Project

General

Profile

Actions

Feature #6063

open

exception-policy: stream async policy

Added by Victor Julien over 2 years ago. Updated 16 days ago.

Status:
Assigned
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

For streams that are using async routing, allow applying a separate exception policy.

Async detection would match the logic the async-oneside option uses today:

Client -> Server: SYN followed by ACK matching the 3whs. SEQ of this packet would be ISN+1. If no SYN/ACK has been seen we’d be in async mode.
Server -> Client: SYN/ACK as first packet.

In both cases we'd apply a new exception policy.

Suggested defaults:
- IDS: ignore
- IPS, async-oneside disabled: drop-packet (not drop flow as otherwise an injected packet might trigger a flow drop?)
- IPS, async-oneside enabled: ignore


Subtasks 3 (2 open1 closed)

Feature #6083: exception-policy: stream async policy (6.0.x backport)RejectedActions
Feature #7443: exception-policy: stream async policy (7.0.x backport)AssignedJuliana Fajardini ReichowActions
Feature #7942: exception-policy: stream async policy (8.0.x backport)AssignedJuliana Fajardini ReichowActions

Related issues 1 (1 open0 closed)

Related to Suricata - Documentation #8011: userguide: document behavior/support for stream.async-onesideNewActions
Actions

Also available in: Atom PDF