Suricata

One small challenge we have encountered during the upgrade from Suricata 6 to 7 is that the midstream policy's "drop-packet" value is no longer supported, which is mentioned in the docs [1] and enforced in validation [2]. The documentation for Suricata 6 also mentions this but it was not enforced before, but despite this it has always worked and continues to work in v7 if we ignore the warning that the "fatal error" validation outputs.

Is there a technical or philosophical reason why this value is not officially supported? We would like to retain the existing behavior with the upgrade without maintaining our own patch.

[1] https://docs.suricata.io/en/latest/configuration/exception-policies.html#id6
[2] https://github.com/OISF/suricata/blob/daa6f6f7f38ba48fe4f1396277fb5ab60da7e464/src/util-exception-policy.c#L288-L293