Bug #4744
Updated by Shivani Bhardwaj almost 3 years ago
If an applayer protocol's section is unavailable in suricata.yaml, it will get auto enabled. e.g. say the following section for dnp3 was missing from the configuration file, it will still get auto enabled. <pre> app-layer: protocols: # DNP3 dnp3: enabled: no detection-ports: dp: 20000 </pre> But, this is not the desired behavior. To fix this, Even if there are protocols where we explicitly demand a protocol defined in suricata.yaml if it is to be enabled in Suricata 7. See ticket https://redmine.openinfosecfoundation.org/issues/4739 and expect the linked PR. However, since this may be too big of a behavioral change for the existing setups running Suricata versions up default to 6.0.x, we set a warning that we are enabling the protocol despite it being absent in suricata.yaml and this must be changed to avoid issues with the latest versions. disabled : HTTP2 before version 7, DNP3, ENIP, etc...