multi-tenant: allow reload w/o yaml path

Store yaml path in de ctx, for reloads w/o path. This allows for a simpler `reload-tenant N`, where the previously used yaml is reloaded.
2026-06-09 00:42:45 -04:00 · 2023-08-08 19:59:57 +02:00 · 2023-08-08 19:59:57 +02:00 · 6ba0956a75
commit 6ba0956a75
parent 227caf1315
5 changed files with 41 additions and 16 deletions
--- a/doc/userguide/partials/commands-sc.rst
+++ b/doc/userguide/partials/commands-sc.rst
@ -82,9 +82,11 @@

   Register tenant with a particular ID and filename.

-.. describe:: reload-tenant <id> <filename>
+.. describe:: reload-tenant <id> [filename]

-   Reload a tenant with specified ID and filename.
+   Reload a tenant with specified ID. A filename to a tenant yaml can be
+   specified. If it is omitted, the original yaml that was used to load
+   / last reload the tenant is used.

 .. describe:: unregister-tenant <id>

--- a/python/suricata/sc/specs.py
+++ b/python/suricata/sc/specs.py
@ -116,7 +116,7 @@ argsd = {
        },
        {
            "name": "filename",
-            "required": 1,
+            "required": 0,
        },
    ],
    "add-hostbit": [
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@ -2661,6 +2661,10 @@ void DetectEngineCtxFree(DetectEngineCtx *de_ctx)
    SCClassConfDeinit(de_ctx);
    SCReferenceConfDeinit(de_ctx);

+    if (de_ctx->tenant_path) {
+        SCFree(de_ctx->tenant_path);
+    }
+
    SCFree(de_ctx);
    //DetectAddressGroupPrintMemory();
    //DetectSigGroupPrintMemory();
@ -3844,6 +3848,11 @@ static int DetectEngineMultiTenantLoadTenant(uint32_t tenant_id, const char *fil
    de_ctx->type = DETECT_ENGINE_TYPE_TENANT;
    de_ctx->tenant_id = tenant_id;
    de_ctx->loader_id = loader_id;
+    de_ctx->tenant_path = SCStrdup(filename);
+    if (de_ctx->tenant_path == NULL) {
+        SCLogError("Failed to duplicate path");
+        goto error;
+    }

    if (SigLoadSignatures(de_ctx, NULL, 0) < 0) {
        SCLogError("Loading signatures failed.");
@ -3869,6 +3878,9 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
        return -1;
    }

+    if (filename == NULL)
+        filename = old_de_ctx->tenant_path;
+
    char prefix[64];
    snprintf(prefix, sizeof(prefix), "multi-detect.%u.reload.%d", tenant_id, reload_cnt);
    reload_cnt++;
@ -3896,6 +3908,11 @@ static int DetectEngineMultiTenantReloadTenant(uint32_t tenant_id, const char *f
    new_de_ctx->type = DETECT_ENGINE_TYPE_TENANT;
    new_de_ctx->tenant_id = tenant_id;
    new_de_ctx->loader_id = old_de_ctx->loader_id;
+    new_de_ctx->tenant_path = SCStrdup(filename);
+    if (new_de_ctx->tenant_path == NULL) {
+        SCLogError("Failed to duplicate path");
+        goto error;
+    }

    if (SigLoadSignatures(new_de_ctx, NULL, 0) < 0) {
        SCLogError("Loading signatures failed.");
@ -3982,10 +3999,12 @@ static int DetectLoaderSetupReloadTenant(uint32_t tenant_id, const char *yaml, i
        return -ENOMEM;

    t->tenant_id = tenant_id;
-    t->yaml = SCStrdup(yaml);
-    if (t->yaml == NULL) {
-        SCFree(t);
-        return -ENOMEM;
+    if (yaml != NULL) {
+        t->yaml = SCStrdup(yaml);
+        if (t->yaml == NULL) {
+            SCFree(t);
+            return -ENOMEM;
+        }
    }
    t->reload_cnt = reload_cnt;

--- a/src/detect.h
+++ b/src/detect.h
@ -1024,6 +1024,8 @@ typedef struct DetectEngineCtx_ {
    /* --engine-analysis */
    struct EngineAnalysisCtx_ *ea;

+    /* path to the tenant yaml for this engine */
+    char *tenant_path;
 } DetectEngineCtx;

 /* Engine groups profiles (low, medium, high, custom) */
--- a/src/runmode-unix-socket.c
+++ b/src/runmode-unix-socket.c
@ -1072,7 +1072,7 @@ static int reload_cnt = 1;
 */
 TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data)
 {
-    const char *filename;
+    const char *filename = NULL;
    SCStat st;

    if (!(DetectEngineMultiTenantEnabled())) {
@ -1091,14 +1091,16 @@ TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data)

    /* 2 get tenant yaml */
    jarg = json_object_get(cmd, "filename");
-    if (!json_is_string(jarg)) {
-        json_object_set_new(answer, "message", json_string("command is not a string"));
-        return TM_ECODE_FAILED;
-    }
-    filename = json_string_value(jarg);
-    if (SCStatFn(filename, &st) != 0) {
-        json_object_set_new(answer, "message", json_string("file does not exist"));
-        return TM_ECODE_FAILED;
+    if (jarg) {
+        if (!json_is_string(jarg)) {
+            json_object_set_new(answer, "message", json_string("command is not a string"));
+            return TM_ECODE_FAILED;
+        }
+        filename = json_string_value(jarg);
+        if (SCStatFn(filename, &st) != 0) {
+            json_object_set_new(answer, "message", json_string("file does not exist"));
+            return TM_ECODE_FAILED;
+        }
    }

    SCLogDebug("reload-tenant: %d %s", tenant_id, filename);