Project

General

Custom queries

Profile

Actions
Copy link

Bug #5765

closed

exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow

Added by Juliana Fajardini Reichow over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
7.0.0-rc1
Affected Versions:
6.0.9, git master
Effort:
Difficulty:
Label:

Description

We understand that setting stream.midstream=true would mean there's an interest in accepting
midstream flows.

Having the engine drop packets or flows via the exception policy for midstream flows seems
counterintuitive, in such cases, then.

Current behavior:
If stream.midstream=true and stream.midstream-policy=drop-flow (or drop-packet), midstream flows will be dropped.

Expected behavior:
- If stream.midstream=true, Suricata will warn about the conflicting settings and ignore the
midstream exception policy.

Subtasks 1 (0 open1 closed)

Bug #5806: exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow (6.0.x backport)ClosedJuliana Fajardini ReichowActions

Related issues 2 (0 open2 closed)

Related to Suricata - Feature #5219: ips: add 'master switch' to enable dropping on traffic (handling) exceptionsClosedJuliana Fajardini ReichowActions
Related to Suricata - Bug #5825: stream.midstream: if enabled breaks exception policyClosedJuliana Fajardini ReichowActions
Actions
Copy link
 #4

Updated by Juliana Fajardini Reichow over 2 years ago

Probably configuration validation issue.

Actions
Copy link
 #9

Updated by Juliana Fajardini Reichow over 2 years ago

  • Status changed from In Progress to In Review
Actions
Copy link
 #10

Updated by Juliana Fajardini Reichow over 2 years ago

  • Status changed from In Review to Resolved
Actions
Copy link

Also available in: Atom PDF