Feature #5974
openMidstream exception policy "reject-both" support
Description
When a flow is encountered midstream, Suricata can't tell which end of the connection is the client and which is the server. This means that when the exception-policy "reject" action is used, the reset is sent back in response to whichever packet arrives at Suricata first, which can be either the client or server end of the connection. In the cases where the reset is sent to the server end, the client side still needs to time out as its retries are dropped before giving up and establishing a new connection.
Adding midstream-policy support for a "reject-both" action would provide a solution by resetting both ends of the connections that are received midstream. This guarantees that the client end of the connection will always receive a reset and fail fast instead of waiting for a timeout.
Updated by Victor Julien over 1 year ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Juliana Fajardini Reichow
- Target version changed from TBD to 7.0.0
Updated by Victor Julien over 1 year ago
- Target version changed from 7.0.0 to 8.0.0-beta1
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 6.0)
Updated by Juliana Fajardini Reichow 11 months ago
- Label Needs backport to 7.0 added
Updated by Victor Julien 6 months ago
- Assignee changed from Juliana Fajardini Reichow to OISF Dev