Project

General

Profile

Actions
Copy link

Bug #5765

closed

exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow

Added by Juliana Fajardini Reichow over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
7.0.0-rc1
Affected Versions:
6.0.9, git master
Effort:
Difficulty:
Label:

Description

We understand that setting stream.midstream=true would mean there's an interest in accepting
midstream flows.

Having the engine drop packets or flows via the exception policy for midstream flows seems
counterintuitive, in such cases, then.

Current behavior:
If stream.midstream=true and stream.midstream-policy=drop-flow (or drop-packet), midstream flows will be dropped.

Expected behavior:
- If stream.midstream=true, Suricata will warn about the conflicting settings and ignore the
midstream exception policy.

Subtasks 1 (0 open1 closed)

Bug #5806: exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow (6.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 2 (0 open2 closed)

Related to Suricata - Feature #5219: ips: add 'master switch' to enable dropping on traffic (handling) exceptionsClosedJuliana Fajardini ReichowActions
Related to Suricata - Bug #5825: stream.midstream: if enabled breaks exception policyClosedJuliana Fajardini ReichowActions
Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow over 1 year ago

  • Related to Feature #5219: ips: add 'master switch' to enable dropping on traffic (handling) exceptions added
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow over 1 year ago

  • Subject changed from exception policies: if `stream.midstream=true` and `stream.midstream-policy=drop-flow` (or `drop-packet`), Suricata will drop midstream flows to exceptions: midstream flows are dropped if stream=true && stream.midstream-policy=drop-flow
Actions
Copy link
 #3

Updated by Juliana Fajardini Reichow over 1 year ago

  • Subject changed from exceptions: midstream flows are dropped if stream=true && stream.midstream-policy=drop-flow to exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow
Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow over 1 year ago

Probably configuration validation issue.

Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow about 1 year ago

  • Priority changed from Normal to High
  • Label Needs backport to 6.0 added
Actions
Copy link
 #6

Updated by Juliana Fajardini Reichow about 1 year ago

  • Status changed from New to In Progress
Actions
Copy link
 #7

Updated by Shivani Bhardwaj about 1 year ago

  • Subtask #5806 added
Actions
Copy link
 #8

Updated by Shivani Bhardwaj about 1 year ago

  • Label deleted (Needs backport to 6.0)
Actions
Copy link
 #9

Updated by Juliana Fajardini Reichow about 1 year ago

  • Status changed from In Progress to In Review
Actions
Copy link
 #10

Updated by Juliana Fajardini Reichow about 1 year ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #11

Updated by Victor Julien about 1 year ago

  • Status changed from Resolved to Closed
Actions
Copy link
 #12

Updated by Juliana Fajardini Reichow about 1 year ago

  • Related to Bug #5825: stream.midstream: if enabled breaks exception policy added
Actions
Copy link

Also available in: Atom PDF