Project

General

Profile

Actions

Feature #5974

open

Midstream exception policy "reject-both" support

Added by Jamie Lavigne over 1 year ago. Updated 5 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

When a flow is encountered midstream, Suricata can't tell which end of the connection is the client and which is the server. This means that when the exception-policy "reject" action is used, the reset is sent back in response to whichever packet arrives at Suricata first, which can be either the client or server end of the connection. In the cases where the reset is sent to the server end, the client side still needs to time out as its retries are dropped before giving up and establishing a new connection.

Adding midstream-policy support for a "reject-both" action would provide a solution by resetting both ends of the connections that are received midstream. This guarantees that the client end of the connection will always receive a reset and fail fast instead of waiting for a timeout.


Subtasks 2 (1 open1 closed)

Feature #6503: Midstream exception policy "reject-both" support (6.0.x backport)RejectedActions
Feature #6681: Midstream exception policy "reject-both" support (7.0.x backport)AssignedOISF DevActions
Actions

Also available in: Atom PDF