Actions
Bug #2722
closedyaml: If yaml bypass option is misspelled it does not result in error/warning
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
If there is the following bypass option misspelled (notice the "p" missing) below - Suricata does not error on start neither displays a warning.
Using the following start command -
suricata -vvv --af-packet --pidfile=/var/run/suricata.pid
stream:
memcap: 32gb
checksum-validation: no # reject wrong csums
inline: auto # auto will use inline mode in IPS mode, yes or no set it statically
prealloc-sessions: 200000
byass: yes
reassembly:
memcap: 64gb
depth: 1mb # reassemble 1mb into a stream
toserver-chunk-size: 2560
toclient-chunk-size: 2560
randomize-chunk-size: yes
#randomize-chunk-range: 10
#raw: yes
segment-prealloc: 200000
#check-overlap-different-data: true
Additional info
suricata -V
This is Suricata version 4.1.0-dev (rev 683be948)
# suricata --build-info
This is Suricata version 4.1.0-dev (rev 683be948)
Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON TLS MAGIC RUST
SIMD support: SSE_4_2 SSE_4_1 SSE_3
Atomic intrisics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 4.2.1 Compatible Clang 6.0.0 (tags/RELEASE_600/final), C version 199901
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.28, linked against LibHTP v0.5.28
Suricata Configuration:
AF_PACKET support: yes
eBPF support: yes
XDP support: yes
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libnss support: yes
libnspr support: yes
libjansson support: yes
liblzma support: no
hiredis support: no
hiredis async with libevent: no
Prelude support: no
PCRE jit: yes
LUA support: yes, through luajit
libluajit: yes
libgeoip: yes
Non-bundled htp: no
Old barnyard2 support: no
Hyperscan support: yes
Libnet support: yes
liblz4 support: yes
Rust support: yes (default)
Rust strict mode: yes
Rust debug mode: no
Rust compiler: rustc 1.24.1
Rust cargo: cargo 0.25.0
Suricatasc install: yes
Profiling enabled: no
Profiling locks enabled: no
Development settings:
Coccinelle / spatch: yes
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/
--prefix /usr
--sysconfdir /etc
--localstatedir /var
Host: x86_64-pc-linux-gnu
Compiler: clang-6.0 (exec name) / clang (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -O2 -march=native -I${srcdir}/../rust/gen/c-headers
PCAP_CFLAGS -I/usr/include
SECCFLAGS
Updated by Victor Julien over 5 years ago
I think this will be quite tricky. We don't define a list of valid options where options that are unknown lead to a warning. Lots of options are allowed to be missing from the yaml. In this case a built-in default is used.
Updated by Andreas Herz almost 5 years ago
- Assignee set to Community Ticket
- Target version set to TBD
Updated by Victor Julien almost 5 years ago
- Status changed from New to Closed
- Assignee deleted (
Community Ticket) - Target version deleted (
TBD)
Actions