Project

General

Profile

Actions
Copy link

Bug #5765

closed
JF JF

exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow

Bug #5765: exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow

Added by Juliana Fajardini Reichow over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
7.0.0-rc1
Affected Versions:
6.0.9, git main
Effort:
Difficulty:
Label:

Description

We understand that setting stream.midstream=true would mean there's an interest in accepting
midstream flows.

Having the engine drop packets or flows via the exception policy for midstream flows seems
counterintuitive, in such cases, then.

Current behavior:
If stream.midstream=true and stream.midstream-policy=drop-flow (or drop-packet), midstream flows will be dropped.

Expected behavior:
- If stream.midstream=true, Suricata will warn about the conflicting settings and ignore the
midstream exception policy.

Subtasks 1 (0 open1 closed)

Bug #5806: exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow (6.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 2 (0 open2 closed)

Related to Suricata - Feature #5219: ips: add 'master switch' to enable dropping on traffic (handling) exceptionsClosedJuliana Fajardini ReichowActions
Related to Suricata - Bug #5825: stream.midstream: if enabled breaks exception policyClosedJuliana Fajardini ReichowActions
Actions
Copy link

Also available in: PDF Atom