Project

General

Profile

Actions
Copy link

Bug #5765

closed
JF JF

exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow

Bug #5765: exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow

Added by Juliana Fajardini Reichow over 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
7.0.0-rc1
Affected Versions:
6.0.9, git main
Effort:
Difficulty:
Label:

Description

We understand that setting stream.midstream=true would mean there's an interest in accepting
midstream flows.

Having the engine drop packets or flows via the exception policy for midstream flows seems
counterintuitive, in such cases, then.

Current behavior:
If stream.midstream=true and stream.midstream-policy=drop-flow (or drop-packet), midstream flows will be dropped.

Expected behavior:
- If stream.midstream=true, Suricata will warn about the conflicting settings and ignore the
midstream exception policy.

Subtasks 1 (0 open1 closed)

Bug #5806: exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow (6.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 2 (0 open2 closed)

Related to Suricata - Feature #5219: ips: add 'master switch' to enable dropping on traffic (handling) exceptionsClosedJuliana Fajardini ReichowActions
Related to Suricata - Bug #5825: stream.midstream: if enabled breaks exception policyClosedJuliana Fajardini ReichowActions

JF Updated by Juliana Fajardini Reichow over 3 years ago Actions
Copy link
 #1

  • Related to Feature #5219: ips: add 'master switch' to enable dropping on traffic (handling) exceptions added

JF Updated by Juliana Fajardini Reichow over 3 years ago Actions
Copy link
 #2

  • Subject changed from exception policies: if `stream.midstream=true` and `stream.midstream-policy=drop-flow` (or `drop-packet`), Suricata will drop midstream flows to exceptions: midstream flows are dropped if stream=true && stream.midstream-policy=drop-flow

JF Updated by Juliana Fajardini Reichow over 3 years ago Actions
Copy link
 #3

  • Subject changed from exceptions: midstream flows are dropped if stream=true && stream.midstream-policy=drop-flow to exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow

JF Updated by Juliana Fajardini Reichow over 3 years ago Actions
Copy link
 #4

Probably configuration validation issue.

JF Updated by Juliana Fajardini Reichow about 3 years ago Actions
Copy link
 #5

  • Priority changed from Normal to High
  • Label Needs backport to 6.0 added

JF Updated by Juliana Fajardini Reichow about 3 years ago Actions
Copy link
 #6

  • Status changed from New to In Progress

SB Updated by Shivani Bhardwaj about 3 years ago Actions
Copy link
 #7

  • Subtask #5806 added

SB Updated by Shivani Bhardwaj about 3 years ago Actions
Copy link
 #8

  • Label deleted (Needs backport to 6.0)

JF Updated by Juliana Fajardini Reichow about 3 years ago Actions
Copy link
 #9

  • Status changed from In Progress to In Review

JF Updated by Juliana Fajardini Reichow about 3 years ago Actions
Copy link
 #10

  • Status changed from In Review to Resolved

VJ Updated by Victor Julien about 3 years ago Actions
Copy link
 #11

  • Status changed from Resolved to Closed

JF Updated by Juliana Fajardini Reichow about 3 years ago Actions
Copy link
 #12

  • Related to Bug #5825: stream.midstream: if enabled breaks exception policy added
Actions
Copy link

Also available in: PDF Atom