Bug #5765
closed
exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow
Added by Juliana Fajardini Reichow over 1 year ago.
Updated about 1 year ago.
Description
We understand that setting stream.midstream=true would mean there's an interest in accepting
midstream flows.
Having the engine drop packets or flows via the exception policy for midstream flows seems
counterintuitive, in such cases, then.
Current behavior:
If stream.midstream=true and stream.midstream-policy=drop-flow (or drop-packet), midstream flows will be dropped.
Expected behavior:
- If stream.midstream=true, Suricata will warn about the conflicting settings and ignore the
midstream exception policy.
- Related to Feature #5219: ips: add 'master switch' to enable dropping on traffic (handling) exceptions added
- Subject changed from exception policies: if `stream.midstream=true` and `stream.midstream-policy=drop-flow` (or `drop-packet`), Suricata will drop midstream flows to exceptions: midstream flows are dropped if stream=true && stream.midstream-policy=drop-flow
- Subject changed from exceptions: midstream flows are dropped if stream=true && stream.midstream-policy=drop-flow to exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow
Probably configuration validation issue.
- Priority changed from Normal to High
- Label Needs backport to 6.0 added
- Status changed from New to In Progress
- Label deleted (
Needs backport to 6.0)
- Status changed from In Progress to In Review
- Status changed from In Review to Resolved
- Status changed from Resolved to Closed
- Related to Bug #5825: stream.midstream: if enabled breaks exception policy added
Also available in: Atom
PDF