Bug #8014
openTimeouts of FLOW_STATE_CAPTURE_BYPASSED is harcoded using constant FLOW_BYPASSED_TIMEOUT and not the yaml configurable value
Description
On monitoring my bpf map `flow_table_v4`, I realized the timeouts did not follow the yaml configuration I had in the `suricata.yaml` config
```
flow-timeouts:
default:
emergency-established: 100
emergency-new: 10
established: 300
new: 30
bypassed: 5
emergency-bypassed: 5
```
I realised it was because the function used to get the flow timeouts `FlowGetTimeoutPolicy` and `FlowGetFlowTimeoutDirect` were not using the config value but a hardcoded constant (which is FLOW_STATE_CAPTURE_BYPASSED`) in the case of a `FLOW_STATE_CAPTURE_BYPASSED`.
We could apply this diff to use the `flow-timeouts.bypassed` config value:
Not sure if this patch is okey or if we want to add a config field `flow-timeouts.capture-bypassed` to distinguish timeout between `local_bypass` vs `capture_bypass`.
I can push the above patch if you want.
Files
Updated by Victor Julien 2 days ago
- Status changed from New to In Review
- Assignee set to Amir Boussejra
- Target version changed from TBD to 9.0.0-beta1
https://github.com/OISF/suricata/pull/14119
Thanks for looking into this @Aboussejra. I think the single option is fine for now, unless you see a compelling reason to split it out?
Updated by Amir Boussejra 2 days ago
You are welcome @Victor Julien !
No I think the single option is fine too !