricata test mode should fail when there are invalid config values

Added by Jeff Lucovsky over 2 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Suricata should fail for all config value issues where an error message is printed.

There are some places where this exists already:

    /** set config values for memcap, prealloc and hash_size */
    if ((ConfGet("app-layer.protocols.ftp.memcap", &conf_val)) == 1)
    {
        if (ParseSizeStringU64(conf_val, &ftp_config_memcap) < 0) {
            SCLogError(SC_ERR_SIZE_PARSE, "Error parsing ftp.memcap " 
                       "from conf file - %s.  Killing engine",
                       conf_val);
            exit(EXIT_FAILURE);
        }

However, there are many places that log the error and continue:

        ConfNode *p = ConfGetNode("app-layer.protocols.smb.stream-depth");
        if (p != NULL) {
            uint32_t value;
            if (ParseSizeStringU32(p->val, &value) < 0) {
                SCLogError(SC_ERR_SMB_CONFIG, "invalid value for stream-depth %s", p->val);
            } else {
                stream_depth = value;
            }
        }

I suggest we add an interface like SCLogConfigError

void SCLogConfigError(args)
{
     SCLogError(args)
     if (in-test-mode)
         exit(1)
}

Actions

Also available in: Atom PDF